feat(pedm): add version check API and signature check API (#1343)

Add a new policy option `target_must_be_signed`; this forces the target
executable to have a valid auhenticode signature as per the policy.

Realistically, this should be a "rule" so I'm probably introducing some
slight technical debt here but I believe it's a worthwhile feature and a
low-hanging fruit we can squeeze in for the release.

Add the application (Agent) version to the "About" API endpoint. This is
for future proofing: RDM needs a way to know what version of PEDM he's
talking to, in case we add/remove/change APIs.

The implementation is in Win32 and I believe it to be correct, but it
could use some close scrutiny.

I generated the OpenAPI in a. separate commit for easier reviewing.

Author: thenextman

crates/devolutions-pedm-shared/devolutions-pedm-client-http/docs/AboutData.md

@@ -9,6 +9,7 @@ Name | Type | Description | Notes
 **run_id** | **i32** |  | 
 **start_time** | **String** |  | 
 **startup_request_count** | **i32** |  | 
+**version** | **String** |  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 

crates/devolutions-pedm-shared/devolutions-pedm-client-http/docs/Profile.md

@@ -10,6 +10,7 @@ Name | Type | Description | Notes
 **id** | [**uuid::Uuid**](uuid::Uuid.md) |  | 
 **name** | **String** |  | 
 **prompt_secure_desktop** | **bool** |  | 
+**target_must_be_signed** | **bool** |  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 

crates/devolutions-pedm-shared/devolutions-pedm-client-http/src/models/about_data.rs

@@ -24,16 +24,25 @@ pub struct AboutData {
     pub start_time: String,
     #[serde(rename = "StartupRequestCount")]
     pub startup_request_count: i32,
+    #[serde(rename = "Version")]
+    pub version: String,
 }
 
 impl AboutData {
-    pub fn new(current_request_count: i32, run_id: i32, start_time: String, startup_request_count: i32) -> AboutData {
+    pub fn new(
+        current_request_count: i32,
+        run_id: i32,
+        start_time: String,
+        startup_request_count: i32,
+        version: String,
+    ) -> AboutData {
         AboutData {
             current_request_count,
             last_request_time: None,
             run_id,
             start_time,
             startup_request_count,
+            version,
         }
     }
 }

crates/devolutions-pedm-shared/devolutions-pedm-client-http/src/models/profile.rs

@@ -25,6 +25,8 @@ pub struct Profile {
     pub name: String,
     #[serde(rename = "PromptSecureDesktop")]
     pub prompt_secure_desktop: bool,
+    #[serde(rename = "TargetMustBeSigned")]
+    pub target_must_be_signed: bool,
 }
 
 impl Profile {
@@ -35,6 +37,7 @@ impl Profile {
         id: uuid::Uuid,
         name: String,
         prompt_secure_desktop: bool,
+        target_must_be_signed: bool,
     ) -> Profile {
         Profile {
             default_elevation_kind,
@@ -43,6 +46,7 @@ impl Profile {
             id,
             name,
             prompt_secure_desktop,
+            target_must_be_signed,
         }
     }
 }

crates/devolutions-pedm-shared/src/policy.rs

@@ -317,6 +317,7 @@ pub struct Profile {
     pub elevation_settings: ElevationConfigurations,
     pub default_elevation_kind: ElevationKind,
     pub prompt_secure_desktop: bool,
+    pub target_must_be_signed: bool,
 }
 
 impl Identifiable for Profile {

crates/devolutions-pedm/openapi/dotnet-client/Devolutions.Pedm.Client.sln

@@ -1,21 +1,25 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 17
-VisualStudioVersion = 17.12.35506.116 d17.12
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Devolutions.Pedm.Client", "src\Devolutions.Pedm.Client\Devolutions.Pedm.Client.csproj", "{0EB49E08-5842-4A2E-A5AC-926E6DD65C15}"
+# Visual Studio 2012
+VisualStudioVersion = 12.0.0.0
+MinimumVisualStudioVersion = 10.0.0.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Devolutions.Pedm.Client", "src\Devolutions.Pedm.Client\Devolutions.Pedm.Client.csproj", "0eb49e08-5842-4a2e-a5ac-926e6dd65c15"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{0EB49E08-5842-4A2E-A5AC-926E6DD65C15}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{0EB49E08-5842-4A2E-A5AC-926E6DD65C15}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{0EB49E08-5842-4A2E-A5AC-926E6DD65C15}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{0EB49E08-5842-4A2E-A5AC-926E6DD65C15}.Release|Any CPU.Build.0 = Release|Any CPU
+		0eb49e08-5842-4a2e-a5ac-926e6dd65c15.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		0eb49e08-5842-4a2e-a5ac-926e6dd65c15.Debug|Any CPU.Build.0 = Debug|Any CPU
+		0eb49e08-5842-4a2e-a5ac-926e6dd65c15.Release|Any CPU.ActiveCfg = Release|Any CPU
+		0eb49e08-5842-4a2e-a5ac-926e6dd65c15.Release|Any CPU.Build.0 = Release|Any CPU
+		{19F1DEBC-DE5E-4517-8062-F000CD499087}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{19F1DEBC-DE5E-4517-8062-F000CD499087}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{19F1DEBC-DE5E-4517-8062-F000CD499087}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{19F1DEBC-DE5E-4517-8062-F000CD499087}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
-EndGlobal
+EndGlobal

crates/devolutions-pedm/openapi/dotnet-client/README.md

@@ -5,7 +5,7 @@ No description provided (generated by Openapi Generator https://github.com/opena
 This C# SDK is automatically generated by the [OpenAPI Generator](https://openapi-generator.tech) project:
 
 - API version: 
-- SDK version: 2025.5.14
+- SDK version: 2025.5.15
 - Generator version: 7.7.0
 - Build package: org.openapitools.codegen.languages.CSharpClientCodegen
 

crates/devolutions-pedm/openapi/dotnet-client/api/openapi.yaml

@@ -342,6 +342,7 @@ components:
   schemas:
     AboutData:
       example:
+        Version: Version
         LastRequestTime: 2000-01-23T04:56:07.000+00:00
         StartTime: 2000-01-23T04:56:07.000+00:00
         RunId: 1
@@ -368,11 +369,14 @@ components:
         StartupRequestCount:
           format: int32
           type: integer
+        Version:
+          type: string
       required:
       - CurrentRequestCount
       - RunId
       - StartTime
       - StartupRequestCount
+      - Version
     Assignment:
       example:
         Users:
@@ -386,6 +390,7 @@ components:
           AccountName: AccountName
         Profile:
           PromptSecureDesktop: true
+          TargetMustBeSigned: true
           DefaultElevationKind: AutoApprove
           Id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
           ElevationSettings:
@@ -842,6 +847,7 @@ components:
     Profile:
       example:
         PromptSecureDesktop: true
+        TargetMustBeSigned: true
         DefaultElevationKind: AutoApprove
         Id: 046b6c7f-0b8a-43b9-b35d-6489e6daee91
         ElevationSettings:
@@ -866,13 +872,16 @@ components:
           type: string
         PromptSecureDesktop:
           type: boolean
+        TargetMustBeSigned:
+          type: boolean
       required:
       - DefaultElevationKind
       - ElevationMethod
       - ElevationSettings
       - Id
       - Name
       - PromptSecureDesktop
+      - TargetMustBeSigned
     SessionElevationConfiguration:
       example:
         Enabled: true

crates/devolutions-pedm/openapi/dotnet-client/config.json

@@ -2,7 +2,7 @@
   "packageAuthors": "Devolutions Inc.",
   "packageName": "Devolutions.Pedm.Client",
   "packageTitle": "Devolutions PEDM REST API Client",
-  "packageVersion": "2025.5.14",
+  "packageVersion": "2025.5.15",
   "packageDescription": "Client for Devolutions PEDM REST API",
   "packageGuid": "0eb49e08-5842-4a2e-a5ac-926e6dd65c15",
   "packageCopyright": "© Devolutions Inc. All rights reserved.",

crates/devolutions-pedm/openapi/dotnet-client/docs/AboutData.md

@@ -9,6 +9,7 @@ Name | Type | Description | Notes
 **RunId** | **int** |  | 
 **StartTime** | **DateTime** |  | 
 **StartupRequestCount** | **int** |  | 
+**VarVersion** | **string** |  | 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)