File: passkeyconfig.py

package info (click to toggle)
freeipa 4.12.4-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 100,668 kB
  • sloc: python: 298,952; javascript: 71,606; ansic: 49,369; sh: 6,547; makefile: 2,553; xml: 343; sed: 16
file content (94 lines) | stat: -rw-r--r-- 2,627 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
#
# Copyright (C) 2022  FreeIPA Contributors see COPYING for license
#

import logging

from ipalib import api
from ipalib.parameters import Bool
from ipalib.plugable import Registry
from .baseldap import (
    LDAPObject,
    LDAPRetrieve,
    LDAPUpdate)
from ipalib import _


logger = logging.getLogger(__name__)

__doc__ = _("""
Passkey configuration
""") + _("""
Manage Passkey configuration.
""") + _("""
IPA supports the use of passkeys for authentication. A passkey
device has to be registered to SSSD and the resulting authentication mapping
stored in the user entry.
The passkey authentication supports the following configuration option:
require user verification. When set, the method for user verification depends
on the type of device (PIN, fingerprint, external pad...)
""") + _("""
EXAMPLES:
""") + _("""
 Display the Passkey configuration:
   ipa passkeyconfig-show
""") + _("""
 Modify the Passkey configuration to always require user verification:
   ipa passkeyconfig-mod --require-user-verification=TRUE
""")

register = Registry()


@register()
class passkeyconfig(LDAPObject):
    """
    Passkey configuration object
    """
    object_name = _('Passkey configuration options')
    default_attributes = ['iparequireuserverification']

    container_dn = api.env.container_passkey
    label = _('Passkey Configuration')
    label_singular = _('Passkey Configuration')

    takes_params = (
        Bool(
            'iparequireuserverification',
            cli_name="require_user_verification",
            label=_("Require user verification"),
            doc=_('Require user verification during authentication'),
        ),
    )

    permission_filter_objectclasses = ['ipapasskeyconfigobject']
    managed_permissions = {
        'System: Read Passkey Configuration': {
            'replaces_global_anonymous_aci': True,
            'ipapermbindruletype': 'all',
            'ipapermright': {'read', 'search', 'compare'},
            'ipapermdefaultattr': {
                'iparequireuserverification',
                'cn',
            },
        },
        'System: Modify Passkey Configuration': {
            'replaces_global_anonymous_aci': True,
            'ipapermright': {'write'},
            'ipapermdefaultattr': {
                'iparequireuserverification',
            },
            'default_privileges': {
                'Passkey Administrators'},
        },
    }


@register()
class passkeyconfig_mod(LDAPUpdate):
    __doc__ = _("Modify Passkey configuration.")


@register()
class passkeyconfig_show(LDAPRetrieve):
    __doc__ = _("Show the current Passkey configuration.")