ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-04-24 19:31:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

makes ssh plugin resilient against invalid entries in hosts file

Browse source 
fixes #10238
This commit is contained in:
Brian Coca 2015-07-30 23:33:09 -04:00
parent e349004325
commit 496186f5de
1 changed files with 16 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

30
lib/ansible/plugins/connections/ssh.py
View file

@ -243,21 +243,23 @@ class Connection(ConnectionBase):
tokens = line.split() tokens = line.split()
if not tokens: if not tokens:
continue continue
if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
# this is a hashed known host entry if isinstance(tokens, list) and tokens: # skip invalid hostlines
try: if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) # this is a hashed known host entry
hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) try:
hash.update(host) (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
if hash.digest() == kn_host.decode('base64'): hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
hash.update(host)
if hash.digest() == kn_host.decode('base64'):
return False
except:
# invalid hashed host key, skip it
continue
else:
# standard host file entry
if host in tokens[0]:
return False return False
except:
# invalid hashed host key, skip it
continue
else:
# standard host file entry
if host in tokens[0]:
return False
if (hfiles_not_found == len(host_file_list)): if (hfiles_not_found == len(host_file_list)):
self._display.vvv("EXEC previous known host file not found for {0}".format(host)) self._display.vvv("EXEC previous known host file not found for {0}".format(host))