sys-admin 1.4.4-x86-mswin32-60 → 1.5.0-x86-mswin32-60

data/CHANGES

@@ -1,3 +1,20 @@
+== 1.5.0 - 29-Mar-2009
+* INTERFACE CHANGE (WINDOWS ONLY): The interface for MS Windows has undergone
+  a radical change. Most methods now accept a hash of options that are
+  passed directly to the underlying WMI class. Please see the documentation
+  for details.
+* Now works on various BSD flavors.
+* Added the User#groups method. This returns an array of groups that the
+  user belongs to. Suggestion inspired by Gonzalo Garramuno.
+* Added the Group#members method. The returns an array of users that the
+  group contains.
+* Changed User#class to User#access_class for UNIX flavors to avoid
+  conflicts with the Ruby core Object method. 
+* Added more tests and renamed the test files.
+* Removed an unnecessary function call where a platform might try to
+  get lastlog information even if the lastlog.h or utmp.h headers couldn't
+  be found.
+
 == 1.4.4 - 19-Nov-2008
 * Added the User#uid method for MS Windows (which is just the user's relative
   identifier).

data/README

@@ -1,8 +1,11 @@
 == Description
-   The sys-admin package is a unified, cross platform replacement for the
+   The sys-admin library is a unified, cross platform replacement for the
    Etc module.
    
 == Installation
+= Typical Gem Installation
+   gem install sys-admin
+= Local installation
    rake test (optional)
    rake install
 
@@ -36,39 +39,33 @@
 Admin.get_login
    Returns the user name (only) of the current login.
 
-Admin.get_user(name, host=localhost)
-Admin.get_user(uid, host=localhost, local=true)
-   Returns a User object based on +name+ or +uid+.
+Admin.get_user(name, options = {})
+Admin.get_user(uid, options = {})
+   Returns a User object based on +name+ or +uid+. The +options+ hash is
+   for MS Windows only, and allows you to restrict the search based on the
+   options you provide, e.g. 'domain' or 'localaccount'.
    
-   Windows only: you may specify a host from which information is retrieved.
-   The default is the local machine.  You may also specify whether to
-   retrieve a local or global account.  The default is local.
-
-Admin.get_group(name, host=localhost, local=true) 
-Admin.get_group(gid, host=localhost, local=true)
-   Returns a Group object based on +name+ or +uid+.
-   
-   Windows only: you may specify a host from which information is retrieved.
-   The default is the local machine.  You can retrieve either a global or
-   local group, depending on the value of the +local+ argument.
-
-Admin.groups(host=localhost, local=true)
-Admin.groups(host=localhost, local=true){ |group| ... }
+Admin.get_group(name, options = {})
+Admin.get_group(gid, options = {})
+   Returns a Group object based on +name+ or +uid+. The +options+ hash is
+   for MS Windows only, and allows you to restrict the search based on the
+   options you provide, e.g. 'domain' or 'localaccount'.
+
+Admin.groups(options = {})
+Admin.groups(options = {}){ |group| ... }
    In block form, yields a Group object for each user on the system.  In
    non-block form, returns an Array of Group objects.
 
-   Windows only: you may specify a host from which information is retrieved.
-   The default is the local machine.  You can retrieve either a global or
-   local group, depending on the value of the +local+ argument.
+   The +options+ hash is for MS Windows only, and allows you to restrict the
+   search based on the options you provide, e.g. 'domain' or 'localaccount'.
 
-Admin.users(host=localhost, local=true)
-Admin.users(host=localhost, local=true){ |user| ... }
+Admin.users(options = {})
+Admin.users(options = {}){ |user| ... }
    In block form, yields a User object for each user on the system.  In
    non-block form, returns an Array of User objects.
    
-   Windows only: you may specify a host from which information is retrieved.
-   The default is the local machine.  You can retrieve either a global or
-   local group, depending on the value of the +local+ argument.
+   The +options+ hash is for MS Windows only, and allows you to restrict the
+   search based on the options you provide, e.g. 'domain' or 'localaccount'.
    
 == User class
 === User (Windows)
@@ -140,33 +137,14 @@ Admin::Error < StandardError
    information.  This means that the WMI service must be running on the
    target machine in order to work (which it is, by default).
 	
-   Note that, by default, local user and group information is retrieved
-   instead of global.  You probably do NOT want to iterate over global users
-   or groups because there can be quite a few on your domain.
-   
 === UNIX
    The underlying implementation is similar to core Ruby's Etc implementation.
    But, in addition to the different interface, I use the re-entrant version
    of the appropriate functions when available.
 
 == Future Plans
-   Add the following methods for UNIX:
-
-   * Admin.add_local_user
-   * Admin.config_local_user
-   * Admin.delete_local_user
-   * Admin.add_global_user
-   * Admin.config_global_user
-   * Admin.delete_global_user
-   
-   * Admin.add_local_group
-   * Admin.config_local_group
-   * Admin.delete_local_group
-   * Admin.add_global_group
-   * Admin.config_global_group
-   * Admin.delete_global_group
-
    Make the User and Group objects comparable.
+   Add ability to add, configure and delete users on Unix platforms.
 
 == Known Bugs
    None that I'm aware of. If you find any, please log them on the project
@@ -176,7 +154,7 @@ Admin::Error < StandardError
    Ruby's
 
 == Copyright
-   (C) 2005-2008, Daniel J. Berger
+   (C) 2005-2009, Daniel J. Berger
    All Rights Reserved
 
 == Author

data/Rakefile

@@ -52,5 +52,10 @@ Rake::TestTask.new("test") do |t|
       t.libs << 'ext'
       t.libs.delete('lib')
    end
-   t.test_files = FileList['test/tc_admin.rb']
+   t.libs << 'test'
+   t.test_files = FileList['test/test_sys_admin.rb']
+end
+
+task :test do
+   Rake.application[:clean].execute
 end

data/lib/sys/admin.rb

@@ -31,6 +31,9 @@ module Sys
       # Sets whether or not the group is local (as opposed to global).
       attr_writer :local
 
+      # An array of members for that group. May contain SID's.
+      attr_accessor :members
+
       # Creates and returns a new Group object.  This class encapsulates
       # the information for a group account, whether it be global or local.
       #
@@ -128,6 +131,9 @@ module Sys
 
       # Full name of a local user.
       attr_accessor :full_name
+
+      # An array of groups to which the user belongs.
+      attr_accessor :groups
       
       # Date the user account was created.
       attr_accessor :install_date
@@ -282,7 +288,7 @@ module Sys
    end
    
    class Admin
-      VERSION = '1.4.4'
+      VERSION = '1.5.0'
 
       # This is the error raised in the majority of cases if anything goes wrong
       # with any of the Sys::Admin methods.
@@ -300,222 +306,348 @@ module Sys
       SidTypeComputer       = 9
 
       private
+
+      # A private method that lower cases all keys, and converts them
+      # all to symbols.
+      #
+      def self.munge_options(opts)
+         rhash = {}
+
+         opts.each{ |k, v|
+            k = k.to_s.downcase.to_sym
+            rhash[k] = v
+         }
+
+         rhash
+      end
+
+      # An internal, private method for getting a list of groups for
+      # a particular user.
+      #
+      def self.get_groups(domain, user)
+         array = []
+         adsi = WIN32OLE.connect("WinNT://#{domain}/#{user}")
+         adsi.groups.each{ |g| array << g.name }
+         array
+      end
+
+      # An internal, private method for getting a list of members for
+      # any particular group.
+      #
+      def self.get_members(domain, group)
+         array = []
+         adsi = WIN32OLE.connect("WinNT://#{domain}/#{group}")
+         adsi.members.each{ |g| array << g.name }
+         array
+      end
       
       # Used by the get_login method
       GetUserName = Win32API.new('advapi32', 'GetUserName', 'PP', 'L') # :nodoc:
 
       public
 
-      # Configures the global +user+ on +domain+ using options.
-      #
-      # See http://tinyurl.com/3hjv9 for a list of valid options.
-      #     
-      def self.config_global_user(user, options, domain)
-         begin     
-            adsi = WIN32OLE.connect("WinNT://#{domain}/#{user},user")
+      # Creates the given +user+. If no domain option is specified,
+      # then it defaults to your local host, i.e. a local account is
+      # created.
+      #
+      # Any options provided are treated as IADsUser interface methods
+      # and are called before SetInfo is finally called.
+      #
+      # Examples:
+      #
+      #  # Create a local user with no options
+      #  Sys::Admin.add_user(:name => 'asmith')
+      #
+      #  # Create a local user with options
+      #  Sys::Admin.add_user(
+      #     :name        => 'asmith',
+      #     :description => 'Really cool guy',
+      #     :password    => 'abc123'
+      #  )
+      #
+      #  # Create a user on a specific domain
+      #  Sys::Admin.add_user(
+      #     :name     => 'asmith',
+      #     :domain   => 'XX',
+      #     :fullname => 'Al Smith'
+      #  )
+      #--
+      # Most options are passed to the 'put' method. However, we handle the
+      # password specially since it's a separate method, and some environments
+      # require that it be set up front.
+      #
+      def self.add_user(options = {})
+         options = munge_options(options)
+         
+         name   = options.delete(:name) or raise ArgumentError, 'No user given'
+         domain = options[:domain]
+
+         if domain.nil?
+            domain  = Socket.gethostname
+            moniker = "WinNT://#{domain},Computer"   
+         else
+            moniker = "WinNT://#{domain}"
+         end
+
+         begin   
+            adsi = WIN32OLE.connect(moniker)
+            user = adsi.create('user', name)  
             options.each{ |option, value|
-               adsi.put(option.to_s, value)
+               if option.to_s == 'password'
+                  user.setpassword(value)
+               else
+                  user.put(option.to_s, value)
+               end
             }
-            adsi.setinfo
+            user.setinfo
          rescue WIN32OLERuntimeError => err
             raise Error, err
          end
       end
 
-      # Configures the local +user+ on +host+ using +options+.  If no host
-      # is specified, the default is localhost.
+      # Configures the +user+ using +options+. If no domain option is
+      # specified then your local host is used, i.e. you are configuring
+      # a local user account.
       #
       # See http://tinyurl.com/3hjv9 for a list of valid options.
-      #  
-      def self.config_local_user(user, options, host=Socket.gethostname)      
+      #
+      # In the case of a password change, pass a two element array as the
+      # old value and new value.
+      #
+      # Examples:
+      #
+      #  # Configure a local user
+      #  Sys::Admin.configure_user(
+      #     :name        => 'djberge',
+      #     :description => 'Awesome'
+      #  )
+      #
+      #  # Change the password
+      #  Sys::Admin.configure_user(
+      #     :name     => 'asmith',
+      #     :password => [old_pass, new_pass]
+      #  )
+      #
+      #  # Configure a user on a specific domain
+      #  Sys::Admin.configure_user(
+      #     :name      => 'jsmrz',
+      #     :domain    => 'XX',
+      #     :firstname => 'Jo'
+      #  )
+      #
+      def self.configure_user(options = {})
+         options = munge_options(options)
+
+         name   = options.delete(:name) or raise ArgumentError, 'No name given'
+         domain = options[:domain] || Socket.gethostname
+
          begin     
-            adsi = WIN32OLE.connect("WinNT://#{host}/#{user},user")
+            adsi = WIN32OLE.connect("WinNT://#{domain}/#{name},user")
             options.each{ |option, value|
-               adsi.put(option.to_s, value)
+               if option.to_s == 'password'
+                  adsi.changepassword(value[0], value[1])
+               else
+                  adsi.put(option.to_s, value)
+               end
             }
             adsi.setinfo
          rescue WIN32OLERuntimeError => err
             raise Error, err
          end
       end
-     
-      # Adds the global +user+ on +domain+
+
+      # Deletes the given +user+ on +domain+. If no domain is specified,
+      # then it defaults to your local host, i.e. a local account is
+      # deleted.
       #
-      def self.add_global_user(user, domain)
+      def self.delete_user(user, domain = nil)
+         if domain.nil?
+            domain  = Socket.gethostname
+            moniker = "WinNT://#{domain},Computer"   
+         else
+            moniker = "WinNT://#{domain}"
+         end
+
          begin   
-            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
-            user = adsi.create("user", user)  
-            user.setinfo
+            adsi = WIN32OLE.connect(moniker)
+            adsi.delete('user', user)  
          rescue WIN32OLERuntimeError => err
             raise Error, err
          end
       end
-      
-      # Adds the local +user+ on +host+, or the localhost if none is specified.
+
+      # Create a new +group+ using +options+. If no domain option is specified
+      # then a local group is created instead.
       #
-      def self.add_local_user(user, host=Socket.gethostname)
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
-            user = adsi.create("user", user)
-            user.setinfo
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
+      # Examples:
+      #
+      #  # Create a local group with no options
+      #  Sys::Admin.add_group(:name => 'Dudes')
+      #
+      #  # Create a local group with options
+      #  Sys::Admin.add_group(:name => 'Dudes', :description => 'Boys')
+      #
+      #  # Create a group on a specific domain
+      #  Sys::Admin.add_group(
+      #     :name        => 'Ladies',
+      #     :domain      => 'XYZ',
+      #     :description => 'Girls'
+      #  )
+      #
+      def self.add_group(options = {})
+         options = munge_options(options)
+
+         group  = options.delete(:name) or raise ArgumentError, 'No name given'
+         domain = options[:domain]
+
+         if domain.nil?
+            domain  = Socket.gethostname
+            moniker = "WinNT://#{domain},Computer"
+         else
+            moniker = "WinNT://#{domain}"
          end
-      end
 
-      # Deletes the local +user+ from +host+, or localhost if no host specified.
-      #
-      def self.delete_local_user(user, host=Socket.gethostname)       
          begin
-            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
-            adsi.delete("user", user)
+            adsi = WIN32OLE.connect(moniker)
+            group = adsi.create('group', group)
+            group.setinfo
+            configure_group(options) unless options.empty?
          rescue WIN32OLERuntimeError => err
             raise Error, err
          end
       end
-      
-      # Deletes the global +user+ from +domain+.
-      #
-      def self.delete_global_user(user, domain)   
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{domain}")
-            adsi.delete("user", user)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end 
-      end
-      
-      # Configures the global +group+ on +domain+ using +options+.
+
+      # Configures the +group+ using +options+. If no domain option is
+      # specified then your local host is used, i.e. you are configuring
+      # a local group.
       #
       # See http://tinyurl.com/cjkzl for a list of valid options.
       #
-      def self.config_global_group(group, options, domain)
+      # Examples:
+      #
+      #  # Configure a local group.
+      #  Sys::Admin.configure_group(:name => 'Abba', :description => 'Swedish')
+      #
+      #  # Configure a group on a specific domain.
+      #  Sys::Admin.configure_group(
+      #     :name        => 'Web Team',
+      #     :domain      => 'Foo',
+      #     :description => 'Web programming cowboys'
+      #  )
+      #
+      def self.configure_group(options = {})
+         options = munge_options(options)
+
+         group  = options.delete(:name) or raise ArgumentError, 'No name given'
+         domain = options[:domain] || Socket.gethostname
+
          begin                
             adsi = WIN32OLE.connect("WinNT://#{domain}/#{group},group")
-            options.each{ |option, value|
-               adsi.put(option.to_s, value)
-            }
+            options.each{ |option, value| adsi.put(option.to_s, value) }
             adsi.setinfo
          rescue WIN32OLERuntimeError => err
             raise Error, err
          end
       end
 
-      # Configures the local +group+ on +host+ using +options+.  If no host
-      # is specified, the default is localhost.
-      #
-      # See http://tinyurl.com/cjkzl for a list of valid options.
+      # Delete the +group+ from +domain+. If no domain is specified, then
+      # you are deleting a local group.
       #
-      def self.config_local_group(group, options, host=Socket.gethostname)      
-         begin     
-            adsi = WIN32OLE.connect("WinNT://#{host}/#{group},group")
-            options.each{ |option, value|
-               adsi.put(option.to_s, value)
-            }
-            adsi.setinfo
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
-      end
-      
-      # Add global +group+ to +domain+.
-      #
-      def self.add_global_group(group, domain)
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{domain},Computer")
-            obj = adsi.create("group", group)
-            obj.setinfo
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
+      def self.delete_group(group, domain = nil)
+         if domain.nil?
+            domain = Socket.gethostname
+            moniker = "WinNT://#{domain},Computer"
+         else
+            moniker = "WinNT://#{domain}"
          end
-      end
 
-      # Add local +group+ to +host+, or the localhost if no host is specified.
-      #
-      def self.add_local_group(group, host=Socket.gethostname)
          begin
-            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
-            obj = adsi.create("group", group)
-            obj.setinfo
+            adsi = WIN32OLE.connect(moniker)
+            obj = adsi.delete('group', group)
          rescue WIN32OLERuntimeError => err
             raise Error, err
          end
       end
       
-      # Delete the global +group+ from +domain+.
-      #
-      def self.delete_global_group(groupid, domain)
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{domain},Computer")
-            obj = adsi.delete("group", groupid)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
-      end
-      
-      # Delete the local +group+ from +host+, or localhost if no host specified.
-      #
-      def self.delete_local_group(groupid, host=Socket.gethostname)
-         begin
-            adsi = WIN32OLE.connect("WinNT://#{host},Computer")
-            obj = adsi.delete("group", groupid)
-         rescue WIN32OLERuntimeError => err
-            raise Error, err
-         end
-      end
-     
       # Returns the user name (only) of the current login.
       #
       def self.get_login
          buffer = 0.chr * 256
-         nsize = [buffer.size].pack("L")
+         nsize  = [buffer.size].pack("L")
 
          if GetUserName.call(buffer, nsize) == 0
             raise Error, 'GetUserName() call failed in get_login'
          end
 
-         length = nsize.unpack('L')[0]
+         length   = nsize.unpack('L')[0]
          username = buffer[0 ... length].chop
          username
       end
-      
+
       # Returns a User object based on either +name+ or +uid+.
       #
       # call-seq:
-      #    get_user(name, host=localhost)
-      #    get_user(uid, host=localhost, local=true)
+      #    Sys::Admin.get_user(name, options = {})
+      #    Sys::Admin.get_user(uid, options = {})
+      #
+      # Looks for +usr+ information based on the options you specify, where
+      # the +usr+ argument can be either a user name or a RID.
+      #
+      # If a 'host' option is specified, information is retrieved from that
+      # host. Otherwise, the local host is used.
+      #
+      # All other options are converted to WQL statements against the
+      # Win32_UserAccount WMI object. See http://tinyurl.com/by9nvn for a
+      # list of possible options.
       #
-      # You may specify a +host+ from which information is retrieved.  The
-      # default is the local machine.  You may also specify whether to
-      # retrieve a local or global account.  The default is local.
+      # Examples:
       #
-      def self.get_user(usr, host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
+      #  # Get a user by name
+      #  Admin.get_user('djberge')
+      #
+      #  # Get a user by uid
+      #  Admin.get_user(100)
+      #
+      #  # Get a user on a specific domain
+      #  Admin.get_user('djberge', :domain => 'TEST')
+      #--
+      # The reason for keeping the +usr+ variable as a separate argument
+      # instead of rolling it into the options hash was to keep a unified
+      # API between the Windows and UNIX versions.
+      #
+      def self.get_user(usr, options = {})
+         options = munge_options(options)
+
+         host = options.delete(:host) || Socket.gethostname
          cs = "winmgmts:{impersonationLevel=impersonate}!"
          cs << "//#{host}/root/cimv2"
          
          begin
             wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise Error, e
+         rescue WIN32OLERuntimeError => err
+            raise Error, err
          end
          
          query = "select * from win32_useraccount"
-         query << " where localaccount = true" if local
-         
-         if usr.kind_of?(Fixnum)
-            if local
-               query << " and sid like '%-#{usr}'"
+
+         i = 0
+
+         options.each{ |opt, val|
+            if i == 0
+               query << " where #{opt} = '#{val}'"
+               i += 1
             else
-               query << " where sid like '%-#{usr}'"
+               query << " and #{opt} = '#{val}'"
             end
+         }
+
+         if usr.kind_of?(Fixnum)
+            query << " and sid like '%-#{usr}'"
          else
-            if local
-               query << " and name = '#{usr}'"
-            else
-               query << " where name = '#{usr}'"
-            end
+            query << " and name = '#{usr}'"
          end
+
+         domain = options[:domain] || host
          
          wmi.execquery(query).each{ |user|
             uid = user.sid.split('-').last.to_i
@@ -527,23 +659,24 @@ module Sys
             end
 
             user_object = User.new do |u|
-               u.account_type = user.accounttype
-               u.caption      = user.caption
-               u.description  = user.description
-               u.disabled     = user.disabled
-               u.domain       = user.domain
-               u.full_name    = user.fullname
-               u.install_date = user.installdate
-               u.local        = user.localaccount
-               u.lockout      = user.lockout
-               u.name         = user.name
+               u.account_type        = user.accounttype
+               u.caption             = user.caption
+               u.description         = user.description
+               u.disabled            = user.disabled
+               u.domain              = user.domain
+               u.full_name           = user.fullname
+               u.install_date        = user.installdate
+               u.local               = user.localaccount
+               u.lockout             = user.lockout
+               u.name                = user.name
                u.password_changeable = user.passwordchangeable
                u.password_expires    = user.passwordexpires
                u.password_required   = user.passwordrequired
-               u.sid      = user.sid
-               u.sid_type = user.sidtype
-               u.status   = user.status
-               u.uid      = uid
+               u.sid                 = user.sid
+               u.sid_type            = user.sidtype
+               u.status              = user.status
+               u.uid                 = uid
+               u.groups              = get_groups(domain, user.name)
             end
 
             return user_object
@@ -553,19 +686,34 @@ module Sys
          raise Error, "no user found for '#{usr}'"
       end
       
-      # In block form, yields a User object for each user on the system.  In
+      # In block form, yields a User object for each user on the system. In
       # non-block form, returns an Array of User objects.
       #
       # call-seq:
-      #    users(host=localhost, local=true)
-      #    users(host=localhost, local=true){ |user| ... }
+      #    Sys::Admin.users(options = {})
+      #    Sys::Admin.users(options = {}){ |user| ... }
+      #
+      # You may specify a host from which information is retrieved. The
+      # default is the local host.
+      #
+      # All other arguments are passed as WQL query parameters against
+      # the Win32_UserAccont WMI object.
+      #
+      # Examples:
+      #
+      #  # Get all local account users
+      #  Sys::Admin.users(:localaccount => true)
+      #
+      #  # Get all user accounts on a specific domain
+      #  Sys::Admin.users(:domain => 'FOO')
       #
-      # You may specify a host from which information is retrieved.  The
-      # default is the local machine.  You can retrieve either a global or
-      # local group, depending on the value of the +local+ argument.
+      #  # Get a single user from a domain
+      #  Sys::Admin.users(:name => 'djberge', :domain => 'FOO')
       #
-      def self.users(host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
+      def self.users(options = {})
+         options = munge_options(options)
+
+         host = options.delete(:host) || Socket.gethostname
          cs = "winmgmts:{impersonationLevel=impersonate}!"
          cs << "//#{host}/root/cimv2"
          
@@ -576,27 +724,40 @@ module Sys
          end
          
          query = "select * from win32_useraccount"
-         query << " where localaccount = true" if local
+
+         i = 0
+
+         options.each{ |opt, val|
+            if i == 0
+               query << " where #{opt} = '#{val}'"
+               i += 1
+            else
+               query << " and #{opt} = '#{val}'"
+            end
+         }
+
          array = []
+         domain = options[:domain] || host
          
          wmi.execquery(query).each{ |user|
             usr = User.new do |u|
-               u.account_type = user.accounttype
-               u.caption      = user.caption
-               u.description  = user.description
-               u.disabled     = user.disabled
-               u.domain       = user.domain
-               u.full_name    = user.fullname
-               u.install_date = user.installdate
-               u.local        = user.localaccount
-               u.lockout      = user.lockout
-               u.name         = user.name
+               u.account_type        = user.accounttype
+               u.caption             = user.caption
+               u.description         = user.description
+               u.disabled            = user.disabled
+               u.domain              = user.domain
+               u.full_name           = user.fullname
+               u.install_date        = user.installdate
+               u.local               = user.localaccount
+               u.lockout             = user.lockout
+               u.name                = user.name
                u.password_changeable = user.passwordchangeable
                u.password_expires    = user.passwordexpires
                u.password_required   = user.passwordrequired
-               u.sid      = user.sid
-               u.sid_type = user.sidtype
-               u.status   = user.status
+               u.sid                 = user.sid
+               u.sid_type            = user.sidtype
+               u.status              = user.status
+               u.groups              = get_groups(domain, user.name)
             end
             
             if block_given?
@@ -605,47 +766,70 @@ module Sys
                array.push(usr)
             end
          }
+
          return array unless block_given?
       end
       
-      # Returns a Group object based on either +name+ or +uid+.
+      # Returns a Group object based on either +name+ or +gid+.
       #
       # call-seq:
-      #    get_group(name, host=localhost, local=true) 
-      #    get_group(gid, host=localhost, local=true)
+      #    Sys::Admin.get_group(name, options = {})
+      #    Sys::Admin.get_group(gid, options = {})
+      #
+      # If a numeric value is sent as the first parameter, it is treated
+      # as a RID and is checked against the SID for a match.
+      #
+      # You may specify a host as an option from which information is
+      # retrieved. The default is the local host.
+      #
+      # All other options are passed as WQL parameters to the Win32_Group
+      # WMI object. See http://tinyurl.com/bngc8s for a list of possible
+      # options.
+      #  
+      # Examples:
+      #
+      #  # Find a group by name
+      #  Sys::Admin.get_group('Web Team')
+      #
+      #  # Find a group by id
+      #  Sys::Admin.get_group(31667)
       #
-      # You may specify a host from which information is retrieved.
-      # The default is the local machine.  You can retrieve either a global or
-      # local group, depending on the value of the +local+ argument.
+      #  # Find a group on a specific domain
+      #  Sys::Admin.get_group('Web Team', :domain => 'FOO')
       #
-      def self.get_group(grp, host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
+      def self.get_group(grp, options = {})
+         options = munge_options(options)
+
+         host = options.delete(:host) || Socket.gethostname
          cs = "winmgmts:{impersonationLevel=impersonate}!"
          cs << "//#{host}/root/cimv2"
-         gid = nil
-         
+
          begin
             wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise Error, e
+         rescue WIN32OLERuntimeError => err
+            raise Error, err
          end
                   
          query = "select * from win32_group"
-         query << " where localaccount = true" if local
-         
-         if grp.kind_of?(Fixnum)
-            if local
-               query << " and sid like '%-#{grp}'"
+
+         i = 0
+
+         options.each{ |opt, val|
+            if i == 0
+               query << " where #{opt} = '#{val}'"
+               i += 1
             else
-               query << " where sid like '%-#{grp}'"
+               query << " and #{opt} = '#{val}'"
             end
+         }
+         
+         if grp.kind_of?(Fixnum)
+            query << " and sid like '%-#{grp}'"
          else
-            if local
-               query << " and name = '#{grp}'"
-            else
-               query << " where name = '#{grp}'"
-            end
+            query << " and name = '#{grp}'"
          end
+
+         domain = options[:domain] || host
          
          wmi.execquery(query).each{ |group|
             gid = group.sid.split("-").last.to_i
@@ -667,6 +851,7 @@ module Sys
                g.sid          = group.sid                         
                g.sid_type     = group.sidtype
                g.status       = group.status
+               g.members      = get_members(domain, group.name)
             end
 
             return group_object
@@ -680,28 +865,56 @@ module Sys
       # non-block form, returns an Array of Group objects.
       #
       # call-seq:
-      #    groups(host=localhost, local=true)
-      #    groups(host=localhost, local=true){ |group| ... }
+      #    groups(options = {})
+      #    groups(options = {}){ |group| ... }
+      #
+      # You may specify a host option from which information is retrieved.
+      # The default is the local host.
+      #
+      # All other options are passed as WQL parameters to the Win32_Group
+      # WMI object. See http://tinyurl.com/bngc8s for a list of possible
+      # options.
+      #
+      # Examples:
       #
-      # You may specify a host from which information is retrieved.
-      # The default is the local machine.  You can retrieve either a global or
-      # local group, depending on the value of the +local+ argument.
+      #  # Get local group information
+      #  Sys::Admin.groups(:localaccount => true)
       #
-      def self.groups(host=Socket.gethostname, local=true)
-         host = Socket.gethostname if host.nil?
+      #  # Get all groups on a specific domain
+      #  Sys::Admin.groups(:domain => 'FOO')
+      #
+      #  # Get a specific group on a domain
+      #  Sys::Admin.groups(:name => 'Some Group', :domain => 'FOO')
+      #
+      def self.groups(options = {})
+         options = munge_options(options)
+
+         host = options.delete(:host) || Socket.gethostname
          cs = "winmgmts:{impersonationLevel=impersonate}!"
          cs << "//#{host}/root/cimv2"
          
          begin
             wmi = WIN32OLE.connect(cs)
-         rescue WIN32OLERuntimeError => e
-            raise Error, e
+         rescue WIN32OLERuntimeError => err
+            raise Error, err
          end
          
          query = "select * from win32_group"
-         query << " where localaccount = true" if local
-         
+
+         i = 0
+
+         options.each{ |opt, val|
+            if i == 0
+               query << " where #{opt} = '#{val}'"
+               i += 1
+            else
+               query << " and #{opt} = '#{val}'"
+            end
+         }
+
          array = []
+         domain = options[:domain] || host
+
          wmi.execquery(query).each{ |group|
             grp = Group.new do |g|
                g.caption      = group.caption
@@ -714,13 +927,16 @@ module Sys
                g.sid          = group.sid                         
                g.sid_type     = group.sidtype
                g.status       = group.status
+               g.members      = get_members(domain, group.name)
             end
+
             if block_given?
                yield grp
             else
                array.push(grp)
             end
          }
+
          return array unless block_given?
       end
    end