add python_freeipa support
This commit is contained in:
parent
dc53a5be9e
commit
333f3614f9
GPG Key ID:
2A6975660E424560
30
mangle/ipa/ipaaudit-noipa
Executable file
30
mangle/ipa/ipaaudit-noipa
Executable file
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
# Wrapper for ipaauditor.py audit
|
||||
|
||||
source /etc/os-release
|
||||
case "$ID" in
|
||||
rocky|centos|rhel)
|
||||
case "${VERSION_ID:0:1}" in
|
||||
5|6|7)
|
||||
echo "Not supported."
|
||||
exit 3
|
||||
;;
|
||||
8)
|
||||
PYTHON_EXEC="/usr/libexec/platform-python"
|
||||
;;
|
||||
*)
|
||||
PYTHON_EXEC="/usr/bin/python3"
|
||||
;;
|
||||
esac ;;
|
||||
ubuntu|debian)
|
||||
PYTHON_EXEC="/usr/bin/python3"
|
||||
;;
|
||||
fedora)
|
||||
PYTHON_EXEC="/usr/bin/python3"
|
||||
esac
|
||||
|
||||
$PYTHON_EXEC ipaauditor.py --user test \
|
||||
--password test \
|
||||
--server test \
|
||||
--library python_freeipa \
|
||||
audit "$@"
|
||||
@ -58,6 +58,9 @@ audit_parser = subparser.add_parser('audit', epilog='Use this to perform audits
|
||||
parser.add_argument('--library', type=str, default='ipalib',
|
||||
help='Choose the ipa library to use for the auditor',
|
||||
choices=('ipalib', 'python_freeipa'))
|
||||
parser.add_argument('--user', type=str, default='', help='Set the username (python_freeipa only)')
|
||||
parser.add_argument('--password', type=str, default='', help='Set the password (python_freeipa only)')
|
||||
parser.add_argument('--server', type=str, default='', help='Set the server (python_freeipa only)')
|
||||
|
||||
audit_parser.add_argument('--type', type=str, required=True,
|
||||
help='Type of audit: hbac, rbac, group, user',
|
||||
@ -640,7 +643,7 @@ memberOf:{groups}
|
||||
return api.hbacsvcgroup_show(hbacsvcgroup)['result']
|
||||
|
||||
# start main
|
||||
def get_api(ipa_library='ipalib'):
|
||||
def get_api(ipa_library='ipalib', user='', password='', server=''):
|
||||
"""
|
||||
Gets and returns the right API entrypoint
|
||||
"""
|
||||
@ -659,7 +662,13 @@ def get_api(ipa_library='ipalib'):
|
||||
print('WARNING: No kerberos credentials\n')
|
||||
command_api = None
|
||||
elif ipa_library == 'python_freeipa':
|
||||
print()
|
||||
api = ClientMeta(server)
|
||||
try:
|
||||
api.login(user, password)
|
||||
command_api = api
|
||||
except:
|
||||
print('ERROR: Unable to login, check user/password/server')
|
||||
command_api = None
|
||||
else:
|
||||
print('Unsupported ipa library', sys.stderr)
|
||||
sys.exit(1)
|
||||
@ -670,7 +679,8 @@ def main():
|
||||
"""
|
||||
Main function entrypoint
|
||||
"""
|
||||
command_api = get_api()
|
||||
command_api = get_api(ipa_library=results.library, user=results.user,
|
||||
password=results.password, server=results.server)
|
||||
if command == 'audit':
|
||||
IPAAudit.entry(command_api, results.type, results.name, results.deep)
|
||||
elif command == 'info':
|
||||
|
||||
Loading…
Reference in New Issue
Block a user