def __init__(self, config, primary_ator, server_section_name):
log.msg(
'RADIUS PEAP/EAP-GTC Automatic Factor Server Module Configuration:'
)
log.config(
config, lambda x: x.startswith('radius_secret') or x in
('skey', 'skey_protected'))
self.protocol = DuoEAPRadiusServer(
secrets=parse_radius_secrets(config),
primary_ator=primary_ator,
duo_client=self.make_duo_client(config),
failmode=config.get_enum('failmode',
duo_async.FAILMODES,
duo_async.FAILMODE_SAFE,
transform=str.lower),
factors=util.parse_factor_list(config.get_str('factors', 'auto')),
delim=config.get_str('delimiter', ','),
delimited_password_length=config.get_int(
'delimited_password_length', 0),
allow_concat=config.get_bool('allow_concat', False),
debug=config.get_bool('debug', False),
pass_through_attr_names=config.get_str('pass_through_attr_names',
''),
prompt=config.get_str('prompt', 'Enter your password: '******'pkey'),
cert_file=config.get_str('certs'),
cipher_list=config.get_str('cipher_list', ''),
minimum_tls_version=config.get_str('minimum_tls_version', ''),
pw_codec=config.get_str('pw_codec', 'utf-8'),
client_ip_attr=parse_client_ip_attribute(config),
server_section_name=server_section_name,
pass_through_all=config.get_bool('pass_through_all', False),
)
def __init__(self, config, _primary_ator=None):
super(Module, self).__init__()
log.msg("Cloud Connector Module Configuration:")
log.config(
config,
(
lambda k: k
in (
"skey",
"skey_protected",
"service_account_password",
"service_account_password_protected",
)
),
)
self.debug = config.get_bool("debug", False)
self.duo_creds = DuoCreds(
config.get("ikey"),
config.get_protected_str("skey_protected", "skey").encode(),
)
host = config.get_str("api_host", "api.duosecurity.com")
port = config.get_int("api_port", 443)
self.duo_client = self.make_duo_client(self.duo_creds, host, port=port)
self.identities[self.duo_creds.get_identity()] = self.duo_creds
self.drpc_path = "/auth/v2/proxy_join"
def __init__(self, config):
super(Module, self).__init__()
log.msg("CloudSSO Connector Module")
log.config(
config,
(lambda k: k in (
"service_account_password",
"service_account_password_protected",
"encryption_skey",
"encryption_skey_protected",
"signing_skey",
"signing_skey_protected",
)),
)
self.debug = config.get_bool("debug", False)
self.duo_creds = DuoCreds(
identity=config[const.DRPC_PROXY_KEY_IDENTIFIER],
secret=config[const.DRPC_SIGNING_SKEY_IDENTIFIER].encode(),
)
self.host = config[const.DRPC_API_HOST_IDENTIFIER]
self.encryption_skey = config[const.DRPC_ENCRYPTION_SKEY_IDENTIFIER]
self.duo_client = self.make_duo_client(
duo_creds=self.duo_creds,
host=self.host,
client_type=duo_async.CloudSSODuoClient,
)
self.identities[self.duo_creds.get_identity()] = self.duo_creds
self.drpc_path = "/drpc/v1/join"
def __init__(self, config, primary_client, server_section_name):
log.msg("RADIUS IFrame Server Module Configuration:")
log.config(
config,
lambda x: x.startswith("radius_secret") or x in
("skey", "skey_protected"),
)
failmode = config.get_enum(
"failmode",
duo_async.FAILMODES,
duo_async.FAILMODE_SAFE,
transform=str.lower,
)
secrets = parse_radius_secrets(config)
type = config.get_enum("type", JS_TYPES)
if type != JS_TYPE_CITRIX:
api_timeout = 15
else:
# citrix devices don't retransmit correctly,
# and can't do timeouts > 10 seconds
api_timeout = 8
duo_client = self.make_duo_client(config, default_timeout=api_timeout)
# script injection snippet, js file
script_file_default = SCRIPT_FILES[type]
if duo_client.port == 443:
script_uri_default = "https://%s/frame/hosted/%s" % (
duo_client.host,
script_file_default,
)
else:
script_uri_default = "https://%s:%d/frame/hosted/%s" % (
duo_client.host,
duo_client.port,
script_file_default,
)
script_uri = config.get_str("iframe_script_uri", script_uri_default)
script_inject_default = SCRIPT_INJECT[type]
script_inject = config.get_str("script_inject", script_inject_default)
self.protocol = DuoIFrameRadiusServer(
type,
script_uri,
script_inject,
failmode,
duo_client=duo_client,
exempt_usernames=parse_exempt_usernames(config),
secrets=secrets,
primary_ator=primary_client,
pass_through_attr_names=config.get_str("pass_through_attr_names",
""),
pass_through_all=config.get_bool("pass_through_all", False),
pw_codec=config.get_str("pw_codec", "utf-8"),
client_ip_attr=parse_client_ip_attribute(config),
server_section_name=server_section_name,
server_section_ikey=config.get_str("ikey", ""),
)
def __init__(self, config):
log.msg("HTTP Proxy Module Configuration:")
log.config(config)
self.port = config.get_int("port", const.DEFAULT_HTTP_PORT)
host = config.get_str("api_host")
self.interface = config.get_str("interface", "")
client_ips = get_allowed_ip_networks(config)
self.factory = twisted.web.http.HTTPFactory()
self.factory.protocol = functools.partial(
ConnectProxy, host=host, client_ips=client_ips
)
self.listener = None
self._bind_if_necessary()
def __init__(self, config, _primary_ator=None):
super(Module, self).__init__()
log.msg('Cloud Connector Module Configuration:')
log.config(config, (lambda k: k in (
'skey',
'skey_protected',
'service_account_password',
'service_account_password_protected',
)))
self.debug = config.get_bool('debug', False)
self.duo_creds = DuoCreds(
config.get('ikey'),
config.get_protected_str('skey_protected', 'skey').encode(),
)
host = config.get_str('api_host', 'api.duosecurity.com')
port = config.get_int('api_port', 443)
self.duo_client = self.make_duo_client(self.duo_creds, host, port=port)
self.identities[self.duo_creds.get_identity()] = self.duo_creds
self.drpc_path = '/auth/v2/proxy_join'