win_user_right: add module with tests (#26276)

* win_user_right: add module with tests

* fixed up name of module in docs

* forgot the test module

* fixed up whitespace

* changes made to win_user_right based on feedback

* moved away from using secedit to Win32 with P/Invoke

* tidied up copyright for documentation
This commit is contained in:
Jordan Borean 2017-08-11 07:52:07 +10:00 committed by GitHub
commit e46adece48
7 changed files with 955 additions and 0 deletions

View file

@ -0,0 +1,44 @@
#!powershell
#Requires -Module Ansible.ModuleUtils.Legacy.psm1
# basic script to get the lsit of users in a particular right
# this is quite complex to put as a simple script so this is
# just a simple module
$ErrorActionPreference = 'Stop'
$params = Parse-Args $args -supports_check_mode $false
$name = Get-AnsibleParam -obj $params -name "name" -type "str" -failifempty $true
$result = @{
changed = $false
users = @()
}
Function Get-Username($sid) {
$object = New-Object System.Security.Principal.SecurityIdentifier($sid)
$user = $object.Translate([System.Security.Principal.NTAccount])
$user.Value
}
$secedit_ini_path = [IO.Path]::GetTempFileName()
&SecEdit.exe /export /cfg $secedit_ini_path /quiet
$secedit_ini = Get-Content -Path $secedit_ini_path
Remove-Item -Path $secedit_ini_path -Force
foreach ($line in $secedit_ini) {
if ($line.ToLower().StartsWith("$($name.ToLower()) = ")) {
$right_split = $line -split "="
$existing_users = $right_split[-1].Trim() -split ","
foreach ($user in $existing_users) {
if ($user.StartsWith("*S")) {
$result.users += Get-Username -sid $user.substring(1)
} else {
$result.users += $user
}
}
}
}
Exit-Json $result