[CalendarServer-changes] [4158] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Sun May 3 11:44:18 PDT 2009


Revision: 4158
          http://trac.macosforge.org/projects/calendarserver/changeset/4158
Author:   sagen at apple.com
Date:     2009-05-03 11:44:16 -0700 (Sun, 03 May 2009)
Log Message:
-----------
A better solution to always allowing digest auth on the /inbox resource.

Modified Paths:
--------------
    CalendarServer/trunk/calendarserver/tap/caldav.py
    CalendarServer/trunk/twistedcaldav/mail.py

Modified: CalendarServer/trunk/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/caldav.py	2009-05-03 17:19:07 UTC (rev 4157)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py	2009-05-03 18:44:16 UTC (rev 4158)
@@ -486,6 +486,76 @@
             )
 
         #
+        # Configure the Site and Wrappers
+        #
+        credentialFactories = []
+
+        portal = Portal(auth.DavRealm())
+
+        portal.registerChecker(directory)
+
+        realm = directory.realmName or ""
+
+        self.log_info("Configuring authentication for realm: %s" % (realm,))
+
+        for scheme, schemeConfig in config.Authentication.iteritems():
+            scheme = scheme.lower()
+
+            credFactory = None
+
+            if schemeConfig["Enabled"]:
+                self.log_info("Setting up scheme: %s" % (scheme,))
+
+                if scheme == "kerberos":
+                    if not NegotiateCredentialFactory:
+                        self.log_info("Kerberos support not available")
+                        continue
+
+                    try:
+                        principal = schemeConfig["ServicePrincipal"]
+                        if not principal:
+                            credFactory = NegotiateCredentialFactory(
+                                type="http",
+                                hostname=config.ServerHostName,
+                            )
+                        else:
+                            credFactory = NegotiateCredentialFactory(
+                                principal=principal,
+                            )
+                    except ValueError:
+                        self.log_info("Could not start Kerberos")
+                        continue
+
+                elif scheme == "digest":
+                    credFactory = QopDigestCredentialFactory(
+                        schemeConfig["Algorithm"],
+                        schemeConfig["Qop"],
+                        realm,
+                    )
+
+                elif scheme == "basic":
+                    credFactory = BasicCredentialFactory(realm)
+
+                elif scheme == "wiki":
+                    pass
+
+                else:
+                    self.log_error("Unknown scheme: %s" % (scheme,))
+
+            if credFactory:
+                credentialFactories.append(credFactory)
+
+
+        # Set up a digest credential factory for use on the /inbox iMIP
+        # injection resource
+        schemeConfig = config.Authentication.Digest
+        digestCredentialFactory = QopDigestCredentialFactory(
+            schemeConfig["Algorithm"],
+            schemeConfig["Qop"],
+            realm,
+        )
+
+        #
         # Setup Resource hierarchy
         #
         self.log_info("Setting up document root at: %s"
@@ -554,8 +624,16 @@
             self.log_info("Setting up iMIP inbox resource: %r"
                           % (self.imipResourceClass,))
 
-            imipInbox = self.imipResourceClass(root)
-            root.putChild("inbox", imipInbox)
+            # This resource uses the digestCredentialFactory no matter
+            # what the overall server authentication settings are.
+            root.putChild("inbox",
+                auth.AuthenticationWrapper(
+                    self.imipResourceClass(root),
+                    portal,
+                    (digestCredentialFactory,),
+                    (auth.IPrincipal,),
+                )
+            )
 
         #
         # WebCal
@@ -575,63 +653,8 @@
         self.log_info("Setting up Timezone Cache")
         TimezoneCache.create()
 
-        #
-        # Configure the Site and Wrappers
-        #
-        credentialFactories = []
 
-        portal = Portal(auth.DavRealm())
 
-        portal.registerChecker(directory)
-
-        realm = directory.realmName or ""
-
-        self.log_info("Configuring authentication for realm: %s" % (realm,))
-
-        for scheme, schemeConfig in config.Authentication.iteritems():
-            scheme = scheme.lower()
-
-            credFactory = None
-
-            if schemeConfig["Enabled"]:
-                self.log_info("Setting up scheme: %s" % (scheme,))
-
-                if scheme == "kerberos":
-                    if not NegotiateCredentialFactory:
-                        self.log_info("Kerberos support not available")
-                        continue
-
-                    try:
-                        principal = schemeConfig["ServicePrincipal"]
-                        if not principal:
-                            credFactory = NegotiateCredentialFactory(
-                                type="http",
-                                hostname=config.ServerHostName,
-                            )
-                        else:
-                            credFactory = NegotiateCredentialFactory(
-                                principal=principal,
-                            )
-                    except ValueError:
-                        self.log_info("Could not start Kerberos")
-                        continue
-
-                elif scheme == "digest":
-                    credFactory = QopDigestCredentialFactory(
-                        schemeConfig["Algorithm"],
-                        schemeConfig["Qop"],
-                        realm,
-                    )
-
-                elif scheme == "basic":
-                    credFactory = BasicCredentialFactory(realm)
-
-                else:
-                    self.log_error("Unknown scheme: %s" % (scheme,))
-
-            if credFactory:
-                credentialFactories.append(credFactory)
-
         self.log_info("Configuring authentication wrapper")
 
         authWrapper = auth.AuthenticationWrapper(

Modified: CalendarServer/trunk/twistedcaldav/mail.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/mail.py	2009-05-03 17:19:07 UTC (rev 4157)
+++ CalendarServer/trunk/twistedcaldav/mail.py	2009-05-03 18:44:16 UTC (rev 4158)
@@ -185,23 +185,7 @@
 
         self.parent = parent
 
-    def authorize(self, request, privileges, recurse=False):
 
-        # Always allow digest for iMIP injection, regardless of overall
-        # server authentication settings
-        if not hasattr(self, "_imipCredentialFactory"):
-            schemeConfig = config.Authentication.Digest
-            self._imipCredentialFactory = QopDigestCredentialFactory(
-                schemeConfig["Algorithm"], schemeConfig["Qop"],
-                "iMIP Injection")
-
-        request.credentialFactories = {
-            'digest' : self._imipCredentialFactory
-        }
-
-        return super(IMIPInboxResource, self).authorize(request, privileges,
-            recurse=recurse)
-
     def accessControlList(self, request, inheritance=True,
         expanding=False, inherited_aces=None):
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090503/be536853/attachment.html>


More information about the calendarserver-changes mailing list