Add debug msg, replace API call incompatible with onecore , add build script (#324)

Add debug msg, replace API call incompatible with onecore , add build script
This commit is contained in:
Yanbing 2018-06-18 22:39:31 -07:00 committed by GitHub
parent 4be3dd9647
commit ed70a1a7f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 213 additions and 86 deletions

View File

@ -121,8 +121,8 @@ WARNING: Following changes will be made to OpenSSH configuration
$con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
Set-Content -Path $targetsshdConfig -Value "$con" -Force
}
$sshdSvc = Get-service ssh-agent
if($sshdSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
$sshAgentSvc = Get-service ssh-agent
if($sshAgentSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
{
Set-service ssh-agent -StartupType Manual
}

View File

@ -11,7 +11,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-x64",
"BinaryBucket": "OpenSSH-Win64",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-X64"
},
@ -26,7 +26,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-x86",
"BinaryBucket": "OpenSSH-Win32",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-X86"
},
@ -41,7 +41,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm",
"BinaryBucket": "OpenSSH-ARM",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
},
@ -56,7 +56,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm64",
"BinaryBucket": "OpenSSH-ARM64",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
},
@ -71,7 +71,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-x64",
"BinaryBucket": "OpenSSH-Win64",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-X64"
},
@ -86,7 +86,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-x86",
"BinaryBucket": "OpenSSH-Win32",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-X86"
},
@ -101,7 +101,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm",
"BinaryBucket": "OpenSSH-Arm",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
},
@ -116,7 +116,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm64",
"BinaryBucket": "OpenSSH-Arm64",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
},
@ -161,7 +161,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm",
"BinaryBucket": "OpenSSH-Arm",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
},
@ -176,7 +176,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm64",
"BinaryBucket": "OpenSSH-Arm64",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
},
@ -191,7 +191,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-x64",
"BinaryBucket": "OpenSSH-Win64",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-X64"
},
@ -206,7 +206,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-x86",
"BinaryBucket": "OpenSSH-Win32",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-X86"
},
@ -221,7 +221,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm",
"BinaryBucket": "OpenSSH-Arm",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
},
@ -236,7 +236,7 @@
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
"DockerImageName": "di-openssh-arm64",
"BinaryBucket": "OpenSSH-Arm64",
"BinaryBucket": "OpenSSH-Original",
"ArtifactsExpected": 1,
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
}

View File

@ -0,0 +1,135 @@
[cmdletbinding(DefaultParameterSetName='Build')]
param(
[Parameter(Mandatory,ParameterSetName='Build')]
[String]$Name="X64",
# full paths to files to add to container to run the build
[Parameter(Mandatory,ParameterSetName='packageSigned')]
[string]$BuildPath,
[Parameter(ParameterSetName='packageSigned')]
[string]$SignedFilesPath
)
$gitBinFullPath = (Get-Command -Name git).Source
if (-not $gitBinFullPath)
{
throw "Git is required to proceed. Install from 'https://git-scm.com/download/win'"
}
function Get-RepoFork
{
[CmdletBinding()]
param([string]$AccountURL, [string]$RepoFork, [string]$repoLocalPath, [string]$BranchName)
if (Test-Path -Path $repoLocalPath -PathType Container)
{
Remove-Item -Path $repoLocalPath -Recurse -Force
}
Write-Verbose "cloning -b $BranchName --quiet --recursive $AccountURL/$RepoFork $repoLocalPath" -Verbose
git clone -b $BranchName --quiet --recursive $AccountURL/$RepoFork $repoLocalPath
Write-Verbose "pull latest from repo $RepoFork"
Push-Location $repoLocalPath
git submodule update --init --recursive --quiet
Pop-Location
}
function Get-RepositoryRoot
{
$start = $currentDir = (Get-Item -Path $PSScriptRoot)
while ($null -ne $currentDir.Parent)
{
$path = Join-Path -Path $currentDir.FullName -ChildPath '.git'
if (Test-Path -Path $path)
{
return $currentDir
}
$currentDir = $currentDir.Parent
}
return $start
}
[System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot
# Get repo root
$OSS_OpenSSHRoot = Get-Item -Path $repositoryRoot.FullName
$gitRoot = split-path $OSS_OpenSSHRoot
$script:publishedFiles = @()
# clone psrelease.
$PSReleaseLocalPath = Join-Path -Path $gitRoot -ChildPath 'PSRelease'
Get-RepoFork -AccountURL 'https://github.com/powershell' -RepoFork 'PSRelease' -repoLocalPath $PSReleaseLocalPath -BranchName 'master'
Import-Module "$PSReleaseLocalPath\vstsBuild" -Force
Import-Module "$PSReleaseLocalPath\dockerBasedBuild" -Force
try
{
Clear-VstsTaskState
switch($PSCmdlet.ParameterSetName)
{
'Build' {
Invoke-Build -RepoPath '.\' -BuildJsonPath '.\contrib\win32\openssh\build.json' -Name $Name
}
'packageSigned' {
#Publish artifacts appropriately
if($SignedFilesPath)
{
Write-Verbose "SignedFilesPath: $SignedFilesPath" -Verbose
$files = Get-ChildItem -Path $SignedFilesPath\* -Recurse -File | Select-Object -ExpandProperty FullName
#Count the remaining file not signed files.
Get-ChildItem -Path $BuildPath\* -Recurse -File | % {
$src = $_.FullName
$dest = "$SignedFilesPath\$($_.Name)"
Write-Verbose "src: $src" -Verbose
Write-Verbose "dest: $dest" -Verbose
if (-not (Test-Path $dest))
{
$files += $_.FullName
}
}
}
else
{
#did not run codesign, so publish the plain binaries
$files = Get-ChildItem -Path $BuildPath\* -Recurse -File | Select-Object -ExpandProperty FullName
}
$Bucket = (Split-Path $BuildPath -Leaf).Replace("_symbols", "")
foreach($fileName in $files)
{
# Only publish files once
if($script:publishedFiles -inotcontains $fileName)
{
$leafFileName = $(Split-path -Path $fileName -Leaf)
$extension = [System.IO.Path]::GetExtension($leafFileName)
if($extension -ieq '.pdb')
{
$folderName = "$($Bucket)_Symbols"
$artifactname = "$folderName-$leafFileName"
Write-Host "##vso[artifact.upload containerfolder=$folderName;artifactname=$artifactname]$fileName"
}
elseif($extension -ieq '.log')
{
$folderName = "$($Bucket)_Logs"
$artifactname = "$folderName-$leafFileName"
Write-Host "##vso[artifact.upload containerfolder=$folderName;artifactname=$artifactname]$fileName"
}
else
{
$artifactname = "$Bucket-$leafFileName"
Write-Host "##vso[artifact.upload containerfolder=$Bucket;artifactname=$artifactname]$fileName"
}
$script:publishedFiles += $fileName
}
}
}
default {
throw 'Unknow parameterset passed to vstsbuild.ps1'
}
}
}
catch
{
Write-VstsError -Error $_
}
finally{
Write-VstsTaskState
exit 0
}

View File

@ -1119,7 +1119,7 @@ statvfs(const char *path, struct statvfs *buf)
free(path_utf16);
return 0;
} else {
debug5("ERROR: Cannot get free space for [%s]. Error code is : %d.\n", path, GetLastError());
debug5("ERROR: Cannot get free space for [%s]. Error code is : %d.", path, GetLastError());
errno = errno_from_Win32LastError();
free(path_utf16);
return -1;

View File

@ -51,20 +51,10 @@ system32_dir()
static HMODULE
load_module(wchar_t* name)
{
wchar_t module_path[MAX_PATH + 1];
wchar_t *system32_path;
HMODULE hm;
if ((system32_path = system32_dir()) == NULL)
return NULL;
module_path[0] = L'\0';
if (wcscat_s(module_path, _countof(module_path), system32_path) != 0 ||
wcscat_s(module_path, _countof(module_path), L"\\") != 0 ||
wcscat_s(module_path, _countof(module_path), name) != 0)
return NULL;
if ((hm = LoadLibraryW(module_path)) == NULL)
/*system uses a standard search strategy to find the module */
if ((hm = LoadLibraryW(name)) == NULL)
debug3("unable to load module %ls at run time, error: %d", name, GetLastError());
return hm;
@ -103,11 +93,21 @@ load_secur32()
return s_hm_secur32;
}
load_ntdll()
{
static HMODULE s_hm_ntdll = NULL;
if (!s_hm_ntdll)
s_hm_ntdll = load_module(L"ntdll.dll");
return s_hm_ntdll;
}
FARPROC get_proc_address(HMODULE hm, char* fn)
{
FARPROC ret = GetProcAddress(hm, fn);
if (!ret)
debug3("GetProcAddress of %s failed with error $d.", fn, GetLastError());
debug3("GetProcAddress of %s failed with error %d.", fn, GetLastError());
return ret;
}
@ -117,7 +117,7 @@ pLogonUserExExW(wchar_t *user_name, wchar_t *domain, wchar_t *password, DWORD lo
DWORD logon_provider, PTOKEN_GROUPS token_groups, PHANDLE token, PSID *logon_sid,
PVOID *profile_buffer, LPDWORD profile_length, PQUOTA_LIMITS quota_limits)
{
HMODULE hm;
HMODULE hm = NULL;
typedef BOOL(WINAPI *LogonUserExExWType)(wchar_t*, wchar_t*, wchar_t*, DWORD, DWORD, PTOKEN_GROUPS, PHANDLE, PSID, PVOID, LPDWORD, PQUOTA_LIMITS);
static LogonUserExExWType s_pLogonUserExExW = NULL;
@ -142,8 +142,8 @@ BOOLEAN pTranslateNameW(LPCWSTR name,
LPWSTR translated_name,
PULONG psize)
{
HMODULE hm;
typedef BOOLEAN(WINAPI *TranslateNameWType)(LPCWSTR, EXTENDED_NAME_FORMAT, EXTENDED_NAME_FORMAT, LPWSTR, PULONG);
HMODULE hm = NULL;
typedef BOOLEAN(SEC_ENTRY *TranslateNameWType)(LPCWSTR, EXTENDED_NAME_FORMAT, EXTENDED_NAME_FORMAT, LPWSTR, PULONG);
static TranslateNameWType s_pTranslateNameW = NULL;
if (!s_pTranslateNameW) {
@ -157,43 +157,18 @@ BOOLEAN pTranslateNameW(LPCWSTR name,
return s_pTranslateNameW(name, account_format, desired_name_format, translated_name, psize);
}
NTSTATUS pLsaOpenPolicy(PLSA_UNICODE_STRING system_name,
PLSA_OBJECT_ATTRIBUTES attrib,
ACCESS_MASK access,
PLSA_HANDLE handle)
ULONG pRtlNtStatusToDosError(NTSTATUS status)
{
HMODULE hm;
typedef NTSTATUS(*LsaOpenPolicyType)(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES, ACCESS_MASK, PLSA_HANDLE);
static LsaOpenPolicyType s_pLsaOpenPolicy = NULL;
HMODULE hm = NULL;
typedef ULONG(NTAPI *RtlNtStatusToDosErrorType)(NTSTATUS);
static RtlNtStatusToDosErrorType s_pRtlNtStatusToDosError = NULL;
if (!s_pLsaOpenPolicy) {
if ((hm = load_advapi32()) == NULL)
if (!s_pRtlNtStatusToDosError) {
if ((hm = load_ntdll()) == NULL)
return STATUS_ASSERTION_FAILURE;
if ((s_pLsaOpenPolicy = (LsaOpenPolicyType)get_proc_address(hm, "LsaOpenPolicy")) == NULL)
if ((s_pRtlNtStatusToDosError = (RtlNtStatusToDosErrorType)get_proc_address(hm, "RtlNtStatusToDosError")) == NULL)
return STATUS_ASSERTION_FAILURE;
}
return s_pLsaOpenPolicy(system_name, attrib, access, handle);
}
NTSTATUS pLsaAddAccountRights(LSA_HANDLE lsa_h,
PSID psid,
PLSA_UNICODE_STRING rights,
ULONG num_rights)
{
HMODULE hm;
typedef NTSTATUS(*LsaAddAccountRightsType)(LSA_HANDLE, PSID, PLSA_UNICODE_STRING, ULONG);
static LsaAddAccountRightsType s_pLsaAddAccountRights = NULL;
if (!s_pLsaAddAccountRights) {
if ((hm = load_advapi32()) == NULL)
return STATUS_ASSERTION_FAILURE;
if ((s_pLsaAddAccountRights = (LsaAddAccountRightsType)get_proc_address(hm, "LsaAddAccountRights")) == NULL)
return STATUS_ASSERTION_FAILURE;
}
return s_pLsaAddAccountRights(lsa_h, psid, rights, num_rights);
return pRtlNtStatusToDosError(status);
}

View File

@ -454,14 +454,17 @@ AddSidMappingToLsa(PUNICODE_STRING domain_name,
if (op_result == LsaSidNameMappingOperation_NameCollision || op_result == LsaSidNameMappingOperation_SidCollision)
ret = 0; /* OK as it failed due to collision */
else
error("LsaManageSidNameMapping failed with : %s \n", LSAMappingErrorDetails[op_result]);
error("LsaManageSidNameMapping failed with : %s", LSAMappingErrorDetails[op_result]);
}
else
error("LsaManageSidNameMapping failed with ntstatus: %d \n", status);
error("LsaManageSidNameMapping failed with ntstatus: %d", status);
}
if (p_output)
LsaFreeMemory(p_output);
if (p_output) {
status = LsaFreeMemory(p_output);
if (status != STATUS_SUCCESS)
debug3("LsaFreeMemory failed with ntstatus: %d", status);
}
return ret;
}
@ -486,10 +489,11 @@ int RemoveVirtualAccountLSAMapping(PUNICODE_STRING domain_name,
if (status != STATUS_SUCCESS)
ret = -1;
/* TODO - Free p_output */
/*if (p_output)
LsaFreeMemory(p_output);*/
if (p_output) {
status = LsaFreeMemory(p_output);
if (status != STATUS_SUCCESS)
debug3("LsaFreeMemory failed with ntstatus: %d", status);
}
return ret;
}
@ -556,8 +560,10 @@ HANDLE generate_sshd_virtual_token()
0,
0,
0,
&sid_domain)))
&sid_domain))) {
debug3("AllocateAndInitializeSid failed with domain SID");
goto cleanup;
}
/* group SID - S-1-5-111-0 */
if (!(AllocateAndInitializeSid(&nt_authority,
@ -570,8 +576,10 @@ HANDLE generate_sshd_virtual_token()
0,
0,
0,
&sid_group)))
&sid_group))) {
debug3("AllocateAndInitializeSid failed with group SID");
goto cleanup;
}
/*
* account SID
@ -589,20 +597,29 @@ HANDLE generate_sshd_virtual_token()
1125189541,
GetCurrentProcessId(),
0,
&sid_user)))
&sid_user))) {
debug3("AllocateAndInitializeSid failed with account SID");
goto cleanup;
}
/* Map the domain SID */
if (AddSidMappingToLsa(&domain, NULL, sid_domain) != 0)
if (AddSidMappingToLsa(&domain, NULL, sid_domain) != 0) {
debug3("AddSidMappingToLsa failed to map the domain Sid");
goto cleanup;
}
/* Map the group SID */
if (AddSidMappingToLsa(&domain, &group, sid_group) != 0)
if (AddSidMappingToLsa(&domain, &group, sid_group) != 0) {
debug3("AddSidMappingToLsa failed to map the group Sid");
goto cleanup;
}
/* Map the user SID */
if (AddSidMappingToLsa(&domain, &account, sid_user) != 0)
if (AddSidMappingToLsa(&domain, &account, sid_user) != 0) {
debug3("AddSidMappingToLsa failed to map the user Sid");
goto cleanup;
}
/* assign service logon privilege to virtual account */
{
@ -614,12 +631,12 @@ HANDLE generate_sshd_virtual_token()
if ((lsa_ret = LsaOpenPolicy(NULL, &ObjectAttributes,
POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
&lsa_policy )) != STATUS_SUCCESS) {
error("%s: unable to open policy handle, error: %d", __FUNCTION__, LsaNtStatusToWinError(lsa_ret));
error("%s: unable to open policy handle, error: %d", __FUNCTION__, pRtlNtStatusToDosError(lsa_ret));
goto cleanup;
}
InitUnicodeString(&svcLogonRight, L"SeServiceLogonRight");
if ((lsa_ret = LsaAddAccountRights(lsa_policy, sid_user, &svcLogonRight, 1)) != STATUS_SUCCESS) {
error("%s: unable to assign SE_SERVICE_LOGON_NAME privilege, error: %d", __FUNCTION__, LsaNtStatusToWinError(lsa_ret));
error("%s: unable to assign SE_SERVICE_LOGON_NAME privilege, error: %d", __FUNCTION__, pRtlNtStatusToDosError(lsa_ret));
goto cleanup;
}
}
@ -637,13 +654,13 @@ HANDLE generate_sshd_virtual_token()
NULL,
NULL,
NULL)) {
debug3("LogonUserExExW failed with %d \n", GetLastError());
debug3("LogonUserExExW failed with %d", GetLastError());
goto cleanup;
}
/* remove all privileges */
if (!CreateRestrictedToken(va_token, DISABLE_MAX_PRIVILEGE, 0, NULL, 0, NULL, 0, NULL, &va_token_restricted ))
debug3("CreateRestrictedToken failed with %d \n", GetLastError());
debug3("CreateRestrictedToken failed with %d", GetLastError());
CloseHandle(va_token);