From 88e2595a907093c7bd2f746cd373b5955728cf87 Mon Sep 17 00:00:00 2001
From: James Cammarata <jcammarata@ansibleworks.com>
Date: Mon, 27 Jan 2014 16:26:31 -0600
Subject: [PATCH] Fixing bug relating to su without an su_pass

---
 lib/ansible/playbook/__init__.py | 5 ++++-
 lib/ansible/runner/__init__.py   | 9 +++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/ansible/playbook/__init__.py b/lib/ansible/playbook/__init__.py
index 24e78053228..28b58967d57 100644
--- a/lib/ansible/playbook/__init__.py
+++ b/lib/ansible/playbook/__init__.py
@@ -488,8 +488,11 @@ class PlayBook(object):
             callbacks=self.runner_callbacks,
             sudo=play.sudo,
             sudo_user=play.sudo_user,
-            transport=play.transport,
             sudo_pass=self.sudo_pass,
+            su=play.su,
+            su_user=play.su_user,
+            su_pass=self.su_pass,
+            transport=play.transport,
             is_playbook=True,
             module_vars=play.vars,
             default_vars=play.default_vars,
diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py
index b83db92a202..186140b18d4 100644
--- a/lib/ansible/runner/__init__.py
+++ b/lib/ansible/runner/__init__.py
@@ -393,7 +393,7 @@ class Runner(object):
             sudoable = False
 
         if self.su:
-            res = self._low_level_exec_command(conn, cmd, tmp, su=sudoable, in_data=in_data)
+            res = self._low_level_exec_command(conn, cmd, tmp, su=True, in_data=in_data)
         else:
             res = self._low_level_exec_command(conn, cmd, tmp, sudoable=sudoable, in_data=in_data)
 
@@ -631,7 +631,8 @@ class Runner(object):
         actual_transport = inject.get('ansible_connection', self.transport)
         actual_private_key_file = inject.get('ansible_ssh_private_key_file', self.private_key_file)
         self.sudo_pass = inject.get('ansible_sudo_pass', self.sudo_pass)
-        self.su = inject.get('ansible_su', self.su_pass)
+        self.su = inject.get('ansible_su', self.su)
+        self.su_user = inject.get('ansible_su_user', self.su_user)
         self.su_pass = inject.get('ansible_su_pass', self.su_pass)
 
         if actual_private_key_file is not None:
@@ -843,7 +844,7 @@ class Runner(object):
         sudo_user = self.sudo_user
         su_user = self.su_user
 
-        # compare connection user to sudo_user and disable if the same
+        # compare connection user to (su|sudo)_user and disable if the same
         if hasattr(conn, 'user'):
             if conn.user == sudo_user or conn.user == su_user:
                 sudoable = False
@@ -852,8 +853,8 @@ class Runner(object):
         if su:
             rc, stdin, stdout, stderr = conn.exec_command(cmd,
                                                           tmp,
-                                                          su_user=su_user,
                                                           su=su,
+                                                          su_user=su_user,
                                                           executable=executable,
                                                           in_data=in_data)
         else: