topic Re: API "err_login_failed" in Firewall and Security Management

API "err_login_failed"

Moudar — Sat, 29 Jun 2024 13:01:01 GMT

I am trying to run this script on my SMS expert mode:

#!/bin/bash #vriables for login LOGIN="cpadmin" PASSWORD="Chkp!234" # Clear screen clear # Prompt for username if LOGIN is undefined if [ -z "$LOGIN" ]; then read -p "Please enter your username and press Enter: " LOGIN fi # Prompt for password if PASSWORD is undefined if [ -z "$PASSWORD" ]; then read -s -p "Password: " PASSWORD fi echo # Login to the API server and save session to file id.txt mgmt_cli login user "$LOGIN" password "$PASSWORD" > id.txt # Check if login was successful if [ $? -ne 0 ]; then echo "Login failed." cat id.txt exit 1 fi # Create network objects echo "Creating network objects" mgmt_cli -s id.txt add network name "A-MGMT-NET" subnet "10.1.1.0" subnet-mask "255.255.255.0" comments "Management" set-if-exists true ignore-warnings true mgmt_cli -s id.txt add network name "A-DMZ-NET" subnet "192.168.12.0" subnet-mask "255.255.255.0" comments "DMZ" set-if-exists true ignore-warnings true mgmt_cli -s id.txt add network name "A-INT-NET" subnet "192.168.11.0" subnet-mask "255.255.255.0" comments "Internal" set-if-exists true ignore-warnings true mgmt_cli -s id.txt add network name "A-WIFI-NET" subnet "192.168.13.0" subnet-mask "255.255.255.0" comments "WiFi" set-if-exists true ignore-warnings true # Logout mgmt_cli -s id.txt logout echo "Script execution completed."

I am getting this error:

if I try to login from expert mode only with this command:

mgmt_cli login user admin password CPL@b8110

I get this:

[Expert@CPSMS:0]# mgmt_cli login user admin password CPL@b8110 uid: "ba1910a5-ab62-4eff-88d5-18fbabf73808" sid: "SF_3IDzUm3KtLI_pksoPSliBVxkXCQ4N9SZAIz5MEAo" url: "https://127.0.0.1:443/web_api" session-timeout: 600 last-login-was-at: posix: 1719657035894 iso-8601: "2024-06-29T12:30+0200" api-server-version: "1.8" user-name: "admin" user-uid: "725333a3-ac40-46b5-8b44-ef17a83f8da3"

I have done what is in sk127572 but still have same problem!

Is there any way to run the script from Powershell?

Re: API "err_login_failed"

Timothy_Hall — Sat, 29 Jun 2024 13:31:00 GMT

Add set -x to line 2 of your script so you can see precisely how the variables are being substituted. I suspect the "!" symbol in the password is not being quoted correctly, if you take the "!" out of the password and make it Chkp234 does it work?

Re: API "err_login_failed"

Moudar — Sat, 29 Jun 2024 13:35:50 GMT

Now it is working,

It was the "!" in the password the problem

I have tested 'Chkp!234' but still problem

Re: API "err_login_failed"

Timothy_Hall — Sat, 29 Jun 2024 13:44:22 GMT

Try using single quotes around the password like this:

mgmt_cli login user "$LOGIN" password '$PASSWORD' > id.txt

If that doesn't work, turn off the history expansion function (which ! is trying to access) by adding a set +H at the start of your script.

Re: API "err_login_failed"

Duane_Toler — Wed, 03 Jul 2024 18:57:03 GMT

Unfortunately, that won't help. Single quotes in Bash prevents variable interpolation. The ! will need to be escaped and not quoted in any manner, or, preferably, don't use that kind of special character as a password (this is why.. also don't use these either:

% * @ # $ ^ & ( ) ' " < > /

Each of these have some special meaning in Bash and should be avoided. Bash is finicky about quotes and special characters and escapes:

[Expert@cpmgmt:0]# PASSWORD="Foo\!Bar" [Expert@cpmgmt:0]# echo $PASSWORD Foo\!Bar [Expert@cpmgmt:0]# PASSWORD=Foo\!Bar [Expert@cpmgmt:0]# echo $PASSWORD Foo!Bar

You can prompt for a password with a special character just fine:

[Expert@moon:0]# read -s -p "Password: " PASSWORD;echo Password: [Expert@moon:0]# echo "$PASSWORD" FOO!BAR

It's best to just avoid the whole ordeal, tho.

Besides, you never know what the back-end developer is doing to your input string, either. 🙁 You know those apps... the ones that do a SQL query somewhere and you throw in a "%" character. 😄

Such as this little gem that's always good for a laugh:

[Expert@cpmgmt:0]# FOO="3/0" [Expert@cpmgmt:0]# if (( $FOO )); then echo bar; fi -bash: 3/0 : division by 0 (error token is "0 ")