API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 15th, 2016
1,424
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.29 KB | None | 0 0
raw download clone embed print report
  1. ##########################################################################
  2. ### UNIX PROCESS FILE
  3. ### Version v9.20152406.02
  4. ##########################################################################
  5.  
  6. #States names can contain only alphabet and numeric characters
  7. [states]
  8. #Initialization
  9. Init=(script)set verifyLogon 0; set curr_pass "<pmpass>";set whoami "whoami"; set useSSHKey "0"
  10. InitVerifyLogon=(script)set verifyLogon 1; set curr_pass "<pmnewpass>"; set useSSHKey "0"
  11.  
  12. #whoami issue
  13. CheckOSName=uname
  14. SetSolarisVerifySwitch=(script)set whoami /usr/ucb/whoami;
  15. SetVerifySwitchSolaris11=(script)set whoami /usr/bin/whoami;
  16. PRCheckOSName=uname
  17. PRSetSolarisVerifySwitch=(script)set whoami /usr/ucb/whoami;
  18. PRSetVerifySwitchSolaris11=(script)set whoami /usr/bin/whoami;
  19.  
  20. ExtraPassStartSessionWithSSHKeys=(script)set ssh_Key_parameter "pmextrapass1"; set useSSHKey "1"
  21. PRStartSessionWithSSHKeys=(script)set ssh_Key_parameter "pmextrapass3"; set useSSHKey "1"
  22.  
  23. #Login sequence
  24. CheckProtocol=
  25. StartSessionWithSSHKeys=(spawn)bin\\plink.exe <address> -i $ssh_Key_parameter
  26. SSHConnectToJump=(spawn)bin\\plink.exe <extrapass2\address> -ssh -P <port>
  27. StartSessionTelnet=(spawn)telnet <address> <port>
  28. StoreKeyInCache=y
  29. StartSessionSSH=ssh <username>@<address>
  30. SSHWithLogonUser=ssh <extrapass1\username>@<extrapass1\address>
  31. #Check extra password
  32. CheckExtraPass=
  33. LoginExtraUser=<extrapass1\username>
  34. LoginExtraUserWithKey=<extrapass1\username>
  35. LoginExtraPass=<pmextrapass1>
  36. SwitchUser=su - <username>
  37. SwitchPass=$curr_pass
  38. VerifySwitch=$whoami
  39. VerifySwitchSolaris=$whoami
  40. VerifySwitchSolaris11=$whoami
  41. CheckID=id <username>
  42. LoginUser=<username>
  43. JumpLoginUsername=<extrapass2\username>
  44. LoginPass=$curr_pass
  45. JumpLoginPass=<pmextrapass2>
  46.  
  47. #Change password
  48. ChangePass=passwd <username>
  49.  
  50. #For RHEL
  51. ChangePassNoUserName=passwd
  52.  
  53. ChangePassOldPass=<pmpass>
  54. ChangePassNewPass=<pmnewpass>
  55. ChangePassVerifyNewPass=<pmnewpass>
  56.  
  57. # For trusted HP-UX
  58. ChangeTrustedNewPass=p
  59.  
  60. CheckAction1
  61. CheckAction2
  62. CheckAction3
  63. CheckAction4
  64.  
  65. ExtrapassTelnetCheckManagementType=
  66. PRTelnetCheckManagementType=
  67. TelnetCheckAction=
  68. TelnetCheckExtraPass=
  69. TelnetCheckPR=
  70. SSHCheckAction=
  71. SSHCheckExtraPass=
  72. SSHCheckPR=
  73. ExtraPassSSHCheckManagementType=
  74. PRSSHCheckManagementType=
  75. EPCheckSSHKeysPrompts=
  76. PRCheckSSHKeysPrompts=
  77. LoginExtraCheckAuthType=
  78. LoginPRCheckAuthType=
  79.  
  80. SendPassOldOrNew
  81.  
  82. logout=(script)close
  83.  
  84. #Verification & Reconciliation support
  85. CheckInitAction
  86. Prereconcile
  87. PRCheckExtraPass
  88. PRLoginExtraUser=<extrapass3\extrapass1\username>
  89. PRLoginExtraPass=<pmextrapass3\pmextrapass1>
  90. PRLoginUser=<extrapass3\username>
  91. PRLoginUserWithKey=<extrapass3\username>
  92. PRSwitchUser=su - <extrapass3\username>
  93. PRSwitchPass=<pmextrapass3>
  94. PRVerifySwitch=$whoami
  95. PRVerifySwitchSolaris=$whoami
  96. PRVerifySwitchSolaris11=$whoami
  97. PRCheckID=id <extrapass3\username>
  98. PRLoginPass=<pmextrapass3>
  99. PRLoginPass2=<pmextrapass3>
  100. PRCheckAction1
  101. Reconcile
  102. PRResetPass=passwd <username>
  103. PRSendNewPass=<pmnewpass>
  104.  
  105. # For trusted HP-UX
  106. PRResetTrustedNewPass=p
  107. PRVerifyNewPass=<pmnewpass>
  108.  
  109. #Final state
  110. END
  111.  
  112. #Failure states
  113. FailUnableToConnect=FAIL(First login - Unable to connect to machine. Check machine address and port, 8000)
  114. FailTARGETInvalidUsernameOrPassword=FAIL(Invalid username or bad password, 2114)
  115.  
  116. FAILInvalidCurrPassword2=FAIL(Current password is invalid while trying to change password, 8002)
  117. FAILInvalidCurrPassword3=FAIL(First login - Current password is either invalid or expired while sending password when switching users, 8003)
  118. FAILInvalidNewPassword1=FAIL(Invalid new password while sending new password, 8004)
  119. FAILInvalidNewPassword2=FAIL(Invalid new password while sending new password verification, 8005)
  120. FAILInvalidExtraPassword=FAIL(First login - Current extra user password is invalid, 8006)
  121. FAILExpiredExtraPassword=FAIL(First login - Current extra user password is expired, 8007)
  122. FAILVerifySwitch=FAIL(First login - Failed to verify user after switching, 8008)
  123. FAILVerifySwitchRoot=FAIL(First login - Failed to verify user after switching. User seems to be root but it does not have the correct id, 8009)
  124. FAILAccountDisabled1=FAIL(First login - User account is disabled, 8010)
  125. FAILAccountDisabled2=FAIL(First login - Extra user account is disabled, 8011)
  126. FailNotAllowedLogin1=FAIL(First login - User is not allowed to log in, 8012)
  127. FailNotAllowedLogin2=FAIL(First login - Extra user is not allowed to log in, 8013)
  128. FAILInvalidChangePassTime=FAIL(Change Password - User is not allowed to change password at this time, 8014)
  129. FailRECInvalidUsernameOrPassword=FAIL(Reconcile Account - Invalid username or bad password, 8015)
  130. FailRECInvalidExtraPassword=FAIL(Reconcile Account - Current extra user password is invalid, 8016)
  131. FailRECExpiredExtraPassword=FAIL(Reconcile Account - Current extra user password is expired, 8017)
  132. FailRECVerifySwitch=FAIL(Reconcile Account - Failed to verify user after switching, 8018)
  133. FailRECVerifySwitchRoot=FAIL(Reconcile Account - Failed to verify user after switching. User seems to be root but it does not have the correct id, 8019)
  134. FailRECAccountDisabled1=FAIL(Reconcile Account - User account is disabled, 8020)
  135. FailRECAccountDisabled2=FAIL(Reconcile Account - Extra user account is disabled, 8021)
  136. FailRECNotAllowedLogin1=FAIL(Reconcile Account - User is not allowed to log in, 8022)
  137. FailRECNotAllowedLogin2=FAIL(Reconcile Account - Extra user is not allowed to log in, 8023)
  138. FailRECExpiredPassword=FAIL(Reconcile Account - Password is expired, 8024)
  139. FailRECSwitchUser=FAIL(Reconcile Account - Switch users failed: Password is either invalid or expired, 8025)
  140. FailRECLimitedUser=FAIL(Reconcile Account - Reconciliation can not be performed with limited account, 8026)
  141. FailRECInvalidNewPassword=FAIL(Reconciliation Process - Invalid new password while trying to reconcile password, 8027)
  142. FailRECRetypeNewPassword=FAIL(Reconciliation Process - New retyped password is invalid, 8028)
  143. FailCantVerifyWithSuperLogonUser=FAIL(Verification Process - Password that is associated with a super logon user cannot be verified, 8029)
  144. FAILChangeUnknownTargetUser=FAIL(Change Password - unknown user name. Check your account's username, 8037)
  145. FailRECUnknownTargetUser=FAIL(Reconcile Account - unknown user name. Check your account's username, 8038)
  146. FAILRECWhoamiPermissionDenied=FAIL(Reconcile Account- User does not have permission for the whoami command. Failed to verify user after switching , 8039)
  147. FAILRECWhoamiNoSuchFileOrDirectory=FAIL(Reconcile Account - The whoami command was not found in the bin and ucb folders. Failed to verify user after switching , 8040)
  148. FAILWhoamiPermissionDenied=FAIL(First login - User does not have permission for the whoami command. Failed to verify user after switching , 8042)
  149. FAILWhoamiNoSuchFileOrDirectory=FAIL(First login - The whoami command was not found in the bin and ucb folders. Failed to verify user after switching , 8043)
  150.  
  151. FAILCannotUseSSHKeysForTelnet=FAIL(First login - Cannot use Telnet client with SSHKeys, 8030)
  152. FAILNoReconcileAccount=FAIL(First login - Reconcile account is not set. Please link reconcile account to the target account , 8031)
  153.  
  154. PRFailInvalidKey=FAIL(Reconcile Process - Server refused our key. Validate that the SSH key for the reconcile account is valid, 8032)
  155. PRFailSSHKeyProblem=FAIL(Reconcile Process - The CPM was unable to use the reconcile account SSH key, 8033)
  156.  
  157. FailInvalidKey=FAIL(First login - Server refused our key. Validate that the private SSH key is valid, 8034)
  158. ExtraPassFailInvalidKey=FAIL(First login - Server refused our key. Validate that the SSH key for the logon account is valid, 8035)
  159. ExtraPassFailSSHKeyProblem=FAIL(First login - The CPM was unable to use the logon account SSH key, 8036)
  160.  
  161.  
  162. [transitions]
  163. #CurrentState Condition NextState
  164. #------------ ---------------- --------------
  165. #############################################################################
  166. # INITIALIZATIONS
  167. #############################################################################
  168. Init, TRUE, CheckProtocol
  169.  
  170. #############################################################################
  171. # LOGON PHASE
  172. #############################################################################
  173. CheckProtocol, ProtocolIsSSH, SSHConnectToJump
  174. #CheckProtocol, ProtocolIsTelnet, TelnetConnectToJump
  175.  
  176. SSHConnectToJump, InvalidLogin, FailNotAllowedLogin1
  177. SSHConnectToJump, NotAllowedLogin, FailNotAllowedLogin1
  178. SSHConnectToJump, AccountDisabled, FAILAccountDisabled1
  179. SSHConnectToJump, Login, JumpLoginUsername
  180. JumpLoginUsername, InvalidLogin, FailTARGETInvalidUsernameOrPassword
  181. JumpLoginUsername, Password, JumpLoginPass
  182. JumpLoginPass, PasswordExpired, CheckAction2
  183. #JumpLoginPass, PasswordExpiredRootWithNew,CheckAction3
  184. JumpLoginPass, StandardPrompt, CheckInitAction
  185.  
  186. SSHCheckAction, IsVerifyLogon, SSHCheckExtraPass
  187. SSHCheckAction, ActionIsRecOrPreRec, SSHCheckPR
  188. SSHCheckAction, ActionIsVerify, SSHCheckExtraPass
  189. SSHCheckAction, ActionIsLogonOrChange, SSHCheckExtraPass
  190.  
  191. SSHCheckExtraPass, ExtraPassExists, ExtraPassSSHCheckManagementType
  192. SSHCheckExtraPass, ExtraPassNotExists, StartSessionSSH
  193.  
  194. SSHCheckPR, PRPassNotExists, FAILNoReconcileAccount
  195. SSHCheckPR, PRPassExists, PRSSHCheckManagementType
  196.  
  197. ExtraPassSSHCheckManagementType, ExtraPassManagementTypeIsPassword, StartSessionSSH
  198.  
  199. PRSSHCheckManagementType, PRManagementTypeIsPassword,StartSessionSSH
  200.  
  201. TelnetCheckAction, IsVerifyLogon, TelnetCheckExtraPass
  202. TelnetCheckAction, ActionIsRecOrPreRec, TelnetCheckPR
  203. TelnetCheckAction, ActionIsVerify, TelnetCheckExtraPass
  204. TelnetCheckAction, ActionIsLogonOrChange, TelnetCheckExtraPass
  205.  
  206. TelnetCheckPR, PRPassNotExists, FAILNoReconcileAccount
  207. TelnetCheckPR, PRPassExists, PRTelnetCheckManagementType
  208.  
  209. TelnetCheckExtraPass, ExtraPassExists, ExtrapassTelnetCheckManagementType
  210. #TelnetCheckExtraPass, ExtraPassNotExists, StartSessionTelnet
  211.  
  212. ExtrapassTelnetCheckManagementType, ExtraPassManagementTypeIsSSHKey, FAILCannotUseSSHKeysForTelnet
  213. #ExtrapassTelnetCheckManagementType, ExtraPassManagementTypeIsPassword, StartSessionTelnet
  214.  
  215. PRTelnetCheckManagementType, PRManagementTypeIsSSHKey, FAILCannotUseSSHKeysForTelnet
  216. #PRTelnetCheckManagementType, PRManagementTypeIsPassword, StartSessionTelnet
  217.  
  218. #StartSessionSSH, UnableToConnect, FailUnableToConnect
  219. #StartSessionSSH, Password, CheckInitAction
  220.  
  221. CheckInitAction, IsVerifyLogon, CheckExtraPass
  222. CheckInitAction, ActionIsRecOrPreRec, Prereconcile
  223. CheckInitAction, ActionIsVerify, CheckExtraPass
  224. CheckInitAction, ActionIsLogonOrChange, CheckExtraPass
  225.  
  226. CheckExtraPass, ExtraPassExists, LoginExtraCheckAuthType
  227. CheckExtraPass, ExtraPassNotExists, StartSessionSSH
  228.  
  229. LoginExtraCheckAuthType, IsNotConnectWithSSHKeys, SSHWithLogonUser
  230.  
  231. #login extra
  232. SSHWithLogonUser, Password, LoginExtraPass
  233. LoginExtraPass, InvalidLogin, FAILInvalidExtraPassword
  234. LoginExtraPass, Password, FAILInvalidExtraPassword
  235. LoginExtraPass, AccountDisabled, FAILAccountDisabled2
  236. LoginExtraPass, NotAllowedLogin, FailNotAllowedLogin2
  237. LoginExtraPass, PasswordExpired, FAILExpiredExtraPassword
  238. LoginExtraPass, StandardPrompt, SwitchUser
  239.  
  240. SwitchUser, PasswordMustChangedRootEnforced,FailTARGETInvalidUsernameOrPassword
  241. SwitchUser, Password, SwitchPass
  242. #SwitchUser, StandardPrompt, CheckAction4
  243.  
  244. SwitchPass, SuWrongPassword, FailTARGETInvalidUsernameOrPassword
  245. SwitchPass, AccountDisabled, FAILAccountDisabled2
  246. SwitchPass, NotAllowedLogin, FailNotAllowedLogin2
  247. SwitchPass, PasswordExpired, CheckAction2
  248. SwitchPass, PasswordExpiredVerifyExt, FailTARGETInvalidUsernameOrPassword
  249. SwitchPass, StandardPrompt, CheckOSName
  250.  
  251. #CheckOSName, SolarisOS, SetSolarisVerifySwitch
  252. CheckOSName, StandardPrompt, VerifySwitch
  253.  
  254. VerifySwitch, CurrentUser, CheckAction1
  255. VerifySwitch, RootUser, CheckID
  256. VerifySwitch, PermissionDenied, FAILWhoamiPermissionDenied
  257. VerifySwitch, NoSuchFileOrDirectory, FAILWhoamiNoSuchFileOrDirectory
  258. VerifySwitch, StandardPrompt, FAILVerifySwitch
  259.  
  260. CheckID, RootID, CheckAction1
  261. CheckID, StandardPrompt, FAILVerifySwitchRoot
  262.  
  263. #login user
  264. StartSessionSSH, InvalidLogin, FailNotAllowedLogin1
  265. StartSessionSSH, Password, LoginPass
  266. LoginPass, NotAllowedLogin, FailNotAllowedLogin1
  267. LoginPass, AccountDisabled, FAILAccountDisabled1
  268. LoginPass, InvalidLogin, FailTARGETInvalidUsernameOrPassword
  269. LoginPass, Password, FailTARGETInvalidUsernameOrPassword
  270. LoginPass, PasswordExpired, CheckAction2
  271. #LoginPass, PasswordExpiredRootWithNew,CheckAction3
  272. LoginPass, StandardPrompt, CheckAction1
  273.  
  274. CheckAction1, ActionIsVerify, END
  275. CheckAction1, IsVerifyLogon, END
  276. CheckAction1, ActionIsLogon, END
  277. CheckAction1, ActionIsNotLogon, ChangePass
  278. CheckAction2, ActionIsVerify, END
  279. CheckAction2, IsVerifyLogon, END
  280. CheckAction2, ActionIsLogon, END
  281. #CheckAction2, ActionIsNotLogon, SendPassOldOrNew
  282.  
  283. #############################################################################
  284. # CHANGE PASSWORD PHASE
  285. #############################################################################
  286. ChangePass, UnknownTargetUser, FAILChangeUnknownTargetUser
  287. #ChangePass, OldPassword, ChangePassOldPass
  288. #ChangePass, NewPassword, ChangePassNewPass
  289.  
  290. #logout and verify logon again
  291. logout, TRUE, InitVerifyLogon
  292. InitVerifyLogon, TRUE, CheckProtocol
  293.  
  294.  
  295.  
  296. #############################################################################
  297. # PRERECONCILE PASSWORD PHASE
  298. #############################################################################
  299. Prereconcile, TRUE, PRCheckExtraPass
  300. PRCheckExtraPass, RecExtraPassExists, PRLoginExtraUser
  301. PRCheckExtraPass, RecExtraPassNotExists, LoginPRCheckAuthType
  302.  
  303. #login extra
  304. PRLoginExtraUser, Password, PRLoginExtraPass
  305. PRLoginExtraPass, InvalidLogin, FAILRECInvalidExtraPassword
  306. PRLoginExtraPass, Password, FAILRECInvalidExtraPassword
  307. PRLoginExtraPass, AccountDisabled, FailRECAccountDisabled2
  308. PRLoginExtraPass, NotAllowedLogin, FailRECNotAllowedLogin2
  309. PRLoginExtraPass, PasswordExpired, FailRECExpiredExtraPassword
  310. PRLoginExtraPass, StandardPrompt, PRSwitchUser
  311.  
  312. PRSwitchUser, Password, PRSwitchPass
  313. PRSwitchUser, StandardPrompt, PRCheckOSName
  314.  
  315. PRSwitchPass, SuWrongPassword, FailRECSwitchUser
  316. PRSwitchPass, AccountDisabled, FailRECAccountDisabled2
  317. PRSwitchPass, NotAllowedLogin, FailRECNotAllowedLogin2
  318. PRSwitchPass, PasswordExpired, FailRECExpiredPassword
  319. PRSwitchPass, StandardPrompt, PRCheckOSName
  320.  
  321. #PRCheckOSName, SolarisOS, PRSetSolarisVerifySwitch
  322. PRCheckOSName, StandardPrompt, PRVerifySwitch
  323.  
  324. PRVerifySwitch, ReconcileUser, PRCheckAction1
  325. PRVerifySwitch, RootUser, PRCheckID
  326. PRVerifySwitch, PermissionDenied, FAILRECWhoamiPermissionDenied
  327. PRVerifySwitch, NoSuchFileOrDirectory, FAILRECWhoamiNoSuchFileOrDirectory
  328. PRVerifySwitch, StandardPrompt, FailRECVerifySwitch
  329.  
  330. PRCheckID, RootID, PRCheckAction1
  331. PRCheckID, StandardPrompt, FailRECVerifySwitchRoot
  332.  
  333.  
  334. LoginPRCheckAuthType, IsNotConnectWithSSHKeys, PRLoginUser
  335.  
  336. #login Reconcile user
  337. PRLoginUser, Password, PRLoginPass
  338. PRLoginUser, InvalidLogin, FailRECNotAllowedLogin1
  339. PRLoginPass, NotAllowedLogin, FailRECNotAllowedLogin1
  340. PRLoginPass, AccountDisabled, FailRECAccountDisabled1
  341. PRLoginPass, InvalidLogin, FailRECInvalidUsernameOrPassword
  342. PRLoginPass, Password, FailRECInvalidUsernameOrPassword
  343. PRLoginPass, PasswordExpired, FailRECExpiredPassword
  344. PRLoginPass, PasswordExpiredRootWithNew,FailRECExpiredPassword
  345. PRLoginPass, StandardPrompt, PRCheckAction1
  346.  
  347.  
  348. PRCheckAction1, ActionIsPreRec, END
  349. PRCheckAction1, ActionIsReconcile, Reconcile
  350.  
  351.  
  352. #############################################################################
  353. # RECONCILE PASSWORD PHASE
  354. #############################################################################
  355. Reconcile, TRUE, PRResetPass
  356.  
  357. PRResetPass, UnknownTargetUser, FailRECUnknownTargetUser
  358.  
  359. PRResetTrustedNewPass, NewPassword, PRSendNewPass
  360.  
  361. PRSendNewPass, BadNewPassword, FailRECInvalidNewPassword
  362. PRSendNewPass, VerifyNewPassword, PRVerifyNewPass
  363.  
  364. PRVerifyNewPass, BadNewPassword, FailRECRetypeNewPassword
  365. PRVerifyNewPass, PasswdSuccessfullyChanged,logout
  366. PRVerifyNewPass, StandardPrompt, logout
  367.  
  368. #logout and verify logon again
  369. logout, TRUE, InitVerifyLogon
  370. InitVerifyLogon, TRUE, CheckProtocol
  371.  
  372.  
  373. [CPM Parameters Validation]
  374. username, source=FILE, Mandatory=yes
  375. address, source=FILE, Mandatory=yes
  376. protocol, source=FILE, Mandatory=yes
  377. port, source=FILE, Mandatory=yes
  378. PromptsFileName, source=FILE, Mandatory=yes
  379. ProcessFileName, source=FILE, Mandatory=yes
  380. extrapass1\username, source=FILE, Mandatory=![string equal -nocase "<pmextrapass1>" ""]
  381. extrapass1\ManagementType, source=FILE, Mandatory=![string equal -nocase "<pmextrapass1>" ""]
  382. extrapass3\username,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
  383. extrapass3\ManagementType,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
  384. extrapass3\extrapass1\username,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3\pmextrapass1>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
  385. extrapass3\extrapass1\address,source=FILE, Mandatory=![string equal -nocase "<pmextrapass3\pmextrapass1>" ""]&&([string equal -nocase "<Action>" "reconcilepass"]||[string equal -nocase "<Action>" "prereconcilepass"])
  386.  
  387. [parameters]
  388. PromptTimeout=60
  389. #SendSlow=1 .001
  390. SendHuman=.1 .3 1 .05 2
  391. #Stty - valid values are one or more of: echo, raw, cooked, -echo, -raw, -cooked
  392. #Stty=
  393.  
  394. [Debug Information]
  395. DebugLogFullParsingInfo=no
  396. DebugLogFullExecutionInfo=no
  397. DebugLogDetailBuiltInActions=no
  398. ExpectLog=no
  399. ConsoleOutput=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!