private void AddSameSiteAttribute(XmlElement permissionSetElement) { XmlAttribute sameSiteAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.sameSiteAttribute)); if (sameSiteAttribute == null) { sameSiteAttribute = permissionSetElement.OwnerDocument.CreateAttribute(XmlUtil.TrimPrefix(XPaths.sameSiteAttribute)); permissionSetElement.Attributes.Append(sameSiteAttribute); } sameSiteAttribute.Value = _sameSiteSetting; }
private void FixupPermissionSetElement(XmlElement permissionSetElement) { XmlDocument document = permissionSetElement.OwnerDocument; XmlNamespaceManager nsmgr = XmlNamespaces.GetNamespaceManager(document.NameTable); if (PreserveFullTrustPermissionSet) { var unrestrictedAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute)); if (_isFullTrust) { if (unrestrictedAttribute == null) { unrestrictedAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute)); permissionSetElement.Attributes.Append(unrestrictedAttribute); } unrestrictedAttribute.Value = "true"; } else { if (unrestrictedAttribute != null) { permissionSetElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute)); } } } else { if (_isFullTrust) { var unrestrictedAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute)); if (unrestrictedAttribute == null) { unrestrictedAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute)); permissionSetElement.Attributes.Append(unrestrictedAttribute); } unrestrictedAttribute.Value = "true"; while (permissionSetElement.FirstChild != null) { permissionSetElement.RemoveChild(permissionSetElement.FirstChild); } } } // Add ID="Custom" attribute if there's not one already var idAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.idAttribute)); if (idAttribute == null) { idAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.idAttribute)); permissionSetElement.Attributes.Append(idAttribute); } if (String.IsNullOrEmpty(idAttribute.Value)) { idAttribute.Value = "Custom"; } AddSameSiteAttribute(permissionSetElement); if (permissionSetElement.ParentNode == null || permissionSetElement.ParentNode.NodeType == XmlNodeType.Document) { return; } XmlAttribute idrefAttribute = null; XmlElement defaultAssemblyRequestElement = (XmlElement)permissionSetElement.ParentNode.SelectSingleNode(XPaths.defaultAssemblyRequestElement, nsmgr); if (defaultAssemblyRequestElement == null) { defaultAssemblyRequestElement = document.CreateElement(XmlUtil.TrimPrefix(XPaths.defaultAssemblyRequestElement), XmlNamespaces.asmv2); permissionSetElement.ParentNode.AppendChild(defaultAssemblyRequestElement); } idrefAttribute = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.permissionSetReferenceAttribute)); if (idrefAttribute == null) { idrefAttribute = document.CreateAttribute(XmlUtil.TrimPrefix(XPaths.permissionSetReferenceAttribute)); defaultAssemblyRequestElement.Attributes.Append(idrefAttribute); } if (!String.Equals(idAttribute.Value, idrefAttribute.Value, StringComparison.Ordinal)) { idrefAttribute.Value = idAttribute.Value; } }
private PermissionSet GetInputPermissionSet() { if (_inputPermissionSet == null) { XmlElement psElement = GetInputPermissionSetElement(); if (PreserveFullTrustPermissionSet) { XmlAttribute unrestrictedAttribute = (XmlAttribute)psElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute)); _isFullTrust = unrestrictedAttribute != null && Boolean.Parse(unrestrictedAttribute.Value); if (_isFullTrust) { XmlDocument document = new XmlDocument(); document.AppendChild(document.ImportNode(psElement, true)); document.DocumentElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix(XPaths.unrestrictedAttribute)); psElement = document.DocumentElement; } _inputPermissionSet = SecurityUtilities.XmlToPermissionSet(psElement); } else { _inputPermissionSet = SecurityUtilities.XmlToPermissionSet(psElement); _isFullTrust = _inputPermissionSet.IsUnrestricted(); } } return(_inputPermissionSet); }
private static XmlElement GetRequestedPrivilegeElement(XmlElement inputRequestedPrivilegeElement, XmlDocument document) { // <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> // <!-- // UAC Manifest Options // If you want to change the Windows User Account Control level replace the // requestedExecutionLevel node with one of the following . // <requestedExecutionLevel level="asInvoker" /> // <requestedExecutionLevel level="requireAdministrator" /> // <requestedExecutionLevel level="highestAvailable" /> // If you want to utilize File and Registry Virtualization for backward compatibility // delete the requestedExecutionLevel node. // --> // <requestedExecutionLevel level="asInvoker" /> // </requestedPrivileges> // we always create a requestedPrivilege node to put into the generated TrustInfo document // XmlElement requestedPrivilegeElement = document.CreateElement(XmlUtil.TrimPrefix(XPaths.requestedPrivilegeElement), XmlNamespaces.asmv3); document.AppendChild(requestedPrivilegeElement); // our three cases we need to handle are: // (a) no requestedPrivilege node (and therefore no requestedExecutionLevel node as well) - use default values // (b) requestedPrivilege node and no requestedExecutionLevel node - omit the requestedExecutionLevel node // (c) requestedPrivilege node and requestedExecutionLevel node - use the incoming requestedExecutionLevel node values // // using null for both values is case (b) above -- do not output values // string executionLevelString = null; string executionUIAccessString = null; string commentString = null; // case (a) above -- load default values // if (inputRequestedPrivilegeElement == null) { // If UAC requestedPrivilege node is missing (possibly due to upgraded project) then automatically // add a default UAC requestedPrivilege node with a default requestedExecutionLevel node set to // the expected ClickOnce level (asInvoker) with uiAccess as false // executionLevelString = Constants.UACAsInvoker; executionUIAccessString = Constants.UACUIAccess; // load up a default comment string that we put in front of the requestedExecutionLevel node // here so we can allow the passed-in node to override it if there is a comment present // System.Resources.ResourceManager resources = new System.Resources.ResourceManager("Microsoft.Build.Tasks.Core.Strings.ManifestUtilities", typeof(SecurityUtilities).Module.Assembly); commentString = resources.GetString("TrustInfo.RequestedExecutionLevelComment"); } else { // we need to see if the requestedExecutionLevel node is present to decide whether or not to create one. // XmlNamespaceManager nsmgr = XmlNamespaces.GetNamespaceManager(document.NameTable); XmlElement inputRequestedExecutionLevel = (XmlElement)inputRequestedPrivilegeElement.SelectSingleNode(XPaths.requestedExecutionLevelElement, nsmgr); // case (c) above -- use incoming values [note that we should do nothing for case (b) above // because the default values will make us not emit the requestedExecutionLevel and comment] // if (inputRequestedExecutionLevel != null) { XmlNode previousNode = inputRequestedExecutionLevel.PreviousSibling; // fetch the current comment node if there is one (if there is not one, simply // keep the default null value which means we will not create one in the // output document) // if (previousNode?.NodeType == XmlNodeType.Comment) { commentString = ((XmlComment)previousNode).Data; } // fetch the current requestedExecutionLevel node's level attribute if there is one // if (inputRequestedExecutionLevel.HasAttribute("level")) { executionLevelString = inputRequestedExecutionLevel.GetAttribute("level"); } // fetch the current requestedExecutionLevel node's uiAccess attribute if there is one // if (inputRequestedExecutionLevel.HasAttribute("uiAccess")) { executionUIAccessString = inputRequestedExecutionLevel.GetAttribute("uiAccess"); } } } if (commentString != null) { XmlComment requestedPrivilegeComment = document.CreateComment(commentString); requestedPrivilegeElement.AppendChild(requestedPrivilegeComment); } if (executionLevelString != null) { XmlElement requestedExecutionLevelElement = document.CreateElement(XmlUtil.TrimPrefix(XPaths.requestedExecutionLevelElement), XmlNamespaces.asmv3); requestedPrivilegeElement.AppendChild(requestedExecutionLevelElement); XmlAttribute levelAttribute = document.CreateAttribute("level"); levelAttribute.Value = executionLevelString; requestedExecutionLevelElement.Attributes.Append(levelAttribute); if (executionUIAccessString != null) { XmlAttribute uiAccessAttribute = document.CreateAttribute("uiAccess"); uiAccessAttribute.Value = executionUIAccessString; requestedExecutionLevelElement.Attributes.Append(uiAccessAttribute); } } return(requestedPrivilegeElement); }
/// <summary> /// /// </summary> /// <param name="manifest"></param> /// <param name="output"></param> /// <param name="targetframeWorkVersion">it will always use sha256 as signature algorithm if TFV is null</param> private static void WriteManifest(Manifest manifest, Stream output, string targetframeWorkVersion) { int t1 = Environment.TickCount; Stream s1 = Serialize(manifest); string n = manifest.AssemblyIdentity.GetFullName(AssemblyIdentity.FullNameFlags.All); if (String.IsNullOrEmpty(n)) { n = manifest.GetType().Name; } Util.WriteLogFile(n + ".write.0-serialized.xml", s1); string resource = null; if (targetframeWorkVersion == null || targetframeWorkVersion.Length == 0 || Util.CompareFrameworkVersions(targetframeWorkVersion, Constants.TargetFrameworkVersion40) <= 0) { resource = "write2.xsl"; } else { resource = "write3.xsl"; } Stream s2 = null; if (manifest.GetType() == typeof(ApplicationManifest)) { ApplicationManifest am = (ApplicationManifest)manifest; if (am.TrustInfo == null) { s2 = XmlUtil.XslTransform(resource, s1); } else { // May throw IO-related exceptions string temp = FileUtilities.GetTemporaryFile(); am.TrustInfo.Write(temp); if (Util.logging) { try { File.Copy(temp, Path.Combine(Util.logPath, n + ".trust-file.xml"), true); } catch (IOException) { } catch (ArgumentException) { } catch (UnauthorizedAccessException) { } catch (NotSupportedException) { } } DictionaryEntry arg = new DictionaryEntry("trust-file", temp); try { s2 = XmlUtil.XslTransform(resource, s1, arg); } finally { File.Delete(temp); } } } else { s2 = XmlUtil.XslTransform(resource, s1); } Util.WriteLogFile(n + ".write.1-transformed.xml", s2); Stream s3 = null; if (manifest.InputStream == null) { s3 = s2; } else { string temp = Util.WriteTempFile(manifest.InputStream); DictionaryEntry arg = new DictionaryEntry("base-file", temp); try { s3 = XmlUtil.XslTransform("merge.xsl", s2, arg); } finally { File.Delete(temp); } Util.WriteLogFile(n + ".write.2-merged.xml", s3); } Stream s4 = ManifestFormatter.Format(s3); Util.WriteLogFile(n + ".write.3-formatted.xml", s4); Util.CopyStream(s4, output); Util.WriteLog(String.Format(CultureInfo.CurrentCulture, "ManifestWriter.WriteManifest t={0}", Environment.TickCount - t1)); }
internal static void UpdateEntryPoint(string inputPath, string outputPath, string updatedApplicationPath, string applicationManifestPath, string targetFrameworkVersion) { XmlDocument document = new XmlDocument(); XmlReaderSettings xrSettings = new XmlReaderSettings(); xrSettings.DtdProcessing = DtdProcessing.Ignore; using (XmlReader xr = XmlReader.Create(inputPath, xrSettings)) { document.Load(xr); } XmlNamespaceManager nsmgr = XmlNamespaces.GetNamespaceManager(document.NameTable); AssemblyIdentity appManifest = AssemblyIdentity.FromManifest(applicationManifestPath); // update path to application manifest XmlNode codeBaseNode = null; foreach (string xpath in XPaths.codebasePaths) { codeBaseNode = document.SelectSingleNode(xpath, nsmgr); if (codeBaseNode != null) { break; } } if (codeBaseNode == null) { throw new InvalidOperationException(String.Format(System.Globalization.CultureInfo.InvariantCulture, "XPath not found: {0}", XPaths.codebasePaths[0])); } codeBaseNode.Value = updatedApplicationPath; // update Public key token of application manifest XmlNode publicKeyTokenNode = ((XmlAttribute)codeBaseNode).OwnerElement.SelectSingleNode(XPaths.dependencyPublicKeyTokenAttribute, nsmgr); if (publicKeyTokenNode == null) { throw new InvalidOperationException(String.Format(System.Globalization.CultureInfo.InvariantCulture, "XPath not found: {0}", XPaths.dependencyPublicKeyTokenAttribute)); } publicKeyTokenNode.Value = appManifest.PublicKeyToken; // update hash of application manifest string hash; long size; Util.GetFileInfo(applicationManifestPath, targetFrameworkVersion, out hash, out size); // Hash node may not be present with optional signing XmlNode hashNode = ((XmlAttribute)codeBaseNode).OwnerElement.SelectSingleNode(XPaths.hashElement, nsmgr); if (hashNode != null) { ((XmlElement)hashNode).InnerText = hash; } // update file size of application manifest XmlAttribute sizeAttribute = ((XmlAttribute)codeBaseNode).OwnerElement.Attributes[XmlUtil.TrimPrefix(XPaths.fileSizeAttribute)]; if (sizeAttribute == null) { throw new InvalidOperationException(String.Format(System.Globalization.CultureInfo.InvariantCulture, "XPath not found: {0}", XPaths.fileSizeAttribute)); } sizeAttribute.Value = size.ToString(System.Globalization.CultureInfo.InvariantCulture); document.Save(outputPath); }
private void FixupPermissionSetElement(XmlElement permissionSetElement) { XmlDocument ownerDocument = permissionSetElement.OwnerDocument; XmlNamespaceManager namespaceManager = XmlNamespaces.GetNamespaceManager(ownerDocument.NameTable); if (this._preserveFullTrustPermissionSet) { XmlAttribute node = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); if (this._isFullTrust) { if (node == null) { node = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:Unrestricted")); permissionSetElement.Attributes.Append(node); } node.Value = "true"; } else if (node != null) { permissionSetElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); } } else if (this._isFullTrust) { XmlAttribute attribute2 = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); if (attribute2 == null) { attribute2 = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:Unrestricted")); permissionSetElement.Attributes.Append(attribute2); } attribute2.Value = "true"; while (permissionSetElement.FirstChild != null) { permissionSetElement.RemoveChild(permissionSetElement.FirstChild); } } XmlAttribute namedItem = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:ID")); if (namedItem == null) { namedItem = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:ID")); permissionSetElement.Attributes.Append(namedItem); } if (string.IsNullOrEmpty(namedItem.Value)) { namedItem.Value = "Custom"; } this.AddSameSiteAttribute(permissionSetElement); if ((permissionSetElement.ParentNode != null) && (permissionSetElement.ParentNode.NodeType != XmlNodeType.Document)) { XmlAttribute attribute4 = null; XmlElement newChild = (XmlElement)permissionSetElement.ParentNode.SelectSingleNode("asmv2:defaultAssemblyRequest", namespaceManager); if (newChild == null) { newChild = ownerDocument.CreateElement(XmlUtil.TrimPrefix("asmv2:defaultAssemblyRequest"), "urn:schemas-microsoft-com:asm.v2"); permissionSetElement.ParentNode.AppendChild(newChild); } attribute4 = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:permissionSetReference")); if (attribute4 == null) { attribute4 = ownerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:permissionSetReference")); newChild.Attributes.Append(attribute4); } if (string.Compare(namedItem.Value, attribute4.Value, StringComparison.Ordinal) != 0) { attribute4.Value = namedItem.Value; } } }
public void Write(Stream output) { XmlDocument document = new XmlDocument(); XmlElement newChild = XmlUtil.CloneElementToDocument(this.GetInputPermissionSetElement(), document, "urn:schemas-microsoft-com:asm.v2"); document.AppendChild(newChild); string str = null; XmlDocument document2 = new XmlDocument(); XmlElement inputRequestedPrivilegeElement = this.GetInputRequestedPrivilegeElement(); XmlElement requestedPrivilegeElement = null; requestedPrivilegeElement = this.GetRequestedPrivilegeElement(inputRequestedPrivilegeElement, document2); if (requestedPrivilegeElement != null) { document2.AppendChild(requestedPrivilegeElement); MemoryStream outStream = new MemoryStream(); document2.Save(outStream); outStream.Position = 0L; str = Util.WriteTempFile(outStream); } try { string resource = "trustinfo2.xsl"; MemoryStream stream2 = new MemoryStream(); if ((this._outputPermissionSet == null) && !this.sameSiteChanged) { XmlElement documentElement = document.DocumentElement; this.FixupPermissionSetElement(documentElement); document.Save(stream2); stream2.Position = 0L; } else { XmlDocument outputPermissionSetDocument = this.GetOutputPermissionSetDocument(); XmlElement permissionSetElement = outputPermissionSetDocument.DocumentElement; this.FixupPermissionSetElement(permissionSetElement); if (document.DocumentElement == null) { outputPermissionSetDocument.Save(stream2); stream2.Position = 0L; } else { XmlElement oldChild = document.DocumentElement; XmlElement element8 = (XmlElement)document.ImportNode(permissionSetElement, true); oldChild.ParentNode.ReplaceChild(element8, oldChild); document.Save(stream2); stream2.Position = 0L; } } Stream input = null; if (str != null) { DictionaryEntry[] entries = new DictionaryEntry[] { new DictionaryEntry("defaultRequestedPrivileges", str) }; input = XmlUtil.XslTransform(resource, stream2, entries); } else { input = XmlUtil.XslTransform(resource, stream2, new DictionaryEntry[0]); } Util.CopyStream(input, output); } finally { if (str != null) { File.Delete(str); } } }
private void ReadTrustInfo(string xml) { this._inputTrustInfoDocument = new XmlDocument(); this._inputTrustInfoDocument.LoadXml(xml); XmlElement inputPermissionSetElement = this.GetInputPermissionSetElement(); XmlAttribute namedItem = (XmlAttribute)inputPermissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); this._isFullTrust = (namedItem != null) && bool.Parse(namedItem.Value); XmlAttribute attribute2 = (XmlAttribute)inputPermissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:SameSite")); if (attribute2 != null) { this.sameSiteSetting = attribute2.Value; } }
private void AddSameSiteAttribute(XmlElement permissionSetElement) { XmlAttribute namedItem = (XmlAttribute)permissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:SameSite")); if (namedItem == null) { namedItem = permissionSetElement.OwnerDocument.CreateAttribute(XmlUtil.TrimPrefix("asmv2:SameSite")); permissionSetElement.Attributes.Append(namedItem); } namedItem.Value = this.sameSiteSetting; }
private System.Security.PermissionSet GetInputPermissionSet() { if (this._inputPermissionSet == null) { XmlElement inputPermissionSetElement = this.GetInputPermissionSetElement(); if (this._preserveFullTrustPermissionSet) { XmlAttribute namedItem = (XmlAttribute)inputPermissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); this._isFullTrust = (namedItem != null) && bool.Parse(namedItem.Value); if (this._isFullTrust) { XmlDocument document = new XmlDocument(); document.AppendChild(document.ImportNode(inputPermissionSetElement, true)); document.DocumentElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); inputPermissionSetElement = document.DocumentElement; } this._inputPermissionSet = SecurityUtilities.XmlToPermissionSet(inputPermissionSetElement); } else { this._inputPermissionSet = SecurityUtilities.XmlToPermissionSet(inputPermissionSetElement); this._isFullTrust = this._inputPermissionSet.IsUnrestricted(); } } return(this._inputPermissionSet); }