[CalendarServer-changes] [4254] CalendarServer/branches/release/CalendarServer-2.2-dev
source_changes at macosforge.org
source_changes at macosforge.org
Wed May 13 16:43:07 PDT 2009
Revision: 4254
http://trac.macosforge.org/projects/calendarserver/changeset/4254
Author: wsanchez at apple.com
Date: 2009-05-13 16:43:07 -0700 (Wed, 13 May 2009)
Log Message:
-----------
Pulled up r4242 from trunk.
Modified Paths:
--------------
CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py
CalendarServer/branches/release/CalendarServer-2.2-dev/run
CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py
CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py
Property Changed:
----------------
CalendarServer/branches/release/CalendarServer-2.2-dev/
CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.txt
CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.xml
CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.txt
CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.xml
Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev
___________________________________________________________________
Modified: svn:mergeinfo
- /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4205-4206,4209,4213,4215-4216,4219-4220,4222,4224,4227,4231-4233,4237,4240,4248
+ /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4205-4206,4209,4213,4215-4216,4219-4220,4222,4224,4227,4231-4233,4237,4240-4242,4248
Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py 2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py 2009-05-13 23:43:07 UTC (rev 4254)
@@ -515,7 +515,7 @@
principal = schemeConfig["ServicePrincipal"]
if not principal:
credFactory = NegotiateCredentialFactory(
- type="http",
+ type="HTTP",
hostname=config.ServerHostName,
)
else:
Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.txt
___________________________________________________________________
Modified: svn:mergeinfo
- /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
+ /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248
Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.xml
___________________________________________________________________
Modified: svn:mergeinfo
- /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
+ /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248
Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.txt
___________________________________________________________________
Modified: svn:mergeinfo
- /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
+ /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248
Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.xml
___________________________________________________________________
Modified: svn:mergeinfo
- /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
+ /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248
Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/run
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/run 2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/run 2009-05-13 23:43:07 UTC (rev 4254)
@@ -546,7 +546,7 @@
if ! py_have_module kerberos; then
kerberos="${top}/PyKerberos";
- svn_get "PyKerberos" "${kerberos}" "${svn_uri_base}/PyKerberos/trunk" 3108;
+ svn_get "PyKerberos" "${kerberos}" "${svn_uri_base}/PyKerberos/trunk" 4241;
py_build "PyKerberos" "${kerberos}" false; # FIXME: make optional
py_install "PyKerberos" "${kerberos}";
Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py 2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py 2009-05-13 23:43:07 UTC (rev 4254)
@@ -58,10 +58,10 @@
def __init__(self, principal=None, type=None, hostname=None):
"""
- @param principal: full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+ @param principal: full Kerberos principal (e.g., 'HTTP/server.example.com at EXAMPLE.COM'). If C{None}
then the type and hostname arguments are used instead.
@type service: str
- @param type: service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+ @param type: service type for Kerberos (e.g., 'HTTP'). Must be C{None} if principal used.
@type type: str
@param hostname: hostname for this server. Must be C{None} if principal used.
@type hostname: str
@@ -79,6 +79,10 @@
self.log_error("getServerPrincipalDetails: %s" % (ex[0],))
raise ValueError('Authentication System Failure: %s' % (ex[0],))
+ self.service, self.realm = self._splitPrincipal(principal)
+
+ def _splitPrincipal(self, principal):
+
try:
splits = principal.split("/")
servicetype = splits[0]
@@ -89,9 +93,11 @@
self.log_error("Invalid Kerberos principal: %s" % (principal,))
raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
- self.service = "%s@%s" % (servicetype, service,)
- self.realm = realm
-
+ service = "%s@%s" % (servicetype, service,)
+ realm = realm
+
+ return (service, realm,)
+
class BasicKerberosCredentials(credentials.UsernamePassword):
"""
A set of user/password credentials that checks itself against Kerberos.
@@ -128,10 +134,10 @@
def __init__(self, principal=None, type=None, hostname=None):
"""
- @param principal: full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+ @param principal: full Kerberos principal (e.g., 'HTTP/server.example.com at EXAMPLE.COM'). If C{None}
then the type and hostname arguments are used instead.
@type service: str
- @param type: service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+ @param type: service type for Kerberos (e.g., 'HTTP'). Must be C{None} if principal used.
@type type: str
@param hostname: hostname for this server. Must be C{None} if principal used.
@type hostname: str
@@ -199,10 +205,10 @@
def __init__(self, principal=None, type=None, hostname=None):
"""
- @param principal: full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+ @param principal: full Kerberos principal (e.g., 'HTTP/server.example.com at EXAMPLE.COM'). If C{None}
then the type and hostname arguments are used instead.
@type service: str
- @param type: service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+ @param type: service type for Kerberos (e.g., 'HTTP'). Must be C{None} if principal used.
@type type: str
@param hostname: hostname for this server. Must be C{None} if principal used.
@type hostname: str
@@ -215,9 +221,10 @@
def decode(self, base64data, request):
- # Init GSSAPI first
+ # Init GSSAPI first - we won't specify the service now as we need to accept a target
+ # name that is case-insenstive as some clients will use "http" instead of "HTTP"
try:
- _ignore_result, context = kerberos.authGSSServerInit(self.service);
+ _ignore_result, context = kerberos.authGSSServerInit("");
except kerberos.GSSError, ex:
self.log_error("authGSSServerInit: %s(%s)" % (ex[0][0], ex[1][0],))
raise error.LoginFailed('Authentication System Failure: %s(%s)' % (ex[0][0], ex[1][0],))
@@ -234,6 +241,18 @@
kerberos.authGSSServerClean(context)
raise error.UnauthorizedLogin('Bad credentials: %s' % (ex[0],))
+ targetname = kerberos.authGSSServerTargetName(context)
+ try:
+ service, _ignore_realm = self._splitPrincipal(targetname)
+ except ValueError:
+ self.log_error("authGSSServerTargetName invalid target name: '%s'" % (targetname,))
+ kerberos.authGSSServerClean(context)
+ raise error.UnauthorizedLogin('Bad credentials: bad target name %s' % (targetname,))
+ if service.lower() != self.service.lower():
+ self.log_error("authGSSServerTargetName mismatch got: '%s' wanted: '%s'" % (service, self.service))
+ kerberos.authGSSServerClean(context)
+ raise error.UnauthorizedLogin('Bad credentials: wrong target name %s' % (targetname,))
+
response = kerberos.authGSSServerResponse(context)
principal = kerberos.authGSSServerUserName(context)
username = principal
Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py 2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py 2009-05-13 23:43:07 UTC (rev 4254)
@@ -30,11 +30,11 @@
class KerberosTests(twistedcaldav.test.util.TestCase):
def test_BasicKerberosCredentials(self):
- authkerb.BasicKerberosCredentials("test", "test", "http/example.com at EXAMPLE.COM", "EXAMPLE.COM")
+ authkerb.BasicKerberosCredentials("test", "test", "HTTP/example.com at EXAMPLE.COM", "EXAMPLE.COM")
@inlineCallbacks
def test_BasicKerberosCredentialFactory(self):
- factory = authkerb.BasicKerberosCredentialFactory(principal="http/server.example.com at EXAMPLE.COM")
+ factory = authkerb.BasicKerberosCredentialFactory(principal="HTTP/server.example.com at EXAMPLE.COM")
challenge = (yield factory.getChallenge("peer"))
expected_challenge = {'realm': "EXAMPLE.COM"}
@@ -45,7 +45,7 @@
self.assertRaises(
ValueError,
authkerb.BasicKerberosCredentialFactory,
- principal="http/server.example.com/EXAMPLE.COM"
+ principal="HTTP/server.example.com/EXAMPLE.COM"
)
def test_NegotiateCredentials(self):
@@ -53,7 +53,7 @@
@inlineCallbacks
def test_NegotiateCredentialFactory(self):
- factory = authkerb.NegotiateCredentialFactory(principal="http/server.example.com at EXAMPLE.COM")
+ factory = authkerb.NegotiateCredentialFactory(principal="HTTP/server.example.com at EXAMPLE.COM")
challenge = (yield factory.getChallenge("peer"))
expected_challenge = {}
@@ -71,13 +71,13 @@
self.fail(msg="NegotiateCredentialFactory decode did not fail")
def test_NegotiateCredentialFactoryDifferentRealm(self):
- factory = authkerb.NegotiateCredentialFactory(principal="http/server.example.com at EXAMPLE.COM")
+ factory = authkerb.NegotiateCredentialFactory(principal="HTTP/server.example.com at EXAMPLE.COM")
self.assertEquals(factory.realm, "EXAMPLE.COM")
- self.assertEquals(factory.service, "http at SERVER.EXAMPLE.COM")
+ self.assertEquals(factory.service, "HTTP at SERVER.EXAMPLE.COM")
def test_NegotiateCredentialFactoryInvalidPrincipal(self):
self.assertRaises(
ValueError,
authkerb.NegotiateCredentialFactory,
- principal="http/server.example.com/EXAMPLE.COM"
+ principal="HTTP/server.example.com/EXAMPLE.COM"
)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090513/98de3c83/attachment-0001.html>
More information about the calendarserver-changes
mailing list