zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Session Host certificates

Browse source
This commit is contained in:
vfedosevich 2015-03-03 07:43:23 -08:00
parent 789cd6ca11
commit 1969cd398c
45 changed files with 1196 additions and 377 deletions
Download patch file Download diff file Expand all files Collapse all files

229
WebsitePanel/Sources/WebsitePanel.Providers.TerminalServices.Windows2012/Windows2012.cs
View file

@ -64,6 +64,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
private const string Computers = "Computers";
private const string AdDcComputers = "Domain Controllers";
private const string Users = "users";
private const string Admins = "Admins";
private const string RdsGroupFormat = "rds-{0}-{1}";
private const string RdsModuleName = "RemoteDesktopServices";
private const string AddNpsString = "netsh nps add np name=\"\"{0}\"\" policysource=\"1\" processingorder=\"{1}\" conditionid=\"0x3d\" conditiondata=\"^5$\" conditionid=\"0x1fb5\" conditiondata=\"{2}\" conditionid=\"0x1e\" conditiondata=\"UserAuthType:(PW|CA)\" profileid=\"0x1005\" profiledata=\"TRUE\" profileid=\"0x100f\" profiledata=\"TRUE\" profileid=\"0x1009\" profiledata=\"0x7\" profileid=\"0x1fe6\" profiledata=\"0x40000000\"";
@ -310,7 +311,8 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
//ActiveDirectoryUtils.AddObjectToGroup(GetComputerPath(ConnectionBroker), GetComputerGroupPath(organizationId, collection.Name));
}
CheckOrCreateHelpDeskComputerGroup();
CheckOrCreateHelpDeskComputerGroup();
string helpDeskGroupSamAccountName = CheckOrCreateAdGroup(GetHelpDeskGroupPath(RDSHelpDeskGroup), GetRootOUPath(), RDSHelpDeskGroup, RDSHelpDeskGroupDescription);
if (!ActiveDirectoryUtils.AdObjectExists(GetUsersGroupPath(organizationId, collection.Name)))
{
@ -347,7 +349,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
CreateLocalAdministratorsGroup(rdsServer.FqdName, runSpace);
}
AddHelpDeskAdminsGroupToLocalAdmins(runSpace, rdsServer.FqdName);
AddAdGroupToLocalAdmins(runSpace, rdsServer.FqdName, helpDeskGroupSamAccountName);
AddComputerToCollectionAdComputerGroup(organizationId, collection.Name, rdsServer);
}
}
@ -513,11 +515,13 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
foreach(var server in servers)
{
RemoveGroupFromLocalAdmin(server.FqdName, server.Name, GetLocalAdminsGroupName(collectionName), runSpace);
RemoveComputerFromCollectionAdComputerGroup(organizationId, collectionName, server);
}
ActiveDirectoryUtils.DeleteADObject(GetComputerGroupPath(organizationId, collectionName));
ActiveDirectoryUtils.DeleteADObject(GetUsersGroupPath(organizationId, collectionName));
ActiveDirectoryUtils.DeleteADObject(GetUsersGroupPath(organizationId, collectionName));
ActiveDirectoryUtils.DeleteADObject(GetGroupPath(organizationId, collectionName, GetLocalAdminsGroupName(collectionName)));
}
catch (Exception e)
{
@ -529,12 +533,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
}
return result;
}
public List<string> GetCollectionUsers(string collectionName)
{
return GetUsersToCollectionAdGroup(collectionName);
}
}
public bool SetUsersInCollection(string organizationId, string collectionName, List<string> users)
{
@ -542,7 +541,9 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
try
{
SetUsersToCollectionAdGroup(collectionName, organizationId, users);
var usersGroupName = GetUsersGroupName(collectionName);
var usersGroupPath = GetUsersGroupPath(organizationId, collectionName);
SetUsersToCollectionAdGroup(collectionName, organizationId, users, usersGroupName, usersGroupPath);
}
catch (Exception e)
{
@ -573,14 +574,15 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
ExecuteShellCommand(runSpace, cmd, false);
CheckOrCreateHelpDeskComputerGroup();
CheckOrCreateHelpDeskComputerGroup();
string helpDeskGroupSamAccountName = CheckOrCreateAdGroup(GetHelpDeskGroupPath(RDSHelpDeskGroup), GetRootOUPath(), RDSHelpDeskGroup, RDSHelpDeskGroupDescription);
if (!CheckLocalAdminsGroupExists(server.FqdName, runSpace))
{
CreateLocalAdministratorsGroup(server.FqdName, runSpace);
}
AddHelpDeskAdminsGroupToLocalAdmins(runSpace, server.FqdName);
AddAdGroupToLocalAdmins(runSpace, server.FqdName, helpDeskGroupSamAccountName);
AddComputerToCollectionAdComputerGroup(organizationId, collectionName, server);
}
catch (Exception e)
@ -616,6 +618,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
ExecuteShellCommand(runSpace, cmd, false);
RemoveGroupFromLocalAdmin(server.FqdName, server.Name, GetLocalAdminsGroupName(collectionName), runSpace);
RemoveComputerFromCollectionAdComputerGroup(organizationId, collectionName, server);
}
finally
@ -978,7 +981,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
#region Local Admins
public void SaveRdsCollectionLocalAdmins(List<OrganizationUser> users, List<string> hosts)
public void SaveRdsCollectionLocalAdmins(List<string> users, List<string> hosts, string collectionName, string organizationId)
{
Runspace runspace = null;
@ -987,6 +990,10 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
runspace = OpenRunspace();
var index = ServerSettings.ADRootDomain.LastIndexOf(".");
var domainName = ServerSettings.ADRootDomain;
string groupName = GetLocalAdminsGroupName(collectionName);
string groupPath = GetGroupPath(organizationId, collectionName, groupName);
string helpDeskGroupSamAccountName = CheckOrCreateAdGroup(GetHelpDeskGroupPath(RDSHelpDeskGroup), GetRootOUPath(), RDSHelpDeskGroup, RDSHelpDeskGroupDescription);
string localAdminsGroupSamAccountName = CheckOrCreateAdGroup(groupPath, GetOrganizationPath(organizationId), groupName, WspAdministratorsGroupDescription);
if (index > 0)
{
@ -1004,24 +1011,12 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
Log.WriteWarning(string.Join("\r\n", errors.Select(e => e.ToString()).ToArray()));
throw new Exception(string.Join("\r\n", errors.Select(e => e.ToString()).ToArray()));
}
}
var existingAdmins = GetExistingLocalAdmins(hostName, runspace).Select(e => e.ToLower());
var formUsers = users.Select(u => string.Format("{0}\\{1}", domainName, u.SamAccountName).ToLower());
var newUsers = users.Where(u => !existingAdmins.Contains(string.Format("{0}\\{1}", domainName, u.SamAccountName).ToLower()));
var removedUsers = existingAdmins.Where(e => !formUsers.Contains(e));
}
foreach (var user in newUsers)
{
AddNewLocalAdmin(hostName, user.SamAccountName, runspace);
}
AddAdGroupToLocalAdmins(runspace, hostName, helpDeskGroupSamAccountName);
AddAdGroupToLocalAdmins(runspace, hostName, localAdminsGroupSamAccountName);
foreach (var user in removedUsers)
{
RemoveLocalAdmin(hostName, user, runspace);
}
AddHelpDeskAdminsGroupToLocalAdmins(runspace, hostName);
SetUsersToCollectionAdGroup(collectionName, organizationId, users, GetLocalAdminsGroupName(collectionName), groupPath);
}
}
finally
@ -1030,27 +1025,11 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
}
}
public List<string> GetRdsCollectionLocalAdmins(string hostName)
{
Runspace runspace = null;
var result = new List<string>();
try
{
runspace = OpenRunspace();
if (CheckLocalAdminsGroupExists(hostName, runspace))
{
result = GetExistingLocalAdmins(hostName, runspace);
}
}
finally
{
CloseRunspace(runspace);
}
return result;
}
public List<string> GetRdsCollectionLocalAdmins(string organizationId, string collectionName)
{
string groupName = GetLocalAdminsGroupName(collectionName);
return GetUsersToCollectionAdGroup(collectionName, groupName, organizationId);
}
private bool CheckLocalAdminsGroupExists(string hostName, Runspace runspace)
{
@ -1097,59 +1076,19 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
}
return errors;
}
private List<string> GetExistingLocalAdmins(string hostName, Runspace runspace)
{
var result = new List<string>();
var scripts = new List<string>
{
string.Format("net localgroup {0} | select -skip 6", WspAdministratorsGroupName)
};
object[] errors = null;
var exitingAdmins = ExecuteRemoteShellCommand(runspace, hostName, scripts, out errors);
if (!errors.Any())
{
foreach(var user in exitingAdmins.Take(exitingAdmins.Count - 2))
{
result.Add(user.ToString());
}
}
return result;
}
private object[] AddNewLocalAdmin(string hostName, string samAccountName, Runspace runspace)
{
}
private void RemoveGroupFromLocalAdmin(string fqdnName, string hostName, string groupName, Runspace runspace)
{
var scripts = new List<string>
{
string.Format("$GroupObj = [ADSI]\"WinNT://{0}/{1}\"", hostName, WspAdministratorsGroupName),
string.Format("$GroupObj.Add(\"WinNT://{0}/{1}\")", ServerSettings.ADRootDomain, samAccountName)
string.Format("$GroupObj.Remove(\"WinNT://{0}/{1}\")", ServerSettings.ADRootDomain, RDSHelpDeskGroup),
string.Format("$GroupObj.Remove(\"WinNT://{0}/{1}\")", ServerSettings.ADRootDomain, groupName)
};
object[] errors = null;
ExecuteRemoteShellCommand(runspace, hostName, scripts, out errors);
return errors;
}
private object[] RemoveLocalAdmin(string hostName, string user, Runspace runspace)
{
var userObject = user.Split('\\');
var scripts = new List<string>
{
string.Format("$GroupObj = [ADSI]\"WinNT://{0}/{1}\"", hostName, WspAdministratorsGroupName),
string.Format("$GroupObj.Remove(\"WinNT://{0}/{1}\")", userObject[0], userObject[1])
};
object[] errors = null;
ExecuteRemoteShellCommand(runspace, hostName, scripts, out errors);
return errors;
ExecuteRemoteShellCommand(runspace, fqdnName, scripts, out errors);
}
#endregion
@ -1177,23 +1116,22 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
}
}
private void AddHelpDeskAdminsGroupToLocalAdmins(Runspace runspace, string hostName)
{
var helpDeskAdminsGroupPath = GetHelpDeskGroupPath(RDSHelpDeskGroup);
private string CheckOrCreateAdGroup(string groupPath, string rootPath, string groupName, string description)
{
DirectoryEntry groupEntry = null;
if (!ActiveDirectoryUtils.AdObjectExists(helpDeskAdminsGroupPath))
if (!ActiveDirectoryUtils.AdObjectExists(groupPath))
{
ActiveDirectoryUtils.CreateGroup(GetRootOUPath(), RDSHelpDeskGroup);
groupEntry = ActiveDirectoryUtils.GetADObject(helpDeskAdminsGroupPath);
ActiveDirectoryUtils.CreateGroup(rootPath, groupName);
groupEntry = ActiveDirectoryUtils.GetADObject(groupPath);
if (groupEntry.Properties.Contains("Description"))
{
groupEntry.Properties["Description"][0] = RDSHelpDeskGroupDescription;
groupEntry.Properties["Description"][0] = description;
}
else
{
groupEntry.Properties["Description"].Add(RDSHelpDeskGroupDescription);
groupEntry.Properties["Description"].Add(description);
}
groupEntry.CommitChanges();
@ -1201,11 +1139,14 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
if (groupEntry == null)
{
groupEntry = ActiveDirectoryUtils.GetADObject(helpDeskAdminsGroupPath);
groupEntry = ActiveDirectoryUtils.GetADObject(groupPath);
}
var samAccountName = ActiveDirectoryUtils.GetADObjectProperty(groupEntry, "sAMAccountName");
return ActiveDirectoryUtils.GetADObjectProperty(groupEntry, "sAMAccountName").ToString();
}
private void AddAdGroupToLocalAdmins(Runspace runspace, string hostName, string samAccountName)
{
var scripts = new List<string>
{
string.Format("$GroupObj = [ADSI]\"WinNT://{0}/{1}\"", hostName, WspAdministratorsGroupName),
@ -1227,7 +1168,7 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
try
{
var guid = Guid.NewGuid();
var x509Cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.Exportable);
var x509Cert = new X509Certificate2(certificate, password, X509KeyStorageFlags.Exportable);
//var content = x509Cert.Export(X509ContentType.Pfx);
var filePath = SaveCertificate(certificate, guid);
runspace = OpenRunspace();
@ -1355,21 +1296,17 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
return false;
}
private void SetUsersToCollectionAdGroup(string collectionName, string organizationId, IEnumerable<string> users)
{
var usersGroupName = GetUsersGroupName(collectionName);
var usersGroupPath = GetUsersGroupPath(organizationId, collectionName);
private void SetUsersToCollectionAdGroup(string collectionName, string organizationId, IEnumerable<string> users, string groupName, string groupPath)
{
var orgPath = GetOrganizationPath(organizationId);
var orgEntry = ActiveDirectoryUtils.GetADObject(orgPath);
var groupUsers = ActiveDirectoryUtils.GetGroupObjects(usersGroupName, "user", orgEntry);
//remove all users from group
var groupUsers = ActiveDirectoryUtils.GetGroupObjects(groupName, "user", orgEntry);
foreach (string userPath in groupUsers)
{
ActiveDirectoryUtils.RemoveObjectFromGroup(userPath, usersGroupPath);
ActiveDirectoryUtils.RemoveObjectFromGroup(userPath, groupPath);
}
//adding users to group
foreach (var user in users)
{
var userPath = GetUserPath(organizationId, user);
@ -1377,20 +1314,19 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
if (ActiveDirectoryUtils.AdObjectExists(userPath))
{
var userObject = ActiveDirectoryUtils.GetADObject(userPath);
var samName = (string)ActiveDirectoryUtils.GetADObjectProperty(userObject, "sAMAccountName");
var userGroupsPath = GetUsersGroupPath(organizationId, collectionName);
ActiveDirectoryUtils.AddObjectToGroup(userPath, userGroupsPath);
var samName = (string)ActiveDirectoryUtils.GetADObjectProperty(userObject, "sAMAccountName");
ActiveDirectoryUtils.AddObjectToGroup(userPath, groupPath);
}
}
}
private List<string> GetUsersToCollectionAdGroup(string collectionName)
private List<string> GetUsersToCollectionAdGroup(string collectionName, string groupName, string organizationId)
{
var users = new List<string>();
var users = new List<string>();
var orgPath = GetOrganizationPath(organizationId);
var orgEntry = ActiveDirectoryUtils.GetADObject(orgPath);
var usersGroupName = GetUsersGroupName(collectionName);
foreach (string userPath in ActiveDirectoryUtils.GetGroupObjects(usersGroupName, "user"))
foreach (string userPath in ActiveDirectoryUtils.GetGroupObjects(groupName, "user", orgEntry))
{
var userObject = ActiveDirectoryUtils.GetADObject(userPath);
var samName = (string)ActiveDirectoryUtils.GetADObjectProperty(userObject, "sAMAccountName");
@ -1738,6 +1674,11 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
return string.Format(RdsGroupFormat, collectionName, Users.ToLowerInvariant());
}
private string GetLocalAdminsGroupName(string collectionName)
{
return string.Format(RdsGroupFormat, collectionName, Admins.ToLowerInvariant());
}
internal string GetComputerGroupPath(string organizationId, string collection)
{
StringBuilder sb = new StringBuilder();
@ -1766,6 +1707,20 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
return sb.ToString();
}
private string GetGroupPath(string organizationId, string collectionName, string groupName)
{
StringBuilder sb = new StringBuilder();
AppendProtocol(sb);
AppendDomainController(sb);
AppendCNPath(sb, groupName);
AppendOUPath(sb, organizationId);
AppendOUPath(sb, RootOU);
AppendDomainPath(sb, RootDomain);
return sb.ToString();
}
private string GetUserPath(string organizationId, string loginName)
{
StringBuilder sb = new StringBuilder();
@ -2290,18 +2245,22 @@ namespace WebsitePanel.Providers.RemoteDesktopServices
cmd.Parameters.Add("CollectionName", collectionName);
cmd.Parameters.Add("ConnectionBroker", ConnectionBroker);
var userSessions = ExecuteShellCommand(runSpace, cmd, false, out errors);
var properties = typeof(RdsUserSession).GetProperties();
var properties = typeof(RdsUserSession).GetProperties();
foreach(var userSession in userSessions)
{
var session = new RdsUserSession();
foreach(var prop in properties)
var session = new RdsUserSession
{
prop.SetValue(session, GetPSObjectProperty(userSession, prop.Name).ToString(), null);
}
session.UserName = GetUserFullName(session.DomainName, session.UserName, runSpace);
CollectionName = GetPSObjectProperty(userSession, "CollectionName").ToString(),
DomainName = GetPSObjectProperty(userSession, "DomainName").ToString(),
HostServer = GetPSObjectProperty(userSession, "HostServer").ToString(),
SessionState = GetPSObjectProperty(userSession, "SessionState").ToString(),
UnifiedSessionId = GetPSObjectProperty(userSession, "UnifiedSessionId").ToString(),
SamAccountName = GetPSObjectProperty(userSession, "UserName").ToString(),
};
session.IsVip = false;
session.UserName = GetUserFullName(session.DomainName, session.SamAccountName, runSpace);
result.Add(session);
}