Class: Puppet::Util::Windows::ADSI::User

Inherits:
Object
  • Object
show all
Extended by:
Enumerable, FFI::Library, Shared
Defined in:
lib/puppet/util/windows.rb,
lib/puppet/util/windows/adsi.rb

Constant Summary collapse

MAX_USERNAME_LENGTH =

UNLEN from lmcons.h - stackoverflow.com/a/2155176

256

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Shared

get_sids, name_sid_hash, parse_name

Methods included from FFI::Library

attach_function_private

Constructor Details

#initialize(name, native_user = nil) ⇒ User

Returns a new instance of User.



158
159
160
161
# File 'lib/puppet/util/windows/adsi.rb', line 158

def initialize(name, native_user = nil)
  @name = name
  @native_user = native_user
end

Instance Attribute Details

#nameObject (readonly)



157
158
159
# File 'lib/puppet/util/windows/adsi.rb', line 157

def name
  @name
end

#native_userObject



156
157
158
# File 'lib/puppet/util/windows/adsi.rb', line 156

def native_user
  @native_user
end

#sidObject (readonly)



157
158
159
# File 'lib/puppet/util/windows/adsi.rb', line 157

def sid
  @sid
end

Class Method Details

.create(name) ⇒ Object

Raises:



298
299
300
301
302
# File 'lib/puppet/util/windows/adsi.rb', line 298

def self.create(name)
  # Windows error 1379: The specified local group already exists.
  raise Puppet::Error.new( "Cannot create user if group '#{name}' exists." ) if Puppet::Util::Windows::ADSI::Group.exists? name
  new(name, Puppet::Util::Windows::ADSI.create(name, 'user'))
end

.current_user_nameObject



306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
# File 'lib/puppet/util/windows/adsi.rb', line 306

def self.current_user_name
  user_name = ''
  max_length = MAX_USERNAME_LENGTH + 1 # NULL terminated
  FFI::MemoryPointer.new(max_length * 2) do |buffer| # wide string
    FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
      buffer_size.write_dword(max_length) # length in TCHARs

      if GetUserNameW(buffer, buffer_size) == FFI::WIN32_FALSE
        raise Puppet::Util::Windows::Error.new("Failed to get user name")
      end
      # buffer_size includes trailing NULL
      user_name = buffer.read_wide_string(buffer_size.read_dword - 1)
    end
  end

  user_name
end

.delete(name) ⇒ Object



328
329
330
# File 'lib/puppet/util/windows/adsi.rb', line 328

def self.delete(name)
  Puppet::Util::Windows::ADSI.delete(name, 'user')
end

.each(&block) ⇒ Object



332
333
334
335
336
337
338
339
340
341
# File 'lib/puppet/util/windows/adsi.rb', line 332

def self.each(&block)
  wql = Puppet::Util::Windows::ADSI.execquery('select name from win32_useraccount where localaccount = "TRUE"')

  users = []
  wql.each do |u|
    users << new(u.name)
  end

  users.each(&block)
end

.exists?(name) ⇒ Boolean

Returns:

  • (Boolean)


324
325
326
# File 'lib/puppet/util/windows/adsi.rb', line 324

def self.exists?(name)
  Puppet::Util::Windows::ADSI::connectable?(User.uri(*User.parse_name(name)))
end

.logon(name, password) ⇒ Object



175
176
177
# File 'lib/puppet/util/windows/adsi.rb', line 175

def self.logon(name, password)
  Puppet::Util::Windows::User.password_is?(name, password)
end

Instance Method Details

#[](attribute) ⇒ Object



179
180
181
# File 'lib/puppet/util/windows/adsi.rb', line 179

def [](attribute)
  native_user.Get(attribute)
end

#[]=(attribute, value) ⇒ Object



183
184
185
# File 'lib/puppet/util/windows/adsi.rb', line 183

def []=(attribute, value)
  native_user.Put(attribute, value)
end

#add_flag(flag_name, value) ⇒ Object



208
209
210
211
212
213
214
# File 'lib/puppet/util/windows/adsi.rb', line 208

def add_flag(flag_name, value)
  flag = native_user.Get(flag_name) rescue 0

  native_user.Put(flag_name, flag | value)

  commit
end

#add_group_sids(*sids) ⇒ Object



249
250
251
252
253
254
255
256
# File 'lib/puppet/util/windows/adsi.rb', line 249

def add_group_sids(*sids)
  group_names = []
  sids.each do |sid|
    group_names << Puppet::Util::Windows::SID.sid_to_name(sid)
  end

  add_to_groups(*group_names)
end

#add_to_groups(*group_names) ⇒ Object Also known as: add_to_group



234
235
236
237
238
# File 'lib/puppet/util/windows/adsi.rb', line 234

def add_to_groups(*group_names)
  group_names.each do |group_name|
    Puppet::Util::Windows::ADSI::Group.new(group_name).add_member_sids(sid)
  end
end

#commitObject



187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# File 'lib/puppet/util/windows/adsi.rb', line 187

def commit
  begin
    native_user.SetInfo unless native_user.nil?
  rescue WIN32OLERuntimeError => e
    # ERROR_BAD_USERNAME 2202L from winerror.h
    if e.message =~ /8007089A/m
      raise Puppet::Error.new(
       "Puppet is not able to create/delete domain users with the user resource.",
       e
      )
    end

    raise Puppet::Error.new( "User update failed: #{e}", e )
  end
  self
end

#group_sidsObject



267
268
269
# File 'lib/puppet/util/windows/adsi.rb', line 267

def group_sids
  self.class.get_sids(native_user.Groups)
end

#groupsObject



226
227
228
229
230
231
232
# File 'lib/puppet/util/windows/adsi.rb', line 226

def groups
  # https://msdn.microsoft.com/en-us/library/aa746342.aspx
  # WIN32OLE objects aren't enumerable, so no map
  groups = []
  native_user.Groups.each {|g| groups << g.Name} rescue nil
  groups
end

#password=(password) ⇒ Object



216
217
218
219
220
221
222
223
224
# File 'lib/puppet/util/windows/adsi.rb', line 216

def password=(password)
  if !password.nil?
    native_user.SetPassword(password)
    commit
  end

  fADS_UF_DONT_EXPIRE_PASSWD = 0x10000
  add_flag("UserFlags", fADS_UF_DONT_EXPIRE_PASSWD)
end

#password_is?(password) ⇒ Boolean

Returns:

  • (Boolean)


204
205
206
# File 'lib/puppet/util/windows/adsi.rb', line 204

def password_is?(password)
  self.class.logon(name, password)
end

#remove_from_groups(*group_names) ⇒ Object Also known as: remove_from_group



241
242
243
244
245
# File 'lib/puppet/util/windows/adsi.rb', line 241

def remove_from_groups(*group_names)
  group_names.each do |group_name|
    Puppet::Util::Windows::ADSI::Group.new(group_name).remove_member_sids(sid)
  end
end

#remove_group_sids(*sids) ⇒ Object



258
259
260
261
262
263
264
265
# File 'lib/puppet/util/windows/adsi.rb', line 258

def remove_group_sids(*sids)
  group_names = []
  sids.each do |sid|
    group_names << Puppet::Util::Windows::SID.sid_to_name(sid)
  end

  remove_from_groups(*group_names)
end

#set_groups(desired_groups, minimum = true) ⇒ Object



271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
# File 'lib/puppet/util/windows/adsi.rb', line 271

def set_groups(desired_groups, minimum = true)
  return if desired_groups.nil?

  desired_groups = desired_groups.split(',').map(&:strip)

  current_hash = Hash[ self.group_sids.map { |sid| [sid.to_s, sid] } ]
  desired_hash = self.class.name_sid_hash(desired_groups)

  # First we add the user to all the groups it should be in but isn't
  if !desired_groups.empty?
    groups_to_add = (desired_hash.keys - current_hash.keys).map { |sid| desired_hash[sid] }
    add_group_sids(*groups_to_add)
  end

  # Then we remove the user from all groups it is in but shouldn't be, if
  # that's been requested
  if !minimum
    if desired_hash.empty?
      groups_to_remove = current_hash.values
    else
      groups_to_remove = (current_hash.keys - desired_hash.keys).map { |sid| current_hash[sid] }
    end

    remove_group_sids(*groups_to_remove)
  end
end

#uriObject



171
172
173
# File 'lib/puppet/util/windows/adsi.rb', line 171

def uri
  self.class.uri(sid., sid.domain)
end