Class: Puppet::Util::Windows::ADSI::ADSIObject

 241 242 243 244 245 246 247 248 249 250

# File 'lib/puppet/util/windows/adsi.rb', line 241 def each(&block) objects = [] list_all.each do |o| # Setting WIN32OLE.codepage in the microsoft_windows feature ensures  # values are returned as UTF-8  objects << new(o.name) end objects.each(&block) end

 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235

# File 'lib/puppet/util/windows/adsi.rb', line 206 def exists?(name_or_sid) well_known = false if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid)) # Examples of SidType include SidTypeUser, SidTypeGroup  if sid.account_type == "SidType#{@object_class.capitalize}".to_sym # Check if we're getting back a local user when domain-joined  return true unless [:MEMBER_WORKSTATION, :MEMBER_SERVER].include?(Puppet::Util::Windows::ADSI.domain_role) # The resource domain and the computer name are not always case-matching  return sid.domain.casecmp(Puppet::Util::Windows::ADSI.computer_name) == 0 end # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM  # so try to resolve it  # https://msdn.microsoft.com/en-us/library/cc234477.aspx  well_known = sid.account_type == :SidTypeWellKnownGroup return false if sid.account_type != :SidTypeAlias && !well_known name_or_sid = "#{sid.domain}\\#{sid.account}" end object = Puppet::Util::Windows::ADSI.connect(uri(*parse_name(name_or_sid))) object.Class.downcase == @object_class rescue # special accounts like SYSTEM or special groups like Authenticated Users cannot  # resolve via monikers like WinNT://./SYSTEM,user or WinNT://./Authenticated Users,group  # -- they'll fail to connect. thus, given a validly resolved SID, this failure is  # ambiguous as it may indicate either a group like Service or an account like SYSTEM  well_known end

 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187

# File 'lib/puppet/util/windows/adsi.rb', line 173 def get_sids(adsi_child_collection) sids = [] adsi_child_collection.each do |m| sids << Puppet::Util::Windows::SID.ads_to_principal(m) rescue Puppet::Util::Windows::Error => e case e.code when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid) else raise e end end sids end

 237 238 239

# File 'lib/puppet/util/windows/adsi.rb', line 237 def list_all raise NotImplementedError, _("Subclass must implement class-level method 'list_all'!") end

 143 144 145 146 147 148 149 150 151 152

# File 'lib/puppet/util/windows/adsi.rb', line 143 def localized_domains @localized_domains ||= [ # localized version of BUILTIN  # for instance VORDEFINIERT on German Windows  Puppet::Util::Windows::SID.sid_to_name('S-1-5-32').upcase, # localized version of NT AUTHORITY (can't use S-1-5)  # for instance AUTORITE NT on French Windows  Puppet::Util::Windows::SID.name_to_principal('SYSTEM').domain.upcase ] end

 189 190 191 192 193 194 195 196 197 198 199 200

# File 'lib/puppet/util/windows/adsi.rb', line 189 def name_sid_hash(names, allow_unresolved = false) return {} if names.nil? || names.empty? sids = names.map do |name| sid = Puppet::Util::Windows::SID.name_to_principal(name, allow_unresolved) raise Puppet::Error, _("Could not resolve name: %{name}") % { name: name } unless sid [sid.sid, sid] end sids.to_h end

 159 160 161 162 163 164 165 166 167 168 169

# File 'lib/puppet/util/windows/adsi.rb', line 159 def parse_name(name) if name =~ %r{/} raise Puppet::Error, _("Value must be in DOMAIN\\%{object_class} style syntax") % { object_class: @object_class } end matches = name.scan(/((.*)\\)?(.*)/) domain = matches[0][1] || '.' account = matches[0][2] [account, domain] end

 154 155 156 157

# File 'lib/puppet/util/windows/adsi.rb', line 154 def uri(name, host = '.') host = '.' if (localized_domains << Socket.gethostname.upcase).include?(host.upcase) Puppet::Util::Windows::ADSI.uri(name, @object_class, host) end

 281 282 283

# File 'lib/puppet/util/windows/adsi.rb', line 281 def []=(attribute, value) native_object.Put(attribute, value) end

 285 286 287 288 289 290 291 292 293 294 295 296 297

# File 'lib/puppet/util/windows/adsi.rb', line 285 def commit begin native_object.SetInfo rescue WIN32OLERuntimeError => e # ERROR_BAD_USERNAME 2202L from winerror.h  if e.message =~ /8007089A/m raise Puppet::Error, _("Puppet is not able to create/delete domain %{object_class} objects with the %{object_class} resource.") % { object_class: object_class } end raise Puppet::Error.new(_("%{object_class} update failed: %{error}") % { object_class: object_class.capitalize, error: e }, e) end self end

 268 269 270

# File 'lib/puppet/util/windows/adsi.rb', line 268 def native_object @native_object ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(name))) end

 260 261 262

# File 'lib/puppet/util/windows/adsi.rb', line 260 def object_class self.class.object_class end

 272 273 274

# File 'lib/puppet/util/windows/adsi.rb', line 272 def sid @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_object.objectSID) end

 264 265 266

# File 'lib/puppet/util/windows/adsi.rb', line 264 def uri self.class.uri(sid.account, sid.domain) end