From ac4ff7dc0102ce7b2ac7fb8b0eb204acaf85d8e8 Mon Sep 17 00:00:00 2001 From: Ilya Date: Tue, 2 Nov 2021 08:13:49 +0500 Subject: [PATCH 1/5] Move psxml type definitions from SMA to Security module --- .../Microsoft.PowerShell.Security.psd1 | 1 + .../Security.types.ps1xml | 123 +++++++++++++++ .../engine/InitialSessionState.cs | 7 - .../engine/TypeTable_Types_Ps1Xml.cs | 146 ------------------ test/powershell/Host/Startup.Tests.ps1 | 1 - 5 files changed, 124 insertions(+), 154 deletions(-) create mode 100644 src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml diff --git a/src/Modules/Windows/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1 b/src/Modules/Windows/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1 index b88bc92d2a2..6d47b2ce2cd 100644 --- a/src/Modules/Windows/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1 +++ b/src/Modules/Windows/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1 @@ -10,5 +10,6 @@ FunctionsToExport = @() CmdletsToExport="Get-Acl", "Set-Acl", "Get-PfxCertificate", "Get-Credential", "Get-ExecutionPolicy", "Set-ExecutionPolicy", "Get-AuthenticodeSignature", "Set-AuthenticodeSignature", "ConvertFrom-SecureString", "ConvertTo-SecureString", "Get-CmsMessage", "Unprotect-CmsMessage", "Protect-CmsMessage" , "New-FileCatalog" , "Test-FileCatalog" AliasesToExport = @() NestedModules="Microsoft.PowerShell.Security.dll" +TypesToProcess="Security.types.ps1xml" HelpInfoURI = 'https://aka.ms/powershell73-help' } diff --git a/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml b/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml new file mode 100644 index 00000000000..034b61a8cf0 --- /dev/null +++ b/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml @@ -0,0 +1,123 @@ + + + + + System.Security.AccessControl.ObjectSecurity + + + Path + + Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase + GetPath + + + + Owner + + Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase + GetOwner + + + + Group + + Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase + GetGroup + + + + Access + + Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase + GetAccess + + + + Sddl + + Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase + GetSddl + + + + AccessToString + + $toString = ""; + $first = $true; + if ( ! $this.Access ) { return "" } + foreach($ace in $this.Access) + { + if($first) + { + $first = $false; + } + else + { + $tostring += "`n"; + } + $toString += $ace.IdentityReference.ToString(); + $toString += " "; + $toString += $ace.AccessControlType.ToString(); + $toString += " "; + if($ace -is [System.Security.AccessControl.FileSystemAccessRule]) + { + $toString += $ace.FileSystemRights.ToString(); + } + elseif($ace -is [System.Security.AccessControl.RegistryAccessRule]) + { + $toString += $ace.RegistryRights.ToString(); + } + } + return $toString; + + + + AuditToString + + $toString = ""; + $first = $true; + if ( ! (& { Set-StrictMode -Version 1; $this.audit }) ) { return "" } + foreach($ace in (& { Set-StrictMode -Version 1; $this.audit })) + { + if($first) + { + $first = $false; + } + else + { + $tostring += "`n"; + } + $toString += $ace.IdentityReference.ToString(); + $toString += " "; + $toString += $ace.AuditFlags.ToString(); + $toString += " "; + if($ace -is [System.Security.AccessControl.FileSystemAuditRule]) + { + $toString += $ace.FileSystemRights.ToString(); + } + elseif($ace -is [System.Security.AccessControl.RegistryAuditRule]) + { + $toString += $ace.RegistryRights.ToString(); + } + } + return $toString; + + + + + + diff --git a/src/System.Management.Automation/engine/InitialSessionState.cs b/src/System.Management.Automation/engine/InitialSessionState.cs index 36f619aed77..7a6d09cba67 100644 --- a/src/System.Management.Automation/engine/InitialSessionState.cs +++ b/src/System.Management.Automation/engine/InitialSessionState.cs @@ -3851,13 +3851,6 @@ internal PSSnapInInfo ImportPSSnapIn(PSSnapInInfo psSnapInInfo, out PSSnapInExce assemblyEntry.SetPSSnapIn(psSnapInInfo); Assemblies.Add(assemblyEntry); - // entry from types.ps1xml references a type (Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase) in this assembly - if (psSnapInInfo.Name.Equals(CoreSnapin, StringComparison.OrdinalIgnoreCase)) - { - assemblyEntry = new SessionStateAssemblyEntry("Microsoft.PowerShell.Security", null); - this.Assemblies.Add(assemblyEntry); - } - if (cmdlets != null) { foreach (SessionStateCmdletEntry cmdlet in cmdlets.Values) diff --git a/src/System.Management.Automation/engine/TypeTable_Types_Ps1Xml.cs b/src/System.Management.Automation/engine/TypeTable_Types_Ps1Xml.cs index bb267267b31..5ecd5914904 100644 --- a/src/System.Management.Automation/engine/TypeTable_Types_Ps1Xml.cs +++ b/src/System.Management.Automation/engine/TypeTable_Types_Ps1Xml.cs @@ -4081,152 +4081,6 @@ private void Process_Types_Ps1Xml(string filePath, ConcurrentBag errors) #endregion System.Management.ManagementObject - #region System.Security.AccessControl.ObjectSecurity - - typeName = @"System.Security.AccessControl.ObjectSecurity"; - typeMembers = _extendedMembers.GetOrAdd(typeName, static key => new PSMemberInfoInternalCollection(capacity: 7)); - Type securityDescriptorCommandsBaseType = TypeResolver.ResolveType("Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase", exception: out _); - - // Process regular members. - newMembers.Add(@"Path"); - AddMember( - errors, - typeName, - new PSCodeProperty( - @"Path", - GetMethodInfo(securityDescriptorCommandsBaseType, @"GetPath"), - setterCodeReference: null), - typeMembers, - isOverride: false); - - newMembers.Add(@"Owner"); - AddMember( - errors, - typeName, - new PSCodeProperty( - @"Owner", - GetMethodInfo(securityDescriptorCommandsBaseType, @"GetOwner"), - setterCodeReference: null), - typeMembers, - isOverride: false); - - newMembers.Add(@"Group"); - AddMember( - errors, - typeName, - new PSCodeProperty( - @"Group", - GetMethodInfo(securityDescriptorCommandsBaseType, @"GetGroup"), - setterCodeReference: null), - typeMembers, - isOverride: false); - - newMembers.Add(@"Access"); - AddMember( - errors, - typeName, - new PSCodeProperty( - @"Access", - GetMethodInfo(securityDescriptorCommandsBaseType, @"GetAccess"), - setterCodeReference: null), - typeMembers, - isOverride: false); - - newMembers.Add(@"Sddl"); - AddMember( - errors, - typeName, - new PSCodeProperty( - @"Sddl", - GetMethodInfo(securityDescriptorCommandsBaseType, @"GetSddl"), - setterCodeReference: null), - typeMembers, - isOverride: false); - - newMembers.Add(@"AccessToString"); - AddMember( - errors, - typeName, - new PSScriptProperty( - @"AccessToString", - GetScriptBlock(@"$toString = """"; - $first = $true; - if ( ! $this.Access ) { return """" } - - foreach($ace in $this.Access) - { - if($first) - { - $first = $false; - } - else - { - $tostring += ""`n""; - } - - $toString += $ace.IdentityReference.ToString(); - $toString += "" ""; - $toString += $ace.AccessControlType.ToString(); - $toString += "" ""; - if($ace -is [System.Security.AccessControl.FileSystemAccessRule]) - { - $toString += $ace.FileSystemRights.ToString(); - } - elseif($ace -is [System.Security.AccessControl.RegistryAccessRule]) - { - $toString += $ace.RegistryRights.ToString(); - } - } - - return $toString;"), - setterScript: null, - shouldCloneOnAccess: true), - typeMembers, - isOverride: false); - - newMembers.Add(@"AuditToString"); - AddMember( - errors, - typeName, - new PSScriptProperty( - @"AuditToString", - GetScriptBlock(@"$toString = """"; - $first = $true; - if ( ! (& { Set-StrictMode -Version 1; $this.audit }) ) { return """" } - - foreach($ace in (& { Set-StrictMode -Version 1; $this.audit })) - { - if($first) - { - $first = $false; - } - else - { - $tostring += ""`n""; - } - - $toString += $ace.IdentityReference.ToString(); - $toString += "" ""; - $toString += $ace.AuditFlags.ToString(); - $toString += "" ""; - if($ace -is [System.Security.AccessControl.FileSystemAuditRule]) - { - $toString += $ace.FileSystemRights.ToString(); - } - elseif($ace -is [System.Security.AccessControl.RegistryAuditRule]) - { - $toString += $ace.RegistryRights.ToString(); - } - } - - return $toString;"), - setterScript: null, - shouldCloneOnAccess: true), - typeMembers, - isOverride: false); - - #endregion System.Security.AccessControl.ObjectSecurity - #region Microsoft.PowerShell.Commands.HistoryInfo typeName = @"Microsoft.PowerShell.Commands.HistoryInfo"; diff --git a/test/powershell/Host/Startup.Tests.ps1 b/test/powershell/Host/Startup.Tests.ps1 index d0d8662cc93..bd5a885b390 100644 --- a/test/powershell/Host/Startup.Tests.ps1 +++ b/test/powershell/Host/Startup.Tests.ps1 @@ -7,7 +7,6 @@ Describe "Validate start of console host" -Tag CI { 'Microsoft.ApplicationInsights.dll' 'Microsoft.Management.Infrastructure.dll' 'Microsoft.PowerShell.ConsoleHost.dll' - 'Microsoft.PowerShell.Security.dll' 'Microsoft.Win32.Primitives.dll' 'Microsoft.Win32.Registry.dll' 'netstandard.dll' From c3fef34e5eb1d8507e2dc192d020101d688b02ca Mon Sep 17 00:00:00 2001 From: Ilya Date: Tue, 2 Nov 2021 09:05:40 +0500 Subject: [PATCH 2/5] Fix typo --- .../Windows/Microsoft.PowerShell.Security/Security.types.ps1xml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml b/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml index 034b61a8cf0..89ba26aa56a 100644 --- a/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml +++ b/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml @@ -15,6 +15,7 @@ OR RESULTS IN CONNECTION WITH THE USE OF THIS CODE AND INFORMATION REMAINS WITH THE USER. ******************************************************************** --> + System.Security.AccessControl.ObjectSecurity From 75750593cbf8eebb98b11dcf3a00ba88151c0c61 Mon Sep 17 00:00:00 2001 From: Ilya Date: Tue, 2 Nov 2021 16:11:27 +0500 Subject: [PATCH 3/5] Fix assembly loading --- .../engine/InitialSessionState.cs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/System.Management.Automation/engine/InitialSessionState.cs b/src/System.Management.Automation/engine/InitialSessionState.cs index 7a6d09cba67..36f619aed77 100644 --- a/src/System.Management.Automation/engine/InitialSessionState.cs +++ b/src/System.Management.Automation/engine/InitialSessionState.cs @@ -3851,6 +3851,13 @@ internal PSSnapInInfo ImportPSSnapIn(PSSnapInInfo psSnapInInfo, out PSSnapInExce assemblyEntry.SetPSSnapIn(psSnapInInfo); Assemblies.Add(assemblyEntry); + // entry from types.ps1xml references a type (Microsoft.PowerShell.Commands.SecurityDescriptorCommandsBase) in this assembly + if (psSnapInInfo.Name.Equals(CoreSnapin, StringComparison.OrdinalIgnoreCase)) + { + assemblyEntry = new SessionStateAssemblyEntry("Microsoft.PowerShell.Security", null); + this.Assemblies.Add(assemblyEntry); + } + if (cmdlets != null) { foreach (SessionStateCmdletEntry cmdlet in cmdlets.Values) From d17a37371537690d9903e3a90861a8cc609a61af Mon Sep 17 00:00:00 2001 From: Ilya Date: Tue, 2 Nov 2021 17:15:10 +0500 Subject: [PATCH 4/5] Fix tests --- test/powershell/Host/Startup.Tests.ps1 | 2 +- test/powershell/engine/ETS/TypeTable.Tests.ps1 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/powershell/Host/Startup.Tests.ps1 b/test/powershell/Host/Startup.Tests.ps1 index bd5a885b390..1e49d9a6a36 100644 --- a/test/powershell/Host/Startup.Tests.ps1 +++ b/test/powershell/Host/Startup.Tests.ps1 @@ -7,6 +7,7 @@ Describe "Validate start of console host" -Tag CI { 'Microsoft.ApplicationInsights.dll' 'Microsoft.Management.Infrastructure.dll' 'Microsoft.PowerShell.ConsoleHost.dll' + 'Microsoft.PowerShell.Security.dll' 'Microsoft.Win32.Primitives.dll' 'Microsoft.Win32.Registry.dll' 'netstandard.dll' @@ -14,7 +15,6 @@ Describe "Validate start of console host" -Tag CI { 'pwsh.dll' 'System.Collections.Concurrent.dll' 'System.Collections.dll' - 'System.Collections.NonGeneric.dll' 'System.Collections.Specialized.dll' 'System.ComponentModel.dll' 'System.ComponentModel.Primitives.dll' diff --git a/test/powershell/engine/ETS/TypeTable.Tests.ps1 b/test/powershell/engine/ETS/TypeTable.Tests.ps1 index 55b909145a8..f523f9c1234 100644 --- a/test/powershell/engine/ETS/TypeTable.Tests.ps1 +++ b/test/powershell/engine/ETS/TypeTable.Tests.ps1 @@ -19,9 +19,9 @@ Describe "Built-in type information tests" -Tag "CI" { It "Should have correct number of built-in type items in type table" { $expected = if ($IsWindows) { - 273 - } else { 272 + } else { + 271 } $types.Count | Should -BeExactly $expected } From 371dad43116d2228385dff89627a1b4ce4c4d658 Mon Sep 17 00:00:00 2001 From: Dongbo Wang Date: Mon, 25 Jul 2022 17:39:48 -0700 Subject: [PATCH 5/5] Update the header content for the ps1xml file --- .../Security.types.ps1xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml b/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml index 89ba26aa56a..b1171c98e6a 100644 --- a/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml +++ b/src/Modules/Windows/Microsoft.PowerShell.Security/Security.types.ps1xml @@ -1,11 +1,11 @@