From 333f3614f98f5c9eac9cb00668ca60b32df1db81 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Wed, 2 Oct 2024 11:25:01 -0700 Subject: [PATCH] add python_freeipa support --- mangle/ipa/ipaaudit-noipa | 30 ++++++++++++++++++++++++++++++ mangle/ipa/ipaauditor.py | 16 +++++++++++++--- 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100755 mangle/ipa/ipaaudit-noipa diff --git a/mangle/ipa/ipaaudit-noipa b/mangle/ipa/ipaaudit-noipa new file mode 100755 index 0000000..b634c20 --- /dev/null +++ b/mangle/ipa/ipaaudit-noipa @@ -0,0 +1,30 @@ +#!/bin/bash +# Wrapper for ipaauditor.py audit + +source /etc/os-release +case "$ID" in + rocky|centos|rhel) + case "${VERSION_ID:0:1}" in + 5|6|7) + echo "Not supported." + exit 3 + ;; + 8) + PYTHON_EXEC="/usr/libexec/platform-python" + ;; + *) + PYTHON_EXEC="/usr/bin/python3" + ;; + esac ;; + ubuntu|debian) + PYTHON_EXEC="/usr/bin/python3" + ;; + fedora) + PYTHON_EXEC="/usr/bin/python3" +esac + +$PYTHON_EXEC ipaauditor.py --user test \ + --password test \ + --server test \ + --library python_freeipa \ + audit "$@" diff --git a/mangle/ipa/ipaauditor.py b/mangle/ipa/ipaauditor.py index d4be31f..c8349cc 100644 --- a/mangle/ipa/ipaauditor.py +++ b/mangle/ipa/ipaauditor.py @@ -58,6 +58,9 @@ audit_parser = subparser.add_parser('audit', epilog='Use this to perform audits parser.add_argument('--library', type=str, default='ipalib', help='Choose the ipa library to use for the auditor', choices=('ipalib', 'python_freeipa')) +parser.add_argument('--user', type=str, default='', help='Set the username (python_freeipa only)') +parser.add_argument('--password', type=str, default='', help='Set the password (python_freeipa only)') +parser.add_argument('--server', type=str, default='', help='Set the server (python_freeipa only)') audit_parser.add_argument('--type', type=str, required=True, help='Type of audit: hbac, rbac, group, user', @@ -640,7 +643,7 @@ memberOf:{groups} return api.hbacsvcgroup_show(hbacsvcgroup)['result'] # start main -def get_api(ipa_library='ipalib'): +def get_api(ipa_library='ipalib', user='', password='', server=''): """ Gets and returns the right API entrypoint """ @@ -659,7 +662,13 @@ def get_api(ipa_library='ipalib'): print('WARNING: No kerberos credentials\n') command_api = None elif ipa_library == 'python_freeipa': - print() + api = ClientMeta(server) + try: + api.login(user, password) + command_api = api + except: + print('ERROR: Unable to login, check user/password/server') + command_api = None else: print('Unsupported ipa library', sys.stderr) sys.exit(1) @@ -670,7 +679,8 @@ def main(): """ Main function entrypoint """ - command_api = get_api() + command_api = get_api(ipa_library=results.library, user=results.user, + password=results.password, server=results.server) if command == 'audit': IPAAudit.entry(command_api, results.type, results.name, results.deep) elif command == 'info':