Replaced ntrights with Powershell equivalent logic (#99)

https://github.com/PowerShell/Win32-OpenSSH/issues/234

appveyor.yml

@@ -1,4 +1,4 @@
-version: 0.0.8.0.{build}
+version: 0.0.10.0.{build}
 image: Visual Studio 2015
 
 branches:

contrib/win32/openssh/OpenSSHBuildHelper.psm1

@@ -439,24 +439,6 @@ function Deploy-Win32OpenSSHBinaries
     Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.exe,*.dll -Exclude *unittest*.* -Force -ErrorAction Stop
     $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "contrib\win32\openssh"
     Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.ps1,sshd_config -Exclude AnalyzeCodeDiff.ps1 -Force -ErrorAction Stop
-        
-    $packageName = "rktools.2003"
-    $rktoolsPath = "${env:ProgramFiles(x86)}\Windows Resource Kits\Tools\ntrights.exe"
-    if (-not (Test-Path -Path $rktoolsPath))
-    {        
-        Write-Log -Message "$packageName not present. Installing $packageName."
-        choco install $packageName -y --force 2>&1 >> $script:BuildLogFile
-        if (-not (Test-Path -Path $rktoolsPath))
-        {
-            choco install $packageName -y --force 2>&1 >> $script:BuildLogFile
-            if (-not (Test-Path -Path $rktoolsPath))
-            {                
-                throw "failed to download $packageName"
-            }
-        }
-    }
-
-    Copy-Item -Path $rktoolsPath -Destination $OpenSSHDir -Force -ErrorAction Stop
 }
 
 <#

contrib/win32/openssh/config.vcxproj

@@ -117,6 +117,10 @@
     <PreBuildEvent>
       <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
+    <PostBuildEvent>
+      <Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ &amp; copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\  &amp;  If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)</Command>
+      <Message>Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory</Message>
+    </PostBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
@@ -141,6 +145,10 @@
     <PreBuildEvent>
       <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
+    <PostBuildEvent>
+      <Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ &amp; copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\  &amp;  If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)</Command>
+      <Message>Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory</Message>
+    </PostBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
@@ -169,6 +177,10 @@
     <PreBuildEvent>
       <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
+    <PostBuildEvent>
+      <Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ &amp; copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\  &amp;  If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)</Command>
+      <Message>Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory</Message>
+    </PostBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
@@ -197,6 +209,10 @@
     <PreBuildEvent>
       <Message>Generate crtheaders.h and config.h</Message>
     </PreBuildEvent>
+    <PostBuildEvent>
+      <Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ &amp; copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\  &amp;  If NOT exist $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\sshd_config (copy $(SolutionDir)sshd_config $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\)</Command>
+      <Message>Copy install-sshd.ps1, uninstall-sshd.ps1 and sshd_config (if not already present) to build directory</Message>
+    </PostBuildEvent>
   </ItemDefinitionGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

contrib/win32/openssh/install-sshd.ps1

@@ -9,7 +9,70 @@ $sshagentpath = Join-Path $scriptdir "ssh-agent.exe"
 $logsdir = Join-Path $scriptdir "logs"
 
 $account = "NT SERVICE\SSHD"
-$ntrights = "ntrights.exe -u `"{0}`" +r SeAssignPrimaryTokenPrivilege" -f $account
+
+#Idea borrowed from http://sqldbamusings.blogspot.com/2012/03/powershell-adding-accounts-to-local.html
+function Add-Privilege
+{
+    param(
+    [string] $Account,
+    
+    [ValidateSet("SeAssignPrimaryTokenPrivilege", "SeServiceLogonRight")]
+    [string] $Privilege
+    )
+
+    #Get $Account SID
+    $account_sid = $null
+    try 
+    {
+	    $ntprincipal = new-object System.Security.Principal.NTAccount "$Account"
+	    $sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
+	    $account_sid = $sid.Value.ToString()
+    } 
+    catch 
+    {
+	    Throw 'Unable to resolve '+ $Account
+    }
+
+    #Prepare policy settings file to be applied
+    $settings_to_export = [System.IO.Path]::GetTempFileName()
+    "[Unicode]" | Set-Content $settings_to_export -Encoding Unicode
+    "Unicode=yes" | Add-Content $settings_to_export -Force -WhatIf:$false
+    "[Version]"  | Add-Content $settings_to_export -Force -WhatIf:$false
+    "signature=`"`$CHICAGO`$`"" | Add-Content $settings_to_export -Force -WhatIf:$false
+    "Revision=1" | Add-Content $settings_to_export -Force -WhatIf:$false
+    "[Privilege Rights]" | Add-Content $settings_to_export -Force -WhatIf:$false
+
+    #Get Current policy settings
+    $imported_settings = [System.IO.Path]::GetTempFileName()
+    secedit.exe /export /areas USER_RIGHTS /cfg "$($imported_settings)"
+
+    if (-not(Test-Path $imported_settings)) {
+        Throw "Unable to import current security policy settings"
+    }
+
+    #find current assigned accounts to $Privilege and add it to $settings_to_export
+    $current_settings = Get-Content $imported_settings -Encoding Unicode
+    $existing_setting = $null
+    foreach ($setting in $current_settings) {
+        if ($setting -like "$Privilege`*") {
+            $existing_setting = $setting
+        }            
+    }
+
+    #Add $account_sid to list
+    if ($existing_setting -eq $null) {
+        $Privilege + " = *" + $account_sid | Add-Content $settings_to_export -Force -WhatIf:$false
+    }
+    else
+    {
+        $existing_setting + ",*" + $account_sid | Add-Content $settings_to_export -Force -WhatIf:$false
+    }
+
+    #export
+    secedit.exe /configure /db "secedit.sdb" /cfg "$($settings_to_export)" /areas USER_RIGHTS
+
+}
+
 
 if (-not (Test-Path $sshdpath)) {
     throw "sshd.exe is not present in script path"
@@ -33,10 +96,8 @@ cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPW
 New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Daemon" -StartupType Manual -DependsOn ssh-agent | Out-Null
 sc.exe config sshd obj= $account
 
-Push-Location
+Add-Privilege -Account $account -Privilege SeAssignPrimaryTokenPrivilege
-cd $scriptdir
+Add-Privilege -Account $account -Privilege SeServiceLogonRight
-cmd.exe /c $ntrights
-Pop-Location
 
 if(-not (test-path $logsdir -PathType Container))
 {

contrib/win32/openssh/sshd_config

@@ -119,4 +119,4 @@ Subsystem	sftp	sftp-server.exe
 #	X11Forwarding no
 #	AllowTcpForwarding no
 #	ForceCommand cvs server
-PubkeyAcceptedKeyTypes ssh-ed25519*
+# PubkeyAcceptedKeyTypes ssh-ed25519*