Пример #1
0
        private Dictionary <string, string> BuildTokenDictionary(AuditableAction action)
        {
            LapsAuthorizationResponse lapsAuthZResponse = action.AuthzResponse as LapsAuthorizationResponse;
            JitAuthorizationResponse  jitAuthZResponse  = action.AuthzResponse as JitAuthorizationResponse;

            Dictionary <string, string> pairs = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase)
            {
                { "{user.SamAccountName}", action.User?.SamAccountName },
                { "{user.MsDsPrincipalName}", action.User?.MsDsPrincipalName },
                { "{user.DisplayName}", action.User?.DisplayName },
                { "{user.UserPrincipalName}", action.User?.UserPrincipalName },
                { "{user.Sid}", action.User?.Sid?.ToString() },
                { "{user.DistinguishedName}", action.User?.DistinguishedName },
                { "{user.Description}", action.User?.Description },
                { "{user.EmailAddress}", action.User?.EmailAddress },
                { "{user.Guid}", action.User?.Guid?.ToString() },
                { "{user.GivenName}", action.User?.GivenName },
                { "{user.Surname}", action.User?.Surname },
                { "{computer.SamAccountName}", action.Computer?.SamAccountName },
                { "{computer.MsDsPrincipalName}", action.Computer?.MsDsPrincipalName },
                { "{computer.DistinguishedName}", action.Computer?.DistinguishedName },
                { "{computer.Description}", action.Computer?.Description },
                { "{computer.DisplayName}", action.Computer?.DisplayName },
                { "{computer.Guid}", action.Computer?.Guid?.ToString() },
                { "{computer.Sid}", action.Computer?.Sid?.ToString() },
                { "{request.ComputerName}", action.RequestedComputerName },
                { "{request.Reason}", action.RequestReason ?? "(not provided)" },
                { "{AuthzResult.NotificationChannels}", string.Join(",", action.AuthzResponse?.NotificationChannels ?? new List <string>()) },
                { "{AuthzResult.MatchedRuleDescription}", action.AuthzResponse?.MatchedRuleDescription },
                { "{AuthzResult.MatchedRule}", action.AuthzResponse?.MatchedRule },
                { "{AuthzResult.ExpireAfter}", (lapsAuthZResponse?.ExpireAfter ?? jitAuthZResponse?.ExpireAfter)?.ToString() },
                { "{AuthzResult.ResponseCode}", action.AuthzResponse?.Code.ToString() },
                { "{AuthzResult.AccessType}", action.AuthzResponse?.EvaluatedAccess.ToString() },
                { "{AuthzResult.AccessTypeDescription}", action.EvaluatedAccess ?? action.AuthzResponse?.EvaluatedAccess.ToDescription() },
                { "{AuthZResult.AccessExpiryDate}", action.AccessExpiryDate },
                { "{message}", action.Message },
                { "{request.IPAddress}", httpContextAccessor.HttpContext?.Connection?.RemoteIpAddress?.ToString() },
                { "{request.Hostname}", this.TryResolveHostName(httpContextAccessor.HttpContext?.Connection?.RemoteIpAddress) },
                { "{datetime}", DateTime.Now.ToString(CultureInfo.CurrentCulture) },
                { "{datetimeutc}", DateTime.UtcNow.ToString(CultureInfo.CurrentCulture) },
                { "{computer.LapsExpiryDate}", action.AccessExpiryDate }, //deprecated
            };

            return(pairs);
        }
        private IActionResult GetLapsPassword(AccessRequestModel model, IUser user, IComputer computer, LapsAuthorizationResponse authResponse)
        {
            try
            {
                DateTime?newExpiry = authResponse.ExpireAfter.Ticks > 0 ? DateTime.UtcNow.Add(authResponse.ExpireAfter) : (DateTime?)null;

                PasswordEntry current = this.passwordProvider.GetCurrentPassword(computer, newExpiry, authResponse.RetrievalLocation);

                if (current == null)
                {
                    throw new NoPasswordException();
                }

                this.reporting.GenerateAuditEvent(new AuditableAction
                {
                    AuthzResponse         = authResponse,
                    RequestedComputerName = model.ComputerName,
                    RequestReason         = model.UserRequestReason,
                    IsSuccess             = true,
                    User               = user,
                    Computer           = computer,
                    EventID            = EventIDs.ComputerPasswordActiveAccessGranted,
                    ComputerExpiryDate = current.ExpiryDate?.ToLocalTime().ToString(CultureInfo.CurrentUICulture)
                });

                return(this.View("Password", new CurrentPasswordModel()
                {
                    ComputerName = computer.MsDsPrincipalName,
                    Password = current.Password,
                    ValidUntil = current.ExpiryDate?.ToLocalTime(),
                }));
            }
            catch (NoPasswordException)
            {
                this.logger.LogEventError(EventIDs.LapsPasswordNotPresent, string.Format(LogMessages.NoLapsPassword, computer.MsDsPrincipalName, user.MsDsPrincipalName));

                model.FailureReason = UIMessages.NoLapsPassword;

                return(this.View("Error", new ErrorModel
                {
                    Heading = UIMessages.HeadingPasswordDetails,
                    Message = UIMessages.NoLapsPassword
                }));
            }
            catch (Exception ex)
            {
                this.logger.LogEventError(EventIDs.LapsPasswordError, string.Format(LogMessages.LapsPasswordError, computer.MsDsPrincipalName, user.MsDsPrincipalName), ex);

                return(this.View("Error", new ErrorModel
                {
                    Heading = UIMessages.UnableToProcessRequest,
                    Message = UIMessages.LapsPasswordError
                }));
            }
        }