Move sudo command making to one common function

lib/ansible/runner/connection_plugins/local.py

@@ -21,6 +21,7 @@ import pipes
 import shutil
 import subprocess
 from ansible import errors
+from ansible import utils
 from ansible.callbacks import vvv
 
 class Connection(object):
@@ -48,11 +49,11 @@ class Connection(object):
                 # to do so.  The primary usage of the local connection is for crontab and kickstart usage however
                 # so this doesn't seem to be a huge priority
                 raise errors.AnsibleError("sudo with password is presently only supported on the 'paramiko' (SSH) and native 'ssh' connection types")
-            sudocmd = "sudo -u %s -s %s -c %s" % (sudo_user, executable, cmd)
+            local_cmd, prompt = utils.make_sudo_cmd(sudo_user, executable, cmd)
-            local_cmd = ['/bin/sh', '-c', sudocmd]
 
         vvv("EXEC %s" % local_cmd, host=self.host)
-        p = subprocess.Popen(local_cmd, cwd=self.runner.basedir, executable=executable,
+        p = subprocess.Popen(local_cmd, shell=isinstance(local_cmd, basestring),
+                             cwd=self.runner.basedir, executable=executable,
                              stdout=subprocess.PIPE, stderr=subprocess.PIPE)
         stdout, stderr = p.communicate()
         return (p.returncode, '', stdout, stderr)

lib/ansible/runner/connection_plugins/paramiko_ssh.py

@@ -22,6 +22,7 @@ import socket
 import random
 from ansible.callbacks import vvv
 from ansible import errors
+from ansible import utils
 
 # prevent paramiko warning noise -- see http://stackoverflow.com/questions/3920502/
 HAVE_PARAMIKO=False
@@ -117,22 +118,7 @@ class Connection(object):
             vvv("EXEC %s" % quoted_command, host=self.host)
             chan.exec_command(quoted_command)
         else:
-            # Rather than detect if sudo wants a password this time, -k makes
+            shcmd, prompt = utils.make_sudo_cmd(sudo_user, executable, cmd)
-            # sudo always ask for a password if one is required. 
-            # Passing a quoted compound command to sudo (or sudo -s)
-            # directly doesn't work, so we shellquote it with pipes.quote()
-            # and pass the quoted string to the user's shell.  We loop reading
-            # output until we see the randomly-generated sudo prompt set with
-            # the -p option.
-            randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
-            prompt = '[sudo via ansible, key=%s] password: ' % randbits
-            sudocmd = 'sudo -k && sudo -p "%s" -u %s ' % (
-                prompt, sudo_user)
-            if executable:
-                sudocmd += "%s -c %s" % (executable, pipes.quote(cmd))
-            else:
-                sudocmd += cmd
-            shcmd = '/bin/sh -c ' + pipes.quote(sudocmd)
             vvv("EXEC %s" % shcmd, host=self.host)
             sudo_output = ''
             try:

lib/ansible/runner/connection_plugins/ssh.py

@@ -26,6 +26,7 @@ import fcntl
 import ansible.constants as C
 from ansible.callbacks import vvv
 from ansible import errors
+from ansible import utils
 
 class Connection(object):
     ''' ssh based connections '''
@@ -93,22 +94,8 @@ class Connection(object):
             else:
                 ssh_cmd.append(cmd)
         else:
-            # Rather than detect if sudo wants a password this time, -k makes
+            sudocmd, prompt = utils.make_sudo_cmd(sudo_user, executable, cmd)
-            # sudo always ask for a password if one is required.
+            ssh_cmd.append(sudocmd)
-            # Passing a quoted compound command to sudo (or sudo -s)
-            # directly doesn't work, so we shellquote it with pipes.quote()
-            # and pass the quoted string to the user's shell.  We loop reading
-            # output until we see the randomly-generated sudo prompt set with
-            # the -p option.
-            randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
-            prompt = '[sudo via ansible, key=%s] password: ' % randbits
-            sudocmd = 'sudo -k && sudo -p "%s" -u %s ' % (
-                prompt, sudo_user)
-            if executable:
-                sudocmd += "%s -c %s" % (executable, pipes.quote(cmd))
-            else:
-                sudocmd += cmd
-            ssh_cmd.append('/bin/sh -c ' + pipes.quote(sudocmd))
 
         vvv("EXEC %s" % ssh_cmd, host=self.host)
         try:

lib/ansible/utils/__init__.py

@@ -31,6 +31,8 @@ import StringIO
 import stat
 import termios
 import tty
+import pipes
+import random
 
 VERBOSITY=0
 
@@ -529,3 +531,19 @@ def compile_when_to_only_if(expression):
     else:
         raise errors.AnsibleError("invalid usage of when_ operator: %s" % expression)
 
+def make_sudo_cmd(sudo_user, executable, cmd):
+    """
+    helper function for connection plugins to create sudo commands
+    """
+    # Rather than detect if sudo wants a password this time, -k makes
+    # sudo always ask for a password if one is required.
+    # Passing a quoted compound command to sudo (or sudo -s)
+    # directly doesn't work, so we shellquote it with pipes.quote()
+    # and pass the quoted string to the user's shell.  We loop reading
+    # output until we see the randomly-generated sudo prompt set with
+    # the -p option.
+    randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
+    prompt = '[sudo via ansible, key=%s] password: ' % randbits
+    sudocmd = 'sudo -k && sudo -S -p "%s" -u %s %s -c %s' % (
+        prompt, sudo_user, executable or '$SHELL', pipes.quote(cmd))
+    return ('/bin/sh -c ' + pipes.quote(sudocmd), prompt)