Revision: 2106 http://trac.macosforge.org/projects/calendarserver/changeset/2106 Author: wsanchez@apple.com Date: 2008-01-11 13:19:38 -0800 (Fri, 11 Jan 2008) Log Message: ----------- Pull up auth caching: r2079 r2102 r2105 Modified Paths: -------------- CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py Modified: CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py =================================================================== --- CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py 2008-01-11 21:17:40 UTC (rev 2105) +++ CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py 2008-01-11 21:19:38 UTC (rev 2106) @@ -764,12 +764,25 @@ def verifyCredentials(self, credentials): if isinstance(credentials, UsernamePassword): + # Check cached password try: - return opendirectory.authenticateUserBasic(self.service.directory, self._nodename, self.shortName, credentials.password) + if credentials.password == self.password: + return True + except AttributeError: + pass + + # Check with directory services + try: + if opendirectory.authenticateUserBasic(self.service.directory, self._nodename, self.shortName, credentials.password): + # Cache the password to avoid future DS queries + self.password = credentials.password + return True except opendirectory.ODError, e: logging.err("Open Directory (node=%s) error while performing basic authentication for user %s: %s" - % (self.service.realmName, self.shortName, e), system="OpenDirectoryService") - return False + % (self.service.realmName, self.shortName, e), system="OpenDirectoryService") + + return False + elif isinstance(credentials, DigestedCredentials): try: # We need a special format for the "challenge" and "response" strings passed into open directory, as it is @@ -788,14 +801,28 @@ % (self.service.realmName, self.shortName, e, credentials.fields), system="OpenDirectoryService") return False - return opendirectory.authenticateUserDigest( + if self.digestcache[credentials.fields["uri"]] == response: + return True + except (AttributeError, KeyError): + pass + + try: + if opendirectory.authenticateUserDigest( self.service.directory, self._nodename, self.shortName, challenge, response, credentials.method - ) + ): + try: + cache = self.digestcache + except AttributeError: + cache = self.digestcache = {} + + cache[credentials.fields["uri"]] = response + + return True except opendirectory.ODError, e: logging.err("Open Directory (node=%s) error while performing digest authentication for user %s: %s" % (self.service.realmName, self.shortName, e), system="OpenDirectoryService") Modified: CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py =================================================================== --- CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py 2008-01-11 21:17:40 UTC (rev 2105) +++ CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py 2008-01-11 21:19:38 UTC (rev 2106) @@ -297,39 +297,48 @@ service = self.service() for user in self.users: - userRecord = service.recordWithShortName(DirectoryService.recordType_users, user) + for good in (True, True, False, False, True): + userRecord = service.recordWithShortName(DirectoryService.recordType_users, user) - # I'm glad this is so simple... - response = calcResponse( - calcHA1( + # I'm glad this is so simple... + response = calcResponse( + calcHA1( + "md5", + user, + service.realmName, + self.users[user]["password"], + "booger", + "phlegm", + ), "md5", - user, - service.realmName, - self.users[user]["password"], "booger", + None, "phlegm", - ), - "md5", - "booger", - None, - "phlegm", - "auth", - "GET", - "/", - None, - ) + "auth", + "GET", + "/", + None, + ) - credentials = DigestedCredentials( - user, - "GET", - service.realmName, - { - "response": response, - "uri": "/", - "nonce": "booger", - "cnonce": "phlegm", - "nc": None, - }, - ) + if good: + noise = "" + else: + noise = "blah" - self.failUnless(userRecord.verifyCredentials(credentials)) + credentials = DigestedCredentials( + user, + "GET", + service.realmName, + { + "response": response, + "uri": "/", + "nonce": "booger" + noise, + "cnonce": "phlegm", + "nc": None, + }, + ) + + if good: + self.failUnless(userRecord.verifyCredentials(credentials)) + else: + self.failIf(userRecord.verifyCredentials(credentials))