[CalendarServer-changes] [4111] CalDAVClientLibrary/trunk/src
source_changes at macosforge.org
source_changes at macosforge.org
Wed Apr 29 10:43:31 PDT 2009
Revision: 4111
http://trac.macosforge.org/projects/calendarserver/changeset/4111
Author: wsanchez at apple.com
Date: 2009-04-29 10:43:31 -0700 (Wed, 29 Apr 2009)
Log Message:
-----------
Enable Kerberos authentication in CalDAVClientLibrary.
Contributed by rziai at sfs.uni-tuebingen.de
Fixes #334
Modified Paths:
--------------
CalDAVClientLibrary/trunk/src/client/clientsession.py
Added Paths:
-----------
CalDAVClientLibrary/trunk/src/protocol/http/authentication/gssapi.py
Modified: CalDAVClientLibrary/trunk/src/client/clientsession.py
===================================================================
--- CalDAVClientLibrary/trunk/src/client/clientsession.py 2009-04-29 16:55:32 UTC (rev 4110)
+++ CalDAVClientLibrary/trunk/src/client/clientsession.py 2009-04-29 17:43:31 UTC (rev 4111)
@@ -25,6 +25,7 @@
from protocol.webdav.principalmatch import PrincipalMatch
from protocol.http.authentication.basic import Basic
from protocol.http.authentication.digest import Digest
+from protocol.http.authentication.gssapi import Kerberos
from protocol.webdav.proppatch import PropPatch
from xml.etree.ElementTree import Element
from protocol.webdav.get import Get
@@ -664,6 +665,8 @@
return Basic(self.user, self.pswd), False
elif item.lower().startswith("digest"):
return Digest(self.user, self.pswd, wwwhdrs), False
+ elif item.lower().startswith("negotiate"):
+ return Kerberos(self.user), False
else:
return None, True
Added: CalDAVClientLibrary/trunk/src/protocol/http/authentication/gssapi.py
===================================================================
--- CalDAVClientLibrary/trunk/src/protocol/http/authentication/gssapi.py (rev 0)
+++ CalDAVClientLibrary/trunk/src/protocol/http/authentication/gssapi.py 2009-04-29 17:43:31 UTC (rev 4111)
@@ -0,0 +1,112 @@
+# Copyright (c) 2006-2007 Apple Inc. All rights reserved.
+# Copyright (c) 2008 Lime Nest LLC
+# Copyright (c) 2008 Lime Spot LLC
+# Copyright (c) 2009 Ramon Ziai
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+'''
+Parts of the following are inspired by urllib2_kerberos,
+which is also under the Apache 2.0 License,
+see http://limedav.com/hg/urllib2_kerberos
+'''
+
+from protocol.http.authentication.authenticator import Authenticator
+from protocol.http.definitions import headers
+import re
+import kerberos
+
+class Kerberos(Authenticator):
+
+ def __init__(self, user):
+ self.user = user
+ self.context = None
+
+ def addHeaders(self, hdrs, request):
+ neg_value = self.negotiate_value(hdrs)
+ header = self.generate_request_header(request, hdrs, neg_value)
+
+ # Generate header
+ hdrs.append((headers.Authorization, header))
+ self.clean_context()
+
+ def negotiate_value(self, headers):
+ """checks for "Negotiate" in proper auth header
+ taken from urllib2_kerberos, see http://limedav.com/hg/urllib2_kerberos
+ """
+ authreq = None
+ for hdr in headers:
+ if hdr[0].lower == "www-authenticate" and "Negotiate" in hdr[1]:
+ authreq = hdr[1]
+
+ if authreq:
+ rx = re.compile('(?:.*,)*\s*Negotiate\s*([^,]*),?', re.I)
+ mo = rx.search(authreq)
+ if mo:
+ return mo.group(1)
+ else:
+ # regex failed
+ pass
+
+ else:
+ pass
+ # header not found
+
+ return None
+
+ def generate_request_header(self, req, headers, neg_value):
+ """
+ taken from urllib2_kerberos, see http://limedav.com/hg/urllib2_kerberos
+ """
+
+ host = None
+ # assuming that "Host" is one of the headers, which is usually the case
+ for hdr in headers:
+ if hdr[0] == "Host":
+ host = hdr[1]
+
+ tail, sep, head = host.rpartition(':')
+ domain = tail if tail else head
+
+ # do GSS init
+ result, self.context = kerberos.authGSSClientInit("http@%s" % domain)
+
+ if result < 1:
+ # authGSSClientInit returned negative result
+ return None
+
+ # authGSSClientInit() succeeded
+ data = ""
+ if neg_value != None:
+ data = neg_value
+ result = kerberos.authGSSClientStep(self.context, data)
+
+ if result < 0:
+ # authGSSClientStep returned bad result
+ return None
+
+ # authGSSClientStep() succeeded
+
+ response = kerberos.authGSSClientResponse(self.context)
+ # authGSSClientResponse() succeeded
+
+ return "Negotiate %s" % response
+
+ def clean_context(self):
+ """
+ taken from urllib2_kerberos, see http://limedav.com/hg/urllib2_kerberos
+ """
+ if self.context is not None:
+ kerberos.authGSSClientClean(self.context)
+ self.context = None
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090429/74fdf7c7/attachment.html>
More information about the calendarserver-changes
mailing list