Win setup fix 2.8 (#59211)

* Wrap Get-MachineSid's body in a try/catch

It's not critical information and there's been a number of issues over
the years with trying to retrieve it. If an exception is thrown just
return null.

Fixes: #47813
(cherry picked from commit b8a41a90b8)

* add changelog


(cherry picked from commit 277690bcc6)
This commit is contained in:
Jordan Borean 2019-07-23 08:21:02 +10:00 committed by Toshio Kuratomi
parent 4f939d4b2b
commit a2d6f9acd9
2 changed files with 22 additions and 14 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- setup (Windows) - prevent setup module failure if Get-MachineSid fails (https://github.com/ansible/ansible/issues/47813)

View file

@ -29,22 +29,28 @@ Function Get-MachineSid {
# only accessible by the Local System account. This method get's the local
# admin account (ends with -500) and lops it off to get the machine sid.
$admins_sid = "S-1-5-32-544"
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
$groups = $searcher.FindOne()
$machine_sid = $null
foreach ($user in $groups.Members) {
$user_sid = $user.Sid
if ($user_sid.Value.EndsWith("-500")) {
$machine_sid = $user_sid.AccountDomainSid.Value
break
try {
$admins_sid = "S-1-5-32-544"
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
$groups = $searcher.FindOne()
foreach ($user in $groups.Members) {
$user_sid = $user.Sid
if ($user_sid.Value.EndsWith("-500")) {
$machine_sid = $user_sid.AccountDomainSid.Value
break
}
}
} catch {
#can fail for any number of reasons, if it does just return the original null
Add-Warning -obj $result -message "Error during machine sid retrieval: $($_.Exception.Message)"
}
return $machine_sid