ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

win_regedit: rewrite to support edge cases and fix issues (#26468)

Browse source 
* win_regedit: rewrite to support edge cases and fix issues

* fix up byte handling of single bytes and minor doc fix

* removed unused method

* updated with requested changes
This commit is contained in:
Jordan Borean 2017-07-15 02:28:49 +10:00 committed by Matt Davis
commit eb1ed6567c
8 changed files with 1536 additions and 737 deletions
Download patch file Download diff file Expand all files Collapse all files

475
lib/ansible/modules/windows/win_regedit.ps1
View file

@ -2,6 +2,7 @@
# This file is part of Ansible
#
# (c) 2015, Adam Keech <akeech@chathamfinancial.com>, Josh Ludwig <jludwig@chathamfinancial.com>
# (c) 2017, Jordan Borean <jborean93@gmail.com>
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -21,15 +22,16 @@
$ErrorActionPreference = "Stop"
$params = Parse-Args $args -supports_check_mode $true
$params = Parse-Args -arguments $args -supports_check_mode $true
$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false
$diff_support = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false
$diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false
$path = Get-AnsibleParam -obj $params -name "path" -type "string" -failifempty $true -aliases "key"
$name = Get-AnsibleParam -obj $params -name "name" -type "string" -aliases "entry","value"
$path = Get-AnsibleParam -obj $params -name "path" -type "str" -failifempty $true -aliases "key"
$name = Get-AnsibleParam -obj $params -name "name" -type "str" -aliases "entry","value"
$data = Get-AnsibleParam -obj $params -name "data"
$type = Get-AnsibleParam -obj $params -name "type" -type "string" -validateSet "none","binary","dword","expandstring","multistring","string","qword" -aliases "datatype" -default "string"
$state = Get-AnsibleParam -obj $params -name "state" -type "string" -validateSet "present","absent" -default "present"
$type = Get-AnsibleParam -obj $params -name "type" -type "str" -default "string" -validateset "none","binary","dword","expandstring","multistring","string","qword" -aliases "datatype"
$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "present","absent"
$delete_key = Get-AnsibleParam -obj $params -name "delete_key" -type "bool" -default $true
$result = @{
changed = $false
@ -37,7 +39,7 @@ $result = @{
data_type_changed = $false
}
if ($diff_support) {
if ($diff_mode) {
$result.diff = @{
prepared = ""
}
@ -45,289 +47,292 @@ if ($diff_support) {
# Fix HCCC:\ PSDrive for pre-2.3 compatibility
if ($path -match "^HCCC:\\") {
Add-Warning $result "Please use path: HKCC:\... instead of path: $path"
Add-DeprecationWarning -obj $result -message "Please use path: HKCC:\... instead of path: $path" -version 2.6
$path = $path -replace "HCCC:\\","HKCC:\\"
}
# Check that the registry path is in PSDrive format: HKCC, HKCR, HKCU, HKLM, HKU
if (-not ($path -match "^HK(CC|CR|CU|LM|U):\\")) {
Fail-Json $result "path: $path is not a valid powershell path, see module documentation for examples."
}
Function Test-ValueData {
Param (
[parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $Path,
[parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $Name
)
try {
Get-ItemProperty -Path $Path -Name $Name | Out-Null
return $true
} catch {
return $false
}
# fire a warning if the property name isn't specified, the (Default) key ($null) can only be a string
if ($name -eq $null -and $type -ne "string") {
Add-Warning -obj $result -message "the data type when name is not specified can only be 'string', the type has automatically been converted"
$type = "string"
}
# Returns true if registry data matches.
# Handles binary, integer(dword) and string registry data
Function Compare-Data {
Param (
[parameter(Mandatory=$true)] [AllowEmptyString()] [AllowNull()] $ReferenceData,
[parameter(Mandatory=$true)] [AllowEmptyString()] [AllowNull()] $DifferenceData
)
# Check that the registry path is in PSDrive format: HKCC, HKCR, HKCU, HKLM, HKU
if ($path -notmatch "^HK(CC|CR|CU|LM|U):\\") {
Fail-Json $result "path: $path is not a valid powershell path, see module documentation for examples."
}
if ($ReferenceData -eq $null) {
if ($DifferenceData -eq $null) {
return $true
} else {
return $false
}
} elseif ($ReferenceData -is [object[]]) {
if (@(Compare-Object $ReferenceData $DifferenceData -SyncWindow 0).Length -eq 0) {
return $true
} else {
return $false
}
} else {
if ($ReferenceData -ceq $DifferenceData) {
return $true
} else {
return $false
}
}
# Create the required PSDrives if missing
$registry_hive = Split-Path -Path $path -Qualifier
if ($registry_hive -eq "HKCR:" -and (-not (Test-Path HKCR:\))) {
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
}
if ($registry_hive -eq "HKU:" -and (-not (Test-Path HKU:\))) {
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS
}
if ($registry_hive -eq "HKCC:" -and (-not (Test-Path HKCC:\))) {
New-PSDrive -Name HKCC -PSProvider Registry -Root HKEY_CURRENT_CONFIG
}
# Simplified version of Convert-HexStringToByteArray from
# https://cyber-defense.sans.org/blog/2010/02/11/powershell-byte-array-hex-convert
# Expects a hex in the format you get when you run reg.exe export,
# and converts to a byte array so powershell can modify binary registry entries
function Convert-RegExportHexStringToByteArray {
Param (
[parameter(Mandatory=$true)] [String] $String
)
# import format is like 'hex:be,ef,be,ef,be,ef,be,ef,be,ef'
Function Convert-RegExportHexStringToByteArray($string) {
# Remove 'hex:' from the front of the string if present
$String = $String.ToLower() -replace '^hex\:',''
$string = $string.ToLower() -replace '^hex\:',''
# Remove whitespace and any other non-hex crud.
$String = $String.ToLower() -replace '[^a-f0-9\\,x\-\:]',''
$string = $string -replace '[^a-f0-9\\,x\-\:]',''
# Turn commas into colons
$String = $String -replace ',',':'
$string = $string -replace ',',':'
# Maybe there's nothing left over to convert...
if ($String.Length -eq 0) {
if ($string.Length -eq 0) {
return ,@()
}
# Split string with or without colon delimiters.
if ($String.Length -eq 1) {
return ,@([System.Convert]::ToByte($String,16))
} elseif (($String.Length % 2 -eq 0) -and ($String.IndexOf(":") -eq -1)) {
return ,@($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}})
} elseif ($String.IndexOf(":") -ne -1) {
return ,@($String -split ':+' | foreach-object {[System.Convert]::ToByte($_,16)})
if ($string.Length -eq 1) {
return ,@([System.Convert]::ToByte($string,16))
} elseif (($string.Length % 2 -eq 0) -and ($string.IndexOf(":") -eq -1)) {
return ,@($string -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}})
} elseif ($string.IndexOf(":") -ne -1) {
return ,@($string -split ':+' | foreach-object {[System.Convert]::ToByte($_,16)})
} else {
return ,@()
}
}
# Create the required PSDrives if missing
if (-not (Test-Path HKCR:\)) {
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT
}
if (-not (Test-Path HKU:\)) {
New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS
}
if (-not (Test-Path HKCC:\)) {
New-PSDrive -Name HKCC -PSProvider Registry -Root HKEY_CURRENT_CONFIG
}
# Convert HEX string to binary if type binary
if ($type -eq "binary" -and $data -ne $null -and $data -is [string]) {
$data = Convert-RegExportHexStringToByteArray($data)
}
# Special case handling for the path's default property.
if ($name -eq "" -or ($name -ne $null -and $name.ToLower() -eq "(default)")) {
# Apparently, "(default)" cannot be of type expandstring, do it ourselves
if ($type -eq "expandstring" -and $data -ne $null -and $data -is [string]) {
$data = Expand-Environment($data)
Function Test-RegistryProperty($path, $name) {
# will validate if the registry key contains the property, returns true
# if the property exists and false if the property does not
try {
$value = (Get-Item -Path $path).GetValue($name)
# need to do it this way return ($value -eq $null) does not work
if ($value -eq $null) {
return $false
} else {
return $true
}
} catch [System.Management.Automation.ItemNotFoundException] {
# key didn't exist so the property mustn't
return $false
}
$name = "(default)"
$type = "string"
}
# Support REG_NONE with empty value
# FIXME: REG_NONE support is not idempotent yet
if ($type -eq "none" -or $data -eq $null) {
$data = New-Object byte[] 0
# $data = ([byte[]] @())
Function Compare-RegistryProperties($existing, $new) {
$mismatch = $false
if ($existing -is [Array]) {
if ((Compare-Object -ReferenceObject $existing -DifferenceObject $new -SyncWindow 0).Length -ne 0) {
$mismatch = $true
}
} else {
if ($existing -cne $new) {
$mismatch = $true
}
}
return $mismatch
}
# convert property names "" to $null as "" refers to (Default)
if ($name -eq "") {
$name = $null
}
# convert the data to the required format
if ($type -in @("binary", "none")) {
if ($data -eq $null) {
$data = ""
}
# convert the data from string to byte array if in hex: format
if ($data -is [String]) {
$data = [byte[]](Convert-RegExportHexStringToByteArray -string $data)
} elseif ($data -is [Int]) {
if ($data -gt 255) {
Fail-Json $result "cannot convert binary data '$data' to byte array, please specify this value as a yaml byte array or a comma separated hex value string"
}
$data = [byte[]]@([byte]$data)
} elseif ($data -is [Array]) {
$data = [byte[]]$data
}
} elseif ($type -in @("dword", "qword")) {
# dword's and dword's don't allow null values, set to 0
if ($data -eq $null) {
$data = 0
}
if ($data -is [String]) {
# if the data is a string we need to convert it to an unsigned int64
# it needs to be unsigned as Ansible passes in an unsigned value while
# powershell uses a signed data type. The value will then be converted
# below
$data = [UInt64]$data
}
if ($type -eq "dword") {
if ($data -gt [UInt32]::MaxValue) {
Fail-Json $result "data cannot be larger than 0xffffffff when type is dword"
} elseif ($data -gt [Int32]::MaxValue) {
# when dealing with larger int32 (> 2147483647 or 0x7FFFFFFF) powershell
# automatically converts it to a signed int64. We need to convert this to
# signed int32 by parsing the hex string value.
$data = "0x$("{0:x}" -f $data)"
}
$data = [Int32]$data
} else {
if ($data -gt [UInt64]::MaxValue) {
Fail-Json $result "data cannot be larger than 0xffffffffffffffff when type is qword"
} elseif ($data -gt [Int64]::MaxValue) {
$data = "0x$("{0:x}" -f $data)"
}
$data = [Int64]$data
}
} elseif ($type -in @("string", "expandstring")) {
# a null string or expandstring must be empty quotes
if ($data -eq $null) {
$data = ""
}
} elseif ($type -eq "multistring") {
# convert the data for a multistring to a String[] array
if ($data -eq $null) {
$data = [String[]]@()
} elseif ($data -isnot [Array]) {
$new_data = New-Object -TypeName String[] -ArgumentList 1
$new_data[0] = $data.ToString([CultureInfo]::InvariantCulture)
$data = $new_data
} else {
$new_data = New-Object -TypeName String[] -ArgumentList $data.Count
foreach ($entry in $data) {
$new_data[$data.IndexOf($entry)] = $entry.ToString([CultureInfo]::InvariantCulture)
}
$data = $new_data
}
}
# convert the type string to the .NET class
$type = [System.Enum]::Parse([Microsoft.Win32.RegistryValueKind], $type, $true)
if ($state -eq "present") {
if ((Test-Path $path) -and $name -ne $null) {
if (Test-ValueData -Path $path -Name $name) {
# Handle binary data
$old_data = (Get-ItemProperty -Path $path | Select-Object -ExpandProperty $name)
if ($name -eq "(default)") {
# Special case handling for the path's default property.
# Because .GetValueKind() doesn't work for the (default) path property
$old_type = "String".ToLower()
} else {
$old_type = (Get-Item $path).GetValueKind($name).ToString().ToLower()
}
if ($type -ne $old_type) {
# Changes Data and DataType
if (-not $check_mode) {
try {
if ($name.ToLower() -eq "(default)") {
$null = $(Get-Item -Path $path -ErrorAction 'Stop').OpenSubKey('','ReadWriteSubTree').SetValue($null,$data)
} else {
Remove-ItemProperty -Path $path -Name $name
New-ItemProperty -Path $path -Name $name -Value $data -PropertyType $type -Force | Out-Null
}
} catch {
Fail-Json $result $_.Exception.Message
}
}
$result.changed = $true
$result.data_changed = $true
$result.data_type_changed = $true
if ($diff_support) {
$result.diff.prepared += @"
[$path]
-"$name" = "$old_type`:$data"
+"$name" = "$type`:$data"
"@
}
# FIXME: Compare-Data fails to work for null-length byte arrays
} elseif (-not (Compare-Data -ReferenceData $old_data -DifferenceData $data)) {
# Changes Only Data
if (-not $check_mode) {
try {
if ($type -eq "none") {
Remove-ItemProperty -Path $path -Name $name
New-ItemProperty -Path $path -Name $name -Value $data -PropertyType $type -Force | Out-Null
} else {
Set-ItemProperty -Path $path -Name $name -Value $data
}
} catch {
Fail-Json $result $_.Exception.Message
}
}
$result.changed = $true
$result.data_changed = $true
if ($diff_support) {
$result.diff.prepared += @"
[$path]
-"$name" = "$type`:$old_data"
+"$name" = "$type`:$data"
"@
}
} else {
# Nothing to do, everything is already as requested
}
} else {
# Add missing entry
if (-not $check_mode) {
try {
New-ItemProperty -Path $path -Name $name -Value $data -PropertyType $type | Out-Null
} Catch {
Fail-Json $result $_.Exception.Message
}
}
$result.changed = $true
if ($diff_support) {
$result.diff.prepared += @"
[$path]
+"$name" = "$type`:$data"
"@
}
}
} elseif (-not (Test-Path $path)) {
if (-not $check_mode) {
try {
$new_path = New-Item $path -Type directory -Force
if ($name -ne $null) {
$new_path | New-ItemProperty -Name $name -Value $data -PropertyType $type -Force | Out-Null
}
} catch {
Fail-Json $result $_.Exception.Message
}
if (-not (Test-Path -path $path)) {
# the key doesn't exist, create it so the next steps work
try {
New-Item -Path $path -Type directory -Force -WhatIf:$check_mode
} catch {
Fail-Json $result "failed to create registry key at $($path): $($_.Exception.Message)"
}
$result.changed = $true
if ($diff_support) {
if ($diff_mode) {
$result.diff.prepared += @"
+[$path"]
+[$path]
"@
if ($name -ne $null) {
$result.diff.prepared += @"
+"$name" = "$type`:$data"
"@
}
}
}
} elseif ($state -eq "absent") {
if (Test-Path $path) {
if ($name -eq $null) {
if (Test-RegistryProperty -path $path -name $name) {
# property exists, need to compare the values and type
$existing_key = Get-Item -Path $path
$existing_type = $existing_key.GetValueKind($name)
$existing_data = $existing_key.GetValue($name, $false, [Microsoft.Win32.RegistryValueOptions]::DoNotExpandEnvironmentNames)
$change_value = $false
if ($type -ne $existing_type) {
$change_value = $true
$result.data_type_changed = $true
$data_mismatch = Compare-RegistryProperties -existing $existing_data -new $data
if ($data_mismatch) {
$result.data_changed = $true
}
} else {
$data_mismatch = Compare-RegistryProperties -existing $existing_data -new $data
if ($data_mismatch) {
$change_value = $true
$result.data_changed = $true
}
}
if ($change_value) {
if (-not $check_mode) {
try {
Remove-Item -Path $path -Recurse
(Get-Item -Path $path).OpenSubKey($null, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree).SetValue($name, $data, $type)
} catch {
Fail-Json $result $_.Exception.Message
Fail-Json $result "failed to change registry property '$name' at $($path): $($_.Exception.Message)"
}
}
$result.changed = $true
if ($diff_support) {
if ($diff_mode) {
$result.diff.prepared += @"
-[$path]
-"$name" = "$type`:$data"
[$path]
-"$name" = "$existing_type`:$existing_data"
+"$name" = "$type`:$data"
"@
}
} elseif (Test-ValueData -Path $path -Name $name) {
if (-not $check_mode) {
try {
Remove-ItemProperty -Path $path -Name $name
} catch {
Fail-Json $result $_.Exception.Message
}
}
$result.changed = $true
if ($diff_support) {
$result.diff.prepared += @"
[$path]
-"$name" = "$type`:$data"
"@
}
}
} else {
# Nothing to do, everything is already as requested
# property doesn't exist just create a new one
if (-not $check_mode) {
try {
(Get-Item -Path $path).OpenSubKey($null, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree).SetValue($name, $data, $type)
} catch {
Fail-Json $result "failed to change registry property '$name' at $($path): $($_.Exception.Message)"
}
}
$result.changed = $true
if ($diff_mode) {
$result.diff.prepared += @"
[$path]
+"$name" = "$type`:$data"
"@
}
}
} else {
if (Test-Path -path $path) {
if ($delete_key -and $name -eq $null) {
# the clear_key flag is set and name is null so delete the entire key
try {
Remove-Item -Path $path -Force -Recurse -WhatIf:$check_mode
} catch {
Fail-Json $result "failed to delete registry key at $($path): $($_.Exception.Message)"
}
$result.changed = $true
if ($diff_mode) {
$result.diff.prepared += @"
-[$path]
"@
}
} else {
# the clear_key flag is set or name is not null, check whether we need to delete a property
if (Test-RegistryProperty -path $path -name $name) {
$existing_key = Get-Item -Path $path
$existing_type = $existing_key.GetValueKind($name)
$existing_data = $existing_key.GetValue($name, $false, [Microsoft.Win32.RegistryValueOptions]::DoNotExpandEnvironmentNames)
# cannot use Remove-ItemProperty as it fails when deleting the (Default) key ($name = $null)
if (-not $check_mode) {
try {
(Get-Item -Path $path).OpenSubKey($null, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree).DeleteValue($name)
} catch {
Fail-Json $result "failed to delete registry property '$name' at $($path): $($_.Exception.Message)"
}
}
$result.changed = $true
if ($diff_mode) {
$result.diff.prepared += @"
[$path]
-"$name" = "$existing_type`:$existing_data"
"@
}
}
}
}
}