user - fix shadow file parsing on AIX (#62547)

Initialize variables in case the shadow file is not found. Handle IndexErrors if something goes wrong with file parsing.
2019-10-14 15:44:22 -04:00 · 2019-10-14 15:44:22 -04:00 · e9d10f94b7
commit e9d10f94b7
parent d8389d9f55
2 changed files with 19 additions and 15 deletions
--- a/changelogs/fragments/user-aix-shadow-unbound-local.yaml
+++ b/changelogs/fragments/user-aix-shadow-unbound-local.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - user - fix stack trace on AIX when attempting to parse shadow file that does not exist (https://github.com/ansible/ansible/issues/62510)
--- a/lib/ansible/modules/system/user.py
+++ b/lib/ansible/modules/system/user.py
@ -2501,29 +2501,31 @@ class AIX(User):
        """

        b_name = to_bytes(self.name)
+        b_passwd = b''
+        b_expires = b''
        if os.path.exists(self.SHADOWFILE) and os.access(self.SHADOWFILE, os.R_OK):
            with open(self.SHADOWFILE, 'rb') as bf:
                b_lines = bf.readlines()

            b_passwd_line = b''
            b_expires_line = b''
-            for index, b_line in enumerate(b_lines):
-                # Get password and lastupdate lines which come after the username
-                if b_line.startswith(b'%s:' % b_name):
-                    b_passwd_line = b_lines[index + 1]
-                    b_expires_line = b_lines[index + 2]
-                    break
+            try:
+                for index, b_line in enumerate(b_lines):
+                    # Get password and lastupdate lines which come after the username
+                    if b_line.startswith(b'%s:' % b_name):
+                        b_passwd_line = b_lines[index + 1]
+                        b_expires_line = b_lines[index + 2]
+                        break

-            # Sanity check the lines because sometimes both are not present
-            if b' = ' in b_passwd_line:
-                b_passwd = b_passwd_line.split(b' = ', 1)[-1].strip()
-            else:
-                b_passwd = b''
+                # Sanity check the lines because sometimes both are not present
+                if b' = ' in b_passwd_line:
+                    b_passwd = b_passwd_line.split(b' = ', 1)[-1].strip()

-            if b' = ' in b_expires_line:
-                b_expires = b_expires_line.split(b' = ', 1)[-1].strip()
-            else:
-                b_expires = b''
+                if b' = ' in b_expires_line:
+                    b_expires = b_expires_line.split(b' = ', 1)[-1].strip()
+
+            except IndexError:
+                self.module.fail_json(msg='Failed to parse shadow file %s' % self.SHADOWFILE)

        passwd = to_native(b_passwd)
        expires = to_native(b_expires) or -1