public void AddResult(Guid pluginId, BooleanResult result)
{
if (m_cpResults.ContainsKey(pluginId))
m_cpResults[pluginId] = result;
else
m_cpResults.Add(pluginId, result);
}
public void AddAuthorizationResult(Guid pluginId, BooleanResult result)
{
if(m_authorization.ContainsKey(pluginId))
m_authorization[pluginId] = result;
else
m_authorization.Add(pluginId, result);
}
public void AddGatewayResult(Guid pluginId, BooleanResult result)
{
if (m_gateway.ContainsKey(pluginId))
m_gateway[pluginId] = result;
else
m_gateway.Add(pluginId, result);
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
UserInformation userInfo = properties.GetTrackedSingle<UserInformation>();
Dictionary<string, Dictionary<bool, string>> settings = GetSettings(userInfo);
Dictionary<bool, string> gateway_sys = settings["gateway_sys"];
foreach (KeyValuePair<bool, string> line in gateway_sys)
{
if (!Run(userInfo.SessionID, line.Value, userInfo, line.Key, true))
return new BooleanResult { Success = false, Message = String.Format("failed to run:{0}", line.Value) };
}
// return false if no other plugin succeeded
BooleanResult ret = new BooleanResult() { Success = false };
PluginActivityInformation pluginInfo = properties.GetTrackedSingle<PluginActivityInformation>();
foreach (Guid uuid in pluginInfo.GetAuthenticationPlugins())
{
if (pluginInfo.GetAuthenticationResult(uuid).Success)
{
return new BooleanResult() { Success = true };
}
else
{
ret.Message = pluginInfo.GetAuthenticationResult(uuid).Message;
}
}
return ret;
}
public void AddAuthenticateResult(Guid pluginId, BooleanResult result)
{
lock (m_authentication)
{
if (m_authentication.ContainsKey(pluginId))
m_authentication[pluginId] = result;
else
m_authentication.Add(pluginId, result);
}
}
public BooleanResult GatewayProcess()
{
PluginActivityInformation pluginInfo = m_properties.GetTrackedSingle<PluginActivityInformation>();
List<IPluginAuthenticationGateway> plugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthenticationGateway>();
m_logger.DebugFormat("Processing gateways for user {0}, {1} plugins available", m_properties.GetTrackedSingle<UserInformation>().Username, plugins.Count);
foreach (IPluginAuthenticationGateway plugin in plugins)
{
m_logger.DebugFormat("Calling {0}", plugin.Uuid);
BooleanResult pluginResult = new BooleanResult() { Message = null, Success = false };
try
{
pluginResult = plugin.AuthenticatedUserGateway(m_properties);
pluginInfo.AddGatewayResult(plugin.Uuid, pluginResult);
// All must succeed, fail = total fail
if (!pluginResult.Success)
{
m_logger.ErrorFormat("{0} Failed to process gateway for {1} message: {2}", plugin.Uuid, m_properties.GetTrackedSingle<UserInformation>().Username, pluginResult.Message);
return pluginResult;
}
}
catch (Exception e)
{
m_logger.ErrorFormat("{0} Threw an unexpected exception, treating this as failure: {1}", plugin.Uuid, e);
return pluginResult;
}
}
m_logger.InfoFormat("Successfully processed gateways for {0}", m_properties.GetTrackedSingle<UserInformation>().Username);
return new BooleanResult() { Success = true };
}
public BooleanResult AuthenticateUser()
{
PluginActivityInformation pluginInfo = m_properties.GetTrackedSingle<PluginActivityInformation>();
List<IPluginAuthentication> plugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthentication>();
m_logger.DebugFormat("Authenticating user {0}, {1} plugins available", m_properties.GetTrackedSingle<UserInformation>().Username, plugins.Count);
// At least one must succeed
BooleanResult finalResult = new BooleanResult() { Success = false };
foreach (IPluginAuthentication plugin in plugins)
{
m_logger.DebugFormat("Calling {0}", plugin.Uuid);
BooleanResult pluginResult = new BooleanResult() { Message = null, Success = false };
try
{
pluginResult = plugin.AuthenticateUser(m_properties);
pluginInfo.AddAuthenticateResult(plugin.Uuid, pluginResult);
if (pluginResult.Success)
{
m_logger.DebugFormat("{0} Succeeded", plugin.Uuid);
finalResult.Success = true;
}
else
{
if (!string.IsNullOrEmpty(pluginResult.Message))
{
m_logger.WarnFormat("{0} Failed with Message: {1}", plugin.Uuid, pluginResult.Message);
finalResult.Message = pluginResult.Message;
}
else
{
m_logger.WarnFormat("{0} Failed without a message", plugin.Uuid);
}
}
}
catch (Exception e)
{
m_logger.ErrorFormat("{0} Threw an unexpected exception, assuming failure: {1}", plugin.Uuid, e);
}
}
if (finalResult.Success)
{
// Clear any errors from plugins if we did succeed
finalResult.Message = null;
m_logger.InfoFormat("Successfully authenticated {0}", m_properties.GetTrackedSingle<UserInformation>().Username);
}
else
{
m_logger.ErrorFormat("Failed to authenticate {0}, Message: {1}", m_properties.GetTrackedSingle<UserInformation>().Username, finalResult.Message);
}
return finalResult;
}
public BooleanResult GatewayProcess()
{
PluginActivityInformation pluginInfo = m_properties.GetTrackedSingle<PluginActivityInformation>();
List<IPluginAuthenticationGateway> plugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthenticationGateway>();
m_logger.DebugFormat("Processing gateways for user {0}, {1} plugins available", m_properties.GetTrackedSingle<UserInformation>().Username, plugins.Count);
foreach (IPluginAuthenticationGateway plugin in plugins)
{
m_logger.DebugFormat("Calling {0}", plugin.Uuid);
BooleanResult pluginResult = new BooleanResult() { Message = null, Success = false };
try
{
pluginResult = plugin.AuthenticatedUserGateway(m_properties);
pluginInfo.AddGatewayResult(plugin.Uuid, pluginResult);
// All must succeed, fail = total fail
if (!pluginResult.Success)
{
m_logger.ErrorFormat("{0} Failed to process gateway for {1} message: {2}", plugin.Uuid, m_properties.GetTrackedSingle<UserInformation>().Username, pluginResult.Message);
return pluginResult;
}
}
catch (Exception e)
{
m_logger.ErrorFormat("{0} Threw an unexpected exception, treating this as failure: {1}", plugin.Uuid, e);
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), "", "", String.Format("pGina: Gateway plugin Exception {0}", Environment.MachineName), e.ToString());
return new BooleanResult() { Message = e.Message, Success = false };
}
}
m_logger.InfoFormat("Successfully processed gateways for {0}", m_properties.GetTrackedSingle<UserInformation>().Username);
return new BooleanResult() { Success = true };
}
public BooleanResult AuthorizeUser()
{
PluginActivityInformation pluginInfo = m_properties.GetTrackedSingle<PluginActivityInformation>();
List<IPluginAuthorization> plugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthorization>();
m_logger.DebugFormat("Authorizing user {0}, {1} plugins available", m_properties.GetTrackedSingle<UserInformation>().Username, plugins.Count);
// At least one must succeed
BooleanResult finalResult = new BooleanResult() { Message = null, Success = true };
foreach (IPluginAuthorization plugin in plugins)
{
m_logger.DebugFormat("Calling {0}", plugin.Uuid);
BooleanResult pluginResult = new BooleanResult() { Message = null, Success = false };
try
{
pluginResult = plugin.AuthorizeUser(m_properties);
pluginInfo.AddAuthorizationResult(plugin.Uuid, pluginResult);
if (pluginResult.Success)
{
m_logger.DebugFormat("{0} Succeeded", plugin.Uuid);
finalResult.Success = true;
}
else
{
finalResult.Success = false;
if (!string.IsNullOrEmpty(pluginResult.Message))
{
m_logger.WarnFormat("{0} Failed with Message: {1}", plugin.Uuid, pluginResult.Message);
finalResult.Message = pluginResult.Message;
}
else
{
m_logger.WarnFormat("{0} Failed without a message", plugin.Uuid);
}
break;
}
}
catch (Exception e)
{
m_logger.ErrorFormat("{0} Threw an unexpected exception, treating this as failure: {1}", plugin.Uuid, e);
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), "", "", String.Format("pGina: Authorize plugin Exception {0}", Environment.MachineName), e.ToString());
return new BooleanResult() { Message = e.Message, Success = false };
}
}
if (finalResult.Success)
{
// Clear any errors from plugins if we did succeed
finalResult.Message = null;
m_logger.InfoFormat("Successfully authorized {0}", m_properties.GetTrackedSingle<UserInformation>().Username);
}
else
{
m_logger.ErrorFormat("Failed to authorized {0}, Message: {1}", m_properties.GetTrackedSingle<UserInformation>().Username, finalResult.Message);
}
return finalResult;
}
private LoginResponseMessage HandleLoginRequest(LoginRequestMessage msg)
{
try
{
PluginDriver sessionDriver = new PluginDriver();
bool LastUsernameEnable = Settings.Get.LastUsernameEnable;
msg = SplitDomainfromUsername(msg);
sessionDriver.UserInformation.Username = msg.Username;
sessionDriver.UserInformation.Password = (String.IsNullOrEmpty(msg.Password)) ? "" : msg.Password;
sessionDriver.UserInformation.Domain = msg.Domain;
sessionDriver.UserInformation.SessionID = msg.Session;
if (msg.Reason == LoginRequestMessage.LoginReason.CredUI)
{
sessionDriver.SessionProperties.CREDUI = true;
}
if (String.IsNullOrEmpty(sessionDriver.UserInformation.Username))
{
return new LoginResponseMessage() { Result = false, Message = String.Format("No Username supplied\n\n'{0}' was entered and parsed to '{1}'", msg.Username, sessionDriver.UserInformation.Username) };
}
// check if a plugin still does some logoff work for this user
Boolean thisUserLogoff = false;
foreach (IPluginLogoffRequestAddTime plugin in PluginLoader.GetOrderedPluginsOfType<IPluginLogoffRequestAddTime>())
{
if (plugin.LoginUserRequest(sessionDriver.UserInformation.Username))
thisUserLogoff = true;
}
if (thisUserLogoff)
{
return new LoginResponseMessage() { Result = false, Message = String.Format("Still logoff work to do for user {0}\nWait a view seconds and retry", sessionDriver.UserInformation.Username) };
}
// do the domain logon
string domainmember = Abstractions.WindowsApi.pInvokes.GetMachineDomainMembershipEX();
m_logger.InfoFormat("domain check:[{0}] [{1}] [{2}]", Regex.IsMatch(msg.Username, "\\|@"), !String.IsNullOrEmpty(domainmember), !sessionDriver.UserInformation.Domain.Equals(Environment.MachineName, StringComparison.CurrentCultureIgnoreCase));
if ((Regex.IsMatch(msg.Username, "\\|@") || !String.IsNullOrEmpty(domainmember)) && !sessionDriver.UserInformation.Domain.Equals(Environment.MachineName, StringComparison.CurrentCultureIgnoreCase))
{
m_logger.DebugFormat("domain logon: Username:{0} domainmember:{1} domain:{2}", msg.Username, domainmember, sessionDriver.UserInformation.Domain);
// if domain was provided by username and it got messed up ...
if (String.IsNullOrEmpty(sessionDriver.UserInformation.Domain) && Regex.IsMatch(msg.Username, "\\|@"))
{
return new LoginResponseMessage() { Result = false, Message = String.Format("No Domainname supplied\n\n'{0}' was entered and parsed to '{1}'", msg.Username, sessionDriver.UserInformation.Domain) };
}
if (Abstractions.WindowsApi.pInvokes.DomainMember(sessionDriver.UserInformation.Domain))
{
m_logger.InfoFormat("DomainMember");
// pc is member of this domain provided by the username field
if (Abstractions.WindowsApi.pInvokes.ValidateUser(sessionDriver.UserInformation.Username, sessionDriver.UserInformation.Domain, sessionDriver.UserInformation.Password))
{
if (LastUsernameEnable && msg.Reason == LoginRequestMessage.LoginReason.Login)
{
Settings.s_settings.SetSetting("LastUsername", String.Format("{0}\\{1}", sessionDriver.UserInformation.Domain, sessionDriver.UserInformation.Username));
}
m_logger.InfoFormat("Sucess");
return new LoginResponseMessage()
{
Result = true,
Message = "",
Username = sessionDriver.UserInformation.Username,
Domain = sessionDriver.UserInformation.Domain,
Password = sessionDriver.UserInformation.Password
};
}
else
{
string message = String.Format("The provided account:{0} name does not exist on:{1} or the password is wrong", sessionDriver.UserInformation.Username, sessionDriver.UserInformation.Domain);
m_logger.InfoFormat(message);
return new LoginResponseMessage()
{
Result = false,
Message = message,
Username = sessionDriver.UserInformation.Username,
Domain = sessionDriver.UserInformation.Domain,
Password = sessionDriver.UserInformation.Password
};
}
}
else if (!String.IsNullOrEmpty(domainmember))
{
m_logger.InfoFormat("GetMachineDomainMembership");
// pc is member of a domain
sessionDriver.UserInformation.Domain = domainmember;
if (Abstractions.WindowsApi.pInvokes.ValidateUser(sessionDriver.UserInformation.Username, sessionDriver.UserInformation.Domain, sessionDriver.UserInformation.Password))
{
if (LastUsernameEnable && msg.Reason == LoginRequestMessage.LoginReason.Login)
{
Settings.s_settings.SetSetting("LastUsername", String.Format("{0}\\{1}", sessionDriver.UserInformation.Domain, sessionDriver.UserInformation.Username));
}
m_logger.InfoFormat("Sucess");
return new LoginResponseMessage()
{
Result = true,
Message = "",
Username = sessionDriver.UserInformation.Username,
Domain = sessionDriver.UserInformation.Domain,
Password = sessionDriver.UserInformation.Password
};
}
else
{
m_logger.InfoFormat("Failed, query Remote({0}) SAM", domainmember);
sessionDriver.UserInformation.Domain = Environment.MachineName;
}
}
}
BooleanResult result = new BooleanResult() { Success = true, Message = "" };
if (new[] { LoginRequestMessage.LoginReason.Login, LoginRequestMessage.LoginReason.CredUI }.Contains(msg.Reason))
{
m_logger.DebugFormat("Processing LoginRequest for: {0} in session: {1} reason: {2}", sessionDriver.UserInformation.Username, msg.Session, msg.Reason);
Boolean isLoggedIN = false;
Boolean isUACLoggedIN = false;
// is this user a local user and was not created by pGina
Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4 userinfo4 = new Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4();
if (Abstractions.WindowsApi.pInvokes.UserGet(sessionDriver.UserInformation.Username, ref userinfo4))
{
if (!userinfo4.comment.Contains("pGina created"))
{
result.Success = Abstractions.WindowsApi.pInvokes.ValidateUser(sessionDriver.UserInformation.Username, sessionDriver.UserInformation.Domain, sessionDriver.UserInformation.Password);
if (result.Success)
{
if (LastUsernameEnable && msg.Reason == LoginRequestMessage.LoginReason.Login)
{
Settings.s_settings.SetSetting("LastUsername", String.Format("{0}", sessionDriver.UserInformation.Username));
}
}
return new LoginResponseMessage()
{
Result = result.Success,
Message = (result.Success) ? "Local non pGina user" : "Unknown username or bad password",
Username = sessionDriver.UserInformation.Username,
Domain = sessionDriver.UserInformation.Domain,
Password = sessionDriver.UserInformation.Password
};
}
}
Dictionary<int, List<string>> contextALL = Abstractions.WindowsApi.pInvokes.GetSessionContext();
List<string> Users = Abstractions.WindowsApi.pInvokes.GetSessionContextParser(-1, contextALL);
List<string> iUsers = Abstractions.WindowsApi.pInvokes.GetInteractiveUserList();
foreach (string user in Users)
{
m_logger.DebugFormat("Program running as user:{0}", user);
if (user.Equals(sessionDriver.UserInformation.Username, StringComparison.CurrentCultureIgnoreCase))
{
//the user is still logged in
isLoggedIN = true;
if (iUsers.Any(s => s.EndsWith("\\" + sessionDriver.UserInformation.Username, StringComparison.CurrentCultureIgnoreCase)))
{
int Locked_sessionID = Convert.ToInt32(iUsers.Find(s => s.EndsWith("\\" + sessionDriver.UserInformation.Username, StringComparison.CurrentCultureIgnoreCase)).Split('\\').First());
m_logger.DebugFormat("User:{0} is Locked in Session:{1}", sessionDriver.UserInformation.Username, Locked_sessionID);
// verify that this unlock is present somewhere in m_sessionPropertyCache
// if not, this login is not backed by m_sessionPropertyCache
if (m_sessionPropertyCache.GetAll().Any(i => i == Locked_sessionID))
{
UserInformation uInfo = m_sessionPropertyCache.Get(Locked_sessionID).First().GetTrackedSingle<UserInformation>();
if (!uInfo.Username.Equals(sessionDriver.UserInformation.Username, StringComparison.CurrentCultureIgnoreCase))
{
// that should never ever happen
m_logger.ErrorFormat("User {0} is Locked in Session {1} but the username doesn't match the session information pGina contains. '{0}' vs. '{2}'", sessionDriver.UserInformation.Username, Locked_sessionID, uInfo.Username);
return new LoginResponseMessage() { Result = false, Message = String.Format("User {0} is Locked in Session {1} but the username doesn't match the session information pGina contains\n\n'{0}' vs '{2}'", sessionDriver.UserInformation.Username, Locked_sessionID, uInfo.Username) };
}
}
else
{
m_logger.ErrorFormat("User {0} is Locked in Session {1} but was not authenticated by pGina. Unable to find SessionProperty in m_sessionPropertyCache.Get({1})", sessionDriver.UserInformation.Username, Locked_sessionID);
return new LoginResponseMessage() { Result = false, Message = String.Format("User {0} is Locked in Session {1} but was not authenticated by pGina\n\nIt is possible that another Credential Provider was used\nor the pGina service has crashed.\n", sessionDriver.UserInformation.Username, Locked_sessionID) };
}
}
else
{
// verify that this UACed login is present somewhere in m_sessionPropertyCache
// if not, this login is not backed by m_sessionPropertyCache
foreach (int session in m_sessionPropertyCache.GetAll())
{
if (m_sessionPropertyCache.Get(session).Any(s => s.GetTrackedSingle<UserInformation>().Username.Equals(sessionDriver.UserInformation.Username, StringComparison.CurrentCultureIgnoreCase)))
{
m_logger.DebugFormat("User:{0} is pGina UACed in Session:{1}", sessionDriver.UserInformation.Username, session);
isUACLoggedIN = true;
break;
}
}
// is this user a local user and was not created by pGina
/*Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4 userinfo4 = new Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4();
if (Abstractions.WindowsApi.pInvokes.UserGet(sessionDriver.UserInformation.Username, ref userinfo4))
{
if (!userinfo4.comment.Contains("pGina created"))
{
m_logger.DebugFormat("User:{0} is local non pGina", sessionDriver.UserInformation.Username);
isUACLoggedIN = true;
}
}*/
if (!isUACLoggedIN)
{
List<string> runas_in_session = new List<string>();
foreach (KeyValuePair<int, List<string>> pair in contextALL)
{
if (pair.Value.Any(s => s.Equals(sessionDriver.UserInformation.Username, StringComparison.CurrentCultureIgnoreCase)))
{
runas_in_session.Add(iUsers.DefaultIfEmpty("").FirstOrDefault(s => s.StartsWith(pair.Key.ToString())));
}
}
m_logger.DebugFormat("There is a program running as {0} but it was'nt started with pGina. I can't log you in because this would conflict with the current running process. Session in which a process is running:{1}", sessionDriver.UserInformation.Username, String.Join(",", runas_in_session));
return new LoginResponseMessage() { Result = false, Message = String.Format("There is a program running as {0} but it was'nt started with pGina.\nI can't log you in because this would conflict with the current running process.\n\nSession in which a process is running:\n{1}", sessionDriver.UserInformation.Username, String.Join("\n", runas_in_session)) };
}
}
}
}
if (!isLoggedIN)
{
result = sessionDriver.PerformLoginProcess();
}
else
{
// testing. ValidateCredentials would be correct here
if (!Abstractions.WindowsApi.pInvokes.ValidateUser(sessionDriver.UserInformation.Username, sessionDriver.UserInformation.Domain, sessionDriver.UserInformation.Password))
{
m_logger.ErrorFormat("Query local SAM: Bad password");
return new LoginResponseMessage()
{
Result = false,
Message = "Bad password",
Username = sessionDriver.UserInformation.Username,
Domain = sessionDriver.UserInformation.Domain,
Password = sessionDriver.UserInformation.Password
};
}
}
if (result.Success && (!isLoggedIN || msg.Reason == LoginRequestMessage.LoginReason.CredUI || isUACLoggedIN))
{
lock (m_sessionPropertyCache)
{
List<SessionProperties> ses = new List<SessionProperties>();
if (m_sessionPropertyCache.Exists(msg.Session))
{
ses = m_sessionPropertyCache.Get(msg.Session);
}
bool partof = false;
foreach (SessionProperties sess in ses)
{
UserInformation ui = sess.GetTrackedSingle<UserInformation>();
m_logger.InfoFormat("compare stored-user:{0} this-user:{1}", ui.Username, sessionDriver.UserInformation.Username);
if (sessionDriver.UserInformation.Username.Equals(ui.Username, StringComparison.CurrentCultureIgnoreCase))
{
partof = true;
m_logger.InfoFormat("contain user {0} in sessioninfo:{1} GUID:{2}", ui.Username, msg.Session, sess.Id);
break;
}
}
if (!partof)
{
if (isLoggedIN)
{
UserInformation ui = FindUserInfoInPropertyCache(sessionDriver.UserInformation.Username);
if (ui != null)
{
ui.SessionID = msg.Session;
sessionDriver.SessionProperties.AddTrackedSingle<UserInformation>(ui);
}
}
else
{
// add local profile path
// its not sure that the profile realy ends up there
// a win profile loading error can redirect the path to a temp path too
UserInformation ui = sessionDriver.SessionProperties.GetTrackedSingle<UserInformation>();
if (ui != null)
{
// worst case empty string
ui.LocalProfilePath = Abstractions.Windows.User.GetProfileDir(ui.Username, ui.Password, ui.SID);
sessionDriver.SessionProperties.AddTrackedSingle<UserInformation>(ui);
m_logger.InfoFormat("ses add LocalProfilePath:[{0}]", ui.LocalProfilePath);
}
}
ses.Add(sessionDriver.SessionProperties);
m_logger.InfoFormat("add user {0} to sessioninfo:{1} GUID:{2} CREDUI:{3}", sessionDriver.UserInformation.Username, msg.Session, sessionDriver.SessionProperties.Id, (msg.Reason == LoginRequestMessage.LoginReason.CredUI) ? "true" : "false");
m_logger.InfoFormat("ses username:{0} description:{1} credui:{2} isLoggedIN:{3}", ses.Last().GetTrackedSingle<UserInformation>().Username, ses.Last().GetTrackedSingle<UserInformation>().Description, ses.Last().CREDUI, isLoggedIN);
m_sessionPropertyCache.Add(msg.Session, ses);
}
}
}
}
else
{
// check if username is equal originalusername
// if not return originalusername and password
bool originalUsernameUnlock = Settings.Get.UseOriginalUsernameInUnlockScenario;
if (originalUsernameUnlock && LoginRequestMessage.LoginReason.Unlock == msg.Reason)
{
m_logger.InfoFormat("Unlock with original Username:{0} for Session:{1}", sessionDriver.UserInformation.Username, msg.Session);
lock (m_sessionPropertyCache)
{
List<SessionProperties> ses = new List<SessionProperties>();
if (m_sessionPropertyCache.Exists(msg.Session))
{
ses = m_sessionPropertyCache.Get(msg.Session);
}
// the first entry is always the interactive user
SessionProperties sess = ses.DefaultIfEmpty(new SessionProperties(Guid.Empty, true)).FirstOrDefault();
UserInformation ui = sess.GetTrackedSingle<UserInformation>();
if (ui.Username != ui.OriginalUsername)
{
if (ui.OriginalPassword == sessionDriver.UserInformation.Password)
{
sessionDriver.UserInformation.Username = ui.Username;
sessionDriver.UserInformation.Domain = Environment.MachineName;
sessionDriver.UserInformation.Password = ui.Password;
result.Success = true;
m_logger.InfoFormat("Unlock as:{0} for Session:{1}", sessionDriver.UserInformation.Username, msg.Session);
}
else
{
result.Success = false;
result.Message = "Password incorrect!";
}
}
}
}
else
{
m_logger.DebugFormat("Parse Request for: {0} in session: {1} reason: {2}", sessionDriver.UserInformation.Username, msg.Session, msg.Reason);
}
}
if (LastUsernameEnable && msg.Reason == LoginRequestMessage.LoginReason.Login && result.Success)
{
Settings.s_settings.SetSetting("LastUsername", String.Format("{0}", sessionDriver.UserInformation.Username));
}
return new LoginResponseMessage()
{
Result = result.Success,
Message = result.Message,
Username = sessionDriver.UserInformation.Username,
Domain = sessionDriver.UserInformation.Domain,
Password = sessionDriver.UserInformation.Password
};
}
catch (Exception e)
{
m_logger.ErrorFormat("Internal error, unexpected exception while handling login request: {0}", e);
return new LoginResponseMessage() { Result = false, Message = "Internal error" };
}
}
private ChangePasswordResponseMessage HandleChangePasswordRequest(ChangePasswordRequestMessage msg)
{
try
{
m_logger.DebugFormat("Processing ChangePasswordRequest for: {0} domain: {1} session: {2}", msg.Username, msg.Domain, msg.Session);
msg = SplitDomainfromUsername(msg);
SessionProperties properties = m_sessionPropertyCache.Get(msg.Session).DefaultIfEmpty(new SessionProperties(Guid.Empty)).FirstOrDefault();
if (properties.Id == Guid.Empty)
{
m_logger.DebugFormat("no SessionProperties cached for user:{0}", msg.Username);
ChangePasswordResponseMessage message = new ChangePasswordResponseMessage();
string domainmember = Abstractions.WindowsApi.pInvokes.GetMachineDomainMembershipEX();
if (msg.Domain.Equals(Environment.MachineName, StringComparison.CurrentCultureIgnoreCase) || Abstractions.WindowsApi.pInvokes.DomainMember(msg.Domain))
{
m_logger.InfoFormat("DomainMember");
// pc is member of this domain provided by the username field
message.Message = Abstractions.WindowsApi.pInvokes.UserChangePassword(msg.Domain, msg.Username, msg.OldPassword, msg.NewPassword);
message.Result = (String.IsNullOrEmpty(message.Message)) ? true : false;
message.Domain = msg.Domain;
// abort
return message;
}
else if (!String.IsNullOrEmpty(domainmember))
{
m_logger.InfoFormat("GetMachineDomainMembership");
// pc is member of a domain
message.Message = Abstractions.WindowsApi.pInvokes.UserChangePassword(domainmember, msg.Username, msg.OldPassword, msg.NewPassword);
message.Domain = domainmember;
if (String.IsNullOrEmpty(message.Message))
{
message.Result = true;
return message;
}
else
{
message.Message = String.Format("Remote({0}) Error:{1}\n\n", domainmember, message.Message);
}
}
// local
string mess = Abstractions.WindowsApi.pInvokes.UserChangePassword(Environment.MachineName, msg.Username, msg.OldPassword, msg.NewPassword);
message.Result = (String.IsNullOrEmpty(mess)) ? true : false;
message.Domain = Environment.MachineName;
if (!message.Result)
{
message.Message += "Local Error:" + mess;
}
else
{
message.Message = mess;
}
return message;
}
UserInformation userinfo = properties.GetTrackedSingle<UserInformation>();
userinfo.oldPassword = userinfo.Password; // msg.OldPassword;
userinfo.Password = msg.NewPassword;
properties.AddTrackedSingle<UserInformation>(userinfo);
ChangePasswordPluginActivityInfo pluginInfo = new ChangePasswordPluginActivityInfo();
pluginInfo.LoadedPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginChangePassword>();
BooleanResult Result = new BooleanResult();
// Once a failure is encountered a failure is returned
foreach ( IPluginChangePassword plug in PluginLoader.GetOrderedPluginsOfType<IPluginChangePassword>() )
{
// Execute the plugin
m_logger.DebugFormat("ChangePassword: executing {0}", plug.Uuid);
Result = plug.ChangePassword(properties, pluginInfo);
m_logger.DebugFormat("ChangePassword: result from {0} is {1} message: {2}", plug.Uuid, Result.Success, Result.Message);
if (!Result.Success)
{
userinfo.Password = userinfo.oldPassword;
properties.AddTrackedSingle<UserInformation>(userinfo);
break;
}
}
if (!Result.Success)
{
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userinfo.Username, userinfo.Password, String.Format("pGina: Password change error for {0} from {1}", msg.Username, Environment.MachineName), Result.Message);
}
return new ChangePasswordResponseMessage()
{
Result = Result.Success,
Message = Result.Message,
Username = msg.Username,
Domain = msg.Domain
};
}
catch (Exception e)
{
m_logger.ErrorFormat("Internal error, unexpected exception while handling change password request: {0}", e);
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), "", "", String.Format("pGina: Password change error for {0} from {1}", msg.Username, Environment.MachineName), e.ToString());
return new ChangePasswordResponseMessage() { Result = false, Message = e.Message };
}
}
private ChangePasswordResponseMessage HandleChangePasswordRequest(ChangePasswordRequestMessage msg)
{
try
{
m_logger.DebugFormat("Processing ChangePasswordRequest for: {0} domain: {1}",
msg.Username, msg.Domain);
ChangePasswordInfo cpInfo = new ChangePasswordInfo()
{
Username = msg.Username,
Domain = msg.Domain,
OldPassword = msg.OldPassword,
NewPassword = msg.NewPassword
};
ChangePasswordPluginActivityInfo pluginInfo = new ChangePasswordPluginActivityInfo();
pluginInfo.LoadedPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginChangePassword>();
BooleanResult finalResult = new BooleanResult { Success = false, Message = "" };
// One success means the final result is a success, and we return the message from
// the last success. Otherwise, we return the message from the last failure.
foreach ( IPluginChangePassword plug in PluginLoader.GetOrderedPluginsOfType<IPluginChangePassword>() )
{
// Execute the plugin
m_logger.DebugFormat("ChangePassword: executing {0}", plug.Uuid);
BooleanResult pluginResult = plug.ChangePassword(cpInfo, pluginInfo);
// Add result to our list of plugin results
pluginInfo.AddResult(plug.Uuid, pluginResult);
m_logger.DebugFormat("ChangePassword: result from {0} is {1} message: {2}",
plug.Uuid, pluginResult.Success, pluginResult.Message);
if (pluginResult.Success)
{
finalResult.Success = true;
finalResult.Message = pluginResult.Message;
}
else
{
if (!finalResult.Success)
{
finalResult.Message = pluginResult.Message;
}
}
}
m_logger.DebugFormat("ChangePassword: returning final result {0}, message {1}",
finalResult.Success, finalResult.Message);
return new ChangePasswordResponseMessage()
{
Result = finalResult.Success,
Message = finalResult.Message,
Username = msg.Username,
Domain = msg.Domain
};
}
catch (Exception e)
{
m_logger.ErrorFormat("Internal error, unexpected exception while handling change password request: {0}", e);
return new ChangePasswordResponseMessage() { Result = false, Message = "Internal error" };
}
}
private BooleanResult PutProfile(Dictionary<string, string> settings, string username, string password, string LocalProfilePath, SecurityIdentifier SID)
{
int ret_code = -1;
string uPath = LocalProfilePath; // should be set by sessionlogon
if (String.IsNullOrEmpty(LocalProfilePath))
{
m_logger.InfoFormat("LocalProfilePath is empty re-evaluate");
uPath = GetExistingUserProfile(username, password, SID.Value);
}
if (!File.Exists(uPath + "\\NTUSER.DAT"))
{
return new BooleanResult() { Success = false, Message = String.Format("Unable to find \"{0}{1}\"", uPath, "\\NTUSER.DAT") };
}
if (!settings["MaxStore"].Equals("0"))
{
long uPath_size = GetDirectorySize(uPath, settings["MaxStoreExclude"]);
if (uPath_size == 0)
{
return new BooleanResult() { Success = false, Message = String.Format("User directory:{0} size returned:0", uPath) };
}
uPath_size = Convert.ToInt64(uPath_size / 1024);
if (uPath_size > Convert.ToInt64(settings["MaxStore"]))
{
return new BooleanResult() { Success = false, Message = String.Format("User directory:{0} MaxStore:{1} kbyte exceeded:{2} kbyte", uPath, Convert.ToInt64(settings["MaxStore"]), uPath_size) };
}
}
//crappy windows cant open 2 connection to the same server
//we need to fool win to think the server is a different one
//simply by using IP or FQDN
string[] server = {null, null};
for (uint x = 0; x < Convert.ToUInt32(settings["ConnectRetry"]); x++)
{
server = SMBserver(settings["SMBshare"], true);
if (!String.IsNullOrEmpty(server[0]) && !String.IsNullOrEmpty(server[1]))
{
break;
}
Thread.Sleep(new TimeSpan(0, 0, 3));
}
if (String.IsNullOrEmpty(server[0]) || String.IsNullOrEmpty(server[1]))
{
m_logger.InfoFormat("can't resolve IP or FQDN from {0} I will try to continue, but the upload my fail with System Error 1219", settings["SMBshare"]);
}
else
{
if (!server[0].Equals(server[1]))
{
// dont replace any accurance except the first
server[0] = @"\\" + server[0];
server[1] = @"\\" + server[1];
settings["SMBshare"] = settings["SMBshare"].ToLower().Replace(server[0].ToLower(), server[1]);
settings["RoamingSource"] = settings["RoamingSource"].ToLower().Replace(server[0].ToLower(), server[1]);
// fooled you
}
else
{
m_logger.InfoFormat("can't fool windows to think {0} is a different server. I will try to continue but the upload my fail with System Error 1219", server[0]);
}
}
for (uint x = 0; x < Convert.ToUInt32(settings["ConnectRetry"]); x++)
{
// run imagex in capture mode
string stdmerge = "";
m_logger.DebugFormat("Run \"{0}\" \"{1}\"", settings["Compressor"], settings["CompressCLI"].Replace("%z",uPath));
ret_code = RunWait(settings["Compressor"], settings["CompressCLI"].Replace("%z", uPath), out stdmerge);
if (ret_code == 0)
{
break;
}
m_logger.DebugFormat("Exitcode:{0}\n{1}", ret_code, tail(stdmerge, 10));
if (x < Convert.ToUInt32(settings["ConnectRetry"]))
{
Thread.Sleep(new TimeSpan(0, 0, 30));
}
}
//where is the compressed profile now?
string ThereIsTheProfile = null;
string[] array = settings["CompressCLI"].Split(' ');
foreach (string element in array)
{
if (element.ToLower().Contains(settings["Filename"].ToLower()))
{
ThereIsTheProfile = element.Trim(new char[] { '"', '\'', '`', ' ', '\t' });
m_logger.InfoFormat("The file is stored at {0}", ThereIsTheProfile);
}
}
if (String.IsNullOrEmpty(ThereIsTheProfile))
{
return new BooleanResult() { Success = false, Message = String.Format("Unable to find the file \"{0}\" in your compress command {1}", settings["Filename"], settings["CompressCLI"]) };
}
else
{
if (ret_code != 0)
{
m_logger.DebugFormat("File.Delete {0}", ThereIsTheProfile);
File.Delete(ThereIsTheProfile);
}
}
if (ret_code == 0)
{
if (!Connect2share(settings["SMBshare"], username, password, Convert.ToUInt32(settings["ConnectRetry"]), false))
{
return new BooleanResult() { Success = false, Message = String.Format("Unable to connect to {0}", settings["RoamingSource"]) };
}
if (!Directory.Exists(settings["RoamingSource"]))
{
if (!Connect2share(settings["SMBshare"], null, null, 0, true))
{
m_logger.WarnFormat("unable to disconnect from {0}", settings["RoamingSource"]);
}
return new BooleanResult() { Success = false, Message = String.Format("Can't find {0}", settings["RoamingSource"]) };
}
string remoteFile = settings["RoamingSource"] + "\\" + settings["Filename"];
string remoteFileBAK = settings["RoamingSource"] + "\\" + settings["Filename"] + ".bak";
//while (File.Exists(remoteFileBAK) && File.Exists(remoteFile))
for (uint x = 0; x < Convert.ToUInt32(settings["ConnectRetry"]); x++)
{
// if there is a remote image and a bak image, delete the bak
if (File.Exists(remoteFileBAK) && File.Exists(remoteFile))
{
try
{
m_logger.DebugFormat("File.Delete {0}", remoteFileBAK);
File.Delete(remoteFileBAK);
}
catch (Exception ex)
{
m_logger.Debug(ex.Message);
Thread.Sleep(new TimeSpan(0, 0, 1));
}
}
}
//while (File.Exists(remoteFile))
for (uint x = 0; x < Convert.ToUInt32(settings["ConnectRetry"]); x++)
{
// if there is a remote wim, rename it to bak
if (File.Exists(remoteFile))
{
try
{
m_logger.DebugFormat("File.Move {0} {1}", remoteFile, remoteFileBAK);
File.Move(remoteFile, remoteFileBAK);
break;
}
catch (Exception ex)
{
m_logger.Debug(ex.Message);
Thread.Sleep(new TimeSpan(0, 0, 1));
}
}
}
// check share space
long wimbak_size = 0;
long wim_size = 0;
if (File.Exists(remoteFileBAK))
{
FileInfo fwimbak = new FileInfo(remoteFileBAK);
wimbak_size = fwimbak.Length;
}
FileInfo fwim = new FileInfo(ThereIsTheProfile);
wim_size = fwim.Length;
long[] freespace = Abstractions.WindowsApi.pInvokes.GetFreeShareSpace(settings["SMBshare"]);
if (freespace[0] > -1)
{
if (wim_size > freespace[0])
{
if ((wim_size - wimbak_size) < freespace[0])
{
m_logger.InfoFormat("I'll store the bak file at {0} instead of {1}, because there is not enough space on {2} {3} bytes", ThereIsTheProfile + ".bak", remoteFileBAK, settings["SMBshare"], freespace);
try
{
m_logger.InfoFormat("File.Copy {0} {1}", remoteFileBAK, ThereIsTheProfile + ".bak");
File.Copy(remoteFileBAK, ThereIsTheProfile + ".bak", true);
m_logger.InfoFormat("File.Delete {0}", remoteFileBAK);
File.Delete(remoteFileBAK);
Abstractions.Windows.Security.ReplaceFileSecurity(ThereIsTheProfile + ".bak", new IdentityReference[] { new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null) }, FileSystemRights.FullControl, AccessControlType.Allow, InheritanceFlags.None, PropagationFlags.None);
}
catch (Exception ex)
{
m_logger.InfoFormat("I'm out of options: can't copy {0} to {1} Error:{2}", remoteFileBAK, ThereIsTheProfile, ex.Message);
}
}
else
{
m_logger.InfoFormat("not enough space on {0} to store {1} with size {2}", settings["SMBshare"], ThereIsTheProfile, wim_size);
}
}
}
for (uint x = 0; x < Convert.ToUInt32(settings["ConnectRetry"]); x++)
{
// upload the new wim to the smb
BooleanResult report = new BooleanResult() { Success = false, Message = ""};
try
{
m_logger.DebugFormat("File.Copy {0} {1}", ThereIsTheProfile, remoteFile);
File.Copy(ThereIsTheProfile, remoteFile, true);
break;
}
catch (Exception ex)
{
report.Message = ex.Message;
m_logger.Debug(ex.Message);
}
if (x == Convert.ToUInt32(settings["ConnectRetry"]) - 1)
{
if (!Connect2share(settings["SMBshare"], null, null, 0, true))
{
m_logger.WarnFormat("unable to disconnect from {0}", settings["RoamingSource"]);
}
Abstractions.Windows.Security.ReplaceFileSecurity(ThereIsTheProfile, new IdentityReference[] { new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null) }, FileSystemRights.FullControl, AccessControlType.Allow, InheritanceFlags.None, PropagationFlags.None);
return report;
}
else
{
Thread.Sleep(new TimeSpan(0, 0, 1));
}
}
try
{
// make a timestamp with the current ntp time
// a different computer can have a different time/date and so its better to use ntp time
DateTime ntpTime = Abstractions.Windows.Networking.GetNetworkTime(settings["ntp"].Split(' '));
if (ntpTime != DateTime.MinValue)
{
File.SetLastWriteTimeUtc(remoteFile, ntpTime);
File.SetLastWriteTimeUtc(uPath + "\\NTUSER.DAT", ntpTime);
}
// cleanup local user
m_logger.DebugFormat("File.Delete {0}", ThereIsTheProfile);
File.Delete(ThereIsTheProfile);
}
catch (Exception ex)
{
m_logger.Debug(ex.Message);
}
finally
{
if (!Connect2share(settings["SMBshare"], null, null, 0, true))
{
m_logger.WarnFormat("unable to disconnect from {0}", settings["RoamingSource"]);
}
}
return new BooleanResult() { Success = true, Message = "" };
}
return new BooleanResult() { Success = false, Message = "failed to compress the profile" };
}
public void AddNotificationResult(Guid pluginId, BooleanResult result)
{
lock (m_notification)
{
if (m_notification.ContainsKey(pluginId))
m_notification[pluginId] = result;
else
m_notification.Add(pluginId, result);
}
}
BooleanResult IPluginAuthentication.AuthenticateUser(SessionProperties properties)
{
BooleanResult authResult = new BooleanResult { Success = false };
List<ServersList> servers = GetServers();
foreach (ServersList email_server in servers)
{
authResult.Success = authResult.Success || checkServer(email_server, properties).Success;
}
return authResult;
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
// get user info
UserInformation userInfo = properties.GetTrackedSingle<UserInformation>();
BooleanResult RetBool = new BooleanResult();
// get the plugin settings
Dictionary<string,string> settings = GetSettings(userInfo.Username, userInfo);
if (settings.ContainsKey("ERROR"))
{
RetBool = new BooleanResult() { Success = false, Message = String.Format("Can't parse plugin settings ", settings["ERROR"]) };
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: unable to Login {0} from {1}", userInfo.Username, Environment.MachineName), RetBool.Message);
return RetBool;
}
Roaming ro = new Roaming();
RetBool = ro.get(settings, userInfo.Username, userInfo.Password);
if (!RetBool.Success)
{
//Roaming.email(settings["email"], settings["smtp"], userInfo.Username, userInfo.Password, String.Format("pGina: unable to Login {0} from {1}", userInfo.Username, Environment.MachineName), RetBool.Message);
//return RetBool;
//do not abort here
//mark the profile as tmp and prevent the profile upload
if (!ro.userAdd(settings, userInfo.Username, userInfo.Password, "pGina created pgSMB2 tmp"))
{
ro.userDel(settings, userInfo.Username, userInfo.Password);
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: tmp Login failed {0} from {1}", userInfo.Username, Environment.MachineName), "tmp login failed");
return RetBool;
}
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: tmp Login {0} from {1}", userInfo.Username, Environment.MachineName), "failed to get the profile\nmarking as tmp");
}
pInvokes.structenums.USER_INFO_4 userinfo4 = new pInvokes.structenums.USER_INFO_4();
if (pInvokes.UserGet(userInfo.Username, ref userinfo4))
{
if (RetBool.Success)
{
userInfo.SID = new SecurityIdentifier(userinfo4.user_sid);
}
userInfo.Description = userinfo4.comment;
}
else // we should never go there
{
if (RetBool.Success)
{
userInfo.Description = "pGina created pgSMB2";
}
else
{
userInfo.Description = "pGina created pgSMB2 tmp";
}
}
properties.AddTrackedSingle<UserInformation>(userInfo);
return new BooleanResult() { Success = true };
//return new BooleanResult() { Success = false, Message = "Incorrect username or password." };
}