add python_freeipa support

rocky-linux · Oct 2, 2024 · 333f361 · 333f361
1 parent dc53a5b
commit 333f361
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 3 deletions.
diff --git a/mangle/ipa/ipaaudit-noipa b/mangle/ipa/ipaaudit-noipa
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Wrapper for ipaauditor.py audit
+
+source /etc/os-release
+case "$ID" in
+  rocky|centos|rhel)
+    case "${VERSION_ID:0:1}" in
+      5|6|7)
+        echo "Not supported."
+        exit 3
+        ;;
+      8)
+        PYTHON_EXEC="/usr/libexec/platform-python"
+        ;;
+      *)
+        PYTHON_EXEC="/usr/bin/python3"
+        ;;
+    esac ;;
+  ubuntu|debian)
+    PYTHON_EXEC="/usr/bin/python3"
+    ;;
+  fedora)
+    PYTHON_EXEC="/usr/bin/python3"
+esac
+
+$PYTHON_EXEC ipaauditor.py --user test \
+  --password test \
+  --server test \
+  --library python_freeipa \
+  audit "$@"
diff --git a/mangle/ipa/ipaauditor.py b/mangle/ipa/ipaauditor.py
@@ -58,6 +58,9 @@
 parser.add_argument('--library', type=str, default='ipalib',
                     help='Choose the ipa library to use for the auditor',
                     choices=('ipalib', 'python_freeipa'))
+parser.add_argument('--user', type=str, default='', help='Set the username (python_freeipa only)')
+parser.add_argument('--password', type=str, default='', help='Set the password (python_freeipa only)')
+parser.add_argument('--server', type=str, default='', help='Set the server (python_freeipa only)')
 
 audit_parser.add_argument('--type', type=str, required=True,
                           help='Type of audit: hbac, rbac, group, user',
@@ -640,7 +643,7 @@ def hbacsvcgroup_data(api, hbacsvcgroup):
         return api.hbacsvcgroup_show(hbacsvcgroup)['result']
 
 # start main
-def get_api(ipa_library='ipalib'):
+def get_api(ipa_library='ipalib', user='', password='', server=''):
     """
     Gets and returns the right API entrypoint
     """
@@ -659,7 +662,13 @@ def get_api(ipa_library='ipalib'):
             print('WARNING: No kerberos credentials\n')
             command_api = None
     elif ipa_library == 'python_freeipa':
-        print()
+        api = ClientMeta(server)
+        try:
+            api.login(user, password)
+            command_api = api
+        except:
+            print('ERROR: Unable to login, check user/password/server')
+            command_api = None
     else:
         print('Unsupported ipa library', sys.stderr)
         sys.exit(1)
@@ -670,7 +679,8 @@ def main():
     """
     Main function entrypoint
     """
-    command_api = get_api()
+    command_api = get_api(ipa_library=results.library, user=results.user,
+                          password=results.password, server=results.server)
     if command == 'audit':
         IPAAudit.entry(command_api, results.type, results.name, results.deep)
     elif command == 'info':