1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Make ansible doesn't parse template-like password in user's input (#42275)

NOTE:
1. Use unsafe decorator but not builtin escape wrapper in jinja2
since ansible will try parse ssh password twice, the builtin
escape wrapper will be removed during the first parse.
2. Use class AnsibleUnsafeText but not '!unsafe' syntax since
passwords are not loaded by YAML env, '!unsafe' syntax doesn't
work for them.
This commit is contained in:
Zhikang Zhang 2018-07-05 10:26:12 -04:00 committed by GitHub
parent d962611528
commit de40ac02a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -38,6 +38,7 @@ from ansible.errors import AnsibleOptionsError, AnsibleError
from ansible.inventory.manager import InventoryManager from ansible.inventory.manager import InventoryManager
from ansible.module_utils.six import with_metaclass, string_types from ansible.module_utils.six import with_metaclass, string_types
from ansible.module_utils._text import to_bytes, to_text from ansible.module_utils._text import to_bytes, to_text
from ansible.utils.unsafe_proxy import AnsibleUnsafeText
from ansible.parsing.dataloader import DataLoader from ansible.parsing.dataloader import DataLoader
from ansible.release import __version__ from ansible.release import __version__
from ansible.utils.path import unfrackpath from ansible.utils.path import unfrackpath
@ -329,7 +330,7 @@ class CLI(with_metaclass(ABCMeta, object)):
sshpass = getpass.getpass(prompt="SSH password: ") sshpass = getpass.getpass(prompt="SSH password: ")
become_prompt = "%s password[defaults to SSH password]: " % become_prompt_method become_prompt = "%s password[defaults to SSH password]: " % become_prompt_method
if sshpass: if sshpass:
sshpass = to_bytes(sshpass, errors='strict', nonstring='simplerepr') sshpass = AnsibleUnsafeText(to_bytes(sshpass, errors='strict', nonstring='simplerepr'))
else: else:
become_prompt = "%s password: " % become_prompt_method become_prompt = "%s password: " % become_prompt_method
@ -338,7 +339,7 @@ class CLI(with_metaclass(ABCMeta, object)):
if op.ask_pass and becomepass == '': if op.ask_pass and becomepass == '':
becomepass = sshpass becomepass = sshpass
if becomepass: if becomepass:
becomepass = to_bytes(becomepass) becomepass = AnsibleUnsafeText(to_bytes(becomepass))
except EOFError: except EOFError:
pass pass