OpenSH for WAPT
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

setup.py 5.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. # -*- coding: utf-8 -*-
  2. from setuphelpers import *
  3. import requests,json
  4. from jinja2 import Environment, FileSystemLoader
  5. uninstallkey = []
  6. variables = {
  7. 'ssh_password_auth': False,
  8. 'ssh_append_ciphers': True,
  9. 'ssh_ciphers': [ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc' ]
  10. }
  11. # Read local variables file if available
  12. if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
  13. print('Reading local encrypted variables file')
  14. from cryptography.fernet import Fernet
  15. import yaml
  16. f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
  17. variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
  18. def install():
  19. print('Installing OpenSSH')
  20. mkdirs(makepath(programfiles,'OpenSSH'))
  21. print(' Stoping the service')
  22. for service in ['sshd','ssh-agent']:
  23. if service_installed(service) and service_is_running(service):
  24. service_stop(service)
  25. killalltasks('%s.exe' % service)
  26. print(' Extract OpenSSH archive')
  27. run('"%s" e -y -o"%s" OpenSSH-Win%s.zip' % (makepath(programfiles,'7-Zip','7z.exe'),makepath(programfiles,'OpenSSH'),'64' if iswin64() else '32'))
  28. print(' Installing the services')
  29. run(r'sc.exe create sshd binPath= "%s" DisplayName= "OpenSSH Server" start= auto' % makepath(programfiles,'OpenSSH','sshd.exe'), accept_returncodes=[0,1073])
  30. run(r'sc.exe privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege')
  31. run(r'sc.exe create ssh-agent binPath= "%s" DisplayName= "OpenSSH Authentication Agent" start= auto' % makepath(programfiles,'OpenSSH','ssh-agent.exe'), accept_returncodes=[0,1073])
  32. run(r'sc.exe sdset ssh-agent "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)"')
  33. run(r'sc.exe privs ssh-agent SeImpersonatePrivilege')
  34. run(r'wevtutil.exe um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
  35. filecopyto('openssh-events.man',makepath(programfiles,'OpenSSH'))
  36. run(r'wevtutil.exe im "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
  37. print(' Opening port 22 in the firewall')
  38. run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"')
  39. run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes')
  40. print(' Deploy sshd_config')
  41. conf_dir = makepath(os.getenv('ProgramData',r'C:\ProgramData'),'ssh')
  42. mkdirs(conf_dir)
  43. jinja2 = Environment(
  44. loader=FileSystemLoader('.'),
  45. trim_blocks=True
  46. )
  47. open(makepath(conf_dir,'sshd_config'),'w').write(
  48. jinja2.get_template('sshd_config.j2').render(
  49. ssh_ciphers = ('+' if variables['ssh_append_ciphers'] == True else '') + ','.join(variables['ssh_ciphers']),
  50. ssh_password_auth = variables['ssh_password_auth']
  51. )
  52. )
  53. print(' (Re)starting the service')
  54. if service_is_running('sshd'):
  55. service_restart('sshd')
  56. else:
  57. service_start('sshd')
  58. print(r' Enabling sshd service on boot')
  59. run('sc config sshd start= auto')
  60. def uninstall():
  61. print('Removing OpenSSH')
  62. for service in ['sshd','ssh-agent']:
  63. print(' Stoping the services %s' % service)
  64. if service_is_running(service):
  65. service_stop(service)
  66. killalltasks('%s.exe' % service)
  67. print(' Uninstalling service %s' % service)
  68. run(r'sc.exe delete %s' % service)
  69. print(' Unregister events handler')
  70. run(r'wevtutil um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
  71. print(' Removing files')
  72. remove_tree(makepath(programfiles,'OpenSSH'))
  73. def update_package():
  74. print('Updating OpenSSH Package')
  75. latest = json.loads(requests.get('https://api.github.com/repos/PowerShell/Win32-OpenSSH/releases/latest').text.encode('utf-8'))
  76. version = latest['tag_name'].split('-',1)[0].lstrip('v').rstrip('p1')
  77. pe = PackageEntry();
  78. control = pe.load_control_from_wapt('.')
  79. if Version(version) > Version(control['version'].split('-',1)[0]):
  80. for arch in ['32','64']:
  81. remove_file('OpenSSH-Win%s.zip' % arch)
  82. for asset in latest['assets']:
  83. if asset['name'] == 'OpenSSH-Win%s.zip' % arch and not isfile('OpenSSH-Win%s.zip' % arch):
  84. url = asset['browser_download_url']
  85. print('Downloading OpenSSH %s for win%s from %s' % (version,arch,url))
  86. wget(url,'OpenSSH-Win%s.zip' % arch)
  87. print('Updating control file with new version %s' % version)
  88. pe.version = version + '-0'
  89. pe.save_control_to_wapt('.')
  90. def audit():
  91. version = control['version'].split('-',1)[0]
  92. installed_version = get_file_properties(makepath(programfiles,'OpenSSH','sshd.exe'))['FileVersion']
  93. if Version(version) != Version(installed_version):
  94. print('Installed version %s does not match version %s' % (version, installed_version))
  95. return "ERROR"
  96. return "OK"
  97. if __name__ == '__main__':
  98. update_package()