[CalendarServer-changes] [881] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Thu Dec 21 16:20:09 PST 2006 

Revision: 881
          http://trac.macosforge.org/projects/calendarserver/changeset/881
Author:   dreid at apple.com
Date:     2006-12-21 16:20:09 -0800 (Thu, 21 Dec 2006)

Log Message:
-----------
Add better Authentication configuration

Modified Paths:
--------------
    CalendarServer/trunk/conf/caldavd-test.plist
    CalendarServer/trunk/conf/caldavd.plist
    CalendarServer/trunk/twistedcaldav/config.py
    CalendarServer/trunk/twistedcaldav/tap.py

Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist	2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/conf/caldavd-test.plist	2006-12-22 00:20:09 UTC (rev 881)
@@ -156,15 +156,32 @@
   <key>SACLEnable</key>
   <false/>
 
-  <key>AuthSchemes</key>
-  <array>
-    <string>Basic</string>
-  </array>
+  <key>Authentication</key>
+  <dict>
+    <key>Basic</key>
+    <dict>
+      <key>Enabled</key>
+      <true/>
+    </dict>
+    <key>Digest</key>
+    <dict>
+      <key>Enabled</key>
+      <false/>
+      <key>Algorithm</key>
+      <string>md5</string>
+    </dict>
+    <key>Kerberos</key>
+    <dict>
+      <key>Enabled</key>
+      <false/>
+      <key>ServicePrincipal</key>
+      <string></string>
+    </dict>
+  </dict>
 
   <key>AdminPrincipals</key>
   <array>
     <string>/principals/user/admin</string>
   </array>
-
 </dict>
 </plist>

Modified: CalendarServer/trunk/conf/caldavd.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd.plist	2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/conf/caldavd.plist	2006-12-22 00:20:09 UTC (rev 881)
@@ -102,15 +102,32 @@
   <key>SACLEnable</key>
   <true/>
 
-  <key>AuthSchemes</key>
-  <array>
-    <string>Basic</string>
-  </array>
+  <key>Authentication</key>
+  <dict>
+    <key>Basic</key>
+    <dict>
+      <key>Enabled</key>
+      <true/>
+    </dict>
+    <key>Digest</key>
+    <dict>
+      <key>Enabled</key>
+      <false/>
+      <key>Algorithm</key>
+      <string>md5</string>
+    </dict>
+    <key>Kerberos</key>
+    <dict>
+      <key>Enabled</key>
+      <false/>
+      <key>ServicePrincipal</key>
+      <string></string>
+    </dict>
+  </dict>
 
   <key>AdminPrincipals</key>
   <array>
     <string>/principals/user/admin</string>
   </array>
-
 </dict>
 </plist>

Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py	2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/twistedcaldav/config.py	2006-12-22 00:20:09 UTC (rev 881)
@@ -47,10 +47,23 @@
     'Verbose': False,
     'twistdLocation': '/usr/share/caldavd/bin/twistd',
     'SACLEnable': False,
-    'AuthSchemes': ['Basic'],
+    'Authentication': {
+        'Basic': {
+            'Enabled': True,
+            },
+        'Digest': {
+            'Enabled': False,
+            'Algorithm': 'md5',
+            },
+        'Kerberos': {
+            'Enabled': False,
+            'ServicePrincipal': '',
+            },
+        },
     'AdminPrincipals': ['/principals/user/admin']
 }
 
+
 class Config (object):
     def __init__(self, defaults):
         self.update(defaults)
@@ -60,6 +73,7 @@
         for key, value in items:
             setattr(self, key, value)
 
+
 config = Config(defaultConfig)
 
 def parseConfig(configFile):

Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py	2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/twistedcaldav/tap.py	2006-12-22 00:20:09 UTC (rev 881)
@@ -34,8 +34,8 @@
 from twisted.web2.dav import auth
 from twisted.web2.dav import davxml
 from twisted.web2.dav.resource import TwistedACLInheritable
-from twisted.web2.auth import basic
-from twisted.web2.auth import digest
+from twisted.web2.auth.basic import BasicCredentialFactory
+from twisted.web2.auth.digest import DigestCredentialFactory
 from twisted.web2.channel import http
 
 from twisted.web2.tap import Web2Service
@@ -47,8 +47,8 @@
 from twistedcaldav.root import RootResource
 from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
 from twistedcaldav.static import CalendarHomeProvisioningFile
+from twistedcaldav.authkerb import NegotiateCredentialFactory
 
-
 class CaldavOptions(Options):
     optParameters = [
         ["config", "f", "/etc/caldavd/caldavd.plist",
@@ -80,7 +80,7 @@
                 elif isinstance(defaultConfig[key], (int, float, long)):
                     value = type(defaultConfig[key])(value)
                 
-                elif isinstance(defaultConfig[key], (list, tuples)):
+                elif isinstance(defaultConfig[key], (list, tuple)):
                     value = value.split(',')
 
                 elif isinstance(defaultConfig[key], dict):
@@ -104,6 +104,7 @@
         self.parent['logfile'] = config.ErrorLogFile
         self.parent['pidfile'] = config.PIDFile
 
+
 class CaldavServiceMaker(object):
     implements(IPlugin, service.IServiceMaker)
 
@@ -187,28 +188,31 @@
 
         realm = directory.realmName or ""
 
-        # TODO: figure out the list of supported schemes from the directory
-        schemes = {
-            "basic" : basic.BasicCredentialFactory(realm),
-            "digest": digest.DigestCredentialFactory("md5", realm),
-        }
-
-        for scheme in config.AuthSchemes:
+        for scheme, schemeConfig in config.Authentication.iteritems():
             scheme = scheme.lower()
             
-            if scheme not in schemes:
-                print "Scheme not supported: %s" % (scheme,)
-                sys.exit(1)
-            else:
-                # TODO: limit basic scheme to SSL
-                credentialFactories.append(schemes[scheme])
-                
+            credFactory = None
+
+            if schemeConfig['Enabled']:
+                if scheme == 'kerberos':
+                    credFactory = NegotiateCredentialFactory(
+                        schemeConfig['ServicePrincipal'])
+
+                elif scheme == 'digest':
+                    credFactory = DigestCredentialFactory(
+                        schemeConfig['Algorithm'], realm)
+
+                elif scheme == 'basic':
+                    credFactory = BasicCredentialFactory(realm)
+
+            if credFactory:
+                credentialFactories.append(credFactory)
+
         authWrapper = auth.AuthenticationWrapper(
             root,
             portal,
             credentialFactories,
-            (auth.IPrincipal,)
-        )
+            (auth.IPrincipal,))
 
         site = Site(LogWrapperResource(authWrapper))
 
@@ -224,6 +228,7 @@
 
         if not config.SSLOnly:
             httpService = internet.TCPServer(int(config.Port), channel)
+
             httpService.setServiceParent(service)
 
         if config.SSLEnable:
@@ -232,8 +237,8 @@
                 int(config.SSLPort),
                 channel,
                 DefaultOpenSSLContextFactory(config.SSLPrivateKey,
-                                             config.SSLCertificate)
-            )
+                                             config.SSLCertificate))
+
             httpsService.setServiceParent(service)
             
         return service

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061221/8da8579d/attachment.html

More information about the calendarserver-changes mailing list