winrm 1.7.3 → 1.8.0

data/Vagrantfile

@@ -1,9 +1,9 @@
-# encoding: UTF-8
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-VAGRANTFILE_API_VERSION = '2'
-
-Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = 'mwrock/Windows2012R2'
-end
+# encoding: UTF-8
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+VAGRANTFILE_API_VERSION = '2'
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = 'mwrock/Windows2012R2'
+end

data/WinrmAppveyor.psm1

@@ -0,0 +1,32 @@
+function New-ClientCertificate {
+  param([String]$username, [String]$basePath = ((Resolve-Parh .).Path))
+
+  $env:OPENSSL_CONF=[System.IO.Path]::GetTempFileName()
+
+  Set-Content -Path $env:OPENSSL_CONF -Value @"
+  distinguished_name = req_distinguished_name
+  [req_distinguished_name]
+  [v3_req_client]
+  extendedKeyUsage = clientAuth
+  subjectAltName = otherName:1.3.6.1.4.1.311.20.2.3;UTF8:$username@localhost
+"@
+
+  $user_path = Join-Path $basePath user.pem
+  $key_path = Join-Path $basePath key.pem
+  $pfx_path = Join-Path $basePath user.pfx
+
+  openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out $user_path -outform PEM -keyout $key_path -subj "/CN=$username" -extensions v3_req_client 2>&1
+
+  openssl pkcs12 -export -in $user_path -inkey $key_path -out $pfx_path -passout pass: 2>&1
+
+  del $env:OPENSSL_CONF
+}
+
+function New-WinrmUserCertificateMapping {
+  param([String]$issuer)
+  $secure_pass = ConvertTo-SecureString $env:winrm_pass -AsPlainText -Force
+  $cred = New-Object System.Management.Automation.PSCredential ($env:winrm_user, $secure_pass)
+  New-Item -Path WSMan:\localhost\ClientCertificate -Subject "$env:winrm_user@localhost" -URI * -Issuer $issuer -Credential $cred -Force
+}
+
+Export-ModuleMember New-ClientCertificate, New-WinrmUserCertificateMapping

data/appveyor.yml

@@ -1,42 +1,51 @@
-version: "master-{build}"
-
-os: Windows Server 2012 R2
-platform:
-  - x64
-
-environment:
-  winrm_user: test_user
-  winrm_pass: Pass@word1
-
-  matrix:
-    - ruby_version: "21"
-      winrm_endpoint: http://localhost:5985/wsman
-
-clone_folder: c:\projects\winrm
-clone_depth: 1
-branches:
-  only:
-    - master
-
-install:
-  - ps: net user /add $env:winrm_user $env:winrm_pass
-  - ps: net localgroup administrators $env:winrm_user /add
-  - ps: $env:winrm_cert = (New-SelfSignedCertificate -DnsName localhost -CertStoreLocation cert:\localmachine\my).Thumbprint
-  - ps: winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"localhost`";CertificateThumbprint=`"$($env:winrm_cert)`"}"
-  - ps: winrm set winrm/config/client/auth '@{Basic="true"}'
-  - ps: winrm set winrm/config/service/auth '@{Basic="true"}'
-  - ps: winrm set winrm/config/service/auth '@{CbtHardeningLevel="Strict"}'
-  - ps: winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-  - ps: $env:PATH="C:\Ruby$env:ruby_version\bin;$env:PATH"
-  - ps: Write-Host $env:PATH
-  - ps: ruby --version
-  - ps: gem --version
-  - ps: gem install bundler --quiet --no-ri --no-rdoc
-  - ps: bundler --version
-
-build_script:
-  - bundle install || bundle install || bundle install
-
-test_script:
-  - SET SPEC_OPTS=--format progress
-  - bundle exec rake integration
+version: "master-{build}"
+
+os: Windows Server 2012 R2
+platform:
+  - x64
+
+environment:
+  winrm_user: test_user
+  winrm_pass: Pass@word1
+  user_cert: c:\projects\winrm\user.pem
+  user_key: c:\projects\winrm\key.pem
+
+  matrix:
+    - ruby_version: "21"
+      winrm_endpoint: http://localhost:5985/wsman
+
+clone_folder: c:\projects\winrm
+clone_depth: 1
+branches:
+  only:
+    - master
+
+install:
+  - ps: net user /add $env:winrm_user $env:winrm_pass
+  - ps: net localgroup administrators $env:winrm_user /add
+  - ps: $env:PATH="C:\OpenSSL-Win64\bin;$env:PATH"
+  - ps: Import-Module c:\projects\winrm\WinrmAppveyor.psm1
+  - ps: New-ClientCertificate $env:winrm_user c:\projects\winrm
+  - ps: $env:user_cert_thumb = (Import-pfxCertificate -FilePath c:\projects\winrm\user.pfx -CertStoreLocation Cert:\LocalMachine\root).Thumbprint
+  - ps: Import-pfxCertificate -FilePath c:\projects\winrm\user.pfx -CertStoreLocation Cert:\LocalMachine\TrustedPeople
+  - ps: $env:winrm_cert = (New-SelfSignedCertificate -DnsName localhost -CertStoreLocation cert:\localmachine\my).Thumbprint
+  - ps: winrm create winrm/config/Listener?Address=*+Transport=HTTPS "@{Hostname=`"localhost`";CertificateThumbprint=`"$($env:winrm_cert)`"}"
+  - ps: winrm set winrm/config/client/auth '@{Basic="true"}'
+  - ps: winrm set winrm/config/service/auth '@{Basic="true"}'
+  - ps: winrm set winrm/config/service/auth '@{Certificate="true"}'
+  - ps: winrm set winrm/config/service/auth '@{CbtHardeningLevel="Strict"}'
+  - ps: winrm set winrm/config/service '@{AllowUnencrypted="true"}'
+  - ps: New-WinrmUserCertificateMapping $env:user_cert_thumb
+  - ps: $env:PATH="C:\Ruby$env:ruby_version\bin;$env:PATH"
+  - ps: Write-Host $env:PATH
+  - ps: ruby --version
+  - ps: gem --version
+  - ps: gem install bundler --quiet --no-ri --no-rdoc
+  - ps: bundler --version
+
+build_script:
+  - bundle install || bundle install || bundle install
+
+test_script:
+  - SET SPEC_OPTS=--format progress
+  - bundle exec rake integration

data/bin/rwinrm

@@ -1,97 +1,97 @@
-#!/usr/bin/env ruby
-# encoding: UTF-8
-
-# Copyright 2014 Shawn Neal <sneal@sneal.net>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# rubocop:disable all
-
-$LOAD_PATH.push File.expand_path('../../lib', __FILE__)
-
-require 'readline'
-require 'io/console'
-require 'winrm'
-
-def help_msg
-  puts 'Usage: rwinrm user@host'
-  puts ''
-end
-
-def parse_options
-  options = {}
-  fail 'Missing required options' unless ARGV.length == 1
-
-  m = /^(?<user>[a-z0-9\.\!\$ _-]+)@{1}(?<host>[a-z0-9\.\-]+)(?<port>:[0-9]+)?/i.match(ARGV[0])
-  fail "#{ARGV[0]} is an invalid host" unless m
-  options[:user] = m[:user]
-  options[:endpoint] = "http://#{m[:host]}#{m[:port] || ':5985'}/wsman"
-
-  # Get the password
-  print 'Password: '
-  options[:pass] = STDIN.noecho(&:gets).chomp
-  puts
-
-  # Set some defaults required by WinRM WS
-  options[:auth_type] = :plaintext
-  options[:basic_auth_only] = true
-
-  options
-rescue StandardError => e
-  puts e.message
-  help_msg
-  exit 1
-end
-
-def repl(options)
-  client = WinRM::WinRMWebService.new(
-    options[:endpoint],
-    options[:auth_type].to_sym,
-    options)
-
-  client.set_timeout(3600)
-  shell_id = client.open_shell
-  command_id = client.run_command(shell_id, 'cmd', "/K prompt [#{ARGV[0]}]$P$G")
-
-  read_thread = Thread.new do
-    client.get_command_output(shell_id, command_id) do |stdout, stderr|
-      STDOUT.write stdout
-      STDERR.write stderr
-    end
-  end
-  read_thread.abort_on_exception = true
-
-  while (buf = Readline.readline('', true))
-    if buf =~ /^exit/
-      read_thread.exit
-      client.cleanup_command(shell_id, command_id)
-      client.close_shell(shell_id)
-      exit 0
-    else
-      client.write_stdin(shell_id, command_id, "#{buf}\r\n")
-    end
-  end
-rescue Interrupt
-  puts 'exiting'
-  # ctrl-c
-rescue WinRM::WinRMAuthorizationError
-  puts 'Authentication failed, bad user name or password'
-  exit 1
-rescue StandardError => e
-  puts e.message
-  exit 1
-end
-
-repl(parse_options)
-
-# rubocop:enable all
+#!/usr/bin/env ruby
+# encoding: UTF-8
+
+# Copyright 2014 Shawn Neal <sneal@sneal.net>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# rubocop:disable all
+
+$LOAD_PATH.push File.expand_path('../../lib', __FILE__)
+
+require 'readline'
+require 'io/console'
+require 'winrm'
+
+def help_msg
+  puts 'Usage: rwinrm user@host'
+  puts ''
+end
+
+def parse_options
+  options = {}
+  fail 'Missing required options' unless ARGV.length == 1
+
+  m = /^(?<user>[a-z0-9\.\!\$ _-]+)@{1}(?<host>[a-z0-9\.\-]+)(?<port>:[0-9]+)?/i.match(ARGV[0])
+  fail "#{ARGV[0]} is an invalid host" unless m
+  options[:user] = m[:user]
+  options[:endpoint] = "http://#{m[:host]}#{m[:port] || ':5985'}/wsman"
+
+  # Get the password
+  print 'Password: '
+  options[:pass] = STDIN.noecho(&:gets).chomp
+  puts
+
+  # Set some defaults required by WinRM WS
+  options[:auth_type] = :plaintext
+  options[:basic_auth_only] = true
+
+  options
+rescue StandardError => e
+  puts e.message
+  help_msg
+  exit 1
+end
+
+def repl(options)
+  client = WinRM::WinRMWebService.new(
+    options[:endpoint],
+    options[:auth_type].to_sym,
+    options)
+
+  client.set_timeout(3600)
+  shell_id = client.open_shell
+  command_id = client.run_command(shell_id, 'cmd', "/K prompt [#{ARGV[0]}]$P$G")
+
+  read_thread = Thread.new do
+    client.get_command_output(shell_id, command_id) do |stdout, stderr|
+      STDOUT.write stdout
+      STDERR.write stderr
+    end
+  end
+  read_thread.abort_on_exception = true
+
+  while (buf = Readline.readline('', true))
+    if buf =~ /^exit/
+      read_thread.exit
+      client.cleanup_command(shell_id, command_id)
+      client.close_shell(shell_id)
+      exit 0
+    else
+      client.write_stdin(shell_id, command_id, "#{buf}\r\n")
+    end
+  end
+rescue Interrupt
+  puts 'exiting'
+  # ctrl-c
+rescue WinRM::WinRMAuthorizationError
+  puts 'Authentication failed, bad user name or password'
+  exit 1
+rescue StandardError => e
+  puts e.message
+  exit 1
+end
+
+repl(parse_options)
+
+# rubocop:enable all

data/changelog.md

@@ -1,5 +1,8 @@
 # WinRM Gem Changelog
 
+# 1.8.0
+- Add certificate authentication
+
 # 1.7.3
 - Open a new shell if the current shell has been deleted
 

data/lib/winrm.rb

@@ -1,42 +1,42 @@
-# encoding: UTF-8
-#
-# Copyright 2010 Dan Wanek <dan.wanek@gmail.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require 'date'
-require 'logging'
-require_relative 'winrm/version'
-
-# Main WinRM module entry point
-module WinRM
-  # Enable logging if it is requested. We do this before
-  # anything else so that we can setup the output before
-  # any logging occurs.
-  if ENV['WINRM_LOG'] && ENV['WINRM_LOG'] != ''
-    begin
-      Logging.logger.root.level = ENV['WINRM_LOG']
-      Logging.logger.root.appenders = Logging.appenders.stderr
-    rescue ArgumentError
-      # This means that the logging level wasn't valid
-      $stderr.puts "Invalid WINRM_LOG level is set: #{ENV['WINRM_LOG']}"
-      $stderr.puts ''
-      $stderr.puts 'Please use one of the standard log levels: ' \
-        'debug, info, warn, or error'
-    end
-  end
-end
-
-require 'winrm/output'
-require 'winrm/helpers/iso8601_duration'
-require 'winrm/soap_provider'
+# encoding: UTF-8
+#
+# Copyright 2010 Dan Wanek <dan.wanek@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'date'
+require 'logging'
+require_relative 'winrm/version'
+
+# Main WinRM module entry point
+module WinRM
+  # Enable logging if it is requested. We do this before
+  # anything else so that we can setup the output before
+  # any logging occurs.
+  if ENV['WINRM_LOG'] && ENV['WINRM_LOG'] != ''
+    begin
+      Logging.logger.root.level = ENV['WINRM_LOG']
+      Logging.logger.root.appenders = Logging.appenders.stderr
+    rescue ArgumentError
+      # This means that the logging level wasn't valid
+      $stderr.puts "Invalid WINRM_LOG level is set: #{ENV['WINRM_LOG']}"
+      $stderr.puts ''
+      $stderr.puts 'Please use one of the standard log levels: ' \
+        'debug, info, warn, or error'
+    end
+  end
+end
+
+require 'winrm/output'
+require 'winrm/helpers/iso8601_duration'
+require 'winrm/soap_provider'

data/lib/winrm/command_executor.rb

@@ -102,8 +102,12 @@ module WinRM
       # has been closed. One might see this on a target windows machine that has just
       # been provisioned and restarted the winrm service at the end of its provisioning
       # routine. If this hapens, we should give the command one more try.
-      if e.fault_code == '2150858843' && (tries -= 1) > 0
-        service.logger.debug('[WinRM] opening new shell since the current one was deleted')
+
+      # Fault code 2147943418 may be raised if the shell is installing an msi and for
+      # some reason it tries to read a registry key that has been deleted. This sometimes
+      # happens for 2008r2 when installing the Chef omnibus msi.
+      if %w(2150858843 2147943418).include?(e.fault_code) && (tries -= 1) > 0
+        service.logger.debug('[WinRM] opening new shell since the current one failed')
         @shell = nil
         open
         retry