[CalendarServer-changes] [1389] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 14 14:42:35 PDT 2007
Revision: 1389
http://trac.macosforge.org/projects/calendarserver/changeset/1389
Author: dreid at apple.com
Date: 2007-03-14 14:42:34 -0700 (Wed, 14 Mar 2007)
Log Message:
-----------
Get rid of Kerberos Realm option, derive it form ServicePrincipal, defaulting to the value of ServerHostName if the principal does not contain a realm.
Add a lot of unittests for various aspects of the default resource hierarchy.
Modified Paths:
--------------
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/conf/caldavd.plist
CalendarServer/trunk/twistedcaldav/config.py
CalendarServer/trunk/twistedcaldav/tap.py
CalendarServer/trunk/twistedcaldav/test/test_tap.py
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2007-03-14 21:10:20 UTC (rev 1388)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2007-03-14 21:42:34 UTC (rev 1389)
@@ -226,8 +226,6 @@
<false/>
<key>ServicePrincipal</key>
<string></string>
- <key>Realm</key>
- <string></string>
</dict>
</dict>
Modified: CalendarServer/trunk/conf/caldavd.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd.plist 2007-03-14 21:10:20 UTC (rev 1388)
+++ CalendarServer/trunk/conf/caldavd.plist 2007-03-14 21:42:34 UTC (rev 1389)
@@ -173,8 +173,6 @@
<false/>
<key>ServicePrincipal</key>
<string></string>
- <key>Realm</key>
- <string></string>
</dict>
</dict>
Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py 2007-03-14 21:10:20 UTC (rev 1388)
+++ CalendarServer/trunk/twistedcaldav/config.py 2007-03-14 21:42:34 UTC (rev 1389)
@@ -90,7 +90,7 @@
},
"Kerberos": { # Kerberos/SPNEGO
"Enabled": False,
- "Realm": ""
+ "ServicePrincipal": ''
},
},
Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py 2007-03-14 21:10:20 UTC (rev 1388)
+++ CalendarServer/trunk/twistedcaldav/tap.py 2007-03-14 21:42:34 UTC (rev 1389)
@@ -388,9 +388,16 @@
log.msg("Kerberos support not available")
continue
+ service = schemeConfig['ServicePrincipal']
+
+ if '@' in service:
+ rest, kerbRealm = service.split('@', 1)
+ else:
+ kerbRealm = config.ServerHostName
+
credFactory = NegotiateCredentialFactory(
- schemeConfig['ServicePrincipal'],
- schemeConfig['Realm'],
+ service,
+ kerbRealm
)
elif scheme == 'digest':
Modified: CalendarServer/trunk/twistedcaldav/test/test_tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/test_tap.py 2007-03-14 21:10:20 UTC (rev 1388)
+++ CalendarServer/trunk/twistedcaldav/test/test_tap.py 2007-03-14 21:42:34 UTC (rev 1389)
@@ -159,6 +159,8 @@
Utility class for ServiceMaker tests.
"""
+ configOptions = None
+
def setUp(self):
self.options = TestCalDAVOptions()
self.options.parent = Options()
@@ -183,6 +185,9 @@
self.config['SudoersFile'] = ''
+ if self.configOptions:
+ self.config = config_mod._mergeData(self.config, self.configOptions)
+
os.mkdir(self.config['DocumentRoot'])
self.configFile = self.mktemp()
@@ -386,3 +391,136 @@
self.assertEquals(len(tcpServers), 0)
self.assertEquals(len(sslServers), 0)
+
+
+class ServiceHTTPFactoryTests(BaseServiceMakerTests):
+ """
+ Test the configuration of the initial resource hierarchy of the
+ single service
+ """
+
+ configOptions = {'HTTPPort': 8008}
+
+ def test_AuthWrapperAllEnabled(self):
+ """
+ Test the configuration of the authentication wrapper
+ when all schemes are enabled.
+ """
+ self.config['Authentication']['Digest']['Enabled'] = True
+ self.config['Authentication']['Kerberos']['Enabled'] = True
+ self.config['Authentication']['Basic']['Enabled'] = True
+
+ self.writeConfig()
+ site = self.getSite()
+
+ self.failUnless(isinstance(
+ site.resource.resource,
+ auth.AuthenticationWrapper))
+
+ authWrapper = site.resource.resource
+
+ expectedSchemes = ['negotiate', 'digest', 'basic']
+
+ for scheme in authWrapper.credentialFactories:
+ self.failUnless(scheme in expectedSchemes)
+
+ self.assertEquals(len(expectedSchemes),
+ len(authWrapper.credentialFactories))
+
+ def test_servicePrincipalNoRealm(self):
+ """
+ Test that the Kerberos Realm defaults to the ServerHostName when
+ the principal is not in the form of proto/host at realm
+ """
+ self.config['Authentication']['Kerberos']['ServicePrincipal'] = 'http/hello'
+ self.config['Authentication']['Kerberos']['Enabled'] = True
+ self.writeConfig()
+ site = self.getSite()
+
+ authWrapper = site.resource.resource
+
+ ncf = authWrapper.credentialFactories['negotiate']
+ self.assertEquals(ncf.service, 'http/hello')
+ self.assertEquals(ncf.realm, 'localhost')
+
+ def test_servicePrincipalWithRealm(self):
+ """
+ Test that the kerberos realm is the realm portion of a principal
+ in the form proto/host at realm
+ """
+ self.config['Authentication']['Kerberos']['ServicePrincipal'] = 'http/hello at bob'
+ self.config['Authentication']['Kerberos']['Enabled'] = True
+ self.writeConfig()
+ site = self.getSite()
+
+ authWrapper = site.resource.resource
+
+ ncf = authWrapper.credentialFactories['negotiate']
+ self.assertEquals(ncf.service, 'http/hello at bob')
+ self.assertEquals(ncf.realm, 'bob')
+
+ def test_AuthWrapperPartialEnabled(self):
+ """
+ Test that the expected credential factories exist when
+ only a partial set of authentication schemes is
+ enabled.
+ """
+
+ self.config['Authentication']['Basic']['Enabled'] = False
+ self.config['Authentication']['Kerberos']['Enabled'] = False
+
+ self.writeConfig()
+ site = self.getSite()
+
+ authWrapper = site.resource.resource
+
+ expectedSchemes = ['digest']
+
+ for scheme in authWrapper.credentialFactories:
+ self.failUnless(scheme in expectedSchemes)
+
+ self.assertEquals(len(expectedSchemes),
+ len(authWrapper.credentialFactories))
+
+ def test_LogWrapper(self):
+ """
+ Test the configuration of the log wrapper
+ """
+
+ site = self.getSite()
+
+ self.failUnless(isinstance(
+ site.resource,
+ LogWrapperResource))
+
+ def test_rootResource(self):
+ """
+ Test the root resource
+ """
+ site = self.getSite()
+ root = site.resource.resource.resource
+
+ self.failUnless(isinstance(root, CalDAVServiceMaker.rootResourceClass))
+
+ def test_principalResource(self):
+ """
+ Test the principal resource
+ """
+ site = self.getSite()
+ root = site.resource.resource.resource
+
+ self.failUnless(isinstance(
+ root.getChild('principals'),
+ CalDAVServiceMaker.principalResourceClass))
+
+ def test_calendarResource(self):
+ """
+ Test the calendar resource
+ """
+ site = self.getSite()
+ root = site.resource.resource.resource
+
+ self.failUnless(isinstance(
+ root.getChild('calendars'),
+ CalDAVServiceMaker.calendarResourceClass))
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070314/57b0c692/attachment.html
More information about the calendarserver-changes
mailing list