Skip to content

Commit

Permalink
Merge pull request #127 from Keyfactor/release-2.5
Browse files Browse the repository at this point in the history 
Merge 2.5.1 to main
  • Loading branch information
@doebrowsk
doebrowsk authored Jan 17, 2025
2 parents f24ee50 + 9fcf193 commit 2407107
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 18 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
2.5.1
* Fixed WinSQL service name when InstanceID differs from InstanceName

2.5.0
* Added the Bindings to the end of the thumbprint to make the alias unique.
* Using new IISWebBindings commandlet to use additional SSL flags when binding certificate to website.
Expand Down
46 changes: 28 additions & 18 deletions IISU/ClientPsSqlManager.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,17 +231,17 @@ public string GetSqlCertRegistryLocation(string instanceName,PowerShell ps)
return $"HKLM:\\SOFTWARE\\Microsoft\\Microsoft SQL Server\\{GetSqlInstanceValue(instanceName,ps)}\\MSSQLServer\\SuperSocketNetLib\\";
}

public string GetSqlServerServiceName(string instanceValue)
public string GetSqlServerServiceName(string instanceName)
{
if(string.IsNullOrEmpty(instanceValue))
if(string.IsNullOrEmpty(instanceName))
return string.Empty;

//Default SQL Instance has this format
if (instanceValue.Split('.')[1] == "MSSQLSERVER")
if (instanceName == "MSSQLSERVER")
return "MSSQLSERVER";

//Named Instance service has this format
return $"MSSQL`${instanceValue.Split('.')[1]}";
return $"MSSQL`${instanceName}";
}

public JobResult BindCertificates(string renewalThumbprint, X509Certificate2 x509Cert)
Expand Down Expand Up @@ -344,26 +344,30 @@ public string BindCertificate(X509Certificate2 x509Cert,PowerShell ps)
_logger.LogTrace(cmd.CommandText);
}

_logger.LogTrace($"funcScript {funcScript}");
ps.AddScript(funcScript);
_logger.LogTrace("funcScript added...");
_logger.LogTrace($"Running script: {funcScript}");
ps.Invoke();
_logger.LogTrace("funcScript Invoked...");

_logger.LogTrace("Setting up Acl Access for Manage Private Keys");
ps.Commands.Clear();

//Get the SqlServer Service User Name
var serviceName = GetSqlServerServiceName(GetSqlInstanceValue(instanceName, ps));
funcScript = @$"(Get-WmiObject Win32_Service -Filter ""Name='{serviceName}'"").StartName";
ps.AddScript(funcScript);
_logger.LogTrace("funcScript added...");
SqlServiceUser = ps.Invoke()[0].ToString();
_logger.LogTrace("funcScript Invoked...");
_logger.LogTrace("Got service login user for ACL Permissions");
ps.Commands.Clear();
var serviceName = GetSqlServerServiceName(instanceName);
if (serviceName != "")
{
_logger.LogTrace($"Service Name: {serviceName} was returned.");

funcScript = @$"(Get-WmiObject Win32_Service -Filter ""Name='{serviceName}'"").StartName";
ps.AddScript(funcScript);
_logger.LogTrace($"Running script: {funcScript}");
SqlServiceUser = ps.Invoke()[0].ToString();

_logger.LogTrace($"SqlServiceUser: {SqlServiceUser}");
_logger.LogTrace("Got service login user for ACL Permissions");
ps.Commands.Clear();

funcScript = $@"$thumbprint = '{thumbPrint}'
funcScript = $@"$thumbprint = '{thumbPrint}'
$Cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object {{ $_.Thumbprint -eq $thumbprint }}
$privKey = $Cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$keyPath = ""$($env:ProgramData)\Microsoft\Crypto\RSA\MachineKeys\""
Expand All @@ -373,9 +377,15 @@ public string BindCertificate(X509Certificate2 x509Cert,PowerShell ps)
$Acl.SetAccessRule($Ar)
Set-Acl $privKeyPath.FullName $Acl";

ps.AddScript(funcScript);
ps.Invoke();
_logger.LogTrace("ACL FuncScript Invoked...");
ps.AddScript(funcScript);
ps.Invoke();
_logger.LogTrace("ACL FuncScript Invoked...");

}
else
{
_logger.LogTrace("No Service User has been returned. Skipping ACL update.");
}

//If user filled in a service name in the store then restart the SQL Server Services
if (RestartService)
Expand Down

0 comments on commit 2407107

Please sign in to comment.