# ------------------------------------------------------------------------------ # Example script : Using PowerShell to modify Cerberus groups # ------------------------------------------------------------------------------ Param( # The URL to Cerberus.wsdl (Cerberus SOAP API Web Service Definition) [Parameter (Mandatory = $false, HelpMessage = "Enter the location of the Cerberus.wsdl file. May be a URL or a filesystem path." )] [String] $WSDLUrl = "https://localhost:8443/wsdl/Cerberus.wsdl" , # The Cerberus Primary Administrator Account credentials [Parameter (Mandatory = $false)] [PSCredential] $CerberusCredentials , # The SOAP Service endpoint. This value overrides the default service endpoint found in Cerberus.wsdl [Parameter (Mandatory = $false)] [String] $CerberusServiceUrl , # Enable if SOAP service uses HTTPS [Parameter (Mandatory=$false)] [switch] $EnableTls12 , # Enable if Cerberus FTP Server is using a self-signed certificate [Parameter (Mandatory=$false)] [switch] $DisableCertValidation ) # ------------------------------------------------------------------------------ # Setup SOAP Connection # ------------------------------------------------------------------------------ # Collect credentials if not provided in parameters if (-not $PSBoundParameters.containsKey('CerberusCredentials')) { $CerberusCredentials = Get-Credential -Message "Provide master admin credentials for Cerberus FTP Server" } # Hashtable containing credentials for later request object population $requestWithCreds = @{ credentials = @{ user = $CerberusCredentials.UserName password = $CerberusCredentials.GetNetworkCredential().Password } } if ($EnableTls12) { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } if ($DisableCertValidation) { if (-not("dummy" -as [type])) { add-type -TypeDefinition @" using System; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; public static class Dummy { public static bool ReturnTrue(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } public static RemoteCertificateValidationCallback GetDelegate() { return new RemoteCertificateValidationCallback(Dummy.ReturnTrue); } } "@ } [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate() } # Create Web Service Proxy object and CerberusFtp data-types $CerberusSvc = New-WebServiceProxy -Uri $WSDLUrl -Class CerberusFtp -Namespace CerberusFtp # Override default SOAP endpoint if provided in parameters if ($PSBoundParameters.ContainsKey($CerberusServiceUrl)){ $CerberusSvc.Url = $CerberusServiceUrl } # ------------------------------------------------------------------------------ # Create New Group # ------------------------------------------------------------------------------ # The name of the test group $newTestGroupName = "PsSOAPTestGroup" # Create new Group object [CerberusFtp.Group] $newGroup = New-Object -TypeName CerberusFtp.Group $newGroup.name = $newTestGroupName $newGroup.desc = "New Test Cerberus Native Group from PowerShell" $newGroup.isSimpleDirectoryMode = $true $newGroup.isSimpleDirectoryModeSpecified = $true $newGroup.protocols = New-Object -TypeName CerberusFtp.ProtocolsAllowed $newGroup.protocols.https = $true # Create addGroupRequest object [CerberusFtp.AddGroupRequest] $addGroupRequest = New-Object -TypeName CerberusFtp.AddGroupRequest $addGroupRequest = $requestWithCreds $addGroupRequest.Group = $newGroup # Issue the AddGroup request [CerberusFtp.AddGroupResponse] $addGroupResponse = $CerberusSvc.AddGroup($addGroupRequest) # Check response for success or failure if (-not $addGroupResponse.result){ Write-Error "Failed to create group: $($addGroupResponse.message)" } else { Write-Host "Successfully created group $newTestGroupName" } # ------------------------------------------------------------------------------ # Add Virtual Directory to Group # ------------------------------------------------------------------------------ # Create a new AddDirectoryToGroupRequest object [CerberusFtp.AddDirectoryToGroupRequest] $addDirectoryRequest = $requestWithCreds $addDirectoryRequest.groupName = $newTestGroupName $addDirectoryRequest.directory = New-Object -TypeName CerberusFtp.VirtualDirectory # Populate virtual directory object with name, path, and permissions $addDirectoryRequest.directory.name = "groupRoot" $addDirectoryRequest.directory.path = "c:\groupRoot" $addDirectoryRequest.directory.permissions = New-Object -TypeName CerberusFtp.DirectoryPermissions # Grant download, upload, list files, list directories, rename, create, and delete $addDirectoryRequest.directory.permissions.allowDownload = $true $addDirectoryRequest.directory.permissions.allowUpload = $true $addDirectoryRequest.directory.permissions.allowListDir = $true $addDirectoryRequest.directory.permissions.allowListFile = $true $addDirectoryRequest.directory.permissions.allowRename = $true $addDirectoryRequest.directory.permissions.allowDirectoryCreation= $true $addDirectoryRequest.directory.permissions.allowDelete= $true # Issue the AddDirectoryToGroup request [CerberusFtp.AddDirectoryToGroupResponse] $addDirectoryResponse = $CerberusSvc.AddDirectoryToGroup($addDirectoryRequest) # Check response for success or failure if (-not $addDirectoryResponse.result){ Write-Error "Failed to add virtual directory to group: $($addDirectoryResponse.message)" } else { Write-Host "Successfully added $($addDirectoryRequest.directory.name) to $newTestGroupName" } # ------------------------------------------------------------------------------ # Modify Group Description # ------------------------------------------------------------------------------ [CerberusFtp.GetGroupInformationRequest] $getGroupRequest = $requestWithCreds $getGroupRequest.name = $newTestGroupName [CerberusFtp.GetGroupInformationResponse] $getGroupResponse = $CerberusSvc.GetGroupInformation($getGroupRequest) if (-not $getGroupResponse.result) { Write-Error "Failed to retrieve group: $($getGroupResponse.message)" } else { Write-Host "Retrieved $newTestGroupName" $existingGroup = $getGroupResponse.group $existingGroup.desc = "This group was created for demonstration purposes in PowerShell" [CerberusFtp.AddGroupRequest] $modifyGroupRequest = $requestWithCreds $modifyGroupRequest.Group = $existingGroup [CerberusFtp.AddGroupResponse] $modifyGroupResponse = $CerberusSvc.AddGroup($modifyGroupRequest) if(-not $modifyGroupResponse.result){ Write-Error "Failed to modify group: $($modifyGroupResponse.message)" } else { Write-Host "Successfuly modified $($existingGroup.name)" } } # ------------------------------------------------------------------------------ # List Current Groups # ------------------------------------------------------------------------------ [CerberusFtp.GetGroupListResponse] $getGroupListResponse = $CerberusSvc.GetGroupList($requestWithCreds) if (-not $getGroupListResponse.result){ Write-Error "Failed to retrieve group list: $($getGroupListResponse.message)" } else { Write-Host "Successfully retrieved list of groups" Write-Output $getGroupListResponse.GroupList if ($getGroupListResponse.GroupList -contains $newTestGroupName){ Write-Host "$newTestGroupName exists in the list of groups" } else { Write-Host "$newTestGroupName was not found in the list of groups" } } # ------------------------------------------------------------------------------ # Create New User # ------------------------------------------------------------------------------ $newTestUserName = "PsSOAPTestUser" [CerberusFtp.User] $newUser = @{ name = $newTestUserName password = @{value = "TestPasswordChangeImmediately1234!@#$"} desc = "This user is for testing group membership modifications" isDisabled = @{value = $true; valueSpecified = $true} } [CerberusFtp.AddUserRequest] $addUserRequest = $requestWithCreds $addUserRequest.User = $newUser [CerberusFtp.AddUserResponse] $addUserResponse = $CerberusSvc.AddUser($addUserRequest) if (-not $addUserResponse.result){ Write-Error "Failed to create user: $($addUserResponse.message)" } else { Write-Host "Successfully created user $newTestUserName" } # ------------------------------------------------------------------------------ # Add User to Group # ------------------------------------------------------------------------------ [CerberusFtp.GetUserInformationRequest] $userInfoRequest = $requestWithCreds $userInfoRequest.userName = $newTestUserName [CerberusFtp.GetUserInformationResponse] $existingUserResponse = $CerberusSvc.GetUserInformation($userInfoRequest) if (-not $existingUserResponse.result){ Write-Error "Failed to find user $newTestUserName : $($existingUserResponse.message)" } else { Write-Host "Successfully found $newTestUserName" $existingUser = $existingUserResponse.UserInformation $existingUser.groupList = @(@{name=$newTestGroupName}) # Set all inheritable properties to inherit the value from "group" foreach ($propName in @( "authMethod" "disableAfterTime" "ipAllowedList" "isAllowPasswordChange" "isAnonymous" "isDisabled" "isSimpleDirectoryMode" "maxLoginsAllowed" "maxUploadFilesize" "protocols" "requireSecureControl" "requireSecureData") ) { $existingUser.$propName.priority = "group"; $existingUser.$propName.prioritySpecified = $true; } [CerberusFtp.AddUserRequest] $modifyUserRequest = $requestWithCreds $modifyUserRequest.User = $existingUser [CerberusFtp.AddUserResponse] $modifyUserResponse = $CerberusSvc.AddUser($modifyUserRequest) if (-not $modifyUserResponse.result){ Write-Error "Failed to update exiting user: $($modifyUserResposne.message)" } else { Write-Host "Successfully made $newTestUserName a member of $newTestGroupName" } } # ------------------------------------------------------------------------------ # Override Allowed Protocols for Group Member # ------------------------------------------------------------------------------ [CerberusFtp.GetUserInformationRequest] $getUserRequest = $requestWithCreds $getUserRequest.userName = $newTestUserName [CerberusFtp.GetUserInformationResponse] $getUserResponse = $CerberusSvc.GetUserInformation($getUserRequest) if (-not $getUserResponse.result){ Write-Error "Unable to retrieve user: $($getUserResponse.message)" } else { Write-Host "Successfully retrieved $($getUserResponse.UserInformation.name)" $existingUser = $getUserResponse.UserInformation $existingUser.protocols.ftps = $true $existingUser.protocols.https = $true $existingUser.protocols.priority = "user" $existingUser.protocols.prioritySpecified = $true [CerberusFtp.AddUserRequest] $modifyUserRequest = $requestWithCreds $modifyUserRequest.User = $existingUser [CerberusFtp.AddUserResponse] $modifyUserResponse = $CerberusSvc.AddUser($modifyUserRequest ) if (-not $modifyUserResponse.result){ Write-Error "Unable to update user: $($modifyUserResponse.message)" } else { Write-Host "Group-allowed protocols now overridden by user-allowed protocols" } } # ------------------------------------------------------------------------------ # Remove User from Group # ------------------------------------------------------------------------------ [CerberusFtp.GetUserInformationRequest] $getUserRequest = $requestWithCreds $getUserRequest.userName = $newTestUserName [CerberusFtp.GetUserInformationResponse] $getUserResponse = $CerberusSvc.GetUserInformation($getUserRequest) if (-not $getUserResponse.result){ Write-Error "Failed to retrieve user: $(getUserResponse.message)" } else { Write-Host "Successfuly retrieved $($getUserResponse.UserInformation.name)" $existingUser = $getUserResponse.UserInformation if ($existingUser.groupList.Count -lt 1){ Write-Error "Cannot remove user from group; user is not a member of any group" } else { $previousMembership = $existingUser.groupList $existingUser.groupList = @() # Set all inheritable properties to inherit the value from "user" foreach ($propName in @( "authMethod" "disableAfterTime" "ipAllowedList" "isAllowPasswordChange" "isAnonymous" "isDisabled" "isSimpleDirectoryMode" "maxLoginsAllowed" "maxUploadFilesize" "protocols" "requireSecureControl" "requireSecureData") ) { $existingUser.$propName.priority = "user" $existingUser.$propName.prioritySpecified = $true } [CerberusFtp.AddUserRequest] $modifyUserRequest = $requestWithCreds $modifyUserRequest.User = $existingUser [CerberusFtp.AddUserResponse] $modifyUserResponse = $CerberusSvc.AddUser($modifyUserRequest) if (-not $modifyUserResponse.result){ Write-Error "Failed to update exiting user: $($modifyUserResponse.message)" } else { Write-Host "Successfully removed $newTestUserName from $($previousMembership.name -join ', ')" } } } # ------------------------------------------------------------------------------ # Delete User # ------------------------------------------------------------------------------ [CerberusFtp.DeleteUserRequest] $deleteUserRequest = $requestWithCreds $deleteUserRequest.name = $newTestUserName [CerberusFtp.DeleteUserResponse] $deleteUserResponse = $CerberusSvc.DeleteUser($deleteUserRequest) if (-not $deleteUserResponse.result){ Write-Error "Failed to delete user: $($deleteUserResponse.message)" } else { Write-Host "Successfully deleted $newTestUserName" } # ------------------------------------------------------------------------------ # Delete Group # ------------------------------------------------------------------------------ [CerberusFtp.DeleteGroupRequest] $deleteGroupRequest = $requestWithCreds $deleteGroupRequest.name = $NewTestGroupName [CerberusFtp.DeleteGroupResponse] $deleteGroupResponse = $CerberusSvc.DeleteGroup($deleteGroupRequest) if (-not $deleteGroupResponse.result){ Write-Error "Failed to delete group: $($deleteUserResponse.message)" } else { Write-Host "Successfully deleted $NewTestGroupName" }