From dbab7032658b6e70da229966251ad0d1292a6419 Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Fri, 7 Aug 2015 16:26:23 -0400 Subject: [PATCH] fine tuned password handling as we were getting false positives, probably caused by other changes up the stack that now call these functions in more cases. --- .../plugins/connections/paramiko_ssh.py | 20 ++++++++++++------- lib/ansible/plugins/connections/ssh.py | 18 ++++++++++++++--- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/lib/ansible/plugins/connections/paramiko_ssh.py b/lib/ansible/plugins/connections/paramiko_ssh.py index ec15c83853..df97a6e3a5 100644 --- a/lib/ansible/plugins/connections/paramiko_ssh.py +++ b/lib/ansible/plugins/connections/paramiko_ssh.py @@ -230,23 +230,29 @@ class Connection(ConnectionBase): chan.exec_command(cmd) if self._play_context.prompt: if self._play_context.become and self._play_context.become_pass: + passprompt = False while True: self._display.debug('Waiting for Privilege Escalation input') - if self.check_become_success(become_output) or self.check_password_prompt(become_output): + if self.check_become_success(become_output): break + elif self.check_password_prompt(become_output): + passprompt = True + break + chunk = chan.recv(bufsize) self._display.debug("chunk is: %s" % chunk) if not chunk: if 'unknown user' in become_output: - raise AnsibleError( - 'user %s does not exist' % become_user) + raise AnsibleError( 'user %s does not exist' % become_user) else: - raise AnsibleError('ssh connection ' + - 'closed waiting for password prompt') + break + #raise AnsibleError('ssh connection closed waiting for password prompt') become_output += chunk - if not self.check_become_success(become_output): - if self._play_context.become: + if passprompt: + if self._play_context.become and self._play_context.become_pass: chan.sendall(self._play_context.become_pass + '\n') + else: + raise AnsibleError("A password is reqired but none was supplied") else: no_prompt_out += become_output no_prompt_err += become_output diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py index 5231c8ae8c..9c16168413 100644 --- a/lib/ansible/plugins/connections/ssh.py +++ b/lib/ansible/plugins/connections/ssh.py @@ -371,11 +371,19 @@ class Connection(ConnectionBase): become_output = '' become_errput = '' + passprompt = False while True: self._display.debug('Waiting for Privilege Escalation input') - if self.check_become_success(become_output + become_errput) or self.check_password_prompt(become_output + become_errput): + + if self.check_become_success(become_output + become_errput): + self._display.debug('Succeded!') + break + elif self.check_password_prompt(become_output) or self.check_password_prompt(become_errput): + self._display.debug('Password prompt!') + passprompt = True break + self._display.debug('Read next chunks') rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout], self._play_context.timeout) if not rfd: # timeout. wrap up process communication @@ -385,16 +393,20 @@ class Connection(ConnectionBase): elif p.stderr in rfd: chunk = p.stderr.read() become_errput += chunk + self._display.debug('stderr chunk is: %s' % chunk) self.check_incorrect_password(become_errput) elif p.stdout in rfd: chunk = p.stdout.read() become_output += chunk + self._display.debug('stdout chunk is: %s' % chunk) + if not chunk: - raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output) + break + #raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output) - if not self.check_become_success(become_output + become_errput): + if passprompt: self._display.debug("Sending privilege escalation password.") stdin.write(self._play_context.become_pass + '\n') else: