Added validation servers to auth.

2025-02-20 14:54:30 +01:00 · 2013-05-08 11:22:28 +02:00 · 2013-05-08 11:22:28 +02:00 · 1b31251430
commit 1b31251430
parent 281dd92e9c
3 changed files with 79 additions and 7 deletions
--- a/yubiadmin/apps/auth.py
+++ b/yubiadmin/apps/auth.py
@ -25,23 +25,33 @@
 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.

-from wtforms.fields import SelectField, TextField, PasswordField, BooleanField
+from wtforms.fields import (SelectField, TextField, PasswordField,
+                            BooleanField, IntegerField)
 from wtforms.widgets import PasswordInput
-from wtforms.validators import NumberRange, IPAddress
+from wtforms.validators import NumberRange, URL
 from yubiadmin.util.app import App
-from yubiadmin.util.config import python_handler, FileConfig
-from yubiadmin.util.form import ConfigForm, FileForm
+from yubiadmin.util.config import (python_handler, python_list_handler,
+                                   FileConfig)
+from yubiadmin.util.form import ConfigForm, FileForm, ListField

 __all__ = [
    'app'
 ]

 AUTH_CONFIG_FILE = '/etc/yubico/auth/yubiauth.conf'
+YKVAL_SERVERS = [
+    'https://api.yubico.com/wsapi/2.0/verify',
+    'https://api2.yubico.com/wsapi/2.0/verify',
+    'https://api3.yubico.com/wsapi/2.0/verify',
+    'https://api4.yubico.com/wsapi/2.0/verify',
+    'https://api5.yubico.com/wsapi/2.0/verify'
+]


 auth_config = FileConfig(
    AUTH_CONFIG_FILE,
    [
+        ('server_list', python_list_handler('YKVAL_SERVERS', YKVAL_SERVERS)),
        ('client_id', python_handler('YKVAL_CLIENT_ID', 11004)),
        ('client_secret', python_handler('YKVAL_CLIENT_SECRET',
                                         '5Vm3Zp2mUTQHMo1DeG9tdojpc1Y=')),
@ -112,6 +122,25 @@ class HSMForm(ConfigForm):
    hsm_device = TextField('YubiHSM device')


+class ValidationServerForm(ConfigForm):
+    legend = 'Validation Servers'
+    description = 'Configure servers used for YubiKey OTP validation'
+    config = auth_config
+    attrs = {
+        'client_secret': {'class': 'input-xxlarge'},
+        'server_list': {'rows': 5, 'class': 'input-xxlarge'}
+    }
+
+    client_id = IntegerField('Client ID', [NumberRange(0)])
+    client_secret = TextField('API key')
+    server_list = ListField(
+        'Validation Server URLs', [URL()],
+        description="""
+        List of URLs to YubiKey validation servers.
+        Example: <code>http://example.com/wsapi/2.0/verify</code>
+        """)
+
+
 class YubiAuth(App):
    """
    YubiAuth
@ -120,7 +149,7 @@ class YubiAuth(App):
    """

    name = 'auth'
-    sections = ['general', 'advanced']
+    sections = ['general', 'validation', 'advanced']

    def general(self, request):
        """
@ -128,6 +157,12 @@ class YubiAuth(App):
        """
        return self.render_forms(request, [SecurityForm(), HSMForm()])

+    def validation(self, request):
+        """
+        Validation Server(s)
+        """
+        return self.render_forms(request, [ValidationServerForm()])
+
    def advanced(self, request):
        """
        Advanced
--- a/yubiadmin/apps/val.py
+++ b/yubiadmin/apps/val.py
@ -97,7 +97,7 @@ class KSMHandler(object):
        block = self._get_block(content)
        value = ('function otp2ksmurls($otp, $client) {\n' +
                 '\treturn array (\n' +
-                 '\m'.join(['\t\t"%s",' % x for x in value]) +
+                 '\n'.join(['\t\t"%s",' % x for x in value]) +
                 '\n\t);\n}')
        if block:
            match = self.FUNCTION.search(content)
--- a/yubiadmin/util/config.py
+++ b/yubiadmin/util/config.py
@ -28,6 +28,7 @@
 import os
 import re
 import errno
+import csv
 import logging as log
 from collections import MutableMapping, OrderedDict

@ -37,6 +38,7 @@ __all__ = [
    'strip_comments',
    'php_inserter',
    'python_handler',
+    'python_list_handler',
    'parse_block',
    'parse_value'
 ]
@ -69,7 +71,42 @@ def python_handler(varname, default):
    return RegexHandler(pattern, writer, reader, default=default)


-def strip_comments(text):
+class python_list_handler:
+    def __init__(self, varname, default):
+        self.pattern = re.compile(r'(?m)^\s*%s\s*=\s*\[' % varname)
+        self.varname = varname
+        self.default = default
+
+    def _get_block(self, content):
+        match = self.pattern.search(content)
+        if match:
+            return parse_block(content[match.end():], '[', ']')
+        return None
+
+    def read(self, content):
+        block = self._get_block(content)
+        if block:
+            block = re.sub(r'(?m)\s+', '', block)
+            parts = next(csv.reader([block], skipinitialspace=True), [])
+            return [strip_quotes(x) for x in parts]
+        else:
+            return self.default
+
+    def write(self, content, value):
+        block = self._get_block(content)
+        value = ('%s = [\n' % self.varname +
+                 '\n'.join(['    "%s",' % x for x in value]) +
+                 '\n]')
+        if block:
+            match = self.pattern.search(content)
+            start = content[:match.start()]
+            end = content[match.end() + len(block) + 1:]
+            return start + value + end
+        else:
+            return '%s\n%s' % (content, value)
+
+
+def strip_comments(text, ):
    def replacer(match):
        s = match.group(0)
        if s[0] in ['/', '#']: