search

PowerShell / Win32-OpenSSH

Win32 port of OpenSSH
7.46k stars 766 forks source link

v9.1.0.0p1-Beta install-sshd.ps1 fails with The value '268435456' is not valid for this usage of the type FileSystemRights #2017

Open rgl opened 1 year ago

rgl commented 1 year ago

Prerequisites

Steps to reproduce

  1. unzip https://github.com/PowerShell/Win32-OpenSSH/releases/download/v9.1.0.0p1-Beta/OpenSSH-Win64.zip to C:\Program Files\OpenSSH
  2. call install-sshd.ps1 -Confirm:$false
  3. observe the error

You can find my vagrant environment at https://github.com/rgl/openssh-server-windows-vagrant/blob/wip/provision.ps1#L26

Expected behavior

it should have installed with success

Actual behavior

sshd:   [*] C:\Program Files\OpenSSH\moduli
    sshd: Inheritance is removed from 'C:\Program Files\OpenSSH\moduli'.
    sshd: 'BUILTIN\Users' now has Read access to 'C:\Program Files\OpenSSH\moduli'.
    sshd: 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES' now has Read access to 'C:\Program Files\OpenSSH\moduli'.
    sshd: 'APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES' now has Read access to 'C:\Program Files\OpenSSH\moduli'.
    sshd:       Repaired permissions
    sshd: 
    sshd:   [*] C:\ProgramData\ssh
    sshd: Inheritance is removed from 'C:\ProgramData\ssh'.
    sshd: ERROR: Exception calling ".ctor" with "5" argument(s): "The value '268435456' is not valid for this usage of the type FileSystemRights.
    sshd: Parameter name: fileSystemRights"
    sshd: ERROR: at Repair-FilePermissionInternal, C:\Program Files\OpenSSH\OpenSSHUtils.psm1: line 624
    sshd: ERROR: at Repair-FilePermission, C:\Program Files\OpenSSH\OpenSSHUtils.psm1: line 354
    sshd: ERROR: at Repair-SSHFolderPermission, C:\Program Files\OpenSSH\OpenSSHUtils.psm1: line 286
    sshd: ERROR: at <ScriptBlock>, C:\Program Files\OpenSSH\install-sshd.ps1: line 110
    sshd: ERROR: at <ScriptBlock>, C:\vagrant\provision.ps1: line 26
    sshd: ERROR: at <ScriptBlock>, C:\tmp\vagrant-shell.ps1: line 102
    sshd: ERROR EXCEPTION: System.Management.Automation.MethodInvocationException: Exception calling ".ctor" with "5" argument(s): "The value '268435456' is not valid for this usage of the type FileSystemRights.
    sshd: ERROR EXCEPTION: Parameter name: fileSystemRights" ---> System.ArgumentOutOfRangeException: The value '268435456' is not valid for this usage of the type FileSystemRights.
    sshd: ERROR EXCEPTION: Parameter name: fileSystemRights
    sshd: ERROR EXCEPTION:    at System.Security.AccessControl.FileSystemAccessRule.AccessMaskFromRights(FileSystemRights fileSystemRights, AccessControlType controlType)
    sshd: ERROR EXCEPTION:    at System.Security.AccessControl.FileSystemAccessRule..ctor(IdentityReference identity, FileSystemRights fileSystemRights, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
    sshd: ERROR EXCEPTION:    --- End of inner exception stack trace ---
    sshd: ERROR EXCEPTION:    at System.Management.Automation.DotNetAdapter.AuxiliaryConstructorInvoke(MethodInformation methodInformation, Object[] arguments, Object[] originalArguments)
    sshd: ERROR EXCEPTION:    at System.Management.Automation.DotNetAdapter.ConstructorInvokeDotNet(Type type, ConstructorInfo[] constructors, Object[] arguments)
    sshd: ERROR EXCEPTION:    at Microsoft.PowerShell.Commands.NewObjectCommand.CallConstructor(Type type, ConstructorInfo[] constructors, Object[] args)
The

Error details

No response

Environment data

n/a

Version

v9.1.0.0p1-Beta

Visuals

No response

vthiebaut10 commented 1 year ago

@rgl It seems that the install script is failing to repair the permissions for C:\ProgramData\ssh because that folder has a file system right that is not listed in the FileSystemRights Enum. I was able to work around that by manually removing access to the "CREATOR OWNER" Principal from the folder. Can you give that a try and let me know if that works? For now I'll continue to investigate if we can fic the scripts.

rgl commented 1 year ago

I ended up using another workaround, I've deleted the C:\ProgramData\ssh directory before the install. In my case, this is even more appropriate than having any kind of configuration lingering around.

lemeurherve commented 6 months ago

@vthiebaut10 for the record, I fixed it in https://github.com/jenkinsci/docker-ssh-agent/pull/403 with the following commands to remove the CREATOR OWNER unrecognized file system right:

icacls 'C:\ProgramData\ssh' /inheritance:d
icacls 'C:\ProgramData\ssh' /remove 'CREATOR OWNER'