mirror of
https://github.com/Icinga/icinga-powershell-framework.git
synced 2025-12-21 15:19:58 -05:00
63 lines
2.2 KiB
PowerShell
63 lines
2.2 KiB
PowerShell
|
Add-Type -AssemblyName System.DirectoryServices.AccountManagement;
|
||
|
|
|
||
|
|
$AuthHelper = New-Object -TypeName PSObject;
|
||
|
|
|
||
|
|
<#
|
||
|
|
# This function will allow us to authenticate against either a
|
||
|
|
# Domain Controller or the local machine the module runs on.
|
||
|
|
# For security reasons, Username and Password have to be
|
||
|
|
# stored within a SecureString. If no Domain is specified,
|
||
|
|
# a login will always be attempted to the local machine
|
||
|
|
#>
|
||
|
|
$AuthHelper | Add-Member -membertype ScriptMethod -name 'Login' -value {
|
||
|
|
param([SecureString]$UserName, [SecureString]$Password, [String]$Domain);
|
||
|
|
|
||
|
|
# Base handling: We try to authenticate against a local user on the machine
|
||
|
|
[string]$AuthMethod = [System.DirectoryServices.AccountManagement.ContextType]::Machine;
|
||
|
|
[string]$AuthDomain = $env:COMPUTERNAME;
|
||
|
|
|
||
|
|
# If we specify a domain, we should authenticate against our Domain
|
||
|
|
if ([string]::IsNullOrEmpty($Domain) -eq $FALSE) {
|
||
|
|
$AuthMethod = [System.DirectoryServices.AccountManagement.ContextType]::Domain;
|
||
|
|
$AuthDomain = $Domain;
|
||
|
|
}
|
||
|
|
|
||
|
|
try {
|
||
|
|
# Create an Account Management object based on the above determined settings
|
||
|
|
$AccountService = New-Object System.DirectoryServices.AccountManagement.PrincipalContext(
|
||
|
|
$AuthMethod,
|
||
|
|
$AuthDomain
|
||
|
|
);
|
||
|
|
} catch {
|
||
|
|
# Regardless of the error, print the message and return false to prevent further execution
|
||
|
|
$Icinga2.Log.Write($Icinga2.Enums.LogState.Exception, $_.Exception.Message);
|
||
|
|
return 0;
|
||
|
|
}
|
||
|
|
|
||
|
|
# In case we couldn't setup the Account Service, always return false
|
||
|
|
if ($AccountService -eq $null) {
|
||
|
|
return 0;
|
||
|
|
}
|
||
|
|
|
||
|
|
try {
|
||
|
|
# Try to authenticate and either return true or false as integer
|
||
|
|
[int]$AuthResult = [int]($AccountService.ValidateCredentials(
|
||
|
|
$Icinga2.Utils.SecureString.ConvertFrom($UserName),
|
||
|
|
$Icinga2.Utils.SecureString.ConvertFrom($Password)
|
||
|
|
));
|
||
|
|
|
||
|
|
return $AuthResult;
|
||
|
|
} catch {
|
||
|
|
$Icinga2.Log.Write(
|
||
|
|
$Icinga2.Enums.LogState.Debug,
|
||
|
|
[string]::Format(
|
||
|
|
'Failed to authenticate with the provided user credentials. Error: {0}',
|
||
|
|
$_.Exception.Message
|
||
|
|
)
|
||
|
|
);
|
||
|
|
}
|
||
|
|
|
||
|
|
return 0;
|
||
|
|
}
|
||
|
|
|
||
|
|
return $AuthHelper;
|