RubyGems - sys-admin - Versions diffs - 1.3.1-mswin32 → 1.4.0-mswin32 - Mend

sys-admin 1.3.1-mswin32 → 1.4.0-mswin32

Files changed (12) hide show

data/CHANGES CHANGED

@@ -1,3 +1,19 @@
+== 1.4.0 - 20-Jan-2007
+* Added the following methods: add_local_user, config_local_user,
+  delete_local_user, add_global_group, config_global_group, and
+  delete_global_group.  MS Windows only at the moment.
+* Added corresponding tests.
+* Added much more inline documentation.
+* Major refactoring of the get_lastlog_info helper function in admin.h.  This
+  fixed a major bug in some flavors of Linux where the Admin.users method
+  could go into an infinite loop.  It also fixed some minor bugs where console
+  and host values were sometimes filled with junk characters.
+* Added the User#change attribute, and a check for the pw_change struct member
+  in the extconf.rb file.
+* The User#expire attribute is now handled as a Time object instead of an
+  integer.
+* Renamed tc_win32.rb to tc_windows.rb
 == 1.3.1 - 29-Jun-2005
 * Fixed a bug where the inability to read the lastlog file caused an error.
   From now on that error is ignored, and the lastlog attributes of the User

data/MANIFEST CHANGED

@@ -1,17 +1,18 @@
-extconf.rb
-install.rb
-sys-admin.gemspec
-CHANGES
-MANIFEST
-README
+* install.rb
+* sys-admin.gemspec
+* CHANGES
+* MANIFEST
+* README
-examples/groups.rb
-examples/users.rb
+* examples/groups.rb
+* examples/users.rb
-lib/sys/unix.c
-lib/sys/unix.h
-lib/sys/win32.rb
+* ext/admin.c
+* ext/admin.h
+* ext/extconf.rb
-test/tc_admin.rb
-test/tc_unix.rb
-test/tc_win32.rb
+* lib/sys/win32.rb
+* test/tc_admin.rb
+* test/tc_unix.rb
+* test/tc_windows.rb

data/README CHANGED

@@ -3,18 +3,18 @@
    Etc module.
 == Installation
-=== Win32
-	ruby test\tc_admin.rb # optional
-	ruby install.rb
+=== Windows
+   ruby tc_admin.rb # optional (in the 'test' directory)
+   ruby install.rb
 === Unix
-   ruby extconf.rb
-   nmake
-   ruby test\tc_admin.rb # optional
-   nmake site-install
+   ruby extconf.rb (in the 'ext' directory)
+   make
+   ruby tc_admin.rb # optional (in the 'test' directory)
+   make install
 == Synopsis
-   require "sys/admin"
+   require 'sys/admin'
    include Sys
    # Yields a User object for each user
@@ -47,7 +47,7 @@ Admin.get_user(name, host=localhost)
 Admin.get_user(uid, host=localhost, local=true)
    Returns a User object based on +name+ or +uid+.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You may also specify whether to
    retrieve a local or global account.  The default is local.
@@ -55,7 +55,7 @@ Admin.get_group(name, host=localhost, local=true)
 Admin.get_group(gid, host=localhost, local=true)
    Returns a Group object based on +name+ or +uid+.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You can retrieve either a global or
    local group, depending on the value of the +local+ argument.
@@ -64,7 +64,7 @@ Admin.groups(host=localhost, local=true){ |group| ... }
    In block form, yields a Group object for each user on the system.  In
    non-block form, returns an Array of Group objects.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You can retrieve either a global or
    local group, depending on the value of the +local+ argument.
@@ -73,13 +73,13 @@ Admin.users(host=localhost, local=true){ |user| ... }
    In block form, yields a User object for each user on the system.  In
    non-block form, returns an Array of User objects.
-   Win32 only: you may specify a host from which information is retrieved.
+   Windows only: you may specify a host from which information is retrieved.
    The default is the local machine.  You can retrieve either a global or
    local group, depending on the value of the +local+ argument.
 == User class
-=== User (Win32)
-	The User class has the following attributes on Win32 systems:
+=== User (Windows)
+   The User class has the following attributes on MS Windows systems:
    * account_type
    * caption
@@ -99,7 +99,7 @@ Admin.users(host=localhost, local=true){ |user| ... }
    * password_required?
 === User (Unix)
-	The User class has the following attributes on Unix systems:
+   The User class has the following attributes on Unix systems:
    * name
    * passwd
@@ -112,11 +112,12 @@ Admin.users(host=localhost, local=true){ |user| ... }
    * age
    * class
    * comment
+   * change
    * expire
 == Group Classes
-=== Group (Win32)
-	The Group class has the following attributes on Win32 systems:
+=== Group (Windows)
+   The Group class has the following attributes on MS Windows systems:
    * caption
    * description
@@ -129,46 +130,61 @@ Admin.users(host=localhost, local=true){ |user| ... }
    * local?
 === Group (Unix)
-	The Group class has the following attributes on Unix systems:
+   The Group class has the following attributes on Unix systems:
-	* name
-	* gid
-	* members
-	* passwd
+   * name
+   * gid
+   * members
+   * passwd
 == Error Classes
 AdminError < StandardError
    Raised if anything goes wrong with any of the above methods.
 == Developer's Notes
-=== Win32
-	The Win32 version now uses a win32ole + WMI approach to getting
-	information.  This means that the WMI service must be running on the
-	target machine in order to work (which it is, by default).
+=== MS Windows
+   The Windows version now uses a win32ole + WMI approach to getting
+   information.  This means that the WMI service must be running on the
+   target machine in order to work (which it is, by default).
-	Note that, by default, local user and group information is retrieved
-	instead of global.  You probably do NOT want to iterate over global users
-	or groups because there can be quite a few on your domain.
+   Note that, by default, local user and group information is retrieved
+   instead of global.  You probably do NOT want to iterate over global users
+   or groups because there can be quite a few on your domain.
+=== UNIX
+   The underlying implementation is similar to core Ruby's Etc implementation.
+   But, in addition to the different interface, I use the re-entrant version
+   of the appropriate functions when available.
 == Future Plans
-   The following methods will be added for both platforms:
-   * Admin.add_user
-   * Admin.config_user
-   * Admin.delete_user
+   Add the following methods for UNIX:
+   * Admin.add_local_user
+   * Admin.config_local_user
+   * Admin.delete_local_user
+   * Admin.add_global_user
+   * Admin.config_global_user
+   * Admin.delete_global_user
+   * Admin.add_local_group
+   * Admin.config_local_group
+   * Admin.delete_local_group
+   * Admin.add_global_group
+   * Admin.config_global_group
+   * Admin.delete_global_group
 == Known Bugs
-   None that I'm aware of.  If you find any, please log them on the project
+   None that I'm aware of. If you find any, please log them on the project
    page at http://www.rubyforge.org/projects/sysutils.
 == License
    Ruby's
 == Copyright
-   (C) 2005, Daniel J. Berger
+   (C) 2005-2007, Daniel J. Berger
    All Rights Reserved
 == Author
    Daniel J. Berger
-   djberg96@yahoo.com
-   IRC nickname: imperator/mok/rubyhacker1
+   djberg96 at nospam at gmail dot com
+   IRC nickname: imperator/mok/rubyhacker1 (freenode)

data/examples/groups.rb ADDED

@@ -0,0 +1,39 @@
+###########################################################################
+# groups.rb
+#
+# Sample script to demonstrate some of the various group methods.  Alter
+# as you see fit.
+###########################################################################
+base = File.basename(Dir.pwd)
+if base == "examples" || base =~ /sys-admin.*/
+   require "ftools"
+   Dir.chdir("..") if base == "examples"
+   Dir.mkdir("sys") unless File.exists?("sys")
+   if RUBY_PLATFORM.match("mswin")
+      File.copy("lib/sys/admin.rb", "sys/admin.rb")
+   else
+      File.copy("admin.so","sys") if File.exists?("admin.so")
+   end
+   $LOAD_PATH.unshift(Dir.pwd)
+end
+require "pp"
+require "sys/admin"
+include Sys
+if PLATFORM.match("mswin")
+   pp Admin.get_group("guests")
+   pp Admin.get_group(513)
+else
+   pp Admin.get_group("adm")
+   pp Admin.get_group(7)
+end
+Admin.groups{ |g|
+   pp g
+   puts
+}
+# This should raise an error
+Admin.get_group("fofofofof")

data/examples/users.rb ADDED

@@ -0,0 +1,53 @@
+###########################################################################
+# users.rb
+#
+# Sample script to demonstrate some of the various user methods.  Alter
+# as you see fit.
+###########################################################################
+base = File.basename(Dir.pwd)
+if base == "examples" || base =~ /sys-admin.*/
+   require "ftools"
+   Dir.chdir("..") if base == "examples"
+   Dir.mkdir("sys") unless File.exists?("sys")
+   if RUBY_PLATFORM.match("mswin")
+      File.copy("lib/sys/admin.rb", "sys/admin.rb")
+   else
+      File.copy("admin.so","sys") if File.exists?("admin.so")
+   end
+   $LOAD_PATH.unshift(Dir.pwd)
+end
+require "pp"
+require "sys/admin"
+include Sys
+user = User.new do |u|
+   u.name              = "Foo"
+   u.description       = "Test account"
+   u.password          = "changeme"
+   #u.lockout           = false
+   u.disabled          = true
+   #u.password_required = true
+end
+Admin.delete_user(u.name) rescue nil
+Admin.add_user(user)
+#pp Admin.get_user("Foo")
+#Admin.delete_user("Foo")
+=begin
+user = Admin.get_login
+puts "User: #{user}"
+Admin.users{ |u|
+   pp u
+   puts
+}
+pp Admin.get_user(user)
+pp Admin.get_user(501)
+=end

data/install.rb ADDED

@@ -0,0 +1,22 @@
+##############################################
+# install.rb
+#
+# Install script for Win32 systems only.
+##############################################
+unless File::ALT_SEPARATOR
+   STDERR.puts "Unix systems should use the extconf.rb file for installation."
+   STDERR.puts "Exiting.  The sys-admin package was NOT installed."
+   exit
+end
+require "rbconfig"
+require "ftools"
+include Config
+sitedir = CONFIG['sitelibdir']
+unless File.exist?("#{sitedir}/sys")
+   Dir.mkdir("#{sitedir}/sys")
+end
+File.copy("lib/sys/win32.rb", "#{sitedir}/sys/admin.rb", true)

data/lib/sys/admin.rb CHANGED

@@ -1,403 +1,712 @@
-require "win32ole"
-require "Win32API"
-require "socket"
-module Sys
-   class AdminError < StandardError; end
-   class Group
-      attr_accessor :caption, :description, :domain, :install_date
-      attr_accessor :name, :sid, :status, :gid
-      attr_writer :local
-      def initialize
-         yield self if block_given?
-      end
-      def local?
-         @local
-      end
-      def sid_type
-         @sid_type
-      end
-      def sid_type=(stype)
-         case stype
-            when 1
-               @sid_type = "user"
-            when 2
-               @sid_type = "group"
-            when 3
-               @sid_type = "domain"
-            when 4
-               @sid_type = "alias"
-            when 5
-               @sid_type = "well_known_group"
-            when 6
-               @sid_type = "deleted_account"
-            when 7
-               @sid_type = "invalid"
-            when 8
-               @sid_type = "unknown"
-            when 9
-               @sid_type = "computer"
-            else
-               @sid_type = "unknown"
-         end
-         @sid_type
-      end
-   end
-   class User
-      attr_accessor :caption, :description, :domain, :password
-      attr_accessor :full_name, :install_date, :name, :sid, :status
-      attr_writer :disabled, :local, :lockout, :password_changeable
-      attr_writer :password_expires, :password_required
-      attr_reader :account_type
-      def initialize
-         yield self if block_given?
-      end
-      def account_type=(type)
-         case type
-            when 256
-               @account_type = "duplicate"
-            when 512
-               @account_type = "normal"
-            when 2048
-               @account_type = "interdomain_trust"
-            when 4096
-               @account_type = "workstation_trust"
-            when 8192
-               @account_type = "server_trust"
-            else
-               @account_type = "unknown"
-         end
-      end
-      def sid_type
-         @sid_type
-      end
-      def sid_type=(stype)
-         case stype
-            when 1
-               @sid_type = "user"
-            when 2
-               @sid_type = "group"
-            when 3
-               @sid_type = "domain"
-            when 4
-               @sid_type = "alias"
-            when 5
-               @sid_type = "well_known_group"
-            when 6
-               @sid_type = "deleted_account"
-            when 7
-               @sid_type = "invalid"
-            when 8
-               @sid_type = "unknown"
-            when 9
-               @sid_type = "computer"
-            else
-               @sid_type = "unknown"
-         end
-      end
-      def disabled?
-         @disabled
-      end
-      def local?
-         @local
-      end
-      def lockout?
-         @lockout
-      end
-      def password_changeable?
-         @password_changeable
-      end
-      def password_expires?
-         @password_expires
-      end
-      def password_required?
-         @password_required
-      end
-   end
-   class Admin
-      VERSION = "1.3.1"
-      # Deletes +userid+ from the given +host+, or the local host if no host
-      # is specified.
-      #
-      def self.delete_user(userid=nil, host=Socket.gethostname)
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
-         rescue WIN32OLERuntimeError => err
-            raise AdminError, err
-         end
-         begin
-            adsi.delete("user", userid)
-         rescue WIN32OLERuntimeError => err
-            raise AdminError, err
-         end
-      end
-      # Returns the user name (only) of the current login.
-      #
-      def self.get_login
-         getlogin = Win32API.new("advapi32","GetUserName",['P','P'],'L')
-         buffer = "\0" * 256;
-         nsize = [256].pack("L")
-         getlogin.call(buffer,nsize)
-         len = nsize.unpack("L")[0]
-         username = buffer[0 ... len].chop
-         username
-      end
-      # Returns a User object based on either +name+ or +uid+.
-      #
-      # call-seq:
-      #    get_user(name, host=localhost)
-      #    get_user(uid, host=localhost, local=true)
-      #
-      # You may specify a +host+ from which information is retrieved.  The
-      # default is the local machine.  You may also specify whether to
-      # retrieve a local or global account.  The default is local.
-      #
-      def self.get_user(uid, host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_useraccount"
-         query << " where localaccount = true" if local
-         if uid.kind_of?(Fixnum)
-            if local
-               query << " and sid like '%-#{uid}'"
-            else
-               query << " where sid like '%-#{uid}'"
-            end
-         else
-            if local
-               query << " and name = '#{uid}'"
-            else
-               query << " where name = '#{uid}'"
-            end
-         end
-         wmi.execquery(query).each{ |user|
-            # Because our 'like' query isn't fulproof, let's parse
-            # the SID again to make sure
-            if uid.kind_of?(Fixnum)
-               if user.sid.split("-").last.to_i != uid
-                  next
-               end
-            end
-            usr = User.new do |u|
-               u.account_type = user.accounttype
-               u.caption      = user.caption
-               u.description  = user.description
-               u.disabled     = user.disabled
-               u.domain       = user.domain
-               u.full_name    = user.fullname
-               u.install_date = user.installdate
-               u.local        = user.localaccount
-               u.lockout      = user.lockout
-               u.name         = user.name
-               u.password_changeable = user.passwordchangeable
-               u.password_expires    = user.passwordexpires
-               u.password_required   = user.passwordrequired
-               u.sid      = user.sid
-               u.sid_type = user.sidtype
-               u.status   = user.status
-            end
-            return usr
-         }
-      end
-      # In block form, yields a User object for each user on the system.  In
-      # non-block form, returns an Array of User objects.
-      #
-      # call-seq:
-      #    users(host=localhost, local=true)
-      #    users(host=localhost, local=true){ |user| ... }
-      #
-      # You may specify a host from which information is retrieved.  The
-      # default is the local machine.  You can retrieve either a global or
-      # group, depending on the value of the +local+ argument.
-      #
-      def self.users(host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_useraccount"
-         query << " where localaccount = true" if local
-         array = []
-         wmi.execquery(query).each{ |user|
-            usr = User.new do |u|
-               u.account_type = user.accounttype
-               u.caption      = user.caption
-               u.description  = user.description
-               u.disabled     = user.disabled
-               u.domain       = user.domain
-               u.full_name    = user.fullname
-               u.install_date = user.installdate
-               u.local        = user.localaccount
-               u.lockout      = user.lockout
-               u.name         = user.name
-               u.password_changeable = user.passwordchangeable
-               u.password_expires    = user.passwordexpires
-               u.password_required   = user.passwordrequired
-               u.sid      = user.sid
-               u.sid_type = user.sidtype
-               u.status   = user.status
-            end
-            if block_given?
-               yield usr
-            else
-               array.push(usr)
-            end
-         }
-         return array unless block_given?
-      end
-      # Returns a Group object based on either +name+ or +uid+.
-      #
-      # call-seq:
-      #    get_group(name, host=localhost, local=true)
-      #    get_group(gid, host=localhost, local=true)
-      #
-      # You may specify a host from which information is retrieved.
-      # The default is the local machine.  You can retrieve either a global or
-      # local group, depending on the value of the +local+ argument.
-      #
-      def self.get_group(grp, host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         gid = nil
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_group"
-         query << " where localaccount = true" if local
-         if grp.kind_of?(Fixnum)
-            if local
-               query << " and sid like '%-#{grp}'"
-            else
-               query << " where sid like '%-#{grp}'"
-            end
-         else
-            if local
-               query << " and name = '#{grp}'"
-            else
-               query << " where name = '#{grp}'"
-            end
-         end
-         wmi.execquery(query).each{ |group|
-            gid = group.sid.split("-").last.to_i
-            # Because our 'like' query isn't fulproof, let's parse
-            # the SID again to make sure
-            if grp.kind_of?(Fixnum)
-               next if grp != gid
-            end
-            grp = Group.new do |g|
-               g.caption      = group.caption
-               g.description  = group.description
-               g.domain       = group.domain
-               g.gid          = gid
-               g.install_date = group.installdate
-               g.local        = group.localaccount
-               g.name         = group.name
-               g.sid          = group.sid
-               g.sid_type     = group.sidtype
-               g.status       = group.status
-            end
-            return grp
-         }
-         # If we're here, it means it wasn't found.
-         raise AdminError, "no group found for '#{grp}'"
-      end
-      # In block form, yields a Group object for each user on the system.  In
-      # non-block form, returns an Array of Group objects.
-      #
-      # call-seq:
-      #    groups(host=localhost, local=true)
-      #    groups(host=localhost, local=true){ |group| ... }
-      #
-      # You may specify a host from which information is retrieved.
-      # The default is the local machine.  You can retrieve either a global or
-      # local group, depending on the value of the +local+ argument.
-      #
-      def self.groups(host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
-         cs = "winmgmts:{impersonationLevel=impersonate}!"
-         cs << "//#{host}/root/cimv2"
-         begin
-            wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise AdminError, e
-         end
-         query = "select * from win32_group"
-         query << " where localaccount = true" if local
-         array = []
-         wmi.execquery(query).each{ |group|
-            grp = Group.new do |g|
-               g.caption      = group.caption
-               g.description  = group.description
-               g.domain       = group.domain
-               g.gid          = group.sid.split("-").last.to_i
-               g.install_date = group.installdate
-               g.local        = group.localaccount
-               g.name         = group.name
-               g.sid          = group.sid
-               g.sid_type     = group.sidtype
-               g.status       = group.status
-            end
-            if block_given?
-               yield grp
-            else
-               array.push(grp)
-            end
-         }
-         return array unless block_given?
-      end
-   end
-end
+require "win32ole"
+require "Win32API"
+require "socket"
+module Sys
+   # This is the error raised in the majority of cases if anything goes wrong
+   # with any of the Sys::Admin methods.
+   #
+   class AdminError < StandardError; end
+   class Group
+      # Short description of the object.
+      attr_accessor :caption
+      # Description of the group.
+      attr_accessor :description
+      # Name of the Windows domain to which the group account belongs.
+      attr_accessor :domain
+      # Date the group was added.
+      attr_accessor :install_date
+      # Name of the Windows group account on the Group#domain specified.
+      attr_accessor :name
+      # Security identifier for this group.
+      attr_accessor :sid
+      # Current status for the group, such as "ok", "error", etc.
+      attr_accessor :status
+      # The group ID.
+      attr_accessor :gid
+      # Sets whether or not the group is local (as opposed to global).
+      attr_writer :local
+      # Creates and returns a new Group object.  This class encapsulates
+      # the information for a group account, whether it be global or local.
+      #
+      # Yields +self+ if a block is given.
+      #
+      def initialize
+         yield self if block_given?
+      end
+      # Returns whether or not the group is a local group.
+      #
+      def local?
+         @local
+      end
+      # Returns the type of SID (Security Identifier) as a stringified value.
+      #
+      def sid_type
+         @sid_type
+      end
+      # Sets the SID (Security Identifier) type to +stype+, which can be
+      # one of the following constant values:
+      #
+      # * Admin::SidTypeUser
+      # * Admin::SidTypeGroup
+      # * Admin::SidTypeDomain
+      # * Admin::SidTypeAlias
+      # * Admin::SidTypeWellKnownGroup
+      # * Admin::SidTypeDeletedAccount
+      # * Admin::SidTypeInvalid
+      # * Admin::SidTypeUnknown
+      # * Admin::SidTypeComputer
+      #
+      def sid_type=(stype)
+         if stype.kind_of?(String)
+            @sid_type = stype.downcase
+         else
+            case stype
+               when Admin::SidTypeUser
+                  @sid_type = "user"
+               when Admin::SidTypeGroup
+                  @sid_type = "group"
+               when Admin::SidTypeDomain
+                  @sid_type = "domain"
+               when Admin::SidTypeAlias
+                  @sid_type = "alias"
+               when Admin::SidTypeWellKnownGroup
+                  @sid_type = "well_known_group"
+               when Admin::SidTypeDeletedAccount
+                  @sid_type = "deleted_account"
+               when Admin::SidTypeInvalid
+                  @sid_type = "invalid"
+               when Admin::SidTypeUnknown
+                  @sid_type = "unknown"
+               when Admin::SidTypeComputer
+                  @sid_type = "computer"
+               else
+                  @sid_type = "unknown"
+            end
+         end
+         @sid_type
+      end
+   end
+   class User
+      # An account for users whose primary account is in another domain.
+      TEMP_DUPLICATE = 0x0100
+      # Default account type that represents a typical user.
+      NORMAL = 0x0200
+      # A permit to trust account for a domain that trusts other domains.
+      INTERDOMAIN_TRUST = 0x0800
+      # An account for a Windows NT/2000 workstation or server that is a
+      # member of this domain.
+      WORKSTATION_TRUST = 0x1000
+      # A computer account for a backup domain controller that is a member
+      # of this domain.
+      SERVER_TRUST = 0x2000
+      # Domain and username of the account.
+      attr_accessor :caption
+      # Description of the account.
+      attr_accessor :description
+      # Name of the Windows domain to which a user account belongs.
+      attr_accessor :domain
+      # The user's password.
+      attr_accessor :password
+      # Full name of a local user.
+      attr_accessor :full_name
+      # Date the user account was created.
+      attr_accessor :install_date
+      # Name of the Windows user account on the domain that the User#domain
+      # property specifies.
+      attr_accessor :name
+      # The user's security identifier.
+      attr_accessor :sid
+      # Current status for the group, such as "ok", "error", etc.
+      attr_accessor :status
+      # Used to set whether or not the account is disabled.
+      attr_writer :disabled
+      # Sets whether or not the account is defined on the local computer.
+      attr_writer :local
+      # Sets whether or not the account is locked out of the OS.
+      attr_writer :lockout
+      # Sets whether or not the password for the account can be changed.
+      attr_writer :password_changeable
+      # Sets whether or not the password for the account expires.
+      attr_writer :password_expires
+      # Sets whether or not a password is required for the account.
+      attr_writer :password_required
+      # Returns the account type as a human readable string.
+      attr_reader :account_type
+      # Creates an returns a new User object.  A User object encapsulates a
+      # user account on the operating system.
+      #
+      # Yields +self+ if a block is provided.
+      #
+      def initialize
+         yield self if block_given?
+      end
+      # Sets the account type for the account.  Possible values are:
+      #
+      # * User::TEMP_DUPLICATE
+      # * User::NORMAL
+      # * User::INTERDOMAIN_TRUST
+      # * User::WORKSTATION_TRUST
+      # * User::SERVER_TRUST
+      #
+      def account_type=(type)
+         case type
+            when TEMP_DUPLICATE
+               @account_type = "duplicate"
+            when NORMAL
+               @account_type = "normal"
+            when INTERDOMAIN_TRUST
+               @account_type = "interdomain_trust"
+            when WORKSTATION_TRUST
+               @account_type = "workstation_trust"
+            when SERVER_TRUST
+               @account_type = "server_trust"
+            else
+               @account_type = "unknown"
+         end
+      end
+      # Returns the SID type as a human readable string.
+      #
+      def sid_type
+         @sid_type
+      end
+      # Sets the SID (Security Identifier) type to +stype+, which can be
+      # one of the following constant values:
+      #
+      # * Admin::SidTypeUser
+      # * Admin::SidTypeGroup
+      # * Admin::SidTypeDomain
+      # * Admin::SidTypeAlias
+      # * Admin::SidTypeWellKnownGroup
+      # * Admin::SidTypeDeletedAccount
+      # * Admin::SidTypeInvalid
+      # * Admin::SidTypeUnknown
+      # * Admin::SidTypeComputer
+      #
+      def sid_type=(stype)
+         case stype
+            when Admin::SidTypeUser
+               @sid_type = "user"
+            when Admin::SidTypeGroup
+               @sid_type = "group"
+            when Admin::SidTypeDomain
+               @sid_type = "domain"
+            when Admin::SidTypeAlias
+               @sid_type = "alias"
+            when Admin::SidTypeWellKnownGroup
+               @sid_type = "well_known_group"
+            when Admin::SidTypeDeletedAccount
+               @sid_type = "deleted_account"
+            when Admin::SidTypeInvalid
+               @sid_type = "invalid"
+            when Admin::SidTypeUnknown
+               @sid_type = "unknown"
+            when Admin::SidTypeComputer
+               @sid_type = "computer"
+            else
+               @sid_type = "unknown"
+         end
+      end
+      # Returns whether or not the account is disabled.
+      #
+      def disabled?
+         @disabled
+      end
+      # Returns whether or not the account is local.
+      #
+      def local?
+         @local
+      end
+      # Returns whether or not the account is locked out.
+      #
+      def lockout?
+         @lockout
+      end
+      # Returns whether or not the password for the account is changeable.
+      #
+      def password_changeable?
+         @password_changeable
+      end
+      # Returns whether or not the password for the account is changeable.
+      #
+      def password_expires?
+         @password_expires
+      end
+      # Returns whether or not the a password is required for the account.
+      #
+      def password_required?
+         @password_required
+      end
+   end
+   class Admin
+      VERSION = '1.4.0'
+      SidTypeUser           = 1
+      SidTypeGroup          = 2
+      SidTypeDomain         = 3
+      SidTypeAlias          = 4
+      SidTypeWellKnownGroup = 5
+      SidTypeDeletedAccount = 6
+      SidTypeInvalid        = 7
+      SidTypeUnknown        = 8
+      SidTypeComputer       = 9
+      # Used by the get_login method
+      GetUserName = Win32API.new('advapi32', 'GetUserName', 'PP', 'L') # :nodoc:
+      # Configures the global +user+ on +domain+ using options.
+      #
+      # See http://tinyurl.com/3hjv9 for a list of valid options.
+      #
+      def self.config_global_user(user, options, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain}/#{user},user")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Configures the local +user+ on +host+ using +options+.  If no host
+      # is specified, the default is localhost.
+      #
+      # See http://tinyurl.com/3hjv9 for a list of valid options.
+      #
+      def self.config_local_user(user, options, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host}/#{user},user")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Adds the global +user+ on +domain+
+      #
+      def self.add_global_user(user, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            user = adsi.create("user", user)
+            user.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Adds the local +user+ on +host+, or the localhost if none is specified.
+      #
+      def self.add_local_user(user, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            user = adsi.create("user", user)
+            user.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Deletes the local +user+ from +host+, or localhost if no host specified.
+      #
+      def self.delete_local_user(user, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            adsi.delete("user", user)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Deletes the global +user+ from +domain+.
+      #
+      def self.delete_global_user(user, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain}")
+            adsi.delete("user", user)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Configures the global +group+ on +domain+ using +options+.
+      #
+      # See http://tinyurl.com/cjkzl for a list of valid options.
+      #
+      def self.config_global_group(group, options, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain}/#{group},group")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Configures the local +group+ on +host+ using +options+.  If no host
+      # is specified, the default is localhost.
+      #
+      # See http://tinyurl.com/cjkzl for a list of valid options.
+      #
+      def self.config_local_group(group, options, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host}/#{group},group")
+            options.each{ |option, value|
+               adsi.put(option.to_s, value)
+            }
+            adsi.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Add global +group+ to +domain+.
+      #
+      def self.add_global_group(group, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain},Computer")
+            obj = adsi.create("group", group)
+            obj.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Add local +group+ to +host+, or the localhost if no host is specified.
+      #
+      def self.add_local_group(group, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            obj = adsi.create("group", group)
+            obj.setinfo
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Delete the global +group+ from +domain+.
+      #
+      def self.delete_global_group(groupid, domain)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{domain},Computer")
+            obj = adsi.delete("group", groupid)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Delete the local +group+ from +host+, or localhost if no host specified.
+      #
+      def self.delete_local_group(groupid, host=Socket.gethostname)
+         begin
+            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
+            obj = adsi.delete("group", groupid)
+         rescue WIN32OLERuntimeError => err
+            raise AdminError, err
+         end
+      end
+      # Returns the user name (only) of the current login.
+      #
+      def self.get_login
+         buffer = 0.chr * 256
+         nsize = [buffer.size].pack("L")
+         if GetUserName.call(buffer, nsize) == 0
+            raise AdminError, 'GetUserName() call failed in get_login'
+         end
+         length   = nsize.unpack("L")[0]
+         username = buffer[0 ... length].chop
+         username
+      end
+      # Returns a User object based on either +name+ or +uid+.
+      #
+      # call-seq:
+      #    get_user(name, host=localhost)
+      #    get_user(uid, host=localhost, local=true)
+      #
+      # You may specify a +host+ from which information is retrieved.  The
+      # default is the local machine.  You may also specify whether to
+      # retrieve a local or global account.  The default is local.
+      #
+      def self.get_user(uid, host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_useraccount"
+         query << " where localaccount = true" if local
+         if uid.kind_of?(Fixnum)
+            if local
+               query << " and sid like '%-#{uid}'"
+            else
+               query << " where sid like '%-#{uid}'"
+            end
+         else
+            if local
+               query << " and name = '#{uid}'"
+            else
+               query << " where name = '#{uid}'"
+            end
+         end
+         wmi.execquery(query).each{ |user|
+            # Because our 'like' query isn't fulproof, let's parse
+            # the SID again to make sure
+            if uid.kind_of?(Fixnum)
+               if user.sid.split("-").last.to_i != uid
+                  next
+               end
+            end
+            usr = User.new do |u|
+               u.account_type = user.accounttype
+               u.caption      = user.caption
+               u.description  = user.description
+               u.disabled     = user.disabled
+               u.domain       = user.domain
+               u.full_name    = user.fullname
+               u.install_date = user.installdate
+               u.local        = user.localaccount
+               u.lockout      = user.lockout
+               u.name         = user.name
+               u.password_changeable = user.passwordchangeable
+               u.password_expires    = user.passwordexpires
+               u.password_required   = user.passwordrequired
+               u.sid      = user.sid
+               u.sid_type = user.sidtype
+               u.status   = user.status
+            end
+            return usr
+         }
+      end
+      # In block form, yields a User object for each user on the system.  In
+      # non-block form, returns an Array of User objects.
+      #
+      # call-seq:
+      #    users(host=localhost, local=true)
+      #    users(host=localhost, local=true){ |user| ... }
+      #
+      # You may specify a host from which information is retrieved.  The
+      # default is the local machine.  You can retrieve either a global or
+      # local group, depending on the value of the +local+ argument.
+      #
+      def self.users(host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_useraccount"
+         query << " where localaccount = true" if local
+         array = []
+         wmi.execquery(query).each{ |user|
+            usr = User.new do |u|
+               u.account_type = user.accounttype
+               u.caption      = user.caption
+               u.description  = user.description
+               u.disabled     = user.disabled
+               u.domain       = user.domain
+               u.full_name    = user.fullname
+               u.install_date = user.installdate
+               u.local        = user.localaccount
+               u.lockout      = user.lockout
+               u.name         = user.name
+               u.password_changeable = user.passwordchangeable
+               u.password_expires    = user.passwordexpires
+               u.password_required   = user.passwordrequired
+               u.sid      = user.sid
+               u.sid_type = user.sidtype
+               u.status   = user.status
+            end
+            if block_given?
+               yield usr
+            else
+               array.push(usr)
+            end
+         }
+         return array unless block_given?
+      end
+      # Returns a Group object based on either +name+ or +uid+.
+      #
+      # call-seq:
+      #    get_group(name, host=localhost, local=true)
+      #    get_group(gid, host=localhost, local=true)
+      #
+      # You may specify a host from which information is retrieved.
+      # The default is the local machine.  You can retrieve either a global or
+      # local group, depending on the value of the +local+ argument.
+      #
+      def self.get_group(grp, host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         gid = nil
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_group"
+         query << " where localaccount = true" if local
+         if grp.kind_of?(Fixnum)
+            if local
+               query << " and sid like '%-#{grp}'"
+            else
+               query << " where sid like '%-#{grp}'"
+            end
+         else
+            if local
+               query << " and name = '#{grp}'"
+            else
+               query << " where name = '#{grp}'"
+            end
+         end
+         wmi.execquery(query).each{ |group|
+            gid = group.sid.split("-").last.to_i
+            # Because our 'like' query isn't fulproof, let's parse
+            # the SID again to make sure
+            if grp.kind_of?(Fixnum)
+               next if grp != gid
+            end
+            grp = Group.new do |g|
+               g.caption      = group.caption
+               g.description  = group.description
+               g.domain       = group.domain
+               g.gid          = gid
+               g.install_date = group.installdate
+               g.local        = group.localaccount
+               g.name         = group.name
+               g.sid          = group.sid
+               g.sid_type     = group.sidtype
+               g.status       = group.status
+            end
+            return grp
+         }
+         # If we're here, it means it wasn't found.
+         raise AdminError, "no group found for '#{grp}'"
+      end
+      # In block form, yields a Group object for each user on the system.  In
+      # non-block form, returns an Array of Group objects.
+      #
+      # call-seq:
+      #    groups(host=localhost, local=true)
+      #    groups(host=localhost, local=true){ |group| ... }
+      #
+      # You may specify a host from which information is retrieved.
+      # The default is the local machine.  You can retrieve either a global or
+      # local group, depending on the value of the +local+ argument.
+      #
+      def self.groups(host=Socket.gethostname, local=true)
+         host = Socket.gethostname if host.nil?
+         cs = "winmgmts:{impersonationLevel=impersonate}!"
+         cs << "//#{host}/root/cimv2"
+         begin
+            wmi = WIN32OLE.connect(cs)
+         rescue WIN32OLERuntimeError => e
+            raise AdminError, e
+         end
+         query = "select * from win32_group"
+         query << " where localaccount = true" if local
+         array = []
+         wmi.execquery(query).each{ |group|
+            grp = Group.new do |g|
+               g.caption      = group.caption
+               g.description  = group.description
+               g.domain       = group.domain
+               g.gid          = group.sid.split("-").last.to_i
+               g.install_date = group.installdate
+               g.local        = group.localaccount
+               g.name         = group.name
+               g.sid          = group.sid
+               g.sid_type     = group.sidtype
+               g.status       = group.status
+            end
+            if block_given?
+               yield grp
+            else
+               array.push(grp)
+            end
+         }
+         return array unless block_given?
+      end
+   end
+end