You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On issuing privilege escalation command (sudo) the password prompt is not received on the channel, as a result, the become password is not written on channel and privilege escalation fails.
Test Snippet to reproduce the issue:libssh_priveledge_escalation.py
# libssh_priveledge_escalation.py:importosfrompylibsshext.sessionimportSessionfrompylibsshext.errorsimportLibsshSessionExceptionfromansible.module_utils._textimportto_bytes, to_native, to_textssh=Session()
HOST="<changeme>"USER="<changeme>"PASSWORD="<changeme>"BECOME_PASSWORD="<changeme>"try:
ssh.connect(
host=HOST,
user=USER,
password=PASSWORD,
timeout=30,
port=22
)
exceptLibsshSessionExceptionasex:
print(str(ex))
print(ssh.is_connected)
defexec_command(cmd, in_data=None, sudoable=True):
''' run a command on the remote host '''bufsize=4096try:
chan=ssh.new_channel()
exceptExceptionase:
text_e=to_text(e)
msg=u"Failed to open session"iftext_e:
msg+=u": %s"%text_eraiseException(to_native(msg))
cmd=to_text(cmd, errors='surrogate_or_strict')
become_output=b''# sudo usually requires a PTY (cf. requiretty option), therefore# we give it one by default (pty=True in ansible.cfg), and we try# to initialise from the calling environment when sudoable is enabledchan.request_pty_size(terminal=to_bytes(os.getenv('TERM', 'vt100')), col=int(os.getenv('COLUMNS', 0)), row=int(os.getenv('LINES', 0)))
try:
count=chan.write(to_bytes(cmd))
print(count)
if1:
passprompt=Falsebecome_sucess=Falsewhilenot (become_sucessorpassprompt):
print('Waiting for Privilege Escalation input')
chan.poll(timeout=9000)
chunk=chan.recv(bufsize)
print("chunk is: %s"%to_native(chunk))
ifnotchunk:
ifb'unknown user'inbecome_output:
n_become_user=to_native("root")
raiseException('user %s does not exist'%n_become_user)
else:
breakbecome_output+=chunkforlinbecome_output.splitlines(True):
print(l)
if'password'instr(l).lower():
become_sucess=Trueifpassprompt:
chan.sendall(b'%s'%BECOME_PASSWORD+b'\n')
exceptExceptionase:
text_e=to_text(e)
msg=u"Failed to execute command"iftext_e:
msg+=u": %s"%text_eraiseException(to_native(msg))
exec_command("sudo")
Description:
On issuing privilege escalation command (
sudo
) the password prompt is not received on the channel, as a result, the become password is not written on channel and privilege escalation fails.Test Snippet to reproduce the issue:
libssh_priveledge_escalation.py
Ref: ansible-collections/ansible.netcommon#165
The text was updated successfully, but these errors were encountered: