Nevar pievienot vairāk kā 25 tēmas
Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
117 rindas
5.3 KiB
117 rindas
5.3 KiB
# -*- coding: utf-8 -*-
|
|
from setuphelpers import *
|
|
import requests,json
|
|
from jinja2 import Environment, FileSystemLoader
|
|
|
|
uninstallkey = []
|
|
variables = {
|
|
'ssh_password_auth': False,
|
|
'ssh_append_ciphers': True,
|
|
'ssh_ciphers': [ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc' ]
|
|
}
|
|
|
|
# Read local variables file if available
|
|
if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
|
|
print('Reading local encrypted variables file')
|
|
from cryptography.fernet import Fernet
|
|
import yaml
|
|
f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
|
|
variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
|
|
|
|
def install():
|
|
print('Installing OpenSSH')
|
|
mkdirs(makepath(programfiles,'OpenSSH'))
|
|
|
|
print(' Stoping the service')
|
|
for service in ['sshd','ssh-agent']:
|
|
if service_installed(service) and service_is_running(service):
|
|
service_stop(service)
|
|
killalltasks('%s.exe' % service)
|
|
|
|
print(' Extract OpenSSH archive')
|
|
run('"%s" e -y -o"%s" OpenSSH-Win%s.zip' % (makepath(programfiles,'7-Zip','7z.exe'),makepath(programfiles,'OpenSSH'),'64' if iswin64() else '32'))
|
|
|
|
print(' Installing the services')
|
|
run(r'sc.exe create sshd binPath= "%s" DisplayName= "OpenSSH Server" start= auto' % makepath(programfiles,'OpenSSH','sshd.exe'), accept_returncodes=[0,1073])
|
|
run(r'sc.exe privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege')
|
|
run(r'sc.exe create ssh-agent binPath= "%s" DisplayName= "OpenSSH Authentication Agent" start= auto' % makepath(programfiles,'OpenSSH','ssh-agent.exe'), accept_returncodes=[0,1073])
|
|
run(r'sc.exe sdset ssh-agent "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)"')
|
|
run(r'sc.exe privs ssh-agent SeImpersonatePrivilege')
|
|
run(r'wevtutil.exe um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
|
|
filecopyto('openssh-events.man',makepath(programfiles,'OpenSSH'))
|
|
run(r'wevtutil.exe im "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
|
|
|
|
print(' Opening port 22 in the firewall')
|
|
run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"')
|
|
run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes')
|
|
|
|
print(' Deploy sshd_config')
|
|
conf_dir = makepath(os.getenv('ProgramData',r'C:\ProgramData'),'ssh')
|
|
mkdirs(conf_dir)
|
|
jinja2 = Environment(
|
|
loader=FileSystemLoader('.'),
|
|
trim_blocks=True
|
|
)
|
|
open(makepath(conf_dir,'sshd_config'),'w').write(
|
|
jinja2.get_template('sshd_config.j2').render(
|
|
ssh_ciphers = ('+' if variables['ssh_append_ciphers'] == True else '') + ','.join(variables['ssh_ciphers']),
|
|
ssh_password_auth = variables['ssh_password_auth']
|
|
)
|
|
)
|
|
|
|
print(' (Re)starting the service')
|
|
if service_is_running('sshd'):
|
|
service_restart('sshd')
|
|
else:
|
|
service_start('sshd')
|
|
|
|
print(r' Enabling sshd service on boot')
|
|
run('sc config sshd start= auto')
|
|
|
|
def uninstall():
|
|
print('Removing OpenSSH')
|
|
|
|
for service in ['sshd','ssh-agent']:
|
|
print(' Stoping the services %s' % service)
|
|
if service_is_running(service):
|
|
service_stop(service)
|
|
killalltasks('%s.exe' % service)
|
|
|
|
print(' Uninstalling service %s' % service)
|
|
run(r'sc.exe delete %s' % service)
|
|
|
|
print(' Unregister events handler')
|
|
run(r'wevtutil um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
|
|
|
|
print(' Removing files')
|
|
remove_tree(makepath(programfiles,'OpenSSH'))
|
|
|
|
def update_package():
|
|
print('Updating OpenSSH Package')
|
|
latest = json.loads(requests.get('https://api.github.com/repos/PowerShell/Win32-OpenSSH/releases/latest').text.encode('utf-8'))
|
|
version = latest['tag_name'].split('-',1)[0].lstrip('v').rstrip('p1')
|
|
pe = PackageEntry();
|
|
control = pe.load_control_from_wapt('.')
|
|
if Version(version) > Version(control['version'].split('-',1)[0]):
|
|
for arch in ['32','64']:
|
|
remove_file('OpenSSH-Win%s.zip' % arch)
|
|
for asset in latest['assets']:
|
|
if asset['name'] == 'OpenSSH-Win%s.zip' % arch and not isfile('OpenSSH-Win%s.zip' % arch):
|
|
url = asset['browser_download_url']
|
|
print('Downloading OpenSSH %s for win%s from %s' % (version,arch,url))
|
|
wget(url,'OpenSSH-Win%s.zip' % arch)
|
|
print('Updating control file with new version %s' % version)
|
|
pe.version = version + '-0'
|
|
pre.maturity = 'PREPROD'
|
|
pe.save_control_to_wapt('.')
|
|
|
|
def audit():
|
|
version = control['version'].split('-',1)[0]
|
|
installed_version = get_file_properties(makepath(programfiles,'OpenSSH','sshd.exe'))['FileVersion']
|
|
if Version(version) != Version(installed_version):
|
|
print('Installed version %s does not match version %s' % (version, installed_version))
|
|
return "ERROR"
|
|
return "OK"
|
|
|
|
if __name__ == '__main__':
|
|
update_package()
|
|
|