maxmustermann/PowerShell
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Don't fail if SaferPolicy API is not available on Win10 IoT or NanoServer (#7075)

Browse source 
* don't fail if SaferApi is not available
* fix install-powershellremoting to work on Windows PowerShell 5.1
This commit is contained in:
Steve Lee 2018-06-19 17:53:32 -07:00 committed by Aditya Patwardhan
parent bda8fd376c
commit abcdce4e3e
3 changed files with 75 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/System.Management.Automation/security/SecuritySupport.cs
View file

@ -477,6 +477,8 @@ namespace System.Management.Automation.Internal
#endregion execution policy
private static bool _saferIdentifyLevelApiSupported = true;
/// <summary>
/// Get the pass / fail result of calling the SAFER API
/// </summary>
@ -489,6 +491,11 @@ namespace System.Management.Automation.Internal
{
SaferPolicy status = SaferPolicy.Allowed;
if (!_saferIdentifyLevelApiSupported)
{
return status;
}
SAFER_CODE_PROPERTIES codeProperties = new SAFER_CODE_PROPERTIES();
IntPtr hAuthzLevel;
@ -555,7 +562,15 @@ namespace System.Management.Automation.Internal
}
else
{
throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
int lastError = Marshal.GetLastWin32Error();
if (lastError == NativeConstants.FUNCTION_NOT_SUPPORTED)
{
_saferIdentifyLevelApiSupported = false;
}
else
{
throw new System.ComponentModel.Win32Exception(lastError);
}
}
return status;

47
src/System.Management.Automation/security/nativeMethods.cs
View file

@ -24,68 +24,115 @@ namespace System.Management.Automation.Security
// Safer native constants
internal partial class NativeConstants
{
/// <Summary>
/// SAFER_TOKEN_NULL_IF_EQUAL -> 0x00000001
/// </Summary>
public const int SAFER_TOKEN_NULL_IF_EQUAL = 1;
/// <Summary>
/// SAFER_TOKEN_COMPARE_ONLY -> 0x00000002
/// </Summary>
public const int SAFER_TOKEN_COMPARE_ONLY = 2;
/// <Summary>
/// SAFER_TOKEN_MAKE_INERT -> 0x00000004
/// </Summary>
public const int SAFER_TOKEN_MAKE_INERT = 4;
/// <Summary>
/// SAFER_CRITERIA_IMAGEPATH -> 0x00001
/// </Summary>
public const int SAFER_CRITERIA_IMAGEPATH = 1;
/// <Summary>
/// SAFER_CRITERIA_NOSIGNEDHASH -> 0x00002
/// </Summary>
public const int SAFER_CRITERIA_NOSIGNEDHASH = 2;
/// <Summary>
/// SAFER_CRITERIA_IMAGEHASH -> 0x00004
/// </Summary>
public const int SAFER_CRITERIA_IMAGEHASH = 4;
/// <Summary>
/// SAFER_CRITERIA_AUTHENTICODE -> 0x00008
/// </Summary>
public const int SAFER_CRITERIA_AUTHENTICODE = 8;
/// <Summary>
/// SAFER_CRITERIA_URLZONE -> 0x00010
/// </Summary>
public const int SAFER_CRITERIA_URLZONE = 16;
/// <Summary>
/// SAFER_CRITERIA_IMAGEPATH_NT -> 0x01000
/// </Summary>
public const int SAFER_CRITERIA_IMAGEPATH_NT = 4096;
/// <Summary>
/// WTD_UI_NONE -> 0x00002
/// </Summary>
public const int WTD_UI_NONE = 2;
/// <Summary>
/// S_OK -> ((HRESULT)0L)
/// </Summary>
public const int S_OK = 0;
/// <Summary>
/// S_FALSE -> ((HRESULT)1L)
/// </Summary>
public const int S_FALSE = 1;
/// <Summary>
/// ERROR_MORE_DATA -> 234L
/// </Summary>
public const int ERROR_MORE_DATA = 234;
/// <Summary>
/// ERROR_ACCESS_DISABLED_BY_POLICY -> 1260L
/// </Summary>
public const int ERROR_ACCESS_DISABLED_BY_POLICY = 1260;
/// <Summary>
/// ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY -> 786L
/// </Summary>
public const int ERROR_ACCESS_DISABLED_NO_SAFER_UI_BY_POLICY = 786;
/// <Summary>
/// SAFER_MAX_HASH_SIZE -> 64
/// </Summary>
public const int SAFER_MAX_HASH_SIZE = 64;
/// <Summary>
/// SRP_POLICY_SCRIPT -> L"SCRIPT"
/// </Summary>
public const string SRP_POLICY_SCRIPT = "SCRIPT";
/// <Summary>
/// SIGNATURE_DISPLAYNAME_LENGTH -> MAX_PATH
/// </Summary>
internal const int SIGNATURE_DISPLAYNAME_LENGTH = NativeConstants.MAX_PATH;
/// <Summary>
/// SIGNATURE_PUBLISHER_LENGTH -> 128
/// </Summary>
internal const int SIGNATURE_PUBLISHER_LENGTH = 128;
/// <Summary>
/// SIGNATURE_HASH_LENGTH -> 64
/// </Summary>
internal const int SIGNATURE_HASH_LENGTH = 64;
/// <Summary>
/// MAX_PATH -> 260
/// </Summary>
internal const int MAX_PATH = 260;
/// <Summary>
/// This function is not supported on this system
/// </Summary>
internal const int FUNCTION_NOT_SUPPORTED = 120;
}
/// <summary>

14
src/powershell-native/Install-PowerShellRemoting.ps1
View file

@ -124,7 +124,7 @@ function Install-PluginEndpoint {
# #
######################
if ($PsCmdlet.ParameterSetName -eq "ByPath")
if ($PowerShellHome -ne $null)
{
$targetPsHome = $PowerShellHome
$targetPsVersion = & "$targetPsHome\pwsh" -NoProfile -Command '$PSVersionTable.PSVersion.ToString()'
@ -135,6 +135,7 @@ function Install-PluginEndpoint {
$targetPsHome = $PSHOME
$targetPsVersion = $PSVersionTable.PSVersion.ToString()
}
Write-Verbose "PowerShellHome: $targetPsHome" -Verbose
# For default, not tied to the specific version endpoint, we apply
# only first number in the PSVersion string to the endpoint name.
@ -163,7 +164,16 @@ function Install-PluginEndpoint {
return
}
$pluginBasePath = Join-Path ([System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::Windows) + "\System32\PowerShell") $targetPsVersion
if ($PSVersionTable.PSVersion -lt "6.0")
{
# This script is primarily used from Windows PowerShell for Win10 IoT and NanoServer to setup PSCore6 remoting endpoint
# so it's ok to hardcode to 'C:\Windows' for those systems
$pluginBasePath = Join-Path "C:\Windows\System32\PowerShell" $targetPsVersion
}
else
{
$pluginBasePath = Join-Path ([System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::Windows) + "\System32\PowerShell") $targetPsVersion
}
$resolvedPluginAbsolutePath = ""
if (! (Test-Path $pluginBasePath))