class Puppet::Util::Windows::ADSI::User

# File lib/puppet/util/windows/adsi.rb, line 153
def [](attribute)
  native_user.Get(attribute)
end

# File lib/puppet/util/windows/adsi.rb, line 157
def []=(attribute, value)
  native_user.Put(attribute, value)
end

# File lib/puppet/util/windows/adsi.rb, line 182
def add_flag(flag_name, value)
  flag = native_user.Get(flag_name) rescue 0

  native_user.Put(flag_name, flag | value)

  commit
end

# File lib/puppet/util/windows/adsi.rb, line 207
def add_to_groups(*group_names)
  group_names.each do |group_name|
    Puppet::Util::Windows::ADSI::Group.new(group_name).add_member_sids(sid)
  end
end

# File lib/puppet/util/windows/adsi.rb, line 161
def commit
  begin
    native_user.SetInfo unless native_user.nil?
  rescue WIN32OLERuntimeError => e
    # ERROR_BAD_USERNAME 2202L from winerror.h
    if e.message =~ /8007089A/
      raise Puppet::Error.new(
       "Puppet is not able to create/delete domain users with the user resource.",
       e
      )
    end

    raise Puppet::Error.new( "User update failed: #{e}", e )
  end
  self
end

# File lib/puppet/util/windows/adsi.rb, line 200
def groups
  # WIN32OLE objects aren't enumerable, so no map
  groups = []
  native_user.Groups.each {|g| groups << g.Name} rescue nil
  groups
end

# File lib/puppet/util/windows/adsi.rb, line 190
def password=(password)
  if !password.nil?
    native_user.SetPassword(password)
    commit
  end

  fADS_UF_DONT_EXPIRE_PASSWD = 0x10000
  add_flag("UserFlags", fADS_UF_DONT_EXPIRE_PASSWD)
end

# File lib/puppet/util/windows/adsi.rb, line 178
def password_is?(password)
  self.class.logon(name, password)
end

# File lib/puppet/util/windows/adsi.rb, line 214
def remove_from_groups(*group_names)
  group_names.each do |group_name|
    Puppet::Util::Windows::ADSI::Group.new(group_name).remove_member_sids(sid)
  end
end

# File lib/puppet/util/windows/adsi.rb, line 221
def set_groups(desired_groups, minimum = true)
  return if desired_groups.nil? or desired_groups.empty?

  desired_groups = desired_groups.split(',').map(&:strip)

  current_groups = self.groups

  # First we add the user to all the groups it should be in but isn't
  groups_to_add = desired_groups - current_groups
  add_to_groups(*groups_to_add)

  # Then we remove the user from all groups it is in but shouldn't be, if
  # that's been requested
  groups_to_remove = current_groups - desired_groups
  remove_from_groups(*groups_to_remove) unless minimum
end

# File lib/puppet/util/windows/adsi.rb, line 145
def uri
  self.class.uri(sid.account, sid.domain)
end

# File lib/puppet/util/windows/adsi.rb, line 238
def self.create(name)
  # Windows error 1379: The specified local group already exists.
  raise Puppet::Error.new( "Cannot create user if group '#{name}' exists." ) if Puppet::Util::Windows::ADSI::Group.exists? name
  new(name, Puppet::Util::Windows::ADSI.create(name, 'user'))
end

# File lib/puppet/util/windows/adsi.rb, line 246
def self.current_user_name
  user_name = ''
  max_length = MAX_USERNAME_LENGTH + 1 # NULL terminated
  FFI::MemoryPointer.new(max_length * 2) do |buffer| # wide string
    FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
      buffer_size.write_dword(max_length) # length in TCHARs

      if GetUserNameW(buffer, buffer_size) == FFI::WIN32_FALSE
        raise Puppet::Util::Windows::Error.new("Failed to get user name")
      end
      # buffer_size includes trailing NULL
      user_name = buffer.read_wide_string(buffer_size.read_dword - 1)
    end
  end

  user_name
end

# File lib/puppet/util/windows/adsi.rb, line 268
def self.delete(name)
  Puppet::Util::Windows::ADSI.delete(name, 'user')
end

# File lib/puppet/util/windows/adsi.rb, line 272
def self.each(&block)
  wql = Puppet::Util::Windows::ADSI.execquery('select name from win32_useraccount where localaccount = "TRUE"')

  users = []
  wql.each do |u|
    users << new(u.name)
  end

  users.each(&block)
end

# File lib/puppet/util/windows/adsi.rb, line 264
def self.exists?(name)
  Puppet::Util::Windows::ADSI::connectable?(User.uri(*User.parse_name(name)))
end

# File lib/puppet/util/windows/adsi.rb, line 149
def self.logon(name, password)
  Puppet::Util::Windows::User.password_is?(name, password)
end

# File lib/puppet/util/windows/adsi.rb, line 112
def initialize(name, native_user = nil)
  @name = name
  @native_user = native_user
end

# File lib/puppet/util/windows/adsi.rb, line 117
def self.parse_name(name)
  if name =~ /\//
    raise Puppet::Error.new( "Value must be in DOMAIN\\user style syntax" )
  end

  matches = name.scan(/((.*)\)?(.*)/)
  domain = matches[0][1] || '.'
  account = matches[0][2]

  return account, domain
end

# File lib/puppet/util/windows/adsi.rb, line 137
def self.uri(name, host = '.')
  if sid_uri = Puppet::Util::Windows::ADSI.sid_uri_safe(name) then return sid_uri end

  host = '.' if ['NT AUTHORITY', 'BUILTIN', Socket.gethostname].include?(host)

  Puppet::Util::Windows::ADSI.uri(name, 'user', host)
end