win_acl - fix network path qualifier parsing (#55970)
This commit is contained in:
parent
5228133d74
commit
cc3b8b9f72
4 changed files with 55 additions and 5 deletions
2
changelogs/fragments/win_acl-network.yaml
Normal file
2
changelogs/fragments/win_acl-network.yaml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- win_acl - Fix qualifier parser when using UNC paths - https://github.com/ansible/ansible/issues/55875
|
|
@ -90,8 +90,9 @@ $state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "prese
|
||||||
$inherit = Get-AnsibleParam -obj $params -name "inherit" -type "str"
|
$inherit = Get-AnsibleParam -obj $params -name "inherit" -type "str"
|
||||||
$propagation = Get-AnsibleParam -obj $params -name "propagation" -type "str" -default "None" -validateset "InheritOnly","None","NoPropagateInherit"
|
$propagation = Get-AnsibleParam -obj $params -name "propagation" -type "str" -default "None" -validateset "InheritOnly","None","NoPropagateInherit"
|
||||||
|
|
||||||
# We mount the HKCR, HKU, and HKCC registry hives so PS can access them
|
# We mount the HKCR, HKU, and HKCC registry hives so PS can access them.
|
||||||
$path_qualifier = Split-Path -Path $path -Qualifier
|
# Network paths have no qualifiers so we use -EA SilentlyContinue to ignore that
|
||||||
|
$path_qualifier = Split-Path -Path $path -Qualifier -ErrorAction SilentlyContinue
|
||||||
if ($path_qualifier -eq "HKCR:" -and (-not (Test-Path -LiteralPath HKCR:\))) {
|
if ($path_qualifier -eq "HKCR:" -and (-not (Test-Path -LiteralPath HKCR:\))) {
|
||||||
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT > $null
|
New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT > $null
|
||||||
}
|
}
|
||||||
|
@ -120,8 +121,10 @@ ElseIf ($null -eq $inherit) {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Bug in Set-Acl, Get-Acl where -LiteralPath only works for the Registry provider if the location is in that root
|
# Bug in Set-Acl, Get-Acl where -LiteralPath only works for the Registry provider if the location is in that root
|
||||||
# qualifier.
|
# qualifier. We also don't have a qualifier for a network path so only change if not null
|
||||||
Push-Location -LiteralPath $path_qualifier
|
if ($null -ne $path_qualifier) {
|
||||||
|
Push-Location -LiteralPath $path_qualifier
|
||||||
|
}
|
||||||
|
|
||||||
Try {
|
Try {
|
||||||
SetPrivilegeTokens
|
SetPrivilegeTokens
|
||||||
|
@ -218,7 +221,9 @@ Catch {
|
||||||
}
|
}
|
||||||
Finally {
|
Finally {
|
||||||
# Make sure we revert the location stack to the original path just for cleanups sake
|
# Make sure we revert the location stack to the original path just for cleanups sake
|
||||||
|
if ($null -ne $path_qualifier) {
|
||||||
Pop-Location
|
Pop-Location
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Exit-Json -obj $result
|
Exit-Json -obj $result
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
test_acl_path: '{{ win_output_dir }}\win_acl .ÅÑŚÌβŁÈ [$!@^&test(;)]'
|
test_acl_path: '{{ win_output_dir }}\win_acl .ÅÑŚÌβŁÈ [$!@^&test(;)]'
|
||||||
|
test_acl_network_path: \\localhost\{{ test_acl_path[0:1] }}$\{{ test_acl_path[3:] }}
|
||||||
# Use HKU as that path is not automatically loaded in the PSProvider making our test more complex
|
# Use HKU as that path is not automatically loaded in the PSProvider making our test more complex
|
||||||
test_acl_reg_path: HKU:\.DEFAULT\Ansible Test .ÅÑŚÌβŁÈ [$!@^&test(;)]
|
test_acl_reg_path: HKU:\.DEFAULT\Ansible Test .ÅÑŚÌβŁÈ [$!@^&test(;)]
|
||||||
|
|
|
@ -171,6 +171,48 @@
|
||||||
that:
|
that:
|
||||||
- not remove_deny_right_again is changed
|
- not remove_deny_right_again is changed
|
||||||
|
|
||||||
|
- name: add write rights to Guest - network
|
||||||
|
win_acl:
|
||||||
|
path: '{{ test_acl_network_path }}'
|
||||||
|
type: allow
|
||||||
|
user: Guests
|
||||||
|
rights: Write
|
||||||
|
register: allow_right
|
||||||
|
|
||||||
|
- name: get result of add write rights to Guest - network
|
||||||
|
win_shell: '$path = ''{{ test_acl_path }}''; {{ test_ace_cmd }}'
|
||||||
|
register: allow_right_actual
|
||||||
|
|
||||||
|
- name: assert add write rights to Guest - network
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- allow_right is changed
|
||||||
|
- (allow_right_actual.stdout|from_json)|count == 1
|
||||||
|
- (allow_right_actual.stdout|from_json)[0].identity == 'BUILTIN\Guests'
|
||||||
|
- (allow_right_actual.stdout|from_json)[0].inheritance_flags == 'ContainerInherit, ObjectInherit'
|
||||||
|
- (allow_right_actual.stdout|from_json)[0].propagation_flags == 'None'
|
||||||
|
- (allow_right_actual.stdout|from_json)[0].rights == 'Write, Synchronize'
|
||||||
|
- (allow_right_actual.stdout|from_json)[0].type == 'Allow'
|
||||||
|
|
||||||
|
- name: remove write rights from Guest - network
|
||||||
|
win_acl:
|
||||||
|
path: '{{ test_acl_network_path }}'
|
||||||
|
type: allow
|
||||||
|
user: Guests
|
||||||
|
rights: Write
|
||||||
|
state: absent
|
||||||
|
register: remove_right
|
||||||
|
|
||||||
|
- name: get result of remove write rights from Guest - network
|
||||||
|
win_shell: '$path = ''{{ test_acl_path }}''; {{ test_ace_cmd }}'
|
||||||
|
register: remove_right_actual
|
||||||
|
|
||||||
|
- name: assert remove write rights from Guest
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- remove_right is changed
|
||||||
|
- remove_right_actual.stdout_lines == ["[", "", "]"]
|
||||||
|
|
||||||
- name: add write rights to Guest - registry
|
- name: add write rights to Guest - registry
|
||||||
win_acl:
|
win_acl:
|
||||||
path: '{{ test_acl_reg_path }}'
|
path: '{{ test_acl_reg_path }}'
|
||||||
|
|
Loading…
Reference in a new issue