Class: Puppet::Util::Windows::ADSI::Group

Inherits:

Object

• Object
• Puppet::Util::Windows::ADSI::Group

Extended by:

Enumerable, Shared

Defined in:

lib/puppet/util/windows.rb,
lib/puppet/util/windows/adsi.rb

Instance Attribute Summary

• #name ⇒ Object readonly
• #native_group ⇒ Object

  msdn.microsoft.com/en-us/library/aa706021.aspx IADsGroup interface.

• #sid ⇒ Object readonly

Class Method Summary

• .create(name) ⇒ Object
• .delete(name) ⇒ Object
• .each(&block) ⇒ Object
• .exists?(name_or_sid) ⇒ Boolean

Instance Method Summary

• #add_member_sids(*sids) ⇒ Object
• #commit ⇒ Object
• #initialize(name, native_group = nil) ⇒ Group constructor

  A new instance of Group.

• #member_sids ⇒ Object
• #members ⇒ Object
• #remove_member_sids(*sids) ⇒ Object
• #set_members(desired_members, inclusive = true) ⇒ Object
• #uri ⇒ Object

Methods included from Shared

get_sids, name_sid_hash, parse_name

Constructor Details

#initialize(name, native_group = nil) ⇒ Group

Returns a new instance of Group.

# File 'lib/puppet/util/windows/adsi.rb', line 399

def initialize(name, native_group = nil)
  @name = name
  @native_group = native_group
end

Instance Attribute Details

#name ⇒ Object (readonly)

# File 'lib/puppet/util/windows/adsi.rb', line 398

def name
  @name
end

#native_group ⇒ Object

msdn.microsoft.com/en-us/library/aa706021.aspx IADsGroup interface

# File 'lib/puppet/util/windows/adsi.rb', line 397

def native_group
  @native_group
end

#sid ⇒ Object (readonly)

# File 'lib/puppet/util/windows/adsi.rb', line 398

def sid
  @sid
end

Class Method Details

.create(name) ⇒ Object

Raises:

• (Puppet::Error)

# File 'lib/puppet/util/windows/adsi.rb', line 480

def self.create(name)
  # Windows error 2224: The account already exists.
  raise Puppet::Error.new( "Cannot create group if user '#{name}' exists." ) if Puppet::Util::Windows::ADSI::User.exists? name
  new(name, Puppet::Util::Windows::ADSI.create(name, 'group'))
end

.delete(name) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 508

def self.delete(name)
  Puppet::Util::Windows::ADSI.delete(name, 'group')
end

.each(&block) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 512

def self.each(&block)
  wql = Puppet::Util::Windows::ADSI.execquery( 'select name from win32_group where localaccount = "TRUE"' )

  groups = []
  wql.each do |g|
    groups << new(g.name)
  end

  groups.each(&block)
end

.exists?(name_or_sid) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/puppet/util/windows/adsi.rb', line 486

def self.exists?(name_or_sid)
  well_known = false
  if (sid = Puppet::Util::Windows::SID.name_to_sid_object(name_or_sid))
    return true if sid.account_type == :SidTypeGroup

    # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
    # so try to resolve it
    # https://msdn.microsoft.com/en-us/library/cc234477.aspx
    well_known = sid.account_type == :SidTypeWellKnownGroup
    return false if sid.account_type != :SidTypeAlias && !well_known
    name_or_sid = "#{sid.domain}\\#{sid.account}"
  end

  user = Puppet::Util::Windows::ADSI.connect(Group.uri(*Group.parse_name(name_or_sid)))
  user.Class == 'Group'
rescue
  # special groups like Authenticated Users cannot resolve via moniker like WinNT://./Authenticated Users,group
  # and thus fail to connect - so given a validly resolved SID, this failure is ambiguous as it
  # may indicate either a group like Service or an account like SYSTEM
  well_known
end

Instance Method Details

#add_member_sids(*sids) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 433

def add_member_sids(*sids)
  sids.each do |sid|
    native_group.Add(Puppet::Util::Windows::ADSI.sid_uri(sid))
  end
end

#commit ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 416

def commit
  begin
    native_group.SetInfo unless native_group.nil?
  rescue WIN32OLERuntimeError => e
    # ERROR_BAD_USERNAME 2202L from winerror.h
    if e.message =~ /8007089A/m
      raise Puppet::Error.new(
        "Puppet is not able to create/delete domain groups with the group resource.",
        e
      )
    end

    raise Puppet::Error.new( "Group update failed: #{e}", e )
  end
  self
end

#member_sids ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 452

def member_sids
  self.class.get_sids(native_group.Members)
end

#members ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 445

def members
  # WIN32OLE objects aren't enumerable, so no map
  members = []
  native_group.Members.each {|m| members << m.Name}
  members
end

#remove_member_sids(*sids) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 439

def remove_member_sids(*sids)
  sids.each do |sid|
    native_group.Remove(Puppet::Util::Windows::ADSI.sid_uri(sid))
  end
end

#set_members(desired_members, inclusive = true) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 456

def set_members(desired_members, inclusive = true)
  return if desired_members.nil?

  current_hash = Hash[ self.member_sids.map { |sid| [sid.sid, sid] } ]
  desired_hash = self.class.name_sid_hash(desired_members)

  # First we add all missing members
  if !desired_hash.empty?
    members_to_add = (desired_hash.keys - current_hash.keys).map { |sid| desired_hash[sid] }
    add_member_sids(*members_to_add)
  end

  # Then we remove all extra members if inclusive
  if inclusive
    if desired_hash.empty?
      members_to_remove = current_hash.values
    else
      members_to_remove = (current_hash.keys - desired_hash.keys).map { |sid| current_hash[sid] }
    end

    remove_member_sids(*members_to_remove)
  end
end

#uri ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 404

def uri
  self.class.uri(sid.account, sid.domain)
end