winrm-elevated 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +9 -0
- data/.travis.yml +6 -1
- data/README.md +19 -3
- data/VERSION +1 -1
- data/appveyor.yml +39 -0
- data/changelog.md +7 -0
- data/lib/winrm-elevated/runner.rb +7 -8
- data/lib/winrm-elevated/scripts/elevated_shell.ps1 +14 -5
- data/spec/powershell_elevated_spec.rb +7 -0
- data/spec/spec_helper.rb +4 -1
- data/winrm-elevated.gemspec +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d34dd03c88011d2bcfd6b93b401b56d90e53475a
|
|
4
|
+
data.tar.gz: 6ba1a65c66c8cdaa2fad628881b096bcbd104e67
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5231b2d898cdf659afde87840a813a1857686c062023b45f0d1ee3887552992e3d69222ba5b7fb475491b6613794f7f7eba32212b59dcdd31815e844bd9f9343
|
|
7
|
+
data.tar.gz: 6ed0aeb89b9b9210da6137e2a82551e6ece6ff2b5e752542ce4d8d037a707fc24fc4f16ea9bacc60d4dff3511af0546d8a7a7f147625303de251b00d65b0ffe0
|
data/.rubocop.yml
CHANGED
data/.travis.yml
CHANGED
data/README.md
CHANGED
|
@@ -9,9 +9,25 @@ require 'winrm'
|
|
|
9
9
|
require 'winrm-elevated'
|
|
10
10
|
|
|
11
11
|
service = WinRM::WinRMWebService.new(...
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
service.create_executor do |executor|
|
|
13
|
+
elevated_runner = WinRM::Elevated::Runner.new(executor)
|
|
14
|
+
result = elevated_runner.powershell_elevated('dir', 'Administrator', 'password')
|
|
15
|
+
puts "Std out: #{result.output}"
|
|
16
|
+
end
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
### Impersonating a service account
|
|
20
|
+
By passing a `nil` password, winrm-elevated will assume that the command should run as a service account:
|
|
21
|
+
```ruby
|
|
22
|
+
require 'winrm'
|
|
23
|
+
require 'winrm-elevated'
|
|
24
|
+
|
|
25
|
+
service = WinRM::WinRMWebService.new(...
|
|
26
|
+
service.create_executor do |executor|
|
|
27
|
+
elevated_runner = WinRM::Elevated::Runner.new(service)
|
|
28
|
+
result = elevated_runner.powershell_elevated('dir', 'System', nil)
|
|
29
|
+
puts "Std out: #{result.output}"
|
|
30
|
+
end
|
|
15
31
|
```
|
|
16
32
|
|
|
17
33
|
## How does it work?
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.4.0
|
data/appveyor.yml
ADDED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
version: "master-{build}"
|
|
2
|
+
|
|
3
|
+
os: Windows Server 2012 R2
|
|
4
|
+
platform:
|
|
5
|
+
- x64
|
|
6
|
+
|
|
7
|
+
environment:
|
|
8
|
+
winrm_user: test_user
|
|
9
|
+
winrm_pass: Pass@word1
|
|
10
|
+
|
|
11
|
+
matrix:
|
|
12
|
+
- ruby_version: "21"
|
|
13
|
+
winrm_endpoint: http://localhost:5985/wsman
|
|
14
|
+
|
|
15
|
+
clone_folder: c:\projects\winrm-elevated
|
|
16
|
+
clone_depth: 1
|
|
17
|
+
branches:
|
|
18
|
+
only:
|
|
19
|
+
- master
|
|
20
|
+
|
|
21
|
+
install:
|
|
22
|
+
- ps: net user /add $env:winrm_user $env:winrm_pass
|
|
23
|
+
- ps: net localgroup administrators $env:winrm_user /add
|
|
24
|
+
- ps: winrm set winrm/config/client/auth '@{Basic="true"}'
|
|
25
|
+
- ps: winrm set winrm/config/service/auth '@{Basic="true"}'
|
|
26
|
+
- ps: winrm set winrm/config/service '@{AllowUnencrypted="true"}'
|
|
27
|
+
- ps: $env:PATH="C:\Ruby$env:ruby_version\bin;$env:PATH"
|
|
28
|
+
- ps: Write-Host $env:PATH
|
|
29
|
+
- ps: ruby --version
|
|
30
|
+
- ps: gem --version
|
|
31
|
+
- ps: gem install bundler --quiet --no-ri --no-rdoc
|
|
32
|
+
- ps: bundler --version
|
|
33
|
+
|
|
34
|
+
build_script:
|
|
35
|
+
- bundle install || bundle install || bundle install
|
|
36
|
+
|
|
37
|
+
test_script:
|
|
38
|
+
- SET SPEC_OPTS=--format progress
|
|
39
|
+
- bundle exec rake integration
|
data/changelog.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# WinRM-Elevated Gem Changelog
|
|
2
2
|
|
|
3
|
+
# 0.4.0
|
|
4
|
+
- Initialize `Elevated::Runner` with a `CommandExecutor` instead of a `WinrmService` client
|
|
5
|
+
- Run commands from newer winrm executor
|
|
6
|
+
- Use latest winrm-fs 0.4.2
|
|
7
|
+
- Allow task to run as a service account
|
|
8
|
+
- Provide an artificially long timeout to the task to keep the task from dying after 60 seconds
|
|
9
|
+
|
|
3
10
|
# 0.3.0
|
|
4
11
|
- [Name Powershell Script and Log Files Uniquely](https://github.com/WinRb/winrm-elevated/pull/6)
|
|
5
12
|
|
|
@@ -23,10 +23,10 @@ module WinRM
|
|
|
23
23
|
# Runs PowerShell commands elevated via a scheduled task
|
|
24
24
|
class Runner
|
|
25
25
|
# Creates a new Elevated Runner instance
|
|
26
|
-
# @param [
|
|
27
|
-
def initialize(
|
|
28
|
-
@
|
|
29
|
-
@
|
|
26
|
+
# @param [CommandExecutor] a winrm CommandExecutor
|
|
27
|
+
def initialize(executor)
|
|
28
|
+
@executor = executor
|
|
29
|
+
@winrm_file_transporter = WinRM::FS::Core::FileTransporter.new(executor)
|
|
30
30
|
@elevated_shell_path = 'c:/windows/temp/winrm-elevated-shell-' + SecureRandom.uuid + '.ps1'
|
|
31
31
|
@uploaded = nil
|
|
32
32
|
end
|
|
@@ -45,7 +45,7 @@ module WinRM
|
|
|
45
45
|
|
|
46
46
|
upload_elevated_shell_wrapper_script
|
|
47
47
|
wrapped_script = wrap_in_scheduled_task(script_text, username, password)
|
|
48
|
-
@
|
|
48
|
+
@executor.run_cmd(wrapped_script, &block)
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
private
|
|
@@ -53,7 +53,7 @@ module WinRM
|
|
|
53
53
|
def upload_elevated_shell_wrapper_script
|
|
54
54
|
return if @uploaded
|
|
55
55
|
with_temp_file do |temp_file|
|
|
56
|
-
@
|
|
56
|
+
@winrm_file_transporter.upload(temp_file, @elevated_shell_path)
|
|
57
57
|
@uploaded = true
|
|
58
58
|
end
|
|
59
59
|
end
|
|
@@ -76,8 +76,7 @@ module WinRM
|
|
|
76
76
|
def wrap_in_scheduled_task(script_text, username, password)
|
|
77
77
|
ps_script = WinRM::PowershellScript.new(script_text)
|
|
78
78
|
"powershell -executionpolicy bypass -file \"#{@elevated_shell_path}\" " \
|
|
79
|
-
"-username \"#{username}\" -password \"#{password}\" -
|
|
80
|
-
"-encoded_command \"#{ps_script.encoded}\""
|
|
79
|
+
"-username \"#{username}\" -password \"#{password}\" -encoded_command \"#{ps_script.encoded}\""
|
|
81
80
|
end
|
|
82
81
|
end
|
|
83
82
|
end
|
|
@@ -1,4 +1,13 @@
|
|
|
1
|
-
param([String]$username, [String]$password, [String]$encoded_command
|
|
1
|
+
param([String]$username, [String]$password, [String]$encoded_command)
|
|
2
|
+
|
|
3
|
+
$pass_to_use = $password
|
|
4
|
+
$logon_type = 1
|
|
5
|
+
$logon_type_xml = "<LogonType>Password</LogonType>"
|
|
6
|
+
if($pass_to_use.length -eq 0) {
|
|
7
|
+
$pass_to_use = $null
|
|
8
|
+
$logon_type = 5
|
|
9
|
+
$logon_type_xml = ""
|
|
10
|
+
}
|
|
2
11
|
|
|
3
12
|
$task_name = "WinRM_Elevated_Shell"
|
|
4
13
|
$out_file = [System.IO.Path]::GetTempFileName()
|
|
@@ -10,7 +19,7 @@ $task_xml = @'
|
|
|
10
19
|
<Principals>
|
|
11
20
|
<Principal id="Author">
|
|
12
21
|
<UserId>{username}</UserId>
|
|
13
|
-
|
|
22
|
+
{logon_type}
|
|
14
23
|
<RunLevel>HighestAvailable</RunLevel>
|
|
15
24
|
</Principal>
|
|
16
25
|
</Principals>
|
|
@@ -30,7 +39,7 @@ $task_xml = @'
|
|
|
30
39
|
<Hidden>false</Hidden>
|
|
31
40
|
<RunOnlyIfIdle>false</RunOnlyIfIdle>
|
|
32
41
|
<WakeToRun>false</WakeToRun>
|
|
33
|
-
<ExecutionTimeLimit>
|
|
42
|
+
<ExecutionTimeLimit>PT24H</ExecutionTimeLimit>
|
|
34
43
|
<Priority>4</Priority>
|
|
35
44
|
</Settings>
|
|
36
45
|
<Actions Context="Author">
|
|
@@ -46,14 +55,14 @@ $arguments = "/c powershell.exe -EncodedCommand $encoded_command > $out_file
|
|
|
46
55
|
|
|
47
56
|
$task_xml = $task_xml.Replace("{arguments}", $arguments)
|
|
48
57
|
$task_xml = $task_xml.Replace("{username}", $username)
|
|
49
|
-
$task_xml = $task_xml.Replace("{
|
|
58
|
+
$task_xml = $task_xml.Replace("{logon_type}", $logon_type_xml)
|
|
50
59
|
|
|
51
60
|
$schedule = New-Object -ComObject "Schedule.Service"
|
|
52
61
|
$schedule.Connect()
|
|
53
62
|
$task = $schedule.NewTask($null)
|
|
54
63
|
$task.XmlText = $task_xml
|
|
55
64
|
$folder = $schedule.GetFolder("\")
|
|
56
|
-
$folder.RegisterTaskDefinition($task_name, $task, 6, $username, $
|
|
65
|
+
$folder.RegisterTaskDefinition($task_name, $task, 6, $username, $pass_to_use, $logon_type, $null) | Out-Null
|
|
57
66
|
|
|
58
67
|
$registered_task = $folder.GetTask("\$task_name")
|
|
59
68
|
$registered_task.Run($null) | Out-Null
|
|
@@ -7,6 +7,13 @@ describe 'powershell elevated runner', integration: true do
|
|
|
7
7
|
it { should have_no_stderr }
|
|
8
8
|
end
|
|
9
9
|
|
|
10
|
+
describe 'ipconfig as Service' do
|
|
11
|
+
subject(:output) { elevated_runner.powershell_elevated('ipconfig', 'System', nil) }
|
|
12
|
+
it { should have_exit_code 0 }
|
|
13
|
+
it { should have_stdout_match(/Windows IP Configuration/) }
|
|
14
|
+
it { should have_no_stderr }
|
|
15
|
+
end
|
|
16
|
+
|
|
10
17
|
describe 'echo \'hello world\' using apostrophes' do
|
|
11
18
|
subject(:output) { elevated_runner.powershell_elevated("echo 'hello world'", username, password) }
|
|
12
19
|
it { should have_exit_code 0 }
|
data/spec/spec_helper.rb
CHANGED
|
@@ -15,7 +15,7 @@ module ConnectionHelper
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def elevated_runner
|
|
18
|
-
@elevated_runner ||= WinRM::Elevated::Runner.new(winrm_connection)
|
|
18
|
+
@elevated_runner ||= WinRM::Elevated::Runner.new(winrm_connection.create_executor)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def winrm_config
|
|
@@ -25,6 +25,9 @@ module ConnectionHelper
|
|
|
25
25
|
path = File.expand_path("#{File.dirname(__FILE__)}/config-example.yml")
|
|
26
26
|
end
|
|
27
27
|
@winrm_config = YAML.load(File.read(path))
|
|
28
|
+
@winrm_config['endpoint'] = ENV['winrm_endpoint'] if ENV['winrm_endpoint']
|
|
29
|
+
@winrm_config['options']['user'] = ENV['winrm_user'] if ENV['winrm_user']
|
|
30
|
+
@winrm_config['options']['pass'] = ENV['winrm_pass'] if ENV['winrm_pass']
|
|
28
31
|
end
|
|
29
32
|
@winrm_config
|
|
30
33
|
end
|
data/winrm-elevated.gemspec
CHANGED
|
@@ -26,7 +26,7 @@ Gem::Specification.new do |s|
|
|
|
26
26
|
|
|
27
27
|
s.required_ruby_version = '>= 1.9.0'
|
|
28
28
|
s.add_runtime_dependency 'winrm', '~> 1.5'
|
|
29
|
-
s.add_runtime_dependency 'winrm-fs', '~> 0.
|
|
29
|
+
s.add_runtime_dependency 'winrm-fs', '~> 0.4.2'
|
|
30
30
|
s.add_development_dependency 'rspec', '~> 3.2'
|
|
31
31
|
s.add_development_dependency 'rake', '~> 10.3'
|
|
32
32
|
s.add_development_dependency 'rubocop', '~> 0.28'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: winrm-elevated
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shawn Neal
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-04-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: winrm
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.4.2
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.4.2
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -99,6 +99,7 @@ files:
|
|
|
99
99
|
- README.md
|
|
100
100
|
- Rakefile
|
|
101
101
|
- VERSION
|
|
102
|
+
- appveyor.yml
|
|
102
103
|
- changelog.md
|
|
103
104
|
- lib/winrm-elevated.rb
|
|
104
105
|
- lib/winrm-elevated/runner.rb
|