Knowledge Base

Preserving for the future: Shell scripts, AoC, and more

Run as admin Powershell window, run as other user

So if you've already entered credentials to run a Powershell window as a different user, but you still need to run an elevated, i.e., run-as-administrator, prompt, you can type this command in.

Start-Process powershell -Verb RunAs

Alternative

But if you've not done anything yet, and want to open a cmd.exe prompt (notably, not Powershell!) to then kick off such a process:

%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -Command Start-Process -Verb RunAsUser $PSHOME\powershell.exe '-NoProfile -Command Start-Process -Verb RunAs \\\"$PSHOME\powershell.exe\\\"'; Start-Sleep 120

Reference:

  1. https://superuser.com/questions/661979/run-as-different-user-and-elevate

asn1parse and underscores

If you are building a CSR that includes the oid for a Microsoft Certificate Services template name, and that name includes an underscore, you might get an error when building a csr.

Error checking request extension section req_ext
00CCADFE01000000:error:0680007C:asn1 encoding routines:ASN1_mbstring_ncopy:illegal characters:crypto/asn1/a_mbstr.c:113:
00CCADFE01000000:error:0688000D:asn1 encoding routines:asn1_str2type:ASN1 lib:crypto/asn1/asn1_gen.c:681:string=ABC_NAME_TESTING
00CCADFE01000000:error:11000074:X509 V3 routines:v3_generic_extension:extension value error:crypto/x509/v3_conf.c:260:value=PRINTABLESTRING:ABC_NAME_TESTING

So what you can do is switch your openssl.cnf to use a different data type: UTF8STRING.

oid_section = new_oids
[ new_oids ]
certificateTemplateName = 1.3.6.1.4.1.311.20.2
[ req_ext ]
certificateTemplateName = ASN1:UTF8STRING:ABC_NAME_TESTING

Resize x11vnc session

Here's a cool trick I devised. This idea is original to me. I remember using spice guest tools in spice guests in libvirt/qemu/kvm/virt-manager to automatically (or at least make available) change screen resolutions.

Remmina as a vnc viewer of course can be resized, and I have a script that I run on the client side, to ssh to the target x11vnc server.

The idea is that on the client x11 instance, you run the following command which finds the window with that hostname as the title (hardcoded to only Remmina windows), and then passwordlessly sshes to that host and uses the XAUTHORITY and DISPLAY info to add a xrandr resolution to this desired window size and then uses that resolution.

Read more…

Set wine theme from cli

I spent time configuring a new wine prefix with the boring, office-gray theme. I do that every time, because the default (that started within the past year or so) is to have the theme "Light" which looks white and puffy and annoying.

Before:

Run the following registry file with this command.

wine regedit use-theme-none.reg

files/2024/listings/use-theme-none.reg (Source)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
Windows Registry Editor Version 5.00
# File: use-theme-none.reg
# Location: /mnt/public/Support/Programs/wine/
# Author: bgstack15
# SPDX-License-Identifier: GPL-3.0-only
# Startdate: 2024-08-14-4 21:20
# Title: Theme None registry keys
# Purpose: Oneliner to set theme none in a new wine prefix
# History:
# Usage:
#    wine regedit use-theme-none.reg
# References:
#    https://gist.githubusercontent.com/Zeinok/ceaf6ff204792dde0ae31e0199d89398/raw/a5f0d3efb309d6d0728e1e54579e5c1081cf0d22/wine-breeze-dark.reg
#    https://forums.linuxmint.com/viewtopic.php?t=394382
#    https://superuser.com/questions/380156/delete-registry-key-or-value-via-a-cmd-script/1041579#1041579
# Alternatives:
#    winecfg, tab Desktop Integration -> Theme (no theme)
# Improve:
# Documentation:
#    Exported from a blank wine prefix and customized. Had to s/\\\\/\\/g, and prepend HKCU to all places. Had to switch header to "Windows Registry Editor Version 5.00" and remove a ;; comment about a key prefix.
#arch=win64

[HKEY_CURRENT_USER\Control Panel\Colors] 1723684031
#time=1daeeaf754f3e32
"ActiveBorder"="212 208 200"
"ActiveTitle"="10 36 106"
"Background"="58 110 165"
"ButtonAlternateFace"="181 181 181"
"ButtonDkShadow"="64 64 64"
"ButtonFace"="212 208 200"
"ButtonLight"="212 208 200"
"ButtonShadow"="128 128 128"
"GradientActiveTitle"="166 202 240"
"GradientInactiveTitle"="192 192 192"
"GrayText"="128 128 128"
"Hilight"="10 36 106"
"HotTrackingColor"="0 0 200"
"InactiveBorder"="212 208 200"
"InactiveTitleText"="212 208 200"
"InfoWindow"="255 255 225"
"Menu"="212 208 200"
"MenuBar"="212 208 200"
"MenuHilight"="10 36 106"
"Scrollbar"="212 208 200"
"TitleText"="255 255 255"
"WindowFrame"="0 0 0"

[HKEY_CURRENT_USER\Control Panel\Desktop] 1723684031
#time=1daeeaf7552a34c
"UserPreferencesMask"=hex:30,00,00,80,12,00,00,00

[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] 1723684031
#time=1daeeaf7553711e
"CaptionFont"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,\
  00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CaptionHeight"="-270"
"CaptionWidth"="-270"
"IconFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\
  00,00,01,00,00,00,22,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"MenuFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\
  00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"MenuHeight"="-270"
"MenuWidth"="-270"
"MessageFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,\
  00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ScrollHeight"="-240"
"ScrollWidth"="-240"
"SmCaptionFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,\
  00,00,00,00,01,00,00,00,22,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SmCaptionHeight"="-225"
"SmCaptionWidth"="-225"
"StatusFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,\
  00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager] 1723684031
#time=1daeeaf754f0868
"ColorName"=-
"DllName"=-
"LoadedBefore"=-
"SizeName"=-
"ThemeActive"="0"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize] 1723684031
#time=1daeeaf754f020a
"AppsUseLightTheme"=dword:00000001
"SystemUsesLightTheme"=dword:00000001

References

  1. https://gist.githubusercontent.com/Zeinok/ceaf6ff204792dde0ae31e0199d89398/raw/a5f0d3efb309d6d0728e1e54579e5c1081cf0d22/wine-breeze-dark.reg
  2. Wine dark theme - Linux Mint Forums
  3. command line - Delete registry key or value via a CMD script? - Super User

Touch file with XFE Script

I use an empty file with the modification timestamp to indicate the last time I manually synced my SyncThing-ed directory of my mobile phone pictures to my backup location.

I set up an alias to touch in my ~/.config/xfe/scripts directory.

$ ls -l ~/.config/xfe/scripts
total 3
lrwxrwxrwx 1 bgstack15 bgstack15  14 Aug 13 14:42 touch -> /usr/bin/touch

So now I can just right-click the file and update the timestamp, now that I have re-synced. Because I keep some images on my mobile phone, I won't need to bother with any older than this synced-here file.

Read signature of .ps1 file with CLI on Linux

If you wish to read the PKCS7-encoded signature on a powershell script, and you don't have osslsigncode verify available to you (from https://github.com/mtrojnar/osslsigncode), you can use this script.

files/2024/listings/read-signature.sh (Source)

#!/usr/bin/env sh
# File: read-signature.sh
# Location: blog
# Author: bgstack15
# SPDX-License-Identifier: GPL-3.0-only
# Startdate: 2024-08-08-5 14:35
# Title: Read Signature
# Purpose: Read codesign signature on a powershell script on Unix-like cli
# History:
# Usage:
# Reference:
# Improve:
# Dependencies:
#    openssl, gsed, gawk, posix shell
# Documentation:
#    Skipping SAN; tends to not be used on codesigning certs?
command -v sed 1>/dev/null 2>&1 && SED=sed
command -v gsed 1>/dev/null 2>&1 && SED=gsed
command -v awk 1>/dev/null 2>&1 && AWK=awk
command -v gawk 1>/dev/null 2>&1 && AWK=gawk
read_sig() {
   _in="${INFILE:-${1}}"
   _in="${_in:-/dev/stdin}"
   test "${_in}" = "-" && _in="/dev/stdin"
   _contents="$(
      printf '%s\n' '-----BEGIN PKCS7-----'
      <"${_in}" "${SED}" -r -n '/^# SIG # Begin/,/^# SIG # End/{s/^\# //;p;}' | tr -d '\r' | grep -v -e 'signature block'
      printf '%s\n' '-----END PKCS7-----'
   )"
   # would need to parse SANs here if any.
   echo "${_contents}" | openssl pkcs7 -in /dev/stdin -print_certs | openssl x509 -in /dev/stdin -noout -subject -issuer -serial -email -dates
   # Print date
   echo "${_contents}" | openssl pkcs7 -in /dev/stdin -print -noout | "${AWK}" '/signingTime/{getline;getline;gsub(":","",$NF);print $NF}' | "${SED}" -r -e 's/^(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})/timestamp=20\1-\2-\3T\4:\5:\6/;'
}

Notice how I make sure we find GNU sed and awk, because the old BSD ones use a different syntax that are not worth learning. Just use real sed and awk.

Send SMTP with openssl cli

files/2024/listings/smtp1.sh (Source)

#!/bin/sh
# File: smtp1.sh
# Location: stackbin
# Author: bgstack15
# Startdate: 2024-08-05-2 14:05
# SPDX-License-Identifier: GPL-3.0-only
# Title: Send authenticated email with openssl s_client
# Purpose: demo cli smtp auth
# History:
# References:
#    https://stackoverflow.com/questions/1546367/how-to-send-mail-with-to-cc-and-bcc
#    https://szclsya.me/posts/net/send-email-with-netcat/
#    https://serverfault.com/questions/1101104/how-to-send-an-email-with-openssl-and-microsoft-exchange-online
#    https://woshub.com/sending-email-via-telnet-using-smtp-authentication/
#    https://learn.microsoft.com/en-us/exchange/mail-flow/test-smtp-telnet?view=exchserver-2019
#    https://stackoverflow.com/questions/14640560/openssl-to-negotiate-ssl-encryption-for-starttls
#    https://thelinuxcode.com/openssl-s-client/
#    https://www.stevenrombauts.be/2018/12/test-smtp-with-telnet-or-openssl/
#    https://stackoverflow.com/questions/44250054/send-email-with-netcat
# Improve:
# Dependencies:
#    dep-fedora: openssl, coreutils
#    an smtp account and server
# Documentation:
slowcat() {
   while read REPLY ; do sleep .05; echo "$REPLY"; done
}
{
   message1="$( printf '%s' 'exampleuser@example.com' | base64 )"
   message2="$( cat ~/.config/smtp1 )"
   printf '%s\n' "EHLO exampleaddress.com"
   printf '%s\n' "AUTH LOGIN"
   printf '%s\n' "${message1}"
   printf '%s\n' "${message2}"
   # Everybody, so TO, CC, BCC is a RCPT TO. The To, CC, BCC headers are the decorations visible to the mail client.
   cat <<-EOF
MAIL FROM:<exampleuser@example.com>
RCPT TO:<user2@local.example.com>
RCPT TO:<user3@anotherlocal.examplelong.com>
DATA
From: [marco polo] <exampleaddress.com>
To: <user3@anotherlocal.examplelong.com>
BCC: <user2@local.example.com>
Date: Mon, 5 Aug 2024 17:31:32 +0000
Subject: Hello from netcat
sample message here
.
QUIT
EOF
# | slowcat | nc -v mail.example.net 587
} | slowcat | openssl s_client -crlf -connect mail.example.net:587 -starttls smtp -ign_eof

I needed to test (credentials, but also in general) the ability to send smtp messages. Here is my small script that does that.

The slowcat is useful because smtp (or maybe just my email implementation) wanted to delay between some of the steps, particularly EHLO and AUTH.

I couldn't get netcat (nc) to work with tls, although I thought I saw that once. At least s_client could do it.

set or update xml element from cli

The code:

update_xml_element() {
   # usage: parent="/toplevelobject" element="internalid" value="12341234" infile=./foo.xml _insert_xml_element
   _parent="${parent:-${1}}" ; _parent="${_parent%%/}"
   _element="${element:-${2}}"
   _value="${value:-${3}}"
   _infile="${infile:-${4}}"
   # example: xmlstarlet edit --update "/toplevelobject/internalid" --value "if-updated" --subnode "/toplevelobject[not(internalid)]" --type elem -n "internalid" --value "if-inserted"
   xmlstarlet edit --inplace --update "${_parent}/${_element}" --value "${_value}" --subnode "${_parent}[not(${_element})]" --type elem -n "${_element}" --value "${_value}" "${_infile}"
}

So then you just call this function, and it adds the correct element. I haven't needed to customize attributes of elements yet.

infile=input.xml parent="/episodedetails" element="episodenumber" value="4" update_xml_element

References

  1. xmlstarlet update attribute value if it exists or create a line with the attribute - Stack Overflow
  2. xml - xmlstarlet: create an attribute if it does not exist and edit it otherwise - Stack Overflow

Alternative to `apt-mark hold`

This is a rewritten version of an old post: apt/preferences.d: A Useful Example with a focus on what syntax it replaced.

I used to use apt-mark hold to control packages that I wanted to pin. For example, zenity now uses gtk4 so I

But before I got that epoch part added, I marked the package.

apt-mark hold zenity

But I never found where this information was stored, and I prefer to have files that configure my apps rather than online commands only. I bet it was in /var/lib somewhere I never found.

You could at least show holds, and unhold items.

apt-mark showhold
apt-mark unhold zenity

Anyway, so to make the process so I can deploy a file to control this, I made a file: /etc/apt/preferences.d/zenity

Package: zenity
Version: 3.44.2-1
Pin: release
Pin-Priority: 600
Package: zenity-common
Version: 3.44.2-1
Pin: release
Pin-Priority: 600

The pin priority is higher than the default 500 for installed and installable packages. Of course if you've started tweaking these numbers for specific repositories but you still want this preference to have priority, you can adjust the numbers.

Later on, I built a copy of the last gtk3-based one for myself, with a package epoch (the number prepending a colon and then the regular version number) so it always has top priority version-wise. So I didn't need any of this anymore. But for anyone who doesn't want to rebuild a whole package, use this method I just described.