[CalendarServer-changes] [4257] CalendarServer/trunk/lib-patches/Twisted
source_changes at macosforge.org
source_changes at macosforge.org
Thu May 14 00:52:50 PDT 2009
Revision: 4257
http://trac.macosforge.org/projects/calendarserver/changeset/4257
Author: darla at apple.com
Date: 2009-05-14 00:52:49 -0700 (Thu, 14 May 2009)
Log Message:
-----------
Letting IE send fake REPORT and MKCALENDAR calls as POSTS by setting a special request header.
Modified Paths:
--------------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-05-14 00:48:35 UTC (rev 4256)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-05-14 07:52:49 UTC (rev 4257)
@@ -35,7 +35,7 @@
}
# DigestCalcHA1
-@@ -153,7 +162,18 @@
+@@ -153,9 +162,44 @@
calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
algo, nonce, nc, cnonce, qop, self.method, uri, None
)
@@ -43,18 +43,45 @@
+ if expected == response:
+ return True
+- return expected == response
+ # IE7 sends cnonce and nc values, but auth fails if they are used.
+ # So try again without them...
+ # They can be omitted for backwards compatibility [RFC 2069].
-+ expected = calcResponse(
-+ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
-+ algo, nonce, None, None, qop, self.method, uri, None
-+ )
++ if nc is not None or cnonce is not None:
++ expected = calcResponse(
++ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
++ algo, nonce, None, None, qop, self.method, uri, None
++ )
++ if expected == response:
++ return True
+
++ # And yet another IE hack...
++ # IE refuses to send Authorization headers with REPORT requests.
++ # So instead we're sending a POST, then telling the server it's a REPORT.
++ # When this happens, the client created the response with POST and the server
++ # compares it against a response made with REPORT, which of course won't match.
++ # So we try again telling the server to use POST instead.
++ if self.method == "REPORT":
++ expected = calcResponse(
++ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
++ algo, nonce, nc, cnonce, qop, "POST", uri, None
++ )
++ if expected == response:
++ return True
++ if nc is not None or cnonce is not None:
++ expected = calcResponse(
++ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
++ algo, nonce, None, None, qop, "POST", uri, None
++ )
++ if expected == response:
++ return True
+
- return expected == response
-
++ return False
++
def checkHash(self, digestHash):
-@@ -228,9 +248,9 @@
+ response = self.fields.get('response')
+ uri = self.fields.get('uri')
+@@ -228,9 +272,9 @@
# Now, what we do is encode the nonce, client ip and a timestamp
# in the opaque value with a suitable digest
key = "%s,%s,%s" % (nonce, clientip, str(int(self._getTime())))
@@ -66,7 +93,7 @@
def verifyOpaque(self, opaque, nonce, clientip):
"""
-@@ -274,7 +294,7 @@
+@@ -274,7 +318,7 @@
'Invalid response, incompatible opaque/nonce too old')
# Verify the digest
@@ -75,7 +102,7 @@
if digest != opaqueParts[0]:
raise error.LoginFailed('Invalid response, invalid opaque value')
-@@ -293,11 +313,12 @@
+@@ -293,11 +337,12 @@
c = self.generateNonce()
o = self.generateOpaque(c, peer.host)
@@ -93,7 +120,7 @@
def decode(self, response, request):
"""
-@@ -315,18 +336,18 @@
+@@ -315,18 +360,18 @@
@raise: L{error.LoginFailed} if the response does not contain a
username, a nonce, an opaque, or if the opaque is invalid.
"""
@@ -123,7 +150,7 @@
username = auth.get('username')
if not username:
raise error.LoginFailed('Invalid response, no username given.')
-@@ -342,7 +363,7 @@
+@@ -342,7 +387,7 @@
auth.get('nonce'),
request.remoteAddr.host):
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch 2009-05-14 00:48:35 UTC (rev 4256)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch 2009-05-14 07:52:49 UTC (rev 4257)
@@ -68,7 +68,32 @@
d.addCallback(lambda res, req: res.renderHTTP(req), self)
d.addCallback(self._cbFinishRender)
d.addErrback(self._processingFailed)
-@@ -321,7 +345,6 @@
+@@ -274,12 +298,23 @@
+ """Do any request processing that doesn't follow the normal
+ resource lookup procedure. "OPTIONS *" is handled here, for
+ example. This would also be the place to do any CONNECT
+- processing."""
++ processing. We also handle the REPORT IE hack here."""
+
+ if self.method == "OPTIONS" and self.uri == "*":
+ response = http.Response(responsecode.OK)
+ response.headers.setHeader('allow', ('GET', 'HEAD', 'OPTIONS', 'TRACE'))
+ return response
++
++ elif self.method == "POST":
++ if self.headers.hasHeader("User-Agent") and self.headers.getHeader("User-Agent").lower().find(" msie ") > 0:
++ if self.headers.hasHeader("StupidIESentAPostButWants"):
++ intendedMethod = self.headers.getRawHeaders("StupidIESentAPostButWants")[0];
++ if intendedMethod.upper() == "REPORT" or intendedMethod.upper() == "MKCALENDAR":
++ self.method = intendedMethod
++ else:
++ log.msg("Error preprocessing:", isErr=1)
++ log.err("IE sent a POST but requested a %s, and we don't allow that. Only REPORT and MKCALENDAR can be requested." % intendedMethod)
++
+ # This is where CONNECT would go if we wanted it
+ return None
+
+@@ -321,7 +356,6 @@
if newpath is StopTraversal:
# We need to rethink how to do this.
#if newres is res:
@@ -76,7 +101,7 @@
return res
#else:
# raise ValueError("locateChild must not return StopTraversal with a resource other than self.")
-@@ -337,7 +360,6 @@
+@@ -337,7 +371,6 @@
self.prepath.append(self.postpath.pop(0))
child = self._getChild(None, newres, newpath, updatepaths=updatepaths)
@@ -84,7 +109,7 @@
return child
-@@ -347,6 +369,7 @@
+@@ -347,6 +380,7 @@
"""
Remember the URL of a visited resource.
"""
@@ -92,7 +117,7 @@
self._urlsByResource[resource] = url
return resource
-@@ -386,7 +409,8 @@
+@@ -386,7 +420,8 @@
The contained response will have a status code of
L{responsecode.BAD_REQUEST}.
"""
@@ -102,7 +127,7 @@
#
# Parse the URL
-@@ -407,9 +431,13 @@
+@@ -407,9 +442,13 @@
"URL is not on this site (%s://%s/): %s" % (scheme, self.headers.getHeader("host"), url)
))
@@ -118,7 +143,7 @@
def notFound(f):
f.trap(http.HTTPError)
-@@ -417,7 +445,7 @@
+@@ -417,7 +456,7 @@
return f
return None
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090514/4f870a18/attachment-0001.html>
More information about the calendarserver-changes
mailing list