[CalendarServer-changes] [3918] CalendarServer/trunk/twistedcaldav/mail.py

source_changes at macosforge.org source_changes at macosforge.org
Wed Mar 25 11:33:53 PDT 2009


Revision: 3918
          http://trac.macosforge.org/projects/calendarserver/changeset/3918
Author:   sagen at apple.com
Date:     2009-03-25 11:33:52 -0700 (Wed, 25 Mar 2009)
Log Message:
-----------
Add an ACL so that only the approved user (config.Scheduling.iMIP.Username) can inject iMIP replies to /inbox/

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/mail.py

Modified: CalendarServer/trunk/twistedcaldav/mail.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/mail.py	2009-03-25 00:02:34 UTC (rev 3917)
+++ CalendarServer/trunk/twistedcaldav/mail.py	2009-03-25 18:33:52 UTC (rev 3918)
@@ -185,6 +185,34 @@
 
         self.parent = parent
 
+    def accessControlList(self, request, inheritance=True,
+        expanding=False, inherited_aces=None):
+
+        if not hasattr(self, "iMIPACL"):
+
+            for principalCollection in self.principalCollections():
+                principal = principalCollection.principalForShortName("users",
+                    config.Scheduling.iMIP.Username)
+                if principal is not None:
+                    break
+            else:
+                log.err("iMIP injection principal not found: %s" %
+                    (config.Scheduling.iMIP.Username,))
+                raise HTTPError(responsecode.FORBIDDEN)
+
+            self.iMIPACL = davxml.ACL(
+                davxml.ACE(
+                    davxml.Principal(
+                        davxml.HRef.fromString(principal.principalURL())
+                    ),
+                    davxml.Grant(
+                        davxml.Privilege(caldavxml.ScheduleDeliver()),
+                    ),
+                ),
+            )
+
+        return succeed(self.iMIPACL)
+
     def resourceType(self):
         return davxml.ResourceType.ischeduleinbox
 
@@ -229,7 +257,7 @@
         """
 
         # Check authentication and access controls
-        # yield self.authorize(request, (caldavxml.ScheduleDeliver(),))
+        yield self.authorize(request, (caldavxml.ScheduleDeliver(),))
 
         # Inject using the IMIPScheduler.
         scheduler = IMIPScheduler(request, self)
@@ -378,6 +406,10 @@
         self.quietLoss = 1
         self.transport.loseConnection()
 
+        if not hasattr(self.factory, "username"):
+            self.factory.deferred.errback(failure.Failure(Unauthorized("Mail gateway not able to process reply; authentication required for calendar server")))
+            return self.factory.deferred
+
         if hasattr(self.factory, "retried"):
             self.factory.deferred.errback(failure.Failure(Unauthorized("Mail gateway not able to process reply; could not authenticate user %s with calendar server" % (self.factory.username,))))
             return self.factory.deferred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090325/ebc08aff/attachment.html>


More information about the calendarserver-changes mailing list