[CalendarServer-changes] [100] CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py

source_changes at macosforge.org source_changes at macosforge.org
Fri Sep 1 13:30:36 PDT 2006


Revision: 100
Author:   cdaboo at apple.com
Date:     2006-09-01 13:30:33 -0700 (Fri, 01 Sep 2006)

Log Message:
-----------
Fix OD authentication with new twisted creds use. Temporary fix for calendar home duplicate
rename problem causing account lock-out.

Modified Paths:
--------------
    CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py

Modified: CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py
===================================================================
--- CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py	2006-09-01 19:12:10 UTC (rev 99)
+++ CalendarServer/branches/users/cdaboo/acl-merge/twistedcaldav/directory.py	2006-09-01 20:30:33 UTC (rev 100)
@@ -19,18 +19,23 @@
 """
 Implements a directory-backed principal hierarchy.
 """
+from zope.interface import implements
 
-from twisted.cred import credentials
+from twisted.cred import checkers, credentials, error
+from twisted.cred.credentials import UsernamePassword
 from twisted.internet import reactor
 from twisted.internet import task
+from twisted.internet.defer import succeed
 from twisted.python import log
 from twisted.web2 import responsecode
 from twisted.web2.dav import davxml
+from twisted.web2.dav.auth import IPrincipalCredentials
 from twisted.web2.dav.resource import TwistedAccessDisabledProperty
 from twisted.web2.dav.static import DAVFile
 from twisted.web2.dav.util import joinURL
 from twisted.web2.http import HTTPError
 from twisted.web2.http import StatusResponse
+
 from twistedcaldav import caldavxml
 from twistedcaldav import customxml
 from twistedcaldav.principalindex import GroupIndex
@@ -38,6 +43,7 @@
 from twistedcaldav.principalindex import UserIndex
 from twistedcaldav.resource import CalendarPrincipalCollectionResource
 from twistedcaldav.static import CalendarPrincipalFile
+
 import dsattributes
 import opendirectory
 import os
@@ -51,6 +57,28 @@
     "DirectoryPrincipalProvisioningResource",
 ]
 
+
+class DirectoryCredentialsChecker:
+    implements(checkers.ICredentialsChecker)
+
+    credentialInterfaces = (IPrincipalCredentials,)
+
+    def requestAvatarId(self, credentials):
+
+        # If there is no calendar principal URI then the calendar user is disabled.
+        pcreds = IPrincipalCredentials(credentials)
+        if not pcreds.principal.hasDeadProperty(customxml.TwistedCalendarPrincipalURI):
+            raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.principalURI,))
+
+        creds = pcreds.credentials
+        if isinstance(creds, UsernamePassword):
+            user = creds.username
+            pswd = creds.password
+            if opendirectory.authenticateUser(pcreds.principal.directory(), user, pswd):
+                return succeed(pcreds.principalURI)
+        
+        raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.principalURI,))
+
 class DirectoryPrincipalFile (CalendarPrincipalFile):
     """
     Directory principal resource.
@@ -82,6 +110,15 @@
         else:
             return False
 
+    def directory(self):
+        """
+        Get the directory object used for directory operations.
+        
+        @return:      C{object} for the directory instance
+        """
+
+        return self._parent.directory
+
     def groupMembers(self):
         """
         See L{IDAVPrincipalResource.groupMembers}.
@@ -152,7 +189,7 @@
         # Only return the calendar prinicpal URI when calendar-user-address-set is requested.
         if namespace == caldavxml.caldav_namespace:
             if name == "calendar-user-address-set":
-                return caldavxml.CalendarUserAddressSet(davxml.HRef().fromString(self.getPropertyValue(customxml.TwistedCalendarPrincipalURI)))
+                return succeed(caldavxml.CalendarUserAddressSet(davxml.HRef().fromString(self.getPropertyValue(customxml.TwistedCalendarPrincipalURI))))
 
         return super(DirectoryPrincipalFile, self).readProperty(qname, request)
 
@@ -242,10 +279,21 @@
         newname = self.principalUID() + "-" + self.getPropertyValue(customxml.TwistedGUIDProperty)
         
         try:
+            # Make sure the new name is not already in use
+            if os.path.exists(newname):
+                count = 1
+                tempname = newname + "-%d"
+                while(os.path.exists(tempname % count)):
+                    count += 1
+                newname = tempname % count 
             os.rename(calrsrc.fp.path, calrsrc.fp.sibling(newname).path)
         except OSError:
             log.msg("Directory: Failed to rename %s to %s when deleting a principal" %
                     (calrsrc.fp.path, calrsrc.fp.sibling(newname).path))
+            
+            # Remove the disabled property to prevent lock out in the future
+            calrsrc.removeDeadProperty(TwistedAccessDisabledProperty())
+           
 
 class DirectoryTypePrincipalProvisioningResource (CalendarPrincipalCollectionResource, DAVFile):
     """

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20060901/5aeee8a3/attachment.html


More information about the calendarserver-changes mailing list