mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 13:20:23 -07:00
Implement ssh connection handling as a state machine
The event loop (even after it was brought into one place in _run in the previous commit) was hard to follow. The states and transitions weren't clear or documented, and the privilege escalation code was non-blocking while the rest was blocking. Now we have a state machine with four states: awaiting_prompt, awaiting_escalation, ready_to_send (initial data), and awaiting_exit. The actions in each state and the transitions between then are clearly documented. The check_incorrect_password() method no longer checks for empty strings (since they will always match), and check_become_success() uses equality rather than a substring match to avoid thinking an echoed command is an indication of successful escalation. Also adds a check_missing_password connection method to detect the error from sudo -n/doas -n.
This commit is contained in:
parent
840a32bc08
commit
ac98fe9e89
4 changed files with 213 additions and 105 deletions
|
@ -172,6 +172,7 @@ DEFAULT_ASK_SUDO_PASS = get_config(p, DEFAULTS, 'ask_sudo_pass', 'ANSIBLE
|
|||
|
||||
# Become
|
||||
BECOME_ERROR_STRINGS = {'sudo': 'Sorry, try again.', 'su': 'Authentication failure', 'pbrun': '', 'pfexec': '', 'runas': '', 'doas': 'Permission denied'} #FIXME: deal with i18n
|
||||
BECOME_MISSING_STRINGS = {'sudo': 'sorry, a password is required to run sudo', 'su': '', 'pbrun': '', 'pfexec': '', 'runas': '', 'doas': 'Authorization required'} #FIXME: deal with i18n
|
||||
BECOME_METHODS = ['sudo','su','pbrun','pfexec','runas','doas']
|
||||
BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, boolean=True)
|
||||
DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD','sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo' ).lower()
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue