Esempio n. 1
0
        public static void PerformAuditSuccessActions(LapRequestModel model, TargetElement target, ReaderElement reader, UserPrincipal user, ComputerPrincipal computer, SearchResult searchResult)
        {
            Dictionary <string, string> tokens = BuildTokenDictionary(target, reader, user, computer, searchResult, model.ComputerName);
            string logSuccessMessage           = Reporting.LogSuccessTemplate ?? LogMessages.DefaultAuditSuccessText;
            string emailSuccessMessage         = Reporting.EmailSuccessTemplate ?? $"<html><head/><body><pre>{LogMessages.DefaultAuditSuccessText}</pre></body></html>";

            LogEventInfo logEvent = new LogEventInfo(LogLevel.Info, Reporting.Logger.Name, ReplaceTokens(tokens, logSuccessMessage, false));

            logEvent.Properties.Add("EventID", EventIDs.PasswordAccessed);
            Reporting.Logger.Log(logEvent);

            try
            {
                ICollection <string> recipients = Reporting.BuildRecipientList(target, reader, true, user);

                if (recipients.Count > 0)
                {
                    string subject = ReplaceTokens(tokens, LogMessages.AuditEmailSubjectSuccess, false);
                    Reporting.SendEmail(recipients, subject, ReplaceTokens(tokens, emailSuccessMessage, true));
                }
            }
            catch (Exception iex)
            {
                Reporting.LogErrorEvent(EventIDs.AuditErrorCannotSendSuccessEmail, "An error occurred sending the success audit email", iex);
            }
        }
Esempio n. 2
0
        private static ICollection <string> BuildRecipientList(TargetElement target, ReaderElement reader, bool success, UserPrincipal user = null)
        {
            HashSet <string> list = new HashSet <string>(StringComparer.CurrentCultureIgnoreCase);

            if ((success && (target?.Audit?.NotifySuccess ?? false)) ||
                (!success && (target?.Audit?.NotifyFailure ?? false)))
            {
                Reporting.SplitRecipientsAndAddtoList(target?.Audit?.EmailAddresses, list);
            }

            if ((success && (reader?.Audit?.NotifySuccess ?? false)) ||
                (!success && (reader?.Audit?.NotifyFailure ?? false)))
            {
                Reporting.SplitRecipientsAndAddtoList(reader?.Audit?.EmailAddresses, list);
            }

            if ((success && (LapsConfigSection.Configuration?.Audit?.NotifySuccess ?? false)) ||
                (!success && (LapsConfigSection.Configuration?.Audit?.NotifyFailure ?? false)))
            {
                Reporting.SplitRecipientsAndAddtoList(LapsConfigSection.Configuration?.Audit?.EmailAddresses, list);
            }

            if (list.Remove("{user.EmailAddress}"))
            {
                if (!string.IsNullOrWhiteSpace(user?.EmailAddress))
                {
                    list.Add(user.EmailAddress);
                }
            }

            return(list);
        }
Esempio n. 3
0
        private static Dictionary <string, string> BuildTokenDictionary(TargetElement target = null, ReaderElement reader = null, UserPrincipal user = null, ComputerPrincipal computer = null, SearchResult directoryEntry = null, string requestedComputerName = null, string detailMessage = null)
        {
            Dictionary <string, string> pairs = new Dictionary <string, string> {
                { "{user.SamAccountName}", user?.SamAccountName },
                { "{user.DisplayName}", user?.DisplayName },
                { "{user.UserPrincipalName}", user?.UserPrincipalName },
                { "{user.Sid}", user?.Sid?.ToString() },
                { "{user.DistinguishedName}", user?.DistinguishedName },
                { "{user.Description}", user?.Description },
                { "{user.EmailAddress}", user?.EmailAddress },
                { "{user.Guid}", user?.Guid?.ToString() },
                { "{user.GivenName}", user?.GivenName },
                { "{user.Surname}", user?.Surname },
                { "{computer.SamAccountName}", computer?.SamAccountName },
                { "{computer.DistinguishedName}", computer?.DistinguishedName },
                { "{computer.Description}", computer?.Description },
                { "{computer.DisplayName}", computer?.DisplayName },
                { "{computer.Guid}", computer?.Guid?.ToString() },
                { "{computer.Sid}", computer?.Sid?.ToString() },
                { "{requestedComputerName}", requestedComputerName },
                { "{reader.Principal}", reader?.Principal },
                { "{reader.Notify}", reader?.Audit?.EmailAddresses },
                { "{target.Notify}", target?.Audit?.EmailAddresses },
                { "{target.ID}", target?.Name },
                { "{target.IDType}", target?.Type.ToString() },
                { "{message}", detailMessage },
                { "{request.IPAddress}", HttpContext.Current?.Request?.UserHostAddress },
                { "{request.HostName}", HttpContext.Current?.Request?.UserHostName },
                { "{request.Xff}", HttpContext.Current?.Request?.GetXffIP() },
                { "{request.XffAll}", HttpContext.Current?.Request?.GetXffList() },
                { "{request.UnmaskedIPAddress}", HttpContext.Current?.Request?.GetUnmaskedIP() },
                { "{datetime}", DateTime.Now.ToString(CultureInfo.CurrentCulture) },
                { "{datetimeutc}", DateTime.UtcNow.ToString(CultureInfo.CurrentCulture) },
                { "{computer.LapsExpiryDate}", directoryEntry?.GetPropertyDateTimeFromLong(Directory.AttrMsMcsAdmPwdExpirationTime)?.ToString(CultureInfo.CurrentCulture) },
            };

            return(pairs);
        }
Esempio n. 4
0
        public static void PerformAuditFailureActions(LapRequestModel model, string userMessage, int eventID, string logMessage, Exception ex, TargetElement target, ReaderElement reader, UserPrincipal user, ComputerPrincipal computer)
        {
            Dictionary <string, string> tokens = BuildTokenDictionary(target, reader, user, computer, null, model.ComputerName, logMessage ?? userMessage);
            string logFailureMessage           = Reporting.LogFailureTemplate ?? LogMessages.DefaultAuditFailureText;
            string emailFailureMessage         = Reporting.EmailFailureTemplate ?? $"<html><head/><body><pre>{LogMessages.DefaultAuditFailureText}</pre></body></html>";

            Reporting.LogErrorEvent(eventID, ReplaceTokens(tokens, logFailureMessage, false), ex);

            try
            {
                ICollection <string> recipients = Reporting.BuildRecipientList(target, reader, false);

                if (recipients.Count > 0)
                {
                    string subject = ReplaceTokens(tokens, LogMessages.AuditEmailSubjectFailure, false);
                    Reporting.SendEmail(recipients, subject, ReplaceTokens(tokens, emailFailureMessage, true));
                }
            }
            catch (Exception iex)
            {
                Reporting.LogErrorEvent(EventIDs.AuditErrorCannotSendFailureEmail, "An error occurred sending the failure audit email", iex);
            }
        }