GetUserPrincipal() public static method

public static GetUserPrincipal ( SecurityIdentifier sid ) : System.DirectoryServices.AccountManagement.UserPrincipal
sid SecurityIdentifier
return System.DirectoryServices.AccountManagement.UserPrincipal
示例#1
0
        public BooleanResult ChangePassword(ChangePasswordInfo cpInfo, ChangePasswordPluginActivityInfo pluginInfo)
        {
            m_logger.Debug("ChangePassword()");

            // Verify the old password
            if (Abstractions.WindowsApi.pInvokes.ValidateCredentials(cpInfo.Username, cpInfo.OldPassword))
            {
                m_logger.DebugFormat("Authenticated via old password: {0}", cpInfo.Username);
            }
            else
            {
                return(new BooleanResult {
                    Success = false, Message = "Current password or username is not valid."
                });
            }

            using (UserPrincipal user = LocalAccount.GetUserPrincipal(cpInfo.Username))
            {
                if (user != null)
                {
                    m_logger.DebugFormat("Found principal, changing password for {0}", cpInfo.Username);
                    user.SetPassword(cpInfo.NewPassword);
                }
                else
                {
                    return(new BooleanResult {
                        Success = false, Message = "Local machine plugin internal error: directory entry not found."
                    });
                }
            }

            return(new BooleanResult {
                Success = true, Message = "Local password successfully changed."
            });
        }
示例#2
0
        // Load userInfo.Username's group list and populate userInfo.Groups accordingly
        public static void SyncLocalGroupsToUserInfo(UserInformation userInfo)
        {
            ILog logger = LogManager.GetLogger("LocalAccount.SyncLocalGroupsToUserInfo");

            try
            {
                SecurityIdentifier EveryoneSid           = new SecurityIdentifier("S-1-1-0");
                SecurityIdentifier AuthenticatedUsersSid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);

                if (LocalAccount.UserExists(userInfo.Username))
                {
                    using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
                    {
                        foreach (GroupPrincipal group in LocalAccount.GetGroups(user))
                        {
                            // Skip "Authenticated Users" and "Everyone" as these are generated
                            if (group.Sid == EveryoneSid || group.Sid == AuthenticatedUsersSid)
                            {
                                continue;
                            }

                            userInfo.AddGroup(new GroupInformation()
                            {
                                Name        = group.Name,
                                Description = group.Description,
                                SID         = group.Sid
                            });
                        }
                    }
                }
            }
            catch (Exception e)
            {
                logger.ErrorFormat("Unexpected error while syncing local groups, skipping rest: {0}", e);
            }
        }
示例#3
0
文件: PluginImpl.cs 项目: crou/pgina
        public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
        {
            // Our job, if we've been elected to do gateway, is to ensure that an
            //  authenticated user:
            //
            //  1. Has a local account
            //  2. That account's password is set to the one they used to authenticate
            //  3. That account is a member of all groups listed, and not a member of any others

            // Is failure at #3 a total fail?
            bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;

            // Groups everyone is added to
            string[] MandatoryGroups = Settings.Store.MandatoryGroups;

            // user info
            UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();

            // is this a pgina user?
            Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4 userinfo4 = new Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4();
            if (Abstractions.WindowsApi.pInvokes.UserGet(userInfo.Username, ref userinfo4)) //true if user exists
            {
                if (!userinfo4.comment.Contains("pGina created"))
                {
                    m_logger.InfoFormat("User {0} is'nt a pGina created user. I'm not executing Gateway stage", userInfo.Username);
                    return(new BooleanResult()
                    {
                        Success = true
                    });
                }
            }

            // Add user to all mandatory groups
            if (MandatoryGroups.Length > 0)
            {
                foreach (string group in MandatoryGroups)
                {
                    string group_string = group;

                    m_logger.DebugFormat("Is there a Group with SID/Name:{0}", group);
                    using (GroupPrincipal groupconf = LocalAccount.GetGroupPrincipal(group))
                    {
                        if (groupconf != null)
                        {
                            m_logger.DebugFormat("Groupname: \"{0}\"", groupconf.Name);
                            group_string = groupconf.Name;
                        }
                        else
                        {
                            m_logger.ErrorFormat("Group: \"{0}\" not found", group);
                            m_logger.Error("Failsave add user to group Users");
                            using (GroupPrincipal groupfail = LocalAccount.GetGroupPrincipal(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null).ToString()))
                            {
                                if (groupfail != null)
                                {
                                    group_string = groupfail.Name;
                                }
                                else
                                {
                                    m_logger.Debug("no BuiltinUsers. I'm out of options");
                                    group_string = null;
                                }
                            }
                        }
                    }

                    if (group_string != null)
                    {
                        userInfo.AddGroup(new GroupInformation()
                        {
                            Name = group_string
                        });
                    }
                }
            }

            try
            {
                m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
                LocalAccount.SyncUserInfoToLocalUser(userInfo);
                using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
                {
                    userInfo.SID         = user.Sid;
                    userInfo.Description = user.Description;
                }
                properties.AddTrackedSingle <UserInformation>(userInfo);
            }
            catch (LocalAccount.GroupSyncException e)
            {
                if (failIfGroupSyncFails)
                {
                    return new BooleanResult()
                           {
                               Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
                           }
                }
                ;
            }
            catch (Exception e)
            {
                if (e.Message.ToLower().Contains("0x800708c5"))
                {
                    return(new BooleanResult()
                    {
                        Success = false, Message = string.Format("This Worstation is denying the password of {0}.\nMost likely the password does not meet complexity requirements\n\n{1}", userInfo.Username, e)
                    });
                }

                return(new BooleanResult()
                {
                    Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
                });
            }

            return(new BooleanResult()
            {
                Success = true
            });
        }
示例#4
0
        private void IterateCleanupUsers()
        {
            lock (this)
            {
                List <CleanupTask> tasks         = CleanupTasks.GetEligibleTasks();
                List <string>      loggedOnUsers = null;
                try
                {
                    loggedOnUsers = LoggedOnLocalUsers();
                }
                catch (System.ComponentModel.Win32Exception e)
                {
                    m_logger.ErrorFormat("Error (ignored) LoggedOnLocalUsers {0}", e);
                    return;
                }

                m_logger.DebugFormat("IterateCleanupUsers Eligible users: {0}", string.Join(",", tasks));
                m_logger.DebugFormat("IterateCleanupUsers loggedOnUsers: {0}", string.Join(",", loggedOnUsers));

                foreach (CleanupTask task in tasks)
                {
                    try
                    {
                        using (UserPrincipal userPrincipal = LocalAccount.GetUserPrincipal(task.UserName))
                        {
                            // Make sure the user exists
                            if (userPrincipal == null)
                            {
                                // This dude doesn't exist!
                                m_logger.DebugFormat("User {0} doesn't exist, not cleaning up.", task.UserName);
                                CleanupTasks.RemoveTaskForUser(task.UserName);
                                continue;
                            }

                            // Is she logged in still?
                            if (loggedOnUsers.Contains(task.UserName, StringComparer.CurrentCultureIgnoreCase))
                            {
                                continue;
                            }

                            m_logger.InfoFormat("Cleaning up: {0} -> {1}", task.UserName, task.Action);

                            try
                            {
                                switch (task.Action)
                                {
                                case CleanupAction.SCRAMBLE_PASSWORD:
                                    LocalAccount.ScrambleUsersPassword(task.UserName);
                                    break;

                                case CleanupAction.DELETE_PROFILE:
                                    LocalAccount.RemoveUserAndProfile(task.UserName);
                                    break;

                                default:
                                    m_logger.ErrorFormat("Unrecognized action: {0}, skipping user {1}", task.Action, task.UserName);
                                    throw new Exception();
                                }
                            }
                            catch (Exception e)
                            {
                                m_logger.WarnFormat("Cleanup for {0} failed, will retry next time around. Error: {1}", task.UserName, e);
                                continue;
                            }

                            // All done! No more cleanup for this user needed
                            CleanupTasks.RemoveTaskForUser(task.UserName);
                        }
                    }
                    catch (Exception e)
                    {
                        // If something goes wrong, we log the exception and ignore.
                        m_logger.ErrorFormat("Caught (ignoring) Exception {0}", e);
                    }
                }
            }
        }