ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-09 14:50:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

fix Windows tests with hardcoded Administrator account (#35339)

Browse source 
* Admin account is not always called Administrator (eg Azure)
* this fixes some, but not all issues related to the Administrator account on non-English Windows as well (still numerous references to "Administrators" and other en-US Windows group names)
This commit is contained in:
Matt Davis 2018-01-25 02:56:58 -08:00 committed by GitHub
parent 3e7671879f
commit 2a9ec6bdbf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 103 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

25
test/integration/targets/win_module_utils/library/sid_utils_test.ps1
View file

@ -10,14 +10,24 @@ Function Assert-Equals($actual, $expected) {
}
Function Get-ComputerSID() {
# this is sort off cheating but I can't see any better way of getting this SID
$admin_sid = Convert-ToSID -account_name "$env:COMPUTERNAME\Administrator"
# find any local user and trim off the final UID
$luser_sid = (Get-CimInstance Win32_UserAccount -Filter "Domain='$env:COMPUTERNAME'")[0].SID
return $admin_sid.Substring(0, $admin_sid.Length - 4)
return $luser_sid -replace '(S-1-5-21-\d+-\d+-\d+)-\d+', '$1'
}
$local_sid = Get-ComputerSID
# most machines should have a -500 Administrator account, but it may have been renamed. Look it up by SID
$default_admin = Get-CimInstance Win32_UserAccount -Filter "SID='$local_sid-500'"
# this group is called Administrators by default on English Windows, but could named something else. Look it up by SID
$default_admin_group = Get-CimInstance Win32_Group -Filter "SID='S-1-5-32-544'"
if (@($default_admin).Length -ne 1) {
Fail-Json @{} "could not find a local admin account with SID ending in -500"
}
### Set this to the NETBIOS name of the domain you wish to test, not set for shippable ###
$test_domain = $null
@ -26,10 +36,10 @@ $tests = @(
@{ sid = "S-1-1-0"; full_name = "Everyone"; names = @("Everyone") },
@{ sid = "S-1-5-18"; full_name = "NT AUTHORITY\SYSTEM"; names = @("NT AUTHORITY\SYSTEM", "SYSTEM") },
@{ sid = "S-1-5-20"; full_name = "NT AUTHORITY\NETWORK SERVICE"; names = @("NT AUTHORITY\NETWORK SERVICE", "NETWORK SERVICE") },
@{ sid = "$local_sid-500"; full_name = "$env:COMPUTERNAME\Administrator"; names = @("$env:COMPUTERNAME\Administrator", "Administrator", ".\Administrator") },
@{ sid = "$($default_admin.SID)"; full_name = "$($default_admin.FullName)"; names = @("$env:COMPUTERNAME\$($default_admin.Name)", "$($default_admin.Name)", ".\$($default_admin.Name)") },
# Local Groups
@{ sid = "S-1-5-32-544"; full_name = "BUILTIN\Administrators"; names = @("BUILTIN\Administrators", "Administrators", ".\Administrators") }
@{ sid = "$($default_admin_group.SID)"; full_name = "BUILTIN\$($default_admin_group.Name)"; names = @("BUILTIN\$($default_admin_group.Name)", "$($default_admin_group.Name)", ".\$($default_admin_group.Name)") }
)
# Add domain tests if the domain name has been set
@ -55,7 +65,10 @@ if ($test_domain -ne $null) {
foreach ($test in $tests) {
$actual_account_name = Convert-FromSID -sid $test.sid
Assert-Equals -actual $actual_account_name -expected $test.full_name
# renamed admins may have an empty FullName; skip comparison in that case
if ($test.full_name) {
Assert-Equals -actual $actual_account_name -expected $test.full_name
}
foreach ($test_name in $test.names) {
$actual_sid = Convert-ToSID -account_name $test_name