Check module_path permissions when creating ssh_wrapper for git

If the module directory is not writable/executable to the current user
(most likely because of a sudo to a non-root user), the ssh_wrapper
will be created in the default location for mkstemp() calls. To facilitate
the deletion of these new files, a new mechanism for cleaning up files
created by the module was also added.

Fixes #7375
This commit is contained in:
James Cammarata 2014-05-13 13:52:38 -05:00
parent 5ae08e1699
commit 31250905e9

View file

@ -181,7 +181,15 @@ def get_submodule_update_params(module, git_path, cwd):
def write_ssh_wrapper():
module_dir = get_module_path()
fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/')
try:
# make sure we have full permission to the module_dir, which
# may not be the case if we're sudo'ing to a non-root user
if os.access(module_dir, os.W_OK|os.R_OK|os.X_OK):
fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/')
else:
raise OSError
except (IOError, OSError):
fd, wrapper_path = tempfile.mkstemp()
fh = os.fdopen(fd, 'w+b')
template = """#!/bin/sh
if [ -z "$GIT_SSH_OPTS" ]; then
@ -505,6 +513,7 @@ def main():
if key_file or ssh_opts:
ssh_wrapper = write_ssh_wrapper()
set_git_ssh(ssh_wrapper, key_file, ssh_opts)
module.add_cleanup_file(path=ssh_wrapper)
# add the git repo's hostkey
if module.params['ssh_opts'] is not None: