[CalendarServer-changes] [4158] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Sun May 3 11:44:18 PDT 2009
Revision: 4158
http://trac.macosforge.org/projects/calendarserver/changeset/4158
Author: sagen at apple.com
Date: 2009-05-03 11:44:16 -0700 (Sun, 03 May 2009)
Log Message:
-----------
A better solution to always allowing digest auth on the /inbox resource.
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/tap/caldav.py
CalendarServer/trunk/twistedcaldav/mail.py
Modified: CalendarServer/trunk/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/caldav.py 2009-05-03 17:19:07 UTC (rev 4157)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py 2009-05-03 18:44:16 UTC (rev 4158)
@@ -486,6 +486,76 @@
)
#
+ # Configure the Site and Wrappers
+ #
+ credentialFactories = []
+
+ portal = Portal(auth.DavRealm())
+
+ portal.registerChecker(directory)
+
+ realm = directory.realmName or ""
+
+ self.log_info("Configuring authentication for realm: %s" % (realm,))
+
+ for scheme, schemeConfig in config.Authentication.iteritems():
+ scheme = scheme.lower()
+
+ credFactory = None
+
+ if schemeConfig["Enabled"]:
+ self.log_info("Setting up scheme: %s" % (scheme,))
+
+ if scheme == "kerberos":
+ if not NegotiateCredentialFactory:
+ self.log_info("Kerberos support not available")
+ continue
+
+ try:
+ principal = schemeConfig["ServicePrincipal"]
+ if not principal:
+ credFactory = NegotiateCredentialFactory(
+ type="http",
+ hostname=config.ServerHostName,
+ )
+ else:
+ credFactory = NegotiateCredentialFactory(
+ principal=principal,
+ )
+ except ValueError:
+ self.log_info("Could not start Kerberos")
+ continue
+
+ elif scheme == "digest":
+ credFactory = QopDigestCredentialFactory(
+ schemeConfig["Algorithm"],
+ schemeConfig["Qop"],
+ realm,
+ )
+
+ elif scheme == "basic":
+ credFactory = BasicCredentialFactory(realm)
+
+ elif scheme == "wiki":
+ pass
+
+ else:
+ self.log_error("Unknown scheme: %s" % (scheme,))
+
+ if credFactory:
+ credentialFactories.append(credFactory)
+
+
+ # Set up a digest credential factory for use on the /inbox iMIP
+ # injection resource
+ schemeConfig = config.Authentication.Digest
+ digestCredentialFactory = QopDigestCredentialFactory(
+ schemeConfig["Algorithm"],
+ schemeConfig["Qop"],
+ realm,
+ )
+
+ #
# Setup Resource hierarchy
#
self.log_info("Setting up document root at: %s"
@@ -554,8 +624,16 @@
self.log_info("Setting up iMIP inbox resource: %r"
% (self.imipResourceClass,))
- imipInbox = self.imipResourceClass(root)
- root.putChild("inbox", imipInbox)
+ # This resource uses the digestCredentialFactory no matter
+ # what the overall server authentication settings are.
+ root.putChild("inbox",
+ auth.AuthenticationWrapper(
+ self.imipResourceClass(root),
+ portal,
+ (digestCredentialFactory,),
+ (auth.IPrincipal,),
+ )
+ )
#
# WebCal
@@ -575,63 +653,8 @@
self.log_info("Setting up Timezone Cache")
TimezoneCache.create()
- #
- # Configure the Site and Wrappers
- #
- credentialFactories = []
- portal = Portal(auth.DavRealm())
- portal.registerChecker(directory)
-
- realm = directory.realmName or ""
-
- self.log_info("Configuring authentication for realm: %s" % (realm,))
-
- for scheme, schemeConfig in config.Authentication.iteritems():
- scheme = scheme.lower()
-
- credFactory = None
-
- if schemeConfig["Enabled"]:
- self.log_info("Setting up scheme: %s" % (scheme,))
-
- if scheme == "kerberos":
- if not NegotiateCredentialFactory:
- self.log_info("Kerberos support not available")
- continue
-
- try:
- principal = schemeConfig["ServicePrincipal"]
- if not principal:
- credFactory = NegotiateCredentialFactory(
- type="http",
- hostname=config.ServerHostName,
- )
- else:
- credFactory = NegotiateCredentialFactory(
- principal=principal,
- )
- except ValueError:
- self.log_info("Could not start Kerberos")
- continue
-
- elif scheme == "digest":
- credFactory = QopDigestCredentialFactory(
- schemeConfig["Algorithm"],
- schemeConfig["Qop"],
- realm,
- )
-
- elif scheme == "basic":
- credFactory = BasicCredentialFactory(realm)
-
- else:
- self.log_error("Unknown scheme: %s" % (scheme,))
-
- if credFactory:
- credentialFactories.append(credFactory)
-
self.log_info("Configuring authentication wrapper")
authWrapper = auth.AuthenticationWrapper(
Modified: CalendarServer/trunk/twistedcaldav/mail.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/mail.py 2009-05-03 17:19:07 UTC (rev 4157)
+++ CalendarServer/trunk/twistedcaldav/mail.py 2009-05-03 18:44:16 UTC (rev 4158)
@@ -185,23 +185,7 @@
self.parent = parent
- def authorize(self, request, privileges, recurse=False):
- # Always allow digest for iMIP injection, regardless of overall
- # server authentication settings
- if not hasattr(self, "_imipCredentialFactory"):
- schemeConfig = config.Authentication.Digest
- self._imipCredentialFactory = QopDigestCredentialFactory(
- schemeConfig["Algorithm"], schemeConfig["Qop"],
- "iMIP Injection")
-
- request.credentialFactories = {
- 'digest' : self._imipCredentialFactory
- }
-
- return super(IMIPInboxResource, self).authorize(request, privileges,
- recurse=recurse)
-
def accessControlList(self, request, inheritance=True,
expanding=False, inherited_aces=None):
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090503/be536853/attachment.html>
More information about the calendarserver-changes
mailing list