public void SessionChange(int SessionId, System.ServiceProcess.SessionChangeReason Reason, SessionProperties properties)
{
if (properties == null)
{
return;
}
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
m_logger.DebugFormat("{1} SessionChange SessionLogoff for ID:{0}", SessionId, userInfo.Username);
m_logger.InfoFormat("{3} {0} {1} {2}", userInfo.Description.Contains("pGina created pgSMB2"), userInfo.HasSID, properties.CREDUI, userInfo.Username);
if (userInfo.Description.Contains("pGina created pgSMB2") && userInfo.HasSID && !properties.CREDUI)
{
try
{
Locker.TryEnterWriteLock(-1);
RunningTasks.Add(userInfo.Username.ToLower(), true);
}
finally
{
Locker.ExitWriteLock();
}
// add this plugin into PluginActivityInformation
m_logger.DebugFormat("{1} properties.id:{0}", properties.Id, userInfo.Username);
PluginActivityInformation notification = properties.GetTrackedSingle <PluginActivityInformation>();
foreach (Guid gui in notification.GetNotificationPlugins())
{
m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, userInfo.Username);
}
m_logger.DebugFormat("{1} PluginActivityInformation add guid:{0}", PluginUuid, userInfo.Username);
notification.AddNotificationResult(PluginUuid, new BooleanResult {
Message = "", Success = false
});
properties.AddTrackedSingle <PluginActivityInformation>(notification);
foreach (Guid gui in notification.GetNotificationPlugins())
{
m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, userInfo.Username);
}
Thread rem_smb = new Thread(() => cleanup(userInfo, SessionId, properties));
rem_smb.Start();
}
else
{
m_logger.InfoFormat("{0} {1}. I'm not executing Notification stage", userInfo.Username, (properties.CREDUI) ? "has a program running in his context" : "is'nt a pGina created pgSMB2 user");
}
}
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogon)
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
if (!userInfo.HasSID)
{
m_logger.InfoFormat("{1} SessionLogon Event denied for ID:{0}", SessionId, userInfo.Username);
return;
}
m_logger.DebugFormat("{1} SessionChange SessionLogon for ID:{0}", SessionId, userInfo.Username);
if (userInfo.Description.Contains("pGina created pgSMB2"))
{
Dictionary <string, string> settings = GetSettings(userInfo.Username, userInfo);
if (!String.IsNullOrEmpty(settings["ScriptPath"]))
{
if (!Abstractions.WindowsApi.pInvokes.StartUserProcessInSession(SessionId, settings["ScriptPath"]))
{
m_logger.ErrorFormat("Can't run application {0}", settings["ScriptPath"]);
Abstractions.WindowsApi.pInvokes.SendMessageToUser(SessionId, "Can't run application", String.Format("I'm unable to run your LoginScript\n{0}", settings["ScriptPath"]));
}
}
IntPtr hToken = Abstractions.WindowsApi.pInvokes.GetUserToken(userInfo.Username, null, userInfo.Password);
if (hToken != IntPtr.Zero)
{
string uprofile = Abstractions.WindowsApi.pInvokes.GetUserProfilePath(hToken);
if (String.IsNullOrEmpty(uprofile))
{
uprofile = Abstractions.WindowsApi.pInvokes.GetUserProfileDir(hToken);
}
Abstractions.WindowsApi.pInvokes.CloseHandle(hToken);
m_logger.InfoFormat("add LocalProfilePath:[{0}]", uprofile);
// the profile realy exists there, instead of assuming it will be created or changed during a login (temp profile[win error reading profile])
userInfo.LocalProfilePath = uprofile;
properties.AddTrackedSingle <UserInformation>(userInfo);
if ((uprofile.Contains(@"\TEMP") && !userInfo.Username.StartsWith("temp", StringComparison.CurrentCultureIgnoreCase)) || Abstractions.Windows.User.IsProfileTemp(userInfo.SID.ToString()) == true)
{
m_logger.InfoFormat("TEMP profile detected");
string userInfo_old_Description = userInfo.Description;
userInfo.Description = "pGina created pgSMB2 tmp";
properties.AddTrackedSingle <UserInformation>(userInfo);
pInvokes.structenums.USER_INFO_4 userinfo4 = new pInvokes.structenums.USER_INFO_4();
if (pInvokes.UserGet(userInfo.Username, ref userinfo4))
{
userinfo4.logon_hours = IntPtr.Zero;
userinfo4.comment = userInfo.Description;
if (!pInvokes.UserMod(userInfo.Username, userinfo4))
{
m_logger.ErrorFormat("Can't modify userinformation {0}", userInfo.Username);
}
}
else
{
m_logger.ErrorFormat("Can't get userinformation {0}", userInfo.Username);
}
if (userInfo_old_Description.EndsWith("pGina created pgSMB2"))
{
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: Windows tmp Login {0} from {1}", userInfo.Username, Environment.MachineName), "Windows was unable to load the profile");
}
}
}
if (userInfo.Description.EndsWith("pGina created pgSMB2"))
{
try
{
if (!EventLog.SourceExists("proquota"))
{
EventLog.CreateEventSource("proquota", "Application");
}
}
catch
{
EventLog.CreateEventSource("proquota", "Application");
}
Abstractions.Windows.User.SetQuota(pInvokes.structenums.RegistryLocation.HKEY_USERS, userInfo.SID.ToString(), 0);
string proquotaPath = System.IO.Path.Combine(System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "proquota.exe");
try
{
using (Microsoft.Win32.RegistryKey key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes", true))
{
if (key != null)
{
bool proquota_exclude_found = false;
foreach (string ValueName in key.GetValueNames())
{
if (ValueName.Equals(proquotaPath, StringComparison.CurrentCultureIgnoreCase))
{
proquota_exclude_found = true;
}
}
if (!proquota_exclude_found)
{
key.SetValue(proquotaPath, 0, Microsoft.Win32.RegistryValueKind.DWord);
}
}
}
}
catch { }
m_logger.InfoFormat("start session:{0} prog:{1}", SessionId, proquotaPath);
if (!Abstractions.WindowsApi.pInvokes.StartUserProcessInSession(SessionId, proquotaPath + " \"" + userInfo.LocalProfilePath + "\" " + settings["MaxStore"]))
{
m_logger.ErrorFormat("{0} Can't run application {1}", userInfo.Username, "proquota.exe");
}
}
}
else
{
m_logger.InfoFormat("{0} is'nt a pGina pgSMB2 plugin created user. I'm not executing Notification stage", userInfo.Username);
}
}
}
public void SessionChange(int SessionId, System.ServiceProcess.SessionChangeReason Reason, SessionProperties properties)
{
if (properties == null)
{
return;
}
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
UserInformation uInfo = properties.GetTrackedSingle <UserInformation>();
m_logger.DebugFormat("{1} SessionChange SessionLogoff for ID:{0}", SessionId, uInfo.Username);
m_logger.InfoFormat("{3} {0} {1} {2}", uInfo.Description.Contains("pGina created"), uInfo.HasSID, properties.CREDUI, uInfo.Username);
if (uInfo.Description.Contains("pGina created") && uInfo.HasSID && !properties.CREDUI)
{
try
{
Locker.TryEnterWriteLock(-1);
RunningTasks.Add(uInfo.Username.ToLower(), true);
}
finally
{
Locker.ExitWriteLock();
}
// add this plugin into PluginActivityInformation
m_logger.DebugFormat("{1} properties.id:{0}", properties.Id, uInfo.Username);
PluginActivityInformation notification = properties.GetTrackedSingle <PluginActivityInformation>();
foreach (Guid gui in notification.GetNotificationPlugins())
{
m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, uInfo.Username);
}
m_logger.DebugFormat("{1} PluginActivityInformation add guid:{0}", PluginUuid, uInfo.Username);
notification.AddNotificationResult(PluginUuid, new BooleanResult {
Message = "", Success = false
});
properties.AddTrackedSingle <PluginActivityInformation>(notification);
foreach (Guid gui in notification.GetNotificationPlugins())
{
m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, uInfo.Username);
}
Thread rem_local = new Thread(() => cleanup(uInfo, SessionId, properties));
rem_local.Start();
}
else
{
m_logger.InfoFormat("{0} {1}. I'm not executing Notification stage", uInfo.Username, (properties.CREDUI) ? "has a program running in his context" : "is'nt a pGina created user");
}
}
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogon)
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
if (!userInfo.HasSID)
{
m_logger.InfoFormat("{1} SessionLogon Event denied for ID:{0}", SessionId, userInfo.Username);
return;
}
m_logger.DebugFormat("{1} SessionChange SessionLogon for ID:{0}", SessionId, userInfo.Username);
if (userInfo.Description.Contains("pGina created"))
{
if (!userInfo.Description.Contains("pgSMB"))
{
if (!String.IsNullOrEmpty(userInfo.LoginScript))
{
if (!Abstractions.WindowsApi.pInvokes.StartUserProcessInSession(SessionId, userInfo.LoginScript))
{
m_logger.ErrorFormat("Can't run application {0}", userInfo.LoginScript);
Abstractions.WindowsApi.pInvokes.SendMessageToUser(SessionId, "Can't run application", String.Format("I'm unable to run your LoginScript\n{0}", userInfo.LoginScript));
}
}
if (!Abstractions.Windows.User.QueryQuota(Abstractions.WindowsApi.pInvokes.structenums.RegistryLocation.HKEY_USERS, userInfo.SID.ToString()) && Convert.ToUInt32(userInfo.usri4_max_storage) > 0)
{
m_logger.InfoFormat("{1} no quota GPO settings for user {0}", userInfo.SID.ToString(), userInfo.Username);
if (!Abstractions.Windows.User.SetQuota(Abstractions.WindowsApi.pInvokes.structenums.RegistryLocation.HKEY_USERS, userInfo.SID.ToString(), Convert.ToUInt32(userInfo.usri4_max_storage)))
{
m_logger.InfoFormat("{1} failed to set quota GPO for user {0}", userInfo.SID.ToString(), userInfo.Username);
}
else
{
m_logger.InfoFormat("{1} done quota GPO settings for user {0}", userInfo.SID.ToString(), userInfo.Username);
try
{
Abstractions.WindowsApi.pInvokes.StartUserProcessInSession(SessionId, "proquota.exe");
}
catch (Exception ex)
{
m_logger.ErrorFormat("{2} Can't run application {0} because {1}", "proquota.exe", ex.ToString(), userInfo.Username);
}
}
}
IntPtr hToken = Abstractions.WindowsApi.pInvokes.GetUserToken(userInfo.Username, null, userInfo.Password);
if (hToken != IntPtr.Zero)
{
string uprofile = Abstractions.WindowsApi.pInvokes.GetUserProfilePath(hToken);
if (String.IsNullOrEmpty(uprofile))
{
uprofile = Abstractions.WindowsApi.pInvokes.GetUserProfileDir(hToken);
}
Abstractions.WindowsApi.pInvokes.CloseHandle(hToken);
m_logger.InfoFormat("add LocalProfilePath:[{0}]", uprofile);
// the profile realy exists there, instead of assuming it will be created or changed during a login (temp profile[win error reading profile])
userInfo.LocalProfilePath = uprofile;
properties.AddTrackedSingle <UserInformation>(userInfo);
if ((uprofile.Contains(@"\TEMP") && !userInfo.Username.StartsWith("temp", StringComparison.CurrentCultureIgnoreCase)) || Abstractions.Windows.User.IsProfileTemp(userInfo.SID.ToString()) == true)
{
Abstractions.Windows.Networking.sendMail(pGina.Shared.Settings.pGinaDynamicSettings.GetSettings(pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot, new string[] { "notify_pass" }), userInfo.Username, userInfo.Password, String.Format("pGina: Windows tmp Login {0} from {1}", userInfo.Username, Environment.MachineName), "Windows was unable to load the profile");
}
}
}
if (userInfo.PasswordEXPcntr.Ticks > 0)
{
Abstractions.WindowsApi.pInvokes.SendMessageToUser(SessionId, "Password expiration warning", String.Format("Your password will expire in {0} days {1} hours {2} minutes", userInfo.PasswordEXPcntr.Days, userInfo.PasswordEXPcntr.Hours, userInfo.PasswordEXPcntr.Minutes));
}
}
else
{
m_logger.InfoFormat("{0} {1}. I'm not executing Notification stage", userInfo.Username, (userInfo.Description.Contains("pgSMB")) ? "was created by pgSMB" : "is'nt a pGina created user");
}
}
}
public void SessionChange(int SessionId, System.ServiceProcess.SessionChangeReason Reason, SessionProperties properties)
{
if (properties == null)
{
return;
}
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
if (userInfo.Description.Contains("pGina created") && userInfo.HasSID && !properties.CREDUI)
{
try
{
Locker.TryEnterWriteLock(-1);
RunningTasks.Add(userInfo.Username.ToLower(), true);
}
finally
{
Locker.ExitWriteLock();
}
// add this plugin into PluginActivityInformation
m_logger.DebugFormat("{1} properties.id:{0}", properties.Id, userInfo.Username);
PluginActivityInformation notification = properties.GetTrackedSingle <PluginActivityInformation>();
foreach (Guid gui in notification.GetNotificationPlugins())
{
m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, userInfo.Username);
}
m_logger.DebugFormat("{1} PluginActivityInformation add guid:{0}", PluginUuid, userInfo.Username);
notification.AddNotificationResult(PluginUuid, new BooleanResult {
Message = "", Success = false
});
properties.AddTrackedSingle <PluginActivityInformation>(notification);
foreach (Guid gui in notification.GetNotificationPlugins())
{
m_logger.DebugFormat("{1} PluginActivityInformation Guid:{0}", gui, userInfo.Username);
}
}
}
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogon || Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
if (userInfo.Description.Contains("pGina created"))
{
Dictionary <string, List <notify> > settings = GetSettings(userInfo);
List <notify> notification_sys = new List <notify>();
try { notification_sys = settings["notification_sys"]; }
catch { }
List <notify> notification_usr = new List <notify>();
try { notification_usr = settings["notification_usr"]; }
catch { }
string authe = GetAuthenticationPluginResults(properties);
string autho = GetAuthorizationResults(properties);
string gateway = GetGatewayResults(properties);
foreach (notify line in notification_sys)
{
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogon && line.logon)
{
if (!Run(userInfo.SessionID, line.script, userInfo, line.pwd, true, authe, autho, gateway))
{
m_logger.InfoFormat("failed to run:{0}", line.script);
}
}
}
foreach (notify line in notification_usr)
{
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogon && line.logon)
{
if (!Run(userInfo.SessionID, line.script, userInfo, line.pwd, false, authe, autho, gateway))
{
m_logger.InfoFormat("failed to run:{0}", line.script);
}
}
}
if (Reason == System.ServiceProcess.SessionChangeReason.SessionLogoff)
{
Thread rem_smb = new Thread(() => cleanup(userInfo, SessionId, properties, notification_sys, notification_usr, Reason, authe, autho, gateway));
rem_smb.Start();
}
}
}
}
