diff options
author | Iordan Iordanov <iiordanov@gmail.com> | 2014-02-24 16:05:03 -0500 |
---|---|---|
committer | James Cammarata <jimi@sngx.net> | 2014-03-10 15:53:21 -0500 |
commit | 60055348ba58f1f67e61bdf4f7baca0ff7465007 (patch) | |
tree | 8c9da09f9a98ec8929a08944d12f53e78aeffa64 | |
parent | d3b452ecb12262dbe055d0d092b4d4b5fc3d9195 (diff) | |
download | ansible-60055348ba58f1f67e61bdf4f7baca0ff7465007.tar.gz |
Add support for checking host against global known host files.
-rw-r--r-- | lib/ansible/runner/connection_plugins/ssh.py | 63 |
1 files changed, 37 insertions, 26 deletions
diff --git a/lib/ansible/runner/connection_plugins/ssh.py b/lib/ansible/runner/connection_plugins/ssh.py index c5fab75ce1..22189caadf 100644 --- a/lib/ansible/runner/connection_plugins/ssh.py +++ b/lib/ansible/runner/connection_plugins/ssh.py @@ -118,35 +118,46 @@ class Connection(object): def not_in_host_file(self, host): if 'USER' in os.environ: - host_file = os.path.expandvars("~${USER}/.ssh/known_hosts") + user_host_file = os.path.expandvars("~${USER}/.ssh/known_hosts") else: - host_file = "~/.ssh/known_hosts" - host_file = os.path.expanduser(host_file) - if not os.path.exists(host_file): - print "previous known host file not found" - return True - host_fh = open(host_file) - data = host_fh.read() - host_fh.close() - for line in data.split("\n"): - if line is None or line.find(" ") == -1: + user_host_file = "~/.ssh/known_hosts" + user_host_file = os.path.expanduser(user_host_file) + + host_file_list = [] + host_file_list.append(user_host_file) + host_file_list.append("/etc/ssh/ssh_known_hosts") + host_file_list.append("/etc/ssh/ssh_known_hosts2") + + hfiles_not_found = 0 + for hf in host_file_list: + if not os.path.exists(hf): + hfiles_not_found += 1 continue - tokens = line.split() - if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: - # this is a hashed known host entry - try: - (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) - hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) - hash.update(host) - if hash.digest() == kn_host.decode('base64'): - return False - except: - # invalid hashed host key, skip it + host_fh = open(hf) + data = host_fh.read() + host_fh.close() + for line in data.split("\n"): + if line is None or line.find(" ") == -1: continue - else: - # standard host file entry - if host in tokens[0]: - return False + tokens = line.split() + if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: + # this is a hashed known host entry + try: + (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) + hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) + hash.update(host) + if hash.digest() == kn_host.decode('base64'): + return False + except: + # invalid hashed host key, skip it + continue + else: + # standard host file entry + if host in tokens[0]: + return False + + if (hfiles_not_found == len(host_file_list)): + print "previous known host file not found" return True def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False): |