File 0052-Don-t-send-passwords-after-shim-delimiter-is-found-3.patch of Package salt.4663
From 3cb03cdabaa669d2ba3dfc3198329664a41760d1 Mon Sep 17 00:00:00 2001
From: Nicole Thomas <nicole@saltstack.com>
Date: Mon, 16 May 2016 11:01:19 -0600
Subject: [PATCH 52/52] Don't send passwords after shim delimiter is found
(#33273)
The SSH_PASSWORD_PROMPT_RE regexp used to detect if SSH is requesting a
password can be triggered if the shim is returning data to the server
with text that matches the regex, including inside JSON results. This
then results in the server unable to parse the JSON results. This
patch fixes this issue by looking for the shim delimiter in the output and
disabling the sending of passwords after the delimiter is found.
Fixes #29422.
---
salt/client/ssh/shell.py | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/salt/client/ssh/shell.py b/salt/client/ssh/shell.py
index deb6519..cfef9f0 100644
--- a/salt/client/ssh/shell.py
+++ b/salt/client/ssh/shell.py
@@ -23,6 +23,10 @@ log = logging.getLogger(__name__)
SSH_PASSWORD_PROMPT_RE = re.compile(r'(?:.*)[Pp]assword(?: for .*)?:', re.M)
KEY_VALID_RE = re.compile(r'.*\(yes\/no\).*')
+# Keep these in sync with ./__init__.py
+RSTR = '_edbc7885e4f9aac9b83b35999b68d015148caf467b78fa39c05f669c0ff89878'
+RSTR_RE = re.compile(r'(?:^|\r?\n)' + RSTR + r'(?:\r?\n|$)')
+
class NoPasswdError(Exception):
pass
@@ -354,6 +358,7 @@ class Shell(object):
stream_stdout=False,
stream_stderr=False)
sent_passwd = 0
+ send_password = True
ret_stdout = ''
ret_stderr = ''
@@ -364,7 +369,10 @@ class Shell(object):
ret_stdout += stdout
if stderr:
ret_stderr += stderr
- if stdout and SSH_PASSWORD_PROMPT_RE.search(stdout):
+ if stdout and RSTR_RE.search(stdout):
+ # We're getting results back, don't try to send passwords
+ send_password = False
+ if stdout and SSH_PASSWORD_PROMPT_RE.search(stdout) and send_password:
if not self.passwd:
return '', 'Permission denied, no authentication information', 254
if sent_passwd < passwd_retries:
--
2.10.2
