[CalendarServer-changes] [100]
CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py
source_changes at macosforge.org
source_changes at macosforge.org
Fri Sep 1 13:30:36 PDT 2006
Revision: 100
Author: cdaboo at apple.com
Date: 2006-09-01 13:30:33 -0700 (Fri, 01 Sep 2006)
Log Message:
-----------
Fix OD authentication with new twisted creds use. Temporary fix for calendar home duplicate
rename problem causing account lock-out.
Modified Paths:
--------------
CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py
Modified: CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py
===================================================================
--- CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py 2006-09-01 19:12:10 UTC (rev 99)
+++ CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py 2006-09-01 20:30:33 UTC (rev 100)
@@ -19,18 +19,23 @@
"""
Implements a directory-backed principal hierarchy.
"""
+from zope.interface import implements
-from twisted.cred import credentials
+from twisted.cred import checkers, credentials, error
+from twisted.cred.credentials import UsernamePassword
from twisted.internet import reactor
from twisted.internet import task
+from twisted.internet.defer import succeed
from twisted.python import log
from twisted.web2 import responsecode
from twisted.web2.dav import davxml
+from twisted.web2.dav.auth import IPrincipalCredentials
from twisted.web2.dav.resource import TwistedAccessDisabledProperty
from twisted.web2.dav.static import DAVFile
from twisted.web2.dav.util import joinURL
from twisted.web2.http import HTTPError
from twisted.web2.http import StatusResponse
+
from twistedcaldav import caldavxml
from twistedcaldav import customxml
from twistedcaldav.principalindex import GroupIndex
@@ -38,6 +43,7 @@
from twistedcaldav.principalindex import UserIndex
from twistedcaldav.resource import CalendarPrincipalCollectionResource
from twistedcaldav.static import CalendarPrincipalFile
+
import dsattributes
import opendirectory
import os
@@ -51,6 +57,28 @@
"DirectoryPrincipalProvisioningResource",
]
+
+class DirectoryCredentialsChecker:
+ implements(checkers.ICredentialsChecker)
+
+ credentialInterfaces = (IPrincipalCredentials,)
+
+ def requestAvatarId(self, credentials):
+
+ # If there is no calendar principal URI then the calendar user is disabled.
+ pcreds = IPrincipalCredentials(credentials)
+ if not pcreds.principal.hasDeadProperty(customxml.TwistedCalendarPrincipalURI):
+ raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.principalURI,))
+
+ creds = pcreds.credentials
+ if isinstance(creds, UsernamePassword):
+ user = creds.username
+ pswd = creds.password
+ if opendirectory.authenticateUser(pcreds.principal.directory(), user, pswd):
+ return succeed(pcreds.principalURI)
+
+ raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.principalURI,))
+
class DirectoryPrincipalFile (CalendarPrincipalFile):
"""
Directory principal resource.
@@ -82,6 +110,15 @@
else:
return False
+ def directory(self):
+ """
+ Get the directory object used for directory operations.
+
+ @return: C{object} for the directory instance
+ """
+
+ return self._parent.directory
+
def groupMembers(self):
"""
See L{IDAVPrincipalResource.groupMembers}.
@@ -152,7 +189,7 @@
# Only return the calendar prinicpal URI when calendar-user-address-set is requested.
if namespace == caldavxml.caldav_namespace:
if name == "calendar-user-address-set":
- return caldavxml.CalendarUserAddressSet(davxml.HRef().fromString(self.getPropertyValue(customxml.TwistedCalendarPrincipalURI)))
+ return succeed(caldavxml.CalendarUserAddressSet(davxml.HRef().fromString(self.getPropertyValue(customxml.TwistedCalendarPrincipalURI))))
return super(DirectoryPrincipalFile, self).readProperty(qname, request)
@@ -242,10 +279,21 @@
newname = self.principalUID() + "-" + self.getPropertyValue(customxml.TwistedGUIDProperty)
try:
+ # Make sure the new name is not already in use
+ if os.path.exists(newname):
+ count = 1
+ tempname = newname + "-%d"
+ while(os.path.exists(tempname % count)):
+ count += 1
+ newname = tempname % count
os.rename(calrsrc.fp.path, calrsrc.fp.sibling(newname).path)
except OSError:
log.msg("Directory: Failed to rename %s to %s when deleting a principal" %
(calrsrc.fp.path, calrsrc.fp.sibling(newname).path))
+
+ # Remove the disabled property to prevent lock out in the future
+ calrsrc.removeDeadProperty(TwistedAccessDisabledProperty())
+
class DirectoryTypePrincipalProvisioningResource (CalendarPrincipalCollectionResource, DAVFile):
"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20060901/5aeee8a3/attachment.html
More information about the calendarserver-changes
mailing list