[CalendarServer-changes] [897] CalendarServer/branches/users/dreid/sudoers

source_changes at macosforge.org source_changes at macosforge.org
Fri Dec 22 11:06:59 PST 2006


Revision: 897
          http://trac.macosforge.org/projects/calendarserver/changeset/897
Author:   dreid at apple.com
Date:     2006-12-22 11:06:59 -0800 (Fri, 22 Dec 2006)

Log Message:
-----------
first pass at a sudo user directory service

Modified Paths:
--------------
    CalendarServer/branches/users/dreid/sudoers/conf/caldavd-test.plist
    CalendarServer/branches/users/dreid/sudoers/conf/caldavd.plist
    CalendarServer/branches/users/dreid/sudoers/twistedcaldav/config.py

Added Paths:
-----------
    CalendarServer/branches/users/dreid/sudoers/conf/sudoers.plist
    CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/sudo.py
    CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/sudoers.plist
    CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/test_sudo.py

Modified: CalendarServer/branches/users/dreid/sudoers/conf/caldavd-test.plist
===================================================================
--- CalendarServer/branches/users/dreid/sudoers/conf/caldavd-test.plist	2006-12-22 17:45:36 UTC (rev 896)
+++ CalendarServer/branches/users/dreid/sudoers/conf/caldavd-test.plist	2006-12-22 19:06:59 UTC (rev 897)
@@ -183,5 +183,9 @@
   <array>
     <string>/principals/user/admin</string>
   </array>
+
+
+  <key>SudoersFile</key>
+  <string>conf/sudoers.plist</string>
 </dict>
 </plist>

Modified: CalendarServer/branches/users/dreid/sudoers/conf/caldavd.plist
===================================================================
--- CalendarServer/branches/users/dreid/sudoers/conf/caldavd.plist	2006-12-22 17:45:36 UTC (rev 896)
+++ CalendarServer/branches/users/dreid/sudoers/conf/caldavd.plist	2006-12-22 19:06:59 UTC (rev 897)
@@ -129,5 +129,8 @@
   <array>
     <string>/principals/user/admin</string>
   </array>
+
+  <key>SudoersFile</key>
+  <string>/etc/caldavd/sudoers.plist</string>
 </dict>
 </plist>

Added: CalendarServer/branches/users/dreid/sudoers/conf/sudoers.plist
===================================================================
--- CalendarServer/branches/users/dreid/sudoers/conf/sudoers.plist	                        (rev 0)
+++ CalendarServer/branches/users/dreid/sudoers/conf/sudoers.plist	2006-12-22 19:06:59 UTC (rev 897)
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+<key>users</key>
+<array>
+<!-- Sudo user definitions -->
+<!--
+  <dict>
+    <key>authorize-as</key>
+    <dict>
+      <key>allow</key>
+      <true/>
+      <key>principals</key>
+      <array>
+	<string>all</string>
+        <string>/principals/user/wsanchez</string>
+      </array>
+    </dict>
+    <key>authorize-from</key>
+    <array>
+      <string>127.0.0.1</string>
+    </array>
+
+    <key>username</key>
+    <string></string>
+
+    <key>password</key>
+    <string></string>
+  </dict>
+-->
+</array>
+</dict>
+</plist>

Modified: CalendarServer/branches/users/dreid/sudoers/twistedcaldav/config.py
===================================================================
--- CalendarServer/branches/users/dreid/sudoers/twistedcaldav/config.py	2006-12-22 17:45:36 UTC (rev 896)
+++ CalendarServer/branches/users/dreid/sudoers/twistedcaldav/config.py	2006-12-22 19:06:59 UTC (rev 897)
@@ -60,7 +60,8 @@
             'ServicePrincipal': '',
             },
         },
-    'AdminPrincipals': ['/principals/user/admin']
+    'AdminPrincipals': ['/principals/user/admin'],
+    'SudoersFile': '/etc/caldavd/sudoers.plist',
 }
 
 

Added: CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/sudo.py
===================================================================
--- CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/sudo.py	                        (rev 0)
+++ CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/sudo.py	2006-12-22 19:06:59 UTC (rev 897)
@@ -0,0 +1,120 @@
+##
+# Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: David reid, dreid at apple.com
+##
+
+"""
+Directory service implementation for users who are allowed to authorize
+as other principals.
+"""
+
+__all__ = [
+    "SudoDirectoryService",
+]
+
+from twisted.python.filepath import FilePath
+
+from twisted.cred.credentials import (IUsernamePassword, 
+                                      IUsernameHashedPassword)
+
+from twistedcaldav.py.plistlib import readPlist
+from twistedcaldav.directory.directory import (DirectoryService, 
+                                               DirectoryRecord,
+                                               UnknownRecordTypeError)
+
+class SudoDirectoryService(DirectoryService):
+    """
+    L{IDirectoryService} implementation for Sudo users.
+    """
+    baseGUID = "1EE00E46-1885-4DBC-A001-590AFA76A8E3"
+
+    realmName = None
+
+    plistFile = None
+
+    recordType = "sudoer"
+
+    def __repr__(self):
+        return "<%s %r: %r>" % (self.__class__.__name__, self.realmName,
+                                self.plistFile)
+
+    def __init__(self, plistFile):
+        super(SudoDirectoryService, self).__init__()
+
+        if isinstance(plistFile, (unicode, str)):
+            plistFile = FilePath(plistFile)
+            
+        self.plistFile = plistFile
+        self._fileInfo = None
+        self._readPlist()
+
+    def _readPlist(self):
+        fileInfo = (self.plistFile.getmtime(), self.plistFile.getsize())
+        if fileInfo != self._fileInfo:
+            self._plist = readPlist(self.plistFile.path)
+
+        return self._plist
+
+    def recordTypes(self):
+        return (self.recordType,)
+
+    def _recordForEntry(self, entry):
+        return SudoDirectoryRecord(
+            service=self,
+            recordType=self.recordType,
+            shortName=entry['username'],
+            entry=entry)
+
+
+    def listRecords(self, recordType):
+        if recordType != self.recordType:
+            raise UnknownRecordTypeError(recordType)
+
+        for entry in self._plist['users']:
+            yield self._recordForEntry(entry)
+
+    def recordWithShortName(self, recordType, shortName):
+        if recordType != self.recordType:
+            raise UnknownRecordTypeError(recordType)
+
+        for entry in self._plist['users']:
+            if entry['username'] == shortName:
+                return self._recordForEntry(entry)
+
+
+class SudoDirectoryRecord(DirectoryRecord):
+    """
+    L{DirectoryRecord} implementation for Sudo users.
+    """
+
+    def __init__(self, service, recordType, shortName, entry):
+        super(SudoDirectoryRecord, self).__init__(
+            service=service,
+            recordType=recordType,
+            guid=None,
+            shortName=shortName,
+            fullName=shortName,
+            calendarUserAddresses=set())
+
+        self.password = entry['password']
+
+    def verifyCredentials(self, credentials):
+        if IUsernamePassword.providedBy(credentials):
+            return credentials.checkPassword(self.password)
+        elif IUsernameHashedPassword.providedBy(credentials):
+            return credentials.checkPassword(self.password)
+        
+        return super(SudoDirectoryRecord, self).verifyCredentials(credentials)

Added: CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/sudoers.plist
===================================================================
--- CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/sudoers.plist	                        (rev 0)
+++ CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/sudoers.plist	2006-12-22 19:06:59 UTC (rev 897)
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>users</key>
+	<array>
+		<dict>
+			<key>authorize-as</key>
+			<dict>
+				<key>allow</key>
+				<true/>
+				<key>principals</key>
+				<array>
+					<string>all</string>
+				</array>
+			</dict>
+			<key>authorize-from</key>
+			<array>
+				<string>127.0.0.1</string>
+			</array>
+			<key>password</key>
+			<string></string>
+			<key>username</key>
+			<string></string>
+		</dict>
+	</array>
+</dict>
+</plist>

Added: CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/test_sudo.py
===================================================================
--- CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/test_sudo.py	                        (rev 0)
+++ CalendarServer/branches/users/dreid/sudoers/twistedcaldav/directory/test/test_sudo.py	2006-12-22 19:06:59 UTC (rev 897)
@@ -0,0 +1,66 @@
+##
+# Copyright (c) 2005-2006 Apple Computer, Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: David Reid, dreid at apple.com
+##
+import os
+
+from twisted.python.filepath import FilePath
+
+import twistedcaldav.directory.test.util
+from twistedcaldav.directory.sudo import SudoDirectoryService
+from twistedcaldav.py.plistlib import writePlist
+
+plistFile = FilePath(os.path.join(os.path.dirname(__file__), "sudoers.plist"))
+
+class SudoTestCase(
+    twistedcaldav.directory.test.util.BasicTestCase,
+    twistedcaldav.directory.test.util.DigestTestCase
+):
+    """
+    Test the Sudo Directory Service
+    """
+
+    recordTypes = set(('sudoer',))
+    recordType = 'sudoer'
+
+    sudoers = {'alice': {'password': 'alice',},
+             }
+
+    def plistFile(self):
+        if not hasattr(self, "_plistFile"):
+            self._plistFile = FilePath(self.mktemp())
+            plistFile.copyTo(self._plistFile)
+        return self._plistFile
+
+    def service(self):
+        service = SudoDirectoryService(self.plistFile())
+        service.realmName = "test realm"
+        return service
+
+    def test_listRecords(self):
+        for record in self.service().listRecords(self.recordType):
+            self.failUnless(record.shortName in self.sudoers)
+            self.assertEqual(self.sudoers[record.shortName]['password'],
+                             record.password)
+
+    def test_recordWithShortName(self):
+        service = self.service()
+
+        record = service.recordWithShortName('sudoer', 'alice')
+        self.assertEquals(record.password, 'alice')
+
+        record = service.recordWithShortName('sudoer', 'bob')
+        self.failIf(record)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061222/e1601e29/attachment.html


More information about the calendarserver-changes mailing list