Fix SID Lookup Issues on Assorted Windows Modules (#28979)

* fix sid lookup issues and update copyright/license to latest format * simplify win_owner and win_share by removing unnecessary function
2025-07-30 00:21:23 -07:00 · 2017-09-10 17:34:51 -04:00 · 2017-09-10 17:34:51 -04:00 · 8f050d3719
commit 8f050d3719
parent 4af8c6852f
7 changed files with 52 additions and 332 deletions
--- a/lib/ansible/modules/windows/win_owner.ps1
+++ b/lib/ansible/modules/windows/win_owner.ps1
@ -1,85 +1,9 @@
 #!powershell
-# This file is part of Ansible
-#
 # Copyright 2015, Hans-Joachim Kliemeck <git@kliemeck.de>
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

-# WANT_JSON
-# POWERSHELL_COMMON
-
-#Functions
-Function UserSearch
-{
-    Param ([string]$accountName)
-    #Check if there's a realm specified
-
-    $searchDomain = $false
-    $searchDomainUPN = $false
-    if ($accountName.Split("\").count -gt 1)
-    {
-        if ($accountName.Split("\")[0] -ne $env:COMPUTERNAME)
-        {
-            $searchDomain = $true
-            $accountName = $accountName.split("\")[1]
-        }
-    }
-    Elseif ($accountName.contains("@"))
-    {
-        $searchDomain = $true
-        $searchDomainUPN = $true
-    }
-    Else
-    {
-        #Default to local user account
-        $accountName = $env:COMPUTERNAME + "\" + $accountName
-    }
-
-    if ($searchDomain -eq $false)
-    {
-        # do not use Win32_UserAccount, because e.g. SYSTEM (BUILTIN\SYSTEM or COMPUUTERNAME\SYSTEM) will not be listed. on Win32_Account groups will be listed too
-        $localaccount = get-wmiobject -class "Win32_Account" -namespace "root\CIMV2" -filter "(LocalAccount = True)" | where {$_.Caption -eq $accountName}
-        if ($localaccount)
-        {
-            return $localaccount.SID
-        }
-    }
-    Else
-    {
-        #Search by samaccountname
-        $Searcher = [adsisearcher]""
-
-        If ($searchDomainUPN -eq $false) {
-            $Searcher.Filter = "sAMAccountName=$($accountName)"
-        }
-        Else {
-            $Searcher.Filter = "userPrincipalName=$($accountName)"
-        }
-
-        $result = $Searcher.FindOne()
-        if ($result)
-        {
-            $user = $result.GetDirectoryEntry()
-
-            # get binary SID from AD account
-            $binarySID = $user.ObjectSid.Value
-
-            # convert to string SID
-            return (New-Object System.Security.Principal.SecurityIdentifier($binarySID,0)).Value
-        }
-    }
-}
+#Requires -Module Ansible.ModuleUtils.Legacy.psm1
+#Requires -Module Ansible.ModuleUtils.SID.psm1

 $result = @{
    changed = $false
@ -97,9 +21,8 @@ If (-Not (Test-Path -Path $path)) {
 }

 # Test that the user/group is resolvable on the local machine
-$sid = UserSearch -AccountName ($user)
-if (-not $sid)
-{
+$sid = Convert-ToSID -account_name $user
+if (!$sid) {
    Fail-Json $result "$user is not a valid user or group on the host machine or domain"
 }