[CalendarServer-changes] [2767] CalendarServer/branches/users/sagen/xmpp-2764
source_changes at macosforge.org
source_changes at macosforge.org
Fri Aug 1 13:47:48 PDT 2008
Revision: 2767
http://trac.macosforge.org/projects/calendarserver/changeset/2767
Author: sagen at apple.com
Date: 2008-08-01 13:47:47 -0700 (Fri, 01 Aug 2008)
Log Message:
-----------
Removing TestJID and adding AllowedJIDs for locking down who is allowed to converse with the server.
Also adding <plistfrag> payloads.
Modified Paths:
--------------
CalendarServer/branches/users/sagen/xmpp-2764/conf/caldavd-test.plist
CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/config.py
CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/notify.py
Modified: CalendarServer/branches/users/sagen/xmpp-2764/conf/caldavd-test.plist
===================================================================
--- CalendarServer/branches/users/sagen/xmpp-2764/conf/caldavd-test.plist 2008-08-01 02:34:24 UTC (rev 2766)
+++ CalendarServer/branches/users/sagen/xmpp-2764/conf/caldavd-test.plist 2008-08-01 20:47:47 UTC (rev 2767)
@@ -460,9 +460,11 @@
<key>KeepAliveSeconds</key>
<integer>120</integer>
- <!-- Sends messages to this account for debugging -->
- <key>TestJID</key>
- <string></string>
+ <!-- List of regular expressions defining which XMPP JIDs can converse with the server -->
+ <key>AllowedJIDs</key>
+ <array>
+ <string>.*.apple.com</string>
+ </array>
</dict>
</array>
</dict>
Modified: CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/config.py
===================================================================
--- CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/config.py 2008-08-01 02:34:24 UTC (rev 2766)
+++ CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/config.py 2008-08-01 20:47:47 UTC (rev 2767)
@@ -199,7 +199,7 @@
"Password" : "",
"ServiceAddress" : "", # "pubsub.xmpp.host.name"
"KeepAliveSeconds" : 120,
- "TestJID": "",
+ "AllowedJIDs": [],
},
]
},
@@ -482,7 +482,7 @@
service["Enabled"]
):
for key, value in service.iteritems():
- if not value and key not in ("TestJID"):
+ if not value and key not in ("AllowedJIDs"):
raise ConfigurationError("Invalid %s for XMPPNotifierService: %r"
% (key, value))
Modified: CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/notify.py
===================================================================
--- CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/notify.py 2008-08-01 02:34:24 UTC (rev 2766)
+++ CalendarServer/branches/users/sagen/xmpp-2764/twistedcaldav/notify.py 2008-08-01 20:47:47 UTC (rev 2767)
@@ -49,6 +49,7 @@
from twistedcaldav.log import LoggingMixIn
from twistedcaldav.config import config, parseConfig, defaultConfig
from zope.interface import Interface, implements
+import re
__all__ = [
"Coalescer",
@@ -467,7 +468,7 @@
pubsubNS = 'http://jabber.org/protocol/pubsub'
nodeConf = {
- 'pubsub#deliver_payloads': '0',
+ 'pubsub#deliver_payloads': '1',
'pubsub#persist_items' : '0',
}
@@ -496,10 +497,9 @@
pubsubElement = iq.addElement('pubsub', defaultUri=self.pubsubNS)
publishElement = pubsubElement.addElement('publish')
publishElement['node'] = nodeName
- # itemElement = publishElement.addElement('item')
- # payloadElement = itemElement.addElement('item')
- # payloadElement['id'] = '0'
- # payloadElement.addContent('xyzzy')
+ itemElement = publishElement.addElement('item')
+ payloadElement = itemElement.addElement('plistfrag',
+ defaultUri='plist-apple')
self.sendDebug("Publishing (%s)" % (nodeName,), iq)
iq.addCallback(self.responseFromPublish, nodeName)
iq.send(to=self.settings['ServiceAddress'])
@@ -624,12 +624,24 @@
rosterIq.addCallback(self.handleRoster)
rosterIq.send()
+ def allowedInRoster(self, jid):
+ for pattern in self.settings.get("AllowedJIDs", []):
+ try:
+ if re.match(pattern, jid) is not None:
+ return True
+ except re.error:
+ self.log_error("Invalid regular expression for XMPP notification configuration: %s" % (pattern,))
+ return False
+
def handleRoster(self, iq):
for child in iq.children[0].children:
jid = child['jid']
- self.log_info("In roster: %s" % (jid,))
- if not self.roster.has_key(jid):
- self.roster[jid] = { 'debug' : False, 'available' : False }
+ if self.allowedInRoster(jid):
+ self.log_info("In roster: %s" % (jid,))
+ if not self.roster.has_key(jid):
+ self.roster[jid] = { 'debug' : False, 'available' : False }
+ else:
+ self.log_info("JID not allowed in roster: %s" % (jid,))
def handlePresence(self, iq):
self.log_info("Presence IQ: %s" %
@@ -638,17 +650,25 @@
if presenceType == 'subscribe':
frm = JID(iq['from']).userhost()
- self.roster[frm] = { 'debug' : False, 'available' : True }
- response = domish.Element(('jabber:client', 'presence'))
- response['to'] = iq['from']
- response['type'] = 'subscribed'
- self.xmlStream.send(response)
+ if self.allowedInRoster(frm):
+ self.roster[frm] = { 'debug' : False, 'available' : True }
+ response = domish.Element(('jabber:client', 'presence'))
+ response['to'] = iq['from']
+ response['type'] = 'subscribed'
+ self.xmlStream.send(response)
- # request subscription as well
- subscribe = domish.Element(('jabber:client', 'presence'))
- subscribe['to'] = iq['from']
- subscribe['type'] = 'subscribe'
- self.xmlStream.send(subscribe)
+ # request subscription as well
+ subscribe = domish.Element(('jabber:client', 'presence'))
+ subscribe['to'] = iq['from']
+ subscribe['type'] = 'subscribe'
+ self.xmlStream.send(subscribe)
+ else:
+ self.log_info("JID not allowed in roster: %s" % (frm,))
+ # Reject
+ response = domish.Element(('jabber:client', 'presence'))
+ response['to'] = iq['from']
+ response['type'] = 'unsubscribed'
+ self.xmlStream.send(response)
elif presenceType == 'unsubscribe':
frm = JID(iq['from']).userhost()
@@ -674,10 +694,13 @@
else:
frm = JID(iq['from']).userhost()
- if self.roster.has_key(frm):
- self.roster[frm]['available'] = True
+ if self.allowedInRoster(frm):
+ if self.roster.has_key(frm):
+ self.roster[frm]['available'] = True
+ else:
+ self.roster[frm] = { 'debug' : False, 'available' : True }
else:
- self.roster[frm] = { 'debug' : False, 'available' : True }
+ self.log_info("JID not allowed in roster: %s" % (frm,))
def streamOpened(self, xmlStream):
self.xmlStream = xmlStream
@@ -713,19 +736,22 @@
if body:
response = None
frm = JID(iq['from']).userhost()
- txt = str(body).lower()
- if txt == "help":
- response = "debug on, debug off"
- elif txt == "roster":
- response = "Roster: %s" % (str(self.roster),)
- elif txt == "debug on":
- self.roster[frm]['debug'] = True
- response = "Debugging on"
- elif txt == "debug off":
- self.roster[frm]['debug'] = False
- response = "Debugging off"
+ if frm in self.roster:
+ txt = str(body).lower()
+ if txt == "help":
+ response = "debug on, debug off, roster"
+ elif txt == "roster":
+ response = "Roster: %s" % (str(self.roster),)
+ elif txt == "debug on":
+ self.roster[frm]['debug'] = True
+ response = "Debugging on"
+ elif txt == "debug off":
+ self.roster[frm]['debug'] = False
+ response = "Debugging off"
+ else:
+ response = "I don't understand. Try 'help'."
else:
- response = "I don't understand. Try 'help'."
+ response = "Sorry, you are not authorized to converse with this server"
if response:
message = domish.Element(('jabber:client', 'message'))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080801/ac396cf5/attachment.html
More information about the calendarserver-changes
mailing list