archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Windows - Support WDAC Audit Mode (#84730)

Browse Source 
Fix up bug when attempting to run any module on a Windows host that has
been configured with WDAC and Dynamic Code Security in audit mode. This
does not enable WDAC support with signed scripts so Ansible will still
not pass the audit events but it no longer fails to run.
pull/84735/head
Jordan Borean 10 months ago committed by GitHub
parent a742e20fca
commit e5ec1ee76c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File

4
changelogs/fragments/win-wdac-audit.yml
Unescape Escape View File

@ -0,0 +1,4 @@
bugfixes:
- >-
Windows - add support for running on system where WDAC is in audit mode with
``Dynamic Code Security`` enabled.

9
lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1
Unescape Escape View File

@ -312,7 +312,7 @@ Function Add-CSharpType {
# fatal error. # fatal error.
# https://github.com/ansible-collections/ansible.windows/issues/598 # https://github.com/ansible-collections/ansible.windows/issues/598
$ignore_warnings = [System.Collections.ArrayList]@('1610') $ignore_warnings = [System.Collections.ArrayList]@('1610')
$compile_units = [System.Collections.Generic.List`1[System.CodeDom.CodeSnippetCompileUnit]]@() $compile_units = [System.Collections.Generic.List`1[string]]@()
foreach ($reference in $References) { foreach ($reference in $References) {
# scan through code and add any assemblies that match # scan through code and add any assemblies that match
# //AssemblyReference -Name ... [-CLR Framework] # //AssemblyReference -Name ... [-CLR Framework]
@ -346,7 +346,7 @@ Function Add-CSharpType {
} }
$ignore_warnings.Add($warning_id) > $null $ignore_warnings.Add($warning_id) > $null
} }
$compile_units.Add((New-Object -TypeName System.CodeDom.CodeSnippetCompileUnit -ArgumentList $reference)) > $null $compile_units.Add($reference) > $null
$type_matches = $type_pattern.Matches($reference) $type_matches = $type_pattern.Matches($reference)
foreach ($match in $type_matches) { foreach ($match in $type_matches) {
@ -381,7 +381,10 @@ Function Add-CSharpType {
$null = New-Item -Path $temp_path -ItemType Directory -Force $null = New-Item -Path $temp_path -ItemType Directory -Force
try { try {
$compile = $provider.CompileAssemblyFromDom($compile_parameters, $compile_units) # FromSource is important, it will create the .cs files with
# the required extended attribute for the source to be trusted
# when using WDAC.
$compile = $provider.CompileAssemblyFromSource($compile_parameters, $compile_units)
} }
finally { finally {
# Try to delete the temp path, if this fails and we are running # Try to delete the temp path, if this fails and we are running

Write Preview
Loading…
Cancel
Save