Atomically move known hosts file into place when edited by paramiko connections

Fixes #8169
pull/8431/merge
James Cammarata 10 years ago
parent d202616213
commit bd49a835b4

@ -29,6 +29,7 @@ import pipes
import socket
import random
import logging
import tempfile
import traceback
import fcntl
import re
@ -39,7 +40,6 @@ from ansible.callbacks import vvv
from ansible import errors
from ansible import utils
from ansible import constants as C
from ansible.module_utils.basic import atomic_move
AUTHENTICITY_MSG="""
paramiko: The authenticity of host '%s' can't be established.
@ -381,7 +381,25 @@ class Connection(object):
self.ssh.load_system_host_keys()
self.ssh._host_keys.update(self.ssh._system_host_keys)
self._save_ssh_host_keys(self.keyfile)
# gather information about the current key file, so
# we can ensure the new file has the correct mode/owner
key_dir = os.path.dirname(self.keyfile)
key_stat = os.stat(self.keyfile)
# Save the new keys to a temporary file and move it into place
# rather than rewriting the file. We set delete=False because
# the file will be moved into place rather than cleaned up.
tmp_keyfile = tempfile.NamedTemporaryFile(dir=key_dir, delete=False)
os.chmod(tmp_keyfile.name, key_stat.st_mode & 07777)
os.chown(tmp_keyfile.name, key_stat.st_uid, key_stat.st_gid)
self._save_ssh_host_keys(tmp_keyfile.name)
tmp_keyfile.close()
os.rename(tmp_keyfile.name, self.keyfile)
except:

Loading…
Cancel
Save