infamousjoeg/main.py

## main.py
import requests
from requests_negotiate import HTTPNegotiateAuth
import urllib3
import urllib.parse
import os
import re
import subprocess

urllib3.disable_warnings()

cyberark_app_id = "EPM LCD Onboarding"
cyberark_safe = "EPM API User"
cyberark_object = "epmlcd.pass"

# klist logic to determine principal name
principal_name = ""
principal_name_re = r".*(\b.+\$)@.+"
klist_args = ['/usr/bin/klist', '-kt', '/etc/krb5.keytab']
print("\nDetermining principal name from keytab...", end='')
klist_out = ""

try:
    klist_out = subprocess.run(klist_args, check=True, stdout=subprocess.PIPE).stdout.decode('utf-8')
except subprocess.CalledProcessError:
    print("Error running subprocess for klist, aborting")
    quit()

match = re.search(principal_name_re, klist_out)

if match:
    if match.group(1):
        principal_name = match.group(1)
        print("SUCCESS!")
        print(f"Principal Name Found: {principal_name}\n")
else:
    print("FAILED")
    print("Principal name not found, aborting")
    quit()

# kinit logic to setup the credential cache
print("Creating credential cache...", end='')
krb5ccname = f"/tmp/krb5cc_{os.getpid()}"
kinit_args = ['/usr/bin/kinit', '-kt', '/etc/krb5.keytab', '-c', krb5ccname, principal_name]
kdest_args = ['/usr/bin/kdestroy', '-c', krb5ccname]

try:
    subprocess.run(kinit_args, check=True)
    print("SUCCESS!")
except subprocess.CalledProcessError:
    print("FAILED")
    print("Error running subprocess for kinit, aborting")
    quit()

# Setting KRB5CCNAME so that HTTPNegotiateAuth() leverages the host cred cache
if os.path.exists(krb5ccname):
    os.environ["KRB5CCNAME"] = krb5ccname

uri = 'https://pam.cybr.com/AIMWebService/api/Accounts' \
      f'?AppId={urllib.parse.quote_plus(cyberark_app_id)}' \
      f'&Safe={urllib.parse.quote_plus(cyberark_safe)}' \
      f'&Object={urllib.parse.quote_plus(cyberark_object)}' \
      f'&Reason={urllib.parse.quote_plus("Hello from Python on Linux!")}'

# Calling CCP
print(f"\nLooking up user details from CCP as AppId [{cyberark_app_id}]...", end='')
result = ""
try:
    result = requests.get(uri, auth=HTTPNegotiateAuth(), verify=False)
    if result.ok:
        print("SUCCESS :)\n\n--DETAILS---\n")
        info = result.json()
        print(f'Username: {info.get("UserName")}')
        print(f'Address: {info.get("Address")}')
        print(f'Platform: {info.get("PolicyID")}')
        print(f'Password: {info.get("Content")}')
    else:
        print("FAILED :(\n")
        print(result.text)
except requests.exceptions.RequestException as e:
    print("FAILED")
    print("An unexpected error occurred on the request to CCP")
finally:
    if os.path.exists(krb5ccname):
        print("\nAttempting to remove credential cache...", end='')
        try:
            subprocess.run(kdest_args, check=True)
            print("SUCCESS!\n")
        except subprocess.CalledProcessError:
            print("FAILED")
            print("Error removing credential cache, consider removing manually\n")
	import requests
	from requests_negotiate import HTTPNegotiateAuth
	import urllib3
	import urllib.parse
	import os
	import re
	import subprocess

	urllib3.disable_warnings()

	cyberark_app_id = "EPM LCD Onboarding"
	cyberark_safe = "EPM API User"
	cyberark_object = "epmlcd.pass"

	# klist logic to determine principal name
	principal_name = ""
	principal_name_re = r".*(\b.+\$)@.+"
	klist_args = ['/usr/bin/klist', '-kt', '/etc/krb5.keytab']
	print("\nDetermining principal name from keytab...", end='')
	klist_out = ""

	try:
	klist_out = subprocess.run(klist_args, check=True, stdout=subprocess.PIPE).stdout.decode('utf-8')
	except subprocess.CalledProcessError:
	print("Error running subprocess for klist, aborting")
	quit()

	match = re.search(principal_name_re, klist_out)

	if match:
	if match.group(1):
	principal_name = match.group(1)
	print("SUCCESS!")
	print(f"Principal Name Found: {principal_name}\n")
	else:
	print("FAILED")
	print("Principal name not found, aborting")
	quit()

	# kinit logic to setup the credential cache
	print("Creating credential cache...", end='')
	krb5ccname = f"/tmp/krb5cc_{os.getpid()}"
	kinit_args = ['/usr/bin/kinit', '-kt', '/etc/krb5.keytab', '-c', krb5ccname, principal_name]
	kdest_args = ['/usr/bin/kdestroy', '-c', krb5ccname]

	try:
	subprocess.run(kinit_args, check=True)
	print("SUCCESS!")
	except subprocess.CalledProcessError:
	print("FAILED")
	print("Error running subprocess for kinit, aborting")
	quit()

	# Setting KRB5CCNAME so that HTTPNegotiateAuth() leverages the host cred cache
	if os.path.exists(krb5ccname):
	os.environ["KRB5CCNAME"] = krb5ccname

	uri = 'https://pam.cybr.com/AIMWebService/api/Accounts' \
	f'?AppId={urllib.parse.quote_plus(cyberark_app_id)}' \
	f'&Safe={urllib.parse.quote_plus(cyberark_safe)}' \
	f'&Object={urllib.parse.quote_plus(cyberark_object)}' \
	f'&Reason={urllib.parse.quote_plus("Hello from Python on Linux!")}'

	# Calling CCP
	print(f"\nLooking up user details from CCP as AppId [{cyberark_app_id}]...", end='')
	result = ""
	try:
	result = requests.get(uri, auth=HTTPNegotiateAuth(), verify=False)
	if result.ok:
	print("SUCCESS :)\n\n--DETAILS---\n")
	info = result.json()
	print(f'Username: {info.get("UserName")}')
	print(f'Address: {info.get("Address")}')
	print(f'Platform: {info.get("PolicyID")}')
	print(f'Password: {info.get("Content")}')
	else:
	print("FAILED :(\n")
	print(result.text)
	except requests.exceptions.RequestException as e:
	print("FAILED")
	print("An unexpected error occurred on the request to CCP")
	finally:
	if os.path.exists(krb5ccname):
	print("\nAttempting to remove credential cache...", end='')
	try:
	subprocess.run(kdest_args, check=True)
	print("SUCCESS!\n")
	except subprocess.CalledProcessError:
	print("FAILED")
	print("Error removing credential cache, consider removing manually\n")