diff --git a/appveyor.yml b/appveyor.yml
index 416a4fb0a..422787ccb 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,4 +1,4 @@
-version: 0.0.8.0.{build}
+version: 0.0.10.0.{build}
image: Visual Studio 2015
branches:
diff --git a/contrib/win32/openssh/OpenSSHBuildHelper.psm1 b/contrib/win32/openssh/OpenSSHBuildHelper.psm1
index 99be2995c..cf66a0dfb 100644
--- a/contrib/win32/openssh/OpenSSHBuildHelper.psm1
+++ b/contrib/win32/openssh/OpenSSHBuildHelper.psm1
@@ -439,24 +439,6 @@ function Deploy-Win32OpenSSHBinaries
Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.exe,*.dll -Exclude *unittest*.* -Force -ErrorAction Stop
$sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "contrib\win32\openssh"
Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.ps1,sshd_config -Exclude AnalyzeCodeDiff.ps1 -Force -ErrorAction Stop
-
- $packageName = "rktools.2003"
- $rktoolsPath = "${env:ProgramFiles(x86)}\Windows Resource Kits\Tools\ntrights.exe"
- if (-not (Test-Path -Path $rktoolsPath))
- {
- Write-Log -Message "$packageName not present. Installing $packageName."
- choco install $packageName -y --force 2>&1 >> $script:BuildLogFile
- if (-not (Test-Path -Path $rktoolsPath))
- {
- choco install $packageName -y --force 2>&1 >> $script:BuildLogFile
- if (-not (Test-Path -Path $rktoolsPath))
- {
- throw "failed to download $packageName"
- }
- }
- }
-
- Copy-Item -Path $rktoolsPath -Destination $OpenSSHDir -Force -ErrorAction Stop
}
<#
diff --git a/contrib/win32/openssh/config.vcxproj b/contrib/win32/openssh/config.vcxproj
index 9bf9ee23f..1b1ea347c 100644
--- a/contrib/win32/openssh/config.vcxproj
+++ b/contrib/win32/openssh/config.vcxproj
@@ -117,6 +117,10 @@
Generate crtheaders.h and config.h
+
+ copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)
+ Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory
+
@@ -141,6 +145,10 @@
Generate crtheaders.h and config.h
+
+ copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)
+ Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory
+
@@ -169,6 +177,10 @@
Generate crtheaders.h and config.h
+
+ copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)
+ Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory
+
@@ -197,6 +209,10 @@
Generate crtheaders.h and config.h
+
+ copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ & If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)
+ Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory
+
diff --git a/contrib/win32/openssh/install-sshd.ps1 b/contrib/win32/openssh/install-sshd.ps1
index f0ce16278..270cd493b 100644
--- a/contrib/win32/openssh/install-sshd.ps1
+++ b/contrib/win32/openssh/install-sshd.ps1
@@ -9,7 +9,70 @@ $sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
$logsdir = Join-Path $scriptdir "logs"
$account = "NT SERVICE\SSHD"
-$ntrights = "ntrights.exe -u `"{0}`" +r SeAssignPrimaryTokenPrivilege" -f $account
+
+#Idea borrowed from http://sqldbamusings.blogspot.com/2012/03/powershell-adding-accounts-to-local.html
+function Add-Privilege
+{
+ param(
+ [string] $Account,
+
+ [ValidateSet("SeAssignPrimaryTokenPrivilege", "SeServiceLogonRight")]
+ [string] $Privilege
+ )
+
+ #Get $Account SID
+ $account_sid = $null
+ try
+ {
+ $ntprincipal = new-object System.Security.Principal.NTAccount "$Account"
+ $sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
+ $account_sid = $sid.Value.ToString()
+ }
+ catch
+ {
+ Throw 'Unable to resolve '+ $Account
+ }
+
+ #Prepare policy settings file to be applied
+ $settings_to_export = [System.IO.Path]::GetTempFileName()
+ "[Unicode]" | Set-Content $settings_to_export -Encoding Unicode
+ "Unicode=yes" | Add-Content $settings_to_export -Force -WhatIf:$false
+ "[Version]" | Add-Content $settings_to_export -Force -WhatIf:$false
+ "signature=`"`$CHICAGO`$`"" | Add-Content $settings_to_export -Force -WhatIf:$false
+ "Revision=1" | Add-Content $settings_to_export -Force -WhatIf:$false
+ "[Privilege Rights]" | Add-Content $settings_to_export -Force -WhatIf:$false
+
+ #Get Current policy settings
+ $imported_settings = [System.IO.Path]::GetTempFileName()
+ secedit.exe /export /areas USER_RIGHTS /cfg "$($imported_settings)"
+
+ if (-not(Test-Path $imported_settings)) {
+ Throw "Unable to import current security policy settings"
+ }
+
+ #find current assigned accounts to $Privilege and add it to $settings_to_export
+ $current_settings = Get-Content $imported_settings -Encoding Unicode
+ $existing_setting = $null
+ foreach ($setting in $current_settings) {
+ if ($setting -like "$Privilege`*") {
+ $existing_setting = $setting
+ }
+ }
+
+ #Add $account_sid to list
+ if ($existing_setting -eq $null) {
+ $Privilege + " = *" + $account_sid | Add-Content $settings_to_export -Force -WhatIf:$false
+ }
+ else
+ {
+ $existing_setting + ",*" + $account_sid | Add-Content $settings_to_export -Force -WhatIf:$false
+ }
+
+ #export
+ secedit.exe /configure /db "secedit.sdb" /cfg "$($settings_to_export)" /areas USER_RIGHTS
+
+}
+
if (-not (Test-Path $sshdpath)) {
throw "sshd.exe is not present in script path"
@@ -33,10 +96,8 @@ cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPW
New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Daemon" -StartupType Manual -DependsOn ssh-agent | Out-Null
sc.exe config sshd obj= $account
-Push-Location
-cd $scriptdir
-cmd.exe /c $ntrights
-Pop-Location
+Add-Privilege -Account $account -Privilege SeAssignPrimaryTokenPrivilege
+Add-Privilege -Account $account -Privilege SeServiceLogonRight
if(-not (test-path $logsdir -PathType Container))
{
diff --git a/contrib/win32/openssh/sshd_config b/contrib/win32/openssh/sshd_config
index 97cd8e831..651af0be6 100644
--- a/contrib/win32/openssh/sshd_config
+++ b/contrib/win32/openssh/sshd_config
@@ -119,4 +119,4 @@ Subsystem sftp sftp-server.exe
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
-PubkeyAcceptedKeyTypes ssh-ed25519*
\ No newline at end of file
+# PubkeyAcceptedKeyTypes ssh-ed25519*
\ No newline at end of file