sig_core/toolkit
sig_core/toolkit
7
2
Fork 3
Code Issues 6 Pull Requests 2 Actions Projects Releases Wiki Activity

add query ability
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 6s
Details
Build empanada container images for lorax / buildx (push) Successful in 1s
Details

Browse Source
This commit is contained in:
Louis Abel 2024-07-17 15:30:24 -07:00
parent 39b2c5601a
commit 04d1ec6a00
Signed by: label
GPG Key ID: 2A6975660E424560
3 changed files with 71 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mangle/ipa/ipaaudit
View File

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
# Wrapper for ipaauditor.py audit # Wrapper for ipaauditor.py audit
source /etc/os-release
case "$ID" in case "$ID" in
rocky|centos|rhel) rocky|centos|rhel)
case "${VERSION_ID:0:1}" in case "${VERSION_ID:0:1}" in

69
mangle/ipa/ipaauditor.py
View File

@ -55,10 +55,10 @@ subparser.required = True
info_parser = subparser.add_parser('info', epilog='Use this to get IPA client information.') info_parser = subparser.add_parser('info', epilog='Use this to get IPA client information.')
query_parser = subparser.add_parser('query', epilog='Use this to perform simple IPA queries.') query_parser = subparser.add_parser('query', epilog='Use this to perform simple IPA queries.')
audit_parser = subparser.add_parser('audit', epilog='Use this to perform audits of IPA policies') audit_parser = subparser.add_parser('audit', epilog='Use this to perform audits of IPA policies')
parser.add_argument('--library', type=str, default='ipalib',
audit_parser.add_argument('--library', type=str, default='ipalib',
help='Choose the ipa library to use for the auditor', help='Choose the ipa library to use for the auditor',
choices=('ipalib', 'python_freeipa')) choices=('ipalib', 'python_freeipa'))
audit_parser.add_argument('--type', type=str, required=True, audit_parser.add_argument('--type', type=str, required=True,
help='Type of audit: hbac, rbac, group, user', help='Type of audit: hbac, rbac, group, user',
choices=('hbac', 'rbac', 'group', 'user')) choices=('hbac', 'rbac', 'group', 'user'))
@ -67,6 +67,17 @@ audit_parser.add_argument('--name', type=str, default='',
audit_parser.add_argument('--deep', action='store_true', audit_parser.add_argument('--deep', action='store_true',
help='Name of the object you want to audit') help='Name of the object you want to audit')
# all query related subparsers
# pylint: disable=line-too-long
query_subparser = query_parser.add_subparsers(dest='query_cmd')
user_query_parser = query_subparser.add_parser('user', epilog="Use this to get user information.")
user_query_parser.add_argument('-A', '--all', action='store_true', help='Get everything about the user')
user_query_parser.add_argument('name', nargs='?', help='User name')
group_query_parser = query_subparser.add_parser('group', epilog="Use this to get group information.")
group_query_parser.add_argument('-A', '--all', action='store_true', help='Get everything about the group')
group_query_parser.add_argument('name', nargs='?', help='Group name')
known = parser.parse_known_args()
results = parser.parse_args() results = parser.parse_args()
command = parser.parse_args().cmd command = parser.parse_args().cmd
@ -431,6 +442,58 @@ class IPAQuery:
""" """
This is for getting query data This is for getting query data
""" """
@staticmethod
def entry(api, control, name, deep):
"""
Gets us started on the query
"""
#user_data = IPAQuery.user_data(api, name)
if control == 'user':
IPAQuery.user_pull(api, name, deep)
if control == 'group':
IPAQuery.group_pull(api, name, deep)
@staticmethod
def user_pull(api, name, deep):
"""
Gets requested rbac info
"""
user_results = IPAQuery.user_data(api, name)
uid = user_results['uid'][0]
uid_number = user_results['uidnumber'][0]
gid_number = user_results['gidnumber'][0]
first_name = user_results['givenname'][0]
last_name = user_results['sn'][0]
homedir = user_results['homedirectory'][0]
loginshell = user_results['loginshell'][0]
full_name = f'{first_name} {last_name}'
krbprincipal = user_results['krbprincipalname'][0]
groups = ','.join(user_results['memberof_group'])
getent_string = f'{uid}:x:{uid_number}:{gid_number}:{full_name}:{homedir}:{loginshell}'
if not deep:
print(getent_string)
else:
outter = f"""
unixname:{uid}
uid:{uid_number}
gid:{gid_number}
gecos:{full_name}
displayName:{full_name}
home:{homedir}
shell:{loginshell}
userPrincipalName:{krbprincipal}
memberOf:{groups}
"""
print(outter)
@staticmethod
def group_pull(api, name, deep):
"""
Gets requested rbac info
"""
print()
@staticmethod @staticmethod
def user_data(api, user): def user_data(api, user):
""" """
@ -516,6 +579,8 @@ def main():
IPAAudit.entry(command_api, results.type, results.name, results.deep) IPAAudit.entry(command_api, results.type, results.name, results.deep)
elif command == 'info': elif command == 'info':
IPAInfo.basic_ipa_info(command_api) IPAInfo.basic_ipa_info(command_api)
elif command == 'query':
IPAQuery.entry(command_api, results.query_cmd, results.name, results.all)
# When root, kdestroy the host keytab # When root, kdestroy the host keytab
if os.getuid() == 0: if os.getuid() == 0:

3
mangle/ipa/ipaquery
View File

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
# Wrapper for ipaauditor.py query # Wrapper for ipaauditor.py query
source /etc/os-release
case "$ID" in case "$ID" in
rocky|centos|rhel) rocky|centos|rhel)
case "${VERSION_ID:0:1}" in case "${VERSION_ID:0:1}" in
@ -22,4 +23,4 @@ case "$ID" in
PYTHON_EXEC="/usr/bin/python3" PYTHON_EXEC="/usr/bin/python3"
esac esac
$PYTHON_EXEC ipaquery.py query "$@" $PYTHON_EXEC ipaauditor.py query "$@"