diff options
Diffstat (limited to 'collections-debian-merged/ansible_collections/community/general/plugins/become')
9 files changed, 805 insertions, 0 deletions
diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/__init__.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/__init__.py diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/doas.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/doas.py new file mode 100644 index 00000000..d7f4ad81 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/doas.py @@ -0,0 +1,126 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: doas + short_description: Do As user + description: + - This become plugins allows your remote/login user to execute commands as another user via the doas utility. + author: ansible (@core) + options: + become_user: + description: User you 'become' to execute the task + ini: + - section: privilege_escalation + key: become_user + - section: doas_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_doas_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_DOAS_USER + become_exe: + description: Doas executable + default: doas + ini: + - section: privilege_escalation + key: become_exe + - section: doas_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_doas_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_DOAS_EXE + become_flags: + description: Options to pass to doas + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: doas_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_doas_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_DOAS_FLAGS + become_pass: + description: password for doas prompt + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_doas_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_DOAS_PASS + ini: + - section: doas_become_plugin + key: password + prompt_l10n: + description: + - List of localized strings to match for prompt detection + - If empty we'll use the built in one + default: [] + ini: + - section: doas_become_plugin + key: localized_prompts + vars: + - name: ansible_doas_prompt_l10n + env: + - name: ANSIBLE_DOAS_PROMPT_L10N +''' + +import re + +from ansible.module_utils._text import to_bytes +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'community.general.doas' + + # messages for detecting prompted password issues + fail = ('Permission denied',) + missing = ('Authorization required',) + + def check_password_prompt(self, b_output): + ''' checks if the expected password prompt exists in b_output ''' + + # FIXME: more accurate would be: 'doas (%s@' % remote_user + # however become plugins don't have that information currently + b_prompts = [to_bytes(p) for p in self.get_option('prompt_l10n')] or [br'doas \(', br'Password:'] + b_prompt = b"|".join(b_prompts) + + return bool(re.match(b_prompt, b_output)) + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + self.prompt = True + + become_exe = self.get_option('become_exe') + + flags = self.get_option('become_flags') + if not self.get_option('become_pass') and '-n' not in flags: + flags += ' -n' + + become_user = self.get_option('become_user') + user = '-u %s' % (become_user) if become_user else '' + + success_cmd = self._build_success_command(cmd, shell, noexe=True) + executable = getattr(shell, 'executable', shell.SHELL_FAMILY) + + return '%s %s %s %s -c %s' % (become_exe, flags, user, executable, success_cmd) diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/dzdo.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/dzdo.py new file mode 100644 index 00000000..a0ff4c05 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/dzdo.py @@ -0,0 +1,95 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: dzdo + short_description: Centrify's Direct Authorize + description: + - This become plugins allows your remote/login user to execute commands as another user via the dzdo utility. + author: ansible (@core) + options: + become_user: + description: User you 'become' to execute the task + ini: + - section: privilege_escalation + key: become_user + - section: dzdo_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_dzdo_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_DZDO_USER + become_exe: + description: Dzdo executable + default: dzdo + ini: + - section: privilege_escalation + key: become_exe + - section: dzdo_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_dzdo_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_DZDO_EXE + become_flags: + description: Options to pass to dzdo + default: -H -S -n + ini: + - section: privilege_escalation + key: become_flags + - section: dzdo_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_dzdo_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_DZDO_FLAGS + become_pass: + description: Options to pass to dzdo + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_dzdo_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_DZDO_PASS + ini: + - section: dzdo_become_plugin + key: password +''' + +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'community.general.dzdo' + + # messages for detecting prompted password issues + fail = ('Sorry, try again.',) + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + becomecmd = self.get_option('become_exe') + + flags = self.get_option('become_flags') + if self.get_option('become_pass'): + self.prompt = '[dzdo via ansible, key=%s] password:' % self._id + flags = '%s -p "%s"' % (flags.replace('-n', ''), self.prompt) + + become_user = self.get_option('become_user') + user = '-u %s' % (become_user) if become_user else '' + + return ' '.join([becomecmd, flags, user, self._build_success_command(cmd, shell)]) diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/ksu.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/ksu.py new file mode 100644 index 00000000..d81b7a11 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/ksu.py @@ -0,0 +1,120 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: ksu + short_description: Kerberos substitute user + description: + - This become plugins allows your remote/login user to execute commands as another user via the ksu utility. + author: ansible (@core) + options: + become_user: + description: User you 'become' to execute the task + ini: + - section: privilege_escalation + key: become_user + - section: ksu_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_ksu_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_KSU_USER + required: True + become_exe: + description: Su executable + default: ksu + ini: + - section: privilege_escalation + key: become_exe + - section: ksu_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_ksu_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_KSU_EXE + become_flags: + description: Options to pass to ksu + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: ksu_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_ksu_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_KSU_FLAGS + become_pass: + description: ksu password + required: False + vars: + - name: ansible_ksu_pass + - name: ansible_become_pass + - name: ansible_become_password + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_KSU_PASS + ini: + - section: ksu_become_plugin + key: password + prompt_l10n: + description: + - List of localized strings to match for prompt detection + - If empty we'll use the built in one + default: [] + ini: + - section: ksu_become_plugin + key: localized_prompts + vars: + - name: ansible_ksu_prompt_l10n + env: + - name: ANSIBLE_KSU_PROMPT_L10N +''' + +import re + +from ansible.module_utils._text import to_bytes +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'community.general.ksu' + + # messages for detecting prompted password issues + fail = ('Password incorrect',) + missing = ('No password given',) + + def check_password_prompt(self, b_output): + ''' checks if the expected password prompt exists in b_output ''' + + prompts = self.get_option('prompt_l10n') or ["Kerberos password for .*@.*:"] + b_prompt = b"|".join(to_bytes(p) for p in prompts) + + return bool(re.match(b_prompt, b_output)) + + def build_become_command(self, cmd, shell): + + super(BecomeModule, self).build_become_command(cmd, shell) + + # Prompt handling for ``ksu`` is more complicated, this + # is used to satisfy the connection plugin + self.prompt = True + + if not cmd: + return cmd + + exe = self.get_option('become_exe') + + flags = self.get_option('become_flags') + user = self.get_option('become_user') + return '%s %s %s -e %s ' % (exe, user, flags, self._build_success_command(cmd, shell)) diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/machinectl.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/machinectl.py new file mode 100644 index 00000000..6751f9b4 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/machinectl.py @@ -0,0 +1,88 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: machinectl + short_description: Systemd's machinectl privilege escalation + description: + - This become plugins allows your remote/login user to execute commands as another user via the machinectl utility. + author: ansible (@core) + options: + become_user: + description: User you 'become' to execute the task + default: '' + ini: + - section: privilege_escalation + key: become_user + - section: machinectl_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_machinectl_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_MACHINECTL_USER + become_exe: + description: Machinectl executable + default: machinectl + ini: + - section: privilege_escalation + key: become_exe + - section: machinectl_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_machinectl_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_MACHINECTL_EXE + become_flags: + description: Options to pass to machinectl + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: machinectl_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_machinectl_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_MACHINECTL_FLAGS + become_pass: + description: Password for machinectl + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_machinectl_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_MACHINECTL_PASS + ini: + - section: machinectl_become_plugin + key: password +''' + +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'community.general.machinectl' + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + become = self.get_option('become_exe') + + flags = self.get_option('become_flags') + user = self.get_option('become_user') + return '%s -q shell %s %s@ %s' % (become, flags, user, cmd) diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/pbrun.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/pbrun.py new file mode 100644 index 00000000..9d64ff6a --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/pbrun.py @@ -0,0 +1,104 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: pbrun + short_description: PowerBroker run + description: + - This become plugins allows your remote/login user to execute commands as another user via the pbrun utility. + author: ansible (@core) + options: + become_user: + description: User you 'become' to execute the task + default: '' + ini: + - section: privilege_escalation + key: become_user + - section: pbrun_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_pbrun_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_PBRUN_USER + become_exe: + description: Sudo executable + default: pbrun + ini: + - section: privilege_escalation + key: become_exe + - section: pbrun_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_pbrun_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_PBRUN_EXE + become_flags: + description: Options to pass to pbrun + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: pbrun_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_pbrun_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_PBRUN_FLAGS + become_pass: + description: Password for pbrun + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_pbrun_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_PBRUN_PASS + ini: + - section: pbrun_become_plugin + key: password + wrap_exe: + description: Toggle to wrap the command pbrun calls in 'shell -c' or not + default: False + type: bool + ini: + - section: pbrun_become_plugin + key: wrap_execution + vars: + - name: ansible_pbrun_wrap_execution + env: + - name: ANSIBLE_PBRUN_WRAP_EXECUTION +''' + +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'community.general.pbrun' + + prompt = 'Password:' + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + become_exe = self.get_option('become_exe') + + flags = self.get_option('become_flags') + become_user = self.get_option('become_user') + user = '-u %s' % (become_user) if become_user else '' + noexe = not self.get_option('wrap_exe') + + return ' '.join([become_exe, flags, user, self._build_success_command(cmd, shell, noexe=noexe)]) diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/pfexec.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/pfexec.py new file mode 100644 index 00000000..d86af6e3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/pfexec.py @@ -0,0 +1,104 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: pfexec + short_description: profile based execution + description: + - This become plugins allows your remote/login user to execute commands as another user via the pfexec utility. + author: ansible (@core) + options: + become_user: + description: + - User you 'become' to execute the task + - This plugin ignores this setting as pfexec uses it's own C(exec_attr) to figure this out, + but it is supplied here for Ansible to make decisions needed for the task execution, like file permissions. + default: root + ini: + - section: privilege_escalation + key: become_user + - section: pfexec_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_pfexec_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_PFEXEC_USER + become_exe: + description: Sudo executable + default: pfexec + ini: + - section: privilege_escalation + key: become_exe + - section: pfexec_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_pfexec_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_PFEXEC_EXE + become_flags: + description: Options to pass to pfexec + default: -H -S -n + ini: + - section: privilege_escalation + key: become_flags + - section: pfexec_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_pfexec_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_PFEXEC_FLAGS + become_pass: + description: pfexec password + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_pfexec_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_PFEXEC_PASS + ini: + - section: pfexec_become_plugin + key: password + wrap_exe: + description: Toggle to wrap the command pfexec calls in 'shell -c' or not + default: False + type: bool + ini: + - section: pfexec_become_plugin + key: wrap_execution + vars: + - name: ansible_pfexec_wrap_execution + env: + - name: ANSIBLE_PFEXEC_WRAP_EXECUTION + notes: + - This plugin ignores I(become_user) as pfexec uses it's own C(exec_attr) to figure this out. +''' + +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'community.general.pfexec' + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + exe = self.get_option('become_exe') + + flags = self.get_option('become_flags') + noexe = not self.get_option('wrap_exe') + return '%s %s "%s"' % (exe, flags, self._build_success_command(cmd, shell, noexe=noexe)) diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/pmrun.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/pmrun.py new file mode 100644 index 00000000..52fc3360 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/pmrun.py @@ -0,0 +1,77 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: pmrun + short_description: Privilege Manager run + description: + - This become plugins allows your remote/login user to execute commands as another user via the pmrun utility. + author: ansible (@core) + options: + become_exe: + description: Sudo executable + default: pmrun + ini: + - section: privilege_escalation + key: become_exe + - section: pmrun_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_pmrun_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_PMRUN_EXE + become_flags: + description: Options to pass to pmrun + default: '' + ini: + - section: privilege_escalation + key: become_flags + - section: pmrun_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_pmrun_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_PMRUN_FLAGS + become_pass: + description: pmrun password + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_pmrun_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_PMRUN_PASS + ini: + - section: pmrun_become_plugin + key: password + notes: + - This plugin ignores the become_user supplied and uses pmrun's own configuration to select the user. +''' + +from ansible.plugins.become import BecomeBase +from ansible.module_utils.six.moves import shlex_quote + + +class BecomeModule(BecomeBase): + + name = 'community.general.pmrun' + prompt = 'Enter UPM user password:' + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + become = self.get_option('become_exe') + + flags = self.get_option('become_flags') + return '%s %s %s' % (become, flags, shlex_quote(self._build_success_command(cmd, shell))) diff --git a/collections-debian-merged/ansible_collections/community/general/plugins/become/sesu.py b/collections-debian-merged/ansible_collections/community/general/plugins/become/sesu.py new file mode 100644 index 00000000..b56e6ee2 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/general/plugins/become/sesu.py @@ -0,0 +1,91 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2018, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' + become: sesu + short_description: CA Privileged Access Manager + description: + - This become plugins allows your remote/login user to execute commands as another user via the sesu utility. + author: ansible (@nekonyuu) + options: + become_user: + description: User you 'become' to execute the task + default: '' + ini: + - section: privilege_escalation + key: become_user + - section: sesu_become_plugin + key: user + vars: + - name: ansible_become_user + - name: ansible_sesu_user + env: + - name: ANSIBLE_BECOME_USER + - name: ANSIBLE_SESU_USER + become_exe: + description: sesu executable + default: sesu + ini: + - section: privilege_escalation + key: become_exe + - section: sesu_become_plugin + key: executable + vars: + - name: ansible_become_exe + - name: ansible_sesu_exe + env: + - name: ANSIBLE_BECOME_EXE + - name: ANSIBLE_SESU_EXE + become_flags: + description: Options to pass to sesu + default: -H -S -n + ini: + - section: privilege_escalation + key: become_flags + - section: sesu_become_plugin + key: flags + vars: + - name: ansible_become_flags + - name: ansible_sesu_flags + env: + - name: ANSIBLE_BECOME_FLAGS + - name: ANSIBLE_SESU_FLAGS + become_pass: + description: Password to pass to sesu + required: False + vars: + - name: ansible_become_password + - name: ansible_become_pass + - name: ansible_sesu_pass + env: + - name: ANSIBLE_BECOME_PASS + - name: ANSIBLE_SESU_PASS + ini: + - section: sesu_become_plugin + key: password +''' + +from ansible.plugins.become import BecomeBase + + +class BecomeModule(BecomeBase): + + name = 'community.general.sesu' + + prompt = 'Please enter your password:' + fail = missing = ('Sorry, try again with sesu.',) + + def build_become_command(self, cmd, shell): + super(BecomeModule, self).build_become_command(cmd, shell) + + if not cmd: + return cmd + + become = self.get_option('become_exe') + + flags = self.get_option('become_flags') + user = self.get_option('become_user') + return '%s %s %s -c %s' % (become, flags, user, self._build_success_command(cmd, shell)) |