示例#1
0
        /// <summary>
        /// Gets the SecurityDescriptor at the specified path, including only the specified
        /// AccessControlSections.
        /// </summary>
        ///
        /// <param name="path">
        /// The path of the item to retrieve. It may be a drive or provider-qualified path and may include.
        /// glob characters.
        /// </param>
        /// 
        /// <param name="sections">
        /// The sections of the security descriptor to include.
        /// </param>
        /// 
        /// <returns>
        /// Nothing. An object that represents the security descriptor for the item
        /// specified by path is written to the context's pipeline.
        /// </returns>
        /// 
        /// <exception cref="System.ArgumentException">
        ///     path is null or empty.
        ///     path doesn't exist
        ///     sections is not valid.
        /// </exception>
        public void GetSecurityDescriptor(string path,
                                          AccessControlSections sections)
        {
            ObjectSecurity sd = null;
            path = NormalizePath(path);

            if (String.IsNullOrEmpty(path))
            {
                throw PSTraceSource.NewArgumentNullException("path");
            }

            if ((sections & ~AccessControlSections.All) != 0)
            {
                throw PSTraceSource.NewArgumentException("sections");
            }

            var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
            try
            {
                PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);

                if (Directory.Exists(path))
                {
                    sd = new DirectorySecurity(path, sections);
                }
                else
                {
                    sd = new FileSecurity(path, sections);
                }
            }
            catch (System.Security.SecurityException e)
            {
                WriteError(new ErrorRecord(e, e.GetType().FullName, ErrorCategory.PermissionDenied, path));
            }
            finally
            {
                PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
            }

            WriteSecurityDescriptorObject(sd, path);
        }
示例#2
0
        /// <summary>
        /// Do the actual connection to remote machine for Invoke-WMIMethod cmdlet and raise operation complete event.
        /// </summary>
        private void ConnectInvokeWmi()
        {
            InvokeWmiMethod invokeObject = (InvokeWmiMethod)_wmiObject;
            _state = WmiState.Running;
            RaiseWmiOperationState(null, WmiState.Running);

            if (invokeObject.InputObject != null)
            {
                ManagementBaseObject inputParameters = null;
                try
                {
                    inputParameters = invokeObject.InputObject.GetMethodParameters(invokeObject.Name);
                    if (invokeObject.ArgumentList != null)
                    {
                        int inParamCount = invokeObject.ArgumentList.Length;
                        foreach (PropertyData property in inputParameters.Properties)
                        {
                            if (inParamCount == 0)
                                break;
                            property.Value = invokeObject.ArgumentList[invokeObject.ArgumentList.Length - inParamCount];
                            inParamCount--;
                        }
                    }
                    invokeObject.InputObject.InvokeMethod(_results, invokeObject.Name, inputParameters, null);
                }
                catch (ManagementException e)
                {
                    internalException = e;
                    _state = WmiState.Failed;
                    RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                }
                catch (System.Runtime.InteropServices.COMException e)
                {
                    internalException = e;
                    _state = WmiState.Failed;
                    RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                }
                catch (System.UnauthorizedAccessException e)
                {
                    internalException = e;
                    _state = WmiState.Failed;
                    RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                }
                return;
            }
            else
            {
                ConnectionOptions options = invokeObject.GetConnectionOption();
                ManagementPath mPath = null;
                ManagementObject mObject = null;
                if (invokeObject.Path != null)
                {
                    mPath = new ManagementPath(invokeObject.Path);
                    if (String.IsNullOrEmpty(mPath.NamespacePath))
                    {
                        mPath.NamespacePath = invokeObject.Namespace;
                    }
                    else if (invokeObject.namespaceSpecified)
                    {
                        InvalidOperationException e = new InvalidOperationException("NamespaceSpecifiedWithPath");
                        internalException = e;
                        _state = WmiState.Failed;
                        RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                        return;
                    }

                    if (mPath.Server != "." && invokeObject.serverNameSpecified)
                    {
                        InvalidOperationException e = new InvalidOperationException("ComputerNameSpecifiedWithPath");
                        internalException = e;
                        _state = WmiState.Failed;
                        RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                        return;
                    }
                    //If server name is specified loop through it.
                    if (!(mPath.Server == "." && invokeObject.serverNameSpecified))
                    {
                        _computerName = mPath.Server;
                    }
                }

                bool isLocal = false, needToEnablePrivilege = false;
                PlatformInvokes.TOKEN_PRIVILEGE currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
                try
                {
                    needToEnablePrivilege = NeedToEnablePrivilege(_computerName, invokeObject.Name, ref isLocal);
                    if (needToEnablePrivilege)
                    {
                        if (!(isLocal && PlatformInvokes.EnableTokenPrivilege(ComputerWMIHelper.SE_SHUTDOWN_NAME, ref currentPrivilegeState)) &&
                            !(!isLocal && PlatformInvokes.EnableTokenPrivilege(ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME, ref currentPrivilegeState)))
                        {
                            string message =
                                StringUtil.Format(ComputerResources.PrivilegeNotEnabled, _computerName,
                                isLocal ? ComputerWMIHelper.SE_SHUTDOWN_NAME : ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME);
                            InvalidOperationException e = new InvalidOperationException(message);
                            internalException = e;
                            _state = WmiState.Failed;
                            RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                            return;
                        }
                    }

                    if (invokeObject.Path != null)
                    {
                        mPath.Server = _computerName;
                        if (mPath.IsClass)
                        {
                            ManagementClass mClass = new ManagementClass(mPath);
                            mObject = mClass;
                        }
                        else
                        {
                            ManagementObject mInstance = new ManagementObject(mPath);
                            mObject = mInstance;
                        }
                        ManagementScope mScope = new ManagementScope(mPath, options);
                        mObject.Scope = mScope;
                    }
                    else
                    {
                        ManagementScope scope = new ManagementScope(WMIHelper.GetScopeString(_computerName, invokeObject.Namespace), options);
                        ManagementClass mClass = new ManagementClass(invokeObject.Class);
                        mObject = mClass;
                        mObject.Scope = scope;
                    }

                    ManagementBaseObject inputParameters = mObject.GetMethodParameters(invokeObject.Name);
                    if (invokeObject.ArgumentList != null)
                    {
                        int inParamCount = invokeObject.ArgumentList.Length;
                        foreach (PropertyData property in inputParameters.Properties)
                        {
                            if (inParamCount == 0)
                                break;
                            property.Value = invokeObject.ArgumentList[invokeObject.ArgumentList.Length - inParamCount];
                            inParamCount--;
                        }
                    }

                    if (needToEnablePrivilege)
                    {
                        ManagementBaseObject result = mObject.InvokeMethod(invokeObject.Name, inputParameters, null);
                        Dbg.Diagnostics.Assert(result != null, "result cannot be null if the Join method is invoked");
                        int returnCode = Convert.ToInt32(result["ReturnValue"], CultureInfo.CurrentCulture);
                        if (returnCode != 0)
                        {
                            var e = new Win32Exception(returnCode);
                            internalException = e;
                            _state = WmiState.Failed;
                            RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                        }
                        else
                        {
                            ShutdownComplete.SafeInvoke(this, null);
                        }
                    }
                    else
                    {
                        mObject.InvokeMethod(_results, invokeObject.Name, inputParameters, null);
                    }
                }
                catch (ManagementException e)
                {
                    internalException = e;
                    _state = WmiState.Failed;
                    RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                }
                catch (System.Runtime.InteropServices.COMException e)
                {
                    internalException = e;
                    _state = WmiState.Failed;
                    RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                }
                catch (System.UnauthorizedAccessException e)
                {
                    internalException = e;
                    _state = WmiState.Failed;
                    RaiseOperationCompleteEvent(null, OperationState.StopComplete);
                }
                finally
                {
                    // Restore the previous privilege state if something unexpected happened
                    if (needToEnablePrivilege)
                    {
                        PlatformInvokes.RestoreTokenPrivilege(
                            isLocal ? ComputerWMIHelper.SE_SHUTDOWN_NAME : ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME, ref currentPrivilegeState);
                    }
                }
            }
        }
示例#3
0
        /// <summary>
        /// Invokes the Win32Shutdown command on provided target computer using WSMan
        /// over a CIMSession.  The flags parameter determines the type of shutdown operation
        /// such as shutdown, reboot, force etc.
        /// </summary>
        /// <param name="cmdlet">Cmdlet host for reporting errors</param>
        /// <param name="isLocalhost">True if local host computer</param>
        /// <param name="computerName">Target computer</param>
        /// <param name="flags">Win32Shutdown flags</param>
        /// <param name="credential">Optional credential</param>
        /// <param name="authentication">Optional authentication</param>
        /// <param name="formatErrorMessage">Error message format string that takes two parameters</param>
        /// <param name="ErrorFQEID">Fully qualified error Id</param>
        /// <param name="cancelToken">Cancel token</param>
        /// <returns>True on success</returns>
        internal static bool InvokeWin32ShutdownUsingWsman(
            PSCmdlet cmdlet,
            bool isLocalhost,
            string computerName,
            object[] flags,
            PSCredential credential,
            string authentication,
            string formatErrorMessage,
            string ErrorFQEID,
            CancellationToken cancelToken)
        {
            Dbg.Diagnostics.Assert(flags.Length == 2, "Caller need to verify the flags passed in");

            bool isSuccess = false;
            string targetMachine = isLocalhost ? "localhost" : computerName;
            string authInUse = isLocalhost ? null : authentication;
            PSCredential credInUse = isLocalhost ? null : credential;
            var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
            var operationOptions = new CimOperationOptions
            {
                Timeout = TimeSpan.FromMilliseconds(10000),
                CancellationToken = cancelToken,
                //This prefix works against all versions of the WinRM server stack, both win8 and win7
                ResourceUriPrefix = new Uri(ComputerWMIHelper.CimUriPrefix)
            };

            try
            {
                if (!(isLocalhost && PlatformInvokes.EnableTokenPrivilege(ComputerWMIHelper.SE_SHUTDOWN_NAME, ref currentPrivilegeState)) &&
                    !(!isLocalhost && PlatformInvokes.EnableTokenPrivilege(ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME, ref currentPrivilegeState)))
                {
                    string message =
                        StringUtil.Format(ComputerResources.PrivilegeNotEnabled, computerName,
                            isLocalhost ? ComputerWMIHelper.SE_SHUTDOWN_NAME : ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME);
                    ErrorRecord errorRecord = new ErrorRecord(new InvalidOperationException(message), "PrivilegeNotEnabled", ErrorCategory.InvalidOperation, null);
                    cmdlet.WriteError(errorRecord);
                    return false;
                }

                using (CimSession cimSession = RemoteDiscoveryHelper.CreateCimSession(targetMachine, credInUse, authInUse, cancelToken, cmdlet))
                {
                    var methodParameters = new CimMethodParametersCollection();
                    methodParameters.Add(CimMethodParameter.Create(
                        "Flags",
                        flags[0],
                        Microsoft.Management.Infrastructure.CimType.SInt32,
                        CimFlags.None));

                    methodParameters.Add(CimMethodParameter.Create(
                        "Reserved",
                        flags[1],
                        Microsoft.Management.Infrastructure.CimType.SInt32,
                        CimFlags.None));

                    CimMethodResult result = cimSession.InvokeMethod(
                        ComputerWMIHelper.CimOperatingSystemNamespace,
                        ComputerWMIHelper.WMI_Class_OperatingSystem,
                        ComputerWMIHelper.CimOperatingSystemShutdownMethod,
                        methodParameters,
                        operationOptions);

                    int retVal = Convert.ToInt32(result.ReturnValue.Value, CultureInfo.CurrentCulture);
                    if (retVal != 0)
                    {
                        var ex = new Win32Exception(retVal);
                        string errMsg = StringUtil.Format(formatErrorMessage, computerName, ex.Message);
                        ErrorRecord error = new ErrorRecord(
                            new InvalidOperationException(errMsg), ErrorFQEID, ErrorCategory.OperationStopped, computerName);
                        cmdlet.WriteError(error);
                    }
                    else
                    {
                        isSuccess = true;
                    }
                }
            }
            catch (CimException ex)
            {
                string errMsg = StringUtil.Format(formatErrorMessage, computerName, ex.Message);
                ErrorRecord error = new ErrorRecord(new InvalidOperationException(errMsg), ErrorFQEID,
                                                    ErrorCategory.OperationStopped, computerName);
                cmdlet.WriteError(error);
            }
            catch (Exception ex)
            {
                CommandProcessorBase.CheckForSevereException(ex);
                string errMsg = StringUtil.Format(formatErrorMessage, computerName, ex.Message);
                ErrorRecord error = new ErrorRecord(new InvalidOperationException(errMsg), ErrorFQEID,
                                                    ErrorCategory.OperationStopped, computerName);
                cmdlet.WriteError(error);
            }
            finally
            {
                // Restore the previous privilege state if something unexpected happened
                PlatformInvokes.RestoreTokenPrivilege(
                    isLocalhost ? ComputerWMIHelper.SE_SHUTDOWN_NAME : ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME, ref currentPrivilegeState);
            }

            return isSuccess;
        }
示例#4
0
        /// <summary>
        /// Restart one computer
        /// </summary>
        /// <param name="cmdlet"></param>
        /// <param name="isLocalhost"></param>
        /// <param name="computerName"></param>
        /// <param name="flags"></param>
        /// <param name="options"></param>
        /// <returns>
        /// True if the restart was successful
        /// False otherwise
        /// </returns>
        internal static bool RestartOneComputerUsingDcom(PSCmdlet cmdlet, bool isLocalhost, string computerName, object[] flags, ConnectionOptions options)
        {
            bool isSuccess = false;
            PlatformInvokes.TOKEN_PRIVILEGE currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();

            try
            {
                if (!(isLocalhost && PlatformInvokes.EnableTokenPrivilege(ComputerWMIHelper.SE_SHUTDOWN_NAME, ref currentPrivilegeState)) &&
                    !(!isLocalhost && PlatformInvokes.EnableTokenPrivilege(ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME, ref currentPrivilegeState)))
                {
                    string message =
                        StringUtil.Format(ComputerResources.PrivilegeNotEnabled, computerName,
                            isLocalhost ? ComputerWMIHelper.SE_SHUTDOWN_NAME : ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME);
                    ErrorRecord errorRecord = new ErrorRecord(new InvalidOperationException(message), "PrivilegeNotEnabled", ErrorCategory.InvalidOperation, null);
                    cmdlet.WriteError(errorRecord);
                    return false;
                }

                ManagementScope scope = new ManagementScope(ComputerWMIHelper.GetScopeString(isLocalhost ? "localhost" : computerName, ComputerWMIHelper.WMI_Path_CIM), options);
                EnumerationOptions enumOptions = new EnumerationOptions { UseAmendedQualifiers = true, DirectRead = true };
                ObjectQuery query = new ObjectQuery("select * from " + ComputerWMIHelper.WMI_Class_OperatingSystem);
                using (var searcher = new ManagementObjectSearcher(scope, query, enumOptions))
                {
                    foreach (ManagementObject operatingSystem in searcher.Get())
                    {
                        using (operatingSystem)
                        {
                            object result = operatingSystem.InvokeMethod("Win32shutdown", flags);
                            int retVal = Convert.ToInt32(result.ToString(), CultureInfo.CurrentCulture);
                            if (retVal != 0)
                            {
                                var ex = new Win32Exception(retVal);
                                string errMsg = StringUtil.Format(ComputerResources.RestartcomputerFailed, computerName, ex.Message);
                                ErrorRecord error = new ErrorRecord(
                                    new InvalidOperationException(errMsg), "RestartcomputerFailed", ErrorCategory.OperationStopped, computerName);
                                cmdlet.WriteError(error);
                            }
                            else
                            {
                                isSuccess = true;
                            }
                        }
                    }
                }
            }
            catch (ManagementException ex)
            {
                string errMsg = StringUtil.Format(ComputerResources.RestartcomputerFailed, computerName, ex.Message);
                ErrorRecord error = new ErrorRecord(new InvalidOperationException(errMsg), "RestartcomputerFailed",
                                                    ErrorCategory.OperationStopped, computerName);
                cmdlet.WriteError(error);
            }
            catch (COMException ex)
            {
                string errMsg = StringUtil.Format(ComputerResources.RestartcomputerFailed, computerName, ex.Message);
                ErrorRecord error = new ErrorRecord(new InvalidOperationException(errMsg), "RestartcomputerFailed",
                                                    ErrorCategory.OperationStopped, computerName);
                cmdlet.WriteError(error);
            }
            catch (UnauthorizedAccessException ex)
            {
                string errMsg = StringUtil.Format(ComputerResources.RestartcomputerFailed, computerName, ex.Message);
                ErrorRecord error = new ErrorRecord(new InvalidOperationException(errMsg), "RestartcomputerFailed",
                                                    ErrorCategory.OperationStopped, computerName);
                cmdlet.WriteError(error);
            }
            finally
            {
                // Restore the previous privilege state if something unexpected happened
                PlatformInvokes.RestoreTokenPrivilege(
                    isLocalhost ? ComputerWMIHelper.SE_SHUTDOWN_NAME : ComputerWMIHelper.SE_REMOTE_SHUTDOWN_NAME, ref currentPrivilegeState);
            }

            return isSuccess;
        }
示例#5
0
        } // SetSecurityDescriptor

        private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
        {
            var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
            byte[] securityDescriptorBinary = null;

            try
            {
                // Get the binary form of the descriptor.
                PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
                securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm();
            }
            finally
            {
                PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
            }

            try
            {
                PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);

                // Transfer it to the new file / directory.
                // We keep these two code branches so that we can have more 
                // granular information when we ouput the object type via 
                // WriteSecurityDescriptorObject.
                if (Directory.Exists(path))
                {
                    DirectorySecurity newDescriptor = new DirectorySecurity();
                    newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
                    new DirectoryInfo(path).SetAccessControl(newDescriptor);
                    WriteSecurityDescriptorObject(newDescriptor, path);
                }
                else
                {
                    FileSecurity newDescriptor = new FileSecurity();
                    newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
                    new FileInfo(path).SetAccessControl(newDescriptor);
                    WriteSecurityDescriptorObject(newDescriptor, path);
                }
            }
            finally
            {
                PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
            }
        }