[CalendarServer-changes] [3918] CalendarServer/trunk/twistedcaldav/mail.py
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 25 11:33:53 PDT 2009
Revision: 3918
http://trac.macosforge.org/projects/calendarserver/changeset/3918
Author: sagen at apple.com
Date: 2009-03-25 11:33:52 -0700 (Wed, 25 Mar 2009)
Log Message:
-----------
Add an ACL so that only the approved user (config.Scheduling.iMIP.Username) can inject iMIP replies to /inbox/
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/mail.py
Modified: CalendarServer/trunk/twistedcaldav/mail.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/mail.py 2009-03-25 00:02:34 UTC (rev 3917)
+++ CalendarServer/trunk/twistedcaldav/mail.py 2009-03-25 18:33:52 UTC (rev 3918)
@@ -185,6 +185,34 @@
self.parent = parent
+ def accessControlList(self, request, inheritance=True,
+ expanding=False, inherited_aces=None):
+
+ if not hasattr(self, "iMIPACL"):
+
+ for principalCollection in self.principalCollections():
+ principal = principalCollection.principalForShortName("users",
+ config.Scheduling.iMIP.Username)
+ if principal is not None:
+ break
+ else:
+ log.err("iMIP injection principal not found: %s" %
+ (config.Scheduling.iMIP.Username,))
+ raise HTTPError(responsecode.FORBIDDEN)
+
+ self.iMIPACL = davxml.ACL(
+ davxml.ACE(
+ davxml.Principal(
+ davxml.HRef.fromString(principal.principalURL())
+ ),
+ davxml.Grant(
+ davxml.Privilege(caldavxml.ScheduleDeliver()),
+ ),
+ ),
+ )
+
+ return succeed(self.iMIPACL)
+
def resourceType(self):
return davxml.ResourceType.ischeduleinbox
@@ -229,7 +257,7 @@
"""
# Check authentication and access controls
- # yield self.authorize(request, (caldavxml.ScheduleDeliver(),))
+ yield self.authorize(request, (caldavxml.ScheduleDeliver(),))
# Inject using the IMIPScheduler.
scheduler = IMIPScheduler(request, self)
@@ -378,6 +406,10 @@
self.quietLoss = 1
self.transport.loseConnection()
+ if not hasattr(self.factory, "username"):
+ self.factory.deferred.errback(failure.Failure(Unauthorized("Mail gateway not able to process reply; authentication required for calendar server")))
+ return self.factory.deferred
+
if hasattr(self.factory, "retried"):
self.factory.deferred.errback(failure.Failure(Unauthorized("Mail gateway not able to process reply; could not authenticate user %s with calendar server" % (self.factory.username,))))
return self.factory.deferred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090325/ebc08aff/attachment.html>
More information about the calendarserver-changes
mailing list