added module to disable acl inheritance

2 files changed, 114 insertions, 0 deletions

diff --git a/windows/win_acl_inheritance.ps1 b/windows/win_acl_inheritance.ps1
new file mode 100644
index 00000000..e72570ba
--- /dev/null
+++ b/windows/win_acl_inheritance.ps1
@@ -0,0 +1,55 @@
+#!powershell
+# This file is part of Ansible
+#
+# Copyright 2015, Hans-Joachim Kliemeck <git@kliemeck.de>
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# WANT_JSON
+# POWERSHELL_COMMON
+
+
+$params = Parse-Args $args;
+
+$result = New-Object PSObject;
+Set-Attr $result "changed" $false;
+
+$path = Get-Attr $params "path" -failifempty $true
+$copy = Get-Attr $params "copy" "no" -validateSet "no","yes" -resultobj $result
+
+If (-Not (Test-Path -Path $path)) {
+    Fail-Json $result "$path file or directory does not exist on the host"
+}
+ 
+Try {
+    $objACL = Get-ACL $path
+    $alreadyDisabled = !$objACL.AreAccessRulesProtected
+
+    If ($copy -eq "yes") {
+        $objACL.SetAccessRuleProtection($True, $True)
+    } Else {
+        $objACL.SetAccessRuleProtection($True, $False)
+    }
+
+    If ($alreadyDisabled) {
+        Set-Attr $result "changed" $true;
+    }
+
+    Set-ACL $path $objACL
+}
+Catch {
+    Fail-Json $result "an error occured when attempting to disable inheritance"
+}
+ 
+Exit-Json $result
diff --git a/windows/win_acl_inheritance.py b/windows/win_acl_inheritance.py
new file mode 100644
index 00000000..784aa5f9
--- /dev/null
+++ b/windows/win_acl_inheritance.py
@@ -0,0 +1,59 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright 2015, Hans-Joachim Kliemeck <git@kliemeck.de>
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# this is a windows documentation stub.  actual code lives in the .ps1
+# file of the same name
+
+DOCUMENTATION = '''
+---
+module: win_acl_inheritance
+version_added: "2.0"
+short_description: Disable ACL inheritance
+description:
+    - Disable ACL inheritance and optionally converts ACE to dedicated ACE
+options:
+  path:
+    description:
+      - Path to be used for disabling
+    required: true
+  copy:
+    description:
+      - Indicates if the inherited ACE should be copied to dedicated ACE
+    required: false
+    choices:
+      - no
+      - yes
+    default: no
+author: Hans-Joachim Kliemeck (@h0nIg)
+'''
+
+EXAMPLES = '''
+# Playbook example
+---
+- name: Disable and copy
+  win_owner:
+    path: 'C:\\apache\\'
+    copy: yes
+
+- name: Disable
+  win_owner:
+    path: 'C:\\apache\\'
+    copy: no
+'''