adds privilege escalation method for pmrun(Unix Privilege Manager 6.0)
This commit is contained in:
parent
f9b836a901
commit
04073dfa9b
4 changed files with 14 additions and 6 deletions
|
@ -276,7 +276,8 @@ BECOME_ERROR_STRINGS = {
|
||||||
'pfexec': '',
|
'pfexec': '',
|
||||||
'doas': 'Permission denied',
|
'doas': 'Permission denied',
|
||||||
'dzdo': '',
|
'dzdo': '',
|
||||||
'ksu': 'Password incorrect'
|
'ksu': 'Password incorrect',
|
||||||
|
'pmrun': 'You are not permitted to run this command'
|
||||||
} # FIXME: deal with i18n
|
} # FIXME: deal with i18n
|
||||||
BECOME_MISSING_STRINGS = {
|
BECOME_MISSING_STRINGS = {
|
||||||
'sudo': 'sorry, a password is required to run sudo',
|
'sudo': 'sorry, a password is required to run sudo',
|
||||||
|
@ -285,9 +286,10 @@ BECOME_MISSING_STRINGS = {
|
||||||
'pfexec': '',
|
'pfexec': '',
|
||||||
'doas': 'Authorization required',
|
'doas': 'Authorization required',
|
||||||
'dzdo': '',
|
'dzdo': '',
|
||||||
'ksu': 'No password given'
|
'ksu': 'No password given',
|
||||||
|
'pmrun': ''
|
||||||
} # FIXME: deal with i18n
|
} # FIXME: deal with i18n
|
||||||
BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas']
|
BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas', 'pmrun']
|
||||||
BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, value_type='boolean')
|
BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, value_type='boolean')
|
||||||
DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD',
|
DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD',
|
||||||
'sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo').lower()
|
'sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo').lower()
|
||||||
|
@ -297,7 +299,6 @@ DEFAULT_BECOME_EXE = get_config(p, 'privilege_escalation', 'become_exe', 'ANSIBL
|
||||||
DEFAULT_BECOME_FLAGS = get_config(p, 'privilege_escalation', 'become_flags', 'ANSIBLE_BECOME_FLAGS', None)
|
DEFAULT_BECOME_FLAGS = get_config(p, 'privilege_escalation', 'become_flags', 'ANSIBLE_BECOME_FLAGS', None)
|
||||||
DEFAULT_BECOME_ASK_PASS = get_config(p, 'privilege_escalation', 'become_ask_pass', 'ANSIBLE_BECOME_ASK_PASS', False, value_type='boolean')
|
DEFAULT_BECOME_ASK_PASS = get_config(p, 'privilege_escalation', 'become_ask_pass', 'ANSIBLE_BECOME_ASK_PASS', False, value_type='boolean')
|
||||||
|
|
||||||
|
|
||||||
# PLUGINS
|
# PLUGINS
|
||||||
|
|
||||||
# Modules that can optimize with_items loops into a single call. Currently
|
# Modules that can optimize with_items loops into a single call. Currently
|
||||||
|
|
|
@ -119,7 +119,7 @@ def check_command(commandline):
|
||||||
'mount': 'mount', 'rpm': 'yum, dnf or zypper', 'yum': 'yum', 'apt-get': 'apt',
|
'mount': 'mount', 'rpm': 'yum, dnf or zypper', 'yum': 'yum', 'apt-get': 'apt',
|
||||||
'tar': 'unarchive', 'unzip': 'unarchive', 'sed': 'template or lineinfile',
|
'tar': 'unarchive', 'unzip': 'unarchive', 'sed': 'template or lineinfile',
|
||||||
'dnf': 'dnf', 'zypper': 'zypper' }
|
'dnf': 'dnf', 'zypper': 'zypper' }
|
||||||
become = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas' ]
|
become = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas', 'pmrun' ]
|
||||||
warnings = list()
|
warnings = list()
|
||||||
command = os.path.basename(commandline.split()[0])
|
command = os.path.basename(commandline.split()[0])
|
||||||
if command in arguments:
|
if command in arguments:
|
||||||
|
|
|
@ -125,7 +125,7 @@ options:
|
||||||
description:
|
description:
|
||||||
- Become method to Use for privledge escalation.
|
- Become method to Use for privledge escalation.
|
||||||
required: False
|
required: False
|
||||||
choices: ["None", "sudo", "su", "pbrun", "pfexec"]
|
choices: ["None", "sudo", "su", "pbrun", "pfexec", "pmrun"]
|
||||||
default: "None"
|
default: "None"
|
||||||
become_username:
|
become_username:
|
||||||
description:
|
description:
|
||||||
|
|
|
@ -587,6 +587,13 @@ class PlayContext(Base):
|
||||||
else:
|
else:
|
||||||
becomecmd = '%s -u %s %s' % (exe, self.become_user, command)
|
becomecmd = '%s -u %s %s' % (exe, self.become_user, command)
|
||||||
|
|
||||||
|
elif self.become_method == 'pmrun':
|
||||||
|
|
||||||
|
exe = self.become_exe or 'pmrun'
|
||||||
|
|
||||||
|
prompt='Enter UPM user password:'
|
||||||
|
becomecmd = '%s %s %s' % (exe, flags, shlex_quote(command))
|
||||||
|
|
||||||
else:
|
else:
|
||||||
raise AnsibleError("Privilege escalation method not found: %s" % self.become_method)
|
raise AnsibleError("Privilege escalation method not found: %s" % self.become_method)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue