ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-06-22 00:00:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

win_acl - fix support for registry paths (#54427)

Browse source
This commit is contained in:
Jordan Borean 2019-03-27 09:52:39 +10:00 committed by GitHub
parent cbfe77ad63
commit 10f006036c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 201 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

29
lib/ansible/modules/windows/win_acl.ps1
View file

@ -90,6 +90,18 @@ $state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "prese
$inherit = Get-AnsibleParam -obj $params -name "inherit" -type "str"
$propagation = Get-AnsibleParam -obj $params -name "propagation" -type "str" -default "None" -validateset "InheritOnly","None","NoPropagateInherit"
# We mount the HKCR, HKU, and HKCC registry hives so PS can access them
$path_qualifier = Split-Path -Path $path -Qualifier
if ($path_qualifier -eq "HKCR:" -and (-not (Test-Path -LiteralPath HKCR:\))) {
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT > $null
}
if ($path_qualifier -eq "HKU:" -and (-not (Test-Path -LiteralPath HKU:\))) {
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS > $null
}
if ($path_qualifier -eq "HKCC:" -and (-not (Test-Path -LiteralPath HKCC:\))) {
New-PSDrive -Name HKCC -PSProvider Registry -Root HKEY_CURRENT_CONFIG > $null
}
If (-Not (Test-Path -LiteralPath $path)) {
Fail-Json -obj $result -message "$path file or directory does not exist on the host"
}
@ -107,9 +119,14 @@ ElseIf ($null -eq $inherit) {
$inherit = "ContainerInherit, ObjectInherit"
}
# Bug in Set-Acl, Get-Acl where -LiteralPath only works for the Registry provider if the location is in that root
# qualifier.
Push-Location -LiteralPath $path_qualifier
Try {
SetPrivilegeTokens
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
$path_item = Get-Item -LiteralPath $path -Force
If ($path_item.PSProvider.Name -eq "Registry") {
$colRights = [System.Security.AccessControl.RegistryRights]$rights
}
Else {
@ -127,7 +144,7 @@ Try {
}
$objUser = New-Object System.Security.Principal.SecurityIdentifier($sid)
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
If ($path_item.PSProvider.Name -eq "Registry") {
$objACE = New-Object System.Security.AccessControl.RegistryAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
}
Else {
@ -152,7 +169,7 @@ Try {
$ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
}
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
If ($path_item.PSProvider.Name -eq "Registry") {
If (($rule.RegistryRights -eq $objACE.RegistryRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
$match = $true
Break
@ -197,7 +214,13 @@ Try {
}
}
Catch {
$result.exception = ($_ | Out-String)
$result.test = ($pwd.Path)
Fail-Json -obj $result -message "an error occurred when attempting to $state $rights permission(s) on $path for $user - $($_.Exception.Message)"
}
Finally {
# Make sure we revert the location stack to the original path just for cleanups sake
Pop-Location
}
Exit-Json -obj $result