Fix sudo password handling #1094
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Commands that need to run with sudo are given the password by setting the PYINFRA_SUDO_PASSWORD environment variable and using a script that returns the value as the `askpass` executable. example: PYINFRA_SUDO_PASSWORD=p@ssworD sudo -H -A -k sh -c 'echo hi' If the user's sudo password contains spaces or special characters that are interpreted by the shell, then the password needs to be quoted PYINFRA_SUDO_PASSWORD='p@ss worD' sudo -H -A -k sh -c 'echo hi'
If the sudo password was needed, the user was prompted, but they password they entered never ended up getting used because of a logic error. The prompted password would only be used if the _sudo_password argument was missing. If no sudo password was given, it is set to None. So _sudo_password is present in the arguents, but does not have a value. This fix checks if the _sudo_password argument is None and sets it using the prompted password if so.
pbrkr
reviewed
May 8, 2024
Need to use shelex.quote (rather than just single quoting) to handle passwords that contain quotes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First, thank you for pyinfra. I have been using pyinfra 2 to manage my personal dev machines after trying fabric and ansible, and really liked it, but with version 3's addition of
_if, it is perfect for what I need.The only issue I had when switching to 3.x was that the sudo password pompt no longer worked. Pyinfra would ask for the sudo password, but then immediately fail.
The problem was that the connector utility function that handled setting the sudo password was checking to see if
_sudo_passwordwas in the argument list, but not checking if it was set. Something like (i've shorted some var names)but
a['_sudo_password']is set toNone, so the prompted password never get used.The other issue was that the command string that was generated to pass the sudo password to an askpass executable was not quoting the password
which does not work if the password contains special shell characters like `;' or spaces.