lib/wmi/Get-IcingaWmiSecurityData.psm1

<#
.SYNOPSIS
    Returns several information about the Wmi namespace and the provided user data to
    work with them while adding/testing/removing Wmi permissions
.DESCRIPTION
    Returns several information about the Wmi namespace and the provided user data to
    work with them while adding/testing/removing Wmi permissions
.PARAMETER User
    The user to set permissions for. Can either be a local or domain user
.PARAMETER Namespace
    The Wmi namespace to grant permissions for. Required namespaces are listed within each plugin documentation
.INPUTS
    System.String
.OUTPUTS
    System.Hashtable
#>


function Get-IcingaWmiSecurityData()
{
    param (
        [string]$User,
        [string]$Namespace
    );

    [hashtable]$WmiArguments = @{
        'Name'      = 'GetSecurityDescriptor';
        'Namespace' = $Namespace;
        'Path'      = "__systemsecurity=@";
    }

    $WmiSecurityData = Invoke-WmiMethod @WmiArguments;

    if ($WmiSecurityData.ReturnValue -ne 0) {
        Write-IcingaConsoleError 'Fetching Wmi security descriptor information failed with error {0}' -Objects $WmiSecurityData.ReturnValue;
        return $null;
    }

    $UserData = Split-IcingaUserDomain -User $User;
    $UserSID  = Get-IcingaUserSID -User $User;
    $WmiAcl   = $WmiSecurityData.Descriptor;

    if ([string]::IsNullOrEmpty($UserSID)) {
        Write-IcingaConsoleError 'Unable to load the SID for user "{0}"' -Objects $User;
        return $null;
    }

    return @{
        'WmiArguments' = $WmiArguments;
        'UserData'     = $UserData;
        'UserSID'      = $UserSID;
        'WmiAcl'       = $WmiAcl;
    }
}