1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Adding registry functionality to win_acl module (#19443)

* Updated win_acl.ps1 module with registry functionality

* adding registry functionality to the most recent win_acl module in ansible/ansible

* updated in sync with win_regedit.ps1
This commit is contained in:
Branden Pleines 2017-03-01 22:38:27 -08:00 committed by Matt Davis
parent 7d44b2987e
commit 299e964dbf

View file

@ -143,7 +143,12 @@ ElseIf ($inherit -eq "") {
} }
Try { Try {
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
$colRights = [System.Security.AccessControl.RegistryRights]$rights
}
Else {
$colRights = [System.Security.AccessControl.FileSystemRights]$rights $colRights = [System.Security.AccessControl.FileSystemRights]$rights
}
$InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]$inherit $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]$inherit
$PropagationFlag = [System.Security.AccessControl.PropagationFlags]$propagation $PropagationFlag = [System.Security.AccessControl.PropagationFlags]$propagation
@ -155,11 +160,26 @@ Try {
} }
$objUser = New-Object System.Security.Principal.SecurityIdentifier($sid) $objUser = New-Object System.Security.Principal.SecurityIdentifier($sid)
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
$objACE = New-Object System.Security.AccessControl.RegistryAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
}
Else {
$objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType)
}
$objACL = Get-ACL $path $objACL = Get-ACL $path
# Check if the ACE exists already in the objects ACL list # Check if the ACE exists already in the objects ACL list
$match = $false $match = $false
If ($path -match "^HK(CC|CR|CU|LM|U):\\") {
ForEach($rule in $objACL.Access){
$ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
If (($rule.RegistryRights -eq $objACE.RegistryRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
$match = $true
Break
}
}
}
Else {
ForEach($rule in $objACL.Access){ ForEach($rule in $objACL.Access){
$ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) $ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) { If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
@ -167,6 +187,7 @@ Try {
Break Break
} }
} }
}
If ($state -eq "present" -And $match -eq $false) { If ($state -eq "present" -And $match -eq $false) {
Try { Try {