ab55018

RemoteFile/Discovery.cs

@@ -15,6 +15,7 @@
 using Keyfactor.Orchestrators.Common.Enums;
 
 using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
@@ -57,7 +58,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd
                 ApplicationSettings.Initialize(this.GetType().Assembly.Location);
 
                 certificateStore = new RemoteCertificateStore(config.ClientMachine, userName, userPassword, directoriesToSearch[0].Substring(0, 1) == "/" ? RemoteCertificateStore.ServerTypeEnum.Linux : RemoteCertificateStore.ServerTypeEnum.Windows);
-                certificateStore.Initialize();
+                certificateStore.Initialize(ApplicationSettings.DefaultSudoImpersonatedOwner);
 
                 if (directoriesToSearch.Length == 0)
                     throw new RemoteFileException("Blank or missing search directories for Discovery.");

RemoteFile/InventoryBase.cs

@@ -15,6 +15,7 @@
 using Keyfactor.Extensions.Orchestrator.RemoteFile.Models;
 
 using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
 
 namespace Keyfactor.Extensions.Orchestrator.RemoteFile
 {
@@ -46,8 +47,13 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd
                 string storePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", config.CertificateStoreDetails.StorePassword);
 
                 ApplicationSettings.Initialize(this.GetType().Assembly.Location);
+                dynamic properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties.ToString());
+                string sudoImpersonatingUser = properties.SudoImpersonatingUser == null || string.IsNullOrEmpty(properties.SudoImpersonatingUser.Value) ?
+                    ApplicationSettings.DefaultSudoImpersonatedOwner :
+                    properties.SudoImpersonatingUser.Value;
+
                 certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
-                certificateStore.Initialize();
+                certificateStore.Initialize(sudoImpersonatingUser);
                 certificateStore.LoadCertificateStore(certificateStoreSerializer, config.CertificateStoreDetails.Properties, true);
 
                 List<X509Certificate2Collection> collections = certificateStore.GetCertificateChains();

RemoteFile/ManagementBase.cs

@@ -51,8 +51,13 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                 string storePassword = PAMUtilities.ResolvePAMField(_resolver, logger, "Store Password", config.CertificateStoreDetails.StorePassword);
 
                 ApplicationSettings.Initialize(this.GetType().Assembly.Location);
+                dynamic properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties.ToString());
+                string sudoImpersonatingUser = properties.SudoImpersonatingUser == null || string.IsNullOrEmpty(properties.SudoImpersonatingUser.Value) ?
+                    ApplicationSettings.DefaultSudoImpersonatedOwner :
+                    properties.SudoImpersonatingUser.Value;
+
                 certificateStore = new RemoteCertificateStore(config.CertificateStoreDetails.ClientMachine, userName, userPassword, config.CertificateStoreDetails.StorePath, storePassword, config.JobProperties);
-                certificateStore.Initialize();
+                certificateStore.Initialize(sudoImpersonatingUser);
 
                 PathFile storePathFile = RemoteCertificateStore.SplitStorePathFile(config.CertificateStoreDetails.StorePath);
 

RemoteFile/RemoteCertificateStore.cs

@@ -135,11 +135,11 @@ internal List<string> FindStores(string[] paths, string[] extensions, string[] f
             logger.MethodEntry(LogLevel.Debug);
 
             if (!AreValuesSafeRegex(paths))
-                throw new RemoteFileException("Invalid/unsafe directories to search value supplied.");
+                throw new RemoteFileException(@"Invalid/unsafe directories to search value supplied.  Only alphanumeric, /, and \ characters are allowed.");
             if (!AreValuesSafeRegex(extensions))
-                throw new RemoteFileException("Invalid/unsafe file extension value supplied.");
+                throw new RemoteFileException(@"Invalid/unsafe file extension value supplied.  Only alphanumeric, /, and \ characters are allowed.");
             if (!AreValuesSafeRegex(files))
-                throw new RemoteFileException("Invalid/unsafe file name value supplied.");
+                throw new RemoteFileException(@"Invalid/unsafe file name value supplied.  Only alphanumeric, /, and \ characters are allowed.");
 
             logger.MethodExit(LogLevel.Debug);
 
@@ -355,7 +355,7 @@ private bool AreValuesSafeRegex(string[] values)
             bool valueIsSafe = true;
             foreach(string value in values)
             {
-                valueIsSafe = IsValueSafeRegex(value);
+                valueIsSafe = IsValueSafeRegex(value.Replace("*",String.Empty));
                 if (!valueIsSafe)
                     break;
             }

RemoteFile/RemoteHandlers/SSHHandler.cs

@@ -111,7 +111,7 @@ public override string RunCommand(string commandText, object[] arguments, bool w
                     if (string.IsNullOrEmpty(SudoImpersonatedUser))
                         commandText = sudo + commandText;
                     else
-                        commandText = sudo + $"-u {SudoImpersonatedUser}" + commandText;
+                        commandText = sudo + $"-u {SudoImpersonatedUser}" + " " + commandText;
                 }
 
                 commandText = echo + commandText;