fixed and generalized privilege escalation exe settings

author: Brian Coca <brian.coca+git@gmail.com> 2015-09-02 09:29:34 -0400
committer: Brian Coca <brian.coca+git@gmail.com> 2015-09-02 09:29:34 -0400
commit: e156d9b677270f6c333688ae70d60f6e680121a2 (patch)
tree: 60d47b2bf56df08db0ccf9354c7777579b5fffc9
parent: e8d7fafc5246e4dc6b48e19f67a82545e6fef138 (diff)
download: ansible-e156d9b677270f6c333688ae70d60f6e680121a2.tar.gz
2 files changed, 8 insertions, 7 deletions
diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py
index f836bd39a7..7b31069d56 100644
--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@@ -161,12 +161,12 @@ DEFAULT_SELINUX_SPECIAL_FS = get_config(p, 'selinux', 'special_context_filesyste
 # Backwards Compat
 DEFAULT_SU                = get_config(p, DEFAULTS, 'su', 'ANSIBLE_SU', False, boolean=True)
 DEFAULT_SU_USER           = get_config(p, DEFAULTS, 'su_user', 'ANSIBLE_SU_USER', 'root')
-DEFAULT_SU_EXE            = get_config(p, DEFAULTS, 'su_exe', 'ANSIBLE_SU_EXE', 'su')
+DEFAULT_SU_EXE            = get_config(p, DEFAULTS, 'su_exe', 'ANSIBLE_SU_EXE', None)
 DEFAULT_SU_FLAGS          = get_config(p, DEFAULTS, 'su_flags', 'ANSIBLE_SU_FLAGS', '')
 DEFAULT_ASK_SU_PASS       = get_config(p, DEFAULTS, 'ask_su_pass', 'ANSIBLE_ASK_SU_PASS', False, boolean=True)
 DEFAULT_SUDO              = get_config(p, DEFAULTS, 'sudo', 'ANSIBLE_SUDO', False, boolean=True)
 DEFAULT_SUDO_USER         = get_config(p, DEFAULTS, 'sudo_user',        'ANSIBLE_SUDO_USER',        'root')
-DEFAULT_SUDO_EXE          = get_config(p, DEFAULTS, 'sudo_exe', 'ANSIBLE_SUDO_EXE', 'sudo')
+DEFAULT_SUDO_EXE          = get_config(p, DEFAULTS, 'sudo_exe', 'ANSIBLE_SUDO_EXE', None)
 DEFAULT_SUDO_FLAGS        = get_config(p, DEFAULTS, 'sudo_flags', 'ANSIBLE_SUDO_FLAGS', '-H')
 DEFAULT_ASK_SUDO_PASS     = get_config(p, DEFAULTS, 'ask_sudo_pass',    'ANSIBLE_ASK_SUDO_PASS',    False, boolean=True)
 
diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py
index e57648d24e..6f6d135047 100644
--- a/lib/ansible/playbook/play_context.py
+++ b/lib/ansible/playbook/play_context.py
@@ -338,6 +338,12 @@ class PlayContext(Base):
             success_key = 'BECOME-SUCCESS-%s' % randbits
             success_cmd = pipes.quote('echo %s; %s' % (success_key, cmd))
 
+            # set executable to use for the privilege escalation method, with various overrides
+            exe = self.become_exe or \
+                  getattr(self, '%s_exe' % self.become_method, None) or \
+                  getattr(C, 'DEFAULT_%s_EXE' % self.become_method.upper(), None) or \
+                  self.become_method
+
             if self.become_method == 'sudo':
                 # Rather than detect if sudo wants a password this time, -k makes sudo always ask for
                 # a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
@@ -345,7 +351,6 @@ class PlayContext(Base):
                 # string to the user's shell.  We loop reading output until we see the randomly-generated
                 # sudo prompt set with the -p option.
                 prompt = '[sudo via ansible, key=%s] password: ' % randbits
-                exe = self.become_exe or self.sudo_exe or 'sudo'
                 flags = self.become_flags or self.sudo_flags or C.DEFAULT_SUDO_FLAGS
 
                 # force quick error if password is required but not supplied, should prevent sudo hangs.
@@ -361,20 +366,17 @@ class PlayContext(Base):
                     return bool(SU_PROMPT_LOCALIZATIONS_RE.match(data))
 
                 prompt = detect_su_prompt
-                exe = self.become_exe or self.su_exe or 'su'
                 flags = self.become_flags or self.su_flags or ''
                 becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, executable, success_cmd)
 
             elif self.become_method == 'pbrun':
 
                 prompt='assword:'
-                exe = self.become_exe or 'pbrun'
                 flags = self.become_flags or ''
                 becomecmd = '%s -b %s -u %s %s' % (exe, flags, self.become_user, success_cmd)
 
             elif self.become_method == 'pfexec':
 
-                exe = self.become_exe or 'pfexec'
                 flags = self.become_flags or ''
                 # No user as it uses it's own exec_attr to figure it out
                 becomecmd = '%s %s "%s"' % (exe, flags, success_cmd)
@@ -383,7 +385,6 @@ class PlayContext(Base):
                 raise AnsibleError("'runas' is not yet implemented")
                 #TODO: figure out prompt
                 # this is not for use with winrm plugin but if they ever get ssh native on windoez
-                exe = self.become_exe or 'runas'
                 flags = self.become_flags or ''
                 becomecmd = '%s %s /user:%s "%s"' % (exe, flags, self.become_user, success_cmd)
author	Brian Coca <brian.coca+git@gmail.com>	2015-09-02 09:29:34 -0400
committer	Brian Coca <brian.coca+git@gmail.com>	2015-09-02 09:29:34 -0400
commit	e156d9b677270f6c333688ae70d60f6e680121a2 (patch)
tree	60d47b2bf56df08db0ccf9354c7777579b5fffc9
parent	e8d7fafc5246e4dc6b48e19f67a82545e6fef138 (diff)
download	ansible-e156d9b677270f6c333688ae70d60f6e680121a2.tar.gz