Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Python SDK - getting username and password (without hard coding)

BernardEAI
Communicator
‎11-16-2020 04:29 AM

Hi

I'm trying to get the username and password of the user calling a python script from the search bar in the Splunk UI. I need this to log into smtp to send an email (smtp.login(username, password)).

I need to make use of SCPv2, so the

 results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults() 

route is not an option. I can get the authenticated session connection via the self object (self.service). I though I should be able to get the username and password using "storage_passwords", however when I use that and output the username and password to the logger, I see the following:

Username:Windows_Usage``splunk_cred_sep``2 Password:``splunk_cred_sep``S``splunk_cred_sep``P``splunk_cred_sep``L``splunk_cred_sep``U``splunk_cred_sep``N``splunk_cred_sep``K``splunk_cred_sep``

It looks like the username and password is encrypted in some way? If I try to use those credentials, I get a "[HTTP 401] Client is not authenticated" error. Looking at the capabilities o the user, I see that "list_storage_passwords" is included.

Any ideas on how I can get the username and password? If I hardcode the username and password everything works, but I do not like to have passwords in script files.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

BernardEAI
Communicator
‎11-16-2020 11:38 PM

@Patrick_Peeters  I have determined that those passwords are encrypted, and for some reason they are not decrypted correctly.

I have now added my own username and password to a passwords.conf file in my app/local folder. I can now see that username and password if I run 

 

storage_passwords=self.service.storage_passwords
  for credential in storage_passwords:
            usercreds = {'username':credential.content.get('username'),'password':credential.content.get('clear_password')}

 

Initially the passwords I added were not encrypted, which is not very secure. I managed to generate an encrypted passwords by using an API call:

curl -k -u admin:<admin_password> https://<splunk_host>:8089/servicesNS/nobody/<app_name>/storage/passwords -d name=<username> -d password=<password>

View solution in original post

Reply
Solved! Jump to solution

BernardEAI
Communicator
‎11-16-2020 06:01 AM

Hi @Patrick_Peeters 

Thanks for the feedback. Correct, I used something very close to your code:

storage_passwords=self.service.storage_passwords
for storage_password in service.storage_passwords:
    if storage_password.username == username and storage_password.realm == 'your_app':
        clear_pw = storage_password.content.clear_password

Incidentally, how do you get the session key? I do not need the key since the search command already gives me an authenticated session connection via the self object. However I can't seem to get the value of sessionKey from the self object. If I could get the session key there would be another route to get the password.

0 Karma
Reply
Solved! Jump to solution

Patrick_Peeters
Splunk Employee
Splunk Employee
‎11-16-2020 02:04 PM

I got it by importing the Script class and using the following line:

from splunklib.modularinput import Script, Scheme, Argument, Event
session_key = self._input_definition.metadata["session_key"]
0 Karma
Reply
Solved! Jump to solution
Solution

BernardEAI
Communicator
‎11-16-2020 11:38 PM

@Patrick_Peeters  I have determined that those passwords are encrypted, and for some reason they are not decrypted correctly.

I have now added my own username and password to a passwords.conf file in my app/local folder. I can now see that username and password if I run 

 

storage_passwords=self.service.storage_passwords
  for credential in storage_passwords:
            usercreds = {'username':credential.content.get('username'),'password':credential.content.get('clear_password')}

 

Initially the passwords I added were not encrypted, which is not very secure. I managed to generate an encrypted passwords by using an API call:

curl -k -u admin:<admin_password> https://<splunk_host>:8089/servicesNS/nobody/<app_name>/storage/passwords -d name=<username> -d password=<password>
Reply
Solved! Jump to solution

Patrick_Peeters
Splunk Employee
Splunk Employee
‎11-16-2020 05:11 AM

I assume you tried something like this to get the output?

args = {'token': 'your_session_key'}
service = client.connect(**args)

for storage_password in service.storage_passwords:
    if storage_password.username == username and storage_password.realm == 'your_app':
        clear_pw = storage_password.content.clear_password

 That works in my case. I've seen something like your output when analysing passwords/secrets that I used when coding using the Splunk Add-on Builder but it's been a long time so not sure if it's related.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...