public static GetUserPrincipal ( SecurityIdentifier sid ) : System.DirectoryServices.AccountManagement.UserPrincipal | ||
sid | SecurityIdentifier | |
Результат | System.DirectoryServices.AccountManagement.UserPrincipal |
public BooleanResult ChangePassword(ChangePasswordInfo cpInfo, ChangePasswordPluginActivityInfo pluginInfo) { m_logger.Debug("ChangePassword()"); // Verify the old password if (Abstractions.WindowsApi.pInvokes.ValidateCredentials(cpInfo.Username, cpInfo.OldPassword)) { m_logger.DebugFormat("Authenticated via old password: {0}", cpInfo.Username); } else { return(new BooleanResult { Success = false, Message = "Current password or username is not valid." }); } using (UserPrincipal user = LocalAccount.GetUserPrincipal(cpInfo.Username)) { if (user != null) { m_logger.DebugFormat("Found principal, changing password for {0}", cpInfo.Username); user.SetPassword(cpInfo.NewPassword); } else { return(new BooleanResult { Success = false, Message = "Local machine plugin internal error: directory entry not found." }); } } return(new BooleanResult { Success = true, Message = "Local password successfully changed." }); }
// Load userInfo.Username's group list and populate userInfo.Groups accordingly public static void SyncLocalGroupsToUserInfo(UserInformation userInfo) { ILog logger = LogManager.GetLogger("LocalAccount.SyncLocalGroupsToUserInfo"); try { SecurityIdentifier EveryoneSid = new SecurityIdentifier("S-1-1-0"); SecurityIdentifier AuthenticatedUsersSid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null); if (LocalAccount.UserExists(userInfo.Username)) { using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username)) { foreach (GroupPrincipal group in LocalAccount.GetGroups(user)) { // Skip "Authenticated Users" and "Everyone" as these are generated if (group.Sid == EveryoneSid || group.Sid == AuthenticatedUsersSid) { continue; } userInfo.AddGroup(new GroupInformation() { Name = group.Name, Description = group.Description, SID = group.Sid }); } } } } catch (Exception e) { logger.ErrorFormat("Unexpected error while syncing local groups, skipping rest: {0}", e); } }
public BooleanResult AuthenticatedUserGateway(SessionProperties properties) { // Our job, if we've been elected to do gateway, is to ensure that an // authenticated user: // // 1. Has a local account // 2. That account's password is set to the one they used to authenticate // 3. That account is a member of all groups listed, and not a member of any others // Is failure at #3 a total fail? bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail; // Groups everyone is added to string[] MandatoryGroups = Settings.Store.MandatoryGroups; // user info UserInformation userInfo = properties.GetTrackedSingle <UserInformation>(); // is this a pgina user? Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4 userinfo4 = new Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4(); if (Abstractions.WindowsApi.pInvokes.UserGet(userInfo.Username, ref userinfo4)) //true if user exists { if (!userinfo4.comment.Contains("pGina created")) { m_logger.InfoFormat("User {0} is'nt a pGina created user. I'm not executing Gateway stage", userInfo.Username); return(new BooleanResult() { Success = true }); } } // Add user to all mandatory groups if (MandatoryGroups.Length > 0) { foreach (string group in MandatoryGroups) { string group_string = group; m_logger.DebugFormat("Is there a Group with SID/Name:{0}", group); using (GroupPrincipal groupconf = LocalAccount.GetGroupPrincipal(group)) { if (groupconf != null) { m_logger.DebugFormat("Groupname: \"{0}\"", groupconf.Name); group_string = groupconf.Name; } else { m_logger.ErrorFormat("Group: \"{0}\" not found", group); m_logger.Error("Failsave add user to group Users"); using (GroupPrincipal groupfail = LocalAccount.GetGroupPrincipal(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null).ToString())) { if (groupfail != null) { group_string = groupfail.Name; } else { m_logger.Debug("no BuiltinUsers. I'm out of options"); group_string = null; } } } } if (group_string != null) { userInfo.AddGroup(new GroupInformation() { Name = group_string }); } } } try { m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username); LocalAccount.SyncUserInfoToLocalUser(userInfo); using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username)) { userInfo.SID = user.Sid; userInfo.Description = user.Description; } properties.AddTrackedSingle <UserInformation>(userInfo); } catch (LocalAccount.GroupSyncException e) { if (failIfGroupSyncFails) { return new BooleanResult() { Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException) } } ; } catch (Exception e) { if (e.Message.ToLower().Contains("0x800708c5")) { return(new BooleanResult() { Success = false, Message = string.Format("This Worstation is denying the password of {0}.\nMost likely the password does not meet complexity requirements\n\n{1}", userInfo.Username, e) }); } return(new BooleanResult() { Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e) }); } return(new BooleanResult() { Success = true }); }
private void IterateCleanupUsers() { lock (this) { List <CleanupTask> tasks = CleanupTasks.GetEligibleTasks(); List <string> loggedOnUsers = null; try { loggedOnUsers = LoggedOnLocalUsers(); } catch (System.ComponentModel.Win32Exception e) { m_logger.ErrorFormat("Error (ignored) LoggedOnLocalUsers {0}", e); return; } m_logger.DebugFormat("IterateCleanupUsers Eligible users: {0}", string.Join(",", tasks)); m_logger.DebugFormat("IterateCleanupUsers loggedOnUsers: {0}", string.Join(",", loggedOnUsers)); foreach (CleanupTask task in tasks) { try { using (UserPrincipal userPrincipal = LocalAccount.GetUserPrincipal(task.UserName)) { // Make sure the user exists if (userPrincipal == null) { // This dude doesn't exist! m_logger.DebugFormat("User {0} doesn't exist, not cleaning up.", task.UserName); CleanupTasks.RemoveTaskForUser(task.UserName); continue; } // Is she logged in still? if (loggedOnUsers.Contains(task.UserName, StringComparer.CurrentCultureIgnoreCase)) { continue; } m_logger.InfoFormat("Cleaning up: {0} -> {1}", task.UserName, task.Action); try { switch (task.Action) { case CleanupAction.SCRAMBLE_PASSWORD: LocalAccount.ScrambleUsersPassword(task.UserName); break; case CleanupAction.DELETE_PROFILE: LocalAccount.RemoveUserAndProfile(task.UserName); break; default: m_logger.ErrorFormat("Unrecognized action: {0}, skipping user {1}", task.Action, task.UserName); throw new Exception(); } } catch (Exception e) { m_logger.WarnFormat("Cleanup for {0} failed, will retry next time around. Error: {1}", task.UserName, e); continue; } // All done! No more cleanup for this user needed CleanupTasks.RemoveTaskForUser(task.UserName); } } catch (Exception e) { // If something goes wrong, we log the exception and ignore. m_logger.ErrorFormat("Caught (ignoring) Exception {0}", e); } } } }