[CalendarServer-changes] [12136] twext/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 12 11:21:49 PDT 2014
Revision: 12136
http://trac.calendarserver.org//changeset/12136
Author: sagen at apple.com
Date: 2013-12-18 17:44:11 -0800 (Wed, 18 Dec 2013)
Log Message:
-----------
Moved od auth testing into bin/test_opendirectory.py from service.py
Modified Paths:
--------------
twext/trunk/twext/who/opendirectory/service.py
Added Paths:
-----------
twext/trunk/bin/test_opendirectory.py
Removed Paths:
-------------
twext/trunk/twext/who/opendirectory/digest.py
Added: twext/trunk/bin/test_opendirectory.py
===================================================================
--- twext/trunk/bin/test_opendirectory.py (rev 0)
+++ twext/trunk/bin/test_opendirectory.py 2013-12-19 01:44:11 UTC (rev 12136)
@@ -0,0 +1,192 @@
+#!/usr/bin/env python
+##
+# Copyright (c) 2006-2008 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+import md5
+import sha
+from getpass import getpass
+
+from twext.who.opendirectory.service import DirectoryService
+
+from twisted.cred.credentials import UsernamePassword, DigestedCredentials
+from twisted.cred.error import UnauthorizedLogin
+from twisted.internet.defer import inlineCallbacks
+
+
+algorithms = {
+ 'md5': md5.new,
+ 'md5-sess': md5.new,
+ 'sha': sha.new,
+}
+
+# DigestCalcHA1
+def calcHA1(
+ pszAlg,
+ pszUserName,
+ pszRealm,
+ pszPassword,
+ pszNonce,
+ pszCNonce,
+ preHA1=None
+):
+ """
+ @param pszAlg: The name of the algorithm to use to calculate the digest.
+ Currently supported are md5 md5-sess and sha.
+
+ @param pszUserName: The username
+ @param pszRealm: The realm
+ @param pszPassword: The password
+ @param pszNonce: The nonce
+ @param pszCNonce: The cnonce
+
+ @param preHA1: If available this is a str containing a previously
+ calculated HA1 as a hex string. If this is given then the values for
+ pszUserName, pszRealm, and pszPassword are ignored.
+ """
+
+ if (preHA1 and (pszUserName or pszRealm or pszPassword)):
+ raise TypeError(("preHA1 is incompatible with the pszUserName, "
+ "pszRealm, and pszPassword arguments"))
+
+ if preHA1 is None:
+ # We need to calculate the HA1 from the username:realm:password
+ m = algorithms[pszAlg]()
+ m.update(pszUserName)
+ m.update(":")
+ m.update(pszRealm)
+ m.update(":")
+ m.update(pszPassword)
+ HA1 = m.digest()
+ else:
+ # We were given a username:realm:password
+ HA1 = preHA1.decode('hex')
+
+ if pszAlg == "md5-sess":
+ m = algorithms[pszAlg]()
+ m.update(HA1)
+ m.update(":")
+ m.update(pszNonce)
+ m.update(":")
+ m.update(pszCNonce)
+ HA1 = m.digest()
+
+ return HA1.encode('hex')
+
+# DigestCalcResponse
+def calcResponse(
+ HA1,
+ algo,
+ pszNonce,
+ pszNonceCount,
+ pszCNonce,
+ pszQop,
+ pszMethod,
+ pszDigestUri,
+ pszHEntity,
+):
+ m = algorithms[algo]()
+ m.update(pszMethod)
+ m.update(":")
+ m.update(pszDigestUri)
+ if pszQop == "auth-int" or pszQop == "auth-conf":
+ m.update(":")
+ m.update(pszHEntity)
+ HA2 = m.digest().encode('hex')
+
+ m = algorithms[algo]()
+ m.update(HA1)
+ m.update(":")
+ m.update(pszNonce)
+ m.update(":")
+ if pszNonceCount and pszCNonce and pszQop:
+ m.update(pszNonceCount)
+ m.update(":")
+ m.update(pszCNonce)
+ m.update(":")
+ m.update(pszQop)
+ m.update(":")
+ m.update(HA2)
+ respHash = m.digest().encode('hex')
+ return respHash
+
+
+ at inlineCallbacks
+def testAuth(service, username, password):
+
+ # Authenticate using simple password
+
+ creds = UsernamePassword(username, password)
+ try:
+ id = yield service.requestAvatarId(creds)
+ print("OK via UsernamePassword, avatarID: {id}".format(id=id))
+ print(" {name}".format(name=id.fullNames))
+ except UnauthorizedLogin:
+ print("Via UsernamePassword, could not authenticate")
+
+ print()
+
+ # Authenticate using Digest
+
+ algorithm = "md5" # "md5-sess"
+ cnonce = "/rrD6TqPA3lHRmg+fw/vyU6oWoQgzK7h9yWrsCmv/lE="
+ entity = "00000000000000000000000000000000"
+ method = "GET"
+ nc = "00000001"
+ nonce = "128446648710842461101646794502"
+ qop = None
+ realm = "host.example.com"
+ uri = "http://host.example.com"
+
+ responseHash = calcResponse(
+ calcHA1(
+ algorithm.lower(), username, realm, password, nonce, cnonce
+ ),
+ algorithm.lower(), nonce, nc, cnonce, qop, method, uri, entity
+ )
+
+ response = (
+ 'Digest username="{username}", uri="{uri}", response={hash}'.format(
+ username=username, uri=uri, hash=responseHash
+ )
+ )
+
+ fields = {
+ "realm" : realm,
+ "nonce" : nonce,
+ "response" : response,
+ "algorithm" : algorithm,
+ }
+
+ creds = DigestedCredentials(username, method, realm, fields)
+
+ try:
+ id = yield service.requestAvatarId(creds)
+ print("OK via DigestedCredentials, avatarID: {id}".format(id=id))
+ print(" {name}".format(name=id.fullNames))
+ except UnauthorizedLogin:
+ print("Via DigestedCredentials, could not authenticate")
+
+
+
+if __name__ == "__main__":
+
+ service = DirectoryService()
+
+ username = raw_input("Username: ")
+ if username:
+ password = getpass()
+ if password:
+ testAuth(service, username, password)
Deleted: twext/trunk/twext/who/opendirectory/digest.py
===================================================================
--- twext/trunk/twext/who/opendirectory/digest.py 2013-12-19 01:28:51 UTC (rev 12135)
+++ twext/trunk/twext/who/opendirectory/digest.py 2013-12-19 01:44:11 UTC (rev 12136)
@@ -1,115 +0,0 @@
-#!/usr/bin/env python
-##
-# Copyright (c) 2006-2008 Apple Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##
-
-import md5
-import sha
-
-algorithms = {
- 'md5': md5.new,
- 'md5-sess': md5.new,
- 'sha': sha.new,
-}
-
-# DigestCalcHA1
-def calcHA1(
- pszAlg,
- pszUserName,
- pszRealm,
- pszPassword,
- pszNonce,
- pszCNonce,
- preHA1=None
-):
- """
- @param pszAlg: The name of the algorithm to use to calculate the digest.
- Currently supported are md5 md5-sess and sha.
-
- @param pszUserName: The username
- @param pszRealm: The realm
- @param pszPassword: The password
- @param pszNonce: The nonce
- @param pszCNonce: The cnonce
-
- @param preHA1: If available this is a str containing a previously
- calculated HA1 as a hex string. If this is given then the values for
- pszUserName, pszRealm, and pszPassword are ignored.
- """
-
- if (preHA1 and (pszUserName or pszRealm or pszPassword)):
- raise TypeError(("preHA1 is incompatible with the pszUserName, "
- "pszRealm, and pszPassword arguments"))
-
- if preHA1 is None:
- # We need to calculate the HA1 from the username:realm:password
- m = algorithms[pszAlg]()
- m.update(pszUserName)
- m.update(":")
- m.update(pszRealm)
- m.update(":")
- m.update(pszPassword)
- HA1 = m.digest()
- else:
- # We were given a username:realm:password
- HA1 = preHA1.decode('hex')
-
- if pszAlg == "md5-sess":
- m = algorithms[pszAlg]()
- m.update(HA1)
- m.update(":")
- m.update(pszNonce)
- m.update(":")
- m.update(pszCNonce)
- HA1 = m.digest()
-
- return HA1.encode('hex')
-
-# DigestCalcResponse
-def calcResponse(
- HA1,
- algo,
- pszNonce,
- pszNonceCount,
- pszCNonce,
- pszQop,
- pszMethod,
- pszDigestUri,
- pszHEntity,
-):
- m = algorithms[algo]()
- m.update(pszMethod)
- m.update(":")
- m.update(pszDigestUri)
- if pszQop == "auth-int" or pszQop == "auth-conf":
- m.update(":")
- m.update(pszHEntity)
- HA2 = m.digest().encode('hex')
-
- m = algorithms[algo]()
- m.update(HA1)
- m.update(":")
- m.update(pszNonce)
- m.update(":")
- if pszNonceCount and pszCNonce and pszQop:
- m.update(pszNonceCount)
- m.update(":")
- m.update(pszCNonce)
- m.update(":")
- m.update(pszQop)
- m.update(":")
- m.update(HA2)
- respHash = m.digest().encode('hex')
- return respHash
Modified: twext/trunk/twext/who/opendirectory/service.py
===================================================================
--- twext/trunk/twext/who/opendirectory/service.py 2013-12-19 01:28:51 UTC (rev 12135)
+++ twext/trunk/twext/who/opendirectory/service.py 2013-12-19 01:44:11 UTC (rev 12136)
@@ -48,13 +48,10 @@
from twisted.cred.error import UnauthorizedLogin
from zope.interface import implements
-from twisted.internet.defer import inlineCallbacks, returnValue, succeed, fail
+from twisted.internet.defer import succeed, fail
from twisted.web.guard import DigestCredentialFactory
from twisted.cred.credentials import UsernamePassword, DigestedCredentials
-# For testing:
-from digest import calcResponse, calcHA1
-from getpass import getpass
#
# Exceptions
@@ -760,70 +757,3 @@
for record in service.recordsFromExpression(compoundExpression):
print(record.description())
print()
-
-
- @inlineCallbacks
- def testAuth(username, password):
-
- # Authenticate using simple password
-
- creds = UsernamePassword(username, password)
- try:
- id = yield service.requestAvatarId(creds)
- print("OK via UsernamePassword, avatarID: {id}".format(id=id))
- print(" {name}".format(name=id.fullNames))
- except UnauthorizedLogin:
- print("Via UsernamePassword, could not authenticate")
-
- print()
-
- # Authenticate using Digest
-
- algorithm = "md5" # "md5-sess"
- cnonce = "/rrD6TqPA3lHRmg+fw/vyU6oWoQgzK7h9yWrsCmv/lE="
- entity = "00000000000000000000000000000000"
- method = "GET"
- nc = "00000001"
- nonce = "128446648710842461101646794502"
- qop = None
- realm = "host.example.com"
- uri = "http://host.example.com"
-
- responseHash = calcResponse(
- calcHA1(
- algorithm.lower(), username, realm, password, nonce, cnonce
- ),
- algorithm.lower(), nonce, nc, cnonce, qop, method, uri, entity
- )
-
- response = (
- 'Digest username="{username}", uri="{uri}", response={hash}'.format(
- username=username, uri=uri, hash=responseHash
- )
- )
-
- fields = {
- "realm" : realm,
- "nonce" : nonce,
- "response" : response,
- "algorithm" : algorithm,
- }
-
- creds = DigestedCredentials(username, method, realm, fields)
-
- try:
- id = yield service.requestAvatarId(creds)
- print("OK via DigestedCredentials, avatarID: {id}".format(id=id))
- print(" {name}".format(name=id.fullNames))
- except UnauthorizedLogin:
- print("Via DigestedCredentials, could not authenticate")
-
- # Conditionally run testAuth()
-
- response = raw_input("Test authentication (y/n)? ")
- if response == "y":
- username = raw_input("Username: ")
- if username:
- password = getpass()
- if password:
- testAuth(username, password)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140312/a7fcbd65/attachment.html>
More information about the calendarserver-changes
mailing list