We have a script that does a backup of NTFS permissions to an .xml file:
Get-Acl -Path 'C:\myFolder' | Export-Clixml -Path $ntfsXmlFile
Then on another machine we try to restore these permissions on a specific folder. This would be easy by doing
Import-Clixml -LiteralPath $ntfsXmlFile | Set-Acl -Path 'C:\otherFolder'
However, in some cases it can be that not all accounts in the $ntfsXmlFile are available on the second machine. So we create the Access Control List manually and verify if each Access Control Entry exists before adding it to the ACL.
The problem is that unknown account names are converted to an unrecognizable string when using Import-Clixml:
BinaryLength AccountDomainSid Value
------------ ---------------- -----
28 S-1-5-21-497061539-31097515 S-1-5-21-497061539-31067-310415-1030
The xml file exported by Export-Clixml looks like this:
<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04">
<Obj RefId="0">
<TN RefId="0">
<T>System.Security.AccessControl.DirectorySecurity</T>
<T>System.Security.AccessControl.FileSystemSecurity</T>
<T>System.Security.AccessControl.NativeObjectSecurity</T>
<T>System.Security.AccessControl.CommonObjectSecurity</T>
<T>System.Security.AccessControl.ObjectSecurity</T>
<T>System.Object</T>
</TN>
<ToString>System.Security.AccessControl.DirectorySecurity</ToString>
<Props>
<S N="AccessRightType">System.Security.AccessControl.FileSystemRights</S>
<S N="AccessRuleType">System.Security.AccessControl.FileSystemAccessRule</S>
<S N="AuditRuleType">System.Security.AccessControl.FileSystemAuditRule</S>
<B N="AreAccessRulesProtected">true</B>
<B N="AreAuditRulesProtected">false</B>
<B N="AreAccessRulesCanonical">true</B>
<B N="AreAuditRulesCanonical">true</B>
</Props>
<MS>
<S N="PSPath">Microsoft.PowerShell.Core\FileSystem::C:\myFolder</S>
<S N="PSParentPath">Microsoft.PowerShell.Core\FileSystem::C:\myFolder</S>
<S N="PSChildName">B</S>
<Obj N="PSDrive" RefId="1">
<TN RefId="1">
<T>System.Management.Automation.PSDriveInfo</T>
<T>System.Object</T>
</TN>
<ToString>C</ToString>
<Props>
<S N="CurrentLocation"></S>
<S N="Name">C</S>
<Obj N="Provider" RefId="2">
<S>Microsoft.PowerShell.Core\FileSystem</S>
</Obj>
<S N="Root">C:\</S>
<S N="Description">System</S>
<Nil N="MaximumSize" />
<Obj N="Credential" RefId="3">
<TN RefId="2">
<T>System.Management.Automation.PSCredential</T>
<T>System.Object</T>
</TN>
<ToString>System.Management.Automation.PSCredential</ToString>
<Props>
<Nil N="UserName" />
<Nil N="Password" />
</Props>
</Obj>
<Nil N="DisplayRoot" />
</Props>
<MS>
<U64 N="Used">70907654144</U64>
<U64 N="Free">14884746544</U64>
</MS>
</Obj>
<Obj N="PSProvider" RefId="4">
<TN RefId="3">
<T>System.Management.Automation.ProviderInfo</T>
<T>System.Object</T>
</TN>
<ToString>Microsoft.PowerShell.Core\FileSystem</ToString>
<Props>
<S N="ImplementingType">Microsoft.PowerShell.Commands.FileSystemProvider</S>
<S N="HelpFile">System.Management.Automation.dll-Help.xml</S>
<S N="Name">FileSystem</S>
<S N="PSSnapIn">Microsoft.PowerShell.Core</S>
<S N="ModuleName">Microsoft.PowerShell.Core</S>
<Nil N="Module" />
<S N="Description"></S>
<S N="Capabilities">Filter, ShouldProcess, Credentials</S>
<S N="Home">C:\Users\bob</S>
<Obj N="Drives" RefId="5">
<TN RefId="4">
<T>System.Collections.ObjectModel.Collection`1[[System.Management.Automation.PSDriveInfo, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]</T>
<T>System.Object</T>
</TN>
<LST>
<S>A</S>
<Ref RefId="1" />
<S>D</S>
<Obj RefId="6">
<S>L</S>
</Obj>
<S>S</S>
<Obj RefId="7">
<S>T</S>
</Obj>
<S>TestDrive</S>
<S>Z</S>
</LST>
</Obj>
</Props>
</Obj>
<Nil N="CentralAccessPolicyId" />
<Nil N="CentralAccessPolicyName" />
<S N="Path">Microsoft.PowerShell.Core\FileSystem::C:\myFolder</S>
<S N="Owner">BUILTIN\Administrators</S>
<S N="Group">GROUPHC\Domain Users</S>
<Obj N="Access" RefId="8">
<TN RefId="5">
<T>System.Security.AccessControl.AuthorizationRuleCollection</T>
<T>System.Collections.ReadOnlyCollectionBase</T>
<T>System.Object</T>
</TN>
<IE>
<S>System.Security.AccessControl.FileSystemAccessRule</S>
<S>System.Security.AccessControl.FileSystemAccessRule</S>
<S>System.Security.AccessControl.FileSystemAccessRule</S>
</IE>
</Obj>
<S N="Sddl">O:BAG:DUD:PAI(A;OICI;FA;;;BA)(A;OICI;0x1301bf;;;S-1-5-21-497061539-3109733767-3104415515-1037)(A;OICI;0x1301bf;;;S-1-5-21-497061539-3109733767-3104415515-1038)</S>
<S N="AccessToString">BUILTIN\Administrators Allow FullControl_x000A_PC1\TestUser1 Allow Modify, Synchronize_x000A_PC1\TestUser2 Allow Modify, Synchronize</S>
<S N="AuditToString"></S>
</MS>
</Obj>
</Objs>
We're trying to access the property Access but the following fails:
$rawXml = [Xml] (Get-Content -LiteralPath $ntfsFile)
$rawXml.SelectNodes('Objs.Obj.MS.Obj.N.Access')
Ideally we would like to retrieve the following:
BUILTIN\Administrators Allow FullControl_x000A_
PC1\TestUser1 Allow Modify, Synchronize_x000A_
PC1\TestUser2 Allow Modify, Synchronize
Is there a way to get the correct account principal name out of the exported xml file?
Thanks to #Mathias in the comments the following code works to retrieve the Access list:
$rawXml = [Xml] (Get-Content -Path $ntfsFile)
($rawXml.Objs.Obj.MS.S | Where-Object N -EQ AccessToString |
ForEach-Object InnerText ) -split '_x000A_'
Related
Any help would be appreciated.
I am using GCP Kubernetes Engine.
Getting following error in POD:
log4net:ERROR XmlHierarchyConfigurator: Cannot find Property [additivity] to set object on [log4net.Appender.RollingFileAppender]
Here is my configuration file:
apiVersion: v1
kind: ConfigMap
metadata:
name: log4net-config
namespace: bold-services
data:
Log4Net.config: |
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<log4net threshold="ALL" debug="true">
<root>
<level value="ALL" />
<!-- <appender-ref ref="ConsoleAppender" /> -->
<appender-ref ref="FILE_DEBUG_APPENDER" />
<appender-ref ref="FILE_ERROR_APPENDER" />
</root>
<!-- === File Appender for NON-ERROR messages file === -->
<appender name="FILE_DEBUG_APPENDER" type="log4net.Appender.RollingFileAppender" class="ch.qos.logback.classic.AsyncAppender">
<file type="log4net.Util.PatternString" value="%property{AppDataPath}/logs/%property{loggername}/debug-info-%env{HOSTNAME}.txt" />
<filter type="log4net.Filter.LevelMatchFilter">
<levelToMatch value="INFO" />
</filter>
<filter type="log4net.Filter.DenyAllFilter" />
<additivity value="true" />
<appendToFile value="true" />
<maxSizeRollBackups value="1" />
<maximumFileSize value="300KB" />
<rollingStyle value="Size" />
<staticLogFileName value="true" />
<layout type="log4net.Layout.PatternLayout">
<header type="log4net.Util.PatternString" value="#Software: %property{loggername} %newline#Date: %date %newline#Fields: date thread namespace methodname message %newline" />
<conversionPattern value="%date [%thread] %message%newline" />
</layout>
</appender>
<!-- === File Appender for ERROR messages file === -->
<appender name="FILE_ERROR_APPENDER" type="log4net.Appender.RollingFileAppender" class="ch.qos.logback.classic.AsyncAppender">
<file type="log4net.Util.PatternString" value="%property{AppDataPath}/logs/%property{loggername}/errors-%env{HOSTNAME}.txt" />
<filter type="log4net.Filter.LevelMatchFilter">
<levelToMatch value="ERROR" />
</filter>
<filter type="log4net.Filter.DenyAllFilter" />
<additivity value="true" />
<appendToFile value="true" />
<maxSizeRollBackups value="10" />
<maximumFileSize value="100KB" />
<rollingStyle value="Size" />
<staticLogFileName value="true" />
<layout type="log4net.Layout.PatternLayout">
<header type="log4net.Util.PatternString" value="#Software: %property{loggername} %newline#Date: %date %newline#Fields: date thread namespace methodname message %newline" />
<conversionPattern value="%date [%thread] %-5level %message%newline" />
</layout>
</appender>
<!-- === Console Appender to use in BufferingForwardingAppender === -->
<appender name="ConsoleAppender" type="log4net.Appender.ConsoleAppender">
<layout type="log4net.Layout.PatternLayout">
<conversionPattern type="log4net.Util.PatternString" value="%newline%%-5level %property{loggername} %env{HOSTNAME} %%date [%%thread] %%message%newline" />
</layout>
</appender>
</log4net>
</configuration>
I'm trying to read a security token form a SAMLP 2.0 reponse with unencrypted assertions, but where the attributes are encrypted using EncryptedID.
I'm using the Saml2SecurityTokenHandler to get a secrity token via the ReadToken method. This will eventually call ReadSubject and that one throws the exception: 'Element' is an invalid XmlNodeType.
According to the source Saml2SecurityTokenHandler.cs EncryptedID is not supported. So I've to write my own implementation. Does anyone has experience with this? Or can point me to good code examples.
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">d1fd410b-d485-4956-a9d3-eef9291045c8</saml:NameID>
<saml2:EncryptedID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_29dbab2c7ef41026f9ae573703ad233b" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_06c497ce9c9142a1f2d425011ddcda17" />
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>EmXVT1jw+uVQWTaAmYBYONRvoHkUDH+zTAJPg0a/AWT9XNjB+weF+NKDa5l9Tm1dNJd9OE8GyOGCrLLAcxCHvJwg9gk5WMUeBhtWltHJutsd94PioWoLFnaRRZUmF/wAJ4YK1AcOgK2cPZ0PH4lt18qkjcf/otmDUePQOSb8qox4JIINAgzlItJ5j4un16jh2tooIoRpklxglhISycv/RI2lTKmhSL4zpSrlTBwJWyBKPq0SEm29USrbVhrQK/z3RfZIO5DPghveT/fiJiuUrA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_06c497ce9c9142a1f2d425011ddcda17" Recipient="urn:etoegang:DV:00000003544415870000:entities:0001" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
</xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>B9DC06853C0435DA253F23816E3665BEAE9C4A8E</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>iVTdD2P4k14PgQ6I3YR3M2rw1DmrsgAa2mKLvOD4Jhhwl8W7UDAIX5vc/tAFwyu1tF72WU4h9Oa8EapqaHazBw8c7VedDBwZTm6cIzTndbVDNXTP6iJTbvB2M4HIjo3y5lE4cbWk5fGaAtJ2jnQXoxTGxrC5B0Tllgf+L4oAFxxwKDueAEc9v736l/CoPteZhPp+Je4SYZlDZqq1isNSk40EQikrD9GubAdDuGUG3X22McuaQWi5FGWZLFoRfTOxZgls1TOsjtFiFToZ77/3+HlZYQ+6/25o1Nqvfci+MVR1feerkra1NzVwoScjJS+1BCYd0OyKBF4PvSx7io3R6Q==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_29dbab2c7ef41026f9ae573703ad233b" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="_3d9c46ba251c38d74901355011391aa4b7712a1c" NotOnOrAfter="2018-07-27T08:47:20.653Z" Recipient="https://eid.digidentity-preproduction.eu/hm/eh111/eb_hm" />
</saml:SubjectConfirmation>
</saml:Subject>
Thanks
I'll try to setting a live streaming by MPEG-DASH.
There are some files for MEPG-DASH.
elemental-3703198892.m4a elemental-3703228922.m4v elemental-3703266460.m4a
elemental-3703198892.m4v elemental-3703236430.m4a elemental-3703266460.m4v
elemental-3703206400.m4a elemental-3703236430.m4v elemental-3703273967.m4a
elemental-3703206400.m4v elemental-3703243937.m4a elemental-3703273967.m4v
elemental-3703213907.m4a elemental-3703243937.m4v elemental-init.m4a
elemental-3703213907.m4v elemental-3703251445.m4a elemental-init.m4v
elemental-3703221415.m4a elemental-3703251445.m4v elemental-raw.m4a
elemental-3703221415.m4v elemental-3703258952.m4a elemental-raw.m4v
elemental-3703228922.m4a elemental-3703258952.m4v elemental.mpd
elemental.mpd is as following.
<?xml version="1.0"?>
<MPD
type="dynamic"
xmlns="urn:mpeg:dash:schema:mpd:2011"
availabilityStartTime="2017-04-27T11:22:32+08:00"
availabilityEndTime="2017-04-27T11:23:17+08:00"
minimumUpdatePeriod="PT5S"
minBufferTime="PT5S"
timeShiftBufferDepth="PT0H0M0.00S"
suggestedPresentationDelay="PT10S"
profiles="urn:hbbtv:dash:profile:isoff-live:2012,urn:mpeg:dash:profile:isoff
-live:2011"
xmlns:xsi="http://www.w3.org/2011/XMLSchema-instance"
xsi:schemaLocation="urn:mpeg:DASH:schema:MPD:2011 DASH-MPD.xsd">
<Period start="PT0S" id="dash">
<AdaptationSet
id="1"
segmentAlignment="true"
maxWidth="1280"
maxHeight="720"
maxFrameRate="23">
<Representation
id="elemental_H264"
mimeType="video/mp4"
codecs="avc1.4d401f"
width="1280"
height="720"
frameRate="23"
sar="1:1"
startWithSAP="1"
bandwidth="5000000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="elemental-$Time$.m4v"
initialization="elemental-init.m4v">
<SegmentTimeline>
<S t="3703228922" d="7508"/>
<S t="3703236430" d="7507"/>
<S t="3703243937" d="7508"/>
<S t="3703251445" d="7507"/>
<S t="3703258952" d="7508"/>
<S t="3703266460" d="7507"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
<AdaptationSet
id="2"
segmentAlignment="true">
<AudioChannelConfiguration
schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011"
value="1"/>
<Representation
id="elemental_AAC"
mimeType="audio/mp4"
codecs="mp4a.40.2"
audioSamplingRate="48000"
startWithSAP="1"
bandwidth="96000">
<SegmentTemplate
presentationTimeOffset="0"
timescale="1000"
media="elemental-$Time$.m4a"
initialization="elemental-init.m4a">
<SegmentTimeline>
<S t="3703228922" d="7508"/>
<S t="3703236430" d="7507"/>
<S t="3703243937" d="7508"/>
<S t="3703251445" d="7507"/>
<S t="3703258952" d="7508"/>
<S t="3703266460" d="7507"/>
</SegmentTimeline>
</SegmentTemplate>
</Representation>
</AdaptationSet>
</Period>
</MPD>
Using dash.js, but playback doesn't work.
In developer console of Chrome browser, video.js repeat to read elemental.mpd.
What wrong is MPEG-DASH?
I want to do SSO through SAMLResponse, which is generated after receiving the authrequest from Google. But with outlook, I have found that error:
Google Apps - This account cannot be accessed because we could not parse the login request.
Email address and cert is hide due to security.
SAML response is given below:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Destination="https://www.google.com/a/dev.authen2cate.com/acs"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://debug-ad.authen2cate.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XmexZKht13MLScVBPcrd+Dp1+jw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Z5u23PrImHZndHYkMbJtj4+n1F7bW3G3GLwogR6wYDLi2vFwt1EzKWSd5ATJjRlTnQT11W8+Wf8P
mlVthcvuQeZY9/jijoOT88y/Li4+B9hgmpnZI6WmgZWtOdRmAUvTvUGF3fR13iUxuttmWCNG+0Bf
bwxj5pnkQOsXVdnDgY0rkN9qe2XxFx3VFuFcoEE3dQVTxLT4xZBsjX+N/ao9b/+tEwQHvdwHsAr7
hDaQWxkSXT5/T8+0Lljtv1NZ4GZHkI59i3f2j8UQ3LR19LfY0EykEvWCHP3x5EdVSarkzYyQOddB
R3480a6KQjJOOw+Hhsu/tL+bWrw2sJ7HpUXVkw==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEzzCCA7egAwIBAgI............</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>wB4Uiws31Hjx0folWTMCJDrGFniKajRUgTgcVjNo8r/MUoWQEEh7lH7fOBPbdcREUQFllBMNLiFX
uSpKIsQPZVzPOwaWkWkBjTTISmG+nz9FCgOsyZnkWc0HFprC8Eg7x6I2TfPWZ1lKJhIiBWOI35m5
z9Xcr/LhleOPrDq66yTeCHABej4xs5kxFRGdgYtm9fdTQ78psHJseJm7hP6DbVCtVlBkesq7AAd6
r7B9Rj8nEQk4ZVtQWoo/4soF+nFwW6u4UyaLKswystI+B40XTizv4pNYQM6U6XZ+eoYJxTGlW2sU
gkeMWvYgM6BbNu5ex2i2DzTq3/lS8VnTpZEMWQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer>http://debug-ad.authen2cate.com</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">email_address</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
NotOnOrAfter="2014-01-10T07:43:26Z"
Recipient="https://www.google.com/a/dev.authen2cate.com/acs"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-01-09T07:38:25Z"
NotOnOrAfter="2014-01-10T07:43:26Z"
>
<saml:AudienceRestriction>
<saml:Audience>https://www.google.com/a/dev.authen2cate.com/acs</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-01-09T07:43:26Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
I am reading the following file in powershell.
<root xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<nested1>
<level1 xsi:nil="true" />
<level2>2</level2>
</nested1>
<nested2>
<level1 xsi:nil="true" />
<level2>2</level2>
</nested2>
</root>
using...
[xml]$XmlDoc = get-content $XMLFile
I would like to set
$XmlDoc.root.nested1.level2
so it has the attribute xsi:nil="true"
so the file appears as
<root xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<nested1>
<level1 xsi:nil="true" />
<level2 xsi:nil="true" />
</nested1>
<nested2>
<level1 xsi:nil="true" />
<level2>2</level2>
</nested2>
</root>
Many Thanks for any advice offered.
Use SetAttribute() and provide the namespace URI.
$node = $XmlDoc.SelectSingleNode('//nested1/level2')
$node.SetAttribute('nil', 'http://www.w3.org/2001/XMLSchema-instance', 'true') |
Out-Null