1 # Copyright (c) 2018 Ansible Project
2 # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
3
4 #AnsibleRequires -CSharpUtil Ansible.Privilege
5
Import-PrivilegeUtil()6 Function Import-PrivilegeUtil {
7 <#
8 .SYNOPSIS
9 No-op, as the C# types are automatically loaded.
10 #>
11 [CmdletBinding()]
12 Param()
13 $msg = "Import-PrivilegeUtil is deprecated and no longer needed, this cmdlet will be removed in a future version"
14 if ((Get-Command -Name Add-DeprecationWarning -ErrorAction SilentlyContinue) -and (Get-Variable -Name result -ErrorAction SilentlyContinue)) {
15 Add-DeprecationWarning -obj $result.Value -message $msg -version 2.12
16 } else {
17 $module = Get-Variable -Name module -ErrorAction SilentlyContinue
18 if ($null -ne $module -and $module.Value.GetType().FullName -eq "Ansible.Basic.AnsibleModule") {
19 $module.Value.Deprecate($msg, "2.12")
20 }
21 }
22 }
23
Get-AnsiblePrivilege()24 Function Get-AnsiblePrivilege {
25 <#
26 .SYNOPSIS
27 Get the status of a privilege for the current process. This returns
28 $true - the privilege is enabled
29 $false - the privilege is disabled
30 $null - the privilege is removed from the token
31
32 If Name is not a valid privilege name, this will throw an
33 ArgumentException.
34
35 .EXAMPLE
36 Get-AnsiblePrivilege -Name SeDebugPrivilege
37 #>
38 [CmdletBinding()]
39 param(
40 [Parameter(Mandatory=$true)][String]$Name
41 )
42
43 if (-not [Ansible.Privilege.PrivilegeUtil]::CheckPrivilegeName($Name)) {
44 throw [System.ArgumentException] "Invalid privilege name '$Name'"
45 }
46
47 $process_token = [Ansible.Privilege.PrivilegeUtil]::GetCurrentProcess()
48 $privilege_info = [Ansible.Privilege.PrivilegeUtil]::GetAllPrivilegeInfo($process_token)
49 if ($privilege_info.ContainsKey($Name)) {
50 $status = $privilege_info.$Name
51 return $status.HasFlag([Ansible.Privilege.PrivilegeAttributes]::Enabled)
52 } else {
53 return $null
54 }
55 }
56
Set-AnsiblePrivilegenull57 Function Set-AnsiblePrivilege {
58 <#
59 .SYNOPSIS
60 Enables/Disables a privilege on the current process' token. If a privilege
61 has been removed from the process token, this will throw an
62 InvalidOperationException.
63
64 .EXAMPLE
65 # enable a privilege
66 Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true
67
68 # disable a privilege
69 Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false
70 #>
71 [CmdletBinding(SupportsShouldProcess)]
72 param(
73 [Parameter(Mandatory=$true)][String]$Name,
74 [Parameter(Mandatory=$true)][bool]$Value
75 )
76
77 $action = switch($Value) {
78 $true { "Enable" }
79 $false { "Disable" }
80 }
81
82 $current_state = Get-AnsiblePrivilege -Name $Name
83 if ($current_state -eq $Value) {
84 return # no change needs to occur
85 } elseif ($null -eq $current_state) {
86 # once a privilege is removed from a token we cannot do anything with it
87 throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token"
88 }
89
90 $process_token = [Ansible.Privilege.PrivilegeUtil]::GetCurrentProcess()
91 if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) {
92 $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]'
93 $new_state.Add($Name, $Value)
94 [Ansible.Privilege.PrivilegeUtil]::SetTokenPrivileges($process_token, $new_state) > $null
95 }
96 }
97
98 Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege
99
100