use NTLM/Negotiate authentication over basic authentication
This commit is contained in:
parent
b3925486bd
commit
7ef4ae9e10
|
@ -12,6 +12,7 @@ module VagrantPlugins
|
|||
attr_accessor :transport
|
||||
attr_accessor :ssl_peer_verification
|
||||
attr_accessor :execution_time_limit
|
||||
attr_accessor :basic_auth_only
|
||||
|
||||
def initialize
|
||||
@username = UNSET_VALUE
|
||||
|
@ -25,12 +26,13 @@ module VagrantPlugins
|
|||
@transport = UNSET_VALUE
|
||||
@ssl_peer_verification = UNSET_VALUE
|
||||
@execution_time_limit = UNSET_VALUE
|
||||
@basic_auth_only = UNSET_VALUE
|
||||
end
|
||||
|
||||
def finalize!
|
||||
@username = "vagrant" if @username == UNSET_VALUE
|
||||
@password = "vagrant" if @password == UNSET_VALUE
|
||||
@transport = :plaintext if @transport == UNSET_VALUE
|
||||
@transport = :negotiate if @transport == UNSET_VALUE
|
||||
@host = nil if @host == UNSET_VALUE
|
||||
is_ssl = @transport == :ssl
|
||||
@port = (is_ssl ? 5986 : 5985) if @port == UNSET_VALUE
|
||||
|
@ -40,6 +42,7 @@ module VagrantPlugins
|
|||
@timeout = 1800 if @timeout == UNSET_VALUE
|
||||
@ssl_peer_verification = true if @ssl_peer_verification == UNSET_VALUE
|
||||
@execution_time_limit = "PT2H" if @execution_time_limit == UNSET_VALUE
|
||||
@basic_auth_only = false if @basic_auth_only == UNSET_VALUE
|
||||
end
|
||||
|
||||
def validate(machine)
|
||||
|
@ -56,6 +59,9 @@ module VagrantPlugins
|
|||
unless @ssl_peer_verification == true || @ssl_peer_verification == false
|
||||
errors << "winrm.ssl_peer_verification must be a boolean."
|
||||
end
|
||||
unless @basic_auth_only == true || @basic_auth_only == false
|
||||
errors << "winrm.basic_auth_only must be a boolean."
|
||||
end
|
||||
|
||||
{ "WinRM" => errors }
|
||||
end
|
||||
|
|
|
@ -181,7 +181,7 @@ module VagrantPlugins
|
|||
case @config.transport.to_sym
|
||||
when :ssl
|
||||
"https://#{@host}:#{@port}/wsman"
|
||||
when :plaintext
|
||||
when :plaintext, :negotiate
|
||||
"http://#{@host}:#{@port}/wsman"
|
||||
else
|
||||
raise Errors::WinRMInvalidTransport, transport: @config.transport
|
||||
|
@ -193,7 +193,7 @@ module VagrantPlugins
|
|||
pass: @password,
|
||||
host: @host,
|
||||
port: @port,
|
||||
basic_auth_only: true,
|
||||
basic_auth_only: @config.basic_auth_only,
|
||||
no_ssl_peer_verification: !@config.ssl_peer_verification }
|
||||
end
|
||||
end #WinShell class
|
||||
|
|
|
@ -14,6 +14,7 @@ describe VagrantPlugins::CommunicatorWinRM::WinRMShell do
|
|||
c.password = 'password'
|
||||
c.max_tries = 3
|
||||
c.retry_delay = 0
|
||||
c.basic_auth_only = false
|
||||
c.finalize!
|
||||
end
|
||||
}
|
||||
|
@ -69,7 +70,19 @@ describe VagrantPlugins::CommunicatorWinRM::WinRMShell do
|
|||
end
|
||||
end
|
||||
|
||||
context "when transport is :negotiate" do
|
||||
it "should create winrm endpoint address using http" do
|
||||
expect(subject.send(:endpoint)).to eq("http://localhost:5985/wsman")
|
||||
end
|
||||
end
|
||||
|
||||
context "when transport is :plaintext" do
|
||||
let(:config) {
|
||||
VagrantPlugins::CommunicatorWinRM::Config.new.tap do |c|
|
||||
c.transport = :plaintext
|
||||
c.finalize!
|
||||
end
|
||||
}
|
||||
it "should create winrm endpoint address using http" do
|
||||
expect(subject.send(:endpoint)).to eq("http://localhost:5985/wsman")
|
||||
end
|
||||
|
@ -80,7 +93,7 @@ describe VagrantPlugins::CommunicatorWinRM::WinRMShell do
|
|||
it "should create endpoint options" do
|
||||
expect(subject.send(:endpoint_options)).to eq(
|
||||
{ user: "username", pass: "password", host: "localhost", port: 5985,
|
||||
basic_auth_only: true, no_ssl_peer_verification: false })
|
||||
basic_auth_only: false, no_ssl_peer_verification: false })
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -29,8 +29,8 @@ Gem::Specification.new do |s|
|
|||
s.add_dependency "rb-kqueue", "~> 0.2.0"
|
||||
s.add_dependency "rest-client", ">= 1.6.0", "< 2.0"
|
||||
s.add_dependency "wdm", "~> 0.1.0"
|
||||
s.add_dependency "winrm", "~> 1.3"
|
||||
s.add_dependency "winrm-fs", "~> 0.2.2"
|
||||
s.add_dependency "winrm", "~> 1.6"
|
||||
s.add_dependency "winrm-fs", "~> 0.3.0"
|
||||
|
||||
# We lock this down to avoid compilation issues.
|
||||
s.add_dependency "nokogiri", "= 1.6.3.1"
|
||||
|
|
|
@ -51,21 +51,14 @@ to use port 4567 to talk to the guest if there is no other option.
|
|||
|
||||
<hr>
|
||||
|
||||
`config.winrm.execution_time_limit` - The maximum duration that a WinRM
|
||||
task can execute for. This defaults to two hours. The format of this value
|
||||
must be in this [Microsoft-documented format](https://msdn.microsoft.com/en-us/library/aa382678.aspx).
|
||||
`config.winrm.transport` - The transport used for WinRM communication. Valid settings include: `:negotiate`, `ssl`, and `:plaintext`. The default is `:negotiate`.
|
||||
|
||||
<hr>
|
||||
|
||||
<strong>Warning:</strong> In order for Vagrant to communicate with a Windows
|
||||
guest, you must allow unencrypted WinRM connections on the guest machine
|
||||
itself. Some public boxes already have this configured, but if you are
|
||||
attempting to `vagrant up` a Windows box and the command hangs at
|
||||
`Waiting for WinRM to become available...`, then you will need to run the
|
||||
commands below on the guest machine itself, at the box setup stage,
|
||||
after provisioning, or through a start up script.
|
||||
`config.winrm.basic_auth_only` - Whether to use Basic Authentication. Defaults to `false`. If set to `true` you should also use the `:plaintext` transport setting and the Windows machine must be confiured appropriately. <strong>Note:</strong> It is strongly recommended that you only use basic authentication for debugging purposes. Credentials will be transferred in plain text.
|
||||
|
||||
```
|
||||
Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value True
|
||||
Set-Item WSMan:\localhost\Service\Auth\Basic -Value True
|
||||
```
|
||||
<hr>
|
||||
|
||||
`config.winrm.execution_time_limit` - The maximum duration that a WinRM
|
||||
task can execute for. This defaults to two hours. The format of this value
|
||||
must be in this [Microsoft-documented format](https://msdn.microsoft.com/en-us/library/aa382678.aspx).
|
||||
|
|
Loading…
Reference in New Issue