archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

actually implemented flags correctly for all priv escalation methods

Browse Source
pull/12211/head
Brian Coca 9 years ago
parent 14f061d5ea
commit a7231c2203
3 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File

2
lib/ansible/constants.py
Unescape Escape View File

@ -162,7 +162,7 @@ DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesyste
DEFAULT_SU = get_config(p, DEFAULTS, 'su', 'ANSIBLE_SU', False, boolean=True) DEFAULT_SU = get_config(p, DEFAULTS, 'su', 'ANSIBLE_SU', False, boolean=True)
DEFAULT_SU_USER = get_config(p, DEFAULTS, 'su_user', 'ANSIBLE_SU_USER', 'root') DEFAULT_SU_USER = get_config(p, DEFAULTS, 'su_user', 'ANSIBLE_SU_USER', 'root')
DEFAULT_SU_EXE = get_config(p, DEFAULTS, 'su_exe', 'ANSIBLE_SU_EXE', None) DEFAULT_SU_EXE = get_config(p, DEFAULTS, 'su_exe', 'ANSIBLE_SU_EXE', None)
DEFAULT_SU_FLAGS = get_config(p, DEFAULTS, 'su_flags', 'ANSIBLE_SU_FLAGS', '') DEFAULT_SU_FLAGS = get_config(p, DEFAULTS, 'su_flags', 'ANSIBLE_SU_FLAGS', None)
DEFAULT_ASK_SU_PASS = get_config(p, DEFAULTS, 'ask_su_pass', 'ANSIBLE_ASK_SU_PASS', False, boolean=True) DEFAULT_ASK_SU_PASS = get_config(p, DEFAULTS, 'ask_su_pass', 'ANSIBLE_ASK_SU_PASS', False, boolean=True)
DEFAULT_SUDO = get_config(p, DEFAULTS, 'sudo', 'ANSIBLE_SUDO', False, boolean=True) DEFAULT_SUDO = get_config(p, DEFAULTS, 'sudo', 'ANSIBLE_SUDO', False, boolean=True)
DEFAULT_SUDO_USER = get_config(p, DEFAULTS, 'sudo_user', 'ANSIBLE_SUDO_USER', 'root') DEFAULT_SUDO_USER = get_config(p, DEFAULTS, 'sudo_user', 'ANSIBLE_SUDO_USER', 'root')

13
lib/ansible/playbook/play_context.py
Unescape Escape View File

@ -345,6 +345,13 @@ class PlayContext(Base):
getattr(C, 'DEFAULT_%s_EXE' % self.become_method.upper(), None) or \ getattr(C, 'DEFAULT_%s_EXE' % self.become_method.upper(), None) or \
self.become_method self.become_method
# set flags to use for the privilege escalation method, with various overrides
flags = self.become_flags or \
getattr(self, '%s_flags' % self.become_method, None) or \
C.DEFAULT_BECOME_FLAGS or \
getattr(C, 'DEFAULT_%s_FLAGS' % self.become_method.upper(), None) or \
''
if self.become_method == 'sudo': if self.become_method == 'sudo':
# Rather than detect if sudo wants a password this time, -k makes sudo always ask for # Rather than detect if sudo wants a password this time, -k makes sudo always ask for
# a password if one is required. Passing a quoted compound command to sudo (or sudo -s) # a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
@ -352,7 +359,6 @@ class PlayContext(Base):
# string to the user's shell. We loop reading output until we see the randomly-generated # string to the user's shell. We loop reading output until we see the randomly-generated
# sudo prompt set with the -p option. # sudo prompt set with the -p option.
prompt = '[sudo via ansible, key=%s] password: ' % randbits prompt = '[sudo via ansible, key=%s] password: ' % randbits
flags = self.become_flags or self.sudo_flags or C.DEFAULT_SUDO_FLAGS
# force quick error if password is required but not supplied, should prevent sudo hangs. # force quick error if password is required but not supplied, should prevent sudo hangs.
if not self.become_pass: if not self.become_pass:
@ -367,18 +373,15 @@ class PlayContext(Base):
return bool(SU_PROMPT_LOCALIZATIONS_RE.match(data)) return bool(SU_PROMPT_LOCALIZATIONS_RE.match(data))
prompt = detect_su_prompt prompt = detect_su_prompt
flags = self.become_flags or self.su_flags or ''
becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, executable, success_cmd) becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, executable, success_cmd)
elif self.become_method == 'pbrun': elif self.become_method == 'pbrun':
prompt='assword:' prompt='assword:'
flags = self.become_flags or ''
becomecmd = '%s -b %s -u %s %s' % (exe, flags, self.become_user, success_cmd) becomecmd = '%s -b %s -u %s %s' % (exe, flags, self.become_user, success_cmd)
elif self.become_method == 'pfexec': elif self.become_method == 'pfexec':
flags = self.become_flags or ''
# No user as it uses it's own exec_attr to figure it out # No user as it uses it's own exec_attr to figure it out
becomecmd = '%s %s "%s"' % (exe, flags, success_cmd) becomecmd = '%s %s "%s"' % (exe, flags, success_cmd)
@ -386,14 +389,12 @@ class PlayContext(Base):
raise AnsibleError("'runas' is not yet implemented") raise AnsibleError("'runas' is not yet implemented")
#TODO: figure out prompt #TODO: figure out prompt
# this is not for use with winrm plugin but if they ever get ssh native on windoez # this is not for use with winrm plugin but if they ever get ssh native on windoez
flags = self.become_flags or ''
becomecmd = '%s %s /user:%s "%s"' % (exe, flags, self.become_user, success_cmd) becomecmd = '%s %s /user:%s "%s"' % (exe, flags, self.become_user, success_cmd)
elif self.become_method == 'doas': elif self.become_method == 'doas':
prompt = 'Password:' prompt = 'Password:'
exe = self.become_exe or 'doas' exe = self.become_exe or 'doas'
flags = self.become_flags or ''
if not self.become_pass: if not self.become_pass:
flags += ' -n ' flags += ' -n '

2
test/units/playbook/test_play_context.py
Unescape Escape View File

@ -118,7 +118,7 @@ class TestPlayContext(unittest.TestCase):
sudo_exe = C.DEFAULT_SUDO_EXE or 'sudo' sudo_exe = C.DEFAULT_SUDO_EXE or 'sudo'
sudo_flags = C.DEFAULT_SUDO_FLAGS + " -n " sudo_flags = C.DEFAULT_SUDO_FLAGS + " -n "
su_exe = C.DEFAULT_SU_EXE or 'su' su_exe = C.DEFAULT_SU_EXE or 'su'
su_flags = C.DEFAULT_SU_FLAGS su_flags = C.DEFAULT_SU_FLAGS or ''
pbrun_exe = 'pbrun' pbrun_exe = 'pbrun'
pbrun_flags = '' pbrun_flags = ''
pfexec_exe = 'pfexec' pfexec_exe = 'pfexec'

Write Preview
Loading…
Cancel
Save