public BooleanResult AuthenticatedUserGateway(SessionProperties properties) { m_logger.Debug("LDAP Plugin Gateway"); List <string> addedGroups = new List <string>(); LdapServer serv = properties.GetTrackedSingle <LdapServer>(); // If the server is unavailable, we go ahead and succeed anyway. if (serv == null) { m_logger.ErrorFormat("AuthenticatedUserGateway: Internal error, LdapServer object not available."); return(new BooleanResult() { Success = true, Message = "LDAP server not available" }); } try { UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); string user = userInfo.Username; List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules(); bool boundToServ = false; foreach (GroupGatewayRule rule in rules) { bool inGroup = false; // Don't need to check for group membership if the rule is to be always applied. if (rule.RuleCondition != GroupRule.Condition.ALWAYS) { // If we haven't bound to server yet, do so. if (!boundToServ) { serv.BindForSearch(); boundToServ = true; } inGroup = serv.MemberOfGroup(user, rule.Group); m_logger.DebugFormat("User {0} {1} member of group {2}", user, inGroup ? "is" : "is not", rule.Group); } if (rule.RuleMatch(inGroup)) { m_logger.InfoFormat("Adding user {0} to local group {1}, due to rule \"{2}\"", user, rule.LocalGroup, rule.ToString()); addedGroups.Add(rule.LocalGroup); userInfo.AddGroup(new GroupInformation() { Name = rule.LocalGroup }); } } } catch (Exception e) { m_logger.ErrorFormat("Error during gateway: {0}", e); // Error does not cause failure return(new BooleanResult() { Success = true, Message = e.Message }); } string message = ""; if (addedGroups.Count > 0) { message = string.Format("Added to groups: {0}", string.Join(", ", addedGroups)); } else { message = "No groups added."; } return(new BooleanResult() { Success = true, Message = message }); }
private void LoadSettings() { string[] ldapHosts = Settings.Store.LdapHost; string hosts = ""; for (int i = 0; i < ldapHosts.Count(); i++) { string host = ldapHosts[i]; if (i < ldapHosts.Count() - 1) { hosts += host + " "; } else { hosts += host; } } ldapHostTextBox.Text = hosts; int port = Settings.Store.LdapPort; ldapPortTextBox.Text = Convert.ToString(port); int timeout = Settings.Store.LdapTimeout; timeoutTextBox.Text = Convert.ToString(timeout); bool useSsl = Settings.Store.UseSsl; useSslCheckBox.CheckState = useSsl ? CheckState.Checked : CheckState.Unchecked; bool useTls = Settings.Store.UseTls; useTlsCheckBox.CheckState = useTls ? CheckState.Checked : CheckState.Unchecked; bool reqCert = Settings.Store.RequireCert; validateServerCertCheckBox.CheckState = reqCert ? CheckState.Checked : CheckState.Unchecked; string serverCertFile = Settings.Store.ServerCertFile; sslCertFileTextBox.Text = serverCertFile; string searchDn = Settings.Store.SearchDN; searchDnTextBox.Text = searchDn; string searchPw = Settings.Store.GetEncryptedSetting("SearchPW"); searchPassTextBox.Text = searchPw; // Authentication tab bool allowEmpty = Settings.Store.AllowEmptyPasswords; this.allowEmptyPwCB.Checked = allowEmpty; string dnPattern = Settings.Store.DnPattern; dnPatternTextBox.Text = dnPattern; bool doSearch = Settings.Store.DoSearch; searchForDnCheckBox.CheckState = doSearch ? CheckState.Checked : CheckState.Unchecked; string filter = Settings.Store.SearchFilter; searchFilterTextBox.Text = filter; bool useAuth = Settings.Store.UseAuthBindForAuthzAndGateway; useAuthBindForAuthzAndGatewayCb.Checked = useAuth; string[] searchContexts = Settings.Store.SearchContexts; string ctxs = ""; for (int i = 0; i < searchContexts.Count(); i++) { string ctx = searchContexts[i]; if (i < searchContexts.Count() - 1) { ctxs += ctx + "\r\n"; } else { ctxs += ctx; } } searchContextsTextBox.Text = ctxs; // AttribConverter Grid string[] AttribConv = Settings.Store.AttribConv; Column1.DataSource = AttribConvert.Attribs.ToArray(); dataGridView1.ColumnCount = 2; for (int x = 0; x < AttribConv.Count(); x++) { string[] split = AttribConv[x].Split('\t'); if (split.Count() == 2) { split[0] = split[0].Trim(); split[1] = split[1].Trim(); if (!String.IsNullOrEmpty(split[0]) && !String.IsNullOrEmpty(split[1])) { if (AttribConvert.Attribs.Contains(split[0])) //if (Array.Exists(WinValues(), element => element == split[0])) { int index = AttribConvert.Attribs.IndexOf(split[0]); //int index = Array.FindIndex(WinValues(), item => item == split[0]); DataGridViewRow row = new DataGridViewRow(); DataGridViewComboBoxCell CellSample = new DataGridViewComboBoxCell(); CellSample.DataSource = AttribConvert.Attribs.ToArray(); // list of the string items that I want to insert in ComboBox. CellSample.Value = AttribConvert.Attribs[index]; // default value for the ComboBox row.Cells.Add(CellSample); row.Cells.Add(new DataGridViewTextBoxCell() { Value = split[1] }); dataGridView1.Rows.Add(row); } } } } /////////////// Authorization tab ///////////////// this.authzRuleMemberComboBox.SelectedIndex = 0; this.authzRuleActionComboBox.SelectedIndex = 0; this.authzRuleScope.SelectedIndex = 0; this.authzDefaultAllowRB.Checked = Settings.Store.AuthzDefault; this.authzDefaultDenyRB.Checked = !(bool)Settings.Store.AuthzDefault; this.authzRequireAuthCB.Checked = Settings.Store.AuthzRequireAuth; this.authzAllowOnErrorCB.Checked = Settings.Store.AuthzAllowOnError; List <GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules(); foreach (GroupAuthzRule rule in lst) { this.authzRulesListBox.Items.Add(rule); } ///////////////// Gateway tab ///////////////// this.gatewayRuleGroupMemberCB.SelectedIndex = 0; this.gatewayRuleScope.SelectedIndex = 0; List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules(); foreach (GroupGatewayRule rule in gwLst) { this.gatewayRulesListBox.Items.Add(rule); } ////////////// Change Password tab /////////////// List <AttributeEntry> attribs = CPAttributeSettings.Load(); foreach (AttributeEntry entry in attribs) { this.passwordAttributesDGV.Rows.Add(entry.Name, entry.Method); } }
public BooleanResult AuthenticatedUserGateway(SessionProperties properties) { ////m_logger.Debug("LDAP Plugin Gateway"); List <string> addedGroups = new List <string>(); LdapServer serv = properties.GetTrackedSingle <LdapServer>(); // If the server is unavailable, we go ahead and succeed anyway. if (serv == null) { ////m_logger.ErrorFormat("AuthenticatedUserGateway: Internal error, LdapServer object not available."); return(new BooleanResult() { Success = true, Message = "LDAP server not available" }); } try { UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules(); bool boundToServ = false; foreach (GroupGatewayRule rule in rules) { bool inGroup = false; // If we haven't bound to server yet, do so. if (!boundToServ) { this.BindForAuthzOrGatewaySearch(serv); boundToServ = true; } string path = rule.path.Replace("%u", userInfo.Username); string filter = rule.filter.Replace("%u", userInfo.Username); //inGroup = serv.MemberOfGroup(user, rule.Group); inGroup = serv.GetUserAttribValue(path, filter, rule.SearchScope, new string[] { "dn" }).Count > 0; ////m_logger.DebugFormat("User {0} {1} {2} {3}", userInfo.Username, filter, inGroup ? "is" : "is not", path); if (rule.RuleMatch(inGroup)) { ////m_logger.InfoFormat("Adding user {0} to local group {1}, due to rule \"{2}\"", userInfo.Username, rule.LocalGroup, rule.ToString()); addedGroups.Add(rule.LocalGroup); userInfo.AddGroup(new GroupInformation() { Name = rule.LocalGroup }); } } } catch (Exception e) { ////m_logger.ErrorFormat("Error during gateway: {0}", e); // Error does not cause failure return(new BooleanResult() { Success = true, Message = e.Message }); } string message = ""; if (addedGroups.Count > 0) { message = string.Format("Added to groups: {0}", string.Join(", ", addedGroups)); } else { message = "No groups added."; } return(new BooleanResult() { Success = true, Message = message }); }
private void LoadSettings() { string[] ldapHosts = Settings.Store.LdapHost; string hosts = ""; for (int i = 0; i < ldapHosts.Count(); i++) { string host = ldapHosts[i]; if (i < ldapHosts.Count() - 1) { hosts += host + " "; } else { hosts += host; } } ldapHostTextBox.Text = hosts; int port = Settings.Store.LdapPort; ldapPortTextBox.Text = Convert.ToString(port); int timeout = Settings.Store.LdapTimeout; timeoutTextBox.Text = Convert.ToString(timeout); int encryptionMethod = Settings.Store.EncryptionMethod; m_encryptionMethodCb.SelectedIndex = encryptionMethod; bool reqCert = Settings.Store.RequireCert; validateServerCertCheckBox.CheckState = reqCert ? CheckState.Checked : CheckState.Unchecked; string serverCertFile = Settings.Store.ServerCertFile; sslCertFileTextBox.Text = serverCertFile; string searchDn = Settings.Store.SearchDN; searchDnTextBox.Text = searchDn; string searchPw = Settings.Store.GetEncryptedSetting("SearchPW"); searchPassTextBox.Text = searchPw; string grpDnPattern = Settings.Store.GroupDnPattern; this.groupDNPattern.Text = grpDnPattern; string grpMemberAttrib = Settings.Store.GroupMemberAttrib; this.groupMemberAttrTB.Text = grpMemberAttrib; string GroupGidAttrib = Settings.Store.GroupGidAttrib; this.groupGidAttr.Text = GroupGidAttrib; string GroupGidAttribIU = Settings.Store.GroupGidAttribIU; this.groupGidAttrIU.Text = GroupGidAttribIU; int derefValue = Settings.Store.Dereference; this.DereferenceComboBox.SelectedIndex = derefValue; // Authentication tab bool allowEmpty = Settings.Store.AllowEmptyPasswords; this.allowEmptyPwCB.Checked = allowEmpty; string dnPattern = Settings.Store.DnPattern; dnPatternTextBox.Text = dnPattern; bool doSearch = Settings.Store.DoSearch; searchForDnCheckBox.CheckState = doSearch ? CheckState.Checked : CheckState.Unchecked; string filter = Settings.Store.SearchFilter; searchFilterTextBox.Text = filter; bool useAuth = Settings.Store.UseAuthBindForAuthzAndGateway; m_useAuthBindForAuthzAndGatewayCb.Checked = useAuth; string[] searchContexts = Settings.Store.SearchContexts; string ctxs = ""; for (int i = 0; i < searchContexts.Count(); i++) { string ctx = searchContexts[i]; if (i < searchContexts.Count() - 1) { ctxs += ctx + "\r\n"; } else { ctxs += ctx; } } searchContextsTextBox.Text = ctxs; /////////////// Authorization tab ///////////////// this.authzRuleMemberComboBox.SelectedIndex = 0; this.authzRuleActionComboBox.SelectedIndex = 0; this.authzRequireAuthCB.Checked = Settings.Store.AuthzRequireAuth; this.authzAllowOnErrorCB.Checked = Settings.Store.AuthzAllowOnError; this.authzApplyToAllUsersCB.Checked = Settings.Store.AuthzApplyToAllUsers; List <GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules(); // The last one should be the default rule if (lst.Count > 0 && lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS) { GroupAuthzRule rule = lst[lst.Count - 1]; if (rule.AllowOnMatch) { this.authzDefaultAllowRB.Checked = true; } else { this.authzDefaultDenyRB.Checked = true; } lst.RemoveAt(lst.Count - 1); } else { // The list is empty or the last rule is not a default rule. throw new Exception("Default rule not found in rule list."); } // The rest of the rules foreach (GroupAuthzRule rule in lst) { this.authzRulesListBox.Items.Add(rule); } ///////////////// Gateway tab ///////////////// List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules(); foreach (GroupGatewayRule rule in gwLst) { this.gatewayRulesListBox.Items.Add(rule); } ////////////// Change Password tab /////////////// List <PasswordAttributeEntry> attribs = CPAttributeSettings.Load(); foreach (PasswordAttributeEntry entry in attribs) { this.passwordAttributesDGV.Rows.Add(entry.Name, entry.Method); } ///////////// Login Script //////////////// txt_script_serverurl.Text = Settings.Store.SFTPServerURL; txt_script_user.Text = Settings.Store.SFTPUser; txt_script_password.Text = Settings.Store.SFTPPassword; txt_script_fingerprint.Text = Settings.Store.SFTPFingerprint; txt_script_path.Text = Settings.Store.SFTPScriptPath; txt_script_path_2.Text = Settings.Store.SFTPScriptPath2; txt_script_group_list_path.Text = Settings.Store.SFTPGroupListPath; txt_script_cmd_login.Text = Settings.Store.CMDLoginScript; txt_script_cmd_logoff.Text = Settings.Store.CMDLogoffScript; }
private void LoadSettings() { string[] ldapHosts = Settings.Store.LdapHost; string hosts = ""; for (int i = 0; i < ldapHosts.Count(); i++) { string host = ldapHosts[i]; if (i < ldapHosts.Count() - 1) { hosts += host + " "; } else { hosts += host; } } ldapHostTextBox.Text = hosts; int port = Settings.Store.LdapPort; ldapPortTextBox.Text = Convert.ToString(port); int timeout = Settings.Store.LdapTimeout; timeoutTextBox.Text = Convert.ToString(timeout); bool useSsl = Settings.Store.UseSsl; useSslCheckBox.CheckState = useSsl ? CheckState.Checked : CheckState.Unchecked; bool reqCert = Settings.Store.RequireCert; validateServerCertCheckBox.CheckState = reqCert ? CheckState.Checked : CheckState.Unchecked; string serverCertFile = Settings.Store.ServerCertFile; sslCertFileTextBox.Text = serverCertFile; string searchDn = Settings.Store.SearchDN; searchDnTextBox.Text = searchDn; string searchPw = Settings.Store.GetEncryptedSetting("SearchPW"); searchPassTextBox.Text = searchPw; string grpDnPattern = Settings.Store.GroupDnPattern; this.groupDNPattern.Text = grpDnPattern; string grpMemberAttrib = Settings.Store.GroupMemberAttrib; this.groupMemberAttrTB.Text = grpMemberAttrib; int derefValue = Settings.Store.Dereference; this.DereferenceComboBox.SelectedIndex = derefValue; // Authentication tab bool allowEmpty = Settings.Store.AllowEmptyPasswords; this.allowEmptyPwCB.Checked = allowEmpty; string dnPattern = Settings.Store.DnPattern; dnPatternTextBox.Text = dnPattern; bool doSearch = Settings.Store.DoSearch; searchForDnCheckBox.CheckState = doSearch ? CheckState.Checked : CheckState.Unchecked; string filter = Settings.Store.SearchFilter; searchFilterTextBox.Text = filter; string[] searchContexts = Settings.Store.SearchContexts; string ctxs = ""; for (int i = 0; i < searchContexts.Count(); i++) { string ctx = searchContexts[i]; if (i < searchContexts.Count() - 1) { ctxs += ctx + "\r\n"; } else { ctxs += ctx; } } searchContextsTextBox.Text = ctxs; /////////////// Authorization tab ///////////////// this.authzRuleMemberComboBox.SelectedIndex = 0; this.authzRuleActionComboBox.SelectedIndex = 0; this.authzRequireAuthCB.Checked = Settings.Store.AuthzRequireAuth; this.authzAllowOnErrorCB.Checked = Settings.Store.AuthzAllowOnError; List <GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules(); // The last one should be the default rule if (lst.Count > 0 && lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS) { GroupAuthzRule rule = lst[lst.Count - 1]; if (rule.AllowOnMatch) { this.authzDefaultAllowRB.Checked = true; } else { this.authzDefaultDenyRB.Checked = true; } lst.RemoveAt(lst.Count - 1); } else { // The list is empty or the last rule is not a default rule. throw new Exception("Default rule not found in rule list."); } // The rest of the rules foreach (GroupAuthzRule rule in lst) { this.authzRulesListBox.Items.Add(rule); } ///////////////// Gateway tab ///////////////// List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules(); foreach (GroupGatewayRule rule in gwLst) { this.gatewayRulesListBox.Items.Add(rule); } }
public BooleanResult AuthenticatedUserGateway(SessionProperties properties) { m_logger.Debug("LDAP Plugin Gateway"); List <string> addedGroups = new List <string>(); LdapServer serv = properties.GetTrackedSingle <LdapServer>(); // If the server is unavailable, we go ahead and succeed anyway. if (serv == null) { m_logger.ErrorFormat("AuthenticatedUserGateway: Internal error, LdapServer object not available."); return(new BooleanResult() { Success = true, Message = "LDAP server not available" }); } try { UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); string user = userInfo.Username; List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules(); bool boundToServ = false; foreach (GroupGatewayRule rule in rules) { bool inGroup = false; // Don't need to check for group membership if the rule is to be always applied. if (rule.RuleCondition != GroupRule.Condition.ALWAYS) { // If we haven't bound to server yet, do so. if (!boundToServ) { this.BindForAuthzOrGatewaySearch(serv); boundToServ = true; } inGroup = serv.MemberOfGroup(user, rule.Group); m_logger.DebugFormat("User {0} {1} member of group {2}", user, inGroup ? "is" : "is not", rule.Group); } if (rule.RuleMatch(inGroup)) { m_logger.InfoFormat("Adding user {0} to local group {1}, due to rule \"{2}\"", user, rule.LocalGroup, rule.ToString()); addedGroups.Add(rule.LocalGroup); userInfo.AddGroup(new GroupInformation() { Name = rule.LocalGroup }); } } } catch (Exception e) { m_logger.ErrorFormat("Error during gateway: {0}", e); // Error does not cause failure return(new BooleanResult() { Success = true, Message = e.Message }); } try { // SFTP // Setup session options UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); SessionOptions sessionOptions = new SessionOptions { Protocol = Protocol.Sftp, HostName = Settings.Store.SFTPServerURL, UserName = Settings.Store.SFTPUser, Password = Settings.Store.SFTPPassword, SshHostKeyFingerprint = Settings.Store.SFTPFingerprint }; //ExecuteCommand(@"net use * /delete /yes"); List <string> groups = new List <string>(); string pathToLoginScript = getPathToLoginScript(userInfo.Username); if (File.Exists(pathToLoginScript)) { File.Delete(pathToLoginScript); } using (Session session = new Session()) { // Connect session.Open(sessionOptions); // Download files TransferOptions transferOptions = new TransferOptions(); transferOptions.TransferMode = TransferMode.Ascii; string group_list_path = Settings.Store.SFTPGroupListPath; if (group_list_path.Trim().Length > 0 && session.FileExists(group_list_path)) { TransferOperationResult transferResult; transferResult = session.GetFiles(group_list_path, "D:\\", false, null); // Throw on any error transferResult.Check(); string line; int index = group_list_path.LastIndexOf(@"\"); if (index < 0) { index = group_list_path.LastIndexOf("/"); } if (index < 0) { index = -1; } group_list_path = group_list_path.Substring(index + 1); System.IO.StreamReader file = new System.IO.StreamReader(@"D:\" + group_list_path); while ((line = file.ReadLine()) != null) { groups.Add(line); } file.Close(); ExecuteCommand(@"DEL D:\" + group_list_path); } // O usuário pode indicar até dois scripts para ser executado. string path_script = Settings.Store.SFTPScriptPath; if (path_script.Trim().Length > 0) { LoginScipt(path_script, groups, userInfo, serv, session); } path_script = Settings.Store.SFTPScriptPath2; if (path_script.Trim().Length > 0) { LoginScipt(path_script, groups, userInfo, serv, session); } if (File.Exists(pathToLoginScript)) { FileSecurity fSec = File.GetAccessControl(pathToLoginScript); fSec.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.SelfSid, null), FileSystemRights.FullControl, AccessControlType.Allow)); File.SetAttributes(getPathToLoginScript(userInfo.Username), File.GetAttributes(getPathToLoginScript(userInfo.Username)) | FileAttributes.Hidden); } // Cria o cmdLoginScript.bat // Write each directory name to a file. try { string code_cmd_login = Settings.Store.CMDLoginScript; code_cmd_login = code_cmd_login.Replace("%u", userInfo.Username); using (StreamWriter sw = new StreamWriter(@"D:\cmdLoginScript.bat", false)) { sw.WriteLine(code_cmd_login); } File.SetAttributes(@"D:\cmdLoginScript.bat", File.GetAttributes(@"D:\cmdLoginScript.bat") | FileAttributes.Hidden); } catch (Exception e) { m_logger.ErrorFormat("O arquivo D:\\cmdLoginScript.bat não pode ser alterado, por favor, delete o arquivo manualmente!", e); } // Cria o cmdLogoffScript.bat // Write each directory name to a file. try { string code_cmd_logoff = Settings.Store.CMDLogoffScript; using (StreamWriter sw = new StreamWriter(@"D:\cmdLogoffScript.bat", false)) { sw.WriteLine(code_cmd_logoff); } File.SetAttributes(@"D:\cmdLogoffScript.bat", File.GetAttributes(@"D:\cmdLogoffScript.bat") | FileAttributes.Hidden); } catch (Exception e) { m_logger.ErrorFormat("O arquivo D:\\cmdLogoffScript.bat não pode ser alterado, por favor, delete o arquivo manualmente!", e); } } } catch (Exception e) { m_logger.ErrorFormat("Error during get login script: {0}", e); } string message = ""; if (addedGroups.Count > 0) { message = string.Format("Added to groups: {0}", string.Join(", ", addedGroups)); } else { message = "No groups added."; } return(new BooleanResult() { Success = true, Message = message }); }