From 7f034a74d1c71907b407f00c9150850b35dba0d2 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Thu, 9 Apr 2015 13:29:38 -0400
Subject: [PATCH 1/3] Add -ExecutionPolicy Unrestricted back, was removed by
 #9602.

---
 lib/ansible/runner/shell_plugins/powershell.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ansible/runner/shell_plugins/powershell.py b/lib/ansible/runner/shell_plugins/powershell.py
index 50b759ae633..850b380eddb 100644
--- a/lib/ansible/runner/shell_plugins/powershell.py
+++ b/lib/ansible/runner/shell_plugins/powershell.py
@@ -57,7 +57,7 @@ def _build_file_cmd(cmd_parts, quote_args=True):
     '''Build command line to run a file, given list of file name plus args.'''
     if quote_args:
         cmd_parts = ['"%s"' % x for x in cmd_parts]
-    return ' '.join(['&'] + cmd_parts)
+    return ' '.join(_common_args + ['-ExecutionPolicy', 'Unrestricted', '-File'] + cmd_parts)
 
 class ShellModule(object):
 

From 5675982b0f64cbc3bf01eff63951d1302132c6d2 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Thu, 9 Apr 2015 13:36:58 -0400
Subject: [PATCH 2/3] Only try kerberos auth when username contains `@` and
 pass realm to pywinrm. Alternative to #10644, fixes #10577.

---
 lib/ansible/runner/connection_plugins/winrm.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/runner/connection_plugins/winrm.py b/lib/ansible/runner/connection_plugins/winrm.py
index 7a2d6d3318d..eb02d743072 100644
--- a/lib/ansible/runner/connection_plugins/winrm.py
+++ b/lib/ansible/runner/connection_plugins/winrm.py
@@ -90,13 +90,18 @@ class Connection(object):
             return _winrm_cache[cache_key]
         exc = None
         for transport, scheme in self.transport_schemes['http' if port == 5985 else 'https']:
-            if transport == 'kerberos' and not HAVE_KERBEROS:
+            if transport == 'kerberos' and (not HAVE_KERBEROS or not '@' in self.user):
                 continue
+            if transport == 'kerberos':
+                realm = self.user.split('@', 1)[1].strip() or None
+            else:
+                realm = None
             endpoint = urlparse.urlunsplit((scheme, netloc, '/wsman', '', ''))
             vvvv('WINRM CONNECT: transport=%s endpoint=%s' % (transport, endpoint),
                  host=self.host)
             protocol = Protocol(endpoint, transport=transport,
-                                username=self.user, password=self.password)
+                                username=self.user, password=self.password,
+                                realm=realm)
             try:
                 protocol.send_message('')
                 _winrm_cache[cache_key] = protocol

From 7ba2950c5ae9c51226276c6da7acac9b99757f87 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Thu, 9 Apr 2015 13:45:21 -0400
Subject: [PATCH 3/3] Remove winrm connection cache (only useful when running
 against one host).  Also fixes #10391.

---
 lib/ansible/runner/connection_plugins/winrm.py | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/lib/ansible/runner/connection_plugins/winrm.py b/lib/ansible/runner/connection_plugins/winrm.py
index eb02d743072..b41a74c8e1f 100644
--- a/lib/ansible/runner/connection_plugins/winrm.py
+++ b/lib/ansible/runner/connection_plugins/winrm.py
@@ -18,8 +18,6 @@
 from __future__ import absolute_import
 
 import base64
-import hashlib
-import imp
 import os
 import re
 import shlex
@@ -44,10 +42,6 @@ try:
 except ImportError:
     pass
 
-_winrm_cache = {
-    # 'user:pwhash@host:port': <protocol instance>
-}
-
 def vvvvv(msg, host=None):
     verbose(msg, host=host, caplevel=4)
 
@@ -84,10 +78,6 @@ class Connection(object):
         vvv("ESTABLISH WINRM CONNECTION FOR USER: %s on PORT %s TO %s" % \
             (self.user, port, self.host), host=self.host)
         netloc = '%s:%d' % (self.host, port)
-        cache_key = '%s:%s@%s:%d' % (self.user, hashlib.md5(self.password).hexdigest(), self.host, port)
-        if cache_key in _winrm_cache:
-            vvvv('WINRM REUSE EXISTING CONNECTION: %s' % cache_key, host=self.host)
-            return _winrm_cache[cache_key]
         exc = None
         for transport, scheme in self.transport_schemes['http' if port == 5985 else 'https']:
             if transport == 'kerberos' and (not HAVE_KERBEROS or not '@' in self.user):
@@ -104,7 +94,6 @@ class Connection(object):
                                 realm=realm)
             try:
                 protocol.send_message('')
-                _winrm_cache[cache_key] = protocol
                 return protocol
             except WinRMTransportError, exc:
                 err_msg = str(exc)
@@ -116,7 +105,6 @@ class Connection(object):
                     if code == 401:
                         raise errors.AnsibleError("the username/password specified for this server was incorrect")
                     elif code == 411:
-                        _winrm_cache[cache_key] = protocol
                         return protocol
                 vvvv('WINRM CONNECTION ERROR: %s' % err_msg, host=self.host)
                 continue