[CalendarServer-changes] [338] CalendarServer/trunk/conf
source_changes at macosforge.org
source_changes at macosforge.org
Tue Oct 31 08:13:45 PST 2006
Revision: 338
http://trac.macosforge.org/projects/calendarserver/changeset/338
Author: cdaboo at apple.com
Date: 2006-10-31 08:13:44 -0800 (Tue, 31 Oct 2006)
Log Message:
-----------
New repository XML files to support proxy authentication. A new repository-proxy.xml defines a directory-based repository that
uses proxy auth via a special principal collection hierarchy.
Modified Paths:
--------------
CalendarServer/trunk/conf/repository-static.xml
CalendarServer/trunk/conf/repository.dtd
Added Paths:
-----------
CalendarServer/trunk/conf/repository-proxy.xml
Added: CalendarServer/trunk/conf/repository-proxy.xml
===================================================================
--- CalendarServer/trunk/conf/repository-proxy.xml (rev 0)
+++ CalendarServer/trunk/conf/repository-proxy.xml 2006-10-31 16:13:44 UTC (rev 338)
@@ -0,0 +1,224 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE repository SYSTEM "repository.dtd">
+
+<repository>
+
+ <docroot auto-principal-collection-set="no">
+ <collection>
+ <pytype>twisted.web2.dav.static.DAVFile</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ <ace>
+ <principal><href>/principals/users/admin</href></principal>
+ <grant><privilege><all/></privilege></grant>
+ <protected/>
+ <inheritable/>
+ </ace>
+ </acl>
+ <!--
+ Must explicitly set which principal hierarchies will be
+ listed in WebDAV properties. The order of these will
+ determine how a user id will map to a principal in a
+ particular hierarchy if an id appears in more than one.
+ -->
+ <prop><principal-collection-set xmlns="DAV:"><href>/principals/localusers/</href><href>/principals/users/</href><href>/principals/users/</href><href>/principals/groups/</href><href>/principals/resources/</href></principal-collection-set></prop>
+ </properties>
+ <members>
+ <!--
+ We must define the calendar home location before the
+ principals as auto-provisioning of accounts occurs when the
+ principal collections are created and we need to have the
+ calendar home path setup by then.
+ -->
+ <collection name="calendars" tag="calendars">
+ <pytype>twistedcaldav.static.CalDAVFile</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members>
+ <collection name="users">
+ <pytype>twistedcaldav.static.CalendarHomeProvisioningFile</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ <collection name="groups">
+ <pytype>twistedcaldav.static.CalendarHomeProvisioningFile</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ <collection name="resources">
+ <pytype>twistedcaldav.static.CalendarHomeProvisioningFile</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ <collection name="public">
+ <properties>
+ <acl>
+ <ace>
+ <principal><unauthenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ <inheritable/>
+ </ace>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ <inheritable/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ </members>
+ </collection>
+ <collection name="principals">
+ <pytype>twistedcaldav.directory.DirectoryPrincipalProvisioningResource</pytype>
+ <params>
+ <param>
+ <key>DirectoryNode</key>
+ <value>/Search</value>
+ </param>
+ </params>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members>
+ <collection name="users">
+ <pytype>twistedcaldav.directory.DirectoryUserPrincipalProvisioningResource</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ <collection name="groups">
+ <pytype>twistedcaldav.directory.DirectoryGroupPrincipalProvisioningResource</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ <collection name="resources">
+ <pytype>twistedcaldav.directory.DirectoryResourcePrincipalProvisioningResource</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><authenticated/></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ <collection name="localusers" tag="principals">
+ <pytype>twistedcaldav.static.CalendarPrincipalCollectionFile</pytype>
+ <properties>
+ <acl>
+ <ace>
+ <principal><href>/principals/users/admin</href></principal>
+ <grant><privilege><read/></privilege></grant>
+ <protected/>
+ </ace>
+ </acl>
+ </properties>
+ <members/>
+ </collection>
+ </members>
+ </collection>
+ </members>
+ </collection>
+ </docroot>
+
+ <authentication>
+ <basic enable="yes" onlyssl="yes" credentials="directory">
+ <realm></realm>
+ </basic>
+ <digest enable="no" onlyssl="no" credentials="property">
+ <realm></realm>
+ </digest>
+ <kerberos enable="no" onlyssl="no">
+ <service></service>
+ </kerberos>
+ </authentication>
+
+<accounts>
+ <user>
+ <uid>proxy</uid>
+ <pswd>proxy</pswd>
+ <name>User who can authorize as someone else</name>
+ <canproxy/>
+ </user>
+</accounts>
+
+</repository>
Modified: CalendarServer/trunk/conf/repository-static.xml
===================================================================
--- CalendarServer/trunk/conf/repository-static.xml 2006-10-31 15:51:43 UTC (rev 337)
+++ CalendarServer/trunk/conf/repository-static.xml 2006-10-31 16:13:44 UTC (rev 338)
@@ -52,7 +52,7 @@
</properties>
<members>
<collection name="users" tag="principals">
- <pytype>twistedcaldav.static.CalendarUserPrincipalProvisioningResource</pytype>
+ <pytype>twistedcaldav.static.CalendarPrincipalCollectionFile</pytype>
<properties>
<acl>
<ace>
@@ -134,6 +134,12 @@
<pswd>admin</pswd>
<name>Super User</name>
</user>
+ <user>
+ <uid>proxy</uid>
+ <pswd>proxy</pswd>
+ <name>User who can authorize as someone else</name>
+ <canproxy/>
+ </user>
<user repeat='99'>
<uid>user%02d</uid>
<pswd>user%02d</pswd>
Modified: CalendarServer/trunk/conf/repository.dtd
===================================================================
--- CalendarServer/trunk/conf/repository.dtd 2006-10-31 15:51:43 UTC (rev 337)
+++ CalendarServer/trunk/conf/repository.dtd 2006-10-31 16:13:44 UTC (rev 338)
@@ -66,7 +66,7 @@
<!ELEMENT accounts (user*) >
- <!ELEMENT user (uid, pswd, name, cuaddr*, calendar*, acl?, quota?, autorespond?)>
+ <!ELEMENT user (uid, pswd, name, cuaddr*, calendar*, acl?, quota?, autorespond?, canproxy?)>
<!ATTLIST user repeat CDATA "1">
<!ELEMENT uid (#PCDATA)>
<!ELEMENT pswd (#PCDATA)>
@@ -76,3 +76,5 @@
<!ELEMENT calendar (#PCDATA)>
<!ELEMENT quota (#PCDATA)>
<!ELEMENT autorespond EMPTY>
+ <!ELEMENT canproxy EMPTY>
+
\ No newline at end of file
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061031/0e116d82/attachment.html
More information about the calendarserver-changes
mailing list