Skip to content

Commit

Permalink
Minor updates to powershell manager
Browse files Browse the repository at this point in the history
  • Loading branch information
@webprofusion-chrisc
webprofusion-chrisc committed Jul 22, 2024
1 parent c3932ba commit d9db785
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions src/Certify.Shared.Extensions/Utils/PowerShellManager.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
Expand All @@ -12,6 +12,7 @@
using System.Security.Principal;
using System.Text;
using System.Threading.Tasks;
using Certify.Management.Utils;

Check failure on line 15 in src/Certify.Shared.Extensions/Utils/PowerShellManager.cs

View workflow job for this annotation

GitHub Actions / build-and-test-windows 

The type or namespace name 'Utils' does not exist in the namespace 'Certify.Management' (are you missing an assembly reference?)
using Certify.Models;
using Certify.Models.Config;
using SimpleImpersonation;
Expand Down Expand Up @@ -70,7 +71,7 @@ public static async Task<ActionResult> RunScript(
if (launchNewProcess)
{
// spawn new process as the given user
return ExecutePowershellAsProcess(result, powershellExecutionPolicy, scriptFile, parameters, credentials, scriptContent, null, ignoredCommandExceptions: ignoredCommandExceptions, timeoutMinutes: timeoutMinutes);
return await ExecutePowershellAsProcess(result, powershellExecutionPolicy, scriptFile, parameters, credentials, logonType, scriptContent, null, ignoredCommandExceptions: ignoredCommandExceptions, timeoutMinutes: timeoutMinutes);
}
else
{
Expand Down Expand Up @@ -101,7 +102,7 @@ public static async Task<ActionResult> RunScript(
credentialsProvidedButNotSupported = true;
}

if (credentials?.Any() == true && credentialsProvidedButNotSupported == false)
if (credentials?.Any() == true && credentialsProvidedButNotSupported == false && RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
// run as windows user
UserCredentials windowsCredentials = null;
Expand Down Expand Up @@ -191,7 +192,7 @@ private static string GetPowershellExePath(string powershellPathPreference)
return null;
}

private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, Dictionary<string, string> credentials, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5, string powershellPathPreference = null)
private static async Task<ActionResult> ExecutePowershellAsProcess(CertificateRequestResult result, string executionPolicy, string scriptFile, Dictionary<string, object> parameters, Dictionary<string, string> credentials, string logonType, string scriptContent, PowerShell shell, bool autoConvertBoolean = true, string[] ignoredCommandExceptions = null, int timeoutMinutes = 5, string powershellPathPreference = null)
{
var _log = new StringBuilder();

Expand Down Expand Up @@ -319,6 +320,7 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
domain = ".";
}

// Note: process running as local system cannot start a process as different user due to lack of security token context
scriptProcessInfo.UserName = username;
scriptProcessInfo.Domain = domain;

Expand Down Expand Up @@ -400,7 +402,11 @@ private static ActionResult ExecutePowershellAsProcess(CertificateRequestResult
catch (Exception exp)
{
_log.AppendLine("Error: " + exp.ToString());
return new ActionResult { IsSuccess = false, Message = _log.ToString() };
return new ActionResult
{
IsSuccess = false,
Message = _log.ToString()
};
}
finally
{
Expand All @@ -425,7 +431,7 @@ private static bool ApplyFileACL(string filePath, string fullUsername)
var fileInfo = new FileInfo(filePath);
var accessControl = fileInfo.GetAccessControl();

accessControl.AddAccessRule(new FileSystemAccessRule(fullUsername, FileSystemRights.Read, AccessControlType.Allow));
accessControl.AddAccessRule(new FileSystemAccessRule(fullUsername, FileSystemRights.ReadAndExecute, AccessControlType.Allow));

try
{
Expand Down

0 comments on commit d9db785

Please sign in to comment.