From 2a0cb20a1f7b84f28a242530927d4893089a9373 Mon Sep 17 00:00:00 2001 From: Wojciech Pietruszeski <30799254+wpietruszewski@users.noreply.github.com> Date: Mon, 18 Dec 2017 21:38:44 +0100 Subject: [PATCH] win_get_url: Changed basic auth from NetworkCredential to Base64 (#32389) * Changed basic auth from NetworkCredential to Base64 * Added force_basic_auth parameter to win_get_url module force_basic_auth provides user with option to control which mechanism to use Updated win_get_url.py documentation section * Add missing version_added in win_get_url.py * minor update for documentation --- lib/ansible/modules/windows/win_get_url.ps1 | 14 ++++++++++++-- lib/ansible/modules/windows/win_get_url.py | 7 +++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/lib/ansible/modules/windows/win_get_url.ps1 b/lib/ansible/modules/windows/win_get_url.ps1 index 130ded27795..7047f8a7dad 100644 --- a/lib/ansible/modules/windows/win_get_url.ps1 +++ b/lib/ansible/modules/windows/win_get_url.ps1 @@ -106,7 +106,11 @@ Function Download-File($result, $url, $dest, $headers, $credentials, $timeout, $ } if ($credentials) { - $extWebClient.Credentials = $credentials + if ($force_basic_auth) { + $extWebClient.Headers.Add("Authorization","Basic $credentials") + } else { + $extWebClient.Credentials = $credentials + } } if (-not $whatif) { @@ -138,6 +142,7 @@ $skip_certificate_validation = Get-AnsibleParam -obj $params -name "skip_certifi $validate_certs = Get-AnsibleParam -obj $params -name "validate_certs" -type "bool" -default $true $url_username = Get-AnsibleParam -obj $params -name "url_username" -type "str" -aliases "username" $url_password = Get-AnsibleParam -obj $params -name "url_password" -type "str" -aliases "password" +$force_basic_auth = Get-AnsibleParam -obj $params -name "force_basic_auth" -type "bool" -default $false $use_proxy = Get-AnsibleParam -obj $params -name "use_proxy" -type "bool" -default $true $proxy_url = Get-AnsibleParam -obj $params -name "proxy_url" -type "str" $proxy_username = Get-AnsibleParam -obj $params -name "proxy_username" -type "str" @@ -170,7 +175,12 @@ if ($proxy_url) { $credentials = $null if ($url_username -and $url_password) { - $credentials = New-Object System.Net.NetworkCredential($url_username, $url_password) + if ($force_basic_auth) { + $credentials = [convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($url_username+":"+$url_password)) + } else { + $credentials = New-Object System.Net.NetworkCredential($url_username, $url_password) + } + } # If skip_certificate_validation was specified, use validate_certs diff --git a/lib/ansible/modules/windows/win_get_url.py b/lib/ansible/modules/windows/win_get_url.py index 72e83dcfb87..a033fe472dc 100644 --- a/lib/ansible/modules/windows/win_get_url.py +++ b/lib/ansible/modules/windows/win_get_url.py @@ -69,6 +69,13 @@ options: description: - Basic authentication password. aliases: [ password ] + force_basic_auth: + description: + - If C(yes), will add a Basic authentication header on the initial request. + - If C(no), will use Microsoft's WebClient to handle authentication. + type: bool + default: 'no' + version_added: "2.5" skip_certificate_validation: description: - This option is deprecated since v2.4, please use C(validate_certs) instead.