Added support for IIS AppPool identities (#2675)

2024-09-14 20:13:21 +02:00 · 2016-11-07 22:07:53 +01:00 · 2016-11-07 22:07:53 +01:00 · cc42d7f38c
commit cc42d7f38c
parent 6036bb69d9
2 changed files with 31 additions and 9 deletions
--- a/lib/ansible/modules/extras/windows/win_acl.ps1
+++ b/lib/ansible/modules/extras/windows/win_acl.ps1
@ -29,13 +29,22 @@ Function UserSearch
 {
    Param ([string]$AccountName)
    #Check if there's a realm specified
-    if ($AccountName.Split("\").count -gt 1)
+
+    $searchDomain = $false
+    $searchDomainUPN = $false
+    $SearchAppPools = $false
+    if ($accountName.Split("\").count -gt 1)
    {
-        if ($AccountName.Split("\")[0] -eq $env:COMPUTERNAME)
+        if ($accountName.Split("\")[0] -eq $env:COMPUTERNAME)
        {
-            $IsLocalAccount = $true
+
        }
-        Else
+        elseif ($accountName.Split("\")[0] -eq "IIS APPPOOL")
+        {
+            $SearchAppPools = $true
+            $accountName = $accountName.split("\")[1]
+        }
+        else
        {
            $IsDomainAccount = $true
            $IsUpn = $false
@ -53,9 +62,8 @@ Function UserSearch
        $accountname = $env:COMPUTERNAME + "\" + $AccountName
        $IsLocalAccount = $true
    }
- 
- 
-    if ($IsLocalAccount -eq $true)
+
+    if (($searchDomain -eq $false) -and ($SearchAppPools -eq $false))
    {
        # do not use Win32_UserAccount, because e.g. SYSTEM (BUILTIN\SYSTEM or COMPUUTERNAME\SYSTEM) will not be listed. on Win32_Account groups will be listed too
        $localaccount = get-wmiobject -class "Win32_Account" -namespace "root\CIMV2" -filter "(LocalAccount = True)" | where {$_.Caption -eq $AccountName}
@ -64,6 +72,20 @@ Function UserSearch
            return $localaccount.SID
        }
    }
+    Elseif ($SearchAppPools -eq $true)
+    {
+        Import-Module WebAdministration
+        $testiispath = Test-path "IIS:"
+        if ($testiispath -eq $false)
+        {
+            return $null
+        }
+        else
+        {
+            $apppoolobj = Get-ItemProperty IIS:\AppPools\$accountName
+            return $apppoolobj.applicationPoolSid
+        }
+    }
    ElseIf (($IsDomainAccount -eq $true) -and ($IsUpn -eq $false))
    {
        #Search by samaccountname
@ -179,4 +201,4 @@ Catch {
    Fail-Json $result "an error occured when attempting to $state $rights permission(s) on $path for $user"
 }
 
-Exit-Json $result
+Exit-Json $result
--- a/lib/ansible/modules/extras/windows/win_acl.py
+++ b/lib/ansible/modules/extras/windows/win_acl.py
@ -29,7 +29,7 @@ module: win_acl
 version_added: "2.0"
 short_description: Set file/directory permissions for a system user or group.
 description:
-     - Add or remove rights/permissions for a given user or group for the specified src file or folder.
+     - Add or remove rights/permissions for a given user or group for the specified src file or folder. If adding ACL's for AppPool identities, the Windows "Feature Web-Scripting-Tools" must be enabled
 options:
  path:
    description: