From 03794864c2c3267f1fbff6ac49e2d883090284ad Mon Sep 17 00:00:00 2001 From: Matt Martz <matt@sivel.net> Date: Tue, 9 Jan 2018 09:32:27 -0600 Subject: [PATCH] Fix piped transfer with become (#34584) * Ignore become if we shouldn't be sudoable * More explicit passing of kwargs * dd/piped put should be sudoable=False. Fixes #34523 --- lib/ansible/plugins/connection/ssh.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ansible/plugins/connection/ssh.py b/lib/ansible/plugins/connection/ssh.py index f277e7fac6..a0bec34ac3 100644 --- a/lib/ansible/plugins/connection/ssh.py +++ b/lib/ansible/plugins/connection/ssh.py @@ -663,7 +663,7 @@ class Connection(ConnectionBase): # only when using ssh. Otherwise we can send initial data straightaway. state = states.index('ready_to_send') - if b'ssh' in cmd: + if b'ssh' in cmd and sudoable: if self._play_context.prompt: # We're requesting escalation with a password, so we have to # wait for a password prompt. @@ -872,7 +872,7 @@ class Connection(ConnectionBase): def _run(self, cmd, in_data, sudoable=True, checkrc=True): """Wrapper around _bare_run that retries the connection """ - return self._bare_run(cmd, in_data, sudoable, checkrc) + return self._bare_run(cmd, in_data, sudoable=sudoable, checkrc=checkrc) @_ssh_retry def _file_transport_command(self, in_path, out_path, sftp_action): @@ -933,7 +933,7 @@ class Connection(ConnectionBase): else: in_data = open(to_bytes(in_path, errors='surrogate_or_strict'), 'rb').read() in_data = to_bytes(in_data, nonstring='passthru') - (returncode, stdout, stderr) = self.exec_command('dd of=%s bs=%s' % (out_path, BUFSIZE), in_data=in_data) + (returncode, stdout, stderr) = self.exec_command('dd of=%s bs=%s' % (out_path, BUFSIZE), in_data=in_data, sudoable=False) # Check the return code and rollover to next method if failed if returncode == 0: