From 0be02ab2177b14cbf3c8bc73ed855f425b6e288f Mon Sep 17 00:00:00 2001 From: Matthew Hooker Date: Mon, 28 Aug 2017 13:36:29 -0700 Subject: [PATCH 1/3] hyper-v: Don't error while checking for admin permissions. --- builder/hyperv/common/driver_ps_4.go | 34 ++++++++++++++++++++-------- common/powershell/powershell.go | 8 +++++++ 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/builder/hyperv/common/driver_ps_4.go b/builder/hyperv/common/driver_ps_4.go index c836137d2..c5400f921 100644 --- a/builder/hyperv/common/driver_ps_4.go +++ b/builder/hyperv/common/driver_ps_4.go @@ -301,23 +301,37 @@ func (d *HypervPS4Driver) verifyPSHypervModule() error { return nil } +func (d *HypervPS4Driver) isCurrentUserAHyperVAdministrator() (bool, error) { + //SID:S-1-5-32-578 = 'BUILTIN\Hyper-V Administrators' + //https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems + + var script = ` +$identity = [System.Security.Principal.WindowsIdentity]::GetCurrent() +$principal = new-object System.Security.Principal.WindowsPrincipal($identity) +$hypervrole = [System.Security.Principal.SecurityIdentifier]"S-1-5-32-544" +return $principal.IsInRole($hypervrole) +` + + var ps powershell.PowerShellCmd + cmdOut, err := ps.Output(script) + if err != nil { + return false, err + } + + res := strings.TrimSpace(cmdOut) + return powershell.IsTrue(res), nil +} + func (d *HypervPS4Driver) verifyHypervPermissions() error { log.Printf("Enter method: %s", "verifyHypervPermissions") - //SID:S-1-5-32-578 = 'BUILTIN\Hyper-V Administrators' - //https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems - hypervAdminCmd := "([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole('S-1-5-32-578')" - - var ps powershell.PowerShellCmd - cmdOut, err := ps.Output(hypervAdminCmd) + hyperVAdmin, err := d.isCurrentUserAHyperVAdministrator() if err != nil { - return err + log.Printf("Error discovering if current is is a Hyper-V Admin: %s", err) } + if !hyperVAdmin { - res := strings.TrimSpace(cmdOut) - - if res == "False" { isAdmin, _ := powershell.IsCurrentUserAnAdministrator() if !isAdmin { diff --git a/common/powershell/powershell.go b/common/powershell/powershell.go index a41915474..43e2df492 100644 --- a/common/powershell/powershell.go +++ b/common/powershell/powershell.go @@ -17,6 +17,14 @@ const ( powerShellTrue = "True" ) +func IsTrue(s string) bool { + return s == powerShellTrue +} + +func IsFalse(s string) bool { + return s == powerShellFalse +} + type PowerShellCmd struct { Stdout io.Writer Stderr io.Writer From 812fd12a0b58912fc3564c7eb65092035dc43e74 Mon Sep 17 00:00:00 2001 From: Matthew Hooker Date: Wed, 25 Oct 2017 09:24:06 -0700 Subject: [PATCH 2/3] move trimspace to powershell exit check --- builder/hyperv/common/driver_ps_4.go | 7 ++----- common/powershell/powershell.go | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/builder/hyperv/common/driver_ps_4.go b/builder/hyperv/common/driver_ps_4.go index c5400f921..5be8a0cd3 100644 --- a/builder/hyperv/common/driver_ps_4.go +++ b/builder/hyperv/common/driver_ps_4.go @@ -291,9 +291,7 @@ func (d *HypervPS4Driver) verifyPSHypervModule() error { return err } - res := strings.TrimSpace(cmdOut) - - if res == "False" { + if powershell.IsFalse(cmdOut) { err := fmt.Errorf("%s", "PS Hyper-V module is not loaded. Make sure Hyper-V feature is on.") return err } @@ -318,8 +316,7 @@ return $principal.IsInRole($hypervrole) return false, err } - res := strings.TrimSpace(cmdOut) - return powershell.IsTrue(res), nil + return powershell.IsTrue(cmdOut), nil } func (d *HypervPS4Driver) verifyHypervPermissions() error { diff --git a/common/powershell/powershell.go b/common/powershell/powershell.go index 43e2df492..4d550cb8b 100644 --- a/common/powershell/powershell.go +++ b/common/powershell/powershell.go @@ -18,11 +18,11 @@ const ( ) func IsTrue(s string) bool { - return s == powerShellTrue + return strings.TrimSpace(s) == powerShellTrue } func IsFalse(s string) bool { - return s == powerShellFalse + return strings.TrimSpace(s) == powerShellFalse } type PowerShellCmd struct { From 794e518eb743e88cd1ce7b9972692c84109971c4 Mon Sep 17 00:00:00 2001 From: Matthew Hooker Date: Wed, 25 Oct 2017 09:25:12 -0700 Subject: [PATCH 3/3] use hyper-v admin group, not admin --- builder/hyperv/common/driver_ps_4.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder/hyperv/common/driver_ps_4.go b/builder/hyperv/common/driver_ps_4.go index 5be8a0cd3..d14aea1c6 100644 --- a/builder/hyperv/common/driver_ps_4.go +++ b/builder/hyperv/common/driver_ps_4.go @@ -306,7 +306,7 @@ func (d *HypervPS4Driver) isCurrentUserAHyperVAdministrator() (bool, error) { var script = ` $identity = [System.Security.Principal.WindowsIdentity]::GetCurrent() $principal = new-object System.Security.Principal.WindowsPrincipal($identity) -$hypervrole = [System.Security.Principal.SecurityIdentifier]"S-1-5-32-544" +$hypervrole = [System.Security.Principal.SecurityIdentifier]"S-1-5-32-578" return $principal.IsInRole($hypervrole) `