[CalendarServer-changes] [1442] CalendarServer/trunk/twistedcaldav/root.py

source_changes at macosforge.org source_changes at macosforge.org
Tue Apr 3 10:13:17 PDT 2007 

Revision: 1442
          http://trac.macosforge.org/projects/calendarserver/changeset/1442
Author:   cdaboo at apple.com
Date:     2007-04-03 10:13:16 -0700 (Tue, 03 Apr 2007)

Log Message:
-----------
Make sure we trak the LoginError exception too. Add some logging for failed SACL checks.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/root.py

Modified: CalendarServer/trunk/twistedcaldav/root.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/root.py	2007-04-02 03:34:41 UTC (rev 1441)
+++ CalendarServer/trunk/twistedcaldav/root.py	2007-04-03 17:13:16 UTC (rev 1442)
@@ -20,6 +20,7 @@
 
 from twisted.internet import defer
 from twisted.python.failure import Failure
+from twisted.cred.error import LoginFailed
 from twisted.cred.error import UnauthorizedLogin
 
 from twisted.web2.http import HTTPError
@@ -55,10 +56,11 @@
         """
 
         def _authCb((authnUser, authzUser)):
-            # Insure that the user is not unauthenticated.
+            # Ensure that the user is not unauthenticated.
             # SACLs are authorization for the use of the service,
             # so unauthenticated access doesn't make any sense.
             if authzUser == davxml.Principal(davxml.Unauthenticated()):
+                log.msg("Unauthenticated users not enabled with the '%s' SACL" % (self.saclService,))
                 return Failure(HTTPError(UnauthorizedResponse(
                             request.credentialFactories,
                             request.remoteAddr)))
@@ -67,7 +69,7 @@
 
         def _authEb(failure):
             # Make sure we propogate UnauthorizedLogin errors.
-            failure.trap(UnauthorizedLogin)
+            failure.trap(UnauthorizedLogin, LoginFailed)
 
             return Failure(HTTPError(UnauthorizedResponse(
                         request.credentialFactories,
@@ -79,6 +81,7 @@
             username = username.rstrip('/').split('/')[-1]
             
             if RootResource.CheckSACL(username, self.saclService) != 0:
+                log.msg("User '%s' is not enabled with the '%s' SACL" % (username, self.saclService,))
                 return Failure(HTTPError(403))
 
             return True

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070403/6addf902/attachment.html

More information about the calendarserver-changes mailing list