Skip to content
Projeler
Gruplar
Parçacıklar
Yardım
Yükleniyor...
Oturum aç / Kaydol
Gezinmeyi değiştir
L
Liman MYS - Çekirdek
Proje
Proje
Ayrıntılar
Etkinlik
Cycle Analytics
Depo (repository)
Depo (repository)
Dosyalar
Kayıtlar (commit)
Dallar (branch)
Etiketler
Katkıda bulunanlar
Grafik
Karşılaştır
Grafikler
Konular (issue)
0
Konular (issue)
0
Liste
Pano
Etiketler
Kilometre Taşları
Birleştirme (merge) Talepleri
0
Birleştirme (merge) Talepleri
0
CI / CD
CI / CD
İş akışları (pipeline)
İşler
Zamanlamalar
Grafikler
Paketler
Paketler
Wiki
Wiki
Parçacıklar
Parçacıklar
Üyeler
Üyeler
Collapse sidebar
Close sidebar
Etkinlik
Grafik
Grafikler
Yeni bir konu (issue) oluştur
İşler
Kayıtlar (commit)
Konu (issue) Panoları
Kenar çubuğunu aç
liman
Liman MYS - Çekirdek
Commits
76c26a67
Kaydet (Commit)
76c26a67
authored
Haz 10, 2019
tarafından
mertcelen
Dosyalara gözat
Seçenekler
Dosyalara Gözat
İndir
Sade Fark
Merge branch 'master' of
https://github.com/mertcelen/liman
üst
8072d584
5f0acd85
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
99 additions
and
43 deletions
+99
-43
winrm_cert.py
storage/winrm/winrm_cert.py
+89
-33
winrm_execute.py
storage/winrm/winrm_execute.py
+4
-4
winrm_validate.py
storage/winrm/winrm_validate.py
+6
-6
No files found.
storage/winrm/winrm_cert.py
Dosyayı görüntüle @
76c26a67
...
...
@@ -13,16 +13,19 @@ userPassword = sys.argv[4]
certPath
=
sys
.
argv
[
5
]
keyPath
=
sys
.
argv
[
6
]
certPassword
=
sys
.
argv
[
7
]
subject
=
split
(
"
\
."
,
os
.
path
.
split
(
certPath
)[
-
1
])[
0
]
subject
=
split
(
"
\
."
,
os
.
path
.
split
(
certPath
)[
-
1
])[
0
]
def
checkWritePermission
(
dir
):
if
not
os
.
access
(
dir
,
os
.
W_OK
):
sys
.
exit
(
'Unable to write to file: '
+
dir
)
def
checkCerts
(
file
):
if
os
.
path
.
exists
(
file
):
sys
.
exit
(
'File is already exist: '
+
file
)
def
before
():
### Certificate password can not be empty
# if certPassword == "":
...
...
@@ -39,40 +42,93 @@ def before():
### Check Connection
client
=
Client
(
ip
,
username
=
userName
,
password
=
userPassword
,
cert_validation
=
False
)
try
:
output
,
streams
,
had_errors
=
client
.
execute_ps
(
'ipconfig'
)
output
,
streams
,
had_errors
=
client
.
execute_ps
(
'ipconfig'
)
except
:
print
(
"Connection error"
)
exit
()
print
(
"ok"
)
def
checkCert
()
:
client
=
Client
(
ip
,
username
=
userName
,
password
=
userPassword
,
cert_validation
=
False
)
### Check is certificate exist
# output, streams, had_errors = client.execute_ps("Get-ChildItem -Recurse -Path WSMan:\localhost\ClientCertificate | Where-Object { $_.Value -eq \"administrator\"} ")
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"foreach ($file in Get-Item -Path WSMan:
\\
localhost
\\
ClientCertificate
\\
*) { Where-Object { $file.Keys | Select-Item
\"
%
s
\"
} "
%
userName
)
if
(
output
!=
""
):
print
(
"User already exist in Client Certificates."
)
exit
()
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"""
Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=
%
s" }"""
%
subject
)
return
False
if
output
==
""
else
True
# print("User already exist in Client Certificates.")
def
checkTrustedRoot
()
:
client
=
Client
(
ip
,
username
=
userName
,
password
=
userPassword
,
cert_validation
=
False
)
### Check is user in trusted root cert authority
output1
,
streams
,
had_errors
=
client
.
execute_ps
(
"Get-ChildItem -Path cert:
\
LocalMachine
\\
root | Where-Object { $_.Subject -eq
\"
CN=
%
s
\"
}"
%
subject
)
if
(
output1
!=
""
):
print
(
"User already exist in Trusted Root Certification Authorities."
)
exit
()
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"Get-ChildItem -Path cert:
\
LocalMachine
\\
root | Where-Object { $_.Subject -eq
\"
CN=
%
s
\"
}"
%
subject
)
### Check is user in trusted people
output2
,
streams
,
had_errors
=
client
.
execute_ps
(
"Get-ChildItem -Path cert:
\
LocalMachine
\\
trustedPeople | Where-Object { $_.Subject -eq
\"
CN=
%
s
\"
}"
%
subject
)
if
(
output2
!=
""
):
print
(
"User already exist in Trusted People."
)
exit
()
return
False
if
output
==
""
else
True
# print("User already exist in Trusted Root Certification Authorities.")
print
(
"ok"
)
def
checkTrustedPeople
()
:
client
=
Client
(
ip
,
username
=
userName
,
password
=
userPassword
,
cert_validation
=
False
)
### Check is user in trusted people
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"Get-ChildItem -Path cert:
\
LocalMachine
\\
trustedPeople | Where-Object { $_.Subject -eq
\"
CN=
%
s
\"
}"
%
subject
)
return
False
if
output
==
""
else
True
# print("User already exist in Trusted People.")
def
run
():
before
()
### Connection
client
=
Client
(
ip
,
username
=
userName
,
password
=
userPassword
,
cert_validation
=
False
)
### Create Cert
# output, streams, had_errors = client.execute_ps("""
# Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=%s" }""" % certPath.split(".")[0])
# print()
# exit()
thumb
=
""
### Create or Export Cert
if
checkCert
()
:
try
:
# $wsman = Get-ChildItem -Path WSMan:/localhost/ClientCertificate | Where-Object { $_.Keys -contains \"Issuer=SHFAŞLSKDFJŞALSKDJFŞA\" }
# Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=$subject" } | Remove-Item
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"""
$subject =
\"
%
s
\"
$username =
\"
%
s
\"
$thumbprint = (Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=$subject" }).Thumbprint
echo $thumbprint
Get-ChildItem -Path WSMan:/localhost/ClientCertificate | Where-Object { $_.Keys -contains "Issuer=$thumbprint" } | Remove-Item -Recurse -Force
Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=$subject" } | Remove-Item
"""
%
(
subject
,
userName
))
thumb
=
output
print
(
thumb
)
if
had_errors
:
raise
Exception
()
except
:
print
(
"1"
)
exit
()
if
checkTrustedRoot
()
:
try
:
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"Get-ChildItem -Path cert:
\
LocalMachine
\\
Root | Where-Object { $_.Subject -eq
\"
CN=
%
s
\"
} | Remove-Item"
%
subject
)
if
had_errors
:
raise
Exception
()
except
:
print
(
"2"
)
exit
()
if
checkTrustedPeople
()
:
try
:
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"Get-ChildItem -Path cert:
\
LocalMachine
\\
trustedPeople | Where-Object { $_.Subject -eq
\"
CN=
%
s
\"
} | Remove-Item"
%
subject
)
if
had_errors
:
raise
Exception
()
except
:
print
(
"3"
)
exit
()
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"New-Item -Path C:
\\
temp -ItemType Directory"
)
try
:
...
...
@@ -80,22 +136,22 @@ def run():
$username =
\"
%
s
\"
$password =
\"
%
s
\"
$output_path =
\"
C:
\\
temp"
$cert = New-SelfSignedCertificate -Type Custom `
-Subject "CN=
%
s" `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=
%
s@localhost") `
-KeyUsage DigitalSignature,KeyEncipherment `
-KeyAlgorithm RSA `
-KeyLength 2048
-KeyLength 2048
$pem_output = @()
$pem_output += "-----BEGIN CERTIFICATE-----"
$pem_output += [System.Convert]::ToBase64String($cert.RawData) -replace
\"
.{64}
\"
,
\"
$&`n
\"
$pem_output += "-----END CERTIFICATE-----"
[System.IO.File]::WriteAllLines(
\"
$output_path
\\
cert.pem
\"
, $pem_output)
[System.IO.File]::WriteAllBytes(
\"
$output_path
\\
cert.pfx
\"
, $cert.Export('Pfx'))
"""
%
(
userName
,
userPassword
,
subject
,
userName
))
if
had_errors
:
raise
Exception
()
...
...
@@ -118,6 +174,7 @@ def run():
except
:
print
(
"User couldn't be added to Trusted Root Certification Authorities. "
)
exit
()
try
:
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"Import-PfxCertificate -FilePath C:
\\
temp
\\
cert.pfx -CertStoreLocation Cert:
\
LocalMachine
\
TrustedPeople"
)
...
...
@@ -135,28 +192,28 @@ def run():
$password = ConvertTo-SecureString -String
\"
%
s
\"
-AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $password
$thumbprint = (Get-ChildItem -Path cert:
\
LocalMachine
\\
root | Where-Object { $_.Subject -eq "CN=$subject" }).Thumbprint
New-Item -Path WSMan:
\
localhost
\
ClientCertificate `
-Subject "$username@localhost" `
-URI * `
-Issuer $thumbprint `
-Credential $credential `
-Force
Set-Item -Path WSMan:
\
localhost
\
Service
\
Auth
\
Certificate -Value $true
"""
%
(
userName
,
subject
,
userPassword
))
"""
%
(
userName
,
subject
,
userPassword
))
if
had_errors
:
raise
Exception
()
except
:
# print(output, streams,had_errors)
print
(
"Certificate can not be added."
)
exit
()
### Create ssl certs
os
.
popen
(
"openssl pkcs12 -in cert.pfx -clcerts -nokeys -out
%
s -passin pass:
\"\"
"
%
certPath
)
os
.
popen
(
"openssl pkcs12 -in cert.pfx -clcerts -out
%
s -passin pass:
\"\"
-passout pass:
%
s"
%
(
keyPath
,
certPassword
))
os
.
popen
(
"openssl pkcs12 -in cert.pfx -clcerts -out
%
s -passin pass:
\"\"
-passout pass:
%
s"
%
(
keyPath
,
certPassword
))
##
#
Clean unnecessary files
## Clean unnecessary files
try
:
output
,
streams
,
had_errors
=
client
.
execute_ps
(
"Remove-Item -Path C:
\\
temp -Recurse"
)
if
had_errors
:
...
...
@@ -167,4 +224,4 @@ def run():
exit
()
if
__name__
==
"__main__"
:
globals
()[
sys
.
argv
[
1
]]()
\ No newline at end of file
globals
()[
sys
.
argv
[
1
]]()
storage/winrm/winrm_execute.py
Dosyayı görüntüle @
76c26a67
...
...
@@ -21,11 +21,11 @@ try:
if
had_errors
:
raise
Exception
print
(
output
)
process
=
subprocess
.
Popen
((
"rm temp.pem"
)
.
split
(),
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
output
,
error
=
process
.
communicate
()
#
process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
#
output, error = process.communicate()
except
:
print
(
"Invalid command"
)
process
=
subprocess
.
Popen
((
"rm temp.pem"
)
.
split
(),
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
output
,
error
=
process
.
communicate
()
#
process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
#
output, error = process.communicate()
exit
()
storage/winrm/winrm_validate.py
Dosyayı görüntüle @
76c26a67
...
...
@@ -11,20 +11,20 @@ certPath = sys.argv[2]
keyPath
=
sys
.
argv
[
3
]
certPassword
=
sys
.
argv
[
4
]
process
=
subprocess
.
Popen
((
"openssl rsa -in
%
s -out
%
s -passin pass:
%
s -passout pass:
\"\"
"
%
(
keyPath
,
"temp.pem
"
,
certPassword
))
.
split
(),
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
process
=
subprocess
.
Popen
((
"openssl rsa -in
%
s -out
%
s -passin pass:
%
s -passout pass:
\"\"
"
%
(
keyPath
,
certPath
+
".tmp
"
,
certPassword
))
.
split
(),
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
output
,
error
=
process
.
communicate
()
try
:
client
=
Client
(
ip
,
auth
=
"certificate"
,
certificate_key_pem
=
"./temp.pem
"
,
certificate_pem
=
certPath
,
client
=
Client
(
ip
,
auth
=
"certificate"
,
certificate_key_pem
=
certPath
+
".tmp
"
,
certificate_pem
=
certPath
,
cert_validation
=
False
)
output
,
streams
,
had_errors
=
client
.
execute_cmd
(
'ipconfig'
)
print
(
"ok"
)
process
=
subprocess
.
Popen
((
"rm temp.pem
"
)
.
split
(),
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
output
,
error
=
process
.
communicate
()
# process = subprocess.Popen(("rm "+certPath+".tmp
").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
#
output, error = process.communicate()
except
:
print
(
"Connection error"
)
process
=
subprocess
.
Popen
((
"rm temp.pem
"
)
.
split
(),
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
PIPE
)
output
,
error
=
process
.
communicate
()
# process = subprocess.Popen(("rm "+certPath+".tmp
").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
#
output, error = process.communicate()
exit
()
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment