diff --git a/plugins/communicators/winrm/config.rb b/plugins/communicators/winrm/config.rb index 3387ca142..9c2d7fe84 100644 --- a/plugins/communicators/winrm/config.rb +++ b/plugins/communicators/winrm/config.rb @@ -12,6 +12,7 @@ module VagrantPlugins attr_accessor :transport attr_accessor :ssl_peer_verification attr_accessor :execution_time_limit + attr_accessor :basic_auth_only def initialize @username = UNSET_VALUE @@ -25,12 +26,13 @@ module VagrantPlugins @transport = UNSET_VALUE @ssl_peer_verification = UNSET_VALUE @execution_time_limit = UNSET_VALUE + @basic_auth_only = UNSET_VALUE end def finalize! @username = "vagrant" if @username == UNSET_VALUE @password = "vagrant" if @password == UNSET_VALUE - @transport = :plaintext if @transport == UNSET_VALUE + @transport = :negotiate if @transport == UNSET_VALUE @host = nil if @host == UNSET_VALUE is_ssl = @transport == :ssl @port = (is_ssl ? 5986 : 5985) if @port == UNSET_VALUE @@ -40,6 +42,7 @@ module VagrantPlugins @timeout = 1800 if @timeout == UNSET_VALUE @ssl_peer_verification = true if @ssl_peer_verification == UNSET_VALUE @execution_time_limit = "PT2H" if @execution_time_limit == UNSET_VALUE + @basic_auth_only = false if @basic_auth_only == UNSET_VALUE end def validate(machine) @@ -56,6 +59,9 @@ module VagrantPlugins unless @ssl_peer_verification == true || @ssl_peer_verification == false errors << "winrm.ssl_peer_verification must be a boolean." end + unless @basic_auth_only == true || @basic_auth_only == false + errors << "winrm.basic_auth_only must be a boolean." + end { "WinRM" => errors } end diff --git a/plugins/communicators/winrm/shell.rb b/plugins/communicators/winrm/shell.rb index 656a8b670..fefe5c9e8 100644 --- a/plugins/communicators/winrm/shell.rb +++ b/plugins/communicators/winrm/shell.rb @@ -181,7 +181,7 @@ module VagrantPlugins case @config.transport.to_sym when :ssl "https://#{@host}:#{@port}/wsman" - when :plaintext + when :plaintext, :negotiate "http://#{@host}:#{@port}/wsman" else raise Errors::WinRMInvalidTransport, transport: @config.transport @@ -193,7 +193,7 @@ module VagrantPlugins pass: @password, host: @host, port: @port, - basic_auth_only: true, + basic_auth_only: @config.basic_auth_only, no_ssl_peer_verification: !@config.ssl_peer_verification } end end #WinShell class diff --git a/test/unit/plugins/communicators/winrm/shell_test.rb b/test/unit/plugins/communicators/winrm/shell_test.rb index de7b1dc19..1ad92802e 100644 --- a/test/unit/plugins/communicators/winrm/shell_test.rb +++ b/test/unit/plugins/communicators/winrm/shell_test.rb @@ -14,6 +14,7 @@ describe VagrantPlugins::CommunicatorWinRM::WinRMShell do c.password = 'password' c.max_tries = 3 c.retry_delay = 0 + c.basic_auth_only = false c.finalize! end } @@ -69,7 +70,19 @@ describe VagrantPlugins::CommunicatorWinRM::WinRMShell do end end + context "when transport is :negotiate" do + it "should create winrm endpoint address using http" do + expect(subject.send(:endpoint)).to eq("http://localhost:5985/wsman") + end + end + context "when transport is :plaintext" do + let(:config) { + VagrantPlugins::CommunicatorWinRM::Config.new.tap do |c| + c.transport = :plaintext + c.finalize! + end + } it "should create winrm endpoint address using http" do expect(subject.send(:endpoint)).to eq("http://localhost:5985/wsman") end @@ -80,7 +93,7 @@ describe VagrantPlugins::CommunicatorWinRM::WinRMShell do it "should create endpoint options" do expect(subject.send(:endpoint_options)).to eq( { user: "username", pass: "password", host: "localhost", port: 5985, - basic_auth_only: true, no_ssl_peer_verification: false }) + basic_auth_only: false, no_ssl_peer_verification: false }) end end diff --git a/vagrant.gemspec b/vagrant.gemspec index 4e2e501d7..8db06ab35 100644 --- a/vagrant.gemspec +++ b/vagrant.gemspec @@ -29,8 +29,8 @@ Gem::Specification.new do |s| s.add_dependency "rb-kqueue", "~> 0.2.0" s.add_dependency "rest-client", ">= 1.6.0", "< 2.0" s.add_dependency "wdm", "~> 0.1.0" - s.add_dependency "winrm", "~> 1.3" - s.add_dependency "winrm-fs", "~> 0.2.2" + s.add_dependency "winrm", "~> 1.6" + s.add_dependency "winrm-fs", "~> 0.3.0" # We lock this down to avoid compilation issues. s.add_dependency "nokogiri", "= 1.6.3.1" diff --git a/website/source/docs/vagrantfile/winrm_settings.html.md b/website/source/docs/vagrantfile/winrm_settings.html.md index 80d7c806a..046d1854f 100644 --- a/website/source/docs/vagrantfile/winrm_settings.html.md +++ b/website/source/docs/vagrantfile/winrm_settings.html.md @@ -51,21 +51,14 @@ to use port 4567 to talk to the guest if there is no other option.
-`config.winrm.execution_time_limit` - The maximum duration that a WinRM -task can execute for. This defaults to two hours. The format of this value -must be in this [Microsoft-documented format](https://msdn.microsoft.com/en-us/library/aa382678.aspx). +`config.winrm.transport` - The transport used for WinRM communication. Valid settings include: `:negotiate`, `ssl`, and `:plaintext`. The default is `:negotiate`.
-Warning: In order for Vagrant to communicate with a Windows -guest, you must allow unencrypted WinRM connections on the guest machine -itself. Some public boxes already have this configured, but if you are -attempting to `vagrant up` a Windows box and the command hangs at -`Waiting for WinRM to become available...`, then you will need to run the -commands below on the guest machine itself, at the box setup stage, -after provisioning, or through a start up script. +`config.winrm.basic_auth_only` - Whether to use Basic Authentication. Defaults to `false`. If set to `true` you should also use the `:plaintext` transport setting and the Windows machine must be confiured appropriately. Note: It is strongly recommended that you only use basic authentication for debugging purposes. Credentials will be transferred in plain text. -``` -Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value True -Set-Item WSMan:\localhost\Service\Auth\Basic -Value True -``` +
+ +`config.winrm.execution_time_limit` - The maximum duration that a WinRM +task can execute for. This defaults to two hours. The format of this value +must be in this [Microsoft-documented format](https://msdn.microsoft.com/en-us/library/aa382678.aspx).