[CalendarServer-changes] [1945]
CalendarServer/branches/users/cdaboo/server2server-1941
source_changes at macosforge.org
source_changes at macosforge.org
Thu Oct 4 18:35:41 PDT 2007
Revision: 1945
http://trac.macosforge.org/projects/calendarserver/changeset/1945
Author: cdaboo at apple.com
Date: 2007-10-04 18:35:40 -0700 (Thu, 04 Oct 2007)
Log Message:
-----------
Merged branches/users/cdaboo/server2server-1842.
Modified Paths:
--------------
CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd-test.plist
CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd.plist
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/config.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/customxml.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/directory/calendar.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/method/report_common.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/static.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/tap.py
Added Paths:
-----------
CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver-test.xml
CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver.dtd
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/freebusyurl.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule_common.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserver.py
CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserverparser.py
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd-test.plist
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd-test.plist 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd-test.plist 2007-10-05 01:35:40 UTC (rev 1945)
@@ -330,7 +330,28 @@
<key>EnableNotifications</key>
<true/>
+ <!-- Server to server protocol -->
+ <key>ServerToServer</key>
+ <dict>
+ <key>Enabled</key>
+ <true/>
+ <key>Email Domain</key>
+ <string>example.com</string>
+ <key>HTTP Domain</key>
+ <string>example.com</string>
+ <key>Servers</key>
+ <string>conf/servertoserver-test.xml</string>
+ </dict>
+ <!-- Free-busy URL protocol -->
+ <key>FreeBusyURL</key>
+ <dict>
+ <key>Enabled</key>
+ <true/>
+ <key>Time Period</key>
+ <integer>14</integer>
+ </dict>
+
<!--
Twisted
-->
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd.plist
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd.plist 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/conf/caldavd.plist 2007-10-05 01:35:40 UTC (rev 1945)
@@ -264,6 +264,27 @@
<key>EnableNotifications</key>
<true/>
+ <!-- Server to server protocol -->
+ <key>ServerToServer</key>
+ <dict>
+ <key>Enabled</key>
+ <true/>
+ <key>Email Domain</key>
+ <string></string>
+ <key>HTTP Domain</key>
+ <string></string>
+ <key>Servers</key>
+ <string>/etc/caldavd/servertoserver.xml</string>
+ </dict>
+ <!-- Free-busy URL protocol -->
+ <key>FreeBusyURL</key>
+ <dict>
+ <key>Enabled</key>
+ <true/>
+ <key>Time Period</key>
+ <integer>14</integer>
+ </dict>
+
</dict>
</plist>
Copied: CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver-test.xml (from rev 1944, CalendarServer/branches/users/cdaboo/server2server-1842/conf/servertoserver-test.xml)
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver-test.xml (rev 0)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver-test.xml 2007-10-05 01:35:40 UTC (rev 1945)
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+Copyright (c) 2006-2007 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+ -->
+
+<!DOCTYPE servers SYSTEM "servertoserver.dtd">
+
+<servers>
+ <server>
+ <uri>https://localhost:8543/inbox</uri>
+ <allow-requests-from/>
+ <allow-requests-to/>
+ <domains>
+ <domain>example.org</domain>
+ </domains>
+ </server>
+</servers>
Copied: CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver.dtd (from rev 1944, CalendarServer/branches/users/cdaboo/server2server-1842/conf/servertoserver.dtd)
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver.dtd (rev 0)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/conf/servertoserver.dtd 2007-10-05 01:35:40 UTC (rev 1945)
@@ -0,0 +1,33 @@
+<!--
+Copyright (c) 2006-2007 Apple Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+DRI: Cyrus Daboo, cdaboo at apple.com
+ -->
+
+<!ELEMENT servers (server*) >
+
+ <!ELEMENT server (uri, authentication?, allow-requests-from, allow-requests-to, domains*) >
+
+ <!ELEMENT uri (#PCDATA) >
+ <!ELEMENT authentication (user, password) >
+ <!ATTLIST authentication type (basic) "">
+ <!ELEMENT user (#PCDATA) >
+ <!ELEMENT password (#PCDATA) >
+
+ <!ELEMENT allow-requests-from EMPTY >
+ <!ELEMENT allow-requests-to EMPTY >
+ <!ELEMENT domains (domain*) >
+
+ <!ELEMENT domain (#PCDATA) >
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/config.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/config.py 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/config.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -145,9 +145,20 @@
#
# Non-standard CalDAV extensions
#
- "EnableDropBox" : False, # Calendar Drop Box
- "EnableNotifications": False, # Drop Box Notifications
+ "EnableDropBox" : False, # Calendar Drop Box
+ "EnableNotifications" : False, # Drop Box Notifications
+
+ "ServerToServer": {
+ "Enabled" : False, # Server-to-server protocol
+ "Email Domain" : "", # Domain for mailto calendar user addresses on this server
+ "HTTP Domain" : "", # Domain for http calendar user addresses on this server
+ },
+ "FreeBusyURL": {
+ "Enabled" : False, # Per-user free-busy-url protocol
+ "Time Period" : 14, # Number of days into the future to generate f-b data if no explicit time-range is specified
+ },
+
#
# Implementation details
#
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/customxml.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/customxml.py 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/customxml.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -254,6 +254,22 @@
return found
+class ServerToServerInbox (davxml.WebDAVEmptyElement):
+ """
+ Denotes the resourcetype of a server-to-server Inbox.
+ (CalDAV-s2s-xx, section x.x.x)
+ """
+ namespace = calendarserver_namespace
+ name = "server-to-server-inbox"
+
+class FreeBusyURL (davxml.WebDAVEmptyElement):
+ """
+ Denotes the resourcetype of a free-busy URL resource.
+ (CalDAV-s2s-xx, section x.x.x)
+ """
+ namespace = calendarserver_namespace
+ name = "free-busy-url"
+
##
# Extensions to davxml.ResourceType
##
@@ -263,3 +279,5 @@
davxml.ResourceType.notifications = davxml.ResourceType(davxml.Collection(), Notifications())
davxml.ResourceType.calendarproxyread = davxml.ResourceType(davxml.Principal(), davxml.Collection(), CalendarProxyRead())
davxml.ResourceType.calendarproxywrite = davxml.ResourceType(davxml.Principal(), davxml.Collection(), CalendarProxyWrite())
+davxml.ResourceType.servertoserverinbox = davxml.ResourceType(ServerToServerInbox())
+davxml.ResourceType.freebusyurl = davxml.ResourceType(FreeBusyURL())
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/directory/calendar.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/directory/calendar.py 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/directory/calendar.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -26,16 +26,15 @@
"DirectoryCalendarHomeResource",
]
-from twisted.web2 import responsecode
from twisted.web2.dav import davxml
from twisted.web2.dav.util import joinURL
from twisted.web2.dav.resource import TwistedACLInheritable, TwistedQuotaRootProperty
-from twisted.web2.http import HTTPError
from twistedcaldav import caldavxml
from twistedcaldav.config import config
from twistedcaldav.dropbox import DropBoxHomeResource
from twistedcaldav.extensions import ReadOnlyResourceMixIn, DAVResource
+from twistedcaldav.freebusyurl import FreeBusyURLResource
from twistedcaldav.notifications import NotificationsCollectionResource
from twistedcaldav.resource import CalDAVResource
from twistedcaldav.schedule import ScheduleInboxResource, ScheduleOutboxResource
@@ -205,6 +204,10 @@
childlist += (
("notifications", NotificationsCollectionResource),
)
+ if config.FreeBusyURL["Enabled"]:
+ childlist += (
+ ("freebusy", FreeBusyURLResource),
+ )
for name, cls in childlist:
child = self.provisionChild(name)
assert isinstance(child, cls), "Child %r is not a %s: %r" % (name, cls.__name__, child)
Copied: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/freebusyurl.py (from rev 1942, CalendarServer/branches/users/cdaboo/server2server-1842/twistedcaldav/freebusyurl.py)
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/freebusyurl.py (rev 0)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/freebusyurl.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -0,0 +1,237 @@
+##
+# Copyright (c) 2005-2007 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: Cyrus Daboo, cdaboo at apple.com
+##
+
+"""
+Free-busy-URL resources.
+"""
+
+__all__ = [
+ "FreeBusyURLResource",
+]
+
+from twisted.internet.defer import deferredGenerator
+from twisted.internet.defer import waitForDeferred
+from twisted.python import log
+from twisted.web2 import responsecode
+from twisted.web2.dav import davxml
+from twisted.web2.dav.http import ErrorResponse
+from twisted.web2.http import HTTPError
+from twisted.web2.http import Response
+from twisted.web2.http import StatusResponse
+from twisted.web2.http_headers import MimeType
+from twisted.web2.stream import MemoryStream
+
+from twistedcaldav import caldavxml
+from twistedcaldav.caldavxml import TimeRange
+from twistedcaldav.config import config
+from twistedcaldav.customxml import calendarserver_namespace
+from twistedcaldav.ical import Property
+from twistedcaldav.ical import parse_datetime
+from twistedcaldav.ical import parse_duration
+from twistedcaldav.resource import CalDAVResource
+from twistedcaldav.schedule_common import Scheduler
+
+from vobject.icalendar import utc
+
+import datetime
+
+class FreeBusyURLResource (CalDAVResource):
+ """
+ Free-busy URL resource.
+
+ Extends L{DAVResource} to provide free-busy URL functionality.
+ """
+
+ def __init__(self, parent):
+ """
+ @param parent: the parent resource of this one.
+ """
+ assert parent is not None
+
+ CalDAVResource.__init__(self, principalCollections=parent.principalCollections())
+
+ self.parent = parent
+
+ def defaultAccessControlList(self):
+ return davxml.ACL(
+ # DAV:Read, CalDAV:schedule for all principals (does not include anonymous)
+ davxml.ACE(
+ davxml.Principal(davxml.Authenticated()),
+ davxml.Grant(
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(caldavxml.Schedule()),
+ ),
+ davxml.Protected(),
+ ),
+ )
+
+ def resourceType(self):
+ return davxml.ResourceType.freebusyurl
+
+ def isCollection(self):
+ return False
+
+ def isCalendarCollection(self):
+ return False
+
+ def isPseudoCalendarCollection(self):
+ return False
+
+ def render(self, request):
+ output = """<html>
+<head>
+<title>Free-Busy URL Resource</title>
+</head>
+<body>
+<h1>Free-busy URL Resource.</h1>
+</body
+</html>"""
+
+ response = Response(200, {}, output)
+ response.headers.setHeader("content-type", MimeType("text", "html"))
+ return response
+
+ def http_GET(self, request):
+ """
+ The free-busy URL POST method.
+ """
+ return self._processFBURL(request)
+
+ def http_POST(self, request):
+ """
+ The free-busy URL POST method.
+ """
+ return self._processFBURL(request)
+
+ @deferredGenerator
+ def _processFBURL(self, request):
+
+ #
+ # Check authentication and access controls
+ #
+ x = waitForDeferred(self.authorize(request, (davxml.Read(),)))
+ yield x
+ x.getResult()
+
+ # Extract query parameters from the URL
+ args = ('start', 'end', 'duration', 'token', 'format', 'user',)
+ for arg in args:
+ setattr(self, arg, request.args.get(arg, [None])[0])
+
+ # Some things we do not handle
+ if self.token or self.user:
+ raise HTTPError(ErrorResponse(responsecode.NOT_ACCEPTABLE, (calendarserver_namespace, "supported-query-parameter")))
+
+ # Check format
+ if self.format:
+ self.format = self.format.split(";")[0]
+ if self.format not in ("text/calendar", "text/plain"):
+ raise HTTPError(ErrorResponse(responsecode.NOT_ACCEPTABLE, (calendarserver_namespace, "supported-format")))
+ else:
+ self.format = "text/calendar"
+
+ # Start/end/duration must be valid iCalendar DATE-TIME UTC or DURATION values
+ try:
+ if self.start:
+ self.start = parse_datetime(self.start)
+ if self.start.tzinfo != utc:
+ raise ValueError()
+ if self.end:
+ self.end = parse_datetime(self.end)
+ if self.end.tzinfo != utc:
+ raise ValueError()
+ if self.duration:
+ self.duration = parse_duration(self.duration)
+ except ValueError:
+ raise HTTPError(ErrorResponse(responsecode.BAD_REQUEST, (calendarserver_namespace, "valid-query-parameters")))
+
+ # Sanity check start/end/duration
+
+ # End and duration cannot both be present
+ if self.end and self.duration:
+ raise HTTPError(ErrorResponse(responsecode.NOT_ACCEPTABLE, (calendarserver_namespace, "valid-query-parameters")))
+
+ # Duration must be positive
+ if self.duration and self.duration.days < 0:
+ raise HTTPError(ErrorResponse(responsecode.BAD_REQUEST, (calendarserver_namespace, "valid-query-parameters")))
+
+ # Now fill in the missing pieces
+ if self.start is None:
+ now = datetime.datetime.now()
+ self.start = now.replace(hour=0, minute=0, second=0, tzinfo=utc)
+ if self.duration:
+ self.end = self.start + self.duration
+ if self.end is None:
+ self.end = self.start + datetime.timedelta(days=config.FreeBusyURL["Time Period"])
+
+ # End > start
+ if self.end <= self.start:
+ raise HTTPError(ErrorResponse(responsecode.BAD_REQUEST, (calendarserver_namespace, "valid-query-parameters")))
+
+ # TODO: We should probably verify that the actual time-range is within sensible bounds (e.g. not too far in the past or future and not too long)
+
+ # Now lookup the principal details for the targetted user
+ principal = self.parent.principalForRecord()
+
+ # Pick the first mailto cu address or the first other type
+ cuaddr = None
+ for item in principal.calendarUserAddresses():
+ if cuaddr is None:
+ cuaddr = item
+ if item.startswith("mailto"):
+ cuaddr = item
+ break
+
+ # Get inbox details
+ inboxURL = principal.scheduleInboxURL()
+ if inboxURL is None:
+ raise HTTPError(StatusResponse(responsecode.INTERNAL_SERVER_ERROR, "No schedule inbox URL for principal: %s" % (principal,)))
+ try:
+ inbox = waitForDeferred(request.locateResource(inboxURL))
+ yield inbox
+ inbox = inbox.getResult()
+ except:
+ log.err("No schedule inbox for principal: %s" % (principal,))
+ inbox = None
+ if inbox is None:
+ raise HTTPError(StatusResponse(responsecode.INTERNAL_SERVER_ERROR, "No schedule inbox for principal: %s" % (principal,)))
+
+ scheduler = Scheduler(request, self)
+ scheduler.timerange = TimeRange(start="20000101T000000Z", end="20070102T000000Z")
+ scheduler.timerange.start = self.start
+ scheduler.timerange.end = self.end
+
+ scheduler.organizer = Scheduler.LocalCalendarUser(cuaddr, principal, inbox, inboxURL)
+
+ attendeeProp = Property("ATTENDEE", scheduler.organizer.cuaddr)
+
+ d = waitForDeferred(scheduler.generateAttendeeFreeBusyResponse(
+ scheduler.organizer,
+ None,
+ None,
+ attendeeProp,
+ False,
+ ))
+ yield d
+ fbresult = d.getResult()
+
+ response = Response()
+ response.stream = MemoryStream(str(fbresult))
+ response.headers.setHeader("content-type", MimeType.fromString("%s; charset=utf-8" % (self.format,)))
+
+ yield response
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/method/report_common.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/method/report_common.py 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/method/report_common.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -264,7 +264,8 @@
_namedPropertiesForResource = deferredGenerator(_namedPropertiesForResource)
def generateFreeBusyInfo(request, calresource, fbinfo, timerange, matchtotal,
- excludeuid=None, organizer=None, same_calendar_user=False):
+ excludeuid=None, organizer=None, same_calendar_user=False,
+ servertoserver=False):
"""
Run a free busy report on the specified calendar collection
accumulating the free busy info for later processing.
@@ -279,16 +280,19 @@
This is used in conjunction with the UID value to process exclusions.
@param same_calendar_user: a C{bool} indicating whether the calendar user requesting tyhe free-busy information
is the same as the calendar user being targeted.
+ @param servertoserver: a C{bool} indicating whether we are doing a local or remote lookup request.
"""
# First check the privilege on this collection
- try:
- d = waitForDeferred(calresource.checkPrivileges(request, (caldavxml.ReadFreeBusy(),)))
- yield d
- d.getResult()
- except AccessDeniedError:
- yield matchtotal
- return
+ # TODO: for server-to-server we bypass this right now as we have no way to authorize external users.
+ if not servertoserver:
+ try:
+ d = waitForDeferred(calresource.checkPrivileges(request, (caldavxml.ReadFreeBusy(),)))
+ yield d
+ d.getResult()
+ except AccessDeniedError:
+ yield matchtotal
+ return
#
# What we do is a fake calendar-query for VEVENT/VFREEBUSYs in the specified time-range.
@@ -333,12 +337,14 @@
yield child
child = child.getResult()
- try:
- d = waitForDeferred(child.checkPrivileges(request, (caldavxml.ReadFreeBusy(),), inherited_aces=filteredaces))
- yield d
- d.getResult()
- except AccessDeniedError:
- continue
+ # TODO: for server-to-server we bypass this right now as we have no way to authorize external users.
+ if not servertoserver:
+ try:
+ d = waitForDeferred(child.checkPrivileges(request, (caldavxml.ReadFreeBusy(),), inherited_aces=filteredaces))
+ yield d
+ d.getResult()
+ except AccessDeniedError:
+ continue
calendar = calresource.iCalendar(name)
@@ -567,7 +573,7 @@
normalizePeriodList(periods)
return periods
-def buildFreeBusyResult(fbinfo, timerange, organizer=None, attendee=None, uid=None):
+def buildFreeBusyResult(fbinfo, timerange, organizer=None, attendee=None, uid=None, method=None):
"""
Generate a VCALENDAR object containing a single VFREEBUSY that is the
aggregate of the free busy info passed in.
@@ -587,6 +593,8 @@
# Now build a new calendar object with the free busy info we have
fbcalendar = Component("VCALENDAR")
fbcalendar.addProperty(Property("PRODID", iCalendarProductID))
+ if method:
+ fbcalendar.addProperty(Property("METHOD", method))
fb = Component("VFREEBUSY")
fbcalendar.addComponent(fb)
if organizer is not None:
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule.py 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -23,34 +23,27 @@
__all__ = [
"ScheduleInboxResource",
"ScheduleOutboxResource",
+ "ScheduleServerToServerResource",
]
-from twisted.internet import reactor
-from twisted.internet.defer import deferredGenerator, maybeDeferred, succeed, waitForDeferred
-from twisted.python import log
-from twisted.python.failure import Failure
+from twisted.internet.defer import deferredGenerator, succeed, waitForDeferred
from twisted.web2 import responsecode
-from twisted.web2.http import HTTPError, Response
-from twisted.web2.http_headers import MimeType
from twisted.web2.dav import davxml
-from twisted.web2.dav.http import ErrorResponse, errorForFailure, messageForFailure, statusForFailure
-from twisted.web2.dav.resource import AccessDeniedError
+from twisted.web2.dav.http import ErrorResponse
from twisted.web2.dav.util import joinURL
+from twisted.web2.http import HTTPError
+from twisted.web2.http import Response
+from twisted.web2.http_headers import MimeType
from twistedcaldav import caldavxml
-from twistedcaldav import itip
-from twistedcaldav.resource import CalDAVResource
-from twistedcaldav.caldavxml import caldav_namespace, TimeRange
+from twistedcaldav.caldavxml import caldav_namespace
from twistedcaldav.config import config
from twistedcaldav.customxml import calendarserver_namespace
-from twistedcaldav.ical import Component
-from twistedcaldav.method import report_common
-from twistedcaldav.method.put_common import storeCalendarObjectResource
+from twistedcaldav.resource import CalDAVResource
from twistedcaldav.resource import isCalendarCollectionResource
+from twistedcaldav.schedule_common import CalDAVScheduler
+from twistedcaldav.schedule_common import ServerToServerScheduler
-import md5
-import time
-
class CalendarSchedulingCollectionResource (CalDAVResource):
"""
CalDAV principal resource.
@@ -201,398 +194,86 @@
yield x
x.getResult()
- # Must be content-type text/calendar
- content_type = request.headers.getHeader("content-type")
- if content_type is not None and (content_type.mediaType, content_type.mediaSubtype) != ("text", "calendar"):
- log.err("MIME type %s not allowed in calendar collection" % (content_type,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "supported-calendar-data")))
-
- # Must have Originator header
- originator = request.headers.getRawHeaders("originator")
- if originator is None or (len(originator) != 1):
- log.err("POST request must have Originator header")
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-specified")))
- else:
- originator = originator[0]
-
- # Verify that Originator is a valid calendar user (has an INBOX)
- oprincipal = self.principalForCalendarUserAddress(originator)
- if oprincipal is None:
- log.err("Could not find principal for originator: %s" % (originator,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+ # This is a local CALDAV scheduling operation.
+ scheduler = CalDAVScheduler(request, self)
- inboxURL = oprincipal.scheduleInboxURL()
- if inboxURL is None:
- log.err("Could not find inbox for originator: %s" % (originator,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
-
- # Verify that Originator matches the authenticated user
- if davxml.Principal(davxml.HRef(oprincipal.principalURL())) != self.currentPrincipal(request):
- log.err("Originator: %s does not match authorized user: %s" % (originator, self.currentPrincipal(request).children[0],))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+ # Do the POST processing treating
+ x = waitForDeferred(scheduler.doSchedulingViaPOST())
+ yield x
+ yield x.getResult()
- # Get list of Recipient headers
- rawrecipients = request.headers.getRawHeaders("recipient")
- if rawrecipients is None or (len(rawrecipients) == 0):
- log.err("POST request must have at least one Recipient header")
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "recipient-specified")))
- # Recipient header may be comma separated list
- recipients = []
- for rawrecipient in rawrecipients:
- for r in rawrecipient.split(","):
- r = r.strip()
- if len(r):
- recipients.append(r)
+class ScheduleServerToServerResource (CalDAVResource):
+ """
+ Server-to-server schedule Inbox resource.
- timerange = TimeRange(start="20000101", end="20000102")
- recipients_state = {"OK":0, "BAD":0}
+ Extends L{DAVResource} to provide Server-to-server functionality.
+ """
- # Parse the calendar object from the HTTP request stream
- try:
- d = waitForDeferred(Component.fromIStream(request.stream))
- yield d
- calendar = d.getResult()
- except:
- log.err("Error while handling POST: %s" % (Failure(),))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
-
- # Must be a valid calendar
- try:
- calendar.validCalendarForCalDAV()
- except ValueError:
- log.err("POST request calendar component is not valid: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+ def __init__(self, parent):
+ """
+ @param parent: the parent resource of this one.
+ """
+ assert parent is not None
- # Must have a METHOD
- if not calendar.isValidMethod():
- log.err("POST request must have valid METHOD property in calendar component: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
-
- # Verify iTIP behaviour
- if not calendar.isValidITIP():
- log.err("POST request must have a calendar component that satisfies iTIP requirements: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
-
- # Verify that the ORGANIZER's cu address maps to the request.uri
- outboxURL = None
- organizer = calendar.getOrganizer()
- if organizer is not None:
- oprincipal = self.principalForCalendarUserAddress(organizer)
- if oprincipal is not None:
- outboxURL = oprincipal.scheduleOutboxURL()
- if outboxURL is None:
- log.err("ORGANIZER in calendar data is not valid: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+ CalDAVResource.__init__(self, principalCollections=parent.principalCollections())
- # Prevent spoofing of ORGANIZER with specific METHODs
- if (calendar.propertyValue("METHOD") in ("PUBLISH", "REQUEST", "ADD", "CANCEL", "DECLINECOUNTER")) and (outboxURL != request.uri):
- log.err("ORGANIZER in calendar data does not match owner of Outbox: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+ self.parent = parent
- # Prevent spoofing when doing reply-like METHODs
- if calendar.propertyValue("METHOD") in ("REPLY", "COUNTER", "REFRESH"):
- # Verify that there is a single ATTENDEE property and that the Originator has permission
- # to send on behalf of that ATTENDEE
- attendees = calendar.getAttendees()
-
- # Must have only one
- if len(attendees) != 1:
- log.err("ATTENDEE list in calendar data is wrong: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
-
- # Attendee's Outbox MUST be the request URI
- aoutboxURL = None
- aprincipal = self.principalForCalendarUserAddress(attendees[0])
- if aprincipal is not None:
- aoutboxURL = aprincipal.scheduleOutboxURL()
- if aoutboxURL is None or aoutboxURL != request.uri:
- log.err("ATTENDEE in calendar data does not match owner of Outbox: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
+ def defaultAccessControlList(self):
+ return davxml.ACL(
+ # DAV:Read, CalDAV:schedule for all principals (includes anonymous)
+ davxml.ACE(
+ davxml.Principal(davxml.All()),
+ davxml.Grant(
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(caldavxml.Schedule()),
+ ),
+ davxml.Protected(),
+ ),
+ )
- # For free-busy do immediate determination of iTIP result rather than fan-out
- if (calendar.propertyValue("METHOD") == "REQUEST") and (calendar.mainType() == "VFREEBUSY"):
- # Extract time range from VFREEBUSY object
- vfreebusies = [v for v in calendar.subcomponents() if v.name() == "VFREEBUSY"]
- if len(vfreebusies) != 1:
- log.err("iTIP data is not valid for a VFREEBUSY request: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
- dtstart = vfreebusies[0].getStartDateUTC()
- dtend = vfreebusies[0].getEndDateUTC()
- if dtstart is None or dtend is None:
- log.err("VFREEBUSY start/end not valid: %s" % (calendar,))
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
- timerange.start = dtstart
- timerange.end = dtend
+ def resourceType(self):
+ return davxml.ResourceType.servertoserverinbox
- # Look for maksed UID
- excludeuid = calendar.getMaskUID()
+ def isCollection(self):
+ return False
- # Do free busy operation
- freebusy = True
- else:
- # Do regular invite (fan-out)
- freebusy = False
+ def isCalendarCollection(self):
+ return False
- # Prepare for multiple responses
- responses = ScheduleResponseQueue("POST", responsecode.OK)
-
- # Extract the ORGANIZER property and UID value from the calendar data for use later
- organizerProp = calendar.getOrganizerProperty()
- uid = calendar.resourceUID()
+ def isPseudoCalendarCollection(self):
+ return False
- # Loop over each recipient and do appropriate action.
- autoresponses = []
- for recipient in recipients:
- # Get the principal resource for this recipient
- principal = self.principalForCalendarUserAddress(recipient)
+ def render(self, request):
+ output = """<html>
+<head>
+<title>Server To Server Inbox Resource</title>
+</head>
+<body>
+<h1>Server To Server Inbox Resource.</h1>
+</body
+</html>"""
- # Map recipient to their inbox
- inbox = None
- if principal is None:
- log.err("No principal for calendar user address: %s" % (recipient,))
- else:
- inboxURL = principal.scheduleInboxURL()
- if inboxURL:
- inbox = waitForDeferred(request.locateResource(inboxURL))
- yield inbox
- inbox = inbox.getResult()
- else:
- log.err("No schedule inbox for principal: %s" % (principal,))
+ response = Response(200, {}, output)
+ response.headers.setHeader("content-type", MimeType("text", "html"))
+ return response
- if inbox is None:
- err = HTTPError(ErrorResponse(responsecode.NOT_FOUND, (caldav_namespace, "recipient-exists")))
- responses.add(recipient, Failure(exc_value=err), reqstatus="3.7;Invalid Calendar User")
- recipients_state["BAD"] += 1
-
- # Process next recipient
- continue
- else:
- #
- # Check access controls
- #
- try:
- d = waitForDeferred(inbox.checkPrivileges(request, (caldavxml.Schedule(),), principal=davxml.Principal(davxml.HRef(oprincipal.principalURL()))))
- yield d
- d.getResult()
- except AccessDeniedError:
- log.err("Could not access Inbox for recipient: %s" % (recipient,))
- err = HTTPError(ErrorResponse(responsecode.NOT_FOUND, (caldav_namespace, "recipient-permisions")))
- responses.add(recipient, Failure(exc_value=err), reqstatus="3.8;No authority")
- recipients_state["BAD"] += 1
-
- # Process next recipient
- continue
-
- # Different behaviour for free-busy vs regular invite
- if freebusy:
- # Extract the ATTENDEE property matching current recipient from the calendar data
- cuas = principal.calendarUserAddresses()
- attendeeProp = calendar.getAttendeeProperty(cuas)
-
- # Find the current recipients calendar-free-busy-set
- fbset = waitForDeferred(principal.calendarFreeBusyURIs(request))
- yield fbset
- fbset = fbset.getResult()
-
- # First list is BUSY, second BUSY-TENTATIVE, third BUSY-UNAVAILABLE
- fbinfo = ([], [], [])
-
- try:
- # Process the availability property from the Inbox.
- has_prop = waitForDeferred(inbox.hasProperty((calendarserver_namespace, "calendar-availability"), request))
- yield has_prop
- has_prop = has_prop.getResult()
- if has_prop:
- availability = waitForDeferred(inbox.readProperty((calendarserver_namespace, "calendar-availability"), request))
- yield availability
- availability = availability.getResult()
- availability = availability.calendar()
- report_common.processAvailabilityFreeBusy(availability, fbinfo, timerange)
-
- # Check to see if the recipient is the same calendar user as the organizer.
- # Needed for masked UID stuff.
- same_calendar_user = oprincipal.principalURL() == principal.principalURL()
-
- # Now process free-busy set calendars
- matchtotal = 0
- for calURL in fbset:
- cal = waitForDeferred(request.locateResource(calURL))
- yield cal
- cal = cal.getResult()
- if cal is None or not cal.exists() or not isCalendarCollectionResource(cal):
- # We will ignore missing calendars. If the recipient has failed to
- # properly manage the free busy set that should not prevent us from working.
- continue
-
- matchtotal = waitForDeferred(report_common.generateFreeBusyInfo(
- request,
- cal,
- fbinfo,
- timerange,
- matchtotal,
- excludeuid=excludeuid,
- organizer=organizer,
- same_calendar_user=same_calendar_user))
- yield matchtotal
- matchtotal = matchtotal.getResult()
-
- # Build VFREEBUSY iTIP reply for this recipient
- fbresult = report_common.buildFreeBusyResult(fbinfo, timerange, organizer=organizerProp, attendee=attendeeProp, uid=uid)
-
- responses.add(recipient, responsecode.OK, reqstatus="2.0;Success", calendar=fbresult)
- recipients_state["OK"] += 1
-
- except:
- log.err("Could not determine free busy information: %s" % (recipient,))
- err = HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "recipient-permissions")))
- responses.add(recipient, Failure(exc_value=err), reqstatus="3.8;No authority")
- recipients_state["BAD"] += 1
-
- else:
- # Hash the iCalendar data for use as the last path element of the URI path
- name = md5.new(str(calendar) + str(time.time()) + inbox.fp.path).hexdigest() + ".ics"
-
- # Get a resource for the new item
- childURL = joinURL(inboxURL, name)
- child = waitForDeferred(request.locateResource(childURL))
- yield child
- child = child.getResult()
-
- # Copy calendar to inbox (doing fan-out)
- d = waitForDeferred(
- maybeDeferred(
- storeCalendarObjectResource,
- request=request,
- sourcecal = False,
- destination = child,
- destination_uri = childURL,
- calendardata = str(calendar),
- destinationparent = inbox,
- destinationcal = True,
- isiTIP = True
- )
- )
- yield d
- try:
- d.getResult()
- responses.add(recipient, responsecode.OK, reqstatus="2.0;Success")
- recipients_state["OK"] += 1
-
- # Store CALDAV:originator property
- child.writeDeadProperty(caldavxml.Originator(davxml.HRef(originator)))
-
- # Store CALDAV:recipient property
- child.writeDeadProperty(caldavxml.Recipient(davxml.HRef(recipient)))
-
- # Look for auto-schedule option
- if principal.autoSchedule():
- autoresponses.append((principal, inbox, child))
- except:
- log.err("Could not store data in Inbox : %s" % (inbox,))
- err = HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "recipient-permissions")))
- responses.add(recipient, Failure(exc_value=err), reqstatus="3.8;No authority")
- recipients_state["BAD"] += 1
-
- # Now we have to do auto-respond
- if len(autoresponses) != 0:
- # First check that we have a method that we can auto-respond to
- if not itip.canAutoRespond(calendar):
- autoresponses = []
-
- # Now do the actual auto response
- for principal, inbox, child in autoresponses:
- # Add delayed reactor task to handle iTIP responses
- reactor.callLater(0.0, itip.handleRequest, *(request, principal, inbox, calendar.duplicate(), child)) #@UndefinedVariable
- #reactor.callInThread(itip.handleRequest, *(request, principal, inbox, calendar.duplicate(), child)) #@UndefinedVariable
-
- # Return with final response if we are done
- yield responses.response()
-
-class ScheduleResponseResponse (Response):
- """
- ScheduleResponse L{Response} object.
- Renders itself as a CalDAV:schedule-response XML document.
- """
- def __init__(self, xml_responses, location=None):
+ @deferredGenerator
+ def http_POST(self, request):
"""
- @param xml_responses: an interable of davxml.Response objects.
- @param location: the value of the location header to return in the response,
- or None.
+ The server-to-server POST method.
"""
- Response.__init__(self, code=responsecode.OK,
- stream=caldavxml.ScheduleResponse(*xml_responses).toxml())
+ # Check authentication and access controls
+ x = waitForDeferred(self.authorize(request, (caldavxml.Schedule(),)))
+ yield x
+ x.getResult()
- self.headers.setHeader("content-type", MimeType("text", "xml"))
-
- if location is not None:
- self.headers.setHeader("location", location)
+ # This is a server-to-server scheduling operation.
+ scheduler = ServerToServerScheduler(request, self)
-class ScheduleResponseQueue (object):
- """
- Stores a list of (typically error) responses for use in a
- L{ScheduleResponse}.
- """
- def __init__(self, method, success_response):
- """
- @param method: the name of the method generating the queue.
- @param success_response: the response to return in lieu of a
- L{ScheduleResponse} if no responses are added to this queue.
- """
- self.responses = []
- self.method = method
- self.success_response = success_response
- self.location = None
-
- def setLocation(self, location):
- """
- @param location: the value of the location header to return in the response,
- or None.
- """
- self.location = location
-
- def add(self, recipient, what, reqstatus=None, calendar=None):
- """
- Add a response.
- @param recipient: the recipient for this response.
- @param what: a status code or a L{Failure} for the given recipient.
- @param status: the iTIP request-status for the given recipient.
- @param calendar: the calendar data for the given recipient response.
- """
- if type(what) is int:
- code = what
- error = None
- message = responsecode.RESPONSES[code]
- elif isinstance(what, Failure):
- code = statusForFailure(what)
- error = errorForFailure(what)
- message = messageForFailure(what)
- else:
- raise AssertionError("Unknown data type: %r" % (what,))
-
- if code > 400: # Error codes only
- log.err("Error during %s for %s: %s" % (self.method, recipient, message))
-
- children = []
- children.append(caldavxml.Recipient(davxml.HRef.fromString(recipient)))
- children.append(caldavxml.RequestStatus(reqstatus))
- if calendar is not None:
- children.append(caldavxml.CalendarData.fromCalendar(calendar))
- if error is not None:
- children.append(error)
- if message is not None:
- children.append(davxml.ResponseDescription(message))
- self.responses.append(caldavxml.Response(*children))
-
- def response(self):
- """
- Generate a L{ScheduleResponseResponse} with the responses contained in the
- queue or, if no such responses, return the C{success_response} provided
- to L{__init__}.
- @return: the response.
- """
- if self.responses:
- return ScheduleResponseResponse(self.responses, self.location)
- else:
- return self.success_response
+ # Do the POST processing treating this as a non-local schedule
+ x = waitForDeferred(scheduler.doSchedulingViaPOST())
+ yield x
+ yield x.getResult()
Copied: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule_common.py (from rev 1942, CalendarServer/branches/users/cdaboo/server2server-1842/twistedcaldav/schedule_common.py)
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule_common.py (rev 0)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/schedule_common.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -0,0 +1,963 @@
+##
+# Copyright (c) 2005-2007 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: Cyrus Daboo, cdaboo at apple.com
+##
+
+"""
+CalDAV/Server-to-Server scheduling behavior.
+"""
+
+__all__ = [
+ "Scheduler",
+ "CalDAVScheduler",
+ "ServerToServerScheduler",
+]
+
+from twisted.internet import reactor
+from twisted.internet.defer import DeferredList
+from twisted.internet.defer import deferredGenerator, maybeDeferred, waitForDeferred
+from twisted.python import log
+from twisted.python.failure import Failure
+from twisted.web2 import responsecode
+from twisted.web2.http import HTTPError, Response
+from twisted.web2.http_headers import MimeType
+from twisted.web2.dav import davxml
+from twisted.web2.dav.http import ErrorResponse, errorForFailure, messageForFailure, statusForFailure
+from twisted.web2.dav.resource import AccessDeniedError
+from twisted.web2.dav.util import joinURL
+
+from twistedcaldav import caldavxml
+from twistedcaldav import itip
+from twistedcaldav.caldavxml import caldav_namespace, TimeRange
+from twistedcaldav.config import config
+from twistedcaldav.customxml import calendarserver_namespace
+from twistedcaldav.ical import Component
+from twistedcaldav.method import report_common
+from twistedcaldav.method.put_common import storeCalendarObjectResource
+from twistedcaldav.resource import isCalendarCollectionResource
+from twistedcaldav.servertoserver import ServerToServer
+from twistedcaldav.servertoserver import ServerToServerRequest
+
+import itertools
+import md5
+import socket
+import time
+
+class Scheduler(object):
+
+ class CalendarUser(object):
+ def __init__(self, cuaddr):
+ self.cuaddr = cuaddr
+
+ class LocalCalendarUser(CalendarUser):
+ def __init__(self, cuaddr, principal, inbox=None, inboxURL=None):
+ self.cuaddr = cuaddr
+ self.principal = principal
+ self.inbox = inbox
+ self.inboxURL = inboxURL
+
+ def __str__(self):
+ return "Local calendar user: %s" % (self.cuaddr,)
+
+ class RemoteCalendarUser(CalendarUser):
+ def __init__(self, cuaddr):
+ self.cuaddr = cuaddr
+ self.extractDomain()
+
+ def __str__(self):
+ return "Remote calendar user: %s" % (self.cuaddr,)
+
+ def extractDomain(self):
+ if self.cuaddr.startswith("mailto:"):
+ splits = self.cuaddr[7:].split("?")
+ self.domain = splits[0].split("@")[1]
+ elif self.cuaddr.startswith("http://") or self.cuaddr.startswith("https://"):
+ splits = self.cuaddr.split(":")[0][2:].split("?")
+ self.domain = splits[0]
+ else:
+ self.domain = ""
+
+ class InvalidCalendarUser(CalendarUser):
+
+ def __str__(self):
+ return "Invalid calendar user: %s" % (self.cuaddr,)
+
+
+ def __init__(self, request, resource):
+ self.request = request
+ self.resource = resource
+ self.originator = None
+ self.recipients = None
+ self.calendar = None
+ self.organizer = None
+ self.timerange = None
+ self.excludeuid = None
+
+ @deferredGenerator
+ def doSchedulingViaPOST(self):
+ """
+ The Scheduling POST operation.
+ """
+
+ # Do some extra authorization checks
+ self.checkAuthorization()
+
+ # Load various useful bits doing some basic checks on those
+ self.loadOriginator()
+ self.loadRecipients()
+ d = waitForDeferred(self.loadCalendar())
+ yield d
+ d.getResult()
+
+ # Check validity of Originator header.
+ self.checkOriginator()
+
+ # Get recipient details.
+ d = waitForDeferred(self.checkRecipients())
+ yield d
+ d.getResult()
+
+ # Check calendar data.
+ self.checkCalendarData()
+
+ # Check validity of ORGANIZER
+ self.checkOrganizer()
+
+ # Do security checks (e.g. spoofing)
+ self.securityChecks()
+
+ # Do scheduling tasks
+ d = waitForDeferred(self.generateSchedulingResponse())
+ yield d
+ yield d.getResult()
+
+ def loadOriginator(self):
+ # Must have Originator header
+ originator = self.request.headers.getRawHeaders("originator")
+ if originator is None or (len(originator) != 1):
+ log.err("POST request must have Originator header")
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-specified")))
+ else:
+ self.originator = originator[0]
+
+ def loadRecipients(self):
+ # Get list of Recipient headers
+ rawrecipients = self.request.headers.getRawHeaders("recipient")
+ if rawrecipients is None or (len(rawrecipients) == 0):
+ log.err("POST request must have at least one Recipient header")
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "recipient-specified")))
+
+ # Recipient header may be comma separated list
+ self.recipients = []
+ for rawrecipient in rawrecipients:
+ for r in rawrecipient.split(","):
+ r = r.strip()
+ if len(r):
+ self.recipients.append(r)
+
+ @deferredGenerator
+ def loadCalendar(self):
+ # Must be content-type text/calendar
+ content_type = self.request.headers.getHeader("content-type")
+ if content_type is not None and (content_type.mediaType, content_type.mediaSubtype) != ("text", "calendar"):
+ log.err("MIME type %s not allowed in calendar collection" % (content_type,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "supported-calendar-data")))
+
+ # Parse the calendar object from the HTTP request stream
+ try:
+ d = waitForDeferred(Component.fromIStream(self.request.stream))
+ yield d
+ self.calendar = d.getResult()
+ except:
+ log.err("Error while handling POST: %s" % (Failure(),))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+
+ def checkAuthorization(self):
+ raise NotImplementedError
+
+ def checkOriginator(self):
+ raise NotImplementedError
+
+ def checkRecipient(self):
+ raise NotImplementedError
+
+ def checkOrganizer(self):
+ raise NotImplementedError
+
+ def checkOrganizerAsOriginator(self):
+ raise NotImplementedError
+
+ def checkAttendeeAsOriginator(self):
+ raise NotImplementedError
+
+ def checkCalendarData(self):
+ # Must be a valid calendar
+ try:
+ self.calendar.validCalendarForCalDAV()
+ except ValueError:
+ log.err("POST request calendar component is not valid: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+
+ # Must have a METHOD
+ if not self.calendar.isValidMethod():
+ log.err("POST request must have valid METHOD property in calendar component: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+
+ # Verify iTIP behaviour
+ if not self.calendar.isValidITIP():
+ log.err("POST request must have a calendar component that satisfies iTIP requirements: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+
+ def checkForFreeBusy(self):
+ if (self.calendar.propertyValue("METHOD") == "REQUEST") and (self.calendar.mainType() == "VFREEBUSY"):
+ # Extract time range from VFREEBUSY object
+ vfreebusies = [v for v in self.calendar.subcomponents() if v.name() == "VFREEBUSY"]
+ if len(vfreebusies) != 1:
+ log.err("iTIP data is not valid for a VFREEBUSY request: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+ dtstart = vfreebusies[0].getStartDateUTC()
+ dtend = vfreebusies[0].getEndDateUTC()
+ if dtstart is None or dtend is None:
+ log.err("VFREEBUSY start/end not valid: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+ self.timerange = TimeRange(start="20000101T000000Z", end="20070102T000000Z")
+ self.timerange.start = dtstart
+ self.timerange.end = dtend
+
+ # Look for maksed UID
+ self.excludeuid = self.calendar.getMaskUID()
+
+ # Do free busy operation
+ return True
+ else:
+ # Do regular invite (fan-out)
+ return False
+
+ def securityChecks(self):
+ raise NotImplementedError
+
+ @staticmethod
+ def isCalendarUserAddressInMyDomain(cuaddr):
+ """
+ Check whether the supplied calendar user address corresponds to one that ought to be within
+ this server's domain.
+
+ For now we will try to match email and http domains against ones in our config.
+
+ @param cuaddr: the calendar user address to check.
+ @type cuaddr: C{str}
+
+ @return: C{True} if the address is within the server's domain,
+ C{False} otherwise.
+ """
+
+ if cuaddr.startswith("mailto:"):
+ splits = cuaddr[7:].split("?")
+ domain = config.ServerToServer["Email Domain"]
+ if not domain:
+ domain = config.ServerHostName
+ return splits[0].endswith(domain)
+ elif cuaddr.startswith("http://") or cuaddr.startswith("https://"):
+ splits = cuaddr.split(":")[0][2:].split("?")
+ domain = config.ServerToServer["HTTP Domain"]
+ if not domain:
+ domain = config.ServerHostName
+ return splits[0].endswith(domain)
+ else:
+ return False
+
+ @deferredGenerator
+ def generateSchedulingResponse(self):
+
+ # For free-busy do immediate determination of iTIP result rather than fan-out
+ freebusy = self.checkForFreeBusy()
+
+ # Prepare for multiple responses
+ responses = ScheduleResponseQueue("POST", responsecode.OK)
+
+ # Extract the ORGANIZER property and UID value from the calendar data for use later
+ organizerProp = self.calendar.getOrganizerProperty()
+ uid = self.calendar.resourceUID()
+
+ # Loop over each recipient and do appropriate action.
+ remote_recipients = []
+ autoresponses = []
+ for recipient in self.recipients:
+
+ if isinstance(recipient, Scheduler.InvalidCalendarUser):
+ err = HTTPError(ErrorResponse(responsecode.NOT_FOUND, (caldav_namespace, "recipient-exists")))
+ responses.add(recipient.cuaddr, Failure(exc_value=err), reqstatus="3.7;Invalid Calendar User")
+
+ # Process next recipient
+ continue
+ elif isinstance(recipient, Scheduler.RemoteCalendarUser):
+ # Pool remote recipients into a seperate list for processing after the local ones.
+ remote_recipients.append(recipient)
+
+ # Process next recipient
+ continue
+ elif isinstance(recipient, Scheduler.LocalCalendarUser):
+ #
+ # Check access controls
+ #
+ if isinstance(self.organizer, Scheduler.LocalCalendarUser):
+ try:
+ d = waitForDeferred(recipient.inbox.checkPrivileges(self.request, (caldavxml.Schedule(),), principal=davxml.Principal(davxml.HRef(self.organizer.principal.principalURL()))))
+ yield d
+ d.getResult()
+ except AccessDeniedError:
+ log.err("Could not access Inbox for recipient: %s" % (recipient.cuaddr,))
+ err = HTTPError(ErrorResponse(responsecode.NOT_FOUND, (caldav_namespace, "recipient-permisions")))
+ responses.add(recipient.cuaddr, Failure(exc_value=err), reqstatus="3.8;No authority")
+
+ # Process next recipient
+ continue
+ else:
+ # TODO: need to figure out how best to do server-to-server authorization.
+ # First thing would be to checkk for DAV:unauthenticated privilege.
+ # Next would be to allow the calendar user address of the organizer/originator to be used
+ # as a principal.
+ pass
+
+ # Different behaviour for free-busy vs regular invite
+ if freebusy:
+ d = waitForDeferred(self.generateLocalFreeBusyResponse(recipient, responses, organizerProp, uid))
+ else:
+ d = waitForDeferred(self.generateLocalResponse(recipient, responses, autoresponses))
+ yield d
+ d.getResult()
+
+ # Now process remote recipients
+ if remote_recipients:
+ d = waitForDeferred(self.generateRemoteSchedulingResponses(remote_recipients, responses))
+ yield d
+ d.getResult()
+
+ # Now we have to do auto-respond
+ if len(autoresponses) != 0:
+ # First check that we have a method that we can auto-respond to
+ if not itip.canAutoRespond(self.calendar):
+ autoresponses = []
+
+ # Now do the actual auto response
+ for principal, inbox, child in autoresponses:
+ # Add delayed reactor task to handle iTIP responses
+ reactor.callLater(0.0, itip.handleRequest, *(self.request, principal, inbox, self.calendar.duplicate(), child)) #@UndefinedVariable
+
+ # Return with final response if we are done
+ yield responses.response()
+
+ @deferredGenerator
+ def generateRemoteSchedulingResponses(self, recipients, responses):
+ """
+ Generate scheduling responses for remote recipients.
+ """
+
+ # Group recipients by server so that we can do a single request with multiple recipients
+ # to each different server.
+ groups = {}
+ servermgr = ServerToServer()
+ for recipient in recipients:
+ # Map the recipient's domain to a server
+ server = servermgr.mapDomain(recipient.domain)
+ if not server:
+ # Cannot do server-to-server for this recipient.
+ err = HTTPError(ErrorResponse(responsecode.NOT_FOUND, (caldav_namespace, "recipient-allowed")))
+ responses.add(recipient.cuaddr, Failure(exc_value=err), reqstatus="5.3;No scheduling support for user")
+
+ # Process next recipient
+ continue
+
+ if not server.allow_to:
+ # Cannot do server-to-server outgoing requests for this server.
+ err = HTTPError(ErrorResponse(responsecode.NOT_FOUND, (caldav_namespace, "recipient-allowed")))
+ responses.add(recipient.cuaddr, Failure(exc_value=err), reqstatus="5.1;Service unavailable")
+
+ # Process next recipient
+ continue
+
+ groups.setdefault(server, []).append(recipient)
+
+ if len(groups) == 0:
+ yield None
+ return
+
+ # Now we process each server: let's use a DeferredList to aggregate all the Deferred's
+ # we will generate for each request. That way we can have parallel requests in progress
+ # rather than serialize them.
+ deferreds = []
+ for server, recipients in groups.iteritems():
+ requestor = ServerToServerRequest(self, server, recipients, responses)
+ deferreds.append(requestor.doRequest())
+
+ d = waitForDeferred(DeferredList(deferreds))
+ yield d
+ d.getResult()
+
+ @deferredGenerator
+ def generateLocalResponse(self, recipient, responses, autoresponses):
+ # Hash the iCalendar data for use as the last path element of the URI path
+ calendar_str = str(self.calendar)
+ name = md5.new(calendar_str + str(time.time()) + recipient.inbox.fp.path).hexdigest() + ".ics"
+
+ # Get a resource for the new item
+ childURL = joinURL(recipient.inboxURL, name)
+ child = waitForDeferred(self.request.locateResource(childURL))
+ yield child
+ child = child.getResult()
+
+ # Copy calendar to inbox (doing fan-out)
+ try:
+ d = waitForDeferred(
+ maybeDeferred(
+ storeCalendarObjectResource,
+ request=self.request,
+ sourcecal = False,
+ destination = child,
+ destination_uri = childURL,
+ calendardata = calendar_str,
+ destinationparent = recipient.inbox,
+ destinationcal = True,
+ isiTIP = True
+ )
+ )
+ yield d
+ d.getResult()
+ responses.add(recipient.cuaddr, responsecode.OK, reqstatus="2.0;Success")
+
+ # Store CALDAV:originator property
+ child.writeDeadProperty(caldavxml.Originator(davxml.HRef(self.originator.cuaddr)))
+
+ # Store CALDAV:recipient property
+ child.writeDeadProperty(caldavxml.Recipient(davxml.HRef(recipient.cuaddr)))
+
+ # Look for auto-schedule option
+ if recipient.principal.autoSchedule():
+ autoresponses.append((recipient.principal, recipient.inbox, child))
+
+ yield True
+ except:
+ log.err("Could not store data in Inbox : %s" % (recipient.inbox,))
+ err = HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "recipient-permissions")))
+ responses.add(recipient.cuaddr, Failure(exc_value=err), reqstatus="3.8;No authority")
+ yield False
+
+ @deferredGenerator
+ def generateLocalFreeBusyResponse(self, recipient, responses, organizerProp, uid):
+
+ # Extract the ATTENDEE property matching current recipient from the calendar data
+ cuas = recipient.principal.calendarUserAddresses()
+ attendeeProp = self.calendar.getAttendeeProperty(cuas)
+
+ remote = isinstance(self.organizer, Scheduler.RemoteCalendarUser)
+
+ try:
+ d = waitForDeferred(self.generateAttendeeFreeBusyResponse(
+ recipient,
+ organizerProp,
+ uid,
+ attendeeProp,
+ remote,
+ ))
+ yield d
+ fbresult = d.getResult()
+
+ responses.add(recipient.cuaddr, responsecode.OK, reqstatus="2.0;Success", calendar=fbresult)
+
+ yield True
+ except:
+ log.err("Could not determine free busy information: %s" % (recipient.cuaddr,))
+ err = HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "recipient-permissions")))
+ responses.add(recipient.cuaddr, Failure(exc_value=err), reqstatus="3.8;No authority")
+
+ yield False
+
+ @deferredGenerator
+ def generateAttendeeFreeBusyResponse(self, recipient, organizerProp, uid, attendeeProp, remote):
+
+ # Find the current recipients calendar-free-busy-set
+ fbset = waitForDeferred(recipient.principal.calendarFreeBusyURIs(self.request))
+ yield fbset
+ fbset = fbset.getResult()
+
+ # First list is BUSY, second BUSY-TENTATIVE, third BUSY-UNAVAILABLE
+ fbinfo = ([], [], [])
+
+ # Process the availability property from the Inbox.
+ has_prop = waitForDeferred(recipient.inbox.hasProperty((calendarserver_namespace, "calendar-availability"), self.request))
+ yield has_prop
+ has_prop = has_prop.getResult()
+ if has_prop:
+ availability = waitForDeferred(recipient.inbox.readProperty((calendarserver_namespace, "calendar-availability"), self.request))
+ yield availability
+ availability = availability.getResult()
+ availability = availability.calendar()
+ report_common.processAvailabilityFreeBusy(availability, fbinfo, self.timerange)
+
+ # Check to see if the recipient is the same calendar user as the organizer.
+ # Needed for masked UID stuff.
+ if isinstance(self.organizer, Scheduler.LocalCalendarUser):
+ same_calendar_user = self.organizer.principal.principalURL() == recipient.principal.principalURL()
+ else:
+ same_calendar_user = False
+
+ # Now process free-busy set calendars
+ matchtotal = 0
+ for calURL in fbset:
+ cal = waitForDeferred(self.request.locateResource(calURL))
+ yield cal
+ cal = cal.getResult()
+ if cal is None or not cal.exists() or not isCalendarCollectionResource(cal):
+ # We will ignore missing calendars. If the recipient has failed to
+ # properly manage the free busy set that should not prevent us from working.
+ continue
+
+ matchtotal = waitForDeferred(report_common.generateFreeBusyInfo(
+ self.request,
+ cal,
+ fbinfo,
+ self.timerange,
+ matchtotal,
+ excludeuid=self.excludeuid,
+ organizer=self.organizer.cuaddr,
+ same_calendar_user=same_calendar_user,
+ servertoserver=remote))
+ yield matchtotal
+ matchtotal = matchtotal.getResult()
+
+ # Build VFREEBUSY iTIP reply for this recipient
+ fbresult = report_common.buildFreeBusyResult(fbinfo, self.timerange, organizer=organizerProp, attendee=attendeeProp, uid=uid, method="REPLY")
+
+ yield fbresult
+
+ def generateRemoteResponse(self):
+ raise NotImplementedError
+
+ def generateRemoteFreeBusyResponse(self):
+ raise NotImplementedError
+
+class CalDAVScheduler(Scheduler):
+
+ def checkAuthorization(self):
+ # Must have an authenticated user
+ if self.resource.currentPrincipal(self.request) == davxml.Principal(davxml.Unauthenticated()):
+ log.err("Unauthenticated originators not allowed: %s" % (self.originator,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+
+ def checkOriginator(self):
+ """
+ Check the validity of the Originator header. Extract the corresponding principal.
+ """
+
+ # Verify that Originator is a valid calendar user
+ originator_principal = self.resource.principalForCalendarUserAddress(self.originator)
+ if originator_principal is None:
+ # Local requests MUST have a principal.
+ log.err("Could not find principal for originator: %s" % (self.originator,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+ else:
+ # Must have a valid Inbox.
+ inboxURL = originator_principal.scheduleInboxURL()
+ if inboxURL is None:
+ log.err("Could not find inbox for originator: %s" % (self.originator,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+
+ # Verify that Originator matches the authenticated user.
+ authn_principal = self.resource.currentPrincipal(self.request)
+ if davxml.Principal(davxml.HRef(originator_principal.principalURL())) != authn_principal:
+ log.err("Originator: %s does not match authorized user: %s" % (self.originator, authn_principal.children[0],))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+
+ self.originator = Scheduler.LocalCalendarUser(self.originator, originator_principal)
+
+ @deferredGenerator
+ def checkRecipients(self):
+ """
+ Check the validity of the Recipient header values. Map these into local or
+ remote CalendarUsers.
+ """
+
+ results = []
+ for recipient in self.recipients:
+ # Get the principal resource for this recipient
+ principal = self.resource.principalForCalendarUserAddress(recipient)
+
+ # If no principal we may have a remote recipient but we should check whether
+ # the address is one that ought to be on our server and treat that as a missing
+ # user. Also if server-to-server is not enabled then remote addresses are not allowed.
+ if principal is None:
+ if self.isCalendarUserAddressInMyDomain(recipient):
+ log.err("No principal for calendar user address: %s" % (recipient,))
+ results.append(Scheduler.InvalidCalendarUser(recipient))
+ elif not config.ServerToServer["Enabled"]:
+ log.err("Unknown calendar user address: %s" % (recipient,))
+ results.append(Scheduler.InvalidCalendarUser(recipient))
+ else:
+ results.append(Scheduler.RemoteCalendarUser(recipient))
+ else:
+ # Map recipient to their inbox
+ inbox = None
+ inboxURL = principal.scheduleInboxURL()
+ if inboxURL:
+ inbox = waitForDeferred(self.request.locateResource(inboxURL))
+ yield inbox
+ inbox = inbox.getResult()
+
+ if inbox:
+ results.append(Scheduler.LocalCalendarUser(recipient, principal, inbox, inboxURL))
+ else:
+ log.err("No schedule inbox for principal: %s" % (principal,))
+ results.append(Scheduler.InvalidCalendarUser(recipient))
+
+ self.recipients = results
+
+ def checkOrganizer(self):
+ """
+ Check the validity of the ORGANIZER value. ORGANIZER must be local.
+ """
+
+ # Verify that the ORGANIZER's cu address maps to a valid user
+ organizer = self.calendar.getOrganizer()
+ if organizer:
+ orgprincipal = self.resource.principalForCalendarUserAddress(organizer)
+ if orgprincipal:
+ outboxURL = orgprincipal.scheduleOutboxURL()
+ if outboxURL:
+ self.organizer = Scheduler.LocalCalendarUser(organizer, orgprincipal)
+ else:
+ log.err("No outbox for ORGANIZER in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+ elif self.isCalendarUserAddressInMyDomain(organizer):
+ log.err("No principal for ORGANIZER in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+ else:
+ self.organizer = Scheduler.RemoteCalendarUser(organizer)
+ else:
+ log.err("ORGANIZER missing in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+
+ def checkOrganizerAsOriginator(self):
+ # Make sure that the ORGANIZER's Outbox is the request URI
+ if self.organizer.principal.scheduleOutboxURL() != self.request.uri:
+ log.err("Wrong outbox for ORGANIZER in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+
+ def checkAttendeeAsOriginator(self):
+ """
+ Check the validity of the ATTENDEE value as this is the originator of the iTIP message.
+ Only local attendees are allowed for message originating from this server.
+ """
+
+ # Verify that there is a single ATTENDEE property
+ attendees = self.calendar.getAttendees()
+
+ # Must have only one
+ if len(attendees) != 1:
+ log.err("Wrong number of ATTENDEEs in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
+ attendee = attendees[0]
+
+ # Attendee's Outbox MUST be the request URI
+ aprincipal = self.resource.principalForCalendarUserAddress(attendee)
+ if aprincipal:
+ aoutboxURL = aprincipal.scheduleOutboxURL()
+ if aoutboxURL is None or aoutboxURL != self.request.uri:
+ log.err("ATTENDEE in calendar data does not match owner of Outbox: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
+ else:
+ log.err("Unkown ATTENDEE in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
+
+ def securityChecks(self):
+ """
+ Check that the orginator has the appropriate rights to send this type of iTIP message.
+ """
+
+ # Prevent spoofing of ORGANIZER with specific METHODs when local
+ if self.calendar.propertyValue("METHOD") in ("PUBLISH", "REQUEST", "ADD", "CANCEL", "DECLINECOUNTER"):
+ self.checkOrganizerAsOriginator()
+
+ # Prevent spoofing when doing reply-like METHODs
+ elif self.calendar.propertyValue("METHOD") in ("REPLY", "COUNTER", "REFRESH"):
+ self.checkAttendeeAsOriginator()
+
+ else:
+ log.err("Unknown iTIP METHOD for security checks: %s" % (self.calendar.propertyValue("METHOD"),))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+
+class ServerToServerScheduler(Scheduler):
+
+ def checkAuthorization(self):
+ # Must have an unauthenticated user
+ if self.resource.currentPrincipal(self.request) != davxml.Principal(davxml.Unauthenticated()):
+ log.err("Authenticated originators not allowed: %s" % (self.originator,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+
+ def checkOriginator(self):
+ """
+ Check the validity of the Originator header.
+ """
+
+ # For remote requests we do not allow the originator to be a local user or one within our domain.
+ originator_principal = self.resource.principalForCalendarUserAddress(self.originator)
+ if originator_principal or self.isCalendarUserAddressInMyDomain(self.originator):
+ log.err("Cannot use originator that is on this server: %s" % (self.originator,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+ else:
+ self.originator = Scheduler.RemoteCalendarUser(self.originator)
+
+ # We will only accept originator in known domains.
+ servermgr = ServerToServer()
+ server = servermgr.mapDomain(self.originator.domain)
+ if not server or not server.allow_from:
+ log.err("Originator not on recognized server: %s" % (self.originator,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+ else:
+ # Get the request IP and map to hostname.
+ clientip = self.request.remoteAddr.host
+
+ # First compare as dotted IP
+ if clientip != server.host:
+ # Now do hostname lookup
+ host, aliases, _ignore_ips = socket.gethostbyaddr(clientip)
+ for host in itertools.chain((host,), aliases):
+ if host == server.host:
+ break
+ else:
+ log.err("Originator not on allowed server: %s" % (self.originator,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "originator-allowed")))
+
+ @deferredGenerator
+ def checkRecipients(self):
+ """
+ Check the validity of the Recipient header values. These must all be local as there
+ is no concept of server-to-server relaying.
+ """
+
+ results = []
+ for recipient in self.recipients:
+ # Get the principal resource for this recipient
+ principal = self.resource.principalForCalendarUserAddress(recipient)
+
+ # If no principal we may have a remote recipient but we should check whether
+ # the address is one that ought to be on our server and treat that as a missing
+ # user. Also if server-to-server is not enabled then remote addresses are not allowed.
+ if principal is None:
+ if self.isCalendarUserAddressInMyDomain(recipient):
+ log.err("No principal for calendar user address: %s" % (recipient,))
+ results.append(Scheduler.InvalidCalendarUser(recipient))
+ else:
+ log.err("Unknown calendar user address: %s" % (recipient,))
+ results.append(Scheduler.InvalidCalendarUser(recipient))
+ else:
+ # Map recipient to their inbox
+ inbox = None
+ inboxURL = principal.scheduleInboxURL()
+ if inboxURL:
+ inbox = waitForDeferred(self.request.locateResource(inboxURL))
+ yield inbox
+ inbox = inbox.getResult()
+
+ if inbox:
+ results.append(Scheduler.LocalCalendarUser(recipient, principal, inbox, inboxURL))
+ else:
+ log.err("No schedule inbox for principal: %s" % (principal,))
+ results.append(Scheduler.InvalidCalendarUser(recipient))
+
+ self.recipients = results
+
+ def checkOrganizer(self):
+ """
+ Delay ORGANIZER check until we know what their role is.
+ """
+ pass
+
+ def checkOrganizerAsOriginator(self):
+ """
+ Check the validity of the ORGANIZER value. ORGANIZER must not be local.
+ """
+
+ # Verify that the ORGANIZER's cu address does not map to a valid user
+ organizer = self.calendar.getOrganizer()
+ if organizer:
+ orgprincipal = self.resource.principalForCalendarUserAddress(organizer)
+ if orgprincipal:
+ log.err("Invalid ORGANIZER in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+ elif self.isCalendarUserAddressInMyDomain(organizer):
+ log.err("Unsupported ORGANIZER in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+ else:
+ self.organizer = Scheduler.RemoteCalendarUser(organizer)
+ else:
+ log.err("ORGANIZER missing in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "organizer-allowed")))
+
+ def checkAttendeeAsOriginator(self):
+ """
+ Check the validity of the ATTENDEE value as this is the originator of the iTIP message.
+ Only local attendees are allowed for message originating from this server.
+ """
+
+ # Verify that there is a single ATTENDEE property
+ attendees = self.calendar.getAttendees()
+
+ # Must have only one
+ if len(attendees) != 1:
+ log.err("Wrong number of ATTENDEEs in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
+ attendee = attendees[0]
+
+ # Attendee cannot be local.
+ aprincipal = self.resource.principalForCalendarUserAddress(attendee)
+ if aprincipal:
+ log.err("Invalid ATTENDEE in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
+ elif self.isCalendarUserAddressInMyDomain(attendee):
+ log.err("Unkown ATTENDEE in calendar data: %s" % (self.calendar,))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "attendee-allowed")))
+
+ # TODO: in this case we should check that the ORGANIZER is the sole recipient.
+
+ def securityChecks(self):
+ """
+ Check that the orginator has the appropriate rights to send this type of iTIP message.
+ """
+
+ # Prevent spoofing of ORGANIZER with specific METHODs when local
+ if self.calendar.propertyValue("METHOD") in ("PUBLISH", "REQUEST", "ADD", "CANCEL", "DECLINECOUNTER"):
+ self.checkOrganizerAsOriginator()
+
+ # Prevent spoofing when doing reply-like METHODs
+ elif self.calendar.propertyValue("METHOD") in ("REPLY", "COUNTER", "REFRESH"):
+ self.checkAttendeeAsOriginator()
+
+ else:
+ log.err("Unknown iTIP METHOD for security checks: %s" % (self.calendar.propertyValue("METHOD"),))
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+
+class ScheduleResponseResponse (Response):
+ """
+ ScheduleResponse L{Response} object.
+ Renders itself as a CalDAV:schedule-response XML document.
+ """
+ def __init__(self, xml_responses, location=None):
+ """
+ @param xml_responses: an interable of davxml.Response objects.
+ @param location: the value of the location header to return in the response,
+ or None.
+ """
+
+ Response.__init__(self, code=responsecode.OK,
+ stream=caldavxml.ScheduleResponse(*xml_responses).toxml())
+
+ self.headers.setHeader("content-type", MimeType("text", "xml"))
+
+ if location is not None:
+ self.headers.setHeader("location", location)
+
+class ScheduleResponseQueue (object):
+ """
+ Stores a list of (typically error) responses for use in a
+ L{ScheduleResponse}.
+ """
+ def __init__(self, method, success_response):
+ """
+ @param method: the name of the method generating the queue.
+ @param success_response: the response to return in lieu of a
+ L{ScheduleResponse} if no responses are added to this queue.
+ """
+ self.responses = []
+ self.method = method
+ self.success_response = success_response
+ self.location = None
+
+ def setLocation(self, location):
+ """
+ @param location: the value of the location header to return in the response,
+ or None.
+ """
+ self.location = location
+
+ def add(self, recipient, what, reqstatus=None, calendar=None):
+ """
+ Add a response.
+ @param recipient: the recipient for this response.
+ @param what: a status code or a L{Failure} for the given recipient.
+ @param status: the iTIP request-status for the given recipient.
+ @param calendar: the calendar data for the given recipient response.
+ """
+ if type(what) is int:
+ code = what
+ error = None
+ message = responsecode.RESPONSES[code]
+ elif isinstance(what, Failure):
+ code = statusForFailure(what)
+ error = errorForFailure(what)
+ message = messageForFailure(what)
+ else:
+ raise AssertionError("Unknown data type: %r" % (what,))
+
+ if code > 400: # Error codes only
+ log.err("Error during %s for %s: %s" % (self.method, recipient, message))
+
+ children = []
+ children.append(caldavxml.Recipient(davxml.HRef.fromString(recipient)))
+ children.append(caldavxml.RequestStatus(reqstatus))
+ if calendar is not None:
+ children.append(caldavxml.CalendarData.fromCalendar(calendar))
+ if error is not None:
+ children.append(error)
+ if message is not None:
+ children.append(davxml.ResponseDescription(message))
+ self.responses.append(caldavxml.Response(*children))
+
+ def clone(self, clone):
+ """
+ Add a response cloned from an existing caldavxml.Response element.
+ @param clone: the response to clone.
+ """
+ if not isinstance(clone, caldavxml.Response):
+ raise AssertionError("Incorrect element type: %r" % (clone,))
+
+ recipient = clone.childOfType(caldavxml.Recipient)
+ request_status = clone.childOfType(caldavxml.RequestStatus)
+ calendar_data = clone.childOfType(caldavxml.CalendarData)
+ error = clone.childOfType(davxml.Error)
+ desc = clone.childOfType(davxml.ResponseDescription)
+
+ children = []
+ children.append(recipient)
+ children.append(request_status)
+ if calendar_data is not None:
+ children.append(calendar_data)
+ if error is not None:
+ children.append(error)
+ if desc is not None:
+ children.append(desc)
+ self.responses.append(caldavxml.Response(*children))
+
+ def response(self):
+ """
+ Generate a L{ScheduleResponseResponse} with the responses contained in the
+ queue or, if no such responses, return the C{success_response} provided
+ to L{__init__}.
+ @return: the response.
+ """
+ if self.responses:
+ return ScheduleResponseResponse(self.responses, self.location)
+ else:
+ return self.success_response
Copied: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserver.py (from rev 1942, CalendarServer/branches/users/cdaboo/server2server-1842/twistedcaldav/servertoserver.py)
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserver.py (rev 0)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserver.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -0,0 +1,178 @@
+##
+# Copyright (c) 2005-2007 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: Cyrus Daboo, cdaboo at apple.com
+##
+from twisted.web2.dav.util import allDataFromStream
+from twisted.web2.stream import MemoryStream
+import logging
+
+"""
+Server to server utility functions and client requests.
+"""
+
+__all__ = [
+ "ServerToServer",
+ "ServerToServerRequest",
+]
+
+
+from twisted.internet.defer import deferredGenerator
+from twisted.internet.defer import waitForDeferred
+from twisted.internet.protocol import ClientCreator
+from twisted.python import log
+from twisted.python.failure import Failure
+from twisted.python.filepath import FilePath
+from twisted.web2 import responsecode
+from twisted.web2.client.http import ClientRequest
+from twisted.web2.client.http import HTTPClientProtocol
+from twisted.web2.dav.http import ErrorResponse
+from twisted.web2.dav.util import davXMLFromStream
+from twisted.web2.http import HTTPError
+from twisted.web2.http_headers import MimeType
+from twistedcaldav.caldavxml import caldav_namespace
+from twistedcaldav.config import config
+from twistedcaldav.servertoserverparser import ServerToServerParser
+from twisted.web2.http_headers import Headers
+from twistedcaldav import caldavxml
+
+class ServerToServer(object):
+
+ _fileInfo = None
+ _xmlFile = None
+ _servers = None
+ _domainMap = None
+
+ def __init__(self):
+
+ self._loadConfig()
+
+ def _loadConfig(self):
+ if ServerToServer._servers is None:
+ ServerToServer._xmlFile = FilePath(config.ServerToServer["Servers"])
+ ServerToServer._xmlFile.restat()
+ fileInfo = (ServerToServer._xmlFile.getmtime(), ServerToServer._xmlFile.getsize())
+ if fileInfo != ServerToServer._fileInfo:
+ parser = ServerToServerParser(ServerToServer._xmlFile)
+ ServerToServer._servers = parser.servers
+ self._mapDomains()
+ ServerToServer._fileInfo = fileInfo
+
+ def _mapDomains(self):
+ ServerToServer._domainMap = {}
+ for server in ServerToServer._servers:
+ for domain in server.domains:
+ ServerToServer._domainMap[domain] = server
+
+ def mapDomain(self, domain):
+ """
+ Map a calendar user address domain to a suitable server that can
+ handle server-to-server requests for that user.
+ """
+ return ServerToServer._domainMap.get(domain)
+
+class ServerToServerRequest(object):
+
+ def __init__(self, scheduler, server, recipients, responses):
+
+ self.scheduler = scheduler
+ self.server = server
+ self.recipients = recipients
+ self.responses = responses
+
+ self._generateHeaders()
+ self._prepareData()
+
+ @deferredGenerator
+ def doRequest(self):
+
+ # Generate an HTTP client request
+ try:
+ from twisted.internet import reactor
+ if self.server.ssl:
+ from tap import ChainingOpenSSLContextFactory
+ context = ChainingOpenSSLContextFactory(config.SSLPrivateKey, config.SSLCertificate, certificateChainFile=config.SSLAuthorityChain)
+ d = waitForDeferred(ClientCreator(reactor, HTTPClientProtocol).connectSSL(self.server.host, self.server.port, context))
+ else:
+ d = waitForDeferred(ClientCreator(reactor, HTTPClientProtocol).connectTCP(self.server.host, self.server.port))
+ yield d
+ proto = d.getResult()
+
+ log.msg("Sending server-to-server POST request: %s" % (self.server.path,))
+ if logging.canLog("debug"):
+ logging.debug(self.headers, system="Server-to-server Send")
+ logging.debug(self.data, system="Server-to-server Send")
+ d = waitForDeferred(proto.submitRequest(ClientRequest("POST", self.server.path, self.headers, self.data)))
+ yield d
+ response = d.getResult()
+
+ log.msg("Received server-to-server POST response: %s" % (response.code,))
+ if logging.canLog("debug"):
+ logging.debug(response.headers, system="Server-to-server Send")
+ d = waitForDeferred(allDataFromStream(response.stream))
+ yield d
+ data = d.getResult()
+ logging.debug(data, system="Server-to-server Send")
+ response.stream = MemoryStream(data)
+ d = waitForDeferred(davXMLFromStream(response.stream))
+ yield d
+ xml = d.getResult()
+
+ self._parseResponse(xml)
+ except Exception, e:
+ # Generated failed responses for each recipient
+ log.err("Could not do server-to-server request : %s %s" % (self, e))
+ for recipient in self.recipients:
+ err = HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "recipient-failed")))
+ self.responses.add(recipient.cuaddr, Failure(exc_value=err), reqstatus="5.1;Service unavailable")
+
+ def _generateHeaders(self):
+ self.headers = Headers()
+ self.headers.setHeader('Host', self.server.host + ":%s" % (self.server.port,))
+ self.headers.addRawHeader('Originator', self.scheduler.originator.cuaddr)
+ self._doAuthentication()
+ for recipient in self.recipients:
+ self.headers.addRawHeader('Recipient', recipient.cuaddr)
+ self.headers.setHeader('Content-Type', MimeType("text", "calendar", params={"charset":"utf-8"}))
+
+ def _doAuthentication(self):
+ if self.server.authentication and self.server.authentication[0] == "basic":
+ self.headers.setHeader(
+ 'Authorization',
+ ('Basic', ("%s:%s" % (self.server.authentication[1], self.server.authentication[2],)).encode('base64')[:-1])
+ )
+
+ def _prepareData(self):
+ self.data = str(self.scheduler.calendar)
+
+ def _parseResponse(self, xml):
+
+ # Check for correct root element
+ schedule_response = xml.root_element
+ if not isinstance(schedule_response, caldavxml.ScheduleResponse) or not schedule_response.children:
+ raise HTTPError(responsecode.BAD_REQUEST)
+
+ # Parse each response - do this twice: once looking for errors that will
+ # result in all recipients shown as failures; the second loop adds all the
+ # valid responses to the actual result.
+ for response in schedule_response.children:
+ if not isinstance(response, caldavxml.Response) or not response.children:
+ raise HTTPError(responsecode.BAD_REQUEST)
+ recipient = response.childOfType(caldavxml.Recipient)
+ request_status = response.childOfType(caldavxml.RequestStatus)
+ if not recipient or not request_status:
+ raise HTTPError(responsecode.BAD_REQUEST)
+ for response in schedule_response.children:
+ self.responses.clone(response)
Copied: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserverparser.py (from rev 1942, CalendarServer/branches/users/cdaboo/server2server-1842/twistedcaldav/servertoserverparser.py)
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserverparser.py (rev 0)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/servertoserverparser.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -0,0 +1,158 @@
+##
+# Copyright (c) 2006-2007 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: Cyrus Daboo, cdaboo at apple.com
+##
+
+
+"""
+XML based server-to-server configuration file handling.
+"""
+
+__all__ = [
+ "ServerToServerParser",
+ "ServerToServerRecord",
+]
+
+import xml.dom.minidom
+
+ELEMENT_SERVERS = "servers"
+ELEMENT_SERVER = "server"
+ELEMENT_URI = "uri"
+ELEMENT_ALLOW_REQUESTS_FROM = "allow-requests-from"
+ELEMENT_ALLOW_REQUESTS_TO = "allow-requests-to"
+ELEMENT_DOMAINS = "domains"
+ELEMENT_DOMAIN = "domain"
+ELEMENT_AUTHENTICATION = "authentication"
+ATTRIBUTE_TYPE = "type"
+ATTRIBUTE_BASICAUTH = "basic"
+ELEMENT_USER = "user"
+ELEMENT_PASSWORD = "password"
+
+class ServerToServerParser(object):
+ """
+ Server-to-server configuration file parser.
+ """
+ def __repr__(self):
+ return "<%s %r>" % (self.__class__.__name__, self.xmlFile)
+
+ def __init__(self, xmlFile):
+
+ self.servers = []
+
+ # Read in XML
+ fd = open(xmlFile.path, "r")
+ doc = xml.dom.minidom.parse(fd)
+ fd.close()
+
+ # Verify that top-level element is correct
+ servers_node = doc._get_documentElement()
+ if servers_node._get_localName() != ELEMENT_SERVERS:
+ self.log("Ignoring file %r because it is not a server-to-server config file" % (self.xmlFile,))
+ return
+ self._parseXML(servers_node)
+
+ def _parseXML(self, node):
+ """
+ Parse the XML root node from the server-to-server configuration document.
+ @param node: the L{Node} to parse.
+ """
+
+ for child in node._get_childNodes():
+ child_name = child._get_localName()
+ if child_name is None:
+ continue
+ elif child_name == ELEMENT_SERVER:
+ self.servers.append(ServerToServerRecord())
+ self.servers[-1].parseXML(child)
+
+class ServerToServerRecord (object):
+ """
+ Contains server-to-server details.
+ """
+ def __init__(self):
+ """
+ @param recordType: record type for directory entry.
+ """
+ self.uri = ""
+ self.allow_from = False
+ self.allow_to = True
+ self.domains = []
+ self.authentication = None
+
+ def parseXML(self, node):
+ for child in node._get_childNodes():
+ child_name = child._get_localName()
+ if child_name is None:
+ continue
+ elif child_name == ELEMENT_URI:
+ if child.firstChild is not None:
+ self.uri = child.firstChild.data.encode("utf-8")
+ elif child_name == ELEMENT_ALLOW_REQUESTS_FROM:
+ self.allow_from = True
+ elif child_name == ELEMENT_ALLOW_REQUESTS_TO:
+ self.allow_to = True
+ elif child_name == ELEMENT_DOMAINS:
+ self._parseDomains(child)
+ elif child_name == ELEMENT_AUTHENTICATION:
+ self._parseAuthentication(child)
+ else:
+ raise RuntimeError("[%s] Unknown attribute: %s" % (self.__class__, child_name,))
+
+ self._parseDetails()
+
+ def _parseDomains(self, node):
+ for child in node._get_childNodes():
+ if child._get_localName() == ELEMENT_DOMAIN:
+ if child.firstChild is not None:
+ self.domains.append(child.firstChild.data.encode("utf-8"))
+
+ def _parseAuthentication(self, node):
+ if node.hasAttribute(ATTRIBUTE_TYPE):
+ type = node.getAttribute(ATTRIBUTE_TYPE).encode("utf-8")
+ if type != ATTRIBUTE_BASICAUTH:
+ return
+ else:
+ return
+
+ for child in node._get_childNodes():
+ if child._get_localName() == ELEMENT_USER:
+ if child.firstChild is not None:
+ user = child.firstChild.data.encode("utf-8")
+ elif child._get_localName() == ELEMENT_PASSWORD:
+ if child.firstChild is not None:
+ password = child.firstChild.data.encode("utf-8")
+
+ self.authentication = ("basic", user, password,)
+
+ def _parseDetails(self):
+ # Extract scheme, host, port and path
+ if self.uri.startswith("http://"):
+ self.ssl = False
+ rest = self.uri[7:]
+ elif self.uri.startswith("https://"):
+ self.ssl = True
+ rest = self.uri[8:]
+
+ splits = rest.split("/", 1)
+ hostport = splits[0].split(":")
+ self.host = hostport[0]
+ if len(hostport) > 1:
+ self.port = int(hostport[1])
+ else:
+ self.port = {False:80, True:443}[self.ssl]
+ self.path = "/"
+ if len(splits) > 1:
+ self.path += splits[1]
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/static.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/static.py 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/static.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -56,14 +56,14 @@
from twistedcaldav import customxml
from twistedcaldav.caldavxml import caldav_namespace
from twistedcaldav.config import config
-from twistedcaldav.directory.directory import DirectoryService
from twistedcaldav.extensions import DAVFile
+from twistedcaldav.freebusyurl import FreeBusyURLResource
from twistedcaldav.ical import Component as iComponent
from twistedcaldav.ical import Property as iProperty
from twistedcaldav.index import Index, IndexSchedule
from twistedcaldav.notifications import NotificationsCollectionResource, NotificationResource
from twistedcaldav.resource import CalDAVResource, isCalendarCollectionResource, isPseudoCalendarCollectionResource
-from twistedcaldav.schedule import ScheduleInboxResource, ScheduleOutboxResource
+from twistedcaldav.schedule import ScheduleInboxResource, ScheduleOutboxResource, ScheduleServerToServerResource
from twistedcaldav.dropbox import DropBoxHomeResource, DropBoxCollectionResource, DropBoxChildResource
from twistedcaldav.directory.calendar import DirectoryCalendarHomeProvisioningResource
from twistedcaldav.directory.calendar import DirectoryCalendarHomeTypeProvisioningResource
@@ -504,12 +504,17 @@
NotificationsCollectionFileClass = NotificationsCollectionFile
else:
NotificationsCollectionFileClass = None
+ if config.FreeBusyURL["Enabled"]:
+ FreeBusyURLFileClass = FreeBusyURLFile
+ else:
+ FreeBusyURLFileClass = None
cls = {
"inbox" : ScheduleInboxFile,
"outbox" : ScheduleOutboxFile,
"dropbox" : DropBoxHomeFileClass,
"notifications": NotificationsCollectionFileClass,
+ "freebusy" : FreeBusyURLFileClass,
}.get(name, None)
if cls is not None:
@@ -607,6 +612,80 @@
def __repr__(self):
return "<%s (calendar outbox collection): %s>" % (self.__class__.__name__, self.fp.path)
+class ServerToServerInboxFile (ScheduleServerToServerResource, CalDAVFile):
+ """
+ Server-to-server scheduling inbox resource.
+ """
+ def __init__(self, path, parent):
+ CalDAVFile.__init__(self, path, principalCollections=parent.principalCollections())
+ ScheduleServerToServerResource.__init__(self, parent)
+
+ self.fp.open("w").close()
+ self.fp.restat(False)
+
+ def __repr__(self):
+ return "<%s (server-to-server inbox resource): %s>" % (self.__class__.__name__, self.fp.path)
+
+ def isCollection(self):
+ return False
+
+ def createSimilarFile(self, path):
+ if path == self.fp.path:
+ return self
+ else:
+ return responsecode.NOT_FOUND
+
+ def http_PUT (self, request): return responsecode.FORBIDDEN
+ def http_COPY (self, request): return responsecode.FORBIDDEN
+ def http_MOVE (self, request): return responsecode.FORBIDDEN
+ def http_DELETE (self, request): return responsecode.FORBIDDEN
+ def http_MKCOL (self, request): return responsecode.FORBIDDEN
+
+ def http_MKCALENDAR(self, request):
+ return ErrorResponse(
+ responsecode.FORBIDDEN,
+ (caldav_namespace, "calendar-collection-location-ok")
+ )
+
+class FreeBusyURLFile (AutoProvisioningFileMixIn, FreeBusyURLResource, CalDAVFile):
+ """
+ Free-busy URL resource.
+ """
+ def __init__(self, path, parent):
+ CalDAVFile.__init__(self, path, principalCollections=parent.principalCollections())
+ FreeBusyURLResource.__init__(self, parent)
+
+ def __repr__(self):
+ return "<%s (free-busy URL resource): %s>" % (self.__class__.__name__, self.fp.path)
+
+ def isCollection(self):
+ return False
+
+ def createSimilarFile(self, path):
+ if path == self.fp.path:
+ return self
+ else:
+ return responsecode.NOT_FOUND
+
+ def http_PUT (self, request): return responsecode.FORBIDDEN
+ def http_COPY (self, request): return responsecode.FORBIDDEN
+ def http_MOVE (self, request): return responsecode.FORBIDDEN
+ def http_DELETE (self, request): return responsecode.FORBIDDEN
+ def http_MKCOL (self, request): return responsecode.FORBIDDEN
+
+ def http_MKCALENDAR(self, request):
+ return ErrorResponse(
+ responsecode.FORBIDDEN,
+ (caldav_namespace, "calendar-collection-location-ok")
+ )
+
+ ##
+ # ACL
+ ##
+
+ def supportedPrivileges(self, request):
+ return succeed(schedulePrivilegeSet)
+
class DropBoxHomeFile (AutoProvisioningFileMixIn, DropBoxHomeResource, CalDAVFile):
def __init__(self, path, parent):
DropBoxHomeResource.__init__(self)
Modified: CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/tap.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/tap.py 2007-10-05 01:27:58 UTC (rev 1944)
+++ CalendarServer/branches/users/cdaboo/server2server-1941/twistedcaldav/tap.py 2007-10-05 01:35:40 UTC (rev 1945)
@@ -52,6 +52,7 @@
from twistedcaldav import pdmonster
from twistedcaldav.static import CalendarHomeProvisioningFile
+from twistedcaldav.static import ServerToServerInboxFile
try:
from twistedcaldav.authkerb import NegotiateCredentialFactory
@@ -239,7 +240,7 @@
def checkDirectory(self, dirpath, description, access=None, fail=False, permissions=None, uname=None, gname=None, create=None):
if not os.path.exists(dirpath):
if create is not None:
- # create is a tuple of (mode, username, groupname)
+ # create is a tuple of (mode, username, groupname)
try:
os.mkdir(dirpath)
os.chmod(dirpath, create[0])
@@ -341,9 +342,10 @@
# default resource classes
#
- rootResourceClass = RootResource
- principalResourceClass = DirectoryPrincipalProvisioningResource
- calendarResourceClass = CalendarHomeProvisioningFile
+ rootResourceClass = RootResource
+ principalResourceClass = DirectoryPrincipalProvisioningResource
+ calendarResourceClass = CalendarHomeProvisioningFile
+ servertoserverResourceClass = ServerToServerInboxFile
def makeService_Slave(self, options):
#
@@ -413,6 +415,15 @@
root.putChild('principals', principalCollection)
root.putChild('calendars', calendarCollection)
+ if config.ServerToServer["Enabled"]:
+ log.msg("Setting up server-to-server resource: %r" % (self.servertoserverResourceClass,))
+
+ servertoserver = self.servertoserverResourceClass(
+ os.path.join(config.DocumentRoot, 'inbox'),
+ root,
+ )
+ root.putChild('inbox', servertoserver)
+
# Configure default ACLs on the root resource
log.msg("Setting up default ACEs on root resource")
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20071004/73796a1f/attachment.html
More information about the calendarserver-changes
mailing list