예제 #1
0
파일: system.py 프로젝트: ukris/privacyidea
def set_default():
    """
    method:
        system/set

    description:
        define default settings for tokens. These default settings
        are used when new tokens are generated. The default settings will
        not affect already enrolled tokens.

    arguments:
        DefaultMaxFailCount    - Default value for the maximum allowed
                                 authentication failures
        DefaultSyncWindow      - Default value for the synchronization
                                 window
        DefaultCountWindow     - Default value for the coutner window
        DefaultOtpLen          - Default value for the OTP value length --
                                 usually 6 or 8
        DefaultResetFailCount  - Default value, if the FailCounter should
                                 be reset on successful authentication
                                 [True|False]


    returns:
        a json result with a boolean
          "result": true

    exception:
        if an error occurs an exception is serialized and returned

    """
    keys = ["DefaultMaxFailCount",
            "DefaultSyncWindow",
            "DefaultCountWindow",
            "DefaultOtpLen",
            "DefaultResetFailCount"]
    
    description = "parameters are: %s" % ", ".join(keys)
    param = getLowerParams(request.all_data)
    result = {}
    for k in keys:
        if k.lower() in param:
            value = getParam(param, k.lower(), required)
            res = set_privacyidea_config(k, value)
            result[k] = res
            g.audit_object.log({"success": True})
            g.audit_object.add_to_log({"info": "%s=%s, " % (k, value)})

    if len(result) == 0:
        log.warning("Failed saving config. Could not find any "
                    "known parameter. %s"
                    % description)
        raise ParameterError("Usage: %s" % description, id=77)
    
    return send_result(result)
예제 #2
0
def check_policy_api():
    """
    This function checks, if the given parameters would match a defined policy
    or not.

    :query user: the name of the user
    :query realm: the realm of the user or the realm the administrator
        want to do administrative tasks on.
    :query resolver: the resolver of a user
    :query scope: the scope of the policy
    :query action: the action that is done - if applicable
    :query IP_Address client: the client, from which this request would be
        issued

    :return: a json result with the keys allowed and policy in the value key
    :rtype: json

    :status 200: Policy created or modified.
    :status 401: Authentication failed

    **Example request**:

    .. sourcecode:: http

       GET /policy/check?user=admin&realm=r1&client=172.16.1.1 HTTP/1.1
       Host: example.com
       Accept: application/json

    **Example response**:

    .. sourcecode:: http

       HTTP/1.0 200 OK
       Content-Type: application/json

        {
          "id": 1,
          "jsonrpc": "2.0",
          "result": {
            "status": true,
            "value": {
              "pol_update_del": {
                "action": "enroll",
                "active": true,
                "client": "172.16.0.0/16",
                "name": "pol_update_del",
                "realm": "r1",
                "resolver": "test",
                "scope": "selfservice",
                "time": "",
                "user": "******"
              }
            }
          },
          "version": "privacyIDEA unknown"
        }

    """
    res = {}
    param = getLowerParams(request.all_data)

    user = getParam(param, "user", required)
    realm = getParam(param, "realm", required)
    scope = getParam(param, "scope", required)
    action = getParam(param, "action", required)
    client = getParam(param, "client", optional)
    resolver = getParam(param, "resolver", optional)

    P = g.policy_object
    policies = P.get_policies(user=user,
                              realm=realm,
                              resolver=resolver,
                              scope=scope,
                              action=action,
                              client=client,
                              active=True)
    if policies:
        res["allowed"] = True
        res["policy"] = policies
        policy_names = []
        for pol in policies:
            policy_names.append(pol.get("name"))
        g.audit_object.log(
            {'info': "allowed by policy {0!s}".format(policy_names)})
    else:
        res["allowed"] = False
        res["info"] = "No policies found"

    g.audit_object.log({
        "success":
        True,
        'action_detail':
        "action = %s, realm = %s, scope = "
        "%s" % (action, realm, scope)
    })

    return send_result(res)
예제 #3
0
def get_policy(name=None, export=None):
    """
    this function is used to retrieve the policies that you
    defined.
    It can also be used to export the policy to a file.

    :query name: will only return the policy with the given name
    :query export: The filename needs to be specified as the
        third part of the URL like policy.cfg. It
        will then be exported to this file.
    :query realm: will return all policies in the given realm
    :query scope: will only return the policies within the given scope
    :query active: Set to true or false if you only want to display
        active or inactive policies.

    :return: a json result with the configuration of the specified policies
    :rtype: json

    :status 200: Policy created or modified.
    :status 401: Authentication failed

    **Example request**:

    In this example a policy "pol1" is created.

    .. sourcecode:: http

       GET /policy/pol1 HTTP/1.1
       Host: example.com
       Accept: application/json

    **Example response**:

    .. sourcecode:: http

       HTTP/1.0 200 OK
       Content-Type: application/json

        {
          "id": 1,
          "jsonrpc": "2.0",
          "result": {
            "status": true,
            "value": {
              "pol_update_del": {
                "action": "enroll",
                "active": true,
                "client": "1.1.1.1",
                "name": "pol_update_del",
                "realm": "r1",
                "resolver": "test",
                "scope": "selfservice",
                "time": "",
                "user": "******"
              }
            }
          },
          "version": "privacyIDEA unknown"
        }
    """
    param = getLowerParams(request.all_data)
    realm = getParam(param, "realm")
    scope = getParam(param, "scope")
    active = getParam(param, "active")

    P = g.policy_object
    if not export:
        log.debug(
            "retrieving policy name: {0!s}, realm: {1!s}, scope: {2!s}".format(
                name, realm, scope))

        pol = P.get_policies(name=name,
                             realm=realm,
                             scope=scope,
                             active=active,
                             all_times=True)
        ret = send_result(pol)
    else:
        # We want to export all policies
        pol = P.get_policies()
        response = make_response(export_policies(pol))
        response.headers["Content-Disposition"] = ("attachment; "
                                                   "filename=%s" % export)
        ret = response

    g.audit_object.log({
        "success":
        True,
        'info':
        "name = {0!s}, realm = {1!s}, scope = {2!s}".format(
            name, realm, scope)
    })
    return ret
예제 #4
0
def check_policy_api():
    """
    This function checks, if the given parameters would match a defined policy
    or not.

    :query user: the name of the user
    :query realm: the realm of the user or the realm the administrator
        want to do administrative tasks on.
    :query resolver: the resolver of a user
    :query scope: the scope of the policy
    :query action: the action that is done - if applicable
    :query IP_Address client: the client, from which this request would be
        issued

    :return: a json result with the keys allowed and policy in the value key
    :rtype: json

    :status 200: Policy created or modified.
    :status 401: Authentication failed

    **Example request**:

    .. sourcecode:: http

       GET /policy/check?user=admin&realm=r1&client=172.16.1.1 HTTP/1.1
       Host: example.com
       Accept: application/json

    **Example response**:

    .. sourcecode:: http

       HTTP/1.0 200 OK
       Content-Type: application/json

        {
          "id": 1,
          "jsonrpc": "2.0",
          "result": {
            "status": true,
            "value": {
              "pol_update_del": {
                "action": "enroll",
                "active": true,
                "client": "172.16.0.0/16",
                "name": "pol_update_del",
                "realm": "r1",
                "resolver": "test",
                "scope": "selfservice",
                "time": "",
                "user": "******"
              }
            }
          },
          "version": "privacyIDEA unknown"
        }

    """
    res = {}
    param = getLowerParams(request.all_data)

    user = getParam(param, "user", required)
    realm = getParam(param, "realm", required)
    scope = getParam(param, "scope", required)
    action = getParam(param, "action", required)
    client = getParam(param, "client", optional)
    resolver = getParam(param, "resolver", optional)

    P = g.policy_object
    policies = P.get_policies(user=user, realm=realm, resolver=resolver,
                              scope=scope, action=action, client=client,
                              active=True)
    if policies:
        res["allowed"] = True
        res["policy"] = policies
        policy_names = []
        for pol in policies:
            policy_names.append(pol.get("name"))
        g.audit_object.log({'info': "allowed by policy %s" % policy_names})
    else:
        res["allowed"] = False
        res["info"] = "No policies found"

    g.audit_object.log({"success": True,
                        'action_detail': "action = %s, realm = %s, scope = "
                                         "%s" % (action, realm, scope)
                        })

    return send_result(res)
예제 #5
0
def get_policy(name=None, export=None):
    """
    this function is used to retrieve the policies that you
    defined.
    It can also be used to export the policy to a file.

    :query name: will only return the policy with the given name
    :query export: The filename needs to be specified as the
        third part of the URL like policy.cfg. It
        will then be exported to this file.
    :query realm: will return all policies in the given realm
    :query scope: will only return the policies within the given scope
    :query active: Set to true or false if you only want to display
        active or inactive policies.

    :return: a json result with the configuration of the specified policies
    :rtype: json

    :status 200: Policy created or modified.
    :status 401: Authentication failed

    **Example request**:

    In this example a policy "pol1" is created.

    .. sourcecode:: http

       GET /policy/pol1 HTTP/1.1
       Host: example.com
       Accept: application/json

    **Example response**:

    .. sourcecode:: http

       HTTP/1.0 200 OK
       Content-Type: application/json

        {
          "id": 1,
          "jsonrpc": "2.0",
          "result": {
            "status": true,
            "value": {
              "pol_update_del": {
                "action": "enroll",
                "active": true,
                "client": "1.1.1.1",
                "name": "pol_update_del",
                "realm": "r1",
                "resolver": "test",
                "scope": "selfservice",
                "time": "",
                "user": "******"
              }
            }
          },
          "version": "privacyIDEA unknown"
        }
    """
    param = getLowerParams(request.all_data)
    realm = getParam(param, "realm")
    scope = getParam(param, "scope")
    active = getParam(param, "active")

    P = g.policy_object
    if not export:
        log.debug("retrieving policy name: %s, realm: %s, scope: %s"
                  % (name, realm, scope))

        pol = P.get_policies(name=name, realm=realm, scope=scope, active=active)
        ret = send_result(pol)
    else:
        # We want to export all policies
        pol = P.get_policies()
        response = make_response(export_policies(pol))
        response.headers["Content-Disposition"] = ("attachment; "
                                                   "filename=%s" % export)
        ret = response

    g.audit_object.log({"success": True,
                        'info': "name = %s, realm = %s, scope = %s" %
                       (name, realm, scope)})
    return ret