archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

improve become_method: runas error handling (#23328)

Browse Source 
Prescriptive errors for username/password issues and NTLM/Kerb auth failures, cleans up exception noise.
pull/22909/merge
Matt Davis 8 years ago committed by GitHub
parent e66c98281e
commit 8d291f91ee
2 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File

7
lib/ansible/playbook/play_context.py
Unescape Escape View File

@ -553,6 +553,13 @@ class PlayContext(Base):
elif self.become_method == 'runas': elif self.become_method == 'runas':
# become is handled inside the WinRM connection plugin # become is handled inside the WinRM connection plugin
display.warning("The Windows 'runas' become method is experimental, and may change significantly in future Ansible releases.") display.warning("The Windows 'runas' become method is experimental, and may change significantly in future Ansible releases.")
if not self.become_user:
raise AnsibleError(("The 'runas' become method requires a username "
"(specify with the '--become-user' CLI arg, the 'become_user' keyword, or the 'ansible_become_user' variable)"))
if not self.become_pass:
raise AnsibleError(("The 'runas' become method requires a password "
"(specify with the '-K' CLI arg or the 'ansible_become_password' variable)"))
becomecmd = cmd becomecmd = cmd
elif self.become_method == 'doas': elif self.become_method == 'doas':

30
lib/ansible/plugins/shell/powershell.py
Unescape Escape View File

@ -316,6 +316,15 @@ Write-Output $output
} # end exec_wrapper } # end exec_wrapper
Function Dump-Error ($excep) {
$eo = @{failed=$true}
$eo.msg = $excep.Exception.Message
$eo.exception = $excep | Out-String
$host.SetShouldExit(1)
$eo | ConvertTo-Json -Depth 10
}
Function Run($payload) { Function Run($payload) {
# NB: action popping handled inside subprocess wrapper # NB: action popping handled inside subprocess wrapper
@ -370,14 +379,25 @@ Function Run($payload) {
$psi.Username = $username $psi.Username = $username
$psi.Password = $($password | ConvertTo-SecureString -AsPlainText -Force) $psi.Password = $($password | ConvertTo-SecureString -AsPlainText -Force)
[Ansible.Shell.ProcessUtil]::GrantAccessToWindowStationAndDesktop($username) Try {
[Ansible.Shell.ProcessUtil]::GrantAccessToWindowStationAndDesktop($username)
}
Catch {
$excep = $_
throw "Error granting windowstation/desktop access to '$username' (is the username valid?): $excep"
}
Try { Try {
$proc.Start() | Out-Null # will always return $true for non shell-exec cases $proc.Start() | Out-Null # will always return $true for non shell-exec cases
} }
Catch { Catch {
Write-Output $_.Exception.InnerException $excep = $_
return if ($excep.Exception.InnerException -and `
$excep.Exception.InnerException -is [System.ComponentModel.Win32Exception] -and `
$excep.Exception.InnerException.NativeErrorCode -eq 5) {
throw "Become method 'runas' become is not currently supported with the NTLM or Kerberos auth types"
}
throw "Error launching under identity '$username': $excep"
} }
$payload_string = $payload | ConvertTo-Json -Depth 99 -Compress $payload_string = $payload | ConvertTo-Json -Depth 99 -Compress
@ -404,6 +424,10 @@ Function Run($payload) {
Throw "failed, rc was $rc, stderr was $stderr, stdout was $stdout" Throw "failed, rc was $rc, stderr was $stderr, stdout was $stdout"
} }
} }
Catch {
$excep = $_
Dump-Error $excep
}
Finally { Finally {
Remove-Item $temp -ErrorAction SilentlyContinue Remove-Item $temp -ErrorAction SilentlyContinue
} }

Write Preview
Loading…
Cancel
Save