preliminary privlege escalation unification + pbrun

- become constants inherit existing sudo/su ones
- become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group
- changed method signatures as privlege escalation is collapsed to become
- added tests for su and become, diabled su for lack of support in local.py
- updated playbook,play and task objects to become
- added become to runner
- added whoami test for become/sudo/su
- added home override dir for plugins
- removed useless method from ask pass
- forced become pass to always be string also uses to_bytes
- fixed fakerunner for tests
- corrected reference in synchronize action plugin
- added pfexec (needs testing)
- removed unused sudo/su in runner init
- removed deprecated info
- updated pe tests to allow to run under sudo and not need root
- normalized become options into a funciton to avoid duplication and inconsistencies
- pushed suppored list to connection classs property
- updated all connection plugins to latest 'become' pe

- includes fixes from feedback (including typos)
- added draft docs
- stub of become_exe, leaving for future v2 fixes

lib/ansible/runner/action_plugins/assemble.py

@@ -125,7 +125,7 @@ class ActionModule(object):
             xfered = self.runner._transfer_str(conn, tmp, 'src', resultant)
 
             # fix file permissions when the copy is done as a different user
-            if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
+            if self.runner.become and self.runner.become_user != 'root':
                 self.runner._remote_chmod(conn, 'a+r', xfered, tmp)
 
             # run the copy module

lib/ansible/runner/action_plugins/copy.py

@@ -234,7 +234,7 @@ class ActionModule(object):
                 self._remove_tempfile_if_content_defined(content, content_tempfile)
 
                 # fix file permissions when the copy is done as a different user
-                if (self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root') and not raw:
+                if self.runner.become and self.runner.become_user != 'root' and not raw:
                     self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp_path)
 
                 if raw:

lib/ansible/runner/action_plugins/fetch.py

@@ -78,7 +78,7 @@ class ActionModule(object):
 
         # use slurp if sudo and permissions are lacking
         remote_data = None
-        if remote_checksum in ('1', '2') or self.runner.sudo:
+        if remote_checksum in ('1', '2') or self.runner.become:
             slurpres = self.runner._execute_module(conn, tmp, 'slurp', 'src=%s' % source, inject=inject)
             if slurpres.is_successful():
                 if slurpres.result['encoding'] == 'base64':

lib/ansible/runner/action_plugins/patch.py

@@ -50,7 +50,7 @@ class ActionModule(object):
         tmp_src = tmp + src
         conn.put_file(src, tmp_src)
 
-        if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
+        if self.runner.become and self.runner.become_user != 'root':
             if not self.runner.noop_on_check(inject):
                 self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp)
 

lib/ansible/runner/action_plugins/script.py

@@ -113,8 +113,7 @@ class ActionModule(object):
 
         sudoable = True
         # set file permissions, more permissive when the copy is done as a different user
-        if ((self.runner.sudo and self.runner.sudo_user != 'root') or
-                (self.runner.su and self.runner.su_user != 'root')):
+        if self.runner.become and self.runner.become_user != 'root':
             chmod_mode = 'a+rx'
             sudoable = False
         else:

lib/ansible/runner/action_plugins/synchronize.py

@@ -78,7 +78,7 @@ class ActionModule(object):
     
         # Store original transport and sudo values.
         self.original_transport = inject.get('ansible_connection', self.runner.transport)
-        self.original_sudo = self.runner.sudo
+        self.original_become = self.runner.become
         self.transport_overridden = False
 
         if inject.get('delegate_to') is None:
@@ -87,7 +87,7 @@ class ActionModule(object):
             if self.original_transport != 'local':
                 inject['ansible_connection'] = 'local'
                 self.transport_overridden = True
-                self.runner.sudo = False
+                self.runner.become = False
 
     def run(self, conn, tmp, module_name, module_args,
         inject, complex_args=None, **kwargs):
@@ -143,7 +143,7 @@ class ActionModule(object):
                     # use a delegate host instead of localhost
                     use_delegate = True
 
-        # COMPARE DELEGATE, HOST AND TRANSPORT                             
+        # COMPARE DELEGATE, HOST AND TRANSPORT
         process_args = False
         if not dest_host is src_host and self.original_transport != 'local':
             # interpret and inject remote host info into src or dest
@@ -160,7 +160,7 @@ class ActionModule(object):
                 if not use_delegate or not user:
                     user = inject.get('ansible_ssh_user',
                                     self.runner.remote_user)
-                
+
             if use_delegate:
                 # FIXME
                 private_key = inject.get('ansible_ssh_private_key_file', self.runner.private_key_file)
@@ -172,7 +172,7 @@ class ActionModule(object):
             if not private_key is None:
                 private_key = os.path.expanduser(private_key)
                 options['private_key'] = private_key
-                
+
             # use the mode to define src and dest's url
             if options.get('mode', 'push') == 'pull':
                 # src is a remote path: <user>@<host>, dest is a local path
@@ -192,7 +192,7 @@ class ActionModule(object):
         rsync_path = options.get('rsync_path', None)
 
         # If no rsync_path is set, sudo was originally set, and dest is remote then add 'sudo rsync' argument.
-        if not rsync_path and self.transport_overridden and self.original_sudo and not dest_is_local:
+        if not rsync_path and self.transport_overridden and self.original_become and not dest_is_local and self.runner.become_method == 'sudo':
             rsync_path = 'sudo rsync'
 
         # make sure rsync path is quoted.
@@ -206,8 +206,8 @@ class ActionModule(object):
         # run the module and store the result
         result = self.runner._execute_module(conn, tmp, 'synchronize', module_args, complex_args=options, inject=inject)
 
-        # reset the sudo property                 
-        self.runner.sudo = self.original_sudo
+        # reset the sudo property
+        self.runner.become = self.original_become
 
         return result
 

lib/ansible/runner/action_plugins/template.py

@@ -133,7 +133,7 @@ class ActionModule(object):
             xfered = self.runner._transfer_str(conn, tmp, 'source', resultant)
 
             # fix file permissions when the copy is done as a different user
-            if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
+            if self.runner.become and self.runner.become_user != 'root' or self.runner.su and self.runner.su_user != 'root':
                 self.runner._remote_chmod(conn, 'a+r', xfered, tmp)
 
             # run the copy module

lib/ansible/runner/action_plugins/unarchive.py

@@ -99,7 +99,7 @@ class ActionModule(object):
         # handle check mode client side
         # fix file permissions when the copy is done as a different user
         if copy:
-            if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
+            if self.runner.become and self.runner.become_user != 'root':
                 if not self.runner.noop_on_check(inject):
                     self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp)
             # Build temporary module_args.

lib/ansible/runner/action_plugins/win_copy.py

@@ -230,7 +230,7 @@ class ActionModule(object):
                 self._remove_tempfile_if_content_defined(content, content_tempfile)
 
                 # fix file permissions when the copy is done as a different user
-                if (self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root') and not raw:
+                if self.runner.become and self.runner.become_user != 'root' and not raw:
                     self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp_path)
 
                 if raw:

lib/ansible/runner/action_plugins/win_template.py

@@ -109,7 +109,7 @@ class ActionModule(object):
             xfered = self.runner._transfer_str(conn, tmp, 'source', resultant)
 
             # fix file permissions when the copy is done as a different user
-            if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
+            if self.runner.become and self.runner.become_user != 'root':
                 self.runner._remote_chmod(conn, 'a+r', xfered, tmp)
 
             # run the copy module