[CalendarServer-changes] [881] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Thu Dec 21 16:20:09 PST 2006
Revision: 881
http://trac.macosforge.org/projects/calendarserver/changeset/881
Author: dreid at apple.com
Date: 2006-12-21 16:20:09 -0800 (Thu, 21 Dec 2006)
Log Message:
-----------
Add better Authentication configuration
Modified Paths:
--------------
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/conf/caldavd.plist
CalendarServer/trunk/twistedcaldav/config.py
CalendarServer/trunk/twistedcaldav/tap.py
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2006-12-22 00:20:09 UTC (rev 881)
@@ -156,15 +156,32 @@
<key>SACLEnable</key>
<false/>
- <key>AuthSchemes</key>
- <array>
- <string>Basic</string>
- </array>
+ <key>Authentication</key>
+ <dict>
+ <key>Basic</key>
+ <dict>
+ <key>Enabled</key>
+ <true/>
+ </dict>
+ <key>Digest</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ <key>Algorithm</key>
+ <string>md5</string>
+ </dict>
+ <key>Kerberos</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ <key>ServicePrincipal</key>
+ <string></string>
+ </dict>
+ </dict>
<key>AdminPrincipals</key>
<array>
<string>/principals/user/admin</string>
</array>
-
</dict>
</plist>
Modified: CalendarServer/trunk/conf/caldavd.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd.plist 2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/conf/caldavd.plist 2006-12-22 00:20:09 UTC (rev 881)
@@ -102,15 +102,32 @@
<key>SACLEnable</key>
<true/>
- <key>AuthSchemes</key>
- <array>
- <string>Basic</string>
- </array>
+ <key>Authentication</key>
+ <dict>
+ <key>Basic</key>
+ <dict>
+ <key>Enabled</key>
+ <true/>
+ </dict>
+ <key>Digest</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ <key>Algorithm</key>
+ <string>md5</string>
+ </dict>
+ <key>Kerberos</key>
+ <dict>
+ <key>Enabled</key>
+ <false/>
+ <key>ServicePrincipal</key>
+ <string></string>
+ </dict>
+ </dict>
<key>AdminPrincipals</key>
<array>
<string>/principals/user/admin</string>
</array>
-
</dict>
</plist>
Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py 2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/twistedcaldav/config.py 2006-12-22 00:20:09 UTC (rev 881)
@@ -47,10 +47,23 @@
'Verbose': False,
'twistdLocation': '/usr/share/caldavd/bin/twistd',
'SACLEnable': False,
- 'AuthSchemes': ['Basic'],
+ 'Authentication': {
+ 'Basic': {
+ 'Enabled': True,
+ },
+ 'Digest': {
+ 'Enabled': False,
+ 'Algorithm': 'md5',
+ },
+ 'Kerberos': {
+ 'Enabled': False,
+ 'ServicePrincipal': '',
+ },
+ },
'AdminPrincipals': ['/principals/user/admin']
}
+
class Config (object):
def __init__(self, defaults):
self.update(defaults)
@@ -60,6 +73,7 @@
for key, value in items:
setattr(self, key, value)
+
config = Config(defaultConfig)
def parseConfig(configFile):
Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py 2006-12-21 16:28:22 UTC (rev 880)
+++ CalendarServer/trunk/twistedcaldav/tap.py 2006-12-22 00:20:09 UTC (rev 881)
@@ -34,8 +34,8 @@
from twisted.web2.dav import auth
from twisted.web2.dav import davxml
from twisted.web2.dav.resource import TwistedACLInheritable
-from twisted.web2.auth import basic
-from twisted.web2.auth import digest
+from twisted.web2.auth.basic import BasicCredentialFactory
+from twisted.web2.auth.digest import DigestCredentialFactory
from twisted.web2.channel import http
from twisted.web2.tap import Web2Service
@@ -47,8 +47,8 @@
from twistedcaldav.root import RootResource
from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
from twistedcaldav.static import CalendarHomeProvisioningFile
+from twistedcaldav.authkerb import NegotiateCredentialFactory
-
class CaldavOptions(Options):
optParameters = [
["config", "f", "/etc/caldavd/caldavd.plist",
@@ -80,7 +80,7 @@
elif isinstance(defaultConfig[key], (int, float, long)):
value = type(defaultConfig[key])(value)
- elif isinstance(defaultConfig[key], (list, tuples)):
+ elif isinstance(defaultConfig[key], (list, tuple)):
value = value.split(',')
elif isinstance(defaultConfig[key], dict):
@@ -104,6 +104,7 @@
self.parent['logfile'] = config.ErrorLogFile
self.parent['pidfile'] = config.PIDFile
+
class CaldavServiceMaker(object):
implements(IPlugin, service.IServiceMaker)
@@ -187,28 +188,31 @@
realm = directory.realmName or ""
- # TODO: figure out the list of supported schemes from the directory
- schemes = {
- "basic" : basic.BasicCredentialFactory(realm),
- "digest": digest.DigestCredentialFactory("md5", realm),
- }
-
- for scheme in config.AuthSchemes:
+ for scheme, schemeConfig in config.Authentication.iteritems():
scheme = scheme.lower()
- if scheme not in schemes:
- print "Scheme not supported: %s" % (scheme,)
- sys.exit(1)
- else:
- # TODO: limit basic scheme to SSL
- credentialFactories.append(schemes[scheme])
-
+ credFactory = None
+
+ if schemeConfig['Enabled']:
+ if scheme == 'kerberos':
+ credFactory = NegotiateCredentialFactory(
+ schemeConfig['ServicePrincipal'])
+
+ elif scheme == 'digest':
+ credFactory = DigestCredentialFactory(
+ schemeConfig['Algorithm'], realm)
+
+ elif scheme == 'basic':
+ credFactory = BasicCredentialFactory(realm)
+
+ if credFactory:
+ credentialFactories.append(credFactory)
+
authWrapper = auth.AuthenticationWrapper(
root,
portal,
credentialFactories,
- (auth.IPrincipal,)
- )
+ (auth.IPrincipal,))
site = Site(LogWrapperResource(authWrapper))
@@ -224,6 +228,7 @@
if not config.SSLOnly:
httpService = internet.TCPServer(int(config.Port), channel)
+
httpService.setServiceParent(service)
if config.SSLEnable:
@@ -232,8 +237,8 @@
int(config.SSLPort),
channel,
DefaultOpenSSLContextFactory(config.SSLPrivateKey,
- config.SSLCertificate)
- )
+ config.SSLCertificate))
+
httpsService.setServiceParent(service)
return service
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061221/8da8579d/attachment.html
More information about the calendarserver-changes
mailing list