fix issue 764 (#165)
1. fix issue 764 (https://github.com/PowerShell/Win32-OpenSSH/issues/764) 2. move the add type to the script level so it only been added once 3. fix indents 4. make FilePath position 0. 5. add OpenSSHUtiles.psm1 in the build and package
This commit is contained in:
parent
dd88d8d5d4
commit
a98f0259bb
|
@ -308,7 +308,7 @@ function Package-OpenSSH
|
|||
$payload = "sshd.exe", "ssh.exe", "ssh-agent.exe", "ssh-add.exe", "sftp.exe"
|
||||
$payload += "sftp-server.exe", "scp.exe", "ssh-shellhost.exe", "ssh-keygen.exe", "ssh-keyscan.exe"
|
||||
$payload += "sshd_config", "install-sshd.ps1", "uninstall-sshd.ps1"
|
||||
$payload +="FixHostFilePermissions.ps1", "FixUserFilePermissions.ps1", "OpenSSHUtils.psm1", "ssh-add-hostkey.ps1"
|
||||
$payload +="FixHostFilePermissions.ps1", "FixUserFilePermissions.ps1", "OpenSSHUtils.psm1", "OpenSSHUtils.psd1", "ssh-add-hostkey.ps1"
|
||||
|
||||
$packageName = "OpenSSH-Win64"
|
||||
if ($NativeHostArch -eq 'x86') {
|
||||
|
|
|
@ -5,6 +5,60 @@ $currentUser = New-Object System.Security.Principal.NTAccount($($env:USERDOMAIN)
|
|||
$everyone = New-Object System.Security.Principal.NTAccount("EveryOne")
|
||||
$sshdAccount = New-Object System.Security.Principal.NTAccount("NT SERVICE","sshd")
|
||||
|
||||
#Taken from P/Invoke.NET with minor adjustments.
|
||||
$definition = @'
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
public class AdjPriv
|
||||
{
|
||||
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
|
||||
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
|
||||
[DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true)]
|
||||
internal static extern IntPtr GetCurrentProcess();
|
||||
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
|
||||
[DllImport("advapi32.dll", SetLastError = true)]
|
||||
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
|
||||
[StructLayout(LayoutKind.Sequential, Pack = 1)]
|
||||
internal struct TokPriv1Luid
|
||||
{
|
||||
public int Count;
|
||||
public long Luid;
|
||||
public int Attr;
|
||||
}
|
||||
|
||||
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
|
||||
internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
|
||||
internal const int TOKEN_QUERY = 0x00000008;
|
||||
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
|
||||
public static bool EnablePrivilege(string privilege, bool disable)
|
||||
{
|
||||
bool retVal;
|
||||
TokPriv1Luid tp;
|
||||
IntPtr hproc = GetCurrentProcess();
|
||||
IntPtr htok = IntPtr.Zero;
|
||||
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
|
||||
tp.Count = 1;
|
||||
tp.Luid = 0;
|
||||
if(disable)
|
||||
{
|
||||
tp.Attr = SE_PRIVILEGE_DISABLED;
|
||||
}
|
||||
else
|
||||
{
|
||||
tp.Attr = SE_PRIVILEGE_ENABLED;
|
||||
}
|
||||
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
|
||||
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
|
||||
return retVal;
|
||||
}
|
||||
}
|
||||
'@
|
||||
|
||||
$type = Add-Type $definition -PassThru -ErrorAction SilentlyContinue
|
||||
|
||||
<#
|
||||
.Synopsis
|
||||
Repair-SshdConfigPermission
|
||||
|
@ -105,7 +159,7 @@ function Repair-UserKeyPermission
|
|||
{
|
||||
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
|
||||
param (
|
||||
[parameter(Mandatory=$true)]
|
||||
[parameter(Mandatory=$true, Position = 0)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$FilePath,
|
||||
[System.Security.Principal.NTAccount] $User = $currentUser)
|
||||
|
@ -144,7 +198,7 @@ function Repair-FilePermission
|
|||
{
|
||||
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
|
||||
param (
|
||||
[parameter(Mandatory=$true)]
|
||||
[parameter(Mandatory=$true, Position = 0)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$FilePath,
|
||||
[ValidateNotNull()]
|
||||
|
@ -177,7 +231,7 @@ function Repair-FilePermission
|
|||
function Repair-FilePermissionInternal {
|
||||
[CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")]
|
||||
param (
|
||||
[parameter(Mandatory=$true)]
|
||||
[parameter(Mandatory=$true, Position = 0)]
|
||||
[ValidateNotNullOrEmpty()]
|
||||
[string]$FilePath,
|
||||
[ValidateNotNull()]
|
||||
|
@ -200,7 +254,7 @@ function Repair-FilePermissionInternal {
|
|||
$prompt = "Shall I set the file owner?"
|
||||
$description = "Set '$($Owners[0])' as owner of '$FilePath'."
|
||||
if($pscmdlet.ShouldProcess($description, $prompt, $caption))
|
||||
{
|
||||
{
|
||||
Enable-Privilege SeRestorePrivilege | out-null
|
||||
$acl.SetOwner($Owners[0])
|
||||
Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false
|
||||
|
@ -247,8 +301,8 @@ function Repair-FilePermissionInternal {
|
|||
}
|
||||
#If everyone is in the ReadAccessOK list, any user can have read access;
|
||||
# below block make sure they are granted Read access only
|
||||
elseif($realReadAcessOKList -and (($realReadAcessOKList | ? { $_.Equals($everyone)}) -ne $null) -or `
|
||||
(($realReadAcessOKList | ? { $_.equals($a.IdentityReference)}) -ne $null))
|
||||
elseif($realReadAcessOKList -and ((($realReadAcessOKList | ? { $_.Equals($everyone)}) -ne $null) -or `
|
||||
(($realReadAcessOKList | ? { $_.equals($a.IdentityReference)}) -ne $null)))
|
||||
{
|
||||
if($realReadAccessNeeded -and ($a.IdentityReference.Equals($everyone)))
|
||||
{
|
||||
|
@ -284,7 +338,7 @@ function Repair-FilePermissionInternal {
|
|||
$description = "Set'$($a.IdentityReference)' Read access only to '$FilePath'. "
|
||||
|
||||
if($pscmdlet.ShouldProcess($description, $prompt, $caption))
|
||||
{
|
||||
{
|
||||
$needChange = $true
|
||||
$idRefShortValue = ($a.IdentityReference.Value).split('\')[-1]
|
||||
if ($specialIdRefs -icontains $idRefShortValue )
|
||||
|
@ -340,7 +394,7 @@ function Repair-FilePermissionInternal {
|
|||
$description = "Remove access rule of '$($a.IdentityReference)' from '$FilePath'."
|
||||
|
||||
if($pscmdlet.ShouldProcess($description, $prompt, "$caption."))
|
||||
{
|
||||
{
|
||||
$needChange = $true
|
||||
$ace = $a
|
||||
$idRefShortValue = ($a.IdentityReference.Value).split('\')[-1]
|
||||
|
@ -507,81 +561,27 @@ function Get-UserSID
|
|||
}
|
||||
|
||||
function Enable-Privilege {
|
||||
param(
|
||||
## The privilege to adjust. This set is taken from
|
||||
## http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
|
||||
[ValidateSet(
|
||||
"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
|
||||
"SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
|
||||
"SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
|
||||
"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
|
||||
"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
|
||||
"SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
|
||||
"SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
|
||||
"SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
|
||||
"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
|
||||
"SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
|
||||
"SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
|
||||
$Privilege,
|
||||
## Switch to disable the privilege, rather than enable it.
|
||||
[Switch] $Disable
|
||||
param(
|
||||
#The privilege to adjust. This set is taken from
|
||||
#http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
|
||||
[ValidateSet(
|
||||
"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
|
||||
"SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
|
||||
"SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
|
||||
"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
|
||||
"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
|
||||
"SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
|
||||
"SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
|
||||
"SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
|
||||
"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
|
||||
"SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
|
||||
"SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
|
||||
$Privilege,
|
||||
# Switch to disable the privilege, rather than enable it.
|
||||
[Switch] $Disable
|
||||
)
|
||||
|
||||
## Taken from P/Invoke.NET with minor adjustments.
|
||||
$definition = @'
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
public class AdjPriv
|
||||
{
|
||||
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||
internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
|
||||
ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
|
||||
[DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true)]
|
||||
internal static extern IntPtr GetCurrentProcess();
|
||||
[DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
|
||||
internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
|
||||
[DllImport("advapi32.dll", SetLastError = true)]
|
||||
internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
|
||||
[StructLayout(LayoutKind.Sequential, Pack = 1)]
|
||||
internal struct TokPriv1Luid
|
||||
{
|
||||
public int Count;
|
||||
public long Luid;
|
||||
public int Attr;
|
||||
}
|
||||
|
||||
internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
|
||||
internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
|
||||
internal const int TOKEN_QUERY = 0x00000008;
|
||||
internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
|
||||
public static bool EnablePrivilege(string privilege, bool disable)
|
||||
{
|
||||
bool retVal;
|
||||
TokPriv1Luid tp;
|
||||
IntPtr hproc = GetCurrentProcess();
|
||||
IntPtr htok = IntPtr.Zero;
|
||||
retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
|
||||
tp.Count = 1;
|
||||
tp.Luid = 0;
|
||||
if(disable)
|
||||
{
|
||||
tp.Attr = SE_PRIVILEGE_DISABLED;
|
||||
}
|
||||
else
|
||||
{
|
||||
tp.Attr = SE_PRIVILEGE_ENABLED;
|
||||
}
|
||||
retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
|
||||
retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
|
||||
return retVal;
|
||||
}
|
||||
}
|
||||
'@
|
||||
|
||||
|
||||
$type = Add-Type $definition -PassThru
|
||||
$type[0]::EnablePrivilege($Privilege, $Disable)
|
||||
$type[0]::EnablePrivilege($Privilege, $Disable)
|
||||
}
|
||||
|
||||
Export-ModuleMember -Function Repair-FilePermission, Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission
|
||||
|
|
|
@ -120,11 +120,11 @@
|
|||
<PostBuildEvent>
|
||||
<Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir)
|
||||
copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir)
|
||||
If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))</Command>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
</PostBuildEvent>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
|
@ -153,11 +153,11 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))</C
|
|||
<PostBuildEvent>
|
||||
<Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir)
|
||||
copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir)
|
||||
If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))</Command>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
</PostBuildEvent>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
|
@ -190,11 +190,11 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))</C
|
|||
<PostBuildEvent>
|
||||
<Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir)
|
||||
copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir)
|
||||
If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))</Command>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
</PostBuildEvent>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
|
@ -227,11 +227,11 @@ If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))</C
|
|||
<PostBuildEvent>
|
||||
<Command>copy /Y $(SolutionDir)install-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)uninstall-ssh*ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.psm1 $(OutDir)
|
||||
copy /Y $(SolutionDir)OpenSSHUtils.ps*1 $(OutDir)
|
||||
copy /Y $(SolutionDir)Fix*FilePermissions.ps1 $(OutDir)
|
||||
copy /Y $(SolutionDir)ssh-add-hostkey.ps1 $(OutDir)
|
||||
If NOT exist $(OutDir)\sshd_config (copy $(SolutionDir)sshd_config $(OutDir))</Command>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
<Message>Copy install-sshd.ps1, uninstall-sshd.ps1, OpenSSHUtils.psm1, OpenSSHUtils.psd1, FixHostFilePermissions.ps1, FixUserFilePermissions.ps1, ssh-add-hostkey.ps1, and sshd_config (if not already present) to build directory</Message>
|
||||
</PostBuildEvent>
|
||||
</ItemDefinitionGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
|
|
Loading…
Reference in New Issue