Class: Puppet::Util::Windows::ADSI::ADSIObject

Inherits:

Object

• Object
• Puppet::Util::Windows::ADSI::ADSIObject

Extended by:

Enumerable

Defined in:

lib/puppet/util/windows/adsi.rb,
lib/puppet/util/windows.rb

Overview

Common base class shared by the User and Group classes below.

Direct Known Subclasses

Group, User

Class Attribute Summary

• .object_class ⇒ Object readonly

  Is either ‘user’ or ‘group’.

Instance Attribute Summary

• #name ⇒ Object readonly

  Returns the value of attribute name.

Class Method Summary

• .delete(name) ⇒ Object
• .each(&block) ⇒ Object
• .exists?(name_or_sid) ⇒ Boolean
• .get_sids(adsi_child_collection) ⇒ Object

  returns Puppet::Util::Windows::SID::Principal[] may contain objects that represent unresolvable SIDs.

• .list_all ⇒ Object
• .localized_domains ⇒ Object
• .name_sid_hash(names, allow_unresolved = false) ⇒ Object
• .parse_name(name) ⇒ Object
• .uri(name, host = '.') ⇒ Object

Instance Method Summary

• #[](attribute) ⇒ Object
• #[]=(attribute, value) ⇒ Object
• #commit ⇒ Object
• #initialize(name, native_object = nil) ⇒ ADSIObject constructor

  A new instance of ADSIObject.

• #native_object ⇒ Object
• #object_class ⇒ Object
• #sid ⇒ Object
• #uri ⇒ Object

Constructor Details

#initialize(name, native_object = nil) ⇒ ADSIObject

Returns a new instance of ADSIObject.

# File 'lib/puppet/util/windows/adsi.rb', line 255

def initialize(name, native_object = nil)
  @name = name
  @native_object = native_object
end

Class Attribute Details

.object_class ⇒ Object (readonly)

Is either ‘user’ or ‘group’

# File 'lib/puppet/util/windows/adsi.rb', line 141

def object_class
  @object_class
end

Instance Attribute Details

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/puppet/util/windows/adsi.rb', line 253

def name
  @name
end

Class Method Details

.delete(name) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 202

def delete(name)
  Puppet::Util::Windows::ADSI.delete(name, @object_class)
end

.each(&block) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 241

def each(&block)
  objects = []
  list_all.each do |o|
    # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
    # values are returned as UTF-8
    objects << new(o.name)
  end

  objects.each(&block)
end

.exists?(name_or_sid) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/puppet/util/windows/adsi.rb', line 206

def exists?(name_or_sid)
  well_known = false
  if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
    # Examples of SidType include SidTypeUser, SidTypeGroup
    if sid.account_type == "SidType#{@object_class.capitalize}".to_sym
      # Check if we're getting back a local user when domain-joined
      return true unless [:MEMBER_WORKSTATION, :MEMBER_SERVER].include?(Puppet::Util::Windows::ADSI.domain_role)

      # The resource domain and the computer name are not always case-matching
      return sid.domain.casecmp(Puppet::Util::Windows::ADSI.computer_name) == 0
    end

    # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
    # so try to resolve it
    # https://msdn.microsoft.com/en-us/library/cc234477.aspx
    well_known = sid.account_type == :SidTypeWellKnownGroup
    return false if sid.account_type != :SidTypeAlias && !well_known

    name_or_sid = "#{sid.domain}\\#{sid.account}"
  end

  object = Puppet::Util::Windows::ADSI.connect(uri(*parse_name(name_or_sid)))
  object.Class.downcase == @object_class
rescue
  # special accounts like SYSTEM or special groups like Authenticated Users cannot
  # resolve via monikers like WinNT://./SYSTEM,user or WinNT://./Authenticated Users,group
  # -- they'll fail to connect. thus, given a validly resolved SID, this failure is
  # ambiguous as it may indicate either a group like Service or an account like SYSTEM
  well_known
end

.get_sids(adsi_child_collection) ⇒ Object

returns Puppet::Util::Windows::SID::Principal[] may contain objects that represent unresolvable SIDs

# File 'lib/puppet/util/windows/adsi.rb', line 173

def get_sids(adsi_child_collection)
  sids = []
  adsi_child_collection.each do |m|
    sids << Puppet::Util::Windows::SID.ads_to_principal(m)
  rescue Puppet::Util::Windows::Error => e
    case e.code
    when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE
      sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid)
    else
      raise e
    end
  end

  sids
end

.list_all ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/puppet/util/windows/adsi.rb', line 237

def list_all
  raise NotImplementedError, _("Subclass must implement class-level method 'list_all'!")
end

.localized_domains ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 143

def localized_domains
  @localized_domains ||= [
    # localized version of BUILTIN
    # for instance VORDEFINIERT on German Windows
    Puppet::Util::Windows::SID.sid_to_name('S-1-5-32').upcase,
    # localized version of NT AUTHORITY (can't use S-1-5)
    # for instance AUTORITE NT on French Windows
    Puppet::Util::Windows::SID.name_to_principal('SYSTEM').domain.upcase
  ]
end

.name_sid_hash(names, allow_unresolved = false) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 189

def name_sid_hash(names, allow_unresolved = false)
  return {} if names.nil? || names.empty?

  sids = names.map do |name|
    sid = Puppet::Util::Windows::SID.name_to_principal(name, allow_unresolved)
    raise Puppet::Error, _("Could not resolve name: %{name}") % { name: name } unless sid

    [sid.sid, sid]
  end

  sids.to_h
end

.parse_name(name) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 159

def parse_name(name)
  if name =~ %r{/}
    raise Puppet::Error, _("Value must be in DOMAIN\\%{object_class} style syntax") % { object_class: @object_class }
  end

  matches = name.scan(/((.*)\\)?(.*)/)
  domain = matches[0][1] || '.'
  account = matches[0][2]

  [account, domain]
end

.uri(name, host = '.') ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 154

def uri(name, host = '.')
  host = '.' if (localized_domains << Socket.gethostname.upcase).include?(host.upcase)
  Puppet::Util::Windows::ADSI.uri(name, @object_class, host)
end

Instance Method Details

#[](attribute) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 276

def [](attribute)
  # Setting WIN32OLE.codepage ensures values are returned as UTF-8
  native_object.Get(attribute)
end

#[]=(attribute, value) ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 281

def []=(attribute, value)
  native_object.Put(attribute, value)
end

#commit ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 285

def commit
  begin
    native_object.SetInfo
  rescue WIN32OLERuntimeError => e
    # ERROR_BAD_USERNAME 2202L from winerror.h
    if e.message =~ /8007089A/m
      raise Puppet::Error, _("Puppet is not able to create/delete domain %{object_class} objects with the %{object_class} resource.") % { object_class: object_class }
    end

    raise Puppet::Error.new(_("%{object_class} update failed: %{error}") % { object_class: object_class.capitalize, error: e }, e)
  end
  self
end

#native_object ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 268

def native_object
  @native_object ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(name)))
end

#object_class ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 260

def object_class
  self.class.object_class
end

#sid ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 272

def sid
  @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_object.objectSID)
end

#uri ⇒ Object

# File 'lib/puppet/util/windows/adsi.rb', line 264

def uri
  self.class.uri(sid.account, sid.domain)
end