Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
P
python-module-privacyidea-pam
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Eugene Omelyanovich
python-module-privacyidea-pam
Commits
bce754b1
Commit
bce754b1
authored
Mar 03, 2016
by
Brandon Smith
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make u2f logic more friendly to other challenge/response token types
parent
eb1e743e
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
26 additions
and
26 deletions
+26
-26
privacyidea_pam.py
privacyidea_pam.py
+26
-26
No files found.
privacyidea_pam.py
View file @
bce754b1
...
...
@@ -125,14 +125,33 @@ class Authenticator(object):
auth_item
)
else
:
transaction_id
=
detail
.
get
(
"transaction_id"
)
challenge
=
None
if
"attributes"
in
detail
:
attributes
=
detail
.
get
(
"attributes"
)
if
transaction_id
:
attributes
=
detail
.
get
(
"attributes"
,
{}
)
if
"u2fSignRequest"
in
attributes
:
syslog
.
syslog
(
syslog
.
LOG_DEBUG
,
"Prompting for U2F authentication"
)
# In case of U2F the $attributes looks like this:
rval
=
self
.
u2f_challenge_response
(
transaction_id
,
detail
.
get
(
"message"
),
attributes
)
else
:
syslog
.
syslog
(
syslog
.
LOG_ERR
,
"
%
s: unsupported challenge"
%
__name__
)
else
:
rval
=
self
.
pamh
.
PAM_AUTH_ERR
else
:
syslog
.
syslog
(
syslog
.
LOG_ERR
,
"
%
s:
%
s"
%
(
__name__
,
result
.
get
(
"error"
)
.
get
(
"message"
)))
return
rval
def
u2f_challenge_response
(
self
,
transaction_id
,
message
,
attributes
):
rval
=
self
.
pamh
.
PAM_SYSTEM_ERR
syslog
.
syslog
(
syslog
.
LOG_DEBUG
,
"Prompting for U2F authentication"
)
# In case of U2F "attributes" looks like this:
# {
# "img": "static/css/FIDO-U2F-Security-Key-444x444.png#012",
# "hideResponseInput" "1",
...
...
@@ -150,27 +169,8 @@ class Authenticator(object):
%
s
----- END U2F CHALLENGE -----"""
%
(
self
.
URL
,
json
.
dumps
(
attributes
[
"u2fSignRequest"
]),
str
(
detail
.
get
(
"message"
,
""
)))
if
transaction_id
:
if
challenge
:
rval
=
self
.
challenge_response
(
transaction_id
,
challenge
)
else
:
syslog
.
syslog
(
syslog
.
LOG_ERR
,
"
%
s: unsupported challenge"
%
__name__
)
str
(
message
or
""
))
else
:
rval
=
self
.
pamh
.
PAM_AUTH_ERR
else
:
syslog
.
syslog
(
syslog
.
LOG_ERR
,
"
%
s:
%
s"
%
(
__name__
,
result
.
get
(
"error"
)
.
get
(
"message"
)))
return
rval
def
challenge_response
(
self
,
transaction_id
,
challenge
):
rval
=
self
.
pamh
.
PAM_SYSTEM_ERR
message
=
self
.
pamh
.
Message
(
self
.
pamh
.
PAM_PROMPT_ECHO_OFF
,
challenge
)
response
=
self
.
pamh
.
conversation
(
message
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
