protected override void EndProcessing() { SecureString newPassword; SecureString oldPassword; switch (ParameterSetName) { case NoParameterSet: oldPassword = Utils.PromptForPassword( cmdlet: this, verifyPassword: false, message: "Old password"); newPassword = Utils.PromptForPassword( cmdlet: this, verifyPassword: true, message: "New password"); break; case ParameterSet: oldPassword = Utils.CheckPassword(Password); newPassword = Utils.CheckPassword(NewPassword); break; default: throw new InvalidOperationException("Unknown parameter set"); } LocalSecretStore.GetInstance(password: oldPassword).UpdatePassword( newPassword, oldPassword); }
private void RemoveParamSecrets( Hashtable vaultInfo, string ParametersNameKey) { if (vaultInfo != null && vaultInfo.ContainsKey(ParametersNameKey)) { var parametersName = (string)vaultInfo[ParametersNameKey]; if (!string.IsNullOrEmpty(parametersName)) { int errorCode = 0; if (!LocalSecretStore.DeleteObject(parametersName, ref errorCode)) { var errorMessage = LocalSecretStore.GetErrorMessage(errorCode); var msg = string.Format(CultureInfo.InvariantCulture, "Removal of vault info script parameters {0} failed with error {1}", parametersName, errorMessage); WriteError( new ErrorRecord( new PSInvalidOperationException(msg), "UnregisterSecretsVaultRemoveScriptParametersFailed", ErrorCategory.InvalidOperation, this)); } } } }
protected override void EndProcessing() { var password = Utils.CheckPassword(Password); LocalSecretStore.GetInstance(password: password).UnlockLocalStore( password: password, passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? (int?)PasswordTimeout : null); }
protected override void EndProcessing() { var passwordToSet = (ParameterSetName == StringParameterSet) ? Utils.ConvertToSecureString(Password) : SecureStringPassword; LocalSecretStore.GetInstance( password: passwordToSet).UnlockLocalStore( password: passwordToSet, passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? (int?)PasswordTimeout : null); }
protected override void EndProcessing() { if (Scope == SecureStoreScope.AllUsers) { ThrowTerminatingError( new ErrorRecord( exception: new PSNotSupportedException("AllUsers scope is not yet supported."), errorId: "SecretStoreConfigurationNotSupported", errorCategory: ErrorCategory.NotEnabled, this)); } if (!Force && !ShouldProcess( target: "SecretStore module local store", action: "Changes local store configuration")) { return; } var oldConfigData = LocalSecretStore.GetInstance(cmdlet: this).Configuration; SecureStoreConfig newConfigData; if (ParameterSetName == ParameterSet) { newConfigData = new SecureStoreConfig( scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : oldConfigData.Scope, authentication: MyInvocation.BoundParameters.ContainsKey(nameof(Authentication)) ? Authentication : oldConfigData.Authentication, passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : oldConfigData.PasswordTimeout, interaction: MyInvocation.BoundParameters.ContainsKey(nameof(Interaction)) ? Interaction : oldConfigData.Interaction); } else { newConfigData = SecureStoreConfig.GetDefault(); } if (!LocalSecretStore.GetInstance(cmdlet: this).UpdateConfiguration( newConfigData: newConfigData, cmdlet: this, out string errorMsg)) { ThrowTerminatingError( new ErrorRecord( exception: new PSInvalidOperationException(errorMsg), errorId: "SecretStoreConfigurationUpdateFailed", errorCategory: ErrorCategory.InvalidOperation, this)); } if (PassThru.IsPresent) { WriteObject(newConfigData); } }
protected override void EndProcessing() { SecureString newPassword; SecureString oldPassword; oldPassword = Utils.PromptForPassword( cmdlet: this, verifyPassword: false, message: "Old password"); newPassword = Utils.PromptForPassword( cmdlet: this, verifyPassword: true, message: "New password"); LocalSecretStore.GetInstance(password: oldPassword).UpdatePassword( newPassword, oldPassword); }
protected override void EndProcessing() { if (!Force && !ShouldProcess( target: "SecretStore module local store", action: "Erase all secrets in the local store and reset the configuration settings to default values")) { return; } var defaultConfigData = SecureStoreConfig.GetDefault(); var newConfigData = new SecureStoreConfig( scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : defaultConfigData.Scope, passwordRequired: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordRequired)) ? (bool)PasswordRequired : defaultConfigData.PasswordRequired, passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : defaultConfigData.PasswordTimeout, doNotPrompt: MyInvocation.BoundParameters.ContainsKey(nameof(DoNotPrompt)) ? (bool)DoNotPrompt : defaultConfigData.DoNotPrompt); if (!SecureStoreFile.RemoveStoreFile(out string errorMsg)) { ThrowTerminatingError( new ErrorRecord( exception: new PSInvalidOperationException(errorMsg), errorId: "ResetSecretStoreCannotRemoveStoreFile", errorCategory: ErrorCategory.InvalidOperation, targetObject: this)); } if (!SecureStoreFile.WriteConfigFile( configData: newConfigData, out errorMsg)) { ThrowTerminatingError( new ErrorRecord( exception: new PSInvalidOperationException(errorMsg), errorId: "ResetSecretStoreCannotWriteConfigFile", errorCategory: ErrorCategory.InvalidOperation, targetObject: this)); } LocalSecretStore.Reset(); WriteObject(newConfigData); }
private void StoreVaultParameters( Hashtable vaultInfo, string vaultName, Hashtable parameters) { var parametersName = string.Empty; if (parameters != null) { // Generate unique name for parameters based on vault name. // e.g., "_SPT_Parameters_VaultName_" parametersName = ScriptParamTag + vaultName + "_"; // Store parameters in built-in local secure vault. int errorCode = 0; if (!LocalSecretStore.WriteObject( name: parametersName, parameters, ref errorCode)) { var msg = string.Format( CultureInfo.InvariantCulture, "Unable to register vault extension because writing script parameters to the built-in local store failed with error: {0}", LocalSecretStore.GetErrorMessage(errorCode)); ThrowTerminatingError( new ErrorRecord( new PSInvalidOperationException(msg), "RegisterSecretsVaultCannotSaveParameters", ErrorCategory.WriteError, this)); } } // Add parameters store name to the vault registry information. vaultInfo.Add( key: ExtensionVaultModule.VaultParametersStr, value: parametersName); }
protected override void ProcessRecord() { if (Vault.Equals(RegisterSecretVaultCommand.BuiltInLocalVault, StringComparison.OrdinalIgnoreCase)) { // Remove from local built-in default vault. int errorCode = 0; if (!LocalSecretStore.DeleteObject( name: Name, ref errorCode)) { var errorMessage = LocalSecretStore.GetErrorMessage(errorCode); var msg = string.Format(CultureInfo.InvariantCulture, "The secret could not be removed from the local default vault. Error: {0}", errorMessage); ThrowTerminatingError( new ErrorRecord( new PSInvalidOperationException(msg), "RemoveSecretCannotDelete", ErrorCategory.InvalidOperation, this)); } else { WriteVerbose( string.Format("Secret {0} was successfully removed from vault {1}.", Name, RegisterSecretVaultCommand.BuiltInLocalVault)); } return; } // Remove from extension vault. var extensionModule = GetExtensionVault(Vault); extensionModule.InvokeRemoveSecret( name: Name, vaultName: Vault, cmdlet: this); }
protected override void EndProcessing() { if (ParameterSetName == SecureStringParameterSet) { Secret = SecureStringSecret; } var secretToWrite = (Secret is PSObject psObject) ? psObject.BaseObject : Secret; // Add to specified vault. if (!string.IsNullOrEmpty(Vault) && !Vault.Equals(RegisterSecretsVaultCommand.BuiltInLocalVault, StringComparison.OrdinalIgnoreCase)) { var extensionModule = GetExtensionVault(Vault); // If NoClobber is selected, then check to see if it already exists. if (NoClobber) { var result = extensionModule.InvokeGetSecret( name: Name, cmdlet: this); if (result != null) { var msg = string.Format(CultureInfo.InvariantCulture, "A secret with name {0} already exists in vault {1}", Name, Vault); ThrowTerminatingError( new ErrorRecord( new PSInvalidOperationException(msg), "AddSecretAlreadyExists", ErrorCategory.ResourceExists, this)); } } // Add new secret to vault. extensionModule.InvokeSetSecret( name: Name, secret: secretToWrite, cmdlet: this); return; } // Add to default built-in vault (after NoClobber check). int errorCode = 0; if (NoClobber) { if (LocalSecretStore.ReadObject( name: Name, out object _, ref errorCode)) { var msg = string.Format(CultureInfo.InvariantCulture, "A secret with name {0} already exists in the local default vault", Name); ThrowTerminatingError( new ErrorRecord( new PSInvalidOperationException(msg), "AddSecretAlreadyExists", ErrorCategory.ResourceExists, this)); } } errorCode = 0; if (!LocalSecretStore.WriteObject( name: Name, objectToWrite: secretToWrite, ref errorCode)) { var errorMessage = LocalSecretStore.GetErrorMessage(errorCode); var msg = string.Format(CultureInfo.InvariantCulture, "The secret could not be written to the local default vault. Error: {0}", errorMessage); ThrowTerminatingError( new ErrorRecord( new PSInvalidOperationException(msg), "AddSecretCannotWrite", ErrorCategory.WriteError, this)); } else { WriteVerbose( string.Format("Secret {0} was successfully added to vault {1}.", Name, RegisterSecretsVaultCommand.BuiltInLocalVault)); } }
protected override void EndProcessing() { bool yesToAll = false; bool noToAll = false; if (!Force && !ShouldContinue( query: "Are you sure you want to erase all secrets in SecretStore and reset configuration settings to default?", caption: "Reset SecretStore", hasSecurityImpact: true, ref yesToAll, ref noToAll)) { return; } var defaultConfigData = SecureStoreConfig.GetDefault(); var interaction = MyInvocation.BoundParameters.ContainsKey(nameof(Interaction)) ? Interaction : defaultConfigData.Interaction; var newConfigData = new SecureStoreConfig( scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : defaultConfigData.Scope, authentication: MyInvocation.BoundParameters.ContainsKey(nameof(Authentication)) ? Authentication : defaultConfigData.Authentication, passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : defaultConfigData.PasswordTimeout, interaction: interaction); if (!SecureStoreFile.RemoveStoreFile(out string errorMsg)) { ThrowTerminatingError( new ErrorRecord( exception: new PSInvalidOperationException(errorMsg), errorId: "ResetSecretStoreCannotRemoveStoreFile", errorCategory: ErrorCategory.InvalidOperation, targetObject: this)); } if (!SecureStoreFile.WriteConfigFile( configData: newConfigData, out errorMsg)) { ThrowTerminatingError( new ErrorRecord( exception: new PSInvalidOperationException(errorMsg), errorId: "ResetSecretStoreCannotWriteConfigFile", errorCategory: ErrorCategory.InvalidOperation, targetObject: this)); } LocalSecretStore.Reset(); if (Password != null) { var password = Utils.CheckPassword(Password); LocalSecretStore.GetInstance( password: password).UnlockLocalStore( password: password, passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? (int?)PasswordTimeout : null); } else if (interaction == Microsoft.PowerShell.SecretStore.Interaction.Prompt) { // Invoke the password prompt. LocalSecretStore.GetInstance(cmdlet: this); } if (PassThru.IsPresent) { WriteObject(newConfigData); } }
protected override void EndProcessing() { if (Scope == SecureStoreScope.AllUsers) { ThrowTerminatingError( new ErrorRecord( exception: new PSNotSupportedException("AllUsers scope is not yet supported."), errorId: "SecretStoreConfigurationNotSupported", errorCategory: ErrorCategory.NotEnabled, this)); } var password = Utils.CheckPassword(Password); var passwordRequired = LocalSecretStore.PasswordRequired; if (passwordRequired == SecureStoreFile.PasswordConfiguration.Required && Authentication == Authenticate.Password && SecureStoreFile.StoreFileExists() && password != null) { ThrowTerminatingError( new ErrorRecord( exception: new PSNotSupportedException("The Microsoft.PowerShell.SecretStore is already configured to require a password, and a new password cannot be added.\nUse the Set-SecretStorePassword cmdlet to change an existing password."), errorId: "SecretStoreInvalidConfiguration", errorCategory: ErrorCategory.NotEnabled, this)); } if (!ShouldProcess( target: "SecretStore module local store", action: "Changes local store configuration")) { return; } var oldConfigData = LocalSecretStore.GetInstance( password: passwordRequired == SecureStoreFile.PasswordConfiguration.NotRequired ? null : password, cmdlet: this).Configuration; SecureStoreConfig newConfigData; if (ParameterSetName == ParameterSet) { newConfigData = new SecureStoreConfig( scope: MyInvocation.BoundParameters.ContainsKey(nameof(Scope)) ? Scope : oldConfigData.Scope, authentication: MyInvocation.BoundParameters.ContainsKey(nameof(Authentication)) ? Authentication : oldConfigData.Authentication, passwordTimeout: MyInvocation.BoundParameters.ContainsKey(nameof(PasswordTimeout)) ? PasswordTimeout : oldConfigData.PasswordTimeout, interaction: MyInvocation.BoundParameters.ContainsKey(nameof(Interaction)) ? Interaction : oldConfigData.Interaction); } else { newConfigData = SecureStoreConfig.GetDefault(); } if (!LocalSecretStore.GetInstance(cmdlet: this).UpdateConfiguration( newConfigData: newConfigData, password: password, cmdlet: this, out string errorMsg)) { ThrowTerminatingError( new ErrorRecord( exception: new PSInvalidOperationException(errorMsg), errorId: "SecretStoreConfigurationUpdateFailed", errorCategory: ErrorCategory.InvalidOperation, this)); } if (PassThru.IsPresent) { WriteObject(newConfigData); } }
protected override void EndProcessing() { WriteObject( LocalSecretStore.GetInstance(cmdlet: this).Configuration); }