Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Submarine Sandpaper
May 27, 2007


Pile Of Garbage posted:

lmao you're right I'm dumb as poo poo! I've no idea why I thought that was allowed.

Short names?

Adbot
ADBOT LOVES YOU

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!
Looking at everything, I think I might stick w/ a switch because we have 10 offices.

I'll pull $office as a substring of $username. The switch will pull the office path using $office. Test the path and then create if false.

I'll have to poke at it tonight when I'm back home, but this doesn't sound crazy right?

Ultimately, the path will be something along the lines of \\$office\STATIC FOLDER\$username

Once I can get this handled, then it's just a matter of then populating a subfolder w/ a static name, and then the part that I'm really dreading: automated permissions changes!!!

Starting with the $username folder, so that the subfolder inherits the permissions, then turning off and converting permissions, then removing a standard SG we have in our ourg.

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!
OK, we're making folders how we want them to be named, and where we want them to be!

Hurrah.

Now to get into permissions.

At this time, I'm hoping to have the $username folder inherit permissions, add PCNAME\$username (when introduced into work, it'll be DOMAIN\$username), and provide Modify writes.

Afterwards, it will generate a subfolder called PERSONAL. Turn off inheritance while keeping permissions, and removing a specific SG that we have at work.

I've got it adding the $username to the folder permissions (i setup a dummy user on my PC), but it doesn't successfully add the Modify "Allow" mark. I've tried it as this:

$ACL = Get-Acl $path

$perm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\$username", "Modify", "Allow")

$ACL.SetAccessRule($perm)

$ACL | Set-ACL $path


Which is a copy&paste from pretty much everything you see on this. I've also tried it where it calls out inheritance/propagation w/ no difference. No fails when testing the script... just doesn't lock in the permissions.

Zorak of Michigan
Jun 10, 2006

Have you tried putting it into try/catch blocks you see what error it's getting?

sloshmonger
Mar 21, 2013

Boywhiz88 posted:

OK, we're making folders how we want them to be named, and where we want them to be!

Hurrah.

Now to get into permissions.

At this time, I'm hoping to have the $username folder inherit permissions, add PCNAME\$username (when introduced into work, it'll be DOMAIN\$username), and provide Modify writes.

Afterwards, it will generate a subfolder called PERSONAL. Turn off inheritance while keeping permissions, and removing a specific SG that we have at work.

I've got it adding the $username to the folder permissions (i setup a dummy user on my PC), but it doesn't successfully add the Modify "Allow" mark. I've tried it as this:

$ACL = Get-Acl $path

$perm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\$username", "Modify", "Allow")

$ACL.SetAccessRule($perm)

$ACL | Set-ACL $path


Which is a copy&paste from pretty much everything you see on this. I've also tried it where it calls out inheritance/propagation w/ no difference. No fails when testing the script... just doesn't lock in the permissions.

Looks like you've got the right constructor for the $perm variable, but you're using the SetAccessRule method for $ACL. That will remove all access rules and just have the one you specify in it (https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.directorysecurity?view=net-7.0). If you want to add an additional permission on top of the parent permissions, use the AddAccessRule method.


Try this:
$ACL = Get-Acl $path
$perm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\$username", "Modify", "Allow")
$ACL.AddAccessRule($perm)
$ACL | Set-ACL $path
$Subfolder = new-item -ItemType Directory -Name "PERSONAL" -path $Path #Creates a new subfolder and keeps it as a variable
$SubACL = $ACL.psobject.copy () #Creates a copy of the $acl variable while keeping the original
$SubACL.SetAccessRuleProtection($True, $True) #The first part says is this folder protected or not (opposite of inherited). The second is should the current acl be copied.
$BadPerm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\GroupName", "Modify", "Allow") #Change this to be whatever the group you don't want inherited, and make sure the Permission level matches. There's a way to get this through scripting but if it's all the same this is faster
$SubACL.RemoveAccessRule($BadPerm) #Removes the group permission above
$SubACL | Set-ACL $Subfolder.FullName #And set it on the subfolder

mllaneza
Apr 28, 2007

Veteran, Bermuda Triangle Expeditionary Force, 1993-1952




I'm getting twitchy seeing a Switch construct used instead of a dictionary. Set the dictionary up with values of $office as keys, and folder names as values. This is both cleaner code, but when they open a new office you only have to add a key/value pair instead of adding a line to the switch.

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!
Even with the AddAccessRule, it's still not doing it. That being said, I'll try the inheritance and propagation flags, just in case. Also tried ISE as admin to see if that made a difference but alas...

sloshmonger posted:

Looks like you've got the right constructor for the $perm variable, but you're using the SetAccessRule method for $ACL. That will remove all access rules and just have the one you specify in it (https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.directorysecurity?view=net-7.0). If you want to add an additional permission on top of the parent permissions, use the AddAccessRule method.


Try this:
$ACL = Get-Acl $path
$perm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\$username", "Modify", "Allow")
$ACL.AddAccessRule($perm)
$ACL | Set-ACL $path
$Subfolder = new-item -ItemType Directory -Name "PERSONAL" -path $Path #Creates a new subfolder and keeps it as a variable
$SubACL = $ACL.psobject.copy () #Creates a copy of the $acl variable while keeping the original
$SubACL.SetAccessRuleProtection($True, $True) #The first part says is this folder protected or not (opposite of inherited). The second is should the current acl be copied.
$BadPerm = New-Object System.Security.AccessControl.FileSystemAccessRule("PCNAME\GroupName", "Modify", "Allow") #Change this to be whatever the group you don't want inherited, and make sure the Permission level matches. There's a way to get this through scripting but if it's all the same this is faster
$SubACL.RemoveAccessRule($BadPerm) #Removes the group permission above
$SubACL | Set-ACL $Subfolder.FullName #And set it on the subfolder

Thank you for this! I'll probably end up replicating or copying this after i overcome whatever is going on w/ the original permissions.
Reading the AccessRuleProtection, you're saying that first $True value is saying no to inheritance (protected = true) but the 2nd $true is saying but bring these values along tho... we need them.

Is that a correct understanding of that function?


mllaneza posted:

I'm getting twitchy seeing a Switch construct used instead of a dictionary. Set the dictionary up with values of $office as keys, and folder names as values. This is both cleaner code, but when they open a new office you only have to add a key/value pair instead of adding a line to the switch.

Would that be looking at the hash tables example in this article? https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_hash_tables?view=powershell-7.3

Dictionaries seems a bit much for my needs from skimming through that article.

I really appreciate everyone's input here. It's a lot of fun for me to have an idea of how this might work, and be able to put one foot in front of the other and get that much further after stumbling.


EDIT: INHERITANCE FLAGS DID IT FOLKS. LET'S loving GOOOOOOOOOOOOOOOO

EDIT 2: Personal is turning off inheritance, preserving the rights, but won't remove the user that I have setup. Blergh! It even says "yeah I did it!" when running the script

Boywhiz88 fucked around with this message at 21:59 on Jun 5, 2023

disaster pastor
May 1, 2007


Stupid question that might be in the wrong place, please feel free to mock me and tell me where to take it if so.

I use Dokan to mount seven network locations as drives on my PC. Because I don't know how to do Powershell, this means that every time I start my computer, I swap over to Desktop 2, run Windows Terminal as admin, open seven tabs in the window, and then chdir to my scripts directory and run a separate batch file in each tab. I have to do it this way because if I close the window, the drives unmount, and I don't want a bunch of terminal windows open on my primary desktop all the time.

I'm certain there's a way to automate all of this to run on startup in the background in Powershell, but I don't know what it is. Is there an easy obvious way, or at least a good place to start looking?

Happiness Commando
Feb 1, 2002
$$ joy at gunpoint $$

Sure. Use task scheduler to run a powershell script that does those 7 commands. But why can't you just mount those network locations natively?

disaster pastor
May 1, 2007


Happiness Commando posted:

Sure. Use task scheduler to run a powershell script that does those 7 commands. But why can't you just mount those network locations natively?

Dokan makes them look like actual local drives. I have an application that fails if it sees them as "mounted network locations" instead of local drives.

I'll look into that script. Thanks!

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!
I'm still struggling w/ removing the one user w/ my script. If anyone has any insight, I'd appreciate it. I'm hoping to avoid the NTFSAccess as I'd like to keep it as pure Powershell as possible.

I've played around with method for removing, the syntax of what occurs when and no difference.

It'll turn off inheritance and keep the permissions, but it won't actually remove PCNAME\Username from the PERSONAL folder that gets created. It's quite annoying!

Thoughts?

EoRaptor
Sep 13, 2003



Boywhiz88 posted:

I'm still struggling w/ removing the one user w/ my script. If anyone has any insight, I'd appreciate it. I'm hoping to avoid the NTFSAccess as I'd like to keep it as pure Powershell as possible.

I've played around with method for removing, the syntax of what occurs when and no difference.

It'll turn off inheritance and keep the permissions, but it won't actually remove PCNAME\Username from the PERSONAL folder that gets created. It's quite annoying!

Thoughts?

Is the user the owner? You can't remove access rights from the owner.

Mario
Oct 29, 2006
It's-a-me!

disaster pastor posted:

Dokan makes them look like actual local drives. I have an application that fails if it sees them as "mounted network locations" instead of local drives.

I'll look into that script. Thanks!

Have you tried to fool the application with subst?

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!

EoRaptor posted:

Is the user the owner? You can't remove access rights from the owner.

No, but we're good!

So, I had begun to think that maybe that removal wasn't happening so I tried other ways but was getting security exceptions. I wasn't sure so I backed away.

Brought it to a coworker who gave me the same code I had tried, but I checked against the error. So here's the back-half of the script!

#PERSONAL

$Subfolder = new-item -ItemType Directory -Name "PERSONAL" -path $Path

$SubACL = $ACL.psobject.copy()

$SubACL.SetAccessRuleProtection($True, $True)

$SubACL | Set-ACL $Subfolder.FullName

#Thank you CoC, sloshmonger

$SubACL = Get-Acl $Subfolder

$rules = $SubAcl.Access | Where { $_.IdentityReference -eq "MULE\Test" }

foreach($rule in $rules) {

$SubAcl.RemoveAccessRule($rule)
}

# Perform the modification

(Get-Item $Subfolder).SetAccessControl($subacl)

#We've got a winner! JUICE BY TAPPY JUICE BY TAPPY


Thank you all! This is going to help make my life sooooooooo much easier. It's also showing me how this stuff works, and what I might be able to do!

So grateful for everyone's contributions. I knew there'd be one little thing to make the difference.

sloshmonger
Mar 21, 2013
Glad to see you got it working!

mllaneza
Apr 28, 2007

Veteran, Bermuda Triangle Expeditionary Force, 1993-1952




Boywhiz88 posted:

Would that be looking at the hash tables example in this article? https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_hash_tables?view=powershell-7.3

Dictionaries seems a bit much for my needs from skimming through that article.

Yeah, that's the stuff. Stuff all your office-specific stuff into hash tables, use a variable as an index, operate on the value returned.

I once found a use for a dictionary of dictionaries in Python and I'm still smug about it.

vibur
Apr 23, 2004
I'm pulling data from a REST API into objects so I have a bunch of Property: Value pairs.

For example:
code:
name                  : iPad
udid                  : a long udid
Mobile Device Group   :
id                    : 663
Display_Name          : iPad
Asset_Tag             : A5035
Last_Inventory_Update : 2023-07-01 22:59:23
Serial_Number         : XXXXXXXXXX
Battery_Level         : 50
I need to push those into a Google Sheet for data viz purposes. Google's API wants JSON but it just wants the values (because each set of values is another row). What I can't figure out is how to get just the values from the object when I don't know the property names ahead of time. I feel like this should be pretty basic object manipulation but I just can't put my finger on it. Anyone know how to do that offhand?

nielsm
Jun 1, 2009



I'm not sure I understand, do you mean like an array of arrays?

code:
[
  ["iPad", "a long udid", "", 663, "iPad", "A5035", "2023-07-01 22:59:23", "XXXXXXXXXX", 50],
  ["iPad 2", "another udid", "", 842, "iPad 2", "A5035", "2023-07-01 22:59:25", "XXXXXXXXXX", 98]
]
Like that, with no header information?

Since I assume you've already tried ConvertTo-Json directly on your data and decided that it will not work.

vibur
Apr 23, 2004

nielsm posted:

I'm not sure I understand, do you mean like an array of arrays?

code:
[
  ["iPad", "a long udid", "", 663, "iPad", "A5035", "2023-07-01 22:59:23", "XXXXXXXXXX", 50],
  ["iPad 2", "another udid", "", 842, "iPad 2", "A5035", "2023-07-01 22:59:25", "XXXXXXXXXX", 98]
]
Like that, with no header information?

Since I assume you've already tried ConvertTo-Json directly on your data and decided that it will not work.
This is exactly correct. Google's API takes each of those arrays as a row in the spreadsheet.

Also, *I* didn't decide ConvertTo-Json will not work, Google took care of that for me :(

vibur fucked around with this message at 21:36 on Jul 5, 2023

vibur
Apr 23, 2004
FWIW, I appear to have solved my own problem (sort of).

Falling down a search hole, I saw a post from someone using ChatGPT to solve a different problem so I gave it a shot. It came up with some unfamiliar cmdlets that led me to PSGSuite.

My testing so far has been good - appends object values to a sheet with no need to convert to an arraylist or JSON or whatever.

FISHMANPET
Mar 3, 2007

Sweet 'N Sour
Can't
Melt
Steel Beams
Lol, ask any psgsuite questions you have. I'm, uh, one of the maintainers. In particular I've done a bunch around spreadsheets specifically.

The Claptain
May 11, 2014

Grimey Drawer

vibur posted:

I'm pulling data from a REST API into objects so I have a bunch of Property: Value pairs.

For example:
code:
name                  : iPad
udid                  : a long udid
Mobile Device Group   :
id                    : 663
Display_Name          : iPad
Asset_Tag             : A5035
Last_Inventory_Update : 2023-07-01 22:59:23
Serial_Number         : XXXXXXXXXX
Battery_Level         : 50
I need to push those into a Google Sheet for data viz purposes. Google's API wants JSON but it just wants the values (because each set of values is another row). What I can't figure out is how to get just the values from the object when I don't know the property names ahead of time. I feel like this should be pretty basic object manipulation but I just can't put my finger on it. Anyone know how to do that offhand?

You can use PSObject property (https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.psobject.properties?view=powershellsdk-7.2.0to) get all properties on your object and then you could loop through them

So if you assigned your response to variable $response, you can do something like

code:

Foreach ($property in $response.PSObject.Properties) {
$array+=$property.Value
$array | ConvertTo-Json
I'm typing this half drunk, so it probably needs some fine tuning, but that should give you an array containing only the values.

Edit: if your response is an array of objects, you just wrap the above in another foreach loop, to parse every object separately.

The Claptain fucked around with this message at 01:02 on Jul 8, 2023

Inspector_666
Oct 7, 2003

benny with the good hair

FISHMANPET posted:

Lol, ask any psgsuite questions you have. I'm, uh, one of the maintainers. In particular I've done a bunch around spreadsheets specifically.

God, this rules. I don't need Gsuite integration anymore since I'm in an O365 place now, but I remember back when I was learning how to use Powershell I was having to write my own wrappers for GAM that was scraping the text output for error codes and poo poo.

TITTIEKISSER69
Mar 19, 2005

SAVE THE BEES
PLANT MORE TREES
CLEAN THE SEAS
KISS TITTIESS




I've got a user who is getting emails sent to dynamic distribution groups of which she is not a member - I exported the memberships of the three groups to CSV files and she isn't on any of them.

My hunch is that a former employee is still on one of these lists and their mailbox is forwarding to her. What PS command can I run to see what mailboxes have forwarding enabled to her?

EDIT: This is in Exchange Online

TITTIEKISSER69 fucked around with this message at 23:28 on Jul 10, 2023

Pikehead
Dec 3, 2006

Looking for WMDs, PM if you have A+ grade stuff
Fun Shoe
Wouldn't the email headers say what mailbox it got forwarded from?

Knowing what mailboxes have forwarding enabled to your colleague would be useful if you couldn't get the headers though.

TITTIEKISSER69
Mar 19, 2005

SAVE THE BEES
PLANT MORE TREES
CLEAN THE SEAS
KISS TITTIESS




Afraid not, as the sender put the dynamic distro groups' addresses in BCC.

TITTIEKISSER69
Mar 19, 2005

SAVE THE BEES
PLANT MORE TREES
CLEAN THE SEAS
KISS TITTIESS




TITTIEKISSER69 posted:

I've got a user who is getting emails sent to dynamic distribution groups of which she is not a member - I exported the memberships of the three groups to CSV files and she isn't on any of them.

My hunch is that a former employee is still on one of these lists and their mailbox is forwarding to her. What PS command can I run to see what mailboxes have forwarding enabled to her?

EDIT: This is in Exchange Online

Any ideas?

The Fool
Oct 16, 2003


Not powershell, but the report described here might tell you what you want: https://learn.microsoft.com/en-us/exchange/monitoring/mail-flow-reports/mfr-auto-forwarded-messages-report

Toshimo
Aug 23, 2012

He's outta line...

But he's right!
Messing around with this year's Advent of Code in PS and on Day 2 (Part 2)... I have successfully solved it but I can't help but feel the way I wrote it was "some poo poo".

Any thoughts on how I could cut some of this down?

https://gist.github.com/Toshimo-Kamiya/c4c64fa4cea477bded97a14524e75ff6

Boywhiz88
Sep 11, 2005

floating 26" off da ground. BURR!
No idea, but when you see it like that, you can't help but think... there's gotta be a way.

I have what I think is an impossible ask:

I'm trying my damndest to find a process where I can import a CSV (preferably) with appointments filled out to an M365 Room Mailbox.

The idea here is that we have our standard holidays, and we want to book out our conference rooms. I'm hoping to automate in some way, vs my boss sending out manual invites/manually logging into each mailbox.

Thoughts or leads? Right now, I'm coming up short but I feel crazy because you think it would be possible.

EDIT: Realizing the EWS API isn't as depreciated as I might have thought... will consider that avenue because there's some stuff available. But I'm just surprised there's no way via EXO Powershell.

Submarine Sandpaper
May 27, 2007


Microsoft really does not want email admins to effect or read mailboxes, that's getting all swept to the compliance side of MS admin. I still mourn my inability to use search-mailbox.

You still need to know your dates and all, you could setup an ICAL invite that books all holidays.

Hughmoris
Apr 21, 2007
Let's go to the abyss!
A bit of a broad rookie question because I don't know what I don't know. I'm following some tutorials on Microsoft Entra ID. Instead of clicking through the portal, I want to complete the steps in PowerShell.

With PowerShell, should I be using the Microsoft Graph module? Is the AzureAD module being deprecated for Graph, or am I misunderstanding the random rear end blog articles I've found.

Potato Salad
Oct 23, 2014

nobody cares


I think you're overthinking this? If you want to make a new user, you cast New-AzureADUser. It....does that.

edit: I see what you're asking. Yes, install the graph module and get it connected with your tenant

I scrolled through these directions; they look like they should get you installed and connected

https://www.alitajran.com/install-microsoft-graph-powershell/

Potato Salad fucked around with this message at 22:16 on Dec 13, 2023

Hughmoris
Apr 21, 2007
Let's go to the abyss!

Potato Salad posted:

I think you're overthinking this? If you want to make a new user, you cast New-AzureADUser. It....does that.

edit: I see what you're asking. Yes, install the graph module and get it connected with your tenant

I scrolled through these directions; they look like they should get you installed and connected

https://www.alitajran.com/install-microsoft-graph-powershell/

:hfive:

Thanks!

sloshmonger
Mar 21, 2013

Boywhiz88 posted:

No idea, but when you see it like that, you can't help but think... there's gotta be a way.

I have what I think is an impossible ask:

I'm trying my damndest to find a process where I can import a CSV (preferably) with appointments filled out to an M365 Room Mailbox.

The idea here is that we have our standard holidays, and we want to book out our conference rooms. I'm hoping to automate in some way, vs my boss sending out manual invites/manually logging into each mailbox.

Thoughts or leads? Right now, I'm coming up short but I feel crazy because you think it would be possible.

EDIT: Realizing the EWS API isn't as depreciated as I might have thought... will consider that avenue because there's some stuff available. But I'm just surprised there's no way via EXO Powershell.

You're going to have to do some work in the Graph API if you want to do that.
https://learn.microsoft.com/en-us/graph/api/calendar-post-events?view=graph-rest-1.0&tabs=http

Adbot
ADBOT LOVES YOU

Happiness Commando
Feb 1, 2002
$$ joy at gunpoint $$

Does anyone happen to have an AWS sigv4 signing script to share, or can point out what's wrong here? I need to calculate some credential from some other credential, which involves hashing a bunch of concatenated strings and storing them in byte arrays (I think?). The python code example from documentation works perfectly. The powershell copypasta from the internet ends up with a different final value (is broken) , but it looks like it's accomplishing the same thing. Printing diagnostics mid calculation doesn't help because the HMAC function operates on byte arrays and they are displayed very differently. They're both using utf-8, so I don't think it has to do with string encoding.


Python from https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html works perfectly

Python code:

#!/usr/bin/env python3

import hmac
import hashlib
import base64
import argparse

SMTP_REGIONS = [
    "us-east-2",  # US East (Ohio)
    "us-east-1",  # US East (N. Virginia)
    "us-west-2",  # US West (Oregon)
    "ap-south-1",  # Asia Pacific (Mumbai)
    "ap-northeast-2",  # Asia Pacific (Seoul)
    "ap-southeast-1",  # Asia Pacific (Singapore)
    "ap-southeast-2",  # Asia Pacific (Sydney)
    "ap-northeast-1",  # Asia Pacific (Tokyo)
    "ca-central-1",  # Canada (Central)
    "eu-central-1",  # Europe (Frankfurt)
    "eu-west-1",  # Europe (Ireland)
    "eu-west-2",  # Europe (London)
    "eu-south-1",  # Europe (Milan)
    "eu-north-1",  # Europe (Stockholm)
    "sa-east-1",  # South America (Sao Paulo)
    "us-gov-west-1",  # AWS GovCloud (US)
]

# These values are required to calculate the signature. Do not change them.
DATE = "11111111"
SERVICE = "ses"
MESSAGE = "SendRawEmail"
TERMINAL = "aws4_request"
VERSION = 0x04


def sign(key, msg):
    return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()


def calculate_key(secret_access_key, region):
    if region not in SMTP_REGIONS:
        raise ValueError(f"The {region} Region doesn't have an SMTP endpoint.")

    signature = sign(("AWS4" + secret_access_key).encode("utf-8"), DATE)
    signature = sign(signature, region)
    signature = sign(signature, SERVICE)
    signature = sign(signature, TERMINAL)
    signature = sign(signature, MESSAGE)
    signature_and_version = bytes([VERSION]) + signature
    smtp_password = base64.b64encode(signature_and_version)
    return smtp_password.decode("utf-8")


def main():
    parser = argparse.ArgumentParser(
        description="Convert a Secret Access Key to an SMTP password."
    )
    parser.add_argument("secret", help="The Secret Access Key to convert.")
    parser.add_argument(
        "region",
        help="The AWS Region where the SMTP password will be used.",
        choices=SMTP_REGIONS,
    )
    args = parser.parse_args()
    print(calculate_key(args.secret, args.region))


if __name__ == "__main__":
    main()


Powershell copypasta from https://gist.github.com/jacqueskang/96c444ee01e6a4b37300aa49e8097513 provides a credential, the code doesn't error out, but it doesn't work and is different from the python

code:

$key = "${SecretAccessKey}";
$region = "${AWS::Region}";

$date = "11111111";
$service = "ses";
$terminal = "aws4_request";
$message = "SendRawEmail";
$versionInBytes = 0x04;

function HmacSha256($text, $key2) {
    $hmacsha = New-Object System.Security.Cryptography.HMACSHA256
    $hmacsha.key = $key2;
    $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($text));
}

$signature = [Text.Encoding]::UTF8.GetBytes("AWS4" + $key)
$signature = HmacSha256 "$date" $signature;
$signature = HmacSha256 "$region" $signature;
$signature = HmacSha256 "$service" $signature;
$signature = HmacSha256 "$terminal" $signature;
$signature = HmacSha256 "$message" $signature;
$signatureAndVersion = [System.Byte[]]::CreateInstance([System.Byte], $signature.Length + 1);
$signatureAndVersion[0] = $versionInBytes;
$signature.CopyTo($signatureAndVersion, 1);
$smtpPassword = [Convert]::ToBase64String($signatureAndVersion);

Write-Host $smtpPassword;


Edit:

Wait, using "foo" as my key and us-east-1 as my region results in both outputs being the same. OK I guess I'm going to rubber duck phone post in the edits
BPtBXSjHoMVKYLkS05QmpTxdAWirYy2yB4VgpkK4IhqP

Happiness Commando fucked around with this message at 16:00 on Feb 13, 2024

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply