wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix password lookup for FIPS

Browse source 
Fixes #47297
This commit is contained in:
Toshio Kuratomi 2018-10-18 12:16:36 -07:00
parent ec32bda2ef
commit 9906daa83c
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/fragments/fix-password-lookup-on-fips.yaml Normal file
View file

@ -0,0 +1,5 @@
---
bugfixes:
- 'Fix the password lookup when run from a FIPS enabled system. FIPS forbids
the use of md5 but we can use sha1 instead.
https://github.com/ansible/ansible/issues/47297'

2
lib/ansible/plugins/lookup/password.py
View file

@ -268,7 +268,7 @@ def _get_lock(b_path):
"""Get the lock for writing password file.""" """Get the lock for writing password file."""
first_process = False first_process = False
b_pathdir = os.path.dirname(b_path) b_pathdir = os.path.dirname(b_path)
lockfile_name = to_bytes("%s.ansible_lockfile" % hashlib.md5(b_path).hexdigest()) lockfile_name = to_bytes("%s.ansible_lockfile" % hashlib.sha1(b_path).hexdigest())
lockfile = os.path.join(b_pathdir, lockfile_name) lockfile = os.path.join(b_pathdir, lockfile_name)
if not os.path.exists(lockfile) and b_path != to_bytes('/dev/null'): if not os.path.exists(lockfile) and b_path != to_bytes('/dev/null'):
try: try: