From 5325000fa616cf9b28bf3a05608a04435e62941d Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 10:44:12 -0700 Subject: [PATCH 01/13] Add helper option for setting custom module path on PowerShell executes --- lib/vagrant/util/powershell.rb | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/lib/vagrant/util/powershell.rb b/lib/vagrant/util/powershell.rb index 8e48aad1d..3347e6d36 100644 --- a/lib/vagrant/util/powershell.rb +++ b/lib/vagrant/util/powershell.rb @@ -54,8 +54,12 @@ module Vagrant if opts.delete(:sudo) || opts.delete(:runas) powerup_command(path, args, opts) else - env = opts.delete(:env) - if env + if mpath = opts.delete(:module_path) + m_env = opts.fetch(:env, {}) + m_env["PSModulePath"] = "$env:PSModulePath+';#{mpath}'" + opts[:env] = m_env + end + if env = opts.delete(:env) env = env.map{|k,v| "$env:#{k}=#{v}"}.join(";") + "; " end command = [ @@ -85,8 +89,12 @@ module Vagrant # Returns stdout string if exit code is zero. def self.execute_cmd(command, **opts) validate_install! - env = opts.delete(:env) - if env + if mpath = opts.delete(:module_path) + m_env = opts.fetch(:env, {}) + m_env["PSModulePath"] = "$env:PSModulePath+';#{mpath}'" + opts[:env] = m_env + end + if env = opts.delete(:env) env = env.map{|k,v| "$env:#{k}=#{v}"}.join(";") + "; " end c = [ @@ -112,8 +120,12 @@ module Vagrant # @param [Block] block Ruby block def self.execute_inline(*command, **opts, &block) validate_install! - env = opts.delete(:env) - if env + if mpath = opts.delete(:module_path) + m_env = opts.fetch(:env, {}) + m_env["PSModulePath"] = "$env:PSModulePath+';#{mpath}'" + opts[:env] = m_env + end + if env = opts.delete(:env) env = env.map{|k,v| "$env:#{k}=#{v}"}.join(";") + "; " end c = [ From 5ba91de4d87cb315001ee50478678748119a274a Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 10:46:53 -0700 Subject: [PATCH 02/13] Use host capability to update key file permissions if available --- plugins/communicators/ssh/communicator.rb | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/plugins/communicators/ssh/communicator.rb b/plugins/communicators/ssh/communicator.rb index 3d3d5a4b8..a7e1cb0ad 100644 --- a/plugins/communicators/ssh/communicator.rb +++ b/plugins/communicators/ssh/communicator.rb @@ -194,17 +194,9 @@ module VagrantPlugins f.write(priv) end - # Adjust private key file permissions - if Vagrant::Util::Platform.windows? - begin - priv_path = @machine.data_dir.join("private_key").to_s - File.set_permissions(priv_path, Etc.getlogin => File::FULL) - rescue => e - @logger.warn("Error encountered during private key permissions set - " \ - "#{e.class}: #{e.message}") - end - else - @machine.data_dir.join("private_key").chmod(0600) + # Adjust private key file permissions if host provides capability + if @machine.env.host.has_capability?(:set_ssh_key_permissions) + @machine.env.host.capability(:set_ssh_key_permissions, @machine.data_dir.join("private_key")) end # Remove the old key if it exists From a5582eb1c8b7864a4116672896017058292b95a9 Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 10:49:10 -0700 Subject: [PATCH 03/13] Add ssh key permissions set caps to hosts --- plugins/hosts/bsd/cap/ssh.rb | 16 ++++++++++++ plugins/hosts/bsd/plugin.rb | 5 ++++ plugins/hosts/linux/cap/ssh.rb | 16 ++++++++++++ plugins/hosts/linux/plugin.rb | 5 ++++ plugins/hosts/windows/cap/ssh.rb | 25 +++++++++++++++++++ plugins/hosts/windows/host.rb | 10 ++++++++ plugins/hosts/windows/plugin.rb | 5 ++++ .../scripts/set_ssh_key_permissions.ps1 | 17 +++++++++++++ .../scripts/utils/VagrantSSH/VagrantSSH.psm1 | 24 ++++++++++++++++++ 9 files changed, 123 insertions(+) create mode 100644 plugins/hosts/bsd/cap/ssh.rb create mode 100644 plugins/hosts/linux/cap/ssh.rb create mode 100644 plugins/hosts/windows/cap/ssh.rb create mode 100644 plugins/hosts/windows/scripts/set_ssh_key_permissions.ps1 create mode 100644 plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 diff --git a/plugins/hosts/bsd/cap/ssh.rb b/plugins/hosts/bsd/cap/ssh.rb new file mode 100644 index 000000000..9d38c8bea --- /dev/null +++ b/plugins/hosts/bsd/cap/ssh.rb @@ -0,0 +1,16 @@ +module VagrantPlugins + module HostBSD + module Cap + class SSH + # Set the ownership and permissions for SSH + # private key + # + # @param [Vagrant::Environment] env + # @param [Pathname] key_path + def self.set_ssh_key_permissions(env, key_path) + key_path.chmod(0600) + end + end + end + end +end diff --git a/plugins/hosts/bsd/plugin.rb b/plugins/hosts/bsd/plugin.rb index 359d4f7ad..ce79ede31 100644 --- a/plugins/hosts/bsd/plugin.rb +++ b/plugins/hosts/bsd/plugin.rb @@ -35,6 +35,11 @@ module VagrantPlugins require_relative "cap/nfs" Cap::NFS end + + host_capability("bsd", "set_ssh_key_permissions") do + require_relative "cap/ssh" + Cap::SSH + end end end end diff --git a/plugins/hosts/linux/cap/ssh.rb b/plugins/hosts/linux/cap/ssh.rb new file mode 100644 index 000000000..c3a17a5f7 --- /dev/null +++ b/plugins/hosts/linux/cap/ssh.rb @@ -0,0 +1,16 @@ +module VagrantPlugins + module HostLinux + module Cap + class SSH + # Set the ownership and permissions for SSH + # private key + # + # @param [Vagrant::Environment] env + # @param [Pathname] key_path + def self.set_ssh_key_permissions(env, key_path) + key_path.chmod(0600) + end + end + end + end +end diff --git a/plugins/hosts/linux/plugin.rb b/plugins/hosts/linux/plugin.rb index 8b89fc522..a4c6311bf 100644 --- a/plugins/hosts/linux/plugin.rb +++ b/plugins/hosts/linux/plugin.rb @@ -47,6 +47,11 @@ module VagrantPlugins require_relative "cap/nfs" Cap::NFS end + + host_capability("linux", "set_ssh_key_permissions") do + require_relative "cap/ssh" + Cap::SSH + end end end end diff --git a/plugins/hosts/windows/cap/ssh.rb b/plugins/hosts/windows/cap/ssh.rb new file mode 100644 index 000000000..e94a683c4 --- /dev/null +++ b/plugins/hosts/windows/cap/ssh.rb @@ -0,0 +1,25 @@ +module VagrantPlugins + module HostWindows + module Cap + class SSH + # Set the ownership and permissions for SSH + # private key + # + # @param [Vagrant::Environment] env + # @param [Pathname] key_path + def self.set_ssh_key_permissions(env, key_path) + script_path = Host.scripts_path.join("set_ssh_key_permissions.ps1") + result = Vagrant::Util::PowerShell.execute( + script_path.to_s, path.to_s, + module_path: Host.module_path.to_s + ) + if result.exit_code != 0 + raise Vagrant::Errors::PowerShellError, + script: script_path, + stderr: result.stderr + end + end + end + end + end +end diff --git a/plugins/hosts/windows/host.rb b/plugins/hosts/windows/host.rb index 4491f629a..b92ac335e 100644 --- a/plugins/hosts/windows/host.rb +++ b/plugins/hosts/windows/host.rb @@ -8,6 +8,16 @@ module VagrantPlugins def detect?(env) Vagrant::Util::Platform.windows? end + + # @return [Pathname] Path to scripts directory + def self.scripts_path + Pathname.new(File.expand_path("..", __FILE__)) + end + + # @return [Pathname] Path to modules directory + def self.modules_path + scripts_path.join("utils") + end end end end diff --git a/plugins/hosts/windows/plugin.rb b/plugins/hosts/windows/plugin.rb index 78d9239e1..5668141fb 100644 --- a/plugins/hosts/windows/plugin.rb +++ b/plugins/hosts/windows/plugin.rb @@ -55,6 +55,11 @@ module VagrantPlugins require_relative "cap/configured_ip_addresses" Cap::ConfiguredIPAddresses end + + host_capability("windows", "set_ssh_key_permissions") do + require_relative "cap/ssh" + Cap::SSH + end end end end diff --git a/plugins/hosts/windows/scripts/set_ssh_key_permissions.ps1 b/plugins/hosts/windows/scripts/set_ssh_key_permissions.ps1 new file mode 100644 index 000000000..9fc5a1d20 --- /dev/null +++ b/plugins/hosts/windows/scripts/set_ssh_key_permissions.ps1 @@ -0,0 +1,17 @@ +#Requires -Modules VagrantSSH + +param( + [Parameter(Mandatory=$true)] + [string] $KeyPath, + [Parameter(Mandatory=$false)] + [string] $Principal=$null +) + +$ErrorActionPreference = "Stop" + +try { + Set-SSHKeyPermissions -SSHKeyPath $KeyPath -Principal $Principal +} catch { + Write-Error "Failed to set permissions on key: ${PSItem}" + exit 1 +} diff --git a/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 b/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 new file mode 100644 index 000000000..04b1e327b --- /dev/null +++ b/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 @@ -0,0 +1,24 @@ +# Vagrant SSH capability functions + +function Set-SSHKeyPermissions { + param ( + [parameter(Mandatory=$true)] + [string] $SSHKeyPath, + [parameter(Mandatory=$false)] + [string] $Principal=$null + ) + + if(!$Principal) { + $Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name + } + + # Create the new ACL we want to apply + $NewAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( + $Principal, "FullControl", "None", "None", "Allow") + # Scrub all existing ACLs from the file + $ACL = Get-ACL "${SSHKeyPath}" + $ACL.Access | %{$ACL.RemoveAccessRule($_)} + # Apply the new ACL + $ACL.SetAccessRule($NewAccessRule) + Set-ACL "${SSHKeyPath}" $ACL +} From 98c6903e9c757af91e1c59a51d409631b2e52a7b Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 11:56:37 -0700 Subject: [PATCH 04/13] Fix path variable name. Return process result. --- plugins/hosts/windows/cap/ssh.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/hosts/windows/cap/ssh.rb b/plugins/hosts/windows/cap/ssh.rb index e94a683c4..8cf0129f7 100644 --- a/plugins/hosts/windows/cap/ssh.rb +++ b/plugins/hosts/windows/cap/ssh.rb @@ -10,14 +10,15 @@ module VagrantPlugins def self.set_ssh_key_permissions(env, key_path) script_path = Host.scripts_path.join("set_ssh_key_permissions.ps1") result = Vagrant::Util::PowerShell.execute( - script_path.to_s, path.to_s, - module_path: Host.module_path.to_s + script_path.to_s, key_path.to_s, + module_path: Host.modules_path.to_s ) if result.exit_code != 0 raise Vagrant::Errors::PowerShellError, script: script_path, stderr: result.stderr end + result end end end From 42cbae1e90ee73cd26399195c07a3a90f956e1bc Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 11:57:14 -0700 Subject: [PATCH 05/13] Add test coverage on ssh capabilities --- .../communicators/ssh/communicator_test.rb | 42 +++++-------------- test/unit/plugins/hosts/bsd/cap/ssh_test.rb | 15 +++++++ test/unit/plugins/hosts/linux/cap/ssh_test.rb | 15 +++++++ .../plugins/hosts/windows/cap/ssh_test.rb | 38 +++++++++++++++++ 4 files changed, 79 insertions(+), 31 deletions(-) create mode 100644 test/unit/plugins/hosts/bsd/cap/ssh_test.rb create mode 100644 test/unit/plugins/hosts/linux/cap/ssh_test.rb create mode 100644 test/unit/plugins/hosts/windows/cap/ssh_test.rb diff --git a/test/unit/plugins/communicators/ssh/communicator_test.rb b/test/unit/plugins/communicators/ssh/communicator_test.rb index 1b244b8a3..d9ccb6835 100644 --- a/test/unit/plugins/communicators/ssh/communicator_test.rb +++ b/test/unit/plugins/communicators/ssh/communicator_test.rb @@ -34,9 +34,12 @@ describe VagrantPlugins::CommunicatorSSH::Communicator do double("machine", config: config, provider: provider, - ui: ui + ui: ui, + env: env ) end + let(:env){ double("env", host: host) } + let(:host){ double("host") } # SSH information of the machine let(:machine_ssh_info){ {host: '10.1.2.3', port: 22} } # Subject instance to test @@ -89,6 +92,10 @@ describe VagrantPlugins::CommunicatorSSH::Communicator do allow(communicator).to receive(:retryable).and_return(connection) end + before do + allow(host).to receive(:has_capability?).and_return(false) + end + describe ".wait_for_ready" do before(&connection_setup) context "with no static config (default scenario)" do @@ -208,41 +215,14 @@ describe VagrantPlugins::CommunicatorSSH::Communicator do expect(private_key_file).to receive(:write).with(new_private_key) end - it "should set private key file as user readable only" do - expect(private_key_file).to receive(:chmod).with(0600) + it "should call the set_ssh_key_permissions host capability" do + expect(host).to receive(:has_capability?).with(:set_ssh_key_permissions).and_return(true) + expect(host).to receive(:capability).with(:set_ssh_key_permissions, private_key_file) end it "should remove the default public key" do expect(guest).to receive(:capability).with(:remove_public_key, any_args) end - - context "on windows platform" do - let(:owner){ "owner" } - - before do - allow(private_key_file).to receive(:to_s).and_return("PRIVATE_KEY_PATH") - allow(File).to receive(:set_permissions) - allow(Vagrant::Util::Platform).to receive(:windows?).and_return(true) - allow(Etc).to receive(:getlogin).and_return(owner) - stub_const('File::FULL', :full) - end - - it "should get set new permissions on private key file" do - expect(File).to receive(:set_permissions).with("PRIVATE_KEY_PATH", any_args) - end - - it "should proceed when error is encountered" do - expect(File).to receive(:set_permissions).and_raise(StandardError) - end - - context "with multiple permissions on file" do - - it "should delete all non-owner permissions" do - expect(File).to receive(:set_permissions).with("PRIVATE_KEY_PATH", - owner => :full) - end - end - end end end end diff --git a/test/unit/plugins/hosts/bsd/cap/ssh_test.rb b/test/unit/plugins/hosts/bsd/cap/ssh_test.rb new file mode 100644 index 000000000..1b571a907 --- /dev/null +++ b/test/unit/plugins/hosts/bsd/cap/ssh_test.rb @@ -0,0 +1,15 @@ +require_relative "../../../../base" + +require_relative "../../../../../../plugins/hosts/bsd/cap/ssh" + +describe VagrantPlugins::HostBSD::Cap::SSH do + let(:subject){ VagrantPlugins::HostBSD::Cap::SSH } + + let(:env){ double("env") } + let(:key_path){ double("key_path") } + + it "should set file as user only read/write" do + expect(key_path).to receive(:chmod).with(0600) + subject.set_ssh_key_permissions(env, key_path) + end +end diff --git a/test/unit/plugins/hosts/linux/cap/ssh_test.rb b/test/unit/plugins/hosts/linux/cap/ssh_test.rb new file mode 100644 index 000000000..1dd67b5e9 --- /dev/null +++ b/test/unit/plugins/hosts/linux/cap/ssh_test.rb @@ -0,0 +1,15 @@ +require_relative "../../../../base" + +require_relative "../../../../../../plugins/hosts/linux/cap/ssh" + +describe VagrantPlugins::HostLinux::Cap::SSH do + let(:subject){ VagrantPlugins::HostLinux::Cap::SSH } + + let(:env){ double("env") } + let(:key_path){ double("key_path") } + + it "should set file as user only read/write" do + expect(key_path).to receive(:chmod).with(0600) + subject.set_ssh_key_permissions(env, key_path) + end +end diff --git a/test/unit/plugins/hosts/windows/cap/ssh_test.rb b/test/unit/plugins/hosts/windows/cap/ssh_test.rb new file mode 100644 index 000000000..e1a9f93fc --- /dev/null +++ b/test/unit/plugins/hosts/windows/cap/ssh_test.rb @@ -0,0 +1,38 @@ +require_relative "../../../../base" + +require_relative "../../../../../../plugins/hosts/windows/cap/ssh" + +describe VagrantPlugins::HostWindows::Cap::SSH do + let(:subject){ VagrantPlugins::HostWindows::Cap::SSH } + let(:result){ Vagrant::Util::Subprocess::Result.new(exit_code, stdout, stderr) } + let(:exit_code){ 0 } + let(:stdout){ "" } + let(:stderr){ "" } + + let(:key_path){ double("keypath", to_s: "keypath") } + let(:env){ double("env") } + + before do + allow(Vagrant::Util::PowerShell).to receive(:execute).and_return(result) + end + + it "should execute PowerShell script" do + expect(Vagrant::Util::PowerShell).to receive(:execute).with( + /set_ssh_key_permissions.ps1/, key_path.to_s, any_args + ).and_return(result) + subject.set_ssh_key_permissions(env, key_path) + end + + it "should return the result" do + + expect(subject.set_ssh_key_permissions(env, key_path)).to eq(result) + end + + context "when command fails" do + let(:exit_code){ 1 } + + it "should raise an error" do + expect{ subject.set_ssh_key_permissions(env, key_path) }.to raise_error(Vagrant::Errors::PowerShellError) + end + end +end From bf7cd4fb0ab6c20a20a883128a2d164f82d5ee7c Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 12:32:04 -0700 Subject: [PATCH 06/13] Add test coverage for powershell module option --- test/unit/vagrant/util/powershell_test.rb | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/test/unit/vagrant/util/powershell_test.rb b/test/unit/vagrant/util/powershell_test.rb index ce30bd4d1..0733f7783 100644 --- a/test/unit/vagrant/util/powershell_test.rb +++ b/test/unit/vagrant/util/powershell_test.rb @@ -135,6 +135,14 @@ describe Vagrant::Util::PowerShell do end described_class.execute("custom-command", env: {"TEST_KEY" => "test-value"}) end + + it "should define a custom module path" do + expect(Vagrant::Util::Subprocess).to receive(:execute) do |*args| + comm = args.detect{|s| s.to_s.include?("custom-command") } + expect(comm.to_s).to include("$env:PSModulePath+';C:\\My-Path'") + end + described_class.execute("custom-command", module_path: "C:\\My-Path") + end end describe ".execute_cmd" do @@ -183,6 +191,15 @@ describe Vagrant::Util::PowerShell do described_class.execute_cmd("custom-command", env: {"TEST_KEY" => "test-value"}) end + it "should define a custom module path" do + expect(Vagrant::Util::Subprocess).to receive(:execute) do |*args| + comm = args.detect{|s| s.to_s.include?("custom-command") } + expect(comm.to_s).to include("$env:PSModulePath+';C:\\My-Path'") + result + end + described_class.execute_cmd("custom-command", module_path: "C:\\My-Path") + end + context "with command output" do let(:stdout){ "custom-output" } @@ -246,6 +263,15 @@ describe Vagrant::Util::PowerShell do described_class.execute_inline("custom-command", env: {"TEST_KEY" => "test-value"}) end + it "should define a custom module path" do + expect(Vagrant::Util::Subprocess).to receive(:execute) do |*args| + comm = args.detect{|s| s.to_s.include?("custom-command") } + expect(comm.to_s).to include("$env:PSModulePath+';C:\\My-Path'") + result + end + described_class.execute_inline("custom-command", module_path: "C:\\My-Path") + end + it "should return a result instance" do expect(described_class.execute_inline("cmd")).to eq(result) end From 87b8321702f62fad1b36fa5c00d61d25f0f04333 Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 13:54:37 -0700 Subject: [PATCH 07/13] Remove win32 dependencies --- lib/vagrant.rb | 6 ------ vagrant.gemspec | 2 -- 2 files changed, 8 deletions(-) diff --git a/lib/vagrant.rb b/lib/vagrant.rb index d980521c6..c775b5f37 100644 --- a/lib/vagrant.rb +++ b/lib/vagrant.rb @@ -65,12 +65,6 @@ require 'i18n' # there are issues with ciphers not being properly loaded. require 'openssl' -# If we are on Windows, load in File helpers -if Vagrant::Util::Platform.windows? - require "ffi-win32-extensions" - require "win32/file/security" -end - # Always make the version available require 'vagrant/version' global_logger = Log4r::Logger.new("vagrant::global") diff --git a/vagrant.gemspec b/vagrant.gemspec index 4096fd684..edc12f032 100644 --- a/vagrant.gemspec +++ b/vagrant.gemspec @@ -28,8 +28,6 @@ Gem::Specification.new do |s| s.add_dependency "rb-kqueue", "~> 0.2.0" s.add_dependency "rest-client", ">= 1.6.0", "< 3.0" s.add_dependency "wdm", "~> 0.1.0" - s.add_dependency "win32-file", "~> 0.8.1" - s.add_dependency "win32-file-security", "~> 1.0.10" s.add_dependency "winrm", "~> 2.1" s.add_dependency "winrm-fs", "~> 1.0" s.add_dependency "winrm-elevated", "~> 1.1" From 2628d93370ee46272c1bc3311d1ddd0910870597 Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 14:13:10 -0700 Subject: [PATCH 08/13] Rename method name when checking capability --- plugins/communicators/ssh/communicator.rb | 2 +- test/unit/plugins/communicators/ssh/communicator_test.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/communicators/ssh/communicator.rb b/plugins/communicators/ssh/communicator.rb index a7e1cb0ad..1ae8b9047 100644 --- a/plugins/communicators/ssh/communicator.rb +++ b/plugins/communicators/ssh/communicator.rb @@ -195,7 +195,7 @@ module VagrantPlugins end # Adjust private key file permissions if host provides capability - if @machine.env.host.has_capability?(:set_ssh_key_permissions) + if @machine.env.host.capability?(:set_ssh_key_permissions) @machine.env.host.capability(:set_ssh_key_permissions, @machine.data_dir.join("private_key")) end diff --git a/test/unit/plugins/communicators/ssh/communicator_test.rb b/test/unit/plugins/communicators/ssh/communicator_test.rb index d9ccb6835..a236c1931 100644 --- a/test/unit/plugins/communicators/ssh/communicator_test.rb +++ b/test/unit/plugins/communicators/ssh/communicator_test.rb @@ -93,7 +93,7 @@ describe VagrantPlugins::CommunicatorSSH::Communicator do end before do - allow(host).to receive(:has_capability?).and_return(false) + allow(host).to receive(:capability?).and_return(false) end describe ".wait_for_ready" do @@ -216,7 +216,7 @@ describe VagrantPlugins::CommunicatorSSH::Communicator do end it "should call the set_ssh_key_permissions host capability" do - expect(host).to receive(:has_capability?).with(:set_ssh_key_permissions).and_return(true) + expect(host).to receive(:capability?).with(:set_ssh_key_permissions).and_return(true) expect(host).to receive(:capability).with(:set_ssh_key_permissions, private_key_file) end From 16bcc1d874786c5f4bf2229da7467e4a816a70fa Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 16:20:30 -0700 Subject: [PATCH 09/13] Include scripts directory when building pathname --- plugins/hosts/windows/host.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/hosts/windows/host.rb b/plugins/hosts/windows/host.rb index b92ac335e..5658f9b91 100644 --- a/plugins/hosts/windows/host.rb +++ b/plugins/hosts/windows/host.rb @@ -11,7 +11,7 @@ module VagrantPlugins # @return [Pathname] Path to scripts directory def self.scripts_path - Pathname.new(File.expand_path("..", __FILE__)) + Pathname.new(File.expand_path("../scripts", __FILE__)) end # @return [Pathname] Path to modules directory From ae8e25aabcb09722e5aab445d0e6d869e05ad46d Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 16:20:49 -0700 Subject: [PATCH 10/13] Include key path flag when calling script --- plugins/hosts/windows/cap/ssh.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/hosts/windows/cap/ssh.rb b/plugins/hosts/windows/cap/ssh.rb index 8cf0129f7..63415bcb5 100644 --- a/plugins/hosts/windows/cap/ssh.rb +++ b/plugins/hosts/windows/cap/ssh.rb @@ -10,7 +10,7 @@ module VagrantPlugins def self.set_ssh_key_permissions(env, key_path) script_path = Host.scripts_path.join("set_ssh_key_permissions.ps1") result = Vagrant::Util::PowerShell.execute( - script_path.to_s, key_path.to_s, + script_path.to_s, "-KeyPath", key_path.to_s, module_path: Host.modules_path.to_s ) if result.exit_code != 0 From e39b3555e693414174677eb98c45da8964658d1c Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 16:21:13 -0700 Subject: [PATCH 11/13] Disable inherit on key file for parent ACL rules --- .../hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 b/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 index 04b1e327b..5d49a93db 100644 --- a/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 +++ b/plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 @@ -15,8 +15,10 @@ function Set-SSHKeyPermissions { # Create the new ACL we want to apply $NewAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $Principal, "FullControl", "None", "None", "Allow") - # Scrub all existing ACLs from the file $ACL = Get-ACL "${SSHKeyPath}" + # Disable inherited rules + $ACL.SetAccessRuleProtection($true, $false) + # Scrub all existing ACLs from the file $ACL.Access | %{$ACL.RemoveAccessRule($_)} # Apply the new ACL $ACL.SetAccessRule($NewAccessRule) From 7e0cc99ffd51577fd3b227df2cbd77a07e20c19a Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 16:30:51 -0700 Subject: [PATCH 12/13] Include flag check on ssh cap test --- test/unit/plugins/hosts/windows/cap/ssh_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/unit/plugins/hosts/windows/cap/ssh_test.rb b/test/unit/plugins/hosts/windows/cap/ssh_test.rb index e1a9f93fc..e258574e5 100644 --- a/test/unit/plugins/hosts/windows/cap/ssh_test.rb +++ b/test/unit/plugins/hosts/windows/cap/ssh_test.rb @@ -18,7 +18,7 @@ describe VagrantPlugins::HostWindows::Cap::SSH do it "should execute PowerShell script" do expect(Vagrant::Util::PowerShell).to receive(:execute).with( - /set_ssh_key_permissions.ps1/, key_path.to_s, any_args + /set_ssh_key_permissions.ps1/, "-KeyPath", key_path.to_s, any_args ).and_return(result) subject.set_ssh_key_permissions(env, key_path) end From 305a251c7b1456b5386ba74dd6b959e50024a63c Mon Sep 17 00:00:00 2001 From: Chris Roberts Date: Tue, 12 Jun 2018 16:31:53 -0700 Subject: [PATCH 13/13] Update Ruby test versions --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index d09bd961d..ccb5c188c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,9 +10,10 @@ addons: - bsdtar rvm: - - 2.3.6 - - 2.4.3 + - 2.3.7 + - 2.4.4 - 2.5.0 + - 2.5.1 branches: only: