Exemplo n.º 1
0
        public static void AddTask(CleanupTask newTask)
        {
            lock (s_lock)
            {
                Dictionary <string, CleanupTask> tasks = CleanupTasks.LoadTasks();

                if (tasks.ContainsKey(newTask.UserName))
                {
                    // We already have a task for this user... get it.
                    CleanupTask currentTask = tasks[newTask.UserName];

                    // We only need to change the action if it is not "DELETE_PROFILE" because if
                    // it is "DELETE_PROFILE" then we want to do both actions (delete and scramble),
                    // in which case it is pointless to do the scramble.
                    if (currentTask.Action != CleanupAction.DELETE_PROFILE)
                    {
                        // Current task action must be SCRAMBLE, so we only change if the new
                        // task is not SCRAMBLE (i.e. delete).
                        if (currentTask.Action != newTask.Action)
                        {
                            tasks[newTask.UserName] = newTask;
                        }
                    }
                }
                else
                {
                    tasks.Add(newTask.UserName, newTask);
                }

                CleanupTasks.SaveTasks(tasks);
            }
        }
Exemplo n.º 2
0
        public static void RemoveTaskForUser(string user)
        {
            lock (s_lock)
            {
                Dictionary <string, CleanupTask> tasks = CleanupTasks.LoadTasks();

                // Upper-case the user name to remain case insensitive (see CleanupTask constructor)
                user = user.ToUpper();

                if (tasks.ContainsKey(user))
                {
                    tasks.Remove(user);
                    CleanupTasks.SaveTasks(tasks);
                }
            }
        }
Exemplo n.º 3
0
        /// <summary>
        /// Get the list of tasks that have time stamps that are at least 30
        /// seconds in the past.
        /// </summary>
        /// <returns></returns>
        public static List <CleanupTask> GetEligibleTasks()
        {
            lock (s_lock)
            {
                Dictionary <string, CleanupTask> tasks = CleanupTasks.LoadTasks();
                List <CleanupTask> result = new List <CleanupTask>();

                foreach (KeyValuePair <string, CleanupTask> pair in tasks)
                {
                    if ((DateTime.Now - pair.Value.TimeStamp) > TimeSpan.FromSeconds(30))
                    {
                        result.Add(pair.Value);
                    }
                }
                return(result);
            }
        }
Exemplo n.º 4
0
        public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
        {
            // Our job, if we've been elected to do gateway, is to ensure that an
            //  authenticated user:
            //
            //  1. Has a local account
            //  2. That account's password is set to the one they used to authenticate
            //  3. That account is a member of all groups listed, and not a member of any others

            // Is failure at #3 a total fail?
            bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;

            // Groups everyone is added to
            string[] MandatoryGroups = Settings.Store.MandatoryGroups;

            // user info
            UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();

            // Add user to all mandatory groups
            if (MandatoryGroups.Length > 0)
            {
                foreach (string group in MandatoryGroups)
                {
                    userInfo.AddGroup(new GroupInformation()
                    {
                        Name = group
                    });
                }
            }

            try
            {
                bool scramble = Settings.Store.ScramblePasswords;
                bool remove   = Settings.Store.RemoveProfiles;

                if (remove)
                {
                    // If this user doesn't already exist, and we are supposed to clean up after ourselves,
                    //  make note of the username!
                    if (!LocalAccount.UserExists(userInfo.Username))
                    {
                        m_logger.DebugFormat("Marking for deletion: {0}", userInfo.Username);
                        CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.DELETE_PROFILE));
                    }
                }

                // If we are configured to scramble passwords
                if (scramble)
                {
                    // Scramble the password only if the user is not in the list
                    // of exceptions.
                    string[] exceptions = Settings.Store.ScramblePasswordsExceptions;
                    if (!exceptions.Contains(userInfo.Username, StringComparer.CurrentCultureIgnoreCase))
                    {
                        // If configured to do so, we check to see if this plugin failed
                        // to auth this user, and only scramble in that case
                        bool scrambleWhenLMFail = Settings.Store.ScramblePasswordsWhenLMAuthFails;
                        if (scrambleWhenLMFail)
                        {
                            // Scramble the password only if we did not authenticate this user
                            if (!DidWeAuthThisUser(properties, false))
                            {
                                m_logger.DebugFormat("LM did not authenticate this user, marking user for scramble: {0}", userInfo.Username);
                                CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
                            }
                        }
                        else
                        {
                            m_logger.DebugFormat("Marking user for scramble: {0}", userInfo.Username);
                            CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
                        }
                    }
                }

                m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
                LocalAccount.SyncUserInfoToLocalUser(userInfo);
            }
            catch (LocalAccount.GroupSyncException e)
            {
                if (failIfGroupSyncFails)
                {
                    return new BooleanResult()
                           {
                               Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
                           }
                }
                ;
            }
            catch (Exception e)
            {
                return(new BooleanResult()
                {
                    Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
                });
            }

            return(new BooleanResult()
            {
                Success = true
            });
        }
Exemplo n.º 5
0
        private void IterateCleanupUsers()
        {
            lock (this)
            {
                List <CleanupTask> tasks         = CleanupTasks.GetEligibleTasks();
                List <string>      loggedOnUsers = null;
                try
                {
                    loggedOnUsers = LoggedOnLocalUsers();
                }
                catch (System.ComponentModel.Win32Exception e)
                {
                    m_logger.ErrorFormat("Error (ignored) LoggedOnLocalUsers {0}", e);
                    return;
                }

                m_logger.DebugFormat("IterateCleanupUsers Eligible users: {0}", string.Join(",", tasks));
                m_logger.DebugFormat("IterateCleanupUsers loggedOnUsers: {0}", string.Join(",", loggedOnUsers));

                foreach (CleanupTask task in tasks)
                {
                    try
                    {
                        using (UserPrincipal userPrincipal = LocalAccount.GetUserPrincipal(task.UserName))
                        {
                            // Make sure the user exists
                            if (userPrincipal == null)
                            {
                                // This dude doesn't exist!
                                m_logger.DebugFormat("User {0} doesn't exist, not cleaning up.", task.UserName);
                                CleanupTasks.RemoveTaskForUser(task.UserName);
                                continue;
                            }

                            // Is she logged in still?
                            if (loggedOnUsers.Contains(task.UserName, StringComparer.CurrentCultureIgnoreCase))
                            {
                                continue;
                            }

                            m_logger.InfoFormat("Cleaning up: {0} -> {1}", task.UserName, task.Action);

                            try
                            {
                                switch (task.Action)
                                {
                                case CleanupAction.SCRAMBLE_PASSWORD:
                                    LocalAccount.ScrambleUsersPassword(task.UserName);
                                    break;

                                case CleanupAction.DELETE_PROFILE:
                                    LocalAccount.RemoveUserAndProfile(task.UserName);
                                    break;

                                default:
                                    m_logger.ErrorFormat("Unrecognized action: {0}, skipping user {1}", task.Action, task.UserName);
                                    throw new Exception();
                                }
                            }
                            catch (Exception e)
                            {
                                m_logger.WarnFormat("Cleanup for {0} failed, will retry next time around. Error: {1}", task.UserName, e);
                                continue;
                            }

                            // All done! No more cleanup for this user needed
                            CleanupTasks.RemoveTaskForUser(task.UserName);
                        }
                    }
                    catch (Exception e)
                    {
                        // If something goes wrong, we log the exception and ignore.
                        m_logger.ErrorFormat("Caught (ignoring) Exception {0}", e);
                    }
                }
            }
        }