From d830aa7593449819857dfa66eb13104edd7118b2 Mon Sep 17 00:00:00 2001 From: Anjan Nath Date: Fri, 14 Feb 2025 16:58:00 +0530 Subject: [PATCH 1/3] remove enabling of file sharing and creation of smbshare from MSI this will be moved to the 'crc setup' command as we should only enable file sharing and create the smb share for home dir when users have set the config option 'enable-shared-dirs' to 'true' this should remove at least of the warnings reported by virustotal for the MSI: https://www.virustotal.com/gui/file/31b402dcc1da24265074a21a26018d6cde8eef0b63c77a18f89eb079b6556790 --- packaging/windows/product.wxs.template | 30 -------------------------- 1 file changed, 30 deletions(-) diff --git a/packaging/windows/product.wxs.template b/packaging/windows/product.wxs.template index 20a3b8b921..997675f906 100755 --- a/packaging/windows/product.wxs.template +++ b/packaging/windows/product.wxs.template @@ -35,12 +35,6 @@ Name="Path" /> - - - - - crc-dir0 - @@ -92,24 +86,6 @@ Before="AddUserToHypervAdminGroup" Sequence="execute"/> - - - - - - NOT Installed AND NOT REMOVE~="ALL" AND NOT WIX_UPGRADE_DETECTED @@ -118,9 +94,6 @@ NOT Installed AND NOT REMOVE~="ALL" AND NOT WIX_UPGRADE_DETECTED NOT Installed AND NOT REMOVE~="ALL" AND NOT WIX_UPGRADE_DETECTED Installed AND NOT UPGRADINGPRODUCTCODE - NOT Installed AND NOT REMOVE~="ALL" AND NOT WIX_UPGRADE_DETECTED - NOT Installed AND NOT REMOVE~="ALL" - Installed AND NOT UPGRADINGPRODUCTCODE NOT Installed AND NOT REMOVE~="ALL" AND NOT WIX_UPGRADE_DETECTED @@ -140,9 +113,6 @@ Installing Hyper-V Adding user: [LogonUser] to Hyper-V Administrators group Removing crcDaemon task - Creating share named: [SHAREDDIRNAME] for folder: [USERFOLDER] - Removing share named: [SHAREDDIRNAME] for folder: [USERFOLDER] - Enabling file and printer Sharing From 8b82bddd91bb9e35457e55aa8568a77c36f208d0 Mon Sep 17 00:00:00 2001 From: Anjan Nath Date: Tue, 18 Feb 2025 14:27:32 +0530 Subject: [PATCH 2/3] preflight: add new label SharedDir for checks this label will be used to filter out preflight checks that should only run when 'enable-shared-dir' settings is set to 'true' --- pkg/crc/preflight/labels.go | 13 +++++++++++++ pkg/crc/preflight/preflight.go | 3 ++- pkg/crc/preflight/preflight_darwin.go | 4 ++-- pkg/crc/preflight/preflight_darwin_test.go | 8 ++++---- pkg/crc/preflight/preflight_linux.go | 2 +- pkg/crc/preflight/preflight_windows.go | 5 +++-- pkg/crc/preflight/preflight_windows_test.go | 14 ++++++++++---- 7 files changed, 35 insertions(+), 14 deletions(-) diff --git a/pkg/crc/preflight/labels.go b/pkg/crc/preflight/labels.go index 0db6483b0e..4733d255cb 100644 --- a/pkg/crc/preflight/labels.go +++ b/pkg/crc/preflight/labels.go @@ -11,6 +11,7 @@ type LabelName uint32 const ( Os LabelName = iota NetworkMode + SharedDir // Keep it last // will be used in OS-specific go files to extend LabelName @@ -29,6 +30,10 @@ const ( User System + // shared dir enabled/disable + Enabled + Disabled + // Keep it last // will be used in OS-specific go files to extend LabelValue lastLabelValue // nolint @@ -65,6 +70,14 @@ func (filter preflightFilter) SetNetworkMode(networkMode network.Mode) { } } +func (filter preflightFilter) SetSharedDirStatus(enabled bool) { + if enabled { + filter[SharedDir] = Enabled + return + } + filter[SharedDir] = Disabled +} + /* This will iterate over 'checks' and only keep the checks which match the filter: * - if a key is present in the filter and not in the check labels, the check is kept * - if a key is present in the check labels, but not in the filter, the check is kept diff --git a/pkg/crc/preflight/preflight.go b/pkg/crc/preflight/preflight.go index fb729e9dd8..e281ab130a 100644 --- a/pkg/crc/preflight/preflight.go +++ b/pkg/crc/preflight/preflight.go @@ -157,8 +157,9 @@ func getPreflightChecksHelper(config crcConfig.Storage) []Check { bundlePath := config.Get(crcConfig.Bundle).AsString() preset := crcConfig.GetPreset(config) enableBundleQuayFallback := config.Get(crcConfig.EnableBundleQuayFallback).AsBool() + sharedDirEnabled := config.Get(crcConfig.EnableSharedDirs).AsBool() logging.Infof("Using bundle path %s", bundlePath) - return getPreflightChecks(experimentalFeatures, mode, bundlePath, preset, enableBundleQuayFallback) + return getPreflightChecks(experimentalFeatures, mode, bundlePath, preset, enableBundleQuayFallback, sharedDirEnabled) } // StartPreflightChecks performs the preflight checks before starting the cluster diff --git a/pkg/crc/preflight/preflight_darwin.go b/pkg/crc/preflight/preflight_darwin.go index 0deca36e7b..a5a26529e4 100644 --- a/pkg/crc/preflight/preflight_darwin.go +++ b/pkg/crc/preflight/preflight_darwin.go @@ -109,7 +109,7 @@ var daemonLaunchdChecks = []Check{ // Passing 'SystemNetworkingMode' to getPreflightChecks currently achieves this // as there are no user networking specific checks func getAllPreflightChecks() []Check { - return getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(crcpreset.OpenShift), crcpreset.OpenShift, false) + return getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(crcpreset.OpenShift), crcpreset.OpenShift, false, false) } func getChecks(_ network.Mode, bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback bool) []Check { @@ -131,7 +131,7 @@ func getChecks(_ network.Mode, bundlePath string, preset crcpreset.Preset, enabl return checks } -func getPreflightChecks(_ bool, mode network.Mode, bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback bool) []Check { +func getPreflightChecks(_ bool, mode network.Mode, bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback, _ bool) []Check { filter := newFilter() filter.SetNetworkMode(mode) diff --git a/pkg/crc/preflight/preflight_darwin_test.go b/pkg/crc/preflight/preflight_darwin_test.go index 88a6b47dad..d4aaec857e 100644 --- a/pkg/crc/preflight/preflight_darwin_test.go +++ b/pkg/crc/preflight/preflight_darwin_test.go @@ -17,9 +17,9 @@ func TestCountConfigurationOptions(t *testing.T) { } func TestCountPreflights(t *testing.T) { - assert.Len(t, getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 21) - assert.Len(t, getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 21) + assert.Len(t, getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 21) + assert.Len(t, getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 21) - assert.Len(t, getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 20) - assert.Len(t, getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 20) + assert.Len(t, getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 20) + assert.Len(t, getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 20) } diff --git a/pkg/crc/preflight/preflight_linux.go b/pkg/crc/preflight/preflight_linux.go index b9aef01d09..1ace027dd8 100644 --- a/pkg/crc/preflight/preflight_linux.go +++ b/pkg/crc/preflight/preflight_linux.go @@ -345,7 +345,7 @@ func getAllPreflightChecks() []Check { return filter.Apply(getChecks(distro(), constants.GetDefaultBundlePath(crcpreset.OpenShift), crcpreset.OpenShift, false)) } -func getPreflightChecks(_ bool, networkMode network.Mode, bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback bool) []Check { +func getPreflightChecks(_ bool, networkMode network.Mode, bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback, _ bool) []Check { usingSystemdResolved := checkSystemdResolvedIsRunning() return getPreflightChecksForDistro(distro(), networkMode, usingSystemdResolved == nil, bundlePath, preset, enableBundleQuayFallback) diff --git a/pkg/crc/preflight/preflight_windows.go b/pkg/crc/preflight/preflight_windows.go index 2f2806b86a..1a8f8ce801 100644 --- a/pkg/crc/preflight/preflight_windows.go +++ b/pkg/crc/preflight/preflight_windows.go @@ -201,7 +201,7 @@ func checkVsock() error { // Passing 'UserNetworkingMode' to getPreflightChecks currently achieves this // as there are no system networking specific checks func getAllPreflightChecks() []Check { - return getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(crcpreset.OpenShift), crcpreset.OpenShift, false) + return getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(crcpreset.OpenShift), crcpreset.OpenShift, true, true) } func getChecks(bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback bool) []Check { @@ -221,9 +221,10 @@ func getChecks(bundlePath string, preset crcpreset.Preset, enableBundleQuayFallb return checks } -func getPreflightChecks(_ bool, networkMode network.Mode, bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback bool) []Check { +func getPreflightChecks(_ bool, networkMode network.Mode, bundlePath string, preset crcpreset.Preset, enableBundleQuayFallback, sharedDirEnabled bool) []Check { filter := newFilter() filter.SetNetworkMode(networkMode) + filter.SetSharedDirStatus(sharedDirEnabled) return filter.Apply(getChecks(bundlePath, preset, enableBundleQuayFallback)) } diff --git a/pkg/crc/preflight/preflight_windows_test.go b/pkg/crc/preflight/preflight_windows_test.go index 696bfcb890..46c85f9acc 100644 --- a/pkg/crc/preflight/preflight_windows_test.go +++ b/pkg/crc/preflight/preflight_windows_test.go @@ -17,9 +17,15 @@ func TestCountConfigurationOptions(t *testing.T) { } func TestCountPreflights(t *testing.T) { - assert.Len(t, getPreflightChecks(false, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 23) - assert.Len(t, getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 23) + assert.Len(t, getPreflightChecks(false, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 23) + assert.Len(t, getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 23) - assert.Len(t, getPreflightChecks(false, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 24) - assert.Len(t, getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false), 24) + assert.Len(t, getPreflightChecks(false, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 24) + assert.Len(t, getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, false), 24) + + assert.Len(t, getPreflightChecks(false, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, true), 25) + assert.Len(t, getPreflightChecks(true, network.SystemNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, true), 25) + + assert.Len(t, getPreflightChecks(false, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, true), 26) + assert.Len(t, getPreflightChecks(true, network.UserNetworkingMode, constants.GetDefaultBundlePath(preset.OpenShift), preset.OpenShift, false, true), 26) } From dd18b3d6c774a4c1b79f14509a697b126349f192 Mon Sep 17 00:00:00 2001 From: Anjan Nath Date: Tue, 18 Feb 2025 14:52:04 +0530 Subject: [PATCH 3/3] preflight: add check, fix and cleanup funcs for enabling SMB share on windows earlier these were part of the MSI since we want to enable this only when user has set 'enable-shared-dirs' setting, this is moved to the preflight package where we can check this config value before hand this should remove at least of the warnings reported by virustotal for the MSI https://www.virustotal.com/gui/file/31b402dcc1da24265074a21a26018d6cde8eef0b63c77a18f89eb079b6556790 --- pkg/crc/preflight/preflight_checks_windows.go | 63 +++++++++++++++++++ pkg/crc/preflight/preflight_windows.go | 27 ++++++++ pkg/crc/preflight/preflight_windows_test.go | 2 +- 3 files changed, 91 insertions(+), 1 deletion(-) diff --git a/pkg/crc/preflight/preflight_checks_windows.go b/pkg/crc/preflight/preflight_checks_windows.go index 3f61aeccce..ee2f7659c5 100644 --- a/pkg/crc/preflight/preflight_checks_windows.go +++ b/pkg/crc/preflight/preflight_checks_windows.go @@ -1,7 +1,9 @@ package preflight import ( + "errors" "fmt" + "os/user" "strconv" "strings" @@ -209,3 +211,64 @@ func checkAdminHelperNamedPipeAccessible() error { } return nil } + +func checkFileAndPrinterSharingIsEnabled() error { + cmd := `(Get-NetFirewallRule -Group '@FirewallAPI.dll,-28502' | Where-Object {$_.Profile -eq 'Private, Public'}).Enabled` + stdout, stderr, err := powershell.Execute(cmd) + if err != nil { + return fmt.Errorf("unable to check if Printer and File Sharing is enabled %v: %s", err, stderr) + } + if strings.Contains(stdout, "False") { + return errors.New("Printer and File Sharing is disabled") + } + return nil +} + +func fixFileAndPrinterSharing() error { + cmd := `Set-NetFirewallRule -Group '@FirewallAPI.dll,-28502' -Enabled True -Profile 'Private,Public'` + stdout, stderr, err := powershell.ExecuteAsAdmin("to enable Printer and File Sharing", cmd) + if err != nil { + return fmt.Errorf("unable to check if Printer and File Sharing is enabled %v: %s: %s", err, stdout, stderr) + } + return nil +} + +func checkCRCSmbShareCreated() error { + cmd := `Get-SmbShare -Name crc-dir0` + stdout, stderr, err := powershell.Execute(cmd) + if err != nil { + return fmt.Errorf("unable to check if Printer and File Sharing is enabled %v: %s: %s", err, stdout, stderr) + } + return nil +} + +func fixCRCSmbShareCreated() error { + u, err := user.Current() + if err != nil { + return fmt.Errorf("unable to get user information for homedir and username: %v", err) + } + cmd := fmt.Sprintf(`New-SmbShare -Name 'crc-dir0' -Path '%s' -FullAccess '%s'`, u.HomeDir, username()) + _, stderr, err := powershell.ExecuteAsAdmin("create new SMB share for home directory", cmd) + if err != nil { + return fmt.Errorf("unable to get create new SMB share %v: %s", err, stderr) + } + return nil +} + +func removeSmbShare() error { + cmd := `Remove-SmbShare -Name 'crc-dir0' -Force` + _, stderr, err := powershell.ExecuteAsAdmin("remove SMB share for home directory", cmd) + if err != nil { + return fmt.Errorf("unable to get create new SMB share %v: %s", err, stderr) + } + return nil +} + +func removeFirewallRuleAllowingPrinterAndFileSharing() error { + cmd := `Set-NetFirewallRule -Group '@FirewallAPI.dll,-28502' -Enabled False -Profile 'Private,Public'` + stdout, stderr, err := powershell.ExecuteAsAdmin("to disable Printer and File Sharing", cmd) + if err != nil { + logging.Warnf("unable to turn off Printer and File Sharing %v: %s: %s", err, stdout, stderr) + } + return nil +} diff --git a/pkg/crc/preflight/preflight_windows.go b/pkg/crc/preflight/preflight_windows.go index 1a8f8ce801..919e87d40a 100644 --- a/pkg/crc/preflight/preflight_windows.go +++ b/pkg/crc/preflight/preflight_windows.go @@ -166,6 +166,32 @@ var userPartOfCrcUsersAndHypervAdminsGroupCheck = Check{ labels: labels{Os: Windows}, } +// Checks to verify and setup SMB share is created and file sharing is enabled +var smbShareCreatedAndFileSharingEnabledChecks = []Check{ + { + configKeySuffix: "check-file-sharing-enabled", + checkDescription: "Checking if Printer and File Sharing is enabled", + check: checkFileAndPrinterSharingIsEnabled, + fixDescription: "Enabling Printer and File Sharing", + fix: fixFileAndPrinterSharing, + cleanupDescription: "Disabling Printer and File Sharing", + cleanup: removeFirewallRuleAllowingPrinterAndFileSharing, + + labels: labels{Os: Windows, SharedDir: Enabled}, + }, + { + configKeySuffix: "check-smb-share-exists", + checkDescription: "Checking if SMB share crc-dir0 exists", + check: checkCRCSmbShareCreated, + fixDescription: "Creating SMB share crc-dir0", + fix: fixCRCSmbShareCreated, + cleanupDescription: "Removing SMB share crc-dir0", + cleanup: removeSmbShare, + + labels: labels{Os: Windows, SharedDir: Enabled}, + }, +} + var errReboot = errors.New("Please reboot your system and run 'crc setup' to complete the setup process") func username() string { @@ -218,6 +244,7 @@ func getChecks(bundlePath string, preset crcpreset.Preset, enableBundleQuayFallb checks = append(checks, daemonTaskChecks...) checks = append(checks, adminHelperServiceCheks...) checks = append(checks, sshPortCheck()) + checks = append(checks, smbShareCreatedAndFileSharingEnabledChecks...) return checks } diff --git a/pkg/crc/preflight/preflight_windows_test.go b/pkg/crc/preflight/preflight_windows_test.go index 46c85f9acc..5759e43778 100644 --- a/pkg/crc/preflight/preflight_windows_test.go +++ b/pkg/crc/preflight/preflight_windows_test.go @@ -13,7 +13,7 @@ import ( func TestCountConfigurationOptions(t *testing.T) { cfg := config.New(config.NewEmptyInMemoryStorage(), config.NewEmptyInMemorySecretStorage()) RegisterSettings(cfg) - assert.Len(t, cfg.AllConfigs(), 16) + assert.Len(t, cfg.AllConfigs(), 18) } func TestCountPreflights(t *testing.T) {