add HBAC host list to user deep
Some checks failed
Build empanada images for imagefactory / buildx (push) Failing after 7s
Build empanada container images for lorax / buildx (push) Successful in 1s

This commit is contained in:
Louis Abel 2024-10-02 09:54:52 -07:00
parent eba3593cfd
commit f482ef6e1f
Signed by: label
GPG Key ID: 2A6975660E424560

View File

@ -274,9 +274,42 @@ class IPAAudit:
@staticmethod @staticmethod
def user_pull(api, name, deep): def user_pull(api, name, deep):
""" """
Gets requested rbac info Gets requested user info
""" """
print() try:
user_results = IPAQuery.user_data(api, name)
except:
print(f'Could not find {name}', sys.stderr)
sys.exit(1)
user_first = '' if not user_results.get('givenname', None) else user_results['givenname'][0]
user_last = '' if not user_results.get('sn', None) else user_results['sn'][0]
user_uid = '' if not user_results.get('uid', None) else user_results['uid'][0]
user_uidnum = '' if not user_results.get('uidnumber', None) else user_results['uidnumber'][0]
user_gidnum = '' if not user_results.get('gidnumber', None) else user_results['gidnumber'][0]
user_groups = '' if not user_results.get('memberof_group', None) else '\n '.join(user_results['memberof_group'])
user_hbachosts = '' if not user_results.get('memberof_hbacrule', None) else '\n '.join(user_results['memberof_hbacrule'])
user_indhbachosts = '' if not user_results.get('memberofindirect_hbacrule', None) else '\n '.join(user_results['memberofindirect_hbacrule'])
starter_user = {
'User name': user_uid,
'First name': user_first,
'Last name': user_last,
'UID': user_uidnum,
'GID': user_gidnum,
'Groups': user_groups,
}
print('User Information')
print('----------------------------------------')
for key, value in starter_user.items():
if len(value) > 0:
print(f'{key: <16}{value}')
print('')
if deep:
group_list = [] if not user_results.get('memberof_group', None) else user_results['memberof_group']
IPAAudit.user_deep_list(api, name, group_list)
@staticmethod @staticmethod
def group_pull(api, name, deep): def group_pull(api, name, deep):
@ -369,7 +402,7 @@ class IPAAudit:
if perm not in starting_perms: if perm not in starting_perms:
starting_perms.append(perm) starting_perms.append(perm)
print(f'Permissions Applied to this Role') print('Permissions Applied to this Role')
print('----------------------------------------') print('----------------------------------------')
for item in starting_perms: for item in starting_perms:
print(item) print(item)
@ -427,10 +460,42 @@ class IPAAudit:
print(f'{key: <24}{value}') print(f'{key: <24}{value}')
@staticmethod @staticmethod
def user_deep_list(api, user): def user_deep_list(api, user, groups):
""" """
Does a recursive dig on a user Does a recursive dig on a user
""" """
hbac_rule_list = []
host_list = []
hostgroup_list = []
for group in groups:
group_results = IPAQuery.group_data(api, group)
hbac_list = [] if not group_results.get('memberof_hbacrule', None) else group_results['memberof_hbacrule']
hbacind_list = [] if not group_results.get('memberofindirect_hbacrule', None) else group_results['memberofindirect_hbacrule']
hbac_rule_list.extend(hbac_list)
hbac_rule_list.extend(hbacind_list)
# TODO: Add HBAC list (including services)
# TODO: Add RBAC list
hbac_hosts = []
for hbac in hbac_rule_list:
hbac_results = IPAQuery.hbac_data(api, hbac)
hbac_host_list = [] if not hbac_results.get('memberhost_host', None) else hbac_results['memberhost_host']
hbac_hostgroup_list = [] if not hbac_results.get('memberhost_hostgroup', None) else hbac_results['memberhost_hostgroup']
for host in hbac_host_list:
hbac_hosts.append(host)
for hostgroup in hbac_hostgroup_list:
hostgroup_data = IPAQuery.hostgroup_data(api, hostgroup)
host_list = [] if not hostgroup_data.get('member_host', None) else hostgroup_data['member_host']
hbac_hosts.extend(host_list)
new_hbac_hosts = sorted(set(hbac_hosts))
print('User Has Access To These Hosts')
print('----------------------------------------')
for hhost in new_hbac_hosts:
print(hhost)
@staticmethod @staticmethod
def group_deep_list(api, group): def group_deep_list(api, group):