archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ensure ssh retry respects no log (#49569) (#49726)

Browse Source 
* ensure ssh retry respects no log

backport for fix of (#49569)

(cherry picked from commit ba4c2ebeac)

* peeepeee blank

* added cve
pull/49915/head
Brian Coca 6 years ago committed by Matt Davis
parent ad7823dbd5
commit e0a81d133f
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/avoid_ssh_retry_discolsures.yml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- now no log is being respected on retry and high verbosity. CVE-2018-16876

17
lib/ansible/plugins/connection/ssh.py
Unescape Escape View File

@ -256,11 +256,14 @@ def _ssh_retry(func):
try:
try:
return_tuple = func(self, *args, **kwargs)
display.vvv(return_tuple, host=self.host)
if self._play_context.no_log:
display.vvv('rc=%s, stdout & stderr censored due to no log' % return_tuple[0], host=self.host)
else:
display.vvv(return_tuple, host=self.host)
# 0 = success
# 1-254 = remote command return code
# 255 = failure from the ssh command itself
except (AnsibleControlPersistBrokenPipeError) as e:
# 255 could be a failure from the ssh command itself
except (AnsibleControlPersistBrokenPipeError):
# Retry one more time because of the ControlPersist broken pipe (see #16731)
display.vvv(u"RETRYING BECAUSE OF CONTROLPERSIST BROKEN PIPE")
return_tuple = func(self, *args, **kwargs)
@ -268,7 +271,13 @@ def _ssh_retry(func):
if return_tuple[0] != 255:
break
else:
raise AnsibleConnectionFailure("Failed to connect to the host via ssh: %s" % to_native(return_tuple[2]))
msg = "Failed to connect to the host via ssh: "
if self._play_context.no_log:
msg += '<error censored due to no log>'
else:
msg += to_native(return_tuple[2])
raise AnsibleConnectionFailure(msg)
except (AnsibleConnectionFailure, Exception) as e:
if attempt == remaining_tries - 1:
raise

Write Preview
Loading…
Cancel
Save