From 5c4944a1e49fc8bf82697f2242730a59b49d4b90 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 5 Apr 2019 08:37:31 -0400 Subject: [PATCH 1/3] Provide a sample script for fixing expired credentials --- misc/fixexpiry.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 misc/fixexpiry.py diff --git a/misc/fixexpiry.py b/misc/fixexpiry.py new file mode 100644 index 00000000..3359c2fa --- /dev/null +++ b/misc/fixexpiry.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python +import pyghmi.util.webclient as webclient +import json +import os +import sys + +tmppassword = 'to3BdS91ABrd' +missingargs = False +if 'XCCUSER' not in os.environ: + print('Must set XCCUSER environment variable') + missingargs = True +if 'XCCPASS' not in os.environ: + print('Must set XCCPASS environment variable') + missingargs = True +if missingargs: + sys.exit(1) + +w = webclient.SecureHTTPConnection(sys.argv[1], 443, verifycallback=lambda x: True) +w.connect() +adata = json.dumps({'username': os.environ['XCCUSER'], 'password': os.environ['XCCPASS']}) +headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'} +w.request('POST', '/api/login', adata, headers) +rsp = w.getresponse() +if rsp.status != 200: + rsp.read() + adata = json.dumps({'username': os.environ['XCCUSER'], 'password': tmppassword}) + headers = {'Connection': 'keep-alive', 'Content-Type': 'application/json'} + w.request('POST', '/api/login', adata, headers) + rsp = w.getresponse() +if rsp.status == 200: + rspdata = json.loads(rsp.read()) + w.set_header('Content-Type', 'application/json') + w.set_header('Authorization', 'Bearer ' + rspdata['access_token']) + if '_csrf_token' in w.cookies: + w.set_header('X-XSRF-TOKEN', w.cookies['_csrf_token']) + if rspdata.get('pwchg_required', False): + print(repr(w.grab_json_response('/api/function', {'USER_UserPassChange': '1,to3BdS91ABrd'}))) + print(repr(w.grab_json_response('/api/dataset', { + 'USER_GlobalPassExpWarningPeriod': '0', + 'USER_GlobalPassExpPeriod': '0', + 'USER_GlobalMinPassReuseCycle': '0', + 'USER_GlobalMinPassReuseCycle': '0', + 'USER_GlobalMinPassChgInt': '0', + }))) + print(repr(w.grab_json_response('/api/function', {'USER_UserPassChange': '1,' + os.environ['XCCPASS']}))) + From d7d3ae344c22f69551133aaa48d2aa7fe1079b3b Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 5 Apr 2019 09:17:45 -0400 Subject: [PATCH 2/3] Skip empty nodes list A noderange based nodegroup would have the empty nodes list cluttering the output. Skip empty nodes list in current settings. --- .../confluent/plugins/configuration/attributes.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/confluent_server/confluent/plugins/configuration/attributes.py b/confluent_server/confluent/plugins/configuration/attributes.py index e9b3b1fc..8c37fd8f 100644 --- a/confluent_server/confluent/plugins/configuration/attributes.py +++ b/confluent_server/confluent/plugins/configuration/attributes.py @@ -74,6 +74,8 @@ def retrieve_nodegroup(nodegroup, element, configmanager, inputdata): for attribute in sorted(list(grpcfg)): currattr = grpcfg[attribute] if attribute == 'nodes': + if not currattr: + continue desc = 'The nodes belonging to this group' elif attribute == 'noderange': desc = 'A dynamic noderange that this group refers to in noderange expansion' @@ -97,8 +99,8 @@ def retrieve_nodegroup(nodegroup, element, configmanager, inputdata): kv={attribute: currattr}, desc=desc) else: - print attribute - print repr(currattr) + print(attribute) + print(repr(currattr)) raise Exception("BUGGY ATTRIBUTE FOR NODEGROUP") From 40dbe63336ed5c140a32393a6acf2183dcd0579f Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 5 Apr 2019 16:53:32 -0400 Subject: [PATCH 3/3] Script to disable password expiry after expired on SMM --- misc/fixsmmexpiry.py | 54 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 misc/fixsmmexpiry.py diff --git a/misc/fixsmmexpiry.py b/misc/fixsmmexpiry.py new file mode 100644 index 00000000..6b4f8314 --- /dev/null +++ b/misc/fixsmmexpiry.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python +import pyghmi.util.webclient as webclient +from xml.etree.ElementTree import fromstring +import os +import sys + +tmppassword = 'to3BdS91ABrd' +missingargs = False +if 'SMMUSER' not in os.environ: + print('Must set SMMUSER environment variable') + missingargs = True +if 'SMMPASS' not in os.environ: + print('Must set SMMPASS environment variable') + missingargs = True +if missingargs: + sys.exit(1) + +w = webclient.SecureHTTPConnection(sys.argv[1], 443, verifycallback=lambda x: True) +w.connect() +adata = 'user={0}&password={1}'.format(os.environ['SMMUSER'], os.environ['SMMPASS']) +bdata = 'user={0}&password={1}'.format(os.environ['SMMUSER'], tmppassword) +headers = {'Connection': 'keep-alive', 'Content-Type': 'application/x-www-form-urlencoded'} +w.request('POST', '/data/login', adata, headers) +rsp = w.getresponse() +rspdata = rsp.read() +restorepwd = False +if 'authResult>1' in rspdata: + restorepwd = True + w.request('POST', '/data/login', bdata, headers) + rsp = w.getresponse() + rspdata = rsp.read() +if 'renew_account' in rspdata: + restorepwd = True + tokens = fromstring(rspdata) + st2 = tokens.findall('st2')[0].text + w.set_header('ST2', st2) + w.request('POST', '/data/changepwd', 'oripwd={0}&newpwd={1}'.format(os.environ['SMMPASS'], tmppassword)) + rsp = w.getresponse() + rspdata = rsp.read() + w.request('POST', '/data/login', bdata, headers) + rsp = w.getresponse() + rspdata = rsp.read() +if 'authResult>0' in rspdata: + tokens = fromstring(rspdata) + st2 = tokens.findall('st2')[0].text + w.set_header('ST2', st2) + rules = 'set=passwordDurationDays:0,passwordExpireWarningDays:0,passwordChangeInterval:0' + w.request('POST', '/data', rules) + rsp = w.getresponse() + print(repr(rsp.read())) + if restorepwd: + w.request('POST', '/data/changepwd', 'oripwd={1}&newpwd={0}'.format(os.environ['SMMPASS'], tmppassword)) + rsp = w.getresponse() + print(repr(rsp.read()))