[CalendarServer-changes] [1543]
CalendarServer/trunk/twistedcaldav/authkerb.py
source_changes at macosforge.org
source_changes at macosforge.org
Mon May 21 12:20:39 PDT 2007
Revision: 1543
http://trac.macosforge.org/projects/calendarserver/changeset/1543
Author: cdaboo at apple.com
Date: 2007-05-21 12:20:39 -0700 (Mon, 21 May 2007)
Log Message:
-----------
Refactored common __init__ code into a base class.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/authkerb.py
Modified: CalendarServer/trunk/twistedcaldav/authkerb.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/authkerb.py 2007-05-21 18:23:56 UTC (rev 1542)
+++ CalendarServer/trunk/twistedcaldav/authkerb.py 2007-05-21 19:20:39 UTC (rev 1543)
@@ -49,6 +49,49 @@
import kerberos
+class KerberosCredentialFactoryBase(object):
+ """
+ Code common to Kerberos-based credential factories.
+ """
+
+ implements(ICredentialFactory)
+
+ def __init__(self, principal=None, type=None, hostname=None):
+ """
+
+ @param principal: full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+ then the type and hostname arguments are used instead.
+ @type service: str
+ @param type: service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+ @type type: str
+ @param hostname: hostname for this server. Must be C{None} if principal used.
+ @type hostname: str
+ """
+
+ # Only certain combinations of arguments allowed
+ assert (principal and not type and not hostname) or (not principal and type and hostname)
+
+ if not principal:
+ # Look up the Kerberos principal given the service type and hostname, and extract
+ # the realm and a service principal value for later use.
+ try:
+ principal = kerberos.getServerPrincipalDetails(type, hostname)
+ except kerberos.KrbError, ex:
+ logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="KerberosCredentialFactoryBase")
+ raise ValueError('Authentication System Failure: %s' % (ex[0],))
+
+ try:
+ splits = principal.split("/")
+ servicetype = splits[0]
+ splits = splits[1].split("@")
+ realm = splits[1]
+ except IndexError:
+ logging.err("Invalid Kerberos principal: %s" % (principal,), system="KerberosCredentialFactoryBase")
+ raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
+
+ self.service = "%s@%s" % (servicetype, realm,)
+ self.realm = realm
+
class BasicKerberosCredentials(credentials.UsernamePassword):
"""
A set of user/password credentials that checks itself against Kerberos.
@@ -72,7 +115,7 @@
self.service = service
self.default_realm = realm
-class BasicKerberosCredentialFactory:
+class BasicKerberosCredentialFactory(KerberosCredentialFactoryBase):
"""
Authorizer for insecure Basic (base64-encoded plaintext) authentication.
@@ -80,8 +123,6 @@
Right now we do not check for that.
"""
- implements(ICredentialFactory)
-
scheme = 'basic'
def __init__(self, principal=None, type=None, hostname=None):
@@ -96,30 +137,8 @@
@type hostname: str
"""
- # Only certain combinations of arguments allowed
- assert (principal and not type and not hostname) or (not principal and type and hostname)
+ super(BasicKerberosCredentialFactory, self).__init__(principal, type, hostname)
- if not principal:
- # Look up the Kerberos principal given the service type and hostname, and extract
- # the realm and a service principal value for later use.
- try:
- principal = kerberos.getServerPrincipalDetails(type, hostname)
- except kerberos.KrbError, ex:
- logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="BasicKerberosCredentialFactory")
- raise ValueError('Authentication System Failure: %s' % (ex[0],))
-
- try:
- splits = principal.split("/")
- servicetype = splits[0]
- splits = splits[1].split("@")
- realm = splits[1]
- except IndexError:
- logging.err("Invalid Kerberos principal: %s" % (principal,), system="BasicKerberosCredentialFactory")
- raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
-
- self.service = "%s@%s" % (servicetype, realm,)
- self.realm = realm
-
def getChallenge(self, _ignore_peer):
return {'realm': self.realm}
@@ -135,7 +154,7 @@
return c
raise error.LoginFailed('Invalid credentials')
-class BasicKerberosCredentialsChecker:
+class BasicKerberosCredentialsChecker(object):
implements(checkers.ICredentialsChecker)
@@ -158,7 +177,7 @@
raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.authnURI,))
-class NegotiateCredentials:
+class NegotiateCredentials(object):
"""
A set of user/password credentials that checks itself against Kerberos.
"""
@@ -169,7 +188,7 @@
self.username = username
-class NegotiateCredentialFactory:
+class NegotiateCredentialFactory(KerberosCredentialFactoryBase):
"""
Authorizer for insecure Basic (base64-encoded plaintext) authentication.
@@ -177,8 +196,6 @@
Right now we do not check for that.
"""
- implements(ICredentialFactory)
-
scheme = 'negotiate'
def __init__(self, principal=None, type=None, hostname=None):
@@ -193,30 +210,8 @@
@type hostname: str
"""
- # Only certain combinations of arguments allowed
- assert (principal and not type and not hostname) or (not principal and type and hostname)
+ super(NegotiateCredentialFactory, self).__init__(principal, type, hostname)
- if not principal:
- # Look up the Kerberos principal given the service type and hostname, and extract
- # the realm and a service principal value for later use.
- try:
- principal = kerberos.getServerPrincipalDetails(type, hostname)
- except kerberos.KrbError, ex:
- logging.err("getServerPrincipalDetails: %s" % (ex[0],), system="NegotiateCredentialFactory")
- raise ValueError('Authentication System Failure: %s' % (ex[0],))
-
- try:
- splits = principal.split("/")
- servicetype = splits[0]
- splits = splits[1].split("@")
- realm = splits[1]
- except IndexError:
- logging.err("Invalid Kerberos principal: %s" % (principal,), system="NegotiateCredentialFactory")
- raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
-
- self.service = "%s@%s" % (servicetype, realm,)
- self.realm = realm
-
def getChallenge(self, _ignore_peer):
return {}
@@ -281,7 +276,7 @@
return NegotiateCredentials(username)
-class NegotiateCredentialsChecker:
+class NegotiateCredentialsChecker(object):
implements(checkers.ICredentialsChecker)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070521/924d6685/attachment.html
More information about the calendarserver-changes
mailing list