Add debug msg, replace API call incompatible with onecore , add build script (#324)
Add debug msg, replace API call incompatible with onecore , add build script
This commit is contained in:
Yanbing
GitHub
parent
4be3dd9647
commit
ed70a1a7f8
|
|
@ -121,8 +121,8 @@ WARNING: Following changes will be made to OpenSSH configuration
|
|||
$con = (Get-Content $targetsshdConfig | Out-String).Replace("#SyslogFacility AUTH","SyslogFacility LOCAL0")
|
||||
Set-Content -Path $targetsshdConfig -Value "$con" -Force
|
||||
}
|
||||
$sshdSvc = Get-service ssh-agent
|
||||
if($sshdSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
|
||||
$sshAgentSvc = Get-service ssh-agent
|
||||
if($sshAgentSvc.StartType -eq [System.ServiceProcess.ServiceStartMode]::Disabled)
|
||||
{
|
||||
Set-service ssh-agent -StartupType Manual
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-x64",
|
||||
"BinaryBucket": "OpenSSH-Win64",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
||||
},
|
||||
|
|
@ -26,7 +26,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-x86",
|
||||
"BinaryBucket": "OpenSSH-Win32",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
||||
},
|
||||
|
|
@ -41,7 +41,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm",
|
||||
"BinaryBucket": "OpenSSH-ARM",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||
},
|
||||
|
|
@ -56,7 +56,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm64",
|
||||
"BinaryBucket": "OpenSSH-ARM64",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||
},
|
||||
|
|
@ -71,7 +71,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-x64",
|
||||
"BinaryBucket": "OpenSSH-Win64",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
||||
},
|
||||
|
|
@ -86,7 +86,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-x86",
|
||||
"BinaryBucket": "OpenSSH-Win32",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
||||
},
|
||||
|
|
@ -101,7 +101,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm",
|
||||
"BinaryBucket": "OpenSSH-Arm",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||
},
|
||||
|
|
@ -116,7 +116,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm64",
|
||||
"BinaryBucket": "OpenSSH-Arm64",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||
},
|
||||
|
|
@ -161,7 +161,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm",
|
||||
"BinaryBucket": "OpenSSH-Arm",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||
},
|
||||
|
|
@ -176,7 +176,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm64",
|
||||
"BinaryBucket": "OpenSSH-Arm64",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||
},
|
||||
|
|
@ -191,7 +191,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-x64",
|
||||
"BinaryBucket": "OpenSSH-Win64",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-X64"
|
||||
},
|
||||
|
|
@ -206,7 +206,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-x86",
|
||||
"BinaryBucket": "OpenSSH-Win32",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-X86"
|
||||
},
|
||||
|
|
@ -221,7 +221,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm",
|
||||
"BinaryBucket": "OpenSSH-Arm",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM"
|
||||
},
|
||||
|
|
@ -236,7 +236,7 @@
|
|||
"DockerFile": ".\\contrib\\win32\\openssh\\DockerFile",
|
||||
"AdditionalContextFiles": [ ".\\contrib\\win32\\openssh\\OpenSSH-build.ps1" ],
|
||||
"DockerImageName": "di-openssh-arm64",
|
||||
"BinaryBucket": "OpenSSH-Arm64",
|
||||
"BinaryBucket": "OpenSSH-Original",
|
||||
"ArtifactsExpected": 1,
|
||||
"VariableForExtractedBinariesPath": "OpenSSH-ARM64"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,135 @@
|
|||
[cmdletbinding(DefaultParameterSetName='Build')]
|
||||
param(
|
||||
[Parameter(Mandatory,ParameterSetName='Build')]
|
||||
[String]$Name="X64",
|
||||
# full paths to files to add to container to run the build
|
||||
[Parameter(Mandatory,ParameterSetName='packageSigned')]
|
||||
[string]$BuildPath,
|
||||
[Parameter(ParameterSetName='packageSigned')]
|
||||
[string]$SignedFilesPath
|
||||
)
|
||||
|
||||
$gitBinFullPath = (Get-Command -Name git).Source
|
||||
if (-not $gitBinFullPath)
|
||||
{
|
||||
throw "Git is required to proceed. Install from 'https://git-scm.com/download/win'"
|
||||
}
|
||||
|
||||
function Get-RepoFork
|
||||
{
|
||||
[CmdletBinding()]
|
||||
param([string]$AccountURL, [string]$RepoFork, [string]$repoLocalPath, [string]$BranchName)
|
||||
if (Test-Path -Path $repoLocalPath -PathType Container)
|
||||
{
|
||||
Remove-Item -Path $repoLocalPath -Recurse -Force
|
||||
}
|
||||
|
||||
Write-Verbose "cloning -b $BranchName --quiet --recursive $AccountURL/$RepoFork $repoLocalPath" -Verbose
|
||||
git clone -b $BranchName --quiet --recursive $AccountURL/$RepoFork $repoLocalPath
|
||||
|
||||
Write-Verbose "pull latest from repo $RepoFork"
|
||||
Push-Location $repoLocalPath
|
||||
git submodule update --init --recursive --quiet
|
||||
Pop-Location
|
||||
}
|
||||
|
||||
function Get-RepositoryRoot
|
||||
{
|
||||
$start = $currentDir = (Get-Item -Path $PSScriptRoot)
|
||||
while ($null -ne $currentDir.Parent)
|
||||
{
|
||||
$path = Join-Path -Path $currentDir.FullName -ChildPath '.git'
|
||||
if (Test-Path -Path $path)
|
||||
{
|
||||
return $currentDir
|
||||
}
|
||||
$currentDir = $currentDir.Parent
|
||||
}
|
||||
return $start
|
||||
}
|
||||
|
||||
[System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot
|
||||
|
||||
# Get repo root
|
||||
$OSS_OpenSSHRoot = Get-Item -Path $repositoryRoot.FullName
|
||||
$gitRoot = split-path $OSS_OpenSSHRoot
|
||||
$script:publishedFiles = @()
|
||||
# clone psrelease.
|
||||
$PSReleaseLocalPath = Join-Path -Path $gitRoot -ChildPath 'PSRelease'
|
||||
Get-RepoFork -AccountURL 'https://github.com/powershell' -RepoFork 'PSRelease' -repoLocalPath $PSReleaseLocalPath -BranchName 'master'
|
||||
Import-Module "$PSReleaseLocalPath\vstsBuild" -Force
|
||||
Import-Module "$PSReleaseLocalPath\dockerBasedBuild" -Force
|
||||
try
|
||||
{
|
||||
Clear-VstsTaskState
|
||||
switch($PSCmdlet.ParameterSetName)
|
||||
{
|
||||
'Build' {
|
||||
Invoke-Build -RepoPath '.\' -BuildJsonPath '.\contrib\win32\openssh\build.json' -Name $Name
|
||||
}
|
||||
'packageSigned' {
|
||||
#Publish artifacts appropriately
|
||||
if($SignedFilesPath)
|
||||
{
|
||||
Write-Verbose "SignedFilesPath: $SignedFilesPath" -Verbose
|
||||
$files = Get-ChildItem -Path $SignedFilesPath\* -Recurse -File | Select-Object -ExpandProperty FullName
|
||||
#Count the remaining file not signed files.
|
||||
Get-ChildItem -Path $BuildPath\* -Recurse -File | % {
|
||||
$src = $_.FullName
|
||||
$dest = "$SignedFilesPath\$($_.Name)"
|
||||
Write-Verbose "src: $src" -Verbose
|
||||
Write-Verbose "dest: $dest" -Verbose
|
||||
if (-not (Test-Path $dest))
|
||||
{
|
||||
$files += $_.FullName
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
#did not run codesign, so publish the plain binaries
|
||||
$files = Get-ChildItem -Path $BuildPath\* -Recurse -File | Select-Object -ExpandProperty FullName
|
||||
}
|
||||
$Bucket = (Split-Path $BuildPath -Leaf).Replace("_symbols", "")
|
||||
|
||||
foreach($fileName in $files)
|
||||
{
|
||||
# Only publish files once
|
||||
if($script:publishedFiles -inotcontains $fileName)
|
||||
{
|
||||
$leafFileName = $(Split-path -Path $fileName -Leaf)
|
||||
$extension = [System.IO.Path]::GetExtension($leafFileName)
|
||||
if($extension -ieq '.pdb')
|
||||
{
|
||||
$folderName = "$($Bucket)_Symbols"
|
||||
$artifactname = "$folderName-$leafFileName"
|
||||
Write-Host "##vso[artifact.upload containerfolder=$folderName;artifactname=$artifactname]$fileName"
|
||||
}
|
||||
elseif($extension -ieq '.log')
|
||||
{
|
||||
$folderName = "$($Bucket)_Logs"
|
||||
$artifactname = "$folderName-$leafFileName"
|
||||
Write-Host "##vso[artifact.upload containerfolder=$folderName;artifactname=$artifactname]$fileName"
|
||||
}
|
||||
else
|
||||
{
|
||||
$artifactname = "$Bucket-$leafFileName"
|
||||
Write-Host "##vso[artifact.upload containerfolder=$Bucket;artifactname=$artifactname]$fileName"
|
||||
}
|
||||
$script:publishedFiles += $fileName
|
||||
}
|
||||
}
|
||||
}
|
||||
default {
|
||||
throw 'Unknow parameterset passed to vstsbuild.ps1'
|
||||
}
|
||||
}
|
||||
}
|
||||
catch
|
||||
{
|
||||
Write-VstsError -Error $_
|
||||
}
|
||||
finally{
|
||||
Write-VstsTaskState
|
||||
exit 0
|
||||
}
|
||||
|
|
@ -1119,7 +1119,7 @@ statvfs(const char *path, struct statvfs *buf)
|
|||
free(path_utf16);
|
||||
return 0;
|
||||
} else {
|
||||
debug5("ERROR: Cannot get free space for [%s]. Error code is : %d.\n", path, GetLastError());
|
||||
debug5("ERROR: Cannot get free space for [%s]. Error code is : %d.", path, GetLastError());
|
||||
errno = errno_from_Win32LastError();
|
||||
free(path_utf16);
|
||||
return -1;
|
||||
|
|
|
|||
|
|
@ -50,21 +50,11 @@ system32_dir()
|
|||
|
||||
static HMODULE
|
||||
load_module(wchar_t* name)
|
||||
{
|
||||
wchar_t module_path[MAX_PATH + 1];
|
||||
wchar_t *system32_path;
|
||||
{
|
||||
HMODULE hm;
|
||||
|
||||
if ((system32_path = system32_dir()) == NULL)
|
||||
return NULL;
|
||||
|
||||
module_path[0] = L'\0';
|
||||
if (wcscat_s(module_path, _countof(module_path), system32_path) != 0 ||
|
||||
wcscat_s(module_path, _countof(module_path), L"\\") != 0 ||
|
||||
wcscat_s(module_path, _countof(module_path), name) != 0)
|
||||
return NULL;
|
||||
|
||||
if ((hm = LoadLibraryW(module_path)) == NULL)
|
||||
/*system uses a standard search strategy to find the module */
|
||||
if ((hm = LoadLibraryW(name)) == NULL)
|
||||
debug3("unable to load module %ls at run time, error: %d", name, GetLastError());
|
||||
|
||||
return hm;
|
||||
|
|
@ -103,11 +93,21 @@ load_secur32()
|
|||
return s_hm_secur32;
|
||||
}
|
||||
|
||||
load_ntdll()
|
||||
{
|
||||
static HMODULE s_hm_ntdll = NULL;
|
||||
|
||||
if (!s_hm_ntdll)
|
||||
s_hm_ntdll = load_module(L"ntdll.dll");
|
||||
|
||||
return s_hm_ntdll;
|
||||
}
|
||||
|
||||
FARPROC get_proc_address(HMODULE hm, char* fn)
|
||||
{
|
||||
FARPROC ret = GetProcAddress(hm, fn);
|
||||
if (!ret)
|
||||
debug3("GetProcAddress of %s failed with error $d.", fn, GetLastError());
|
||||
debug3("GetProcAddress of %s failed with error %d.", fn, GetLastError());
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
@ -117,7 +117,7 @@ pLogonUserExExW(wchar_t *user_name, wchar_t *domain, wchar_t *password, DWORD lo
|
|||
DWORD logon_provider, PTOKEN_GROUPS token_groups, PHANDLE token, PSID *logon_sid,
|
||||
PVOID *profile_buffer, LPDWORD profile_length, PQUOTA_LIMITS quota_limits)
|
||||
{
|
||||
HMODULE hm;
|
||||
HMODULE hm = NULL;
|
||||
typedef BOOL(WINAPI *LogonUserExExWType)(wchar_t*, wchar_t*, wchar_t*, DWORD, DWORD, PTOKEN_GROUPS, PHANDLE, PSID, PVOID, LPDWORD, PQUOTA_LIMITS);
|
||||
static LogonUserExExWType s_pLogonUserExExW = NULL;
|
||||
|
||||
|
|
@ -142,8 +142,8 @@ BOOLEAN pTranslateNameW(LPCWSTR name,
|
|||
LPWSTR translated_name,
|
||||
PULONG psize)
|
||||
{
|
||||
HMODULE hm;
|
||||
typedef BOOLEAN(WINAPI *TranslateNameWType)(LPCWSTR, EXTENDED_NAME_FORMAT, EXTENDED_NAME_FORMAT, LPWSTR, PULONG);
|
||||
HMODULE hm = NULL;
|
||||
typedef BOOLEAN(SEC_ENTRY *TranslateNameWType)(LPCWSTR, EXTENDED_NAME_FORMAT, EXTENDED_NAME_FORMAT, LPWSTR, PULONG);
|
||||
static TranslateNameWType s_pTranslateNameW = NULL;
|
||||
|
||||
if (!s_pTranslateNameW) {
|
||||
|
|
@ -157,43 +157,18 @@ BOOLEAN pTranslateNameW(LPCWSTR name,
|
|||
return s_pTranslateNameW(name, account_format, desired_name_format, translated_name, psize);
|
||||
}
|
||||
|
||||
NTSTATUS pLsaOpenPolicy(PLSA_UNICODE_STRING system_name,
|
||||
PLSA_OBJECT_ATTRIBUTES attrib,
|
||||
ACCESS_MASK access,
|
||||
PLSA_HANDLE handle)
|
||||
ULONG pRtlNtStatusToDosError(NTSTATUS status)
|
||||
{
|
||||
HMODULE hm;
|
||||
typedef NTSTATUS(*LsaOpenPolicyType)(PLSA_UNICODE_STRING, PLSA_OBJECT_ATTRIBUTES, ACCESS_MASK, PLSA_HANDLE);
|
||||
static LsaOpenPolicyType s_pLsaOpenPolicy = NULL;
|
||||
HMODULE hm = NULL;
|
||||
typedef ULONG(NTAPI *RtlNtStatusToDosErrorType)(NTSTATUS);
|
||||
static RtlNtStatusToDosErrorType s_pRtlNtStatusToDosError = NULL;
|
||||
|
||||
if (!s_pLsaOpenPolicy) {
|
||||
if ((hm = load_advapi32()) == NULL)
|
||||
if (!s_pRtlNtStatusToDosError) {
|
||||
if ((hm = load_ntdll()) == NULL)
|
||||
return STATUS_ASSERTION_FAILURE;
|
||||
|
||||
if ((s_pLsaOpenPolicy = (LsaOpenPolicyType)get_proc_address(hm, "LsaOpenPolicy")) == NULL)
|
||||
if ((s_pRtlNtStatusToDosError = (RtlNtStatusToDosErrorType)get_proc_address(hm, "RtlNtStatusToDosError")) == NULL)
|
||||
return STATUS_ASSERTION_FAILURE;
|
||||
}
|
||||
|
||||
return s_pLsaOpenPolicy(system_name, attrib, access, handle);
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS pLsaAddAccountRights(LSA_HANDLE lsa_h,
|
||||
PSID psid,
|
||||
PLSA_UNICODE_STRING rights,
|
||||
ULONG num_rights)
|
||||
{
|
||||
HMODULE hm;
|
||||
typedef NTSTATUS(*LsaAddAccountRightsType)(LSA_HANDLE, PSID, PLSA_UNICODE_STRING, ULONG);
|
||||
static LsaAddAccountRightsType s_pLsaAddAccountRights = NULL;
|
||||
|
||||
if (!s_pLsaAddAccountRights) {
|
||||
if ((hm = load_advapi32()) == NULL)
|
||||
return STATUS_ASSERTION_FAILURE;
|
||||
|
||||
if ((s_pLsaAddAccountRights = (LsaAddAccountRightsType)get_proc_address(hm, "LsaAddAccountRights")) == NULL)
|
||||
return STATUS_ASSERTION_FAILURE;
|
||||
}
|
||||
|
||||
return s_pLsaAddAccountRights(lsa_h, psid, rights, num_rights);
|
||||
return pRtlNtStatusToDosError(status);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -454,14 +454,17 @@ AddSidMappingToLsa(PUNICODE_STRING domain_name,
|
|||
if (op_result == LsaSidNameMappingOperation_NameCollision || op_result == LsaSidNameMappingOperation_SidCollision)
|
||||
ret = 0; /* OK as it failed due to collision */
|
||||
else
|
||||
error("LsaManageSidNameMapping failed with : %s \n", LSAMappingErrorDetails[op_result]);
|
||||
error("LsaManageSidNameMapping failed with : %s", LSAMappingErrorDetails[op_result]);
|
||||
}
|
||||
else
|
||||
error("LsaManageSidNameMapping failed with ntstatus: %d \n", status);
|
||||
error("LsaManageSidNameMapping failed with ntstatus: %d", status);
|
||||
}
|
||||
|
||||
if (p_output)
|
||||
LsaFreeMemory(p_output);
|
||||
if (p_output) {
|
||||
status = LsaFreeMemory(p_output);
|
||||
if (status != STATUS_SUCCESS)
|
||||
debug3("LsaFreeMemory failed with ntstatus: %d", status);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
@ -485,11 +488,12 @@ int RemoveVirtualAccountLSAMapping(PUNICODE_STRING domain_name,
|
|||
&p_output);
|
||||
if (status != STATUS_SUCCESS)
|
||||
ret = -1;
|
||||
|
||||
/* TODO - Free p_output */
|
||||
/*if (p_output)
|
||||
LsaFreeMemory(p_output);*/
|
||||
|
||||
|
||||
if (p_output) {
|
||||
status = LsaFreeMemory(p_output);
|
||||
if (status != STATUS_SUCCESS)
|
||||
debug3("LsaFreeMemory failed with ntstatus: %d", status);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -556,8 +560,10 @@ HANDLE generate_sshd_virtual_token()
|
|||
0,
|
||||
0,
|
||||
0,
|
||||
&sid_domain)))
|
||||
&sid_domain))) {
|
||||
debug3("AllocateAndInitializeSid failed with domain SID");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* group SID - S-1-5-111-0 */
|
||||
if (!(AllocateAndInitializeSid(&nt_authority,
|
||||
|
|
@ -570,8 +576,10 @@ HANDLE generate_sshd_virtual_token()
|
|||
0,
|
||||
0,
|
||||
0,
|
||||
&sid_group)))
|
||||
&sid_group))) {
|
||||
debug3("AllocateAndInitializeSid failed with group SID");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/*
|
||||
* account SID
|
||||
|
|
@ -589,20 +597,29 @@ HANDLE generate_sshd_virtual_token()
|
|||
1125189541,
|
||||
GetCurrentProcessId(),
|
||||
0,
|
||||
&sid_user)))
|
||||
&sid_user))) {
|
||||
debug3("AllocateAndInitializeSid failed with account SID");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
||||
/* Map the domain SID */
|
||||
if (AddSidMappingToLsa(&domain, NULL, sid_domain) != 0)
|
||||
if (AddSidMappingToLsa(&domain, NULL, sid_domain) != 0) {
|
||||
debug3("AddSidMappingToLsa failed to map the domain Sid");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Map the group SID */
|
||||
if (AddSidMappingToLsa(&domain, &group, sid_group) != 0)
|
||||
if (AddSidMappingToLsa(&domain, &group, sid_group) != 0) {
|
||||
debug3("AddSidMappingToLsa failed to map the group Sid");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Map the user SID */
|
||||
if (AddSidMappingToLsa(&domain, &account, sid_user) != 0)
|
||||
if (AddSidMappingToLsa(&domain, &account, sid_user) != 0) {
|
||||
debug3("AddSidMappingToLsa failed to map the user Sid");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* assign service logon privilege to virtual account */
|
||||
{
|
||||
|
|
@ -614,12 +631,12 @@ HANDLE generate_sshd_virtual_token()
|
|||
if ((lsa_ret = LsaOpenPolicy(NULL, &ObjectAttributes,
|
||||
POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
|
||||
&lsa_policy )) != STATUS_SUCCESS) {
|
||||
error("%s: unable to open policy handle, error: %d", __FUNCTION__, LsaNtStatusToWinError(lsa_ret));
|
||||
error("%s: unable to open policy handle, error: %d", __FUNCTION__, pRtlNtStatusToDosError(lsa_ret));
|
||||
goto cleanup;
|
||||
}
|
||||
InitUnicodeString(&svcLogonRight, L"SeServiceLogonRight");
|
||||
if ((lsa_ret = LsaAddAccountRights(lsa_policy, sid_user, &svcLogonRight, 1)) != STATUS_SUCCESS) {
|
||||
error("%s: unable to assign SE_SERVICE_LOGON_NAME privilege, error: %d", __FUNCTION__, LsaNtStatusToWinError(lsa_ret));
|
||||
error("%s: unable to assign SE_SERVICE_LOGON_NAME privilege, error: %d", __FUNCTION__, pRtlNtStatusToDosError(lsa_ret));
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
|
@ -637,13 +654,13 @@ HANDLE generate_sshd_virtual_token()
|
|||
NULL,
|
||||
NULL,
|
||||
NULL)) {
|
||||
debug3("LogonUserExExW failed with %d \n", GetLastError());
|
||||
debug3("LogonUserExExW failed with %d", GetLastError());
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* remove all privileges */
|
||||
if (!CreateRestrictedToken(va_token, DISABLE_MAX_PRIVILEGE, 0, NULL, 0, NULL, 0, NULL, &va_token_restricted ))
|
||||
debug3("CreateRestrictedToken failed with %d \n", GetLastError());
|
||||
debug3("CreateRestrictedToken failed with %d", GetLastError());
|
||||
|
||||
CloseHandle(va_token);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue