From fa15fed348c9a2040b721cba034bfa00829cb1f2 Mon Sep 17 00:00:00 2001 From: Ray Pulsipher Date: Mon, 17 Jun 2024 23:03:46 -0700 Subject: [PATCH] . --- client_tools/svc/OPEService.py | 5 ++- client_tools/svc/README.md | 4 ++ client_tools/svc/mgmt_UserAccounts.py | 65 ++++++++------------------- 3 files changed, 26 insertions(+), 48 deletions(-) diff --git a/client_tools/svc/OPEService.py b/client_tools/svc/OPEService.py index 352bb998..4c96af19 100644 --- a/client_tools/svc/OPEService.py +++ b/client_tools/svc/OPEService.py @@ -391,10 +391,11 @@ def monitor_login_events_thread(self): #p(f"IpPort: {string_inserts[19]}") event_info["IpPort"] = string_inserts[19] else: - p("Event does not contain all expected fields.") + p(f"Event does not contain all expected fields. \n{string_inserts}", log_level=3) + continue if event.EventID == event_id and (event_info["LogonType"] != "5"): - p(f"* Interactive Login event detected.\n{event_info}", log_level=3) + p(f"*** Interactive Login event detected.\n{event_info}", log_level=3) mgmt_UserAccounts.ProcessLogonEvent(event_info) # if username.lower() in [s.lower() for s in event.StringInserts if s]: # print(f"Login attempt detected for user: {username}") diff --git a/client_tools/svc/README.md b/client_tools/svc/README.md index 34b56009..7b9e40d4 100644 --- a/client_tools/svc/README.md +++ b/client_tools/svc/README.md @@ -36,6 +36,10 @@ https://pyinstaller.org/en/stable/bootloader-building.html Switch back to python 311 (chocolaty installs py3.12 - remove from paths and re-open command prompts) +Set this flag to disable telemetry +setx VSCMD_SKIP_SENDTELEMETRY 1 + + In the bootloader folder - run waf... python .\waf distclean all --target-arch=64bit diff --git a/client_tools/svc/mgmt_UserAccounts.py b/client_tools/svc/mgmt_UserAccounts.py index a968611a..07979a22 100644 --- a/client_tools/svc/mgmt_UserAccounts.py +++ b/client_tools/svc/mgmt_UserAccounts.py @@ -1034,6 +1034,11 @@ def ensure_home_folder_for_user(curr_student): def ProcessLogonEvent(event_info): # Decide if we need to logout this user + # event_info - user_name, domain_name, full_name, user_sid, event_type, event_time, event_source, event_id, event_data + # SubjectUserSid, SubjectUserName, SubjectDomainName, SubjectLogonId, TargetUserSid, TargetUserName, TargetDomainName, + # TargetLogonId, LogonType, LogonProcessName, AuthenticationPackageName, WorkstationName, + # LogonGuid, TransmittedServices, LmPackageName, KeyLength, ProcessId, ProcessName, IpAddress, IpPort + # Get the user name user_name = event_info["user_name"] user_domain = event_info["domain_name"] @@ -1044,53 +1049,21 @@ def ProcessLogonEvent(event_info): event_source = event_info["event_source"] event_id = event_info["event_id"] event_data = event_info["event_data"] + + # If user is not an admin and is isn't in the OPESStudents group, log them out. + if UserAccounts.is_user_in_group(user_name, "administrators") or UserAccounts.is_user_in_group(user_name, "OPEAdmins"): + p("User is an admin logging in - allowing login: " + str(user_name)) + return True -event_info["SubjectUserSid"] = string_inserts[0] - #p(f"SubjectUserName: {string_inserts[1]}") - event_info["SubjectUserName"] = string_inserts[1] - #p(f"SubjectDomainName: {string_inserts[2]}") - event_info["SubjectDomainName"] = string_inserts[2] - #p(f"SubjectLogonId: {string_inserts[3]}") - event_info["SubjectLogonId"] = string_inserts[3] - #p(f"TargetUserSid: {string_inserts[4]}") - event_info["TargetUserSid"] = string_inserts[4] - #p(f"TargetUserName: {string_inserts[5]}") - event_info["TargetUserName"] = string_inserts[5] - #p(f"TargetDomainName: {string_inserts[6]}") - event_info["TargetDomainName"] = string_inserts[6] - #p(f"TargetLogonId: {string_inserts[7]}") - event_info["TargetLogonId"] = string_inserts[7] - #p(f"LogonType: {string_inserts[8]}") - event_info["LogonType"] = string_inserts[8] - #p(f"LogonProcessName: {string_inserts[9]}") - event_info["LogonProcessName"] = string_inserts[9] - #p(f"AuthenticationPackageName: {string_inserts[10]}") - event_info["AuthenticationPackageName"] = string_inserts[10] - #p(f"WorkstationName: {string_inserts[11]}") - event_info["WorkstationName"] = string_inserts[11] - #p(f"LogonGuid: {string_inserts[12]}") - event_info["LogonGuid"] = string_inserts[12] - #p(f"TransmittedServices: {string_inserts[13]}") - event_info["TransmittedServices"] = string_inserts[13] - #p(f"LmPackageName: {string_inserts[14]}") - event_info["LmPackageName"] = string_inserts[14] - #p(f"KeyLength: {string_inserts[15]}") - event_info["KeyLength"] = string_inserts[15] - #p(f"ProcessId: {string_inserts[16]}") - event_info["ProcessId"] = string_inserts[16] - #p(f"ProcessName: {string_inserts[17]}") - event_info["ProcessName"] = string_inserts[17] - #p(f"IpAddress: {string_inserts[18]}") - event_info["IpAddress"] = string_inserts[18] - #p(f"IpPort: {string_inserts[19]}") - event_info["IpPort"] = string_inserts[19] - - - - TODO - UserAccounts.log_out_user("?") - -if __name__ == "__main__": + if UserAccounts.is_user_in_group(user_name, "OPEStudents"): + p("User is a student logging in - allowing login: " + str(user_name)) + return True + + # All other instances, force the logout. + p("User is not an admin or student or account is locked - logging out: " + str(user_name)) + return UserAccounts.log_out_user(user_name) + +if __name__ == "__main__": #ret = UserAccounts.create_local_students_group() #ret = UserAccounts.create_local_student_account("s999999", "Test Student", "Sid999999!") #print("RET: " + str(ret))