[CalendarServer-changes] [4270] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Thu May 14 19:43:15 PDT 2009
Revision: 4270
http://trac.macosforge.org/projects/calendarserver/changeset/4270
Author: darla at apple.com
Date: 2009-05-14 19:43:14 -0700 (Thu, 14 May 2009)
Log Message:
-----------
Added an originalMethod attribute to the request when tunnelling is used. That value is then used in digest auth as the method.
Modified Paths:
--------------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch
CalendarServer/trunk/twistedcaldav/directory/digest.py
CalendarServer/trunk/twistedcaldav/directory/test/util.py
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-05-15 01:16:15 UTC (rev 4269)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.auth.digest.patch 2009-05-15 02:43:14 UTC (rev 4270)
@@ -35,9 +35,33 @@
}
# DigestCalcHA1
-@@ -153,9 +162,42 @@
+@@ -134,11 +143,12 @@
+ implements(credentials.IUsernameHashedPassword,
+ IUsernameDigestHash)
+
+- def __init__(self, username, method, realm, fields):
++ def __init__(self, username, method, realm, fields, originalMethod):
+ self.username = username
+ self.method = method
+ self.realm = realm
+ self.fields = fields
++ self.originalMethod = originalMethod
+
+ def checkPassword(self, password):
+ response = self.fields.get('response')
+@@ -149,12 +159,29 @@
+ algo = self.fields.get('algorithm', 'md5').lower()
+ qop = self.fields.get('qop', 'auth')
+
++ if self.originalMethod:
++ method = self.originalMethod
++ else:
++ method = self.method
++
+ expected = calcResponse(
calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
- algo, nonce, nc, cnonce, qop, self.method, uri, None
+- algo, nonce, nc, cnonce, qop, self.method, uri, None
++ algo, nonce, nc, cnonce, qop, method, uri, None
)
+
+ if expected == response:
@@ -50,36 +74,26 @@
+ if nc is not None or cnonce is not None:
+ expected = calcResponse(
+ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
-+ algo, nonce, None, None, qop, self.method, uri, None
++ algo, nonce, None, None, qop, method, uri, None
+ )
+ if expected == response:
+ return True
-+ # We allow other methods to tunnel through using POST and a request header.
-+ # (See http://code.google.com/apis/gdata/docs/2.0/basics.html)
-+ # In that case, the client will have created the response with a method of POST,
-+ # but the server compares that to a response make with a different method.
-+ # So we try again telling the server to use POST instead.
-+ expected = calcResponse(
-+ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
-+ algo, nonce, nc, cnonce, qop, "POST", uri, None
-+ )
-+ if expected == response:
-+ return True
-+ if nc is not None or cnonce is not None:
-+ expected = calcResponse(
-+ calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
-+ algo, nonce, None, None, qop, "POST", uri, None
-+ )
-+ if expected == response:
-+ return True
-+
-+ return False
-+
def checkHash(self, digestHash):
response = self.fields.get('response')
- uri = self.fields.get('uri')
-@@ -228,9 +270,9 @@
+@@ -165,6 +192,11 @@
+ algo = self.fields.get('algorithm', 'md5').lower()
+ qop = self.fields.get('qop', 'auth')
+
++ if self.originalMethod:
++ method = self.originalMethod
++ else:
++ method = self.method
++
+ expected = calcResponse(
+ calcHA1(algo, None, None, None, nonce, cnonce, preHA1=digestHash),
+ algo, nonce, nc, cnonce, qop, self.method, uri, None
+@@ -228,9 +260,9 @@
# Now, what we do is encode the nonce, client ip and a timestamp
# in the opaque value with a suitable digest
key = "%s,%s,%s" % (nonce, clientip, str(int(self._getTime())))
@@ -91,7 +105,7 @@
def verifyOpaque(self, opaque, nonce, clientip):
"""
-@@ -274,7 +316,7 @@
+@@ -274,7 +306,7 @@
'Invalid response, incompatible opaque/nonce too old')
# Verify the digest
@@ -100,7 +114,7 @@
if digest != opaqueParts[0]:
raise error.LoginFailed('Invalid response, invalid opaque value')
-@@ -293,11 +335,12 @@
+@@ -293,11 +325,12 @@
c = self.generateNonce()
o = self.generateOpaque(c, peer.host)
@@ -118,7 +132,7 @@
def decode(self, response, request):
"""
-@@ -315,18 +358,18 @@
+@@ -315,18 +348,18 @@
@raise: L{error.LoginFailed} if the response does not contain a
username, a nonce, an opaque, or if the opaque is invalid.
"""
@@ -148,7 +162,7 @@
username = auth.get('username')
if not username:
raise error.LoginFailed('Invalid response, no username given.')
-@@ -342,7 +385,7 @@
+@@ -342,7 +375,8 @@
auth.get('nonce'),
request.remoteAddr.host):
@@ -157,4 +171,5 @@
request.method,
self.realm,
- auth)
-+ auth))
++ auth,
++ request.originalMethod if hasattr(request, "originalMethod") else None))
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch 2009-05-15 01:16:15 UTC (rev 4269)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.server.patch 2009-05-15 02:43:14 UTC (rev 4270)
@@ -68,7 +68,7 @@
d.addCallback(lambda res, req: res.renderHTTP(req), self)
d.addCallback(self._cbFinishRender)
d.addErrback(self._processingFailed)
-@@ -280,6 +304,15 @@
+@@ -280,6 +304,16 @@
response = http.Response(responsecode.OK)
response.headers.setHeader('allow', ('GET', 'HEAD', 'OPTIONS', 'TRACE'))
return response
@@ -79,12 +79,13 @@
+ if self.headers.hasHeader("X-HTTP-Method-Override"):
+ intendedMethod = self.headers.getRawHeaders("X-HTTP-Method-Override")[0];
+ if intendedMethod:
++ self.originalMethod = self.method
+ self.method = intendedMethod
+
# This is where CONNECT would go if we wanted it
return None
-@@ -321,7 +354,6 @@
+@@ -321,7 +355,6 @@
if newpath is StopTraversal:
# We need to rethink how to do this.
#if newres is res:
@@ -92,7 +93,7 @@
return res
#else:
# raise ValueError("locateChild must not return StopTraversal with a resource other than self.")
-@@ -337,7 +369,6 @@
+@@ -337,7 +370,6 @@
self.prepath.append(self.postpath.pop(0))
child = self._getChild(None, newres, newpath, updatepaths=updatepaths)
@@ -100,7 +101,7 @@
return child
-@@ -347,6 +378,7 @@
+@@ -347,6 +379,7 @@
"""
Remember the URL of a visited resource.
"""
@@ -108,7 +109,7 @@
self._urlsByResource[resource] = url
return resource
-@@ -386,7 +418,8 @@
+@@ -386,7 +419,8 @@
The contained response will have a status code of
L{responsecode.BAD_REQUEST}.
"""
@@ -118,7 +119,7 @@
#
# Parse the URL
-@@ -407,9 +440,13 @@
+@@ -407,9 +441,13 @@
"URL is not on this site (%s://%s/): %s" % (scheme, self.headers.getHeader("host"), url)
))
@@ -134,7 +135,7 @@
def notFound(f):
f.trap(http.HTTPError)
-@@ -417,7 +454,7 @@
+@@ -417,7 +455,7 @@
return f
return None
Modified: CalendarServer/trunk/twistedcaldav/directory/digest.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/digest.py 2009-05-15 01:16:15 UTC (rev 4269)
+++ CalendarServer/trunk/twistedcaldav/directory/digest.py 2009-05-15 02:43:14 UTC (rev 4270)
@@ -231,7 +231,8 @@
credentials = DigestedCredentials(username,
request.method,
self.realm,
- auth)
+ auth,
+ request.originalMethod if hasattr(request, "originalMethod") else None)
if not self.qop and credentials.fields.has_key('qop'):
del credentials.fields['qop']
returnValue(credentials)
Modified: CalendarServer/trunk/twistedcaldav/directory/test/util.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/util.py 2009-05-15 01:16:15 UTC (rev 4269)
+++ CalendarServer/trunk/twistedcaldav/directory/test/util.py 2009-05-15 02:43:14 UTC (rev 4270)
@@ -338,6 +338,7 @@
"cnonce": "phlegm",
"nc": None,
},
+ None,
)
if good:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090514/87651cf8/attachment-0001.html>
More information about the calendarserver-changes
mailing list