Last active
March 18, 2016 10:15
-
-
Save jberezanski/67d7bea37184407ebe9d to your computer and use it in GitHub Desktop.
WMF 4.0 DSC credential decryption bug in Get-DscConfiguration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @{ | |
| ModuleVersion = '1.0' | |
| GUID = '7855f1e0-0012-4f60-8b2a-cb75a761529c' | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configuration CredEcho | |
| { | |
| Param ( | |
| [PSCredential] $cred | |
| ) | |
| Import-DscResource -Name JB_CredentialEcho | |
| node $AllNodes.NodeName | |
| { | |
| LocalConfigurationManager | |
| { | |
| CertificateId = $Node.Thumbprint | |
| } | |
| cCredentialEcho Echo1 | |
| { | |
| Name = 'Abc' | |
| Credential = $cred | |
| } | |
| cCredentialEcho Echo2 | |
| { | |
| Name = 'Abc2' | |
| Credential = $cred | |
| } | |
| } | |
| } | |
| $cd = @{ | |
| AllNodes = @( | |
| @{ | |
| NodeName = 'localhost' | |
| CertificateFile = '.\cert.cer' | |
| Thumbprint = '7C166D5F031EDD82848E02DB94E3F7A5A166C016' | |
| } | |
| ) | |
| } | |
| CredEcho -ConfigurationData $cd -cred (New-Object PSCredential 'DOM\usr',(ConvertTo-SecureString 'xyz' -AsPlainText -Force)) | |
| Write-Host 'invoking Set-DscLocalConfigurationManager' | |
| Set-DscLocalConfigurationManager -Path .\CredEcho -ComputerName localhost -Verbose | |
| Write-Host 'invoking Start-DscConfiguration' | |
| Start-DscConfiguration -Path .\CredEcho -ComputerName localhost -Verbose -Wait | |
| Write-Host 'invoking Get-DscConfiguration' | |
| Get-DscConfiguration -Verbose |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-TargetResource | |
| { | |
| [CmdletBinding()] | |
| [OutputType([System.Collections.Hashtable])] | |
| param | |
| ( | |
| [parameter(Mandatory = $true)] | |
| [System.String] | |
| $Name, | |
| [System.Management.Automation.PSCredential] | |
| $Credential | |
| ) | |
| Write-Verbose "Get-TargetResource" | |
| Dump-Credential -c $Credential | |
| return @{ | |
| Name = $Name | |
| Credential = $null | |
| } | |
| } | |
| function Set-TargetResource | |
| { | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [parameter(Mandatory = $true)] | |
| [System.String] | |
| $Name, | |
| [System.Management.Automation.PSCredential] | |
| $Credential | |
| ) | |
| Write-Verbose "Set-TargetResource" | |
| Dump-Credential -c $Credential | |
| } | |
| function Test-TargetResource | |
| { | |
| [CmdletBinding()] | |
| [OutputType([System.Boolean])] | |
| param | |
| ( | |
| [parameter(Mandatory = $true)] | |
| [System.String] | |
| $Name, | |
| [System.Management.Automation.PSCredential] | |
| $Credential | |
| ) | |
| Write-Verbose "Test-TargetResource" | |
| Dump-Credential -c $Credential | |
| return $false | |
| } | |
| function Dump-Credential([System.Management.Automation.PSCredential] $c) | |
| { | |
| if ($c -eq $null) { | |
| Write-Warning "credential is null" | |
| } else { | |
| $nc = $c.GetNetworkCredential() | |
| Write-Warning "credential: Domain [$($nc.Domain)] UserName [$($nc.UserName)] Password [$($nc.Password)]" | |
| } | |
| } | |
| Export-ModuleMember -Function *-TargetResource |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ClassVersion("1.0.0.0"), FriendlyName("cCredentialEcho")] | |
| class JB_CredentialEcho : OMI_BaseResource | |
| { | |
| [Key] string Name; | |
| [Write, EmbeddedInstance("MSFT_Credential")] String Credential; | |
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PS C:\Users\Administrator> .\config.ps1 | |
| Directory: C:\Users\Administrator\CredEcho | |
| Mode LastWriteTime Length Name | |
| ---- ------------- ------ ---- | |
| -a--- 2016-03-18 11:11 3646 localhost.mof | |
| -a--- 2016-03-18 11:11 872 localhost.meta.mof | |
| invoking Set-DscLocalConfigurationManager | |
| VERBOSE: Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target | |
| "MSFT_DSCLocalConfigurationManager". | |
| VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = | |
| SendMetaConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = | |
| root/Microsoft/Windows/DesiredStateConfiguration'. | |
| VERBOSE: An LCM method call arrived from computer JB-S13T01 with user sid | |
| S-1-5-21-2982317268-1144194326-3473732824-500. | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Set ] | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Resource ] [MSFT_DSCMetaConfiguration] | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Set ] [MSFT_DSCMetaConfiguration] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Set ] [MSFT_DSCMetaConfiguration] in 0.3600 seconds. | |
| VERBOSE: [JB-S13T01]: LCM: [ End Resource ] [MSFT_DSCMetaConfiguration] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Set ] in 0.5070 seconds. | |
| VERBOSE: Operation 'Invoke CimMethod' complete. | |
| VERBOSE: Set-DscLocalConfigurationManager finished in 0.904 seconds. | |
| invoking Start-DscConfiguration | |
| VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = | |
| SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = | |
| root/Microsoft/Windows/DesiredStateConfiguration'. | |
| VERBOSE: An LCM method call arrived from computer JB-S13T01 with user sid | |
| S-1-5-21-2982317268-1144194326-3473732824-500. | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Set ] | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Resource ] [[cCredentialEcho]Echo1] | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Test ] [[cCredentialEcho]Echo1] | |
| VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo1] Test-TargetResource | |
| WARNING: [JB-S13T01]: [[cCredentialEcho]Echo1] credential: Domain [DOM] UserName [usr] | |
| Password [xyz] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Test ] [[cCredentialEcho]Echo1] in 0.1880 seconds. | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Set ] [[cCredentialEcho]Echo1] | |
| VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo1] Set-TargetResource | |
| WARNING: [JB-S13T01]: [[cCredentialEcho]Echo1] credential: Domain [DOM] UserName [usr] | |
| Password [xyz] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Set ] [[cCredentialEcho]Echo1] in 0.0150 seconds. | |
| VERBOSE: [JB-S13T01]: LCM: [ End Resource ] [[cCredentialEcho]Echo1] | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Resource ] [[cCredentialEcho]Echo2] | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Test ] [[cCredentialEcho]Echo2] | |
| VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo2] Test-TargetResource | |
| WARNING: [JB-S13T01]: [[cCredentialEcho]Echo2] credential: Domain [DOM] UserName [usr] | |
| Password [xyz] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Test ] [[cCredentialEcho]Echo2] in 0.0310 seconds. | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Set ] [[cCredentialEcho]Echo2] | |
| VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo2] Set-TargetResource | |
| WARNING: [JB-S13T01]: [[cCredentialEcho]Echo2] credential: Domain [DOM] UserName [usr] | |
| Password [xyz] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Set ] [[cCredentialEcho]Echo2] in 0.0310 seconds. | |
| VERBOSE: [JB-S13T01]: LCM: [ End Resource ] [[cCredentialEcho]Echo2] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Set ] in 0.6316 seconds. | |
| VERBOSE: Operation 'Invoke CimMethod' complete. | |
| VERBOSE: Time taken for configuration job to complete is 0.642 seconds | |
| invoking Get-DscConfiguration | |
| VERBOSE: An LCM method call arrived from computer JB-S13T01 with user sid | |
| S-1-5-21-2982317268-1144194326-3473732824-500. | |
| VERBOSE: [JB-S13T01]: LCM: [ Start Get ] | |
| VERBOSE: [JB-S13T01]: [[cCredentialEcho]Echo1] Get-TargetResource | |
| WARNING: [JB-S13T01]: [[cCredentialEcho]Echo1] credential: Domain [DOM] UserName [usr] | |
| Password [xyz] | |
| VERBOSE: [JB-S13T01]: LCM: [ End Get ] [[cCredentialEcho]Echo1] in 0.0000 seconds. | |
| Get-DscConfiguration : Decryption failed. | |
| At C:\Users\Administrator\config.ps1:41 char:1 | |
| + Get-DscConfiguration -Verbose | |
| + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| + CategoryInfo : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get | |
| -DscConfiguration], CimException | |
| + FullyQualifiedErrorId : Windows System Error -2146893819,Get-DscConfiguration | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment