Skip to content

A
ansible
Commit 0824f004 by Alan Fairless
Options

Revised patch for more password entropy

parent dc4d589c
Showing with 16 additions and 6 deletions
lib/ansible/constants.py
...@@ -19,6 +19,7 @@ import os ...@@ -19,6 +19,7 @@ import os
import pwd import pwd
import sys import sys
import ConfigParser import ConfigParser
from string import ascii_letters, digits
# copied from utils, avoid circular reference fun :) # copied from utils, avoid circular reference fun :)
def mk_boolean(value): def mk_boolean(value):
...@@ -148,6 +149,8 @@ ACCELERATE_TIMEOUT = get_config(p, 'accelerate', 'accelerate_timeout ...@@ -148,6 +149,8 @@ ACCELERATE_TIMEOUT = get_config(p, 'accelerate', 'accelerate_timeout
ACCELERATE_CONNECT_TIMEOUT = get_config(p, 'accelerate', 'accelerate_connect_timeout', 'ACCELERATE_CONNECT_TIMEOUT', 1.0, floating=True) ACCELERATE_CONNECT_TIMEOUT = get_config(p, 'accelerate', 'accelerate_connect_timeout', 'ACCELERATE_CONNECT_TIMEOUT', 1.0, floating=True)
PARAMIKO_PTY = get_config(p, 'paramiko_connection', 'pty', 'ANSIBLE_PARAMIKO_PTY', True, boolean=True) PARAMIKO_PTY = get_config(p, 'paramiko_connection', 'pty', 'ANSIBLE_PARAMIKO_PTY', True, boolean=True)
# characters included in auto-generated passwords
DEFAULT_PASSWORD_CHARS = ascii_letters + digits + ".,:-_"
# non-configurable things # non-configurable things
DEFAULT_SUDO_PASS = None DEFAULT_SUDO_PASS = None
......
lib/ansible/runner/lookup_plugins/password.py
...@@ -20,7 +20,6 @@ ...@@ -20,7 +20,6 @@
from ansible import utils, errors from ansible import utils, errors
import os import os
import errno import errno
import random
from string import ascii_letters, digits from string import ascii_letters, digits
...@@ -33,10 +32,7 @@ class LookupModule(object): ...@@ -33,10 +32,7 @@ class LookupModule(object):
def random_salt(self): def random_salt(self):
salt_chars = ascii_letters + digits + './' salt_chars = ascii_letters + digits + './'
salt = [] return utils.random_password(length=8, chars=salt_chars)
for _ in range(8):
salt.append(random.choice(salt_chars))
return ''.join(salt)
def run(self, terms, inject=None, **kwargs): def run(self, terms, inject=None, **kwargs):
...@@ -76,7 +72,7 @@ class LookupModule(object): ...@@ -76,7 +72,7 @@ class LookupModule(object):
if not os.path.isdir(pathdir): if not os.path.isdir(pathdir):
os.makedirs(pathdir) os.makedirs(pathdir)
chars = ascii_letters + digits + ".,:-_" chars = ascii_letters + digits + ".,:-_"
password = ''.join(random.choice(chars) for _ in range(length)) password = utils.random_password(length)
if encrypt is not None: if encrypt is not None:
salt = self.random_salt() salt = self.random_salt()
content = '%s salt=%s' % (password, salt) content = '%s salt=%s' % (password, salt)
......
lib/ansible/utils/__init__.py
...@@ -1006,4 +1006,13 @@ def combine_vars(a, b): ...@@ -1006,4 +1006,13 @@ def combine_vars(a, b):
else: else:
return dict(a.items() + b.items()) return dict(a.items() + b.items())
def random_password(length=20, chars=C.DEFAULT_PASSWORD_CHARS):
'''Return a random password string of length containing only chars.'''
password = []
while len(password) < length:
new_char = os.urandom(1)
if new_char in chars:
password.append(new_char)
return ''.join(password)
library/cloud/linode
...@@ -174,6 +174,8 @@ def randompass(): ...@@ -174,6 +174,8 @@ def randompass():
# we play it safe :) # we play it safe :)
import random import random
import string import string
# as of python 2.4, this reseeds the PRNG from urandom
random.seed()
lower = ''.join(random.choice(string.ascii_lowercase) for x in range(6)) lower = ''.join(random.choice(string.ascii_lowercase) for x in range(6))
upper = ''.join(random.choice(string.ascii_uppercase) for x in range(6)) upper = ''.join(random.choice(string.ascii_uppercase) for x in range(6))
number = ''.join(random.choice(string.digits) for x in range(6)) number = ''.join(random.choice(string.digits) for x in range(6))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment