ansible-sshjail icon indicating copy to clipboard operation
ansible-sshjail copied to clipboard

Published 20 hours ago verified publisher icon austinhyde

Quote removal off-by-one (on ansible core 2.11.2)

Open grembo opened this issue 4 years ago • 8 comments

Changing this line

https://github.com/austinhyde/ansible-sshjail/blob/981674fdecd44d05d420f2a405a029b73846f205/sshjail.py#L357 to

    cmd = sudoless[len(quotes):-len(quotes)] 
    if cmd.endswith("'"):
        cmd = cmd[:-1]

fixes the issue (even if it's just a workaround).

Example playbook that fails without the patch:

---
- hosts: all
  gather_facts: False
  
  tasks:
   - name: install python
     raw: test -e /usr/local/bin/python || ( pkg install -y python )

grembo avatar Jul 31 '21 17:07 grembo 

- hosts: [email protected]
  name: Bootstrap Python
  gather_facts: no
  tasks:
    # last '_' is removed by bug in sshjail
    - name: Bootstrap Python
      raw: py_boot_

Have also had to work around this. py_boot is copied during jail creation. (excuse the hack!)

bikingcoder avatar Aug 09 '21 20:08 bikingcoder

@grembo @mcgaw I've put up PR #36 which should fix this. If you get some time in the next week or so, give that a try and let me know if it works for your cases. If you don't get to it, no worries; I tested a few cases, and I'm confident it works correctly for the cases we've encountered to date.

austinhyde avatar Aug 15 '21 19:08 austinhyde

@austinhyde I tested your PR this morning by removing my hack, documented above, and it seems to work now. Thanks for spending time on this!

bikingcoder avatar Aug 30 '21 07:08 bikingcoder

@mcgaw @austinhyde I commented on #36, so in general it works, but having a minimum ansible version check would be useful - opened #37 to address this.

grembo avatar Aug 30 '21 08:08 grembo

@grembo I'm using ansible 2.10.6, which seems to be less than the minimum ansible version you mentioned? Sorry if I've picked you up wrong.

bikingcoder avatar Aug 30 '21 08:08 bikingcoder

@mcgaw It seems like this was due to a bug introduced in ansible in https://github.com/ansible/ansible/commit/935528e22e5283ee3f63a8772830d3d01f55ed8c#diff-38cec806ea1a1ee7c3a286c7865334ecfba7ccc49e21d4e8fb8ec1b17938fda6, which affected 2.11.0, 2.11.1, and 2.11.2. It was corrected it https://github.com/ansible/ansible/commit/a2239d88191794f0f8f1d21c7a63ecd85ec4349e, which made it to 2.11.3.

So maybe minimum version isn't exactly the right way of addressing this (could be useful to have such a check anyway).

grembo avatar Aug 30 '21 10:08 grembo

I mentioned it on the PR too, but I'm seeing the same quoting bug on 2.12.1.

durin42 avatar Dec 20 '21 23:12 durin42

I mentioned it on the PR too, but I'm seeing the same quoting bug on 2.12.1.

Yes, like mentioned on the PR, this is a bug in sshjail that is fixed in #36 (which probably should land/be released). The problems with specific ansible versions were unrelated and just noticed while testing the change.

grembo avatar Dec 21 '21 00:12 grembo