示例#1
0
    def update(self, param):
        # cko: changed for backward compat
        getParam(param, "pin", optional)
        if not param.has_key('otpkey'):
            param['genkey'] = 1

        TokenClass.update(self, param)
示例#2
0
    def update(self, param, reset_failcount=True):
        '''
        update - process the initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing
        '''

        log.debug("[update] begin. Process the initialization parameters: param %r" % (param))

        ## Remark: the otpKey is handled in the parent class

        val = getParam(param, "hashlib", optional)
        if val is not None:
            self.hashlibStr = val
        else:
            self.hashlibStr = 'sha1'

        ## check if the key_size id provided
        ## if not, we could derive it from the hashlib
        key_size = getParam(param, 'key_size', optional)
        if key_size is None:
            param['key_size'] = keylen.get(self.hashlibStr)

        param['hashlib'] = self.hashlibStr
        self.addToTokenInfo("hashlib", self.hashlibStr)

        TokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. Processing the initialization parameters done.")
        return
示例#3
0
    def update(self, param):

        TokenClass.update(self, param)
        # The otplen is determined by the otpkey. So we
        # call the setOtpLen after the parents update, to overwrite
        # specified OTP lengths with the length of the password
        self.setOtpLen(0)
示例#4
0
    def update(self, param):

        TokenClass.update(self, param)
        # The otplen is determined by the otpkey. So we
        # call the setOtpLen after the parents update, to overwrite
        # specified OTP lengths with the length of the password
        self.setOtpLen(0)
示例#5
0
    def update(self, param, reset_failcount=True):
        '''
        update - process the initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing
        '''

        # we use the public_uid to calculate the otplen which is at 48 or 32
        # the public_uid is stored and used in validation

        if 'public_uid' in param:
            otplen = 32 + len(param['public_uid'])
        else:
            otplen = 48

        if 'otplen' not in param:
            param['otplen'] = otplen

        TokenClass.update(self, param, reset_failcount)

        if 'public_uid' in param:
            self.addToTokenInfo('public_uid', param['public_uid'])

        return
示例#6
0
    def update(self, param, reset_failcount=True):
        '''
        update - process the initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing
        '''

        # we use the public_uid to calculate the otplen which is at 48 or 32
        # the public_uid is stored and used in validation

        if 'public_uid' in param:
            otplen = 32 + len(param['public_uid'])
        else:
            otplen = 48

        if 'otplen' not in param:
            param['otplen'] = otplen

        TokenClass.update(self, param, reset_failcount)

        if 'public_uid' in param:
            self.addToTokenInfo('public_uid', param['public_uid'])

        log.debug("[update] end. Processing the initialization parameters done.")
        return
示例#7
0
    def update(self, param):

        ## check for the required parameters
        if (self.hKeyRequired == True):
            getParam(param, "otpkey", required)

        TokenClass.update(self, param)
示例#8
0
    def update(self, param):

        ## check for the required parameters
        if (self.hKeyRequired == True):
            getParam(param, "otpkey", required)

        TokenClass.update(self, param)
示例#9
0
    def update(self, param, reset_failcount=True):
        '''
        update - process the initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing
        '''

        # Remark: the otpKey is handled in the parent class

        self.hashlibStr = param.get("hashlib", 'sha1')

        # check if the key_size id provided
        # if not, we could derive it from the hashlib
        key_size = param.get('key_size')
        if not key_size and self.hashlibStr in keylen:
            key_size = keylen.get(self.hashlibStr)

        param['key_size'] = key_size
        param['hashlib'] = self.hashlibStr
        self.addToTokenInfo("hashlib", self.hashlibStr)

        TokenClass.update(self, param, reset_failcount)

        return
示例#10
0
    def update(self, param, reset_failcount=True):
        '''
        update - process the initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing
        '''

        log.debug("[update] begin. Process the initialization parameters: param %r" % (param))

        ## Remark: the otpKey is handled in the parent class

        val = getParam(param, "hashlib", optional)
        if val is not None:
            self.hashlibStr = val
        else:
            self.hashlibStr = 'sha1'

        ## check if the key_size id provided
        ## if not, we could derive it from the hashlib
        key_size = getParam(param, 'key_size', optional)
        if key_size == None:
            param['key_size'] = keylen.get(self.hashlibStr)

        param['hashlib'] = self.hashlibStr
        self.addToTokenInfo("hashlib", self.hashlibStr)

        TokenClass.update(self, param, reset_failcount)

        log.debug("[update] end. Processing the initialization parameters done.")
        return
示例#11
0
    def update(self, param):

        self.radiusServer = getParam(param, "radius.server", required)
        # if another OTP length would be specified in /admin/init this would
        # be overwritten by the parent class, which is ok.
        self.setOtpLen(6)

        val = getParam(param, "radius.local_checkpin", optional)
        if val is not None:
            self.radiusLocal_checkpin = val

        val = getParam(param, "radius.user", required)
        if val is not None:
            self.radiusUser = val

        val = getParam(param, "radius.secret", required)
        if val is not None:
            self.radiusSecret = val

        if self.radiusSecret == VOID_RADIUS_SECRET:
            log.warning("Usage of default radius secret is not recomended!!")


        TokenClass.update(self, param)
        # We need to write the secret!
        self.token.setHKey(binascii.hexlify(self.radiusSecret))

        self.addToTokenInfo("radius.server", self.radiusServer)
        self.addToTokenInfo("radius.local_checkpin", self.radiusLocal_checkpin)
        self.addToTokenInfo("radius.user", self.radiusUser)
示例#12
0
    def update(self, param):

        self.radiusServer = getParam(param, "radius.server", required)
        # if another OTP length would be specified in /admin/init this would
        # be overwritten by the parent class, which is ok.
        self.setOtpLen(6)

        val = getParam(param, "radius.local_checkpin", optional)
        if val is not None:
            self.radiusLocal_checkpin = val

        val = getParam(param, "radius.user", required)
        if val is not None:
            self.radiusUser = val

        val = getParam(param, "radius.secret", required)
        if val is not None:
            self.radiusSecret = val

        if self.radiusSecret == VOID_RADIUS_SECRET:
            log.warning("Usage of default radius secret is not recomended!!")

        TokenClass.update(self, param)
        # We need to write the secret!
        self.setOtpKey(binascii.hexlify(self.radiusSecret))

        self.addToTokenInfo("radius.server", self.radiusServer)
        self.addToTokenInfo("radius.local_checkpin", self.radiusLocal_checkpin)
        self.addToTokenInfo("radius.user", self.radiusUser)
示例#13
0
    def update(self, param):
        # cko: changed for backward compat
        getParam(param, "pin", optional)
        if not param.has_key("otpkey"):
            param["genkey"] = 1

        ## mark this spass token as usable exactly once
        if param.has_key("onetime"):
            TokenClass.set_count_auth_success_max(self, 1)

        TokenClass.update(self, param)
示例#14
0
    def update(self, param):
        # cko: changed for backward compat
        getParam(param, "pin", optional)
        if not param.has_key('otpkey'):
            param['genkey'] = 1

        # mark this spass token as usable exactly once
        if param.has_key('onetime'):
            TokenClass.set_count_auth_success_max(self, 1)

        TokenClass.update(self, param)
示例#15
0
    def update(self, param):

        ## check for the required parameters
        if (self.hKeyRequired == True):
            getParam(param, "otpkey", required)

        TokenClass.update(self, param, reset_failcount=False)

        for key in ["vasco_appl", "vasco_type", "vasco_auth"]:
            val = getParam(param, key, optional)
            if val is not None:
                self.addToTokenInfo(key, val)
示例#16
0
    def update(self, param):

        ## check for the required parameters
        if (self.hKeyRequired == True):
            getParam(param, "otpkey", required)

        TokenClass.update(self, param, reset_failcount=False)

        for key in ["vasco_appl", "vasco_type", "vasco_auth"]:
            val = getParam(param, key, optional)
            if val is not None:
                self.addToTokenInfo(key, val)
示例#17
0
文件: ocra2token.py 项目: RDLM-01/Elm
    def update(self, params, reset_failcount=True):
        '''
        update: add further definition for token from param in case of init
        '''
        log.debug('[update] %r: %r: ' % (params, reset_failcount))


        if params.has_key('ocrasuite'):
            self.ocraSuite = params.get('ocrasuite')
        else:
            activationcode = params.get('activationcode', None)
            sharedSecret = params.get('sharedsecret', None)


            if activationcode is None and sharedSecret is None:
                self.ocraSuite = self.getOcraSuiteSuite()
            else:
                self.ocraSuite = self.getQROcraSuiteSuite()

        if params.get('activationcode', None):
            ## due to changes in the tokenclass parameter handling
            ## we have to add for compatibility a genkey parameter
            if params.has_key('otpkey') == False and params.has_key('genkey') == False:
                log.warning('[Ocra2TokenClass:update] missing parameter genkey\
                             to complete the rollout 2!')
                params['genkey'] = 1


        TokenClass.update(self, params, reset_failcount=reset_failcount)

        self.addToTokenInfo('ocrasuite', self.ocraSuite)

        ocraSuite = OcraSuite(self.ocraSuite)
        otplen = ocraSuite.truncation
        self.setOtpLen(otplen)

        ocraPin = params.get('ocrapin', None)
        if ocraPin is not None:
            self.token.setUserPin(ocraPin)

        if params.has_key('otpkey'):
            self.setOtpKey(params.get('otpkey'))

        self._rollout_1(params)
        self._rollout_2(params)

        log.debug('[update]:')
        return
示例#18
0
    def update(self, param):

        tokenid = getParam(param, "yubico.tokenid", required)
        if len(tokenid) < YUBICO_LEN_ID:
            log.error("[update] The token ID needs to be %i characters long!" % YUBICO_LEN_ID)
            raise Exception("The YubiKey token ID needs to be %i characters long!" % YUBICO_LEN_ID)

        if len(tokenid) > YUBICO_LEN_ID:
            tokenid = tokenid[:YUBICO_LEN_ID]

        self.tokenid = tokenid
        self.setOtpLen(44)

        TokenClass.update(self, param)

        self.addToTokenInfo("yubico.tokenid", self.tokenid)

        return
示例#19
0
    def update(self, param):

        tokenid = getParam(param, "yubico.tokenid", required)
        if len(tokenid) < YUBICO_LEN_ID:
            log.error("[update] The tokenid needs to be %i characters long!" % YUBICO_LEN_ID)
            raise Exception("The Yubikey token ID needs to be %i characters long!" % YUBICO_LEN_ID)

        if len(tokenid) > YUBICO_LEN_ID:
            tokenid = tokenid[:YUBICO_LEN_ID]

        self.tokenid = tokenid
        self.setOtpLen(44)

        TokenClass.update(self, param)

        self.addToTokenInfo("yubico.tokenid", self.tokenid)

        return
示例#20
0
    def update(self, param):
        """
        second phase of the init process - updates parameters

        :param param: the request parameters
        :return: - nothing -
        """

        self.remoteServer = getParam(param, "remote.server", required)
        # if another OTP length would be specified in /admin/init this would
        # be overwritten by the parent class, which is ok.
        self.setOtpLen(6)

        val = getParam(param, "remote.local_checkpin", optional)
        if val is not None:
            self.remoteLocalCheckpin = val

        val = getParam(param, "remote.serial", optional)
        if val is not None:
            self.remoteSerial = val

        val = getParam(param, "remote.user", optional)
        if val is not None:
            self.remoteUser = val

        val = getParam(param, "remote.realm", optional)
        if val is not None:
            self.remoteRealm = val

        val = getParam(param, "remote.resConf", optional)
        if val is not None:
            self.remoteResConf = val

        TokenClass.update(self, param)

        self.addToTokenInfo("remote.server", self.remoteServer)
        self.addToTokenInfo("remote.serial", self.remoteSerial)
        self.addToTokenInfo("remote.user", self.remoteUser)
        self.addToTokenInfo("remote.local_checkpin", self.remoteLocalCheckpin)
        self.addToTokenInfo("remote.realm", self.remoteRealm)
        self.addToTokenInfo("remote.resConf", self.remoteResConf)

        return
示例#21
0
    def update(self, param):
        """
        second phase of the init process - updates token specific parameters

        :param param: the request parameters
        :return: - nothing -
        """

        self.forwardSerial = param["forward.serial"]

        # get the otplen of the target token
        targetToken = self._getTargetToken(self.forwardSerial)

        TokenClass.update(self, param)

        self.setOtpLen(targetToken.getOtpLen())
        self.addToTokenInfo("forward.serial", self.forwardSerial)

        return
示例#22
0
    def update(self, param):
        """
        second phase of the init process - updates parameters

        :param param: the request parameters
        :return: - nothing -
        """

        self.remoteServer = getParam(param, "remote.server", required)
        # if another OTP length would be specified in /admin/init this would
        # be overwritten by the parent class, which is ok.
        self.setOtpLen(6)

        val = getParam(param, "remote.local_checkpin", optional)
        if val is not None:
            self.remoteLocalCheckpin = val

        val = getParam(param, "remote.serial", optional)
        if val is not None:
            self.remoteSerial = val

        val = getParam(param, "remote.user", optional)
        if val is not None:
            self.remoteUser = val

        val = getParam(param, "remote.realm", optional)
        if val is not None:
            self.remoteRealm = val

        val = getParam(param, "remote.resConf", optional)
        if val is not None:
            self.remoteResConf = val

        TokenClass.update(self, param)

        self.addToTokenInfo("remote.server", self.remoteServer)
        self.addToTokenInfo("remote.serial", self.remoteSerial)
        self.addToTokenInfo("remote.user", self.remoteUser)
        self.addToTokenInfo("remote.local_checkpin", self.remoteLocalCheckpin)
        self.addToTokenInfo("remote.realm", self.remoteRealm)
        self.addToTokenInfo("remote.resConf", self.remoteResConf)

        return
示例#23
0
    def update(self, param):
        """
        second phase of the init process - updates token specific parameters

        :param param: the request parameters
        :return: - nothing -
        """

        self.forwardSerial = param["forward.serial"]

        # get the otplen of the target token
        targetToken = self._getTargetToken(self.forwardSerial)

        TokenClass.update(self, param)

        self.setOtpLen(targetToken.getOtpLen())
        self.addToTokenInfo("forward.serial", self.forwardSerial)

        return
示例#24
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''

        getParam(param, "otpkey", required)

        ## motp token specific
        otpPin = getParam(param, "otppin", required)
        self.setUserPin(otpPin)

        TokenClass.update(self, param, reset_failcount)

        return
示例#25
0
    def update(self, params):

        param_keys = set(params.keys())
        init_rollout_state_keys = set(['type', 'hashlib', 'serial', '::scope::',
                                       'key_size', 'user.login', 'description',
                                       'user.realm', 'session', 'otplen',
                                       'resConf', 'user', 'realm', 'qr', 'pin'])

        # ----------------------------------------------------------------------

        if not param_keys.issubset(init_rollout_state_keys):

            # make sure the call aborts, if request
            # type wasn't recognized

            raise Exception('Unknown request type for token type qr')

        # if param keys are in {'type', 'hashlib'} the token is
        # initialized for the first time. this is e.g. done on the
        # manage web ui. since the token doesn't exist in the database
        # yet, its rollout state must be None (that is: they data for
        # the rollout state doesn't exist yet)

        self.ensure_state(None)

        # ------------------------------------------------------------------

        # we set the the active state of the token to False, because
        # it should not be allowed to use it for validation before the
        # pairing process is done

        self.token.LinOtpIsactive = False

        # ------------------------------------------------------------------

        if 'otplen' not in params:
            params['otplen'] = getFromConfig("QRTokenDefault.otplen", 8)

        # -------------------------------------------------------------- --

        TokenClass.update(self, params, reset_failcount=True)
示例#26
0
    def update(self, param, reset_failcount=True):
        '''
        update - process initialization parameters

        :param param: dict of initialization parameters
        :type param: dict

        :return: nothing

        '''
        log.debug("[update] begin. adjust the token class with: param %r" % (param))

        getParam(param, "otpkey", required)

        ## motp token specific
        otpPin = getParam(param, "otppin", required)
        self.token.setUserPin(otpPin)

        TokenClass.update(self, param, reset_failcount)

        log.debug("[update] all token parameters are set.")
        return
示例#27
0
    def update(self, params):

        """
        initialization entry hook for the enrollment process.

        :param params: parameters provided by the client

        :raises Exception: If the client supplied unrecognized
            configuration parameters for this token type

        :raises Exception: If the policy 'pushtoken_pairing_callback_url'
            was not set.

        :raises TokenStateError: If token state is not None
            (default pre-enrollment state)
        """

        param_keys = set(params.keys())
        init_rollout_state_keys = set(['type', 'serial', '::scope::',
                                       'user.login', 'description',
                                       'user.realm', 'session', 'key_size',
                                       'resConf', 'user', 'realm',
                                       'pin'])

        # ----------------------------------------------------------------------

        if not param_keys.issubset(init_rollout_state_keys):

            # make sure the call aborts, if request
            # type wasn't recognized

            raise Exception('Unknown request type for token type pushtoken')

        # if param keys are in above set, the token is
        # initialized for the first time. this is e.g. done on the
        # manage web ui. since the token doesn't exist in the database
        # yet, its rollout state must be None (that is: the data for
        # the rollout state doesn't exist yet)

        self.ensure_state(None)

        # ------------------------------------------------------------------

        # we check if callback policies are set. this must be done here
        # because the token gets saved directly after the update method
        # in the TokenHandler

        _ = context['translate']

        owner = get_token_owner(self)
        if owner and owner.login and owner.realm:
            realms = [owner.realm]
        else:
            realms = self.getRealms()

        cb_url = get_single_auth_policy('pushtoken_pairing_callback_url',
                                        user=owner, realms=realms)

        if not cb_url:
            raise Exception(_('Policy pushtoken_pairing_callback_url must '
                              'have a value'))

        partition = get_partition(realms, owner)
        self.addToTokenInfo('partition', partition)

        # ------------------------------------------------------------------

        # we set the the active state of the token to False, because
        # it should not be allowed to use it for validation before the
        # pairing process is done

        self.token.LinOtpIsactive = False

        # -------------------------------------------------------------- --

        TokenClass.update(self, params, reset_failcount=True)

        # -------------------------------------------------------------- --

        self.change_state('initialized')
示例#28
0
文件: qrtoken.py 项目: gsnbng/LinOTP
    def update(self, params):

        param_keys = set(params.keys())
        init_rollout_state_keys = {'type', 'hashlib', 'serial', '::scope::',
                                   'key_size', 'user.login', 'description',
                                   'user.realm', 'session', 'otplen', 'resConf',
                                   'user', 'realm', 'qr', 'pin'}

        # ----------------------------------------------------------------------

        if not param_keys.issubset(init_rollout_state_keys):

            # make sure the call aborts, if request
            # type wasn't recognized

            raise Exception('Unknown request type for token type qr')

        # if param keys are in {'type', 'hashlib'} the token is
        # initialized for the first time. this is e.g. done on the
        # manage web ui. since the token doesn't exist in the database
        # yet, its rollout state must be None (that is: they data for
        # the rollout state doesn't exist yet)

        self.ensure_state(None)

        # ------------------------------------------------------------------

        # we check if callback policies are set. this must be done here
        # because the token gets saved directly after the update method
        # in the TokenHandler

        _ = context['translate']

        owner = get_token_owner(self)
        if owner and owner.login and owner.realm:
            realms = [owner.realm]
        else:
            realms = self.getRealms()

        pairing_policies = ['qrtoken_pairing_callback_url',
                            'qrtoken_pairing_callback_sms']

        cb_url = get_single_auth_policy(pairing_policies[0],
                                        user=owner, realms=realms)
        cb_sms = get_single_auth_policy(pairing_policies[1],
                                        user=owner, realms=realms)


        if not cb_url and not cb_sms:
            raise Exception(_('Policy %s must have a value') %
                            _(" or ").join(pairing_policies))

        challenge_policies = ['qrtoken_challenge_callback_url',
                              'qrtoken_challenge_callback_sms']

        cb_url = get_single_auth_policy(challenge_policies[0],
                                        user=owner, realms=realms)
        cb_sms = get_single_auth_policy(challenge_policies[1],
                                        user=owner, realms=realms)

        if not cb_url and not cb_sms:
            raise Exception(_('Policy %s must have a value') %
                            _(" or ").join(pairing_policies))

        # ------------------------------------------------------------------

        # we set the the active state of the token to False, because
        # it should not be allowed to use it for validation before the
        # pairing process is done

        self.token.LinOtpIsactive = False

        # ------------------------------------------------------------------

        if 'otplen' not in params:
            params['otplen'] = getFromConfig("QRTokenOtpLen", 8)

        # -------------------------------------------------------------- --

        TokenClass.update(self, params, reset_failcount=True)
示例#29
0
    def update(self, params):

        param_keys = set(params.keys())
        init_rollout_state_keys = set([
            'type', 'hashlib', 'serial', '::scope::', 'key_size', 'user.login',
            'description', 'user.realm', 'session', 'otplen', 'resConf',
            'user', 'realm', 'qr', 'pin'
        ])

        # ------------------------------------------------------------------- --

        if not param_keys.issubset(init_rollout_state_keys):

            # make sure the call aborts, if request
            # type wasn't recognized

            raise Exception('Unknown request type for token type qr')

        # if param keys are in {'type', 'hashlib'} the token is
        # initialized for the first time. this is e.g. done on the
        # manage web ui. since the token doesn't exist in the database
        # yet, its rollout state must be None (that is: they data for
        # the rollout state doesn't exist yet)

        self.ensure_state(None)

        # --------------------------------------------------------------- --

        # we check if callback policies are set. this must be done here
        # because the token gets saved directly after the update method
        # in the TokenHandler

        _ = context['translate']

        owner = get_token_owner(self)
        if owner and owner.login and owner.realm:
            realms = [owner.realm]
        else:
            realms = self.getRealms()

        pairing_policies = [
            'qrtoken_pairing_callback_url', 'qrtoken_pairing_callback_sms'
        ]

        cb_url = get_single_auth_policy(pairing_policies[0],
                                        user=owner,
                                        realms=realms)
        cb_sms = get_single_auth_policy(pairing_policies[1],
                                        user=owner,
                                        realms=realms)

        if not cb_url and not cb_sms:
            raise Exception(
                _('Policy %s must have a value') %
                _(" or ").join(pairing_policies))

        challenge_policies = [
            'qrtoken_challenge_callback_url', 'qrtoken_challenge_callback_sms'
        ]

        cb_url = get_single_auth_policy(challenge_policies[0],
                                        user=owner,
                                        realms=realms)
        cb_sms = get_single_auth_policy(challenge_policies[1],
                                        user=owner,
                                        realms=realms)

        if not cb_url and not cb_sms:
            raise Exception(
                _('Policy %s must have a value') %
                _(" or ").join(challenge_policies))

        partition = get_partition(realms, owner)
        self.addToTokenInfo('partition', partition)

        # --------------------------------------------------------------- --

        # we set the the active state of the token to False, because
        # it should not be allowed to use it for validation before the
        # pairing process is done

        self.token.LinOtpIsactive = False

        # --------------------------------------------------------------- --

        if 'otplen' not in params:
            params['otplen'] = getFromConfig("QRTokenOtpLen", 8)

        # -------------------------------------------------------------- --

        TokenClass.update(self, params, reset_failcount=True)