From 5f3601ac78806d154feef20f3233e4388618e0f7 Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Wed, 17 Nov 2021 17:06:01 -0500
Subject: [PATCH] Unset pw reset for new Fleet users

---
 salt/common/tools/sbin/so-fleet-setup    | 12 +++++++++---
 salt/common/tools/sbin/so-fleet-user-add |  7 ++++++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/salt/common/tools/sbin/so-fleet-setup b/salt/common/tools/sbin/so-fleet-setup
index 18c97b2f0..d3ea4dca3 100755
--- a/salt/common/tools/sbin/so-fleet-setup
+++ b/salt/common/tools/sbin/so-fleet-setup
@@ -9,6 +9,9 @@ if [[ $# -ne 2 ]] ; then
       exit 1
 fi
 
+USER_EMAIL=$1
+USER_PW=$2
+
 # Checking to see if required containers are started...
 if [ ! "$(docker ps -q -f name=so-fleet)" ]; then
         echo "Starting Docker Containers..."
@@ -19,13 +22,16 @@ fi
 
 docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet
 docker exec so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done'
-docker exec so-fleet fleetctl setup --email $1 --password $2 --name admin --org-name SO
 
-# Create Security Onion Fleet Service Account
+# Create Security Onion Fleet Service Account + Setup Fleet
 FLEET_SA_EMAIL=$(lookup_pillar_secret fleet_sa_email)
 FLEET_SA_PW=$(lookup_pillar_secret fleet_sa_password)
-docker exec so-fleet fleetctl user create --email $FLEET_SA_EMAIL --name SO_ServiceAccount --password $FLEET_SA_PW --global-role admin
+docker exec so-fleet fleetctl setup --email $FLEET_SA_EMAIL --password $FLEET_SA_PW --name SO_ServiceAccount --org-name SO
 
+# Create User Account
+echo "$USER_PW" | so-fleet-user-add "$USER_EMAIL"
+
+# Import Packs & Configs
 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
 docker exec so-fleet fleetctl apply -f /packs/so/so-default.yml
diff --git a/salt/common/tools/sbin/so-fleet-user-add b/salt/common/tools/sbin/so-fleet-user-add
index 12fb6d87d..d31ec95c3 100755
--- a/salt/common/tools/sbin/so-fleet-user-add
+++ b/salt/common/tools/sbin/so-fleet-user-add
@@ -32,6 +32,7 @@ fi
 USER_EMAIL=$1
 FLEET_SA_EMAIL=$(lookup_pillar_secret fleet_sa_email)
 FLEET_SA_PW=$(lookup_pillar_secret fleet_sa_password)
+MYSQL_PW=$(lookup_pillar_secret mysql)
 
 # Read password for new user from stdin
 test -t 0
@@ -61,4 +62,8 @@ else
     echo "Unable to add user to Fleet; user might already exist"
     echo "$CREATE_OUTPUT"
     exit 2
-fi
\ No newline at end of file
+fi
+
+# Disable forced password reset
+MYSQL_OUTPUT=$(docker exec so-mysql mysql -u root --password=$MYSQL_PW fleet -e \
+"UPDATE users SET admin_forced_password_reset = 0 WHERE email = '$USER_EMAIL'" 2>&1)
\ No newline at end of file