Beispiel #1
0
def yubi_mass_enroll(lotpc,
                     proc_params,
                     yubi_mode,
                     yubi_slot,
                     yubi_prefix_serial,
                     yubi_prefix,
                     yubi_prefix_random,
                     yubi_cr,
                     ):
    '''
    Do the Yubikey mass enrollment

    :param lotpc: the linotp connnection
    :param proc_params: the additional parameters from the command line
    :param yubi_mode: yubikey modus: YUBI_STATIC_MODE, YUBI_OATH_MODE, YUBI_AES_MODE
    :param yubi_slot: slot of the yubikey [1,2]
    :param yubi_prefix_serial: serial number added to the prefix
    :param yubi_prefix: the public prefix
    :param yubi_prefix_random: the rendom prefix
    :param yubi_cr: boolean - uses as TOTP token
    '''
    yp = YubikeyPlug()
    while 0 == 0:
        print "\nPlease insert the next yubikey.",
        sys.stdout.flush()
        submit_param = {}
        #input = raw_input("Please insert the next yubikey and press enter (x=Exit): ")
        #if "x" == input.lower():
        #    break
        ret = yp.wait_for_new_yubikey()

        # if otplen is set and YUBI_OATH mode, we add the digits 
        # parameter to the yubienroll
        ykparams = {}
        if (yubi_mode == YUBI_OATH_MODE and
            'otplen' in proc_params and proc_params['otplen'] in ['6','8']):
            ykparams['digits'] = int(proc_params['otplen'])

        otpkey, serial = enrollYubikey(debug=False,
                                        prefix_serial=yubi_prefix_serial,
                                        fixed_string=yubi_prefix,
                                        len_fixed_string=yubi_prefix_random,
                                        slot=yubi_slot,
                                        mode=yubi_mode,
                                        challenge_response=yubi_cr, **ykparams)

        description = proc_params.get('description', "mass enrolled")
        if yubi_mode == YUBI_OATH_MODE:
            # According to http://www.openauthentication.org/oath-id/prefixes/
            # The OMP of Yubico is UB
            # As TokenType we use OM (oath mode)
            submit_param = {'serial':"UBOM%s_%s" % (serial, yubi_slot),
                     'otpkey':otpkey,
                     'description':description}

            # add the otplen if set as ykparam 
            if ykparams and 'digits' in ykparams:
                submit_param['otplen'] = ykparams['digits']

            if yubi_cr:
                submit_param['type'] = 'TOTP'
                submit_param['timeStep'] = 30

        elif yubi_mode == YUBI_STATIC_MODE:
            password = create_static_password(otpkey)
            #print "otpkey   ", otpkey
            #print "password ", password
            submit_param = {'serial':"UBSM%s_%s" % (serial, yubi_slot),
                     'otpkey':password,
                     'type': "pw",
                     'description':description}

        elif yubi_mode == YUBI_AES_MODE:
            yubi_otplen = 32
            if yubi_prefix_serial:
                yubi_otplen = 32 + len(serial) * 2
            elif yubi_prefix:
                yubi_otplen = 32 + (len(yubi_prefix) * 2)
            elif yubi_prefix_random:
                yubi_otplen = 32 + (yubi_prefix_random * 2)
            # According to http://www.openauthentication.org/oath-id/prefixes/
            # The OMP of Yubico is UB
            # As TokenType we use AM (AES mode)
            submit_param = {'type': 'yubikey',
                   'serial':"UBAM%s_%s" % (serial, yubi_slot),
                   'otpkey':otpkey,
                   'otplen':yubi_otplen,
                   'description':description}

        else:
            print "Unknown Yubikey mode"
            pass
        if 'realm' in proc_params:
            submit_param['realm'] = proc_params.get('realm')
        r1 = lotpc.inittoken(submit_param)
        showresult(r1)
Beispiel #2
0
def yubi_mass_enroll(lotpc, proc_params, yubi_mode, yubi_slot,
                     yubi_prefix_serial, yubi_prefix, yubi_prefix_random,
                     yubi_cr):
    '''
    Do the Yubikey mass enrollment

    :param lotpc: the linotp connnection
    :param proc_params: the additional parameters from the command line
    :param yubi_mode: yubikey modus: YUBI_STATIC_MODE, YUBI_OATH_MODE, YUBI_AES_MODE
    :param yubi_slot: slot of the yubikey [1,2]
    :param yubi_prefix_serial: serial number added to the prefix
    :param yubi_prefix: the public prefix
    :param yubi_prefix_random: the rendom prefix
    :param yubi_cr: boolean - uses as TOTP token
    '''
    yp = YubikeyPlug()
    while 0 == 0:
        print "\nPlease insert the next yubikey.",
        sys.stdout.flush()
        submit_param = {}
        #input = raw_input("Please insert the next yubikey and press enter (x=Exit): ")
        #if "x" == input.lower():
        #    break
        ret = yp.wait_for_new_yubikey()
        otpkey, serial = enrollYubikey(debug=False,
                                       prefix_serial=yubi_prefix_serial,
                                       fixed_string=yubi_prefix,
                                       len_fixed_string=yubi_prefix_random,
                                       slot=yubi_slot,
                                       mode=yubi_mode,
                                       challenge_response=yubi_cr)
        description = proc_params.get('description', "mass enrolled")
        if yubi_mode == YUBI_OATH_MODE:
            # According to http://www.openauthentication.org/oath-id/prefixes/
            # The OMP of Yubico is UB
            # As TokenType we use OM (oath mode)
            submit_param = {
                'serial': "UBOM%s_%s" % (serial, yubi_slot),
                'otpkey': otpkey,
                'description': description
            }
            if yubi_cr:
                submit_param['type'] = 'TOTP'
                submit_param['timeStep'] = 30

        elif yubi_mode == YUBI_STATIC_MODE:
            password = create_static_password(otpkey)
            #print "otpkey   ", otpkey
            #print "password ", password
            submit_param = {
                'serial': "UBSM%s_%s" % (serial, yubi_slot),
                'otpkey': password,
                'type': "pw",
                'description': description
            }

        elif yubi_mode == YUBI_AES_MODE:
            yubi_otplen = 32
            if yubi_prefix_serial:
                yubi_otplen = 32 + len(serial) * 2
            elif yubi_prefix:
                yubi_otplen = 32 + (len(yubi_prefix) * 2)
            elif yubi_prefix_random:
                yubi_otplen = 32 + (yubi_prefix_random * 2)
            # According to http://www.openauthentication.org/oath-id/prefixes/
            # The OMP of Yubico is UB
            # As TokenType we use AM (AES mode)
            submit_param = {
                'type': 'yubikey',
                'serial': "UBAM%s_%s" % (serial, yubi_slot),
                'otpkey': otpkey,
                'otplen': yubi_otplen,
                'description': description
            }

        else:
            print "Unknown Yubikey mode"
            pass
        if 'realm' in proc_params:
            submit_param['realm'] = proc_params.get('realm')
        r1 = lotpc.inittoken(submit_param)
        showresult(r1)