|
public static SyncUserInfoToLocalUser ( |
||
| userInfo | ||
| return | void | |
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
// Our job, if we've been elected to do gateway, is to ensure that an
// authenticated user:
//
// 1. Has a local account
// 2. That account's password is set to the one they used to authenticate
// 3. That account is a member of all groups listed, and not a member of any others
// Is failure at #3 a total fail?
bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;
// Groups everyone is added to
string[] MandatoryGroups = Settings.Store.MandatoryGroups;
// user info
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
// is this a pgina user?
Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4 userinfo4 = new Abstractions.WindowsApi.pInvokes.structenums.USER_INFO_4();
if (Abstractions.WindowsApi.pInvokes.UserGet(userInfo.Username, ref userinfo4)) //true if user exists
{
if (!userinfo4.comment.Contains("pGina created"))
{
m_logger.InfoFormat("User {0} is'nt a pGina created user. I'm not executing Gateway stage", userInfo.Username);
return(new BooleanResult()
{
Success = true
});
}
}
// Add user to all mandatory groups
if (MandatoryGroups.Length > 0)
{
foreach (string group in MandatoryGroups)
{
string group_string = group;
m_logger.DebugFormat("Is there a Group with SID/Name:{0}", group);
using (GroupPrincipal groupconf = LocalAccount.GetGroupPrincipal(group))
{
if (groupconf != null)
{
m_logger.DebugFormat("Groupname: \"{0}\"", groupconf.Name);
group_string = groupconf.Name;
}
else
{
m_logger.ErrorFormat("Group: \"{0}\" not found", group);
m_logger.Error("Failsave add user to group Users");
using (GroupPrincipal groupfail = LocalAccount.GetGroupPrincipal(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null).ToString()))
{
if (groupfail != null)
{
group_string = groupfail.Name;
}
else
{
m_logger.Debug("no BuiltinUsers. I'm out of options");
group_string = null;
}
}
}
}
if (group_string != null)
{
userInfo.AddGroup(new GroupInformation()
{
Name = group_string
});
}
}
}
try
{
m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
LocalAccount.SyncUserInfoToLocalUser(userInfo);
using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
{
userInfo.SID = user.Sid;
userInfo.Description = user.Description;
}
properties.AddTrackedSingle <UserInformation>(userInfo);
}
catch (LocalAccount.GroupSyncException e)
{
if (failIfGroupSyncFails)
{
return new BooleanResult()
{
Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
}
}
;
}
catch (Exception e)
{
if (e.Message.ToLower().Contains("0x800708c5"))
{
return(new BooleanResult()
{
Success = false, Message = string.Format("This Worstation is denying the password of {0}.\nMost likely the password does not meet complexity requirements\n\n{1}", userInfo.Username, e)
});
}
return(new BooleanResult()
{
Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
});
}
return(new BooleanResult()
{
Success = true
});
}
public BooleanResult AuthenticatedUserGateway(SessionProperties properties)
{
// Our job, if we've been elected to do gateway, is to ensure that an
// authenticated user:
//
// 1. Has a local account
// 2. That account's password is set to the one they used to authenticate
// 3. That account is a member of all groups listed, and not a member of any others
// Is failure at #3 a total fail?
bool failIfGroupSyncFails = Settings.Store.GroupCreateFailIsFail;
// Groups everyone is added to
string[] MandatoryGroups = Settings.Store.MandatoryGroups;
// user info
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
// Add user to all mandatory groups
if (MandatoryGroups.Length > 0)
{
foreach (string group in MandatoryGroups)
{
userInfo.AddGroup(new GroupInformation()
{
Name = group
});
}
}
try
{
bool scramble = Settings.Store.ScramblePasswords;
bool remove = Settings.Store.RemoveProfiles;
if (remove)
{
// If this user doesn't already exist, and we are supposed to clean up after ourselves,
// make note of the username!
if (!LocalAccount.UserExists(userInfo.Username))
{
m_logger.DebugFormat("Marking for deletion: {0}", userInfo.Username);
CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.DELETE_PROFILE));
}
}
// If we are configured to scramble passwords
if (scramble)
{
// Scramble the password only if the user is not in the list
// of exceptions.
string[] exceptions = Settings.Store.ScramblePasswordsExceptions;
if (!exceptions.Contains(userInfo.Username, StringComparer.CurrentCultureIgnoreCase))
{
// If configured to do so, we check to see if this plugin failed
// to auth this user, and only scramble in that case
bool scrambleWhenLMFail = Settings.Store.ScramblePasswordsWhenLMAuthFails;
if (scrambleWhenLMFail)
{
// Scramble the password only if we did not authenticate this user
if (!DidWeAuthThisUser(properties, false))
{
m_logger.DebugFormat("LM did not authenticate this user, marking user for scramble: {0}", userInfo.Username);
CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
}
}
else
{
m_logger.DebugFormat("Marking user for scramble: {0}", userInfo.Username);
CleanupTasks.AddTask(new CleanupTask(userInfo.Username, CleanupAction.SCRAMBLE_PASSWORD));
}
}
}
m_logger.DebugFormat("AuthenticatedUserGateway({0}) for user: {1}", properties.Id.ToString(), userInfo.Username);
LocalAccount.SyncUserInfoToLocalUser(userInfo);
}
catch (LocalAccount.GroupSyncException e)
{
if (failIfGroupSyncFails)
{
return new BooleanResult()
{
Success = false, Message = string.Format("Unable to sync users local group membership: {0}", e.RootException)
}
}
;
}
catch (Exception e)
{
return(new BooleanResult()
{
Success = false, Message = string.Format("Unexpected error while syncing user's info: {0}", e)
});
}
return(new BooleanResult()
{
Success = true
});
}