[CalendarServer-changes] [4254] CalendarServer/branches/release/CalendarServer-2.2-dev

source_changes at macosforge.org source_changes at macosforge.org
Wed May 13 16:43:07 PDT 2009


Revision: 4254
          http://trac.macosforge.org/projects/calendarserver/changeset/4254
Author:   wsanchez at apple.com
Date:     2009-05-13 16:43:07 -0700 (Wed, 13 May 2009)
Log Message:
-----------
Pulled up r4242 from trunk.

Modified Paths:
--------------
    CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py
    CalendarServer/branches/release/CalendarServer-2.2-dev/run
    CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py
    CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py

Property Changed:
----------------
    CalendarServer/branches/release/CalendarServer-2.2-dev/
    CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.txt
    CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.xml
    CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.txt
    CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.xml


Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev
___________________________________________________________________
Modified: svn:mergeinfo
   - /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4205-4206,4209,4213,4215-4216,4219-4220,4222,4224,4227,4231-4233,4237,4240,4248
   + /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4205-4206,4209,4213,4215-4216,4219-4220,4222,4224,4227,4231-4233,4237,4240-4242,4248

Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py	2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/calendarserver/tap/caldav.py	2009-05-13 23:43:07 UTC (rev 4254)
@@ -515,7 +515,7 @@
                         principal = schemeConfig["ServicePrincipal"]
                         if not principal:
                             credFactory = NegotiateCredentialFactory(
-                                type="http",
+                                type="HTTP",
                                 hostname=config.ServerHostName,
                             )
                         else:


Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.txt
___________________________________________________________________
Modified: svn:mergeinfo
   - /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
   + /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248


Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-privatecomments.xml
___________________________________________________________________
Modified: svn:mergeinfo
   - /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
   + /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-privatecomments-00.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-privatecomments-00.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-privatecomments.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-privatecomments-00.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-privatecomments.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-privatecomments.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-privatecomments.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-privatecomments.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248


Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.txt
___________________________________________________________________
Modified: svn:mergeinfo
   - /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
   + /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.txt:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.txt:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.txt:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.txt:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.txt:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.txt:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.txt:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.txt:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248


Property changes on: CalendarServer/branches/release/CalendarServer-2.2-dev/doc/Extensions/caldav-schedulingchanges.xml
___________________________________________________________________
Modified: svn:mergeinfo
   - /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240,4248
   + /CalendarServer/branches/users/cdaboo/attendee-comments-2886/doc/Extensions/caldav-schedulingchanges-01.xml:2887-2910
/CalendarServer/branches/users/cdaboo/byebye-serviceslocator-2937/doc/Extensions/caldav-schedulingchanges-01.xml:2938-3097
/CalendarServer/branches/users/cdaboo/implicit-if-match-3306/doc/Extensions/caldav-schedulingchanges.xml:3307-3349
/CalendarServer/branches/users/cdaboo/implicitauto-2947/doc/Extensions/caldav-schedulingchanges-01.xml:2948-2989
/CalendarServer/branches/users/cdaboo/location-partial-accept-3573/doc/Extensions/caldav-schedulingchanges.xml:3574-3581
/CalendarServer/branches/users/sagen/resource-delegates-4038/doc/Extensions/caldav-schedulingchanges.xml:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066/doc/Extensions/caldav-schedulingchanges.xml:4068-4075
/CalendarServer/trunk/doc/Extensions/caldav-schedulingchanges.xml:4105-4107,4113-4116,4121-4124,4137-4139,4141-4144,4154-4159,4163-4167,4172,4174-4176,4178-4180,4191,4194,4197-4202,4209,4213,4222,4227,4231-4233,4237,4240-4242,4248

Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/run
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/run	2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/run	2009-05-13 23:43:07 UTC (rev 4254)
@@ -546,7 +546,7 @@
   if ! py_have_module kerberos; then
     kerberos="${top}/PyKerberos";
 
-    svn_get "PyKerberos" "${kerberos}" "${svn_uri_base}/PyKerberos/trunk" 3108;
+    svn_get "PyKerberos" "${kerberos}" "${svn_uri_base}/PyKerberos/trunk" 4241;
     py_build "PyKerberos" "${kerberos}" false; # FIXME: make optional
     py_install "PyKerberos" "${kerberos}";
 

Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py	2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/authkerb.py	2009-05-13 23:43:07 UTC (rev 4254)
@@ -58,10 +58,10 @@
     def __init__(self, principal=None, type=None, hostname=None):
         """
         
-        @param principal:  full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+        @param principal:  full Kerberos principal (e.g., 'HTTP/server.example.com at EXAMPLE.COM'). If C{None}
             then the type and hostname arguments are used instead.
         @type service:     str
-        @param type:       service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+        @param type:       service type for Kerberos (e.g., 'HTTP'). Must be C{None} if principal used.
         @type type:        str
         @param hostname:   hostname for this server. Must be C{None} if principal used.
         @type hostname:    str
@@ -79,6 +79,10 @@
                 self.log_error("getServerPrincipalDetails: %s" % (ex[0],))
                 raise ValueError('Authentication System Failure: %s' % (ex[0],))
 
+        self.service, self.realm = self._splitPrincipal(principal)
+
+    def _splitPrincipal(self, principal):
+
         try:
             splits = principal.split("/")
             servicetype = splits[0]
@@ -89,9 +93,11 @@
             self.log_error("Invalid Kerberos principal: %s" % (principal,))
             raise ValueError('Authentication System Failure: Invalid Kerberos principal: %s' % (principal,))
                 
-        self.service = "%s@%s" % (servicetype, service,)
-        self.realm = realm
-
+        service = "%s@%s" % (servicetype, service,)
+        realm = realm
+        
+        return (service, realm,)
+        
 class BasicKerberosCredentials(credentials.UsernamePassword):
     """
     A set of user/password credentials that checks itself against Kerberos.
@@ -128,10 +134,10 @@
     def __init__(self, principal=None, type=None, hostname=None):
         """
         
-        @param principal:  full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+        @param principal:  full Kerberos principal (e.g., 'HTTP/server.example.com at EXAMPLE.COM'). If C{None}
             then the type and hostname arguments are used instead.
         @type service:     str
-        @param type:       service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+        @param type:       service type for Kerberos (e.g., 'HTTP'). Must be C{None} if principal used.
         @type type:        str
         @param hostname:   hostname for this server. Must be C{None} if principal used.
         @type hostname:    str
@@ -199,10 +205,10 @@
     def __init__(self, principal=None, type=None, hostname=None):
         """
         
-        @param principal:  full Kerberos principal (e.g., 'http/server.example.com at EXAMPLE.COM'). If C{None}
+        @param principal:  full Kerberos principal (e.g., 'HTTP/server.example.com at EXAMPLE.COM'). If C{None}
             then the type and hostname arguments are used instead.
         @type service:     str
-        @param type:       service type for Kerberos (e.g., 'http'). Must be C{None} if principal used.
+        @param type:       service type for Kerberos (e.g., 'HTTP'). Must be C{None} if principal used.
         @type type:        str
         @param hostname:   hostname for this server. Must be C{None} if principal used.
         @type hostname:    str
@@ -215,9 +221,10 @@
 
     def decode(self, base64data, request):
         
-        # Init GSSAPI first
+        # Init GSSAPI first - we won't specify the service now as we need to accept a target
+        # name that is case-insenstive as some clients will use "http" instead of "HTTP"
         try:
-            _ignore_result, context = kerberos.authGSSServerInit(self.service);
+            _ignore_result, context = kerberos.authGSSServerInit("");
         except kerberos.GSSError, ex:
             self.log_error("authGSSServerInit: %s(%s)" % (ex[0][0], ex[1][0],))
             raise error.LoginFailed('Authentication System Failure: %s(%s)' % (ex[0][0], ex[1][0],))
@@ -234,6 +241,18 @@
             kerberos.authGSSServerClean(context)
             raise error.UnauthorizedLogin('Bad credentials: %s' % (ex[0],))
 
+        targetname = kerberos.authGSSServerTargetName(context)
+        try:
+            service, _ignore_realm = self._splitPrincipal(targetname)
+        except ValueError:
+            self.log_error("authGSSServerTargetName invalid target name: '%s'" % (targetname,))
+            kerberos.authGSSServerClean(context)
+            raise error.UnauthorizedLogin('Bad credentials: bad target name %s' % (targetname,))
+        if service.lower() != self.service.lower():
+            self.log_error("authGSSServerTargetName mismatch got: '%s' wanted: '%s'" % (service, self.service))
+            kerberos.authGSSServerClean(context)
+            raise error.UnauthorizedLogin('Bad credentials: wrong target name %s' % (targetname,))
+
         response = kerberos.authGSSServerResponse(context)
         principal = kerberos.authGSSServerUserName(context)
         username = principal

Modified: CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py	2009-05-13 23:42:18 UTC (rev 4253)
+++ CalendarServer/branches/release/CalendarServer-2.2-dev/twistedcaldav/test/test_kerberos.py	2009-05-13 23:43:07 UTC (rev 4254)
@@ -30,11 +30,11 @@
 class KerberosTests(twistedcaldav.test.util.TestCase):
 
     def test_BasicKerberosCredentials(self):
-        authkerb.BasicKerberosCredentials("test", "test", "http/example.com at EXAMPLE.COM", "EXAMPLE.COM")
+        authkerb.BasicKerberosCredentials("test", "test", "HTTP/example.com at EXAMPLE.COM", "EXAMPLE.COM")
 
     @inlineCallbacks
     def test_BasicKerberosCredentialFactory(self):
-        factory = authkerb.BasicKerberosCredentialFactory(principal="http/server.example.com at EXAMPLE.COM")
+        factory = authkerb.BasicKerberosCredentialFactory(principal="HTTP/server.example.com at EXAMPLE.COM")
 
         challenge = (yield factory.getChallenge("peer"))
         expected_challenge = {'realm': "EXAMPLE.COM"}
@@ -45,7 +45,7 @@
         self.assertRaises(
             ValueError,
             authkerb.BasicKerberosCredentialFactory,
-            principal="http/server.example.com/EXAMPLE.COM"
+            principal="HTTP/server.example.com/EXAMPLE.COM"
         )
 
     def test_NegotiateCredentials(self):
@@ -53,7 +53,7 @@
 
     @inlineCallbacks
     def test_NegotiateCredentialFactory(self):
-        factory = authkerb.NegotiateCredentialFactory(principal="http/server.example.com at EXAMPLE.COM")
+        factory = authkerb.NegotiateCredentialFactory(principal="HTTP/server.example.com at EXAMPLE.COM")
 
         challenge = (yield factory.getChallenge("peer"))
         expected_challenge = {}
@@ -71,13 +71,13 @@
             self.fail(msg="NegotiateCredentialFactory decode did not fail")
 
     def test_NegotiateCredentialFactoryDifferentRealm(self):
-        factory = authkerb.NegotiateCredentialFactory(principal="http/server.example.com at EXAMPLE.COM")
+        factory = authkerb.NegotiateCredentialFactory(principal="HTTP/server.example.com at EXAMPLE.COM")
         self.assertEquals(factory.realm, "EXAMPLE.COM")
-        self.assertEquals(factory.service, "http at SERVER.EXAMPLE.COM")
+        self.assertEquals(factory.service, "HTTP at SERVER.EXAMPLE.COM")
 
     def test_NegotiateCredentialFactoryInvalidPrincipal(self):
         self.assertRaises(
             ValueError,
             authkerb.NegotiateCredentialFactory,
-            principal="http/server.example.com/EXAMPLE.COM"
+            principal="HTTP/server.example.com/EXAMPLE.COM"
         )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090513/98de3c83/attachment-0001.html>


More information about the calendarserver-changes mailing list