public pGina.Shared.Types.BooleanResult AuthenticateUser(pGina.Shared.Types.SessionProperties properties) { pGina.Shared.Types.UserInformation userInfo = properties.GetTrackedSingle <pGina.Shared.Types.UserInformation>(); // Get the Kerberos Realm we are authenticating against from the registry string krbRealm = Settings.Store.Realm; //m_logger.InfoFormat("Kerberos Target Realm: {0}", krbRealm); /** * Call unmanaged DLL that will deal with Microsofts AcquireCredentialHandle() and InitializeSecurityContext() calls after creating a new SEC_WIN_AUTH_IDENTITY structure * from the supplied user name, password, and domain. The return result will indicate either success or various kerberos error messages. * */ int r = auth_user(userInfo.Username, userInfo.Password, krbRealm, "krbtgt/" + krbRealm.ToUpper()); switch (r) { /* * The SPN kerberos target service could not be reached. Format should be <service-name>/REALM where the service is usually krbtgt (kerberos ticket granting ticket) followed by * the realm you are targeting (all capitals) such as MYREALM.UTAH.EDU * * ex: krbtgt/MYREALM.UTAH.EDU * */ case -2146893039: return(new pGina.Shared.Types.BooleanResult() { Success = false, Message = "Failed to contact authenticating kerberos authority." }); /* * The user name and/or password supplied at login through pGina does not match in the kerberos realm. * */ case -2146893044: return(new pGina.Shared.Types.BooleanResult() { Success = false, Message = "Failed due to bad password and/or user name." }); /* * The SPN for your kerberos target was incorrect. Format should be <service-name>/REALM where the service is usually krbtgt (kerberos ticket granting ticket) followed by * the realm you are targeting (all capitals) such as MYREALM.UTAH.EDU * * ex: krbtgt/MYREALM.UTAH.EDU * */ case -2146893053: return(new pGina.Shared.Types.BooleanResult() { Success = false, Message = "Failed due to bad kerberos Security Principal Name." }); /* * Success * */ case 0: return(new pGina.Shared.Types.BooleanResult() { Success = true, Message = "Success" }); default: return(new pGina.Shared.Types.BooleanResult() { Success = false, Message = "Failed to authenticate due to unknown error." + r }); } }
public void SessionChange(System.ServiceProcess.SessionChangeDescription changeDescription, pGina.Shared.Types.SessionProperties properties) { m_logger.DebugFormat("SessionChange({0}) - ID: {1}", changeDescription.Reason.ToString(), changeDescription.SessionId); m_logger.DebugFormat("Client IP:{0}", TSManager.ListSessions(changeDescription.SessionId)); //If SessionMode is enabled, send event to it. if (true) { ILoggerMode mode = LoggerModeFactory.getLoggerMode(LoggerMode.SESSION); mode.Log(changeDescription, properties); } //If EventMode is enabled, send event to it. if (true) { ILoggerMode mode = LoggerModeFactory.getLoggerMode(LoggerMode.EVENT); mode.Log(changeDescription, properties); } //Close the connection if it's still open LoggerModeFactory.closeConnection(); }