[CalendarServer-changes] [929] CalendarServer/trunk/twistedcaldav/directory/directory.py

source_changes at macosforge.org source_changes at macosforge.org
Thu Jan 4 20:10:33 PST 2007 

Revision: 929
          http://trac.macosforge.org/projects/calendarserver/changeset/929
Author:   cdaboo at apple.com
Date:     2007-01-04 20:10:33 -0800 (Thu, 04 Jan 2007)

Log Message:
-----------
Temprary fix to allow Kerberos authentication to work with directory service.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/directory/directory.py

Modified: CalendarServer/trunk/twistedcaldav/directory/directory.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/directory.py	2007-01-05 04:08:16 UTC (rev 928)
+++ CalendarServer/trunk/twistedcaldav/directory/directory.py	2007-01-05 04:10:33 UTC (rev 929)
@@ -37,6 +37,7 @@
 from twisted.cred.checkers import ICredentialsChecker
 from twisted.web2.dav.auth import IPrincipalCredentials
 
+from twistedcaldav.authkerb import NegotiateCredentials
 from twistedcaldav.directory.idirectory import IDirectoryService, IDirectoryRecord
 from twistedcaldav.directory.util import uuidFromName
 
@@ -87,13 +88,21 @@
         if user is None:
             raise UnauthorizedLogin("No such user: %s" % (user,))
 
-        if user.verifyCredentials(credentials.credentials):
+        # Handle Kerberos as a separate behavior
+        if isinstance(credentials.credentials, NegotiateCredentials):
+            # If we get here with Kerberos, then authentication has already succeeded
             return (
                 credentials.authnPrincipal.principalURL(),
                 credentials.authzPrincipal.principalURL(),
             )
         else:
-            raise UnauthorizedLogin("Incorrect credentials for %s" % (user,)) 
+            if user.verifyCredentials(credentials.credentials):
+                return (
+                    credentials.authnPrincipal.principalURL(),
+                    credentials.authzPrincipal.principalURL(),
+                )
+            else:
+                raise UnauthorizedLogin("Incorrect credentials for %s" % (user,)) 
 
     def recordTypes(self):
         raise NotImplementedError("Subclass must implement recordTypes()")

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070104/a01d1a18/attachment.html

More information about the calendarserver-changes mailing list