public void SessionChange(int SessionId, System.ServiceProcess.SessionChangeReason Reason, SessionProperties properties) { if (properties == null) { return; } if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff) { UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); m_logger.DebugFormat("{1} SessionChange SessionLogoff for ID:{0}", SessionId, userInfo.Username); m_logger.InfoFormat("{3} {0} {1} {2}", userInfo.Description.Contains("pGina created pgSMB2"), userInfo.HasSID, properties.CREDUI, userInfo.Username); if (userInfo.Description.Contains("pGina created pgSMB2") && userInfo.HasSID && !properties.CREDUI) { try { Locker.TryEnterWriteLock(-1); RunningTasks.Add(userInfo.Username.ToLower(), true); } finally { Locker.ExitWriteLock(); } // add this plugin into PluginActivityInformation m_logger.DebugFormat("{1} properties.id:{0}", properties.Id, userInfo.Username); PluginActivityInformation notification = properties.GetTrackedSingle <PluginActivityInformation>(); foreach (Guid gui in notification.GetNotificationPlugins()) { m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, userInfo.Username); } m_logger.DebugFormat("{1} PluginActivityInformation add guid:{0}", PluginUuid, userInfo.Username); notification.AddNotificationResult(PluginUuid, new BooleanResult { Message = "", Success = false }); properties.AddTrackedSingle <PluginActivityInformation>(notification); foreach (Guid gui in notification.GetNotificationPlugins()) { m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, userInfo.Username); } Thread rem_smb = new Thread(() => cleanup(userInfo, SessionId, properties)); rem_smb.Start(); } else { m_logger.InfoFormat("{0} {1}. I'm not executing Notification stage", userInfo.Username, (properties.CREDUI) ? "has a program running in his context" : "is'nt a pGina created pgSMB2 user"); } } if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogon) { UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); if (!userInfo.HasSID) { m_logger.InfoFormat("{1} SessionLogon Event denied for ID:{0}", SessionId, userInfo.Username); return; } m_logger.DebugFormat("{1} SessionChange SessionLogon for ID:{0}", SessionId, userInfo.Username); if (userInfo.Description.Contains("pGina created pgSMB2")) { Dictionary <string, string> settings = GetSettings(userInfo.Username, userInfo); if (!String.IsNullOrEmpty(settings["ScriptPath"])) { if (!Abstractions.WindowsApi.pInvokes.StartUserProcessInSession(SessionId, settings["ScriptPath"])) { m_logger.ErrorFormat("Can't run application {0}", settings["ScriptPath"]); Abstractions.WindowsApi.pInvokes.SendMessageToUser(SessionId, "Can't run application", String.Format("I'm unable to run your LoginScript\n{0}", settings["ScriptPath"])); } } IntPtr hToken = Abstractions.WindowsApi.pInvokes.GetUserToken(userInfo.Username, null, userInfo.Password); if (hToken != IntPtr.Zero) { string uprofile = Abstractions.WindowsApi.pInvokes.GetUserProfilePath(hToken); if (String.IsNullOrEmpty(uprofile)) { uprofile = Abstractions.WindowsApi.pInvokes.GetUserProfileDir(hToken); } Abstractions.WindowsApi.pInvokes.CloseHandle(hToken); m_logger.InfoFormat("add LocalProfilePath:[{0}]", uprofile); // the profile realy exists there, instead of assuming it will be created or changed during a login (temp profile[win error reading profile]) userInfo.LocalProfilePath = uprofile; properties.AddTrackedSingle <UserInformation>(userInfo); if ((uprofile.Contains(@"\TEMP") && !userInfo.Username.StartsWith("temp", StringComparison.CurrentCultureIgnoreCase)) || Abstractions.Windows.User.IsProfileTemp(userInfo.SID.ToString()) == true) { m_logger.InfoFormat("TEMP profile detected"); string userInfo_old_Description = userInfo.Description; userInfo.Description = "pGina created pgSMB2 tmp"; properties.AddTrackedSingle <UserInformation>(userInfo); pInvokes.structenums.USER_INFO_4 userinfo4 = new pInvokes.structenums.USER_INFO_4(); if (pInvokes.UserGet(userInfo.Username, ref userinfo4)) { userinfo4.logon_hours = IntPtr.Zero; userinfo4.comment = userInfo.Description; if (!pInvokes.UserMod(userInfo.Username, userinfo4)) { m_logger.ErrorFormat("Can't modify userinformation {0}", userInfo.Username); } } else { m_logger.ErrorFormat("Can't get userinformation {0}", userInfo.Username); } if (userInfo_old_Description.EndsWith("pGina created pgSMB2")) { Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: Windows tmp Login {0} from {1}", userInfo.Username, Environment.MachineName), "Windows was unable to load the profile"); } } } if (userInfo.Description.EndsWith("pGina created pgSMB2")) { try { if (!EventLog.SourceExists("proquota")) { EventLog.CreateEventSource("proquota", "Application"); } } catch { EventLog.CreateEventSource("proquota", "Application"); } Abstractions.Windows.User.SetQuota(pInvokes.structenums.RegistryLocation.HKEY_USERS, userInfo.SID.ToString(), 0); string proquotaPath = System.IO.Path.Combine(System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "proquota.exe"); try { using (Microsoft.Win32.RegistryKey key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes", true)) { if (key != null) { bool proquota_exclude_found = false; foreach (string ValueName in key.GetValueNames()) { if (ValueName.Equals(proquotaPath, StringComparison.CurrentCultureIgnoreCase)) { proquota_exclude_found = true; } } if (!proquota_exclude_found) { key.SetValue(proquotaPath, 0, Microsoft.Win32.RegistryValueKind.DWord); } } } } catch { } m_logger.InfoFormat("start session:{0} prog:{1}", SessionId, proquotaPath); if (!Abstractions.WindowsApi.pInvokes.StartUserProcessInSession(SessionId, proquotaPath + " \"" + userInfo.LocalProfilePath + "\" " + settings["MaxStore"])) { m_logger.ErrorFormat("{0} Can't run application {1}", userInfo.Username, "proquota.exe"); } } } else { m_logger.InfoFormat("{0} is'nt a pGina pgSMB2 plugin created user. I'm not executing Notification stage", userInfo.Username); } } }
public BooleanResult AuthenticatedUserGateway(SessionProperties properties) { // get user info UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); BooleanResult RetBool = new BooleanResult(); // get the plugin settings Dictionary <string, string> settings = GetSettings(userInfo.Username, userInfo); if (settings.ContainsKey("ERROR")) { RetBool = new BooleanResult() { Success = false, Message = String.Format("Can't parse plugin settings ", settings["ERROR"]) }; Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: unable to Login {0} from {1}", userInfo.Username, Environment.MachineName), RetBool.Message); return(RetBool); } Roaming ro = new Roaming(); RetBool = ro.get(settings, userInfo.Username, userInfo.Password); if (!RetBool.Success) { //Roaming.email(settings["email"], settings["smtp"], userInfo.Username, userInfo.Password, String.Format("pGina: unable to Login {0} from {1}", userInfo.Username, Environment.MachineName), RetBool.Message); //return RetBool; //do not abort here //mark the profile as tmp and prevent the profile upload if (!ro.userAdd(settings, userInfo.Username, userInfo.Password, "pGina created pgSMB2 tmp")) { ro.userDel(settings, userInfo.Username, userInfo.Password); Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: tmp Login failed {0} from {1}", userInfo.Username, Environment.MachineName), "tmp login failed"); return(RetBool); } Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: tmp Login {0} from {1}", userInfo.Username, Environment.MachineName), "failed to get the profile\nmarking as tmp"); } pInvokes.structenums.USER_INFO_4 userinfo4 = new pInvokes.structenums.USER_INFO_4(); if (pInvokes.UserGet(userInfo.Username, ref userinfo4)) { if (RetBool.Success) { userInfo.SID = new SecurityIdentifier(userinfo4.user_sid); } userInfo.Description = userinfo4.comment; } else // we should never go there { if (RetBool.Success) { userInfo.Description = "pGina created pgSMB2"; } else { userInfo.Description = "pGina created pgSMB2 tmp"; } } properties.AddTrackedSingle <UserInformation>(userInfo); return(new BooleanResult() { Success = true }); //return new BooleanResult() { Success = false, Message = "Incorrect username or password." }; }