From dc53a5be9e63d76fe46cff6c18561731690bdd0d Mon Sep 17 00:00:00 2001
From: Louis Abel <label@rockylinux.org>
Date: Wed, 2 Oct 2024 10:30:39 -0700
Subject: [PATCH] catch all category

---
 mangle/ipa/ipaauditor.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/mangle/ipa/ipaauditor.py b/mangle/ipa/ipaauditor.py
index 8722665..d4be31f 100644
--- a/mangle/ipa/ipaauditor.py
+++ b/mangle/ipa/ipaauditor.py
@@ -465,6 +465,7 @@ class IPAAudit:
         Does a recursive dig on a user
         """
         hbac_rule_list = []
+        hbac_rule_all_hosts = []
         host_list = []
         hostgroup_list = []
         for group in groups:
@@ -482,6 +483,8 @@ class IPAAudit:
             hbac_results = IPAQuery.hbac_data(api, hbac)
             hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host']
             hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup']
+            if hbac_results.get('servicecategory'):
+                hbac_rule_all_hosts.append(hbac)
 
             for host in hbac_host_list:
                 hbac_hosts.append(host)
@@ -493,9 +496,14 @@ class IPAAudit:
 
         new_hbac_hosts = sorted(set(hbac_hosts))
         print('User Has Access To These Hosts')
-        print('----------------------------------------')
+        print('------------------------------------------')
         for hhost in new_hbac_hosts:
             print(hhost)
+        if len(hbac_rule_all_hosts) > 0:
+            print('!! Notice: User has access to ALL hosts from the following rules:')
+            hbac_rule_all_hosts = sorted(set(hbac_rule_all_hosts))
+            for allrule in hbac_rule_all_hosts:
+                print(allrule)
 
     @staticmethod
     def group_deep_list(api, group):