Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##########################################################################
- ### UNIX PROCESS FILE
- ### Version v9.20152406.02
- ##########################################################################
- #States names can contain only alphabet and numeric characters
- [states]
- #Initialization
- Init=(script)set verifyLogon 0; set curr_pass "<pmpass>";set whoami "whoami"; set useSSHKey "0"
- InitVerifyLogon=(script)set verifyLogon 1; set curr_pass "<pmnewpass>"; set useSSHKey "0"
- #whoami issue
- CheckOSName=uname
- SetSolarisVerifySwitch=(script)set whoami /usr/ucb/whoami;
- SetVerifySwitchSolaris11=(script)set whoami /usr/bin/whoami;
- PRCheckOSName=uname
- PRSetSolarisVerifySwitch=(script)set whoami /usr/ucb/whoami;
- PRSetVerifySwitchSolaris11=(script)set whoami /usr/bin/whoami;
- ExtraPassStartSessionWithSSHKeys=(script)set ssh_Key_parameter "pmextrapass1"; set useSSHKey "1"
- PRStartSessionWithSSHKeys=(script)set ssh_Key_parameter "pmextrapass3"; set useSSHKey "1"
- #Login sequence
- CheckProtocol=
- StartSessionWithSSHKeys=(spawn)bin\\plink.exe <address> -i $ssh_Key_parameter
- SSHConnectToJump=(spawn)bin\\plink.exe <extrapass2\address> -ssh -P <port>
- StartSessionTelnet=(spawn)telnet <address> <port>
- StoreKeyInCache=y
- StartSessionSSH=ssh <username>@<address>
- SSHWithLogonUser=ssh <extrapass1\username>@<extrapass1\address>
- #Check extra password
- CheckExtraPass=
- LoginExtraUser=<extrapass1\username>
- LoginExtraUserWithKey=<extrapass1\username>
- LoginExtraPass=<pmextrapass1>
- SwitchUser=su - <username>
- SwitchPass=$curr_pass
- VerifySwitch=$whoami
- VerifySwitchSolaris=$whoami
- VerifySwitchSolaris11=$whoami
- CheckID=id <username>
- LoginUser=<username>
- JumpLoginUsername=<extrapass2\username>
- LoginPass=$curr_pass
- JumpLoginPass=<pmextrapass2>
- #Change password
- ChangePass=passwd <username>
- #For RHEL
- ChangePassNoUserName=passwd
- ChangePassOldPass=<pmpass>
- ChangePassNewPass=<pmnewpass>
- ChangePassVerifyNewPass=<pmnewpass>
- # For trusted HP-UX
- ChangeTrustedNewPass=p
- CheckAction1
- CheckAction2
- CheckAction3
- CheckAction4
- ExtrapassTelnetCheckManagementType=
- PRTelnetCheckManagementType=
- TelnetCheckAction=
- TelnetCheckExtraPass=
- TelnetCheckPR=
- SSHCheckAction=
- SSHCheckExtraPass=
- SSHCheckPR=
- ExtraPassSSHCheckManagementType=
- PRSSHCheckManagementType=
- EPCheckSSHKeysPrompts=
- PRCheckSSHKeysPrompts=
- LoginExtraCheckAuthType=
- LoginPRCheckAuthType=
- SendPassOldOrNew
- logout=(script)close
- #Verification & Reconciliation support
- CheckInitAction
- Prereconcile
- PRCheckExtraPass
- PRLoginExtraUser=<extrapass3\extrapass1\username>
- PRLoginExtraPass=<pmextrapass3\pmextrapass1>
- PRLoginUser=<extrapass3\username>
- PRLoginUserWithKey=<extrapass3\username>
- PRSwitchUser=su - <extrapass3\username>
- PRSwitchPass=<pmextrapass3>
- PRVerifySwitch=$whoami
- PRVerifySwitchSolaris=$whoami
- PRVerifySwitchSolaris11=$whoami
- PRCheckID=id <extrapass3\username>
- PRLoginPass=<pmextrapass3>
- PRLoginPass2=<pmextrapass3>
- PRCheckAction1
- Reconcile
- PRResetPass=passwd <username>
- PRSendNewPass=<pmnewpass>
- # For trusted HP-UX
- PRResetTrustedNewPass=p
- PRVerifyNewPass=<pmnewpass>
- #Final state
- END
- #Failure states
- FailUnableToConnect=FAIL(First login - Unable to connect to machine. Check machine address and port, 8000)
- FailTARGETInvalidUsernameOrPassword=FAIL(Invalid username or bad password, 2114)
- FAILInvalidCurrPassword2=FAIL(Current password is invalid while trying to change password, 8002)
- FAILInvalidCurrPassword3=FAIL(First login - Current password is either invalid or expired while sending password when switching users, 8003)
- FAILInvalidNewPassword1=FAIL(Invalid new password while sending new password, 8004)
- FAILInvalidNewPassword2=FAIL(Invalid new password while sending new password verification, 8005)
- FAILInvalidExtraPassword=FAIL(First login - Current extra user password is invalid, 8006)
- FAILExpiredExtraPassword=FAIL(First login - Current extra user password is expired, 8007)
- FAILVerifySwitch=FAIL(First login - Failed to verify user after switching, 8008)
- FAILVerifySwitchRoot=FAIL(First login - Failed to verify user after switching. User seems to be root but it does not have the correct id, 8009)
- FAILAccountDisabled1=FAIL(First login - User account is disabled, 8010)
- FAILAccountDisabled2=FAIL(First login - Extra user account is disabled, 8011)
- FailNotAllowedLogin1=FAIL(First login - User is not allowed to log in, 8012)
- FailNotAllowedLogin2=FAIL(First login - Extra user is not allowed to log in, 8013)
- FAILInvalidChangePassTime=FAIL(Change Password - User is not allowed to change password at this time, 8014)
- FailRECInvalidUsernameOrPassword=FAIL(Reconcile Account - Invalid username or bad password, 8015)
- FailRECInvalidExtraPassword=FAIL(Reconcile Account - Current extra user password is invalid, 8016)
- FailRECExpiredExtraPassword=FAIL(Reconcile Account - Current extra user password is expired, 8017)
- FailRECVerifySwitch=FAIL(Reconcile Account - Failed to verify user after switching, 8018)
- FailRECVerifySwitchRoot=FAIL(Reconcile Account - Failed to verify user after switching. User seems to be root but it does not have the correct id, 8019)
- FailRECAccountDisabled1=FAIL(Reconcile Account - User account is disabled, 8020)
- FailRECAccountDisabled2=FAIL(Reconcile Account - Extra user account is disabled, 8021)
- FailRECNotAllowedLogin1=FAIL(Reconcile Account - User is not allowed to log in, 8022)
- FailRECNotAllowedLogin2=FAIL(Reconcile Account - Extra user is not allowed to log in, 8023)
- FailRECExpiredPassword=FAIL(Reconcile Account - Password is expired, 8024)
- FailRECSwitchUser=FAIL(Reconcile Account - Switch users failed: Password is either invalid or expired, 8025)
- FailRECLimitedUser=FAIL(Reconcile Account - Reconciliation can not be performed with limited account, 8026)
- FailRECInvalidNewPassword=FAIL(Reconciliation Process - Invalid new password while trying to reconcile password, 8027)
- FailRECRetypeNewPassword=FAIL(Reconciliation Process - New retyped password is invalid, 8028)
- FailCantVerifyWithSuperLogonUser=FAIL(Verification Process - Password that is associated with a super logon user cannot be verified, 8029)
- FAILChangeUnknownTargetUser=FAIL(Change Password - unknown user name. Check your account's username, 8037)
- FailRECUnknownTargetUser=FAIL(Reconcile Account - unknown user name. Check your account's username, 8038)
- FAILRECWhoamiPermissionDenied=FAIL(Reconcile Account- User does not have permission for the whoami command. Failed to verify user after switching , 8039)
- FAILRECWhoamiNoSuchFileOrDirectory=FAIL(Reconcile Account - The whoami command was not found in the bin and ucb folders. Failed to verify user after switching , 8040)
- FAILWhoamiPermissionDenied=FAIL(First login - User does not have permission for the whoami command. Failed to verify user after switching , 8042)
- FAILWhoamiNoSuchFileOrDirectory=FAIL(First login - The whoami command was not found in the bin and ucb folders. Failed to verify user after switching , 8043)
- FAILCannotUseSSHKeysForTelnet=FAIL(First login - Cannot use Telnet client with SSHKeys, 8030)
- FAILNoReconcileAccount=FAIL(First login - Reconcile account is not set. Please link reconcile account to the target account , 8031)
- PRFailInvalidKey=FAIL(Reconcile Process - Server refused our key. Validate that the SSH key for the reconcile account is valid, 8032)
- PRFailSSHKeyProblem=FAIL(Reconcile Process - The CPM was unable to use the reconcile account SSH key, 8033)
- FailInvalidKey=FAIL(First login - Server refused our key. Validate that the private SSH key is valid, 8034)
- ExtraPassFailInvalidKey=FAIL(First login - Server refused our key. Validate that the SSH key for the logon account is valid, 8035)
- ExtraPassFailSSHKeyProblem=FAIL(First login - The CPM was unable to use the logon account SSH key, 8036)
- [transitions]
- #CurrentState Condition NextState
- #------------ ---------------- --------------
- #############################################################################
- # INITIALIZATIONS
- #############################################################################
- Init, TRUE, CheckProtocol
- #############################################################################
- # LOGON PHASE
- #############################################################################
- CheckProtocol, ProtocolIsSSH, SSHConnectToJump
- #CheckProtocol, ProtocolIsTelnet, TelnetConnectToJump
- SSHConnectToJump, InvalidLogin, FailNotAllowedLogin1
- SSHConnectToJump, NotAllowedLogin, FailNotAllowedLogin1
- SSHConnectToJump, AccountDisabled, FAILAccountDisabled1
- SSHConnectToJump, Login, JumpLoginUsername
- JumpLoginUsername, InvalidLogin, FailTARGETInvalidUsernameOrPassword
- JumpLoginUsername, Password, JumpLoginPass
- JumpLoginPass, PasswordExpired, CheckAction2
- #JumpLoginPass, PasswordExpiredRootWithNew,CheckAction3
- JumpLoginPass, StandardPrompt, CheckInitAction
- SSHCheckAction, IsVerifyLogon, SSHCheckExtraPass
- SSHCheckAction, ActionIsRecOrPreRec, SSHCheckPR
- SSHCheckAction, ActionIsVerify, SSHCheckExtraPass
- SSHCheckAction, ActionIsLogonOrChange, SSHCheckExtraPass
- SSHCheckExtraPass, ExtraPassExists, ExtraPassSSHCheckManagementType
- SSHCheckExtraPass, ExtraPassNotExists, StartSessionSSH
- SSHCheckPR, PRPassNotExists, FAILNoReconcileAccount
- SSHCheckPR, PRPassExists, PRSSHCheckManagementType
- ExtraPassSSHCheckManagementType, ExtraPassManagementTypeIsPassword, StartSessionSSH
- PRSSHCheckManagementType, PRManagementTypeIsPassword,StartSessionSSH
- TelnetCheckAction, IsVerifyLogon, TelnetCheckExtraPass
- TelnetCheckAction, ActionIsRecOrPreRec, TelnetCheckPR
- TelnetCheckAction, ActionIsVerify, TelnetCheckExtraPass
- TelnetCheckAction, ActionIsLogonOrChange, TelnetCheckExtraPass
- TelnetCheckPR, PRPassNotExists, FAILNoReconcileAccount
- TelnetCheckPR, PRPassExists, PRTelnetCheckManagementType
- TelnetCheckExtraPass, ExtraPassExists, ExtrapassTelnetCheckManagementType
- #TelnetCheckExtraPass, ExtraPassNotExists, StartSessionTelnet
- ExtrapassTelnetCheckManagementType, ExtraPassManagementTypeIsSSHKey, FAILCannotUseSSHKeysForTelnet
- #ExtrapassTelnetCheckManagementType, ExtraPassManagementTypeIsPassword, StartSessionTelnet
- PRTelnetCheckManagementType, PRManagementTypeIsSSHKey, FAILCannotUseSSHKeysForTelnet
- #PRTelnetCheckManagementType, PRManagementTypeIsPassword, StartSessionTelnet
- #StartSessionSSH, UnableToConnect, FailUnableToConnect
- #StartSessionSSH, Password, CheckInitAction
- CheckInitAction, IsVerifyLogon, CheckExtraPass
- CheckInitAction, ActionIsRecOrPreRec, Prereconcile
- CheckInitAction, ActionIsVerify, CheckExtraPass
- CheckInitAction, ActionIsLogonOrChange, CheckExtraPass
- CheckExtraPass, ExtraPassExists, LoginExtraCheckAuthType
- CheckExtraPass, ExtraPassNotExists, StartSessionSSH
- LoginExtraCheckAuthType, IsNotConnectWithSSHKeys, SSHWithLogonUser
- #login extra
- SSHWithLogonUser, Password, LoginExtraPass
- LoginExtraPass, InvalidLogin, FAILInvalidExtraPassword
- LoginExtraPass, Password, FAILInvalidExtraPassword
- LoginExtraPass, AccountDisabled, FAILAccountDisabled2
- LoginExtraPass, NotAllowedLogin, FailNotAllowedLogin2
- LoginExtraPass, PasswordExpired, FAILExpiredExtraPassword
- LoginExtraPass, StandardPrompt, SwitchUser
- SwitchUser, PasswordMustChangedRootEnforced,FailTARGETInvalidUsernameOrPassword
- SwitchUser, Password, SwitchPass
- #SwitchUser, StandardPrompt, CheckAction4
- SwitchPass, SuWrongPassword, FailTARGETInvalidUsernameOrPassword
- SwitchPass, AccountDisabled, FAILAccountDisabled2
- SwitchPass, NotAllowedLogin, FailNotAllowedLogin2
- SwitchPass, PasswordExpired, CheckAction2
- SwitchPass, PasswordExpiredVerifyExt, FailTARGETInvalidUsernameOrPassword
- SwitchPass, StandardPrompt, CheckOSName
- #CheckOSName, SolarisOS, SetSolarisVerifySwitch
- CheckOSName, StandardPrompt, VerifySwitch
- VerifySwitch, CurrentUser, CheckAction1
- VerifySwitch, RootUser, CheckID
- VerifySwitch, PermissionDenied, FAILWhoamiPermissionDenied
- VerifySwitch, NoSuchFileOrDirectory, FAILWhoamiNoSuchFileOrDirectory
- VerifySwitch, StandardPrompt, FAILVerifySwitch
- CheckID, RootID, CheckAction1
- CheckID, StandardPrompt, FAILVerifySwitchRoot
- #login user
- StartSessionSSH, InvalidLogin, FailNotAllowedLogin1
- StartSessionSSH, Password, LoginPass
- LoginPass, NotAllowedLogin, FailNotAllowedLogin1
- LoginPass, AccountDisabled, FAILAccountDisabled1
- LoginPass, InvalidLogin, FailTARGETInvalidUsernameOrPassword
- LoginPass, Password, FailTARGETInvalidUsernameOrPassword
- LoginPass, PasswordExpired, CheckAction2
- #LoginPass, PasswordExpiredRootWithNew,CheckAction3
- LoginPass, StandardPrompt, CheckAction1
- CheckAction1, ActionIsVerify, END
- CheckAction1, IsVerifyLogon, END
- CheckAction1, ActionIsLogon, END
- CheckAction1, ActionIsNotLogon, ChangePass
- CheckAction2, ActionIsVerify, END
- CheckAction2, IsVerifyLogon, END
- CheckAction2, ActionIsLogon, END
- #CheckAction2, ActionIsNotLogon, SendPassOldOrNew
- #############################################################################
- # CHANGE PASSWORD PHASE
- #############################################################################
- ChangePass, UnknownTargetUser, FAILChangeUnknownTargetUser
- #ChangePass, OldPassword, ChangePassOldPass
- #ChangePass, NewPassword, ChangePassNewPass
- #logout and verify logon again
- logout, TRUE, InitVerifyLogon
- InitVerifyLogon, TRUE, CheckProtocol
- #############################################################################
- # PRERECONCILE PASSWORD PHASE
- #############################################################################
- Prereconcile, TRUE, PRCheckExtraPass
- PRCheckExtraPass, RecExtraPassExists, PRLoginExtraUser
- PRCheckExtraPass, RecExtraPassNotExists, LoginPRCheckAuthType
- #login extra
- PRLoginExtraUser, Password, PRLoginExtraPass
- PRLoginExtraPass, InvalidLogin, FAILRECInvalidExtraPassword
- PRLoginExtraPass, Password, FAILRECInvalidExtraPassword
- PRLoginExtraPass, AccountDisabled, FailRECAccountDisabled2
- PRLoginExtraPass, NotAllowedLogin, FailRECNotAllowedLogin2
- PRLoginExtraPass, PasswordExpired, FailRECExpiredExtraPassword
- PRLoginExtraPass, StandardPrompt, PRSwitchUser
- PRSwitchUser, Password, PRSwitchPass
- PRSwitchUser, StandardPrompt, PRCheckOSName
- PRSwitchPass, SuWrongPassword, FailRECSwitchUser
- PRSwitchPass, AccountDisabled, FailRECAccountDisabled2
- PRSwitchPass, NotAllowedLogin, FailRECNotAllowedLogin2
- PRSwitchPass, PasswordExpired, FailRECExpiredPassword
- PRSwitchPass, StandardPrompt, PRCheckOSName
- #PRCheckOSName, SolarisOS, PRSetSolarisVerifySwitch
- PRCheckOSName, StandardPrompt, PRVerifySwitch
- PRVerifySwitch, ReconcileUser, PRCheckAction1
- PRVerifySwitch, RootUser, PRCheckID
- PRVerifySwitch, PermissionDenied, FAILRECWhoamiPermissionDenied
- PRVerifySwitch, NoSuchFileOrDirectory, FAILRECWhoamiNoSuchFileOrDirectory
- PRVerifySwitch, StandardPrompt, FailRECVerifySwitch
- PRCheckID, RootID, PRCheckAction1
- PRCheckID, StandardPrompt, FailRECVerifySwitchRoot
- LoginPRCheckAuthType, IsNotConnectWithSSHKeys, PRLoginUser
- #login Reconcile user
- PRLoginUser, Password, PRLoginPass
- PRLoginUser, InvalidLogin, FailRECNotAllowedLogin1
- PRLoginPass, NotAllowedLogin, FailRECNotAllowedLogin1
- PRLoginPass, AccountDisabled, FailRECAccountDisabled1
- PRLoginPass, InvalidLogin, FailRECInvalidUsernameOrPassword
- PRLoginPass, Password, FailRECInvalidUsernameOrPassword
- PRLoginPass, PasswordExpired, FailRECExpiredPassword
- PRLoginPass, PasswordExpiredRootWithNew,FailRECExpiredPassword
- PRLoginPass, StandardPrompt, PRCheckAction1
- PRCheckAction1, ActionIsPreRec, END
- PRCheckAction1, ActionIsReconcile, Reconcile
- #############################################################################
- # RECONCILE PASSWORD PHASE
- #############################################################################
- Reconcile, TRUE, PRResetPass
- PRResetPass, UnknownTargetUser, FailRECUnknownTargetUser
- PRResetTrustedNewPass, NewPassword, PRSendNewPass
- PRSendNewPass, BadNewPassword, FailRECInvalidNewPassword
- PRSendNewPass, VerifyNewPassword, PRVerifyNewPass
- PRVerifyNewPass, BadNewPassword, FailRECRetypeNewPassword
- PRVerifyNewPass, PasswdSuccessfullyChanged,logout
- PRVerifyNewPass, StandardPrompt, logout
- #logout and verify logon again
- logout, TRUE, InitVerifyLogon
- InitVerifyLogon, TRUE, CheckProtocol
- [CPM Parameters Validation]
- username, source=FILE, Mandatory=yes
- address, source=FILE, Mandatory=yes
- protocol, source=FILE, Mandatory=yes
- port, source=FILE, Mandatory=yes
- PromptsFileName, source=FILE, Mandatory=yes
- ProcessFileName, source=FILE, Mandatory=yes
- extrapass1\username, source=FILE, Mandatory=![string equal -nocase "<pmextrapass1>" ""]
- extrapass1\ManagementType, source=FILE, Mandatory=![string equal -nocase "<pmextrapass1>" ""]
- extrapass3\username,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
- extrapass3\ManagementType,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
- extrapass3\extrapass1\username,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3\pmextrapass1>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
- extrapass3\extrapass1\address,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3\pmextrapass1>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
- [parameters]
- PromptTimeout=60
- #SendSlow=1 .001
- SendHuman=.1 .3 1 .05 2
- #Stty - valid values are one or more of: echo, raw, cooked, -echo, -raw, -cooked
- #Stty=
- [Debug Information]
- DebugLogFullParsingInfo=no
- DebugLogFullExecutionInfo=no
- DebugLogDetailBuiltInActions=no
- ExpectLog=no
- ConsoleOutput=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement