Vh:nddlmZdZdZddlmZddlmZddl m Z ee dZ Gdd eZ y ) ) annotationsa name: machinectl short_description: Systemd's machinectl privilege escalation description: - This become plugins allows your remote/login user to execute commands as another user using the C(machinectl) utility. author: Ansible Core Team options: become_user: description: User you 'become' to execute the task. type: string default: '' ini: - section: privilege_escalation key: become_user - section: machinectl_become_plugin key: user vars: - name: ansible_become_user - name: ansible_machinectl_user env: - name: ANSIBLE_BECOME_USER - name: ANSIBLE_MACHINECTL_USER become_exe: description: C(machinectl) executable. type: string default: machinectl ini: - section: privilege_escalation key: become_exe - section: machinectl_become_plugin key: executable vars: - name: ansible_become_exe - name: ansible_machinectl_exe env: - name: ANSIBLE_BECOME_EXE - name: ANSIBLE_MACHINECTL_EXE become_flags: description: Options to pass to C(machinectl). type: string default: '' ini: - section: privilege_escalation key: become_flags - section: machinectl_become_plugin key: flags vars: - name: ansible_become_flags - name: ansible_machinectl_flags env: - name: ANSIBLE_BECOME_FLAGS - name: ANSIBLE_MACHINECTL_FLAGS become_pass: description: Password for C(machinectl). type: string required: false vars: - name: ansible_become_password - name: ansible_become_pass - name: ansible_machinectl_pass env: - name: ANSIBLE_BECOME_PASS - name: ANSIBLE_MACHINECTL_PASS ini: - section: machinectl_become_plugin key: password notes: - When not using this plugin with user V(root), it only works correctly with a polkit rule which will alter the behaviour of machinectl. This rule must alter the prompt behaviour to ask directly for the user credentials, if the user is allowed to perform the action (take a look at the examples section). If such a rule is not present the plugin only work if it is used in context with the root user, because then no further prompt will be shown by machinectl. ai # A polkit rule needed to use the module with a non-root user. # See the Notes section for details. /etc/polkit-1/rules.d/60-machinectl-fast-user-auth.rules: |- polkit.addRule(function(action, subject) { if(action.id == "org.freedesktop.machine1.host-shell" && subject.isInGroup("wheel")) { return polkit.Result.AUTH_SELF_KEEP; } }); )compile) BecomeBase)to_bytesz\x1B\[[0-9;]+mc`eZdZdZdZdZdZdZedZ fdZ fdZ fd Z fd Z xZS) BecomeModulezcommunity.general.machinectlz Password: )z==== AUTHENTICATION FAILED ====)z!==== AUTHENTICATION COMPLETE ====Tc.tjd|S)N)ansi_color_codessub)lines o/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/become/machinectl.pyremove_ansi_codeszBecomeModule.remove_ansi_codesns##C..r c tt| |||s|S|jd}|jd}|jd}|d|d|d|j ||S)N become_exe become_flags become_userz -q shell  z@ )superrbuild_become_command get_option_build_success_command)selfcmdshellbecomeflagsuser __class__s rrz!BecomeModule.build_become_commandrss lD6sEBJ./}-E7!D6D4O4OPSUZ4[3\]]r cD|j|}t| |SN)rr check_successrb_outputrs rr"zBecomeModule.check_success~s#))(3w$X..r cD|j|}t| |Sr!)rrcheck_incorrect_passwordr#s rr&z%BecomeModule.check_incorrect_passwords#))(3w/99r cD|j|}t| |Sr!)rrcheck_missing_passwordr#s rr(z#BecomeModule.check_missing_passwords#))(3w-h77r )__name__ __module__ __qualname__namepromptfailsuccess require_tty staticmethodrrr"r&r( __classcell__)rs@rrresH )D F /D4GK// ^/:88r rN) __future__r DOCUMENTATIONEXAMPLESrer re_compileansible.plugins.becomeransible.module_utils._textrr rr rr;sD #G R %-/h'89:#8:#8r