public PluginDriver()
{
m_logger = LogManager.GetLogger(string.Format("PluginDriver:{0}", m_sessionId));
m_properties = new SessionProperties(m_sessionId);
// Add the user information object we'll be using for this session
UserInformation userInfo = new UserInformation();
m_properties.AddTrackedSingle<UserInformation>(userInfo);
// Add the plugin tracking object we'll be using for this session
PluginActivityInformation pluginInfo = new PluginActivityInformation();
pluginInfo.LoadedAuthenticationGatewayPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthenticationGateway>();
pluginInfo.LoadedAuthenticationPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthentication>();
pluginInfo.LoadedAuthorizationPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthorization>();
m_properties.AddTrackedSingle<PluginActivityInformation>(pluginInfo);
m_logger.DebugFormat("New PluginDriver created");
}
public void InitTest()
{
// Default test settings, reset for each test
Settings.Store.LdapHost = host;
Settings.Store.LdapPort = port;
Settings.Store.LdapTimeout = 10;
Settings.Store.EncryptionMethod = (int)encMethod;
Settings.Store.RequireCert = validateCert;
Settings.Store.SearchDN = searchDN;
Settings.Store.SetEncryptedSetting("SearchPW", searchPW);
Settings.Store.GroupDnPattern = "cn=%g,ou=Group,dc=example,dc=com";
Settings.Store.GroupMemberAttrib = "memberUid";
Settings.Store.UseAuthBindForAuthzAndGateway = false;
// Authentication
Settings.Store.AllowEmptyPasswords = false;
Settings.Store.DnPattern = "uid=%u,ou=People,dc=example,dc=com";
Settings.Store.DoSearch = false;
Settings.Store.SearchFilter = "";
Settings.Store.SearchContexts = new string[] { };
// Authorization
Settings.Store.GroupAuthzRules = new string[] { (new GroupAuthzRule(true)).ToRegString() };
Settings.Store.AuthzRequireAuth = false;
Settings.Store.AuthzAllowOnError = true;
// Gateway
Settings.Store.GroupGatewayRules = new string[] { };
// Set up session props
m_props = new SessionProperties(BogusSessionId);
UserInformation userInfo = new UserInformation();
m_props.AddTrackedSingle<UserInformation>(userInfo);
userInfo.Username = "******";
userInfo.Password = "******";
PluginActivityInformation actInfo = new PluginActivityInformation();
m_props.AddTrackedSingle<PluginActivityInformation>(actInfo);
}
/// <summary>
/// m_sessionPropertyCache must be locked
/// </summary>
/// <param name="session"></param>
private void CREDUIhelper(int session)
{
m_logger.InfoFormat("CREDUIhelper:({0})", session);
List<SessionProperties> mysessionList = m_sessionPropertyCache.Get(session); //list of all users in my session
if (mysessionList.Count == 0)
{
m_logger.InfoFormat("User:? in session:{0} is unknown to pGina", session);
return;
}
UserInformation userInfo = m_sessionPropertyCache.Get(session).First().GetTrackedSingle<UserInformation>(); //this user is logging of right now (my user)
List<int> SessionsList = m_sessionPropertyCache.GetAll(); //all pgina watched sessions
Dictionary<int,List<string>> othersessioncontext = new Dictionary<int,List<string>>(); //all exept my sessions, a list of usernames in which a process is running
foreach (int Sessions in SessionsList)
{
if (session != Sessions) //if not my session
{
//get all usersNames from processes that dont run in my own session (context in which those processes are running)
List<string> sesscontext = Abstractions.WindowsApi.pInvokes.GetSessionContext(Sessions);
othersessioncontext.Add(Sessions, sesscontext);
}
}
List<string> InteractiveUserList = Abstractions.WindowsApi.pInvokes.GetInteractiveUserList(); //get interactive users
foreach (SessionProperties s in m_sessionPropertyCache.Get(session))
{
m_logger.InfoFormat("info: username:{0} credui:{1} description:{2} session:{3}", s.GetTrackedSingle<UserInformation>().Username, s.CREDUI, s.GetTrackedSingle<UserInformation>().Description, session);
}
//catch runas.exe credui processes
foreach (KeyValuePair<int, List<string>> context in othersessioncontext)
{
// all usersNames from processes in session bla.Key format: sessionID\username
m_logger.InfoFormat("othersessioncontext: {0}", String.Join(" ", context.Value.Select(s => String.Format("{0}\\{1}", context.Key, s))));
List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(context.Key); //sessionlist of SessionProperties
foreach (string user in context.Value)
{
if (!othersessionList.Any(s => s.GetTrackedSingle<UserInformation>().Username.Equals(user, StringComparison.CurrentCultureIgnoreCase)))
{
//user is not part of othersessionList
bool cancopy = false;
foreach (int Session in SessionsList)
{
if (context.Key != Session && !cancopy) //if not bla.key session
{
foreach (SessionProperties sesprop in m_sessionPropertyCache.Get(Session))
{
UserInformation sespropUInfo = sesprop.GetTrackedSingle<UserInformation>();
if (sespropUInfo.Username.Equals(user, StringComparison.CurrentCultureIgnoreCase))
{
// SessionProperties found
SessionProperties osesprop = new SessionProperties(Guid.NewGuid(), true);
PluginActivityInformation pluginInfo = new PluginActivityInformation();
osesprop.AddTrackedSingle<UserInformation>(sespropUInfo);
osesprop.AddTrackedSingle<PluginActivityInformation>(pluginInfo);
othersessionList.Add(osesprop);
m_logger.InfoFormat("add user:{0} into SessionProperties of session:{1} with GUID:{2} and set CREDUI to:{3}", sespropUInfo.Username, context.Key, osesprop.Id, osesprop.CREDUI);
cancopy = true;
m_sessionPropertyCache.Add(context.Key, othersessionList);// refresh the cache
break;
}
}
}
}
if (!cancopy)
{
m_logger.InfoFormat("unamble to track program running under user:{0} in session:{1}", user, context.Key);
}
}
}
}
/*
for (int y = 0; y < mysessionList.Count; y++)
{
UserInformation allmyuInfo = mysessionList[y].GetTrackedSingle<UserInformation>();
foreach (int Sessions in SessionsList)
{
if (session != Sessions) //if not my session
{
// there is a program running as user 'allmyuInfo.Username' in session 'Sessions'
// && this user 'allmyuInfo.Username' is not an interactive user
m_logger.InfoFormat("{0} '{1}' '{2}'", allmyuInfo.Username, String.Join(" ", othersessioncontext[Sessions]), String.Join(" ", InteractiveUserList));
if (othersessioncontext[Sessions].Any(s => s.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase)) && !InteractiveUserList.Any(s => s.ToLower().Contains(Sessions + "\\" + allmyuInfo.Username.ToLower())))
{
bool hit = false;
List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine)
for (int x = 1; x < othersessionList.Count; x++)
{
UserInformation ouserInfo = othersessionList[x].GetTrackedSingle<UserInformation>();
m_logger.InfoFormat("compare:'{0}' '{1}'", ouserInfo.Username, allmyuInfo.Username);
if (ouserInfo.Username.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase))
{
// SessionProperties List of 'Sessions' contains the user 'allmyuInfo.Username'
hit = true;
}
}
if (!hit)
{
//this program was run by using runas or simmilar
//push it into the SessionProperties list of 'Sessions'
SessionProperties osesprop = new SessionProperties(Guid.NewGuid(), true);
PluginActivityInformation pluginInfo = new PluginActivityInformation();
osesprop.AddTrackedSingle<UserInformation>(allmyuInfo);
osesprop.AddTrackedSingle<PluginActivityInformation>(pluginInfo);
othersessionList.Add(osesprop);
m_logger.InfoFormat("ive found a program in session:{0} that runs in the context of {1}", Sessions, allmyuInfo.Username);
m_logger.InfoFormat("add user:{0} into SessionProperties of session:{1} with GUID:{2} and set CREDUI to:{3}", allmyuInfo.Username, Sessions, osesprop.Id, osesprop.CREDUI);
}
m_sessionPropertyCache.Add(Sessions, othersessionList);// refresh the cache
}
}
}
}
*/
foreach (SessionProperties s in m_sessionPropertyCache.Get(session))
{
m_logger.InfoFormat("info: username:{0} credui:{1} description:{2} session:{3}", s.GetTrackedSingle<UserInformation>().Username, s.CREDUI, s.GetTrackedSingle<UserInformation>().Description, session);
}
//set SessionProperties.CREDUI
for (int y = 0; y < mysessionList.Count; y++)
{
UserInformation allmyuInfo = mysessionList[y].GetTrackedSingle<UserInformation>();
foreach (int Sessions in SessionsList)
{
if (session != Sessions) //if not my session
{
List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine)
for (int x = 0; x < othersessionList.Count; x++) //all entries
{
UserInformation ouserInfo = othersessionList[x].GetTrackedSingle<UserInformation>();
m_logger.InfoFormat("compare '{0}' '{1}'", ouserInfo.Username, allmyuInfo.Username);
if (ouserInfo.Username.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase))
{
// there is an entry in the SessionProperties List of session 'Sessions'
// ill mark CREDUI of user 'allmyuInfo.Username' in my session 'session' as true
// a plugin should not remove or upload a credui user (its up to the plugin dev)
if (mysessionList[y].CREDUI != true)
{
mysessionList[y].CREDUI = true;
m_logger.InfoFormat("an entry in session:{0} was found from user {1}", Sessions, allmyuInfo.Username);
m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", allmyuInfo.Username, session, mysessionList[y].CREDUI);
}
// ill mark CREDUI of user 'ouserInfo.Username' in session 'Sessions' as false
othersessionList[x].CREDUI = false;
m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", ouserInfo.Username, Sessions, othersessionList[x].CREDUI);
}
}
/*
if (othersessioncontext[Sessions].Any(s => s.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase)))
{
// there is a process running in a different session under the context this user
// ill mark the sessioninfo struct of my user as credui true
// a plugin should not remove or upload a credui user (its up to the plugin dev)
//mysessionList.First().CREDUI = true; //the first entry in the list is always an interactive login
mysessionList[y].CREDUI = true;
m_logger.InfoFormat("a program in session:{0} is running in the context of user {1}", Sessions, allmyuInfo.Username);
m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", allmyuInfo.Username, session, mysessionList[y].CREDUI);
List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine)
bool hit = false;
for (int x = 0; x < othersessionList.Count; x++)
{
//one user of this other sessions where a process runs under my user
UserInformation ouserInfo = othersessionList[x].GetTrackedSingle<UserInformation>();
m_logger.InfoFormat("compare:'{0}' '{1}'", ouserInfo.Username, allmyuInfo.Username);
if (ouserInfo.Username.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase))
{
// this is the entry
hit = true;
if (x > 0)
{
// user is non interactive
if (userInfo.Username.Equals(ouserInfo.Username, StringComparison.CurrentCultureIgnoreCase))
{
othersessionList[x].CREDUI = false;
}
else
{
othersessionList[x].CREDUI = true;
}
m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", ouserInfo.Username, Sessions, othersessionList[x].CREDUI);
}
}
}
if (!hit)
{
//this program was run by using runas or simmilar
//push it into the SessionProperties list of this session
SessionProperties osesprop = mysessionList[y];
osesprop.CREDUI = true;
osesprop.Id = new Guid(Guid.NewGuid().ToString());
othersessionList.Add(osesprop);
m_logger.InfoFormat("ive found a program in session:{0} that runs in the context of {1}", Sessions, allmyuInfo.Username);
m_logger.InfoFormat("add user:{0} into SessionProperties of session:{1} an set CREDUI to:{2}", allmyuInfo.Username, Sessions, osesprop.CREDUI);
}
m_sessionPropertyCache.Add(Sessions, othersessionList);// refresh the cache
}*/
}
}
}
m_sessionPropertyCache.Add(session, mysessionList);// refresh the cache
foreach (SessionProperties s in m_sessionPropertyCache.Get(session))
{
m_logger.InfoFormat("info: username:{0} credui:{1} description:{2} session:{3}", s.GetTrackedSingle<UserInformation>().Username, s.CREDUI, s.GetTrackedSingle<UserInformation>().Description, session);
}
/*
//shutdown/reboot case
if (mysessionList.First().CREDUI == false)
{
//this interactive user is logging out
foreach (int Sessions in SessionsList)
{
if (session != Sessions) //if not my session
{
List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine)
for (int y = othersessionList.Count - 1; y > 0; y--) //only other credui users
{
if (userInfo.Username.Equals(othersessionList[y].GetTrackedSingle<UserInformation>().Username, StringComparison.CurrentCultureIgnoreCase))
{
//no process of my users should run anymore anywhere
//if so mysessionList.First().CREDUI would be true
m_logger.InfoFormat("no process is running in session:{0} under the context of user:{1} removing:{1} in session:{0}", Sessions, userInfo.Username);
othersessionList.RemoveAt(y);
}
}
m_sessionPropertyCache.Add(Sessions, othersessionList);// refresh the cache
}
}
}
*/
for (int x = mysessionList.Count - 1; x > 0; x--)
{
UserInformation myuserInfo = mysessionList[x].GetTrackedSingle<UserInformation>();
if (InteractiveUserList.Any(s => s.ToLower().Contains(myuserInfo.Username.ToLower())))
{
// a program in my session runs in a different context of an also interactive logged in user
// ill remove this SessionProperty from my SessionProperties List
mysessionList.RemoveAt(x);
m_logger.InfoFormat("user {0} is still interactively logged in", myuserInfo.Username);
m_logger.InfoFormat("removing SessionProperties entry of user:{0} from session:{1}", myuserInfo.Username, session);
}
}
/*
List<string> myCREDUIusernameList = new List<string>(); //my credui usersnames
for (int x = 1; x < mysessionList.Count; x++)
{
UserInformation myCREDUIusername = mysessionList[x].GetTrackedSingle<UserInformation>();
myCREDUIusernameList.Add(myCREDUIusername.Username);
}*/
for (int x = mysessionList.Count - 1; x > 0; x--) //only credui users
{
bool hit = false;
UserInformation myCREDUIusername = mysessionList[x].GetTrackedSingle<UserInformation>();
foreach (int Sessions in SessionsList)
{
if (session != Sessions) //if not my session
{
List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine)
for (int y = othersessionList.Count - 1; y >= 0; y--) //all users
{
UserInformation oCREDUIusername = othersessionList[y].GetTrackedSingle<UserInformation>();
//m_logger.InfoFormat("'{0}' '{1}'", oCREDUIusername.Username, String.Join(" ", myCREDUIusernameList));
//if (myCREDUIusernameList.Any(s => s.Equals(oCREDUIusername.Username, StringComparison.CurrentCultureIgnoreCase)))
m_logger.InfoFormat("'{0}' '{1}'", myCREDUIusername.Username, oCREDUIusername.Username);
if (myCREDUIusername.Username.Equals(oCREDUIusername.Username, StringComparison.CurrentCultureIgnoreCase))
{
hit = true;
m_logger.InfoFormat("found SessionProperties entry in session:{0} that equals username {1} in my session:{2}", Sessions, oCREDUIusername.Username, session);
m_logger.InfoFormat("removing the SessionProperties entry from session:{0} of user:{1}", session, oCREDUIusername.Username);
mysessionList.RemoveAt(x);
break;
/*
//is the credui programm still running
m_logger.InfoFormat("'{0}' '{1}'", String.Join(" ", othersessioncontext[Sessions].ToArray()), oCREDUIusername.Username);
if (othersessioncontext[Sessions].Any(s => s.Equals(oCREDUIusername.Username, StringComparison.CurrentCultureIgnoreCase)))
{
//remove from my list
m_logger.InfoFormat("the program is still running, removing the SessionProperties entry from session:{0} of user:{1}", session, oCREDUIusername.Username);
mysessionList.RemoveAt(x);
}
else
{
//remove from other list, its not running anymore
m_logger.InfoFormat("the program has been closed, removing the SessionProperties entry from session:{0} of user:{1}", Sessions, oCREDUIusername.Username);
othersessionList.RemoveAt(y);
}*/
}
}
m_sessionPropertyCache.Add(Sessions, othersessionList);
if (hit)
{
break;
}
}
}
if (!hit)
{
//this credui user runs only in my session
m_logger.InfoFormat("the last program in context of {0} is running in session:{1} set CREDUI to false", mysessionList[x].GetTrackedSingle<UserInformation>().Username, session);
mysessionList[x].CREDUI = false;
}
}
// refresh the cache
m_sessionPropertyCache.Add(session, mysessionList);
}
private bool WeAuthedThisUser( PluginActivityInformation actInfo )
{
try
{
BooleanResult ldapResult = actInfo.GetAuthenticationResult(this.Uuid);
return ldapResult.Success;
}
catch (KeyNotFoundException)
{
// The plugin is not enabled for authentication
return false;
}
}
