archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix password lookup for FIPS

Browse Source 
Fixes #47297
pull/47894/head
Toshio Kuratomi 6 years ago
parent ec32bda2ef
commit 9906daa83c
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
changelogs/fragments/fix-password-lookup-on-fips.yaml
Unescape Escape View File

@ -0,0 +1,5 @@
---
bugfixes:
- 'Fix the password lookup when run from a FIPS enabled system. FIPS forbids
the use of md5 but we can use sha1 instead.
https://github.com/ansible/ansible/issues/47297'

2
lib/ansible/plugins/lookup/password.py
Unescape Escape View File

@ -268,7 +268,7 @@ def _get_lock(b_path):
"""Get the lock for writing password file.""" """Get the lock for writing password file."""
first_process = False first_process = False
b_pathdir = os.path.dirname(b_path) b_pathdir = os.path.dirname(b_path)
lockfile_name = to_bytes("%s.ansible_lockfile" % hashlib.md5(b_path).hexdigest()) lockfile_name = to_bytes("%s.ansible_lockfile" % hashlib.sha1(b_path).hexdigest())
lockfile = os.path.join(b_pathdir, lockfile_name) lockfile = os.path.join(b_pathdir, lockfile_name)
if not os.path.exists(lockfile) and b_path != to_bytes('/dev/null'): if not os.path.exists(lockfile) and b_path != to_bytes('/dev/null'):
try: try:

Write Preview
Loading…
Cancel
Save