From dce7789d91808944f85f35fd12438359c6fb10ff Mon Sep 17 00:00:00 2001 From: Lord Hepipud Date: Mon, 27 Jul 2020 12:38:57 +0200 Subject: [PATCH] Adds WMI/CIM wrapper permission error and WMI code handling Implements #80 --- .../Get-IcingaWindowsInformation.psm1 | 30 ++++++++++++++----- .../Icinga_IcingaExceptionEnums.psm1 | 4 ++- 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/lib/core/framework/Get-IcingaWindowsInformation.psm1 b/lib/core/framework/Get-IcingaWindowsInformation.psm1 index 2e93ca1..bf7cc6a 100644 --- a/lib/core/framework/Get-IcingaWindowsInformation.psm1 +++ b/lib/core/framework/Get-IcingaWindowsInformation.psm1 @@ -22,20 +22,20 @@ function Get-IcingaWindowsInformation() } catch { $ErrorName = $_.Exception.NativeErrorCode; $ErrorMessage = $_.Exception.Message; + $ErrorCode = $_.Exception.StatusCode; - switch ($_.Exception.StatusCode) { + switch ($ErrorCode) { + # Permission error + 2 { + Exit-IcingaThrowException -ExceptionType 'Permission' -ExceptionThrown $IcingaExceptions.Permission.CimInstance -CustomMessage $ClassName -Force; + }; # InvalidClass 5 { Exit-IcingaThrowException -ExceptionType 'Input' -ExceptionThrown $IcingaExceptions.Inputs.CimClassNameUnknown -CustomMessage $ClassName -Force; }; - # TODO: Find error Id for permission errors - # Permission error - #x { - # Exit-IcingaThrowException -ExceptionType 'Permission' -ExceptionThrown $IcingaExceptions.Permission.CimInstance -CustomMessage $ClassName -Force; - #}; # All other errors default { - Exit-IcingaThrowException -ExceptionType 'Custom' -InputString $ErrorMessage -CustomMessage ([string]::Format('CimInstanceUnhandledError: Class "{0}": Error "{1}"', $ClassName, $ErrorName)) -Force; + Exit-IcingaThrowException -ExceptionType 'Custom' -InputString $ErrorMessage -CustomMessage ([string]::Format('CimInstanceUnhandledError: Class "{0}": Error "{1}": Id "{2}"', $ClassName, $ErrorName, $ErrorCode)) -Force; } } } @@ -47,8 +47,22 @@ function Get-IcingaWindowsInformation() } catch { $ErrorName = $_.CategoryInfo.Category; $ErrorMessage = $_.Exception.Message; + $ErrorCode = ($_.Exception.HResult -band 0xFFFF); - Exit-IcingaThrowException -ExceptionType 'Custom' -InputString $ErrorMessage -CustomMessage ([string]::Format('WmiObjectUnhandledError: Class "{0}": Error "{1}"', $ClassName, $ErrorName)) -Force; + switch ($ErrorCode) { + # Permission error + 5376 { + Exit-IcingaThrowException -ExceptionType 'Permission' -ExceptionThrown $IcingaExceptions.Permission.WMIObject -CustomMessage $ClassName -Force; + }; + # InvalidClass + 5377 { + Exit-IcingaThrowException -ExceptionType 'Input' -ExceptionThrown $IcingaExceptions.Inputs.WmiObjectClassUnknown -CustomMessage $ClassName -Force; + }; + # All other errors + default { + Exit-IcingaThrowException -ExceptionType 'Custom' -InputString $ErrorMessage -CustomMessage ([string]::Format('WmiObjectUnhandledError: Class "{0}": Error "{1}": Id "{2}"', $ClassName, $ErrorName, $ErrorCode)) -Force; + } + } } } diff --git a/lib/icinga/exception/Icinga_IcingaExceptionEnums.psm1 b/lib/icinga/exception/Icinga_IcingaExceptionEnums.psm1 index 61da629..57e1726 100644 --- a/lib/icinga/exception/Icinga_IcingaExceptionEnums.psm1 +++ b/lib/icinga/exception/Icinga_IcingaExceptionEnums.psm1 @@ -7,7 +7,8 @@ [hashtable]$Permission = @{ PerformanceCounter = 'A Plugin failed to fetch Performance Counter information. This may be caused when the used Service User is not permitted to access these information. To fix this, please add the User the Icinga Agent is running on into the "Performance Log Users" group and restart the service.'; CacheFolder = "A plugin failed to write new data into the configured cache directory. Please update the permissions of this folder to allow write access for the user the Icinga Service is running with or use another folder as cache directory."; - CimInstance = 'The user you are running this command as does not have permission to access the requested Cim-Object.'; + CimInstance = 'The user you are running this command as does not have permission to access the requested Cim-Object. To fix this, please add the user the Agent is running with to the "Remote Management Users" groups and grant access to the WMI branch "root/cimv2" and add the permission "Remote enable".'; + WMIObject = 'The user you are running this command as does not have permission to access the requested Wmi-Object. To fix this, please add the user the Agent is running with to the "Remote Management Users" groups and grant access to the WMI branch "root/cimv2" and add the permission "Remote enable".'; }; [hashtable]$Inputs = @{ @@ -16,6 +17,7 @@ EventLog = 'Failed to fetch EventLog information. Please check your inputs for EntryTypes and other categories and try again.'; ConversionUnitMissing = 'Unable to parse input value. You have to add an unit to your input value. Example: "10GB". Allowed units are: "B, KB, MB, GB, TB, PB, KiB, MiB, GiB, TiB, PiB".'; CimClassNameUnknown = 'The provided class name you try to fetch with Get-CimInstance is not known on this system.'; + WmiObjectClassUnknown = 'The provided class name you try to fetch with Get-WmiObject is not known on this system.'; }; [hashtable]$Configuration = @{