Vhd:ddlmZmZmZeZdZdZdZddl Z ddl Z ddl m Z m Z ddl mZddlmZ ddlZd ZdZ ddlZeseZd ZdZGd d eZd Zedk(reyy#e$rd Ze j*ZYCwxYw#e$rd Ze j*ZYTwxYw))absolute_importdivisionprint_functionaL module: homectl author: - "James Livulpi (@jameslivulpi)" short_description: Manage user accounts with systemd-homed version_added: 4.4.0 description: - Manages a user's home directory managed by systemd-homed. notes: - This module requires the deprecated L(crypt Python module, https://docs.python.org/3.12/library/crypt.html) library which was removed from Python 3.13. For Python 3.13 or newer, you need to install L(legacycrypt, https://pypi.org/project/legacycrypt/). requirements: - legacycrypt (on Python 3.13 or newer) extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: full diff_mode: support: none options: name: description: - The user name to create, remove, or update. required: true aliases: ['user', 'username'] type: str password: description: - Set the user's password to this. - Homed requires this value to be in cleartext on user creation and updating a user. - The module takes the password and generates a password hash in SHA-512 with 10000 rounds of salt generation using crypt. - See U(https://systemd.io/USER_RECORD/). - This is required for O(state=present). When an existing user is updated this is checked against the stored hash in homed. type: str state: description: - The operation to take on the user. choices: ['absent', 'present'] default: present type: str storage: description: - Indicates the storage mechanism for the user's home directory. - If the storage type is not specified, C(homed.conf(5\)) defines which default storage to use. - Only used when a user is first created. choices: ['classic', 'luks', 'directory', 'subvolume', 'fscrypt', 'cifs'] type: str disksize: description: - The intended home directory disk space. - Human readable value such as V(10G), V(10M), or V(10B). type: str resize: description: - When used with O(disksize) this will attempt to resize the home directory immediately. default: false type: bool realname: description: - The user's real ('human') name. - This can also be used to add a comment to maintain compatibility with C(useradd). aliases: ['comment'] type: str realm: description: - The 'realm' a user is defined in. type: str email: description: - The email address of the user. type: str location: description: - A free-form location string describing the location of the user. type: str iconname: description: - The name of an icon picked by the user, for example for the purpose of an avatar. - Should follow the semantics defined in the Icon Naming Specification. - See U(https://specifications.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html) for specifics. type: str homedir: description: - Path to use as home directory for the user. - This is the directory the user's home directory is mounted to while the user is logged in. - This is not where the user's data is actually stored, see O(imagepath) for that. - Only used when a user is first created. type: path imagepath: description: - Path to place the user's home directory. - See U(https://www.freedesktop.org/software/systemd/man/homectl.html#--image-path=PATH) for more information. - Only used when a user is first created. type: path uid: description: - Sets the UID of the user. - If using O(gid) homed requires the value to be the same. - Only used when a user is first created. type: int gid: description: - Sets the gid of the user. - If using O(uid) homed requires the value to be the same. - Only used when a user is first created. type: int mountopts: description: - String separated by comma each indicating mount options for a users home directory. - Valid options are V(nosuid), V(nodev) or V(noexec). - Homed by default uses V(nodev) and V(nosuid) while V(noexec) is off. type: str umask: description: - Sets the umask for the user's login sessions. - Value from V(0000) to V(0777). type: int memberof: description: - String separated by comma each indicating a UNIX group this user shall be a member of. - Groups the user should be a member of should be supplied as comma separated list. aliases: ['groups'] type: str skeleton: description: - The absolute path to the skeleton directory to populate a new home directory from. - This is only used when a home directory is first created. - If not specified homed by default uses V(/etc/skel). aliases: ['skel'] type: path shell: description: - Shell binary to use for terminal logins of given user. - If not specified homed by default uses V(/bin/bash). type: str environment: description: - String separated by comma each containing an environment variable and its value to set for the user's login session, in a format compatible with C(putenv(\)). - Any environment variable listed here is automatically set by pam_systemd for all login sessions of the user. aliases: ['setenv'] type: str timezone: description: - Preferred timezone to use for the user. - Should be a tzdata compatible location string such as V(America/New_York). type: str locked: description: - Whether the user account should be locked or not. type: bool language: description: - The preferred language/locale for the user. - This should be in a format compatible with the E(LANG) environment variable. type: str passwordhint: description: - Password hint for the given user. type: str sshkeys: description: - String separated by comma each listing a SSH public key that is authorized to access the account. - The keys should follow the same format as the lines in a traditional C(~/.ssh/authorized_key) file. type: str notbefore: description: - A time since the UNIX epoch before which the record should be considered invalid for the purpose of logging in. type: int notafter: description: - A time since the UNIX epoch after which the record should be considered invalid for the purpose of logging in. type: int a - name: Add the user 'james' community.general.homectl: name: johnd password: myreallysecurepassword1! state: present - name: Add the user 'alice' with a zsh shell, uid of 1000, and gid of 2000 community.general.homectl: name: alice password: myreallysecurepassword1! state: present shell: /bin/zsh uid: 1000 gid: 1000 - name: Modify an existing user 'frank' to have 10G of diskspace and resize usage now community.general.homectl: name: frank password: myreallysecurepassword1! state: present disksize: 10G resize: true - name: Remove an existing user 'janet' community.general.homectl: name: janet state: absent a data: description: Dictionary returned from C(homectl inspect -j). returned: success type: dict sample: { "data": { "binding": { "e9ed2a5b0033427286b228e97c1e8343": { "fileSystemType": "btrfs", "fileSystemUuid": "7bd59491-2812-4642-a492-220c3f0c6c0b", "gid": 60268, "imagePath": "/home/james.home", "luksCipher": "aes", "luksCipherMode": "xts-plain64", "luksUuid": "7f05825a-2c38-47b4-90e1-f21540a35a81", "luksVolumeKeySize": 32, "partitionUuid": "5a906126-d3c8-4234-b230-8f6e9b427b2f", "storage": "luks", "uid": 60268 } }, "diskSize": 3221225472, "disposition": "regular", "lastChangeUSec": 1641941238208691, "lastPasswordChangeUSec": 1641941238208691, "privileged": { "hashedPassword": [ "$6$ov9AKni.trf76inT$tTtfSyHgbPTdUsG0CvSSQZXGqFGdHKQ9Pb6e0BTZhDmlgrL/vA5BxrXduBi8u/PCBiYUffGLIkGhApjKMK3bV." ] }, "signature": [ { "data": "o6zVFbymcmk4YTVaY6KPQK23YCp+VkXdGEeniZeV1pzIbFzoaZBvVLPkNKMoPAQbodY5BYfBtuy41prNL78qAg==", "key": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAbs7ELeiEYBxkUQhxZ+5NGyu6J7gTtZtZ5vmIw3jowcY=\n-----END PUBLIC KEY-----\n" } ], "status": { "e9ed2a5b0033427286b228e97c1e8343": { "diskCeiling": 21845405696, "diskFloor": 268435456, "diskSize": 3221225472, "service": "io.systemd.Home", "signedLocally": true, "state": "inactive" } }, "userName": "james" } } N) AnsibleModulemissing_required_lib)jsonify)human_to_bytesTFcNeZdZdZdZdZdZdZdZdZ dZ d Z d Z d d Z y )Homectlz#TODO DOC STRINGSc||_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_ |jd |_ |jd |_ |jd |_ |jd |_ |jd |_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_i|_y)Nstatenamepasswordstoragedisksizeresizerealnamerealmemaillocationiconnamehomedir imagepathuidgidumaskmemberofskeletonshell environmenttimezonelocked passwordhintsshkeyslanguage notbeforenotafter mountopts)moduleparamsr rrrrrrrrrrrrrrrrrrr r!r"r#r$r%r&r'r(result)selfr)s m/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/homectl.py__init__zHomectl.__init__.s ]]7+ MM&)  j1 }}Y/  j1 mmH-  j1 ]]7+ ]]7+  j1  j1 }}Y/ {3=='==']]7+  j1  j1 ]]7+ !==7 j1 mmH- "MM.9}}Y/  j1 {3 j1 {3 cd}gd}|jj|\}}}|dk(r)|jdd}|jdk7rd}|S)NT) systemctlshowzsystemd-homed.servicez-p ActiveStater=activeF)r) run_commandrsplitstrip)r, is_activecmdrcshow_service_stdoutstderrr s r-homed_service_activezHomectl.homed_service_activePs] Q*.++*A*A#*F'  7'..s3A6E{{}(! r/cd}d}|j\}}}|dk(rBd}|jdk7r1tj|ddd}|j |rd}||fS)NFrTabsent privilegedhashedPassword)get_user_metadatar jsonloads_check_password)r,existsvalid_pwr<stdoutr> stored_pwhashs r- user_existszHomectl.user_existsZsv!335FF 7FzzX% $ 6 2< @AQ RST U '' 6#Hxr/c|jd}|jjddg}|jd|jd|jj ||S)NT)createhomectlrN --identity=-data)create_json_recordr) get_bin_pathappendr7r,recordr;s r- create_userzHomectl.create_userhs`(((5{{'' 489 8 >"{{&&s&88r/ctj}tj|d}tj||}|S)Ni')rounds)crypt METHOD_SHA512mksalt)r,rmethodsaltpw_hashs r-_hash_passwordzHomectl._hash_passwordos2$$||F51++h-r/cLtj|j|}||k(S)N)r[r)r,pwhashhashs r-rGzHomectl._check_passwordus {{4==&1~r/c|jjddg}|jd|j|j|jj |S)NrOTremover)rTrUrr7)r,r;s r- remove_userzHomectl.remove_userysL{{'' 489 8 499{{&&s++r/cp|j}|jjddg}|jd|j|j|jd|j r=|j r1|jd|jdd|jd<||fS)NrOTupdaterPz --and-resizetruechanged)rSr)rTrUrrrr+rVs r-prepare_modify_user_commandz#Homectl.prepare_modify_user_commands((*{{'' 489 8 499 >" ==T[[ JJ~ & JJv %)DKK "F{r/c |jjddg}|jd|j|j|jd|jd|jj |\}}}|||fS)NrOTinspectz-jz --no-pagerrg)r,r;r<rJr>s r-rDzHomectl.get_user_metadatasw{{'' 489 9 499 4 < ![[44S9FF66!!r/ci}i}d|jd<|ss|j\}}}tj|}|j dd|j dd|j dd|j dd|}|j |d<d|j gi|d <|r2|j|j }d |gi|d <d |jd<|jr;|jr/|r-|j|d <|j|d<d |jd<|jrNt|jjd}||jddgk7r||d<d |jd<|jr<|j|jdk7r|j|d<d |jd<|jr |r|j|d<d |jd<|j r |r|j |d<d |jd<|j"r |r|j"|d<d |jd<|j$rE|j$|jdk7r't'|j$|d<d |jd<|j(r<|j(|jdk7r|j(|d<d |jd<|j*r<|j*|jdk7r|j*|d<d |jd<|j,r<|j,|jdk7r|j,|d<d |jd<|j.r<|j.|jdk7r|j.|d<d |jd<|j0r<|j0|jdk7r|j0|d<d |jd<|j2r<|j2|jdk7r|j2|d<d |jd<|j4r<|j4|jdk7r|j4|d<d |jd<|j6rV|j6|jddgk7r6t|j6jd|d<d |jd<|j8r<|j8|jdk7r|j8|d<d |jd<|j:r<|j:|jdk7r|j:|d<d |jd<|j<rO|j<|jd ijd k7r!|j<|d d <d |jd<|j>rg|j>|jd ijd!k7r9t|j>jd|d d!<d |jd<|j@r<|j:|jd"k7r|j@|d"<d |jd<|jBr<|j:|jd#k7r|jB|d#<d |jd<|jDr<|j:|jd$k7r|jD|d$<d |jd<|jFr't|jFjd}d%|vr(|jd&d ur password_hash member_listoptss r-rSzHomectl.create_json_records< !& I(,(>(>(@ %B v JJ}5M   k4 0   i .   h -   . 5"F!YYz&8x  // >M$4}o#FF< %)DKK " 88V HHF5M HHF5M%)DKK " ==t}}22378KfjjdV<<%0z")- I& ==}} : 66%)]]z")- I& <>f"&..F; %)DKK " ==}} : 66%3DMM%Bz")- I& ::zzVZZ00"&**w)- I& ::zzVZZ77)-~&)- I& ==}} : 66%)]]z")- I& ==}} : 66%)]]z")- I& ==}} +> ??.2mm*+)- I& ::zzVZZ00"&**w)- I& ::zzVZZ00"&**w)- I&   6::mdV#DD(,T-=-=-C-CC-H(I}%)- I& ==}} : 66%)]]z")- I& ;;{{fjj22#';;x )- I&     FJJ|R$@$D$D^$TT7;7H7H|$^4)- I& <<||vzz,;??@STT<@ASASTWAX>{{fjj99*...')- I& =={{fjj88)-~&)- I& >>,,S12D4::m,D8,0F=)-1DKK *::m,E9,1F=)-1DKK *$::./t;/3F+,-1DKK *::./u<nd|jd;<d?|jd><|jdk(r|j\}}|s|jr|jd8|j!\}}}|d9k7r|j |j||:|j#\}}}t%j&||jd@<||jd<<dA|jz|jd><n2|r|j)\}} n:d|jd;<dB|jd><|jdFi|j|jr|jdFi|j|jd;r;|j+ C\}}}|d9k7r|j |j||dD|j#\}}}t%j&||jd@<||jd<<|jd;rdE|jz|jd><|jdFi|jy)GNr strpresentrA)typedefaultchoicesrTuserusername)rrequiredaliasesr)rno_logr)classicluks directory subvolumefscryptcifs)rrr)rrboolF)rrrcomment)rrrrrrrpathrrintrrr setenvr!rgroupsrskelrr"r#r$r%r&r'r() argument_specsupports_check_mode required_ifzHcrypt (part of standard library up to Python 3.12) or legacycrypt (PyPI))msg exceptionz#systemd-homed.service is not active)r)rlr)rrr<rlr<zUser %s removed!rzUser does not exist!rRzUser %s created!z&User exists but password is incorrect!rQ)rrr<rlzUser %s modifiedr)rdict HAS_CRYPTHAS_LEGACYCRYPT fail_jsonrCRYPT_IMPORT_ERRORr r r+r?rL check_mode exit_jsonrhrrXrDrErFrmr7) r)rOrL valid_pwhashr<rJr>rr;rWs r-mainrDs  E9x>ST 54&*9MN uT2 e-mn  u%  VU3  uyk: E" E" u% u% f% ' %  %  E"! "%(<# $u%% &uxj9' (vx8) *E"+ ,V$- .56/ 0eD11 2u%3 4&5 6u%7 8&9 <!i* . tj\ * C%FN _$%op(  foG%mmGNN7  ' ' )BC}} $+$7$7$9! \      .!(!4!4!6 BQw  gll2 F(,GNN9 %#%GNN4 $6$EGNN5 !(-GNN9 %$:GNN5 !}} !$+$7$7$9! \     .!(!4!4!6 BQw  gll2 F(/(A(A(C %B v%)ZZ %>GNN6 "#%GNN4 $6$EGNN5 !%AAC V-2y)(Pu%   27>>2     27>>2~~i(%+%7%7&%7%I"FF7$$',,FrSX$Y(/(A(A(C %B v%)ZZ %>GNN6 "#%GNN4 ~~i((:W\\(Iu%F&w~~&r/__main__) __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNrE tracebackansible.module_utils.basicrrr+ansible.module_utils.common.text.formattersr r[rr ImportError format_exc legacycryptrLEGACYCRYPT_IMPORT_ERRORobjectr rrrr/r-rsA@ p d <3 j J.F I $  O#VfVrj'Z zFs 0I---/06O3y3356s"A!A?!A<;A<?BB