summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/ansible/playbook/play_context.py13
-rw-r--r--lib/ansible/plugins/connections/local.py2
-rw-r--r--lib/ansible/plugins/connections/paramiko_ssh.py49
-rw-r--r--lib/ansible/plugins/connections/ssh.py95
-rw-r--r--test/units/playbook/test_play_context.py9
5 files changed, 87 insertions, 81 deletions
diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py
index 9888de6d84..55d7d99b5a 100644
--- a/lib/ansible/playbook/play_context.py
+++ b/lib/ansible/playbook/play_context.py
@@ -335,6 +335,7 @@ class PlayContext(Base):
prompt = None
success_key = None
+ self.prompt = None
if executable is None:
executable = C.DEFAULT_EXECUTABLE
@@ -366,13 +367,14 @@ class PlayContext(Base):
# directly doesn't work, so we shellquote it with pipes.quote() and pass the quoted
# string to the user's shell. We loop reading output until we see the randomly-generated
# sudo prompt set with the -p option.
- prompt = '[sudo via ansible, key=%s] password: ' % randbits
# force quick error if password is required but not supplied, should prevent sudo hangs.
- if not self.become_pass:
- flags += " -n "
+ if self.become_pass:
+ prompt = '[sudo via ansible, key=%s] password: ' % randbits
+ becomecmd = '%s %s -p "%s" -S -u %s %s -c %s' % (exe, flags, prompt, self.become_user, executable, success_cmd)
+ else:
+ becomecmd = '%s %s -n -S -u %s %s -c %s' % (exe, flags, self.become_user, executable, success_cmd)
- becomecmd = '%s %s -S -p "%s" -u %s %s -c %s' % (exe, flags, prompt, self.become_user, executable, success_cmd)
elif self.become_method == 'su':
@@ -415,7 +417,8 @@ class PlayContext(Base):
else:
raise AnsibleError("Privilege escalation method not found: %s" % self.become_method)
- self.prompt = prompt
+ if self.become_pass:
+ self.prompt = prompt
self.success_key = success_key
return ('%s -c %s' % (executable, pipes.quote(becomecmd)))
diff --git a/lib/ansible/plugins/connections/local.py b/lib/ansible/plugins/connections/local.py
index e4eddbd4cb..e307798913 100644
--- a/lib/ansible/plugins/connections/local.py
+++ b/lib/ansible/plugins/connections/local.py
@@ -70,7 +70,7 @@ class Connection(ConnectionBase):
)
self._display.debug("done running command with Popen()")
- if self._play_context.prompt and self._play_context.become_pass and sudoable:
+ if self._play_context.prompt and sudoable:
fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK)
fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) | os.O_NONBLOCK)
become_output = ''
diff --git a/lib/ansible/plugins/connections/paramiko_ssh.py b/lib/ansible/plugins/connections/paramiko_ssh.py
index a3491be938..6df6a3ebe0 100644
--- a/lib/ansible/plugins/connections/paramiko_ssh.py
+++ b/lib/ansible/plugins/connections/paramiko_ssh.py
@@ -224,33 +224,32 @@ class Connection(ConnectionBase):
try:
chan.exec_command(cmd)
if self._play_context.prompt:
- if self._play_context.become and self._play_context.become_pass:
- passprompt = False
- while True:
- self._display.debug('Waiting for Privilege Escalation input')
- if self.check_become_success(become_output):
- break
- elif self.check_password_prompt(become_output):
- passprompt = True
- break
-
- chunk = chan.recv(bufsize)
- self._display.debug("chunk is: %s" % chunk)
- if not chunk:
- if 'unknown user' in become_output:
- raise AnsibleError( 'user %s does not exist' % become_user)
- else:
- break
- #raise AnsibleError('ssh connection closed waiting for password prompt')
- become_output += chunk
- if passprompt:
- if self._play_context.become and self._play_context.become_pass:
- chan.sendall(self._play_context.become_pass + '\n')
+ passprompt = False
+ while True:
+ self._display.debug('Waiting for Privilege Escalation input')
+ if self.check_become_success(become_output):
+ break
+ elif self.check_password_prompt(become_output):
+ passprompt = True
+ break
+
+ chunk = chan.recv(bufsize)
+ self._display.debug("chunk is: %s" % chunk)
+ if not chunk:
+ if 'unknown user' in become_output:
+ raise AnsibleError( 'user %s does not exist' % become_user)
else:
- raise AnsibleError("A password is reqired but none was supplied")
+ break
+ #raise AnsibleError('ssh connection closed waiting for password prompt')
+ become_output += chunk
+ if passprompt:
+ if self._play_context.become and self._play_context.become_pass:
+ chan.sendall(self._play_context.become_pass + '\n')
else:
- no_prompt_out += become_output
- no_prompt_err += become_output
+ raise AnsibleError("A password is reqired but none was supplied")
+ else:
+ no_prompt_out += become_output
+ no_prompt_err += become_output
except socket.timeout:
raise AnsibleError('ssh timed out waiting for privilege escalation.\n' + become_output)
diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py
index ee912374a7..80da729ea7 100644
--- a/lib/ansible/plugins/connections/ssh.py
+++ b/lib/ansible/plugins/connections/ssh.py
@@ -378,54 +378,53 @@ class Connection(ConnectionBase):
self._display.debug("Handling privilege escalation password prompt.")
- if self._play_context.become and self._play_context.become_pass:
-
- fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK)
- fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) | os.O_NONBLOCK)
-
- become_output = ''
- become_errput = ''
- passprompt = False
- while True:
- self._display.debug('Waiting for Privilege Escalation input')
-
- if self.check_become_success(become_output + become_errput):
- self._display.debug('Succeded!')
- break
- elif self.check_password_prompt(become_output) or self.check_password_prompt(become_errput):
- self._display.debug('Password prompt!')
- passprompt = True
- break
-
- self._display.debug('Read next chunks')
- rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout], self._play_context.timeout)
- if not rfd:
- # timeout. wrap up process communication
- stdout, stderr = p.communicate()
- raise AnsibleError('Connection error waiting for privilege escalation password prompt: %s' % become_output)
-
- elif p.stderr in rfd:
- chunk = p.stderr.read()
- become_errput += chunk
- self._display.debug('stderr chunk is: %s' % chunk)
- self.check_incorrect_password(become_errput)
-
- elif p.stdout in rfd:
- chunk = p.stdout.read()
- become_output += chunk
- self._display.debug('stdout chunk is: %s' % chunk)
-
-
- if not chunk:
- break
- #raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output)
-
- if passprompt:
- self._display.debug("Sending privilege escalation password.")
- stdin.write(self._play_context.become_pass + '\n')
- else:
- no_prompt_out = become_output
- no_prompt_err = become_errput
+
+ fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK)
+ fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) | os.O_NONBLOCK)
+
+ become_output = ''
+ become_errput = ''
+ passprompt = False
+ while True:
+ self._display.debug('Waiting for Privilege Escalation input')
+
+ if self.check_become_success(become_output + become_errput):
+ self._display.debug('Succeded!')
+ break
+ elif self.check_password_prompt(become_output) or self.check_password_prompt(become_errput):
+ self._display.debug('Password prompt!')
+ passprompt = True
+ break
+
+ self._display.debug('Read next chunks')
+ rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout], self._play_context.timeout)
+ if not rfd:
+ # timeout. wrap up process communication
+ stdout, stderr = p.communicate()
+ raise AnsibleError('Connection error waiting for privilege escalation password prompt: %s' % become_output)
+
+ elif p.stderr in rfd:
+ chunk = p.stderr.read()
+ become_errput += chunk
+ self._display.debug('stderr chunk is: %s' % chunk)
+ self.check_incorrect_password(become_errput)
+
+ elif p.stdout in rfd:
+ chunk = p.stdout.read()
+ become_output += chunk
+ self._display.debug('stdout chunk is: %s' % chunk)
+
+
+ if not chunk:
+ break
+ #raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output)
+
+ if passprompt:
+ self._display.debug("Sending privilege escalation password.")
+ stdin.write(self._play_context.become_pass + '\n')
+ else:
+ no_prompt_out = become_output
+ no_prompt_err = become_errput
(returncode, stdout, stderr) = self._communicate(p, stdin, in_data, sudoable=sudoable)
diff --git a/test/units/playbook/test_play_context.py b/test/units/playbook/test_play_context.py
index dcfc6df539..c1582a971a 100644
--- a/test/units/playbook/test_play_context.py
+++ b/test/units/playbook/test_play_context.py
@@ -116,7 +116,7 @@ class TestPlayContext(unittest.TestCase):
default_cmd = "/bin/foo"
default_exe = "/bin/bash"
sudo_exe = C.DEFAULT_SUDO_EXE or 'sudo'
- sudo_flags = C.DEFAULT_SUDO_FLAGS + " -n "
+ sudo_flags = C.DEFAULT_SUDO_FLAGS
su_exe = C.DEFAULT_SU_EXE or 'su'
su_flags = C.DEFAULT_SU_FLAGS or ''
pbrun_exe = 'pbrun'
@@ -134,7 +134,12 @@ class TestPlayContext(unittest.TestCase):
play_context.become_method = 'sudo'
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
- self.assertEqual(cmd, """%s -c '%s %s -S -p "%s" -u %s %s -c '"'"'echo %s; %s'"'"''""" % (default_exe, sudo_exe, sudo_flags, play_context.prompt, play_context.become_user, default_exe, play_context.success_key, default_cmd))
+ self.assertEqual(cmd, """%s -c '%s %s -n -S -u %s %s -c '"'"'echo %s; %s'"'"''""" % (default_exe, sudo_exe, sudo_flags, play_context.become_user, default_exe, play_context.success_key, default_cmd))
+ play_context.become_pass = 'testpass'
+ cmd = play_context.make_become_cmd(cmd=default_cmd, executable=default_exe)
+ self.assertEqual(cmd, """%s -c '%s %s -p "%s" -S -u %s %s -c '"'"'echo %s; %s'"'"''""" % (default_exe, sudo_exe, sudo_flags, play_context.prompt, play_context.become_user, default_exe, play_context.success_key, default_cmd))
+
+ play_context.become_pass = None
play_context.become_method = 'su'
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")