Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Fix error with failure to properly generate error strings. Also add s…

…ome tests.

git-svn-id: https://svn.calendarserver.org/repository/calendarserver/CalendarServer/trunk@1247 e27351fd-9f3e-4f54-a53b-843176b1656c
  • Loading branch information
cyrusdaboo committed Feb 23, 2007
1 parent b447d80 commit a78663abe8bdb1144ddbaad7e0facc72328ee4b3
Showing with 66 additions and 3 deletions.
  1. +3 −3 twistedcaldav/authkerb.py
  2. +63 −0 twistedcaldav/test/test_kerberos.py
@@ -113,7 +113,7 @@ def requestAvatarId(self, credentials):
kerberos.checkPassword(creds.username, creds.password, creds.service, creds.default_realm)
except kerberos.BasicAuthError, ex:
logging.err("%s" % (ex[0],), system="BasicKerberosCredentialsChecker")
raise error.UnauthorizedLogin("Bad credentials for: %s (%s)" % (pcreds.authnURI, ex[0],))
raise error.UnauthorizedLogin("Bad credentials for: %s (%s: %s)" % (pcreds.authnURI, ex[0], ex[1],))
else:
return succeed((pcreds.authnURI, pcreds.authzURI,))

@@ -156,14 +156,14 @@ def decode(self, base64data, request):
try:
result, context = kerberos.authGSSServerInit(self.service);
except kerberos.GSSError, ex:
logging.err("authGSSServerInit: %s" % (ex[0][0], ex[1][0],), system="NegotiateCredentialFactory")
logging.err("authGSSServerInit: %s(%s)" % (ex[0][0], ex[1][0],), system="NegotiateCredentialFactory")
raise error.LoginFailed('Authentication System Failure: %s(%s)' % (ex[0][0], ex[1][0],))

# Do the GSSAPI step and get response and username
try:
kerberos.authGSSServerStep(context, base64data);
except kerberos.GSSError, ex:
logging.err("authGSSServerStep: %s" % (ex[0][0], ex[1][0],), system="NegotiateCredentialFactory")
logging.err("authGSSServerStep: %s(%s)" % (ex[0][0], ex[1][0],), system="NegotiateCredentialFactory")
kerberos.authGSSServerClean(context)
raise error.UnauthorizedLogin('Bad credentials: %s(%s)' % (ex[0][0], ex[1][0],))
except kerberos.KrbError, ex:
@@ -0,0 +1,63 @@
##
# Copyright (c) 2005-2007 Apple Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# DRI: Cyrus Daboo, cdaboo@apple.com
##
from twisted.cred.error import LoginFailed

from twisted.cred.error import UnauthorizedLogin
from twisted.web2.test.test_server import SimpleRequest

from twistedcaldav import authkerb
import twistedcaldav.test.util

"""
We can't test kerberos for real without actually having a working Kerberos infrastructure
which we are not guaranteed to have for the test.
"""

class KerberosTests(twistedcaldav.test.util.TestCase):

def test_BasicKerberosCredentials(self):
authkerb.BasicKerberosCredentials("test", "test", "http/example.com@EXAMPLE.COM", "EXAMPLE.COM")

def test_BasicKerberosCredentialFactory(self):
factory = authkerb.BasicKerberosCredentialFactory("http/example.com@EXAMPLE.COM", "EXAMPLE.COM")

challenge = factory.getChallenge("peer")
expected_challenge = {'realm': "EXAMPLE.COM"}
self.assertTrue(challenge == expected_challenge,
msg="BasicKerberosCredentialFactory challenge %s != %s" % (challenge, expected_challenge))

def test_NegotiateCredentials(self):
authkerb.NegotiateCredentials("test")

def test_NegotiateCredentialFactory(self):
factory = authkerb.NegotiateCredentialFactory("http/example.com@EXAMPLE.COM", "EXAMPLE.COM")

challenge = factory.getChallenge("peer")
expected_challenge = {}
self.assertTrue(challenge == expected_challenge,
msg="NegotiateCredentialFactory challenge %s != %s" % (challenge, expected_challenge))

request = SimpleRequest(self.site, "GET", "/")
try:
factory.decode("Bogus Data".encode("base64"), request)
except (UnauthorizedLogin, LoginFailed):
pass
except Exception, ex:
self.fail(msg="NegotiateCredentialFactory decode failed with exception: %s" % (ex,))
else:
self.fail(msg="NegotiateCredentialFactory decode did not fail")

0 comments on commit a78663a

Please sign in to comment.
You can’t perform that action at this time.