public PluginDriver() { m_logger = LogManager.GetLogger(string.Format("PluginDriver:{0}", m_sessionId)); m_properties = new SessionProperties(m_sessionId); // Add the user information object we'll be using for this session UserInformation userInfo = new UserInformation(); m_properties.AddTrackedSingle<UserInformation>(userInfo); // Add the plugin tracking object we'll be using for this session PluginActivityInformation pluginInfo = new PluginActivityInformation(); pluginInfo.LoadedAuthenticationGatewayPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthenticationGateway>(); pluginInfo.LoadedAuthenticationPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthentication>(); pluginInfo.LoadedAuthorizationPlugins = PluginLoader.GetOrderedPluginsOfType<IPluginAuthorization>(); m_properties.AddTrackedSingle<PluginActivityInformation>(pluginInfo); m_logger.DebugFormat("New PluginDriver created"); }
public void InitTest() { // Default test settings, reset for each test Settings.Store.LdapHost = host; Settings.Store.LdapPort = port; Settings.Store.LdapTimeout = 10; Settings.Store.EncryptionMethod = (int)encMethod; Settings.Store.RequireCert = validateCert; Settings.Store.SearchDN = searchDN; Settings.Store.SetEncryptedSetting("SearchPW", searchPW); Settings.Store.GroupDnPattern = "cn=%g,ou=Group,dc=example,dc=com"; Settings.Store.GroupMemberAttrib = "memberUid"; Settings.Store.UseAuthBindForAuthzAndGateway = false; // Authentication Settings.Store.AllowEmptyPasswords = false; Settings.Store.DnPattern = "uid=%u,ou=People,dc=example,dc=com"; Settings.Store.DoSearch = false; Settings.Store.SearchFilter = ""; Settings.Store.SearchContexts = new string[] { }; // Authorization Settings.Store.GroupAuthzRules = new string[] { (new GroupAuthzRule(true)).ToRegString() }; Settings.Store.AuthzRequireAuth = false; Settings.Store.AuthzAllowOnError = true; // Gateway Settings.Store.GroupGatewayRules = new string[] { }; // Set up session props m_props = new SessionProperties(BogusSessionId); UserInformation userInfo = new UserInformation(); m_props.AddTrackedSingle<UserInformation>(userInfo); userInfo.Username = "******"; userInfo.Password = "******"; PluginActivityInformation actInfo = new PluginActivityInformation(); m_props.AddTrackedSingle<PluginActivityInformation>(actInfo); }
/// <summary> /// m_sessionPropertyCache must be locked /// </summary> /// <param name="session"></param> private void CREDUIhelper(int session) { m_logger.InfoFormat("CREDUIhelper:({0})", session); List<SessionProperties> mysessionList = m_sessionPropertyCache.Get(session); //list of all users in my session if (mysessionList.Count == 0) { m_logger.InfoFormat("User:? in session:{0} is unknown to pGina", session); return; } UserInformation userInfo = m_sessionPropertyCache.Get(session).First().GetTrackedSingle<UserInformation>(); //this user is logging of right now (my user) List<int> SessionsList = m_sessionPropertyCache.GetAll(); //all pgina watched sessions Dictionary<int,List<string>> othersessioncontext = new Dictionary<int,List<string>>(); //all exept my sessions, a list of usernames in which a process is running foreach (int Sessions in SessionsList) { if (session != Sessions) //if not my session { //get all usersNames from processes that dont run in my own session (context in which those processes are running) List<string> sesscontext = Abstractions.WindowsApi.pInvokes.GetSessionContext(Sessions); othersessioncontext.Add(Sessions, sesscontext); } } List<string> InteractiveUserList = Abstractions.WindowsApi.pInvokes.GetInteractiveUserList(); //get interactive users foreach (SessionProperties s in m_sessionPropertyCache.Get(session)) { m_logger.InfoFormat("info: username:{0} credui:{1} description:{2} session:{3}", s.GetTrackedSingle<UserInformation>().Username, s.CREDUI, s.GetTrackedSingle<UserInformation>().Description, session); } //catch runas.exe credui processes foreach (KeyValuePair<int, List<string>> context in othersessioncontext) { // all usersNames from processes in session bla.Key format: sessionID\username m_logger.InfoFormat("othersessioncontext: {0}", String.Join(" ", context.Value.Select(s => String.Format("{0}\\{1}", context.Key, s)))); List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(context.Key); //sessionlist of SessionProperties foreach (string user in context.Value) { if (!othersessionList.Any(s => s.GetTrackedSingle<UserInformation>().Username.Equals(user, StringComparison.CurrentCultureIgnoreCase))) { //user is not part of othersessionList bool cancopy = false; foreach (int Session in SessionsList) { if (context.Key != Session && !cancopy) //if not bla.key session { foreach (SessionProperties sesprop in m_sessionPropertyCache.Get(Session)) { UserInformation sespropUInfo = sesprop.GetTrackedSingle<UserInformation>(); if (sespropUInfo.Username.Equals(user, StringComparison.CurrentCultureIgnoreCase)) { // SessionProperties found SessionProperties osesprop = new SessionProperties(Guid.NewGuid(), true); PluginActivityInformation pluginInfo = new PluginActivityInformation(); osesprop.AddTrackedSingle<UserInformation>(sespropUInfo); osesprop.AddTrackedSingle<PluginActivityInformation>(pluginInfo); othersessionList.Add(osesprop); m_logger.InfoFormat("add user:{0} into SessionProperties of session:{1} with GUID:{2} and set CREDUI to:{3}", sespropUInfo.Username, context.Key, osesprop.Id, osesprop.CREDUI); cancopy = true; m_sessionPropertyCache.Add(context.Key, othersessionList);// refresh the cache break; } } } } if (!cancopy) { m_logger.InfoFormat("unamble to track program running under user:{0} in session:{1}", user, context.Key); } } } } /* for (int y = 0; y < mysessionList.Count; y++) { UserInformation allmyuInfo = mysessionList[y].GetTrackedSingle<UserInformation>(); foreach (int Sessions in SessionsList) { if (session != Sessions) //if not my session { // there is a program running as user 'allmyuInfo.Username' in session 'Sessions' // && this user 'allmyuInfo.Username' is not an interactive user m_logger.InfoFormat("{0} '{1}' '{2}'", allmyuInfo.Username, String.Join(" ", othersessioncontext[Sessions]), String.Join(" ", InteractiveUserList)); if (othersessioncontext[Sessions].Any(s => s.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase)) && !InteractiveUserList.Any(s => s.ToLower().Contains(Sessions + "\\" + allmyuInfo.Username.ToLower()))) { bool hit = false; List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine) for (int x = 1; x < othersessionList.Count; x++) { UserInformation ouserInfo = othersessionList[x].GetTrackedSingle<UserInformation>(); m_logger.InfoFormat("compare:'{0}' '{1}'", ouserInfo.Username, allmyuInfo.Username); if (ouserInfo.Username.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase)) { // SessionProperties List of 'Sessions' contains the user 'allmyuInfo.Username' hit = true; } } if (!hit) { //this program was run by using runas or simmilar //push it into the SessionProperties list of 'Sessions' SessionProperties osesprop = new SessionProperties(Guid.NewGuid(), true); PluginActivityInformation pluginInfo = new PluginActivityInformation(); osesprop.AddTrackedSingle<UserInformation>(allmyuInfo); osesprop.AddTrackedSingle<PluginActivityInformation>(pluginInfo); othersessionList.Add(osesprop); m_logger.InfoFormat("ive found a program in session:{0} that runs in the context of {1}", Sessions, allmyuInfo.Username); m_logger.InfoFormat("add user:{0} into SessionProperties of session:{1} with GUID:{2} and set CREDUI to:{3}", allmyuInfo.Username, Sessions, osesprop.Id, osesprop.CREDUI); } m_sessionPropertyCache.Add(Sessions, othersessionList);// refresh the cache } } } } */ foreach (SessionProperties s in m_sessionPropertyCache.Get(session)) { m_logger.InfoFormat("info: username:{0} credui:{1} description:{2} session:{3}", s.GetTrackedSingle<UserInformation>().Username, s.CREDUI, s.GetTrackedSingle<UserInformation>().Description, session); } //set SessionProperties.CREDUI for (int y = 0; y < mysessionList.Count; y++) { UserInformation allmyuInfo = mysessionList[y].GetTrackedSingle<UserInformation>(); foreach (int Sessions in SessionsList) { if (session != Sessions) //if not my session { List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine) for (int x = 0; x < othersessionList.Count; x++) //all entries { UserInformation ouserInfo = othersessionList[x].GetTrackedSingle<UserInformation>(); m_logger.InfoFormat("compare '{0}' '{1}'", ouserInfo.Username, allmyuInfo.Username); if (ouserInfo.Username.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase)) { // there is an entry in the SessionProperties List of session 'Sessions' // ill mark CREDUI of user 'allmyuInfo.Username' in my session 'session' as true // a plugin should not remove or upload a credui user (its up to the plugin dev) if (mysessionList[y].CREDUI != true) { mysessionList[y].CREDUI = true; m_logger.InfoFormat("an entry in session:{0} was found from user {1}", Sessions, allmyuInfo.Username); m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", allmyuInfo.Username, session, mysessionList[y].CREDUI); } // ill mark CREDUI of user 'ouserInfo.Username' in session 'Sessions' as false othersessionList[x].CREDUI = false; m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", ouserInfo.Username, Sessions, othersessionList[x].CREDUI); } } /* if (othersessioncontext[Sessions].Any(s => s.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase))) { // there is a process running in a different session under the context this user // ill mark the sessioninfo struct of my user as credui true // a plugin should not remove or upload a credui user (its up to the plugin dev) //mysessionList.First().CREDUI = true; //the first entry in the list is always an interactive login mysessionList[y].CREDUI = true; m_logger.InfoFormat("a program in session:{0} is running in the context of user {1}", Sessions, allmyuInfo.Username); m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", allmyuInfo.Username, session, mysessionList[y].CREDUI); List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine) bool hit = false; for (int x = 0; x < othersessionList.Count; x++) { //one user of this other sessions where a process runs under my user UserInformation ouserInfo = othersessionList[x].GetTrackedSingle<UserInformation>(); m_logger.InfoFormat("compare:'{0}' '{1}'", ouserInfo.Username, allmyuInfo.Username); if (ouserInfo.Username.Equals(allmyuInfo.Username, StringComparison.CurrentCultureIgnoreCase)) { // this is the entry hit = true; if (x > 0) { // user is non interactive if (userInfo.Username.Equals(ouserInfo.Username, StringComparison.CurrentCultureIgnoreCase)) { othersessionList[x].CREDUI = false; } else { othersessionList[x].CREDUI = true; } m_logger.InfoFormat("set CREDUI in SessionProperties of user:{0} in session:{1} to {2}", ouserInfo.Username, Sessions, othersessionList[x].CREDUI); } } } if (!hit) { //this program was run by using runas or simmilar //push it into the SessionProperties list of this session SessionProperties osesprop = mysessionList[y]; osesprop.CREDUI = true; osesprop.Id = new Guid(Guid.NewGuid().ToString()); othersessionList.Add(osesprop); m_logger.InfoFormat("ive found a program in session:{0} that runs in the context of {1}", Sessions, allmyuInfo.Username); m_logger.InfoFormat("add user:{0} into SessionProperties of session:{1} an set CREDUI to:{2}", allmyuInfo.Username, Sessions, osesprop.CREDUI); } m_sessionPropertyCache.Add(Sessions, othersessionList);// refresh the cache }*/ } } } m_sessionPropertyCache.Add(session, mysessionList);// refresh the cache foreach (SessionProperties s in m_sessionPropertyCache.Get(session)) { m_logger.InfoFormat("info: username:{0} credui:{1} description:{2} session:{3}", s.GetTrackedSingle<UserInformation>().Username, s.CREDUI, s.GetTrackedSingle<UserInformation>().Description, session); } /* //shutdown/reboot case if (mysessionList.First().CREDUI == false) { //this interactive user is logging out foreach (int Sessions in SessionsList) { if (session != Sessions) //if not my session { List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine) for (int y = othersessionList.Count - 1; y > 0; y--) //only other credui users { if (userInfo.Username.Equals(othersessionList[y].GetTrackedSingle<UserInformation>().Username, StringComparison.CurrentCultureIgnoreCase)) { //no process of my users should run anymore anywhere //if so mysessionList.First().CREDUI would be true m_logger.InfoFormat("no process is running in session:{0} under the context of user:{1} removing:{1} in session:{0}", Sessions, userInfo.Username); othersessionList.RemoveAt(y); } } m_sessionPropertyCache.Add(Sessions, othersessionList);// refresh the cache } } } */ for (int x = mysessionList.Count - 1; x > 0; x--) { UserInformation myuserInfo = mysessionList[x].GetTrackedSingle<UserInformation>(); if (InteractiveUserList.Any(s => s.ToLower().Contains(myuserInfo.Username.ToLower()))) { // a program in my session runs in a different context of an also interactive logged in user // ill remove this SessionProperty from my SessionProperties List mysessionList.RemoveAt(x); m_logger.InfoFormat("user {0} is still interactively logged in", myuserInfo.Username); m_logger.InfoFormat("removing SessionProperties entry of user:{0} from session:{1}", myuserInfo.Username, session); } } /* List<string> myCREDUIusernameList = new List<string>(); //my credui usersnames for (int x = 1; x < mysessionList.Count; x++) { UserInformation myCREDUIusername = mysessionList[x].GetTrackedSingle<UserInformation>(); myCREDUIusernameList.Add(myCREDUIusername.Username); }*/ for (int x = mysessionList.Count - 1; x > 0; x--) //only credui users { bool hit = false; UserInformation myCREDUIusername = mysessionList[x].GetTrackedSingle<UserInformation>(); foreach (int Sessions in SessionsList) { if (session != Sessions) //if not my session { List<SessionProperties> othersessionList = m_sessionPropertyCache.Get(Sessions); //sessionlist of Sessions (not mine) for (int y = othersessionList.Count - 1; y >= 0; y--) //all users { UserInformation oCREDUIusername = othersessionList[y].GetTrackedSingle<UserInformation>(); //m_logger.InfoFormat("'{0}' '{1}'", oCREDUIusername.Username, String.Join(" ", myCREDUIusernameList)); //if (myCREDUIusernameList.Any(s => s.Equals(oCREDUIusername.Username, StringComparison.CurrentCultureIgnoreCase))) m_logger.InfoFormat("'{0}' '{1}'", myCREDUIusername.Username, oCREDUIusername.Username); if (myCREDUIusername.Username.Equals(oCREDUIusername.Username, StringComparison.CurrentCultureIgnoreCase)) { hit = true; m_logger.InfoFormat("found SessionProperties entry in session:{0} that equals username {1} in my session:{2}", Sessions, oCREDUIusername.Username, session); m_logger.InfoFormat("removing the SessionProperties entry from session:{0} of user:{1}", session, oCREDUIusername.Username); mysessionList.RemoveAt(x); break; /* //is the credui programm still running m_logger.InfoFormat("'{0}' '{1}'", String.Join(" ", othersessioncontext[Sessions].ToArray()), oCREDUIusername.Username); if (othersessioncontext[Sessions].Any(s => s.Equals(oCREDUIusername.Username, StringComparison.CurrentCultureIgnoreCase))) { //remove from my list m_logger.InfoFormat("the program is still running, removing the SessionProperties entry from session:{0} of user:{1}", session, oCREDUIusername.Username); mysessionList.RemoveAt(x); } else { //remove from other list, its not running anymore m_logger.InfoFormat("the program has been closed, removing the SessionProperties entry from session:{0} of user:{1}", Sessions, oCREDUIusername.Username); othersessionList.RemoveAt(y); }*/ } } m_sessionPropertyCache.Add(Sessions, othersessionList); if (hit) { break; } } } if (!hit) { //this credui user runs only in my session m_logger.InfoFormat("the last program in context of {0} is running in session:{1} set CREDUI to false", mysessionList[x].GetTrackedSingle<UserInformation>().Username, session); mysessionList[x].CREDUI = false; } } // refresh the cache m_sessionPropertyCache.Add(session, mysessionList); }
private bool WeAuthedThisUser( PluginActivityInformation actInfo ) { try { BooleanResult ldapResult = actInfo.GetAuthenticationResult(this.Uuid); return ldapResult.Success; } catch (KeyNotFoundException) { // The plugin is not enabled for authentication return false; } }