<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[14771] CalendarServer/trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/14771">14771</a></dd>
<dt>Author</dt> <dd>sagen@apple.com</dd>
<dt>Date</dt> <dd>2015-05-07 12:14:38 -0700 (Thu, 07 May 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Support two socket files, one for secured requests and a separate one for unsecured requests</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#CalendarServertrunkcalendarservertapcaldavpy">CalendarServer/trunk/calendarserver/tap/caldav.py</a></li>
<li><a href="#CalendarServertrunktwistedcaldavstdconfigpy">CalendarServer/trunk/twistedcaldav/stdconfig.py</a></li>
<li><a href="#CalendarServertrunktxweb2channelhttppy">CalendarServer/trunk/txweb2/channel/http.py</a></li>
<li><a href="#CalendarServertrunktxweb2metafdpy">CalendarServer/trunk/txweb2/metafd.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="CalendarServertrunkcalendarservertapcaldavpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tap/caldav.py (14770 => 14771)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tap/caldav.py        2015-05-07 18:57:24 UTC (rev 14770)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py        2015-05-07 19:14:38 UTC (rev 14771)
</span><span class="lines">@@ -1112,7 +1112,7 @@
</span><span class="cx"> # Inherit a single socket to receive accept()ed connections via
</span><span class="cx"> # recvmsg() and SCM_RIGHTS.
</span><span class="cx">
</span><del>- if config.RequestSocket:
</del><ins>+ if config.UseSocketFiles:
</ins><span class="cx"> # TLS will be handled by a front-end web proxy
</span><span class="cx"> contextFactory = None
</span><span class="cx"> else:
</span><span class="lines">@@ -1129,7 +1129,8 @@
</span><span class="cx"> contextFactory = None
</span><span class="cx">
</span><span class="cx"> ReportingHTTPService(
</span><del>- requestFactory, int(config.MetaFD), contextFactory
</del><ins>+ requestFactory, int(config.MetaFD), contextFactory,
+ usingSocketFile=config.UseSocketFiles
</ins><span class="cx"> ).setServiceParent(connectionService)
</span><span class="cx">
</span><span class="cx"> else: # Not inheriting, therefore we open our own:
</span><span class="lines">@@ -1754,11 +1755,17 @@
</span><span class="cx"> s._inheritedSockets = []
</span><span class="cx"> dispatcher = None
</span><span class="cx">
</span><del>- if config.RequestSocket:
- # Requests will arrive via Unix domain socket file
- cl.addSocketFileService(
- "TCP", config.RequestSocket, config.ListenBacklog
- )
</del><ins>+ if config.UseSocketFiles:
+ if config.SecuredRequestsSocket:
+ # TLS-secured requests will arrive via this Unix domain socket file
+ cl.addSocketFileService(
+ "SSL", config.SecuredRequestsSocket, config.ListenBacklog
+ )
+ if config.UnsecuredRequestsSocket:
+ # Unsecured requests will arrive via this Unix domain socket file
+ cl.addSocketFileService(
+ "TCP", config.UnsecuredRequestsSocket, config.ListenBacklog
+ )
</ins><span class="cx">
</span><span class="cx"> else:
</span><span class="cx"> for bindAddress in self._allBindAddresses():
</span></span></pre></div>
<a id="CalendarServertrunktwistedcaldavstdconfigpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py (14770 => 14771)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/stdconfig.py        2015-05-07 18:57:24 UTC (rev 14770)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py        2015-05-07 19:14:38 UTC (rev 14771)
</span><span class="lines">@@ -174,8 +174,9 @@
</span><span class="cx"> # This configures the actual network address that the server binds to.
</span><span class="cx"> #
</span><span class="cx">
</span><del>- "RequestSocket": "", # Socket file to listen for requests on; if set, the
- # server will not bind to any TCP ports
</del><ins>+ "UseSocketFiles" : False, # If True, server won't bind to any TCP sockets
+ "SecuredRequestsSocket": "", # Socket file to listen for secure requests on
+ "UnsecuredRequestsSocket": "", # Socket file to listen for insecure requests on
</ins><span class="cx">
</span><span class="cx"> "BindAddresses": [], # List of IP addresses to bind to [empty = all]
</span><span class="cx"> "BindHTTPPorts": [], # List of port numbers to bind to for HTTP
</span></span></pre></div>
<a id="CalendarServertrunktxweb2channelhttppy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/txweb2/channel/http.py (14770 => 14771)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txweb2/channel/http.py        2015-05-07 18:57:24 UTC (rev 14770)
+++ CalendarServer/trunk/txweb2/channel/http.py        2015-05-07 19:14:38 UTC (rev 14771)
</span><span class="lines">@@ -99,6 +99,7 @@
</span><span class="cx"> "https://%s:%d%s"
</span><span class="cx"> % (config.ServerHostName, config.SSLPort, self.uri)
</span><span class="cx"> )
</span><ins>+ log.debug("Redirecting unsecured request")
</ins><span class="cx"> return super(SSLRedirectRequest, self).writeResponse(
</span><span class="cx"> RedirectResponse(location)
</span><span class="cx"> )
</span></span></pre></div>
<a id="CalendarServertrunktxweb2metafdpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/txweb2/metafd.py (14770 => 14771)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txweb2/metafd.py        2015-05-07 18:57:24 UTC (rev 14770)
+++ CalendarServer/trunk/txweb2/metafd.py        2015-05-07 19:14:38 UTC (rev 14771)
</span><span class="lines">@@ -21,7 +21,8 @@
</span><span class="cx"> """
</span><span class="cx"> from __future__ import print_function
</span><span class="cx">
</span><del>-from zope.interface import implementer
</del><ins>+from zope.interface import implementer, directlyProvides
+from twisted.internet.interfaces import ISSLTransport
</ins><span class="cx">
</span><span class="cx"> from twext.internet.sendfdport import (
</span><span class="cx"> InheritedPort, InheritedSocketDispatcher, InheritingProtocolFactory,
</span><span class="lines">@@ -70,13 +71,18 @@
</span><span class="cx">
</span><span class="cx"> _connectionCount = 0
</span><span class="cx">
</span><del>- def __init__(self, site, fd, contextFactory):
</del><ins>+ def __init__(self, site, fd, contextFactory, usingSocketFile=False):
</ins><span class="cx"> self.contextFactory = contextFactory
</span><span class="cx"> # Unlike other 'factory' constructions, config.MaxRequests and
</span><span class="cx"> # config.MaxAccepts are dealt with in the master process, so we don't
</span><span class="cx"> # need to propagate them here.
</span><span class="cx"> self.site = site
</span><span class="cx"> self.fd = fd
</span><ins>+ # When usingSocketFile is True, any TLS will be handled by a proxy in
+ # front of us. When the master passes us an "SSL"-tagged request,
+ # we'll tweak the transport object enough to appear secure without
+ # actually doing startTLS ourselves.
+ self.usingSocketFile = usingSocketFile
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> def startService(self):
</span><span class="lines">@@ -116,7 +122,13 @@
</span><span class="cx"> transport = Server(skt, protocol, peer, JustEnoughLikeAPort,
</span><span class="cx"> self._connectionCount, reactor)
</span><span class="cx"> if data == 'SSL':
</span><del>- transport.startTLS(self.contextFactory)
</del><ins>+ if self.usingSocketFile:
+ # Mark the transport as "secure", enough for getHostInfo() to
+ # think so
+ transport.getPeerCertificate = lambda _ : None
+ directlyProvides(transport, ISSLTransport)
+ else:
+ transport.startTLS(self.contextFactory)
</ins><span class="cx"> transport.startReading()
</span><span class="cx"> return transport
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>