DataPower

 View Only
Expand all | Collapse all

SFTP Server Handler - how to access login/username in GatewayScript

  • 1.  SFTP Server Handler - how to access login/username in GatewayScript

    Posted Sun April 24, 2022 11:25 PM

    Hi

    We have SFTP server handler with AAA assigned, username & password kept in AAA file, It works fine, it authenticates my users and allows to use backend

    Piece of log

    20220424T221645.101Z [0x80e0049f][ssh][info] source-ssh-server(sftp_6666): tid(53600): SSH Server: Authorization request for user [marek]. <------ this one

    20220424T221645.101Z [0x80e0049a][ssh][info] source-ssh-server(sftp_6666): tid(53600): SSH Server: Initiated AAA request for user [marek] policy [ftp_7777].

    20220424T221645.104Z [0x8060015e][crypto][info] source-ssh-server(sftp_6666): tid(53600)[request]: Data encryption succeeded

    20220424T221645.104Z [0x80e003a6][xmlparse][debug] source-ssh-server(sftp_6666): tid(53600)[request]: Parsing document: 'local:///ftp_7777_aaa.xml'

    20220424T221645.104Z [0x80e003ab][xmlparse][debug] source-ssh-server(sftp_6666): tid(53600)[request]: Finished parsing: local:///ftp_7777_aaa.xml

    20220424T221645.107Z [0x80e0049d][ssh][info] source-ssh-server(sftp_6666): tid(53600): SSH Server: AAA result: [success] for user [marek] policy [ftp_7777].

    20220424T221645.107Z [0x80e005d5][ssh][info] source-ssh-server(sftp_6666): SSH Server internal message: 'Accepted password for marek from 172.17.0.1 port 50122 ssh2'

    20220424T221645.108Z [0x80e005d5][ssh][debug] source-ssh-server(sftp_6666): SSH Server internal message: 'Starting session: subsystem 'sftp' for marek from 172.17.0.1 port 50122'

    ... and so on ...

    But there is requirement to use sftp username in further processing in GatewayScript which runs in MPG processing policy.

    So the question is: how to access sftp user name (or outgoing credentials) from AAA assigned to SFTP Server Handler?

    Is this possible at all in MPG processing rules?

    Are there any context/service variables containing such credentials?

    I've done some experiments with JS script invoked on Postprocessing->Custom processing, scripts runs (writes messages into log) but I have no idea where to find username/login value?

    Thanks for any hints in advance

    regards

    Marek



    #DataPower
    #Support
    #SupportMigration


  • 2.  RE: SFTP Server Handler - how to access login/username in GatewayScript

    Posted Tue April 26, 2022 12:04 PM

    Hi,

    I am not aware of any function or variable that could be used with GWScript. In XSLT you can extract the values using dp:auth-info() function (https://www.ibm.com/docs/en/datapower-gateway/10.0.x?topic=functions-dpauth-info) and for invoking the XSLT you have couple of options. You can either invoke transform.xslt from the GatewayScript or you can run the XSLT before GWScript action and store the values into context variables that can be accessed from the script.

    --HP



    #DataPower
    #Support
    #SupportMigration