haskal
/
vagrant
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #10275 from chrisroberts/e-hyperv-admin 

Update Hyper-V admin check
This commit is contained in:
Chris Roberts 2018-10-09 14:48:13 -07:00 committed by GitHub
parent ae6ff4256b 67bb5d2e6c
commit d7b5922378
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 78 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
lib/vagrant/util/platform.rb
View File

@ -79,24 +79,49 @@ module Vagrant
return @_windows_admin return @_windows_admin
end end
# Checks if the user running Vagrant on Windows is a member of the # Checks if Hyper-V is accessible to the local user. It will check
# "Hyper-V Administrators" group. # if user is in the "Hyper-V Administrators" group, is a Domain
# administrator, and finally will run a manual interaction with
# Hyper-V to determine if Hyper-V is usable for the current user.
# #
# From: https://support.microsoft.com/en-us/kb/243330 # From: https://support.microsoft.com/en-us/kb/243330
# SID: S-1-5-32-578 # SID: S-1-5-32-578
# Name: BUILTIN\Hyper-V Administrators # Name: BUILTIN\Hyper-V Administrators
# SID: S-1-5-21DOMAIN-512
# Name: Domain Admins
# #
# @return [Boolean] # @return [Boolean]
def windows_hyperv_admin? def windows_hyperv_admin?
return @_windows_hyperv_admin if defined?(@_windows_hyperv_admin) return @_windows_hyperv_admin if defined?(@_windows_hyperv_admin)
@_windows_hyperv_admin = -> { if ENV["VAGRANT_IS_HYPERV_ADMIN"]
ps_cmd = "[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups | ForEach-Object { if ($_.Value -eq 'S-1-5-32-578'){ Write-Host 'true'; break }}" return @_windows_hyperv_admin = true
output = Vagrant::Util::PowerShell.execute_cmd(ps_cmd) end
return output == 'true'
}.call
return @_windows_hyperv_admin ps_cmd = "Write-Output ([System.Security.Principal.WindowsIdentity]::GetCurrent().Groups | " \
"Select-Object Value | ConvertTo-JSON)"
output = Vagrant::Util::PowerShell.execute_cmd(ps_cmd)
if output
groups = begin
JSON.load(output)
rescue JSON::ParserError
[]
end
admin_group = groups.detect do |g|
g["Value"].to_s == "S-1-5-32-578" ||
(g["Value"].start_with?("S-1-5-21") && g["Value"].to_s.end_with?("-512"))
end
if admin_group
return @_windows_hyperv_admin = true
end
end
ps_cmd = "$x = (Get-VMHost).Name; if($x -eq [System.Net.Dns]::GetHostName()){ Write-Output 'true'}"
output = Vagrant::Util::PowerShell.execute_cmd(ps_cmd)
result = output == "true"
return @_windows_hyperv_admin = result
end end
# Checks if Hyper-V is enabled on the host system and returns true # Checks if Hyper-V is enabled on the host system and returns true

38
test/unit/vagrant/util/platform_test.rb
View File

@ -212,6 +212,44 @@ describe Vagrant::Util::Platform do
end end
end end
describe ".windows_hyperv_admin?" do
before { allow(Vagrant::Util::PowerShell).to receive(:execute_cmd).and_return(nil) }
it "should return false when user is not in groups and cannot access Hyper-V" do
expect(Vagrant::Util::Platform.windows_hyperv_admin?).to be_falsey
end
context "when VAGRANT_IS_HYPERV_ADMIN environment variable is set" do
before { allow(ENV).to receive(:[]).with("VAGRANT_IS_HYPERV_ADMIN").and_return("1") }
it "should return true" do
expect(Vagrant::Util::Platform.windows_hyperv_admin?).to be_truthy
end
end
context "when user is in the Hyper-V administators group" do
it "should return true" do
expect(Vagrant::Util::PowerShell).to receive(:execute_cmd).and_return(["Value" => "S-1-5-32-578"].to_json)
expect(Vagrant::Util::Platform.windows_hyperv_admin?).to be_truthy
end
end
context "when user is in the Domain Admins group" do
it "should return true" do
expect(Vagrant::Util::PowerShell).to receive(:execute_cmd).and_return(["Value" => "S-1-5-21-000-000-000-512"].to_json)
expect(Vagrant::Util::Platform.windows_hyperv_admin?).to be_truthy
end
end
context "when user has access to Hyper-V" do
it "should return true" do
expect(Vagrant::Util::PowerShell).to receive(:execute_cmd).with(/GetCurrent/).and_return(nil)
expect(Vagrant::Util::PowerShell).to receive(:execute_cmd).with(/Get-VMHost/).and_return("true")
expect(Vagrant::Util::Platform.windows_hyperv_admin?).to be_truthy
end
end
end
describe ".windows_hyperv_enabled?" do describe ".windows_hyperv_enabled?" do
it "should return true if enabled" do it "should return true if enabled" do
allow(Vagrant::Util::PowerShell).to receive(:execute_cmd).and_return('Enabled') allow(Vagrant::Util::PowerShell).to receive(:execute_cmd).and_return('Enabled')

7
website/source/docs/other/environmental-variables.html.md
View File

@ -277,3 +277,10 @@ Vagrant will not display warning when `vagrant-winrm` plugin is installed.
## `VAGRANT_USER_AGENT_PROVISIONAL_STRING` ## `VAGRANT_USER_AGENT_PROVISIONAL_STRING`
Vagrant will append the contents of this variable to the default user agent header. Vagrant will append the contents of this variable to the default user agent header.
## `VAGRANT_IS_HYPERV_ADMIN`
Disable Vagrant's check for Hyper-V admin privileges and allow Vagrant to assume
the current user has full access to Hyper-V. This is useful if the internal
privilege check incorrectly determines the current user does not have access
to Hyper-V.