fine tuned password handling as we were getting false positives, probably caused…

fine tuned password handling as we were getting false positives, probably caused by other changes up the stack that now call these functions in more cases.

fine tuned password handling as we were getting false positives, probably caused…
fine tuned password handling as we were getting false positives, probably caused by other changes up the stack that now call these functions in more cases.
dbab7032 · Brian Coca · 6fcfebd2 · dbab7032 · dbab7032
Commit dbab7032 authored Aug 07, 2015 by Brian Coca
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 10 deletions

lib/ansible/plugins/connections/paramiko_ssh.py
+13 -7

lib/ansible/plugins/connections/ssh.py
+15 -3

No files found.
--- a/lib/ansible/plugins/connections/paramiko_ssh.py
+++ b/lib/ansible/plugins/connections/paramiko_ssh.py
@@ -230,23 +230,29 @@ class Connection(ConnectionBase):
            chan.exec_command(cmd)
            if self._play_context.prompt:
                if self._play_context.become and self._play_context.become_pass:
+                    passprompt = False
                    while True:
                        self._display.debug('Waiting for Privilege Escalation input')
-                        if self.check_become_success(become_output) or self.check_password_prompt(become_output):
+                        if self.check_become_success(become_output):
                            break
+                        elif self.check_password_prompt(become_output):
+                            passprompt = True
+                            break
                        chunk = chan.recv(bufsize)
                        self._display.debug("chunk is: %s" % chunk)
                        if not chunk:
                            if 'unknown user' in become_output:
-                                raise AnsibleError(
+                                raise AnsibleError( 'user %s does not exist' % become_user)
-                                    'user %s does not exist' % become_user)
                            else:
-                                raise AnsibleError('ssh connection ' +
+                                break
-                                    'closed waiting for password prompt')
+                                #raise AnsibleError('ssh connection closed waiting for password prompt')
                        become_output += chunk
-                    if not self.check_become_success(become_output):
+                    if passprompt:
-                        if self._play_context.become:
+                        if self._play_context.become and self._play_context.become_pass:
                            chan.sendall(self._play_context.become_pass + '\n')
+                        else:
+                            raise AnsibleError("A password is reqired but none was supplied")
                    else:
                        no_prompt_out += become_output
                        no_prompt_err += become_output

--- a/lib/ansible/plugins/connections/ssh.py
+++ b/lib/ansible/plugins/connections/ssh.py
@@ -371,11 +371,19 @@ class Connection(ConnectionBase):
                become_output = ''
                become_errput = ''
+                passprompt = False
                while True:
                    self._display.debug('Waiting for Privilege Escalation input')
-                    if self.check_become_success(become_output + become_errput) or self.check_password_prompt(become_output + become_errput):
+                    if self.check_become_success(become_output + become_errput):
+                        self._display.debug('Succeded!')
+                        break
+                    elif self.check_password_prompt(become_output) or self.check_password_prompt(become_errput):
+                        self._display.debug('Password prompt!')
+                        passprompt = True
                        break
+                    self._display.debug('Read next chunks')
                    rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout], self._play_context.timeout)
                    if not rfd:
                        # timeout. wrap up process communication
@@ -385,16 +393,20 @@ class Connection(ConnectionBase):
                    elif p.stderr in rfd:
                        chunk = p.stderr.read()
                        become_errput += chunk
+                        self._display.debug('stderr chunk is: %s' % chunk)
                        self.check_incorrect_password(become_errput)
                    elif p.stdout in rfd:
                        chunk = p.stdout.read()
                        become_output += chunk
+                        self._display.debug('stdout chunk is: %s' % chunk)
                    if not chunk:
-                        raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output)
+                        break
+                        #raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output)
-                if not self.check_become_success(become_output + become_errput):
+                if passprompt:
                    self._display.debug("Sending privilege escalation password.")
                    stdin.write(self._play_context.become_pass + '\n')
                else: