Skip to content

Revert "Add password confirmation in Get-Credential" #13372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
iSazonov merged 1 commit into from
Aug 7, 2020
Merged

Revert "Add password confirmation in Get-Credential" #13372

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 4 additions & 20 deletions src/Microsoft.PowerShell.ConsoleHost/host/msh/CommandLineParameterParser.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public override Dictionary<string, PSObject> Prompt(string caption, string messa
}

/// <summary>
/// Prompt for choice.
/// PromptForChoice.
/// </summary>
/// <param name="caption"></param>
/// <param name="message"></param>
Expand All @@ -60,7 +60,7 @@ public override int PromptForChoice(string caption, string message, Collection<C
}

/// <summary>
/// Prompt for credential.
/// PromptForCredential.
/// </summary>
/// <param name="caption"></param>
/// <param name="message"></param>
Expand All @@ -73,7 +73,7 @@ public override PSCredential PromptForCredential(string caption, string message,
}

/// <summary>
/// Prompt for credential.
/// PromptForCredential.
/// </summary>
/// <param name="caption"></param>
/// <param name="message"></param>
Expand All @@ -88,23 +88,7 @@ public override PSCredential PromptForCredential(string caption, string message,
}

/// <summary>
/// Prompt for credential.
/// </summary>
/// <param name="caption"></param>
/// <param name="message"></param>
/// <param name="userName"></param>
/// <param name="confirmPassword"></param>
/// <param name="targetName"></param>
/// <param name="allowedCredentialTypes"></param>
/// <param name="options"></param>
/// <returns></returns>
public override PSCredential PromptForCredential(string caption, string message, string userName, bool confirmPassword, string targetName, PSCredentialTypes allowedCredentialTypes, PSCredentialUIOptions options)
{
throw new PSNotImplementedException();
}

/// <summary>
/// Read line.
/// ReadLine.
/// </summary>
/// <returns></returns>
public override string ReadLine()
Expand Down
8 changes: 4 additions & 4 deletions src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHostUserInterfacePrompt.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,10 +303,10 @@ out object convertedObj
PSCredential credential = null;
credential =
PromptForCredential(
caption: null, // caption already written
message: null, // message already written
userName: null,
targetName: string.Empty);
null, // caption already written
null, // message already written
null,
string.Empty);
convertedObj = credential;
cancelInput = (convertedObj == null);
if ((credential != null) && (credential.Password.Length == 0) && listInput)
Expand Down
154 changes: 29 additions & 125 deletions src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHostUserInterfaceSecurity.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,10 @@

using System;
using System.Globalization;
using System.Linq;
using System.Management.Automation;
using System.Management.Automation.Internal;
using System.Runtime.InteropServices;
using System.Security;

using Microsoft.Win32;

namespace Microsoft.PowerShell
Expand All @@ -25,17 +24,21 @@ class ConsoleHostUserInterface : System.Management.Automation.Host.PSHostUserInt
/// this function will be modified to prompt using secure-path
/// if so configured.
/// </summary>
/// <param name="caption">Caption for the message.</param>
/// <param name="userName">Name of the user whose creds are to be prompted for. If set to null or empty string, the function will prompt for user name first.</param>
/// <param name="targetName">Name of the target for which creds are being collected.</param>
/// <param name="message">Message to be displayed.</param>
/// <param name="userName">Name of the user whose credentials are to be prompted for. If set to null or empty string, the function will prompt for user name first.</param>
/// <param name="targetName">Name of the target for which credentials are being collected.</param>
/// <param name="caption">Caption for the message.</param>
/// <returns>PSCredential object.</returns>
public override PSCredential PromptForCredential(string caption, string message, string userName, string targetName)

public override PSCredential PromptForCredential(
string caption,
string message,
string userName,
string targetName)
{
return PromptForCredential(caption,
message,
userName,
confirmPassword: false,
targetName,
PSCredentialTypes.Default,
PSCredentialUIOptions.Default);
Expand All @@ -44,62 +47,31 @@ public override PSCredential PromptForCredential(string caption, string message,
/// <summary>
/// Prompt for credentials.
/// </summary>
/// <param name="caption">Caption for the message.</param>
/// <param name="userName">Name of the user whose creds are to be prompted for. If set to null or empty string, the function will prompt for user name first.</param>
/// <param name="targetName">Name of the target for which creds are being collected.</param>
/// <param name="message">Message to be displayed.</param>
/// <param name="userName">Name of the user whose credentials are to be prompted for. If set to null or empty string, the function will prompt for user name first.</param>
/// <param name="targetName">Name of the target for which credentials are being collected.</param>
/// <param name="allowedCredentialTypes">What type of credentials can be supplied by the user.</param>
/// <param name="options">Options that control the credential gathering UI behavior.</param>
/// <returns>PSCredential object, or null if input was cancelled (or if reading from stdin and stdin at EOF).</returns>
public override PSCredential PromptForCredential(
string caption,
string message,
string userName,
string targetName,
PSCredentialTypes allowedCredentialTypes,
PSCredentialUIOptions options)
{
return PromptForCredential(
caption,
message,
userName,
confirmPassword: false,
targetName,
allowedCredentialTypes,
options);
}

/// <summary>
/// Prompt for credentials.
/// </summary>
/// <param name="caption">Caption for the message.</param>
/// <param name="message">Message to be displayed.</param>
/// <param name="userName">Name of the user whose credentials are to be prompted for. If set to null or empty string, the function will prompt for user name first.</param>
/// <param name="confirmPassword">Prompts user to re-enter the password for confirmation.</param>
/// <param name="targetName">Name of the target for which credentials are being collected.</param>
/// <param name="allowedCredentialTypes">What type of credentials can be supplied by the user.</param>
/// <param name="options">Options that control the credential gathering UI behavior.</param>
/// <param name="allowedCredentialTypes">What type of creds can be supplied by the user.</param>
/// <param name="options">Options that control the cred gathering UI behavior.</param>
/// <returns>PSCredential object, or null if input was cancelled (or if reading from stdin and stdin at EOF).</returns>

public override PSCredential PromptForCredential(
string caption,
string message,
string userName,
bool confirmPassword,
string targetName,
PSCredentialTypes allowedCredentialTypes,
PSCredentialUIOptions options)
{
PSCredential cred = null;
SecureString password = null;
SecureString reenterPassword = null;
string userPrompt = null;
string passwordPrompt = null;
string confirmPasswordPrompt = null;
string passwordMismatch = null;

if (!string.IsNullOrEmpty(caption))
{
// Should be a skin lookup

WriteLineToConsole();
WriteLineToConsole(PromptColor, RawUI.BackgroundColor, WrapToCurrentWindowWidth(caption));
}
Expand All @@ -113,7 +85,9 @@ public override PSCredential PromptForCredential(
{
userPrompt = ConsoleHostUserInterfaceSecurityResources.PromptForCredential_User;

//
// need to prompt for user name first
//
do
{
WriteToConsole(userPrompt, true);
Expand All @@ -126,95 +100,25 @@ public override PSCredential PromptForCredential(
while (userName.Length == 0);
}

passwordPrompt = StringUtil.Format(ConsoleHostUserInterfaceSecurityResources.PromptForCredential_Password, userName);
passwordPrompt = StringUtil.Format(ConsoleHostUserInterfaceSecurityResources.PromptForCredential_Password, userName
);

//
// now, prompt for the password
do
//
WriteToConsole(passwordPrompt, true);
password = ReadLineAsSecureString();
if (password == null)
{
WriteToConsole(passwordPrompt, true);
password = ReadLineAsSecureString();
if (password == null)
{
return null;
}
}
while (password.Length == 0);

if (confirmPassword)
{
confirmPasswordPrompt = StringUtil.Format(ConsoleHostUserInterfaceSecurityResources.PromptForCredential_ReenterPassword, userName);
passwordMismatch = StringUtil.Format(ConsoleHostUserInterfaceSecurityResources.PromptForCredential_PasswordMismatch);

// now, prompt to re-enter the password.
WriteToConsole(confirmPasswordPrompt, true);
reenterPassword = ReadLineAsSecureString();
if (reenterPassword == null)
{
return null;
}

if (!SecureStringEquals(password, reenterPassword))
{
WriteToConsole(ConsoleColor.Red, ConsoleColor.Black, passwordMismatch, false);
return null;
}
return null;
}

WriteLineToConsole();
cred = new PSCredential(userName, password);
return cred;
}

private static bool SecureStringEquals(SecureString password, SecureString confirmPassword)
{
if (password.Length != confirmPassword.Length)
{
return false;
}

IntPtr pwd_ptr = IntPtr.Zero;
IntPtr confirmPwd_ptr = IntPtr.Zero;
try
{
pwd_ptr = Marshal.SecureStringToBSTR(password);
if (pwd_ptr == IntPtr.Zero)
{
return false;
}

confirmPwd_ptr = Marshal.SecureStringToBSTR(confirmPassword);
if (confirmPwd_ptr == IntPtr.Zero)
{
return false;
}

int pwdLength = Marshal.ReadInt32(pwd_ptr, -4);
int equal = 0;
for (int i = 0; i < pwdLength; i++)
{
byte c1 = Marshal.ReadByte(pwd_ptr, i);
byte c2 = Marshal.ReadByte(confirmPwd_ptr, i);
equal = c1 ^ c2;
if (equal != 0)
{
return false;
}
}

return true;
}
finally
{
if (pwd_ptr != IntPtr.Zero)
{
Marshal.ZeroFreeBSTR(pwd_ptr);
}
cred = new PSCredential(userName, password);

if (confirmPwd_ptr != IntPtr.Zero)
{
Marshal.ZeroFreeBSTR(confirmPwd_ptr);
}
}
return cred;
}
}
}

6 changes: 0 additions & 6 deletions ...Microsoft.PowerShell.ConsoleHost/resources/ConsoleHostUserInterfaceSecurityResources.resx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,10 +123,4 @@
<data name="PromptForCredential_Password" xml:space="preserve">
<value>Password for user {0}: </value>
</data>
<data name="PromptForCredential_ReenterPassword" xml:space="preserve">
<value>Re-enter password for user {0}:</value>
</data>
<data name="PromptForCredential_PasswordMismatch" xml:space="preserve">
<value>Passwords do not match.</value>
</data>
</root>
15 changes: 1 addition & 14 deletions src/Microsoft.PowerShell.Security/security/CredentialCommands.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,12 +79,6 @@ public string Title

private string _title = UtilsStrings.PromptForCredential_DefaultCaption;

/// <summary>
/// Gets or sets the confirm password prompt.
/// </summary>
[Parameter(ParameterSetName = messageSet)]
public SwitchParameter ConfirmPassword { get; set; }

/// <summary>
/// Initializes a new instance of the GetCredentialCommand
/// class.
Expand All @@ -106,14 +100,7 @@ protected override void BeginProcessing()

try
{
Credential = this.Host.UI.PromptForCredential(
_title,
_message,
_userName,
ConfirmPassword,
string.Empty,
PSCredentialTypes.Default,
PSCredentialUIOptions.Default);
Credential = this.Host.UI.PromptForCredential(_title, _message, _userName, string.Empty);
}
catch (ArgumentException exception)
{
Expand Down
Loading