|
Answer» I wrote a batch script that does a few things:
1) Runs a password generator: InitToken.exe
2) Encrypts the password and writes it to file.
3) Takes 6 command line argumetns and together with the encrypted password attemtps to write all these to a file add.ldif under different fields for entry into an ldap database.
Now problem is in writing the encrypted password onto the add.ldif file. This seems to be an issue only when I pass the valid arguments to the batch file. If I do not pass any arguments to the batch file this works perfectly but ofcourse i need the arguments to fill in the other fields in the add.ldif file.
HERE IS THE SOURCE
--------------------------------------------------------------------------------------------------
@echo off
echo hey >> temp.txt
del temp.txt add.ldif
set var=""
InitToken.exe | FINDSTR /b "SO" >> temp.txt
For /F "tokens=1,2 delims= " %%a In (temp.txt) Do (
set var=%%b
)
del temp.txt
echo %var%
echo %var% >> temp.txt
openssl des3 -in temp.txt -out pass.des3
del temp.txt
echo dn: cn=%~1,dc=fork,dc=bomb,dc=me >>add.ldif
echo objectclass:top >> add.ldif
echo objectclass: adminauthsession >> add.ldif
echo cn: %~1 >> add.ldif
echo isams: %3 >> add.ldif
echo isrosi: %4 >> add.ldif
echo isauthadmin: %5 >> add.ldif
echo rosilogin: %6 >>add.ldif
echo adminemail: %2 >> add.ldif
echo etokensmartcardid: 23 11 b8 0d 2a 23 >> add.ldif
For /F "delims=" %%a In (pass.des3) Do (
set var=%%a
)
echo etokenadminpassword: %var% >> add.ldif
ldapadd -x -h fres.cdd.mortib.ca -D 'cn=Manager,dc=fork,dc=bomb,dc=me' -W -f
add.ldif
@echo on
--------------------------------------------------------------------------------------
Any suggestions other than porting this one function of adding the last password line into the file seperately in another batch file?
My first thoughts would be - what values are you passing into this batch ? it is possible that the token generator is creating characters that cannot be passed on the commandline, are spaces or tabs generated ?
GrahamThe token generator simply generates a random number between 1000 and 9999. This is then encrypted using the des3 encryption engine and becomes something like this:
Salted__b®µmðõwÌÝø)-+D«·s«*‹ˆó
I know this is a little iffy when writing into a TEXT file, but it sowrks just fine as long as I run
so_pin.bat
but not when I run it as it should be
so_pin.bat "Hisham Aziz" [emailprotected] FALSE FALSE TRUE shammer
with all the proper command line argumentsComment out the @echo off and paste the results of running that command line here
C:\PKI\Ver1\NSIS>so_pin.bat "Bob Jones" [emailprotected] FALSE FALSE TRUE bob
C:\PKI\Ver1\NSIS>echo hey 1>>temp.txt
C:\PKI\Ver1\NSIS>del temp.txt add.ldif
C:\PKI\Ver1\NSIS>set var=""
C:\PKI\Ver1\NSIS>InitToken.exe | findstr /b "SO" 1>>temp.txt
C:\PKI\Ver1\NSIS>For /F "tokens=1,2 delims= " %a In (temp.txt) Do (set var=%b
)
C:\PKI\Ver1\NSIS>(set var=7677 )
C:\PKI\Ver1\NSIS>del temp.txt
C:\PKI\Ver1\NSIS>echo 7677
7677
C:\PKI\Ver1\NSIS>echo 7677 1>>temp.txt
C:\PKI\Ver1\NSIS>openssl des3 -in temp.txt -out pass.des3
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
C:\PKI\Ver1\NSIS>del temp.txt
C:\PKI\Ver1\NSIS>echo dn: cn=Bob Jones,dc=adminauth,dc=utoronto,dc=ca 1>>add.ld
if
C:\PKI\Ver1\NSIS>echo objectclass:top 1>>add.ldif
C:\PKI\Ver1\NSIS>echo objectclass: adminauthsession 1>>add.ldif
C:\PKI\Ver1\NSIS>echo cn: Bob Jones 1>>add.ldif
C:\PKI\Ver1\NSIS>echo isams: FALSE 1>>add.ldif
C:\PKI\Ver1\NSIS>echo isrosi: FALSE 1>>add.ldif
C:\PKI\Ver1\NSIS>echo isauthadmin: TRUE 1>>add.ldif
C:\PKI\Ver1\NSIS>echo rosilogin: bob 1>>add.ldif
C:\PKI\Ver1\NSIS>echo adminemail: [emailprotected] 1>>add.ldif
C:\PKI\Ver1\NSIS>echo etokensmartcardid: 23 11 b8 0d 2a 23 1>>add.ldif
C:\PKI\Ver1\NSIS>For /F "delims=" %a In (pass.des3) Do (set var=%a )
C:\PKI\Ver1\NSIS>(set var=Salted__╔╡æ╤º|ï⌐^M↑÷§⌠╓âxò┤&l╝u╥ )
C:\PKI\Ver1\NSIS>echo etokenadminpassword: Salted__╔╡æ╤º | ï⌐M↑÷§⌠╓âxò┤ & l╝u╥
1>>add.ldif
'ï⌐M↑÷§⌠╓âxò┤' is not recognized as an internal or external command,
operable program or batch file.
C:\PKI\Ver1\NSIS>
----------------------------------------------
Ok i ran this exact command twice. The first time around it worked with the cmd line arguments so thats not it. So clearly it is the des3 encrypted text that was a problem. Any way i can put some sort of marker around it say " " to tell the batch compiler that its a special phrase or something?I am not sure that you can.
The token generator has placed a pipe "|" character on the command line, the command processor sees this first and tries to parse it, in effect, 'forgetting' that it is all part of a string.
you can echo ^|> myfile - the ^ 'escapes' the control character. You might be ABLE to edit the string to replace | chars with ^| (likewise < & >), something like this
set var=%var:^|=^^^|%
set var=%var:^>=^^^>%
set var=%var:^<=^^^<%
try it and see
Graham
|
