RubyGems - sys-admin - Versions diffs - 1.3.1-mswin32 → 1.4.0-mswin32 - Mend

sys-admin 1.3.1-mswin32 → 1.4.0-mswin32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

data/CHANGES CHANGED

@@ -1,3 +1,19 @@
+== 1.4.0 - 20-Jan-2007
+* Added the following methods: add_local_user, config_local_user,
+  delete_local_user, add_global_group, config_global_group, and
+  delete_global_group.  MS Windows only at the moment.
+* Added corresponding tests.
+* Added much more inline documentation.
+* Major refactoring of the get_lastlog_info helper function in admin.h.  This
+  fixed a major bug in some flavors of Linux where the Admin.users method
+  could go into an infinite loop.  It also fixed some minor bugs where console
+  and host values were sometimes filled with junk characters.
+* Added the User#change attribute, and a check for the pw_change struct member
+  in the extconf.rb file.
+* The User#expire attribute is now handled as a Time object instead of an
+  integer.
+* Renamed tc_win32.rb to tc_windows.rb
 == 1.3.1 - 29-Jun-2005
 * Fixed a bug where the inability to read the lastlog file caused an error.
   From now on that error is ignored, and the lastlog attributes of the User

data/MANIFEST CHANGED

@@ -1,17 +1,18 @@
-extconf.rb
-install.rb
-sys-admin.gemspec
-CHANGES
-MANIFEST
-README
+* install.rb
+* sys-admin.gemspec
+* CHANGES
+* MANIFEST
+* README
-examples/groups.rb
-examples/users.rb
+* examples/groups.rb
+* examples/users.rb
-lib/sys/unix.c
-lib/sys/unix.h
-lib/sys/win32.rb
+* ext/admin.c
+* ext/admin.h
+* ext/extconf.rb
-test/tc_admin.rb
-test/tc_unix.rb
-test/tc_win32.rb
+* lib/sys/win32.rb
+* test/tc_admin.rb
+* test/tc_unix.rb
+* test/tc_windows.rb

data/README CHANGED

@@ -3,18 +3,18 @@
    Etc module.
 == Installation
-=== Win32
-	ruby test\tc_admin.rb # optional
-	ruby install.rb
+=== Windows
+   ruby tc_admin.rb # optional (in the 'test' directory)
+   ruby install.rb
 === Unix
-   ruby extconf.rb
-   nmake
-   ruby test\tc_admin.rb # optional
-   nmake site-install
+   ruby extconf.rb (in the 'ext' directory)
+   make
+   ruby tc_admin.rb # optional (in the 'test' directory)
+   make install
 == Synopsis
-   require "sys/admin"
+   require 'sys/admin'
    include Sys
    # Yields a User object for each user
@@ -47,7 +47,7 @@ Admin.get_user(name, host=localhost)
 Admin.get_user(uid, host=localhost, local=true)
    Returns a User object based on +name+ or +uid+.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You may also specify whether to
    retrieve a local or global account.  The default is local.
@@ -55,7 +55,7 @@ Admin.get_group(name, host=localhost, local=true)
 Admin.get_group(gid, host=localhost, local=true)
    Returns a Group object based on +name+ or +uid+.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You can retrieve either a global or
    local group, depending on the value of the +local+ argument.
@@ -64,7 +64,7 @@ Admin.groups(host=localhost, local=true){ |group| ... }
    In block form, yields a Group object for each user on the system.  In
    non-block form, returns an Array of Group objects.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You can retrieve either a global or
    local group, depending on the value of the +local+ argument.
@@ -73,13 +73,13 @@ Admin.users(host=localhost, local=true){ |user| ... }
    In block form, yields a User object for each user on the system.  In
    non-block form, returns an Array of User objects.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You can retrieve either a global or
    local group, depending on the value of the +local+ argument.
 == User class
-=== User (Win32)
-	The User class has the following attributes on Win32 systems:
+=== User (Windows)
+   The User class has the following attributes on MS Windows systems:
    * account_type
    * caption
@@ -99,7 +99,7 @@ Admin.users(host=localhost, local=true){ |user| ... }
    * password_required?
 === User (Unix)
-	The User class has the following attributes on Unix systems:
+   The User class has the following attributes on Unix systems:
    * name
    * passwd
@@ -112,11 +112,12 @@ Admin.users(host=localhost, local=true){ |user| ... }
    * age
    * class
    * comment
+   * change
    * expire
 == Group Classes
-=== Group (Win32)
-	The Group class has the following attributes on Win32 systems:
+=== Group (Windows)
+   The Group class has the following attributes on MS Windows systems:
    * caption
    * description
@@ -129,46 +130,61 @@ Admin.users(host=localhost, local=true){ |user| ... }
    * local?
 === Group (Unix)
-	The Group class has the following attributes on Unix systems:
+   The Group class has the following attributes on Unix systems:
-	* name
-	* gid
-	* members
-	* passwd
+   * name
+   * gid
+   * members
+   * passwd
 == Error Classes
 AdminError < StandardError
    Raised if anything goes wrong with any of the above methods.
 == Developer's Notes
-=== Win32
-	The Win32 version now uses a win32ole + WMI approach to getting
-	information.  This means that the WMI service must be running on the
-	target machine in order to work (which it is, by default).
+=== MS Windows
+   The Windows version now uses a win32ole + WMI approach to getting
+   information.  This means that the WMI service must be running on the
+   target machine in order to work (which it is, by default).
-	Note that, by default, local user and group information is retrieved
-	instead of global.  You probably do NOT want to iterate over global users
-	or groups because there can be quite a few on your domain.
+   Note that, by default, local user and group information is retrieved
+   instead of global.  You probably do NOT want to iterate over global users
+   or groups because there can be quite a few on your domain.
+=== UNIX
+   The underlying implementation is similar to core Ruby's Etc implementation.
+   But, in addition to the different interface, I use the re-entrant version
+   of the appropriate functions when available.
 == Future Plans
-   The following methods will be added for both platforms:
-   * Admin.add_user
-   * Admin.config_user
-   * Admin.delete_user
+   Add the following methods for UNIX:
+   * Admin.add_local_user
+   * Admin.config_local_user
+   * Admin.delete_local_user
+   * Admin.add_global_user
+   * Admin.config_global_user
+   * Admin.delete_global_user
+   * Admin.add_local_group
+   * Admin.config_local_group
+   * Admin.delete_local_group
+   * Admin.add_global_group
+   * Admin.config_global_group
+   * Admin.delete_global_group
 == Known Bugs
-   None that I'm aware of.  If you find any, please log them on the project
+   None that I'm aware of. If you find any, please log them on the project
    page at http://www.rubyforge.org/projects/sysutils.
 == License
    Ruby's
 == Copyright
-   (C) 2005, Daniel J. Berger
+   (C) 2005-2007, Daniel J. Berger
    All Rights Reserved
 == Author
    Daniel J. Berger
-   djberg96@yahoo.com
-   IRC nickname: imperator/mok/rubyhacker1
+   djberg96 at nospam at gmail dot com
+   IRC nickname: imperator/mok/rubyhacker1 (freenode)

data/examples/groups.rb ADDED

@@ -0,0 +1,39 @@
+###########################################################################
+# groups.rb
+#
+# Sample script to demonstrate some of the various group methods.  Alter
+# as you see fit.
+###########################################################################
+base = File.basename(Dir.pwd)
+if base == "examples" || base =~ /sys-admin.*/
+   require "ftools"
+   Dir.chdir("..") if base == "examples"
+   Dir.mkdir("sys") unless File.exists?("sys")
+   if RUBY_PLATFORM.match("mswin")
+      File.copy("lib/sys/admin.rb", "sys/admin.rb")
+   else
+      File.copy("admin.so","sys") if File.exists?("admin.so")
+   end
+   $LOAD_PATH.unshift(Dir.pwd)
+end
+require "pp"
+require "sys/admin"
+include Sys
+if PLATFORM.match("mswin")
+   pp Admin.get_group("guests")
+   pp Admin.get_group(513)
+else
+   pp Admin.get_group("adm")
+   pp Admin.get_group(7)
+end
+Admin.groups{ |g|
+   pp g
+   puts
+}
+# This should raise an error
+Admin.get_group("fofofofof")

data/examples/users.rb ADDED

@@ -0,0 +1,53 @@
+###########################################################################
+# users.rb
+#
+# Sample script to demonstrate some of the various user methods.  Alter
+# as you see fit.
+###########################################################################
+base = File.basename(Dir.pwd)
+if base == "examples" || base =~ /sys-admin.*/
+   require "ftools"
+   Dir.chdir("..") if base == "examples"
+   Dir.mkdir("sys") unless File.exists?("sys")
+   if RUBY_PLATFORM.match("mswin")
+      File.copy("lib/sys/admin.rb", "sys/admin.rb")
+   else
+      File.copy("admin.so","sys") if File.exists?("admin.so")
+   end
+   $LOAD_PATH.unshift(Dir.pwd)
+end
+require "pp"
+require "sys/admin"
+include Sys
+user = User.new do |u|
+   u.name              = "Foo"
+   u.description       = "Test account"
+   u.password          = "changeme"
+   #u.lockout           = false
+   u.disabled          = true
+   #u.password_required = true
+end
+Admin.delete_user(u.name) rescue nil
+Admin.add_user(user)
+#pp Admin.get_user("Foo")
+#Admin.delete_user("Foo")
+=begin
+user = Admin.get_login
+puts "User: #{user}"
+Admin.users{ |u|
+   pp u
+   puts
+}
+pp Admin.get_user(user)
+pp Admin.get_user(501)
+=end

data/install.rb ADDED

@@ -0,0 +1,22 @@
+##############################################
+# install.rb
+#
+# Install script for Win32 systems only.
+##############################################
+unless File::ALT_SEPARATOR
+   STDERR.puts "Unix systems should use the extconf.rb file for installation."
+   STDERR.puts "Exiting.  The sys-admin package was NOT installed."
+   exit
+end
+require "rbconfig"
+require "ftools"
+include Config
+sitedir = CONFIG['sitelibdir']
+unless File.exist?("#{sitedir}/sys")
+   Dir.mkdir("#{sitedir}/sys")
+end
+File.copy("lib/sys/win32.rb", "#{sitedir}/sys/admin.rb", true)

data/lib/sys/admin.rb CHANGED

@@ -1,403 +1,712 @@
-require "win32ole"
-require "Win32API"
-require "socket"
-module Sys
-   class AdminError < StandardError; end
-   class Group
-      attr_accessor :caption, :description, :domain, :install_date
-      attr_accessor :name, :sid, :status, :gid
-      attr_writer :local
-      def initialize
-         yield self if block_given?
-      end
-      def local?
-         @local
-      end
-      def sid_type
-         @sid_type
-      end
-      def sid_type=(stype)
-         case stype
-            when 1
-               @sid_type = "user"
-            when 2
-               @sid_type = "group"
-            when 3
-               @sid_type = "domain"
-            when 4
-               @sid_type = "alias"
-            when 5
-               @sid_type = "well_known_group"
-            when 6
-               @sid_type = "deleted_account"
-            when 7
-               @sid_type = "invalid"
-            when 8
-               @sid_type = "unknown"
-            when 9
-               @sid_type = "computer"
-            else
-               @sid_type = "unknown"
-         end
-         @sid_type
-      end
-   end
-   class User
-      attr_accessor :caption, :description, :domain, :password
-      attr_accessor :full_name, :install_date, :name, :sid, :status
-      attr_writer :disabled, :local, :lockout, :password_changeable
-      attr_writer :password_expires, :password_required
-      attr_reader :account_type
-      def initialize
-         yield self if block_given?
-      end
-      def account_type=(type)
-         case type
-            when 256
-               @account_type = "duplicate"
-            when 512
-               @account_type = "normal"
-            when 2048
-               @account_type = "interdomain_trust"
-            when 4096
-               @account_type = "workstation_trust"
-            when 8192
-               @account_type = "server_trust"
-            else
-               @account_type = "unknown"
-         end
-      end
-      def sid_type
-         @sid_type
-      end
-      def sid_type=(stype)
-         case stype
-            when 1
-               @sid_type = "user"
-            when 2
-               @sid_type = "group"
-            when 3
-               @sid_type = "domain"
-            when 4
-               @sid_type = "alias"
-            when 5
-               @sid_type = "well_known_group"
-            when 6
-               @sid_type = "deleted_account"
-            when 7
-               @sid_type = "invalid"
-            when 8
-               @sid_type = "unknown"
-            when 9
-               @sid_type = "computer"
-            else
-               @sid_type = "unknown"
-         end
-      end
-      def disabled?
-         @disabled
-      end
-      def local?
-         @local
-      end
-      def lockout?
-         @lockout
-      end
-      def password_changeable?
-         @password_changeable
-      end
-      def password_expires?
-         @password_expires
-      end
-      def password_required?
-         @password_required
-      end
-   end
-   class Admin
-      VERSION = "1.3.1"
-      # Deletes +userid+ from the given +host+, or the local host if no host
-      # is specified.
-      #
-      def self.delete_user(userid=nil, host=Socket.gethostname)
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
-         rescue WIN32OLERuntimeError => err
-            raise AdminError, err
-         end
-         begin
-            adsi.delete("user", userid)
-         rescue WIN32OLERuntimeError => err
-            raise AdminError, err
-         end
-      end
-      # Returns the user name (only) of the current login.
-      #
-      def self.get_login
-         getlogin = Win32API.new("advapi32","GetUserName",['P','P'],'L')
-         buffer = "\0" * 256;
-         nsize = [256].pack("L")
-         getlogin.call(buffer,nsize)
-         len = nsize.unpack("L")[0]
-         username = buffer[0 ... len].chop
-         username
-      end
-      # Returns a User object based on either +name+ or +uid+.
-      #
-      # call-seq:
-      #    get_user(name, host=localhost)
-      #    get_user(uid, host=localhost, local=true)
-      #
-      # You may specify a +host+ from which information is retrieved.  The
-      # default is the local machine.  You may also specify whether to
-      # retrieve a local or global account.  The default is local.
-      #
-      def self.get_user(uid, host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_useraccount"
-         query << " where localaccount = true" if local
-         if uid.kind_of?(Fixnum)
-            if local
-               query << " and sid like '%-#{uid}'"
-            else
-               query << " where sid like '%-#{uid}'"
-            end
-         else
-            if local
-               query << " and name = '#{uid}'"
-            else
-               query << " where name = '#{uid}'"
-            end
-         end
-         wmi.execquery(query).each{ |user|
-            # Because our 'like' query isn't fulproof, let's parse
-            # the SID again to make sure
-            if uid.kind_of?(Fixnum)
-               if user.sid.split("-").last.to_i != uid
-                  next
-               end
-            end
-            usr = User.new do |u|
-               u.account_type = user.accounttype
-               u.caption      = user.caption
-               u.description  = user.description
-               u.disabled     = user.disabled
-               u.domain       = user.domain
-               u.full_name    = user.fullname
-               u.install_date = user.installdate
-               u.local        = user.localaccount
-               u.lockout      = user.lockout
-               u.name         = user.name
-               u.password_changeable = user.passwordchangeable
-               u.password_expires    = user.passwordexpires
-               u.password_required   = user.passwordrequired
-               u.sid      = user.sid
-               u.sid_type = user.sidtype
-               u.status   = user.status
-            end
-            return usr
-         }
-      end
-      # In block form, yields a User object for each user on the system.  In
-      # non-block form, returns an Array of User objects.
-      #
-      # call-seq:
-      #    users(host=localhost, local=true)
-      #    users(host=localhost, local=true){ |user| ... }
-      #
-      # You may specify a host from which information is retrieved.  The
-      # default is the local machine.  You can retrieve either a global or
-      # group, depending on the value of the +local+ argument.
-      #
-      def self.users(host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_useraccount"
-         query << " where localaccount = true" if local
-         array = []
-         wmi.execquery(query).each{ |user|
-            usr = User.new do |u|
-               u.account_type = user.accounttype
-               u.caption      = user.caption
-               u.description  = user.description
-               u.disabled     = user.disabled
-               u.domain       = user.domain
-               u.full_name    = user.fullname
-               u.install_date = user.installdate
-               u.local        = user.localaccount
-               u.lockout      = user.lockout
-               u.name         = user.name
-               u.password_changeable = user.passwordchangeable
-               u.password_expires    = user.passwordexpires
-               u.password_required   = user.passwordrequired
-               u.sid      = user.sid
-               u.sid_type = user.sidtype
-               u.status   = user.status
-            end
-            if block_given?
-               yield usr
-            else
-               array.push(usr)
-            end
-         }
-         return array unless block_given?
-      end
-      # Returns a Group object based on either +name+ or +uid+.
-      #
-      # call-seq:
-      #    get_group(name, host=localhost, local=true)
-      #    get_group(gid, host=localhost, local=true)
-      #
-      # You may specify a host from which information is retrieved.
-      # The default is the local machine.  You can retrieve either a global or
-      # local group, depending on the value of the +local+ argument.
-      #
-      def self.get_group(grp, host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         gid = nil
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_group"
-         query << " where localaccount = true" if local
-         if grp.kind_of?(Fixnum)
-            if local
-               query << " and sid like '%-#{grp}'"
-            else
-               query << " where sid like '%-#{grp}'"
-            end
-         else
-            if local
-               query << " and name = '#{grp}'"
-            else
-               query << " where name = '#{grp}'"
-            end
-         end
-         wmi.execquery(query).each{ |group|
-            gid = group.sid.split("-").last.to_i
-            # Because our 'like' query isn't fulproof, let's parse
-            # the SID again to make sure
-            if grp.kind_of?(Fixnum)
-               next if grp != gid
-            end
-            grp = Group.new do |g|
-               g.caption      = group.caption
-               g.description  = group.description
-               g.domain       = group.domain
-               g.gid          = gid
-               g.install_date = group.installdate
-               g.local        = group.localaccount
-               g.name         = group.name
-               g.sid          = group.sid
-               g.sid_type     = group.sidtype
-               g.status       = group.status
-            end
-            return grp
-         }
-         # If we're here, it means it wasn't found.
-         raise AdminError, "no group found for '#{grp}'"
-      end
-      # In block form, yields a Group object for each user on the system.  In
-      # non-block form, returns an Array of Group objects.
-      #
-      # call-seq:
-      #    groups(host=localhost, local=true)
-      #    groups(host=localhost, local=true){ |group| ... }
-      #
-      # You may specify a host from which information is retrieved.
-      # The default is the local machine.  You can retrieve either a global or
-      # local group, depending on the value of the +local+ argument.
-      #
-      def self.groups(host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_group"
-         query << " where localaccount = true" if local
-         array = []
-         wmi.execquery(query).each{ |group|
-            grp = Group.new do |g|
-               g.caption      = group.caption
-               g.description  = group.description
-               g.domain       = group.domain
-               g.gid          = group.sid.split("-").last.to_i
-               g.install_date = group.installdate
-               g.local        = group.localaccount
-               g.name         = group.name
-               g.sid          = group.sid
-               g.sid_type     = group.sidtype
-               g.status       = group.status
-            end
-            if block_given?
-               yield grp
-            else
-               array.push(grp)
-            end
-         }
-         return array unless block_given?
-      end
-   end
-end
+require "win32ole"
+require "Win32API"
+require "socket"
+module Sys
+   # This is the error raised in the majority of cases if anything goes wrong
+   # with any of the Sys::Admin methods.
+   #
+   class AdminError < StandardError; end
+   class Group
+      # Short description of the object.
+      attr_accessor :caption
+      # Description of the group.
+      attr_accessor :description
+      # Name of the Windows domain to which the group account belongs.
+      attr_accessor :domain
+      # Date the group was added.
+      attr_accessor :install_date
+      # Name of the Windows group account on the Group#domain specified.
+      attr_accessor :name
+      # Security identifier for this group.
+      attr_accessor :sid
+      # Current status for the group, such as "ok", "error", etc.
+      attr_accessor :status
+      # The group ID.
+      attr_accessor :gid
+      # Sets whether or not the group is local (as opposed to global).
+      attr_writer :local
+      # Creates and returns a new Group object.  This class encapsulates
+      # the information for a group account, whether it be global or local.
+      #
+      # Yields +self+ if a block is given.
+      #
+      def initialize
+         yield self if block_given?
+      end
+      # Returns whether or not the group is a local group.
+      #
+      def local?
+         @local
+      end
+      # Returns the type of SID (Security Identifier) as a stringified value.
+      #
+      def sid_type
+         @sid_type
+      end
+      # Sets the SID (Security Identifier) type to +stype+, which can be
+      # one of the following constant values:
+      #
+      # * Admin::SidTypeUser
+      # * Admin::SidTypeGroup
+      # * Admin::SidTypeDomain
+      # * Admin::SidTypeAlias
+      # * Admin::SidTypeWellKnownGroup
+      # * Admin::SidTypeDeletedAccount
+      # * Admin::SidTypeInvalid
+      # * Admin::SidTypeUnknown
+      # * Admin::SidTypeComputer
+      #
+      def sid_type=(stype)
+         if stype.kind_of?(String)
+            @sid_type = stype.downcase
+         else
+            case stype
+               when Admin::SidTypeUser
+                  @sid_type = "user"
+               when Admin::SidTypeGroup
+                  @sid_type = "group"
+               when Admin::SidTypeDomain
+                  @sid_type = "domain"
+               when Admin::SidTypeAlias
+                  @sid_type = "alias"
+               when Admin::SidTypeWellKnownGroup
+                  @sid_type = "well_known_group"
+               when Admin::SidTypeDeletedAccount
+                  @sid_type = "deleted_account"
+               when Admin::SidTypeInvalid
+                  @sid_type = "invalid"
+               when Admin::SidTypeUnknown
+                  @sid_type = "unknown"
+               when Admin::SidTypeComputer
+                  @sid_type = "computer"
+               else
+                  @sid_type = "unknown"
+            end
+         end
+         @sid_type
+      end
+   end
+   class User
+      # An account for users whose primary account is in another domain.
+      TEMP_DUPLICATE = 0x0100
+      # Default account type that represents a typical user.
+      NORMAL = 0x0200
+      # A permit to trust account for a domain that trusts other domains.
+      INTERDOMAIN_TRUST = 0x0800
+      # An account for a Windows NT/2000 workstation or server that is a
+      # member of this domain.
+      WORKSTATION_TRUST = 0x1000
+      # A computer account for a backup domain controller that is a member
+      # of this domain.
+      SERVER_TRUST = 0x2000
+      # Domain and username of the account.
+      attr_accessor :caption
+      # Description of the account.
+      attr_accessor :description
+      # Name of the Windows domain to which a user account belongs.
+      attr_accessor :domain
+      # The user's password.
+      attr_accessor :password
+      # Full name of a local user.
+      attr_accessor :full_name
+      # Date the user account was created.
+      attr_accessor :install_date
+      # Name of the Windows user account on the domain that the User#domain
+      # property specifies.
+      attr_accessor :name
+      # The user's security identifier.
+      attr_accessor :sid
+      # Current status for the group, such as "ok", "error", etc.
+      attr_accessor :status
+      # Used to set whether or not the account is disabled.
+      attr_writer :disabled
+      # Sets whether or not the account is defined on the local computer.
+      attr_writer :local
+      # Sets whether or not the account is locked out of the OS.
+      attr_writer :lockout
+      # Sets whether or not the password for the account can be changed.
+      attr_writer :password_changeable
+      # Sets whether or not the password for the account expires.
+      attr_writer :password_expires
+      # Sets whether or not a password is required for the account.
+      attr_writer :password_required
+      # Returns the account type as a human readable string.
+      attr_reader :account_type
+      # Creates an returns a new User object.  A User object encapsulates a
+      # user account on the operating system.
+      #
+      # Yields +self+ if a block is provided.
+      #
+      def initialize
+         yield self if block_given?
+      end
+      # Sets the account type for the account.  Possible values are:
+      #
+      # * User::TEMP_DUPLICATE
+      # * User::NORMAL
+      # * User::INTERDOMAIN_TRUST
+      # * User::WORKSTATION_TRUST
+      # * User::SERVER_TRUST
+      #
+      def account_type=(type)
+         case type
+            when TEMP_DUPLICATE
+               @account_type = "duplicate"
+            when NORMAL
+               @account_type = "normal"
+            when INTERDOMAIN_TRUST
+               @account_type = "interdomain_trust"
+            when WORKSTATION_TRUST
+               @account_type = "workstation_trust"
+            when SERVER_TRUST
+               @account_type = "server_trust"
+            else
+               @account_type = "unknown"
+         end
+      end
+      # Returns the SID type as a human readable string.
+      #
+      def sid_type
+         @sid_type
+      end
+      # Sets the SID (Security Identifier) type to +stype+, which can be
+      # one of the following constant values:
+      #
+      # * Admin::SidTypeUser
+      # * Admin::SidTypeGroup
+      # * Admin::SidTypeDomain
+      # * Admin::SidTypeAlias
+      # * Admin::SidTypeWellKnownGroup
+      # * Admin::SidTypeDeletedAccount
+      # * Admin::SidTypeInvalid
+      # * Admin::SidTypeUnknown
+      # * Admin::SidTypeComputer
+      #
+      def sid_type=(stype)
+         case stype
+            when Admin::SidTypeUser
+               @sid_type = "user"
+            when Admin::SidTypeGroup
+               @sid_type = "group"
+            when Admin::SidTypeDomain
+               @sid_type = "domain"
+            when Admin::SidTypeAlias
+               @sid_type = "alias"
+            when Admin::SidTypeWellKnownGroup
+               @sid_type = "well_known_group"
+            when Admin::SidTypeDeletedAccount
+               @sid_type = "deleted_account"
+            when Admin::SidTypeInvalid
+               @sid_type = "invalid"
+            when Admin::SidTypeUnknown
+               @sid_type = "unknown"
+            when Admin::SidTypeComputer
+               @sid_type = "computer"
+            else
+               @sid_type = "unknown"
+         end
+      end
+      # Returns whether or not the account is disabled.
+      #
+      def disabled?
+         @disabled
+      end
+      # Returns whether or not the account is local.
+      #
+      def local?
+         @local
+      end
+      # Returns whether or not the account is locked out.
+      #
+      def lockout?
+         @lockout
+      end
+      # Returns whether or not the password for the account is changeable.
+      #
+      def password_changeable?
+         @password_changeable
+      end
+      # Returns whether or not the password for the account is changeable.
+      #
+      def password_expires?
+         @password_expires
+      end
+      # Returns whether or not the a password is required for the account.
+      #
+      def password_required?
+         @password_required
+      end
+   end
+   class Admin
+      VERSION = '1.4.0'
+      SidTypeUser           = 1
+      SidTypeGroup          = 2
+      SidTypeDomain         = 3
+      SidTypeAlias          = 4
+      SidTypeWellKnownGroup = 5
+      SidTypeDeletedAccount = 6
+      SidTypeInvalid        = 7
+      SidTypeUnknown        = 8
+      SidTypeComputer       = 9
+      # Used by the get_login method
+      GetUserName = Win32API.new('advapi32', 'GetUserName', 'PP', 'L') # :nodoc:
+      # Configures the global +user+ on +domain+ using options.
+      #
+      # See http://tinyurl.com/3hjv9 for a list of valid options.
+      #
+      def self.config_global_user(user, options, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain}/#{user},user")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Configures the local +user+ on +host+ using +options+.  If no host
+      # is specified, the default is localhost.
+      #
+      # See http://tinyurl.com/3hjv9 for a list of valid options.
+      #
+      def self.config_local_user(user, options, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host}/#{user},user")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Adds the global +user+ on +domain+
+      #
+      def self.add_global_user(user, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            user = adsi.create("user", user)
+            user.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Adds the local +user+ on +host+, or the localhost if none is specified.
+      #
+      def self.add_local_user(user, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            user = adsi.create("user", user)
+            user.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Deletes the local +user+ from +host+, or localhost if no host specified.
+      #
+      def self.delete_local_user(user, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            adsi.delete("user", user)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Deletes the global +user+ from +domain+.
+      #
+      def self.delete_global_user(user, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain}")
+            adsi.delete("user", user)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Configures the global +group+ on +domain+ using +options+.
+      #
+      # See http://tinyurl.com/cjkzl for a list of valid options.
+      #
+      def self.config_global_group(group, options, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain}/#{group},group")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Configures the local +group+ on +host+ using +options+.  If no host
+      # is specified, the default is localhost.
+      #
+      # See http://tinyurl.com/cjkzl for a list of valid options.
+      #
+      def self.config_local_group(group, options, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host}/#{group},group")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Add global +group+ to +domain+.
+      #
+      def self.add_global_group(group, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain},Computer")
+            obj = adsi.create("group", group)
+            obj.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Add local +group+ to +host+, or the localhost if no host is specified.
+      #
+      def self.add_local_group(group, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            obj = adsi.create("group", group)
+            obj.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Delete the global +group+ from +domain+.
+      #
+      def self.delete_global_group(groupid, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain},Computer")
+            obj = adsi.delete("group", groupid)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Delete the local +group+ from +host+, or localhost if no host specified.
+      #
+      def self.delete_local_group(groupid, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            obj = adsi.delete("group", groupid)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Returns the user name (only) of the current login.
+      #
+      def self.get_login
+         buffer = 0.chr * 256
+         nsize = [buffer.size].pack("L")
+         if GetUserName.call(buffer, nsize) == 0
+            raise AdminError, 'GetUserName() call failed in get_login'
+         end
+         length   = nsize.unpack("L")[0]
+         username = buffer[0 ... length].chop
+         username
+      end
+      # Returns a User object based on either +name+ or +uid+.
+      #
+      # call-seq:
+      #    get_user(name, host=localhost)
+      #    get_user(uid, host=localhost, local=true)
+      #
+      # You may specify a +host+ from which information is retrieved.  The
+      # default is the local machine.  You may also specify whether to
+      # retrieve a local or global account.  The default is local.
+      #
+      def self.get_user(uid, host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_useraccount"
+         query << " where localaccount = true" if local
+         if uid.kind_of?(Fixnum)
+            if local
+               query << " and sid like '%-#{uid}'"
+            else
+               query << " where sid like '%-#{uid}'"
+            end
+         else
+            if local
+               query << " and name = '#{uid}'"
+            else
+               query << " where name = '#{uid}'"
+            end
+         end
+         wmi.execquery(query).each{ |user|
+            # Because our 'like' query isn't fulproof, let's parse
+            # the SID again to make sure
+            if uid.kind_of?(Fixnum)
+               if user.sid.split("-").last.to_i != uid
+                  next
+               end
+            end
+            usr = User.new do |u|
+               u.account_type = user.accounttype
+               u.caption      = user.caption
+               u.description  = user.description
+               u.disabled     = user.disabled
+               u.domain       = user.domain
+               u.full_name    = user.fullname
+               u.install_date = user.installdate
+               u.local        = user.localaccount
+               u.lockout      = user.lockout
+               u.name         = user.name
+               u.password_changeable = user.passwordchangeable
+               u.password_expires    = user.passwordexpires
+               u.password_required   = user.passwordrequired
+               u.sid      = user.sid
+               u.sid_type = user.sidtype
+               u.status   = user.status
+            end
+            return usr
+         }
+      end
+      # In block form, yields a User object for each user on the system.  In
+      # non-block form, returns an Array of User objects.
+      #
+      # call-seq:
+      #    users(host=localhost, local=true)
+      #    users(host=localhost, local=true){ |user| ... }
+      #
+      # You may specify a host from which information is retrieved.  The
+      # default is the local machine.  You can retrieve either a global or
+      # local group, depending on the value of the +local+ argument.
+      #
+      def self.users(host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_useraccount"
+         query << " where localaccount = true" if local
+         array = []
+         wmi.execquery(query).each{ |user|
+            usr = User.new do |u|
+               u.account_type = user.accounttype
+               u.caption      = user.caption
+               u.description  = user.description
+               u.disabled     = user.disabled
+               u.domain       = user.domain
+               u.full_name    = user.fullname
+               u.install_date = user.installdate
+               u.local        = user.localaccount
+               u.lockout      = user.lockout
+               u.name         = user.name
+               u.password_changeable = user.passwordchangeable
+               u.password_expires    = user.passwordexpires
+               u.password_required   = user.passwordrequired
+               u.sid      = user.sid
+               u.sid_type = user.sidtype
+               u.status   = user.status
+            end
+            if block_given?
+               yield usr
+            else
+               array.push(usr)
+            end
+         }
+         return array unless block_given?
+      end
+      # Returns a Group object based on either +name+ or +uid+.
+      #
+      # call-seq:
+      #    get_group(name, host=localhost, local=true)
+      #    get_group(gid, host=localhost, local=true)
+      #
+      # You may specify a host from which information is retrieved.
+      # The default is the local machine.  You can retrieve either a global or
+      # local group, depending on the value of the +local+ argument.
+      #
+      def self.get_group(grp, host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         gid = nil
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_group"
+         query << " where localaccount = true" if local
+         if grp.kind_of?(Fixnum)
+            if local
+               query << " and sid like '%-#{grp}'"
+            else
+               query << " where sid like '%-#{grp}'"
+            end
+         else
+            if local
+               query << " and name = '#{grp}'"
+            else
+               query << " where name = '#{grp}'"
+            end
+         end
+         wmi.execquery(query).each{ |group|
+            gid = group.sid.split("-").last.to_i
+            # Because our 'like' query isn't fulproof, let's parse
+            # the SID again to make sure
+            if grp.kind_of?(Fixnum)
+               next if grp != gid
+            end
+            grp = Group.new do |g|
+               g.caption      = group.caption
+               g.description  = group.description
+               g.domain       = group.domain
+               g.gid          = gid
+               g.install_date = group.installdate
+               g.local        = group.localaccount
+               g.name         = group.name
+               g.sid          = group.sid
+               g.sid_type     = group.sidtype
+               g.status       = group.status
+            end
+            return grp
+         }
+         # If we're here, it means it wasn't found.
+         raise AdminError, "no group found for '#{grp}'"
+      end
+      # In block form, yields a Group object for each user on the system.  In
+      # non-block form, returns an Array of Group objects.
+      #
+      # call-seq:
+      #    groups(host=localhost, local=true)
+      #    groups(host=localhost, local=true){ |group| ... }
+      #
+      # You may specify a host from which information is retrieved.
+      # The default is the local machine.  You can retrieve either a global or
+      # local group, depending on the value of the +local+ argument.
+      #
+      def self.groups(host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_group"
+         query << " where localaccount = true" if local
+         array = []
+         wmi.execquery(query).each{ |group|
+            grp = Group.new do |g|
+               g.caption      = group.caption
+               g.description  = group.description
+               g.domain       = group.domain
+               g.gid          = group.sid.split("-").last.to_i
+               g.install_date = group.installdate
+               g.local        = group.localaccount
+               g.name         = group.name
+               g.sid          = group.sid
+               g.sid_type     = group.sidtype
+               g.status       = group.status
+            end
+            if block_given?
+               yield grp
+            else
+               array.push(grp)
+            end
+         }
+         return array unless block_given?
+      end
+   end
+end