win_acl: Fix problems with special IDRef in different languages than english (#57281)
* Change special id ref recognitionto avoid language diff * Changelog added * specialIdRefPrefixes to array * Changed to the more generic option
This commit is contained in:
parent
e0b8bc1ef9
commit
07edcab051
2 changed files with 5 additions and 15 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- "win_acl - Change special id ref recognitionto avoid language diff (https://github.com/ansible/ansible/issues/56757)"
|
|
@ -158,27 +158,15 @@ Try {
|
||||||
# Check if the ACE exists already in the objects ACL list
|
# Check if the ACE exists already in the objects ACL list
|
||||||
$match = $false
|
$match = $false
|
||||||
|
|
||||||
# Workaround to handle special use case 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES' and
|
ForEach($rule in $objACL.GetAccessRules($true, $true, [System.Security.Principal.SecurityIdentifier])){
|
||||||
# 'APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES'- can't translate fully qualified name (win32 API bug/oddity)
|
|
||||||
# 'ALL APPLICATION PACKAGES' exists only on Win2k12 and Win2k16 and 'ALL RESTRICTED APPLICATION PACKAGES' exists only in Win2k16
|
|
||||||
$specialIdRefs = "ALL APPLICATION PACKAGES","ALL RESTRICTED APPLICATION PACKAGES"
|
|
||||||
ForEach($rule in $objACL.Access){
|
|
||||||
$idRefShortValue = ($rule.IdentityReference.Value).split('\')[-1]
|
|
||||||
|
|
||||||
if ( $idRefShortValue -in $specialIdRefs ) {
|
|
||||||
$ruleIdentity = (New-Object Security.Principal.NTAccount $idRefShortValue).Translate([Security.Principal.SecurityIdentifier])
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$ruleIdentity = $rule.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier])
|
|
||||||
}
|
|
||||||
|
|
||||||
If ($path_item.PSProvider.Name -eq "Registry") {
|
If ($path_item.PSProvider.Name -eq "Registry") {
|
||||||
If (($rule.RegistryRights -eq $objACE.RegistryRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
|
If (($rule.RegistryRights -eq $objACE.RegistryRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($rule.IdentityReference -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
|
||||||
$match = $true
|
$match = $true
|
||||||
Break
|
Break
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($ruleIdentity -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
|
If (($rule.FileSystemRights -eq $objACE.FileSystemRights) -And ($rule.AccessControlType -eq $objACE.AccessControlType) -And ($rule.IdentityReference -eq $objACE.IdentityReference) -And ($rule.IsInherited -eq $objACE.IsInherited) -And ($rule.InheritanceFlags -eq $objACE.InheritanceFlags) -And ($rule.PropagationFlags -eq $objACE.PropagationFlags)) {
|
||||||
$match = $true
|
$match = $true
|
||||||
Break
|
Break
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue