diff options
Diffstat (limited to 'lib/ansible')
| -rw-r--r-- | lib/ansible/playbook/play_context.py | 13 | ||||
| -rw-r--r-- | lib/ansible/plugins/connections/local.py | 2 | ||||
| -rw-r--r-- | lib/ansible/plugins/connections/paramiko_ssh.py | 49 | ||||
| -rw-r--r-- | lib/ansible/plugins/connections/ssh.py | 95 |
4 files changed, 80 insertions, 79 deletions
diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py index 9888de6d84..55d7d99b5a 100644 --- a/lib/ansible/playbook/play_context.py +++ b/lib/ansible/playbook/play_context.py @@ -335,6 +335,7 @@ class PlayContext(Base): prompt = None success_key = None + self.prompt = None if executable is None: executable = C.DEFAULT_EXECUTABLE @@ -366,13 +367,14 @@ class PlayContext(Base): # directly doesn't work, so we shellquote it with pipes.quote() and pass the quoted # string to the user's shell. We loop reading output until we see the randomly-generated # sudo prompt set with the -p option. - prompt = '[sudo via ansible, key=%s] password: ' % randbits # force quick error if password is required but not supplied, should prevent sudo hangs. - if not self.become_pass: - flags += " -n " + if self.become_pass: + prompt = '[sudo via ansible, key=%s] password: ' % randbits + becomecmd = '%s %s -p "%s" -S -u %s %s -c %s' % (exe, flags, prompt, self.become_user, executable, success_cmd) + else: + becomecmd = '%s %s -n -S -u %s %s -c %s' % (exe, flags, self.become_user, executable, success_cmd) - becomecmd = '%s %s -S -p "%s" -u %s %s -c %s' % (exe, flags, prompt, self.become_user, executable, success_cmd) elif self.become_method == 'su': @@ -415,7 +417,8 @@ class PlayContext(Base): else: raise AnsibleError("Privilege escalation method not found: %s" % self.become_method) - self.prompt = prompt + if self.become_pass: + self.prompt = prompt self.success_key = success_key return ('%s -c %s' % (executable, pipes.quote(becomecmd))) diff --git a/lib/ansible/plugins/connections/local.py b/lib/ansible/plugins/connections/local.py index e4eddbd4cb..e307798913 100644 --- a/lib/ansible/plugins/connections/local.py +++ b/lib/ansible/plugins/connections/local.py @@ -70,7 +70,7 @@ class Connection(ConnectionBase): ) self._display.debug("done running command with Popen()") - if self._play_context.prompt and self._play_context.become_pass and sudoable: + if self._play_context.prompt and sudoable: fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK) fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) | os.O_NONBLOCK) become_output = '' diff --git a/lib/ansible/plugins/connections/paramiko_ssh.py b/lib/ansible/plugins/connections/paramiko_ssh.py index a3491be938..6df6a3ebe0 100644 --- a/lib/ansible/plugins/connections/paramiko_ssh.py +++ b/lib/ansible/plugins/connections/paramiko_ssh.py @@ -224,33 +224,32 @@ class Connection(ConnectionBase): try: chan.exec_command(cmd) if self._play_context.prompt: - if self._play_context.become and self._play_context.become_pass: - passprompt = False - while True: - self._display.debug('Waiting for Privilege Escalation input') - if self.check_become_success(become_output): - break - elif self.check_password_prompt(become_output): - passprompt = True - break - - chunk = chan.recv(bufsize) - self._display.debug("chunk is: %s" % chunk) - if not chunk: - if 'unknown user' in become_output: - raise AnsibleError( 'user %s does not exist' % become_user) - else: - break - #raise AnsibleError('ssh connection closed waiting for password prompt') - become_output += chunk - if passprompt: - if self._play_context.become and self._play_context.become_pass: - chan.sendall(self._play_context.become_pass + '\n') + passprompt = False + while True: + self._display.debug('Waiting for Privilege Escalation input') + if self.check_become_success(become_output): + break + elif self.check_password_prompt(become_output): + passprompt = True + break + + chunk = chan.recv(bufsize) + self._display.debug("chunk is: %s" % chunk) + if not chunk: + if 'unknown user' in become_output: + raise AnsibleError( 'user %s does not exist' % become_user) else: - raise AnsibleError("A password is reqired but none was supplied") + break + #raise AnsibleError('ssh connection closed waiting for password prompt') + become_output += chunk + if passprompt: + if self._play_context.become and self._play_context.become_pass: + chan.sendall(self._play_context.become_pass + '\n') else: - no_prompt_out += become_output - no_prompt_err += become_output + raise AnsibleError("A password is reqired but none was supplied") + else: + no_prompt_out += become_output + no_prompt_err += become_output except socket.timeout: raise AnsibleError('ssh timed out waiting for privilege escalation.\n' + become_output) diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py index ee912374a7..80da729ea7 100644 --- a/lib/ansible/plugins/connections/ssh.py +++ b/lib/ansible/plugins/connections/ssh.py @@ -378,54 +378,53 @@ class Connection(ConnectionBase): self._display.debug("Handling privilege escalation password prompt.") - if self._play_context.become and self._play_context.become_pass: - - fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK) - fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) | os.O_NONBLOCK) - - become_output = '' - become_errput = '' - passprompt = False - while True: - self._display.debug('Waiting for Privilege Escalation input') - - if self.check_become_success(become_output + become_errput): - self._display.debug('Succeded!') - break - elif self.check_password_prompt(become_output) or self.check_password_prompt(become_errput): - self._display.debug('Password prompt!') - passprompt = True - break - - self._display.debug('Read next chunks') - rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout], self._play_context.timeout) - if not rfd: - # timeout. wrap up process communication - stdout, stderr = p.communicate() - raise AnsibleError('Connection error waiting for privilege escalation password prompt: %s' % become_output) - - elif p.stderr in rfd: - chunk = p.stderr.read() - become_errput += chunk - self._display.debug('stderr chunk is: %s' % chunk) - self.check_incorrect_password(become_errput) - - elif p.stdout in rfd: - chunk = p.stdout.read() - become_output += chunk - self._display.debug('stdout chunk is: %s' % chunk) - - - if not chunk: - break - #raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output) - - if passprompt: - self._display.debug("Sending privilege escalation password.") - stdin.write(self._play_context.become_pass + '\n') - else: - no_prompt_out = become_output - no_prompt_err = become_errput + + fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK) + fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) | os.O_NONBLOCK) + + become_output = '' + become_errput = '' + passprompt = False + while True: + self._display.debug('Waiting for Privilege Escalation input') + + if self.check_become_success(become_output + become_errput): + self._display.debug('Succeded!') + break + elif self.check_password_prompt(become_output) or self.check_password_prompt(become_errput): + self._display.debug('Password prompt!') + passprompt = True + break + + self._display.debug('Read next chunks') + rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout], self._play_context.timeout) + if not rfd: + # timeout. wrap up process communication + stdout, stderr = p.communicate() + raise AnsibleError('Connection error waiting for privilege escalation password prompt: %s' % become_output) + + elif p.stderr in rfd: + chunk = p.stderr.read() + become_errput += chunk + self._display.debug('stderr chunk is: %s' % chunk) + self.check_incorrect_password(become_errput) + + elif p.stdout in rfd: + chunk = p.stdout.read() + become_output += chunk + self._display.debug('stdout chunk is: %s' % chunk) + + + if not chunk: + break + #raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output) + + if passprompt: + self._display.debug("Sending privilege escalation password.") + stdin.write(self._play_context.become_pass + '\n') + else: + no_prompt_out = become_output + no_prompt_err = become_errput (returncode, stdout, stderr) = self._communicate(p, stdin, in_data, sudoable=sudoable) |