mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 05:10:22 -07:00
actually implemented flags correctly for all priv escalation methods
This commit is contained in:
parent
14f061d5ea
commit
a7231c2203
3 changed files with 9 additions and 8 deletions
|
@ -162,7 +162,7 @@ DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesyste
|
||||||
DEFAULT_SU = get_config(p, DEFAULTS, 'su', 'ANSIBLE_SU', False, boolean=True)
|
DEFAULT_SU = get_config(p, DEFAULTS, 'su', 'ANSIBLE_SU', False, boolean=True)
|
||||||
DEFAULT_SU_USER = get_config(p, DEFAULTS, 'su_user', 'ANSIBLE_SU_USER', 'root')
|
DEFAULT_SU_USER = get_config(p, DEFAULTS, 'su_user', 'ANSIBLE_SU_USER', 'root')
|
||||||
DEFAULT_SU_EXE = get_config(p, DEFAULTS, 'su_exe', 'ANSIBLE_SU_EXE', None)
|
DEFAULT_SU_EXE = get_config(p, DEFAULTS, 'su_exe', 'ANSIBLE_SU_EXE', None)
|
||||||
DEFAULT_SU_FLAGS = get_config(p, DEFAULTS, 'su_flags', 'ANSIBLE_SU_FLAGS', '')
|
DEFAULT_SU_FLAGS = get_config(p, DEFAULTS, 'su_flags', 'ANSIBLE_SU_FLAGS', None)
|
||||||
DEFAULT_ASK_SU_PASS = get_config(p, DEFAULTS, 'ask_su_pass', 'ANSIBLE_ASK_SU_PASS', False, boolean=True)
|
DEFAULT_ASK_SU_PASS = get_config(p, DEFAULTS, 'ask_su_pass', 'ANSIBLE_ASK_SU_PASS', False, boolean=True)
|
||||||
DEFAULT_SUDO = get_config(p, DEFAULTS, 'sudo', 'ANSIBLE_SUDO', False, boolean=True)
|
DEFAULT_SUDO = get_config(p, DEFAULTS, 'sudo', 'ANSIBLE_SUDO', False, boolean=True)
|
||||||
DEFAULT_SUDO_USER = get_config(p, DEFAULTS, 'sudo_user', 'ANSIBLE_SUDO_USER', 'root')
|
DEFAULT_SUDO_USER = get_config(p, DEFAULTS, 'sudo_user', 'ANSIBLE_SUDO_USER', 'root')
|
||||||
|
|
|
@ -345,6 +345,13 @@ class PlayContext(Base):
|
||||||
getattr(C, 'DEFAULT_%s_EXE' % self.become_method.upper(), None) or \
|
getattr(C, 'DEFAULT_%s_EXE' % self.become_method.upper(), None) or \
|
||||||
self.become_method
|
self.become_method
|
||||||
|
|
||||||
|
# set flags to use for the privilege escalation method, with various overrides
|
||||||
|
flags = self.become_flags or \
|
||||||
|
getattr(self, '%s_flags' % self.become_method, None) or \
|
||||||
|
C.DEFAULT_BECOME_FLAGS or \
|
||||||
|
getattr(C, 'DEFAULT_%s_FLAGS' % self.become_method.upper(), None) or \
|
||||||
|
''
|
||||||
|
|
||||||
if self.become_method == 'sudo':
|
if self.become_method == 'sudo':
|
||||||
# Rather than detect if sudo wants a password this time, -k makes sudo always ask for
|
# Rather than detect if sudo wants a password this time, -k makes sudo always ask for
|
||||||
# a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
|
# a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
|
||||||
|
@ -352,7 +359,6 @@ class PlayContext(Base):
|
||||||
# string to the user's shell. We loop reading output until we see the randomly-generated
|
# string to the user's shell. We loop reading output until we see the randomly-generated
|
||||||
# sudo prompt set with the -p option.
|
# sudo prompt set with the -p option.
|
||||||
prompt = '[sudo via ansible, key=%s] password: ' % randbits
|
prompt = '[sudo via ansible, key=%s] password: ' % randbits
|
||||||
flags = self.become_flags or self.sudo_flags or C.DEFAULT_SUDO_FLAGS
|
|
||||||
|
|
||||||
# force quick error if password is required but not supplied, should prevent sudo hangs.
|
# force quick error if password is required but not supplied, should prevent sudo hangs.
|
||||||
if not self.become_pass:
|
if not self.become_pass:
|
||||||
|
@ -367,18 +373,15 @@ class PlayContext(Base):
|
||||||
return bool(SU_PROMPT_LOCALIZATIONS_RE.match(data))
|
return bool(SU_PROMPT_LOCALIZATIONS_RE.match(data))
|
||||||
|
|
||||||
prompt = detect_su_prompt
|
prompt = detect_su_prompt
|
||||||
flags = self.become_flags or self.su_flags or ''
|
|
||||||
becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, executable, success_cmd)
|
becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, executable, success_cmd)
|
||||||
|
|
||||||
elif self.become_method == 'pbrun':
|
elif self.become_method == 'pbrun':
|
||||||
|
|
||||||
prompt='assword:'
|
prompt='assword:'
|
||||||
flags = self.become_flags or ''
|
|
||||||
becomecmd = '%s -b %s -u %s %s' % (exe, flags, self.become_user, success_cmd)
|
becomecmd = '%s -b %s -u %s %s' % (exe, flags, self.become_user, success_cmd)
|
||||||
|
|
||||||
elif self.become_method == 'pfexec':
|
elif self.become_method == 'pfexec':
|
||||||
|
|
||||||
flags = self.become_flags or ''
|
|
||||||
# No user as it uses it's own exec_attr to figure it out
|
# No user as it uses it's own exec_attr to figure it out
|
||||||
becomecmd = '%s %s "%s"' % (exe, flags, success_cmd)
|
becomecmd = '%s %s "%s"' % (exe, flags, success_cmd)
|
||||||
|
|
||||||
|
@ -386,14 +389,12 @@ class PlayContext(Base):
|
||||||
raise AnsibleError("'runas' is not yet implemented")
|
raise AnsibleError("'runas' is not yet implemented")
|
||||||
#TODO: figure out prompt
|
#TODO: figure out prompt
|
||||||
# this is not for use with winrm plugin but if they ever get ssh native on windoez
|
# this is not for use with winrm plugin but if they ever get ssh native on windoez
|
||||||
flags = self.become_flags or ''
|
|
||||||
becomecmd = '%s %s /user:%s "%s"' % (exe, flags, self.become_user, success_cmd)
|
becomecmd = '%s %s /user:%s "%s"' % (exe, flags, self.become_user, success_cmd)
|
||||||
|
|
||||||
elif self.become_method == 'doas':
|
elif self.become_method == 'doas':
|
||||||
|
|
||||||
prompt = 'Password:'
|
prompt = 'Password:'
|
||||||
exe = self.become_exe or 'doas'
|
exe = self.become_exe or 'doas'
|
||||||
flags = self.become_flags or ''
|
|
||||||
|
|
||||||
if not self.become_pass:
|
if not self.become_pass:
|
||||||
flags += ' -n '
|
flags += ' -n '
|
||||||
|
|
|
@ -118,7 +118,7 @@ class TestPlayContext(unittest.TestCase):
|
||||||
sudo_exe = C.DEFAULT_SUDO_EXE or 'sudo'
|
sudo_exe = C.DEFAULT_SUDO_EXE or 'sudo'
|
||||||
sudo_flags = C.DEFAULT_SUDO_FLAGS + " -n "
|
sudo_flags = C.DEFAULT_SUDO_FLAGS + " -n "
|
||||||
su_exe = C.DEFAULT_SU_EXE or 'su'
|
su_exe = C.DEFAULT_SU_EXE or 'su'
|
||||||
su_flags = C.DEFAULT_SU_FLAGS
|
su_flags = C.DEFAULT_SU_FLAGS or ''
|
||||||
pbrun_exe = 'pbrun'
|
pbrun_exe = 'pbrun'
|
||||||
pbrun_flags = ''
|
pbrun_flags = ''
|
||||||
pfexec_exe = 'pfexec'
|
pfexec_exe = 'pfexec'
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue