adds privilege escalation method for pmrun(Unix Privilege Manager 6.0)

This commit is contained in:
Kevin Clark 2017-05-19 14:24:54 -07:00 committed by Brian Coca
parent f9b836a901
commit 04073dfa9b
4 changed files with 14 additions and 6 deletions

View file

@ -276,7 +276,8 @@ BECOME_ERROR_STRINGS = {
'pfexec': '', 'pfexec': '',
'doas': 'Permission denied', 'doas': 'Permission denied',
'dzdo': '', 'dzdo': '',
'ksu': 'Password incorrect' 'ksu': 'Password incorrect',
'pmrun': 'You are not permitted to run this command'
} # FIXME: deal with i18n } # FIXME: deal with i18n
BECOME_MISSING_STRINGS = { BECOME_MISSING_STRINGS = {
'sudo': 'sorry, a password is required to run sudo', 'sudo': 'sorry, a password is required to run sudo',
@ -285,9 +286,10 @@ BECOME_MISSING_STRINGS = {
'pfexec': '', 'pfexec': '',
'doas': 'Authorization required', 'doas': 'Authorization required',
'dzdo': '', 'dzdo': '',
'ksu': 'No password given' 'ksu': 'No password given',
'pmrun': ''
} # FIXME: deal with i18n } # FIXME: deal with i18n
BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas'] BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas', 'pmrun']
BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, value_type='boolean') BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, value_type='boolean')
DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD', DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD',
'sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo').lower() 'sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo').lower()
@ -297,7 +299,6 @@ DEFAULT_BECOME_EXE = get_config(p, 'privilege_escalation', 'become_exe', 'ANSIBL
DEFAULT_BECOME_FLAGS = get_config(p, 'privilege_escalation', 'become_flags', 'ANSIBLE_BECOME_FLAGS', None) DEFAULT_BECOME_FLAGS = get_config(p, 'privilege_escalation', 'become_flags', 'ANSIBLE_BECOME_FLAGS', None)
DEFAULT_BECOME_ASK_PASS = get_config(p, 'privilege_escalation', 'become_ask_pass', 'ANSIBLE_BECOME_ASK_PASS', False, value_type='boolean') DEFAULT_BECOME_ASK_PASS = get_config(p, 'privilege_escalation', 'become_ask_pass', 'ANSIBLE_BECOME_ASK_PASS', False, value_type='boolean')
# PLUGINS # PLUGINS
# Modules that can optimize with_items loops into a single call. Currently # Modules that can optimize with_items loops into a single call. Currently

View file

@ -119,7 +119,7 @@ def check_command(commandline):
'mount': 'mount', 'rpm': 'yum, dnf or zypper', 'yum': 'yum', 'apt-get': 'apt', 'mount': 'mount', 'rpm': 'yum, dnf or zypper', 'yum': 'yum', 'apt-get': 'apt',
'tar': 'unarchive', 'unzip': 'unarchive', 'sed': 'template or lineinfile', 'tar': 'unarchive', 'unzip': 'unarchive', 'sed': 'template or lineinfile',
'dnf': 'dnf', 'zypper': 'zypper' } 'dnf': 'dnf', 'zypper': 'zypper' }
become = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas' ] become = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas', 'pmrun' ]
warnings = list() warnings = list()
command = os.path.basename(commandline.split()[0]) command = os.path.basename(commandline.split()[0])
if command in arguments: if command in arguments:

View file

@ -125,7 +125,7 @@ options:
description: description:
- Become method to Use for privledge escalation. - Become method to Use for privledge escalation.
required: False required: False
choices: ["None", "sudo", "su", "pbrun", "pfexec"] choices: ["None", "sudo", "su", "pbrun", "pfexec", "pmrun"]
default: "None" default: "None"
become_username: become_username:
description: description:

View file

@ -587,6 +587,13 @@ class PlayContext(Base):
else: else:
becomecmd = '%s -u %s %s' % (exe, self.become_user, command) becomecmd = '%s -u %s %s' % (exe, self.become_user, command)
elif self.become_method == 'pmrun':
exe = self.become_exe or 'pmrun'
prompt='Enter UPM user password:'
becomecmd = '%s %s %s' % (exe, flags, shlex_quote(command))
else: else:
raise AnsibleError("Privilege escalation method not found: %s" % self.become_method) raise AnsibleError("Privilege escalation method not found: %s" % self.become_method)