Skip to content

Instantly share code, notes, and snippets.

@jvkassi

jvkassi/IPA.php

Created June 10, 2024 23:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jvkassi/d7386b6f07e9c081c5356a8f88e64d28 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jvkassi/d7386b6f07e9c081c5356a8f88e64d28 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
IPA.php
<?php
class IPA {
private $server;
private $sslverify;
private $session;
private $login_user;
public function __construct($server, $sslverify = false) {
$this->server = $server;
$this->sslverify = $sslverify;
$this->session = curl_init();
}
public function login($user, $password) {
$ipaurl = "https://{$this->server}/ipa/session/login_password";
$headers = [
"referer: $ipaurl",
"Content-Type: application/x-www-form-urlencoded",
"Accept: text/plain"
];
$postData = http_build_query(['user' => $user, 'password' => $password]);
curl_setopt($this->session, CURLOPT_URL, $ipaurl);
curl_setopt($this->session, CURLOPT_HTTPHEADER, $headers);
curl_setopt($this->session, CURLOPT_POST, true);
curl_setopt($this->session, CURLOPT_POSTFIELDS, $postData);
curl_setopt($this->session, CURLOPT_RETURNTRANSFER, true);
curl_setopt($this->session, CURLOPT_SSL_VERIFYPEER, $this->sslverify);
$response = curl_exec($this->session);
$httpCode = curl_getinfo($this->session, CURLINFO_HTTP_CODE);
if ($httpCode !== 200) {
error_log("Failed to log $user in to {$this->server}");
return null;
} else {
$this->login_user = $user;
return $response;
}
}
private function makeRequest($method, $item, $params) {
$ipaurl = "https://{$this->server}/ipa";
$sessionUrl = "{$ipaurl}/session/json";
$headers = [
"referer: $ipaurl",
"Content-Type: application/json",
"Accept: application/json"
];
$data = json_encode(['id' => 0, 'method' => $method, 'params' => [$item, $params]]);
curl_setopt($this->session, CURLOPT_URL, $sessionUrl);
curl_setopt($this->session, CURLOPT_HTTPHEADER, $headers);
curl_setopt($this->session, CURLOPT_POST, true);
curl_setopt($this->session, CURLOPT_POSTFIELDS, $data);
curl_setopt($this->session, CURLOPT_RETURNTRANSFER, true);
curl_setopt($this->session, CURLOPT_SSL_VERIFYPEER, $this->sslverify);
$response = curl_exec($this->session);
return json_decode($response, true);
}
public function configShow() {
return $this->makeRequest('config_show', [null], ['all' => true]);
}
public function groupAdd($group, $gidnumber = null, $description = null) {
$params = ['all' => true, 'description' => $description];
if ($gidnumber !== null) {
$params['gidnumber'] = $gidnumber;
}
return $this->makeRequest('group_add', [$group], $params);
}
public function groupAddMember($group, $item, $membertype) {
if (!in_array($membertype, ['user', 'group'])) {
throw new InvalidArgumentException("Invalid member type: $membertype");
}
return $this->makeRequest('group_add_member', [$group], [$membertype => $item, 'all' => true, 'raw' => true]);
}
public function groupRemoveMember($group, $items, $membertype) {
if (is_string($items)) {
$items = [$items];
}
return $this->makeRequest('group_remove_member', [$group], [
$membertype => $items,
'all' => false,
'no_members' => false,
'raw' => false,
'version' => '2.164'
]);
}
public function groupFind($group = null, $sizelimit = 40000) {
return $this->makeRequest('group_find', [$group], ['all' => true, 'sizelimit' => $sizelimit]);
}
public function groupShow($group) {
return $this->makeRequest('group_show', [$group], ['all' => true, 'raw' => false]);
}
public function groupMod($group, $addattrs = [], $setattrs = [], $delattrs = []) {
$params = ['all' => false, 'no_members' => false, 'raw' => false, 'rights' => false, 'version' => '2.164'];
if (!empty($addattrs)) $params['addattr'] = $addattrs;
if (!empty($setattrs)) $params['setattr'] = $setattrs;
if (!empty($delattrs)) $params['delattr'] = $delattrs;
return $this->makeRequest('group_mod', [$group], $params);
}
public function hostAdd($hostname, $opasswd, $force = true) {
return $this->makeRequest('host_add', [$hostname], ['all' => true, 'force' => $force, 'userpassword' => $opasswd]);
}
public function hostDel($hostname) {
return $this->makeRequest('host_del', [$hostname], ['all' => true]);
}
public function hostFind($hostname = null, $in_hg = null, $sizelimit = 40000) {
return $this->makeRequest('host_find', [$hostname], ['all' => true, 'in_hostgroup' => $in_hg, 'sizelimit' => $sizelimit]);
}
public function hostMod($hostname, $description = null, $locality = null, $location = null, $platform = null, $osver = null) {
return $this->makeRequest('host_mod', [$hostname], [
'all' => true,
'description' => $description,
'locality' => $locality,
'nshostlocation' => $location,
'nshardwareplatform' => $platform,
'nsosversion' => $osver
]);
}
public function hostShow($hostname) {
return $this->makeRequest('host_show', [$hostname], ['all' => true]);
}
public function hostgroupAdd($hostgroup, $description = null) {
return $this->makeRequest('hostgroup_add', [$hostgroup], ['all' => true, 'description' => $description]);
}
public function hostgroupAddMember($hostgroup, $hostname) {
if (!is_array($hostname)) $hostname = [$hostname];
return $this->makeRequest('hostgroup_add_member', [$hostgroup], ['host' => $hostname, 'all' => true]);
}
public function hostgroupShow($hostgroup) {
return $this->makeRequest('hostgroup_show', [$hostgroup], ['all' => true]);
}
public function passwd($principal, $passwd) {
$item = [$principal, $passwd];
if (explode('@', $principal)[0] !== $this->login_user) {
$item[] = 'CHANGING_PASSWORD_FOR_ANOTHER_USER';
}
return $this->makeRequest('passwd', $item, ['version' => '2.112']);
}
public function userAdd($user, $opts) {
$opts['all'] = true;
return $this->makeRequest('user_add', [$user], $opts);
}
public function userFind($user = null, $attrs = [], $sizelimit = 40000) {
$params = array_merge(['all' => true, 'no_members' => false, 'sizelimit' => $sizelimit, 'whoami' => false], $attrs);
return $this->makeRequest('user_find', [$user], $params);
}
public function userShow($user) {
return $this->makeRequest('user_show', [$user], ['all' => true, 'raw' => false]);
}
public function userStatus($user) {
return $this->makeRequest('user_status', [$user], ['all' => true, 'raw' => false]);
}
public function userUnlock($user) {
return $this->makeRequest('user_unlock', [$user], ['version' => '2.112']);
}
public function userDisable($user) {
return $this->makeRequest('user_disable', [$user], ['version' => '2.112']);
}
public function userMod($user, $addattrs = [], $setattrs = [], $delattrs = []) {
$params = ['all' => false, 'no_members' => false, 'raw' => false, 'rights' => false, 'version' => '2.164'];
if (!empty($addattrs)) $params['addattr'] = $addattrs;
if (!empty($setattrs)) $params['setattr'] = $setattrs;
if (!empty($delattrs)) $params['delattr'] = $delattrs;
return $this->makeRequest('user_mod', [$user],$params);
}
public function userDel($user, $preserve = true) {
return $this->makeRequest('user_del', [$user], ['preserve' => $preserve, 'version' => '2.164']);
}
public function stageuserFind($user = null, $attrs = [], $sizelimit = 40000) {
$params = array_merge(['all' => true, 'no_members' => false, 'sizelimit' => $sizelimit], $attrs);
return $this->makeRequest('stageuser_find', [$user], $params);
}
public function stageuserAdd($user, $opts, $addattrs = null, $setattrs = null) {
$opts['all'] = false;
if ($addattrs !== null) $opts['addattr'] = $addattrs;
if ($setattrs !== null) $opts['setattr'] = $setattrs;
return $this->makeRequest('stageuser_add', [$user], $opts);
}
public function stageuserDel($user) {
return $this->makeRequest('stageuser_del', [$user], ['version' => '2.164']);
}
public function stageuserMod($user, $addattrs = [], $setattrs = [], $delattrs = []) {
$params = ['all' => false, 'no_members' => false, 'raw' => false, 'rights' => false, 'version' => '2.164'];
if (!empty($addattrs)) $params['addattr'] = $addattrs;
if (!empty($setattrs)) $params['setattr'] = $setattrs;
if (!empty($delattrs)) $params['delattr'] = $delattrs;
return $this->makeRequest('stageuser_mod', [$user], $params);
}
public function stageuserActivate($user) {
return $this->makeRequest('stageuser_activate', [$user], ['version' => '2.164']);
}
public function selfserviceAdd($aciname, $attrs, $permissions = null) {
$params = ['attrs' => $attrs, 'all' => true, 'raw' => false, 'version' => '2.164'];
if ($permissions !== null) $params['permissions'] = $permissions;
return $this->makeRequest('selfservice_add', [$aciname], $params);
}
public function automemberAdd($name, $description = '', $type = 'group') {
$params = ['type' => $type, 'all' => true, 'raw' => false, 'version' => '2.164'];
if (!empty($description)) $params['description'] = $description;
return $this->makeRequest('automember_add', [$name], $params);
}
public function automemberAddCondition($name, $key, $type, $inclusive_regex = '', $exclusive_regex = '') {
$params = ['key' => $key, 'type' => $type, 'all' => true, 'raw' => false, 'version' => '2.164'];
if (!empty($inclusive_regex)) $params['automemberinclusiveregex'] = $inclusive_regex;
if (!empty($exclusive_regex)) $params['automemberexclusiveregex'] = $exclusive_regex;
return $this->makeRequest('automember_add_condition', [$name], $params);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment