Class: Inspec::Resources::WindowsUser

Inherits:

UserInfo

• Object
• UserInfo
• Inspec::Resources::WindowsUser

Defined in:

lib/resources/users.rb

Overview

For now, we stick with WMI Win32_UserAccount using Get-AdUser would be the best command for domain machines, but it will not be installed on client machines by default Just for reference, we could also use ADSI (Active Directory Service Interfaces)

See Also:

• https://msdn.microsoft.com/en-us/library/aa394507(v=vs.85).aspx
• https://msdn.microsoft.com/en-us/library/aa394153(v=vs.85).aspx
• https://technet.microsoft.com/en-us/library/ee617241.aspx
• https://technet.microsoft.com/en-us/library/hh509016(v=WS.10).aspx
• http://woshub.com/get-aduser-getting-active-directory-users-data-via-powershell/
• http://stackoverflow.com/questions/17548523/the-term-get-aduser-is-not-recognized-as-the-name-of-a-cmdlet
• https://mcpmag.com/articles/2015/04/15/reporting-on-local-accounts.aspx

Instance Attribute Summary

Attributes inherited from UserInfo

#inspec

Instance Method Summary

• #identity(username) ⇒ Object
• #list_users ⇒ Object
• #meta_info(_username) ⇒ Object

  not implemented yet.

• #parse_windows_account(username) ⇒ Object

  parse windows account name.

Methods inherited from UserInfo

#collect_user_details, #credentials, #initialize, #user_details

Methods included from Converter

#convert_to_i

Constructor Details

This class inherits a constructor from Inspec::Resources::UserInfo

Instance Method Details

#identity(username) ⇒ Object

# File 'lib/resources/users.rb', line 571

def identity(username)
  # extract domain/user information
  account, domain = parse_windows_account(username)

  # TODO: escape content
  if !domain.nil?
    filter = "Name = '#{account}' and Domain = '#{domain}'"
  else
    filter = "Name = '#{account}' and LocalAccount = true"
  end

  script = <<-EOH
    # find user
    $user = Get-WmiObject Win32_UserAccount -filter "#{filter}"
    # get related groups
    $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
    # filter user information
    $user = $user | Select-Object -Property Caption, Description, Domain, Name, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID, SIDType, Status, Disabled
    # build response object
    New-Object -Type PSObject | `
    Add-Member -MemberType NoteProperty -Name User -Value ($user) -PassThru | `
    Add-Member -MemberType NoteProperty -Name Groups -Value ($groups) -PassThru | `
    ConvertTo-Json
  EOH

  cmd = inspec.powershell(script)

  # cannot rely on exit code for now, successful command returns exit code 1
  # return nil if cmd.exit_status != 0, try to parse json
  begin
    params = JSON.parse(cmd.stdout)
  rescue JSON::ParserError => _e
    return nil
  end

  user_hash = params['User'] || {}
  group_hashes = params['Groups'] || []
  # if groups is no array, generate one
  group_hashes = [group_hashes] unless group_hashes.is_a?(Array)
  group_names = group_hashes.map { |grp| grp['Caption'] }
  {
    uid: user_hash['SID'],
    username: user_hash['Caption'],
    gid: nil,
    group: nil,
    groups: group_names,
    disabled: user_hash['Disabled'],
  }
end

#list_users ⇒ Object

# File 'lib/resources/users.rb', line 629

def list_users
  script = 'Get-WmiObject Win32_UserAccount | Select-Object -ExpandProperty Caption'
  cmd = inspec.powershell(script)
  cmd.stdout.chomp.lines
end

#meta_info(_username) ⇒ Object

not implemented yet

# File 'lib/resources/users.rb', line 622

def meta_info(_username)
  {
    home: nil,
    shell: nil,
  }
end

#parse_windows_account(username) ⇒ Object

parse windows account name

# File 'lib/resources/users.rb', line 564

def parse_windows_account(username)
  account = username.split('\\')
  name = account.pop
  domain = account.pop if account.size > 0
  [name, domain]
end