<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--

#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre, #msg p { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }

#msg ul { overflow: auto; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<title>[2106] CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav

 /directory</title>

</head>

<body>

<div id="msg">

<dl>

<dt>Revision</dt> <dd><a href="http://trac.macosforge.org/projects/calendarserver/changeset/2106">2106</a></dd>

<dt>Author</dt> <dd>wsanchez@apple.com</dd>

<dt>Date</dt> <dd>2008-01-11 13:19:38 -0800 (Fri, 11 Jan 2008)</dd>

</dl>

<h3>Log Message</h3>

<pre>Pull up auth caching: r2079 r2102 r2105</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#CalendarServerbranchesreleaseCalendarServer12devtwistedcaldavdirectoryappleopendirectorypy">CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py</a></li>

<li><a href="#CalendarServerbranchesreleaseCalendarServer12devtwistedcaldavdirectorytestutilpy">CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="CalendarServerbranchesreleaseCalendarServer12devtwistedcaldavdirectoryappleopendirectorypy"></a>

<div class="modfile"><h4>Modified: CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py (2105 => 2106)</h4>

<pre class="diff"><span>

<span class="info">--- CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py        2008-01-11 21:17:40 UTC (rev 2105)

+++ CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py        2008-01-11 21:19:38 UTC (rev 2106)

</span><span class="lines">@@ -764,12 +764,25 @@

</span><span class="cx"> 

</span><span class="cx">     def verifyCredentials(self, credentials):

</span><span class="cx">         if isinstance(credentials, UsernamePassword):

</span><ins>+            # Check cached password

</ins><span class="cx">             try:

</span><del>-                return opendirectory.authenticateUserBasic(self.service.directory, self._nodename, self.shortName, credentials.password)

</del><ins>+                if credentials.password == self.password:

+                    return True

+            except AttributeError:

+                pass

+

+            # Check with directory services

+            try:

+                if opendirectory.authenticateUserBasic(self.service.directory, self._nodename, self.shortName, credentials.password):

+                    # Cache the password to avoid future DS queries

+                    self.password = credentials.password

+                    return True

</ins><span class="cx">             except opendirectory.ODError, e:

</span><span class="cx">                 logging.err(&quot;Open Directory (node=%s) error while performing basic authentication for user %s: %s&quot;

</span><del>-                        % (self.service.realmName, self.shortName, e), system=&quot;OpenDirectoryService&quot;)

-                return False

</del><ins>+                            % (self.service.realmName, self.shortName, e), system=&quot;OpenDirectoryService&quot;)

+

+            return False

+

</ins><span class="cx">         elif isinstance(credentials, DigestedCredentials):

</span><span class="cx">             try:

</span><span class="cx">                 # We need a special format for the &quot;challenge&quot; and &quot;response&quot; strings passed into open directory, as it is

</span><span class="lines">@@ -788,14 +801,28 @@

</span><span class="cx">                             % (self.service.realmName, self.shortName, e, credentials.fields), system=&quot;OpenDirectoryService&quot;)

</span><span class="cx">                     return False

</span><span class="cx"> 

</span><del>-                return opendirectory.authenticateUserDigest(

</del><ins>+                if self.digestcache[credentials.fields[&quot;uri&quot;]] == response:

+                    return True

+            except (AttributeError, KeyError):

+                pass

+

+            try:

+                if opendirectory.authenticateUserDigest(

</ins><span class="cx">                     self.service.directory,

</span><span class="cx">                     self._nodename,

</span><span class="cx">                     self.shortName,

</span><span class="cx">                     challenge,

</span><span class="cx">                     response,

</span><span class="cx">                     credentials.method

</span><del>-                )

</del><ins>+                ):

+                    try:

+                        cache = self.digestcache

+                    except AttributeError:

+                        cache = self.digestcache = {}

+

+                    cache[credentials.fields[&quot;uri&quot;]] = response

+

+                    return True

</ins><span class="cx">             except opendirectory.ODError, e:

</span><span class="cx">                 logging.err(&quot;Open Directory (node=%s) error while performing digest authentication for user %s: %s&quot;

</span><span class="cx">                         % (self.service.realmName, self.shortName, e), system=&quot;OpenDirectoryService&quot;)

</span></span></pre></div>

<a id="CalendarServerbranchesreleaseCalendarServer12devtwistedcaldavdirectorytestutilpy"></a>

<div class="modfile"><h4>Modified: CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py (2105 => 2106)</h4>

<pre class="diff"><span>

<span class="info">--- CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py        2008-01-11 21:17:40 UTC (rev 2105)

+++ CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py        2008-01-11 21:19:38 UTC (rev 2106)

</span><span class="lines">@@ -297,39 +297,48 @@

</span><span class="cx"> 

</span><span class="cx">         service = self.service()

</span><span class="cx">         for user in self.users:

</span><del>-            userRecord = service.recordWithShortName(DirectoryService.recordType_users, user)

</del><ins>+            for good in (True, True, False, False, True):

+                userRecord = service.recordWithShortName(DirectoryService.recordType_users, user)

</ins><span class="cx"> 

</span><del>-            # I'm glad this is so simple...

-            response = calcResponse(

-                calcHA1(

</del><ins>+                # I'm glad this is so simple...

+                response = calcResponse(

+                    calcHA1(

+                        &quot;md5&quot;,

+                        user,

+                        service.realmName,

+                        self.users[user][&quot;password&quot;],

+                        &quot;booger&quot;,

+                        &quot;phlegm&quot;,

+                    ),

</ins><span class="cx">                     &quot;md5&quot;,

</span><del>-                    user,

-                    service.realmName,

-                    self.users[user][&quot;password&quot;],

</del><span class="cx">                     &quot;booger&quot;,

</span><ins>+                    None,

</ins><span class="cx">                     &quot;phlegm&quot;,

</span><del>-                ),

-                &quot;md5&quot;,

-                &quot;booger&quot;,

-                None,

-                &quot;phlegm&quot;,

-                &quot;auth&quot;,

-                &quot;GET&quot;,

-                &quot;/&quot;,

-                None,

-            )

</del><ins>+                    &quot;auth&quot;,

+                    &quot;GET&quot;,

+                    &quot;/&quot;,

+                    None,

+                )

</ins><span class="cx"> 

</span><del>-            credentials = DigestedCredentials(

-                user,

-                &quot;GET&quot;,

-                service.realmName,

-                {

-                    &quot;response&quot;: response,

-                    &quot;uri&quot;: &quot;/&quot;,

-                    &quot;nonce&quot;: &quot;booger&quot;,

-                    &quot;cnonce&quot;: &quot;phlegm&quot;,

-                    &quot;nc&quot;: None,

-                },

-            )

</del><ins>+                if good:

+                    noise = &quot;&quot;

+                else:

+                    noise = &quot;blah&quot;

</ins><span class="cx"> 

</span><del>-            self.failUnless(userRecord.verifyCredentials(credentials))

</del><ins>+                credentials = DigestedCredentials(

+                    user,

+                    &quot;GET&quot;,

+                    service.realmName,

+                    {

+                        &quot;response&quot;: response,

+                        &quot;uri&quot;: &quot;/&quot;,

+                        &quot;nonce&quot;: &quot;booger&quot; + noise,

+                        &quot;cnonce&quot;: &quot;phlegm&quot;,

+                        &quot;nc&quot;: None,

+                    },

+                )

+

+                if good:

+                    self.failUnless(userRecord.verifyCredentials(credentials))

+                else:

+                    self.failIf(userRecord.verifyCredentials(credentials))

</ins></span></pre>

</div>

</div>

</body>

</html>