Move sudo command making to one common function

This commit is contained in:
Daniel Hokka Zakrisson 2013-01-10 06:50:56 +01:00
parent c339434e57
commit 7ecab22302
4 changed files with 27 additions and 35 deletions

View file

@ -21,6 +21,7 @@ import pipes
import shutil
import subprocess
from ansible import errors
from ansible import utils
from ansible.callbacks import vvv
class Connection(object):
@ -48,11 +49,11 @@ class Connection(object):
# to do so. The primary usage of the local connection is for crontab and kickstart usage however
# so this doesn't seem to be a huge priority
raise errors.AnsibleError("sudo with password is presently only supported on the 'paramiko' (SSH) and native 'ssh' connection types")
sudocmd = "sudo -u %s -s %s -c %s" % (sudo_user, executable, cmd)
local_cmd = ['/bin/sh', '-c', sudocmd]
local_cmd, prompt = utils.make_sudo_cmd(sudo_user, executable, cmd)
vvv("EXEC %s" % local_cmd, host=self.host)
p = subprocess.Popen(local_cmd, cwd=self.runner.basedir, executable=executable,
p = subprocess.Popen(local_cmd, shell=isinstance(local_cmd, basestring),
cwd=self.runner.basedir, executable=executable,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = p.communicate()
return (p.returncode, '', stdout, stderr)

View file

@ -22,6 +22,7 @@ import socket
import random
from ansible.callbacks import vvv
from ansible import errors
from ansible import utils
# prevent paramiko warning noise -- see http://stackoverflow.com/questions/3920502/
HAVE_PARAMIKO=False
@ -117,22 +118,7 @@ class Connection(object):
vvv("EXEC %s" % quoted_command, host=self.host)
chan.exec_command(quoted_command)
else:
# Rather than detect if sudo wants a password this time, -k makes
# sudo always ask for a password if one is required.
# Passing a quoted compound command to sudo (or sudo -s)
# directly doesn't work, so we shellquote it with pipes.quote()
# and pass the quoted string to the user's shell. We loop reading
# output until we see the randomly-generated sudo prompt set with
# the -p option.
randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
prompt = '[sudo via ansible, key=%s] password: ' % randbits
sudocmd = 'sudo -k && sudo -p "%s" -u %s ' % (
prompt, sudo_user)
if executable:
sudocmd += "%s -c %s" % (executable, pipes.quote(cmd))
else:
sudocmd += cmd
shcmd = '/bin/sh -c ' + pipes.quote(sudocmd)
shcmd, prompt = utils.make_sudo_cmd(sudo_user, executable, cmd)
vvv("EXEC %s" % shcmd, host=self.host)
sudo_output = ''
try:

View file

@ -26,6 +26,7 @@ import fcntl
import ansible.constants as C
from ansible.callbacks import vvv
from ansible import errors
from ansible import utils
class Connection(object):
''' ssh based connections '''
@ -93,22 +94,8 @@ class Connection(object):
else:
ssh_cmd.append(cmd)
else:
# Rather than detect if sudo wants a password this time, -k makes
# sudo always ask for a password if one is required.
# Passing a quoted compound command to sudo (or sudo -s)
# directly doesn't work, so we shellquote it with pipes.quote()
# and pass the quoted string to the user's shell. We loop reading
# output until we see the randomly-generated sudo prompt set with
# the -p option.
randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
prompt = '[sudo via ansible, key=%s] password: ' % randbits
sudocmd = 'sudo -k && sudo -p "%s" -u %s ' % (
prompt, sudo_user)
if executable:
sudocmd += "%s -c %s" % (executable, pipes.quote(cmd))
else:
sudocmd += cmd
ssh_cmd.append('/bin/sh -c ' + pipes.quote(sudocmd))
sudocmd, prompt = utils.make_sudo_cmd(sudo_user, executable, cmd)
ssh_cmd.append(sudocmd)
vvv("EXEC %s" % ssh_cmd, host=self.host)
try:

View file

@ -31,6 +31,8 @@ import StringIO
import stat
import termios
import tty
import pipes
import random
VERBOSITY=0
@ -529,3 +531,19 @@ def compile_when_to_only_if(expression):
else:
raise errors.AnsibleError("invalid usage of when_ operator: %s" % expression)
def make_sudo_cmd(sudo_user, executable, cmd):
"""
helper function for connection plugins to create sudo commands
"""
# Rather than detect if sudo wants a password this time, -k makes
# sudo always ask for a password if one is required.
# Passing a quoted compound command to sudo (or sudo -s)
# directly doesn't work, so we shellquote it with pipes.quote()
# and pass the quoted string to the user's shell. We loop reading
# output until we see the randomly-generated sudo prompt set with
# the -p option.
randbits = ''.join(chr(random.randint(ord('a'), ord('z'))) for x in xrange(32))
prompt = '[sudo via ansible, key=%s] password: ' % randbits
sudocmd = 'sudo -k && sudo -S -p "%s" -u %s %s -c %s' % (
prompt, sudo_user, executable or '$SHELL', pipes.quote(cmd))
return ('/bin/sh -c ' + pipes.quote(sudocmd), prompt)