From ab6ee1a28251387df9b98920284e133fdc0ed320 Mon Sep 17 00:00:00 2001 From: Paul Durivage Date: Thu, 26 Dec 2013 12:45:41 -0600 Subject: [PATCH] Enable su support in paramkio; disable su support in fireball, local, accelerate, chroot, jail, funcd connection plugins --- .../runner/connection_plugins/accelerate.py | 5 ++++- lib/ansible/runner/connection_plugins/chroot.py | 5 ++++- .../runner/connection_plugins/fireball.py | 6 +++--- lib/ansible/runner/connection_plugins/funcd.py | 7 +++++-- lib/ansible/runner/connection_plugins/jail.py | 5 ++++- lib/ansible/runner/connection_plugins/local.py | 6 +++++- .../runner/connection_plugins/paramiko_ssh.py | 16 +++++++++++----- 7 files changed, 36 insertions(+), 14 deletions(-) diff --git a/lib/ansible/runner/connection_plugins/accelerate.py b/lib/ansible/runner/connection_plugins/accelerate.py index d260a63437..17cc99c1d7 100644 --- a/lib/ansible/runner/connection_plugins/accelerate.py +++ b/lib/ansible/runner/connection_plugins/accelerate.py @@ -159,9 +159,12 @@ class Connection(object): except socket.timeout: raise errors.AnsibleError("timed out while waiting to receive data") - def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh', in_data=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=None, su_user=None): ''' run a command on the remote host ''' + if su or su_user: + raise errors.AnsibleError("Internal Error: this module does not support running commands via su") + if in_data: raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining") diff --git a/lib/ansible/runner/connection_plugins/chroot.py b/lib/ansible/runner/connection_plugins/chroot.py index 1080ea54b5..38c8af7a69 100644 --- a/lib/ansible/runner/connection_plugins/chroot.py +++ b/lib/ansible/runner/connection_plugins/chroot.py @@ -60,9 +60,12 @@ class Connection(object): return self - def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh', in_data=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=None, su_user=None): ''' run a command on the chroot ''' + if su or su_user: + raise errors.AnsibleError("Internal Error: this module does not support running commands via su") + if in_data: raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining") diff --git a/lib/ansible/runner/connection_plugins/fireball.py b/lib/ansible/runner/connection_plugins/fireball.py index 40848edead..dd9e09bacd 100644 --- a/lib/ansible/runner/connection_plugins/fireball.py +++ b/lib/ansible/runner/connection_plugins/fireball.py @@ -68,7 +68,7 @@ class Connection(object): return self - def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh', in_data=None): + def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=None): ''' run a command on the remote host ''' if in_data: @@ -76,9 +76,9 @@ class Connection(object): vvv("EXEC COMMAND %s" % cmd) - if self.runner.sudo and sudoable: + if (self.runner.sudo and sudoable) or (self.runner.su and su): raise errors.AnsibleError( - "When using fireball, do not specify sudo to run your tasks. " + + "When using fireball, do not specify sudo or su to run your tasks. " + "Instead sudo the fireball action with sudo. " + "Task will communicate with the fireball already running in sudo mode." ) diff --git a/lib/ansible/runner/connection_plugins/funcd.py b/lib/ansible/runner/connection_plugins/funcd.py index a5dc631ef8..7244abcbe9 100644 --- a/lib/ansible/runner/connection_plugins/funcd.py +++ b/lib/ansible/runner/connection_plugins/funcd.py @@ -53,10 +53,13 @@ class Connection(object): self.client = fc.Client(self.host) return self - def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, - executable='/bin/sh', in_data=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, + executable='/bin/sh', in_data=None, su=None, su_user=None): ''' run a command on the remote minion ''' + if su or su_user: + raise errors.AnsibleError("Internal Error: this module does not support running commands via su") + if in_data: raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining") diff --git a/lib/ansible/runner/connection_plugins/jail.py b/lib/ansible/runner/connection_plugins/jail.py index 89b13bbc44..b721ad62b5 100644 --- a/lib/ansible/runner/connection_plugins/jail.py +++ b/lib/ansible/runner/connection_plugins/jail.py @@ -91,9 +91,12 @@ class Connection(object): local_cmd = '%s "%s" %s' % (self.jexec_cmd, self.jail, cmd) return local_cmd - def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh', in_data=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=None, su_user=None): ''' run a command on the chroot ''' + if su or su_user: + raise errors.AnsibleError("Internal Error: this module does not support running commands via su") + if in_data: raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining") diff --git a/lib/ansible/runner/connection_plugins/local.py b/lib/ansible/runner/connection_plugins/local.py index 0cf7da42be..a752a6a262 100644 --- a/lib/ansible/runner/connection_plugins/local.py +++ b/lib/ansible/runner/connection_plugins/local.py @@ -41,9 +41,13 @@ class Connection(object): return self - def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh', in_data=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=None, su_user=None): ''' run a command on the local host ''' + # su requires to be run from a terminal, and therefore isn't supported here (yet?) + if su or su_user: + raise errors.AnsibleError("Internal Error: this module does not support running commands via su") + if in_data: raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining") diff --git a/lib/ansible/runner/connection_plugins/paramiko_ssh.py b/lib/ansible/runner/connection_plugins/paramiko_ssh.py index 667e03c0e8..29580bbba0 100644 --- a/lib/ansible/runner/connection_plugins/paramiko_ssh.py +++ b/lib/ansible/runner/connection_plugins/paramiko_ssh.py @@ -176,7 +176,7 @@ class Connection(object): return ssh - def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh', in_data=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=None, su_user=None): ''' run a command on the remote host ''' if in_data: @@ -191,7 +191,7 @@ class Connection(object): msg += ": %s" % str(e) raise errors.AnsibleConnectionFailed(msg) - if not self.runner.sudo or not sudoable: + if not (self.runner.sudo and sudo) and not (self.runner.su and su): if executable: quoted_command = executable + ' -c ' + pipes.quote(cmd) else: @@ -206,12 +206,15 @@ class Connection(object): chan.get_pty(term=os.getenv('TERM', 'vt100'), width=int(os.getenv('COLUMNS', 0)), height=int(os.getenv('LINES', 0))) - shcmd, prompt, success_key = utils.make_sudo_cmd(sudo_user, executable, cmd) + if self.runner.sudo or sudoable: + shcmd, prompt, success_key = utils.make_sudo_cmd(sudo_user, executable, cmd) + elif self.runner.su or su: + shcmd, prompt, success_key = utils.make_su_cmd(su_user, executable, cmd) vvv("EXEC %s" % shcmd, host=self.host) sudo_output = '' try: chan.exec_command(shcmd) - if self.runner.sudo_pass: + if self.runner.sudo_pass or self.runner.su_pass: while not sudo_output.endswith(prompt) and success_key not in sudo_output: chunk = chan.recv(bufsize) if not chunk: @@ -223,7 +226,10 @@ class Connection(object): 'closed waiting for password prompt') sudo_output += chunk if success_key not in sudo_output: - chan.sendall(self.runner.sudo_pass + '\n') + if sudoable: + chan.sendall(self.runner.sudo_pass + '\n') + elif su: + chan.sendall(self.runner.su_pass + '\n') except socket.timeout: raise errors.AnsibleError('ssh timed out waiting for sudo.\n' + sudo_output)