PAPP-32932 Msscom: Feature - support for different authentication methods

LICENSE

@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -31,7 +31,10 @@ to true on SCOM server.
 By default WinRM HTTP uses port 80. On Windows 7 and higher the default port is 5985.  
 By default WinRM HTTPS uses port 443. On Windows 7 and higher the default port is 5986.
 
-This app uses NTLM authorization. The use of the HTTP_PROXY and HTTPS_PROXY environment variables is
+This app uses NTLM authorization by default when FIPS is disabled and basic HTTP when FIPS is enabled. 
+In asset configuration other authentication methods are available. 
+
+The use of the HTTP_PROXY and HTTPS_PROXY environment variables is
 currently unsupported.
 
 
@@ -44,6 +47,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 **verify_server_cert** |  optional  | boolean | Verify server certificate
 **username** |  required  | string | Username
 **password** |  required  | password | Password
+**auth_method** |  optional  | string | Authentication Method
 
 ### Supported Actions  
 [test connectivity](#action-test-connectivity) - Validate the asset configuration for connectivity using supplied configuration  

manual_readme_content.md

@@ -19,5 +19,8 @@ to true on SCOM server.
 By default WinRM HTTP uses port 80. On Windows 7 and higher the default port is 5985.  
 By default WinRM HTTPS uses port 443. On Windows 7 and higher the default port is 5986.
 
-This app uses NTLM authorization. The use of the HTTP_PROXY and HTTPS_PROXY environment variables is
+This app uses NTLM authorization by default when FIPS is disabled and basic HTTP when FIPS is enabled. 
+In asset configuration other authentication methods are available. 
+
+The use of the HTTP_PROXY and HTTPS_PROXY environment variables is
 currently unsupported.

microsoftscom.json

@@ -45,6 +45,20 @@
             "data_type": "password",
             "required": true,
             "order": 3
+        },
+        "auth_method": {
+            "description": "Authentication Method",
+            "data_type": "string",
+            "default": "default",
+            "order": 4,
+            "required": false,
+            "value_list": [
+                "default",
+                "ssl",
+                "credssp",
+                "ntlm",
+                "basic"
+            ]
         }
     },
     "actions": [
@@ -1074,23 +1088,27 @@
         "wheel": [
             {
                 "module": "certifi",
-                "input_file": "wheels/py3/certifi-2023.7.22-py3-none-any.whl"
+                "input_file": "wheels/py3/certifi-2023.11.17-py3-none-any.whl"
             },
             {
                 "module": "cffi",
                 "input_file": "wheels/py39/cffi-1.16.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
             },
             {
                 "module": "charset_normalizer",
-                "input_file": "wheels/py39/charset_normalizer-3.3.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+                "input_file": "wheels/py39/charset_normalizer-3.3.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
             },
             {
                 "module": "cryptography",
-                "input_file": "wheels/py3/cryptography-41.0.5-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+                "input_file": "wheels/py3/cryptography-41.0.7-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
             },
             {
                 "module": "idna",
-                "input_file": "wheels/py3/idna-3.4-py3-none-any.whl"
+                "input_file": "wheels/py3/idna-3.6-py3-none-any.whl"
+            },
+            {
+                "module": "ntlm_auth",
+                "input_file": "wheels/shared/ntlm_auth-1.5.0-py2.py3-none-any.whl"
             },
             {
                 "module": "pycparser",
@@ -1108,22 +1126,94 @@
                 "module": "requests",
                 "input_file": "wheels/py3/requests-2.31.0-py3-none-any.whl"
             },
+            {
+                "module": "requests_credssp",
+                "input_file": "wheels/shared/requests_credssp-2.0.0-py2.py3-none-any.whl"
+            },
+            {
+                "module": "requests_ntlm",
+                "input_file": "wheels/shared/requests_ntlm-1.1.0-py2.py3-none-any.whl"
+            },
+            {
+                "module": "six",
+                "input_file": "wheels/shared/six-1.16.0-py2.py3-none-any.whl"
+            },
+            {
+                "module": "urllib3",
+                "input_file": "wheels/py3/urllib3-2.1.0-py3-none-any.whl"
+            },
+            {
+                "module": "xmltodict",
+                "input_file": "wheels/shared/xmltodict-0.13.0-py2.py3-none-any.whl"
+            }
+        ]
+    },
+    "pip_dependencies": {
+        "wheel": [
+            {
+                "module": "certifi",
+                "input_file": "wheels/py3/certifi-2023.11.17-py3-none-any.whl"
+            },
+            {
+                "module": "cffi",
+                "input_file": "wheels/py36/cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+            },
+            {
+                "module": "charset_normalizer",
+                "input_file": "wheels/py3/charset_normalizer-2.0.12-py3-none-any.whl"
+            },
+            {
+                "module": "cryptography",
+                "input_file": "wheels/py36/cryptography-40.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
+            },
+            {
+                "module": "dataclasses",
+                "input_file": "wheels/py3/dataclasses-0.8-py3-none-any.whl"
+            },
+            {
+                "module": "idna",
+                "input_file": "wheels/py3/idna-3.6-py3-none-any.whl"
+            },
+            {
+                "module": "ntlm_auth",
+                "input_file": "wheels/shared/ntlm_auth-1.5.0-py2.py3-none-any.whl"
+            },
+            {
+                "module": "pycparser",
+                "input_file": "wheels/shared/pycparser-2.21-py2.py3-none-any.whl"
+            },
+            {
+                "module": "pyspnego",
+                "input_file": "wheels/shared/pyspnego-0.5.4-py2.py3-none-any.whl"
+            },
+            {
+                "module": "pywinrm",
+                "input_file": "wheels/shared/pywinrm-0.4.3-py2.py3-none-any.whl"
+            },
+            {
+                "module": "requests",
+                "input_file": "wheels/shared/requests-2.27.1-py2.py3-none-any.whl"
+            },
+            {
+                "module": "requests_credssp",
+                "input_file": "wheels/shared/requests_credssp-2.0.0-py2.py3-none-any.whl"
+            },
             {
                 "module": "requests_ntlm",
-                "input_file": "wheels/py3/requests_ntlm-1.2.0-py3-none-any.whl"
+                "input_file": "wheels/shared/requests_ntlm-1.1.0-py2.py3-none-any.whl"
             },
             {
                 "module": "six",
                 "input_file": "wheels/shared/six-1.16.0-py2.py3-none-any.whl"
             },
             {
                 "module": "urllib3",
-                "input_file": "wheels/py3/urllib3-2.0.7-py3-none-any.whl"
+                "input_file": "wheels/shared/urllib3-1.26.18-py2.py3-none-any.whl"
             },
             {
                 "module": "xmltodict",
                 "input_file": "wheels/shared/xmltodict-0.13.0-py2.py3-none-any.whl"
             }
         ]
     }
-}
+}

microsoftscom_connector.py

@@ -42,6 +42,7 @@ def __init__(self):
         # Configuration variables
         self._server_url = None
         self._username = None
+        self._auth_type = MSSCOM_DEFAULT_AUTH_METHOD
         self._password = None
         self._verify_server_cert = False
 
@@ -82,28 +83,33 @@ def _get_fips_enabled(self):
             self.debug_print("FIPS is not enabled")
         return fips_enabled
 
-    def _execute_ps_command(self, action_result, ps_command):
-        """ This function is used to execute power shell command.
-
-        :param action_result: object of ActionResult
-        :param ps_command: power shell command
-        :return: output of executed power shell command
-        """
-
-        resp_output = None
+    def _get_protocol(self):
         server_cert_validation = 'ignore'
         transport = 'ntlm'
 
-        if self._get_fips_enabled():
+        if self._auth_type != MSSCOM_DEFAULT_AUTH_METHOD:
+            transport = self._auth_type
+        elif self._get_fips_enabled():
             transport = 'basic'
 
         if self._verify_server_cert:
             server_cert_validation = 'validate'
 
-        protocol = Protocol(endpoint=MSSCOM_SERVER_URL.format(url=self._server_url), transport=transport,
+        return Protocol(endpoint=MSSCOM_SERVER_URL.format(url=self._server_url), transport=transport,
                             username=self._username, password=self._password,
                             server_cert_validation=server_cert_validation)
 
+    def _execute_ps_command(self, action_result, ps_command):
+        """ This function is used to execute power shell command.
+
+        :param action_result: object of ActionResult
+        :param ps_command: power shell command
+        :return: output of executed power shell command
+        """
+
+        protocol = self._get_protocol()
+        resp_output = None
+
         try:
             shell_id = protocol.open_shell()
         except InvalidCredentialsError as credentials_error:
@@ -374,6 +380,7 @@ def initialize(self):
         self._server_url = config[MSSCOM_CONFIG_SERVER_URL].strip("/")
         self._username = config[MSSCOM_CONFIG_USERNAME]
         self._password = config[MSSCOM_CONFIG_PASSWORD]
+        self._auth_type = config[MSSCOM_CONFIG_AUTH_METHOD]
 
         # Optional config parameter
         self._verify_server_cert = config.get(MSSCOM_CONFIG_VERIFY_SSL, False)

microsoftscom_consts.py

@@ -18,7 +18,11 @@
 MSSCOM_CONFIG_SERVER_URL = "server_url"
 MSSCOM_CONFIG_USERNAME = "username"
 MSSCOM_CONFIG_PASSWORD = "password"  # pragma: allowlist secret
+MSSCOM_CONFIG_AUTH_METHOD = "auth_method"
 MSSCOM_CONFIG_VERIFY_SSL = "verify_server_cert"
+
+MSSCOM_DEFAULT_AUTH_METHOD = "default"
+
 MSSCOM_SERVER_URL = "{url}/wsman"
 MSSCOM_CONNECTING_ENDPOINT_MSG = "Connecting to endpoint"
 MSSCOM_ERROR_SERVER_CONNECTION = "Connection failed"

release_notes/unreleased.md

@@ -1 +1,5 @@
 **Unreleased**
+
+* [SOARHELP-2713] Authentication method selection is available in asset configuration. 
+    * User can choose between: default, ssl, basic, credssp, ntlm.  
+    * Default method means that while FIPS is enabled NTLM will be used, otherwise Basic HTTP will be applied

requirements.txt

@@ -1 +1,3 @@
 pywinrm==0.4.3
+requests_credssp==2.0.0
+requests_ntlm==1.1.0