Revision: 1442 http://trac.macosforge.org/projects/calendarserver/changeset/1442 Author: cdaboo@apple.com Date: 2007-04-03 10:13:16 -0700 (Tue, 03 Apr 2007) Log Message: ----------- Make sure we trak the LoginError exception too. Add some logging for failed SACL checks. Modified Paths: -------------- CalendarServer/trunk/twistedcaldav/root.py Modified: CalendarServer/trunk/twistedcaldav/root.py =================================================================== --- CalendarServer/trunk/twistedcaldav/root.py 2007-04-02 03:34:41 UTC (rev 1441) +++ CalendarServer/trunk/twistedcaldav/root.py 2007-04-03 17:13:16 UTC (rev 1442) @@ -20,6 +20,7 @@ from twisted.internet import defer from twisted.python.failure import Failure +from twisted.cred.error import LoginFailed from twisted.cred.error import UnauthorizedLogin from twisted.web2.http import HTTPError @@ -55,10 +56,11 @@ """ def _authCb((authnUser, authzUser)): - # Insure that the user is not unauthenticated. + # Ensure that the user is not unauthenticated. # SACLs are authorization for the use of the service, # so unauthenticated access doesn't make any sense. if authzUser == davxml.Principal(davxml.Unauthenticated()): + log.msg("Unauthenticated users not enabled with the '%s' SACL" % (self.saclService,)) return Failure(HTTPError(UnauthorizedResponse( request.credentialFactories, request.remoteAddr))) @@ -67,7 +69,7 @@ def _authEb(failure): # Make sure we propogate UnauthorizedLogin errors. - failure.trap(UnauthorizedLogin) + failure.trap(UnauthorizedLogin, LoginFailed) return Failure(HTTPError(UnauthorizedResponse( request.credentialFactories, @@ -79,6 +81,7 @@ username = username.rstrip('/').split('/')[-1] if RootResource.CheckSACL(username, self.saclService) != 0: + log.msg("User '%s' is not enabled with the '%s' SACL" % (username, self.saclService,)) return Failure(HTTPError(403)) return True