Ticket #4309: sage-4309_1.patch

sage/server/notebook/avatars.py

@@ -9 +9 @@
 
 import crypt
 import os
-from   random import randint
+from   random import randint, choice
 
 import twist
+import kerberos
 from twisted.cred import portal, checkers, credentials, error as credError
 from twisted.internet import protocol, defer
 from zope.interface import Interface, implements
@@ -82 +83 @@
         self.failure_type = failure_type
 
 class PasswordChecker(object):
+    krb_data = []
     implements(checkers.ICredentialsChecker)
     credentialInterfaces = (credentials.IUsernamePassword,)
 
@@ -103 +105 @@
         password = credentials.password
         if username == 'COOKIESDISABLED':
             return defer.succeed(FailedLogin(username, failure_type = 'cookies'))
-        
+
+        if self.krb_data[0] and self.krb_data[1]:
+            try:
+                kerberos.checkPassword(username,password,
+                                       self.krb_data[0], self.krb_data[1])
+            except kerberos.BasicAuthError, e:
+                krb_auth = False
+            else:
+                krb_auth = True   
+
         try:
             U = twist.notebook.user(username)
         except KeyError:
-            return defer.succeed(FailedLogin(username, failure_type = 'user'))
-
-        if U.password_is(password):
+            if not krb_auth:
+                return defer.succeed(FailedLogin(username, failure_type = 'user'))
+            else:
+                twist.notebook.add_user(username,"".join([choice("abcdef1234567890") for i in range(30)])
+                                        ,"", account_type='user',force=True)
+                return defer.succeed(username)
+                    
+        if U.password_is(password) or krb_auth:
             return defer.succeed(username)
         else:
             return defer.succeed(FailedLogin(username,failure_type='password'))

sage/server/notebook/notebook_object.py

@@ -66 +66 @@
                          session terminates.  0 means `never timeout'.
         server_pool   -- (default: None) list; this option specifies that
                          worksheet processes run as a separate user (chosen
-                         from the list in the server_pool -- see below). 
+                         from the list in the server_pool -- see below).
+        krb_srv       -- specifies the kerberos service if kerberos authentification is used
+        krb_realm     -- specifies the kerberos realm if kerberos authentification is used
                       
     \begin{verbatim}
 

sage/server/notebook/run_notebook.py

@@ -61 +61 @@
              sagetex_path = "",
              start_path = "",
              fork = False,
-             quiet = False):
-             
+
+             quiet = False,
+
+             krb_srv= None,
+             krb_realm= None):
     if directory is None:
         directory = '%s/sage_notebook'%DOT_SAGE
     else:
@@ -221 +224 @@
 startup_checker = avatars.OneTimeTokenChecker()
 startup_checker.token = startup_token
 p.registerChecker(startup_checker)
+avatars.PasswordChecker.krb_data=%s 
 password_checker = avatars.PasswordChecker()
 p.registerChecker(password_checker)
 p.registerChecker(checkers.AllowAnonymousAccess())
@@ -239 +243 @@
 reactor.addSystemEventTrigger('before', 'shutdown', save_notebook)
 
 """%(notebook_opts, sagetex_path, not require_login,
-     os.path.abspath(directory), strport, open_page))
+     os.path.abspath(directory), [krb_srv,krb_realm], strport, open_page))
 
 
         config.close()