Add debug msg, replace API call incompatible with onecore , add build script (#324)
Add debug msg, replace API call incompatible with onecore , add build script
This commit is contained in:
parent
4be3dd9647
commit
ed70a1a7f8
|
@ -121,8 +121,8 @@ WARNING: Following changes will be made to OpenSSH configuration
|
||||||
$con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
|
$con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
|
||||||
Set-Content -Path $targetsshdConfig -Value "$con" -Force
|
Set-Content -Path $targetsshdConfig -Value "$con" -Force
|
||||||
}
|
}
|
||||||
$sshdSvc = Get-service ssh-agent
|
$sshAgentSvc = Get-service ssh-agent
|
||||||
if($sshdSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
|
if($sshAgentSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
|
||||||
{
|
{
|
||||||
Set-service ssh-agent -StartupType Manual
|
Set-service ssh-agent -StartupType Manual
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-x64",
|
"DockerImageName": "di-openssh-x64",
|
||||||
"BinaryBucket": "OpenSSH-Win64",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
||||||
},
|
},
|
||||||
|
@ -26,7 +26,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-x86",
|
"DockerImageName": "di-openssh-x86",
|
||||||
"BinaryBucket": "OpenSSH-Win32",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
||||||
},
|
},
|
||||||
|
@ -41,7 +41,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm",
|
"DockerImageName": "di-openssh-arm",
|
||||||
"BinaryBucket": "OpenSSH-ARM",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||||
},
|
},
|
||||||
|
@ -56,7 +56,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm64",
|
"DockerImageName": "di-openssh-arm64",
|
||||||
"BinaryBucket": "OpenSSH-ARM64",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||||
},
|
},
|
||||||
|
@ -71,7 +71,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-x64",
|
"DockerImageName": "di-openssh-x64",
|
||||||
"BinaryBucket": "OpenSSH-Win64",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
||||||
},
|
},
|
||||||
|
@ -86,7 +86,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-x86",
|
"DockerImageName": "di-openssh-x86",
|
||||||
"BinaryBucket": "OpenSSH-Win32",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
||||||
},
|
},
|
||||||
|
@ -101,7 +101,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm",
|
"DockerImageName": "di-openssh-arm",
|
||||||
"BinaryBucket": "OpenSSH-Arm",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||||
},
|
},
|
||||||
|
@ -116,7 +116,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm64",
|
"DockerImageName": "di-openssh-arm64",
|
||||||
"BinaryBucket": "OpenSSH-Arm64",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||||
},
|
},
|
||||||
|
@ -161,7 +161,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm",
|
"DockerImageName": "di-openssh-arm",
|
||||||
"BinaryBucket": "OpenSSH-Arm",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||||
},
|
},
|
||||||
|
@ -176,7 +176,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm64",
|
"DockerImageName": "di-openssh-arm64",
|
||||||
"BinaryBucket": "OpenSSH-Arm64",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||||
},
|
},
|
||||||
|
@ -191,7 +191,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-x64",
|
"DockerImageName": "di-openssh-x64",
|
||||||
"BinaryBucket": "OpenSSH-Win64",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
||||||
},
|
},
|
||||||
|
@ -206,7 +206,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-x86",
|
"DockerImageName": "di-openssh-x86",
|
||||||
"BinaryBucket": "OpenSSH-Win32",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
||||||
},
|
},
|
||||||
|
@ -221,7 +221,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm",
|
"DockerImageName": "di-openssh-arm",
|
||||||
"BinaryBucket": "OpenSSH-Arm",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||||
},
|
},
|
||||||
|
@ -236,7 +236,7 @@
|
||||||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||||
"DockerImageName": "di-openssh-arm64",
|
"DockerImageName": "di-openssh-arm64",
|
||||||
"BinaryBucket": "OpenSSH-Arm64",
|
"BinaryBucket": "OpenSSH-Original",
|
||||||
"ArtifactsExpected": 1,
|
"ArtifactsExpected": 1,
|
||||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,135 @@
|
||||||
|
[cmdletbinding(DefaultParameterSetName='Build')]
|
||||||
|
param(
|
||||||
|
[Parameter(Mandatory,ParameterSetName='Build')]
|
||||||
|
[String]$Name="X64",
|
||||||
|
# full paths to files to add to container to run the build
|
||||||
|
[Parameter(Mandatory,ParameterSetName='packageSigned')]
|
||||||
|
[string]$BuildPath,
|
||||||
|
[Parameter(ParameterSetName='packageSigned')]
|
||||||
|
[string]$SignedFilesPath
|
||||||
|
)
|
||||||
|
|
||||||
|
$gitBinFullPath = (Get-Command -Name git).Source
|
||||||
|
if (-not $gitBinFullPath)
|
||||||
|
{
|
||||||
|
throw "Git is required to proceed. Install from 'https://git-scm.com/download/win'"
|
||||||
|
}
|
||||||
|
|
||||||
|
function Get-RepoFork
|
||||||
|
{
|
||||||
|
[CmdletBinding()]
|
||||||
|
param([string]$AccountURL, [string]$RepoFork, [string]$repoLocalPath, [string]$BranchName)
|
||||||
|
if (Test-Path -Path $repoLocalPath -PathType Container)
|
||||||
|
{
|
||||||
|
Remove-Item -Path $repoLocalPath -Recurse -Force
|
||||||
|
}
|
||||||
|
|
||||||
|
Write-Verbose "cloning -b $BranchName --quiet --recursive $AccountURL/$RepoFork $repoLocalPath" -Verbose
|
||||||
|
git clone -b $BranchName --quiet --recursive $AccountURL/$RepoFork $repoLocalPath
|
||||||
|
|
||||||
|
Write-Verbose "pull latest from repo $RepoFork"
|
||||||
|
Push-Location $repoLocalPath
|
||||||
|
git submodule update --init --recursive --quiet
|
||||||
|
Pop-Location
|
||||||
|
}
|
||||||
|
|
||||||
|
function Get-RepositoryRoot
|
||||||
|
{
|
||||||
|
$start = $currentDir = (Get-Item -Path $PSScriptRoot)
|
||||||
|
while ($null -ne $currentDir.Parent)
|
||||||
|
{
|
||||||
|
$path = Join-Path -Path $currentDir.FullName -ChildPath '.git'
|
||||||
|
if (Test-Path -Path $path)
|
||||||
|
{
|
||||||
|
return $currentDir
|
||||||
|
}
|
||||||
|
$currentDir = $currentDir.Parent
|
||||||
|
}
|
||||||
|
return $start
|
||||||
|
}
|
||||||
|
|
||||||
|
[System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot
|
||||||
|
|
||||||
|
# Get repo root
|
||||||
|
$OSS_OpenSSHRoot = Get-Item -Path $repositoryRoot.FullName
|
||||||
|
$gitRoot = split-path $OSS_OpenSSHRoot
|
||||||
|
$script:publishedFiles = @()
|
||||||
|
# clone psrelease.
|
||||||
|
$PSReleaseLocalPath = Join-Path -Path $gitRoot -ChildPath 'PSRelease'
|
||||||
|
Get-RepoFork -AccountURL 'https://github.com/powershell' -RepoFork 'PSRelease' -repoLocalPath $PSReleaseLocalPath -BranchName 'master'
|
||||||
|
Import-Module "$PSReleaseLocalPath\vstsBuild" -Force
|
||||||
|
Import-Module "$PSReleaseLocalPath\dockerBasedBuild" -Force
|
||||||
|
try
|
||||||
|
{
|
||||||
|
Clear-VstsTaskState
|
||||||
|
switch($PSCmdlet.ParameterSetName)
|
||||||
|
{
|
||||||
|
'Build' {
|
||||||
|
Invoke-Build -RepoPath '.\' -BuildJsonPath '.\contrib\win32\openssh\build.json' -Name $Name
|
||||||
|
}
|
||||||
|
'packageSigned' {
|
||||||
|
#Publish artifacts appropriately
|
||||||
|
if($SignedFilesPath)
|
||||||
|
{
|
||||||
|
Write-Verbose "SignedFilesPath: $SignedFilesPath" -Verbose
|
||||||
|
$files = Get-ChildItem -Path $SignedFilesPath\* -Recurse -File | Select-Object -ExpandProperty FullName
|
||||||
|
#Count the remaining file not signed files.
|
||||||
|
Get-ChildItem -Path $BuildPath\* -Recurse -File | % {
|
||||||
|
$src = $_.FullName
|
||||||
|
$dest = "$SignedFilesPath\$($_.Name)"
|
||||||
|
Write-Verbose "src: $src" -Verbose
|
||||||
|
Write-Verbose "dest: $dest" -Verbose
|
||||||
|
if (-not (Test-Path $dest))
|
||||||
|
{
|
||||||
|
$files += $_.FullName
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
#did not run codesign, so publish the plain binaries
|
||||||
|
$files = Get-ChildItem -Path $BuildPath\* -Recurse -File | Select-Object -ExpandProperty FullName
|
||||||
|
}
|
||||||
|
$Bucket = (Split-Path $BuildPath -Leaf).Replace("_symbols", "")
|
||||||
|
|
||||||
|
foreach($fileName in $files)
|
||||||
|
{
|
||||||
|
# Only publish files once
|
||||||
|
if($script:publishedFiles -inotcontains $fileName)
|
||||||
|
{
|
||||||
|
$leafFileName = $(Split-path -Path $fileName -Leaf)
|
||||||
|
$extension = [System.IO.Path]::GetExtension($leafFileName)
|
||||||
|
if($extension -ieq '.pdb')
|
||||||
|
{
|
||||||
|
$folderName = "$($Bucket)_Symbols"
|
||||||
|
$artifactname = "$folderName-$leafFileName"
|
||||||
|
Write-Host "##vso[artifact.upload containerfolder=$folderName;artifactname=$artifactname]$fileName"
|
||||||
|
}
|
||||||
|
elseif($extension -ieq '.log')
|
||||||
|
{
|
||||||
|
$folderName = "$($Bucket)_Logs"
|
||||||
|
$artifactname = "$folderName-$leafFileName"
|
||||||
|
Write-Host "##vso[artifact.upload containerfolder=$folderName;artifactname=$artifactname]$fileName"
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$artifactname = "$Bucket-$leafFileName"
|
||||||
|
Write-Host "##vso[artifact.upload containerfolder=$Bucket;artifactname=$artifactname]$fileName"
|
||||||
|
}
|
||||||
|
$script:publishedFiles += $fileName
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default {
|
||||||
|
throw 'Unknow parameterset passed to vstsbuild.ps1'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch
|
||||||
|
{
|
||||||
|
Write-VstsError -Error $_
|
||||||
|
}
|
||||||
|
finally{
|
||||||
|
Write-VstsTaskState
|
||||||
|
exit 0
|
||||||
|
}
|
|
@ -1119,7 +1119,7 @@ statvfs(const char *path, struct statvfs *buf)
|
||||||
free(path_utf16);
|
free(path_utf16);
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
} else {
|
||||||
debug5("ERROR: Cannot get free space for [%s]. Error code is : %d.\n", path, GetLastError());
|
debug5("ERROR: Cannot get free space for [%s]. Error code is : %d.", path, GetLastError());
|
||||||
errno = errno_from_Win32LastError();
|
errno = errno_from_Win32LastError();
|
||||||
free(path_utf16);
|
free(path_utf16);
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -50,21 +50,11 @@ system32_dir()
|
||||||
|
|
||||||
static HMODULE
|
static HMODULE
|
||||||
load_module(wchar_t* name)
|
load_module(wchar_t* name)
|
||||||
{
|
{
|
||||||
wchar_t module_path[MAX_PATH + 1];
|
|
||||||
wchar_t *system32_path;
|
|
||||||
HMODULE hm;
|
HMODULE hm;
|
||||||
|
|
||||||
if ((system32_path = system32_dir()) == NULL)
|
/*system uses a standard search strategy to find the module */
|
||||||
return NULL;
|
if ((hm = LoadLibraryW(name)) == NULL)
|
||||||
|
|
||||||
module_path[0] = L'\0';
|
|
||||||
if (wcscat_s(module_path, _countof(module_path), system32_path) != 0 ||
|
|
||||||
wcscat_s(module_path, _countof(module_path), L"\\") != 0 ||
|
|
||||||
wcscat_s(module_path, _countof(module_path), name) != 0)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
if ((hm = LoadLibraryW(module_path)) == NULL)
|
|
||||||
debug3("unable to load module %ls at run time, error: %d", name, GetLastError());
|
debug3("unable to load module %ls at run time, error: %d", name, GetLastError());
|
||||||
|
|
||||||
return hm;
|
return hm;
|
||||||
|
@ -103,11 +93,21 @@ load_secur32()
|
||||||
return s_hm_secur32;
|
return s_hm_secur32;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
load_ntdll()
|
||||||
|
{
|
||||||
|
static HMODULE s_hm_ntdll = NULL;
|
||||||
|
|
||||||
|
if (!s_hm_ntdll)
|
||||||
|
s_hm_ntdll = load_module(L"ntdll.dll");
|
||||||
|
|
||||||
|
return s_hm_ntdll;
|
||||||
|
}
|
||||||
|
|
||||||
FARPROC get_proc_address(HMODULE hm, char* fn)
|
FARPROC get_proc_address(HMODULE hm, char* fn)
|
||||||
{
|
{
|
||||||
FARPROC ret = GetProcAddress(hm, fn);
|
FARPROC ret = GetProcAddress(hm, fn);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
debug3("GetProcAddress of %s failed with error $d.", fn, GetLastError());
|
debug3("GetProcAddress of %s failed with error %d.", fn, GetLastError());
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -117,7 +117,7 @@ pLogonUserExExW(wchar_t *user_name, wchar_t *domain, wchar_t *password, DWORD lo
|
||||||
DWORD logon_provider, PTOKEN_GROUPS token_groups, PHANDLE token, PSID *logon_sid,
|
DWORD logon_provider, PTOKEN_GROUPS token_groups, PHANDLE token, PSID *logon_sid,
|
||||||
PVOID *profile_buffer, LPDWORD profile_length, PQUOTA_LIMITS quota_limits)
|
PVOID *profile_buffer, LPDWORD profile_length, PQUOTA_LIMITS quota_limits)
|
||||||
{
|
{
|
||||||
HMODULE hm;
|
HMODULE hm = NULL;
|
||||||
typedef BOOL(WINAPI *LogonUserExExWType)(wchar_t*, wchar_t*, wchar_t*, DWORD, DWORD, PTOKEN_GROUPS, PHANDLE, PSID, PVOID, LPDWORD, PQUOTA_LIMITS);
|
typedef BOOL(WINAPI *LogonUserExExWType)(wchar_t*, wchar_t*, wchar_t*, DWORD, DWORD, PTOKEN_GROUPS, PHANDLE, PSID, PVOID, LPDWORD, PQUOTA_LIMITS);
|
||||||
static LogonUserExExWType s_pLogonUserExExW = NULL;
|
static LogonUserExExWType s_pLogonUserExExW = NULL;
|
||||||
|
|
||||||
|
@ -142,8 +142,8 @@ BOOLEAN pTranslateNameW(LPCWSTR name,
|
||||||
LPWSTR translated_name,
|
LPWSTR translated_name,
|
||||||
PULONG psize)
|
PULONG psize)
|
||||||
{
|
{
|
||||||
HMODULE hm;
|
HMODULE hm = NULL;
|
||||||
typedef BOOLEAN(WINAPI *TranslateNameWType)(LPCWSTR, EXTENDED_NAME_FORMAT, EXTENDED_NAME_FORMAT, LPWSTR, PULONG);
|
typedef BOOLEAN(SEC_ENTRY *TranslateNameWType)(LPCWSTR, EXTENDED_NAME_FORMAT, EXTENDED_NAME_FORMAT, LPWSTR, PULONG);
|
||||||
static TranslateNameWType s_pTranslateNameW = NULL;
|
static TranslateNameWType s_pTranslateNameW = NULL;
|
||||||
|
|
||||||
if (!s_pTranslateNameW) {
|
if (!s_pTranslateNameW) {
|
||||||
|
@ -157,43 +157,18 @@ BOOLEAN pTranslateNameW(LPCWSTR name,
|
||||||
return s_pTranslateNameW(name, account_format, desired_name_format, translated_name, psize);
|
return s_pTranslateNameW(name, account_format, desired_name_format, translated_name, psize);
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS pLsaOpenPolicy(PLSA_UNICODE_STRING system_name,
|
ULONG pRtlNtStatusToDosError(NTSTATUS status)
|
||||||
PLSA_OBJECT_ATTRIBUTES attrib,
|
|
||||||
ACCESS_MASK access,
|
|
||||||
PLSA_HANDLE handle)
|
|
||||||
{
|
{
|
||||||
HMODULE hm;
|
HMODULE hm = NULL;
|
||||||
typedef NTSTATUS(*LsaOpenPolicyType)(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES, ACCESS_MASK, PLSA_HANDLE);
|
typedef ULONG(NTAPI *RtlNtStatusToDosErrorType)(NTSTATUS);
|
||||||
static LsaOpenPolicyType s_pLsaOpenPolicy = NULL;
|
static RtlNtStatusToDosErrorType s_pRtlNtStatusToDosError = NULL;
|
||||||
|
|
||||||
if (!s_pLsaOpenPolicy) {
|
if (!s_pRtlNtStatusToDosError) {
|
||||||
if ((hm = load_advapi32()) == NULL)
|
if ((hm = load_ntdll()) == NULL)
|
||||||
return STATUS_ASSERTION_FAILURE;
|
return STATUS_ASSERTION_FAILURE;
|
||||||
|
|
||||||
if ((s_pLsaOpenPolicy = (LsaOpenPolicyType)get_proc_address(hm, "LsaOpenPolicy")) == NULL)
|
if ((s_pRtlNtStatusToDosError = (RtlNtStatusToDosErrorType)get_proc_address(hm, "RtlNtStatusToDosError")) == NULL)
|
||||||
return STATUS_ASSERTION_FAILURE;
|
return STATUS_ASSERTION_FAILURE;
|
||||||
}
|
}
|
||||||
|
return pRtlNtStatusToDosError(status);
|
||||||
return s_pLsaOpenPolicy(system_name, attrib, access, handle);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS pLsaAddAccountRights(LSA_HANDLE lsa_h,
|
|
||||||
PSID psid,
|
|
||||||
PLSA_UNICODE_STRING rights,
|
|
||||||
ULONG num_rights)
|
|
||||||
{
|
|
||||||
HMODULE hm;
|
|
||||||
typedef NTSTATUS(*LsaAddAccountRightsType)(LSA_HANDLE, PSID, PLSA_UNICODE_STRING, ULONG);
|
|
||||||
static LsaAddAccountRightsType s_pLsaAddAccountRights = NULL;
|
|
||||||
|
|
||||||
if (!s_pLsaAddAccountRights) {
|
|
||||||
if ((hm = load_advapi32()) == NULL)
|
|
||||||
return STATUS_ASSERTION_FAILURE;
|
|
||||||
|
|
||||||
if ((s_pLsaAddAccountRights = (LsaAddAccountRightsType)get_proc_address(hm, "LsaAddAccountRights")) == NULL)
|
|
||||||
return STATUS_ASSERTION_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
return s_pLsaAddAccountRights(lsa_h, psid, rights, num_rights);
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -454,14 +454,17 @@ AddSidMappingToLsa(PUNICODE_STRING domain_name,
|
||||||
if (op_result == LsaSidNameMappingOperation_NameCollision || op_result == LsaSidNameMappingOperation_SidCollision)
|
if (op_result == LsaSidNameMappingOperation_NameCollision || op_result == LsaSidNameMappingOperation_SidCollision)
|
||||||
ret = 0; /* OK as it failed due to collision */
|
ret = 0; /* OK as it failed due to collision */
|
||||||
else
|
else
|
||||||
error("LsaManageSidNameMapping failed with : %s \n", LSAMappingErrorDetails[op_result]);
|
error("LsaManageSidNameMapping failed with : %s", LSAMappingErrorDetails[op_result]);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
error("LsaManageSidNameMapping failed with ntstatus: %d \n", status);
|
error("LsaManageSidNameMapping failed with ntstatus: %d", status);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (p_output)
|
if (p_output) {
|
||||||
LsaFreeMemory(p_output);
|
status = LsaFreeMemory(p_output);
|
||||||
|
if (status != STATUS_SUCCESS)
|
||||||
|
debug3("LsaFreeMemory failed with ntstatus: %d", status);
|
||||||
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -485,11 +488,12 @@ int RemoveVirtualAccountLSAMapping(PUNICODE_STRING domain_name,
|
||||||
&p_output);
|
&p_output);
|
||||||
if (status != STATUS_SUCCESS)
|
if (status != STATUS_SUCCESS)
|
||||||
ret = -1;
|
ret = -1;
|
||||||
|
|
||||||
/* TODO - Free p_output */
|
if (p_output) {
|
||||||
/*if (p_output)
|
status = LsaFreeMemory(p_output);
|
||||||
LsaFreeMemory(p_output);*/
|
if (status != STATUS_SUCCESS)
|
||||||
|
debug3("LsaFreeMemory failed with ntstatus: %d", status);
|
||||||
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -556,8 +560,10 @@ HANDLE generate_sshd_virtual_token()
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
&sid_domain)))
|
&sid_domain))) {
|
||||||
|
debug3("AllocateAndInitializeSid failed with domain SID");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
/* group SID - S-1-5-111-0 */
|
/* group SID - S-1-5-111-0 */
|
||||||
if (!(AllocateAndInitializeSid(&nt_authority,
|
if (!(AllocateAndInitializeSid(&nt_authority,
|
||||||
|
@ -570,8 +576,10 @@ HANDLE generate_sshd_virtual_token()
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
&sid_group)))
|
&sid_group))) {
|
||||||
|
debug3("AllocateAndInitializeSid failed with group SID");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* account SID
|
* account SID
|
||||||
|
@ -589,20 +597,29 @@ HANDLE generate_sshd_virtual_token()
|
||||||
1125189541,
|
1125189541,
|
||||||
GetCurrentProcessId(),
|
GetCurrentProcessId(),
|
||||||
0,
|
0,
|
||||||
&sid_user)))
|
&sid_user))) {
|
||||||
|
debug3("AllocateAndInitializeSid failed with account SID");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Map the domain SID */
|
/* Map the domain SID */
|
||||||
if (AddSidMappingToLsa(&domain, NULL, sid_domain) != 0)
|
if (AddSidMappingToLsa(&domain, NULL, sid_domain) != 0) {
|
||||||
|
debug3("AddSidMappingToLsa failed to map the domain Sid");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
/* Map the group SID */
|
/* Map the group SID */
|
||||||
if (AddSidMappingToLsa(&domain, &group, sid_group) != 0)
|
if (AddSidMappingToLsa(&domain, &group, sid_group) != 0) {
|
||||||
|
debug3("AddSidMappingToLsa failed to map the group Sid");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
/* Map the user SID */
|
/* Map the user SID */
|
||||||
if (AddSidMappingToLsa(&domain, &account, sid_user) != 0)
|
if (AddSidMappingToLsa(&domain, &account, sid_user) != 0) {
|
||||||
|
debug3("AddSidMappingToLsa failed to map the user Sid");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
/* assign service logon privilege to virtual account */
|
/* assign service logon privilege to virtual account */
|
||||||
{
|
{
|
||||||
|
@ -614,12 +631,12 @@ HANDLE generate_sshd_virtual_token()
|
||||||
if ((lsa_ret = LsaOpenPolicy(NULL, &ObjectAttributes,
|
if ((lsa_ret = LsaOpenPolicy(NULL, &ObjectAttributes,
|
||||||
POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
|
POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
|
||||||
&lsa_policy )) != STATUS_SUCCESS) {
|
&lsa_policy )) != STATUS_SUCCESS) {
|
||||||
error("%s: unable to open policy handle, error: %d", __FUNCTION__, LsaNtStatusToWinError(lsa_ret));
|
error("%s: unable to open policy handle, error: %d", __FUNCTION__, pRtlNtStatusToDosError(lsa_ret));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
InitUnicodeString(&svcLogonRight, L"SeServiceLogonRight");
|
InitUnicodeString(&svcLogonRight, L"SeServiceLogonRight");
|
||||||
if ((lsa_ret = LsaAddAccountRights(lsa_policy, sid_user, &svcLogonRight, 1)) != STATUS_SUCCESS) {
|
if ((lsa_ret = LsaAddAccountRights(lsa_policy, sid_user, &svcLogonRight, 1)) != STATUS_SUCCESS) {
|
||||||
error("%s: unable to assign SE_SERVICE_LOGON_NAME privilege, error: %d", __FUNCTION__, LsaNtStatusToWinError(lsa_ret));
|
error("%s: unable to assign SE_SERVICE_LOGON_NAME privilege, error: %d", __FUNCTION__, pRtlNtStatusToDosError(lsa_ret));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -637,13 +654,13 @@ HANDLE generate_sshd_virtual_token()
|
||||||
NULL,
|
NULL,
|
||||||
NULL,
|
NULL,
|
||||||
NULL)) {
|
NULL)) {
|
||||||
debug3("LogonUserExExW failed with %d \n", GetLastError());
|
debug3("LogonUserExExW failed with %d", GetLastError());
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* remove all privileges */
|
/* remove all privileges */
|
||||||
if (!CreateRestrictedToken(va_token, DISABLE_MAX_PRIVILEGE, 0, NULL, 0, NULL, 0, NULL, &va_token_restricted ))
|
if (!CreateRestrictedToken(va_token, DISABLE_MAX_PRIVILEGE, 0, NULL, 0, NULL, 0, NULL, &va_token_restricted ))
|
||||||
debug3("CreateRestrictedToken failed with %d \n", GetLastError());
|
debug3("CreateRestrictedToken failed with %d", GetLastError());
|
||||||
|
|
||||||
CloseHandle(va_token);
|
CloseHandle(va_token);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue