This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
MVP Silver
MVP Silver
‎2024-06-29 06:01 AM

API "err_login_failed"

Hi

I am trying to run this script on my SMS expert mode:

#!/bin/bash
 
#vriables for login
LOGIN="cpadmin"
PASSWORD="Chkp!234"
 
# Clear screen
clear
 
# Prompt for username if LOGIN is undefined
if [ -z "$LOGIN" ]; then
  read -p "Please enter your username and press Enter: " LOGIN
fi
 
# Prompt for password if PASSWORD is undefined
if [ -z "$PASSWORD" ]; then
  read -s -p "Password: " PASSWORD
fi
echo
 
# Login to the API server and save session to file id.txt
mgmt_cli login user "$LOGIN" password "$PASSWORD" > id.txt
 
# Check if login was successful
if [ $? -ne 0 ]; then
  echo "Login failed."
  cat id.txt
  exit 1
fi
 
# Create network objects
echo "Creating network objects"
mgmt_cli -s id.txt add network name "A-MGMT-NET" subnet "10.1.1.0" subnet-mask "255.255.255.0" comments "Management" set-if-exists true ignore-warnings true
mgmt_cli -s id.txt add network name "A-DMZ-NET" subnet "192.168.12.0" subnet-mask "255.255.255.0" comments "DMZ" set-if-exists true ignore-warnings true
mgmt_cli -s id.txt add network name "A-INT-NET" subnet "192.168.11.0" subnet-mask "255.255.255.0" comments "Internal" set-if-exists true ignore-warnings true
mgmt_cli -s id.txt add network name "A-WIFI-NET" subnet "192.168.13.0" subnet-mask "255.255.255.0" comments "WiFi" set-if-exists true ignore-warnings true
 
# Logout
mgmt_cli -s id.txt logout
 
echo "Script execution completed."

 

I am getting this error:

Login failed.
code: "err_login_failed"
message: "Authentication to server failed."

if I try to login from expert mode only with this command:

mgmt_cli login user admin password CPL@b8110

I get this:

 

[Expert@CPSMS:0]# mgmt_cli login user admin password CPL@b8110
uid: "ba1910a5-ab62-4eff-88d5-18fbabf73808"
sid: "SF_3IDzUm3KtLI_pksoPSliBVxkXCQ4N9SZAIz5MEAo"
url: "https://127.0.0.1:443/web_api"
session-timeout: 600
last-login-was-at:
  posix: 1719657035894
  iso-8601: "2024-06-29T12:30+0200"
api-server-version: "1.8"
user-name: "admin"
user-uid: "725333a3-ac40-46b5-8b44-ef17a83f8da3"

 

I have done what is in sk127572 but still have same problem!

Is there any way to run the script from Powershell?

0 Kudos
4 Replies
Timothy_Hall
MVP Gold
MVP Gold
‎2024-06-29 06:31 AM

Add set -x to line 2 of your script so you can see precisely how the variables are being substituted.  I suspect the "!" symbol in the password is not being quoted correctly, if you take the "!" out of the password and make it Chkp234 does it work?

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
Moudar
MVP Silver
MVP Silver
‎2024-06-29 06:35 AM
In response to Timothy_Hall

Now it is working,

It was the "!" in the password the problem

I have tested 'Chkp!234' but still problem

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2024-06-29 06:44 AM
In response to Moudar

Try using single quotes around the password like this:

mgmt_cli login user "$LOGIN" password '$PASSWORD' > id.txt

If that doesn't work, turn off the history expansion function (which ! is trying to access) by adding a set +H at the start of your script.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
0 Kudos
Duane_Toler
MVP Silver
MVP Silver
‎2024-07-03 11:57 AM
In response to Timothy_Hall

Unfortunately, that won't help.  Single quotes in Bash prevents variable interpolation.  The ! will need to be escaped and not quoted in any manner, or, preferably, don't use that kind of special character as a password (this is why.. also don't use these either:

% * @ # $ ^ & ( ) ' " < > /

Each of these have some special meaning in Bash and should be avoided.  Bash is finicky about quotes and special characters and escapes:

[Expert@cpmgmt:0]# PASSWORD="Foo\!Bar"
[Expert@cpmgmt:0]# echo $PASSWORD
Foo\!Bar
[Expert@cpmgmt:0]# PASSWORD=Foo\!Bar 
[Expert@cpmgmt:0]# echo $PASSWORD
Foo!Bar

You can prompt for a password with a special character just fine:

[Expert@moon:0]# read -s -p "Password: " PASSWORD;echo
Password: 
[Expert@moon:0]# echo "$PASSWORD"
FOO!BAR

It's best to just avoid the whole ordeal, tho.

Besides, you never know what the back-end developer is doing to your input string, either. 🙁  You know those apps... the ones that do a SQL query somewhere and you throw in a "%" character. 😄 

Such as this little gem that's always good for a laugh:

[Expert@cpmgmt:0]# FOO="3/0"
[Expert@cpmgmt:0]# if (( $FOO )); then echo bar; fi
-bash: 3/0  : division by 0 (error token is "0  ")

 

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events