Fixes #6579 allow for vault passwords ending with newline chars

Also add a unit test for vaulteditor to verify 1.0 passwords with newline chars.
2014-03-19 14:36:52 -04:00 · 2014-03-19 14:36:52 -04:00 · 409044155d
commit 409044155d
parent 2998466811
5 changed files with 30 additions and 8 deletions
--- a/bin/ansible
+++ b/bin/ansible
@ -133,9 +133,6 @@ class Cli(object):
            except (OSError, IOError), e:
                raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))

-            # get rid of newline chars        
-            tmp_vault_pass = tmp_vault_pass.strip()
-
            if not options.ask_vault_pass:
                vault_pass = tmp_vault_pass

--- a/bin/ansible-playbook
+++ b/bin/ansible-playbook
@ -127,9 +127,6 @@ def main(args):
            except (OSError, IOError), e:
                raise errors.AnsibleError("Could not read %s: %s" % (this_path, e))

-            # get rid of newline chars
-            tmp_vault_pass = tmp_vault_pass.strip()
-
            if not options.ask_vault_pass:
                vault_pass = tmp_vault_pass

--- a/bin/ansible-vault
+++ b/bin/ansible-vault
@ -105,8 +105,6 @@ def _read_password(filename):
    f = open(filename, "rb")
    data = f.read()
    f.close
-    # get rid of newline chars
-    data = data.strip()
    return data

 def execute_create(args, options, parser):
--- a/test/units/TestVaultEditor.py
+++ b/test/units/TestVaultEditor.py
@ -75,6 +75,32 @@ class TestVaultEditor(TestCase):
        assert error_hit == False, "error decrypting 1.0 file"            
        assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() 

+    def test_decrypt_1_0_newline(self):
+        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
+            raise SkipTest
+        dirpath = tempfile.mkdtemp()
+        filename = os.path.join(dirpath, "foo-ansible-1.0-ansible-newline-ansible.yml")
+        shutil.rmtree(dirpath)
+        shutil.copytree("vault_test_data", dirpath)
+        ve = VaultEditor(None, "ansible\nansible\n", filename)
+
+        # make sure the password functions for the cipher
+        error_hit = False
+        try:        
+            ve.decrypt_file()
+        except errors.AnsibleError, e:
+            error_hit = True
+
+        # verify decrypted content
+        f = open(filename, "rb")
+        fdata = f.read()
+        f.close()
+
+        shutil.rmtree(dirpath)
+        assert error_hit == False, "error decrypting 1.0 file with newline in password"            
+        #assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() 
+
+
    def test_decrypt_1_1(self):
        if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2:
            raise SkipTest
--- a/test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml
+++ b/test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml
@ -0,0 +1,4 @@
+$ANSIBLE_VAULT;1.0;AES
+53616c7465645f5ff0442ae8b08e2ff316d0d6512013185df7aded44f3c0eeef1b7544d078be1fe7
+ed88d0fedcb11928df45558f4b7f80fce627fbb08c5288885ab053f4129175779a8f24f5c1113731
+7d22cee14284670953c140612edf62f92485123fc4f15099ffe776e906e08145