Differences between current version and predecessor to the previous major change of KnowledgeBase/Scripts/owa-passwd.

Other diffs: Previous Revision, Previous Author

Newer page: version 2 Last edited on Tuesday, 15 June 2010 11:52:15 by CyberLeo
Older page: version 1 Last edited on Monday, 1 February 2010 12:21:56 by CyberLeo Revert
@@ -1,9 +1,10 @@
-<code brush=bash> 
+<code brush=" bash"
 #!/bin/sh 
  
 passwdhost="owa.example.com/owa" 
  
+# Initialize cookiejar and certificate store for OWA RPC  
 init() { 
  cookiejar="$(mktemp cookie.jar.XXXXXXXX)" 
  certstore="$(mktemp gd_bundle.crt.XXXXXXXX)" 
  cat > "${certstore}" <<EOF 
@@ -81,17 +82,20 @@
 EOF 
  trap "rm -f '${cookiejar}' '${certstore}'" exit hup int term kill 
 
  
+# shlib: print an informational message  
 meh() { 
  printf "%s\n" "${*}" >&2 
 
  
+# shlib: bailout with error message  
 omg() { 
  [ "${#}" -gt 0 ] && printf "\n%s\n" "${*}" >&2 
  exit 1 
 
  
+# Help  
 pebkac() { 
  if [ "${#}" -gt 0 ] 
  then 
  meh "${*}" 
@@ -112,8 +116,9 @@
  meh "" 
  omg 
 
  
+# Initiate an RPC request to OWA  
 take_cannoli() { 
  user="${1}" 
  pass="${2}" 
  post="${3}" 
@@ -141,12 +146,14 @@
  
  return 0 
 
  
+# Steal a canary from OWA  
 steal_canary() { 
  take_cannoli "${user}" "${pass}" | sed -e 's/^.*name="hidcanary" value="\([^"]*\)".*$/#\1/; /^[^#]/d; s/^#//' 
 
  
+# Change OWA password  
 chpass() { 
  user="${1}" 
  pass="${2}" 
  newpass="${3}" 
@@ -159,8 +166,9 @@
  _res="${?}" 
  return "${_res}" 
 
  
+# Rotate OWA password through ${times} changes  
 owa_passwd() { 
  username="${1}" 
  password="${2}" 
  times="${3:-5}" 
@@ -191,6 +199,5 @@
 
  
 [ "${1}" = '-h' ] && pebkac 
 owa_passwd "${@}" || omg "Something failed! Read the errors carefully!" 
-  
 </code> 

current version

#!/bin/sh

passwdhost="owa.example.com/owa"

# Initialize cookiejar and certificate store for OWA RPC
init() {
  cookiejar="$(mktemp cookie.jar.XXXXXXXX)"
  certstore="$(mktemp gd_bundle.crt.XXXXXXXX)"
  cat > "${certstore}" <<EOF
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIQRscnw5bZXG06EIMM4UWsrjANBgkqhkiG9w0BAQUFADCB
sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA4MDMwMzAwMDAw
MFoXDTEwMDMwMzIzNTk1OVowgZMxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhh
czETMBEGA1UEBxQKRm9ydCBXb3J0aDEpMCcGA1UEChQgQ2FzaCBBbWVyaWNhIElu
dGVybmF0aW9uYWwsIEluYy4xGzAZBgNVBAsUEk5ldHdvcmsgT3BlcmF0aW9uczEX
MBUGA1UEAxQOb3dhLmNhc2hhbS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAKNU+cBxNwM417bLTNT8b3pBn4GAwwedm1l/fUHuqBD6RXgEXXrbRUBKWpbn
yvVk/38721hwSxpkTpZBIlHfgRA0bx9aQtCZKlD3a3C5Vk67QqRakEiBu5aNveou
6jjIj+wgqa79je4SaG8QS9N3nEnPiB9mub+G3/OrnqxE5PCzAgMBAAGjggHTMIIB
zzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBEBgNVHR8EPTA7MDmgN6A1hjNodHRw
Oi8vU1ZSU2VjdXJlLWNybC52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlMjAwNS5jcmww
RAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczov
L3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAfBgNVHSMEGDAWgBRv7K+g3Yqk7/UqEGctP1WCvNfvJTB5BggrBgEFBQcB
AQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBDBggr
BgEFBQcwAoY3aHR0cDovL1NWUlNlY3VyZS1haWEudmVyaXNpZ24uY29tL1NWUlNl
Y3VyZTIwMDUtYWlhLmNlcjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFn
ZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRw
Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJKoZIhvcNAQEFBQAD
ggEBAI+wusO7VsNCS149VUlxypCJfm94/5edrAz0gvRWqDA1sOwUDZDsu6f3ugai
47ggcLi/2FG4bf8nwndG1x1KwmC7TgUnmIXXAm0lXipeDUa0scP9vex3N4YR5yqS
Swvetveg3Cc/8GAR/wHjCs/pLD1Fh1zpo2+Y525Fm2StByGPI5ayLrI+ZDauc6Ci
WRgYUaXRkzfX84FOzxMcIBfcUUPVtelpefazujtN/KRja+Q1v4ZJgjuj9ixK0ItL
ZN1eXIY7+Shcv3JmAPOz1KsgNLrk7BitJ9OyrdXEsNOKC/usfZwyFa4Stpig0P+W
N23ILAQBYggPjzGi6pvxtBGyDMM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDUwMTE5MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBsDELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu
dmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMhVmVyaVNpZ24gQ2xhc3Mg
MyBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlcMhEo5AxQ0BX3ZeZpTZcyxYGSK4yfx6OZAqd3J8HT732FXjr0LLhzAC3Fus
cOa4RLQrNeuT0hcFfstG1lxToDJRnXRkWPkMmgDqXkRJZHL0zRDihQr5NO6ziGap
paRa0A6Yf1gNK1K7hql+LvqySHyN2y1fAXWijQY7i7RhB8m+Ipn4G9G1V2YETTX0
kXGWtZkIJZuXyDrzILHdnpgMSmO3ps6wAc74k2rzDG6fsemEe4GYQeaB3D0s57Rr
4578CBbXs9W5ZhKZfG1xyE2+xw/j+zet1XWHIWuG0EQUWlR5OZZpVsm5Mc2JYVjh
2XYFBa33uQKvp/1HkaIiNFox0QIDAQABo4IBgTCCAX0wEgYDVR0TAQH/BAgwBgEB
/wIBADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0
dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0
cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBEG
CWCGSAGG+EIBAQQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRQ2xhc3Mz
Q0EyMDQ4LTEtNDUwHQYDVR0OBBYEFG/sr6DdiqTv9SoQZy0/VYK81+8lMIGABgNV
HSMEeTB3oWOkYTBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu
Yy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHmCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQEFBQADgYEA
w34IRl2RNs9n3Nenr6+4IsOLBHTTsWC85v63RBKBWzFzFGNWxnIu0RoDQ1w4ClBK
Tc3athmo9JkNr+P32PF1KGX2av6b9L1S2T/L2hbLpZ4ujmZSeD0m+v6UNohKlV4q
TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
-----END CERTIFICATE-----
EOF
  trap "rm -f '${cookiejar}' '${certstore}'" exit hup int term kill
}

# shlib: print an informational message
meh() {
  printf "%s\n" "${*}" >&2
}

# shlib: bailout with error message
omg() {
  [ "${#}" -gt 0 ] && printf "\n%s\n" "${*}" >&2
  exit 1
}

# Help
pebkac() {
  if [ "${#}" -gt 0 ]
  then
    meh "${*}"
    meh ""
  fi
  meh "Usage: $(basename "${0}") <username> <password> [times]"
  meh "This utility will shuffle your Exchange password via Outlook Web Access"
  meh "through an arbitrary  number of resettings, to thwart silly"
  meh "password reusage restrictions."
  meh ""
  meh ""
  meh "******* WARNING ********"
  meh "This script will RESET YOUR PASSWORD!"
  meh "PAY ATTENTION to the output! If it fails halfway through, you will NEED to"
  meh " know the last password it was successfully set to, so you can fix it yourself!"
  meh " If you do not pay attention, expect to contact helpdesk for a password reset."
  meh "******* WARNING ********"
  meh ""
  omg
}

# Initiate an RPC request to OWA
take_cannoli() {
  user="${1}"
  pass="${2}"
  post="${3}"

  cmd="$(printf '/usr/bin/wget -qO- --ca-certificate="%s" --load-cookies="%s" --save-cookies="%s" --keep-session-cookies --http-user="%s" --http-password="%s" "https://${passwdhost}/?ae=Options&t=ChangePassword"' "${certstore}" "${cookiejar}" "${cookiejar}" "${user}" "${pass}")"
  [ -n "${post}" ] && cmd="${cmd}""$(printf ' --post-data="%s"' "${post}")"

  res="$(eval "${cmd}")"
  _res=$?

  if [ "${_res}" -gt 0 ]
  then
    meh "Service error: failed with status ${_res}"
    return "${_res}"
  fi

  echo "${res}"

  error="$(echo "${res}" | grep 'dvErr' | sed -e 's/^.*<h1>\([^<]*\)<.*$/\1/')"
  if [ "${error}" ]
  then
    meh "${error}"
    return 1
  fi

  return 0
}

# Steal a canary from OWA
steal_canary() {
  take_cannoli "${user}" "${pass}" | sed -e 's/^.*name="hidcanary" value="\([^"]*\)".*$/#\1/; /^[^#]/d; s/^#//'
}

# Change OWA password
chpass() {
  user="${1}"
  pass="${2}"
  newpass="${3}"

  canary=$(steal_canary)
  [ -z "${canary}" ] && return 1
  echo "Got canary ${canary}"
  post="$(printf 'hidpnst=&txtOldPwd=%s&txtNewPwd=%s&txtConfirmPwd=%s&hidcmdpst=save&hidcanary=%s' "${pass}" "${newpass}" "${newpass}" "${canary}")"
  res=$(take_cannoli "${user}" "${pass}" "${post}")
  _res="${?}"
  return "${_res}"
}

# Rotate OWA password through ${times} changes
owa_passwd() {
  username="${1}"
  password="${2}"
  times="${3:-5}"

  [ "${username}" -a "${password}" ] || pebkac
  case "${times}" in
  [0-9]*)
    true ;;
  *)
    pebkac "'times should be an integer" ;;
  esac

  init

  oldpass="${password}"
  newpass=""
  for iter in $(seq 1 "${times}")
  do
    newpass="$(printf '%s_%02u' "${password}" "${iter}")"
    echo "chpass: ${oldpass} -> ${newpass}"
    chpass "${username}" "${oldpass}" "${newpass}" || return 1
    sleep 1
    oldpass="${newpass}"
  done
  echo "chpass ${oldpass} -> ${password}"
  chpass "${username}" "${oldpass}" "${password}" || return 1
  return 0
}

[ "${1}" = '-h' ] && pebkac
owa_passwd "${@}" || omg "Something failed! Read the errors carefully!"