diff --git a/IISU/ClientPsSqlManager.cs b/IISU/ClientPsSqlManager.cs index a98d8b0..9cf314a 100644 --- a/IISU/ClientPsSqlManager.cs +++ b/IISU/ClientPsSqlManager.cs @@ -1,4 +1,4 @@ -// Copyright 2022 Keyfactor +// Copyright 2022 Keyfactor // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -349,18 +349,35 @@ public string BindCertificate(X509Certificate2 x509Cert,PowerShell ps) _logger.LogTrace("funcScript added..."); ps.Invoke(); _logger.LogTrace("funcScript Invoked..."); + ps.Commands.Clear(); + + + //Get the SqlServer Service - NAME + _logger.LogTrace("Retrieve ServiceName PS1 script"); + funcScript = @$"((Get-WmiObject Win32_service) | Where-Object{{$_.DisplayName -like ""*SQL Server ({instanceName})*""}}).Name"; + ps.AddScript(funcScript); + _logger.LogTrace("funcScript added..."); + var serviceName = ps.Invoke()[0].ToString(); + _logger.LogTrace("funcScript Invoked..."); + _logger.LogTrace("Attempted retrieval of serviceName from ServicePath"); + ps.Commands.Clear(); + _logger.LogTrace($"funcScript {funcScript}"); + ps.AddScript(funcScript); + _logger.LogTrace("funcScript added..."); + ps.Invoke(); + _logger.LogTrace("funcScript Invoked..."); _logger.LogTrace("Setting up Acl Access for Manage Private Keys"); ps.Commands.Clear(); - //Get the SqlServer Service User Name - var serviceName = GetSqlServerServiceName(GetSqlInstanceValue(instanceName, ps)); - funcScript = @$"(Get-WmiObject Win32_Service -Filter ""Name='{serviceName}'"").StartName"; + //Get the SqlServer Service - USER + funcScript = @$"((Get-WmiObject Win32_service) | Where-Object{{$_.PathName -like ""*{instanceName}\MSSQL\Binn\sqlservr.exe*""}}).StartName"; + _logger.LogTrace($"funcScript {funcScript}"); ps.AddScript(funcScript); _logger.LogTrace("funcScript added..."); - SqlServiceUser = ps.Invoke()[0].ToString(); + var SqlServiceInstanceUser = ps.Invoke()[0].ToString(); _logger.LogTrace("funcScript Invoked..."); - _logger.LogTrace("Got service login user for ACL Permissions"); + _logger.LogTrace("Attempted retrieval of service login user for ACL Permissions"); ps.Commands.Clear(); funcScript = $@"$thumbprint = '{thumbPrint}' @@ -369,13 +386,14 @@ public string BindCertificate(X509Certificate2 x509Cert,PowerShell ps) $keyPath = ""$($env:ProgramData)\Microsoft\Crypto\RSA\MachineKeys\"" $privKeyPath = (Get-Item ""$keyPath\$privKey"") $Acl = Get-Acl $privKeyPath - $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule(""{SqlServiceUser.Replace("$", "`$")}"", ""Read"", ""Allow"") + $Ar = New-Object System.Security.AccessControl.FileSystemAccessRule(""{SqlServiceInstanceUser.Replace("$", "`$")}"", ""Read"", ""Allow"") $Acl.SetAccessRule($Ar) Set-Acl $privKeyPath.FullName $Acl"; ps.AddScript(funcScript); ps.Invoke(); _logger.LogTrace("ACL FuncScript Invoked..."); + _logger.LogTrace("Attemptedto set ACL permissions for service login user"); //If user filled in a service name in the store then restart the SQL Server Services if (RestartService) @@ -408,4 +426,3 @@ public string BindCertificate(X509Certificate2 x509Cert,PowerShell ps) } } } -