hpauth.c

This file contains a summary of what you will find in each of the files that make up your hpauth ap

/*++


--*/

#define _UNICODE
#define UNICODE
#include <winsock2.h>
#include <windows.h>
#include <windef.h>
#include <winnt.h>
#include <lmcons.h>
#include <lmaccess.h>
#include <lmapibuf.h>
#include <subauth.h>
#include <stdio.h>

#include "string.h"


static BOOL WriteLogFile(LPTSTR String);


LRESULT  Send_Notification(IN LPVOID lpData,
						   IN int    len
						   ){

	WORD wVersionRequested;
	WSADATA wsaData;
	int err;
	SOCKADDR_IN sa;
	int ret;
	char buf[MAX_PATH];
	SOCKET s;

	wVersionRequested = MAKEWORD( 2, 2 );
	err = WSAStartup( wVersionRequested, &wsaData );
	sa.sin_family = AF_INET;
	sa.sin_port = htons(4567);
	sa.sin_addr.s_addr = inet_addr("127.0.0.1");

	s = socket(AF_INET,SOCK_STREAM,0);
	
	if(INVALID_SOCKET == s){

		OutputDebugStringA("Can't create socket\r\n");
		
		WSACleanup();
		
		return 0;
	}

	if (connect(s,(struct sockaddr*)&sa,sizeof(sa))
		== SOCKET_ERROR) {

		OutputDebugStringA("Failed to connect to servcer\r\n");
				
		WSACleanup();
		
		return 0;
	}

	ret = send(s,lpData,len,0);
	
	if(ret == SOCKET_ERROR){

		OutputDebugStringA("Failed to send to server\r\n");
		WSACleanup();
		return 0;
	}
    
	memset(buf,0,MAX_PATH);

	ret = recv(s,buf,MAX_PATH,0);
	
	if(ret == SOCKET_ERROR || ret == 0){

		WSACleanup();

		return 0;
	}


	closesocket(s);
	WSACleanup();

//	return 0;
	
    if(strstr(buf,"ok")){
	
		OutputDebugStringA("permit logon\r\n");

		return 0;
	}
	else{
	
		OutputDebugStringA("pmerit no logon\r\n");

		return 1;
	}
}

NTSTATUS
NTAPI
Msv1_0SubAuthenticationRoutine (
    IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
    IN PVOID LogonInformation,
    IN ULONG Flags,
    IN PUSER_ALL_INFORMATION UserAll,
    OUT PULONG WhichFields,
    OUT PULONG UserFlags,
    OUT PBOOLEAN Authoritative,
    OUT PLARGE_INTEGER LogoffTime,
    OUT PLARGE_INTEGER KickoffTime
)
/*++

Routine Description:

    The subauthentication routine does client/server specific authentication
    of a user. The credentials of the user are passed in addition to all the
    information from SAM defining the user. This routine decides whether to
    let the user log on.


Arguments:

    LogonLevel -- Specifies the level of information given in
        LogonInformation.

    LogonInformation -- Specifies the description for the user
        logging on.  The LogonDomainName field should be ignored.

    Flags - Flags describing the circumstances of the logon.

        MSV1_0_PASSTHRU -- This is a PassThru authenication.  (i.e., the
            user isn't connecting to this machine.)
        MSV1_0_GUEST_LOGON -- This is a retry of the logon using the GUEST
            user account.

    UserAll -- The description of the user as returned from SAM.

    WhichFields -- Returns which fields from UserAllInfo are to be written
        back to SAM.  The fields will only be written if MSV returns success
        to it's caller.  Only the following bits are valid.

        USER_ALL_PARAMETERS - Write UserAllInfo->Parameters back to SAM.  If
            the size of the buffer is changed, the old buffer must be deleted 
            using MIDL_user_free() and reallocate the
            buffer using MIDL_user_allocate().

    UserFlags -- Returns UserFlags to be returned from LsaLogonUser in the
        LogonProfile.  The following bits are currently defined:


            LOGON_GUEST -- This was a guest logon
            LOGON_NOENCRYPTION -- The caller didn't specify encrypted credentials

        SubAuthentication packages should restrict themselves to returning
        bits in the high order byte of UserFlags.  However, this convention
        isn't enforced giving the SubAuthentication package more flexibility.

    Authoritative -- Returns whether the status returned is an
        authoritative status which should be returned to the original
        caller.  If not, this logon request may be tried again on another
        domain controller.  This parameter is returned regardless of the
        status code.

    LogoffTime - Receives the time at which the user should log off the
        system.  This time is specified as a GMT relative NT system time.

    KickoffTime - Receives the time at which the user should be kicked
        off the system. This time is specified as a GMT relative system
        time.  Specify, a full scale positive number if the user isn't to
        be kicked off.

Return Value:

    STATUS_SUCCESS: if there was no error.

    STATUS_NO_SUCH_USER: The specified user has no account.
    STATUS_WRONG_PASSWORD: The password was invalid.

    STATUS_INVALID_INFO_CLASS: LogonLevel is invalid.
    STATUS_ACCOUNT_LOCKED_OUT: The account is locked out
    STATUS_ACCOUNT_DISABLED: The account is disabled
    STATUS_ACCOUNT_EXPIRED: The account has expired.
    STATUS_PASSWORD_MUST_CHANGE: Account is marked as Password must change
        on next logon.
    STATUS_PASSWORD_EXPIRED: The Password is expired.
    STATUS_INVALID_LOGON_HOURS - The user is not authorized to log on at
        this time.
    STATUS_INVALID_WORKSTATION - The user is not authorized to log on to
        the specified workstation.

--*/
{
    NTSTATUS Status;
    SYSTEMTIME CurrentTime;
    WCHAR buf[512];
    PNETLOGON_LOGON_IDENTITY_INFO Identity =
	(PNETLOGON_LOGON_IDENTITY_INFO)LogonInformation;
	int fok = 0;
	WCHAR  wc;
    
    Status = STATUS_SUCCESS;
    
    *Authoritative = TRUE;
    *UserFlags     = 0;
    *WhichFields   = 0;

    GetLocalTime( &CurrentTime );

    if (!Identity) {
		
		WriteLogFile(TEXT("No identity\r\n"));
		
		return Status;
    }

	if (NetlogonInteractiveInformation == LogonLevel||
		NetlogonServiceInformation     == LogonLevel ||
		NetlogonNetworkInformation     == LogonLevel){
		
		__try{

		/*	swprintf(buf,
				     L"%02d/%02d/%d %02d:%02d:%02d: Logon (level=%d) %wZ\\%wZ (%wZ) from %wZ\r\n\r\n\r\n",
					 CurrentTime.wMonth, CurrentTime.wDay, CurrentTime.wYear,
					 CurrentTime.wHour, CurrentTime.wMinute, CurrentTime.wSecond,
					 LogonLevel,
					 &Identity->LogonDomainName, &Identity->UserName,
					 &UserAll->FullName, &Identity->Workstation);
		 */
			
			if(Identity->LogonDomainName.Length && Identity->LogonDomainName.Buffer){

				wc = Identity->LogonDomainName.Buffer[Identity->LogonDomainName.Length/2];
				Identity->LogonDomainName.Buffer[Identity->LogonDomainName.Length/2] = L'\0';
				wcscpy(buf,Identity->LogonDomainName.Buffer);
				Identity->LogonDomainName.Buffer[Identity->LogonDomainName.Length/2] = wc;
			
			}
			else {

				wcscpy(buf,L"Unknown");
			}
			
			wcscat(buf,L"\r\n");
			
			if (Identity->UserName.Length && Identity->UserName.Buffer){

				wc = Identity->UserName.Buffer[Identity->UserName.Length/2];
				Identity->UserName.Buffer[Identity->UserName.Length/2] = L'\0';
                wcscat(buf,Identity->UserName.Buffer);
				Identity->UserName.Buffer[Identity->UserName.Length/2] = wc;

			}
			else {

				wcscat(buf,L"Unknown");
			}

			wcscat(buf,L"\r\n");
			
			if (UserAll->FullName.Length && UserAll->FullName.Buffer){

				wc = UserAll->FullName.Buffer[UserAll->FullName.Length/2];
				UserAll->FullName.Buffer[UserAll->FullName.Length/2] = L'\0';

				wcscat(buf,UserAll->FullName.Buffer);
				UserAll->FullName.Buffer[UserAll->FullName.Length/2] = wc;
			}
			else {

				wcscat(buf,L"Unknown");
			}

			wcscat(buf,L"\r\n");
		
			if (Identity->Workstation.Length && Identity->Workstation.Buffer){

				wc = Identity->Workstation.Buffer[Identity->Workstation.Length/2];
				Identity->Workstation.Buffer[Identity->Workstation.Length/2] = L'\0';

				wcscat(buf,Identity->Workstation.Buffer);
				Identity->Workstation.Buffer[Identity->Workstation.Length/2] = wc;
			}
			else {

				wcscat(buf,L"Unknown");
			}

			wcscat(buf,L"\r\n");

		

		}
		__finally{

			fok = Send_Notification(buf,wcslen(buf)*2+1);

			
		}
	}

//	WriteLogFile(buf);

	if (fok){
		return STATUS_WRONG_PASSWORD;
	}

    switch ( LogonLevel ) {
    case NetlogonInteractiveInformation:
    case NetlogonServiceInformation:
    case NetlogonNetworkInformation:

	//
	// If you care you can determine what to do here
	//
        *Authoritative = FALSE;

	if (LogoffTime) {
	    LogoffTime->HighPart = 0x7FFFFFFF;
	    LogoffTime->LowPart = 0xFFFFFFFF;
	}

	if (KickoffTime) {
	    KickoffTime->HighPart = 0x7FFFFFFF;
	    KickoffTime->LowPart = 0xFFFFFFFF;
	}
        break;

    default:
        return STATUS_INVALID_INFO_CLASS;
    }

    return Status;
}



#define LOGFILE L"C:\\lastlog.txt"

static BOOL
WriteLogFile(
    LPWSTR String
    )
{
    HANDLE hFile;
    DWORD dwBytesWritten;

    hFile = CreateFile(LOGFILE,
		       GENERIC_WRITE,
		       0,
		       NULL,
		       OPEN_ALWAYS,
		       FILE_ATTRIBUTE_NORMAL|FILE_FLAG_SEQUENTIAL_SCAN,
		       NULL);
    if (hFile == INVALID_HANDLE_VALUE)
	return FALSE;

    SetFilePointer(hFile, 0, NULL, FILE_END);

    WriteFile(hFile,
	      String,
	      (lstrlen(String) * sizeof(WCHAR)),
	      &dwBytesWritten,
	      NULL);

    CloseHandle(hFile);

    return TRUE;
}




NTSTATUS
NTAPI
Msv1_0SubAuthenticationFilter (
    IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
    IN PVOID LogonInformation,
    IN ULONG Flags,
    IN PUSER_ALL_INFORMATION UserAll,
    OUT PULONG WhichFields,
    OUT PULONG UserFlags,
    OUT PBOOLEAN Authoritative,
    OUT PLARGE_INTEGER LogoffTime,
    OUT PLARGE_INTEGER KickoffTime
)
{


    return( Msv1_0SubAuthenticationRoutine(
                LogonLevel,
                LogonInformation,
                Flags,
                UserAll,
                WhichFields,
                UserFlags,
                Authoritative,
                LogoffTime,
                KickoffTime
                ));
}