Skip to content

L
Liman MYS - Çekirdek
Kaydet (Commit) 76c26a67 authored tarafından mertcelen's avatar mertcelen
Dosyalara gözat
Seçenekler

Merge branch 'master' of https://github.com/mertcelen/liman

üst 8072d584 5f0acd85
Hide whitespace changes
Inline Side-by-side
Showing with 99 additions and 43 deletions
storage/winrm/winrm_cert.py
Dosyayı görüntüle @ 76c26a67
......@@ -13,16 +13,19 @@ userPassword = sys.argv[4]
certPath = sys.argv[5]
keyPath = sys.argv[6]
certPassword = sys.argv[7]
subject = split("\.",os.path.split(certPath)[-1])[0]
subject = split("\.", os.path.split(certPath)[-1])[0]
def checkWritePermission(dir):
if not os.access(dir, os.W_OK):
sys.exit('Unable to write to file: ' + dir)
def checkCerts(file):
if os.path.exists(file):
sys.exit('File is already exist: ' + file)
def before():
### Certificate password can not be empty
# if certPassword == "":
......@@ -39,40 +42,93 @@ def before():
### Check Connection
client = Client(ip, username=userName, password=userPassword, cert_validation=False)
try:
output,streams,had_errors = client.execute_ps('ipconfig')
output, streams, had_errors = client.execute_ps('ipconfig')
except:
print("Connection error")
exit()
print("ok")
def checkCert() :
client = Client(ip, username=userName, password=userPassword, cert_validation=False)
### Check is certificate exist
# output, streams, had_errors = client.execute_ps("Get-ChildItem -Recurse -Path WSMan:\localhost\ClientCertificate | Where-Object { $_.Value -eq \"administrator\"} ")
output, streams, had_errors = client.execute_ps("foreach ($file in Get-Item -Path WSMan:\\localhost\\ClientCertificate\\*) { Where-Object { $file.Keys | Select-Item \"%s\"} " % userName)
if (output != ""):
print("User already exist in Client Certificates.")
exit()
output, streams, had_errors = client.execute_ps("""
Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=%s" }""" % subject)
return False if output == "" else True
# print("User already exist in Client Certificates.")
def checkTrustedRoot() :
client = Client(ip, username=userName, password=userPassword, cert_validation=False)
### Check is user in trusted root cert authority
output1, streams, had_errors = client.execute_ps(
"Get-ChildItem -Path cert:\LocalMachine\\root | Where-Object { $_.Subject -eq \"CN=%s\"}" % subject)
if (output1 != ""):
print("User already exist in Trusted Root Certification Authorities.")
exit()
output, streams, had_errors = client.execute_ps(
"Get-ChildItem -Path cert:\LocalMachine\\root | Where-Object { $_.Subject -eq \"CN=%s\"}" % subject)
### Check is user in trusted people
output2, streams, had_errors = client.execute_ps(
"Get-ChildItem -Path cert:\LocalMachine\\trustedPeople | Where-Object { $_.Subject -eq \"CN=%s\"}" % subject)
if (output2 != ""):
print("User already exist in Trusted People.")
exit()
return False if output == "" else True
# print("User already exist in Trusted Root Certification Authorities.")
print("ok")
def checkTrustedPeople() :
client = Client(ip, username=userName, password=userPassword, cert_validation=False)
### Check is user in trusted people
output, streams, had_errors = client.execute_ps(
"Get-ChildItem -Path cert:\LocalMachine\\trustedPeople | Where-Object { $_.Subject -eq \"CN=%s\"}" % subject)
return False if output == "" else True
# print("User already exist in Trusted People.")
def run():
before()
### Connection
client = Client(ip, username=userName, password=userPassword, cert_validation=False)
### Create Cert
# output, streams, had_errors = client.execute_ps("""
# Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=%s" }""" % certPath.split(".")[0])
# print()
# exit()
thumb = ""
### Create or Export Cert
if checkCert() :
try:
# $wsman = Get-ChildItem -Path WSMan:/localhost/ClientCertificate | Where-Object { $_.Keys -contains \"Issuer=SHFAŞLSKDFJŞALSKDJFŞA\" }
# Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=$subject" } | Remove-Item
output, streams, had_errors = client.execute_ps("""
$subject = \"%s\"
$username = \"%s\"
$thumbprint = (Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=$subject" }).Thumbprint
echo $thumbprint
Get-ChildItem -Path WSMan:/localhost/ClientCertificate | Where-Object { $_.Keys -contains "Issuer=$thumbprint" } | Remove-Item -Recurse -Force
Get-ChildItem -Path cert:/LocalMachine/My | Where-Object { $_.Subject -eq "CN=$subject" } | Remove-Item
""" % (subject,userName))
thumb = output
print(thumb)
if had_errors:
raise Exception()
except:
print("1")
exit()
if checkTrustedRoot() :
try:
output, streams, had_errors = client.execute_ps(
"Get-ChildItem -Path cert:\LocalMachine\\Root | Where-Object { $_.Subject -eq \"CN=%s\"} | Remove-Item" % subject)
if had_errors:
raise Exception()
except:
print("2")
exit()
if checkTrustedPeople() :
try:
output, streams, had_errors = client.execute_ps(
"Get-ChildItem -Path cert:\LocalMachine\\trustedPeople | Where-Object { $_.Subject -eq \"CN=%s\"} | Remove-Item" % subject)
if had_errors:
raise Exception()
except:
print("3")
exit()
output, streams, had_errors = client.execute_ps("New-Item -Path C:\\temp -ItemType Directory")
try:
......@@ -80,22 +136,22 @@ def run():
$username = \"%s\"
$password = \"%s\"
$output_path = \"C:\\temp"
$cert = New-SelfSignedCertificate -Type Custom `
-Subject "CN=%s" `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=%s@localhost") `
-KeyUsage DigitalSignature,KeyEncipherment `
-KeyAlgorithm RSA `
-KeyLength 2048
-KeyLength 2048
$pem_output = @()
$pem_output += "-----BEGIN CERTIFICATE-----"
$pem_output += [System.Convert]::ToBase64String($cert.RawData) -replace \".{64}\", \"$&`n\"
$pem_output += "-----END CERTIFICATE-----"
[System.IO.File]::WriteAllLines(\"$output_path\\cert.pem\", $pem_output)
[System.IO.File]::WriteAllBytes(\"$output_path\\cert.pfx\", $cert.Export('Pfx'))
""" % (userName, userPassword, subject, userName))
if had_errors:
raise Exception()
......@@ -118,6 +174,7 @@ def run():
except:
print("User couldn't be added to Trusted Root Certification Authorities. ")
exit()
try:
output, streams, had_errors = client.execute_ps(
"Import-PfxCertificate -FilePath C:\\temp\\cert.pfx -CertStoreLocation Cert:\LocalMachine\TrustedPeople")
......@@ -135,28 +192,28 @@ def run():
$password = ConvertTo-SecureString -String \"%s\" -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $password
$thumbprint = (Get-ChildItem -Path cert:\LocalMachine\\root | Where-Object { $_.Subject -eq "CN=$subject" }).Thumbprint
New-Item -Path WSMan:\localhost\ClientCertificate `
-Subject "$username@localhost" `
-URI * `
-Issuer $thumbprint `
-Credential $credential `
-Force
Set-Item -Path WSMan:\localhost\Service\Auth\Certificate -Value $true
""" % (userName, subject,userPassword))
""" % (userName, subject, userPassword))
if had_errors:
raise Exception()
except:
# print(output, streams,had_errors)
print("Certificate can not be added.")
exit()
### Create ssl certs
os.popen("openssl pkcs12 -in cert.pfx -clcerts -nokeys -out %s -passin pass:\"\"" % certPath)
os.popen("openssl pkcs12 -in cert.pfx -clcerts -out %s -passin pass:\"\" -passout pass:%s" % (keyPath,certPassword))
os.popen(
"openssl pkcs12 -in cert.pfx -clcerts -out %s -passin pass:\"\" -passout pass:%s" % (keyPath, certPassword))
### Clean unnecessary files
## Clean unnecessary files
try:
output, streams, had_errors = client.execute_ps("Remove-Item -Path C:\\temp -Recurse")
if had_errors:
......@@ -167,4 +224,4 @@ def run():
exit()
if __name__ == "__main__":
globals()[sys.argv[1]]()
\ No newline at end of file
globals()[sys.argv[1]]()
storage/winrm/winrm_execute.py
Dosyayı görüntüle @ 76c26a67
......@@ -21,11 +21,11 @@ try:
if had_errors:
raise Exception
print(output)
process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output, error = process.communicate()
# process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
# output, error = process.communicate()
except:
print("Invalid command")
process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output, error = process.communicate()
# process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
# output, error = process.communicate()
exit()
storage/winrm/winrm_validate.py
Dosyayı görüntüle @ 76c26a67
......@@ -11,20 +11,20 @@ certPath = sys.argv[2]
keyPath = sys.argv[3]
certPassword = sys.argv[4]
process = subprocess.Popen(("openssl rsa -in %s -out %s -passin pass:%s -passout pass:\"\"" % (keyPath, "temp.pem",certPassword)).split(),stdout=subprocess.PIPE,stderr=subprocess.PIPE)
process = subprocess.Popen(("openssl rsa -in %s -out %s -passin pass:%s -passout pass:\"\"" % (keyPath, certPath+".tmp",certPassword)).split(),stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output, error = process.communicate()
try:
client = Client(ip, auth="certificate", certificate_key_pem="./temp.pem", certificate_pem=certPath,
client = Client(ip, auth="certificate", certificate_key_pem=certPath+".tmp", certificate_pem=certPath,
cert_validation=False)
output, streams, had_errors = client.execute_cmd('ipconfig')
print("ok")
process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output, error = process.communicate()
# process = subprocess.Popen(("rm "+certPath+".tmp").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
# output, error = process.communicate()
except:
print("Connection error")
process = subprocess.Popen(("rm temp.pem").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output, error = process.communicate()
# process = subprocess.Popen(("rm "+certPath+".tmp").split(), stdout=subprocess.PIPE,stderr=subprocess.PIPE)
# output, error = process.communicate()
exit()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment