some fixes to become/sudo

* now it uses -n to get immediate error if no password is supplied and one is needed,
   this should fix the issue with sudo hanging waiting for input.
 * made -k configurable, this can break changing become_users in play if left out,
   but opens up the possiblity of OTP support.

examples/ansible.cfg

@@ -46,8 +46,9 @@ gathering = implicit
 # change this for alternative sudo implementations
 sudo_exe = sudo
 
-# what flags to pass to sudo
+# What flags to pass to sudo
-#sudo_flags = -H
+# WARNING: leaving out the defaults might create unexpected behaviours
+#sudo_flags = -H -k
 
 # SSH timeout
 timeout = 10

lib/ansible/playbook/play_context.py

@@ -346,9 +346,13 @@ class PlayContext(Base):
                 # sudo prompt set with the -p option.
                 prompt = '[sudo via ansible, key=%s] password: ' % randbits
                 exe = self.become_exe or self.sudo_exe or 'sudo'
-                flags = self.become_flags or self.sudo_flags or ''
+                flags = self.become_flags or self.sudo_flags or C.DEFAULT_SUDO_FLAGS
-                becomecmd = '%s -k && %s %s -S -p "%s" -u %s %s -c %s' % \
+
-                    (exe, exe, flags or C.DEFAULT_SUDO_FLAGS, prompt, self.become_user, executable, success_cmd)
+                # force quick error if password is required but not supplied, should prevent sudo hangs.
+                if not self.become_pass:
+                    flags += " -n "
+
+                becomecmd = '%s %s -S -p "%s" -u %s %s -c %s' % (exe, flags, prompt, self.become_user, executable, success_cmd)
 
             elif self.become_method == 'su':