Revision: 1543 http://trac.macosforge.org/projects/calendarserver/changeset/1543 Author: cdaboo@apple.com Date: 2007-05-21 12:20:39 -0700 (Mon, 21 May 2007) Log Message: ----------- Refactored common __init__ code into a base class. Modified Paths: -------------- CalendarServer/trunk/twistedcaldav/authkerb.py Modified: CalendarServer/trunk/twistedcaldav/authkerb.py =================================================================== --- CalendarServer/trunk/twistedcaldav/authkerb.py 2007-05-21 18:23:56 UTC (rev 1542) +++ CalendarServer/trunk/twistedcaldav/authkerb.py 2007-05-21 19:20:39 UTC (rev 1543) @@ -49,6 +49,49 @@ import kerberos +class KerberosCredentialFactoryBase(object): + """ + Code common to Kerberos-based credential factories. + """ + + implements(ICredentialFactory) + + def __init__(self, principal=None, type=None, hostname=None): + """ + + @param principal: full Kerberos principal (e.g., 'http/server.example.com@EXAMPLE.COM'). If C{None} + then the type and hostname arguments are used instead. + @type service: str + @param type: service type for Kerberos (e.g., 'http'). Must be C{None} if principal used. + @type type: str + @param hostname: hostname for this server. Must be C{None} if principal used. + @type hostname: str + """ + + # Only certain combinations of arguments allowed + assert (principal and not type and not hostname) or (not principal and type and hostname) + + if not principal: + # Look up the Kerberos principal given the service type and hostname, and extract + # the realm and a service principal value for later use. + try: + principal = kerberos.getServerPrincipalDetails(type, hostname) + except kerberos.KrbError, ex: + logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="KerberosCredentialFactoryBase") + raise ValueError('Authentication System Failure: %s' % (ex[0],)) + + try: + splits = principal.split("/") + servicetype = splits[0] + splits = splits[1].split("@") + realm = splits[1] + except IndexError: + logging.err("Invalid Kerberos principal: %s" % (principal,), system="KerberosCredentialFactoryBase") + raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,)) + + self.service = "%s@%s" % (servicetype, realm,) + self.realm = realm + class BasicKerberosCredentials(credentials.UsernamePassword): """ A set of user/password credentials that checks itself against Kerberos. @@ -72,7 +115,7 @@ self.service = service self.default_realm = realm -class BasicKerberosCredentialFactory: +class BasicKerberosCredentialFactory(KerberosCredentialFactoryBase): """ Authorizer for insecure Basic (base64-encoded plaintext) authentication. @@ -80,8 +123,6 @@ Right now we do not check for that. """ - implements(ICredentialFactory) - scheme = 'basic' def __init__(self, principal=None, type=None, hostname=None): @@ -96,30 +137,8 @@ @type hostname: str """ - # Only certain combinations of arguments allowed - assert (principal and not type and not hostname) or (not principal and type and hostname) + super(BasicKerberosCredentialFactory, self).__init__(principal, type, hostname) - if not principal: - # Look up the Kerberos principal given the service type and hostname, and extract - # the realm and a service principal value for later use. - try: - principal = kerberos.getServerPrincipalDetails(type, hostname) - except kerberos.KrbError, ex: - logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="BasicKerberosCredentialFactory") - raise ValueError('Authentication System Failure: %s' % (ex[0],)) - - try: - splits = principal.split("/") - servicetype = splits[0] - splits = splits[1].split("@") - realm = splits[1] - except IndexError: - logging.err("Invalid Kerberos principal: %s" % (principal,), system="BasicKerberosCredentialFactory") - raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,)) - - self.service = "%s@%s" % (servicetype, realm,) - self.realm = realm - def getChallenge(self, _ignore_peer): return {'realm': self.realm} @@ -135,7 +154,7 @@ return c raise error.LoginFailed('Invalid credentials') -class BasicKerberosCredentialsChecker: +class BasicKerberosCredentialsChecker(object): implements(checkers.ICredentialsChecker) @@ -158,7 +177,7 @@ raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.authnURI,)) -class NegotiateCredentials: +class NegotiateCredentials(object): """ A set of user/password credentials that checks itself against Kerberos. """ @@ -169,7 +188,7 @@ self.username = username -class NegotiateCredentialFactory: +class NegotiateCredentialFactory(KerberosCredentialFactoryBase): """ Authorizer for insecure Basic (base64-encoded plaintext) authentication. @@ -177,8 +196,6 @@ Right now we do not check for that. """ - implements(ICredentialFactory) - scheme = 'negotiate' def __init__(self, principal=None, type=None, hostname=None): @@ -193,30 +210,8 @@ @type hostname: str """ - # Only certain combinations of arguments allowed - assert (principal and not type and not hostname) or (not principal and type and hostname) + super(NegotiateCredentialFactory, self).__init__(principal, type, hostname) - if not principal: - # Look up the Kerberos principal given the service type and hostname, and extract - # the realm and a service principal value for later use. - try: - principal = kerberos.getServerPrincipalDetails(type, hostname) - except kerberos.KrbError, ex: - logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="NegotiateCredentialFactory") - raise ValueError('Authentication System Failure: %s' % (ex[0],)) - - try: - splits = principal.split("/") - servicetype = splits[0] - splits = splits[1].split("@") - realm = splits[1] - except IndexError: - logging.err("Invalid Kerberos principal: %s" % (principal,), system="NegotiateCredentialFactory") - raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,)) - - self.service = "%s@%s" % (servicetype, realm,) - self.realm = realm - def getChallenge(self, _ignore_peer): return {} @@ -281,7 +276,7 @@ return NegotiateCredentials(username) -class NegotiateCredentialsChecker: +class NegotiateCredentialsChecker(object): implements(checkers.ICredentialsChecker)