internal static COM.TYPEATTR GetTypeAttr(COM.ITypeInfo typeinfo) { IntPtr pTypeAttr; typeinfo.GetTypeAttr(out pTypeAttr); COM.TYPEATTR typeattr = ClrFacade.PtrToStructure <COM.TYPEATTR>(pTypeAttr); typeinfo.ReleaseTypeAttr(pTypeAttr); return(typeattr); }
internal static COM.FUNCDESC GetFuncDesc(COM.ITypeInfo typeinfo, int index) { IntPtr pFuncDesc; typeinfo.GetFuncDesc(index, out pFuncDesc); COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc); typeinfo.ReleaseFuncDesc(pFuncDesc); return(funcdesc); }
/// <summary> /// Obtains the parameter information for a given FuncDesc /// </summary> internal static ParameterInformation[] GetParameterInformation(COM.FUNCDESC funcdesc, bool skipLastParameter) { int cParams = funcdesc.cParams; if (skipLastParameter) { Diagnostics.Assert(cParams > 0, "skipLastParameter is only true for property setters where there is at least one parameter"); cParams--; } ParameterInformation[] parameters = new ParameterInformation[cParams]; IntPtr ElementDescriptionArrayPtr = funcdesc.lprgelemdescParam; int ElementDescriptionSize = ClrFacade.SizeOf <COM.ELEMDESC>(); for (int i = 0; i < cParams; i++) { COM.ELEMDESC ElementDescription; int ElementDescriptionArrayByteOffset; IntPtr ElementDescriptionPointer; bool fOptional = false; ElementDescription = new COM.ELEMDESC(); ElementDescriptionArrayByteOffset = i * ElementDescriptionSize; //Disable PRefast warning for converting to int32 and converting back into intptr. //Code below takes into account 32 bit vs 64 bit conversions #pragma warning disable 56515 if (IntPtr.Size == 4) { ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt32() + ElementDescriptionArrayByteOffset); } else { ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt64() + ElementDescriptionArrayByteOffset); } #pragma warning enable 56515 ElementDescription = ClrFacade.PtrToStructure <COM.ELEMDESC>(ElementDescriptionPointer); //get the type of parameter Type type = ComUtil.GetTypeFromTypeDesc(ElementDescription.tdesc); Object defaultvalue = null; //check is this parameter is optional. if ((ElementDescription.desc.paramdesc.wParamFlags & COM.PARAMFLAG.PARAMFLAG_FOPT) != 0) { fOptional = true; defaultvalue = Type.Missing; } bool fByRef = (ElementDescription.desc.paramdesc.wParamFlags & COM.PARAMFLAG.PARAMFLAG_FOUT) != 0; parameters[i] = new ParameterInformation(type, fOptional, defaultvalue, fByRef); } return(parameters); }
private static DWORD GetWinTrustData(string fileName, string fileContent, out NativeMethods.WINTRUST_DATA wtData) { DWORD dwResult = Win32Errors.E_FAIL; IntPtr WINTRUST_ACTION_GENERIC_VERIFY_V2 = IntPtr.Zero; IntPtr wtdBuffer = IntPtr.Zero; Guid actionVerify = new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE"); try { WINTRUST_ACTION_GENERIC_VERIFY_V2 = Marshal.AllocCoTaskMem(Marshal.SizeOf(actionVerify)); Marshal.StructureToPtr(actionVerify, WINTRUST_ACTION_GENERIC_VERIFY_V2, false); NativeMethods.WINTRUST_DATA wtd; if (fileContent == null) { NativeMethods.WINTRUST_FILE_INFO wfi = NativeMethods.InitWintrustFileInfoStruct(fileName); wtd = NativeMethods.InitWintrustDataStructFromFile(wfi); } else { NativeMethods.WINTRUST_BLOB_INFO wbi = NativeMethods.InitWintrustBlobInfoStruct(fileName, fileContent); wtd = NativeMethods.InitWintrustDataStructFromBlob(wbi); } wtdBuffer = Marshal.AllocCoTaskMem(Marshal.SizeOf(wtd)); Marshal.StructureToPtr(wtd, wtdBuffer, false); // The result is returned to the caller, and handled generically. // Disable the PreFast check for Win32 error codes, as we don't care. #pragma warning disable 56523 dwResult = NativeMethods.WinVerifyTrust( IntPtr.Zero, WINTRUST_ACTION_GENERIC_VERIFY_V2, wtdBuffer); #pragma warning enable 56523 wtData = ClrFacade.PtrToStructure <NativeMethods.WINTRUST_DATA>(wtdBuffer); } finally { ClrFacade.DestroyStructure <Guid>(WINTRUST_ACTION_GENERIC_VERIFY_V2); Marshal.FreeCoTaskMem(WINTRUST_ACTION_GENERIC_VERIFY_V2); ClrFacade.DestroyStructure <NativeMethods.WINTRUST_DATA>(wtdBuffer); Marshal.FreeCoTaskMem(wtdBuffer); } return(dwResult); }
internal static string ReadScript(string path) { using (FileStream readerStream = new FileStream(path, FileMode.Open, FileAccess.Read)) { Encoding defaultEncoding = ClrFacade.GetDefaultEncoding(); Microsoft.Win32.SafeHandles.SafeFileHandle safeFileHandle = readerStream.SafeFileHandle; using (StreamReader scriptReader = new StreamReader(readerStream, defaultEncoding)) { return(scriptReader.ReadToEnd()); } } }
/// <summary> /// Add the 'UserName' NoteProperty to the Process object /// </summary> /// <param name="process"></param> /// <returns></returns> private static PSObject AddUserNameToProcess(Process process) { // Return null if we failed to get the owner information string userName = ClrFacade.RetrieveProcessUserName(process); PSObject processAsPsobj = PSObject.AsPSObject(process); PSNoteProperty noteProperty = new PSNoteProperty("UserName", userName); processAsPsobj.Properties.Add(noteProperty, true); processAsPsobj.TypeNames.Insert(0, TypeNameForProcessWithUserName); return(processAsPsobj); }
/// <summary> /// Restore the previous privilege state /// </summary> /// <param name="privilegeName"></param> /// <param name="previousPrivilegeState"></param> /// <returns></returns> internal static bool RestoreTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE previousPrivilegeState) { // The privilege was not changed, do not need to restore it. if (previousPrivilegeState.PrivilegeCount == 0) { return(true); } bool success = false; TOKEN_PRIVILEGE newState = new TOKEN_PRIVILEGE(); // Check if the caller has the specified privilege or not. If the caller has it, check the LUID specified in previousPrivilegeState // to see if the previousPrivilegeState is defined for the same privilege if (LookupPrivilegeValue(null, privilegeName, ref newState.Privilege.Luid) && newState.Privilege.Luid.HighPart == previousPrivilegeState.Privilege.Luid.HighPart && newState.Privilege.Luid.LowPart == previousPrivilegeState.Privilege.Luid.LowPart) { // Get the pseudo handler of the current process IntPtr processHandler = GetCurrentProcess(); if (processHandler != IntPtr.Zero) { // Get the handler of the current process's access token IntPtr tokenHandler = IntPtr.Zero; if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler)) { int bufferSize = ClrFacade.SizeOf <TOKEN_PRIVILEGE>(); int returnSize = 0; // restore the privilege state back to the previous privilege state if (AdjustTokenPrivileges(tokenHandler, false, ref previousPrivilegeState, bufferSize, out newState, ref returnSize)) { if (Marshal.GetLastWin32Error() == ERROR_SUCCESS) { success = true; } } } if (tokenHandler != IntPtr.Zero) { CloseHandle(tokenHandler); } CloseHandle(processHandler); } } return(success); }
/// <summary> /// Converts a MethodBase[] into a MethodInformation[] /// </summary> /// <returns>the ComMethodInformation[] corresponding to methods</returns> internal static ComMethodInformation[] GetMethodInformationArray(COM.ITypeInfo typeInfo, Collection <int> methods, bool skipLastParameters) { int methodCount = methods.Count; int count = 0; ComMethodInformation[] returnValue = new ComMethodInformation[methodCount]; foreach (int index in methods) { IntPtr pFuncDesc; typeInfo.GetFuncDesc(index, out pFuncDesc); COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc); returnValue[count++] = ComUtil.GetMethodInformation(funcdesc, skipLastParameters); typeInfo.ReleaseFuncDesc(pFuncDesc); } return(returnValue); }
internal string GetDefinition() { IntPtr pFuncDesc = IntPtr.Zero; try { _typeInfo.GetFuncDesc(GetFuncDescIndex(), out pFuncDesc); COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc); return(ComUtil.GetMethodSignatureFromFuncDesc(_typeInfo, funcdesc, !IsGettable)); } finally { if (pFuncDesc != IntPtr.Zero) { _typeInfo.ReleaseFuncDesc(pFuncDesc); } } }
/// <summary> /// Get file attribute (Relative path in our case) from catalog /// </summary> /// <param name="memberAttrInfo"> Pointer to current attribute of catalog member. </param> /// <returns> value of the attribute </returns> internal static string ProcessFilePathAttributeInCatalog(IntPtr memberAttrInfo) { string relativePath = string.Empty; NativeMethods.CRYPTCATATTRIBUTE currentMemberAttr = ClrFacade.PtrToStructure <NativeMethods.CRYPTCATATTRIBUTE>(memberAttrInfo); // check if this is the attribute we are looking for // catalog generated other way not using New-FileCatalog can have attributes we don't understand if (currentMemberAttr.pwszReferenceTag.Equals("FilePath", StringComparison.OrdinalIgnoreCase)) { // find the size for the current attribute value and then allocate buffer and copy from byte array int attrValueSize = (int)currentMemberAttr.cbValue; byte[] attrValue = new byte[attrValueSize]; Marshal.Copy(currentMemberAttr.pbValue, attrValue, 0, attrValueSize); relativePath = System.Text.Encoding.Unicode.GetString(attrValue); relativePath = relativePath.TrimEnd('\0'); } return(relativePath); }
/// <summary> /// Returns the different method overloads signatures. /// </summary> /// <returns></returns> internal Collection <String> MethodDefinitions() { Collection <String> result = new Collection <string>(); foreach (int index in _methods) { IntPtr pFuncDesc; _typeInfo.GetFuncDesc(index, out pFuncDesc); COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc); string signature = ComUtil.GetMethodSignatureFromFuncDesc(_typeInfo, funcdesc, false); result.Add(signature); _typeInfo.ReleaseFuncDesc(pFuncDesc); } return(result); }
private static X509Certificate2 GetCertFromChain(IntPtr pSigner) { X509Certificate2 signerCert = null; // We don't care about the Win32 error code here, so disable // the PreFast complaint that we're not retrieving it. #pragma warning disable 56523 IntPtr pCert = NativeMethods.WTHelperGetProvCertFromChain(pSigner, 0); #pragma warning enable 56523 if (pCert != IntPtr.Zero) { NativeMethods.CRYPT_PROVIDER_CERT provCert = (NativeMethods.CRYPT_PROVIDER_CERT) ClrFacade.PtrToStructure <NativeMethods.CRYPT_PROVIDER_CERT>(pCert); signerCert = new X509Certificate2(provCert.pCert); } return(signerCert); }
/// <summary> /// Returns an equivalent NetworkCredential object for this /// PSCredential. /// /// A null is returned if /// -- current object has not been initialized /// -- current creds are not compatible with NetworkCredential /// (such as smart card creds or cert creds) /// </summary> /// /// <returns> /// null if the current object has not been initialized. /// null if the current credentials are incompatible with /// a NetworkCredential -- such as smart card credentials. /// the appropriate network credential for this PSCredential otherwise. /// </returns> public NetworkCredential GetNetworkCredential() { if (_netCred == null) { string user = null; string domain = null; if (IsValidUserName(_userName, out user, out domain)) { #if CORECLR // NetworkCredential constructor only accepts plain string password in .NET Core. // TODO: This raises security concerns about having the plain string password in memory // for an indefinite period of time. So we need to change back to the constructor that // takes a SecureString password once it becomes available in .NET Core. IntPtr unmanagedPtr = IntPtr.Zero; try { unmanagedPtr = ClrFacade.SecureStringToCoTaskMemUnicode(_password); string pwdInPlainText = System.Runtime.InteropServices.Marshal.PtrToStringUni(unmanagedPtr); _netCred = new NetworkCredential(user, pwdInPlainText, domain); } finally { if (unmanagedPtr != IntPtr.Zero) { Marshal.ZeroFreeCoTaskMemUnicode(unmanagedPtr); } } #else _netCred = new NetworkCredential(user, _password, domain); #endif } } return(_netCred); }
private static bool TryGetProviderSigner(IntPtr wvtStateData, out IntPtr pProvSigner, out X509Certificate2 timestamperCert) { pProvSigner = IntPtr.Zero; timestamperCert = null; // The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be // able to see that. #pragma warning disable 56523 IntPtr pProvData = NativeMethods.WTHelperProvDataFromStateData(wvtStateData); #pragma warning enable 56523 if (pProvData != IntPtr.Zero) { pProvSigner = NativeMethods.WTHelperGetProvSignerFromChain(pProvData, 0, 0, 0); if (pProvSigner != IntPtr.Zero) { NativeMethods.CRYPT_PROVIDER_SGNR provSigner = (NativeMethods.CRYPT_PROVIDER_SGNR) ClrFacade.PtrToStructure <NativeMethods.CRYPT_PROVIDER_SGNR>(pProvSigner); if (provSigner.csCounterSigners == 1) { // // time stamper cert available // timestamperCert = GetCertFromChain(provSigner.pasCounterSigners); } return(true); } } return(false); }
/// <summary> /// Retrieve the encoding parameter from the command line /// it throws if the encoding does not match the known ones. /// </summary> /// <returns>A System.Text.Encoding object (null if no encoding specified).</returns> internal static Encoding Convert(Cmdlet cmdlet, string encoding) { if (string.IsNullOrEmpty(encoding)) { // no parameter passed, default to UTF8 return(ClrFacade.GetDefaultEncoding()); } Encoding foundEncoding; if (encodingMap.TryGetValue(encoding, out foundEncoding)) { // Write a warning if using utf7 as it is obsolete in .NET5 if (string.Compare(encoding, Utf7, StringComparison.OrdinalIgnoreCase) == 0) { cmdlet.WriteWarning(PathUtilsStrings.Utf7EncodingObsolete); } return(foundEncoding); } // error condition: unknown encoding value string validEncodingValues = string.Join(", ", TabCompletionResults); string msg = StringUtil.Format(PathUtilsStrings.OutFile_WriteToFileEncodingUnknown, encoding, validEncodingValues); ErrorRecord errorRecord = new ErrorRecord( PSTraceSource.NewArgumentException("Encoding"), "WriteToFileEncodingUnknown", ErrorCategory.InvalidArgument, null); errorRecord.ErrorDetails = new ErrorDetails(msg); cmdlet.ThrowTerminatingError(errorRecord); return(null); }
FileAttributes dwFileAttributes); // _In_ DWORD /// <summary> /// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true /// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege /// state will be saved in oldPrivilegeState. /// </summary> /// <param name="privilegeName"></param> /// <param name="oldPrivilegeState"></param> /// <returns></returns> internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState) { bool success = false; TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE(); // Check if the caller has the specified privilege or not if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid)) { // Get the pseudo handler of the current process IntPtr processHandler = GetCurrentProcess(); if (processHandler != IntPtr.Zero) { // Get the handler of the current process's access token IntPtr tokenHandler = IntPtr.Zero; if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler)) { // Check if the specified privilege is already enabled PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET(); requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid; requiredPrivilege.PrivilegeCount = 1; // PRIVILEGE_SET_ALL_NECESSARY is defined as 1 requiredPrivilege.Control = 1; bool privilegeEnabled = false; if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled) { // The specified privilege is already enabled oldPrivilegeState.PrivilegeCount = 0; success = true; } else { // The specified privilege is not enabled yet. Enable it. newPrivilegeState.PrivilegeCount = 1; newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED; int bufferSize = ClrFacade.SizeOf <TOKEN_PRIVILEGE>(); int returnSize = 0; // enable the specified privilege if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize)) { // AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled int retCode = Marshal.GetLastWin32Error(); if (retCode == ERROR_SUCCESS) { success = true; } else if (retCode == 1300) { // 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not // assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege" // is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide // whether the permission is granted or not. // Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified) oldPrivilegeState.PrivilegeCount = 0; success = true; } } } } // Close the token handler and the process handler if (tokenHandler != IntPtr.Zero) { CloseHandle(tokenHandler); } CloseHandle(processHandler); } } return(success); }
private void ReadScriptContents() { if (_scriptContents == null) { // make sure we can actually load the script and that it's non-empty // before we call it. // Note, although we are passing ASCII as the encoding, the StreamReader // class still obeys the byte order marks at the beginning of the file // if present. If not present, then ASCII is used as the default encoding. try { using (FileStream readerStream = new FileStream(_path, FileMode.Open, FileAccess.Read)) { Encoding defaultEncoding = ClrFacade.GetDefaultEncoding(); Microsoft.Win32.SafeHandles.SafeFileHandle safeFileHandle = readerStream.SafeFileHandle; using (StreamReader scriptReader = new StreamReader(readerStream, defaultEncoding)) { _scriptContents = scriptReader.ReadToEnd(); _originalEncoding = scriptReader.CurrentEncoding; // Check if this came from a trusted path. If so, set its language mode to FullLanguage. if (SystemPolicy.GetSystemLockdownPolicy() != SystemEnforcementMode.None) { SystemEnforcementMode scriptSpecificPolicy = SystemPolicy.GetLockdownPolicy(_path, safeFileHandle); if (scriptSpecificPolicy != SystemEnforcementMode.Enforce) { this.DefiningLanguageMode = PSLanguageMode.FullLanguage; } else { this.DefiningLanguageMode = PSLanguageMode.ConstrainedLanguage; } } else { if (this.Context != null) { this.DefiningLanguageMode = this.Context.LanguageMode; } } } } } catch (ArgumentException e) { // This catches PSArgumentException as well. ThrowCommandNotFoundException(e); } catch (IOException e) { ThrowCommandNotFoundException(e); } catch (NotSupportedException e) { ThrowCommandNotFoundException(e); } catch (UnauthorizedAccessException e) { // this is unadvertised exception thrown by the StreamReader ctor when // no permission to read the script file ThrowCommandNotFoundException(e); } } }
private void ReadScriptContents() { if (_scriptContents == null) { // make sure we can actually load the script and that it's non-empty // before we call it. // Note, although we are passing ASCII as the encoding, the StreamReader // class still obeys the byte order marks at the beginning of the file // if present. If not present, then ASCII is used as the default encoding. try { using (FileStream readerStream = new FileStream(_path, FileMode.Open, FileAccess.Read)) { Encoding defaultEncoding = ClrFacade.GetDefaultEncoding(); using (StreamReader scriptReader = new StreamReader(readerStream, defaultEncoding)) { _scriptContents = scriptReader.ReadToEnd(); _originalEncoding = scriptReader.CurrentEncoding; // Check this file against any system wide enforcement policies. SystemScriptFileEnforcement filePolicyEnforcement = SystemPolicy.GetFilePolicyEnforcement(_path, readerStream); switch (filePolicyEnforcement) { case SystemScriptFileEnforcement.None: if (Context != null) { DefiningLanguageMode = Context.LanguageMode; } break; case SystemScriptFileEnforcement.Allow: DefiningLanguageMode = PSLanguageMode.FullLanguage; break; case SystemScriptFileEnforcement.AllowConstrained: DefiningLanguageMode = PSLanguageMode.ConstrainedLanguage; break; case SystemScriptFileEnforcement.Block: throw new PSSecurityException( string.Format( Globalization.CultureInfo.CurrentUICulture, SecuritySupportStrings.ScriptFileBlockedBySystemPolicy, _path)); default: throw new PSSecurityException( string.Format( Globalization.CultureInfo.CurrentUICulture, SecuritySupportStrings.UnknownSystemScriptFileEnforcement, filePolicyEnforcement)); } } } } catch (ArgumentException e) { // This catches PSArgumentException as well. ThrowCommandNotFoundException(e); } catch (IOException e) { ThrowCommandNotFoundException(e); } catch (NotSupportedException e) { ThrowCommandNotFoundException(e); } catch (UnauthorizedAccessException e) { // this is unadvertised exception thrown by the StreamReader ctor when // no permission to read the script file ThrowCommandNotFoundException(e); } } }
/// <summary> /// Make list of hashes for given Catalog File /// </summary> /// <param name="catalogFilePath"> Path to the folder having catalog file </param> /// <param name="excludedPatterns"></param> /// <param name="catalogVersion"> The version of input catalog we read from catalog meta data after opening it.</param> /// <returns> Dictionary mapping files relative paths to HashValues </returns> internal static Dictionary <String, String> GetHashesFromCatalog(string catalogFilePath, WildcardPattern[] excludedPatterns, out int catalogVersion) { IntPtr resultCatalog = NativeMethods.CryptCATOpen(catalogFilePath, 0, IntPtr.Zero, 1, 0); IntPtr INVALID_HANDLE_VALUE = new IntPtr(-1); Dictionary <String, String> catalogHashes = new Dictionary <String, String>(StringComparer.CurrentCultureIgnoreCase); catalogVersion = 0; if (resultCatalog != INVALID_HANDLE_VALUE) { try { IntPtr catAttrInfo = IntPtr.Zero; // First traverse all catalog level attributes to get information about zero size file. do { catAttrInfo = NativeMethods.CryptCATEnumerateCatAttr(resultCatalog, catAttrInfo); // If we found attribute it is a file information retrieve its relative path // and add it to catalog hash collection if its not in excluded files criteria if (catAttrInfo != IntPtr.Zero) { string relativePath = ProcessFilePathAttributeInCatalog(catAttrInfo); if (!String.IsNullOrEmpty(relativePath)) { ProcessCatalogFile(relativePath, string.Empty, excludedPatterns, ref catalogHashes); } } } while (catAttrInfo != IntPtr.Zero); catalogVersion = GetCatalogVersion(resultCatalog); IntPtr memberInfo = IntPtr.Zero; // Next Navigate all members in Catalog files and get their relative paths and hashes do { memberInfo = NativeMethods.CryptCATEnumerateMember(resultCatalog, memberInfo); if (memberInfo != IntPtr.Zero) { NativeMethods.CRYPTCATMEMBER currentMember = ClrFacade.PtrToStructure <NativeMethods.CRYPTCATMEMBER>(memberInfo); NativeMethods.SIP_INDIRECT_DATA pIndirectData = ClrFacade.PtrToStructure <NativeMethods.SIP_INDIRECT_DATA>(currentMember.pIndirectData); // For Catalog version 2 CryptoAPI puts hashes of file attributes(relative path in our case) in Catalog as well // We validate those along with file hashes so we are skipping duplicate entries if (!((catalogVersion == 2) && (pIndirectData.DigestAlgorithm.pszObjId.Equals(new Oid("SHA1").Value, StringComparison.OrdinalIgnoreCase)))) { string relativePath = String.Empty; IntPtr memberAttrInfo = IntPtr.Zero; do { memberAttrInfo = NativeMethods.CryptCATEnumerateAttr(resultCatalog, memberInfo, memberAttrInfo); if (memberAttrInfo != IntPtr.Zero) { relativePath = ProcessFilePathAttributeInCatalog(memberAttrInfo); if (!String.IsNullOrEmpty(relativePath)) { break; } } }while (memberAttrInfo != IntPtr.Zero); // If we did not find any Relative Path for the item in catalog we should quit // This catalog must not be valid for our use as catalogs generated using New-FileCatalog // always contains relative file Paths if (String.IsNullOrEmpty(relativePath)) { ErrorRecord errorRecord = new ErrorRecord(new InvalidOperationException(StringUtil.Format(CatalogStrings.UnableToOpenCatalogFile, catalogFilePath)), "UnableToOpenCatalogFile", ErrorCategory.InvalidOperation, null); _cmdlet.ThrowTerminatingError(errorRecord); } ProcessCatalogFile(relativePath, currentMember.pwszReferenceTag, excludedPatterns, ref catalogHashes); } } } while (memberInfo != IntPtr.Zero); } finally { NativeMethods.CryptCATClose(resultCatalog); } } else { ErrorRecord errorRecord = new ErrorRecord(new InvalidOperationException(StringUtil.Format(CatalogStrings.UnableToOpenCatalogFile, catalogFilePath)), "UnableToOpenCatalogFile", ErrorCategory.InvalidOperation, null); _cmdlet.ThrowTerminatingError(errorRecord); } return(catalogHashes); }
internal static Signature SignFile(SigningOption option, string fileName, X509Certificate2 certificate, string timeStampServerUrl, string hashAlgorithm) { bool result = false; Signature signature = null; IntPtr pSignInfo = IntPtr.Zero; DWORD error = 0; string hashOid = null; Utils.CheckArgForNullOrEmpty(fileName, "fileName"); Utils.CheckArgForNull(certificate, "certificate"); // If given, TimeStamp server URLs must begin with http:// if (!String.IsNullOrEmpty(timeStampServerUrl)) { if ((timeStampServerUrl.Length <= 7) || (timeStampServerUrl.IndexOf("http://", StringComparison.OrdinalIgnoreCase) != 0)) { throw PSTraceSource.NewArgumentException( "certificate", Authenticode.TimeStampUrlRequired); } } // Validate that the hash algorithm is valid if (!String.IsNullOrEmpty(hashAlgorithm)) { IntPtr intptrAlgorithm = Marshal.StringToHGlobalUni(hashAlgorithm); IntPtr oidPtr = NativeMethods.CryptFindOIDInfo(NativeConstants.CRYPT_OID_INFO_NAME_KEY, intptrAlgorithm, 0); // If we couldn't find an OID for the hash // algorithm, it was invalid. if (oidPtr == IntPtr.Zero) { throw PSTraceSource.NewArgumentException( "certificate", Authenticode.InvalidHashAlgorithm); } else { NativeMethods.CRYPT_OID_INFO oidInfo = ClrFacade.PtrToStructure <NativeMethods.CRYPT_OID_INFO>(oidPtr); hashOid = oidInfo.pszOID; } } if (!SecuritySupport.CertIsGoodForSigning(certificate)) { throw PSTraceSource.NewArgumentException( "certificate", Authenticode.CertNotGoodForSigning); } SecuritySupport.CheckIfFileExists(fileName); //SecurityUtils.CheckIfFileSmallerThan4Bytes(fileName); try { // CryptUI is not documented either way, but does not // support empty strings for the timestamp server URL. // It expects null, only. Instead, it randomly AVs if you // try. string timeStampServerUrlForCryptUI = null; if (!String.IsNullOrEmpty(timeStampServerUrl)) { timeStampServerUrlForCryptUI = timeStampServerUrl; } // // first initialize the struct to pass to // CryptUIWizDigitalSign() function // NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_INFO si = NativeMethods.InitSignInfoStruct(fileName, certificate, timeStampServerUrlForCryptUI, hashOid, option); pSignInfo = Marshal.AllocCoTaskMem(Marshal.SizeOf(si)); Marshal.StructureToPtr(si, pSignInfo, false); // // sign the file // // The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be // able to see that. #pragma warning disable 56523 result = NativeMethods.CryptUIWizDigitalSign( (DWORD)NativeMethods.CryptUIFlags.CRYPTUI_WIZ_NO_UI, IntPtr.Zero, IntPtr.Zero, pSignInfo, IntPtr.Zero); #pragma warning enable 56523 if (si.pSignExtInfo != null) { ClrFacade.DestroyStructure <NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO>(si.pSignExtInfo); Marshal.FreeCoTaskMem(si.pSignExtInfo); } if (!result) { error = GetLastWin32Error(); // // ISSUE-2004/05/08-kumarp : there seems to be a bug // in CryptUIWizDigitalSign(). // It returns 80004005 or 80070001 // but it signs the file correctly. Mask this error // till we figure out this odd behavior. // if ((error == 0x80004005) || (error == 0x80070001) || // CryptUIWizDigitalSign introduced a breaking change in Win8 to return this // error code (ERROR_INTERNET_NAME_NOT_RESOLVED) when you provide an invalid // timestamp server. It used to be 0x80070001. // Also masking this out so that we don't introduce a breaking change ourselves. (error == 0x80072EE7) ) { result = true; } else { if (error == Win32Errors.NTE_BAD_ALGID) { throw PSTraceSource.NewArgumentException( "certificate", Authenticode.InvalidHashAlgorithm); } s_tracer.TraceError("CryptUIWizDigitalSign: failed: {0:x}", error); } } if (result) { signature = GetSignature(fileName, null); } else { signature = new Signature(fileName, (DWORD)error); } } finally { ClrFacade.DestroyStructure <NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_INFO>(pSignInfo); Marshal.FreeCoTaskMem(pSignInfo); } return(signature); }
/// <summary> /// retrieve the encoding paramater from the command line /// it throws if the encoding does not match the known ones /// </summary> /// <returns>a System.Text.Encoding object (null if no encoding specified)</returns> internal static Encoding Convert(Cmdlet cmdlet, string encoding) { if (string.IsNullOrEmpty(encoding)) { // no parameter passed, default to Unicode (OS preferred) return(System.Text.Encoding.Unicode); } // Default to unicode (this matches Get-Content) if (string.Equals(encoding, Unknown, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.Unicode); } if (string.Equals(encoding, String, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.Unicode); } // these are the encodings the CLR supports if (string.Equals(encoding, Unicode, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.Unicode); } if (string.Equals(encoding, BigEndianUnicode, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.BigEndianUnicode); } if (string.Equals(encoding, Utf8, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.UTF8); } if (string.Equals(encoding, Ascii, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.ASCII); } if (string.Equals(encoding, Utf7, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.UTF7); } if (string.Equals(encoding, Utf32, StringComparison.OrdinalIgnoreCase)) { return(System.Text.Encoding.UTF32); } if (string.Equals(encoding, Default, StringComparison.OrdinalIgnoreCase)) { return(ClrFacade.GetDefaultEncoding()); } if (string.Equals(encoding, OEM, StringComparison.OrdinalIgnoreCase)) { return(ClrFacade.GetOEMEncoding()); } // error condition: unknown encoding value string validEncodingValues = string.Join( ", ", new string[] { Unknown, String, Unicode, BigEndianUnicode, Ascii, Utf8, Utf7, Utf32, Default, OEM }); string msg = StringUtil.Format(PathUtilsStrings.OutFile_WriteToFileEncodingUnknown, encoding, validEncodingValues); ErrorRecord errorRecord = new ErrorRecord( PSTraceSource.NewArgumentException("Encoding"), "WriteToFileEncodingUnknown", ErrorCategory.InvalidArgument, null); errorRecord.ErrorDetails = new ErrorDetails(msg); cmdlet.ThrowTerminatingError(errorRecord); return(null); }
/// <summary> /// Retrieve the UserName through PInvoke /// </summary> /// <param name="process"></param> /// <returns></returns> private static string RetrieveProcessUserName(Process process) { string userName = null; #if UNIX userName = Platform.NonWindowsGetUserFromPid(process.Id); #else IntPtr tokenUserInfo = IntPtr.Zero; IntPtr processTokenHandler = IntPtr.Zero; const uint TOKEN_QUERY = 0x0008; try { do { int error; if (!Win32Native.OpenProcessToken(ClrFacade.GetSafeProcessHandle(process), TOKEN_QUERY, out processTokenHandler)) { break; } // Set the default length to be 256, so it will be sufficient for most cases int tokenInfoLength = 256; tokenUserInfo = Marshal.AllocHGlobal(tokenInfoLength); if (!Win32Native.GetTokenInformation(processTokenHandler, Win32Native.TOKEN_INFORMATION_CLASS.TokenUser, tokenUserInfo, tokenInfoLength, out tokenInfoLength)) { error = Marshal.GetLastWin32Error(); if (error == Win32Native.ERROR_INSUFFICIENT_BUFFER) { Marshal.FreeHGlobal(tokenUserInfo); tokenUserInfo = Marshal.AllocHGlobal(tokenInfoLength); if (!Win32Native.GetTokenInformation(processTokenHandler, Win32Native.TOKEN_INFORMATION_CLASS.TokenUser, tokenUserInfo, tokenInfoLength, out tokenInfoLength)) { break; } } else { break; } } var tokenUser = ClrFacade.PtrToStructure <Win32Native.TOKEN_USER>(tokenUserInfo); // Set the default length to be 256, so it will be sufficient for most cases int userNameLength = 256, domainNameLength = 256; var userNameStr = new StringBuilder(userNameLength); var domainNameStr = new StringBuilder(domainNameLength); Win32Native.SID_NAME_USE accountType; if (!Win32Native.LookupAccountSid(null, tokenUser.User.Sid, userNameStr, ref userNameLength, domainNameStr, ref domainNameLength, out accountType)) { error = Marshal.GetLastWin32Error(); if (error == Win32Native.ERROR_INSUFFICIENT_BUFFER) { userNameStr.EnsureCapacity(userNameLength); domainNameStr.EnsureCapacity(domainNameLength); if (!Win32Native.LookupAccountSid(null, tokenUser.User.Sid, userNameStr, ref userNameLength, domainNameStr, ref domainNameLength, out accountType)) { break; } } else { break; } } userName = domainNameStr + "\\" + userNameStr; } while (false); } catch (NotSupportedException) { // The Process not started yet, or it's a process from a remote machine } catch (InvalidOperationException) { // The Process has exited, Process.Handle will raise this exception } catch (Win32Exception) { // We might get an AccessDenied error } catch (Exception) { // I don't expect to get other exceptions, } finally { if (tokenUserInfo != IntPtr.Zero) { Marshal.FreeHGlobal(tokenUserInfo); } if (processTokenHandler != IntPtr.Zero) { Win32Native.CloseHandle(processTokenHandler); } } #endif return(userName); }
/// <summary> /// Gets Method Signature from FuncDesc describing the method. /// </summary> /// <param name="typeinfo">ITypeInfo interface of the object</param> /// <param name="funcdesc">FuncDesc which defines the method</param> /// <param name="isPropertyPut">True if this is a property put; these properties take their return type from their first paramenter</param> /// <returns>signature of the method</returns> internal static string GetMethodSignatureFromFuncDesc(COM.ITypeInfo typeinfo, COM.FUNCDESC funcdesc, bool isPropertyPut) { StringBuilder builder = new StringBuilder(); string name = GetNameFromFuncDesc(typeinfo, funcdesc); if (!isPropertyPut) { //First get the string for return type. string retstring = GetStringFromTypeDesc(typeinfo, funcdesc.elemdescFunc.tdesc); builder.Append(retstring + " "); } //Append the function name builder.Append(name); builder.Append(" ("); IntPtr ElementDescriptionArrayPtr = funcdesc.lprgelemdescParam; int ElementDescriptionSize = ClrFacade.SizeOf <COM.ELEMDESC>(); for (int i = 0; i < funcdesc.cParams; i++) { COM.ELEMDESC ElementDescription; int ElementDescriptionArrayByteOffset; IntPtr ElementDescriptionPointer; ElementDescription = new COM.ELEMDESC(); ElementDescriptionArrayByteOffset = i * ElementDescriptionSize; //Disable PRefast warning for converting to int32 and converting back into intptr. //Code below takes into account 32 bit vs 64 bit conversions #pragma warning disable 56515 if (IntPtr.Size == 4) { ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt32() + ElementDescriptionArrayByteOffset); } else { ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt64() + ElementDescriptionArrayByteOffset); } #pragma warning restore 56515 ElementDescription = ClrFacade.PtrToStructure <COM.ELEMDESC>(ElementDescriptionPointer); string paramstring = GetStringFromTypeDesc(typeinfo, ElementDescription.tdesc); if (i == 0 && isPropertyPut) // use the type of the first argument as the return type { builder.Insert(0, paramstring + " "); } else { builder.Append(paramstring); if (i < funcdesc.cParams - 1) { builder.Append(", "); } } } builder.Append(")"); return(builder.ToString()); }
private static Signature GetSignatureFromWintrustData( string filePath, DWORD error, NativeMethods.WINTRUST_DATA wtd) { Signature signature = null; X509Certificate2 signerCert = null; X509Certificate2 timestamperCert = null; s_tracer.WriteLine("GetSignatureFromWintrustData: error: {0}", error); // The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be // able to see that. #pragma warning disable 56523 IntPtr pProvData = NativeMethods.WTHelperProvDataFromStateData(wtd.hWVTStateData); #pragma warning enable 56523 if (pProvData != IntPtr.Zero) { IntPtr pProvSigner = NativeMethods.WTHelperGetProvSignerFromChain(pProvData, 0, 0, 0); if (pProvSigner != IntPtr.Zero) { // // get cert of the signer // signerCert = GetCertFromChain(pProvSigner); if (signerCert != null) { NativeMethods.CRYPT_PROVIDER_SGNR provSigner = (NativeMethods.CRYPT_PROVIDER_SGNR) ClrFacade.PtrToStructure <NativeMethods.CRYPT_PROVIDER_SGNR>(pProvSigner); if (provSigner.csCounterSigners == 1) { // // time stamper cert available // timestamperCert = GetCertFromChain(provSigner.pasCounterSigners); } if (timestamperCert != null) { signature = new Signature(filePath, error, signerCert, timestamperCert); } else { signature = new Signature(filePath, error, signerCert); } signature.SignatureType = SignatureType.Authenticode; } } } Diagnostics.Assert(((error == 0) && (signature != null)) || (error != 0), "GetSignatureFromWintrustData: general crypto failure"); if ((signature == null) && (error != 0)) { signature = new Signature(filePath, error); } return(signature); }
// Disable obsolete warning about VarEnum in CoreCLR #pragma warning disable 618 /// <summary> /// This function gets a string representation of the Type Descriptor /// This is used in generating signature for Properties and Methods. /// </summary> /// <param name="typeinfo">Reference to the type info to which the type descriptor belongs</param> /// <param name="typedesc">reference to type descriptor which is being converted to string from</param> /// <returns>string representation of the type descriptor</returns> private static string GetStringFromTypeDesc(COM.ITypeInfo typeinfo, COM.TYPEDESC typedesc) { if ((VarEnum)typedesc.vt == VarEnum.VT_PTR) { COM.TYPEDESC refdesc = ClrFacade.PtrToStructure <COM.TYPEDESC>(typedesc.lpValue); return(GetStringFromTypeDesc(typeinfo, refdesc)); } if ((VarEnum)typedesc.vt == VarEnum.VT_SAFEARRAY) { COM.TYPEDESC refdesc = ClrFacade.PtrToStructure <COM.TYPEDESC>(typedesc.lpValue); return("SAFEARRAY(" + GetStringFromTypeDesc(typeinfo, refdesc) + ")"); } if ((VarEnum)typedesc.vt == VarEnum.VT_USERDEFINED) { return(GetStringFromCustomType(typeinfo, typedesc.lpValue)); } switch ((VarEnum)typedesc.vt) { case VarEnum.VT_I1: return("char"); case VarEnum.VT_I2: return("short"); case VarEnum.VT_I4: case VarEnum.VT_INT: case VarEnum.VT_HRESULT: return("int"); case VarEnum.VT_I8: return("int64"); case VarEnum.VT_R4: return("float"); case VarEnum.VT_R8: return("double"); case VarEnum.VT_UI1: return("byte"); case VarEnum.VT_UI2: return("ushort"); case VarEnum.VT_UI4: case VarEnum.VT_UINT: return("uint"); case VarEnum.VT_UI8: return("uint64"); case VarEnum.VT_BSTR: case VarEnum.VT_LPSTR: case VarEnum.VT_LPWSTR: return("string"); case VarEnum.VT_DATE: return("Date"); case VarEnum.VT_BOOL: return("bool"); case VarEnum.VT_CY: return("currency"); case VarEnum.VT_DECIMAL: return("decimal"); case VarEnum.VT_CLSID: return("clsid"); case VarEnum.VT_DISPATCH: return("IDispatch"); case VarEnum.VT_UNKNOWN: return("IUnknown"); case VarEnum.VT_VARIANT: return("Variant"); case VarEnum.VT_VOID: return("void"); case VarEnum.VT_ARRAY: return("object[]"); case VarEnum.VT_EMPTY: return(""); default: return("Unknown!"); } }