[CalendarServer-changes] [1543] CalendarServer/trunk/twistedcaldav/authkerb.py

[source_changes at macosforge.org]

Revision: 1543
          http://trac.macosforge.org/projects/calendarserver/changeset/1543
Author:   cdaboo at apple.com
Date:     2007-05-21 12:20:39 -0700 (Mon, 21 May 2007)

Log Message:
-----------
Refactored common __init__ code into a base class.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/authkerb.py

Modified: CalendarServer/trunk/twistedcaldav/authkerb.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/authkerb.py	2007-05-21 18:23:56 UTC (rev 1542)
+++ CalendarServer/trunk/twistedcaldav/authkerb.py	2007-05-21 19:20:39 UTC (rev 1543)
@@ -49,6 +49,49 @@
 
 import kerberos
 
+class KerberosCredentialFactoryBase(object):
+    """
+    Code common to Kerberos-based credential factories.
+    """
+
+    implements(ICredentialFactory)
+
+    def __init__(self, principal=None, type=None, hostname=None):
+        """
+        
+        @param principal:  full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+            then the type and hostname arguments are used instead.
+        @type service:     str
+        @param type:       service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+        @type type:        str
+        @param hostname:   hostname for this server. Must be C{None} if principal used.
+        @type hostname:    str
+        """
+
+        # Only certain combinations of arguments allowed
+        assert (principal and not type and not hostname) or (not principal and type and hostname)
+
+        if not principal:
+            # Look up the Kerberos principal given the service type and hostname, and extract
+            # the realm and a service principal value for later use.
+            try:
+                principal = kerberos.getServerPrincipalDetails(type, hostname)
+            except kerberos.KrbError, ex:
+                logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="KerberosCredentialFactoryBase")
+                raise ValueError('Authentication System Failure: %s' % (ex[0],))
+
+        try:
+            splits = principal.split("/")
+            servicetype = splits[0]
+            splits = splits[1].split("@")
+            realm = splits[1]
+        except IndexError:
+            logging.err("Invalid Kerberos principal: %s" % (principal,), system="KerberosCredentialFactoryBase")
+            raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
+                
+        self.service = "%s@%s" % (servicetype, realm,)
+        self.realm = realm
+
 class BasicKerberosCredentials(credentials.UsernamePassword):
     """
     A set of user/password credentials that checks itself against Kerberos.
@@ -72,7 +115,7 @@
         self.service = service
         self.default_realm = realm
         
-class BasicKerberosCredentialFactory:
+class BasicKerberosCredentialFactory(KerberosCredentialFactoryBase):
     """
     Authorizer for insecure Basic (base64-encoded plaintext) authentication.
 
@@ -80,8 +123,6 @@
     Right now we do not check for that.
     """
 
-    implements(ICredentialFactory)
-
     scheme = 'basic'
 
     def __init__(self, principal=None, type=None, hostname=None):
@@ -96,30 +137,8 @@
         @type hostname:    str
         """
 
-        # Only certain combinations of arguments allowed
-        assert (principal and not type and not hostname) or (not principal and type and hostname)
+        super(BasicKerberosCredentialFactory, self).__init__(principal, type, hostname)
 
-        if not principal:
-            # Look up the Kerberos principal given the service type and hostname, and extract
-            # the realm and a service principal value for later use.
-            try:
-                principal = kerberos.getServerPrincipalDetails(type, hostname)
-            except kerberos.KrbError, ex:
-                logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="BasicKerberosCredentialFactory")
-                raise ValueError('Authentication System Failure: %s' % (ex[0],))
-
-        try:
-            splits = principal.split("/")
-            servicetype = splits[0]
-            splits = splits[1].split("@")
-            realm = splits[1]
-        except IndexError:
-            logging.err("Invalid Kerberos principal: %s" % (principal,), system="BasicKerberosCredentialFactory")
-            raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
-                
-        self.service = "%s@%s" % (servicetype, realm,)
-        self.realm = realm
-
     def getChallenge(self, _ignore_peer):
         return {'realm': self.realm}
 
@@ -135,7 +154,7 @@
             return c
         raise error.LoginFailed('Invalid credentials')
 
-class BasicKerberosCredentialsChecker:
+class BasicKerberosCredentialsChecker(object):
 
     implements(checkers.ICredentialsChecker)
 
@@ -158,7 +177,7 @@
         
         raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.authnURI,))
 
-class NegotiateCredentials:
+class NegotiateCredentials(object):
     """
     A set of user/password credentials that checks itself against Kerberos.
     """
@@ -169,7 +188,7 @@
         
         self.username = username
         
-class NegotiateCredentialFactory:
+class NegotiateCredentialFactory(KerberosCredentialFactoryBase):
     """
     Authorizer for insecure Basic (base64-encoded plaintext) authentication.
 
@@ -177,8 +196,6 @@
     Right now we do not check for that.
     """
 
-    implements(ICredentialFactory)
-
     scheme = 'negotiate'
 
     def __init__(self, principal=None, type=None, hostname=None):
@@ -193,30 +210,8 @@
         @type hostname:    str
         """
 
-        # Only certain combinations of arguments allowed
-        assert (principal and not type and not hostname) or (not principal and type and hostname)
+        super(NegotiateCredentialFactory, self).__init__(principal, type, hostname)
 
-        if not principal:
-            # Look up the Kerberos principal given the service type and hostname, and extract
-            # the realm and a service principal value for later use.
-            try:
-                principal = kerberos.getServerPrincipalDetails(type, hostname)
-            except kerberos.KrbError, ex:
-                logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="NegotiateCredentialFactory")
-                raise ValueError('Authentication System Failure: %s' % (ex[0],))
-
-        try:
-            splits = principal.split("/")
-            servicetype = splits[0]
-            splits = splits[1].split("@")
-            realm = splits[1]
-        except IndexError:
-            logging.err("Invalid Kerberos principal: %s" % (principal,), system="NegotiateCredentialFactory")
-            raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
-                
-        self.service = "%s@%s" % (servicetype, realm,)
-        self.realm = realm
-
     def getChallenge(self, _ignore_peer):
         return {}
 
@@ -281,7 +276,7 @@
 
         return NegotiateCredentials(username)
 
-class NegotiateCredentialsChecker:
+class NegotiateCredentialsChecker(object):
 
     implements(checkers.ICredentialsChecker)
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070521/924d6685/attachment.html