SyncUserInfoToLocalUser() public static method

public static SyncUserInfoToLocalUser ( UserInformation userInfo ) : void
userInfo pGina.Shared.Types.UserInformation
return void
示例#1
0
文件: PluginImpl.cs 项目: crou/pgina
        public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
        {
            // Our job, if we've been elected to do gateway, is to ensure that an
            //  authenticated user:
            //
            //  1. Has a local account
            //  2. That account's password is set to the one they used to authenticate
            //  3. That account is a member of all groups listed, and not a member of any others

            // Is failure at #3 a total fail?
            bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;

            // Groups everyone is added to
            string[] MandatoryGroups = Settings.Store.MandatoryGroups;

            // user info
            UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();

            // is this a pgina user?
            Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4 userinfo4 = new Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4();
            if (Abstractions.WindowsApi.pInvokes.UserGet(userInfo.Username, ref userinfo4)) //true if user exists
            {
                if (!userinfo4.comment.Contains("pGina created"))
                {
                    m_logger.InfoFormat("User {0} is'nt a pGina created user. I'm not executing Gateway stage", userInfo.Username);
                    return(new BooleanResult()
                    {
                        Success = true
                    });
                }
            }

            // Add user to all mandatory groups
            if (MandatoryGroups.Length > 0)
            {
                foreach (string group in MandatoryGroups)
                {
                    string group_string = group;

                    m_logger.DebugFormat("Is there a Group with SID/Name:{0}", group);
                    using (GroupPrincipal groupconf = LocalAccount.GetGroupPrincipal(group))
                    {
                        if (groupconf != null)
                        {
                            m_logger.DebugFormat("Groupname: \"{0}\"", groupconf.Name);
                            group_string = groupconf.Name;
                        }
                        else
                        {
                            m_logger.ErrorFormat("Group: \"{0}\" not found", group);
                            m_logger.Error("Failsave add user to group Users");
                            using (GroupPrincipal groupfail = LocalAccount.GetGroupPrincipal(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null).ToString()))
                            {
                                if (groupfail != null)
                                {
                                    group_string = groupfail.Name;
                                }
                                else
                                {
                                    m_logger.Debug("no BuiltinUsers. I'm out of options");
                                    group_string = null;
                                }
                            }
                        }
                    }

                    if (group_string != null)
                    {
                        userInfo.AddGroup(new GroupInformation()
                        {
                            Name = group_string
                        });
                    }
                }
            }

            try
            {
                m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
                LocalAccount.SyncUserInfoToLocalUser(userInfo);
                using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
                {
                    userInfo.SID         = user.Sid;
                    userInfo.Description = user.Description;
                }
                properties.AddTrackedSingle <UserInformation>(userInfo);
            }
            catch (LocalAccount.GroupSyncException e)
            {
                if (failIfGroupSyncFails)
                {
                    return new BooleanResult()
                           {
                               Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
                           }
                }
                ;
            }
            catch (Exception e)
            {
                if (e.Message.ToLower().Contains("0x800708c5"))
                {
                    return(new BooleanResult()
                    {
                        Success = false, Message = string.Format("This Worstation is denying the password of {0}.\nMost likely the password does not meet complexity requirements\n\n{1}", userInfo.Username, e)
                    });
                }

                return(new BooleanResult()
                {
                    Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
                });
            }

            return(new BooleanResult()
            {
                Success = true
            });
        }
示例#2
0
        public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
        {
            // Our job, if we've been elected to do gateway, is to ensure that an
            //  authenticated user:
            //
            //  1. Has a local account
            //  2. That account's password is set to the one they used to authenticate
            //  3. That account is a member of all groups listed, and not a member of any others

            // Is failure at #3 a total fail?
            bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;

            // Groups everyone is added to
            string[] MandatoryGroups = Settings.Store.MandatoryGroups;

            // user info
            UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();

            // Add user to all mandatory groups
            if (MandatoryGroups.Length > 0)
            {
                foreach (string group in MandatoryGroups)
                {
                    userInfo.AddGroup(new GroupInformation()
                    {
                        Name = group
                    });
                }
            }

            try
            {
                bool scramble = Settings.Store.ScramblePasswords;
                bool remove   = Settings.Store.RemoveProfiles;

                if (remove)
                {
                    // If this user doesn't already exist, and we are supposed to clean up after ourselves,
                    //  make note of the username!
                    if (!LocalAccount.UserExists(userInfo.Username))
                    {
                        m_logger.DebugFormat("Marking for deletion: {0}", userInfo.Username);
                        CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.DELETE_PROFILE));
                    }
                }

                // If we are configured to scramble passwords
                if (scramble)
                {
                    // Scramble the password only if the user is not in the list
                    // of exceptions.
                    string[] exceptions = Settings.Store.ScramblePasswordsExceptions;
                    if (!exceptions.Contains(userInfo.Username, StringComparer.CurrentCultureIgnoreCase))
                    {
                        // If configured to do so, we check to see if this plugin failed
                        // to auth this user, and only scramble in that case
                        bool scrambleWhenLMFail = Settings.Store.ScramblePasswordsWhenLMAuthFails;
                        if (scrambleWhenLMFail)
                        {
                            // Scramble the password only if we did not authenticate this user
                            if (!DidWeAuthThisUser(properties, false))
                            {
                                m_logger.DebugFormat("LM did not authenticate this user, marking user for scramble: {0}", userInfo.Username);
                                CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
                            }
                        }
                        else
                        {
                            m_logger.DebugFormat("Marking user for scramble: {0}", userInfo.Username);
                            CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
                        }
                    }
                }

                m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
                LocalAccount.SyncUserInfoToLocalUser(userInfo);
            }
            catch (LocalAccount.GroupSyncException e)
            {
                if (failIfGroupSyncFails)
                {
                    return new BooleanResult()
                           {
                               Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
                           }
                }
                ;
            }
            catch (Exception e)
            {
                return(new BooleanResult()
                {
                    Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
                });
            }

            return(new BooleanResult()
            {
                Success = true
            });
        }