def update(self, param):
# cko: changed for backward compat
getParam(param, "pin", optional)
if not param.has_key('otpkey'):
param['genkey'] = 1
TokenClass.update(self, param)
def update(self, param, reset_failcount=True):
'''
update - process the initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
log.debug("[update] begin. Process the initialization parameters: param %r" % (param))
## Remark: the otpKey is handled in the parent class
val = getParam(param, "hashlib", optional)
if val is not None:
self.hashlibStr = val
else:
self.hashlibStr = 'sha1'
## check if the key_size id provided
## if not, we could derive it from the hashlib
key_size = getParam(param, 'key_size', optional)
if key_size is None:
param['key_size'] = keylen.get(self.hashlibStr)
param['hashlib'] = self.hashlibStr
self.addToTokenInfo("hashlib", self.hashlibStr)
TokenClass.update(self, param, reset_failcount)
log.debug("[update] end. Processing the initialization parameters done.")
return
def update(self, param):
TokenClass.update(self, param)
# The otplen is determined by the otpkey. So we
# call the setOtpLen after the parents update, to overwrite
# specified OTP lengths with the length of the password
self.setOtpLen(0)
def update(self, param):
TokenClass.update(self, param)
# The otplen is determined by the otpkey. So we
# call the setOtpLen after the parents update, to overwrite
# specified OTP lengths with the length of the password
self.setOtpLen(0)
def update(self, param, reset_failcount=True):
'''
update - process the initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
# we use the public_uid to calculate the otplen which is at 48 or 32
# the public_uid is stored and used in validation
if 'public_uid' in param:
otplen = 32 + len(param['public_uid'])
else:
otplen = 48
if 'otplen' not in param:
param['otplen'] = otplen
TokenClass.update(self, param, reset_failcount)
if 'public_uid' in param:
self.addToTokenInfo('public_uid', param['public_uid'])
return
def update(self, param, reset_failcount=True):
'''
update - process the initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
# we use the public_uid to calculate the otplen which is at 48 or 32
# the public_uid is stored and used in validation
if 'public_uid' in param:
otplen = 32 + len(param['public_uid'])
else:
otplen = 48
if 'otplen' not in param:
param['otplen'] = otplen
TokenClass.update(self, param, reset_failcount)
if 'public_uid' in param:
self.addToTokenInfo('public_uid', param['public_uid'])
log.debug("[update] end. Processing the initialization parameters done.")
return
def update(self, param):
## check for the required parameters
if (self.hKeyRequired == True):
getParam(param, "otpkey", required)
TokenClass.update(self, param)
def update(self, param):
## check for the required parameters
if (self.hKeyRequired == True):
getParam(param, "otpkey", required)
TokenClass.update(self, param)
def update(self, param, reset_failcount=True):
'''
update - process the initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
# Remark: the otpKey is handled in the parent class
self.hashlibStr = param.get("hashlib", 'sha1')
# check if the key_size id provided
# if not, we could derive it from the hashlib
key_size = param.get('key_size')
if not key_size and self.hashlibStr in keylen:
key_size = keylen.get(self.hashlibStr)
param['key_size'] = key_size
param['hashlib'] = self.hashlibStr
self.addToTokenInfo("hashlib", self.hashlibStr)
TokenClass.update(self, param, reset_failcount)
return
def update(self, param, reset_failcount=True):
'''
update - process the initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
log.debug("[update] begin. Process the initialization parameters: param %r" % (param))
## Remark: the otpKey is handled in the parent class
val = getParam(param, "hashlib", optional)
if val is not None:
self.hashlibStr = val
else:
self.hashlibStr = 'sha1'
## check if the key_size id provided
## if not, we could derive it from the hashlib
key_size = getParam(param, 'key_size', optional)
if key_size == None:
param['key_size'] = keylen.get(self.hashlibStr)
param['hashlib'] = self.hashlibStr
self.addToTokenInfo("hashlib", self.hashlibStr)
TokenClass.update(self, param, reset_failcount)
log.debug("[update] end. Processing the initialization parameters done.")
return
def update(self, param):
self.radiusServer = getParam(param, "radius.server", required)
# if another OTP length would be specified in /admin/init this would
# be overwritten by the parent class, which is ok.
self.setOtpLen(6)
val = getParam(param, "radius.local_checkpin", optional)
if val is not None:
self.radiusLocal_checkpin = val
val = getParam(param, "radius.user", required)
if val is not None:
self.radiusUser = val
val = getParam(param, "radius.secret", required)
if val is not None:
self.radiusSecret = val
if self.radiusSecret == VOID_RADIUS_SECRET:
log.warning("Usage of default radius secret is not recomended!!")
TokenClass.update(self, param)
# We need to write the secret!
self.token.setHKey(binascii.hexlify(self.radiusSecret))
self.addToTokenInfo("radius.server", self.radiusServer)
self.addToTokenInfo("radius.local_checkpin", self.radiusLocal_checkpin)
self.addToTokenInfo("radius.user", self.radiusUser)
def update(self, param):
self.radiusServer = getParam(param, "radius.server", required)
# if another OTP length would be specified in /admin/init this would
# be overwritten by the parent class, which is ok.
self.setOtpLen(6)
val = getParam(param, "radius.local_checkpin", optional)
if val is not None:
self.radiusLocal_checkpin = val
val = getParam(param, "radius.user", required)
if val is not None:
self.radiusUser = val
val = getParam(param, "radius.secret", required)
if val is not None:
self.radiusSecret = val
if self.radiusSecret == VOID_RADIUS_SECRET:
log.warning("Usage of default radius secret is not recomended!!")
TokenClass.update(self, param)
# We need to write the secret!
self.setOtpKey(binascii.hexlify(self.radiusSecret))
self.addToTokenInfo("radius.server", self.radiusServer)
self.addToTokenInfo("radius.local_checkpin", self.radiusLocal_checkpin)
self.addToTokenInfo("radius.user", self.radiusUser)
def update(self, param):
# cko: changed for backward compat
getParam(param, "pin", optional)
if not param.has_key("otpkey"):
param["genkey"] = 1
## mark this spass token as usable exactly once
if param.has_key("onetime"):
TokenClass.set_count_auth_success_max(self, 1)
TokenClass.update(self, param)
def update(self, param):
# cko: changed for backward compat
getParam(param, "pin", optional)
if not param.has_key('otpkey'):
param['genkey'] = 1
# mark this spass token as usable exactly once
if param.has_key('onetime'):
TokenClass.set_count_auth_success_max(self, 1)
TokenClass.update(self, param)
def update(self, param):
## check for the required parameters
if (self.hKeyRequired == True):
getParam(param, "otpkey", required)
TokenClass.update(self, param, reset_failcount=False)
for key in ["vasco_appl", "vasco_type", "vasco_auth"]:
val = getParam(param, key, optional)
if val is not None:
self.addToTokenInfo(key, val)
def update(self, param):
## check for the required parameters
if (self.hKeyRequired == True):
getParam(param, "otpkey", required)
TokenClass.update(self, param, reset_failcount=False)
for key in ["vasco_appl", "vasco_type", "vasco_auth"]:
val = getParam(param, key, optional)
if val is not None:
self.addToTokenInfo(key, val)
def update(self, params, reset_failcount=True):
'''
update: add further definition for token from param in case of init
'''
log.debug('[update] %r: %r: ' % (params, reset_failcount))
if params.has_key('ocrasuite'):
self.ocraSuite = params.get('ocrasuite')
else:
activationcode = params.get('activationcode', None)
sharedSecret = params.get('sharedsecret', None)
if activationcode is None and sharedSecret is None:
self.ocraSuite = self.getOcraSuiteSuite()
else:
self.ocraSuite = self.getQROcraSuiteSuite()
if params.get('activationcode', None):
## due to changes in the tokenclass parameter handling
## we have to add for compatibility a genkey parameter
if params.has_key('otpkey') == False and params.has_key('genkey') == False:
log.warning('[Ocra2TokenClass:update] missing parameter genkey\
to complete the rollout 2!')
params['genkey'] = 1
TokenClass.update(self, params, reset_failcount=reset_failcount)
self.addToTokenInfo('ocrasuite', self.ocraSuite)
ocraSuite = OcraSuite(self.ocraSuite)
otplen = ocraSuite.truncation
self.setOtpLen(otplen)
ocraPin = params.get('ocrapin', None)
if ocraPin is not None:
self.token.setUserPin(ocraPin)
if params.has_key('otpkey'):
self.setOtpKey(params.get('otpkey'))
self._rollout_1(params)
self._rollout_2(params)
log.debug('[update]:')
return
def update(self, param):
tokenid = getParam(param, "yubico.tokenid", required)
if len(tokenid) < YUBICO_LEN_ID:
log.error("[update] The token ID needs to be %i characters long!" % YUBICO_LEN_ID)
raise Exception("The YubiKey token ID needs to be %i characters long!" % YUBICO_LEN_ID)
if len(tokenid) > YUBICO_LEN_ID:
tokenid = tokenid[:YUBICO_LEN_ID]
self.tokenid = tokenid
self.setOtpLen(44)
TokenClass.update(self, param)
self.addToTokenInfo("yubico.tokenid", self.tokenid)
return
def update(self, param):
tokenid = getParam(param, "yubico.tokenid", required)
if len(tokenid) < YUBICO_LEN_ID:
log.error("[update] The tokenid needs to be %i characters long!" % YUBICO_LEN_ID)
raise Exception("The Yubikey token ID needs to be %i characters long!" % YUBICO_LEN_ID)
if len(tokenid) > YUBICO_LEN_ID:
tokenid = tokenid[:YUBICO_LEN_ID]
self.tokenid = tokenid
self.setOtpLen(44)
TokenClass.update(self, param)
self.addToTokenInfo("yubico.tokenid", self.tokenid)
return
def update(self, param):
"""
second phase of the init process - updates parameters
:param param: the request parameters
:return: - nothing -
"""
self.remoteServer = getParam(param, "remote.server", required)
# if another OTP length would be specified in /admin/init this would
# be overwritten by the parent class, which is ok.
self.setOtpLen(6)
val = getParam(param, "remote.local_checkpin", optional)
if val is not None:
self.remoteLocalCheckpin = val
val = getParam(param, "remote.serial", optional)
if val is not None:
self.remoteSerial = val
val = getParam(param, "remote.user", optional)
if val is not None:
self.remoteUser = val
val = getParam(param, "remote.realm", optional)
if val is not None:
self.remoteRealm = val
val = getParam(param, "remote.resConf", optional)
if val is not None:
self.remoteResConf = val
TokenClass.update(self, param)
self.addToTokenInfo("remote.server", self.remoteServer)
self.addToTokenInfo("remote.serial", self.remoteSerial)
self.addToTokenInfo("remote.user", self.remoteUser)
self.addToTokenInfo("remote.local_checkpin", self.remoteLocalCheckpin)
self.addToTokenInfo("remote.realm", self.remoteRealm)
self.addToTokenInfo("remote.resConf", self.remoteResConf)
return
def update(self, param):
"""
second phase of the init process - updates token specific parameters
:param param: the request parameters
:return: - nothing -
"""
self.forwardSerial = param["forward.serial"]
# get the otplen of the target token
targetToken = self._getTargetToken(self.forwardSerial)
TokenClass.update(self, param)
self.setOtpLen(targetToken.getOtpLen())
self.addToTokenInfo("forward.serial", self.forwardSerial)
return
def update(self, param):
"""
second phase of the init process - updates parameters
:param param: the request parameters
:return: - nothing -
"""
self.remoteServer = getParam(param, "remote.server", required)
# if another OTP length would be specified in /admin/init this would
# be overwritten by the parent class, which is ok.
self.setOtpLen(6)
val = getParam(param, "remote.local_checkpin", optional)
if val is not None:
self.remoteLocalCheckpin = val
val = getParam(param, "remote.serial", optional)
if val is not None:
self.remoteSerial = val
val = getParam(param, "remote.user", optional)
if val is not None:
self.remoteUser = val
val = getParam(param, "remote.realm", optional)
if val is not None:
self.remoteRealm = val
val = getParam(param, "remote.resConf", optional)
if val is not None:
self.remoteResConf = val
TokenClass.update(self, param)
self.addToTokenInfo("remote.server", self.remoteServer)
self.addToTokenInfo("remote.serial", self.remoteSerial)
self.addToTokenInfo("remote.user", self.remoteUser)
self.addToTokenInfo("remote.local_checkpin", self.remoteLocalCheckpin)
self.addToTokenInfo("remote.realm", self.remoteRealm)
self.addToTokenInfo("remote.resConf", self.remoteResConf)
return
def update(self, param):
"""
second phase of the init process - updates token specific parameters
:param param: the request parameters
:return: - nothing -
"""
self.forwardSerial = param["forward.serial"]
# get the otplen of the target token
targetToken = self._getTargetToken(self.forwardSerial)
TokenClass.update(self, param)
self.setOtpLen(targetToken.getOtpLen())
self.addToTokenInfo("forward.serial", self.forwardSerial)
return
def update(self, param, reset_failcount=True):
'''
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
getParam(param, "otpkey", required)
## motp token specific
otpPin = getParam(param, "otppin", required)
self.setUserPin(otpPin)
TokenClass.update(self, param, reset_failcount)
return
def update(self, params):
param_keys = set(params.keys())
init_rollout_state_keys = set(['type', 'hashlib', 'serial', '::scope::',
'key_size', 'user.login', 'description',
'user.realm', 'session', 'otplen',
'resConf', 'user', 'realm', 'qr', 'pin'])
# ----------------------------------------------------------------------
if not param_keys.issubset(init_rollout_state_keys):
# make sure the call aborts, if request
# type wasn't recognized
raise Exception('Unknown request type for token type qr')
# if param keys are in {'type', 'hashlib'} the token is
# initialized for the first time. this is e.g. done on the
# manage web ui. since the token doesn't exist in the database
# yet, its rollout state must be None (that is: they data for
# the rollout state doesn't exist yet)
self.ensure_state(None)
# ------------------------------------------------------------------
# we set the the active state of the token to False, because
# it should not be allowed to use it for validation before the
# pairing process is done
self.token.LinOtpIsactive = False
# ------------------------------------------------------------------
if 'otplen' not in params:
params['otplen'] = getFromConfig("QRTokenDefault.otplen", 8)
# -------------------------------------------------------------- --
TokenClass.update(self, params, reset_failcount=True)
def update(self, param, reset_failcount=True):
'''
update - process initialization parameters
:param param: dict of initialization parameters
:type param: dict
:return: nothing
'''
log.debug("[update] begin. adjust the token class with: param %r" % (param))
getParam(param, "otpkey", required)
## motp token specific
otpPin = getParam(param, "otppin", required)
self.token.setUserPin(otpPin)
TokenClass.update(self, param, reset_failcount)
log.debug("[update] all token parameters are set.")
return
def update(self, params):
"""
initialization entry hook for the enrollment process.
:param params: parameters provided by the client
:raises Exception: If the client supplied unrecognized
configuration parameters for this token type
:raises Exception: If the policy 'pushtoken_pairing_callback_url'
was not set.
:raises TokenStateError: If token state is not None
(default pre-enrollment state)
"""
param_keys = set(params.keys())
init_rollout_state_keys = set(['type', 'serial', '::scope::',
'user.login', 'description',
'user.realm', 'session', 'key_size',
'resConf', 'user', 'realm',
'pin'])
# ----------------------------------------------------------------------
if not param_keys.issubset(init_rollout_state_keys):
# make sure the call aborts, if request
# type wasn't recognized
raise Exception('Unknown request type for token type pushtoken')
# if param keys are in above set, the token is
# initialized for the first time. this is e.g. done on the
# manage web ui. since the token doesn't exist in the database
# yet, its rollout state must be None (that is: the data for
# the rollout state doesn't exist yet)
self.ensure_state(None)
# ------------------------------------------------------------------
# we check if callback policies are set. this must be done here
# because the token gets saved directly after the update method
# in the TokenHandler
_ = context['translate']
owner = get_token_owner(self)
if owner and owner.login and owner.realm:
realms = [owner.realm]
else:
realms = self.getRealms()
cb_url = get_single_auth_policy('pushtoken_pairing_callback_url',
user=owner, realms=realms)
if not cb_url:
raise Exception(_('Policy pushtoken_pairing_callback_url must '
'have a value'))
partition = get_partition(realms, owner)
self.addToTokenInfo('partition', partition)
# ------------------------------------------------------------------
# we set the the active state of the token to False, because
# it should not be allowed to use it for validation before the
# pairing process is done
self.token.LinOtpIsactive = False
# -------------------------------------------------------------- --
TokenClass.update(self, params, reset_failcount=True)
# -------------------------------------------------------------- --
self.change_state('initialized')
def update(self, params):
param_keys = set(params.keys())
init_rollout_state_keys = {'type', 'hashlib', 'serial', '::scope::',
'key_size', 'user.login', 'description',
'user.realm', 'session', 'otplen', 'resConf',
'user', 'realm', 'qr', 'pin'}
# ----------------------------------------------------------------------
if not param_keys.issubset(init_rollout_state_keys):
# make sure the call aborts, if request
# type wasn't recognized
raise Exception('Unknown request type for token type qr')
# if param keys are in {'type', 'hashlib'} the token is
# initialized for the first time. this is e.g. done on the
# manage web ui. since the token doesn't exist in the database
# yet, its rollout state must be None (that is: they data for
# the rollout state doesn't exist yet)
self.ensure_state(None)
# ------------------------------------------------------------------
# we check if callback policies are set. this must be done here
# because the token gets saved directly after the update method
# in the TokenHandler
_ = context['translate']
owner = get_token_owner(self)
if owner and owner.login and owner.realm:
realms = [owner.realm]
else:
realms = self.getRealms()
pairing_policies = ['qrtoken_pairing_callback_url',
'qrtoken_pairing_callback_sms']
cb_url = get_single_auth_policy(pairing_policies[0],
user=owner, realms=realms)
cb_sms = get_single_auth_policy(pairing_policies[1],
user=owner, realms=realms)
if not cb_url and not cb_sms:
raise Exception(_('Policy %s must have a value') %
_(" or ").join(pairing_policies))
challenge_policies = ['qrtoken_challenge_callback_url',
'qrtoken_challenge_callback_sms']
cb_url = get_single_auth_policy(challenge_policies[0],
user=owner, realms=realms)
cb_sms = get_single_auth_policy(challenge_policies[1],
user=owner, realms=realms)
if not cb_url and not cb_sms:
raise Exception(_('Policy %s must have a value') %
_(" or ").join(pairing_policies))
# ------------------------------------------------------------------
# we set the the active state of the token to False, because
# it should not be allowed to use it for validation before the
# pairing process is done
self.token.LinOtpIsactive = False
# ------------------------------------------------------------------
if 'otplen' not in params:
params['otplen'] = getFromConfig("QRTokenOtpLen", 8)
# -------------------------------------------------------------- --
TokenClass.update(self, params, reset_failcount=True)
def update(self, params):
param_keys = set(params.keys())
init_rollout_state_keys = set([
'type', 'hashlib', 'serial', '::scope::', 'key_size', 'user.login',
'description', 'user.realm', 'session', 'otplen', 'resConf',
'user', 'realm', 'qr', 'pin'
])
# ------------------------------------------------------------------- --
if not param_keys.issubset(init_rollout_state_keys):
# make sure the call aborts, if request
# type wasn't recognized
raise Exception('Unknown request type for token type qr')
# if param keys are in {'type', 'hashlib'} the token is
# initialized for the first time. this is e.g. done on the
# manage web ui. since the token doesn't exist in the database
# yet, its rollout state must be None (that is: they data for
# the rollout state doesn't exist yet)
self.ensure_state(None)
# --------------------------------------------------------------- --
# we check if callback policies are set. this must be done here
# because the token gets saved directly after the update method
# in the TokenHandler
_ = context['translate']
owner = get_token_owner(self)
if owner and owner.login and owner.realm:
realms = [owner.realm]
else:
realms = self.getRealms()
pairing_policies = [
'qrtoken_pairing_callback_url', 'qrtoken_pairing_callback_sms'
]
cb_url = get_single_auth_policy(pairing_policies[0],
user=owner,
realms=realms)
cb_sms = get_single_auth_policy(pairing_policies[1],
user=owner,
realms=realms)
if not cb_url and not cb_sms:
raise Exception(
_('Policy %s must have a value') %
_(" or ").join(pairing_policies))
challenge_policies = [
'qrtoken_challenge_callback_url', 'qrtoken_challenge_callback_sms'
]
cb_url = get_single_auth_policy(challenge_policies[0],
user=owner,
realms=realms)
cb_sms = get_single_auth_policy(challenge_policies[1],
user=owner,
realms=realms)
if not cb_url and not cb_sms:
raise Exception(
_('Policy %s must have a value') %
_(" or ").join(challenge_policies))
partition = get_partition(realms, owner)
self.addToTokenInfo('partition', partition)
# --------------------------------------------------------------- --
# we set the the active state of the token to False, because
# it should not be allowed to use it for validation before the
# pairing process is done
self.token.LinOtpIsactive = False
# --------------------------------------------------------------- --
if 'otplen' not in params:
params['otplen'] = getFromConfig("QRTokenOtpLen", 8)
# -------------------------------------------------------------- --
TokenClass.update(self, params, reset_failcount=True)
