|
public static SyncLocalGroupsToUserInfo ( |
||
| userInfo | ||
| Результат | void | |
public static void SyncLocalGroupsToUserInfo(UserInformation userInfo)
{
ILog logger = LogManager.GetLogger("LocalAccount.SyncLocalGroupsToUserInfo");
try
{
SecurityIdentifier EveryoneSid = new SecurityIdentifier("S-1-1-0");
SecurityIdentifier AuthenticatedUsersSid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
if (LocalAccount.UserExists(userInfo.Username))
{
using (UserPrincipal user = LocalAccount.GetUserPrincipal(userInfo.Username))
{
foreach (GroupPrincipal group in LocalAccount.GetGroups(user))
{
// Skip "Authenticated Users" and "Everyone" as these are generated
if (group.Sid == EveryoneSid || group.Sid == AuthenticatedUsersSid)
continue;
userInfo.AddGroup(new GroupInformation()
{
Name = group.Name,
Description = group.Description,
SID = group.Sid
});
}
}
}
}
catch(Exception e)
{
logger.ErrorFormat("Unexpected error while syncing local groups, skipping rest: {0}", e);
}
}
public BooleanResult AuthenticateUser(SessionProperties properties)
{
try
{
bool alwaysAuth = Settings.Store.AlwaysAuthenticate;
m_logger.DebugFormat("AuthenticateUser({0})", properties.Id.ToString());
// Get user info
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
m_logger.DebugFormat("Found username: {0}", userInfo.Username);
// Should we authenticate? Only if user has not yet authenticated, or we are not in fallback mode
if (alwaysAuth || !HasUserAuthenticatedYet(properties))
{
if (LocalAccount.UserExists(userInfo.Username))
{
// We use a pInvoke here instead of using PrincipalContext.ValidateCredentials
// due to the fact that the latter will throw an exception when the network is disconnected.
if (Abstractions.WindowsApi.pInvokes.ValidateCredentials(userInfo.Username, userInfo.Password))
{
m_logger.InfoFormat("Authenticated user: {0}", userInfo.Username);
userInfo.Domain = Environment.MachineName;
m_logger.Debug("AuthenticateUser: Mirroring group membership from SAM");
LocalAccount.SyncLocalGroupsToUserInfo(userInfo);
// Return success
return(new BooleanResult()
{
Success = true
});
}
}
else
{
m_logger.InfoFormat("User {0} does not exist on this machine.", userInfo.Username);
}
}
m_logger.ErrorFormat("Failed to authenticate user: {0}", userInfo.Username);
// Note that we don't include a message. We are a last chance auth, and want previous/failed plugins
// to have the honor of explaining why.
return(new BooleanResult()
{
Success = false, Message = null
});
}
catch (Exception e)
{
m_logger.ErrorFormat("AuthenticateUser exception: {0}", e);
throw; // Allow pGina service to catch and handle exception
}
}
