mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-22 21:00:22 -07:00
Prevent data being truncated over persistent connection socket (#43885)
* Change how data is sent to the persistent connection socket. We can't rely on readline(), so send the size of the data first. We can then read that many bytes from the stream on the recieving end. * Set pty to noncanonical mode before sending * Now that we send data length, we don't need a sentinel anymore * Copy socket changes to persistent, too * Use os.write instead of fdopen()ing and using that. * Follow pickle with sha1sum of pickle * Swap order of vars and init being passed to ansible-connection
This commit is contained in:
parent
77bff99f3c
commit
f221105882
4 changed files with 77 additions and 56 deletions
|
@ -34,12 +34,12 @@ import pty
|
|||
import json
|
||||
import subprocess
|
||||
import sys
|
||||
import termios
|
||||
|
||||
from ansible import constants as C
|
||||
from ansible.plugins.connection import ConnectionBase
|
||||
from ansible.module_utils._text import to_text
|
||||
from ansible.module_utils.six.moves import cPickle
|
||||
from ansible.module_utils.connection import Connection as SocketConnection
|
||||
from ansible.module_utils.connection import Connection as SocketConnection, write_to_file_descriptor
|
||||
from ansible.errors import AnsibleError
|
||||
|
||||
try:
|
||||
|
@ -109,26 +109,24 @@ class Connection(ConnectionBase):
|
|||
[python, find_file_in_path('ansible-connection'), to_text(os.getppid())],
|
||||
stdin=slave, stdout=subprocess.PIPE, stderr=subprocess.PIPE
|
||||
)
|
||||
stdin = os.fdopen(master, 'wb', 0)
|
||||
os.close(slave)
|
||||
|
||||
# Need to force a protocol that is compatible with both py2 and py3.
|
||||
# That would be protocol=2 or less.
|
||||
# Also need to force a protocol that excludes certain control chars as
|
||||
# stdin in this case is a pty and control chars will cause problems.
|
||||
# that means only protocol=0 will work.
|
||||
src = cPickle.dumps(self._play_context.serialize(), protocol=0)
|
||||
stdin.write(src)
|
||||
stdin.write(b'\n#END_INIT#\n')
|
||||
# We need to set the pty into noncanonical mode. This ensures that we
|
||||
# can receive lines longer than 4095 characters (plus newline) without
|
||||
# truncating.
|
||||
old = termios.tcgetattr(master)
|
||||
new = termios.tcgetattr(master)
|
||||
new[3] = new[3] & ~termios.ICANON
|
||||
|
||||
src = cPickle.dumps({'ansible_command_timeout': self.get_option('persistent_command_timeout')}, protocol=0)
|
||||
stdin.write(src)
|
||||
stdin.write(b'\n#END_VARS#\n')
|
||||
try:
|
||||
termios.tcsetattr(master, termios.TCSANOW, new)
|
||||
write_to_file_descriptor(master, {'ansible_command_timeout': self.get_option('persistent_command_timeout')})
|
||||
write_to_file_descriptor(master, self._play_context.serialize())
|
||||
|
||||
stdin.flush()
|
||||
|
||||
(stdout, stderr) = p.communicate()
|
||||
stdin.close()
|
||||
(stdout, stderr) = p.communicate()
|
||||
finally:
|
||||
termios.tcsetattr(master, termios.TCSANOW, old)
|
||||
os.close(master)
|
||||
|
||||
if p.returncode == 0:
|
||||
result = json.loads(to_text(stdout, errors='surrogate_then_replace'))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue