ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-24 13:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Lookup password omit salt (#16361)

Browse source 
* Lookup unencrypted password must not include salt
* Integration test lookup: remove previous directory
* Test that lookup password doesn't return salt
* Lookup password: test behavior with empty encrypt parameter

Closes #16189
This commit is contained in:
Pilou 2016-06-27 19:44:25 +02:00 committed by Matt Clay
commit b361bf90d7
2 changed files with 71 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

32
lib/ansible/plugins/lookup/password.py
View file

@ -137,25 +137,23 @@ class LookupModule(LookupBase):
password = content
salt = None
if params['encrypt'] is not None:
try:
sep = content.rindex(' ')
except ValueError:
# No salt
pass
else:
salt_field = content[sep + 1:]
if salt_field.startswith('salt='):
password = content[:sep]
salt = salt_field[len('salt='):]
try:
sep = content.rindex(' salt=')
except ValueError:
# No salt
pass
else:
salt = password[sep + len(' salt='):]
password = content[:sep]
if params['encrypt'] is not None and salt is None:
# crypt requested, add salt if missing
if not salt:
salt = self.random_salt()
content = '%s salt=%s' % (password, salt)
with open(path, 'w') as f:
os.chmod(path, 0o600)
f.write(content + '\n')
salt = self.random_salt()
content = '%s salt=%s' % (password, salt)
with open(path, 'w') as f:
os.chmod(path, 0o600)
f.write(content + '\n')
if params['encrypt']:
password = do_encrypt(password, params['encrypt'], salt=salt)