1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Added possibility to disable basic auth (#33224)

This commit is contained in:
Erwan Quélin 2018-01-02 01:13:20 +01:00 committed by Jordan Borean
parent 32929f916a
commit e3b49a7aeb

View file

@ -21,6 +21,8 @@
# #
# Use option -EnableCredSSP to enable CredSSP as an authentication option. # Use option -EnableCredSSP to enable CredSSP as an authentication option.
# #
# Use option -DisableBasicAuth to disable basic authentication.
#
# Use option -SkipNetworkProfileCheck to skip the network profile check. # Use option -SkipNetworkProfileCheck to skip the network profile check.
# Without specifying this the script will only run if the device's interfaces # Without specifying this the script will only run if the device's interfaces
# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable # are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable
@ -36,6 +38,7 @@
# Updated by Nicolas Simond <contact@nicolas-simond.com> # Updated by Nicolas Simond <contact@nicolas-simond.com>
# Updated by Dag Wieërs <dag@wieers.com> # Updated by Dag Wieërs <dag@wieers.com>
# Updated by Jordan Borean <jborean93@gmail.com> # Updated by Jordan Borean <jborean93@gmail.com>
# Updated by Erwan Quélin <erwan.quelin@gmail.com>
# #
# Version 1.0 - 2014-07-06 # Version 1.0 - 2014-07-06
# Version 1.1 - 2014-11-11 # Version 1.1 - 2014-11-11
@ -44,6 +47,7 @@
# Version 1.4 - 2017-01-05 # Version 1.4 - 2017-01-05
# Version 1.5 - 2017-02-09 # Version 1.5 - 2017-02-09
# Version 1.6 - 2017-04-18 # Version 1.6 - 2017-04-18
# Version 1.7 - 2017-11-23
# Support -Verbose option # Support -Verbose option
[CmdletBinding()] [CmdletBinding()]
@ -54,8 +58,9 @@ Param (
[switch]$SkipNetworkProfileCheck, [switch]$SkipNetworkProfileCheck,
$CreateSelfSignedCert = $true, $CreateSelfSignedCert = $true,
[switch]$ForceNewSSLCert, [switch]$ForceNewSSLCert,
[switch]$EnableCredSSP, [switch]$GlobalHttpFirewallAccess,
[switch]$GlobalHttpFirewallAccess [switch]$DisableBasicAuth = $false,
[switch]$EnableCredSSP
) )
Function Write-Log Function Write-Log
@ -309,16 +314,33 @@ Else
} }
# Check for basic authentication. # Check for basic authentication.
$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "Basic"} $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object {$_.Name -eq "Basic"}
If (($basicAuthSetting.Value) -eq $false)
If ($DisableBasicAuth)
{ {
Write-Verbose "Enabling basic auth support." If (($basicAuthSetting.Value) -eq $true)
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true {
Write-Log "Enabled basic auth support." Write-Verbose "Disabling basic auth support."
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false
Write-Log "Disabled basic auth support."
}
Else
{
Write-Verbose "Basic auth is already disabled."
}
} }
Else Else
{ {
Write-Verbose "Basic auth is already enabled." If (($basicAuthSetting.Value) -eq $false)
{
Write-Verbose "Enabling basic auth support."
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true
Write-Log "Enabled basic auth support."
}
Else
{
Write-Verbose "Basic auth is already enabled."
}
} }
# If EnableCredSSP if set to true # If EnableCredSSP if set to true