Merge pull request #4979 from Lee303/communicator-winrm-ntlmauth

Add NTLM authentication support for WinRM communicator
2017-06-07 13:36:51 -07:00 · 2017-06-07 13:36:51 -07:00 · 6b67aeed3c
parent be2e915b84 f86e169564
commit 6b67aeed3c
3 changed files with 35 additions and 0 deletions
--- a/helper/communicator/config.go
+++ b/helper/communicator/config.go
@ -42,6 +42,7 @@ type Config struct {
 	WinRMTimeout            time.Duration `mapstructure:"winrm_timeout"`
 	WinRMUseSSL             bool          `mapstructure:"winrm_use_ssl"`
 	WinRMInsecure           bool          `mapstructure:"winrm_insecure"`
+	WinRMUseNTLM            bool          `mapstructure:"winrm_use_ntlm"`
 	WinRMTransportDecorator func() winrm.Transporter
 }

@ -187,6 +188,10 @@ func (c *Config) prepareWinRM(ctx *interpolate.Context) []error {
 		c.WinRMTimeout = 30 * time.Minute
 	}

+	if c.WinRMUseNTLM == true {
+		c.WinRMTransportDecorator = func() winrm.Transporter { return &winrm.ClientNTLM{} }
+	}
+
 	var errs []error
 	if c.WinRMUser == "" {
 		errs = append(errs, errors.New("winrm_username must be specified."))
--- a/helper/communicator/config_test.go
+++ b/helper/communicator/config_test.go
@ -1,9 +1,11 @@
 package communicator

 import (
+	"reflect"
 	"testing"

 	"github.com/hashicorp/packer/template/interpolate"
+	"github.com/masterzen/winrm"
 )

 func testConfig() *Config {
@ -101,6 +103,29 @@ func TestConfig_winrm_port_ssl(t *testing.T) {

 }

+func TestConfig_winrm_use_ntlm(t *testing.T) {
+	c := &Config{
+		Type:         "winrm",
+		WinRMUser:    "admin",
+		WinRMUseNTLM: true,
+	}
+	if err := c.Prepare(testContext(t)); len(err) > 0 {
+		t.Fatalf("bad: %#v", err)
+	}
+
+	if c.WinRMTransportDecorator == nil {
+		t.Fatalf("WinRMTransportDecorator not set.")
+	}
+
+	expected := &winrm.ClientNTLM{}
+	actual := c.WinRMTransportDecorator()
+
+	if !reflect.DeepEqual(expected, actual) {
+		t.Fatalf("WinRMTransportDecorator isn't ClientNTLM.")
+	}
+
+}
+
 func TestConfig_winrm(t *testing.T) {
 	c := &Config{
 		Type:      "winrm",
--- a/website/source/docs/templates/communicator.html.md
+++ b/website/source/docs/templates/communicator.html.md
@ -127,3 +127,8 @@ The WinRM communicator has the following options.

 - `winrm_insecure` (boolean) - If true, do not check server certificate
    chain and host name
+
+- `winrm_use_ntlm` (boolean) - If true, NTLM authentication will be used for WinRM, 
+    rather than default (basic authentication), removing the requirement for basic 
+    authentication to be enabled within the target guest. Further reading for remote 
+    connection authentication can be found [here](https://msdn.microsoft.com/en-us/library/aa384295(v=vs.85).aspx).