diff --git a/contrib/win32/openssh/OpenSSHBuildHelper.psm1 b/contrib/win32/openssh/OpenSSHBuildHelper.psm1 index cf66a0dfb..21adf8834 100644 --- a/contrib/win32/openssh/OpenSSHBuildHelper.psm1 +++ b/contrib/win32/openssh/OpenSSHBuildHelper.psm1 @@ -290,6 +290,68 @@ function Copy-OpenSSLSDK } } +function Package-OpenSSH +{ + [CmdletBinding(SupportsShouldProcess=$false)] + param + ( + [ValidateSet('x86', 'x64')] + [string]$NativeHostArch = "x64", + + [ValidateSet('Debug', 'Release', '')] + [string]$Configuration = "Release" + ) + + [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot + $repositoryRoot = Get-Item -Path $repositoryRoot.FullName + $folderName = $NativeHostArch + if($NativeHostArch -ieq 'x86') + { + $folderName = "Win32" + } + $buildDir = Join-Path $repositoryRoot ("bin\" + $folderName + "\" + $Configuration) + $payload = "sshd.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe" + $payload += "sftp-server.exe", "scp.exe", "ssh-lsa.dll", "ssh-shellhost.exe", "ssh-keygen.exe" + $payload += "sshd_config", "install-sshd.ps1", "uninstall-sshd.ps1" + $payload += "install-sshlsa.ps1", "uninstall-sshlsa.ps1" + + $packageName = "OpenSSH-Win64" + if ($NativeHostArch -eq 'x86') { + $packageName = "OpenSSH-Win32" + } + + $packageDir = Join-Path $buildDir $packageName + Remove-Item $packageDir -Recurse -Force -ErrorAction SilentlyContinue + New-Item $packageDir -Type Directory | Out-Null + + $symbolsDir = Join-Path $buildDir ($packageName + '_Symbols') + Remove-Item $symbolsDir -Recurse -Force -ErrorAction SilentlyContinue + New-Item $symbolsDir -Type Directory | Out-Null + + foreach ($file in $payload) { + if ((-not(Test-Path (Join-Path $buildDir $file)))) { + Throw "Cannot find $file under $buildDir. Did you run Build-OpenSSH?" + } + Copy-Item (Join-Path $buildDir $file) $packageDir + if ($file.EndsWith(".exe")) { + $pdb = $file.Replace(".exe", ".pdb") + Copy-Item (Join-Path $buildDir $pdb) $symbolsDir + } + if ($file.EndsWith(".dll")) { + $pdb = $file.Replace(".dll", ".pdb") + Copy-Item (Join-Path $buildDir $pdb) $symbolsDir + } + } + + Remove-Item ($packageDir + '.zip') -Force -ErrorAction SilentlyContinue + Compress-Archive -Path $packageDir -DestinationPath ($packageDir + '.zip') + Remove-Item $packageDir -Recurse -Force -ErrorAction SilentlyContinue + + Remove-Item ($symbolsDir + '.zip') -Force -ErrorAction SilentlyContinue + Compress-Archive -Path $symbolsDir -DestinationPath ($symbolsDir + '.zip') + Remove-Item $symbolsDir -Recurse -Force -ErrorAction SilentlyContinue +} + function Build-OpenSSH { [CmdletBinding(SupportsShouldProcess=$false)] @@ -527,4 +589,4 @@ function UnInstall-OpenSSH } -Export-ModuleMember -Function Build-OpenSSH, Get-BuildLogFile, Install-OpenSSH, UnInstall-OpenSSH +Export-ModuleMember -Function Build-OpenSSH, Get-BuildLogFile, Install-OpenSSH, UnInstall-OpenSSH, Package-OpenSSH diff --git a/contrib/win32/openssh/install-sshd.ps1 b/contrib/win32/openssh/install-sshd.ps1 index 270cd493b..fbdc56574 100644 --- a/contrib/win32/openssh/install-sshd.ps1 +++ b/contrib/win32/openssh/install-sshd.ps1 @@ -1,5 +1,6 @@ # @manojampalam - authored initial script # @friism - Fixed issue with invalid SDDL on Set-Acl +# @manojampalam - removed ntrights.exe dependency $scriptpath = $MyInvocation.MyCommand.Path $scriptdir = Split-Path $scriptpath @@ -8,7 +9,7 @@ $sshdpath = Join-Path $scriptdir "sshd.exe" $sshagentpath = Join-Path $scriptdir "ssh-agent.exe" $logsdir = Join-Path $scriptdir "logs" -$account = "NT SERVICE\SSHD" +$sshdAccount = "NT SERVICE\SSHD" #Idea borrowed from http://sqldbamusings.blogspot.com/2012/03/powershell-adding-accounts-to-local.html function Add-Privilege @@ -44,7 +45,7 @@ function Add-Privilege #Get Current policy settings $imported_settings = [System.IO.Path]::GetTempFileName() - secedit.exe /export /areas USER_RIGHTS /cfg "$($imported_settings)" + secedit.exe /export /areas USER_RIGHTS /cfg "$($imported_settings)" > $null if (-not(Test-Path $imported_settings)) { Throw "Unable to import current security policy settings" @@ -69,7 +70,7 @@ function Add-Privilege } #export - secedit.exe /configure /db "secedit.sdb" /cfg "$($settings_to_export)" /areas USER_RIGHTS + secedit.exe /configure /db "secedit.sdb" /cfg "$($settings_to_export)" /areas USER_RIGHTS > $null } @@ -94,17 +95,17 @@ New-Service -Name ssh-agent -BinaryPathName $sshagentpath -Description "SSH Agen cmd.exe /c 'sc.exe sdset ssh-agent D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)' New-Service -Name sshd -BinaryPathName $sshdpath -Description "SSH Daemon" -StartupType Manual -DependsOn ssh-agent | Out-Null -sc.exe config sshd obj= $account +sc.exe config sshd obj= $sshdAccount -Add-Privilege -Account $account -Privilege SeAssignPrimaryTokenPrivilege -Add-Privilege -Account $account -Privilege SeServiceLogonRight +Add-Privilege -Account $sshdAccount -Privilege SeAssignPrimaryTokenPrivilege +Add-Privilege -Account $sshdAccount -Privilege SeServiceLogonRight if(-not (test-path $logsdir -PathType Container)) { $null = New-Item $logsdir -ItemType Directory -Force -ErrorAction Stop } $rights = [System.Security.AccessControl.FileSystemRights]"Read, Write" -$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($account, $rights, "ContainerInherit,ObjectInherit", "None", "Allow") +$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($sshdAccount, $rights, "ContainerInherit,ObjectInherit", "None", "Allow") $acl = Get-Acl -Path $logsdir $Acl.SetAccessRule($accessRule) Set-Acl -Path $logsdir -AclObject $acl diff --git a/contrib/win32/openssh/version.rc b/contrib/win32/openssh/version.rc index 8b8517b6b..c3fdf8240 100644 Binary files a/contrib/win32/openssh/version.rc and b/contrib/win32/openssh/version.rc differ