archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding registry functionality to win_acl module (#19443)

Browse Source 
* Updated win_acl.ps1 module with registry functionality

* adding registry functionality to the most recent win_acl module in ansible/ansible

* updated in sync with win_regedit.ps1
pull/22182/head
Branden Pleines 8 years ago committed by Matt Davis
parent 7d44b2987e
commit 299e964dbf
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File

21
lib/ansible/modules/windows/win_acl.ps1
Unescape Escape View File

@ -143,7 +143,12 @@ ElseIf ($inherit -eq "") {
} }
Try { Try {
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
$colRights = [System.Security.AccessControl.RegistryRights]$rights
}
Else {
$colRights = [System.Security.AccessControl.FileSystemRights]$rights $colRights = [System.Security.AccessControl.FileSystemRights]$rights
}
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]$inherit $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]$inherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]$propagation $PropagationFlag = [System.Security.AccessControl.PropagationFlags]$propagation
@ -155,11 +160,26 @@ Try {
} }
$objUser = New-Object System.Security.Principal.SecurityIdentifier($sid) $objUser = New-Object System.Security.Principal.SecurityIdentifier($sid)
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
$objACE = New-Object System.Security.AccessControl.RegistryAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
}
Else {
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
}
$objACL = Get-ACL $path $objACL = Get-ACL $path
# Check if the ACE exists already in the objects ACL list # Check if the ACE exists already in the objects ACL list
$match = $false $match = $false
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
ForEach($rule in $objACL.Access){
$ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
If (($rule.RegistryRights -eq $objACE.RegistryRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
$match = $true
Break
}
}
}
Else {
ForEach($rule in $objACL.Access){ ForEach($rule in $objACL.Access){
$ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) $ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) { If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
@ -167,6 +187,7 @@ Try {
Break Break
} }
} }
}
If ($state -eq "present" -And $match -eq $false) { If ($state -eq "present" -And $match -eq $false) {
Try { Try {

Write Preview
Loading…
Cancel
Save