lib/chef/knife/bootstrap_windows_winrm.rb in knife-windows-0.8.6 vs lib/chef/knife/bootstrap_windows_winrm.rb in knife-windows-1.0.0.rc.0

@@ -17,18 +17,20 @@
 #
 
 require 'chef/knife/bootstrap_windows_base'
 require 'chef/knife/winrm'
 require 'chef/knife/winrm_base'
-require 'chef/knife/bootstrap'
+require 'chef/knife/winrm_knife_base'
 
+
 class Chef
   class Knife
     class BootstrapWindowsWinrm < Bootstrap
 
       include Chef::Knife::BootstrapWindowsBase
       include Chef::Knife::WinrmBase
+      include Chef::Knife::WinrmCommandSharedFunctions
 
       deps do
         require 'chef/knife/core/windows_bootstrap_context'
         require 'chef/json_compat'
         require 'tempfile'
@@ -36,31 +38,37 @@
       end
 
       banner "knife bootstrap windows winrm FQDN (options)"
 
       def run
+        if (Chef::Config[:validation_key] && !File.exist?(File.expand_path(Chef::Config[:validation_key])))
+          if !negotiate_auth? && !(locate_config_value(:winrm_transport) == 'ssl')
+            ui.error("Validatorless bootstrap over unsecure winrm channels could expose your key to network sniffing")
+            exit 1
+          end
+        end
         bootstrap
       end
 
-
       def run_command(command = '')
         winrm = Chef::Knife::Winrm.new
         winrm.name_args = [ server_name, command ]
         winrm.config[:winrm_user] = locate_config_value(:winrm_user)
         winrm.config[:winrm_password] = locate_config_value(:winrm_password)
         winrm.config[:winrm_transport] = locate_config_value(:winrm_transport)
-        winrm.config[:kerberos_keytab_file] = Chef::Config[:knife][:kerberos_keytab_file] if Chef::Config[:knife][:kerberos_keytab_file]
-        winrm.config[:kerberos_realm] = Chef::Config[:knife][:kerberos_realm] if Chef::Config[:knife][:kerberos_realm]
-        winrm.config[:kerberos_service] = Chef::Config[:knife][:kerberos_service] if Chef::Config[:knife][:kerberos_service]
-        winrm.config[:ca_trust_file] = Chef::Config[:knife][:ca_trust_file] if Chef::Config[:knife][:ca_trust_file]
+        winrm.config[:winrm_ssl_verify_mode] = locate_config_value(:winrm_ssl_verify_mode)
+        winrm.config[:kerberos_keytab_file] = locate_config_value(:kerberos_keytab_file) if locate_config_value(:kerberos_keytab_file)
+        winrm.config[:kerberos_realm] = locate_config_value(:kerberos_realm) if locate_config_value(:kerberos_realm)
+        winrm.config[:kerberos_service] = locate_config_value(:kerberos_service) if locate_config_value(:kerberos_service)
+        winrm.config[:ca_trust_file] = locate_config_value(:ca_trust_file) if locate_config_value(:ca_trust_file)
         winrm.config[:manual] = true
         winrm.config[:winrm_port] = locate_config_value(:winrm_port)
         winrm.config[:suppress_auth_failure] = true
-       
-        #If you turn off the return flag, then winrm.run won't atually check and 
+
+        #If you turn off the return flag, then winrm.run won't atually check and
         #return the error
-        #codes.  Otherwise, it ignores the return value of the server call.  
+        #codes.  Otherwise, it ignores the return value of the server call.
         winrm.config[:returns] = "0"
         winrm.run
       end
 
       protected
@@ -97,6 +105,5 @@
         ((Time.now - start_time) / 60).round(2)
       end
     end
   end
 end
-