kemotaha/toolkit
1
0
Fork 0
forked from sig_core/toolkit
Code Pull Requests Activity

add python_freeipa support

Browse Source
This commit is contained in:
Louis Abel 2024-10-02 11:25:01 -07:00
parent dc53a5be9e
commit 333f3614f9
Signed by untrusted user: label
GPG Key ID: 2A6975660E424560
2 changed files with 43 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
mangle/ipa/ipaaudit-noipa Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Wrapper for ipaauditor.py audit
source /etc/os-release
case "$ID" in
rocky|centos|rhel)
case "${VERSION_ID:0:1}" in
5|6|7)
echo "Not supported."
exit 3
;;
8)
PYTHON_EXEC="/usr/libexec/platform-python"
;;
*)
PYTHON_EXEC="/usr/bin/python3"
;;
esac ;;
ubuntu|debian)
PYTHON_EXEC="/usr/bin/python3"
;;
fedora)
PYTHON_EXEC="/usr/bin/python3"
esac
$PYTHON_EXEC ipaauditor.py --user test \
--password test \
--server test \
--library python_freeipa \
audit "$@"

16
mangle/ipa/ipaauditor.py
View File

@ -58,6 +58,9 @@ audit_parser = subparser.add_parser('audit', epilog='Use this to perform audits
parser.add_argument('--library', type=str, default='ipalib', parser.add_argument('--library', type=str, default='ipalib',
help='Choose the ipa library to use for the auditor', help='Choose the ipa library to use for the auditor',
choices=('ipalib', 'python_freeipa')) choices=('ipalib', 'python_freeipa'))
parser.add_argument('--user', type=str, default='', help='Set the username (python_freeipa only)')
parser.add_argument('--password', type=str, default='', help='Set the password (python_freeipa only)')
parser.add_argument('--server', type=str, default='', help='Set the server (python_freeipa only)')
audit_parser.add_argument('--type', type=str, required=True, audit_parser.add_argument('--type', type=str, required=True,
help='Type of audit: hbac, rbac, group, user', help='Type of audit: hbac, rbac, group, user',
@ -640,7 +643,7 @@ memberOf:{groups}
return api.hbacsvcgroup_show(hbacsvcgroup)['result'] return api.hbacsvcgroup_show(hbacsvcgroup)['result']
# start main # start main
def get_api(ipa_library='ipalib'): def get_api(ipa_library='ipalib', user='', password='', server=''):
""" """
Gets and returns the right API entrypoint Gets and returns the right API entrypoint
""" """
@ -659,7 +662,13 @@ def get_api(ipa_library='ipalib'):
print('WARNING: No kerberos credentials\n') print('WARNING: No kerberos credentials\n')
command_api = None command_api = None
elif ipa_library == 'python_freeipa': elif ipa_library == 'python_freeipa':
print() api = ClientMeta(server)
try:
api.login(user, password)
command_api = api
except:
print('ERROR: Unable to login, check user/password/server')
command_api = None
else: else:
print('Unsupported ipa library', sys.stderr) print('Unsupported ipa library', sys.stderr)
sys.exit(1) sys.exit(1)
@ -670,7 +679,8 @@ def main():
""" """
Main function entrypoint Main function entrypoint
""" """
command_api = get_api() command_api = get_api(ipa_library=results.library, user=results.user,
password=results.password, server=results.server)
if command == 'audit': if command == 'audit':
IPAAudit.entry(command_api, results.type, results.name, results.deep) IPAAudit.entry(command_api, results.type, results.name, results.deep)
elif command == 'info': elif command == 'info':