OpenSH for WAPT
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
 
 
 

117 wiersze
5.3 KiB

# -*- coding: utf-8 -*-
from setuphelpers import *
import requests,json
from jinja2 import Environment, FileSystemLoader
uninstallkey = []
variables = {
'ssh_password_auth': False,
'ssh_append_ciphers': True,
'ssh_ciphers': [ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc' ]
}
# Read local variables file if available
if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
print('Reading local encrypted variables file')
from cryptography.fernet import Fernet
import yaml
f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
def install():
print('Installing OpenSSH')
mkdirs(makepath(programfiles,'OpenSSH'))
print(' Stoping the service')
for service in ['sshd','ssh-agent']:
if service_installed(service) and service_is_running(service):
service_stop(service)
killalltasks('%s.exe' % service)
print(' Extract OpenSSH archive')
run('"%s" e -y -o"%s" OpenSSH-Win%s.zip' % (makepath(programfiles,'7-Zip','7z.exe'),makepath(programfiles,'OpenSSH'),'64' if iswin64() else '32'))
print(' Installing the services')
run(r'sc.exe create sshd binPath= "%s" DisplayName= "OpenSSH Server" start= auto' % makepath(programfiles,'OpenSSH','sshd.exe'), accept_returncodes=[0,1073])
run(r'sc.exe privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege')
run(r'sc.exe create ssh-agent binPath= "%s" DisplayName= "OpenSSH Authentication Agent" start= auto' % makepath(programfiles,'OpenSSH','ssh-agent.exe'), accept_returncodes=[0,1073])
run(r'sc.exe sdset ssh-agent "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)"')
run(r'sc.exe privs ssh-agent SeImpersonatePrivilege')
run(r'wevtutil.exe um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
filecopyto('openssh-events.man',makepath(programfiles,'OpenSSH'))
run(r'wevtutil.exe im "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
print(' Opening port 22 in the firewall')
run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"')
run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes')
print(' Deploy sshd_config')
conf_dir = makepath(os.getenv('ProgramData',r'C:\ProgramData'),'ssh')
mkdirs(conf_dir)
jinja2 = Environment(
loader=FileSystemLoader('.'),
trim_blocks=True
)
open(makepath(conf_dir,'sshd_config'),'w').write(
jinja2.get_template('sshd_config.j2').render(
ssh_ciphers = ('+' if variables['ssh_append_ciphers'] == True else '') + ','.join(variables['ssh_ciphers']),
ssh_password_auth = variables['ssh_password_auth']
)
)
print(' (Re)starting the service')
if service_is_running('sshd'):
service_restart('sshd')
else:
service_start('sshd')
print(r' Enabling sshd service on boot')
run('sc config sshd start= auto')
def uninstall():
print('Removing OpenSSH')
for service in ['sshd','ssh-agent']:
print(' Stoping the services %s' % service)
if service_is_running(service):
service_stop(service)
killalltasks('%s.exe' % service)
print(' Uninstalling service %s' % service)
run(r'sc.exe delete %s' % service)
print(' Unregister events handler')
run(r'wevtutil um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
print(' Removing files')
remove_tree(makepath(programfiles,'OpenSSH'))
def update_package():
print('Updating OpenSSH Package')
latest = json.loads(requests.get('https://api.github.com/repos/PowerShell/Win32-OpenSSH/releases/latest').text.encode('utf-8'))
version = latest['tag_name'].split('-',1)[0].lstrip('v').rstrip('p1')
pe = PackageEntry();
control = pe.load_control_from_wapt('.')
if Version(version) > Version(control['version'].split('-',1)[0]):
for arch in ['32','64']:
remove_file('OpenSSH-Win%s.zip' % arch)
for asset in latest['assets']:
if asset['name'] == 'OpenSSH-Win%s.zip' % arch and not isfile('OpenSSH-Win%s.zip' % arch):
url = asset['browser_download_url']
print('Downloading OpenSSH %s for win%s from %s' % (version,arch,url))
wget(url,'OpenSSH-Win%s.zip' % arch)
print('Updating control file with new version %s' % version)
pe.version = version + '-0'
pre.maturity = 'PREPROD'
pe.save_control_to_wapt('.')
def audit():
version = control['version'].split('-',1)[0]
installed_version = get_file_properties(makepath(programfiles,'OpenSSH','sshd.exe'))['FileVersion']
if Version(version) != Version(installed_version):
print('Installed version %s does not match version %s' % (version, installed_version))
return "ERROR"
return "OK"
if __name__ == '__main__':
update_package()