Dwarfsoft [GPA]

GroupWise Audit and Batch/Cmd Escaping

by on Jul.27, 2009, under Novell, Scripting, Tweet, Uncategorized, Work

Print This Post Print This Post

I was required recently to audit passwords on all the Novell GroupWise accounts in the cluster. This was not too much of a problem using existing solutions, except that all the existing solutions limited searches to either Users, or to objects with the “NGW: Object ID” attribute.

The Solutions I found include Check GroupWise Users for Password – Batch and Check GroupWise Users for Password – Exe, both of which made use of GWSend. Being an avid scripting aficionado myself I opted for the first, so I could make changes.

First step was to export all User Objects with NGW: Object ID into an Excel sheet using DSReport. Then export all GroupWise External Entities with NGW: Object ID to a different Excel Sheet. Finally I needed to export all GroupWise Resources, which do not have an NGW: Object ID, but their CN is effectively the NGW: Object ID for which we can log in and try to send emails. Upon completing this I compiled a single list of Allusers.csv which had the NGW: ObjectID/CN in the first column, and the DN for the Object Name and Location within the tree. This makes it far easier to track down the location of generic accounts (Something that none of the scripts account for).

So, my first run through the script ended in Fail. Apparently the above solutions are expecting Email Addresses without Spaces. So after fixing that up I run it again, and again hit a Fail. Apparently the above solutions fail to account for special characters (/ in this instance). So, I fix this up as well… My script runs, I get a report, then I realise that I have more results than original users. Apparently the above script also assumes that there is only 1 line in the result.txt file. So I modified the script to only print out a result once all lines of the result.txt file had been parsed, using a SET to determine if the “Error:” had been encountered or not (Error indicating that a Password is on the account, no Error indicating that there is No password).

So, now I run through and notice that the audit fails to log the full line of text, even though it is capable of actually running the audit against that account. Fortunately none of the accounts without passwords were affected by this, but I decided to fix this for future runs. To break down the issues I needed to fix into a list here is the summary:

  1. We have spaces in our Email Account Names
  2. We have /’s in our Email Account Names
  3. We have &’s in our Email Account Names
  4. We are trying to create a HTML file with the above special characters (specifically &)
  5. & doesn’t tend to work too nicely in batch files when using an open Echo (tries to run everything after the & as a program
  6. I wanted to be able to track back to objects (DN’s) as opposed to just the GroupWise Account Name

Spaces were easy to fix… When running the command against an account simply put the “account in quotes”. The next step is to handle the Email and DN objects as Strings within Quotes as well, but we don’t want to output the quotes, which means we need to handle them properly. Examine the following issue:

SET String=A String With Special Chars&Slashes/ In \ it^ OK
ECHO %String%

This will return “‘Slashes’ is not recognized as an internal or external command, operable program or batch file.” Also, if we try and escape each of the characters we run into issues too.

SET String=A String With Special Chars&Slashes/ In \ it^ OK
SET String=%String:^=^^%
SET String=%String:\=^\%
SET String=%String:/=^/%
SET String=%String:&=^&%
ECHO %String%

The Output ends up as “A String With Special Chars”. So, in order to fix this we need to handle the string within Quotes, and only output it at the end:

SET String="A String With Special Chars&Slashes/ In \ it^ OK"
SET String=%String:^=^^%
SET String=%String:\=^\%
SET String=%String:/=^/%
SET String=%String:&=^&%
ECHO %String:~1,-1%

Finally, our output is “A String With Special Chars&Slashes/ In \ it^ OK”, without the quotes. So the first part works now for my output to the Logs (although my logs are CSV so I tend to leave the quotes on just in case there is a lurking comma, but this does provide a pretty Output to the Console). Now we need to convert these for HTML output.

SET String=%String:^&=^&%
SET String=%String:<=^&lt;%
SET String=%String:>=^&gt;%
ECHO %String:~1,-1%

Just provides that little added extra safety net for an echo directly into a HTML log. I am annoyed that I didn’t manage to figure this out earlier as I had some scripts I went directly to VBScript for to avoid the & errors I was getting. I had no idea that it was my subsequent SET x=%x:a=b%, SET x=%x:c=d% calls on an unquoted string.

The one caveat I have found to this is fixing quote marks within a string. I have yet to find a way to strip them effectively without breaking the string/batch file in the process. The closest I have come will work in most situations, but requires a placeholder you have to be sure will never exist within your string:

SET String=Thi\s" is ^a &t"es/t
SET String="%String:"=&quot;%"
Set String=%String:^=^^%
SET String=%String:&=^&%
SET String=%String:/=^/%
SET String=%String:\=^\%
SET String=%String:&quot;=^"%
ECHO %String:~1,-1%

One other note I’d like to add is that of Padding numbers. This is a fairly well known feature of WinBatch, but I found it useful for getting well aligned output for which record I was currently up to:

Set _Num=0
SET /A %_Num%=%_Num%+1
SET DispNum=     %_Num%
Echo %DispNum:~-4%

This pads the leading digits with spaces and specifies that I want a 4 character long string returned for the end of the string. (so ” 1″ in the first instance but in my case up to ” 900″ or “9091”).

Hope this adds a little food for thought.

Cheers, Chris.

:, , , , ,

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!