summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--API.txt46
-rw-r--r--VERSION4
-rw-r--r--ipalib/plugins/otptoken.py65
3 files changed, 58 insertions, 57 deletions
diff --git a/API.txt b/API.txt
index 070134959..971edd915 100644
--- a/API.txt
+++ b/API.txt
@@ -2221,34 +2221,34 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: otptoken_add
args: 1,21,3
-arg: Str('ipatokenuniqueid', attribute=True, cli_name='id', multivalue=False, primary_key=True, required=False)
+arg: Str('ipatokenuniqueid', attribute=True, autofill=True, cli_name='id', multivalue=False, primary_key=True, required=False)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False)
option: Bool('ipatokendisabled', attribute=True, cli_name='disabled', multivalue=False, required=False)
-option: Int('ipatokenhotpcounter', attribute=True, cli_name='counter', minvalue=0, multivalue=False, required=False)
-option: Str('ipatokenmodel', attribute=True, cli_name='model', multivalue=False, required=False)
+option: Int('ipatokenhotpcounter', attribute=True, autofill=True, cli_name='counter', default=0, minvalue=0, multivalue=False, required=False)
+option: Str('ipatokenmodel', attribute=True, autofill=True, cli_name='model', multivalue=False, required=False)
option: Str('ipatokennotafter', attribute=True, cli_name='not_after', multivalue=False, required=False)
option: Str('ipatokennotbefore', attribute=True, cli_name='not_before', multivalue=False, required=False)
-option: StrEnum('ipatokenotpalgorithm', attribute=True, cli_name='algo', multivalue=False, required=False, values=(u'sha1', u'sha256', u'sha384', u'sha512'))
-option: IntEnum('ipatokenotpdigits', attribute=True, cli_name='digits', multivalue=False, required=False, values=(6, 8))
-option: OTPTokenKey('ipatokenotpkey', attribute=True, cli_name='key', multivalue=False, required=False)
+option: StrEnum('ipatokenotpalgorithm', attribute=True, autofill=True, cli_name='algo', default=u'sha1', multivalue=False, required=False, values=(u'sha1', u'sha256', u'sha384', u'sha512'))
+option: IntEnum('ipatokenotpdigits', attribute=True, autofill=True, cli_name='digits', default=6, multivalue=False, required=False, values=(6, 8))
+option: OTPTokenKey('ipatokenotpkey', attribute=True, autofill=True, cli_name='key', multivalue=False, required=False)
option: Str('ipatokenowner', attribute=True, cli_name='owner', multivalue=False, required=False)
-option: Str('ipatokenserial', attribute=True, cli_name='serial', multivalue=False, required=False)
-option: Int('ipatokentotpclockoffset', attribute=True, cli_name='offset', multivalue=False, required=False)
-option: Int('ipatokentotptimestep', attribute=True, cli_name='interval', minvalue=5, multivalue=False, required=False)
-option: Str('ipatokenvendor', attribute=True, cli_name='vendor', multivalue=False, required=False)
+option: Str('ipatokenserial', attribute=True, autofill=True, cli_name='serial', multivalue=False, required=False)
+option: Int('ipatokentotpclockoffset', attribute=True, autofill=True, cli_name='offset', default=0, multivalue=False, required=False)
+option: Int('ipatokentotptimestep', attribute=True, autofill=True, cli_name='interval', default=30, minvalue=5, multivalue=False, required=False)
+option: Str('ipatokenvendor', attribute=True, autofill=True, cli_name='vendor', default=u'FreeIPA', multivalue=False, required=False)
option: Flag('qrcode?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Str('setattr*', cli_name='setattr', exclude='webui')
-option: StrEnum('type', attribute=False, cli_name='type', multivalue=False, required=False, values=(u'totp', u'hotp'))
+option: StrEnum('type', attribute=False, autofill=True, cli_name='type', default=u'totp', multivalue=False, required=False, values=(u'totp', u'hotp'))
option: Str('version?', exclude='webui')
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: otptoken_del
args: 1,2,3
-arg: Str('ipatokenuniqueid', attribute=True, cli_name='id', multivalue=True, primary_key=True, query=True, required=True)
+arg: Str('ipatokenuniqueid', attribute=True, autofill=True, cli_name='id', multivalue=True, primary_key=True, query=True, required=True)
option: Flag('continue', autofill=True, cli_name='continue', default=False)
option: Str('version?', exclude='webui')
output: Output('result', <type 'dict'>, None)
@@ -2260,23 +2260,23 @@ arg: Str('criteria?', noextrawhitespace=False)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False)
option: Bool('ipatokendisabled', attribute=True, autofill=False, cli_name='disabled', multivalue=False, query=True, required=False)
-option: Int('ipatokenhotpcounter', attribute=True, autofill=False, cli_name='counter', minvalue=0, multivalue=False, query=True, required=False)
+option: Int('ipatokenhotpcounter', attribute=True, autofill=False, cli_name='counter', default=0, minvalue=0, multivalue=False, query=True, required=False)
option: Str('ipatokenmodel', attribute=True, autofill=False, cli_name='model', multivalue=False, query=True, required=False)
option: Str('ipatokennotafter', attribute=True, autofill=False, cli_name='not_after', multivalue=False, query=True, required=False)
option: Str('ipatokennotbefore', attribute=True, autofill=False, cli_name='not_before', multivalue=False, query=True, required=False)
-option: StrEnum('ipatokenotpalgorithm', attribute=True, autofill=False, cli_name='algo', multivalue=False, query=True, required=False, values=(u'sha1', u'sha256', u'sha384', u'sha512'))
-option: IntEnum('ipatokenotpdigits', attribute=True, autofill=False, cli_name='digits', multivalue=False, query=True, required=False, values=(6, 8))
+option: StrEnum('ipatokenotpalgorithm', attribute=True, autofill=False, cli_name='algo', default=u'sha1', multivalue=False, query=True, required=False, values=(u'sha1', u'sha256', u'sha384', u'sha512'))
+option: IntEnum('ipatokenotpdigits', attribute=True, autofill=False, cli_name='digits', default=6, multivalue=False, query=True, required=False, values=(6, 8))
option: Str('ipatokenowner', attribute=True, autofill=False, cli_name='owner', multivalue=False, query=True, required=False)
option: Str('ipatokenserial', attribute=True, autofill=False, cli_name='serial', multivalue=False, query=True, required=False)
-option: Int('ipatokentotpclockoffset', attribute=True, autofill=False, cli_name='offset', multivalue=False, query=True, required=False)
-option: Int('ipatokentotptimestep', attribute=True, autofill=False, cli_name='interval', minvalue=5, multivalue=False, query=True, required=False)
+option: Int('ipatokentotpclockoffset', attribute=True, autofill=False, cli_name='offset', default=0, multivalue=False, query=True, required=False)
+option: Int('ipatokentotptimestep', attribute=True, autofill=False, cli_name='interval', default=30, minvalue=5, multivalue=False, query=True, required=False)
option: Str('ipatokenuniqueid', attribute=True, autofill=False, cli_name='id', multivalue=False, primary_key=True, query=True, required=False)
-option: Str('ipatokenvendor', attribute=True, autofill=False, cli_name='vendor', multivalue=False, query=True, required=False)
+option: Str('ipatokenvendor', attribute=True, autofill=False, cli_name='vendor', default=u'FreeIPA', multivalue=False, query=True, required=False)
option: Flag('pkey_only?', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Int('sizelimit?', autofill=False, minvalue=0)
option: Int('timelimit?', autofill=False, minvalue=0)
-option: StrEnum('type', attribute=False, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'totp', u'hotp'))
+option: StrEnum('type', attribute=False, autofill=False, cli_name='type', default=u'totp', multivalue=False, query=True, required=False, values=(u'totp', u'hotp'))
option: Str('version?', exclude='webui')
output: Output('count', <type 'int'>, None)
output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
@@ -2284,7 +2284,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('truncated', <type 'bool'>, None)
command: otptoken_mod
args: 1,16,3
-arg: Str('ipatokenuniqueid', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('ipatokenuniqueid', attribute=True, autofill=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
option: Str('addattr*', cli_name='addattr', exclude='webui')
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Str('delattr*', cli_name='delattr', exclude='webui')
@@ -2295,9 +2295,9 @@ option: Str('ipatokennotafter', attribute=True, autofill=False, cli_name='not_af
option: Str('ipatokennotbefore', attribute=True, autofill=False, cli_name='not_before', multivalue=False, required=False)
option: Str('ipatokenowner', attribute=True, autofill=False, cli_name='owner', multivalue=False, required=False)
option: Str('ipatokenserial', attribute=True, autofill=False, cli_name='serial', multivalue=False, required=False)
-option: Str('ipatokenvendor', attribute=True, autofill=False, cli_name='vendor', multivalue=False, required=False)
+option: Str('ipatokenvendor', attribute=True, autofill=False, cli_name='vendor', default=u'FreeIPA', multivalue=False, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('rename', cli_name='rename', multivalue=False, primary_key=True, required=False)
+option: Str('rename', autofill=True, cli_name='rename', multivalue=False, primary_key=True, required=False)
option: Flag('rights', autofill=True, default=False)
option: Str('setattr*', cli_name='setattr', exclude='webui')
option: Str('version?', exclude='webui')
@@ -2306,7 +2306,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
output: Output('value', <type 'unicode'>, None)
command: otptoken_show
args: 1,4,3
-arg: Str('ipatokenuniqueid', attribute=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
+arg: Str('ipatokenuniqueid', attribute=True, autofill=True, cli_name='id', multivalue=False, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Flag('rights', autofill=True, default=False)
diff --git a/VERSION b/VERSION
index b1dcb9c05..64472ada1 100644
--- a/VERSION
+++ b/VERSION
@@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=75
-# Last change: npmccallum - HOTP support
+IPA_API_VERSION_MINOR=76
+# Last change: npmccallum - otptoken defaults change
diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py
index 8e76ada90..92853dec3 100644
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@@ -53,7 +53,10 @@ EXAMPLES:
register = Registry()
-TOKEN_TYPES = (u'totp', u'hotp')
+TOKEN_TYPES = {
+ u'totp': ['ipatokentotpclockoffset', 'ipatokentotptimestep'],
+ u'hotp': ['ipatokenhotpcounter']
+}
# NOTE: For maximum compatibility, KEY_LENGTH % 5 == 0
KEY_LENGTH = 10
@@ -117,12 +120,16 @@ class otptoken(LDAPObject):
Str('ipatokenuniqueid',
cli_name='id',
label=_('Unique ID'),
+ default_from=lambda: unicode(uuid.uuid4()),
+ autofill=True,
primary_key=True,
flags=('optional_create'),
),
StrEnum('type?',
label=_('Type'),
- values=TOKEN_TYPES,
+ default=u'totp',
+ autofill=True,
+ values=tuple(TOKEN_TYPES.keys()),
flags=('virtual_attribute', 'no_update'),
),
Str('description?',
@@ -148,23 +155,33 @@ class otptoken(LDAPObject):
Str('ipatokenvendor?',
cli_name='vendor',
label=_('Vendor'),
+ default=u'FreeIPA',
+ autofill=True,
),
Str('ipatokenmodel?',
cli_name='model',
label=_('Model'),
+ default_from=lambda type: type,
+ autofill=True,
),
Str('ipatokenserial?',
cli_name='serial',
label=_('Serial'),
+ default_from=lambda id: id,
+ autofill=True,
),
OTPTokenKey('ipatokenotpkey?',
cli_name='key',
label=_('Key'),
+ default_from=lambda: "".join(random.SystemRandom().sample(map(chr, range(256)), 10)),
+ autofill=True,
flags=('no_display', 'no_update', 'no_search'),
),
StrEnum('ipatokenotpalgorithm?',
cli_name='algo',
label=_('Algorithm'),
+ default=u'sha1',
+ autofill=True,
flags=('no_update'),
values=(u'sha1', u'sha256', u'sha384', u'sha512'),
),
@@ -172,22 +189,30 @@ class otptoken(LDAPObject):
cli_name='digits',
label=_('Display length'),
values=(6, 8),
+ default=6,
+ autofill=True,
flags=('no_update'),
),
Int('ipatokentotpclockoffset?',
cli_name='offset',
label=_('Clock offset'),
+ default=0,
+ autofill=True,
flags=('no_update'),
),
Int('ipatokentotptimestep?',
cli_name='interval',
label=_('Clock interval'),
+ default=30,
+ autofill=True,
minvalue=5,
flags=('no_update'),
),
Int('ipatokenhotpcounter?',
cli_name='counter',
label=_('Counter'),
+ default=0,
+ autofill=True,
minvalue=0,
flags=('no_update'),
),
@@ -208,37 +233,13 @@ class otptoken_add(LDAPCreate):
)
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
- # These are values we always want to write to LDAP. So if they are
- # specified as a value that evaluates to False (i.e. None), delete them
- # and fill in the defaults below.
- for attr in ('ipatokentotpclockoffset', 'ipatokentotptimestep',
- 'ipatokenotpalgorithm', 'ipatokenotpdigits',
- 'ipatokenotpkey'):
- if attr in entry_attrs and not entry_attrs[attr]:
- del entry_attrs[attr]
-
- # Set defaults. This needs to happen on the server side because we may
- # have global configurable defaults in the near future.
- options.setdefault('type', TOKEN_TYPES[0])
- if entry_attrs.get('ipatokenuniqueid', None) is None:
- entry_attrs['ipatokenuniqueid'] = str(uuid.uuid4())
- dn = DN("ipatokenuniqueid=%s" % entry_attrs['ipatokenuniqueid'], dn)
- entry_attrs.setdefault('ipatokenvendor', u'FreeIPA')
- entry_attrs.setdefault('ipatokenmodel', options['type'])
- entry_attrs.setdefault('ipatokenserial', entry_attrs['ipatokenuniqueid'])
- entry_attrs.setdefault('ipatokenotpalgorithm', u'sha1')
- entry_attrs.setdefault('ipatokenotpdigits', 6)
- entry_attrs.setdefault('ipatokenotpkey',
- "".join(map(chr, random.SystemRandom().sample(range(255), KEY_LENGTH))))
-
# Set the object class and defaults for specific token types
- if options['type'] == 'totp':
- entry_attrs['objectclass'] = otptoken.object_class + ['ipatokentotp']
- entry_attrs.setdefault('ipatokentotpclockoffset', 0)
- entry_attrs.setdefault('ipatokentotptimestep', 30)
- elif options['type'] == 'hotp':
- entry_attrs['objectclass'] = otptoken.object_class + ['ipatokenhotp']
- entry_attrs.setdefault('ipatokenhotpcounter', 0)
+ entry_attrs['objectclass'] = otptoken.object_class + ['ipatoken' + options['type']]
+ for ttype, tattrs in TOKEN_TYPES.items():
+ if ttype != options['type']:
+ for tattr in tattrs:
+ if tattr in entry_attrs:
+ del entry_attrs[tattr]
# Resolve the user's dn
_normalize_owner(self.api.Object.user, entry_attrs)
generated by cgit (git 2.34.1) at 2024-10-07 03:31:42 +0000