File: //usr/lib/python3.9/site-packages/ansible/plugins/connection/__pycache__/ssh.cpython-39.pyc
a
������)gY������������������������@���s`���d�d�l�m�Z�m�Z�m�Z���e�Z�d�Z�d�d�l�Z�d�d�l�Z�d�d�l Z d�d�l
Z
d�d�l�Z�d�d�l�Z�d�d�l
Z
d�d�l�Z�d�d�l�Z�d�d�l�m�Z���d�d�l�m�Z�m�Z�m�Z�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z�m�Z�m�Z���d�d l�m�Z�m Z m!Z!��d�d
l"m#Z#m$Z$��d�d�l%m&Z&m'Z'��d�d�l(m)Z)��d�d
l*m+Z+��d�d�l,m-Z-m.Z.��e+��Z/d�Z0d�a1e��2d���Z3G�d�d���d�e���Z4e/f�d�d���Z5d�d���Z6G�d�d���d�e&��Z7d�S�)������)���absolute_import��division��print_functiona,5��
name: ssh
short_description: connect via SSH client binary
description:
- This connection plugin allows Ansible to communicate to the target machines through normal SSH command line.
- Ansible does not expose a channel to allow communication between the user and the SSH process to accept
a password manually to decrypt an SSH key when using this connection plugin (which is the default). The
use of C(ssh-agent) is highly recommended.
author: ansible (@core)
extends_documentation_fragment:
- connection_pipelining
version_added: historical
notes:
- Many options default to C(None) here but that only means we do not override the SSH tool's defaults and/or configuration.
For example, if you specify the port in this plugin it will override any C(Port) entry in your C(.ssh/config).
- The ssh CLI tool uses return code 255 as a 'connection error', this can conflict with commands/tools that
also return 255 as an error code and will look like an 'unreachable' condition or 'connection error' to this plugin.
options:
host:
description: Hostname/IP to connect to.
default: inventory_hostname
vars:
- name: inventory_hostname
- name: ansible_host
- name: ansible_ssh_host
- name: delegated_vars['ansible_host']
- name: delegated_vars['ansible_ssh_host']
host_key_checking:
description: Determines if SSH should check host keys.
default: True
type: boolean
ini:
- section: defaults
key: 'host_key_checking'
- section: ssh_connection
key: 'host_key_checking'
version_added: '2.5'
env:
- name: ANSIBLE_HOST_KEY_CHECKING
- name: ANSIBLE_SSH_HOST_KEY_CHECKING
version_added: '2.5'
vars:
- name: ansible_host_key_checking
version_added: '2.5'
- name: ansible_ssh_host_key_checking
version_added: '2.5'
password:
description: Authentication password for the C(remote_user). Can be supplied as CLI option.
vars:
- name: ansible_password
- name: ansible_ssh_pass
- name: ansible_ssh_password
sshpass_prompt:
description:
- Password prompt that sshpass should search for. Supported by sshpass 1.06 and up.
- Defaults to C(Enter PIN for) when pkcs11_provider is set.
default: ''
ini:
- section: 'ssh_connection'
key: 'sshpass_prompt'
env:
- name: ANSIBLE_SSHPASS_PROMPT
vars:
- name: ansible_sshpass_prompt
version_added: '2.10'
ssh_args:
description: Arguments to pass to all SSH CLI tools.
default: '-C -o ControlMaster=auto -o ControlPersist=60s'
ini:
- section: 'ssh_connection'
key: 'ssh_args'
env:
- name: ANSIBLE_SSH_ARGS
vars:
- name: ansible_ssh_args
version_added: '2.7'
ssh_common_args:
description: Common extra args for all SSH CLI tools.
ini:
- section: 'ssh_connection'
key: 'ssh_common_args'
version_added: '2.7'
env:
- name: ANSIBLE_SSH_COMMON_ARGS
version_added: '2.7'
vars:
- name: ansible_ssh_common_args
cli:
- name: ssh_common_args
default: ''
ssh_executable:
default: ssh
description:
- This defines the location of the SSH binary. It defaults to C(ssh) which will use the first SSH binary available in $PATH.
- This option is usually not required, it might be useful when access to system SSH is restricted,
or when using SSH wrappers to connect to remote hosts.
env: [{name: ANSIBLE_SSH_EXECUTABLE}]
ini:
- {key: ssh_executable, section: ssh_connection}
#const: ANSIBLE_SSH_EXECUTABLE
version_added: "2.2"
vars:
- name: ansible_ssh_executable
version_added: '2.7'
sftp_executable:
default: sftp
description:
- This defines the location of the sftp binary. It defaults to C(sftp) which will use the first binary available in $PATH.
env: [{name: ANSIBLE_SFTP_EXECUTABLE}]
ini:
- {key: sftp_executable, section: ssh_connection}
version_added: "2.6"
vars:
- name: ansible_sftp_executable
version_added: '2.7'
scp_executable:
default: scp
description:
- This defines the location of the scp binary. It defaults to C(scp) which will use the first binary available in $PATH.
env: [{name: ANSIBLE_SCP_EXECUTABLE}]
ini:
- {key: scp_executable, section: ssh_connection}
version_added: "2.6"
vars:
- name: ansible_scp_executable
version_added: '2.7'
scp_extra_args:
description: Extra exclusive to the C(scp) CLI
vars:
- name: ansible_scp_extra_args
env:
- name: ANSIBLE_SCP_EXTRA_ARGS
version_added: '2.7'
ini:
- key: scp_extra_args
section: ssh_connection
version_added: '2.7'
cli:
- name: scp_extra_args
default: ''
sftp_extra_args:
description: Extra exclusive to the C(sftp) CLI
vars:
- name: ansible_sftp_extra_args
env:
- name: ANSIBLE_SFTP_EXTRA_ARGS
version_added: '2.7'
ini:
- key: sftp_extra_args
section: ssh_connection
version_added: '2.7'
cli:
- name: sftp_extra_args
default: ''
ssh_extra_args:
description: Extra exclusive to the SSH CLI.
vars:
- name: ansible_ssh_extra_args
env:
- name: ANSIBLE_SSH_EXTRA_ARGS
version_added: '2.7'
ini:
- key: ssh_extra_args
section: ssh_connection
version_added: '2.7'
cli:
- name: ssh_extra_args
default: ''
reconnection_retries:
description:
- Number of attempts to connect.
- Ansible retries connections only if it gets an SSH error with a return code of 255.
- Any errors with return codes other than 255 indicate an issue with program execution.
default: 0
type: integer
env:
- name: ANSIBLE_SSH_RETRIES
ini:
- section: connection
key: retries
- section: ssh_connection
key: retries
vars:
- name: ansible_ssh_retries
version_added: '2.7'
port:
description: Remote port to connect to.
type: int
ini:
- section: defaults
key: remote_port
env:
- name: ANSIBLE_REMOTE_PORT
vars:
- name: ansible_port
- name: ansible_ssh_port
keyword:
- name: port
remote_user:
description:
- User name with which to login to the remote server, normally set by the remote_user keyword.
- If no user is supplied, Ansible will let the SSH client binary choose the user as it normally.
ini:
- section: defaults
key: remote_user
env:
- name: ANSIBLE_REMOTE_USER
vars:
- name: ansible_user
- name: ansible_ssh_user
cli:
- name: user
keyword:
- name: remote_user
pipelining:
env:
- name: ANSIBLE_PIPELINING
- name: ANSIBLE_SSH_PIPELINING
ini:
- section: defaults
key: pipelining
- section: connection
key: pipelining
- section: ssh_connection
key: pipelining
vars:
- name: ansible_pipelining
- name: ansible_ssh_pipelining
private_key_file:
description:
- Path to private key file to use for authentication.
ini:
- section: defaults
key: private_key_file
env:
- name: ANSIBLE_PRIVATE_KEY_FILE
vars:
- name: ansible_private_key_file
- name: ansible_ssh_private_key_file
cli:
- name: private_key_file
option: '--private-key'
control_path:
description:
- This is the location to save SSH's ControlPath sockets, it uses SSH's variable substitution.
- Since 2.3, if null (default), ansible will generate a unique hash. Use ``%(directory)s`` to indicate where to use the control dir path setting.
- Before 2.3 it defaulted to ``control_path=%(directory)s/ansible-ssh-%%h-%%p-%%r``.
- Be aware that this setting is ignored if C(-o ControlPath) is set in ssh args.
env:
- name: ANSIBLE_SSH_CONTROL_PATH
ini:
- key: control_path
section: ssh_connection
vars:
- name: ansible_control_path
version_added: '2.7'
control_path_dir:
default: ~/.ansible/cp
description:
- This sets the directory to use for ssh control path if the control path setting is null.
- Also, provides the ``%(directory)s`` variable for the control path setting.
env:
- name: ANSIBLE_SSH_CONTROL_PATH_DIR
ini:
- section: ssh_connection
key: control_path_dir
vars:
- name: ansible_control_path_dir
version_added: '2.7'
sftp_batch_mode:
default: 'yes'
description: 'TODO: write it'
env: [{name: ANSIBLE_SFTP_BATCH_MODE}]
ini:
- {key: sftp_batch_mode, section: ssh_connection}
type: bool
vars:
- name: ansible_sftp_batch_mode
version_added: '2.7'
ssh_transfer_method:
description:
- "Preferred method to use when transferring files over ssh"
- Setting to 'smart' (default) will try them in order, until one succeeds or they all fail
- For OpenSSH >=9.0 you must add an additional option to enable scp (scp_extra_args="-O")
- Using 'piped' creates an ssh pipe with C(dd) on either side to copy the data
choices: ['sftp', 'scp', 'piped', 'smart']
env: [{name: ANSIBLE_SSH_TRANSFER_METHOD}]
ini:
- {key: transfer_method, section: ssh_connection}
vars:
- name: ansible_ssh_transfer_method
version_added: '2.12'
scp_if_ssh:
deprecated:
why: In favor of the "ssh_transfer_method" option.
version: "2.17"
alternatives: ssh_transfer_method
default: smart
description:
- "Preferred method to use when transferring files over SSH."
- When set to I(smart), Ansible will try them until one succeeds or they all fail.
- If set to I(True), it will force 'scp', if I(False) it will use 'sftp'.
- For OpenSSH >=9.0 you must add an additional option to enable scp (scp_extra_args="-O")
- This setting will overridden by ssh_transfer_method if set.
env: [{name: ANSIBLE_SCP_IF_SSH}]
ini:
- {key: scp_if_ssh, section: ssh_connection}
vars:
- name: ansible_scp_if_ssh
version_added: '2.7'
use_tty:
version_added: '2.5'
default: 'yes'
description: add -tt to ssh commands to force tty allocation.
env: [{name: ANSIBLE_SSH_USETTY}]
ini:
- {key: usetty, section: ssh_connection}
type: bool
vars:
- name: ansible_ssh_use_tty
version_added: '2.7'
timeout:
default: 10
description:
- This is the default amount of time we will wait while establishing an SSH connection.
- It also controls how long we can wait to access reading the connection once established (select on the socket).
env:
- name: ANSIBLE_TIMEOUT
- name: ANSIBLE_SSH_TIMEOUT
version_added: '2.11'
ini:
- key: timeout
section: defaults
- key: timeout
section: ssh_connection
version_added: '2.11'
vars:
- name: ansible_ssh_timeout
version_added: '2.11'
cli:
- name: timeout
type: integer
pkcs11_provider:
version_added: '2.12'
default: ""
description:
- "PKCS11 SmartCard provider such as opensc, example: /usr/local/lib/opensc-pkcs11.so"
- Requires sshpass version 1.06+, sshpass must support the -P option.
env: [{name: ANSIBLE_PKCS11_PROVIDER}]
ini:
- {key: pkcs11_provider, section: ssh_connection}
vars:
- name: ansible_ssh_pkcs11_provider
N����wraps)���AnsibleAuthenticationFailure��AnsibleConnectionFailure��AnsibleError��AnsibleFileNotFound)���AnsibleOptionsError)�� selectors)���PY3� text_type��binary_type)���to_bytes� to_native��to_text)���BOOLEANS��boolean)���ConnectionBase��BUFSIZE)��
_parse_clixml)���Display)���unfrackpath�
makedirs_safe)�s"���Traceback (most recent call last):s����PHP Parse error:s����chmod: invalid modes-���chmod: A flag or octal number is not correct.z
^debug\d+: .*c��������������������@���s����e�Z�d�Z�d�Z�d�S�)��$AnsibleControlPersistBrokenPipeErrorz� ControlPersist broken pipe N)���__name__�
__module__��__qualname__��__doc__��r ���r ����B/usr/lib/python3.9/site-packages/ansible/plugins/connection/ssh.pyr��������s��������r����c������������
�������C���s����|�d�k�r�|�d���d�k�r\d���|���}�|�d�k�r*d�}�|�r:d���|���}�n�d���|�t�|�d�����������}�t�|�����nX|�d���d v�r�d
}�|�r|d���|���}�n8t�|�d���������}�d�|�v�r�d�}�t�d���|�|�������d���|�|���}�|�d���d
k���r,d�}�t�D�]$} | |�d���v�s�| |�d���v�r�d�}���q�q�|���r,d�}�|���r�d���|���}�n�d���|�t�|�d�����������}�t�|�����d�|�d�������k���rHd�k���r�n���n<d�}�|���rbd���|���}�n�d���|�t�|�d�����������}�|�j�|�|�d�����d�S�)�N�����sshpassr���������z_Invalid/incorrect username/password. Skipping remaining {0} retries to prevent account lockout:z�Invalid/incorrect password:z"{0} <error censored due to no log>z�{0} {1}�����)������r$������������������z�sshpass error:z�sshpass: invalid option -- 'P'z�Installed sshpass version does not support customized password prompts. Upgrade sshpass to use sshpass_prompt, or otherwise switch to ssh keys.����Tr%���Fz&Failed to connect to the host via ssh:��������host) ��formatr������rstripr����r �����b_NOT_SSH_ERRORSr����r������vvv)
��remaining_retriesZ�command��return_tuple��no_logr,�����display��msg��detailsZ SSH_ERRORZ signaturer ���r ���r!����
_handle_error����sH���������
�����������
������������������������������������������� ���������r7���c������������������������s����t�������f�d�d�����}�|�S�)�a+���
Decorator to retry ssh/scp/sftp in the case of a connection failure
Will retry if:
* an exception is caught
* ssh returns 255
Will not retry if
* sshpass returns 5 (invalid password, to prevent account lockouts)
* remaining_tries is < 2
* retries limit reached
c������������
�����������sJ���t�|���d�����d���}�d�t�|�d�������}�|���d���p2|�j�j�}�t�|���D���]�}�|�d���}�|�d�k�r�|�r�t�|�t���r�t�� ��|�_
d�t�|�j
d���d�d�d ����|�d�<�z�zL��|�g�|���R�i�|�����}�|�j�j�r�t
j�d
|�d�����|�j�d�����n�t
j�|�|�j�d�����W�nt��t���yH������|�d���}�|���r$t�|�t�����r$t�� ��|�_
d�t�|�j
d���d�d�d ����|�d�<�t
��d�������|�g�|���R�i�|�����}�Y�n�0�|�|���d���} t�| |�d���|�|�j�j�|�j�����W�����qFW�q<��t���y���������Y�q<��t�t�f���yB��}
��z�|�|�d���k���r���nxd
|���d���}�|�d�k���r�d�}�t�|
t�����r�d�|�d���|�|�f���}�n�d�|�d���t�|
��|�|�f���}�t
j�|�|�j�d�����t���|�����W�Y�d�}
~
q<W�Y�d�}
~
q<d�}
~
0�0�q<|�S�)�NZ�reconnection_retriesr%���z�%s...r������password�����-d�
simplerepr��surrogate_or_strict��� nonstring��errorsz/rc=%s, stdout and stderr censored due to no logr+���z.RETRYING BECAUSE OF CONTROLPERSIST BROKEN PIPEr$��������zPssh_retry: attempt: %d, ssh return code is 255. cmd (%s), pausing for %d secondszRssh_retry: attempt: %d, caught exception(%s) from cmd (%s), pausing for %d seconds)���int�
get_optionr�����
_play_contextr8�����range�
isinstance��list��os��pipe��sshpass_piper����r3���r4���r0���r,���r����r7���r����r����� ExceptionZ�vv��time��sleep)
��self��args��kwargsZ�remaining_triesZ�cmd_summary�
conn_passwordZ�attempt��cmdr2���r1�����e��pauser5�������funcr ���r!�����wrapped����sR�����������������
���������������������
���
���������������������
���������������
�$�z�_ssh_retry.<locals>.wrappedr����)�rT���rU���r ���rS���r!����
_ssh_retry����s���������?rV���c������������������������s����e�Z�d�Z�d�Z�d�Z�d�Z���f�d�d���Z�d�d���Z�e�d+d d
����Z e�d�d�����Z
e�d
d�����Z�d�d���Z�d�d���Z
d�d���Z�e�d�d�����Z�d�d���Z�d,d�d���Z�e�d-d�d�����Z�e�d�d�����Z�d�d ��Z�d.��f�d!d"� Z���f�d#d$��Z���f�d%d&��Z�d'd(��Z�d)d*��Z�����Z�S�)/�
Connectionz� ssh based connections ��sshTc������������������������sj���t�t�|���j�|�i�|�������|�j�j�|�_�|�j�j�|�_�|�j�j�|�_�d�|�_ d�|�_
t�|�j�d�d���rfd�|�_
d�|�_�d�|�_�d�|�_�d�S�)�N��_IS_WINDOWSFT)�z�.ps1z�.exe��)���superrW�����__init__rB�����remote_addrr,�����port��remote_user��user��control_path��control_path_dir��getattr��_shellZ�has_native_asyncZ�always_pipeline_modulesZ!module_implementation_preferencesZ�allow_executable)�rL���rM���rN������ __class__r ���r!���r\���*���s��������
�
�
�������������z�Connection.__init__c��������������������C���s����|�S���Nr �����rL���r ���r ���r!�����_connectA���s������z�Connection._connectNc������������ �������C���sd���d�|�|�|�f���}�|�r�|�d�|���7�}�|�r2|�d�t�|�����7�}�t�����}�|���t�|�������|�����}�d�|�d�d�������}�|�S�)�z7Make a hash for the controlpath based on con attributesz�%s-%s-%sz�-%sz�%(directory)s/N�
���)�r������hashlibZ�sha1��updater����Z hexdigest) r,���r^���r`���Z
connection��pidZ�pstring��mZ�digestZ�cpathr ���r ���r!�����_create_control_pathD���s������������������������z�Connection._create_control_pathc��������������������C���sN���t�d�u�rJz*t�j�d�g�t�j�t�j�t�j�d���}�|�������d�a�W�n���t�yH������d�a�Y�n�0�t�S�)�NZ�sshpass����stdin��stdout��stderrTF)���SSHPASS_AVAILABLE�
subprocess��Popen��PIPE��communicate��OSError����pr ���r ���r!�����_sshpass_availableR���s������������������
�z�Connection._sshpass_availablec��������������������C���s>���d�}�d�}�d�d���|�D���D�]�}�d�|�v�r(d�}�q�d�|�v�r�d�}�q�|�|�f�S�)�a����
Takes a command array and scans it for ControlPersist and ControlPath
settings and returns two booleans indicating whether either was found.
This could be smarter, e.g. returning false if ControlPersist is 'no',
but for now we do it simple way.
Fc��������������������s���s����|�]�}�|�����V���q�d�S�rg���)���lower����.0��ar ���r ���r!���� <genexpr>p��������z3Connection._persistence_controls.<locals>.<genexpr>s����controlpersistTs����controlpathr ���)�� b_command��controlpersist��controlpathZ�b_argr ���r ���r!�����_persistence_controlsd���s����� ��������������z Connection._persistence_controlsc��������������������C���s4���t�j�d�|�d���d�d���|�D�����f���|�j�d�����|�|�7�}�d�S�)�a����
Adds arguments to the ssh command and displays a caller-supplied explanation of why.
:arg b_command: A list containing the command to add the new arguments to.
This list will be modified by this method.
:arg b_args: An iterable of new arguments to add. This iterable is used
more than once so it must be persistent (ie: a list is okay but a
StringIO would not)
:arg explanation: A text string containing explaining why the arguments
were added. It will be displayed with a high enough verbosity.
.. note:: This function does its work via side-effect. The b_command list has the new arguments appended.
z
SSH: %s: (%s)z�)(c��������������������s���s����|�]�}�t�|���V���q�d�S�rg���)�r����r~���r ���r ���r!���r��������r����z'Connection._add_args.<locals>.<genexpr>r+���N)�r4���Z�vvvvv��joinr,���)�rL���r������b_argsZ�explanationr ���r ���r!���� _add_argsx���s�����
(�z�Connection._add_argsc����������������
���G���s����g�}�|���d���p�|�j�j�}�|���d���}�|�s(|�r�|�����s8t�d�����|�sH|�rHt�d�����t�����|�_�|�d�d�t�|�j�d���d�d d
����g�7�}�|���d���}�|�s�|�r�d�}�|�r�|�d
t�|�d d���g�7�}�|�t�|�d d���g�7�}�|�r�|�r�|�� |�d�d�d�d�d�d�d�t�d�|�����f�d�����|�d�k���r�|���d�����r�|���r�d�d�g�}�|�� |�|�d�����|�d�d�g�7�}�t
j�d�k���r4|���d�����|���d���} | ��rfd�d���|��
| ��D���}�|�� |�|�d ����|���d!��d"u���r�d#}�|�� |�|�d$����|���d%��|�_�|�j�d&u���r�d�d't�|�j�d�d d
����f�}�|�� |�|�d(����|���d)��}
|
��r�d�d*t�t�j���|
��d d�����d+��f�}�|�� |�|�d,����|���s�|�� |�d-d.����|���d/��|�_�|�j���rL|�� |�d�d0t�|�j�d d�����f�d1����|���d2��}�|�� |�d�d3t�|�d d�d4����f�d5����d6d7��|���f�D�]@}�|���|���}
|
d&u���r�d8d���|��
|
��D���}�|�� |�|�d9|���������q�|���|���\�}�}�|���r�d:|�_�|���s�|���d;��|�_�t�|�j���}�t�|�d d���}�t�|�d<����t���|�t�j�����s2t�d=t�|���������|���d>��|�_�|�j���s\|���|�j�|�j�|�j���|�_�d�d?t�|�j�t�|�d@����d d�����f�}�|�� |�|�dA����|���r�|�dBd���|�D���7�}�|�S�)Ca����
Takes a executable (ssh, scp, sftp or wrapper) and optional extra arguments and returns the remote command
wrapped in local ssh shell commands and ready for execution.
:arg binary: actual executable to use to execute command.
:arg subsystem: type of executable provided, ssh/sftp/scp, needed because wrappers for ssh might have diff names.
:arg other_args: dict of, value pairs passed as arguments to the ssh binary
r8�����pkcs11_providerzhto use the 'ssh' connection type with passwords or pkcs11_provider, you must install the sshpass programz6to use pkcs11_provider you must specify a password/pinr"���r9���r����r:���r;���r<���Z�sshpass_promptz�Enter PIN for s����-P��r>��������-o�����KbdInteractiveAuthentication=nos"���PreferredAuthentications=publickey�����PasswordAuthentication=noz�PKCS11Provider=%sz
Enable pkcs11��sftpZ�sftp_batch_modes����BatchMode=noz�disable batch mode for sshpasss����-b�����-r&���s����-vvv��ssh_argsc��������������������S���s����g�|�]�}�t�|�d�d�����q�S���r;���r������r����r~���r ���r ���r!����
<listcomp>����r����z-Connection._build_command.<locals>.<listcomp>z�ansible.cfg set ssh_args��host_key_checkingF)�r����s����StrictHostKeyChecking=noz4ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabledr^���Ns����Port=z0ANSIBLE_REMOTE_PORT/remote_port/ansible_port setZ�private_key_files����IdentityFile="�����"zJANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set)�r����r����r����sI���PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickeyr����r����z-ansible_password/ansible_ssh_password not setr_���s ���User="%s"z8ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set��timeouts����ConnectTimeout=)�r>���r=���z�ANSIBLE_TIMEOUT/timeout setZ�ssh_common_argsz�{0}_extra_argsc��������������������S���s����g�|�]�}�t�|�d�d�����q�S�r����r����r~���r ���r ���r!���r��������r����z�Set %sTrb���i����z�Cannot write to ControlPath %sra���s����ControlPath="%s")�Z directoryz,found only ControlPersist; added ControlPathc��������������������S���s����g�|�]�}�t�|�����q�S�r ���r����r~���r ���r ���r!���r���� ���r����)�rA���rB���r8���r|���r ���rF���rG���rH���r����r����r4���� verbosity��appendZ�_split_ssh_argsr^�����path�
expanduserr`���r-���r����Z�_persistentrb���r����r������access��W_OKr����ra���ro���r,�����dict)�rL���Z�binaryZ subsystemZ
other_argsr����rO���r����Z�password_promptr����r������keyr������opt��attrr����r����Z�cpdirZ�b_cpdirr ���r ���r!�����_build_command����s����������
�����������
� �
�����������������������������������������
�
�������������������������
��� ������������ ��������������
���������� ��
�
���������������
���
������������������� �������z�Connection._build_commandc����������������
���C���s����t���d�����z�|���t�|�������|�������W�nd��t�t�f�y���}���zHt���d�����|�� ����t
|�d�d���d�u�rtt�d�|�j�t
|���f���|�d�����W�Y�d�}�~�n
d�}�~�0�0�t���d�t�|���������d�S�)�z�
Writes initial data to the stdin filehandle of the subprocess and closes
it. (The handle must be closed; otherwise, for example, "sftp -b -" will
just hang forever waiting for more commands.)
z�Sending initial datag����MbP?�
returncodeN�[Data could not be sent to remote host "%s". Make sure this host can be reached over ssh: %s)�Z�orig_excz�Sent initial data (%d bytes))�r4�����debug��writer������closery�����IOErrorrJ���rK�����pollrc���r����r,���r������len)�rL���Z�fh��in_dataZ�ssh_processrQ���r ���r ���r!�����_send_initial_data$���s������
���������
�����������������z�Connection._send_initial_datac���������������� ���C���s(���z�|�������W�n���t�t�f�y"������Y�n�0�d�S�)�z& Terminate a process, ignoring errors N)�Z terminatery���r����rz���r ���r ���r!�����_terminate_process>���s������������z�Connection._terminate_processc������������
�������C���sR���g�}�|���d���D���]�}�t�|�����d���}�d�}�t���|���r2n�|�j�����rl|�j���|���rlt�� d�|�|�|�f�������d�|�j
d�<�d�}�n�|�j�j�r�|�j���|���r�t�� d�|�|�|�f�������d�|�j
d�<�d�}�nb|�r�|�j��
|���r�t�� d�|�|�|�f�������d�|�j
d <�n2|���r�|�j���|�����r�t�� d
|�|�|�f�������d�|�j
d�<�|�s�|���|�����q�d�} |���rD|�d
����d�����sD|�d
��} |�d�d
����}�d���|���| f�S�)�ai���
Takes a string, extracts complete lines from it, tests to see if they
are a prompt, error message, etc., and sets appropriate flags in self.
Prompt and success lines are removed.
Returns the processed (i.e. possibly-edited) output and the unprocessed
remainder (to be processed with the next chunk) as strings.
Tz�
Fz*become_prompt: (source=%s, state=%s): '%s'�
become_promptz+become_success: (source=%s, state=%s): '%s'��become_successz)become_error: (source=%s, state=%s): '%s'��become_errorz2become_nopasswd_error: (source=%s, state=%s): '%s'��become_nopasswd_errorr������������
N)��
splitlinesr����r.���� SSH_DEBUG��match��becomeZ
expect_promptZ�check_password_promptr4���r������_flags��successZ
check_successZ�check_incorrect_passwordZ�check_missing_passwordr������endswithr����)
rL�����source��state��b_chunk��sudoable��outputZ�b_lineZ�display_lineZ�suppress_outputZ remainderr ���r ���r!�����_examine_outputH���s6����
��������
�������
�������
�������������
�������������z�Connection._examine_outputc������������!���
���C���s����d���d�d���|�D�����}�t�j�d���|���|�j�d�����d�}�t�|�t�t�f���rFt�|���}�n�t t
t�|�����}�|���d���pd|�j�j
}�|�s�zbt�����\�}�} t�r�|�r�t�j�|�| t�j�t�j�|�j�d���}�n�t�j�|�| t�j�t�j�d ��}�t���|�d
d���}
t���| ����W�n���t�t�f�y�������d�}�Y�n�0�|���svzLt���r�|���r�t�j�|�t�j�t�j�t�j�|�j�d���}�n�t�j�|�t�j�t�j�t�j�d ��}�|�j�}
W�n:��t�t�f���yt��}���z�t�d�t�|���������W�Y�d�}�~�n
d�}�~�0�0�|���r�t���|�j�d�������z�t���|�j�d
��t�|���d�������W�nD��t���y���}���z*|�j�t�j�k���s�|�� ��d�u���rڂ�W�Y�d�}�~�n
d�}�~�0�0�t���|�j�d
������g�d���}�|��!d���}
t�|���d�����|�v���r�|���r�t"|�j#d�d���}�|���rf|��!d���}
t��$d�|�|
��t%|���f�������n:|�j#��r�|�j#j&��r�|��!d���}
t��$d�|�|
��t%|�j#j&��f�������d���}�}�d���}�}�t'd�d�d�d�d���|�_(d�|���d�����}�|�j)|�j*f�D�]&}�t+�+|�t+j,t+�+|�t+j-��t�j.B�������q�t/�0��}�|��1|�j)t/j2����|��1|�j*t/j2����|�|
��d�k���rV|���rV|��3|
|�|�����|
d
7�}
��zz|�� ��}�|��4|���}�|���s�|
|��!d���k���r�|�d�u���r���q�|��5|�����t�d�|�t�|���f�������|�D�]�\�}�}�|�j6|�j)k���r�|�j)�7��}�|�d�k���r�|��8|�j)����d
}�|�|�7�}�t��$d�|
t%|���f�������nL|�j6|�j*k���r�|�j*�7��}�|�d�k���r:|��8|�j*����|�|�7�}�t��$d�|
t%|���f���������q�|
|��!d���k���r�|���r�|��9d�|�|
��|�|���\�}�}�|�|�7�}�|�}�|���r�|��9d�|�|
��|�|���\�}�}�|�|�7�}�|�}�n�|�|�7�}�|�|�7�}�d���}�}�|�|
��d�k���rV|�j(d ����rBt��$d!����|�j#j�d"|�j�d#��}�|
��t�|�d$d%��d�������|
�:����d�|�j(d <�|
d
7�}
n�|�j(d&����rV|
d
7�}
|�|
��d�k���r@|�j(d&����r�t���d'����d�|�j(d&<�|
d
7�}
n�|�j(d(����r�t���d)����|��5|�����d�|�j(d(<�t�d*|�j#j;������nv|�j(d+����r�t���d,����|��5|�����d�|�j(d+<�t�d-|�j#j;������n:|�j(d ����r@t���d.����|��5|�����d�|�j(d <�t�d*|�j#j;������|�|
��d�k���rj|���rb|��3|
|�|�����|
d
7�}
|�d�u���r�|��<����r�|���s���q�d�}���qZn�|��<����sZ|��=������q���qZW�|�������|
������|�j)������|�j*������n&|�������|
������|�j)������|�j*������0�|���d/����r(|�d���d0k���r(|�j>d1k���r(t�d2����d3|�v���p8d4|�v�}�|�j>d�k���rT|���rTt�d5����d6|�v�}�|�j>d7k���r�t�|���} |���r�t?d8| ������n�|���r�|���r�t@d9|�j�| f�������|�j>|�|�f�S�):zL
Starts the command and communicates with it until it ends.
�� c��������������������s���s����|�]�}�t���t�|�����V���q�d�S�rg���)���shlex��quoter����)�r�����cr ���r ���r!���r�������r����z'Connection._bare_run.<locals>.<genexpr>z
SSH: EXEC {0}r+���Nr8���)�rq���rr���rs���Z�pass_fdsrp�����wbr����z=Unable to execute ssh command line on a controller due to: %sr%���r����)���awaiting_prompt��awaiting_escalation�
ready_to_sendZ
awaiting_exitr������ssh_executable��promptr����z�Initial state: %s: %sr����r����F)�r����r����r����r����r$���r����z9Timeout (%ds) waiting for privilege escalation prompt: %sz"stdout chunk (state=%s):
>>>%s<<<
z"stderr chunk (state=%s):
>>>%s<<<
rr���rs���r����z-Sending become_password in response to prompt��become_pass)�Z�playcontextr;���r����r����z�Escalation succeededr����z�Escalation failedz�Incorrect %s passwordr����z�Escalation requires passwordz�Missing %s passwordz�Escalation prompt repeatedr����r"���r(���z�Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.s(���Bad configuration option: ControlPersists,���unknown configuration option: ControlPersistz�using -c ssh on certain older ssh versions may not support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ssh_args in [ssh_connection] section of the config file) before running agains4���mux_client_hello_exchange: write packet: Broken piper)���z@Data could not be sent because of ControlPersist broken pipe: %sr����)Ar����r4���r0���r-���r,���rD���r����r����r����rE�����maprA���rB���r8�����pty��openptyr
���ru���rv���rw���rH���rF�����fdopenr����ry���r����rq���r ���r����r������errnoZ�EPIPEr������indexrc���r����r����r����r����r����r����rr���rs�����fcntlZ�F_SETFLZ�F_GETFL�
O_NONBLOCKr����Z�DefaultSelector��registerZ
EVENT_READr����Z�selectr����Z�fileobj��readZ
unregisterr������flush��nameZ�get_map��waitr����r����r����)!rL���rP���r����r������checkrcZ�display_cmdr{���rO���Z�masterZ�slaverq���rQ���Z�statesr����r����Z�b_stdoutZ�b_stderrZ�b_tmp_stdoutZ�b_tmp_stderrr������fd��selectorr����Z�eventsr����Z�eventr����Z�b_outputZ
b_unprocessedr����Z�controlpersisterrorZ�controlpersist_broken_pipe�
additionalr ���r ���r!���� _bare_runy���sF�������������
�����������������������
�������������������
���&����������������
��
�������
�����
�������������������$�����������������
�����
���
�������
�
�����������
�
�����������������������������������
�������
�
���������
�
�
���
�
�
�����
�
�
�����
�
�
�����������
���������
���
�����
�������
���������������������������������z�Connection._bare_runc��������������������C���s����|�j�|�|�|�|�d���S�)�z=Wrapper around _bare_run that retries the connection
)�r����r����)�r����)�rL���rP���r����r����r����r ���r ���r!�����_run����s������z�Connection._runc��������������������C���sL���d�|�j���}�g�d���}�t�|�j�d�d���r*|���d�����g�}�|���d���}�|���d���}�|�d�u�rV|�d�k�rVd�}�|�d�u�rt|�d�k�rl|�}�q�|�g�}�n\t�|�t���s�|�����}�|�t�v�r�t |�d�d ��}�n�|�d�k�r�t
d
����|�d�k�r�|�}�n�|�d�u�r�d�g�}�n�d
g�}�|�D���],} d���}
��}�}�| d
k���rH|���|���d���d
t�|�����}
d��
|�t���|���t���|�����}�t�|�d�d���}�|�j�|
|�d�d���\�}
}�}���n`| d�k���r�|���d���}�|�d�k���r�|���|�d�d��
|�|�j���|�����|���}
n |���|�d�|�d��
|�|�j���|�������}
d�}�|�j�|
|�d�d���\�}
}�}�n�| d�k���r�|�d�k���r4|�j�d�|�t�f���d�d���\�}
}�}�t�t�|�d�d���d�����}�|���|�����W�d���������n�1���s(0�������Y���ntt�t�|�d�d���d���� }�t�|�����d�d���}�W�d���������n�1���sn0�������Y���|���s�d�}�n�d�}�|�j�d�|�t�|�f���|�d�d���\�}
}�}�|
d k���r�|
|�|�f�����S�t�|���d!k�r�t���d"| |�f�������t���d#t�|���������t���d#t�|���������q�|
d$k���r$t�d%| t�|���f�������n$t�d&t�|���t�|���t�|���t�|���f�������d�S�)'Nz�[%s])�r������scp��pipedrY���Fr������ssh_transfer_method�
scp_if_sshZ�smart)���strictz0scp_if_ssh needs to be one of [smart|True|False]Tr����r����Z�sftp_executablez�{0} {1} {2}
Z�passthru)�r=���)�r����Z�scp_executable��getz�{0}:{1}z�dd if=%s bs=%s��r����r;���r����z�wb+��rbz� count=0rZ���z�dd of=%s bs=%s%s��r����r����r����r%���zS%s transfer mechanism failed on %s. Use ANSIBLE_DEBUG=1 to see detailed informationz�%sr)���z(Failed to connect to the host via %s: %sz'failed to transfer file to %s %s:
%s
%s)�r,���rc���rd�����removerA���rD�����boolr}���r����r����r����r����r����r-���r����r����r������exec_commandr������openr����r����r����r4�����warningr����r����r����r����r ���)�rL�����in_path��out_pathZ�sftp_actionr,���Z
smart_methods��methodsr����r������methodr����rr���rs���rP���r����r����Z�out_file��f��countr ���r ���r!�����_file_transport_command����sx�����
�����
���
�
�������������
���������������������
���
���������
�
�
�"� �����
�
�����,���0������� �
�����������
�������z"Connection._file_transport_commandc��������������������C���s(���d�}�t���d�|���r�d�}�d�|�|���d�d���f���S�)�zA converts a Windows path to one that's supported by SFTP and SCP rZ���z�^\w{1}:��/z�%s%s��\)���rer������replace)�rL���r������prefixr ���r ���r!�����_escape_win_path����s������������z�Connection._escape_win_pathc������������������������s����t�t�|���j�|�|�|�d�����|���d���p&|�j�j�|�_�t�j�d�� |�j
��|�j�d�����t�|�j�d�d���r�d�}�d�d�|�j�j
|�j�j�g�}�|���|�j�j�|�d d�d�d
������d���|���}�|���d���}�|���d
��}�|�s�|�r�|�r�d�|�j�|�f�}�n
|�j�|�f�}�|�j�|�d�g�|���R���}�|�j�|�|�|�d���\�}�} }
t�|�j�d�d�����r�|
��d�����r�t�|
��}
|�| |
f�S�)�z" run a command on the remote host r����r,���z&ESTABLISH SSH CONNECTION FOR USER: {0}r+���rY���Fz�chcp.comZ�65001T)�Z�as_listZ�strict_modeZ�preserve_rcr����r������use_ttyz�-ttrX���r����s ���#< CLIXML)�r[���rW���r����rA���rB���r]���r,���r4���r0���r-���r`���rc���rd���Z�_SHELL_REDIRECT_ALLNULLZ
_SHELL_AND��extendZ�_encode_scriptr����r����r�����
startswithr����)�rL���rP���r����r����Z cmd_partsr����r����rM���r����rr���rs���re���r ���r!���r��������s$�������������������
�
�
�����
���������z�Connection.exec_commandc������������������������s����t�t�|�����|�|�����|���d���p"|�j�j�|�_�t�j�d�� |�|���|�j�d�����t
j���t
|�d�d�����sdt�d�� t�|���������t�|�j�d�d���r||���|���}�|���|�|�d ��S�)
z& transfer a file from local to remote r,���z�PUT {0} TO {1}r+���r;���r����z"file or module does not exist: {0}rY���FZ�put)�r[���rW�����put_filerA���rB���r]���r,���r4���r0���r-���rF���r������existsr����r
���r����rc���rd���r����r������rL���r����r����re���r ���r!���r����:���s������������������
�z�Connection.put_filec������������������������sd���t�t�|�����|�|�����|���d���p"|�j�j�|�_�t�j�d�� |�|���|�j�d�����t
|�j�d�d���rV|���|���}�|��
|�|�d���S�)�z# fetch a file from remote to local r,���z�FETCH {0} TO {1}r+���rY���Fr����)�r[���rW����
fetch_filerA���rB���r]���r,���r4���r0���r-���rc���rd���r����r����r����re���r ���r!���r����J���s��������������
�z�Connection.fetch_filec��������������������C���s����d�}�|���d���p�|�j�j�|�_�|���|���d���d�d�d�|�j���}�t���d�t�|���������t�j |�t�j
t�j
t�j
d���}�|�����\�}�}�|�����}�|�d k�r�t���d
t�|���������n�d�}�|���r
|���|���d���d�d�d�|�j���}�t���d
t�|���������t�j |�t�j
t�j
t�j
d���}�|�����\�}�}�|�����}�|�d k���r
t��
d�t�|���������|�������d�S�)�NFr,���r����rX���z�-O��checkz�sending connection check: %srp���r����z�No connection to reset: %sT��stopz�sending connection stop: %sz�Failed to reset connection:%s)�rA���rB���r]���r,���r����r4���r0���r����ru���rv���rw���rx���r����r����r����)�rL���Z run_resetrP���r{���rr���rs���Z�status_coder ���r ���r!�����resetY���s&�������������������������������������
���z�Connection.resetc��������������������C���s
���d�|�_�d�S�)�NF)�Z
_connectedrh���r ���r ���r!���r����v���s������z�Connection.close)�NN)�TT)�TT)�NT)�r����r����r����r����Z transportZ�has_pipeliningr\���ri�����staticmethodro���r|���r����r����r����r����r����r����r����rV���r����r����r����r����r����r����r����r�����
__classcell__r ���r ���re���r!���rW���$���s>������������������
��
���
����������
�1
��)������
X�
�.������rW���)8Z
__future__r����r����r������typeZ
__metaclass__Z
DOCUMENTATIONr����r����rk���rF���r����r����r����ru���rJ���� functoolsr����Z�ansible.errorsr����r����r ���r
���r����Z�ansible.module_utils.compatr����Z�ansible.module_utils.sixr
���r����r����Z�ansible.module_utils._textr����r����r����Z)ansible.module_utils.parsing.convert_boolr����r����Z�ansible.plugins.connectionr����r����Z ansible.plugins.shell.powershellr����Z�ansible.utils.displayr����Z�ansible.utils.pathr����r����r4���r/���rt�����compiler����r����r7���rV���rW���r ���r ���r ���r!�����<module>����s@����������g����������������������������������������������
����8�O