Tim van Kooten Niekerk – Page 4 – Tim's Devops Patterns

PowerShell Retrieve OAUTH Access Token

Tim van Kooten Niekerk / PowerShell Scripting / 2017-02-28

PowerShell function example to retrieve an OAUTH2 access token from ADFS using form-based authentication or by using a previously retrieved OAUTH Refresh Token.

function fnGetOauthXSToken()
{
  param (
    [string]$ADFSOAUTHAuthorizeUri, 
	[string]$ADFSOAUTHGetTokenUri, 
	[string]$Client_ID, 
	[string]$Resource, 
	[string]$Redirect_URI,
	[string]$RefreshToken, 
	[string]$UserName, 
	[string]$Password,
	[string]$Secret
	)

  if ( $RefreshToken -ne "" ) { 
    
    # Get OAUTH Access Token by using OAUTH refresh_token...

    ## Retrieve OAUTH Token...
    $vPostValues = "grant_type=refresh_token&client_id=" + $Client_ID + "&redirect_uri=" + $Redirect_URI + "&refresh_token=" + $RefreshToken
    $oResult0 = Invoke-RestMethod -Method Post -Uri $ADFSOAUTHGetTokenUri -UserAgent "Windows-AzureAD-Authentication-Provider" -Body $vPostValues -ContentType application/x-www-form-urlencoded

  } else {
    
    # Get OAUTH Access Token by using authorization_code (username and password)... 
  
    ## Build authentication Uri and create websession...
    $sUri = $ADFSOAUTHAuthorizeUri + "?response_type=code&client_id=" + $Client_ID + "&resource=" + $Resource + "&redirect_uri=" + $Redirect_URI
    $oWebSession = New-Object Microsoft.PowerShell.Commands.WebRequestSession

    ## Authenticate by using username and password (formbased)...
    $aPostValues = @{UserName=$UserName; Password=$Password; AuthMethod='FormsAuthentication' }
    $oResult0 = Invoke-WebRequest -Method Post -Uri $sUri -UserAgent "Windows-AzureAD-Authentication-Provider" -Body $aPostValues -Websession $oWebSession -MaximumRedirection 0 -ErrorAction SilentlyContinue

    ## Retrieve authorization code...
    $oResult0 = Invoke-WebRequest -Uri $sUri -UserAgent "Windows-AzureAD-Authentication-Provider" -Websession $oWebSession -MaximumRedirection 0 -ErrorAction SilentlyContinue
    $sCode = $oResult0.Headers.Location.Substring($oResult0.Headers.Location.IndexOf("?code=") + 6, ($oResult0.Headers.Location.Length - ($oResult0.Headers.Location.IndexOf("?code=") + 6) ) )
  
    ## Cleanup websession...
    $oResult0 = $null
    $oWebSession = $null
    $aPostValues = $null
  
    ## Retrieve OAUTH Token...
    if ($Secret -eq "") {
      $vPostValues = "grant_type=authorization_code&client_id=" + $Client_ID + "&redirect_uri=" + $Redirect_URI + "&code=" + $sCode
    } else {
      $vPostValues = "grant_type=authorization_code&client_id=" + $Client_ID + "&redirect_uri=" + $Redirect_URI + "&code=" + $sCode + "&client_secret=" + $Secret
    }
    $oResult0 = Invoke-RestMethod -Method Post -Uri $ADFSOAUTHGetTokenUri -UserAgent "Windows-AzureAD-Authentication-Provider" -Body $vPostValues -ContentType application/x-www-form-urlencoded
  
  }
  
  # Return Result and Cleanup...
  return $oResult0
  $vPostValues = $null
  $oResult0 = $null
}

GNU/Linux JBoss Fuse Shell ActiveMQ Commands

Tim van Kooten Niekerk / GNU/Linux / 2017-01-04

Display basic queue information…

activemq:query -QQueue=* --view Name,EnqueueCount,DequeueCount,QueueSize

Display queue messages…

activemq:browse --amqurl tcp://localhost:61616  --user [username] --password [password] queue:[queuename]

Purge a specific message from the command line…

activemq:purge --msgsel "JMSMessageID='ID:XXXXXXXX-000000-0000000000000-0:0:00:0:0'" [queuename]

Purge all messages from a specific queue…

activemq:purge [queuename]

ActiveMQ AMQ commandline ESB Fuse JBoss

MSSQL Test Connection String With PowerShell

Tim van Kooten Niekerk / MSSQL Server / 2016-10-27

Quickly test a connection string with PowerShell.

$sConString = "Data Source=localhost;Integrated Security=true;Initial Catalog=master; MultipleActiveResultSets=True;" 
$oSQLCon = new-object ("Data.SqlClient.SqlConnection") $sConString 
$oSQLCon.Open() 
$oSQLCon.Close()

Connectionstring PowerShell SQL Test

GNU/Linux OpenSSH QuickRef

Tim van Kooten Niekerk / GNU/Linux / 2016-08-03

LocalForward/Dynamic tunnels & SFTP jumphost connection examples (commandline):

>ssh -L 1522:remote.hostname:1522 user@tunnel.hostname
>ssh -D 8080 user@tunnel.hostname
>sftp -o ProxyJump=user@jump.hostname:22 [-b ./batch.scr] user@dest.host.internal

LocalForward/Dynamic tunnels & SFTP jumphost connection examples (commandline and config):

>ssh dsthst

~/.ssh/config:
Host prxjmp
  Hostname jump.hostname
  Port 22
  User user
  LocalForward 7080 10.0.0.9:7080
  DynamicForward 8080
Host dsthst
  HostName dest.host.internal
  Port 22
  User user
  ProxyJump prxjmp
  IdentityFile ~/.ssh/other_key_location

Generate a SSH Key Pair:

>ssh-keygen -m PEM -t ecdsa -b 521
>ssh-keygen -m PEM -t ecdsa -b 521 -C "tim" -f /home/tim/tmp/id_ecdsa

Other algorithms:

>ssh-keygen -t ed25519
>ssh-keygen -t dsa 
>ssh-keygen -t rsa -b 4096

Convert SSH2 Public Key to OpenSSH Public Key

>ssh-keygen -i -f id_ssh2.pub [-m PKCS8]

Convert OpenSSH Public Key to SSH2 Public Key

>ssh-keygen -e -f id_openssh.pub

Get Key Fingerprint MD5

ssh-keyscan -p [port] [hostname] > [hostkeyfpfile]
ssh-keygen -l -f [hostkeyfpfile] -E md5

Start session with alternate key

sftp -o IdentityFile=/home/tim/.ssh/id_rsa_2 tim@server1

Implement group restrictions in /etc/ssh/sshd_config

# Group restrictions 
AllowGroups sshaccess

Match Group sshpubkeyonly
      PasswordAuthentication no

Match group sftpusers
    X11Forwarding no
    ChrootDirectory %h
    AllowTcpForwarding no
    ForceCommand internal-sftp

DynamicForward Jumphost Key LocalForward SSH

GNU/Linux FreeBSD/FreeNAS Basics

Tim van Kooten Niekerk / GNU/Linux / 2016-08-03

Update repository and install packages:

>pkg upgrade
>pkg install nano

Enable SSHD:

>sysrc sshd_enable=yes

Force a OwnCloud (plugin) full scan on a FreeNAS machine:

su -m www -c '/usr/pbi/owncloud-amd64/bin/php /usr/pbi/owncloud-amd64/www/owncloud/occ files:scan --all'

FreeBSD Install NAS OwnCloud Probably_Outdated QuickRef SSH

GNU/Linux GPG Basic Commands

Tim van Kooten Niekerk / GNU/Linux / 2016-04-27

Some of my most used gpg commands…

# Generate a PGP key...
gpg --gen-key

# Sign a key...
gpg --default-key [KEYID-TO-SIGN-WITH] --sign-key [KEYID-TO-BE-SIGNED] 

# Revoke a key...
gpg --edit-key [KEYID]
>revkey

# List (secret) keys...
gpg --list(-secret)-keys

# Export a public key in ascii armor format...
gpg --armor --export [KEYID] > KeyName_Email_KEYID.pub.asc

# Export a private key in ascii armor format...
gpg --armor --export-secret-keys [KEYID] > KeyName_Email_KEYID.sec.asc

GPG PGP

MSSQL Check Effective Permissions

Tim van Kooten Niekerk / MSSQL Server / 2016-02-26

Check effective permissions on al securable using sys.fn_my_permissions(‘securable’, ‘class’). Class can be OBJECT, ROLE, SCHEMA, USER, etc.

EXECUTE AS LOGIN = 'DOMAIN\User'
SELECT * FROM sys.fn_my_permissions('dbo.TableName', 'Object')
REVERT

Create server or database role (QuickRef).

CREATE (SERVER) ROLE rolename

ALTER (SERVER) ROLE rolename ADD MEMBER [DOMAIN\User]

Grant or revoke permissions (QuickRef).

>GRANT SELECT, INSERT ON [dbo].[ViewName] TO DOMAIN\User
>GRANT EXECUTE ON [dbo].[Procedure] TO [RoleName]

Effective MSSQL Permission

MSSQL Query SQL Trace File

Tim van Kooten Niekerk / MSSQL Server / 2016-02-25

Query data from a SQL trace file directly.

SELECT TextData, StartTime, Duration
FROM fn_trace_gettable('X:\Path\To\TraceFile.trc', default)
WHERE EventClass = 41;

For a complete list of eventclasses you can use the query below.

SELECT * FROM sys.trace_events

File MSSQL Stats Trace

MSSQL Create Update Trigger (QuickRef)

Tim van Kooten Niekerk / MSSQL Server / 2016-02-25

A basic update trigger. This specific trigger can be used for audit purposes.

CREATE TRIGGER dbo.TriggerDesc_UPDATE
ON dbo.TableName FOR UPDATE
AS
BEGIN
  IF UPDATE(ColumnName)
  BEGIN
    INSERT INTO dbo.AuditLogTable (IDColumn, OldValue, NewValue)
    SELECT i.IDColumn, d.Value, i.Value
    FROM inserted I
    JOIN deleted d ON i.IDColumn = d.IDColumn
  END
END

Audit Delete MSSQL Trigger Update

MSSQL Query Session Information

Tim van Kooten Niekerk / MSSQL Server / 2016-02-25

Get info on non-sleeping sessions or open open transactions.

SELECT DB_NAME(database_id) AS dbname, *
FROM sys.dm_exec_sessions WHERE 1=1
AND is_user_process > 0
AND ( open_transaction_count > 0 OR status <> 'sleeping' )
ORDER BY database_id

MSSQL Query Session

Author name: Tim van Kooten Niekerk