ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Added support for IIS AppPool identities (#2675)

Browse source
This commit is contained in:
Trond Hindenes 2016-11-07 22:07:53 +01:00 committed by Matt Clay
parent 6036bb69d9
commit cc42d7f38c
2 changed files with 31 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
lib/ansible/modules/extras/windows/win_acl.ps1
View file

@ -29,13 +29,22 @@ Function UserSearch
{ {
Param ([string]$AccountName) Param ([string]$AccountName)
#Check if there's a realm specified #Check if there's a realm specified
if ($AccountName.Split("\").count -gt 1)
$searchDomain = $false
$searchDomainUPN = $false
$SearchAppPools = $false
if ($accountName.Split("\").count -gt 1)
{ {
if ($AccountName.Split("\")[0] -eq $env:COMPUTERNAME) if ($accountName.Split("\")[0] -eq $env:COMPUTERNAME)
{ {
$IsLocalAccount = $true
} }
Else elseif ($accountName.Split("\")[0] -eq "IIS APPPOOL")
{
$SearchAppPools = $true
$accountName = $accountName.split("\")[1]
}
else
{ {
$IsDomainAccount = $true $IsDomainAccount = $true
$IsUpn = $false $IsUpn = $false
@ -54,8 +63,7 @@ Function UserSearch
$IsLocalAccount = $true $IsLocalAccount = $true
} }
if (($searchDomain -eq $false) -and ($SearchAppPools -eq $false))
if ($IsLocalAccount -eq $true)
{ {
# do not use Win32_UserAccount, because e.g. SYSTEM (BUILTIN\SYSTEM or COMPUUTERNAME\SYSTEM) will not be listed. on Win32_Account groups will be listed too # do not use Win32_UserAccount, because e.g. SYSTEM (BUILTIN\SYSTEM or COMPUUTERNAME\SYSTEM) will not be listed. on Win32_Account groups will be listed too
$localaccount = get-wmiobject -class "Win32_Account" -namespace "root\CIMV2" -filter "(LocalAccount = True)" | where {$_.Caption -eq $AccountName} $localaccount = get-wmiobject -class "Win32_Account" -namespace "root\CIMV2" -filter "(LocalAccount = True)" | where {$_.Caption -eq $AccountName}
@ -64,6 +72,20 @@ Function UserSearch
return $localaccount.SID return $localaccount.SID
} }
} }
Elseif ($SearchAppPools -eq $true)
{
Import-Module WebAdministration
$testiispath = Test-path "IIS:"
if ($testiispath -eq $false)
{
return $null
}
else
{
$apppoolobj = Get-ItemProperty IIS:\AppPools\$accountName
return $apppoolobj.applicationPoolSid
}
}
ElseIf (($IsDomainAccount -eq $true) -and ($IsUpn -eq $false)) ElseIf (($IsDomainAccount -eq $true) -and ($IsUpn -eq $false))
{ {
#Search by samaccountname #Search by samaccountname

2
lib/ansible/modules/extras/windows/win_acl.py
View file

@ -29,7 +29,7 @@ module: win_acl
version_added: "2.0" version_added: "2.0"
short_description: Set file/directory permissions for a system user or group. short_description: Set file/directory permissions for a system user or group.
description: description:
- Add or remove rights/permissions for a given user or group for the specified src file or folder. - Add or remove rights/permissions for a given user or group for the specified src file or folder. If adding ACL's for AppPool identities, the Windows "Feature Web-Scripting-Tools" must be enabled
options: options:
path: path:
description: description: