def login(): client_args = APIClientArgs(server=config.api_server) client = APIClient(client_args) client.debug_file = "api_calls.json" if client.check_fingerprint() is False: print( "Could not get the server's fingerprint - Check connectivity with the server." ) logging.warning( "Could not get the server's fingerprint - Check connectivity with the server." ) sys.exit(1) login_res = client.login(config.username, config.password, "True", config.domain) if login_res.success is False: print("Login failed: {}".format(login_res.error_message)) logging.warning("Login failed: {}".format(login_res.error_message)) sys.exit(1) config.session = client
def process_args_and_login(parser=None, client=None, showparameter=None, fields=None): # initializing command line arguments and variables to be used later args = args_initializer(parser=parser, param=showparameter) global debug global log_file if not showparameter: showparameter = args.showparameter[0] if args.showparameter else None if not fields: try: fields = { "whitelist": args.fields, "blacklist": [], "translate": [] } except AttributeError: fields = {"whitelist": [], "blacklist": [], "translate": []} management = args.management[0] if args.management else None domain = args.domain[0] if args.domain else None debug = None log_file = None if args.debug[0] == "on": debug = True if (debug or __debug__) and args.log_file is not None: try: log_file = open(args.log_file, "wb") except IOError: debug_log( "Could not open given log file for writing, sending debug information to stderr." ) # open the output file if given one output_file = open(args.output[0], "wb") if args.output else None output_file_format = args.format[0].lower() user_created = (args.user_created[0].lower() == "true") if args.user_created else True # trying to get login credentials username, password, session_id = get_login_credentials( args.username[0] if args.username else None, args.password[0] if args.password else None, args.session_id[0] if args.session_id else None, args.session_file[0] if args.session_file else None, args.root[0] if args.root else None) debug_log( "Got the following login credentials:\n Username: {0}\n Password: {1}\n Session ID: {2}" .format(username, '*' * len(password) if password else None, session_id)) if not args.root or args.root[0] == "true": unsafe = (args.unsafe[0] == "true") unsafe_auto_accept = (args.unsafe_auto_accept[0] == "true") if not client: client = APIClient(APIClientArgs(server=management)) if unsafe or (unsafe_auto_accept and validate_fingerprint_without_prompt( client, management, auto_accept=unsafe_auto_accept) ) or client.check_fingerprint(): login(client, management, domain, username, password, session_id) else: raise APIClientException( "The server's fingerprint is different than your local record of it. The script cannot operate in this unsecure manner (unless running with --unsafe). Exiting..." ) else: login(client, management, domain, session_id=session_id, username=None, password=None) return output_file, output_file_format, user_created, client, args
class CP: """ Wrapper for APIClientArgs, APIClient Parameter: ip-addr mgmgt, username, password, optional domain,port """ def __init__(self, ipaddr, username, password, domain=None, port="443"): self.api_server = ipaddr self.username = username self.password = password self.port = port #self.urlbase = "https://{ipaddr}:{port}/".format(ipaddr=self.ipaddr,port=self.port) #self.timeout = timeout if domain: self.domain = domain client_args = APIClientArgs(server=self.api_server, port=self.port) self.client = APIClient(client_args) if self.client.check_fingerprint() is False: print( "Could not get the server's fingerprint - Check connectivity with the server." ) exit(1) # login to server: if domain: login_res = self.client.login(self.username, self.password, False, self.domain) else: login_res = self.client.login(self.username, self.password) if login_res.success is False: print("Login failed:\n{}".format(login_res.error_message)) exit(1) # getting details from the user def add_rule(self, mydict): """ add rule Parameter: name, payload """ # add a rule to the top of the "Network" layer #add_rule_response = self.client.api_call("add-access-rule", # {"name": rule_name, "layer": "Network", "position": "top"}) response = self.client.api_call("add-access-rule", mydict) if response.success: print("The rule: '{}' has been added successfully".format( mydict['name'])) return (response) else: return (-1) def get_hosts(self): """ get hosts parameter: none returns list of hosts """ list_of_hosts = [] for x in range(100): # max 5000 hosts offset = x * 500 response = self.client.api_call("show-hosts", { "limit": 500, "offset": offset, "details-level": "standard" }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) mydict = response.as_dict() tmp_list_of_hosts = mydict['data']['objects'] list_of_hosts = list_of_hosts + tmp_list_of_hosts counthosts = len(tmp_list_of_hosts) if counthosts < 500: break return (list_of_hosts) def add_host(self, name, ipaddr): """ add host Parameter: name, ipaddr """ response = self.client.api_call( "add-host", { "name": name, "ip-address": ipaddr, 'set-if-exists': True, 'ignore-warnings': True }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) print("host: {} added successfull".format(name)) return (0) else: return (-1) def add_network(self, name, subnet, subnetmask): """ add netork object Parameter: name, subnet, subnetmask """ response = self.client.api_call("add-network", { 'name': name, 'subnet': subnet, 'subnet-mask': subnetmask }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) print("network: {} added successfull".format(name)) return (0) else: return (-1) def add_service_tcp(self, name, port): """ add service tcp Parameter: name,port """ response = self.client.api_call( "add-service-tcp", { "name": name, "port": port, 'set-if-exists': False, 'match-for-any': False }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) print("service: {} added successfull".format(name)) return (0) else: return (-1) def add_service_udp(self, name, port): """ add service udp Parameter: name,port """ response = self.client.api_call( "add-service-udp", { "name": name, "port": port, 'set-if-exists': False, 'match-for-any': False }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) print("service: {} added successfull".format(name)) return (0) else: return (-1) def get_networks(self): """ returns list of networks """ list_of_networks = [] for x in range(100): # max 5000 hosts offset = x * 500 response = self.client.api_call("show-networks", { "limit": 500, "offset": offset, "details-level": "standard" }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) mydict = response.as_dict() num_networks = mydict['data']['total'] #print (mydict) tmp_list_of_networks = mydict['res_obj']['data']['objects'] list_of_networks = list_of_networks + tmp_list_of_networks count = len(tmp_list_of_networks) if count < 500: break return (list_of_networks) def get_services_tcp(self): """ returns list of tcp services """ list_of_services = [] for x in range(100): # max 5000 hosts offset = x * 500 response = self.client.api_call("show-services-tcp", { "limit": 500, "offset": offset, "details-level": "standard" }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) mydict = response.as_dict() num_networks = mydict['data']['total'] #print (mydict) tmp_list_of_services = mydict['res_obj']['data']['objects'] list_of_services = list_of_services + tmp_list_of_services count = len(tmp_list_of_services) if count < 500: break return (list_of_services) def get_services_udp(self): """ returns list of udp services """ list_of_services = [] for x in range(100): # max 50000 offset = x * 500 response = self.client.api_call("show-services-udp", { "limit": 500, "offset": offset, "details-level": "standard" }) #pprint.pprint(response) if response.success: #print (len(response.as_dict())) mydict = response.as_dict() num_networks = mydict['data']['total'] #print (mydict) tmp_list_of_services = mydict['res_obj']['data']['objects'] list_of_services = list_of_services + tmp_list_of_services count = len(tmp_list_of_services) if count < 500: break return (list_of_services) def get_policy_packages(self): """ POST {{server}}/show-packages Content-Type: application/json X-chkp-sid: {{session}} { "limit" : 50, "offset" : 0, "details-level" : "standard" } returns list of policy packages """ response = self.client.api_call("show-packages", { "limit": 50, "offset": 0, "details-level": "standard" }) if response.success: #print (len(response.as_dict())) mydict = response.as_dict() tmp_list = mydict['res_obj']['data']['packages'] return (tmp_list) def commit(self): """ commit changes on management """ response = self.client.api_call("publish", {}) if response.success: print("The changes were published successfully.") return (0) else: print("Failed to publish the changes.") return (-1) def call_api(self, call, item=None): """ Wrapper for api_call callnmae e.g add-host payload e.g {"name":"test123", "ip-address": "1.2.3.4"} """ if (item == None): response = self.client.api_call(call) else: response = self.client.api_call(call, item) if response.success: print("The call was successfull.") return (response) else: print("The call failed") return (response) def logout(self): """ logout of management """ response = self.client.api_call("logout") if response.success: print("Logout was successfull.") return (0) else: print("Logout failed") return (-1) def get_host_dict(self): """ returns dictionary of hosts, index is IP-Address """ mylist = self.get_hosts() obj_dictionary = {} for host in mylist: ipaddr = host.get("ipv4-address") if ipaddr is None: print(host["name"] + " has no IPv4 address. Skipping...") continue host_data = {"name": host["name"], "uid": host["uid"]} if ipaddr in obj_dictionary: obj_dictionary[ipaddr] += [host_data ] # '+=' modifies the list in place else: obj_dictionary[ipaddr] = [host_data] return obj_dictionary def get_network_dict(self): """ returns dictionary of networks, index is subnet """ obj_dictionary = {} mylist = self.get_networks() for network in mylist: subnet = network.get("subnet4") if subnet is None: continue else: netmask = network.get("subnet-mask") network_data = { "name": network["name"], "uid": network["uid"], "subnet4": network["subnet4"], "subnet-mask": network["subnet-mask"] } if subnet in obj_dictionary: obj_dictionary[subnet] += [network_data] else: obj_dictionary[subnet] = [network_data] return (obj_dictionary) def get_tcp_services_dict(self): """ returns dictionary of tcp services, index is Name """ obj_dictionary = {} mylist = self.get_services_tcp() """ {'uid': '24de2cde-dfcd-4c9b-9124-492ac4bedba7', 'name': 'Xanadu', 'type': 'service-tcp', 'domain': {'uid': 'a0bbbc99-adef-4ef8-bb6d-defdefdefdef', 'name': 'Check Point Data', 'domain-type': 'data domain'}, 'port': '1031'} """ for service in mylist: port = service.get("port") name = service.get("name") if port is None: continue service_data = { "name": service["name"], "uid": service["uid"], "port": service["port"] } if name in obj_dictionary: obj_dictionary[name] += [service_data] else: obj_dictionary[name] = [service_data] return (obj_dictionary) def get_udp_services_dict(self): """ returns dictionary of udp services, index is Name """ obj_dictionary = {} mylist = self.get_services_udp() """ {'uid': '24de2cde-dfcd-4c9b-9124-492ac4bedba7', 'name': 'Xanadu', 'type': 'service-tcp', 'domain': {'uid': 'a0bbbc99-adef-4ef8-bb6d-defdefdefdef', 'name': 'Check Point Data', 'domain-type': 'data domain'}, 'port': '1031'} """ for service in mylist: port = service.get("port") name = service.get("name") if port is None: continue service_data = { "name": service["name"], "uid": service["uid"], "port": service["port"] } if name in obj_dictionary: obj_dictionary[name] += [service_data] else: obj_dictionary[name] = [service_data] return (obj_dictionary)