public pGina.Shared.Types.BooleanResult AuthenticateUser(pGina.Shared.Types.SessionProperties properties)
{
pGina.Shared.Types.UserInformation userInfo = properties.GetTrackedSingle <pGina.Shared.Types.UserInformation>();
// Get the Kerberos Realm we are authenticating against from the registry
string krbRealm = Settings.Store.Realm;
//m_logger.InfoFormat("Kerberos Target Realm: {0}", krbRealm);
/**
* Call unmanaged DLL that will deal with Microsofts AcquireCredentialHandle() and InitializeSecurityContext() calls after creating a new SEC_WIN_AUTH_IDENTITY structure
* from the supplied user name, password, and domain. The return result will indicate either success or various kerberos error messages.
* */
int r = auth_user(userInfo.Username, userInfo.Password, krbRealm, "krbtgt/" + krbRealm.ToUpper());
switch (r)
{
/*
* The SPN kerberos target service could not be reached. Format should be <service-name>/REALM where the service is usually krbtgt (kerberos ticket granting ticket) followed by
* the realm you are targeting (all capitals) such as MYREALM.UTAH.EDU
*
* ex: krbtgt/MYREALM.UTAH.EDU
* */
case -2146893039:
return(new pGina.Shared.Types.BooleanResult()
{
Success = false, Message = "Failed to contact authenticating kerberos authority."
});
/*
* The user name and/or password supplied at login through pGina does not match in the kerberos realm.
* */
case -2146893044:
return(new pGina.Shared.Types.BooleanResult()
{
Success = false, Message = "Failed due to bad password and/or user name."
});
/*
* The SPN for your kerberos target was incorrect. Format should be <service-name>/REALM where the service is usually krbtgt (kerberos ticket granting ticket) followed by
* the realm you are targeting (all capitals) such as MYREALM.UTAH.EDU
*
* ex: krbtgt/MYREALM.UTAH.EDU
* */
case -2146893053:
return(new pGina.Shared.Types.BooleanResult()
{
Success = false, Message = "Failed due to bad kerberos Security Principal Name."
});
/*
* Success
* */
case 0:
return(new pGina.Shared.Types.BooleanResult()
{
Success = true, Message = "Success"
});
default:
return(new pGina.Shared.Types.BooleanResult()
{
Success = false, Message = "Failed to authenticate due to unknown error." + r
});
}
}
public void SessionChange(System.ServiceProcess.SessionChangeDescription changeDescription, pGina.Shared.Types.SessionProperties properties)
{
m_logger.DebugFormat("SessionChange({0}) - ID: {1}", changeDescription.Reason.ToString(), changeDescription.SessionId);
m_logger.DebugFormat("Client IP:{0}", TSManager.ListSessions(changeDescription.SessionId));
//If SessionMode is enabled, send event to it.
if (true)
{
ILoggerMode mode = LoggerModeFactory.getLoggerMode(LoggerMode.SESSION);
mode.Log(changeDescription, properties);
}
//If EventMode is enabled, send event to it.
if (true)
{
ILoggerMode mode = LoggerModeFactory.getLoggerMode(LoggerMode.EVENT);
mode.Log(changeDescription, properties);
}
//Close the connection if it's still open
LoggerModeFactory.closeConnection();
}
