[CalendarServer-changes] [2124]
CalendarServer/branches/users/cdaboo/server2server-2113
source_changes at macosforge.org
source_changes at macosforge.org
Mon Feb 4 16:28:29 PST 2008
Revision: 2124
http://trac.macosforge.org/projects/calendarserver/changeset/2124
Author: cdaboo at apple.com
Date: 2008-02-04 16:27:26 -0800 (Mon, 04 Feb 2008)
Log Message:
-----------
Provide a whitelist of ip/hosts that are allowed to connect to deliver realtime scheduling messages.
Modified Paths:
--------------
CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml
CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd
CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py
CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py
Modified: CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml 2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver-test.xml 2008-02-05 00:27:26 UTC (rev 2124)
@@ -26,5 +26,8 @@
<domains>
<domain>example.org</domain>
</domains>
+ <client-hosts>
+ <host>127.0.0.1</host>
+ </client-hosts>
</server>
</servers>
Modified: CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd 2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/conf/servertoserver.dtd 2008-02-05 00:27:26 UTC (rev 2124)
@@ -18,7 +18,7 @@
<!ELEMENT servers (server*) >
- <!ELEMENT server (uri, authentication?, allow-requests-from, allow-requests-to, domains*) >
+ <!ELEMENT server (uri, authentication?, allow-requests-from, allow-requests-to, domains?, client-hosts?) >
<!ELEMENT uri (#PCDATA) >
<!ELEMENT authentication (user, password) >
@@ -29,5 +29,7 @@
<!ELEMENT allow-requests-from EMPTY >
<!ELEMENT allow-requests-to EMPTY >
<!ELEMENT domains (domain*) >
-
<!ELEMENT domain (#PCDATA) >
+ <!ELEMENT client-hosts (host*) >
+ <!ELEMENT host (#PCDATA) >
+
\ No newline at end of file
Modified: CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py 2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/schedule_common.py 2008-02-05 00:27:26 UTC (rev 2124)
@@ -756,11 +756,12 @@
clientip = self.request.remoteAddr.host
# First compare as dotted IP
- if clientip != server.host:
+ compare_with = (server.host,) + tuple(server.client_hosts)
+ if clientip in compare_with:
# Now do hostname lookup
host, aliases, _ignore_ips = socket.gethostbyaddr(clientip)
for host in itertools.chain((host,), aliases):
- if host == server.host:
+ if host in compare_with:
break
else:
logging.err("Originator not on allowed server: %s" % (self.originator,), system=self.logsystem)
Modified: CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py
===================================================================
--- CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py 2008-02-04 23:48:58 UTC (rev 2123)
+++ CalendarServer/branches/users/cdaboo/server2server-2113/twistedcaldav/servertoserverparser.py 2008-02-05 00:27:26 UTC (rev 2124)
@@ -29,15 +29,17 @@
ELEMENT_SERVERS = "servers"
ELEMENT_SERVER = "server"
ELEMENT_URI = "uri"
-ELEMENT_ALLOW_REQUESTS_FROM = "allow-requests-from"
-ELEMENT_ALLOW_REQUESTS_TO = "allow-requests-to"
-ELEMENT_DOMAINS = "domains"
-ELEMENT_DOMAIN = "domain"
ELEMENT_AUTHENTICATION = "authentication"
ATTRIBUTE_TYPE = "type"
ATTRIBUTE_BASICAUTH = "basic"
ELEMENT_USER = "user"
ELEMENT_PASSWORD = "password"
+ELEMENT_ALLOW_REQUESTS_FROM = "allow-requests-from"
+ELEMENT_ALLOW_REQUESTS_TO = "allow-requests-to"
+ELEMENT_DOMAINS = "domains"
+ELEMENT_DOMAIN = "domain"
+ELEMENT_CLIENT_HOSTS = "hosts"
+ELEMENT_HOST = "host"
class ServerToServerParser(object):
"""
@@ -85,10 +87,11 @@
@param recordType: record type for directory entry.
"""
self.uri = ""
+ self.authentication = None
self.allow_from = False
self.allow_to = True
self.domains = []
- self.authentication = None
+ self.client_hosts = []
def parseXML(self, node):
for child in node._get_childNodes():
@@ -98,24 +101,26 @@
elif child_name == ELEMENT_URI:
if child.firstChild is not None:
self.uri = child.firstChild.data.encode("utf-8")
+ elif child_name == ELEMENT_AUTHENTICATION:
+ self._parseAuthentication(child)
elif child_name == ELEMENT_ALLOW_REQUESTS_FROM:
self.allow_from = True
elif child_name == ELEMENT_ALLOW_REQUESTS_TO:
self.allow_to = True
elif child_name == ELEMENT_DOMAINS:
- self._parseDomains(child)
- elif child_name == ELEMENT_AUTHENTICATION:
- self._parseAuthentication(child)
+ self._parseList(child, ELEMENT_DOMAIN, self.domains)
+ elif child_name == ELEMENT_CLIENT_HOSTS:
+ self._parseList(child, ELEMENT_HOST, self.client_hosts)
else:
raise RuntimeError("[%s] Unknown attribute: %s" % (self.__class__, child_name,))
self._parseDetails()
- def _parseDomains(self, node):
+ def _parseList(self, node, element_name, appendto):
for child in node._get_childNodes():
- if child._get_localName() == ELEMENT_DOMAIN:
+ if child._get_localName() == node:
if child.firstChild is not None:
- self.domains.append(child.firstChild.data.encode("utf-8"))
+ appendto.append(child.firstChild.data.encode("utf-8"))
def _parseAuthentication(self, node):
if node.hasAttribute(ATTRIBUTE_TYPE):
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080204/2e965cd3/attachment.html
More information about the calendarserver-changes
mailing list