Class: Puppet::Util::Windows::ADSI::ADSIObject Private

Inherits:

Object

• Object
• Puppet::Util::Windows::ADSI::ADSIObject

Extended by:

Enumerable

Defined in:

lib/puppet/util/windows/adsi.rb,
lib/puppet/util/windows.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Common base class shared by the User and Group classes below.

Direct Known Subclasses

Group, User

Class Attribute Summary

• .object_class ⇒ Object readonly private

  Is either ‘user’ or ‘group’.

Instance Attribute Summary

• #name ⇒ Object readonly private

Class Method Summary

• .delete(name) ⇒ Object private
• .each(&block) ⇒ Object private
• .exists?(name_or_sid) ⇒ Boolean private
• .get_sids(adsi_child_collection) ⇒ Object private

  returns Puppet::Util::Windows::SID::Principal[] may contain objects that represent unresolvable SIDs.

• .list_all ⇒ Object private
• .localized_domains ⇒ Object private
• .name_sid_hash(names, allow_unresolved = false) ⇒ Object private
• .parse_name(name) ⇒ Object private
• .uri(name, host = '.') ⇒ Object private

Instance Method Summary

• #[](attribute) ⇒ Object private
• #[]=(attribute, value) ⇒ Object private
• #commit ⇒ Object private
• #initialize(name, native_object = nil) ⇒ ADSIObject constructor private

  A new instance of ADSIObject.

• #native_object ⇒ Object private
• #object_class ⇒ Object private
• #sid ⇒ Object private
• #uri ⇒ Object private

Constructor Details

#initialize(name, native_object = nil) ⇒ ADSIObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of ADSIObject.

# File 'lib/puppet/util/windows/adsi.rb', line 253

def initialize(name, native_object = nil)
  @name = name
  @native_object = native_object
end

Class Attribute Details

.object_class ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Is either ‘user’ or ‘group’

# File 'lib/puppet/util/windows/adsi.rb', line 142

def object_class
  @object_class
end

Instance Attribute Details

#name ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 252

def name
  @name
end

Class Method Details

.delete(name) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 203

def delete(name)
  Puppet::Util::Windows::ADSI.delete(name, @object_class)
end

.each(&block) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 240

def each(&block)
  objects = []
  list_all.each do |o|
    # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
    # values are returned as UTF-8
    objects << new(o.name)
  end

  objects.each(&block)
end

.exists?(name_or_sid) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

• (Boolean)

# File 'lib/puppet/util/windows/adsi.rb', line 207

def exists?(name_or_sid)
  well_known = false
  if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
    # Examples of SidType include SidTypeUser, SidTypeGroup
    if sid.account_type == "SidType#{@object_class.capitalize}".to_sym
      # Check if we're getting back a local user when domain-joined
      return true unless [:MEMBER_WORKSTATION, :MEMBER_SERVER].include?(Puppet::Util::Windows::ADSI.domain_role)
      # The resource domain and the computer name are not always case-matching
      return sid.domain.casecmp(Puppet::Util::Windows::ADSI.computer_name) == 0
    end

    # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
    # so try to resolve it
    # https://msdn.microsoft.com/en-us/library/cc234477.aspx
    well_known = sid.account_type == :SidTypeWellKnownGroup
    return false if sid.account_type != :SidTypeAlias && !well_known
    name_or_sid = "#{sid.domain}\\#{sid.account}"
  end

  object = Puppet::Util::Windows::ADSI.connect(uri(*parse_name(name_or_sid)))
  object.Class.downcase == @object_class
rescue
  # special accounts like SYSTEM or special groups like Authenticated Users cannot
  # resolve via monikers like WinNT://./SYSTEM,user or WinNT://./Authenticated Users,group
  # -- they'll fail to connect. thus, given a validly resolved SID, this failure is
  # ambiguous as it may indicate either a group like Service or an account like SYSTEM
  well_known
end

.get_sids(adsi_child_collection) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

returns Puppet::Util::Windows::SID::Principal[] may contain objects that represent unresolvable SIDs

# File 'lib/puppet/util/windows/adsi.rb', line 174

def get_sids(adsi_child_collection)
  sids = []
  adsi_child_collection.each do |m|
    sids << Puppet::Util::Windows::SID.ads_to_principal(m)
  rescue Puppet::Util::Windows::Error => e
    case e.code
    when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE
      sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid)
    else
      raise e
    end
  end

  sids
end

.list_all ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Raises:

• (NotImplementedError)

# File 'lib/puppet/util/windows/adsi.rb', line 236

def list_all
  raise NotImplementedError, _("Subclass must implement class-level method 'list_all'!")
end

.localized_domains ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 144

def localized_domains
  @localized_domains ||= [
    # localized version of BUILTIN
    # for instance VORDEFINIERT on German Windows
    Puppet::Util::Windows::SID.sid_to_name('S-1-5-32').upcase,
    # localized version of NT AUTHORITY (can't use S-1-5)
    # for instance AUTORITE NT on French Windows
    Puppet::Util::Windows::SID.name_to_principal('SYSTEM').domain.upcase
  ]
end

.name_sid_hash(names, allow_unresolved = false) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 190

def name_sid_hash(names, allow_unresolved = false)
  return {} if names.nil? || names.empty?

  sids = names.map do |name|
    sid = Puppet::Util::Windows::SID.name_to_principal(name, allow_unresolved)
    raise Puppet::Error.new( _("Could not resolve name: %{name}") % { name: name } ) if !sid
    [sid.sid, sid]
  end

  Hash[ sids ]
end

.parse_name(name) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 160

def parse_name(name)
  if name =~ /\//
    raise Puppet::Error.new( _("Value must be in DOMAIN\\%{object_class} style syntax") % { object_class: @object_class } )
  end

  matches = name.scan(/((.*)\\)?(.*)/)
  domain = matches[0][1] || '.'
  account = matches[0][2]

  return account, domain
end

.uri(name, host = '.') ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 155

def uri(name, host = '.')
  host = '.' if (localized_domains << Socket.gethostname.upcase).include?(host.upcase)
  Puppet::Util::Windows::ADSI.uri(name, @object_class, host)
end

Instance Method Details

#[](attribute) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 274

def [](attribute)
  # Setting WIN32OLE.codepage ensures values are returned as UTF-8
  native_object.Get(attribute)
end

#[]=(attribute, value) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 279

def []=(attribute, value)
  native_object.Put(attribute, value)
end

#commit ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 283

def commit
  begin
    native_object.SetInfo
  rescue WIN32OLERuntimeError => e
    # ERROR_BAD_USERNAME 2202L from winerror.h
    if e.message =~ /8007089A/m
      raise Puppet::Error.new(
        _("Puppet is not able to create/delete domain %{object_class} objects with the %{object_class} resource.") % { object_class: object_class },
      )
    end

    raise Puppet::Error.new( _("%{object_class} update failed: %{error}") % { object_class: object_class.capitalize, error: e }, e )
  end
  self
end

#native_object ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 266

def native_object
  @native_object ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(name)))
end

#object_class ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 258

def object_class
  self.class.object_class
end

#sid ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 270

def sid
  @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_object.objectSID)
end

#uri ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/adsi.rb', line 262

def uri
  self.class.uri(sid.account, sid.domain)
end