From e649e8f9269c271816d0201cee7ccdbe2a5431ab Mon Sep 17 00:00:00 2001
From: Yanbing <yawang@microsoft.com>
Date: Thu, 28 Sep 2017 14:55:40 -0700
Subject: [PATCH] Fix for issue 888, 880 (#211)

fix for PowerShell/Win32-OpenSSH#888
Add systemid as FullAccessNeeded
fix for PowerShell/Win32-OpenSSH#880
---
 contrib/win32/openssh/OpenSSHUtils.psm1 |  6 +++---
 contrib/win32/openssh/install-sshd.ps1  | 14 +++++++-------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/contrib/win32/openssh/OpenSSHUtils.psm1 b/contrib/win32/openssh/OpenSSHUtils.psm1
index a2a52d132..0a7ae5faa 100644
--- a/contrib/win32/openssh/OpenSSHUtils.psm1
+++ b/contrib/win32/openssh/OpenSSHUtils.psm1
@@ -112,7 +112,7 @@ function Repair-SshdConfigPermission
         [ValidateNotNullOrEmpty()]        
         [string]$FilePath)
 
-        Repair-FilePermission -Owners $systemSid,$adminsSid -ReadAccessNeeded $sshdSid @psBoundParameters
+        Repair-FilePermission -Owners $systemSid,$adminsSid -FullAccessNeeded $systemSid -ReadAccessNeeded $sshdSid @psBoundParameters
 }
 
 <#
@@ -175,7 +175,7 @@ function Repair-AuthorizedKeyPermission
         if($profileItem)
         {
             $userSid = $profileItem.PSChildName            
-            Repair-FilePermission -Owners $userSid,$adminsSid,$systemSid -AnyAccessOK $userSid -ReadAccessNeeded $sshdSid @psBoundParameters
+            Repair-FilePermission -Owners $userSid,$adminsSid,$systemSid -AnyAccessOK $userSid -FullAccessNeeded $systemSid -ReadAccessNeeded $sshdSid @psBoundParameters
             
         }
         else
@@ -332,7 +332,7 @@ function Repair-FilePermissionInternal {
     {
         $realReadAccessNeeded = @($everyoneSid)
     }
-    #this is orginal list requested by the user, the account will be removed from the list if they already part of the dacl
+    #this is original list requested by the user, the account will be removed from the list if they already part of the dacl
     if($realReadAccessNeeded)
     {
         $realReadAccessNeeded = $realReadAccessNeeded | ? { ($_ -ne $null) -and ($realFullAccessNeeded -notcontains $_) }
diff --git a/contrib/win32/openssh/install-sshd.ps1 b/contrib/win32/openssh/install-sshd.ps1
index 6052bae2c..142664bcc 100644
--- a/contrib/win32/openssh/install-sshd.ps1
+++ b/contrib/win32/openssh/install-sshd.ps1
@@ -220,20 +220,20 @@ namespace MyLsaWrapper
     }
 }
 '@
-$references = @()
-if(($psversiontable.Containskey("psedition")) -and ($psversiontable.PSEdition -ieq "core"))
-{
-    $references = "System.Security.Principal.Windows", "Microsoft.Win32.Primitives"
-}
 
+$references = @("System.Security.Principal.Windows", "Microsoft.Win32.Primitives")
 try {
     $null = [MyLsaWrapper.LsaWrapperCaller]
 }
 catch {
-    $types = Add-Type $definition -ref $references -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
+    try {
+        $types = Add-Type $definition -ref $references -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
+    }
+    catch {	
+	    $types = Add-Type $definition -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
+    }
 }
 
-
 function Add-Privilege
 {
     param(