internal static COM.TYPEATTR GetTypeAttr(COM.ITypeInfo typeinfo)
{
IntPtr pTypeAttr;
typeinfo.GetTypeAttr(out pTypeAttr);
COM.TYPEATTR typeattr = ClrFacade.PtrToStructure <COM.TYPEATTR>(pTypeAttr);
typeinfo.ReleaseTypeAttr(pTypeAttr);
return(typeattr);
}
internal static COM.FUNCDESC GetFuncDesc(COM.ITypeInfo typeinfo, int index)
{
IntPtr pFuncDesc;
typeinfo.GetFuncDesc(index, out pFuncDesc);
COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc);
typeinfo.ReleaseFuncDesc(pFuncDesc);
return(funcdesc);
}
/// <summary>
/// Obtains the parameter information for a given FuncDesc
/// </summary>
internal static ParameterInformation[] GetParameterInformation(COM.FUNCDESC funcdesc, bool skipLastParameter)
{
int cParams = funcdesc.cParams;
if (skipLastParameter)
{
Diagnostics.Assert(cParams > 0, "skipLastParameter is only true for property setters where there is at least one parameter");
cParams--;
}
ParameterInformation[] parameters = new ParameterInformation[cParams];
IntPtr ElementDescriptionArrayPtr = funcdesc.lprgelemdescParam;
int ElementDescriptionSize = ClrFacade.SizeOf <COM.ELEMDESC>();
for (int i = 0; i < cParams; i++)
{
COM.ELEMDESC ElementDescription;
int ElementDescriptionArrayByteOffset;
IntPtr ElementDescriptionPointer;
bool fOptional = false;
ElementDescription = new COM.ELEMDESC();
ElementDescriptionArrayByteOffset = i * ElementDescriptionSize;
//Disable PRefast warning for converting to int32 and converting back into intptr.
//Code below takes into account 32 bit vs 64 bit conversions
#pragma warning disable 56515
if (IntPtr.Size == 4)
{
ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt32() + ElementDescriptionArrayByteOffset);
}
else
{
ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt64() + ElementDescriptionArrayByteOffset);
}
#pragma warning enable 56515
ElementDescription = ClrFacade.PtrToStructure <COM.ELEMDESC>(ElementDescriptionPointer);
//get the type of parameter
Type type = ComUtil.GetTypeFromTypeDesc(ElementDescription.tdesc);
Object defaultvalue = null;
//check is this parameter is optional.
if ((ElementDescription.desc.paramdesc.wParamFlags & COM.PARAMFLAG.PARAMFLAG_FOPT) != 0)
{
fOptional = true;
defaultvalue = Type.Missing;
}
bool fByRef = (ElementDescription.desc.paramdesc.wParamFlags & COM.PARAMFLAG.PARAMFLAG_FOUT) != 0;
parameters[i] = new ParameterInformation(type, fOptional, defaultvalue, fByRef);
}
return(parameters);
}
private static DWORD GetWinTrustData(string fileName, string fileContent,
out NativeMethods.WINTRUST_DATA wtData)
{
DWORD dwResult = Win32Errors.E_FAIL;
IntPtr WINTRUST_ACTION_GENERIC_VERIFY_V2 = IntPtr.Zero;
IntPtr wtdBuffer = IntPtr.Zero;
Guid actionVerify =
new Guid("00AAC56B-CD44-11d0-8CC2-00C04FC295EE");
try
{
WINTRUST_ACTION_GENERIC_VERIFY_V2 =
Marshal.AllocCoTaskMem(Marshal.SizeOf(actionVerify));
Marshal.StructureToPtr(actionVerify,
WINTRUST_ACTION_GENERIC_VERIFY_V2,
false);
NativeMethods.WINTRUST_DATA wtd;
if (fileContent == null)
{
NativeMethods.WINTRUST_FILE_INFO wfi = NativeMethods.InitWintrustFileInfoStruct(fileName);
wtd = NativeMethods.InitWintrustDataStructFromFile(wfi);
}
else
{
NativeMethods.WINTRUST_BLOB_INFO wbi = NativeMethods.InitWintrustBlobInfoStruct(fileName, fileContent);
wtd = NativeMethods.InitWintrustDataStructFromBlob(wbi);
}
wtdBuffer = Marshal.AllocCoTaskMem(Marshal.SizeOf(wtd));
Marshal.StructureToPtr(wtd, wtdBuffer, false);
// The result is returned to the caller, and handled generically.
// Disable the PreFast check for Win32 error codes, as we don't care.
#pragma warning disable 56523
dwResult = NativeMethods.WinVerifyTrust(
IntPtr.Zero,
WINTRUST_ACTION_GENERIC_VERIFY_V2,
wtdBuffer);
#pragma warning enable 56523
wtData = ClrFacade.PtrToStructure <NativeMethods.WINTRUST_DATA>(wtdBuffer);
}
finally
{
ClrFacade.DestroyStructure <Guid>(WINTRUST_ACTION_GENERIC_VERIFY_V2);
Marshal.FreeCoTaskMem(WINTRUST_ACTION_GENERIC_VERIFY_V2);
ClrFacade.DestroyStructure <NativeMethods.WINTRUST_DATA>(wtdBuffer);
Marshal.FreeCoTaskMem(wtdBuffer);
}
return(dwResult);
}
internal static string ReadScript(string path)
{
using (FileStream readerStream = new FileStream(path, FileMode.Open, FileAccess.Read))
{
Encoding defaultEncoding = ClrFacade.GetDefaultEncoding();
Microsoft.Win32.SafeHandles.SafeFileHandle safeFileHandle = readerStream.SafeFileHandle;
using (StreamReader scriptReader = new StreamReader(readerStream, defaultEncoding))
{
return(scriptReader.ReadToEnd());
}
}
}
/// <summary>
/// Add the 'UserName' NoteProperty to the Process object
/// </summary>
/// <param name="process"></param>
/// <returns></returns>
private static PSObject AddUserNameToProcess(Process process)
{
// Return null if we failed to get the owner information
string userName = ClrFacade.RetrieveProcessUserName(process);
PSObject processAsPsobj = PSObject.AsPSObject(process);
PSNoteProperty noteProperty = new PSNoteProperty("UserName", userName);
processAsPsobj.Properties.Add(noteProperty, true);
processAsPsobj.TypeNames.Insert(0, TypeNameForProcessWithUserName);
return(processAsPsobj);
}
/// <summary>
/// Restore the previous privilege state
/// </summary>
/// <param name="privilegeName"></param>
/// <param name="previousPrivilegeState"></param>
/// <returns></returns>
internal static bool RestoreTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE previousPrivilegeState)
{
// The privilege was not changed, do not need to restore it.
if (previousPrivilegeState.PrivilegeCount == 0)
{
return(true);
}
bool success = false;
TOKEN_PRIVILEGE newState = new TOKEN_PRIVILEGE();
// Check if the caller has the specified privilege or not. If the caller has it, check the LUID specified in previousPrivilegeState
// to see if the previousPrivilegeState is defined for the same privilege
if (LookupPrivilegeValue(null, privilegeName, ref newState.Privilege.Luid) &&
newState.Privilege.Luid.HighPart == previousPrivilegeState.Privilege.Luid.HighPart &&
newState.Privilege.Luid.LowPart == previousPrivilegeState.Privilege.Luid.LowPart)
{
// Get the pseudo handler of the current process
IntPtr processHandler = GetCurrentProcess();
if (processHandler != IntPtr.Zero)
{
// Get the handler of the current process's access token
IntPtr tokenHandler = IntPtr.Zero;
if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
{
int bufferSize = ClrFacade.SizeOf <TOKEN_PRIVILEGE>();
int returnSize = 0;
// restore the privilege state back to the previous privilege state
if (AdjustTokenPrivileges(tokenHandler, false, ref previousPrivilegeState, bufferSize, out newState, ref returnSize))
{
if (Marshal.GetLastWin32Error() == ERROR_SUCCESS)
{
success = true;
}
}
}
if (tokenHandler != IntPtr.Zero)
{
CloseHandle(tokenHandler);
}
CloseHandle(processHandler);
}
}
return(success);
}
/// <summary>
/// Converts a MethodBase[] into a MethodInformation[]
/// </summary>
/// <returns>the ComMethodInformation[] corresponding to methods</returns>
internal static ComMethodInformation[] GetMethodInformationArray(COM.ITypeInfo typeInfo, Collection <int> methods, bool skipLastParameters)
{
int methodCount = methods.Count;
int count = 0;
ComMethodInformation[] returnValue = new ComMethodInformation[methodCount];
foreach (int index in methods)
{
IntPtr pFuncDesc;
typeInfo.GetFuncDesc(index, out pFuncDesc);
COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc);
returnValue[count++] = ComUtil.GetMethodInformation(funcdesc, skipLastParameters);
typeInfo.ReleaseFuncDesc(pFuncDesc);
}
return(returnValue);
}
internal string GetDefinition()
{
IntPtr pFuncDesc = IntPtr.Zero;
try
{
_typeInfo.GetFuncDesc(GetFuncDescIndex(), out pFuncDesc);
COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc);
return(ComUtil.GetMethodSignatureFromFuncDesc(_typeInfo, funcdesc, !IsGettable));
}
finally
{
if (pFuncDesc != IntPtr.Zero)
{
_typeInfo.ReleaseFuncDesc(pFuncDesc);
}
}
}
/// <summary>
/// Get file attribute (Relative path in our case) from catalog
/// </summary>
/// <param name="memberAttrInfo"> Pointer to current attribute of catalog member. </param>
/// <returns> value of the attribute </returns>
internal static string ProcessFilePathAttributeInCatalog(IntPtr memberAttrInfo)
{
string relativePath = string.Empty;
NativeMethods.CRYPTCATATTRIBUTE currentMemberAttr = ClrFacade.PtrToStructure <NativeMethods.CRYPTCATATTRIBUTE>(memberAttrInfo);
// check if this is the attribute we are looking for
// catalog generated other way not using New-FileCatalog can have attributes we don't understand
if (currentMemberAttr.pwszReferenceTag.Equals("FilePath", StringComparison.OrdinalIgnoreCase))
{
// find the size for the current attribute value and then allocate buffer and copy from byte array
int attrValueSize = (int)currentMemberAttr.cbValue;
byte[] attrValue = new byte[attrValueSize];
Marshal.Copy(currentMemberAttr.pbValue, attrValue, 0, attrValueSize);
relativePath = System.Text.Encoding.Unicode.GetString(attrValue);
relativePath = relativePath.TrimEnd('\0');
}
return(relativePath);
}
/// <summary>
/// Returns the different method overloads signatures.
/// </summary>
/// <returns></returns>
internal Collection <String> MethodDefinitions()
{
Collection <String> result = new Collection <string>();
foreach (int index in _methods)
{
IntPtr pFuncDesc;
_typeInfo.GetFuncDesc(index, out pFuncDesc);
COM.FUNCDESC funcdesc = ClrFacade.PtrToStructure <COM.FUNCDESC>(pFuncDesc);
string signature = ComUtil.GetMethodSignatureFromFuncDesc(_typeInfo, funcdesc, false);
result.Add(signature);
_typeInfo.ReleaseFuncDesc(pFuncDesc);
}
return(result);
}
private static X509Certificate2 GetCertFromChain(IntPtr pSigner)
{
X509Certificate2 signerCert = null;
// We don't care about the Win32 error code here, so disable
// the PreFast complaint that we're not retrieving it.
#pragma warning disable 56523
IntPtr pCert =
NativeMethods.WTHelperGetProvCertFromChain(pSigner, 0);
#pragma warning enable 56523
if (pCert != IntPtr.Zero)
{
NativeMethods.CRYPT_PROVIDER_CERT provCert =
(NativeMethods.CRYPT_PROVIDER_CERT)
ClrFacade.PtrToStructure <NativeMethods.CRYPT_PROVIDER_CERT>(pCert);
signerCert = new X509Certificate2(provCert.pCert);
}
return(signerCert);
}
/// <summary>
/// Returns an equivalent NetworkCredential object for this
/// PSCredential.
///
/// A null is returned if
/// -- current object has not been initialized
/// -- current creds are not compatible with NetworkCredential
/// (such as smart card creds or cert creds)
/// </summary>
///
/// <returns>
/// null if the current object has not been initialized.
/// null if the current credentials are incompatible with
/// a NetworkCredential -- such as smart card credentials.
/// the appropriate network credential for this PSCredential otherwise.
/// </returns>
public NetworkCredential GetNetworkCredential()
{
if (_netCred == null)
{
string user = null;
string domain = null;
if (IsValidUserName(_userName, out user, out domain))
{
#if CORECLR
// NetworkCredential constructor only accepts plain string password in .NET Core.
// TODO: This raises security concerns about having the plain string password in memory
// for an indefinite period of time. So we need to change back to the constructor that
// takes a SecureString password once it becomes available in .NET Core.
IntPtr unmanagedPtr = IntPtr.Zero;
try
{
unmanagedPtr = ClrFacade.SecureStringToCoTaskMemUnicode(_password);
string pwdInPlainText = System.Runtime.InteropServices.Marshal.PtrToStringUni(unmanagedPtr);
_netCred = new NetworkCredential(user, pwdInPlainText, domain);
}
finally
{
if (unmanagedPtr != IntPtr.Zero)
{
Marshal.ZeroFreeCoTaskMemUnicode(unmanagedPtr);
}
}
#else
_netCred = new NetworkCredential(user, _password, domain);
#endif
}
}
return(_netCred);
}
private static bool TryGetProviderSigner(IntPtr wvtStateData, out IntPtr pProvSigner, out X509Certificate2 timestamperCert)
{
pProvSigner = IntPtr.Zero;
timestamperCert = null;
// The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be
// able to see that.
#pragma warning disable 56523
IntPtr pProvData =
NativeMethods.WTHelperProvDataFromStateData(wvtStateData);
#pragma warning enable 56523
if (pProvData != IntPtr.Zero)
{
pProvSigner =
NativeMethods.WTHelperGetProvSignerFromChain(pProvData, 0, 0, 0);
if (pProvSigner != IntPtr.Zero)
{
NativeMethods.CRYPT_PROVIDER_SGNR provSigner =
(NativeMethods.CRYPT_PROVIDER_SGNR)
ClrFacade.PtrToStructure <NativeMethods.CRYPT_PROVIDER_SGNR>(pProvSigner);
if (provSigner.csCounterSigners == 1)
{
//
// time stamper cert available
//
timestamperCert = GetCertFromChain(provSigner.pasCounterSigners);
}
return(true);
}
}
return(false);
}
/// <summary>
/// Retrieve the encoding parameter from the command line
/// it throws if the encoding does not match the known ones.
/// </summary>
/// <returns>A System.Text.Encoding object (null if no encoding specified).</returns>
internal static Encoding Convert(Cmdlet cmdlet, string encoding)
{
if (string.IsNullOrEmpty(encoding))
{
// no parameter passed, default to UTF8
return(ClrFacade.GetDefaultEncoding());
}
Encoding foundEncoding;
if (encodingMap.TryGetValue(encoding, out foundEncoding))
{
// Write a warning if using utf7 as it is obsolete in .NET5
if (string.Compare(encoding, Utf7, StringComparison.OrdinalIgnoreCase) == 0)
{
cmdlet.WriteWarning(PathUtilsStrings.Utf7EncodingObsolete);
}
return(foundEncoding);
}
// error condition: unknown encoding value
string validEncodingValues = string.Join(", ", TabCompletionResults);
string msg = StringUtil.Format(PathUtilsStrings.OutFile_WriteToFileEncodingUnknown, encoding, validEncodingValues);
ErrorRecord errorRecord = new ErrorRecord(
PSTraceSource.NewArgumentException("Encoding"),
"WriteToFileEncodingUnknown",
ErrorCategory.InvalidArgument,
null);
errorRecord.ErrorDetails = new ErrorDetails(msg);
cmdlet.ThrowTerminatingError(errorRecord);
return(null);
}
FileAttributes dwFileAttributes); // _In_ DWORD
/// <summary>
/// Enable the privilege specified by the privilegeName. If the specified privilege is already enabled, return true
/// with the oldPrivilegeState.PrivilegeCount set to 0. Otherwise, enable the specified privilege, and the old privilege
/// state will be saved in oldPrivilegeState.
/// </summary>
/// <param name="privilegeName"></param>
/// <param name="oldPrivilegeState"></param>
/// <returns></returns>
internal static bool EnableTokenPrivilege(string privilegeName, ref TOKEN_PRIVILEGE oldPrivilegeState)
{
bool success = false;
TOKEN_PRIVILEGE newPrivilegeState = new TOKEN_PRIVILEGE();
// Check if the caller has the specified privilege or not
if (LookupPrivilegeValue(null, privilegeName, ref newPrivilegeState.Privilege.Luid))
{
// Get the pseudo handler of the current process
IntPtr processHandler = GetCurrentProcess();
if (processHandler != IntPtr.Zero)
{
// Get the handler of the current process's access token
IntPtr tokenHandler = IntPtr.Zero;
if (OpenProcessToken(processHandler, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out tokenHandler))
{
// Check if the specified privilege is already enabled
PRIVILEGE_SET requiredPrivilege = new PRIVILEGE_SET();
requiredPrivilege.Privilege.Luid = newPrivilegeState.Privilege.Luid;
requiredPrivilege.PrivilegeCount = 1;
// PRIVILEGE_SET_ALL_NECESSARY is defined as 1
requiredPrivilege.Control = 1;
bool privilegeEnabled = false;
if (PrivilegeCheck(tokenHandler, ref requiredPrivilege, out privilegeEnabled) && privilegeEnabled)
{
// The specified privilege is already enabled
oldPrivilegeState.PrivilegeCount = 0;
success = true;
}
else
{
// The specified privilege is not enabled yet. Enable it.
newPrivilegeState.PrivilegeCount = 1;
newPrivilegeState.Privilege.Attributes = SE_PRIVILEGE_ENABLED;
int bufferSize = ClrFacade.SizeOf <TOKEN_PRIVILEGE>();
int returnSize = 0;
// enable the specified privilege
if (AdjustTokenPrivileges(tokenHandler, false, ref newPrivilegeState, bufferSize, out oldPrivilegeState, ref returnSize))
{
// AdjustTokenPrivileges returns true does not mean all specified privileges have been successfully enabled
int retCode = Marshal.GetLastWin32Error();
if (retCode == ERROR_SUCCESS)
{
success = true;
}
else if (retCode == 1300)
{
// 1300 - Not all privileges referenced are assigned to the caller. This means the specified privilege is not
// assigned to the current user. For example, suppose the role of current caller is "User", then privilege "SeRemoteShutdownPrivilege"
// is not assigned to the role. In this case, we just return true and leave the call to "Win32Shutdown" to decide
// whether the permission is granted or not.
// Set oldPrivilegeState.PrivilegeCount to 0 to avoid the privilege restore later (PrivilegeCount - how many privileges are modified)
oldPrivilegeState.PrivilegeCount = 0;
success = true;
}
}
}
}
// Close the token handler and the process handler
if (tokenHandler != IntPtr.Zero)
{
CloseHandle(tokenHandler);
}
CloseHandle(processHandler);
}
}
return(success);
}
private void ReadScriptContents()
{
if (_scriptContents == null)
{
// make sure we can actually load the script and that it's non-empty
// before we call it.
// Note, although we are passing ASCII as the encoding, the StreamReader
// class still obeys the byte order marks at the beginning of the file
// if present. If not present, then ASCII is used as the default encoding.
try
{
using (FileStream readerStream = new FileStream(_path, FileMode.Open, FileAccess.Read))
{
Encoding defaultEncoding = ClrFacade.GetDefaultEncoding();
Microsoft.Win32.SafeHandles.SafeFileHandle safeFileHandle = readerStream.SafeFileHandle;
using (StreamReader scriptReader = new StreamReader(readerStream, defaultEncoding))
{
_scriptContents = scriptReader.ReadToEnd();
_originalEncoding = scriptReader.CurrentEncoding;
// Check if this came from a trusted path. If so, set its language mode to FullLanguage.
if (SystemPolicy.GetSystemLockdownPolicy() != SystemEnforcementMode.None)
{
SystemEnforcementMode scriptSpecificPolicy = SystemPolicy.GetLockdownPolicy(_path, safeFileHandle);
if (scriptSpecificPolicy != SystemEnforcementMode.Enforce)
{
this.DefiningLanguageMode = PSLanguageMode.FullLanguage;
}
else
{
this.DefiningLanguageMode = PSLanguageMode.ConstrainedLanguage;
}
}
else
{
if (this.Context != null)
{
this.DefiningLanguageMode = this.Context.LanguageMode;
}
}
}
}
}
catch (ArgumentException e)
{
// This catches PSArgumentException as well.
ThrowCommandNotFoundException(e);
}
catch (IOException e)
{
ThrowCommandNotFoundException(e);
}
catch (NotSupportedException e)
{
ThrowCommandNotFoundException(e);
}
catch (UnauthorizedAccessException e)
{
// this is unadvertised exception thrown by the StreamReader ctor when
// no permission to read the script file
ThrowCommandNotFoundException(e);
}
}
}
private void ReadScriptContents()
{
if (_scriptContents == null)
{
// make sure we can actually load the script and that it's non-empty
// before we call it.
// Note, although we are passing ASCII as the encoding, the StreamReader
// class still obeys the byte order marks at the beginning of the file
// if present. If not present, then ASCII is used as the default encoding.
try
{
using (FileStream readerStream = new FileStream(_path, FileMode.Open, FileAccess.Read))
{
Encoding defaultEncoding = ClrFacade.GetDefaultEncoding();
using (StreamReader scriptReader = new StreamReader(readerStream, defaultEncoding))
{
_scriptContents = scriptReader.ReadToEnd();
_originalEncoding = scriptReader.CurrentEncoding;
// Check this file against any system wide enforcement policies.
SystemScriptFileEnforcement filePolicyEnforcement = SystemPolicy.GetFilePolicyEnforcement(_path, readerStream);
switch (filePolicyEnforcement)
{
case SystemScriptFileEnforcement.None:
if (Context != null)
{
DefiningLanguageMode = Context.LanguageMode;
}
break;
case SystemScriptFileEnforcement.Allow:
DefiningLanguageMode = PSLanguageMode.FullLanguage;
break;
case SystemScriptFileEnforcement.AllowConstrained:
DefiningLanguageMode = PSLanguageMode.ConstrainedLanguage;
break;
case SystemScriptFileEnforcement.Block:
throw new PSSecurityException(
string.Format(
Globalization.CultureInfo.CurrentUICulture,
SecuritySupportStrings.ScriptFileBlockedBySystemPolicy,
_path));
default:
throw new PSSecurityException(
string.Format(
Globalization.CultureInfo.CurrentUICulture,
SecuritySupportStrings.UnknownSystemScriptFileEnforcement,
filePolicyEnforcement));
}
}
}
}
catch (ArgumentException e)
{
// This catches PSArgumentException as well.
ThrowCommandNotFoundException(e);
}
catch (IOException e)
{
ThrowCommandNotFoundException(e);
}
catch (NotSupportedException e)
{
ThrowCommandNotFoundException(e);
}
catch (UnauthorizedAccessException e)
{
// this is unadvertised exception thrown by the StreamReader ctor when
// no permission to read the script file
ThrowCommandNotFoundException(e);
}
}
}
/// <summary>
/// Make list of hashes for given Catalog File
/// </summary>
/// <param name="catalogFilePath"> Path to the folder having catalog file </param>
/// <param name="excludedPatterns"></param>
/// <param name="catalogVersion"> The version of input catalog we read from catalog meta data after opening it.</param>
/// <returns> Dictionary mapping files relative paths to HashValues </returns>
internal static Dictionary <String, String> GetHashesFromCatalog(string catalogFilePath, WildcardPattern[] excludedPatterns, out int catalogVersion)
{
IntPtr resultCatalog = NativeMethods.CryptCATOpen(catalogFilePath, 0, IntPtr.Zero, 1, 0);
IntPtr INVALID_HANDLE_VALUE = new IntPtr(-1);
Dictionary <String, String> catalogHashes = new Dictionary <String, String>(StringComparer.CurrentCultureIgnoreCase);
catalogVersion = 0;
if (resultCatalog != INVALID_HANDLE_VALUE)
{
try
{
IntPtr catAttrInfo = IntPtr.Zero;
// First traverse all catalog level attributes to get information about zero size file.
do
{
catAttrInfo = NativeMethods.CryptCATEnumerateCatAttr(resultCatalog, catAttrInfo);
// If we found attribute it is a file information retrieve its relative path
// and add it to catalog hash collection if its not in excluded files criteria
if (catAttrInfo != IntPtr.Zero)
{
string relativePath = ProcessFilePathAttributeInCatalog(catAttrInfo);
if (!String.IsNullOrEmpty(relativePath))
{
ProcessCatalogFile(relativePath, string.Empty, excludedPatterns, ref catalogHashes);
}
}
} while (catAttrInfo != IntPtr.Zero);
catalogVersion = GetCatalogVersion(resultCatalog);
IntPtr memberInfo = IntPtr.Zero;
// Next Navigate all members in Catalog files and get their relative paths and hashes
do
{
memberInfo = NativeMethods.CryptCATEnumerateMember(resultCatalog, memberInfo);
if (memberInfo != IntPtr.Zero)
{
NativeMethods.CRYPTCATMEMBER currentMember = ClrFacade.PtrToStructure <NativeMethods.CRYPTCATMEMBER>(memberInfo);
NativeMethods.SIP_INDIRECT_DATA pIndirectData = ClrFacade.PtrToStructure <NativeMethods.SIP_INDIRECT_DATA>(currentMember.pIndirectData);
// For Catalog version 2 CryptoAPI puts hashes of file attributes(relative path in our case) in Catalog as well
// We validate those along with file hashes so we are skipping duplicate entries
if (!((catalogVersion == 2) && (pIndirectData.DigestAlgorithm.pszObjId.Equals(new Oid("SHA1").Value, StringComparison.OrdinalIgnoreCase))))
{
string relativePath = String.Empty;
IntPtr memberAttrInfo = IntPtr.Zero;
do
{
memberAttrInfo = NativeMethods.CryptCATEnumerateAttr(resultCatalog, memberInfo, memberAttrInfo);
if (memberAttrInfo != IntPtr.Zero)
{
relativePath = ProcessFilePathAttributeInCatalog(memberAttrInfo);
if (!String.IsNullOrEmpty(relativePath))
{
break;
}
}
}while (memberAttrInfo != IntPtr.Zero);
// If we did not find any Relative Path for the item in catalog we should quit
// This catalog must not be valid for our use as catalogs generated using New-FileCatalog
// always contains relative file Paths
if (String.IsNullOrEmpty(relativePath))
{
ErrorRecord errorRecord = new ErrorRecord(new InvalidOperationException(StringUtil.Format(CatalogStrings.UnableToOpenCatalogFile, catalogFilePath)), "UnableToOpenCatalogFile", ErrorCategory.InvalidOperation, null);
_cmdlet.ThrowTerminatingError(errorRecord);
}
ProcessCatalogFile(relativePath, currentMember.pwszReferenceTag, excludedPatterns, ref catalogHashes);
}
}
} while (memberInfo != IntPtr.Zero);
}
finally
{
NativeMethods.CryptCATClose(resultCatalog);
}
}
else
{
ErrorRecord errorRecord = new ErrorRecord(new InvalidOperationException(StringUtil.Format(CatalogStrings.UnableToOpenCatalogFile, catalogFilePath)), "UnableToOpenCatalogFile", ErrorCategory.InvalidOperation, null);
_cmdlet.ThrowTerminatingError(errorRecord);
}
return(catalogHashes);
}
internal static Signature SignFile(SigningOption option,
string fileName,
X509Certificate2 certificate,
string timeStampServerUrl,
string hashAlgorithm)
{
bool result = false;
Signature signature = null;
IntPtr pSignInfo = IntPtr.Zero;
DWORD error = 0;
string hashOid = null;
Utils.CheckArgForNullOrEmpty(fileName, "fileName");
Utils.CheckArgForNull(certificate, "certificate");
// If given, TimeStamp server URLs must begin with http://
if (!String.IsNullOrEmpty(timeStampServerUrl))
{
if ((timeStampServerUrl.Length <= 7) ||
(timeStampServerUrl.IndexOf("http://", StringComparison.OrdinalIgnoreCase) != 0))
{
throw PSTraceSource.NewArgumentException(
"certificate",
Authenticode.TimeStampUrlRequired);
}
}
// Validate that the hash algorithm is valid
if (!String.IsNullOrEmpty(hashAlgorithm))
{
IntPtr intptrAlgorithm = Marshal.StringToHGlobalUni(hashAlgorithm);
IntPtr oidPtr = NativeMethods.CryptFindOIDInfo(NativeConstants.CRYPT_OID_INFO_NAME_KEY,
intptrAlgorithm,
0);
// If we couldn't find an OID for the hash
// algorithm, it was invalid.
if (oidPtr == IntPtr.Zero)
{
throw PSTraceSource.NewArgumentException(
"certificate",
Authenticode.InvalidHashAlgorithm);
}
else
{
NativeMethods.CRYPT_OID_INFO oidInfo =
ClrFacade.PtrToStructure <NativeMethods.CRYPT_OID_INFO>(oidPtr);
hashOid = oidInfo.pszOID;
}
}
if (!SecuritySupport.CertIsGoodForSigning(certificate))
{
throw PSTraceSource.NewArgumentException(
"certificate",
Authenticode.CertNotGoodForSigning);
}
SecuritySupport.CheckIfFileExists(fileName);
//SecurityUtils.CheckIfFileSmallerThan4Bytes(fileName);
try
{
// CryptUI is not documented either way, but does not
// support empty strings for the timestamp server URL.
// It expects null, only. Instead, it randomly AVs if you
// try.
string timeStampServerUrlForCryptUI = null;
if (!String.IsNullOrEmpty(timeStampServerUrl))
{
timeStampServerUrlForCryptUI = timeStampServerUrl;
}
//
// first initialize the struct to pass to
// CryptUIWizDigitalSign() function
//
NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_INFO si = NativeMethods.InitSignInfoStruct(fileName,
certificate,
timeStampServerUrlForCryptUI,
hashOid,
option);
pSignInfo = Marshal.AllocCoTaskMem(Marshal.SizeOf(si));
Marshal.StructureToPtr(si, pSignInfo, false);
//
// sign the file
//
// The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be
// able to see that.
#pragma warning disable 56523
result = NativeMethods.CryptUIWizDigitalSign(
(DWORD)NativeMethods.CryptUIFlags.CRYPTUI_WIZ_NO_UI,
IntPtr.Zero,
IntPtr.Zero,
pSignInfo,
IntPtr.Zero);
#pragma warning enable 56523
if (si.pSignExtInfo != null)
{
ClrFacade.DestroyStructure <NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO>(si.pSignExtInfo);
Marshal.FreeCoTaskMem(si.pSignExtInfo);
}
if (!result)
{
error = GetLastWin32Error();
//
// ISSUE-2004/05/08-kumarp : there seems to be a bug
// in CryptUIWizDigitalSign().
// It returns 80004005 or 80070001
// but it signs the file correctly. Mask this error
// till we figure out this odd behavior.
//
if ((error == 0x80004005) ||
(error == 0x80070001) ||
// CryptUIWizDigitalSign introduced a breaking change in Win8 to return this
// error code (ERROR_INTERNET_NAME_NOT_RESOLVED) when you provide an invalid
// timestamp server. It used to be 0x80070001.
// Also masking this out so that we don't introduce a breaking change ourselves.
(error == 0x80072EE7)
)
{
result = true;
}
else
{
if (error == Win32Errors.NTE_BAD_ALGID)
{
throw PSTraceSource.NewArgumentException(
"certificate",
Authenticode.InvalidHashAlgorithm);
}
s_tracer.TraceError("CryptUIWizDigitalSign: failed: {0:x}",
error);
}
}
if (result)
{
signature = GetSignature(fileName, null);
}
else
{
signature = new Signature(fileName, (DWORD)error);
}
}
finally
{
ClrFacade.DestroyStructure <NativeMethods.CRYPTUI_WIZ_DIGITAL_SIGN_INFO>(pSignInfo);
Marshal.FreeCoTaskMem(pSignInfo);
}
return(signature);
}
/// <summary>
/// retrieve the encoding paramater from the command line
/// it throws if the encoding does not match the known ones
/// </summary>
/// <returns>a System.Text.Encoding object (null if no encoding specified)</returns>
internal static Encoding Convert(Cmdlet cmdlet, string encoding)
{
if (string.IsNullOrEmpty(encoding))
{
// no parameter passed, default to Unicode (OS preferred)
return(System.Text.Encoding.Unicode);
}
// Default to unicode (this matches Get-Content)
if (string.Equals(encoding, Unknown, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.Unicode);
}
if (string.Equals(encoding, String, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.Unicode);
}
// these are the encodings the CLR supports
if (string.Equals(encoding, Unicode, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.Unicode);
}
if (string.Equals(encoding, BigEndianUnicode, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.BigEndianUnicode);
}
if (string.Equals(encoding, Utf8, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.UTF8);
}
if (string.Equals(encoding, Ascii, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.ASCII);
}
if (string.Equals(encoding, Utf7, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.UTF7);
}
if (string.Equals(encoding, Utf32, StringComparison.OrdinalIgnoreCase))
{
return(System.Text.Encoding.UTF32);
}
if (string.Equals(encoding, Default, StringComparison.OrdinalIgnoreCase))
{
return(ClrFacade.GetDefaultEncoding());
}
if (string.Equals(encoding, OEM, StringComparison.OrdinalIgnoreCase))
{
return(ClrFacade.GetOEMEncoding());
}
// error condition: unknown encoding value
string validEncodingValues = string.Join(
", ",
new string[] { Unknown, String, Unicode, BigEndianUnicode, Ascii, Utf8, Utf7, Utf32, Default, OEM });
string msg = StringUtil.Format(PathUtilsStrings.OutFile_WriteToFileEncodingUnknown,
encoding, validEncodingValues);
ErrorRecord errorRecord = new ErrorRecord(
PSTraceSource.NewArgumentException("Encoding"),
"WriteToFileEncodingUnknown",
ErrorCategory.InvalidArgument,
null);
errorRecord.ErrorDetails = new ErrorDetails(msg);
cmdlet.ThrowTerminatingError(errorRecord);
return(null);
}
/// <summary>
/// Retrieve the UserName through PInvoke
/// </summary>
/// <param name="process"></param>
/// <returns></returns>
private static string RetrieveProcessUserName(Process process)
{
string userName = null;
#if UNIX
userName = Platform.NonWindowsGetUserFromPid(process.Id);
#else
IntPtr tokenUserInfo = IntPtr.Zero;
IntPtr processTokenHandler = IntPtr.Zero;
const uint TOKEN_QUERY = 0x0008;
try
{
do
{
int error;
if (!Win32Native.OpenProcessToken(ClrFacade.GetSafeProcessHandle(process), TOKEN_QUERY, out processTokenHandler))
{
break;
}
// Set the default length to be 256, so it will be sufficient for most cases
int tokenInfoLength = 256;
tokenUserInfo = Marshal.AllocHGlobal(tokenInfoLength);
if (!Win32Native.GetTokenInformation(processTokenHandler, Win32Native.TOKEN_INFORMATION_CLASS.TokenUser, tokenUserInfo, tokenInfoLength, out tokenInfoLength))
{
error = Marshal.GetLastWin32Error();
if (error == Win32Native.ERROR_INSUFFICIENT_BUFFER)
{
Marshal.FreeHGlobal(tokenUserInfo);
tokenUserInfo = Marshal.AllocHGlobal(tokenInfoLength);
if (!Win32Native.GetTokenInformation(processTokenHandler, Win32Native.TOKEN_INFORMATION_CLASS.TokenUser, tokenUserInfo, tokenInfoLength, out tokenInfoLength))
{
break;
}
}
else
{
break;
}
}
var tokenUser = ClrFacade.PtrToStructure <Win32Native.TOKEN_USER>(tokenUserInfo);
// Set the default length to be 256, so it will be sufficient for most cases
int userNameLength = 256, domainNameLength = 256;
var userNameStr = new StringBuilder(userNameLength);
var domainNameStr = new StringBuilder(domainNameLength);
Win32Native.SID_NAME_USE accountType;
if (!Win32Native.LookupAccountSid(null, tokenUser.User.Sid, userNameStr, ref userNameLength, domainNameStr, ref domainNameLength, out accountType))
{
error = Marshal.GetLastWin32Error();
if (error == Win32Native.ERROR_INSUFFICIENT_BUFFER)
{
userNameStr.EnsureCapacity(userNameLength);
domainNameStr.EnsureCapacity(domainNameLength);
if (!Win32Native.LookupAccountSid(null, tokenUser.User.Sid, userNameStr, ref userNameLength, domainNameStr, ref domainNameLength, out accountType))
{
break;
}
}
else
{
break;
}
}
userName = domainNameStr + "\\" + userNameStr;
} while (false);
}
catch (NotSupportedException)
{
// The Process not started yet, or it's a process from a remote machine
}
catch (InvalidOperationException)
{
// The Process has exited, Process.Handle will raise this exception
}
catch (Win32Exception)
{
// We might get an AccessDenied error
}
catch (Exception)
{
// I don't expect to get other exceptions,
}
finally
{
if (tokenUserInfo != IntPtr.Zero)
{
Marshal.FreeHGlobal(tokenUserInfo);
}
if (processTokenHandler != IntPtr.Zero)
{
Win32Native.CloseHandle(processTokenHandler);
}
}
#endif
return(userName);
}
/// <summary>
/// Gets Method Signature from FuncDesc describing the method.
/// </summary>
/// <param name="typeinfo">ITypeInfo interface of the object</param>
/// <param name="funcdesc">FuncDesc which defines the method</param>
/// <param name="isPropertyPut">True if this is a property put; these properties take their return type from their first paramenter</param>
/// <returns>signature of the method</returns>
internal static string GetMethodSignatureFromFuncDesc(COM.ITypeInfo typeinfo, COM.FUNCDESC funcdesc, bool isPropertyPut)
{
StringBuilder builder = new StringBuilder();
string name = GetNameFromFuncDesc(typeinfo, funcdesc);
if (!isPropertyPut)
{
//First get the string for return type.
string retstring = GetStringFromTypeDesc(typeinfo, funcdesc.elemdescFunc.tdesc);
builder.Append(retstring + " ");
}
//Append the function name
builder.Append(name);
builder.Append(" (");
IntPtr ElementDescriptionArrayPtr = funcdesc.lprgelemdescParam;
int ElementDescriptionSize = ClrFacade.SizeOf <COM.ELEMDESC>();
for (int i = 0; i < funcdesc.cParams; i++)
{
COM.ELEMDESC ElementDescription;
int ElementDescriptionArrayByteOffset;
IntPtr ElementDescriptionPointer;
ElementDescription = new COM.ELEMDESC();
ElementDescriptionArrayByteOffset = i * ElementDescriptionSize;
//Disable PRefast warning for converting to int32 and converting back into intptr.
//Code below takes into account 32 bit vs 64 bit conversions
#pragma warning disable 56515
if (IntPtr.Size == 4)
{
ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt32() + ElementDescriptionArrayByteOffset);
}
else
{
ElementDescriptionPointer = (IntPtr)(ElementDescriptionArrayPtr.ToInt64() + ElementDescriptionArrayByteOffset);
}
#pragma warning restore 56515
ElementDescription = ClrFacade.PtrToStructure <COM.ELEMDESC>(ElementDescriptionPointer);
string paramstring = GetStringFromTypeDesc(typeinfo, ElementDescription.tdesc);
if (i == 0 && isPropertyPut) // use the type of the first argument as the return type
{
builder.Insert(0, paramstring + " ");
}
else
{
builder.Append(paramstring);
if (i < funcdesc.cParams - 1)
{
builder.Append(", ");
}
}
}
builder.Append(")");
return(builder.ToString());
}
private static Signature GetSignatureFromWintrustData(
string filePath,
DWORD error,
NativeMethods.WINTRUST_DATA wtd)
{
Signature signature = null;
X509Certificate2 signerCert = null;
X509Certificate2 timestamperCert = null;
s_tracer.WriteLine("GetSignatureFromWintrustData: error: {0}", error);
// The GetLastWin32Error of this is checked, but PreSharp doesn't seem to be
// able to see that.
#pragma warning disable 56523
IntPtr pProvData =
NativeMethods.WTHelperProvDataFromStateData(wtd.hWVTStateData);
#pragma warning enable 56523
if (pProvData != IntPtr.Zero)
{
IntPtr pProvSigner =
NativeMethods.WTHelperGetProvSignerFromChain(pProvData, 0, 0, 0);
if (pProvSigner != IntPtr.Zero)
{
//
// get cert of the signer
//
signerCert = GetCertFromChain(pProvSigner);
if (signerCert != null)
{
NativeMethods.CRYPT_PROVIDER_SGNR provSigner =
(NativeMethods.CRYPT_PROVIDER_SGNR)
ClrFacade.PtrToStructure <NativeMethods.CRYPT_PROVIDER_SGNR>(pProvSigner);
if (provSigner.csCounterSigners == 1)
{
//
// time stamper cert available
//
timestamperCert = GetCertFromChain(provSigner.pasCounterSigners);
}
if (timestamperCert != null)
{
signature = new Signature(filePath,
error,
signerCert,
timestamperCert);
}
else
{
signature = new Signature(filePath,
error,
signerCert);
}
signature.SignatureType = SignatureType.Authenticode;
}
}
}
Diagnostics.Assert(((error == 0) && (signature != null)) || (error != 0), "GetSignatureFromWintrustData: general crypto failure");
if ((signature == null) && (error != 0))
{
signature = new Signature(filePath, error);
}
return(signature);
}
// Disable obsolete warning about VarEnum in CoreCLR
#pragma warning disable 618
/// <summary>
/// This function gets a string representation of the Type Descriptor
/// This is used in generating signature for Properties and Methods.
/// </summary>
/// <param name="typeinfo">Reference to the type info to which the type descriptor belongs</param>
/// <param name="typedesc">reference to type descriptor which is being converted to string from</param>
/// <returns>string representation of the type descriptor</returns>
private static string GetStringFromTypeDesc(COM.ITypeInfo typeinfo, COM.TYPEDESC typedesc)
{
if ((VarEnum)typedesc.vt == VarEnum.VT_PTR)
{
COM.TYPEDESC refdesc = ClrFacade.PtrToStructure <COM.TYPEDESC>(typedesc.lpValue);
return(GetStringFromTypeDesc(typeinfo, refdesc));
}
if ((VarEnum)typedesc.vt == VarEnum.VT_SAFEARRAY)
{
COM.TYPEDESC refdesc = ClrFacade.PtrToStructure <COM.TYPEDESC>(typedesc.lpValue);
return("SAFEARRAY(" + GetStringFromTypeDesc(typeinfo, refdesc) + ")");
}
if ((VarEnum)typedesc.vt == VarEnum.VT_USERDEFINED)
{
return(GetStringFromCustomType(typeinfo, typedesc.lpValue));
}
switch ((VarEnum)typedesc.vt)
{
case VarEnum.VT_I1:
return("char");
case VarEnum.VT_I2:
return("short");
case VarEnum.VT_I4:
case VarEnum.VT_INT:
case VarEnum.VT_HRESULT:
return("int");
case VarEnum.VT_I8:
return("int64");
case VarEnum.VT_R4:
return("float");
case VarEnum.VT_R8:
return("double");
case VarEnum.VT_UI1:
return("byte");
case VarEnum.VT_UI2:
return("ushort");
case VarEnum.VT_UI4:
case VarEnum.VT_UINT:
return("uint");
case VarEnum.VT_UI8:
return("uint64");
case VarEnum.VT_BSTR:
case VarEnum.VT_LPSTR:
case VarEnum.VT_LPWSTR:
return("string");
case VarEnum.VT_DATE:
return("Date");
case VarEnum.VT_BOOL:
return("bool");
case VarEnum.VT_CY:
return("currency");
case VarEnum.VT_DECIMAL:
return("decimal");
case VarEnum.VT_CLSID:
return("clsid");
case VarEnum.VT_DISPATCH:
return("IDispatch");
case VarEnum.VT_UNKNOWN:
return("IUnknown");
case VarEnum.VT_VARIANT:
return("Variant");
case VarEnum.VT_VOID:
return("void");
case VarEnum.VT_ARRAY:
return("object[]");
case VarEnum.VT_EMPTY:
return("");
default:
return("Unknown!");
}
}
