From 0be02ab2177b14cbf3c8bc73ed855f425b6e288f Mon Sep 17 00:00:00 2001
From: Matthew Hooker <mwhooker@gmail.com>
Date: Mon, 28 Aug 2017 13:36:29 -0700
Subject: [PATCH] hyper-v: Don't error while checking for admin permissions.

---
 builder/hyperv/common/driver_ps_4.go | 34 ++++++++++++++++++++--------
 common/powershell/powershell.go      |  8 +++++++
 2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/builder/hyperv/common/driver_ps_4.go b/builder/hyperv/common/driver_ps_4.go
index c836137d2..c5400f921 100644
--- a/builder/hyperv/common/driver_ps_4.go
+++ b/builder/hyperv/common/driver_ps_4.go
@@ -301,23 +301,37 @@ func (d *HypervPS4Driver) verifyPSHypervModule() error {
 	return nil
 }
 
+func (d *HypervPS4Driver) isCurrentUserAHyperVAdministrator() (bool, error) {
+	//SID:S-1-5-32-578 = 'BUILTIN\Hyper-V Administrators'
+	//https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
+
+	var script = `
+$identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
+$principal = new-object System.Security.Principal.WindowsPrincipal($identity)
+$hypervrole = [System.Security.Principal.SecurityIdentifier]"S-1-5-32-544"
+return $principal.IsInRole($hypervrole)
+`
+
+	var ps powershell.PowerShellCmd
+	cmdOut, err := ps.Output(script)
+	if err != nil {
+		return false, err
+	}
+
+	res := strings.TrimSpace(cmdOut)
+	return powershell.IsTrue(res), nil
+}
+
 func (d *HypervPS4Driver) verifyHypervPermissions() error {
 
 	log.Printf("Enter method: %s", "verifyHypervPermissions")
 
-	//SID:S-1-5-32-578 = 'BUILTIN\Hyper-V Administrators'
-	//https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
-	hypervAdminCmd := "([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole('S-1-5-32-578')"
-
-	var ps powershell.PowerShellCmd
-	cmdOut, err := ps.Output(hypervAdminCmd)
+	hyperVAdmin, err := d.isCurrentUserAHyperVAdministrator()
 	if err != nil {
-		return err
+		log.Printf("Error discovering if current is is a Hyper-V Admin: %s", err)
 	}
+	if !hyperVAdmin {
 
-	res := strings.TrimSpace(cmdOut)
-
-	if res == "False" {
 		isAdmin, _ := powershell.IsCurrentUserAnAdministrator()
 
 		if !isAdmin {
diff --git a/common/powershell/powershell.go b/common/powershell/powershell.go
index a41915474..43e2df492 100644
--- a/common/powershell/powershell.go
+++ b/common/powershell/powershell.go
@@ -17,6 +17,14 @@ const (
 	powerShellTrue  = "True"
 )
 
+func IsTrue(s string) bool {
+	return s == powerShellTrue
+}
+
+func IsFalse(s string) bool {
+	return s == powerShellFalse
+}
+
 type PowerShellCmd struct {
 	Stdout io.Writer
 	Stderr io.Writer