[CalendarServer-changes] [3535] CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource. patch
source_changes at macosforge.org
source_changes at macosforge.org
Mon Dec 15 15:22:18 PST 2008
Revision: 3535
http://trac.macosforge.org/projects/calendarserver/changeset/3535
Author: sagen at apple.com
Date: 2008-12-15 15:22:16 -0800 (Mon, 15 Dec 2008)
Log Message:
-----------
Instead of returning a 403 when the client uses an unsupported auth method, return a 401 so they client tries to authenticate again.
Modified Paths:
--------------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2008-12-15 21:49:54 UTC (rev 3534)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2008-12-15 23:22:16 UTC (rev 3535)
@@ -321,7 +321,17 @@
authHeader = request.headers.getHeader('authorization')
-@@ -627,27 +700,23 @@
+@@ -623,31 +696,32 @@
+ if authHeader[0] not in request.credentialFactories:
+ log.err("Client authentication scheme %s is not provided by server %s"
+ % (authHeader[0], request.credentialFactories.keys()))
+- raise HTTPError(responsecode.FORBIDDEN)
++
++ response = (yield UnauthorizedResponse.makeResponse(
++ request.credentialFactories,
++ request.remoteAddr
++ ))
++ raise HTTPError(response)
else:
factory = request.credentialFactories[authHeader[0]]
@@ -361,7 +371,7 @@
##
# ACL
-@@ -656,49 +725,23 @@
+@@ -656,49 +730,23 @@
def currentPrincipal(self, request):
"""
@param request: the request being processed.
@@ -420,7 +430,7 @@
"""
@return: the L{davxml.ACL} element containing the default access control
list for this resource.
-@@ -710,6 +753,17 @@
+@@ -710,6 +758,17 @@
#
return readonlyACL
@@ -438,7 +448,7 @@
def setAccessControlList(self, acl):
"""
See L{IDAVResource.setAccessControlList}.
-@@ -748,13 +802,16 @@
+@@ -748,13 +807,16 @@
# 10. Verify that new acl is not in conflict with itself
# 11. Update acl on the resource
@@ -456,7 +466,7 @@
# Need to get list of supported privileges
supported = []
-@@ -773,10 +830,7 @@
+@@ -773,10 +835,7 @@
yield supportedPrivs
supportedPrivs = supportedPrivs.getResult()
for item in supportedPrivs.children:
@@ -468,7 +478,7 @@
addSupportedPrivilege(item)
# Steps 1 - 6
-@@ -910,8 +964,7 @@
+@@ -910,8 +969,7 @@
supportedPrivs = supportedPrivs.getResult()
# Other principals types don't make sense as actors.
@@ -478,7 +488,7 @@
"Principal is not an actor: %r" % (principal,)
)
-@@ -1019,15 +1072,16 @@
+@@ -1019,15 +1077,16 @@
def getMyURL():
url = request.urlForResource(self)
@@ -498,7 +508,7 @@
"Expected %s response from readDeadProperty() exception, not %s"
% (responsecode.NOT_FOUND, e.response.code)
)
-@@ -1038,9 +1092,9 @@
+@@ -1038,9 +1097,9 @@
if myURL == "/":
# If we get to the root without any ACLs, then use the default.
@@ -510,7 +520,7 @@
# Dynamically update privileges for those ace's that are inherited.
if inheritance:
-@@ -1076,7 +1130,7 @@
+@@ -1076,7 +1135,7 @@
# Adjust ACE for inherit on this resource
children = list(ace.children)
children.remove(TwistedACLInheritable())
@@ -519,7 +529,7 @@
aces.append(davxml.ACE(*children))
else:
aces.extend(inherited_aces)
-@@ -1105,8 +1159,7 @@
+@@ -1105,8 +1164,7 @@
the child resource loop and supply those to the checkPrivileges on each child.
@param request: the L{IRequest} for the request in progress.
@@ -529,7 +539,7 @@
"""
# Get the parent ACLs with inheritance and preserve the <inheritable> element.
-@@ -1128,21 +1181,9 @@
+@@ -1128,21 +1186,9 @@
# Adjust ACE for inherit on this resource
children = list(ace.children)
children.remove(TwistedACLInheritable())
@@ -553,7 +563,7 @@
inheritedACEsforChildren = deferredGenerator(inheritedACEsforChildren)
-@@ -1152,49 +1193,69 @@
+@@ -1152,49 +1198,69 @@
This implementation returns an empty set.
"""
@@ -651,7 +661,7 @@
def samePrincipal(self, principal1, principal2):
"""
Check whether the two prinicpals are exactly the same in terms of
-@@ -1219,7 +1280,6 @@
+@@ -1219,7 +1285,6 @@
return False
def matchPrincipal(self, principal1, principal2, request):
@@ -659,7 +669,7 @@
"""
Check whether the principal1 is a principal in the set defined by
principal2.
-@@ -1244,6 +1304,9 @@
+@@ -1244,6 +1309,9 @@
if isinstance(principal1, davxml.Unauthenticated):
yield False
return
@@ -669,7 +679,7 @@
else:
yield True
return
-@@ -1260,10 +1323,7 @@
+@@ -1260,10 +1328,7 @@
yield False
return
@@ -681,7 +691,7 @@
principal2 = waitForDeferred(self.resolvePrincipal(principal2, request))
yield principal2
-@@ -1271,7 +1331,6 @@
+@@ -1271,7 +1336,6 @@
assert principal2 is not None, "principal2 is None"
@@ -689,7 +699,7 @@
# Compare two HRefs and do group membership test as well
if principal1 == principal2:
yield True
-@@ -1289,6 +1348,7 @@
+@@ -1289,6 +1353,7 @@
matchPrincipal = deferredGenerator(matchPrincipal)
@@ -697,7 +707,7 @@
def principalIsGroupMember(self, principal1, principal2, request):
"""
Check whether one principal is a group member of another.
-@@ -1299,18 +1359,21 @@
+@@ -1299,18 +1364,21 @@
@return: L{Deferred} with result C{True} if principal1 is a member of principal2, C{False} otherwise
"""
@@ -730,7 +740,7 @@
def validPrincipal(self, ace_principal, request):
"""
-@@ -1351,11 +1414,16 @@
+@@ -1351,11 +1419,16 @@
@return C{True} if C{href_principal} is valid, C{False} otherwise.
This implementation tests for a href element that corresponds to
@@ -750,7 +760,7 @@
return d
def resolvePrincipal(self, principal, request):
-@@ -1404,8 +1472,7 @@
+@@ -1404,8 +1477,7 @@
try:
principal = principal.getResult()
except HTTPError, e:
@@ -760,7 +770,7 @@
"Expected %s response from readProperty() exception, not %s"
% (responsecode.NOT_FOUND, e.response.code)
)
-@@ -1432,15 +1499,15 @@
+@@ -1432,15 +1504,15 @@
log.err("DAV:self ACE is set on non-principal resource %r" % (self,))
yield None
return
@@ -779,7 +789,7 @@
"Not a meta-principal: %r" % (principal,)
)
-@@ -1517,6 +1584,270 @@
+@@ -1517,6 +1589,270 @@
return None
##
@@ -1050,7 +1060,7 @@
# HTTP
##
-@@ -1525,15 +1856,11 @@
+@@ -1525,15 +1861,11 @@
#litmus = request.headers.getRawHeaders("x-litmus")
#if litmus: log.msg("*** Litmus test: %s ***" % (litmus,))
@@ -1068,7 +1078,7 @@
def setHeaders(response):
response = IResponse(response)
-@@ -1567,7 +1894,7 @@
+@@ -1567,7 +1899,7 @@
def findChildren(self, depth, request, callback, privileges=None, inherited_aces=None):
return succeed(None)
@@ -1077,7 +1087,7 @@
"""
Resource representing a WebDAV principal. (RFC 3744, section 2)
"""
-@@ -1577,7 +1904,7 @@
+@@ -1577,7 +1909,7 @@
# WebDAV
##
@@ -1086,7 +1096,7 @@
(dav_namespace, "alternate-URI-set"),
(dav_namespace, "principal-URL" ),
(dav_namespace, "group-member-set" ),
-@@ -1585,14 +1912,11 @@
+@@ -1585,14 +1917,11 @@
)
def davComplianceClasses(self):
@@ -1102,7 +1112,7 @@
def readProperty(self, property, request):
def defer():
if type(property) is tuple:
-@@ -1610,10 +1934,20 @@
+@@ -1610,10 +1939,20 @@
return davxml.PrincipalURL(davxml.HRef(self.principalURL()))
if name == "group-member-set":
@@ -1125,7 +1135,7 @@
if name == "resourcetype":
if self.isCollection():
-@@ -1655,7 +1989,7 @@
+@@ -1655,7 +1994,7 @@
principals. Subclasses should override this method to provide member
URLs for this resource if appropriate.
"""
@@ -1134,7 +1144,7 @@
def groupMemberships(self):
"""
-@@ -1666,6 +2000,7 @@
+@@ -1666,6 +2005,7 @@
"""
unimplemented(self)
@@ -1142,7 +1152,7 @@
def principalMatch(self, href):
"""
Check whether the supplied principal matches this principal or is a
-@@ -1675,10 +2010,33 @@
+@@ -1675,10 +2015,33 @@
"""
uri = str(href)
if self.principalURL() == uri:
@@ -1178,7 +1188,7 @@
class AccessDeniedError(Exception):
def __init__(self, errors):
"""
-@@ -1718,6 +2076,37 @@
+@@ -1718,6 +2081,37 @@
davxml.registerElement(TwistedACLInheritable)
davxml.ACE.allowed_children[(twisted_dav_namespace, "inheritable")] = (0, 1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081215/bf20f288/attachment-0001.html>
More information about the calendarserver-changes
mailing list