def update(self, param): # cko: changed for backward compat getParam(param, "pin", optional) if not param.has_key('otpkey'): param['genkey'] = 1 TokenClass.update(self, param)
def update(self, param, reset_failcount=True): ''' update - process the initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' log.debug("[update] begin. Process the initialization parameters: param %r" % (param)) ## Remark: the otpKey is handled in the parent class val = getParam(param, "hashlib", optional) if val is not None: self.hashlibStr = val else: self.hashlibStr = 'sha1' ## check if the key_size id provided ## if not, we could derive it from the hashlib key_size = getParam(param, 'key_size', optional) if key_size is None: param['key_size'] = keylen.get(self.hashlibStr) param['hashlib'] = self.hashlibStr self.addToTokenInfo("hashlib", self.hashlibStr) TokenClass.update(self, param, reset_failcount) log.debug("[update] end. Processing the initialization parameters done.") return
def update(self, param): TokenClass.update(self, param) # The otplen is determined by the otpkey. So we # call the setOtpLen after the parents update, to overwrite # specified OTP lengths with the length of the password self.setOtpLen(0)
def update(self, param, reset_failcount=True): ''' update - process the initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' # we use the public_uid to calculate the otplen which is at 48 or 32 # the public_uid is stored and used in validation if 'public_uid' in param: otplen = 32 + len(param['public_uid']) else: otplen = 48 if 'otplen' not in param: param['otplen'] = otplen TokenClass.update(self, param, reset_failcount) if 'public_uid' in param: self.addToTokenInfo('public_uid', param['public_uid']) return
def update(self, param, reset_failcount=True): ''' update - process the initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' # we use the public_uid to calculate the otplen which is at 48 or 32 # the public_uid is stored and used in validation if 'public_uid' in param: otplen = 32 + len(param['public_uid']) else: otplen = 48 if 'otplen' not in param: param['otplen'] = otplen TokenClass.update(self, param, reset_failcount) if 'public_uid' in param: self.addToTokenInfo('public_uid', param['public_uid']) log.debug("[update] end. Processing the initialization parameters done.") return
def update(self, param): ## check for the required parameters if (self.hKeyRequired == True): getParam(param, "otpkey", required) TokenClass.update(self, param)
def update(self, param, reset_failcount=True): ''' update - process the initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' # Remark: the otpKey is handled in the parent class self.hashlibStr = param.get("hashlib", 'sha1') # check if the key_size id provided # if not, we could derive it from the hashlib key_size = param.get('key_size') if not key_size and self.hashlibStr in keylen: key_size = keylen.get(self.hashlibStr) param['key_size'] = key_size param['hashlib'] = self.hashlibStr self.addToTokenInfo("hashlib", self.hashlibStr) TokenClass.update(self, param, reset_failcount) return
def update(self, param, reset_failcount=True): ''' update - process the initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' log.debug("[update] begin. Process the initialization parameters: param %r" % (param)) ## Remark: the otpKey is handled in the parent class val = getParam(param, "hashlib", optional) if val is not None: self.hashlibStr = val else: self.hashlibStr = 'sha1' ## check if the key_size id provided ## if not, we could derive it from the hashlib key_size = getParam(param, 'key_size', optional) if key_size == None: param['key_size'] = keylen.get(self.hashlibStr) param['hashlib'] = self.hashlibStr self.addToTokenInfo("hashlib", self.hashlibStr) TokenClass.update(self, param, reset_failcount) log.debug("[update] end. Processing the initialization parameters done.") return
def update(self, param): self.radiusServer = getParam(param, "radius.server", required) # if another OTP length would be specified in /admin/init this would # be overwritten by the parent class, which is ok. self.setOtpLen(6) val = getParam(param, "radius.local_checkpin", optional) if val is not None: self.radiusLocal_checkpin = val val = getParam(param, "radius.user", required) if val is not None: self.radiusUser = val val = getParam(param, "radius.secret", required) if val is not None: self.radiusSecret = val if self.radiusSecret == VOID_RADIUS_SECRET: log.warning("Usage of default radius secret is not recomended!!") TokenClass.update(self, param) # We need to write the secret! self.token.setHKey(binascii.hexlify(self.radiusSecret)) self.addToTokenInfo("radius.server", self.radiusServer) self.addToTokenInfo("radius.local_checkpin", self.radiusLocal_checkpin) self.addToTokenInfo("radius.user", self.radiusUser)
def update(self, param): self.radiusServer = getParam(param, "radius.server", required) # if another OTP length would be specified in /admin/init this would # be overwritten by the parent class, which is ok. self.setOtpLen(6) val = getParam(param, "radius.local_checkpin", optional) if val is not None: self.radiusLocal_checkpin = val val = getParam(param, "radius.user", required) if val is not None: self.radiusUser = val val = getParam(param, "radius.secret", required) if val is not None: self.radiusSecret = val if self.radiusSecret == VOID_RADIUS_SECRET: log.warning("Usage of default radius secret is not recomended!!") TokenClass.update(self, param) # We need to write the secret! self.setOtpKey(binascii.hexlify(self.radiusSecret)) self.addToTokenInfo("radius.server", self.radiusServer) self.addToTokenInfo("radius.local_checkpin", self.radiusLocal_checkpin) self.addToTokenInfo("radius.user", self.radiusUser)
def update(self, param): # cko: changed for backward compat getParam(param, "pin", optional) if not param.has_key("otpkey"): param["genkey"] = 1 ## mark this spass token as usable exactly once if param.has_key("onetime"): TokenClass.set_count_auth_success_max(self, 1) TokenClass.update(self, param)
def update(self, param): # cko: changed for backward compat getParam(param, "pin", optional) if not param.has_key('otpkey'): param['genkey'] = 1 # mark this spass token as usable exactly once if param.has_key('onetime'): TokenClass.set_count_auth_success_max(self, 1) TokenClass.update(self, param)
def update(self, param): ## check for the required parameters if (self.hKeyRequired == True): getParam(param, "otpkey", required) TokenClass.update(self, param, reset_failcount=False) for key in ["vasco_appl", "vasco_type", "vasco_auth"]: val = getParam(param, key, optional) if val is not None: self.addToTokenInfo(key, val)
def update(self, params, reset_failcount=True): ''' update: add further definition for token from param in case of init ''' log.debug('[update] %r: %r: ' % (params, reset_failcount)) if params.has_key('ocrasuite'): self.ocraSuite = params.get('ocrasuite') else: activationcode = params.get('activationcode', None) sharedSecret = params.get('sharedsecret', None) if activationcode is None and sharedSecret is None: self.ocraSuite = self.getOcraSuiteSuite() else: self.ocraSuite = self.getQROcraSuiteSuite() if params.get('activationcode', None): ## due to changes in the tokenclass parameter handling ## we have to add for compatibility a genkey parameter if params.has_key('otpkey') == False and params.has_key('genkey') == False: log.warning('[Ocra2TokenClass:update] missing parameter genkey\ to complete the rollout 2!') params['genkey'] = 1 TokenClass.update(self, params, reset_failcount=reset_failcount) self.addToTokenInfo('ocrasuite', self.ocraSuite) ocraSuite = OcraSuite(self.ocraSuite) otplen = ocraSuite.truncation self.setOtpLen(otplen) ocraPin = params.get('ocrapin', None) if ocraPin is not None: self.token.setUserPin(ocraPin) if params.has_key('otpkey'): self.setOtpKey(params.get('otpkey')) self._rollout_1(params) self._rollout_2(params) log.debug('[update]:') return
def update(self, param): tokenid = getParam(param, "yubico.tokenid", required) if len(tokenid) < YUBICO_LEN_ID: log.error("[update] The token ID needs to be %i characters long!" % YUBICO_LEN_ID) raise Exception("The YubiKey token ID needs to be %i characters long!" % YUBICO_LEN_ID) if len(tokenid) > YUBICO_LEN_ID: tokenid = tokenid[:YUBICO_LEN_ID] self.tokenid = tokenid self.setOtpLen(44) TokenClass.update(self, param) self.addToTokenInfo("yubico.tokenid", self.tokenid) return
def update(self, param): tokenid = getParam(param, "yubico.tokenid", required) if len(tokenid) < YUBICO_LEN_ID: log.error("[update] The tokenid needs to be %i characters long!" % YUBICO_LEN_ID) raise Exception("The Yubikey token ID needs to be %i characters long!" % YUBICO_LEN_ID) if len(tokenid) > YUBICO_LEN_ID: tokenid = tokenid[:YUBICO_LEN_ID] self.tokenid = tokenid self.setOtpLen(44) TokenClass.update(self, param) self.addToTokenInfo("yubico.tokenid", self.tokenid) return
def update(self, param): """ second phase of the init process - updates parameters :param param: the request parameters :return: - nothing - """ self.remoteServer = getParam(param, "remote.server", required) # if another OTP length would be specified in /admin/init this would # be overwritten by the parent class, which is ok. self.setOtpLen(6) val = getParam(param, "remote.local_checkpin", optional) if val is not None: self.remoteLocalCheckpin = val val = getParam(param, "remote.serial", optional) if val is not None: self.remoteSerial = val val = getParam(param, "remote.user", optional) if val is not None: self.remoteUser = val val = getParam(param, "remote.realm", optional) if val is not None: self.remoteRealm = val val = getParam(param, "remote.resConf", optional) if val is not None: self.remoteResConf = val TokenClass.update(self, param) self.addToTokenInfo("remote.server", self.remoteServer) self.addToTokenInfo("remote.serial", self.remoteSerial) self.addToTokenInfo("remote.user", self.remoteUser) self.addToTokenInfo("remote.local_checkpin", self.remoteLocalCheckpin) self.addToTokenInfo("remote.realm", self.remoteRealm) self.addToTokenInfo("remote.resConf", self.remoteResConf) return
def update(self, param): """ second phase of the init process - updates token specific parameters :param param: the request parameters :return: - nothing - """ self.forwardSerial = param["forward.serial"] # get the otplen of the target token targetToken = self._getTargetToken(self.forwardSerial) TokenClass.update(self, param) self.setOtpLen(targetToken.getOtpLen()) self.addToTokenInfo("forward.serial", self.forwardSerial) return
def update(self, param, reset_failcount=True): ''' update - process initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' getParam(param, "otpkey", required) ## motp token specific otpPin = getParam(param, "otppin", required) self.setUserPin(otpPin) TokenClass.update(self, param, reset_failcount) return
def update(self, params): param_keys = set(params.keys()) init_rollout_state_keys = set(['type', 'hashlib', 'serial', '::scope::', 'key_size', 'user.login', 'description', 'user.realm', 'session', 'otplen', 'resConf', 'user', 'realm', 'qr', 'pin']) # ---------------------------------------------------------------------- if not param_keys.issubset(init_rollout_state_keys): # make sure the call aborts, if request # type wasn't recognized raise Exception('Unknown request type for token type qr') # if param keys are in {'type', 'hashlib'} the token is # initialized for the first time. this is e.g. done on the # manage web ui. since the token doesn't exist in the database # yet, its rollout state must be None (that is: they data for # the rollout state doesn't exist yet) self.ensure_state(None) # ------------------------------------------------------------------ # we set the the active state of the token to False, because # it should not be allowed to use it for validation before the # pairing process is done self.token.LinOtpIsactive = False # ------------------------------------------------------------------ if 'otplen' not in params: params['otplen'] = getFromConfig("QRTokenDefault.otplen", 8) # -------------------------------------------------------------- -- TokenClass.update(self, params, reset_failcount=True)
def update(self, param, reset_failcount=True): ''' update - process initialization parameters :param param: dict of initialization parameters :type param: dict :return: nothing ''' log.debug("[update] begin. adjust the token class with: param %r" % (param)) getParam(param, "otpkey", required) ## motp token specific otpPin = getParam(param, "otppin", required) self.token.setUserPin(otpPin) TokenClass.update(self, param, reset_failcount) log.debug("[update] all token parameters are set.") return
def update(self, params): """ initialization entry hook for the enrollment process. :param params: parameters provided by the client :raises Exception: If the client supplied unrecognized configuration parameters for this token type :raises Exception: If the policy 'pushtoken_pairing_callback_url' was not set. :raises TokenStateError: If token state is not None (default pre-enrollment state) """ param_keys = set(params.keys()) init_rollout_state_keys = set(['type', 'serial', '::scope::', 'user.login', 'description', 'user.realm', 'session', 'key_size', 'resConf', 'user', 'realm', 'pin']) # ---------------------------------------------------------------------- if not param_keys.issubset(init_rollout_state_keys): # make sure the call aborts, if request # type wasn't recognized raise Exception('Unknown request type for token type pushtoken') # if param keys are in above set, the token is # initialized for the first time. this is e.g. done on the # manage web ui. since the token doesn't exist in the database # yet, its rollout state must be None (that is: the data for # the rollout state doesn't exist yet) self.ensure_state(None) # ------------------------------------------------------------------ # we check if callback policies are set. this must be done here # because the token gets saved directly after the update method # in the TokenHandler _ = context['translate'] owner = get_token_owner(self) if owner and owner.login and owner.realm: realms = [owner.realm] else: realms = self.getRealms() cb_url = get_single_auth_policy('pushtoken_pairing_callback_url', user=owner, realms=realms) if not cb_url: raise Exception(_('Policy pushtoken_pairing_callback_url must ' 'have a value')) partition = get_partition(realms, owner) self.addToTokenInfo('partition', partition) # ------------------------------------------------------------------ # we set the the active state of the token to False, because # it should not be allowed to use it for validation before the # pairing process is done self.token.LinOtpIsactive = False # -------------------------------------------------------------- -- TokenClass.update(self, params, reset_failcount=True) # -------------------------------------------------------------- -- self.change_state('initialized')
def update(self, params): param_keys = set(params.keys()) init_rollout_state_keys = {'type', 'hashlib', 'serial', '::scope::', 'key_size', 'user.login', 'description', 'user.realm', 'session', 'otplen', 'resConf', 'user', 'realm', 'qr', 'pin'} # ---------------------------------------------------------------------- if not param_keys.issubset(init_rollout_state_keys): # make sure the call aborts, if request # type wasn't recognized raise Exception('Unknown request type for token type qr') # if param keys are in {'type', 'hashlib'} the token is # initialized for the first time. this is e.g. done on the # manage web ui. since the token doesn't exist in the database # yet, its rollout state must be None (that is: they data for # the rollout state doesn't exist yet) self.ensure_state(None) # ------------------------------------------------------------------ # we check if callback policies are set. this must be done here # because the token gets saved directly after the update method # in the TokenHandler _ = context['translate'] owner = get_token_owner(self) if owner and owner.login and owner.realm: realms = [owner.realm] else: realms = self.getRealms() pairing_policies = ['qrtoken_pairing_callback_url', 'qrtoken_pairing_callback_sms'] cb_url = get_single_auth_policy(pairing_policies[0], user=owner, realms=realms) cb_sms = get_single_auth_policy(pairing_policies[1], user=owner, realms=realms) if not cb_url and not cb_sms: raise Exception(_('Policy %s must have a value') % _(" or ").join(pairing_policies)) challenge_policies = ['qrtoken_challenge_callback_url', 'qrtoken_challenge_callback_sms'] cb_url = get_single_auth_policy(challenge_policies[0], user=owner, realms=realms) cb_sms = get_single_auth_policy(challenge_policies[1], user=owner, realms=realms) if not cb_url and not cb_sms: raise Exception(_('Policy %s must have a value') % _(" or ").join(pairing_policies)) # ------------------------------------------------------------------ # we set the the active state of the token to False, because # it should not be allowed to use it for validation before the # pairing process is done self.token.LinOtpIsactive = False # ------------------------------------------------------------------ if 'otplen' not in params: params['otplen'] = getFromConfig("QRTokenOtpLen", 8) # -------------------------------------------------------------- -- TokenClass.update(self, params, reset_failcount=True)
def update(self, params): param_keys = set(params.keys()) init_rollout_state_keys = set([ 'type', 'hashlib', 'serial', '::scope::', 'key_size', 'user.login', 'description', 'user.realm', 'session', 'otplen', 'resConf', 'user', 'realm', 'qr', 'pin' ]) # ------------------------------------------------------------------- -- if not param_keys.issubset(init_rollout_state_keys): # make sure the call aborts, if request # type wasn't recognized raise Exception('Unknown request type for token type qr') # if param keys are in {'type', 'hashlib'} the token is # initialized for the first time. this is e.g. done on the # manage web ui. since the token doesn't exist in the database # yet, its rollout state must be None (that is: they data for # the rollout state doesn't exist yet) self.ensure_state(None) # --------------------------------------------------------------- -- # we check if callback policies are set. this must be done here # because the token gets saved directly after the update method # in the TokenHandler _ = context['translate'] owner = get_token_owner(self) if owner and owner.login and owner.realm: realms = [owner.realm] else: realms = self.getRealms() pairing_policies = [ 'qrtoken_pairing_callback_url', 'qrtoken_pairing_callback_sms' ] cb_url = get_single_auth_policy(pairing_policies[0], user=owner, realms=realms) cb_sms = get_single_auth_policy(pairing_policies[1], user=owner, realms=realms) if not cb_url and not cb_sms: raise Exception( _('Policy %s must have a value') % _(" or ").join(pairing_policies)) challenge_policies = [ 'qrtoken_challenge_callback_url', 'qrtoken_challenge_callback_sms' ] cb_url = get_single_auth_policy(challenge_policies[0], user=owner, realms=realms) cb_sms = get_single_auth_policy(challenge_policies[1], user=owner, realms=realms) if not cb_url and not cb_sms: raise Exception( _('Policy %s must have a value') % _(" or ").join(challenge_policies)) partition = get_partition(realms, owner) self.addToTokenInfo('partition', partition) # --------------------------------------------------------------- -- # we set the the active state of the token to False, because # it should not be allowed to use it for validation before the # pairing process is done self.token.LinOtpIsactive = False # --------------------------------------------------------------- -- if 'otplen' not in params: params['otplen'] = getFromConfig("QRTokenOtpLen", 8) # -------------------------------------------------------------- -- TokenClass.update(self, params, reset_failcount=True)