[CalendarServer-changes] [338] CalendarServer/trunk/conf

source_changes at macosforge.org source_changes at macosforge.org
Tue Oct 31 08:13:45 PST 2006


Revision: 338
          http://trac.macosforge.org/projects/calendarserver/changeset/338
Author:   cdaboo at apple.com
Date:     2006-10-31 08:13:44 -0800 (Tue, 31 Oct 2006)

Log Message:
-----------
New repository XML files to support proxy authentication. A new repository-proxy.xml defines a directory-based repository that
uses proxy auth via a special principal collection hierarchy.

Modified Paths:
--------------
    CalendarServer/trunk/conf/repository-static.xml
    CalendarServer/trunk/conf/repository.dtd

Added Paths:
-----------
    CalendarServer/trunk/conf/repository-proxy.xml

Added: CalendarServer/trunk/conf/repository-proxy.xml
===================================================================
--- CalendarServer/trunk/conf/repository-proxy.xml	                        (rev 0)
+++ CalendarServer/trunk/conf/repository-proxy.xml	2006-10-31 16:13:44 UTC (rev 338)
@@ -0,0 +1,224 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006 Apple Computer, Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE repository SYSTEM "repository.dtd">
+
+<repository>
+
+  <docroot auto-principal-collection-set="no">
+    <collection>
+      <pytype>twisted.web2.dav.static.DAVFile</pytype>
+      <properties>
+        <acl>
+          <ace>
+            <principal><authenticated/></principal>
+            <grant><privilege><read/></privilege></grant>
+            <protected/>
+          </ace>
+          <ace>
+            <principal><href>/principals/users/admin</href></principal>
+            <grant><privilege><all/></privilege></grant>
+            <protected/>
+            <inheritable/>
+          </ace>
+        </acl>
+        <!--
+          Must explicitly set which principal hierarchies will be
+          listed in WebDAV properties.  The order of these will
+          determine how a user id will map to a principal in a
+          particular hierarchy if an id appears in more than one.
+         -->
+        <prop><principal-collection-set xmlns="DAV:"><href>/principals/localusers/</href><href>/principals/users/</href><href>/principals/users/</href><href>/principals/groups/</href><href>/principals/resources/</href></principal-collection-set></prop>
+      </properties>
+      <members>
+        <!--
+          We must define the calendar home location before the
+          principals as auto-provisioning of accounts occurs when the
+          principal collections are created and we need to have the
+          calendar home path setup by then.
+         -->
+        <collection name="calendars" tag="calendars">
+          <pytype>twistedcaldav.static.CalDAVFile</pytype>
+          <properties>
+            <acl>
+              <ace>
+                <principal><authenticated/></principal>
+                <grant><privilege><read/></privilege></grant>
+                <protected/>
+              </ace>
+            </acl>
+          </properties>
+          <members>
+            <collection name="users">
+              <pytype>twistedcaldav.static.CalendarHomeProvisioningFile</pytype>
+              <properties>
+                <acl>
+                  <ace>
+                    <principal><authenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                  </ace>
+                </acl>
+              </properties>
+              <members/>
+            </collection>
+            <collection name="groups">
+              <pytype>twistedcaldav.static.CalendarHomeProvisioningFile</pytype>
+              <properties>
+                <acl>
+                  <ace>
+                    <principal><authenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                  </ace>
+                </acl>
+              </properties>
+              <members/>
+            </collection>
+            <collection name="resources">
+              <pytype>twistedcaldav.static.CalendarHomeProvisioningFile</pytype>
+              <properties>
+                <acl>
+                  <ace>
+                    <principal><authenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                  </ace>
+                </acl>
+              </properties>
+              <members/>
+            </collection>
+            <collection name="public">
+              <properties>
+                <acl>
+                  <ace>
+                    <principal><unauthenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                    <inheritable/>
+                  </ace>
+                  <ace>
+                    <principal><authenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                    <inheritable/>
+                  </ace>
+                </acl>
+              </properties>
+              <members/>
+            </collection>
+          </members>
+        </collection>
+        <collection name="principals">
+          <pytype>twistedcaldav.directory.DirectoryPrincipalProvisioningResource</pytype>
+          <params>
+            <param>
+              <key>DirectoryNode</key>
+              <value>/Search</value>
+            </param>
+          </params>
+          <properties>
+            <acl>
+              <ace>
+                <principal><authenticated/></principal>
+                <grant><privilege><read/></privilege></grant>
+                <protected/>
+              </ace>
+            </acl>
+          </properties>
+          <members>
+            <collection name="users">
+              <pytype>twistedcaldav.directory.DirectoryUserPrincipalProvisioningResource</pytype>
+              <properties>
+                <acl>
+                  <ace>
+                    <principal><authenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                  </ace>
+                </acl>
+              </properties>
+              <members/>
+            </collection>
+            <collection name="groups">
+              <pytype>twistedcaldav.directory.DirectoryGroupPrincipalProvisioningResource</pytype>
+              <properties>
+                <acl>
+                  <ace>
+                    <principal><authenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                  </ace>
+                </acl>
+              </properties>
+              <members/>
+            </collection>
+            <collection name="resources">
+              <pytype>twistedcaldav.directory.DirectoryResourcePrincipalProvisioningResource</pytype>
+              <properties>
+                <acl>
+                  <ace>
+                    <principal><authenticated/></principal>
+                    <grant><privilege><read/></privilege></grant>
+                    <protected/>
+                  </ace>
+                </acl>
+              </properties>
+              <members/>
+            </collection>
+            <collection name="localusers" tag="principals">
+              <pytype>twistedcaldav.static.CalendarPrincipalCollectionFile</pytype>
+                <properties>
+                  <acl>
+                    <ace>
+                      <principal><href>/principals/users/admin</href></principal>
+                      <grant><privilege><read/></privilege></grant>
+                      <protected/>
+                    </ace>
+                  </acl>
+                </properties>
+              <members/>
+            </collection>
+          </members>
+        </collection>
+      </members>
+    </collection>
+  </docroot>
+
+  <authentication>
+    <basic enable="yes" onlyssl="yes" credentials="directory">
+      <realm></realm>
+    </basic>
+    <digest enable="no" onlyssl="no" credentials="property">
+      <realm></realm>
+    </digest>
+    <kerberos enable="no" onlyssl="no">
+      <service></service>
+    </kerberos>
+  </authentication>
+
+<accounts>
+  <user>
+    <uid>proxy</uid>
+    <pswd>proxy</pswd>
+    <name>User who can authorize as someone else</name>
+    <canproxy/>
+  </user>
+</accounts>
+
+</repository>

Modified: CalendarServer/trunk/conf/repository-static.xml
===================================================================
--- CalendarServer/trunk/conf/repository-static.xml	2006-10-31 15:51:43 UTC (rev 337)
+++ CalendarServer/trunk/conf/repository-static.xml	2006-10-31 16:13:44 UTC (rev 338)
@@ -52,7 +52,7 @@
           </properties>
           <members>
             <collection name="users" tag="principals">
-              <pytype>twistedcaldav.static.CalendarUserPrincipalProvisioningResource</pytype>
+              <pytype>twistedcaldav.static.CalendarPrincipalCollectionFile</pytype>
               <properties>
                 <acl>
                   <ace>
@@ -134,6 +134,12 @@
       <pswd>admin</pswd>
       <name>Super User</name>
     </user>
+    <user>
+      <uid>proxy</uid>
+      <pswd>proxy</pswd>
+      <name>User who can authorize as someone else</name>
+      <canproxy/>
+    </user>
     <user repeat='99'>
       <uid>user%02d</uid>
       <pswd>user%02d</pswd>

Modified: CalendarServer/trunk/conf/repository.dtd
===================================================================
--- CalendarServer/trunk/conf/repository.dtd	2006-10-31 15:51:43 UTC (rev 337)
+++ CalendarServer/trunk/conf/repository.dtd	2006-10-31 16:13:44 UTC (rev 338)
@@ -66,7 +66,7 @@
   	
   <!ELEMENT accounts (user*) >
 
-    <!ELEMENT user (uid, pswd, name, cuaddr*, calendar*, acl?, quota?, autorespond?)>
+    <!ELEMENT user (uid, pswd, name, cuaddr*, calendar*, acl?, quota?, autorespond?, canproxy?)>
       <!ATTLIST user repeat CDATA "1">
       <!ELEMENT uid         (#PCDATA)>
       <!ELEMENT pswd        (#PCDATA)>
@@ -76,3 +76,5 @@
       <!ELEMENT calendar    (#PCDATA)>
       <!ELEMENT quota       (#PCDATA)>
       <!ELEMENT autorespond EMPTY>
+      <!ELEMENT canproxy    EMPTY>
+      
\ No newline at end of file

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061031/0e116d82/attachment.html


More information about the calendarserver-changes mailing list