winrm-elevated 1.1.1 → 1.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e4eafa3868086d590ce41b1b34631f82a2830d62ce635423cc17a7137ee82fe1
-  data.tar.gz: 9e673bfbbbf91f8c3595b4ad2680d61bc12fe423bf2ff65c0a47196459fd9a12
+  metadata.gz: ee0adbdb22c257558248a863ab41505ef63bbe664150084be3cd57ecc56eef3e
+  data.tar.gz: d3442d4883f6617827977d6c2538f8d4961a1bf45de3e45be4c249e34ec548c3
 SHA512:
-  metadata.gz: 15871834756bd792d2df264a426d8f3c4aa76cb083a279beeabccf8ffe2693413910ac59447dba6639201904bd5cd03e8b2ce4adb9263a27aab9a20b84bab56e
-  data.tar.gz: 7648a7e4337a7b7f89e082725a96e1fe7764e5923053b18b4cb13b9eb62f378f1fd9b8db147c84b122e41b26a1ab988940c5cef567a26fbbfc054890170d9566
+  metadata.gz: 439dfd36cc9777886088dccb8172885844f319f3e808fb951b2eac31e115367e500f97b9d6fc2d0006588a7c1a8bedbb034d8af1678bc6d39d10647c6db2a958
+  data.tar.gz: 63935500fcb295b1359c2222cb1860788fbb2f7859c2f303c8928b61b478197c72e4fa2163070873e333e45d822a7164ea365947cdb5b7c3a6ca117ff20bdbc5

data/lib/winrm-elevated.rb

@@ -13,5 +13,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'winrm'
+require 'winrm' unless defined?(WinRM::Connection)
 require_relative 'winrm/shells/elevated'

data/lib/winrm-elevated/scripts/elevated_shell.ps1

@@ -16,7 +16,7 @@ if($interactive -eq 'true') {
   $logon_type_xml = "<LogonType>InteractiveTokenOrPassword</LogonType>"
 }
 
-$task_name = "WinRM_Elevated_Shell"
+$task_name = "WinRM_Elevated_Shell_" + [guid]::NewGuid()
 $out_file = [System.IO.Path]::GetTempFileName()
 $err_file = [System.IO.Path]::GetTempFileName()
 
@@ -64,44 +64,65 @@ $task_xml = $task_xml.Replace("{arguments}", $arguments)
 $task_xml = $task_xml.Replace("{username}", $username)
 $task_xml = $task_xml.Replace("{logon_type}", $logon_type_xml)
 
-$schedule = New-Object -ComObject "Schedule.Service"
-$schedule.Connect()
-$task = $schedule.NewTask($null)
-$task.XmlText = $task_xml
-$folder = $schedule.GetFolder("\")
-$folder.RegisterTaskDefinition($task_name, $task, 6, $username, $pass_to_use, $logon_type, $null) | Out-Null
+try {
+    $schedule = New-Object -ComObject "Schedule.Service"
+    $schedule.Connect()
+    $task = $schedule.NewTask($null)
+    $task.XmlText = $task_xml
+    $folder = $schedule.GetFolder("\")
+    $folder.RegisterTaskDefinition($task_name, $task, 6, $username, $pass_to_use, $logon_type, $null) | Out-Null
 
-$registered_task = $folder.GetTask("\$task_name")
-$registered_task.Run($null) | Out-Null
+    $registered_task = $folder.GetTask("\$task_name")
+    $registered_task.Run($null) | Out-Null
 
-$timeout = 10
-$sec = 0
-while ( (!($registered_task.state -eq 4)) -and ($sec -lt $timeout) ) {
-  Start-Sleep -s 1
-  $sec++
+    $timeout = 10
+    $sec = 0
+    while ( (!($registered_task.state -eq 4)) -and ($sec -lt $timeout) ) {
+        Start-Sleep -s 1
+        $sec++
+    }
+} catch {
+    Write-Error -ErrorRecord $PSItem
+    exit $PSItem.Exception.HResult
 }
 
 function SlurpOutput($file, $cur_line, $out_type) {
   if (Test-Path $file) {
-    get-content $file | select -skip $cur_line | ForEach {
-      $cur_line += 1
-      if ($out_type -eq 'err') {
-        $host.ui.WriteErrorLine("$_")
-      } else {
-        $host.ui.WriteLine("$_")
+    $fs = New-Object -TypeName System.IO.FileStream -ArgumentList @(
+      $file,
+      [system.io.filemode]::Open,
+      [System.io.FileAccess]::Read,
+      [System.IO.FileShare]::ReadWrite
+    )
+    try {
+      $enc = [System.Text.Encoding]::GetEncoding($Host.CurrentCulture.TextInfo.OEMCodePage)
+      $bytes = [System.Byte[]]::CreateInstance([System.Byte], $fs.Length)
+      if ($fs.Read($bytes, 0, $fs.Length) -gt 0) {
+        $text = $enc.GetString($bytes)
+        $text.TrimEnd("`n").TrimEnd("`r").Split(@("`r`n", "`n"), [StringSplitOptions]::None) | Select-Object -skip $cur_line | ForEach-Object {
+          $cur_line += 1
+          if ($out_type -eq 'err') {
+            $host.ui.WriteErrorLine("$_")
+          } else {
+            $host.ui.WriteLine("$_")
+          }
+        }
       }
     }
+    finally { $fs.Close() }
   }
   return $cur_line
 }
 
 $err_cur_line = 0
 $out_cur_line = 0
+$timeout = <%= execution_timeout %>
+$startDate = Get-Date
 do {
   Start-Sleep -m 100
   $out_cur_line = SlurpOutput $out_file $out_cur_line 'out'
   $err_cur_line = SlurpOutput $err_file $err_cur_line 'err'
-} while (!($registered_task.state -eq 3))
+} while( (!($registered_task.state -eq 3)) -and ($startDate.AddSeconds($timeout) -gt (Get-Date)) )
 
 # We'll make a best effort to clean these files
 # But a reboot could possibly end the task while the process
@@ -111,6 +132,19 @@ try { Remove-Item $err_file -ErrorAction Stop } catch {}
 try { Remove-Item $script_file -ErrorAction Stop } catch {}
 
 $exit_code = $registered_task.LastTaskResult
+
+try {
+  # Clean current task
+  $folder.DeleteTask($task_name, 0)
+  # Clean old tasks if required
+  $old_tasks_filter_date = [datetime]::Now.AddSeconds(<%= -1 * execution_timeout %>)
+  $old_tasks_to_kill = $folder.GetTasks(0) | Select Name,LastRunTime | Where-Object {
+    ($_.Name -like "WinRM_Elevated_Shell*") -and ($_.LastRunTime -le $old_tasks_filter_date) -and ($_.Name -ne $task_name)
+  }
+  $old_tasks_to_kill | ForEach-Object { try { $folder.DeleteTask($_.Name, 0) } catch {} }
+}
+catch {}
+
 [System.Runtime.Interopservices.Marshal]::ReleaseComObject($schedule) | Out-Null
 
 exit $exit_code

data/lib/winrm/shells/elevated.rb

@@ -13,10 +13,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'erubis'
-require 'winrm'
+require 'erubi'
+require 'winrm' unless defined?(WinRM::Connection)
 require 'winrm-fs'
-require 'securerandom'
+require 'securerandom' unless defined?(SecureRandom)
+require 'stringio'
 
 module WinRM
   module Shells
@@ -33,6 +34,7 @@ module WinRM
         @interactive_logon = false
         @shell = Powershell.new(connection_opts, transport, logger)
         @winrm_file_transporter = WinRM::FS::Core::FileTransporter.new(@shell)
+        @execution_timeout = 86_400
       end
 
       # @return [String] The admin user name to execute the scheduled task as
@@ -44,6 +46,9 @@ module WinRM
       # @return [Bool] Using an interactive logon
       attr_accessor :interactive_logon
 
+      # @return [Integer] Timeout for the task to be executed
+      attr_accessor :execution_timeout
+
       # Run a command or PowerShell script elevated without any of the
       # restrictions that WinRM puts in place.
       #
@@ -68,35 +73,30 @@ module WinRM
 
       def upload_elevated_shell_script(script_text)
         elevated_shell_path = 'c:/windows/temp/winrm-elevated-shell-' + SecureRandom.uuid + '.ps1'
-        with_temp_file(script_text) do |temp_file|
-          @winrm_file_transporter.upload(temp_file, elevated_shell_path)
-        end
+        # Prepend the content of the file with an UTF-8 BOM for Windows to read it as such instead of the default
+        # Windows-XXXX encoding, and convert script_text accordingly if needed.
+        script_text_with_exit = "\uFEFF#{script_text.encode(Encoding::UTF_8)}\r\n$Host.SetShouldExit($LASTEXITCODE)"
+        @winrm_file_transporter.upload(StringIO.new(script_text_with_exit), elevated_shell_path)
         elevated_shell_path
       end
 
-      def with_temp_file(script_text)
-        file = Tempfile.new(['winrm-elevated-shell', 'ps1'])
-        file.write(script_text)
-        file.write("\r\n$Host.SetShouldExit($LASTEXITCODE)")
-        file.fsync
-        file.close
-        yield file.path
-      ensure
-        file.close
-        file.unlink
-      end
-
       def elevated_shell_script_content
         IO.read(File.expand_path('../../winrm-elevated/scripts/elevated_shell.ps1', __dir__))
       end
 
       def wrap_in_scheduled_task(script_path, username, password)
-        Erubis::Eruby.new(elevated_shell_script_content).result(
+        context = {
           username: username,
           password: password,
           script_path: script_path,
-          interactive_logon: interactive_logon
-        )
+          interactive_logon: interactive_logon,
+          execution_timeout: execution_timeout
+        }
+
+        b = binding
+        locals = context.collect { |k, _| "#{k} = context[#{k.inspect}]; " }
+        b.eval(locals.join)
+        b.eval(Erubi::Engine.new(elevated_shell_script_content).src)
       end
     end
   end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: winrm-elevated
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.3
 platform: ruby
 authors:
 - Shawn Neal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-19 00:00:00.000000000 Z
+date: 2020-11-11 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: erubi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: winrm
   requirement: !ruby/object:Gem::Requirement
@@ -113,15 +127,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.0
+      version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Ruby library for running commands as elevated