mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
ipa-otpd: add passkey_child_debug_level option
By setting passkey_child_debug_level in default.conf the debug level for the passkey_child helper utility can be set. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
b252988da6
commit
8d12d497f6
@ -166,6 +166,9 @@ Specifies the mount point that the development server will register. The default
|
|||||||
.B oidc_child_debug_level <debuglevel>
|
.B oidc_child_debug_level <debuglevel>
|
||||||
Specifies the debug level of \fBoidc_child\fR, a helper process used by \fBipa-otpd\fR for OIDC/OAuth2 authentication. Level can be between 0 and 10, the higher the more details. If the level is 6 or higher HTTP debug output is added as well.
|
Specifies the debug level of \fBoidc_child\fR, a helper process used by \fBipa-otpd\fR for OIDC/OAuth2 authentication. Level can be between 0 and 10, the higher the more details. If the level is 6 or higher HTTP debug output is added as well.
|
||||||
.TP
|
.TP
|
||||||
|
.B passkey_child_debug_level <debuglevel>
|
||||||
|
Specifies the debug level of \fBpasskey_child\fR, a helper process used by \fBipa-otpd\fR for passkey authentication. Level can be between 0 and 10, the higher the more details. If the level is 6 or higher libfido2 debug output is added as well.
|
||||||
|
.TP
|
||||||
.B prompt_all <boolean>
|
.B prompt_all <boolean>
|
||||||
Specifies that all options should be prompted for in the IPA client, even optional values. Default is False.
|
Specifies that all options should be prompted for in the IPA client, even optional values. Default is False.
|
||||||
.TP
|
.TP
|
||||||
|
@ -62,6 +62,8 @@ struct otpd_queue_item_passkey {
|
|||||||
struct passkey_data *data_in;
|
struct passkey_data *data_in;
|
||||||
struct passkey_data *data_out;
|
struct passkey_data *data_out;
|
||||||
krb5_data state;
|
krb5_data state;
|
||||||
|
char* ipapasskeyDebugLevelStr;
|
||||||
|
krb5_boolean ipapasskeyDebugFido2;
|
||||||
};
|
};
|
||||||
|
|
||||||
static void free_passkey_data(struct passkey_data *p)
|
static void free_passkey_data(struct passkey_data *p)
|
||||||
@ -124,6 +126,7 @@ static struct otpd_queue_item_passkey *get_otpd_queue_item_passkey(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#define PASSKEY_PREFIX "passkey "
|
#define PASSKEY_PREFIX "passkey "
|
||||||
|
#define ENV_PASSKEY_CHILD_DEBUG_LEVEL "passkey_child_debug_level"
|
||||||
|
|
||||||
/* Parse the passkey configuration */
|
/* Parse the passkey configuration */
|
||||||
const char *otpd_parse_passkey(LDAP *ldp, LDAPMessage *entry,
|
const char *otpd_parse_passkey(LDAP *ldp, LDAPMessage *entry,
|
||||||
@ -131,6 +134,9 @@ const char *otpd_parse_passkey(LDAP *ldp, LDAPMessage *entry,
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
char **objectclasses = NULL;
|
char **objectclasses = NULL;
|
||||||
|
long dbg_lvl = 0;
|
||||||
|
const char *dbg_env = NULL;
|
||||||
|
char *endptr = NULL;
|
||||||
|
|
||||||
if (item->passkey == NULL) {
|
if (item->passkey == NULL) {
|
||||||
otpd_log_req(item->req,
|
otpd_log_req(item->req,
|
||||||
@ -165,6 +171,33 @@ const char *otpd_parse_passkey(LDAP *ldp, LDAPMessage *entry,
|
|||||||
entry = ldap_next_entry(ldp, entry);
|
entry = ldap_next_entry(ldp, entry);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
item->passkey->ipapasskeyDebugLevelStr = NULL;
|
||||||
|
item->passkey->ipapasskeyDebugFido2 = FALSE;
|
||||||
|
dbg_env = getenv(ENV_PASSKEY_CHILD_DEBUG_LEVEL);
|
||||||
|
if (dbg_env != NULL && *dbg_env != '\0') {
|
||||||
|
errno = 0;
|
||||||
|
dbg_lvl = strtoul(dbg_env, &endptr, 10);
|
||||||
|
if (errno == 0 && *endptr == '\0') {
|
||||||
|
if (dbg_lvl < 0) {
|
||||||
|
dbg_lvl = 0;
|
||||||
|
} else if (dbg_lvl > 10) {
|
||||||
|
dbg_lvl = 10;
|
||||||
|
}
|
||||||
|
if (asprintf(&item->passkey->ipapasskeyDebugLevelStr, "%ld",
|
||||||
|
dbg_lvl) != -1) {
|
||||||
|
if (dbg_lvl > 5) {
|
||||||
|
item->passkey->ipapasskeyDebugFido2 = TRUE;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
otpd_log_req(item->req, "Failed to copy debug level");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
otpd_log_req(item->req,
|
||||||
|
"Cannot parse value [%s] from environment variable [%s]",
|
||||||
|
dbg_env, ENV_PASSKEY_CHILD_DEBUG_LEVEL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -681,6 +714,13 @@ static int do_passkey_response(struct otpd_queue_item *item)
|
|||||||
args[args_idx++] = item->passkey->data_in->data.response.authenticator_data;
|
args[args_idx++] = item->passkey->data_in->data.response.authenticator_data;
|
||||||
args[args_idx++] = "--signature";
|
args[args_idx++] = "--signature";
|
||||||
args[args_idx++] = item->passkey->data_in->data.response.assertion_signature;
|
args[args_idx++] = item->passkey->data_in->data.response.assertion_signature;
|
||||||
|
if (item->passkey->ipapasskeyDebugLevelStr != NULL) {
|
||||||
|
args[args_idx++] = "--debug-level";
|
||||||
|
args[args_idx++] = item->passkey->ipapasskeyDebugLevelStr;
|
||||||
|
}
|
||||||
|
if (item->passkey->ipapasskeyDebugFido2) {
|
||||||
|
args[args_idx++] = "--debug-libfido2";
|
||||||
|
}
|
||||||
|
|
||||||
ret = pipe(pipefd_from_child);
|
ret = pipe(pipefd_from_child);
|
||||||
if (ret == -1) {
|
if (ret == -1) {
|
||||||
|
Loading…
Reference in New Issue
Block a user