1 #!powershell
2
3 #AnsibleRequires -CSharpUtil Ansible.Basic
4 #Requires -Module Ansible.ModuleUtils.PrivilegeUtil
5
6 $module = [Ansible.Basic.AnsibleModule]::Create($args, @{})
7
Assert-Equals($actual, $expected)8 Function Assert-Equals($actual, $expected) {
9 if ($actual -cne $expected) {
10 $call_stack = (Get-PSCallStack)[1]
11 $module.Result.actual = $actual
12 $module.Result.expected = $expected
13 $module.Result.line = $call_stack.ScriptLineNumber
14 $module.Result.method = $call_stack.Position.Text
15 $module.FailJson("AssertionError: actual != expected")
16 }
17 }
18
19 # taken from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants
20 $total_privileges = @(
21 "SeAssignPrimaryTokenPrivilege",
22 "SeAuditPrivilege",
23 "SeBackupPrivilege",
24 "SeChangeNotifyPrivilege",
25 "SeCreateGlobalPrivilege",
26 "SeCreatePagefilePrivilege",
27 "SeCreatePermanentPrivilege",
28 "SeCreateSymbolicLinkPrivilege",
29 "SeCreateTokenPrivilege",
30 "SeDebugPrivilege",
31 "SeEnableDelegationPrivilege",
32 "SeImpersonatePrivilege",
33 "SeIncreaseBasePriorityPrivilege",
34 "SeIncreaseQuotaPrivilege",
35 "SeIncreaseWorkingSetPrivilege",
36 "SeLoadDriverPrivilege",
37 "SeLockMemoryPrivilege",
38 "SeMachineAccountPrivilege",
39 "SeManageVolumePrivilege",
40 "SeProfileSingleProcessPrivilege",
41 "SeRelabelPrivilege",
42 "SeRemoteShutdownPrivilege",
43 "SeRestorePrivilege",
44 "SeSecurityPrivilege",
45 "SeShutdownPrivilege",
46 "SeSyncAgentPrivilege",
47 "SeSystemEnvironmentPrivilege",
48 "SeSystemProfilePrivilege",
49 "SeSystemtimePrivilege",
50 "SeTakeOwnershipPrivilege",
51 "SeTcbPrivilege",
52 "SeTimeZonePrivilege",
53 "SeTrustedCredManAccessPrivilege",
54 "SeUndockPrivilege"
55 )
56
57 $raw_privilege_output = &whoami /priv | Where-Object { $_.StartsWith("Se") }
58 $actual_privileges = @{}
59 foreach ($raw_privilege in $raw_privilege_output) {
60 $split = $raw_privilege.TrimEnd() -split " "
61 $actual_privileges."$($split[0])" = ($split[-1] -eq "Enabled")
62 }
63 $process = [Ansible.Privilege.PrivilegeUtil]::GetCurrentProcess()
64
65 ### Test PS cmdlets ###
66 # test ps Get-AnsiblePrivilege
67 foreach ($privilege in $total_privileges) {
68 $expected = $null
69 if ($actual_privileges.ContainsKey($privilege)) {
70 $expected = $actual_privileges.$privilege
71 }
72 $actual = Get-AnsiblePrivilege -Name $privilege
73 Assert-Equals -actual $actual -expected $expected
74 }
75
76 # test c# GetAllPrivilegeInfo
77 $actual = [Ansible.Privilege.PrivilegeUtil]::GetAllPrivilegeInfo($process)
78 Assert-Equals -actual $actual.GetType().Name -expected 'Dictionary`2'
79 Assert-Equals -actual $actual.Count -expected $actual_privileges.Count
80 foreach ($privilege in $total_privileges) {
81 if ($actual_privileges.ContainsKey($privilege)) {
82 $actual_value = $actual.$privilege
83 if ($actual_privileges.$privilege) {
84 Assert-Equals -actual $actual_value.HasFlag([Ansible.Privilege.PrivilegeAttributes]::Enabled) -expected $true
85 } else {
86 Assert-Equals -actual $actual_value.HasFlag([Ansible.Privilege.PrivilegeAttributes]::Enabled) -expected $false
87 }
88 }
89 }
90
91 # test Set-AnsiblePrivilege
92 Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $false # ensure we start with a disabled privilege
93
94 Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $true -WhatIf
95 $actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
96 Assert-Equals -actual $actual -expected $false
97
98 Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $true
99 $actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
100 Assert-Equals -actual $actual -expected $true
101
102 Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $false -WhatIf
103 $actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
104 Assert-Equals -actual $actual -expected $true
105
106 Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $false
107 $actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
108 Assert-Equals -actual $actual -expected $false
109
110 $module.Result.data = "success"
111 $module.ExitJson()
112
113