From b58d7470d467f59fb254fe70c4e72430ec8e525a Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Mon, 12 Oct 2015 12:55:33 -0700 Subject: [PATCH] Cleanup logic and be more paranoid about passwords with spaces --- lib/ansible/plugins/lookup/password.py | 37 +++++++++++++++----------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/lib/ansible/plugins/lookup/password.py b/lib/ansible/plugins/lookup/password.py index 1c0fc5c2a57..12943b901e0 100644 --- a/lib/ansible/plugins/lookup/password.py +++ b/lib/ansible/plugins/lookup/password.py @@ -134,22 +134,29 @@ class LookupModule(LookupBase): f.write(content + '\n') else: content = open(path).read().rstrip() - sep = content.find(' ') - if sep >= 0: - password = content[:sep] - salt = content[sep + 1:].split('=')[1] - else: - password = content - salt = None - - # crypt requested, add salt if missing - if (params['encrypt'] is not None and not salt): - salt = self.random_salt() - content = '%s salt=%s' % (password, salt) - with open(path, 'w') as f: - os.chmod(path, 0o600) - f.write(content + '\n') + if params['encrypt'] is not None: + try: + sep = content.rindex(' ') + except ValueError: + password = content + salt = None + else: + salt_field = content[sep + 1:] + if salt_field.startswith('salt='): + password = content[:sep] + salt = salt_field[len('salt=':] + else: + password = content + salt = None + + # crypt requested, add salt if missing + if not salt: + salt = self.random_salt() + content = '%s salt=%s' % (password, salt) + with open(path, 'w') as f: + os.chmod(path, 0o600) + f.write(content + '\n') if params['encrypt']: password = do_encrypt(password, params['encrypt'], salt=salt)