def login():
client_args = APIClientArgs(server=config.api_server)
client = APIClient(client_args)
client.debug_file = "api_calls.json"
if client.check_fingerprint() is False:
print(
"Could not get the server's fingerprint - Check connectivity with the server."
)
logging.warning(
"Could not get the server's fingerprint - Check connectivity with the server."
)
sys.exit(1)
login_res = client.login(config.username, config.password, "True",
config.domain)
if login_res.success is False:
print("Login failed: {}".format(login_res.error_message))
logging.warning("Login failed: {}".format(login_res.error_message))
sys.exit(1)
config.session = client
def process_args_and_login(parser=None,
client=None,
showparameter=None,
fields=None):
# initializing command line arguments and variables to be used later
args = args_initializer(parser=parser, param=showparameter)
global debug
global log_file
if not showparameter:
showparameter = args.showparameter[0] if args.showparameter else None
if not fields:
try:
fields = {
"whitelist": args.fields,
"blacklist": [],
"translate": []
}
except AttributeError:
fields = {"whitelist": [], "blacklist": [], "translate": []}
management = args.management[0] if args.management else None
domain = args.domain[0] if args.domain else None
debug = None
log_file = None
if args.debug[0] == "on":
debug = True
if (debug or __debug__) and args.log_file is not None:
try:
log_file = open(args.log_file, "wb")
except IOError:
debug_log(
"Could not open given log file for writing, sending debug information to stderr."
)
# open the output file if given one
output_file = open(args.output[0], "wb") if args.output else None
output_file_format = args.format[0].lower()
user_created = (args.user_created[0].lower()
== "true") if args.user_created else True
# trying to get login credentials
username, password, session_id = get_login_credentials(
args.username[0] if args.username else None,
args.password[0] if args.password else None,
args.session_id[0] if args.session_id else None,
args.session_file[0] if args.session_file else None,
args.root[0] if args.root else None)
debug_log(
"Got the following login credentials:\n Username: {0}\n Password: {1}\n Session ID: {2}"
.format(username, '*' * len(password) if password else None,
session_id))
if not args.root or args.root[0] == "true":
unsafe = (args.unsafe[0] == "true")
unsafe_auto_accept = (args.unsafe_auto_accept[0] == "true")
if not client:
client = APIClient(APIClientArgs(server=management))
if unsafe or (unsafe_auto_accept
and validate_fingerprint_without_prompt(
client, management, auto_accept=unsafe_auto_accept)
) or client.check_fingerprint():
login(client, management, domain, username, password, session_id)
else:
raise APIClientException(
"The server's fingerprint is different than your local record of it. The script cannot operate in this unsecure manner (unless running with --unsafe). Exiting..."
)
else:
login(client,
management,
domain,
session_id=session_id,
username=None,
password=None)
return output_file, output_file_format, user_created, client, args
class CP:
""" Wrapper for APIClientArgs, APIClient
Parameter: ip-addr mgmgt, username, password, optional domain,port
"""
def __init__(self, ipaddr, username, password, domain=None, port="443"):
self.api_server = ipaddr
self.username = username
self.password = password
self.port = port
#self.urlbase = "https://{ipaddr}:{port}/".format(ipaddr=self.ipaddr,port=self.port)
#self.timeout = timeout
if domain:
self.domain = domain
client_args = APIClientArgs(server=self.api_server, port=self.port)
self.client = APIClient(client_args)
if self.client.check_fingerprint() is False:
print(
"Could not get the server's fingerprint - Check connectivity with the server."
)
exit(1)
# login to server:
if domain:
login_res = self.client.login(self.username, self.password, False,
self.domain)
else:
login_res = self.client.login(self.username, self.password)
if login_res.success is False:
print("Login failed:\n{}".format(login_res.error_message))
exit(1)
# getting details from the user
def add_rule(self, mydict):
""" add rule
Parameter: name, payload
"""
# add a rule to the top of the "Network" layer
#add_rule_response = self.client.api_call("add-access-rule",
# {"name": rule_name, "layer": "Network", "position": "top"})
response = self.client.api_call("add-access-rule", mydict)
if response.success:
print("The rule: '{}' has been added successfully".format(
mydict['name']))
return (response)
else:
return (-1)
def get_hosts(self):
""" get hosts
parameter: none
returns list of hosts
"""
list_of_hosts = []
for x in range(100): # max 5000 hosts
offset = x * 500
response = self.client.api_call("show-hosts", {
"limit": 500,
"offset": offset,
"details-level": "standard"
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
mydict = response.as_dict()
tmp_list_of_hosts = mydict['data']['objects']
list_of_hosts = list_of_hosts + tmp_list_of_hosts
counthosts = len(tmp_list_of_hosts)
if counthosts < 500:
break
return (list_of_hosts)
def add_host(self, name, ipaddr):
""" add host
Parameter: name, ipaddr
"""
response = self.client.api_call(
"add-host", {
"name": name,
"ip-address": ipaddr,
'set-if-exists': True,
'ignore-warnings': True
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
print("host: {} added successfull".format(name))
return (0)
else:
return (-1)
def add_network(self, name, subnet, subnetmask):
""" add netork object
Parameter: name, subnet, subnetmask
"""
response = self.client.api_call("add-network", {
'name': name,
'subnet': subnet,
'subnet-mask': subnetmask
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
print("network: {} added successfull".format(name))
return (0)
else:
return (-1)
def add_service_tcp(self, name, port):
""" add service tcp
Parameter: name,port
"""
response = self.client.api_call(
"add-service-tcp", {
"name": name,
"port": port,
'set-if-exists': False,
'match-for-any': False
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
print("service: {} added successfull".format(name))
return (0)
else:
return (-1)
def add_service_udp(self, name, port):
""" add service udp
Parameter: name,port
"""
response = self.client.api_call(
"add-service-udp", {
"name": name,
"port": port,
'set-if-exists': False,
'match-for-any': False
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
print("service: {} added successfull".format(name))
return (0)
else:
return (-1)
def get_networks(self):
""" returns list of networks
"""
list_of_networks = []
for x in range(100): # max 5000 hosts
offset = x * 500
response = self.client.api_call("show-networks", {
"limit": 500,
"offset": offset,
"details-level": "standard"
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
mydict = response.as_dict()
num_networks = mydict['data']['total']
#print (mydict)
tmp_list_of_networks = mydict['res_obj']['data']['objects']
list_of_networks = list_of_networks + tmp_list_of_networks
count = len(tmp_list_of_networks)
if count < 500:
break
return (list_of_networks)
def get_services_tcp(self):
""" returns list of tcp services
"""
list_of_services = []
for x in range(100): # max 5000 hosts
offset = x * 500
response = self.client.api_call("show-services-tcp", {
"limit": 500,
"offset": offset,
"details-level": "standard"
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
mydict = response.as_dict()
num_networks = mydict['data']['total']
#print (mydict)
tmp_list_of_services = mydict['res_obj']['data']['objects']
list_of_services = list_of_services + tmp_list_of_services
count = len(tmp_list_of_services)
if count < 500:
break
return (list_of_services)
def get_services_udp(self):
""" returns list of udp services
"""
list_of_services = []
for x in range(100): # max 50000
offset = x * 500
response = self.client.api_call("show-services-udp", {
"limit": 500,
"offset": offset,
"details-level": "standard"
})
#pprint.pprint(response)
if response.success:
#print (len(response.as_dict()))
mydict = response.as_dict()
num_networks = mydict['data']['total']
#print (mydict)
tmp_list_of_services = mydict['res_obj']['data']['objects']
list_of_services = list_of_services + tmp_list_of_services
count = len(tmp_list_of_services)
if count < 500:
break
return (list_of_services)
def get_policy_packages(self):
""" POST {{server}}/show-packages
Content-Type: application/json
X-chkp-sid: {{session}}
{
"limit" : 50,
"offset" : 0,
"details-level" : "standard"
}
returns list of policy packages
"""
response = self.client.api_call("show-packages", {
"limit": 50,
"offset": 0,
"details-level": "standard"
})
if response.success:
#print (len(response.as_dict()))
mydict = response.as_dict()
tmp_list = mydict['res_obj']['data']['packages']
return (tmp_list)
def commit(self):
""" commit changes on management
"""
response = self.client.api_call("publish", {})
if response.success:
print("The changes were published successfully.")
return (0)
else:
print("Failed to publish the changes.")
return (-1)
def call_api(self, call, item=None):
""" Wrapper for api_call
callnmae e.g add-host
payload e.g {"name":"test123", "ip-address": "1.2.3.4"}
"""
if (item == None):
response = self.client.api_call(call)
else:
response = self.client.api_call(call, item)
if response.success:
print("The call was successfull.")
return (response)
else:
print("The call failed")
return (response)
def logout(self):
""" logout of management
"""
response = self.client.api_call("logout")
if response.success:
print("Logout was successfull.")
return (0)
else:
print("Logout failed")
return (-1)
def get_host_dict(self):
""" returns dictionary of hosts, index is IP-Address
"""
mylist = self.get_hosts()
obj_dictionary = {}
for host in mylist:
ipaddr = host.get("ipv4-address")
if ipaddr is None:
print(host["name"] + " has no IPv4 address. Skipping...")
continue
host_data = {"name": host["name"], "uid": host["uid"]}
if ipaddr in obj_dictionary:
obj_dictionary[ipaddr] += [host_data
] # '+=' modifies the list in place
else:
obj_dictionary[ipaddr] = [host_data]
return obj_dictionary
def get_network_dict(self):
""" returns dictionary of networks, index is subnet
"""
obj_dictionary = {}
mylist = self.get_networks()
for network in mylist:
subnet = network.get("subnet4")
if subnet is None:
continue
else:
netmask = network.get("subnet-mask")
network_data = {
"name": network["name"],
"uid": network["uid"],
"subnet4": network["subnet4"],
"subnet-mask": network["subnet-mask"]
}
if subnet in obj_dictionary:
obj_dictionary[subnet] += [network_data]
else:
obj_dictionary[subnet] = [network_data]
return (obj_dictionary)
def get_tcp_services_dict(self):
""" returns dictionary of tcp services, index is Name
"""
obj_dictionary = {}
mylist = self.get_services_tcp()
""" {'uid': '24de2cde-dfcd-4c9b-9124-492ac4bedba7', 'name': 'Xanadu', 'type': 'service-tcp', 'domain': {'uid': 'a0bbbc99-adef-4ef8-bb6d-defdefdefdef', 'name': 'Check Point Data',
'domain-type': 'data domain'}, 'port': '1031'} """
for service in mylist:
port = service.get("port")
name = service.get("name")
if port is None:
continue
service_data = {
"name": service["name"],
"uid": service["uid"],
"port": service["port"]
}
if name in obj_dictionary:
obj_dictionary[name] += [service_data]
else:
obj_dictionary[name] = [service_data]
return (obj_dictionary)
def get_udp_services_dict(self):
""" returns dictionary of udp services, index is Name
"""
obj_dictionary = {}
mylist = self.get_services_udp()
""" {'uid': '24de2cde-dfcd-4c9b-9124-492ac4bedba7', 'name': 'Xanadu', 'type': 'service-tcp', 'domain': {'uid': 'a0bbbc99-adef-4ef8-bb6d-defdefdefdef', 'name': 'Check Point Data',
'domain-type': 'data domain'}, 'port': '1031'} """
for service in mylist:
port = service.get("port")
name = service.get("name")
if port is None:
continue
service_data = {
"name": service["name"],
"uid": service["uid"],
"port": service["port"]
}
if name in obj_dictionary:
obj_dictionary[name] += [service_data]
else:
obj_dictionary[name] = [service_data]
return (obj_dictionary)
