[CalendarServer-changes] [2124] CalendarServer/branches/users/cdaboo/server2server-2113

source_changes at macosforge.org source_changes at macosforge.org
Mon Feb 4 16:28:29 PST 2008


Revision: 2124
          http://trac.macosforge.org/projects/calendarserver/changeset/2124
Author:   cdaboo at apple.com
Date:     2008-02-04 16:27:26 -0800 (Mon, 04 Feb 2008)

Log Message:
-----------
Provide a whitelist of ip/hosts that are allowed to connect to deliver realtime scheduling messages.

Modified Paths:
--------------
    CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml
    CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd
    CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py
    CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py

Modified: CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml	2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml	2008-02-05 00:27:26 UTC (rev 2124)
@@ -26,5 +26,8 @@
     <domains>
     	<domain>example.org</domain>
     </domains>
+    <client-hosts>
+    	<host>127.0.0.1</host>
+    </client-hosts>
   </server>
 </servers>

Modified: CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd	2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd	2008-02-05 00:27:26 UTC (rev 2124)
@@ -18,7 +18,7 @@
 
 <!ELEMENT servers (server*) >
 
-	<!ELEMENT server (uri, authentication?, allow-requests-from, allow-requests-to, domains*) >
+	<!ELEMENT server (uri, authentication?, allow-requests-from, allow-requests-to, domains?, client-hosts?) >
 
 		<!ELEMENT uri (#PCDATA) >
 		<!ELEMENT authentication (user, password) >
@@ -29,5 +29,7 @@
 		<!ELEMENT allow-requests-from EMPTY >
 		<!ELEMENT allow-requests-to EMPTY >
 		<!ELEMENT domains (domain*) >
-
 			<!ELEMENT domain (#PCDATA) >
+		<!ELEMENT client-hosts (host*) >
+			<!ELEMENT host (#PCDATA) >
+			
\ No newline at end of file

Modified: CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py	2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py	2008-02-05 00:27:26 UTC (rev 2124)
@@ -756,11 +756,12 @@
             clientip = self.request.remoteAddr.host
             
             # First compare as dotted IP
-            if clientip != server.host:
+            compare_with = (server.host,) + tuple(server.client_hosts)
+            if clientip in compare_with:
                 # Now do hostname lookup
                 host, aliases, _ignore_ips = socket.gethostbyaddr(clientip)
                 for host in itertools.chain((host,), aliases):
-                    if host == server.host:
+                    if host in compare_with:
                         break
                 else:
                     logging.err("Originator not on allowed server: %s" % (self.originator,), system=self.logsystem)

Modified: CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py	2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py	2008-02-05 00:27:26 UTC (rev 2124)
@@ -29,15 +29,17 @@
 ELEMENT_SERVERS                 = "servers"
 ELEMENT_SERVER                  = "server"
 ELEMENT_URI                     = "uri"
-ELEMENT_ALLOW_REQUESTS_FROM     = "allow-requests-from"
-ELEMENT_ALLOW_REQUESTS_TO       = "allow-requests-to"
-ELEMENT_DOMAINS                 = "domains"
-ELEMENT_DOMAIN                  = "domain"
 ELEMENT_AUTHENTICATION          = "authentication"
 ATTRIBUTE_TYPE                  = "type"
 ATTRIBUTE_BASICAUTH             = "basic"
 ELEMENT_USER                    = "user"
 ELEMENT_PASSWORD                = "password"
+ELEMENT_ALLOW_REQUESTS_FROM     = "allow-requests-from"
+ELEMENT_ALLOW_REQUESTS_TO       = "allow-requests-to"
+ELEMENT_DOMAINS                 = "domains"
+ELEMENT_DOMAIN                  = "domain"
+ELEMENT_CLIENT_HOSTS            = "hosts"
+ELEMENT_HOST                    = "host"
 
 class ServerToServerParser(object):
     """
@@ -85,10 +87,11 @@
         @param recordType: record type for directory entry.
         """
         self.uri = ""
+        self.authentication = None
         self.allow_from = False
         self.allow_to = True
         self.domains = []
-        self.authentication = None
+        self.client_hosts = []
 
     def parseXML(self, node):
         for child in node._get_childNodes():
@@ -98,24 +101,26 @@
             elif child_name == ELEMENT_URI:
                 if child.firstChild is not None:
                     self.uri = child.firstChild.data.encode("utf-8")
+            elif child_name == ELEMENT_AUTHENTICATION:
+                self._parseAuthentication(child)
             elif child_name == ELEMENT_ALLOW_REQUESTS_FROM:
                 self.allow_from = True
             elif child_name == ELEMENT_ALLOW_REQUESTS_TO:
                 self.allow_to = True
             elif child_name == ELEMENT_DOMAINS:
-                self._parseDomains(child)
-            elif child_name == ELEMENT_AUTHENTICATION:
-                self._parseAuthentication(child)
+                self._parseList(child, ELEMENT_DOMAIN, self.domains)
+            elif child_name == ELEMENT_CLIENT_HOSTS:
+                self._parseList(child, ELEMENT_HOST, self.client_hosts)
             else:
                 raise RuntimeError("[%s] Unknown attribute: %s" % (self.__class__, child_name,))
         
         self._parseDetails()
 
-    def _parseDomains(self, node):
+    def _parseList(self, node, element_name, appendto):
         for child in node._get_childNodes():
-            if child._get_localName() == ELEMENT_DOMAIN:
+            if child._get_localName() == node:
                 if child.firstChild is not None:
-                    self.domains.append(child.firstChild.data.encode("utf-8"))
+                    appendto.append(child.firstChild.data.encode("utf-8"))
 
     def _parseAuthentication(self, node):
         if node.hasAttribute(ATTRIBUTE_TYPE):

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080204/2e965cd3/attachment.html


More information about the calendarserver-changes mailing list