Public/Get-LPAccounts.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<#
.Synopsis
   Returns account objects from the encrypted vault
.DESCRIPTION
   Iterates through all of the ACCT objects from the vault, decrypts them
   with the user's key, and then returns an array of objects.
.EXAMPLE
   Get-LPAccounts
#>

function Get-LPAccounts
{
    [CmdletBinding()]
    Param(
        # Force a refresh
        [Parameter()]
        [Switch]
        $Refresh
    )

    Begin
    {
        if (!$LPAccounts -or $Refresh)
        {
            if (!$LPVault -or $Refresh)
            {
                $LPVault = Get-LPVault
            }
            if (!$LPKeys)
            {
                $LPKeys = Get-LPKeys
            }
        }
    }
    Process
    {
        if (!$LPAccounts -or $Refresh)
        {
            $VaultAccounts = $LPVault | Where-Object -Property 'ID' -Match "(ACCT|SHAR)"

            $SharingKey = $null
            $LPAccounts = @()
            foreach ($VaultAccount in $VaultAccounts)
            {
                switch ($VaultAccount.ID) {
                    'ACCT'
                    {
                        Write-Debug "Starting ACCT processing"
                        $AccountBytes = $BasicEncoding.GetBytes($VaultAccount.Data)

                        $AccountCursor = 0
                        $AccountData = @()
                        while ($AccountCursor -lt $AccountBytes.Count)
                        {
                            Write-Verbose "Cursor is $AccountCursor"
                            $Length = [System.BitConverter]::ToUInt32($AccountBytes[$($AccountCursor+3)..$AccountCursor],0)
                            Write-Debug "Data item length is $Length"
                            $AccountCursor = $AccountCursor + 4

                            $DataItem = $BasicEncoding.GetString($AccountBytes[$AccountCursor..$($AccountCursor+$Length-1)])
                            $AccountCursor = $AccountCursor + $Length

                            $AccountData += $DataItem
                        }

                        $Username = $AccountData[7] | ConvertFrom-LPEncryptedString -Key $SharingKey
                        $Password = $AccountData[8] | ConvertFrom-LPEncryptedString -Key $SharingKey
                        if ($Password -ne "")
                        {
                            $Password = $Password | ConvertTo-SecureString -AsPlainText -Force
                            if ($Username -ne "")
                            {
                                $PSCredential = New-Object -TypeName PSCredential -ArgumentList @($Username,$Password);
                            }
                            else
                            {
                                $Username = $null
                                $PSCredential = $null
                            }                            
                        }
                        else
                        {
                            $Password = $null
                            $PSCredential = $null
                        }

                        $Account = @{
                            "ID" = $AccountData[0] | ConvertFrom-LPEncryptedString;
                            "Name" = $AccountData[1] | ConvertFrom-LPEncryptedString -Key $SharingKey;
                            "Group" = $AccountData[2] | ConvertFrom-LPEncryptedString -Key $SharingKey;
                            "URL" = $AccountData[3] | ConvertFrom-LPEncryptedString | ConvertFrom-LPHexString;
                            "Notes" = $AccountData[4] | ConvertFrom-LPEncryptedString -Key $SharingKey;
                            "PSCredential" = $PSCredential;
                            "Username" = $Username;
                            "Password" = $Password;
                            "SecureNote" = $($AccountData[11] | ConvertFrom-LPEncryptedString);
                        }

                        $LPAccounts += New-Object -TypeName PSObject -Property $Account
                    }
                    'SHAR'
                    {
                        Write-Debug "Starting SHAR processing"
                        $ShareBytes = $BasicEncoding.GetBytes($VaultAccount.Data)

                        $ShareCursor = 0
                        $ShareData = @()
                        while ($ShareCursor -lt $ShareBytes.Count)
                        {
                            Write-Verbose "Cursor is $ShareCursor"
                            $Length = [System.BitConverter]::ToUInt32($ShareBytes[$($ShareCursor+3)..$ShareCursor],0)
                            Write-Debug "Data item length is $Length"
                            $ShareCursor = $ShareCursor + 4

                            $DataItem = $BasicEncoding.GetString($ShareBytes[$ShareCursor..$($ShareCursor+$Length-1)])
                            $ShareCursor = $ShareCursor + $Length

                            $ShareData += $DataItem
                        }

                        $SharingKey = $ShareData[5] | ConvertFrom-LPEncryptedString | ConvertFrom-LPHexString
                    }
                }
            }
            $script:LPAccounts = $LPAccounts
        }

        $script:LPAccounts
    }
}