From bcc18aa689da36f0c4a25d090f95919850beb5c2 Mon Sep 17 00:00:00 2001
From: Matthew Jones <mat@matburt.net>
Date: Thu, 11 Jun 2015 14:47:42 -0400
Subject: [PATCH] Make using named pipe for adding passwords conditional on the
 version of ssh used.

---
 awx/main/tasks.py |  6 ++++--
 awx/main/utils.py | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index 4fb371be36..9046048fa4 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -40,7 +40,7 @@ from django.utils.timezone import now
 from awx.main.constants import CLOUD_PROVIDERS
 from awx.main.models import * # noqa
 from awx.main.queue import FifoQueue
-from awx.main.utils import (get_ansible_version, decrypt_field, update_scm_url,
+from awx.main.utils import (get_ansible_version, get_ssh_version, decrypt_field, update_scm_url,
                             ignore_inventory_computed_fields, emit_websocket_notification,
                             check_proot_installed, build_proot_temp_dir, wrap_args_with_proot)
 from awx.fact.utils.connection import test_mongo_connection
@@ -273,10 +273,12 @@ class BaseTask(Task):
         private_data = self.build_private_data(instance, **kwargs)
         private_data_files = {}
         if private_data is not None:
+            ssh_ver = get_ssh_version()
+            ssh_too_old = True if ssh_ver == "unknown" else Version(ssh_ver) < Version("6.0")
             for name, data in private_data.iteritems():
                 # For credentials used with ssh-add, write to a named pipe which
                 # will be read then closed, instead of leaving the SSH key on disk.
-                if name in ('credential', 'scm_credential', 'ad_hoc_credential'):
+                if name in ('credential', 'scm_credential', 'ad_hoc_credential') and not ssh_too_old:
                     path = os.path.join(kwargs.get('private_data_dir', tempfile.gettempdir()), name)
                     os.mkfifo(path, 0600)
                     thread.start_new_thread(lambda p, d: open(p, 'w').write(d), (path, data))
diff --git a/awx/main/utils.py b/awx/main/utils.py
index 714362b1a2..d095a27d30 100644
--- a/awx/main/utils.py
+++ b/awx/main/utils.py
@@ -27,7 +27,7 @@ from Crypto.Cipher import AES
 logger = logging.getLogger('awx.main.utils')
 
 __all__ = ['get_object_or_400', 'get_object_or_403', 'camelcase_to_underscore',
-           'get_ansible_version', 'get_awx_version', 'update_scm_url',
+           'get_ansible_version', 'get_ssh_version', 'get_awx_version', 'update_scm_url',
            'get_type_for_model', 'get_model_for_type', 'to_python_boolean',
            'ignore_inventory_computed_fields', 'ignore_inventory_group_removal',
            '_inventory_updates', 'get_pk_from_dict']
@@ -104,6 +104,17 @@ def get_ansible_version():
     except:
         return 'unknown'
 
+def get_ssh_version():
+    '''
+    Return SSH version installed.
+    '''
+    try:
+        proc = subprocess.Popen(['ssh', '-V'],
+                                stderr=subprocess.PIPE)
+        result = proc.communicate()[1]
+        return result.split(" ")[0].split("_")[1]
+    except:
+        return 'unknown'
 
 def get_awx_version():
     '''