jborean93

#!/usr/bin/env bash

set -o pipefail -eu

function create_package {
    name="${1}"
    version="${2}"
    requirements="${3:-}"

    if [ ! -z "${requirements}" ]; then

jborean93

# Copyright: (c) 2020, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

#Requires -Module MSAL.PS

Function New-EXOPSSession {
    <#
    .SYNOPSIS
    Will open a PSSession to Exchange Online.

jborean93

# Copyright: (c) 2020, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function ConvertFrom-IndirectString {
    <#
    .SYNOPSIS
    Converts a indirect string identifier to the actual string value it represents.

    .PARAMETER IndirectString
    The indirect string that begins with '@' to convert to the proper string value.

jborean93

# Copyright: (c) 2020, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function Get-FtpFile {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory=$true)]
        [System.Uri]
        [Alias('Uri')]
        $FtpUrl,

jborean93

# Copyright: (c) 2020, Jordan Borean (@jborean93) <jborean93@gmail.com>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)

Function Write-WUAError {
    <#
    .SYNOPSIS
    Convert raw HRESULT codes to a human readable error.
    
    .PARAMETER Exception
    The COMException that the error code is from.

jborean93

#!/usr/bin/env python3

import asyncio
import json
import os
import subprocess
import sys
import tempfile
import yaml

jborean93

Scenario

• Kerberos authentication to a WinRM endpoint
• 2 Windows endpoints, 1 is trusted for unconstrained delegation (Y), the other is not trusted for any delegation (N)
• Trying to reconcile the behaviour of GSS_C_DELEG_POLICY_FLAG for both MIT and Heimdal
• This does not take consider any krb5.conf values that could affect this behaviour
• The docs behaviour is based on what is in this blog post
• Tested on Centos 8 against a Microsoft KDC
• MIT krb5 version 1.17
• Heimdal krb5 version 7.7.0

jborean93

Add-Type -TypeDefinition @'
using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;

namespace Ansible.Windows.Setup
{
    public class NativeHelpers

jborean93

# Produced by './winrm_decrypt.py winrm.pcapng --password VagrantPass1'
# The Wireshark exchange was just running the below in powershell.exe
#
#   $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList 'vagrant-domain@DOMAIN.LOCAL', (ConvertTo-SecureString -AsPlainText -Force -String 'VagrantPass1')
#   Invoke-Command -ComputerName 192.168.56.10 -ScriptBlock { hostname.exe } -Credential $cred -Authentication Negotiate

No: 433 | Time: 2020-06-17T09:55:58.987664 | Source: 192.168.56.15 | Destination: 192.168.56.10
<?xml version="1.0" ?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd">
	<s:Header>

jborean93

Requires the following pre-reqs

brew install pkg-config openssl

Build OMI

rm -rf output
./configure --enable-debug --prefix=/opt/omi-dev
make