def LookupUserGroupFromRid(TargetComputer, Rid):
# get the account domain Sid on the target machine
# note: if you were looking up multiple sids based on the same
# account domain, only need to call this once.
umi2 = NetUserModalsGet(TargetComputer, 2)
domain_sid = umi2['domain_id']
SubAuthorityCount = domain_sid.GetSubAuthorityCount()
# create and init new sid with acct domain Sid + acct Rid
sid = pywintypes.SID()
sid.Initialize(domain_sid.GetSidIdentifierAuthority(),
SubAuthorityCount + 1)
# copy existing subauthorities from account domain Sid into
# new Sid
for i in range(SubAuthorityCount):
sid.SetSubAuthority(i, domain_sid.GetSubAuthority(i))
# append Rid to new Sid
sid.SetSubAuthority(SubAuthorityCount, Rid)
name, domain, typ = LookupAccountSid(TargetComputer, sid)
return name
def info(name):
'''
Return information about a group
CLI Example:
.. code-block:: bash
salt '*' group.info foo
'''
pythoncom.CoInitialize()
nt = win32com.client.Dispatch('AdsNameSpaces')
try:
if "dc=" in name.lower():
groupObj = nt.GetObject('', 'LDAP://' + name)
gr_name = groupObj.cn
gr_mem = []
for member in groupObj.members():
gr_mem.append(member.distinguishedName)
else:
name = name[(name.find('\\') + 1):]
groupObj = nt.GetObject('', 'WinNT://./' + name + ',group')
gr_name = groupObj.Name
gr_mem = []
for member in groupObj.members():
gr_mem.append(_getnetbiosusernamefromsid(member.AdsPath))
gid = win32security.ConvertSidToStringSid(
pywintypes.SID(groupObj.objectSID))
except pywintypes.com_error:
return False
if not gr_name:
return False
return {'name': gr_name, 'passwd': None, 'gid': gid, 'members': gr_mem}
def _sid_from_buffer(b):
return str(pywintypes.SID(b))
def info(name):
'''
Return user information
CLI Example:
.. code-block:: bash
salt '*' user.info root
'''
pythoncom.CoInitialize()
nt = win32com.client.Dispatch('AdsNameSpaces')
ret = {
'name': '',
'fullname': '',
'uid': '',
'comment': '',
'active': '',
'logonscript': '',
'profile': '',
'home': '',
'groups': '',
'gid': ''
}
try:
if 'dc=' in name.lower():
userObj = nt.GetObject('', 'LDAP://' + name)
ret['active'] = (not bool(userObj.userAccountControl
& win32netcon.UF_ACCOUNTDISABLE))
ret['logonscript'] = userObj.scriptPath
ret['profile'] = userObj.profilePath
ret['fullname'] = userObj.DisplayName
ret['name'] = userObj.sAMAccountName
else:
if '\\' in name:
name = name.split('\\')[1]
userObj = nt.GetObject('', 'WinNT://./' + name + ',user')
ret['logonscript'] = userObj.LoginScript
ret['active'] = (not userObj.AccountDisabled)
ret['fullname'] = userObj.FullName
ret['name'] = userObj.Name
if not userObj.Profile:
regProfile = _get_userprofile_from_registry(
name,
win32security.ConvertSidToStringSid(
pywintypes.SID(userObj.objectSID)))
if regProfile:
ret['profile'] = regProfile
else:
ret['profile'] = userObj.Profile
gr_mem = []
for group in userObj.groups():
if 'winnt' in group.ADSPath.lower():
gr_mem.append(_getnetbiosusernamefromsid(group.ADSPath))
else:
gr_mem.append(group.distinguishedName)
ret['groups'] = gr_mem
ret['uid'] = win32security.ConvertSidToStringSid(
pywintypes.SID(userObj.objectSID))
ret['comment'] = userObj.description
ret['home'] = userObj.homeDirectory
ret['gid'] = userObj.primaryGroupID
except pywintypes.com_error:
return False
return ret
