From 409044155d2b6df49f63cc24d347e8cd715fe6a5 Mon Sep 17 00:00:00 2001 From: James Tanner Date: Wed, 19 Mar 2014 14:36:52 -0400 Subject: [PATCH] Fixes #6579 allow for vault passwords ending with newline chars Also add a unit test for vaulteditor to verify 1.0 passwords with newline chars. --- bin/ansible | 3 --- bin/ansible-playbook | 3 --- bin/ansible-vault | 2 -- test/units/TestVaultEditor.py | 26 +++++++++++++++++++ ...oo-ansible-1.0-ansible-newline-ansible.yml | 4 +++ 5 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml diff --git a/bin/ansible b/bin/ansible index 86a91d0b49..b403a7fc86 100755 --- a/bin/ansible +++ b/bin/ansible @@ -133,9 +133,6 @@ class Cli(object): except (OSError, IOError), e: raise errors.AnsibleError("Could not read %s: %s" % (this_path, e)) - # get rid of newline chars - tmp_vault_pass = tmp_vault_pass.strip() - if not options.ask_vault_pass: vault_pass = tmp_vault_pass diff --git a/bin/ansible-playbook b/bin/ansible-playbook index be178a6565..344590341e 100755 --- a/bin/ansible-playbook +++ b/bin/ansible-playbook @@ -127,9 +127,6 @@ def main(args): except (OSError, IOError), e: raise errors.AnsibleError("Could not read %s: %s" % (this_path, e)) - # get rid of newline chars - tmp_vault_pass = tmp_vault_pass.strip() - if not options.ask_vault_pass: vault_pass = tmp_vault_pass diff --git a/bin/ansible-vault b/bin/ansible-vault index 2c8094d13b..9be2a172fb 100755 --- a/bin/ansible-vault +++ b/bin/ansible-vault @@ -105,8 +105,6 @@ def _read_password(filename): f = open(filename, "rb") data = f.read() f.close - # get rid of newline chars - data = data.strip() return data def execute_create(args, options, parser): diff --git a/test/units/TestVaultEditor.py b/test/units/TestVaultEditor.py index 4d3f99e89a..cf7515370a 100644 --- a/test/units/TestVaultEditor.py +++ b/test/units/TestVaultEditor.py @@ -75,6 +75,32 @@ class TestVaultEditor(TestCase): assert error_hit == False, "error decrypting 1.0 file" assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() + def test_decrypt_1_0_newline(self): + if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: + raise SkipTest + dirpath = tempfile.mkdtemp() + filename = os.path.join(dirpath, "foo-ansible-1.0-ansible-newline-ansible.yml") + shutil.rmtree(dirpath) + shutil.copytree("vault_test_data", dirpath) + ve = VaultEditor(None, "ansible\nansible\n", filename) + + # make sure the password functions for the cipher + error_hit = False + try: + ve.decrypt_file() + except errors.AnsibleError, e: + error_hit = True + + # verify decrypted content + f = open(filename, "rb") + fdata = f.read() + f.close() + + shutil.rmtree(dirpath) + assert error_hit == False, "error decrypting 1.0 file with newline in password" + #assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() + + def test_decrypt_1_1(self): if not HAS_AES or not HAS_COUNTER or not HAS_PBKDF2: raise SkipTest diff --git a/test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml b/test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml new file mode 100644 index 0000000000..dd4e6e746b --- /dev/null +++ b/test/units/vault_test_data/foo-ansible-1.0-ansible-newline-ansible.yml @@ -0,0 +1,4 @@ +$ANSIBLE_VAULT;1.0;AES +53616c7465645f5ff0442ae8b08e2ff316d0d6512013185df7aded44f3c0eeef1b7544d078be1fe7 +ed88d0fedcb11928df45558f4b7f80fce627fbb08c5288885ab053f4129175779a8f24f5c1113731 +7d22cee14284670953c140612edf62f92485123fc4f15099ffe776e906e08145