def get_auth_items(hostname, ip=None, application=None,
serial=None, challenge=None, filter_param=None):
"""
Return the authentication items for a given hostname and the application.
The hostname is used to identify the machine object. Then all attached
tokens to this machines and its applications are searched.
:param hostname:
:param ip:
:param application:
:param challenge: A challenge for the authitme
:type challenge: basestring
:param filter_param: Additional application specific parameter to filter
the return value
:type filter_param: dict
:return: dictionary of lists of the application auth items
**Example response**:
.. sourcecode:: json
{ "luks": [ { "slot": "....",
"partition": "....",
"challenge": "....",
"response": "...." }
],
"ssh": [ { "username": "******",
"sshkey": "...."},
{ "username": "******",
"sshkey": "...." }
] }
"""
#
# TODO: We should check, if the IP Address matches the hostname
#
auth_items = {}
machinetokens = list_machine_tokens(hostname=hostname,
serial=serial,
application=application)
for mtoken in machinetokens:
auth_item = get_auth_item(mtoken.get("application"),
mtoken.get("type"),
mtoken.get("serial"),
challenge,
options=mtoken.get("options"),
filter_param=filter_param)
if auth_item:
if mtoken.get("application") not in auth_items:
# we create a new empty list for the new application type
auth_items[mtoken.get("application")] = []
# Add the options the the auth_item
for k, v in mtoken.get("options", {}).iteritems():
auth_item[k] = v
# append the auth_item to the list
auth_items[mtoken.get("application")].append(auth_item)
return auth_items
def get_token_apps(machine=None,
application=None,
application_module=None,
serial=None,
client_ip=None,
challenge=None):
'''
This method returns the authentication data for the
requested application and token
:param machine: the machine name (optional)
:param application: the name of the application (optional)
:param client: the IP of the client (required)
:param serial: the serial number of a specific token (optional)
:param challenge: a challenge parameter, that can be passed in selfTest
'''
if not client_ip:
log.warning("No client IP.")
return {}
if not IPAddress(client_ip):
log.warning("No valid client IP: %r" % client_ip)
return {}
# if the application has allow_bulk_action set, we need to
# remove the IP filer.
if application_module:
if is_application_allow_bulk_call(application_module):
client_ip = None
res = showtoken(machine_name=machine,
client_ip=client_ip,
application=application,
serial=serial)
'''
depending on the application type we do need to take some action
Each application should know, what to provide...
Determine this by
1. application
2. token type
3. serial number
'''
machines = res.get("machines")
if application:
for machine in machines.values():
# add token information
serial = machine.get("serial")
token_type = getTokenType(serial)
auth_item = get_auth_item(application,
application_module,
token_type,
serial,
challenge=challenge)
machine["auth_item"] = auth_item
# add options
machine_options = get_options(machinetoken_id=machine.get("id"))
machine["options"] = machine_options
return res
def get_token_apps(machine=None,
application=None,
application_module=None,
serial=None,
client_ip=None,
challenge=None):
'''
This method returns the authentication data for the
requested application and token
:param machine: the machine name (optional)
:param application: the name of the application (optional)
:param client: the IP of the client (required)
:param serial: the serial number of a specific token (optional)
:param challenge: a challenge parameter, that can be passed in selfTest
'''
if not client_ip:
log.warning("No client IP.")
return {}
if not IPAddress(client_ip):
log.warning("No valid client IP: %r" % client_ip)
return {}
res = showtoken(machine_name=machine,
client_ip=client_ip,
application=application,
serial=serial)
'''
depending on the application type we do need to take some action
Each application should know, what to provide...
Determine this by
1. application
2. token type
3. serial number
'''
if application and serial:
token_type = getTokenType(serial)
auth_item = get_auth_item(application,
application_module,
token_type,
serial,
challenge=challenge)
res["auth_item"] = auth_item
return res
def test_02_get_auth_item(self):
auth_item = get_auth_item("base", "hotp", "serial")
self.assertEqual(auth_item, "nothing")
