diff options
| author | Branden Pleines <bpleines5qa@gmail.com> | 2017-03-01 22:38:27 -0800 |
|---|---|---|
| committer | Matt Davis <nitzmahone@users.noreply.github.com> | 2017-03-01 22:38:27 -0800 |
| commit | 299e964dbf24d0ad5b66a9ca36a0bb4f5fbebf34 (patch) | |
| tree | 0615695930cb8861b0509004c2d9a0b7642e9b88 | |
| parent | 7d44b2987ebaa92b07ac8e3e8c7f6abe6706edea (diff) | |
| download | ansible-299e964dbf24d0ad5b66a9ca36a0bb4f5fbebf34.tar.gz | |
Adding registry functionality to win_acl module (#19443)
* Updated win_acl.ps1 module with registry functionality
* adding registry functionality to the most recent win_acl module in ansible/ansible
* updated in sync with win_regedit.ps1
| -rw-r--r-- | lib/ansible/modules/windows/win_acl.ps1 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/lib/ansible/modules/windows/win_acl.ps1 b/lib/ansible/modules/windows/win_acl.ps1 index 971b8dc300..972a562a82 100644 --- a/lib/ansible/modules/windows/win_acl.ps1 +++ b/lib/ansible/modules/windows/win_acl.ps1 @@ -143,7 +143,12 @@ ElseIf ($inherit -eq "") { } Try { + If ($path -match "^HK(CC|CR|CU|LM|U):\\") { + $colRights = [System.Security.AccessControl.RegistryRights]$rights + } + Else { $colRights = [System.Security.AccessControl.FileSystemRights]$rights + } $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]$inherit $PropagationFlag = [System.Security.AccessControl.PropagationFlags]$propagation @@ -155,11 +160,26 @@ Try { } $objUser = New-Object System.Security.Principal.SecurityIdentifier($sid) + If ($path -match "^HK(CC|CR|CU|LM|U):\\") { + $objACE = New-Object System.Security.AccessControl.RegistryAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) + } + Else { $objACE = New-Object System.Security.AccessControl.FileSystemAccessRule ($objUser, $colRights, $InheritanceFlag, $PropagationFlag, $objType) + } $objACL = Get-ACL $path # Check if the ACE exists already in the objects ACL list $match = $false + If ($path -match "^HK(CC|CR|CU|LM|U):\\") { + ForEach($rule in $objACL.Access){ + $ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) + If (($rule.RegistryRights -eq $objACE.RegistryRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) { + $match = $true + Break + } + } + } + Else { ForEach($rule in $objACL.Access){ $ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) { @@ -167,6 +187,7 @@ Try { Break } } + } If ($state -eq "present" -And $match -eq $false) { Try { |