From f55e4d84d60c6a00b56a6a80d12043f1cef77996 Mon Sep 17 00:00:00 2001 From: Victor Zemtsov Date: Sat, 22 Oct 2022 13:43:48 +0300 Subject: [PATCH] Fix #33 Password shall not be mandatory for opening the db --- README.md | 4 ++-- galaxy.yml | 2 +- plugins/lookup/keepass.py | 19 ++++++++++--------- tests/keepass-keyfile-only/ansible.kdbx | Bin 0 -> 1509 bytes tests/keepass-keyfile-only/ansible.keyx | 12 ++++++++++++ tests/keepass-keyfile-only/hosts.ini | 2 ++ tests/keepass-keyfile-only/playbook.yml | 11 +++++++++++ tests/keepass-keyfile-only/run.sh | 2 ++ tests/keepass-password-keyfile/ansible.kdbx | Bin 0 -> 1605 bytes tests/keepass-password-keyfile/ansible.keyx | 12 ++++++++++++ tests/keepass-password-keyfile/hosts.ini | 2 ++ tests/keepass-password-keyfile/playbook.yml | 11 +++++++++++ tests/keepass-password-keyfile/run.sh | 2 ++ tests/keepass-password-only/ansible.kdbx | Bin 0 -> 1605 bytes tests/keepass-password-only/hosts.ini | 2 ++ tests/keepass-password-only/playbook.yml | 11 +++++++++++ tests/keepass-password-only/run.sh | 2 ++ 17 files changed, 82 insertions(+), 12 deletions(-) create mode 100644 tests/keepass-keyfile-only/ansible.kdbx create mode 100644 tests/keepass-keyfile-only/ansible.keyx create mode 100644 tests/keepass-keyfile-only/hosts.ini create mode 100644 tests/keepass-keyfile-only/playbook.yml create mode 100644 tests/keepass-keyfile-only/run.sh create mode 100644 tests/keepass-password-keyfile/ansible.kdbx create mode 100644 tests/keepass-password-keyfile/ansible.keyx create mode 100644 tests/keepass-password-keyfile/hosts.ini create mode 100644 tests/keepass-password-keyfile/playbook.yml create mode 100644 tests/keepass-password-keyfile/run.sh create mode 100644 tests/keepass-password-only/ansible.kdbx create mode 100644 tests/keepass-password-only/hosts.ini create mode 100644 tests/keepass-password-only/playbook.yml create mode 100644 tests/keepass-password-only/run.sh diff --git a/README.md b/README.md index cb02fe9..a831c63 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,8 @@ Requirements: `python 3`, `pykeepass==4.0.3` ## Variables - `keepass_dbx` - path to KeePass file -- `keepass_psw` - password -- `keepass_key` - *Optional*. Path to keyfile +- `keepass_psw` - *Optional*. Password (required if `keepass_key` is not set) +- `keepass_key` - *Optional*. Path to keyfile (required if `keepass_psw` is not set) - `keepass_ttl` - *Optional*. Socket TTL (will be closed automatically when not used). Default 60 seconds. diff --git a/galaxy.yml b/galaxy.yml index 96abec9..9b2da61 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -8,7 +8,7 @@ namespace: viczem name: keepass # The version of the collection. Must be compatible with semantic versioning -version: 0.7.0 +version: 0.7.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/plugins/lookup/keepass.py b/plugins/lookup/keepass.py index 3609dbd..c15e2df 100644 --- a/plugins/lookup/keepass.py +++ b/plugins/lookup/keepass.py @@ -21,7 +21,7 @@ from pykeepass.exceptions import CredentialsError DOCUMENTATION = """ lookup: keepass author: Victor Zemtsov - version_added: '0.6.0' + version_added: '0.7.1' short_description: Fetching data from KeePass file description: - This lookup returns a value of a property of a KeePass entry @@ -76,10 +76,11 @@ class LookupModule(LookupBase): if not os.path.isfile(var_key): raise AnsibleError("KeePass: '%s' is not found" % var_key) - # Check password (required) + # Check password (optional) var_psw = self._var(variables_.get("keepass_psw", "")) - if not var_psw: - raise AnsibleError("KeePass: 'keepass_psw' is not set") + + if not var_key and not var_psw: + raise AnsibleError("KeePass: 'keepass_psw' and/or 'keepass_key' is not set") # TTL of keepass socket (optional, default: 60 seconds) var_ttl = self._var(str(variables_.get("keepass_ttl", "60"))) @@ -121,7 +122,6 @@ class LookupModule(LookupBase): if resp[1] == "0": success = True else: - sock.send(_rq("close")) raise AnsibleError("KeePass: wrong dbx password") sock.close() break @@ -229,13 +229,14 @@ def _keepass_socket(kdbx, kdbx_key, sock_path, ttl=60, kdbx_password=None): # CMD: password if kp is None: - if arg_len == 0: - conn.send(_resp("password", 1)) - break - if cmd == "password" and arg[0]: + if cmd == "password" and arg_len > 0: kp = PyKeePass(kdbx, arg[0], kdbx_key) conn.send(_resp("password", 0)) break + elif cmd == "password" and kdbx_key: + kp = PyKeePass(kdbx, None, kdbx_key) + conn.send(_resp("password", 0)) + break else: conn.send(_resp("password", 1)) break diff --git a/tests/keepass-keyfile-only/ansible.kdbx b/tests/keepass-keyfile-only/ansible.kdbx new file mode 100644 index 0000000000000000000000000000000000000000..5d680ac317c289408f114bdf76a816d4a5ef92a9 GIT binary patch literal 1509 zcmVj44D*k@u;j1LFz|1pxp607(b{000UA z00000000F60000@2mk;800004000001OWg508j(~00062002S(0000}AOHXWpav$u zPrsvoWaFy0%yCBmPc%)f$Kqorr}mr$YZf)w1OWg509FJ5000vJ000001ONa44GIkk zQY(kVckeR|U;~n3l1V=LKu~2#fK45(Uz6fV+$k?0D!`O@ig_ZL*Id0W(8VEV9iCM8 z22?kC$71A-b;eSU6D#l5AY+{>%Ct<%LzB5@RW2NznL8^+)#yHDP5ay5U<3dFQL{_p zP$A^DgkKKP4K>lS|2qE()|IMhnqs}mDB{4;gGBx6vC{#vA0p(jFJoF)n&5$H2Xa5Z z?+w`qSsbc+J#$&00T#i@y@D4~5}uU>L4deuQ+AlpCgB|E6Pgc{8--}_*41feeXpTp zZ;s`VOGqX_4sMABMFIGejf`|tF%I=ko@Lm*(Y0gL(IXLMRc4For9fX=^=eZeZtEYM zuLZ*s;|`7eRKNB-S>O^w4e}Frz^)!F_;f^q*6){MEI&SDjw$=k3Q4>wA_oBo_CW$S;t=Q<035k1mLuh zh}A6@>aW}df{#v}BU)4V&+#6voso|j!oPoQH`SEyj#f0QRFBd|kW7-08>pZ$zP?xC z?Vyr2L2+ilEXi&YYL^7vf|#8%J+Zy##wi~X|JLzQLm=0Bs}ZIO-6iGHrteZIg+v#$ z+nHtuMcZ4J(V$nW|M`*{0#mvYVbI{=A-Tu3yiDd!Ct6OgKTW-X)a8g0vC$1U1it{S z2NRd<-F~NRQ|$pAMJ<((5J0Gu)O4jDZsGvBC%}@(huVa7_+vTa1az#j-O z1#R=8Dqb`5wb zsLS%+!ujo8p%LY6B1`W?(Ztq@6n(B(le8}}Gm4f}ww+En&245cr%xoDo?=AT?tDLj z&ljzSv$vzW>-7>**HX)7OCOdJTD4T-VQd2aS3718E5_f66%4`(#&DfWwYn$FdVwcW z+GbrTLz+w;Q_;^6ao10dcToL?vXPh^trvUxl)?6hk|htIXCAR zZ?t?DFLf;k41CmLVJ)71K5%r#KodzeDo5DwTJgi6Z z`OdKQc17^Zo$ln5;{lC&KR3C-SjIxSX*2G`&E^sFTO+O##G2(UHq!tZddF4wgI*u) zhnlozJ}3gk%4+nN^AoC^NL8z?7wX<3eZEL4+^uVE#EWfjwr7EXPv|v z7l-Iw+RbyT@aq5QSrRFy+!^hfaYg>XTyRl*+JUflbthGX)1;U6eT~TkRKn)EE>A$FMmvUj5O509A6<8BTX9hc^x)k6&EDvarSS; L(0A8v00000rdz30 literal 0 HcmV?d00001 diff --git a/tests/keepass-keyfile-only/ansible.keyx b/tests/keepass-keyfile-only/ansible.keyx new file mode 100644 index 0000000..e4477e1 --- /dev/null +++ b/tests/keepass-keyfile-only/ansible.keyx @@ -0,0 +1,12 @@ + + + + 2.0 + + + + 8810353D 83453EDC 2266A931 A0A073F9 + 54B90B68 1E341EF4 6B47729B F42DBE0A + + + diff --git a/tests/keepass-keyfile-only/hosts.ini b/tests/keepass-keyfile-only/hosts.ini new file mode 100644 index 0000000..8e5bd59 --- /dev/null +++ b/tests/keepass-keyfile-only/hosts.ini @@ -0,0 +1,2 @@ +[test] +127.0.0.1 keepass_dbx=./ansible.kdbx keepass_key=./ansible.keyx keepass_ttl=3 \ No newline at end of file diff --git a/tests/keepass-keyfile-only/playbook.yml b/tests/keepass-keyfile-only/playbook.yml new file mode 100644 index 0000000..fb6c378 --- /dev/null +++ b/tests/keepass-keyfile-only/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: test-keepass-keyfile-only + hosts: test + connection: local + vars: + test_username: "{{ lookup('viczem.keepass.keepass', 'test', 'username') }}" + test_password: "{{ lookup('viczem.keepass.keepass', 'test', 'password') }}" + + tasks: + - debug: + msg: "fetch entry: '/test'; username: '{{ test_username }}'; password: '{{ test_password }}'" diff --git a/tests/keepass-keyfile-only/run.sh b/tests/keepass-keyfile-only/run.sh new file mode 100644 index 0000000..81cfeb1 --- /dev/null +++ b/tests/keepass-keyfile-only/run.sh @@ -0,0 +1,2 @@ +#!/bin/sh +ansible-playbook -i hosts.ini -vvvv playbook.yml \ No newline at end of file diff --git a/tests/keepass-password-keyfile/ansible.kdbx b/tests/keepass-password-keyfile/ansible.kdbx new file mode 100644 index 0000000000000000000000000000000000000000..e775947287c967f8bbf30390e7e6bc84db3d948d GIT binary patch literal 1605 zcmV-L2Dj44D*k@u;j1LFz|1pxp607(b{001`t z00000000F60000@2mk;800004000001OWg508j(~00062002S(0000}AOHXWBh-to z?s(ly?76&xE$ejQ)2=mAlI=K@g1GUwhG?fT1OWg509FJ5000vJ000001ONa44GIkk z3|Tt{TP%O6X*46l3-}BjNLdRL`ACCi{o!!I&KD&zVO*y`YHmTFN`NjFtyE~^BQn-7 z@~5g}xS!)NAuvM}g3#oZ(D)CHgTyVAMB$ah3XqzdZ~-&492X4b^cKL_zytsQ_%`e7 zpsN<=exr-rn1))7`h*}ukZ^qWP!9^_W&Xh!Qe5Z>GVk#30Z|}t&dpSYmej+Puwvp4 zPJzKDS8ycuS7-EH#7`JR277=lxbud|z)9RS-jJ%HOe=Y<1!tP~)*xi^%OYIBo757w z`??Ud2yu%6;%#Wba(YPOzya7wg&xP!6RstWs&~Ip%>`|hOx|&+PXWpz9)b$y z^}FLwXWB2LjL{ne;JTAyN4=K6(w`#RNm|B1_c@N(Il7`iTl;1Ff7>aEu_ZD5c_e0+ zPs)0+!3!W;wq26sW=h%Wx5{cysQsa{ZTxpgen)i926|S-F{(a$6|<$&*HgJjNS59h zW{L^duwH=H)9A@d2eaSA?3tp<2wXQ&eA9l z09sLNa;1ET>#hGQ^%bbk&I-}fZ1-lL?PoNZ$ph_8pB0HKMvtZ^vych&*&;n|G3b!g zkoRIM&wWWtpw0+6zeh-g0p@pb#^ABrGC74nbXvWZ;^dyw*ut3czik7O#16BSJQHlj zMdsl3qCwu`omONZT-mLgr4pyCikLcR8IPrSQs$CL!7edChc^{vaE&ZYlmxHIEN^Zs zm+QbTvg@QWlSSwnwwAY^ase8Vs)F5Gf$%bRvO?vN25T-Pr2jsU#cxL(r-Ehm#mh37 z=9Az%aQ{sFxli3gtLl1Fi7MKhS169}qMry`)<4P2q*E^cC4gc49(T*{g3p3@Yo6@L z1MrDt=}UIs4}YGi8dEHGQsqTo*TN-7{ne*H+Wdv4p2#@_uZxMaC;p_g$R9`XhLG%d zsc=8nya7#C?yxFbP4d?Gu~{qKeUF7O3~wSM+i94_I7!QPndhKSxV0A>5x|B?gCiLVmL6Sa*guEG|<~@t6U*2~#PZ;X+~}#{QW6`Iok(@!C!$ zw^b_mlgCIrJJFke`|7LNt?-bTK8)HRCfvW+0g(=C^KYLN=@^3-`>TUQ+#dz$2+WvR z<=*cU(t?v(iD9;(F$b9H+X=RJbXb1;!wbe3hXmwQFZCDV@2OKaZ6nF#l6GnFUUuH1 z+Ckmcp+&)2!XZ8}&0r|6o}F=P#zdd7??_EeO&S=}n&751uPnC1T}t7TCD{a4lGY?V z%j6caR7fQ*aoe^TePS0uCsNhp$*kL#?)-xR_ zF^JoP*|pVsDCrk!BpRP`&oDx>qP7dw!Lhw*MBC(RC9W@#C3bekCFcN4C~}g0{l+h&m`pg?jGhEpVff(z_8+zICc=r$zR>-g?!~4m1Jh`pP<3VoI-0=t00000 D!`JfL literal 0 HcmV?d00001 diff --git a/tests/keepass-password-keyfile/ansible.keyx b/tests/keepass-password-keyfile/ansible.keyx new file mode 100644 index 0000000..388c3e8 --- /dev/null +++ b/tests/keepass-password-keyfile/ansible.keyx @@ -0,0 +1,12 @@ + + + + 2.0 + + + + D7A7EA4F D6DCBFD7 B2DFE21C E89FFBB0 + B203AAA5 4A32C405 D6C1B3CA B69C40BF + + + diff --git a/tests/keepass-password-keyfile/hosts.ini b/tests/keepass-password-keyfile/hosts.ini new file mode 100644 index 0000000..69f3d79 --- /dev/null +++ b/tests/keepass-password-keyfile/hosts.ini @@ -0,0 +1,2 @@ +[test] +127.0.0.1 keepass_dbx=./ansible.kdbx keepass_psw=spamham keepass_key=./ansible.keyx keepass_ttl=3 \ No newline at end of file diff --git a/tests/keepass-password-keyfile/playbook.yml b/tests/keepass-password-keyfile/playbook.yml new file mode 100644 index 0000000..fb6c378 --- /dev/null +++ b/tests/keepass-password-keyfile/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: test-keepass-keyfile-only + hosts: test + connection: local + vars: + test_username: "{{ lookup('viczem.keepass.keepass', 'test', 'username') }}" + test_password: "{{ lookup('viczem.keepass.keepass', 'test', 'password') }}" + + tasks: + - debug: + msg: "fetch entry: '/test'; username: '{{ test_username }}'; password: '{{ test_password }}'" diff --git a/tests/keepass-password-keyfile/run.sh b/tests/keepass-password-keyfile/run.sh new file mode 100644 index 0000000..81cfeb1 --- /dev/null +++ b/tests/keepass-password-keyfile/run.sh @@ -0,0 +1,2 @@ +#!/bin/sh +ansible-playbook -i hosts.ini -vvvv playbook.yml \ No newline at end of file diff --git a/tests/keepass-password-only/ansible.kdbx b/tests/keepass-password-only/ansible.kdbx new file mode 100644 index 0000000000000000000000000000000000000000..ba3059d9bd9d5b118aff8eee23a791b4a870cae1 GIT binary patch literal 1605 zcmV-L2D$3%+*Jb|WsNK3L&rb&s0001J3F`&y+<_tc=d6f| zVXD^)ivR!s00BY;0000aRaHqu5C8xG?_+J>j44D*k@u;j1LFz|1pxp607(b{0021v z00000000F60000@2mk;800004000001OWg508j(~00062002S(0000}AOHXWKsLNT zZ#7RVMY^g<3Nvst@Mk5B>PS5!B_Ot;KwaER1OWg509FJ5000vJ000001ONa44GIkk zBEW{<$gZ#EU2lK#omFJ9gh_QU)D z1YxG&(^MTqh~cFn<+Zn=E%{dIm8S5k^`U7rM|Du-l}L@dr>5OzERg?&*?VG}kB3ct)$k67`La{~v|-oxk)6 zi^H>2>6Z+7klnrigPJn7Bn{nGLgb}uYMEPvV2&)GIHU$kU8&LL|9fo850i_PK&hE= zI*pE7O{RKo0)?IR&mDEpuR+0EKot6pzt{aTixCKJ2;w}AR56YeSlq1S8=na|=7}9Q z+gY~4UPoaI}3X@_rI*g!s+TrJ7(y#eHp?l zD(XC)FY8Dz`t#2Y{(j>i)?ZlIEQe!8>~Oqm=ud^Wqgk0~X^jQ%9ezqOQUboq!*uH= zngjx3yhHg;-nBpeJ}^EjcB7A3RYEa^(deqEoOFGUP&j}hh4LcmoCj^%7)gyE6X^0z zFA9ve`%it+1#6dTKbXVb-e`kqzt9Z$!q26+T`Lr52N307Rzs6rI~CfQgk&{F6GEFY8S$NxObz-DVr> zu&-o!!f&Xd&dEWpGs*GxHsnw}&p(0Q?klAQM^x|{8TdYW!cO%>-u>|Th9Nf5Hz$2?1u0Kdmx zQmodNcthvAm4i5Hu}y4CwRKt2D-ah*N-|ohyBzaXd<+QJl_UxrSi6v{oTE)#eu>yZ z;0M?lku`bhbL5@5&(jcmoH+y6@Eq7JbM#`OAKM-!Neg`ybO0h46nss8QI!y6nZinN z7U6S=YW}C}_Fm!LM#;KpJv3v^_96JCWxho6jHpbQdd391lOYjC+EudFmfd6#z`1*b zDtg{dgT4C04b<4pWMH_nPcLb9TD;5yt+mnribMh;*3hA*>?Mu6+?#9Y5^(c?f)f#v zS5=26(uuKQ-lzUQ>Wb@el#5W%L~M9y2b?6S^d<+R+913VB>)lPZ5!{Em&C;jXO?fS zqN2)uTiz6jR%H&nKft}1F?L;EIX$LmnNK>-Kn1FL92a^JrLyHOS+rRDHf_QE>Wy5U z>X1K7vEbI7co7Pf@+VK9Vjp=G3Bd=)Y}k9Z3m>8QX?qWcH^>j++sZYAi_3gK;i*I`FJ)W zbw1Twx*a+Gi4bM)j*%#%TA=8OJFKU13Va~$-hitE_^48Zu@8FX