Ticket #4309: my.patch

File my.patch, 4.2 KB (added by kkilger, 14 years ago)
  • sage/server/notebook/avatars.py

    # HG changeset patch
    # User Kilian Kilger <kilian@nihilnovi.de>
    # Date 1224174540 -7200
    # Node ID 8eae55623eb458c7f6c075327102231cf016a58a
    # Parent  a175cdbeb408e30953aa338a084de996f6c720e3
    This adds Kerberos authentification support for SAGE Notebook
    
    This also adds the options krb_srv, krb_realm to the notebook()
    command.
    
    diff -r a175cdbeb408 -r 8eae55623eb4 sage/server/notebook/avatars.py
    a b  
    99
    1010import crypt
    1111import os
    12 from   random import randint
     12from   random import randint, choice
    1313
    1414import twist
     15import kerberos
    1516from twisted.cred import portal, checkers, credentials, error as credError
    1617from twisted.internet import protocol, defer
    1718from zope.interface import Interface, implements
     
    8081        self.failure_type = failure_type
    8182
    8283class PasswordChecker(object):
     84    krb_data = []
    8385    implements(checkers.ICredentialsChecker)
    8486    credentialInterfaces = (credentials.IUsernamePassword,)
    8587
     
    99101    def requestAvatarId(self, credentials):
    100102        username = credentials.username
    101103        password = credentials.password
     104
     105        if self.krb_data[0] and self.krb_data[1]:
     106            try:
     107                kerberos.checkPassword(username,password,
     108                                       self.krb_data[0], self.krb_data[1])
     109            except kerberos.BasicAuthError, e:
     110                krb_auth = False
     111            else:
     112                krb_auth = True                                         
     113
    102114        try:
    103115            U = twist.notebook.user(username)
    104116        except KeyError:
    105             return defer.succeed(FailedLogin(username, failure_type = 'user'))
    106 
    107         if U.password_is(password):
     117            if not krb_auth:
     118                return defer.succeed(FailedLogin(username, failure_type = 'user'))
     119            else:
     120                twist.notebook.add_user(username,"".join([choice("abcdef1234567890") for i in range(30)])
     121                                        ,"", account_type='user',force=True)
     122                return defer.succeed(username)
     123                   
     124        if U.password_is(password) or krb_auth:
    108125            return defer.succeed(username)
    109126        else:
    110127            return defer.succeed(FailedLogin(username,failure_type='password'))
  • sage/server/notebook/notebook_object.py

    diff -r a175cdbeb408 -r 8eae55623eb4 sage/server/notebook/notebook_object.py
    a b  
    6060                         Sage session terminates.  0 means 'never timeout'.
    6161        server_pool   -- list;   The server_pool option specifies that worksheet processes run
    6262                         as a separate user (chosen from the list in the server_pool -- see below).
     63        krb_srv       -- specifies the kerberos service if kerberos authentification is used
     64        krb_realm     -- specifies the kerberos realm if kerberos authentification is used
    6365                     
    6466    \begin{verbatim}
    6567
  • sage/server/notebook/run_notebook.py

    diff -r a175cdbeb408 -r 8eae55623eb4 sage/server/notebook/run_notebook.py
    a b  
    6161             sagetex_path = "",
    6262             start_path = "",
    6363             fork = False,
    64              quiet = False):
    65              
     64
     65             quiet = False,
     66
     67             krb_srv= None,
     68             krb_realm= None):
    6669    if directory is None:
    6770        directory = '%s/sage_notebook'%DOT_SAGE
    6871    else:
     
    221224startup_checker = avatars.OneTimeTokenChecker()
    222225startup_checker.token = startup_token
    223226p.registerChecker(startup_checker)
     227avatars.PasswordChecker.krb_data=%s
    224228password_checker = avatars.PasswordChecker()
    225229p.registerChecker(password_checker)
    226230p.registerChecker(checkers.AllowAnonymousAccess())
     
    239243reactor.addSystemEventTrigger('before', 'shutdown', save_notebook)
    240244
    241245"""%(notebook_opts, sagetex_path, not require_login,
    242      os.path.abspath(directory), strport, open_page))
     246     os.path.abspath(directory), [krb_srv,krb_realm], strport, open_page))
    243247
    244248
    245249        config.close()