adds privilege escalation method for pmrun(Unix Privilege Manager 6.0)

7 years ago · 04073dfa9b
parent f9b836a901
commit 04073dfa9b
4 changed files with 14 additions and 6 deletions
--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@ -276,7 +276,8 @@ BECOME_ERROR_STRINGS = {
    'pfexec': '',
    'doas': 'Permission denied',
    'dzdo': '',
-    'ksu': 'Password incorrect'
+    'ksu': 'Password incorrect',
+    'pmrun': 'You are not permitted to run this command'
 }  # FIXME: deal with i18n
 BECOME_MISSING_STRINGS = {
    'sudo': 'sorry, a password is required to run sudo',
@ -285,9 +286,10 @@ BECOME_MISSING_STRINGS = {
    'pfexec': '',
    'doas': 'Authorization required',
    'dzdo': '',
-    'ksu': 'No password given'
+    'ksu': 'No password given',
+    'pmrun': ''
 }  # FIXME: deal with i18n
-BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas']
+BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas', 'pmrun']
 BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, value_type='boolean')
 DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD',
                                   'sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo').lower()
@ -297,7 +299,6 @@ DEFAULT_BECOME_EXE = get_config(p, 'privilege_escalation', 'become_exe', 'ANSIBL
 DEFAULT_BECOME_FLAGS = get_config(p, 'privilege_escalation', 'become_flags', 'ANSIBLE_BECOME_FLAGS', None)
 DEFAULT_BECOME_ASK_PASS = get_config(p, 'privilege_escalation', 'become_ask_pass', 'ANSIBLE_BECOME_ASK_PASS', False, value_type='boolean')

-
 # PLUGINS

 # Modules that can optimize with_items loops into a single call.  Currently
--- a/lib/ansible/modules/commands/command.py
+++ b/lib/ansible/modules/commands/command.py
@ -119,7 +119,7 @@ def check_command(commandline):
                  'mount': 'mount', 'rpm': 'yum, dnf or zypper', 'yum': 'yum', 'apt-get': 'apt',
                  'tar': 'unarchive', 'unzip': 'unarchive', 'sed': 'template or lineinfile',
                  'dnf': 'dnf', 'zypper': 'zypper' }
-    become   = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas' ]
+    become   = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas', 'pmrun' ]
    warnings = list()
    command = os.path.basename(commandline.split()[0])
    if command in arguments:
--- a/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py
+++ b/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py
@ -125,7 +125,7 @@ options:
      description:
        - Become method to Use for privledge escalation.
      required: False
-      choices: ["None", "sudo", "su", "pbrun", "pfexec"]
+      choices: ["None", "sudo", "su", "pbrun", "pfexec", "pmrun"]
      default: "None"
    become_username:
      description:
--- a/lib/ansible/playbook/play_context.py
+++ b/lib/ansible/playbook/play_context.py
@ -587,6 +587,13 @@ class PlayContext(Base):
                else:
                    becomecmd = '%s -u %s %s' % (exe, self.become_user, command)

+            elif self.become_method == 'pmrun':
+
+                exe = self.become_exe or 'pmrun'
+
+                prompt='Enter UPM user password:'
+                becomecmd = '%s %s %s' % (exe, flags, shlex_quote(command))
+
            else:
                raise AnsibleError("Privilege escalation method not found: %s" % self.become_method)