diff options
| author | James Cammarata <jimi@sngx.net> | 2014-05-13 13:52:38 -0500 |
|---|---|---|
| committer | James Cammarata <jimi@sngx.net> | 2014-05-14 21:22:22 -0500 |
| commit | 31250905e9fcdc7b4a24e09220bfd2b6860c871d (patch) | |
| tree | 0f6741e1b5fd3b4c6c7692c56b785313f77f7134 /source_control | |
| parent | 5ae08e16995e27486f4a39261eb777e1aaeda264 (diff) | |
| download | ansible-modules-extras-31250905e9fcdc7b4a24e09220bfd2b6860c871d.tar.gz | |
Check module_path permissions when creating ssh_wrapper for git
If the module directory is not writable/executable to the current user
(most likely because of a sudo to a non-root user), the ssh_wrapper
will be created in the default location for mkstemp() calls. To facilitate
the deletion of these new files, a new mechanism for cleaning up files
created by the module was also added.
Fixes #7375
Diffstat (limited to 'source_control')
| -rw-r--r-- | source_control/git | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/source_control/git b/source_control/git index 6af4bd71..98b37ae0 100644 --- a/source_control/git +++ b/source_control/git @@ -181,7 +181,15 @@ def get_submodule_update_params(module, git_path, cwd): def write_ssh_wrapper(): module_dir = get_module_path() - fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/') + try: + # make sure we have full permission to the module_dir, which + # may not be the case if we're sudo'ing to a non-root user + if os.access(module_dir, os.W_OK|os.R_OK|os.X_OK): + fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/') + else: + raise OSError + except (IOError, OSError): + fd, wrapper_path = tempfile.mkstemp() fh = os.fdopen(fd, 'w+b') template = """#!/bin/sh if [ -z "$GIT_SSH_OPTS" ]; then @@ -505,6 +513,7 @@ def main(): if key_file or ssh_opts: ssh_wrapper = write_ssh_wrapper() set_git_ssh(ssh_wrapper, key_file, ssh_opts) + module.add_cleanup_file(path=ssh_wrapper) # add the git repo's hostkey if module.params['ssh_opts'] is not None: |