HEX
Server: LiteSpeed
System: Linux kapuas.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: mirz4654 (1666)
PHP: 8.1.33
Disabled: system,exec,escapeshellarg,escapeshellcmd,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,popen,pclose,dl,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setsid,posix_setuid,posix_setpgid,ini_alter,show_source,define_syslog_variables,symlink,syslog,openlog,openlog,closelog,ocinumcols,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dll,ftp,myshellexec,socket_bind,mail,posix_getwpuid
$ pwd: /usr/lib/python3.9/site-packages/ansible/modules/__pycache__/
Upload Files
File: //usr/lib/python3.9/site-packages/ansible/modules/__pycache__/user.cpython-39.pyc
a

�)g���@s@ddlmZmZmZeZdZdZdZddl	Z	ddl
Z	ddlZddlZddl
Z
ddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlmZddlmZmZmZddlmZdd	l m!Z!dd
l"m#Z#ddl$m%m&m'Z(Gdd�de	j)�Z*z>e	j+�,e(�-e.e	j/�0d
���Z1e	j2fe1j3_4e	�5e*�e1j3_6dZ7Wne8�y`dZ7Yn0e�9d�Z:dd�Z3Gdd�de;�Z<Gdd�de<�Z=Gdd�de=�Z>Gdd�de<�Z?Gdd�de<�Z@Gdd�de<�ZAGdd �d e<�ZBGd!d"�d"e<�ZCGd#d$�d$e<�ZDGd%d&�d&e<�ZEGd'd(�d(eE�ZFd)d*�ZGeHd+k�r<eG�dS),�)�absolute_import�division�print_functiona20
module: user
version_added: "0.2"
short_description: Manage user accounts
description:
    - Manage user accounts and user attributes.
    - For Windows targets, use the M(ansible.windows.win_user) module instead.
options:
    name:
        description:
            - Name of the user to create, remove or modify.
        type: str
        required: true
        aliases: [ user ]
    uid:
        description:
            - Optionally sets the I(UID) of the user.
        type: int
    comment:
        description:
            - Optionally sets the description (aka I(GECOS)) of user account.
        type: str
    hidden:
        description:
            - macOS only, optionally hide the user from the login window and system preferences.
            - The default will be C(true) if the I(system) option is used.
        type: bool
        version_added: "2.6"
    non_unique:
        description:
            - Optionally when used with the -u option, this option allows to change the user ID to a non-unique value.
        type: bool
        default: no
        version_added: "1.1"
    seuser:
        description:
            - Optionally sets the seuser type (user_u) on selinux enabled systems.
        type: str
        version_added: "2.1"
    group:
        description:
            - Optionally sets the user's primary group (takes a group name).
        type: str
    groups:
        description:
            - List of groups user will be added to.
            - By default, the user is removed from all other groups. Configure C(append) to modify this.
            - When set to an empty string C(''),
              the user is removed from all groups except the primary group.
            - Before Ansible 2.3, the only input format allowed was a comma separated string.
        type: list
        elements: str
    append:
        description:
            - If C(true), add the user to the groups specified in C(groups).
            - If C(false), user will only be added to the groups specified in C(groups),
              removing them from all other groups.
        type: bool
        default: no
    shell:
        description:
            - Optionally set the user's shell.
            - On macOS, before Ansible 2.5, the default shell for non-system users was C(/usr/bin/false).
              Since Ansible 2.5, the default shell for non-system users on macOS is C(/bin/bash).
            - See notes for details on how other operating systems determine the default shell by
              the underlying tool.
        type: str
    home:
        description:
            - Optionally set the user's home directory.
        type: path
    skeleton:
        description:
            - Optionally set a home skeleton directory.
            - Requires C(create_home) option!
        type: str
        version_added: "2.0"
    password:
        description:
            - If provided, set the user's password to the provided encrypted hash (Linux) or plain text password (macOS).
            - B(Linux/Unix/POSIX:) Enter the hashed password as the value.
            - See L(FAQ entry,https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module)
              for details on various ways to generate the hash of a password.
            - To create an account with a locked/disabled password on Linux systems, set this to C('!') or C('*').
            - To create an account with a locked/disabled password on OpenBSD, set this to C('*************').
            - B(OS X/macOS:) Enter the cleartext password as the value. Be sure to take relevant security precautions.
        type: str
    state:
        description:
            - Whether the account should exist or not, taking action if the state is different from what is stated.
        type: str
        choices: [ absent, present ]
        default: present
    create_home:
        description:
            - Unless set to C(false), a home directory will be made for the user
              when the account is created or if the home directory does not exist.
            - Changed from C(createhome) to C(create_home) in Ansible 2.5.
        type: bool
        default: yes
        aliases: [ createhome ]
    move_home:
        description:
            - "If set to C(true) when used with C(home: ), attempt to move the user's old home
              directory to the specified directory if it isn't there already and the old home exists."
        type: bool
        default: no
    system:
        description:
            - When creating an account C(state=present), setting this to C(true) makes the user a system account.
            - This setting cannot be changed on existing users.
        type: bool
        default: no
    force:
        description:
            - This only affects C(state=absent), it forces removal of the user and associated directories on supported platforms.
            - The behavior is the same as C(userdel --force), check the man page for C(userdel) on your system for details and support.
            - When used with C(generate_ssh_key=yes) this forces an existing key to be overwritten.
        type: bool
        default: no
    remove:
        description:
            - This only affects C(state=absent), it attempts to remove directories associated with the user.
            - The behavior is the same as C(userdel --remove), check the man page for details and support.
        type: bool
        default: no
    login_class:
        description:
            - Optionally sets the user's login class, a feature of most BSD OSs.
        type: str
    generate_ssh_key:
        description:
            - Whether to generate a SSH key for the user in question.
            - This will B(not) overwrite an existing SSH key unless used with C(force=yes).
        type: bool
        default: no
        version_added: "0.9"
    ssh_key_bits:
        description:
            - Optionally specify number of bits in SSH key to create.
            - The default value depends on ssh-keygen.
        type: int
        version_added: "0.9"
    ssh_key_type:
        description:
            - Optionally specify the type of SSH key to generate.
            - Available SSH key types will depend on implementation
              present on target host.
        type: str
        default: rsa
        version_added: "0.9"
    ssh_key_file:
        description:
            - Optionally specify the SSH key filename.
            - If this is a relative filename then it will be relative to the user's home directory.
            - This parameter defaults to I(.ssh/id_rsa).
        type: path
        version_added: "0.9"
    ssh_key_comment:
        description:
            - Optionally define the comment for the SSH key.
        type: str
        default: ansible-generated on $HOSTNAME
        version_added: "0.9"
    ssh_key_passphrase:
        description:
            - Set a passphrase for the SSH key.
            - If no passphrase is provided, the SSH key will default to having no passphrase.
        type: str
        version_added: "0.9"
    update_password:
        description:
            - C(always) will update passwords if they differ.
            - C(on_create) will only set the password for newly created users.
        type: str
        choices: [ always, on_create ]
        default: always
        version_added: "1.3"
    expires:
        description:
            - An expiry time for the user in epoch, it will be ignored on platforms that do not support this.
            - Currently supported on GNU/Linux, FreeBSD, and DragonFlyBSD.
            - Since Ansible 2.6 you can remove the expiry time by specifying a negative value.
              Currently supported on GNU/Linux and FreeBSD.
        type: float
        version_added: "1.9"
    password_lock:
        description:
            - Lock the password (C(usermod -L), C(usermod -U), C(pw lock)).
            - Implementation differs by platform. This option does not always mean the user cannot login using other methods.
            - This option does not disable the user, only lock the password.
            - This must be set to C(False) in order to unlock a currently locked password. The absence of this parameter will not unlock a password.
            - Currently supported on Linux, FreeBSD, DragonFlyBSD, NetBSD, OpenBSD.
        type: bool
        version_added: "2.6"
    local:
        description:
            - Forces the use of "local" command alternatives on platforms that implement it.
            - This is useful in environments that use centralized authentication when you want to manipulate the local users
              (in other words, it uses C(luseradd) instead of C(useradd)).
            - This will check C(/etc/passwd) for an existing account before invoking commands. If the local account database
              exists somewhere other than C(/etc/passwd), this setting will not work properly.
            - This requires that the above commands as well as C(/etc/passwd) must exist on the target host, otherwise it will be a fatal error.
        type: bool
        default: no
        version_added: "2.4"
    profile:
        description:
            - Sets the profile of the user.
            - Does nothing when used with other platforms.
            - Can set multiple profiles using comma separation.
            - To delete all the profiles, use C(profile='').
            - Currently supported on Illumos/Solaris.
        type: str
        version_added: "2.8"
    authorization:
        description:
            - Sets the authorization of the user.
            - Does nothing when used with other platforms.
            - Can set multiple authorizations using comma separation.
            - To delete all authorizations, use C(authorization='').
            - Currently supported on Illumos/Solaris.
        type: str
        version_added: "2.8"
    role:
        description:
            - Sets the role of the user.
            - Does nothing when used with other platforms.
            - Can set multiple roles using comma separation.
            - To delete all roles, use C(role='').
            - Currently supported on Illumos/Solaris.
        type: str
        version_added: "2.8"
    password_expire_max:
        description:
            - Maximum number of days between password change.
            - Supported on Linux only.
        type: int
        version_added: "2.11"
    password_expire_min:
        description:
            - Minimum number of days between password change.
            - Supported on Linux only.
        type: int
        version_added: "2.11"
    umask:
        description:
            - Sets the umask of the user.
            - Does nothing when used with other platforms.
            - Currently supported on Linux.
            - Requires C(local) is omitted or False.
        type: str
        version_added: "2.12"
extends_documentation_fragment: action_common_attributes
attributes:
    check_mode:
        support: full
    diff_mode:
        support: none
    platform:
        platforms: posix
notes:
  - There are specific requirements per platform on user management utilities. However
    they generally come pre-installed with the system and Ansible will require they
    are present at runtime. If they are not, a descriptive error message will be shown.
  - On SunOS platforms, the shadow file is backed up automatically since this module edits it directly.
    On other platforms, the shadow file is backed up by the underlying tools used by this module.
  - On macOS, this module uses C(dscl) to create, modify, and delete accounts. C(dseditgroup) is used to
    modify group membership. Accounts are hidden from the login window by modifying
    C(/Library/Preferences/com.apple.loginwindow.plist).
  - On FreeBSD, this module uses C(pw useradd) and C(chpass) to create, C(pw usermod) and C(chpass) to modify,
    C(pw userdel) remove, C(pw lock) to lock, and C(pw unlock) to unlock accounts.
  - On all other platforms, this module uses C(useradd) to create, C(usermod) to modify, and
    C(userdel) to remove accounts.
seealso:
- module: ansible.posix.authorized_key
- module: ansible.builtin.group
- module: ansible.windows.win_user
author:
- Stephen Fromm (@sfromm)
a�
- name: Add the user 'johnd' with a specific uid and a primary group of 'admin'
  ansible.builtin.user:
    name: johnd
    comment: John Doe
    uid: 1040
    group: admin

- name: Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's groups
  ansible.builtin.user:
    name: james
    shell: /bin/bash
    groups: admins,developers
    append: yes

- name: Remove the user 'johnd'
  ansible.builtin.user:
    name: johnd
    state: absent
    remove: yes

- name: Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa
  ansible.builtin.user:
    name: jsmith
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa

- name: Added a consultant whose account you want to expire
  ansible.builtin.user:
    name: james18
    shell: /bin/zsh
    groups: developers
    expires: 1422403387

- name: Starting at Ansible 2.6, modify user, remove expiry time
  ansible.builtin.user:
    name: james18
    expires: -1

- name: Set maximum expiration date for password
  ansible.builtin.user:
    name: ram19
    password_expire_max: 10

- name: Set minimum expiration date for password
  ansible.builtin.user:
    name: pushkar15
    password_expire_min: 5
a�

append:
  description: Whether or not to append the user to groups.
  returned: When state is C(present) and the user exists
  type: bool
  sample: True
comment:
  description: Comment section from passwd file, usually the user name.
  returned: When user exists
  type: str
  sample: Agent Smith
create_home:
  description: Whether or not to create the home directory.
  returned: When user does not exist and not check mode
  type: bool
  sample: True
force:
  description: Whether or not a user account was forcibly deleted.
  returned: When I(state) is C(absent) and user exists
  type: bool
  sample: False
group:
  description: Primary user group ID
  returned: When user exists
  type: int
  sample: 1001
groups:
  description: List of groups of which the user is a member.
  returned: When I(groups) is not empty and I(state) is C(present)
  type: str
  sample: 'chrony,apache'
home:
  description: "Path to user's home directory."
  returned: When I(state) is C(present)
  type: str
  sample: '/home/asmith'
move_home:
  description: Whether or not to move an existing home directory.
  returned: When I(state) is C(present) and user exists
  type: bool
  sample: False
name:
  description: User account name.
  returned: always
  type: str
  sample: asmith
password:
  description: Masked value of the password.
  returned: When I(state) is C(present) and I(password) is not empty
  type: str
  sample: 'NOT_LOGGING_PASSWORD'
remove:
  description: Whether or not to remove the user account.
  returned: When I(state) is C(absent) and user exists
  type: bool
  sample: True
shell:
  description: User login shell.
  returned: When I(state) is C(present)
  type: str
  sample: '/bin/bash'
ssh_fingerprint:
  description: Fingerprint of generated SSH key.
  returned: When I(generate_ssh_key) is C(True)
  type: str
  sample: '2048 SHA256:aYNHYcyVm87Igh0IMEDMbvW0QDlRQfE0aJugp684ko8 ansible-generated on host (RSA)'
ssh_key_file:
  description: Path to generated SSH private key file.
  returned: When I(generate_ssh_key) is C(True)
  type: str
  sample: /home/asmith/.ssh/id_rsa
ssh_public_key:
  description: Generated SSH public key file.
  returned: When I(generate_ssh_key) is C(True)
  type: str
  sample: >
    'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC95opt4SPEC06tOYsJQJIuN23BbLMGmYo8ysVZQc4h2DZE9ugbjWWGS1/pweUGjVstgzMkBEeBCByaEf/RJKNecKRPeGd2Bw9DCj/bn5Z6rGfNENKBmo
    618mUJBvdlEgea96QGjOwSB7/gmonduC7gsWDMNcOdSE3wJMTim4lddiBx4RgC9yXsJ6Tkz9BHD73MXPpT5ETnse+A3fw3IGVSjaueVnlUyUmOBf7fzmZbhlFVXf2Zi2rFTXqvbdGHKkzpw1U8eB8xFPP7y
    d5u1u0e6Acju/8aZ/l17IDFiLke5IzlqIMRTEbDwLNeO84YQKWTm9fODHzhYe0yvxqLiK07 ansible-generated on host'
stderr:
  description: Standard error from running commands.
  returned: When stderr is returned by a command that is run
  type: str
  sample: Group wheels does not exist
stdout:
  description: Standard output from running commands.
  returned: When standard output is returned by the command that is run
  type: str
  sample:
system:
  description: Whether or not the account is a system account.
  returned: When I(system) is passed to the module and the account does not exist
  type: bool
  sample: True
uid:
  description: User ID of the user account.
  returned: When I(uid) is passed to the module
  type: int
  sample: 1044
password_expire_max:
  description: Maximum number of days during which a password is valid.
  returned: When user exists
  type: int
  sample: 20
password_expire_min:
  description: Minimum number of days between password change
  returned: When user exists
  type: int
  sample: 20
N)�distro)�to_bytes�	to_native�to_text)�
AnsibleModule)�get_best_parsable_locale)�get_platform_subclassc
@sXeZdZdejfdejfdejfdejfdejfdejfdejfdejfd	ejfg	Zd
S)�StructSpwdTypeZsp_namp�sp_pwdpZ	sp_lstchg�sp_min�sp_maxZsp_warnZsp_inact�	sp_expireZsp_flagN)�__name__�
__module__�__qualname__�ctypes�c_char_pZc_longZc_ulongZ_fields_�rr�8/usr/lib/python3.9/site-packages/ansible/modules/user.pyr�s�r�cTFz[^a-zA-Z0-9./=]cCst�|�jS�N)�_LIBC�getspnam�contents)�b_namerrrr�srcseZdZdZdZdZdZdZdZdZ	dZ
�fd	d
�Zdd�Zd
d�Z
dCdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd �ZdDd!d"�ZdEd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Z d7d8�Z!d9d:�Z"d;d<�Z#d=d>�Z$d?d@�Z%dAdB�Z&�Z'S)F�Usera|
    This is a generic User manipulation class that is subclassed
    based on platform.

    A subclass may wish to override the following action methods:-
      - create_user()
      - remove_user()
      - modify_user()
      - ssh_key_gen()
      - ssh_key_fingerprint()
      - user_exists()

    All subclasses MUST define platform and distribution (which may be None).
    �GenericNz/etc/passwd�/etc/shadow�z/etc/login.defsz%Y-%m-%dcstt�}t||��|�Sr)rr�super�__new__)�cls�args�kwargsZnew_cls��	__class__rrr#szUser.__new__c
Cs�||_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_	|jd	|_
|jd
|_|jd|_|jd|_
|jd
|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_|jd|_d|_|jd|_d|_|jd|_|jd|_|jd|_ |jd|_!|jd|_"|jd |_#|jd!|_$|j$du�r�|j�r�|j%d"d#�|jd$du�r�d%�&|jd$�|_|jd&du�rHzt'�(|jd&�|_Wn@t)�yF}z&|j%d'|jt*|�fd#�WYd}~n
d}~00|jd(du�rf|jd(|_+nt,j-�&d)d*|j�|_+|jdu�r�|j�r�|�.d+�dS),N�state�name�uid�hidden�
non_unique�seuser�group�comment�shell�password�force�remove�create_home�	move_home�skeleton�system�login_class�append�generate_ssh_key�ssh_key_bits�ssh_key_type�ssh_key_comment�ssh_key_passphrase�update_password�home�
password_lock�local�profile�
authorization�role�password_expire_max�password_expire_min�umaskz$'umask' can not be used with 'local'��msg�groups�,�expiresz"Invalid value for 'expires' %s: %s�ssh_key_filez.sshzid_%sz�'append' is set, but no 'groups' are specified. Use 'groups' for appending new groups.This will change to an error in Ansible 2.14.)/�module�paramsr)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8r9r:�	sshkeygen�ssh_bits�ssh_type�ssh_comment�ssh_passphraser@rArNrBrLrCrDrErFrGrHrI�	fail_json�join�time�gmtime�	Exceptionr�ssh_file�os�path�warn)�selfrP�errr�__init__sd0z
User.__init__cs"�jjd�r�jdk�rd}�jjdtgd��vr<d}n�t�fdd�dD��rVd}d	�jjdvrld}n��jjd�d	�}t|�d
k�rtt�	|d��r�d}|dd
kr�t|d�dkr�d}|ddkr�t|d�dkr�d}|ddk�rt|d�dk�rd}nd}|�r�j�
d�dS)Nr2�DarwinF)�*�!z
*************c3s|]}|�jjdvVqdS)r2N)rPrQ)�.0�char�r`rr�	<genexpr>e�z0User.check_password_encrypted.<locals>.<genexpr>z:*!T�$������1��5�+�6�VzThe input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.)rPrQ�platform�set�any�split�len�bool�_HASH_RE�searchr_)r`Z
maybe_invalid�fieldsrrhr�check_password_encryptedZs* zUser.check_password_encryptedFTcCsD|jjr |r |j�d|�dSdd�|D�}|jj|||d�SdS)N�#In check mode, would have run: "%s"�r�r�cSsg|]}t|��qSr)�str�rf�xrrr�
<listcomp>�rjz(User.execute_command.<locals>.<listcomp>)�use_unsafe_shell�data)rP�
check_mode�debugZrun_command)r`�cmdr�r��obey_checkmoderrr�execute_command~s
zUser.execute_commandcCs |jjs|jr|j�|j�SdSr)rPr��
SHADOWFILEZbackup_localrhrrr�
backup_shadow�szUser.backup_shadowcCs\|jrd}nd}|j�|d�g}|jr6|js6|�d�|jrF|�d�|�|j�|�|�S)NZluserdel�userdelT�-f�-r)rCrP�get_bin_pathr3r:r4r*r�)r`�command_namer�rrr�remove_user_userdel�s

zUser.remove_user_userdelcCs�|jr(d}|j�dd�}|j�dd�}nd}|j�|d�g}|jdurl|�d�|�|j�|jrl|�d�|jdur�|�d�|�|j�|jdur�|�|j�s�|jj	d	|jd
�|�d�|�|j�n�|�|j
��r�|jr�|�d�n�tj�
d
��r8t��}t|�d�d�}|dk�r,|�d�n
|�d�nHtj�
d��rvt��}t|�d�d�}|dk�r�|�d�n
|�d�|jdu�r�t|j��r�|��}|j�s�|�d�|�d�|��|jdu�r�|�d�|�|j�|jdu�r6|j�r tj�|j�}tj�|��s |�|j�|�d�|�|j�|jdu�rX|�d�|�|j�|jdu�r�|j�s�|�d�|jt�d�k�r�|�d�n|�t� |j!|j��|j"du�r�|�d�|j#�r�|�d|j"�n|�|j"�|j�rJ|j�s|�d�|j$du�r"|�d�|�|j$�|j%du�rT|�d�|�d |j%�n
|�d!�|j&�rf|�d"�|�|j
�|�'|�\}	}
}|j�r�|	dk�r�|	|
|fS|jdu�r|jt�d�k�r�d#}ntt(�)|jj*d$��d%}|�'|d&t+|�|j
g�\}	}
}|
|
7}
||7}|	dk�r|	|
|fS|jdu�s:t|j�dk�rD|	|
|fS|D]H}|�'|d!|j
|g�\}	}
}|
|
7}
||7}|	dk�rH|	|
|fS�qH|	|
|fS)'NZluseradd�	lgroupmodT�lchage�useradd�-u�-o�-Z�Group %s does not existrJ�-g�-nz/etc/redhat-release�.r��-Nz/etc/SuSE-release��-GrM�-c�-d�-s�-er��-p�!%s�-m�-k�-K�UMASK=�-Mr�rmrN�Q�-E),rCrPr�r+r:r-r.r/�group_existsrWr*r]r^�existsr�version�intrxrLry�get_groups_setrXr0rAr5�dirname�isdir�create_homedirr1rNrYrZ�strftime�DATE_FORMATr2rBr7rIr8r��math�floorrQr)r`r��
lgroupmod_cmd�
lchage_cmdr�ZdistZ
major_releaserL�parent�rc�out�err�lexpires�_out�_err�	add_grouprrr�create_user_useradd�s�

























zUser.create_user_useraddc
Cs�|jrd}nd}|j�|d�}t�|tj�s0dS|dg}|j|dd�\}}}||}t|��d�}|D]}	|	�	��
d�rfdSqfdS)	N�lusermod�usermodTFz--help�r��
z-a, --append)rCrPr�r]�access�X_OKr�rrx�strip�
startswith)
r`r�Zusermod_pathr�r�Zdata1Zdata2Zhelpout�lines�linerrr�_check_usermod_append"szUser._check_usermod_appendcCs�|jr8d}|j�dd�}t�}t�}|j�dd�}d}nd}|j�|d�g}|��}|��}	|jdur�|dt|j�kr�|�d�|�|j�|j	r�|�d�|j
dur�|�|j
�s�|jjd	|j
d
�|�
|j
�}
|d|
dkr�|�d�|�|
d�|jdu�r(|jd
d�}d
}g}
|jdk�r<|�r�|j�s�d}n^|jd
d�}
t|��|
�}|�r�|j�r�|
D]*}||v�rh|	�r�|�d�d}�q��qhnd}|�r(|j�r�|j�r�t|
��|�}t�}nt|
��|�}t|��|
�}nD|j�r|	�s|�d�|�d�|��n|�d�|�d�|
��|jdu�rZ|d|jk�rZ|�d�|�|j�|jdu�r�|d|jk�r�|�d�|�|j�|j�r�|�d�|jdu�r�|d|jk�r�|�d�|�|j�|jdu�r�t|��d�}|jt�d�k�r,|dk�r�|j�rd}n|�d�|�d�nxt�|d �}|dk�s`|dd�|jdd�k�r�|j�r�tt�|jjd!��d }n |�d�|�t�|j |j��|j!�r�|d�"d"��s�|�d#�n&|j!d
u�r�|d�"d"��r�|�d$�|j#d%k�r`|j$du�r`|d�%d"�|j$�%d"�k�r`d&d'�|D�}|�d(�|j!�rT|�d)|j$�n|�|j$�d*\}}}t&|�dk�r�|�|j'�|�(|�\}}}|j�r�|du�s�|dk�s�|||fS|du�r|�(|d+t)|�|j'g�\}}}||7}||7}|dk�r|||fSt&|�dk�r,t&|�dk�r,|||fS|D]H}|�(|d,|j'|g�\}}}||7}||7}|dk�r0|||fS�q0|D]H}|�(|d|j'|g�\}}}||7}||7}|dk�r~|||fS�q~|||fS)-Nr�r�Tr�r��r�r�r�rJrlr�F)�exclude_primaryr���remove_existing�-a�-ArMr��r�r�r�r��r�rnrrmr�r�rNre�-L�-U�alwayscSsg|]}|dvr|�qS))r�r�r�rfrrrrr��rjz,User.modify_user_usermod.<locals>.<listcomp>r�r��Nr�r�r�r�)*rCrPr�rv�	user_infor�r+r�r:r-r/r�rW�
group_inforL�user_group_membershipr��symmetric_difference�
differencerXr0rAr6r1rN�
user_passwordrYrZr�r�rQr�r�rBr�r@r2�lstripryr*r�r)r`r�r�Z
lgroupmod_addZ
lgroupmod_delr�r�r��infoZ
has_append�ginfo�current_groups�groups_need_modrL�
group_diff�g�current_expires�current_expire_dater�r�r�r�r�r�Z	del_grouprrr�modify_user_usermod=s�













&

4








zUser.modify_user_usermodcCsZzt�t|��WdSttfyTzt�|�WYdStyNYYdS0Yn0dS)NTF)�grp�getgrgidr��
ValueError�KeyError�getgrnam�r`r/rrrr��s
zUser.group_existsc	CsL|�|�sdSztt�t|���WSttfyFtt�|��YS0dS�NF)r��listr�r�r�r�r�r�r�rrrr��s
zUser.group_infocCs�|jdurdS|��}tdd�|j�d�D��}|��D]H}|�|�sX|jjd|d�|r8|r8|�|�d|dkr8|�	|�q8|S)Ncss|]}|r|��VqdSr)r�r�rrrri�rjz&User.get_groups_set.<locals>.<genexpr>rMr�rJr�rl)
rLr�rvrx�copyr�rPrWr�r4)r`r�r�rLr�rrrr��s

zUser.get_groups_setcCsZg}|��}t��D]@}|j|jvr|s8|�|d�q|d|jkr|�|d�q|S)z- Return a list of groups the user belongs to rrl)�get_pwd_infor��getgrallr*�gr_memr:�gr_gid)r`r�rLr�r/rrrr��szUser.user_group_membershipcCs�|jr�tj�|j�s*|jjd�|j�d�d}d�|j�}t	|jd��B}|�
�ddd�}|D]}|�t|��r^d}qzq^Wd�n1s�0Y|s�|j�
dj|j|jd	��|Szt�|j�r�WdSWnty�YdS0dS)
NzK'local: true' specified but unable to find local account file {0} to parse.rJFz{0}:�rbrmTz�'local: true' specified and user '{name}' was not found in {file}. The local user account may already exist if the local account database exists somewhere other than {file}.)�filer*)rCr]r^r��PASSWORDFILErPrW�formatr*�open�	readlinesr�rr_�pwd�getpwnamr�)r`r�Z	name_test�fZreversed_linesr�rrr�user_existss.$��
zUser.user_existscCs|��sdStt�|j��Sr�)rr�rrr*rhrrrr�/szUser.get_pwd_infocCsH|��sdS|��}t|d�dks4t|d�dkrD|��d|d<|S)NFrnr)rr�ryr��r`r�rrrr�4s zUser.user_infocCs�|jdu}|jdu}tr`ztt|j��}Wnty>YdS0||j|jkM}||j|jkM}|sl|sldSd}|j	�
|d�g}|r�|�d|jg�|r�|�d|jg�|�|j�|�
|�S)Nr�ZchageTr�r�)rHrG�	HAVE_SPWDrrr*r�rrrPr��extendr:r�)r`Zmin_needs_changeZmax_needs_change�shadow_infor�r�rrr�set_password_expire<s&

zUser.set_password_expirecCszd}d}trPz(tt|j��}t|j�}|j}||fWStyN||fYS0|��s`||fS|j	rr|�
�\}}||fS)Nr�)rrrr*rr
rr�rr��parse_shadow_file)r`�passwdrNr	rrrr�Vs

zUser.user_passwordcCs�d}d}tj�|j�r�t�|jtj�r�t|jd��L}|D]6}|�d|j�r8|�	d�d}|�	d�|j
pld}q8Wd�n1s�0Y||fS)Nr��r�%s:�:rnrm)r]r^r�r�r��R_OKrr�r*rx�SHADOWFILE_EXPIRE_INDEX)r`rrNrr�rrrris4zUser.parse_shadow_filecCs\|��}tj�|j�r|j}n:tj�|d�sD|jjsDtd|j	��tj�
|d|j�}|S)Nr�z%User %s home directory does not exist)r�r]r^�isabsr\r�rPr�r[r*rX)r`r�rOrrr�get_ssh_key_pathtszUser.get_ssh_key_pathc
Cs|��}d}z|��}d|}Wn2tyR}zddt|�fWYd}~Sd}~00tj�|�}tj�|�s�|jj	rxdSz,t�
|tdd��t�||d|d�Wn:t
y�}z"ddd	|t|�ffWYd}~Sd}~00tj�|��r |j�r|j�d
|�d}n|j�d|�d
Stj�|��rf|j�rR|j�d|�t�|�n|j�d|�dS|j�dd�g}|�d�|�|j�|jdk�r�|�d�|�|j�|�d�|�|j�|�d�|�|�|jdu�r�|jj	�r|j�d|�dSt��\}}	t��\}
}t��\}}
tj��}t|j�|d<�z&tjdd�|D�|	||
tj|d�}d}d}|� �du�rNt!�!|
|gggd�d}d}d}|}|D]�}||
k�r�t�"|
d �}||7}||v�r*t�#|t$|jd!d"�d#�|}n<t�"|d �}||7}||v�r*t�#|t$|jd!d"�d#�|}d$|v�s>d$|v�r�Wd%S�q��ql|j%}t|�}t|�}Wn4t
�y�}zddt|�fWYd}~Sd}~00n(|�d&�|�d�|j&||d'�\}}}|dk�r|jj	�st�||d|d�t�||d|d�|||fS)(N�%s.pubrnr�r�Z0700�r�rlzFailed to create %s: %sz.Overwriting existing ssh key private file "%s"�yzUFound existing ssh key private file "%s", no force, so skipping ssh-keygen generation)Nz1Key already exists, use "force: yes" to overwriter�z-Overwriting existing ssh key public file "%s"zTFound existing ssh key public file "%s", no force, so skipping ssh-keygen generation)Nz8Public key already exists, use "force: yes" to overwriter��
ssh-keygenT�-trz-bz-Cr�r�LC_ALLcSsg|]}t|��qSr)rr�rrrr��rjz$User.ssh_key_gen.<locals>.<listcomp>)�stdin�stdout�stderrZ
preexec_fn�envrjs+Enter passphrase (empty for no passphrase):sEnter same passphrase againi(�strict��errors�
sOverwrite (y/n)?)NzKey already existsr�r��r�)'r�rr[rr]r^r�r�rPr��mkdirr��chown�OSErrorr3r_�unlinkr�r:rTrSrUrVr��pty�openpty�environr�r
�
subprocess�Popen�setsidZpoll�select�read�writer�
returncoder�)r`r�Z	overwriterOZpub_fileraZssh_dirr�Zmaster_in_fdZslave_in_fdZ
master_out_fdZslave_out_fdZ
master_err_fdZslave_err_fdr�pZ
out_bufferZ
err_bufferZr_listZfirst_promptZ
second_prompt�prompt�fd�chunkr�r�r�rrr�ssh_key_gen~s�$,






�


&

zUser.ssh_key_gencCs^|��}tj�|�s"dd|dfS|j�dd�g}|�d�|�d�|�|�|j|dd	�S)
NrnzSSH Key file %s does not existr�rTz-lr�Fr�)rr]r^r�rPr�r:r�)r`rOr�rrr�ssh_key_fingerprint�s


zUser.ssh_key_fingerprintcCs`d|��}z:t|d��}|����}Wd�n1s:0YWntyZYdS0|S)Nrr
)rrr.r��IOError)r`Zssh_public_key_filer�ssh_public_keyrrr�get_ssh_public_key�s.zUser.get_ssh_public_keycCs|��Sr)r�rhrrr�create_user�szUser.create_usercCs|��Sr)r�rhrrr�remove_user�szUser.remove_usercCs|��Sr)r�rhrrr�modify_userszUser.modify_userc	Cs�tj�|��s�|jdur |j}nd}tj�|�r�ztj||dd�Wq�ty�}z$|jjddt	|�d�WYd}~q�d}~00nLzt�
|�Wn<ty�}z$|jjddt	|�d�WYd}~n
d}~00tj�|j��r�t|jd���}|D]~}t
�d|�}|r�t|�d�d	�}d
|@}zt�||�Wq�t�yn}z$|jjddt	|�d�WYd}~q�d}~00q�Wd�n1�s�0YdS)Nz	/etc/skelT)�symlinks�%s��failedrKr
z^UMASK\s+(\d+)$rnri�)r]r^r�r7�shutil�copytreer%rP�	exit_jsonr�makedirs�
LOGIN_DEFSr�re�matchr�r/�chmod)	r`r^r7rarr��mrI�moderrrr�s0
0.
zUser.create_homedirc

Cs�zlt�|||�t�|�D]N\}}}|D]}t�tj�||�||�q(|D]}t�tj�||�||�qJqWn<ty�}	z$|jjddt|	�d�WYd}	~	n
d}	~	00dS)NTr>r?)	r]r$�walkr^rXr%rPrCr)
r`r+�gidr^�root�dirs�files�drrarrr�
chown_homedir$s zUser.chown_homedir)FNT)T)T)(rrr�__doc__ru�distributionr�r�rrEr�r#rbr~r�r�r�r�r�r�r�r�r�r�rr�r�r
r�rrr5r6r9r:r;r<r�rQ�
__classcell__rrr'rrsL=$
		"	

!
h	rc@sDeZdZdZdZdZdZdZdZdd�Z	d	d
�Z
dd�Zd
d�ZdS)�FreeBsdUsera1
    This is a FreeBSD User manipulation class - it uses the pw command
    to manipulate the user database, followed by the chpass command
    to change the password.

    This overrides the following methods from the generic class:-
      - create_user()
      - remove_user()
      - modify_user()
    ZFreeBSDN�/etc/master.passwdr�z%d-%b-%YcCs�|��}|jrn|d�d�sn|j�dd�d|jg}|jdurd|dt|j�krd|�d�|�|j�|�	|�S|jdur�|d�d�r�|j�dd�d	|jg}|jdur�|dt|j�kr�|�d�|�|j�|�	|�Sd
S)Nrn�*LOCKED*�pwT�lockr�r�FZunlockr�)
r�rBr�rPr�r*r+r�r:r�)r`r�r�rrr�_handle_lockDs(�

�

zFreeBsdUser._handle_lockcCs2|j�dd�dd|jg}|jr(|�d�|�|�S)NrXTr�r�r��rPr�r*r4r:r��r`r�rrrr;]s�
zFreeBsdUser.remove_userc	Cs�|j�dd�dd|jg}|jdurH|�d�|�|j�|jrH|�d�|jdurh|�d�|�|j�|jdur�|�d�|�|j�|jdur�|�	|j�s�|jj
d	|jd
�|�d�|�|j�|jdur�|��}|�d�|�d
�
|��|j�rN|�d�|jdu�r(|�d�|�|j�|jdu�rN|�d�|�d|j�|jdu�rp|�d�|�|j�|jdu�r�|�d�|�|j�|jdu�r�|�d�|jt�d�k�r�|�d�n|�tt�|j���|�|�\}}}|du�r|dk�r|jj
|j||d�|jdu�rh|j�dd�d|j|jg}|�|�\}}}|du�rX|}||7}||7}|��\}}}|du�r�|}||7}||7}|||fS)NrXTr�r�r�r�r�r�r�rJr�r�rMr�r�r�r�r�r�r�r�0�r*rKr��chpassr�)rPr�r*r+r:r-r0rAr/r�rWrLr�rXr5r7rIr1r9rNrYrZr��calendar�timegmr�r2rZ)	r`r�rLr�r�r��_rcr�r�rrrr:is��
















�

zFreeBsdUser.create_usercCs�|j�dd�dd|jg}t|�}|��}|jdurj|dt|j�krj|�d�|�|j�|jrj|�d�|j	dur�|d|j	kr�|�d	�|�|j	�|j
du�rB|d
|j
kr�|js�tj
�|j
�s�|jr�|�d�|d
|j
kr�|�d�|�|j
�|jdu�r|�d
�|�|j�|jdu�rB|�d�|�d|j�|jdu�r�|�|j��sp|jjd|jd�|�|j�}|d|dk�r�|�d�|�|j�|jdu�r�|d|jk�r�|�d�|�|j�|jdu�r�d}tj
�|j��rbt�|jtj��rbt|jd��<}|D]&}|�d|j��r|�d�d}�qWd�n1�sX0Y|j|k�r�|�d�|�|j�|jdu�r|��}|� �}	t!|��"|	�}
d}|
�r�|j�r�|	D]}||
v�r�d}�q�q�nd}|�r|�d�|	}
|j�r|	t!|�B}
|�d�#|
��|j$du�r�t|�%�d�}|j$t&�'d�k�rl|dk�r�|�d�|�d �nPt&�'|�}|dk�s�|dd�|j$dd�k�r�|�d�|�t(t)�*|j$���d!\}}}|t|�k�r|�+|�\}}}||7}||7}|du�r|dk�r|jj|j||d"�|j,d#k�r�|j-du�r�|d�.d$�|j-�.d$�k�r�|j�d%d�d&|j-|jg}|�+|�\}}}|du�r�|}||7}||7}|�/�\}}}|du�r�|}||7}||7}|||fS)'NrXTr�r�r�r�r�r�r�r�r�r�r�r�r�r�rJrlr�r�r�r
rrr�Fr�rMrnrr�r]r�r^r�rWr_r�)0rPr�r*ryr�r+r�r:r-r0rAr6r]r^r�r5r7rIr/r�rWr�r1r9r�r�rrr�rxrLr�r�rvr�rXrNr�rYrZr�r`rar�r@r2r�rZ)r`r��cmd_lenr�r��user_login_classrr�r�rLr�r�r��
new_groupsr�r�r�r�r�r�r�rbrrrr<�s��


(





"2





&

4�

zFreeBsdUser.modify_user)
rrrrRrurSr�rr�rZr;r:r<rrrrrU2sZrUc@seZdZdZdZdS)�DragonFlyBsdUserz�
    This is a DragonFlyBSD User manipulation class - it inherits the
    FreeBsdUser class behaviors, such as using the pw command to
    manipulate the user database, followed by the chpass command
    to change the password.
    Z	DragonFlyN)rrrrRrurrrrrfNsrfc@s4eZdZdZdZdZdZdd�Zdd�Zd	d
�Z	dS)�OpenBSDUsera,
    This is a OpenBSD User manipulation class.
    Main differences are that OpenBSD:-
     - has no concept of "system" account.
     - has no force delete user

    This overrides the following methods from the generic class:-
      - create_user()
      - remove_user()
      - modify_user()
    ZOpenBSDNrVcCs�|j�dd�g}|jdur@|�d�|�|j�|jr@|�d�|jdur�|�|j�sj|jjd|jd�|�d�|�|j�|jdur�|�	�}|�d�|�d	�
|��|jdur�|�d
�|�|j�|jdur�|�d�|�|j�|j
du�r|�d�|�|j
�|jdu�r0|�d
�|�|j�|jdu�r^|jdk�r^|�d�|�|j�|j�r�|�d�|jdu�r�|�d�|�|j�|jdu�r�|�d�|�d|j�|�|j�|�|�S)Nr�Tr�r�r�rJr�r�rMr�r�r�r�rdr�r�r�r�r�)rPr�r+r:r-r/r�rWrLr�rXr0rAr1r9r2r5r7rIr*r��r`r�rLrrrr:jsP
















zOpenBSDUser.create_usercCs6|j�dd�g}|jr |�d�|�|j�|�|�S�Nr�Tr��rPr�r4r:r*r�r\rrrr��s

zOpenBSDUser.remove_user_userdelcCsX|j�dd�g}|��}|jdurZ|dt|j�krZ|�d�|�|j�|jrZ|�d�|jdur�|�|j�s�|jj	d|jd�|�
|j�}|d|dkr�|�d	�|�|j�|jdu�r^|��}d
}d}g}|jdkr�|r�|js�d}nN|�
�}t|��|�}|�r>|j�r:|D]}	|	|v�rd
}d}�q>�qnd}|�r^|�|�|�d�|��|jdu�r�|d|jk�r�|�d�|�|j�|jdu�r�|d|jk�r�|j�r�|�d�|�d�|�|j�|jdu�r|d|jk�r|�d�|�|j�|jdu�r�d}
|j�dd�|jg}|j|d
d�\}}
}|
��D]2}|��}|ddk�rFt|�dk�rF|d}
�qF|j|
k�r�|�d�|�|j�|j�r�|d�d��s�|�d�n&|jd
u�r�|d�d��r�|�d�|jdk�r0|jdu�r0|jdk�r0|d|jk�r0|�d �|�|j�t|�dk�rBd!S|�|j�|�|�S)"Nr�Tr�r�r�r�rJrlr�F�-Sr�r�rMr�r�r�r�r�r�r��userinfor�r�classrnr�rdr�r�r�r�r�)rPr�r�r+r�r:r-r/r�rWr�rLr�r�rvr�rXr0rAr6r1r9r*r��
splitlinesrxryrBr�r@r2)r`r�r�r�r�r�Z
groups_optionrLr�r�rdZuserinfo_cmdr�r�r�r��tokensrrrr<�s�













��
zOpenBSDUser.modify_user�
rrrrRrurSr�r:r�r<rrrrrgYs7rgc@s4eZdZdZdZdZdZdd�Zdd�Zd	d
�Z	dS)�
NetBSDUsera+
    This is a NetBSD User manipulation class.
    Main differences are that NetBSD:-
     - has no concept of "system" account.
     - has no force delete user


    This overrides the following methods from the generic class:-
      - create_user()
      - remove_user()
      - modify_user()
    ZNetBSDNrVcCs�|j�dd�g}|jdur@|�d�|�|j�|jr@|�d�|jdur�|�|j�sj|jjd|jd�|�d�|�|j�|jdur�|�	�}t
|�dkr�|jjd	t
|�d�|�d
�|�d�|��|jdur�|�d�|�|j�|j
du�r|�d
�|�|j
�|jdu�r2|�d�|�|j�|jdu�rT|�d�|�|j�|jdu�rv|�d�|�|j�|j�r�|�d�|jdu�r�|�d�|�|j�|jdu�r�|�d�|�d|j�|�|j�|�|�S)Nr�Tr�r�r�rJr���.Too many groups (%d) NetBSD allows for 16 max.r�rMr�r�r�r�r�r�r�r�r�)rPr�r+r:r-r/r�rWrLr�ryrXr0rAr1r9r2r5r7rIr*r�rhrrrr:sT















zNetBSDUser.create_usercCs6|j�dd�g}|jr |�d�|�|j�|�|�Srirjr\rrrr�Rs

zNetBSDUser.remove_user_userdelc	Cs|j�dd�g}|��}|jdurZ|dt|j�krZ|�d�|�|j�|jrZ|�d�|jdur�|�|j�s�|jj	d|jd�|�
|j�}|d|dkr�|�d	�|�|j�|jdu�r�|��}d
}g}|jdkr�|r�|js�d}nX|�
�}t|��|�}|�rD|j�r@|D](}||v�rt|��|�}d}�qD�qnd}|�r�t|�dk�rn|jj	d
t|�d�|�d�|�d�|��|jdu�r�|d|jk�r�|�d�|�|j�|jdu�r�|d|jk�r�|j�r�|�d�|�d�|�|j�|jdu�r0|d|jk�r0|�d�|�|j�|jdu�rR|�d�|�|j�|jdk�r�|jdu�r�|d|jk�r�|�d�|�|j�|j�r�|d�d��s�|�d�n&|jd
u�r�|d�d��r�|�d�t|�dk�r�dS|�|j�|�|�S)Nr�Tr�r�r�r�rJrlr�Fr�rrrsr�rMr�r�r�r�r�r�r�r�r�rnr�rWz-C yesz-C nor�)rPr�r�r+r�r:r-r/r�rWr�rLr�r�rvr��unionryrXr0rAr6r1r9r@r2rBr�r*r�)	r`r�r�r�r�r�rLr�r�rrrr<Ysz












(

zNetBSDUser.modify_userrprrrrrqs
9rqcsXeZdZdZdZdZdZdZdd�Zdd�Z	d	d
�Z
dd�Z�fd
d�Zdd�Z
�ZS)�SunOSa�
    This is a SunOS User manipulation class - The main difference between
    this class and the generic user class is that Solaris-type distros
    don't support the concept of a "system" account and we need to
    edit the /etc/shadow file manually to set a password. (Ugh)

    This overrides the following methods from the generic class:-
      - create_user()
      - remove_user()
      - modify_user()
      - user_info()
    Nr z/etc/user_attrc

Csz�d}d}d}tdd���}|D]�}|��}|�d�s|dkr>qt�d|�}|rX|�d�}|�d�\}}|dkrz|�d	�}q|d
kr�|�d	�}q|dkr|�d	�}qWd�n1s�0YWn:ty�}	z"|j	j
dt|	�d
�WYd}	~	n
d}	~	00|||fS)Nr�z/etc/default/passwdr
�#z^([^#]*)#(.*)$rn�=ZMINWEEKSr�ZMAXWEEKSZ	WARNWEEKSz&failed to read /etc/default/passwd: %srJ)rr�r�rFrGr/rx�rstripr[rPrWr)
r`�minweeks�maxweeks�	warnweeksrr�rI�key�valuer�rrr�get_password_defaults�s,
.,zSunOS.get_password_defaultscCs6|j�dd�g}|jr |�d�|�|j�|�|�Srirjr\rrrr;�s

zSunOS.remove_userc

Cs|j�dd�g}|jdur@|�d�|�|j�|jr@|�d�|jdur�|�|j�sj|jjd|jd�|�d�|�|j�|jdur�|�	�}|�d�|�d	�
|��|jdur�|�d
�|�|j�|jdur�|�d�|�|j�|j
du�r|�d�|�|j
�|j�rh|�d
�|jdu�rB|�d�|�|j�|jdu�rh|�d�|�d|j�|jdu�r�|�d�|�|j�|jdu�r�|�d�|�|j�|jdu�r�|�d�|�|j�|�|j�|�|�\}}}|du�r|dk�r|jj|j||d�|jj�s
|jdu�r
|��|��\}}}�z�g}	t|jd���,}
|
D�]}t|dd�}|���d�}|d|jk�s�|	�|��qZ|j|d<tt t!�!�d��|d<|�r�ztt |�d�|d<Wnt"�y�Yn0|�r"ztt |�d�|d<Wnt"�y Yn0|�rVztt |�d�|d <Wnt"�yTYn0d�
|�}|	�d!|��qZWd�n1�s�0Yt|jd"��}
|
�#|	�Wd�n1�s�0YWn<t$�y}z"|jjd#t|�d�WYd}~n
d}~00|||fS)$Nr�Tr�r�r�rJr�r�rMr�r�r�r�r�r�r��-Pr��-Rrr^r��surrogate_or_strictrrrnr�r�r!rlr�r��%s
�w+�#failed to update users password: %s)%rPr�r+r:r-r/r�rWrLr�rXr0rAr1r5r7rIrDrErFr*r�r�r2r�r~rr�rr�rxr�r�rYr��
writelinesr[)
r`r�rLr�r�r�ryrzr{r�rr�r}rrrr:�s�






















2.,zSunOS.create_userc
Cs�|j�dd�g}t|�}|��}|jdurb|dt|j�krb|�d�|�|j�|jrb|�d�|jdur�|�	|j�s�|jj
d|jd�|�|j�}|d|dkr�|�d	�|�|j�|jdu�rR|�
�}|��}t|��|�}d
}|�r|j�r|D]}	|	|vr�d}�qq�nd}|�rR|�d�|}
|j�rB|
�|�|�d�|
��|jdu�r�|d
|jk�r�|�d�|�|j�|jdu�r�|d|jk�r�|j�r�|�d�|�d�|�|j�|jdu�r�|d|jk�r�|�d�|�|j�|jdu�r,|d|jk�r,|�d�|�|j�|jdu�r^|d|jk�r^|�d�|�|j�|jdu�r�|d|jk�r�|�d�|�|j�|t|�k�r�|�|j�|�|�\}}}
|du�r�|dk�r�|jj
|j|
|d�n
d\}}}
|jdk�r�|jdu�r�|d|jk�r�|��d\}}}
|jj�s�|� �\}}}�z>g}t!|j"d ���}|D]�}t#|d!d"�}|�$��%d#�}|d|jk�s�|�|��qZ|j|d<t&tt'�'�d$��|d<|�r�t&t|�d�|d<|�r�t&t|�d�|d
<|�rt&t|�d�|d<d#�|�}|�d%|��qZWd�n1�s80Yt!|j"d&��}|�(|�Wd�n1�sp0Yd}Wn<t)�y�}
z"|jj
d't#|
�d�WYd}
~
n
d}
~
00|||
fS)(Nr�Tr�r�r�r�rJrlr�Fr�rMr�r�r�r�r�r�r�r!rrr��	r�rr^r�r�rnr�r�r�rrr�r�r�r�)*rPr�ryr�r+r�r:r-r/r�rWr�rLr�r�rvr��updaterXr0rAr6r1rDrErFr*r�r@r2r�r�r~rr�rr�rxr�rYr�r[)r`r�rcr�r�r�rLr�r�r�rer�r�r�ryrzr{r�rr�r}rrrr�Is�














(




2*,zSunOS.modify_user_usermodcs"tt|���}|r||��7}|Sr)r"rur��_user_attr_inforr'rrr��szSunOS.user_infocCs�dgd}t|jd���}|D]l}|���d�}|d|jkrtdd�|d�d	�D��}|�d
d�|d<|�dd�|d<|�dd�|d
<qWd�n1s�0Y|S)Nr�rlr
z::::rcss|]}|�d�VqdS)rwN)rxr�rrrri�rjz(SunOS._user_attr_info.<locals>.<genexpr>rn�;ZprofilesZauthsZrolesr�)r�	USER_ATTRr�rxr*�dict�get)r`r�Zfile_handlerr�r��tmprrrr��s
0zSunOS._user_attr_info)rrrrRrurSr�r�r~r;r:r�r�r�rTrrr'rru�s
inrucs�eZdZdZdZdZdZdZgd�Z�fdd�Z	dd	�Z
d
d�Zdd
�Zd#dd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zd$dd �Zd!d"�Z�ZS)%�
DarwinUsera�
    This is a Darwin macOS User manipulation class.
    Main differences are that Darwin:-
      - Handles accounts in a database managed by dscl(1)
      - Has no useradd/groupadd
      - Does not create home directories
      - User password must be cleartext
      - UID must be given
      - System users must ben under 500

    This overrides the following methods from the generic class:-
      - user_exists()
      - create_user()
      - remove_user()
      - modify_user()
    rcNr�))r0ZRealName)rAZNFSHomeDirectory)r1Z	UserShell)r+�UniqueID)r/ZPrimaryGroupID�r,ZIsHiddencsVtt|��|�|jdur(|jr<d|_n|jr6d|_nd|_|jdurR|j�d�dS)Nrnrr�)r"r�rbr,r8r}r:)r`rPr'rrrb�s

zDarwinUser.__init__cCs|j�dd�|jgS)N�dsclT)rPr��dscl_directoryrhrrr�	_get_dscl�szDarwinUser._get_dsclcCsl|��}|ddd|jg7}|j|dd�\}}}g}|��D],}|�d�s:|�d�rTq:|�|��d�q:|S)	Nz-searchz/GroupsZGroupMembershipFr�� �)r)r�r*r�rnr�r:rx)r`r�r�r�r�rLr�rrr�_list_user_groups�szDarwinUser._list_user_groupscCs�|��}|dd|j|g7}|j|dd�\}}}|dkr<dS|��}t|�dkrb|d�d�dSt|�d	kr�d
�|d��g|d	d��St|�d	kr�|d��SdS)zCReturn user PROPERTY as given my dscl(1) read or None if not found.�-read�	/Users/%sFr�rNrnz: r�r�)r�r*r�rnryrxrXr�)r`�propertyr�r�r�r�r�rrr�_get_user_property		s zDarwinUser._get_user_propertyc
Cs�|��}|gd�7}|j|dd�\}}}|dkrD|jjd|||d�d}d}|��D]6}t|�d�d�}	||	krv|	}||	krT|	d	krT|	}qT|r�d|kr�d
kr�nn|dS|dS)zv
        Return the next available uid. If system=True, then
        uid should be below of 500, if possible.
        )z-listz/Usersr�Fr�rz$Unable to get the next available uid)rKr�r�r�r�rmi�i�rn)r�r�rPrWrnr�rx)
r`r8r�r�r�r�Zmax_uidZmax_system_uidr�Zcurrent_uidrrr�
_get_next_uid	s*�zDarwinUser._get_next_uidcCsr|��}|jr&|dd|j|jg7}n|dd|jddg7}|�|�\}}}|dkrh|jjd|||d�|||fS)	zsChange password for SELF.NAME against SELF.PASSWORD.

        Please note that password must be cleartext.
        z-passwdr��-createZPasswordrdrzError when changing password�rKr�r�r�)r�r2r*r�rPrW�r`r�r�r�r�rrr�_change_user_password:	sz DarwinUser._change_user_passwordcCs\|jdurd|_zt�|j�j|_Wn&tyJ|jjd|jd�Yn0t|j�|_dS)zDConvert SELF.GROUP to is stringed numerical value suitable for dscl.NZnogroupzBGroup "%s" not found. Try to create it first using "group" module.rJ)r/r�r�r�r�rPrWr�rhrrr�_make_group_numericalP	s
z DarwinUser._make_group_numericalcCsj|dkrd}nd}ddd||jdd|g}|�|�\}}}|d	kr`|jjd
||j|f|||d�|||fS)��Add or remove SELF.NAME to or from GROUP depending on ACTION.
        ACTION can be 'add' or 'remove' otherwise 'remove' is assumed. �addr�r�Zdseditgroupr�Zeditr�userrz"Cannot %s user "%s" to group "%s".r�)r*r�rPrW)r`r/�action�optionr�r�r�r�rrrZ__modify_group[	s
��zDarwinUser.__modify_groupcCs�d}d}d}d}t|���}|jdur8t|j�d��}ntg�}|jdur�||D]2}|�|d�\}}	}
||7}||	7}||
7}d}qR||D]2}|�|d�\}}	}
||7}||	7}||
7}d}q�||||fS)	r�rr�FNrM�deleteTr�)rvr�rLrxr:�_DarwinUser__modify_group)r`r�r�r��changed�current�targetr4rbr�r�r�rrr�
_modify_groupi	s,

zDarwinUser._modify_groupc	Cs8d}dd|dg}|j|dd�\}}}g}|��dd�D]<}z|�d	�d}Wntyh|��}Yn0|�|�q8|jr�|j|vr�dd
|dd|jg}|�|�\}}}|dkr�|jj	d
|j|||d�dSnd|j|v�r4||�
|j�=dd
|ddg|}|�|�\}}}|dk�r0|jj	d|j|||d�dSdS)zvHide or show user on login window according SELF.SYSTEM.

        Returns 0 if a change has been made, None otherwise.z0/Library/Preferences/com.apple.loginwindow.plist�defaultsr.ZHiddenUsersListFr�rnrm�"r/z
-array-addrz%Cannot user "%s" to hidden user list.r�z-arrayz.Cannot remove user "%s" from hidden user list.N)r�rnrx�
IndexErrorr�r:r8r*rPrW�index)r`Z
plist_filer�r�r�r�Zhidden_usersr�rrr�_update_system_user�	s0

zDarwinUser._update_system_usercCs8|��}|dd|jdg7}|j|dd�\}}}|dkS)z1Check is SELF.NAME is a known user on the system.r�r�r�Fr�r)r�r*r�r�rrrr�	szDarwinUser.user_existscCs�|��}|��}|dd|jg7}|�|�\}}}|dkrT|jjd|j|||d�|jr�tj�	|d�r�t
�|d�|d|d7}|||fS)zCDelete SELF.NAME. If SELF.FORCE is true, remove its home directory.z-deleter�rzCannot delete user "%s".r�r�z
Removed %s)r�r�r*r�rPrWr3r]r^r�rA�rmtree)r`r�r�r�r�r�rrrr;�	szDarwinUser.remove_userr�c
Cs�|��}|dd|jg7}|�|�\}}}|dkrL|jjd|j|||d�|��|jdurpt|�|j	��|_|j
r�|jdur�d|j|_|jjs�t
j�|j�s�t
�|j�|�t|j�t|j�|j�|j	s�|jdur�d|_|jD]�}|d|jvr�|j|dr�|��}|dd|j|d|j|dg7}|�|�\}}}|dk�rn|jjd|d|jf|||d�||7}||7}|dkr�|||fSq�|��\}}}||7}||7}|��|j�r�|��\}}}}	||7}||7}|||fS)	Nr�r�rzCannot create user "%s".r�z	/bin/bashrnz&Cannot add property "%s" to user "%s".)r�r*r�rPrWr�r+r�r�r8r5rAr�r]r^r�rDrQr�r/r1r}�__dict__r�r�rLr�)
r`r�r�r�r�r��fieldr�r�r�rrrr:�	sJ


$
"zDarwinUser.create_usercCsxd}d}d}|jr|��|jD]�}|d|jvr |j|dr |�|d�}|dusl|t|j|d�kr |��}|dd|j|d|j|dg7}|�|�\}}}	|dkr�|j	j
d|d|jf|||d�|}||7}||	7}q |jdk�r"|jdu�r"|�
�\}}}	||7}||	7}|}|j�rX|��\}}}	}
||7}||	7}|
d	u�rX|}|��}|dk�rn|}|||fS)
Nr�rrnr�r�z*Cannot update property "%s" for user "%s".r�r�T)r/r�r}r�r�rr�r*r�rPrWr@r2r�rLr�r�)r`r�r�r�r�r�r�r�r�r�Z_changedrrrr<�	sJ
$��


zDarwinUser.modify_user)N)r�)rrrrRrurSr�r�r}rbr�r�r�r�r�r�r�r�r�rr;r:r<rTrrr'rr��s(	
 )
4r�c@s>eZdZdZdZdZdZdd�Zd
dd�Zd	d
�Z	dd�Z
dS)�AIXz�
    This is a AIX User manipulation class.

    This overrides the following methods from the generic class:-
      - create_user()
      - remove_user()
      - modify_user()
      - parse_shadow_file()
    Nz/etc/security/passwdcCs6|j�dd�g}|jr |�d�|�|j�|�|�Srirjr\rrrr;9
s

zAIX.remove_userr�cCs�|j�|d�g}|jdur0|�d�|�|j�|jdurp|�|j�sZ|jjd|jd�|�d�|�|j�|jdur�t|j�r�|�	�}|�d�|�d�
|��|jdur�|�d�|�|j�|jdur�|�d	�|�|j�|j
du�r|�d
�|�|j
�|j�rb|�d�|jdu�r<|�d�|�|j�|jdu�rb|�d
�|�d|j�|�|j�|�|�\}}}|jdu�r�g}|�|j�dd��|�d�|�d�|j|d|j|jfd�|||fS)NTr�r�rJr�r�rMr�r�r�r�r�r�r��chpasswdr��%s:%sr")rPr�r+r:r/r�rWrLryr�rXr0rAr1r5r7rIr*r�r2)r`r�r�rLr�r�r�rrrr�A
sN














zAIX.create_user_useraddcCs�|j�dd�g}|��}|jdurJ|dt|j�krJ|�d�|�|j�|jdur�|�|j�st|jjd|jd�|�	|j�}|d|dkr�|�d�|�|j�|j
du�rF|��}d	}g}|j
d
kr�|r�|js�d}nJ|��}t
|��|�}|�r&|j�r"|D]}||v�rd}�q&�qnd}|�rF|�d�|�d�|��|jdu�rx|d
|jk�rx|�d�|�|j�|jdu�r�|d|jk�r�|j�r�|�d�|�d�|�|j�|jdu�r�|d|jk�r�|�d�|�|j�t|�dk�rd\}	}
}n|�|j�|�|�\}	}
}|jdk�r�|jdu�r�|d|jk�r�g}|�|j�dd��|�d�|�d�|j|d|j|jfd�\}}
}n
d\}}
}|	du�r�|	|
|
||fS||
|
||fSdS)Nr�Tr�r�r�rJrlr�Fr�r�rMr�r�r�r�r�r�r�rnr�r�r�r�r�r")rPr�r�r+r�r:r/r�rWr�rLr�r�rvr�rXr0rAr6r1ryr*r�r@r2)r`r�r�r�r�r�rLr�r�r�r�r�Zrc2Zout2Zerr2rrrr�w
sp










(

"

zAIX.modify_user_usermodcCs0t|j�}d}d}tj�|j��rt�|jtj��rt|jd��}|�	�}Wd�n1s^0Yd}d}zxt
|�D]2\}}	|	�d|�rz||d}||d}q�qzd|vr�|�dd�d�
�}d|vr�|�dd�d�
�}Wn(t�y|jjd	|jd
�Yn0t|�}
t|��p&d}|
|fS)aExample AIX shadowfile data:
        nobody:
                password = *

        operator1:
                password = {ssha512}06$xxxxxxxxxxxx....
                lastupdate = 1549558094

        test1:
                password = *
                lastupdate = 1553695126

        rjr�Ns%s:rnr�s = rmzFailed to parse shadow file %srJ)rr*r]r^r�r�r�rrr�	enumerater�rxr�r�rPrWr)r`rZb_passwdZ	b_expiresZbfZb_linesZ
b_passwd_lineZb_expires_liner�Zb_linerrNrrrr�
s.
"&zAIX.parse_shadow_file)r�)rrrrRrurSr�r;r�r�rrrrrr�*
s

6Mr�c@s4eZdZdZdZdZdZdd�Zdd�Zd	d
�Z	dS)�HPUXz�
    This is a HP-UX User manipulation class.

    This overrides the following methods from the generic class:-
      - create_user()
      - remove_user()
      - modify_user()
    zHP-UXNr cCsvdg}|jdur6|�d�|�|j�|jr6|�d�|jdurv|�|j�s`|jjd|jd�|�d�|�|j�|jdur�t|j�r�|�	�}|�d�|�d�
|��|jdur�|�d	�|�|j�|jdur�|�d
�|�|j�|j
du�r|�d�|�|j
�|jdu�r0|�d�|�|j�|j�rD|�d
�n
|�d�|j�r`|�d�|�|j�|�|�S)Nz/usr/sam/lbin/useradd.samr�r�r�rJr�r�rMr�r�r�r�r�r�r�)r+r:r-r/r�rPrWrLryr�rXr0rAr1r2r5r8r*r�rhrrrr:sD













zHPUX.create_usercCs<dg}|jr|�d�|jr&|�d�|�|j�|�|�S)Nz/usr/sam/lbin/userdel.sam�-Fr�)r3r:r4r*r�r\rrrr;1s

zHPUX.remove_userc
Cs�dg}|��}|jdurP|dt|j�krP|�d�|�|j�|jrP|�d�|jdur�|�|j�sz|jjd|jd�|�	|j�}|d|dkr�|�d�|�|j�|j
du�rh|��}d	}g}|j
d
kr�|r�|js�d}nN|jd	d�}t
|��|�}|�r0|j�r,|D]}||v�rd}�q0�qnd}|�rh|�d
�|}	|j�rX|t
|�B}	|�d�|	��|jdu�r�|d|jk�r�|�d�|�|j�|jdu�r�|d|jk�r�|�d�|�|j�|j�r�|�d�|jdu�r|d|jk�r|�d�|�|j�|jdk�rX|jdu�rX|d|jk�rX|�d�|�d�|�|j�t|�dk�rjdS|�|j�|�|�S)Nz/usr/sam/lbin/usermod.samr�r�r�r�rJrlr�Fr�Tr�r�rMr�r�r�r�r�r�r�r�rnr�r�r�)r�r+r�r:r-r/r�rPrWr�rLr�r�rvr�rXr0rAr6r1r@r2ryr*r�)
r`r�r�r�r�r�rLr�r�rerrrr<:sn











(

zHPUX.modify_user)
rrrrRrurSr�r:r;r<rrrrr��
s	0	r�c@s(eZdZdZdd�Zdd�Zdd�ZdS)	�BusyBoxz�
    This is the BusyBox class for use on systems that have adduser, deluser,
    and delgroup commands. It overrides the following methods:
        - create_user()
        - remove_user()
        - modify_user()
    c	Cs�|j�dd�g}|�d�|jdur:|�d�|�|j�|jdur||�|j�sf|jjd�|j�d�|�d�|�|j�|jdur�|�d�|�|j�|j	dur�|�d	�|�|j	�|j
dur�|�d
�|�|j
�|js�|�d�|jdu�r|�d�|�|j�|j
du�r4|�d
�|�d|j
�|j�rF|�d�|�|j�|�|�\}}}|du�r�|dk�r�|jj|j||d�|jdu�r�|j�dd�g}|�d�dj|j|jd�}|j||d�\}}}|du�r�|dk�r�|jj|j||d�|jdu�r|t|j��r||��}|j�dd�}|D]J}||j|g}|�|�\}}}|du�r0|dk�r0|jj|j||d��q0|||fS)N�adduserTz-Dr�zGroup {0} does not existrJr�r�z-hr�z-Hr�r�r�rkrr^r��--encrypted�{name}:{password}�r*r2r")rPr�r:r+r/r�rWr�r0rAr1r5r7rIr8r*r�r2rLryr�)	r`r�r�r�r�r�rL�add_cmd_binr/rrrr:�sb















zBusyBox.create_usercCs.|j�dd�|jg}|jr$|�d�|�|�S)NZdeluserTz
--remove-homer[r\rrrr;�s�
zBusyBox.remove_usercCs�|��}g}d}d}d}|��}|j�dd�}|j�dd�}|jdu�rt|j��r|��}t|��|�}	|	�r|D]L}
|
|	vrt||j	|
g}|�
|�\}}}|durt|dkrt|jj|j	||d�qt|	D]R}
|
|vr�|js�||j	|
g}|�
|�\}}}|dur�|dkr�|jj|j	||d�q�|j
dk�r�|jdu�r�|d|jk�r�|j�d	d�g}
|
�d
�dj|j	|jd�}|j
|
|d
�\}}}|du�r�|dk�r�|jj|j	||d�|||fS)Nr�r�TZdelgrouprr^r�rnr�r�r�r�r")r�r�rPr�rLryr�rvr�r*r�rWr:r@r2r�)r`r�rLr�r�r�r�r�Zremove_cmd_binr�r�Zadd_cmdZ
remove_cmdr�r�rrrr<�s@(
zBusyBox.modify_userN)rrrrRr:r;r<rrrrr��sEr�c@seZdZdZdZdZdS)�Alpinez�
    This is the Alpine User manipulation class. It inherits the BusyBox class
    behaviors such as using adduser and deluser commands.
    ZLinuxN)rrrrRrurSrrrrr�	sr�c
(Cs�tddddt��d�}tttddddgd�tdd	d
gd�tdd
�tddd�tdd
�tddd�tdd
�tdd
�tdd
�tdd	d�tdd
�tddd�tddd�tdd
�tdd
�tddd�tddd�tdd	dgd�tdd
�tddd�tddd�tddd�tdd
�td|dd�td|dd�tdd
�td|dd�tdd	d�tddddgdd�tdd
�tddd�tdd
�tdd
�tdd
�tdd
�tdd
�d�$d	d�}t|�}|��|�d |j�|j�r�|�d!|j�d}d"}d"}i}|j	|d#<|j
|d$<|j
dk�rX|���rz|j�r|j
d	d%�|��\}}}|dk�r@|j|j	||d&�|j|d'<|j|d(<�n"|j
dk�rz|���s|j�r�|j
d	d%�d}|j�r�|j�r�tj�|j�}tj�|��s�d	}|��\}}}|�r�|��}	|	du�r�|�|	d)|	d*|j�|j�r|j	|d+<n|j|d+<|j|d,<n"|��\}}}|j|d-<|j|d.<|du�rf|dk�rf|j|j	||d&�|jdu�rzd/|d0<|du�r�d|d1<nd	|d1<|�r�||d2<|�r�||d3<|���r�|j
dk�r�|��}	|	du�r�d4|j	|d5<d	|d6<|	d)|d7<|	d*|d8<|	d9|d<|	d:|d;<|	d<|d=<|j du�rB|j |d><|��}	|jdu�r`|	d:|_tj�!|j��s�|j�r�|j�s�|�"|j�|�|	d)|	d*|j�d	|d1<|j#�rD|�$�\}}}|du�r�|dk�r�|j|j	||d&�|dk�r�d	|d1<|�%�\}}}|dk�r |�&�|d?<n|�&�|d?<|�'�|d@<|�(�|dA<|�)�\}}}|du�r^n&|dk�r||j|j	||d&�nd	|d1<|j
fi|��dS)BNrZrsazansible-generated on %s)�bits�typeZ
passphraser0r�ZpresentZabsent)r��default�choicesTr�)r��required�aliasesr�)r�rzF)r�r�r�)r��elementsr^)r��no_logZ
createhome)r�r�r�r�r�r0r�Z	on_create)r�r�r�r��float)$r)r*r+r-r/rLr0rAr1r2r9rGrHr,r.r3r4r5r7r8r6r:r;r<r=rOr>r?r@rNrBrCrDrErFrI)Z
argument_specZsupports_check_modezUser instantiated - platform %sz#User instantiated - distribution %sr�r*r))r�r^r3r4r�rlr8r5r:r6ZNOT_LOGGING_PASSWORDr2r�rrzfailed to look up user name: %srKr@r+r/r�r�rAr�r1rLZssh_fingerprintrOr8)*r��socketZgethostnamer	rr~r�rurSr*r)rr�rCr;rWr3r4rAr5r]r^r�r�r:r�rQr8r<r:r6r2rLr�r�rRr5r6r�rr9r
)
Zssh_defaultsrPr�r�r�r��resultZpath_needs_parentsr�r�rrr�mains
�











�,�0


















r��__main__)IZ
__future__rrrr�Z
__metaclass__Z
DOCUMENTATIONZEXAMPLESZRETURNrZctypes.util�errnor�r`r]rFr'rr-rAr�r*rYr�Zansible.module_utilsrZansible.module_utils._textrrrZansible.module_utils.basicr	Z"ansible.module_utils.common.localer
Z$ansible.module_utils.common.sys_inforZ"ansible.module_utils.compat.typingZmodule_utils�compat�typing�tZ	StructurerZcdllZLoadLibrary�castr��utilZfind_libraryrrr�argtypesZPOINTERZrestyper�AttributeError�compiler{�objectrrUrfrgrqrur�r�r�r�r�r�rrrrr�<module>s�3p
��

6/%!bJ	0

@ Telegram