private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string? targetName, bool isForest)
{
PolicySafeHandle? policyHandle = null;
IntPtr buffer = (IntPtr)0;
bool impersonated = false;
string? serverName = null;
try
{
try
{
serverName = Utils.GetPolicyServerName(targetContext, isForest, false, targetName);
impersonated = Utils.Impersonate(targetContext);
try
{
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
}
catch (ActiveDirectoryOperationException)
{
if (impersonated)
{
Utils.Revert();
impersonated = false;
}
// try anonymous
Utils.ImpersonateAnonymous();
impersonated = true;
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
}
catch (UnauthorizedAccessException)
{
if (impersonated)
{
Utils.Revert();
impersonated = false;
}
// try anonymous
Utils.ImpersonateAnonymous();
impersonated = true;
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
}
int result = UnsafeNativeMethods.LsaQueryInformationPolicy(policyHandle, policyDnsDomainInformation, out buffer);
if (result != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
}
return buffer;
}
finally
{
if (impersonated)
Utils.Revert();
}
}
catch { throw; }
}
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string? sourceName, string? targetName, bool isForest, int direction, string serverName)
{
IntPtr buffer = (IntPtr)0;
// get trust information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
try
{
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// validate trust direction if applicable
if (direction != 0)
{
if ((direction & domainInfo.TrustDirection) == 0)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(TrustRelationshipInformation), null);
}
}
}
finally
{
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName)
{
IntPtr zero = IntPtr.Zero;
int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero);
if (status != 0)
{
int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
try
{
TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(zero, structure);
ValidateTrustAttribute(structure, isForest, sourceName, targetName);
if ((direction != 0) && ((direction & structure.TrustDirection) == 0))
{
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection)direction }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection)direction }), typeof(TrustRelationshipInformation), null);
}
}
finally
{
if (zero != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(zero);
}
}
}
private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string targetName, bool isForest)
{
PolicySafeHandle policyHandle = null;
IntPtr buffer = (IntPtr)0;
bool impersonated = false;
string serverName = null;
try
{
try
{
serverName = Utils.GetPolicyServerName(targetContext, isForest, false, targetName);
impersonated = Utils.Impersonate(targetContext);
try
{
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
}
catch (ActiveDirectoryOperationException)
{
if (impersonated)
{
Utils.Revert();
impersonated = false;
}
// try anonymous
Utils.ImpersonateAnonymous();
impersonated = true;
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
}
catch (UnauthorizedAccessException)
{
if (impersonated)
{
Utils.Revert();
impersonated = false;
}
// try anonymous
Utils.ImpersonateAnonymous();
impersonated = true;
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
}
int result = UnsafeNativeMethods.LsaQueryInformationPolicy(policyHandle, s_policyDnsDomainInformation, out buffer);
if (result != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
}
return buffer;
}
finally
{
if (impersonated)
Utils.Revert();
}
}
catch { throw; }
}
public void Save()
{
IntPtr intPtr;
IntPtr hGlobalUni;
object length;
object obj;
object length1;
object obj1;
int count = 0;
int num = 0;
IntPtr intPtr1 = (IntPtr)0;
IntPtr intPtr2 = (IntPtr)0;
ArrayList arrayLists = new ArrayList();
ArrayList arrayLists1 = new ArrayList();
bool flag = false;
IntPtr hGlobalUni1 = (IntPtr)0;
IntPtr intPtr3 = (IntPtr)0;
count = count + this.TopLevelNames.Count;
count = count + this.ExcludedTopLevelNames.Count;
count = count + this.TrustedDomainInformation.Count;
if (this.binaryData.Count != 0)
{
count++;
count = count + this.binaryData.Count;
}
IntPtr intPtr4 = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr)));
try
{
try
{
intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr3);
FileTime fileTime = new FileTime();
Marshal.PtrToStructure(intPtr3, fileTime);
for (int i = 0; i < this.topLevelNames.Count; i++)
{
LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD();
lSAFORESTTRUSTRECORD.Flags = (int)this.topLevelNames[i].Status;
lSAFORESTTRUSTRECORD.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName;
TopLevelName item = this.topLevelNames[i];
lSAFORESTTRUSTRECORD.Time = item.time;
lSAFORESTTRUSTRECORD.TopLevelName = new LSA_UNICODE_STRING();
hGlobalUni = Marshal.StringToHGlobalUni(item.Name);
arrayLists.Add(hGlobalUni);
UnsafeNativeMethods.RtlInitUnicodeString(lSAFORESTTRUSTRECORD.TopLevelName, hGlobalUni);
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(lSAFORESTTRUSTRECORD, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
}
for (int j = 0; j < this.excludedNames.Count; j++)
{
LSA_FOREST_TRUST_RECORD lARGEINTEGER = new LSA_FOREST_TRUST_RECORD();
lARGEINTEGER.Flags = 0;
lARGEINTEGER.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx;
if (!this.excludedNameTime.Contains(this.excludedNames[j]))
{
lARGEINTEGER.Time = new LARGE_INTEGER();
lARGEINTEGER.Time.lowPart = fileTime.lower;
lARGEINTEGER.Time.highPart = fileTime.higher;
}
else
{
lARGEINTEGER.Time = (LARGE_INTEGER)this.excludedNameTime[(object)j];
}
lARGEINTEGER.TopLevelName = new LSA_UNICODE_STRING();
hGlobalUni = Marshal.StringToHGlobalUni(this.excludedNames[j]);
arrayLists.Add(hGlobalUni);
UnsafeNativeMethods.RtlInitUnicodeString(lARGEINTEGER.TopLevelName, hGlobalUni);
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(lARGEINTEGER, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
}
int num1 = 0;
while (num1 < this.domainInfo.Count)
{
LSA_FOREST_TRUST_RECORD status = new LSA_FOREST_TRUST_RECORD();
status.Flags = (int)this.domainInfo[num1].Status;
status.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo;
ForestTrustDomainInformation forestTrustDomainInformation = this.domainInfo[num1];
status.Time = forestTrustDomainInformation.time;
IntPtr intPtr5 = (IntPtr)0;
IntPtr hGlobalUni2 = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DomainSid);
arrayLists.Add(hGlobalUni2);
int sidW = UnsafeNativeMethods.ConvertStringSidToSidW(hGlobalUni2, ref intPtr5);
if (sidW != 0)
{
status.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO();
status.DomainInfo.sid = intPtr5;
arrayLists1.Add(intPtr5);
status.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DnsName);
arrayLists.Add(status.DomainInfo.DNSNameBuffer);
LSA_FOREST_TRUST_DOMAIN_INFO domainInfo = status.DomainInfo;
if (forestTrustDomainInformation.DnsName == null)
{
length = null;
}
else
{
length = forestTrustDomainInformation.DnsName.Length * 2;
}
domainInfo.DNSNameLength = (short)length;
LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO = status.DomainInfo;
if (forestTrustDomainInformation.DnsName == null)
{
obj = null;
}
else
{
obj = forestTrustDomainInformation.DnsName.Length * 2;
}
lSAFORESTTRUSTDOMAININFO.DNSNameMaximumLength = (short)obj;
status.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.NetBiosName);
arrayLists.Add(status.DomainInfo.NetBIOSNameBuffer);
LSA_FOREST_TRUST_DOMAIN_INFO domainInfo1 = status.DomainInfo;
if (forestTrustDomainInformation.NetBiosName == null)
{
length1 = null;
}
else
{
length1 = forestTrustDomainInformation.NetBiosName.Length * 2;
}
domainInfo1.NetBIOSNameLength = (short)length1;
LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO1 = status.DomainInfo;
if (forestTrustDomainInformation.NetBiosName == null)
{
obj1 = null;
}
else
{
obj1 = forestTrustDomainInformation.NetBiosName.Length * 2;
}
lSAFORESTTRUSTDOMAININFO1.NetBIOSNameMaximumLength = (short)obj1;
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(status, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
num1++;
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error());
}
}
if (this.binaryData.Count > 0)
{
LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD1 = new LSA_FOREST_TRUST_RECORD();
lSAFORESTTRUSTRECORD1.Flags = 0;
lSAFORESTTRUSTRECORD1.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast;
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(lSAFORESTTRUSTRECORD1, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
for (int k = 0; k < this.binaryData.Count; k++)
{
LSA_FOREST_TRUST_RECORD item1 = new LSA_FOREST_TRUST_RECORD();
item1.Flags = 0;
item1.Time = (LARGE_INTEGER)this.binaryDataTime[k];
item1.Data.Length = (int)((byte[])this.binaryData[k]).Length;
if (item1.Data.Length != 0)
{
item1.Data.Buffer = Marshal.AllocHGlobal(item1.Data.Length);
arrayLists.Add(item1.Data.Buffer);
Marshal.Copy((byte[])this.binaryData[k], 0, item1.Data.Buffer, item1.Data.Length);
}
else
{
item1.Data.Buffer = (IntPtr)0;
}
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(item1, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
}
}
LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION();
lSAFORESTTRUSTINFORMATION.RecordCount = count;
lSAFORESTTRUSTINFORMATION.Entries = intPtr4;
intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION)));
Marshal.StructureToPtr(lSAFORESTTRUSTINFORMATION, intPtr1, false);
string policyServerName = Utils.GetPolicyServerName(this.context, true, true, base.SourceName);
flag = Utils.Impersonate(this.context);
PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING();
hGlobalUni1 = Marshal.StringToHGlobalUni(base.TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1);
int num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 1, out intPtr2);
if (num2 == 0)
{
if (intPtr2 == (IntPtr)0)
{
num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 0, out intPtr2);
if (num2 == 0)
{
this.retrieved = false;
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(num2, policyServerName);
}
}
else
{
throw ExceptionHelper.CreateForestTrustCollisionException(intPtr2);
}
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num2), policyServerName);
}
}
finally
{
if (flag)
{
Utils.Revert();
}
for (int l = 0; l < arrayLists.Count; l++)
{
Marshal.FreeHGlobal((IntPtr)arrayLists[l]);
}
for (int m = 0; m < arrayLists1.Count; m++)
{
UnsafeNativeMethods.LocalFree((IntPtr)arrayLists1[m]);
}
if (intPtr4 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr4);
}
if (intPtr1 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr1);
}
if (intPtr2 != (IntPtr)0)
{
UnsafeNativeMethods.LsaFreeMemory(intPtr2);
}
if (hGlobalUni1 != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni1);
}
if (intPtr3 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr3);
}
}
}
catch
{
throw;
}
}
public static extern int LsaQueryInformationPolicy(PolicySafeHandle handle, int infoClass, out IntPtr buffer);
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
{
PolicySafeHandle handle = null;
IntPtr buffer = (IntPtr)0;
LSA_UNICODE_STRING trustedDomainName = null;
IntPtr newBuffer = (IntPtr)0;
bool impersonated = false;
LSA_AUTH_INFORMATION AuthData = null;
IntPtr fileTime = (IntPtr)0;
IntPtr unmanagedPassword = (IntPtr)0;
IntPtr unmanagedAuthData = (IntPtr)0;
TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null;
IntPtr target = (IntPtr)0;
string serverName = null;
serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle first
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// get the trusted domain information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
// get the managed structre representation
TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION();
Marshal.PtrToStructure(buffer, domainInfo);
// validate the trust attribute first
ValidateTrustAttribute(domainInfo.Information, isForest, sourceName, targetName);
// change the attribute value properly
AuthData = new LSA_AUTH_INFORMATION();
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
// set the time
FileTime tmp = new FileTime();
Marshal.PtrToStructure(fileTime, tmp);
AuthData.LastUpdateTime = new LARGE_INTEGER();
AuthData.LastUpdateTime.lowPart = tmp.lower;
AuthData.LastUpdateTime.highPart = tmp.higher;
AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR;
unmanagedPassword = Marshal.StringToHGlobalUni(password);
AuthData.AuthInfo = unmanagedPassword;
AuthData.AuthInfoLength = password.Length * 2;
unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);
AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((newTrustDirection & TrustDirection.Inbound) != 0)
{
AuthInfoEx.IncomingAuthInfos = 1;
AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
else
{
AuthInfoEx.IncomingAuthInfos = 0;
AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0;
AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
if ((newTrustDirection & TrustDirection.Outbound) != 0)
{
AuthInfoEx.OutgoingAuthInfos = 1;
AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
else
{
AuthInfoEx.OutgoingAuthInfos = 0;
AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0;
AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
// reconstruct the unmanaged structure to set it back
domainInfo.AuthInformation = AuthInfoEx;
// reset the trust direction
domainInfo.Information.TrustDirection = (int)newTrustDirection;
newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
Marshal.StructureToPtr(domainInfo, newBuffer, false);
result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer);
if (result != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
}
return;
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
if (newBuffer != (IntPtr)0)
Marshal.FreeHGlobal(newBuffer);
if (fileTime != (IntPtr)0)
Marshal.FreeHGlobal(fileTime);
if (unmanagedPassword != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedPassword);
if (unmanagedAuthData != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedAuthData);
}
}
catch { throw; }
}
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
{
PolicySafeHandle handle = null;
IntPtr zero = IntPtr.Zero;
LSA_UNICODE_STRING result = null;
IntPtr ptr = IntPtr.Zero;
bool flag = false;
LSA_AUTH_INFORMATION structure = null;
IntPtr fileTime = IntPtr.Zero;
IntPtr hglobal = IntPtr.Zero;
IntPtr ptr5 = IntPtr.Zero;
TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null;
IntPtr s = IntPtr.Zero;
string serverName = null;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, s);
int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero);
if (status != 0)
{
int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION();
Marshal.PtrToStructure(zero, trusted_domain_full_information);
ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName);
structure = new LSA_AUTH_INFORMATION();
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
FileTime time = new FileTime();
Marshal.PtrToStructure(fileTime, time);
structure.LastUpdateTime = new LARGE_INTEGER();
structure.LastUpdateTime.lowPart = time.lower;
structure.LastUpdateTime.highPart = time.higher;
structure.AuthType = TRUST_AUTH_TYPE_CLEAR;
hglobal = Marshal.StringToHGlobalUni(password);
structure.AuthInfo = hglobal;
structure.AuthInfoLength = password.Length * 2;
ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(structure, ptr5, false);
trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection) 0))
{
trusted_domain_auth_information.IncomingAuthInfos = 1;
trusted_domain_auth_information.IncomingAuthenticationInformation = ptr5;
trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
}
else
{
trusted_domain_auth_information.IncomingAuthInfos = 0;
trusted_domain_auth_information.IncomingAuthenticationInformation = IntPtr.Zero;
trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
}
if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection) 0))
{
trusted_domain_auth_information.OutgoingAuthInfos = 1;
trusted_domain_auth_information.OutgoingAuthenticationInformation = ptr5;
trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
}
else
{
trusted_domain_auth_information.OutgoingAuthInfos = 0;
trusted_domain_auth_information.OutgoingAuthenticationInformation = IntPtr.Zero;
trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
}
trusted_domain_full_information.AuthInformation = trusted_domain_auth_information;
trusted_domain_full_information.Information.TrustDirection = (int) newTrustDirection;
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
Marshal.StructureToPtr(trusted_domain_full_information, ptr, false);
status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
if (zero != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(zero);
}
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
if (fileTime != IntPtr.Zero)
{
Marshal.FreeHGlobal(fileTime);
}
if (hglobal != IntPtr.Zero)
{
Marshal.FreeHGlobal(hglobal);
}
if (ptr5 != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr5);
}
}
}
catch
{
throw;
}
}
public static extern int LsaQueryForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, ref IntPtr ForestTrustInfo);
public static extern int LsaOpenTrustedDomainByName(PolicySafeHandle policyHandle, LSA_UNICODE_STRING trustedDomain, int access, ref IntPtr trustedDomainHandle);
internal static void DeleteTrust(DirectoryContext sourceContext, string sourceName, string targetName, bool isForest)
{
PolicySafeHandle handle = null;
LSA_UNICODE_STRING result = null;
int errorCode = 0;
bool flag = false;
IntPtr zero = IntPtr.Zero;
string serverName = null;
IntPtr buffer = IntPtr.Zero;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
zero = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, zero);
int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (status != 0)
{
errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
try
{
TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, structure);
ValidateTrustAttribute(structure, isForest, sourceName, targetName);
status = UnsafeNativeMethods.LsaDeleteTrustedDomain(handle, structure.Sid);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
}
}
finally
{
if (buffer != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
}
}
catch
{
throw;
}
}
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string? sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest)
{
PolicySafeHandle? handle = null;
IntPtr buffer = (IntPtr)0;
IntPtr newInfo = (IntPtr)0;
LSA_UNICODE_STRING? trustedDomainName = null;
bool impersonated = false;
IntPtr target = (IntPtr)0;
string? serverName = null;
serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle first
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// get the trusted domain information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
// get the managed structre representation
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// change the attribute value properly
// selective authentication
if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
{
if (status)
{
// turns on selective authentication
domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
}
else
{
// turns off selective authentication
domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION);
}
}
// user wants to change sid filtering behavior for forest trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
{
if (status)
{
// user wants sid filtering behavior
domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL);
}
else
{
// users wants to turn off sid filtering behavior
domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
}
}
// user wants to change sid filtering behavior for external trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
{
if (status)
{
// user wants sid filtering behavior
domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
else
{
// user wants to turn off sid filtering behavior
domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN);
}
}
else
{
throw new ArgumentException(nameof(attribute));
}
// reconstruct the unmanaged structure to set it back
newInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX)));
Marshal.StructureToPtr(domainInfo, newInfo, false);
result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, newInfo);
if (result != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
}
return;
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
if (newInfo != (IntPtr)0)
Marshal.FreeHGlobal(newInfo);
}
}
catch { throw; }
}
public void Save()
{
int count = 0;
IntPtr records = (IntPtr)0;
int currentCount = 0;
IntPtr tmpPtr = (IntPtr)0;
IntPtr forestInfo = (IntPtr)0;
PolicySafeHandle handle = null;
LSA_UNICODE_STRING trustedDomainName;
IntPtr collisionInfo = (IntPtr)0;
ArrayList ptrList = new ArrayList();
ArrayList sidList = new ArrayList();
bool impersonated = false;
IntPtr target = (IntPtr)0;
string serverName = null;
IntPtr fileTime = (IntPtr)0;
// first get the count of all the records
int toplevelNamesCount = TopLevelNames.Count;
int excludedNamesCount = ExcludedTopLevelNames.Count;
int trustedDomainCount = TrustedDomainInformation.Count;
int binaryDataCount = 0;
checked
{
count += toplevelNamesCount;
count += excludedNamesCount;
count += trustedDomainCount;
if (_binaryData.Count != 0)
{
binaryDataCount = _binaryData.Count;
// for the ForestTrustRecordTypeLast record
count++;
count += binaryDataCount;
}
// allocate the memory for all the records
records = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr)));
}
try
{
try
{
IntPtr ptr = (IntPtr)0;
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
// set the time
FileTime currentTime = new FileTime();
Marshal.PtrToStructure(fileTime, currentTime);
for (int i = 0; i < toplevelNamesCount; i++)
{
// now begin to construct top leve name record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = (int)_topLevelNames[i].Status;
record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName;
TopLevelName TLN = _topLevelNames[i];
record.Time = TLN.time;
record.TopLevelName = new LSA_UNICODE_STRING();
ptr = Marshal.StringToHGlobalUni(TLN.Name);
ptrList.Add(ptr);
UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr);
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
for (int i = 0; i < excludedNamesCount; i++)
{
// now begin to construct excluded top leve name record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = 0;
record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx;
if (_excludedNameTime.Contains(_excludedNames[i]))
{
record.Time = (LARGE_INTEGER)_excludedNameTime[i];
}
else
{
record.Time = new LARGE_INTEGER();
record.Time.lowPart = currentTime.lower;
record.Time.highPart = currentTime.higher;
}
record.TopLevelName = new LSA_UNICODE_STRING();
ptr = Marshal.StringToHGlobalUni(_excludedNames[i]);
ptrList.Add(ptr);
UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr);
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
for (int i = 0; i < trustedDomainCount; i++)
{
// now begin to construct domain info record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = (int)_domainInfo[i].Status;
record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo;
ForestTrustDomainInformation tmp = _domainInfo[i];
record.Time = tmp.time;
IntPtr pSid = (IntPtr)0;
IntPtr stringSid = (IntPtr)0;
stringSid = Marshal.StringToHGlobalUni(tmp.DomainSid);
ptrList.Add(stringSid);
int result = UnsafeNativeMethods.ConvertStringSidToSidW(stringSid, ref pSid);
if (result == 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error());
}
record.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO();
record.DomainInfo.sid = pSid;
sidList.Add(pSid);
record.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(tmp.DnsName);
ptrList.Add(record.DomainInfo.DNSNameBuffer);
record.DomainInfo.DNSNameLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2); // sizeof(WCHAR)
record.DomainInfo.DNSNameMaximumLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2);
record.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(tmp.NetBiosName);
ptrList.Add(record.DomainInfo.NetBIOSNameBuffer);
record.DomainInfo.NetBIOSNameLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2);
record.DomainInfo.NetBIOSNameMaximumLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2);
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
if (binaryDataCount > 0)
{
// now begin to construct ForestTrustRecordTypeLast
LSA_FOREST_TRUST_RECORD lastRecord = new LSA_FOREST_TRUST_RECORD();
lastRecord.Flags = 0;
lastRecord.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast;
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(lastRecord, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
for (int i = 0; i < binaryDataCount; i++)
{
// now begin to construct excluded top leve name record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = 0;
record.Time = (LARGE_INTEGER)_binaryDataTime[i];
record.Data.Length = ((byte[])_binaryData[i]).Length;
if (record.Data.Length == 0)
{
record.Data.Buffer = (IntPtr)0;
}
else
{
record.Data.Buffer = Marshal.AllocHGlobal(record.Data.Length);
ptrList.Add(record.Data.Buffer);
Marshal.Copy((byte[])_binaryData[i], 0, record.Data.Buffer, record.Data.Length);
}
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
}
// finally construct the LSA_FOREST_TRUST_INFORMATION
LSA_FOREST_TRUST_INFORMATION trustInformation = new LSA_FOREST_TRUST_INFORMATION();
trustInformation.RecordCount = count;
trustInformation.Entries = records;
forestInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION)));
Marshal.StructureToPtr(trustInformation, forestInfo, false);
// get policy server name
serverName = Utils.GetPolicyServerName(context, true, true, SourceName);
// do impersonation first
impersonated = Utils.Impersonate(context);
// get the policy handle
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// call the unmanaged function
int error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 1, out collisionInfo);
if (error != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(error), serverName);
}
// there is collision, throw proper exception so user can deal with it
if (collisionInfo != (IntPtr)0)
{
throw ExceptionHelper.CreateForestTrustCollisionException(collisionInfo);
}
// commit the changes
error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 0, out collisionInfo);
if (error != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(error, serverName);
}
// now next time property is invoked, we need to go to the server
retrieved = false;
}
finally
{
if (impersonated)
{
Utils.Revert();
}
// release the memory
for (int i = 0; i < ptrList.Count; i++)
{
Marshal.FreeHGlobal((IntPtr)ptrList[i]);
}
for (int i = 0; i < sidList.Count; i++)
{
UnsafeNativeMethods.LocalFree((IntPtr)sidList[i]);
}
if (records != (IntPtr)0)
{
Marshal.FreeHGlobal(records);
}
if (forestInfo != (IntPtr)0)
{
Marshal.FreeHGlobal(forestInfo);
}
if (collisionInfo != (IntPtr)0)
{
UnsafeNativeMethods.LsaFreeMemory(collisionInfo);
}
if (target != (IntPtr)0)
{
Marshal.FreeHGlobal(target);
}
if (fileTime != (IntPtr)0)
{
Marshal.FreeHGlobal(fileTime);
}
}
}
catch { throw; }
}
internal static void UpdateTrustDirection(DirectoryContext context, string? sourceName, string? targetName, string password, bool isForest, TrustDirection newTrustDirection)
{
PolicySafeHandle? handle = null;
IntPtr buffer = (IntPtr)0;
LSA_UNICODE_STRING? trustedDomainName = null;
IntPtr newBuffer = (IntPtr)0;
bool impersonated = false;
LSA_AUTH_INFORMATION? AuthData = null;
IntPtr fileTime = (IntPtr)0;
IntPtr unmanagedPassword = (IntPtr)0;
IntPtr unmanagedAuthData = (IntPtr)0;
TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null;
IntPtr target = (IntPtr)0;
string? serverName = null;
serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle first
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// get the trusted domain information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
// get the managed structre representation
TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION();
Marshal.PtrToStructure(buffer, domainInfo);
// validate the trust attribute first
ValidateTrustAttribute(domainInfo.Information!, isForest, sourceName, targetName);
// change the attribute value properly
AuthData = new LSA_AUTH_INFORMATION();
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
// set the time
FileTime tmp = new FileTime();
Marshal.PtrToStructure(fileTime, tmp);
AuthData.LastUpdateTime = new LARGE_INTEGER();
AuthData.LastUpdateTime.lowPart = tmp.lower;
AuthData.LastUpdateTime.highPart = tmp.higher;
AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR;
unmanagedPassword = Marshal.StringToHGlobalUni(password);
AuthData.AuthInfo = unmanagedPassword;
AuthData.AuthInfoLength = password.Length * 2;
unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);
AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((newTrustDirection & TrustDirection.Inbound) != 0)
{
AuthInfoEx.IncomingAuthInfos = 1;
AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
else
{
AuthInfoEx.IncomingAuthInfos = 0;
AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0;
AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
if ((newTrustDirection & TrustDirection.Outbound) != 0)
{
AuthInfoEx.OutgoingAuthInfos = 1;
AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
else
{
AuthInfoEx.OutgoingAuthInfos = 0;
AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0;
AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
// reconstruct the unmanaged structure to set it back
domainInfo.AuthInformation = AuthInfoEx;
// reset the trust direction
domainInfo.Information!.TrustDirection = (int)newTrustDirection;
newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
Marshal.StructureToPtr(domainInfo, newBuffer, false);
result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer);
if (result != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
}
return;
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
if (newBuffer != (IntPtr)0)
Marshal.FreeHGlobal(newBuffer);
if (fileTime != (IntPtr)0)
Marshal.FreeHGlobal(fileTime);
if (unmanagedPassword != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedPassword);
if (unmanagedAuthData != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedAuthData);
}
}
catch { throw; }
}
internal static bool GetTrustedDomainInfoStatus(DirectoryContext context, string? sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool isForest)
{
PolicySafeHandle? handle = null;
IntPtr buffer = (IntPtr)0;
LSA_UNICODE_STRING? trustedDomainName = null;
bool impersonated = false;
IntPtr target = (IntPtr)0;
string? serverName = null;
// get policy server name
serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle first
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// get the attribute of the trust
// selective authentication info
if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
{
if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) == 0)
return false;
else
return true;
}
// sid filtering behavior for forest trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
{
if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) == 0)
return true;
else
return false;
}
// sid filtering behavior for domain trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
{
if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) == 0)
return false;
else
return true;
}
else
{
// should not happen
throw new ArgumentException(nameof(attribute));
}
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
catch { throw; }
}
internal static void CreateTrust(DirectoryContext sourceContext, string? sourceName, DirectoryContext targetContext, string? targetName, bool isForest, TrustDirection direction, string password)
{
LSA_AUTH_INFORMATION? AuthData = null;
TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null;
TRUSTED_DOMAIN_INFORMATION_EX? tdi = null;
IntPtr fileTime = (IntPtr)0;
IntPtr unmanagedPassword = (IntPtr)0;
IntPtr info = (IntPtr)0;
IntPtr domainHandle = (IntPtr)0;
PolicySafeHandle? policyHandle = null;
IntPtr unmanagedAuthData = (IntPtr)0;
bool impersonated = false;
string? serverName = null;
// get the domain info first
info = GetTrustedDomainInfo(targetContext, targetName, isForest);
try
{
try
{
POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO();
Marshal.PtrToStructure(info, domainInfo);
AuthData = new LSA_AUTH_INFORMATION();
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
// set the time
FileTime tmp = new FileTime();
Marshal.PtrToStructure(fileTime, tmp);
AuthData.LastUpdateTime = new LARGE_INTEGER();
AuthData.LastUpdateTime.lowPart = tmp.lower;
AuthData.LastUpdateTime.highPart = tmp.higher;
AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR;
unmanagedPassword = Marshal.StringToHGlobalUni(password);
AuthData.AuthInfo = unmanagedPassword;
AuthData.AuthInfoLength = password.Length * 2; // sizeof(WCHAR)
unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);
AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((direction & TrustDirection.Inbound) != 0)
{
AuthInfoEx.IncomingAuthInfos = 1;
AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
if ((direction & TrustDirection.Outbound) != 0)
{
AuthInfoEx.OutgoingAuthInfos = 1;
AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
tdi = new TRUSTED_DOMAIN_INFORMATION_EX();
tdi.FlatName = domainInfo.Name;
tdi.Name = domainInfo.DnsDomainName;
tdi.Sid = domainInfo.Sid;
tdi.TrustType = TRUST_TYPE_UPLEVEL;
tdi.TrustDirection = (int)direction;
if (isForest)
{
tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
}
else
{
tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
// get server name
serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
// do impersonation and get policy handle
impersonated = Utils.Impersonate(sourceContext);
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle);
if (result != 0)
{
result = UnsafeNativeMethods.LsaNtStatusToWinError(result);
if (result == ERROR_ALREADY_EXISTS)
{
if (isForest)
throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingForestTrust, sourceName, targetName));
else
throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingDomainTrust, sourceName, targetName));
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName);
}
}
finally
{
if (impersonated)
Utils.Revert();
if (fileTime != (IntPtr)0)
Marshal.FreeHGlobal(fileTime);
if (domainHandle != (IntPtr)0)
UnsafeNativeMethods.LsaClose(domainHandle);
if (info != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(info);
if (unmanagedPassword != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedPassword);
if (unmanagedAuthData != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedAuthData);
}
}
catch { throw; }
}
internal static void VerifyTrust(DirectoryContext context, string? sourceName, string? targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string? preferredTargetServer)
{
PolicySafeHandle? policyHandle = null;
LSA_UNICODE_STRING? trustedDomainName = null;
int win32Error = 0;
IntPtr data = (IntPtr)0;
IntPtr ptr = (IntPtr)0;
IntPtr buffer1 = (IntPtr)0;
IntPtr buffer2 = (IntPtr)0;
bool impersonated = true;
IntPtr target = (IntPtr)0;
string? policyServerName = null;
policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// validate the trust existence
ValidateTrust(policyHandle, trustedDomainName, sourceName, targetName, isForest, (int)direction, policyServerName); // need to verify direction
if (preferredTargetServer == null)
data = Marshal.StringToHGlobalUni(targetName);
else
// this is the case that we need to specifically go to a particular server. This is the way to tell netlogon to do that.
data = Marshal.StringToHGlobalUni(targetName + "\\" + preferredTargetServer);
ptr = Marshal.AllocHGlobal(IntPtr.Size);
Marshal.WriteIntPtr(ptr, data);
if (!forceSecureChannelReset)
{
win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer1);
if (win32Error == 0)
{
NETLOGON_INFO_2 info = new NETLOGON_INFO_2();
Marshal.PtrToStructure(buffer1, info);
if ((info.netlog2_flags & NETLOGON_VERIFY_STATUS_RETURNED) != 0)
{
int result = info.netlog2_pdc_connection_status;
if (result == 0)
{
// verification succeeded
return;
}
else
{
// don't really know which server is down, the source or the target
throw ExceptionHelper.GetExceptionFromErrorCode(result);
}
}
else
{
int result = info.netlog2_tc_connection_status;
throw ExceptionHelper.GetExceptionFromErrorCode(result);
}
}
else
{
if (win32Error == ERROR_INVALID_LEVEL)
{
// it is pre-win2k SP3 dc that does not support NETLOGON_CONTROL_TC_VERIFY
throw new NotSupportedException(SR.TrustVerificationNotSupport);
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error);
}
}
}
else
{
// then try secure channel reset
win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out buffer2);
if (win32Error != 0)
// don't really know which server is down, the source or the target
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error);
}
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (ptr != (IntPtr)0)
Marshal.FreeHGlobal(ptr);
if (data != (IntPtr)0)
Marshal.FreeHGlobal(data);
if (buffer1 != (IntPtr)0)
UnsafeNativeMethods.NetApiBufferFree(buffer1);
if (buffer2 != (IntPtr)0)
UnsafeNativeMethods.NetApiBufferFree(buffer2);
}
}
catch { throw; }
}
internal static void DeleteTrust(DirectoryContext sourceContext, string? sourceName, string? targetName, bool isForest)
{
PolicySafeHandle? policyHandle = null;
LSA_UNICODE_STRING? trustedDomainName = null;
int win32Error = 0;
bool impersonated = false;
IntPtr target = (IntPtr)0;
string? serverName = null;
IntPtr buffer = (IntPtr)0;
serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
impersonated = Utils.Impersonate(sourceContext);
try
{
try
{
// get the policy handle
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// get trust information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policyHandle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
try
{
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// delete the trust
result = UnsafeNativeMethods.LsaDeleteTrustedDomain(policyHandle, domainInfo.Sid);
if (result != 0)
{
win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
}
finally
{
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
}
}
catch { throw; }
}
public static extern int LsaQueryForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, ref IntPtr ForestTrustInfo);
internal static void DeleteTrust(DirectoryContext sourceContext, string sourceName, string targetName, bool isForest)
{
PolicySafeHandle handle = null;
LSA_UNICODE_STRING result = null;
int errorCode = 0;
bool flag = false;
IntPtr zero = IntPtr.Zero;
string serverName = null;
IntPtr buffer = IntPtr.Zero;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
zero = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, zero);
int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (status != 0)
{
errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
try
{
TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, structure);
ValidateTrustAttribute(structure, isForest, sourceName, targetName);
status = UnsafeNativeMethods.LsaDeleteTrustedDomain(handle, structure.Sid);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
}
}
finally
{
if (buffer != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
}
}
catch
{
throw;
}
}
public static extern int LsaQueryInformationPolicy(PolicySafeHandle handle, int infoClass, out IntPtr buffer);
private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string targetName, bool isForest)
{
PolicySafeHandle handle = null;
IntPtr ptr2;
IntPtr zero = IntPtr.Zero;
bool flag = false;
string serverName = null;
try
{
try
{
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(targetContext, isForest, false, targetName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(targetContext);
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
}
catch (ActiveDirectoryOperationException)
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
flag = false;
}
System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous();
flag = true;
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
}
catch (UnauthorizedAccessException)
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
flag = false;
}
System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous();
flag = true;
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
}
int status = UnsafeNativeMethods.LsaQueryInformationPolicy(handle, PolicyDnsDomainInformation, out zero);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
}
ptr2 = zero;
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
}
}
catch
{
throw;
}
return(ptr2);
}
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
{
LSA_AUTH_INFORMATION structure = null;
TRUSTED_DOMAIN_AUTH_INFORMATION authInfo = null;
TRUSTED_DOMAIN_INFORMATION_EX domainEx = null;
IntPtr zero = IntPtr.Zero;
IntPtr hglobal = IntPtr.Zero;
IntPtr ptr = IntPtr.Zero;
IntPtr domainHandle = IntPtr.Zero;
PolicySafeHandle handle = null;
IntPtr ptr5 = IntPtr.Zero;
bool flag = false;
string serverName = null;
ptr = GetTrustedDomainInfo(targetContext, targetName, isForest);
try
{
try
{
POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO();
Marshal.PtrToStructure(ptr, policy_dns_domain_info);
structure = new LSA_AUTH_INFORMATION();
zero = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(zero);
FileTime time = new FileTime();
Marshal.PtrToStructure(zero, time);
structure.LastUpdateTime = new LARGE_INTEGER();
structure.LastUpdateTime.lowPart = time.lower;
structure.LastUpdateTime.highPart = time.higher;
structure.AuthType = TRUST_AUTH_TYPE_CLEAR;
hglobal = Marshal.StringToHGlobalUni(password);
structure.AuthInfo = hglobal;
structure.AuthInfoLength = password.Length * 2;
ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(structure, ptr5, false);
authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((direction & TrustDirection.Inbound) != ((TrustDirection) 0))
{
authInfo.IncomingAuthInfos = 1;
authInfo.IncomingAuthenticationInformation = ptr5;
authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
}
if ((direction & TrustDirection.Outbound) != ((TrustDirection) 0))
{
authInfo.OutgoingAuthInfos = 1;
authInfo.OutgoingAuthenticationInformation = ptr5;
authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
}
domainEx = new TRUSTED_DOMAIN_INFORMATION_EX {
FlatName = policy_dns_domain_info.Name,
Name = policy_dns_domain_info.DnsDomainName,
Sid = policy_dns_domain_info.Sid,
TrustType = TRUST_TYPE_UPLEVEL,
TrustDirection = (int) direction
};
if (isForest)
{
domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
}
else
{
domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext);
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle);
if (status != 0)
{
status = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (status != ERROR_ALREADY_EXISTS)
{
throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName }));
}
throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName }));
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
if (domainHandle != IntPtr.Zero)
{
UnsafeNativeMethods.LsaClose(domainHandle);
}
if (ptr != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(ptr);
}
if (hglobal != IntPtr.Zero)
{
Marshal.FreeHGlobal(hglobal);
}
if (ptr5 != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr5);
}
}
}
catch
{
throw;
}
}
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
{
LSA_AUTH_INFORMATION structure = null;
TRUSTED_DOMAIN_AUTH_INFORMATION authInfo = null;
TRUSTED_DOMAIN_INFORMATION_EX domainEx = null;
IntPtr zero = IntPtr.Zero;
IntPtr hglobal = IntPtr.Zero;
IntPtr ptr = IntPtr.Zero;
IntPtr domainHandle = IntPtr.Zero;
PolicySafeHandle handle = null;
IntPtr ptr5 = IntPtr.Zero;
bool flag = false;
string serverName = null;
ptr = GetTrustedDomainInfo(targetContext, targetName, isForest);
try
{
try
{
POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO();
Marshal.PtrToStructure(ptr, policy_dns_domain_info);
structure = new LSA_AUTH_INFORMATION();
zero = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(zero);
FileTime time = new FileTime();
Marshal.PtrToStructure(zero, time);
structure.LastUpdateTime = new LARGE_INTEGER();
structure.LastUpdateTime.lowPart = time.lower;
structure.LastUpdateTime.highPart = time.higher;
structure.AuthType = TRUST_AUTH_TYPE_CLEAR;
hglobal = Marshal.StringToHGlobalUni(password);
structure.AuthInfo = hglobal;
structure.AuthInfoLength = password.Length * 2;
ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(structure, ptr5, false);
authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((direction & TrustDirection.Inbound) != ((TrustDirection)0))
{
authInfo.IncomingAuthInfos = 1;
authInfo.IncomingAuthenticationInformation = ptr5;
authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
}
if ((direction & TrustDirection.Outbound) != ((TrustDirection)0))
{
authInfo.OutgoingAuthInfos = 1;
authInfo.OutgoingAuthenticationInformation = ptr5;
authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
}
domainEx = new TRUSTED_DOMAIN_INFORMATION_EX {
FlatName = policy_dns_domain_info.Name,
Name = policy_dns_domain_info.DnsDomainName,
Sid = policy_dns_domain_info.Sid,
TrustType = TRUST_TYPE_UPLEVEL,
TrustDirection = (int)direction
};
if (isForest)
{
domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
}
else
{
domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext);
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle);
if (status != 0)
{
status = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (status != ERROR_ALREADY_EXISTS)
{
throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName }));
}
throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName }));
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
if (domainHandle != IntPtr.Zero)
{
UnsafeNativeMethods.LsaClose(domainHandle);
}
if (ptr != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(ptr);
}
if (hglobal != IntPtr.Zero)
{
Marshal.FreeHGlobal(hglobal);
}
if (ptr5 != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr5);
}
}
}
catch
{
throw;
}
}
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer)
{
PolicySafeHandle handle = null;
LSA_UNICODE_STRING result = null;
int errorCode = 0;
IntPtr zero = IntPtr.Zero;
IntPtr ptr = IntPtr.Zero;
IntPtr buffer = IntPtr.Zero;
IntPtr ptr4 = IntPtr.Zero;
bool flag = true;
IntPtr s = IntPtr.Zero;
string serverName = null;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, s);
ValidateTrust(handle, result, sourceName, targetName, isForest, (int) direction, serverName);
if (preferredTargetServer == null)
{
zero = Marshal.StringToHGlobalUni(targetName);
}
else
{
zero = Marshal.StringToHGlobalUni(targetName + @"\" + preferredTargetServer);
}
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr)));
Marshal.WriteIntPtr(ptr, zero);
if (!forceSecureChannelReset)
{
errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer);
if (errorCode != 0)
{
if (errorCode == ERROR_INVALID_LEVEL)
{
throw new NotSupportedException(Res.GetString("TrustVerificationNotSupport"));
}
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode);
}
NETLOGON_INFO_2 structure = new NETLOGON_INFO_2();
Marshal.PtrToStructure(buffer, structure);
if ((structure.netlog2_flags & NETLOGON_VERIFY_STATUS_RETURNED) == 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(structure.netlog2_tc_connection_status);
}
int num2 = structure.netlog2_pdc_connection_status;
if (num2 != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(num2);
}
}
else
{
errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out ptr4);
if (errorCode != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode);
}
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
if (buffer != IntPtr.Zero)
{
UnsafeNativeMethods.NetApiBufferFree(buffer);
}
if (ptr4 != IntPtr.Zero)
{
UnsafeNativeMethods.NetApiBufferFree(ptr4);
}
}
}
catch
{
throw;
}
}
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest)
{
PolicySafeHandle handle = null;
IntPtr zero = IntPtr.Zero;
IntPtr ptr = IntPtr.Zero;
LSA_UNICODE_STRING result = null;
bool flag = false;
IntPtr s = IntPtr.Zero;
string serverName = null;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, s);
int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero);
if (num != 0)
{
int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(num);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(zero, structure);
ValidateTrustAttribute(structure, isForest, sourceName, targetName);
if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
{
if (status)
{
structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
}
else
{
structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
}
}
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
{
if (status)
{
structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
}
else
{
structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
}
}
else
{
if (attribute != TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
{
throw new ArgumentException("attribute");
}
if (status)
{
structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
else
{
structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
}
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX)));
Marshal.StructureToPtr(structure, ptr, false);
num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ptr);
if (num != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), serverName);
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
if (zero != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(zero);
}
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
}
}
catch
{
throw;
}
}
public static extern int LsaOpenTrustedDomainByName(PolicySafeHandle policyHandle, LSA_UNICODE_STRING trustedDomain, int access, ref IntPtr trustedDomainHandle);
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
{
PolicySafeHandle handle = null;
IntPtr zero = IntPtr.Zero;
LSA_UNICODE_STRING result = null;
IntPtr ptr = IntPtr.Zero;
bool flag = false;
LSA_AUTH_INFORMATION structure = null;
IntPtr fileTime = IntPtr.Zero;
IntPtr hglobal = IntPtr.Zero;
IntPtr ptr5 = IntPtr.Zero;
TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null;
IntPtr s = IntPtr.Zero;
string serverName = null;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, s);
int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero);
if (status != 0)
{
int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION();
Marshal.PtrToStructure(zero, trusted_domain_full_information);
ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName);
structure = new LSA_AUTH_INFORMATION();
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
FileTime time = new FileTime();
Marshal.PtrToStructure(fileTime, time);
structure.LastUpdateTime = new LARGE_INTEGER();
structure.LastUpdateTime.lowPart = time.lower;
structure.LastUpdateTime.highPart = time.higher;
structure.AuthType = TRUST_AUTH_TYPE_CLEAR;
hglobal = Marshal.StringToHGlobalUni(password);
structure.AuthInfo = hglobal;
structure.AuthInfoLength = password.Length * 2;
ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(structure, ptr5, false);
trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection)0))
{
trusted_domain_auth_information.IncomingAuthInfos = 1;
trusted_domain_auth_information.IncomingAuthenticationInformation = ptr5;
trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
}
else
{
trusted_domain_auth_information.IncomingAuthInfos = 0;
trusted_domain_auth_information.IncomingAuthenticationInformation = IntPtr.Zero;
trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
}
if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection)0))
{
trusted_domain_auth_information.OutgoingAuthInfos = 1;
trusted_domain_auth_information.OutgoingAuthenticationInformation = ptr5;
trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
}
else
{
trusted_domain_auth_information.OutgoingAuthInfos = 0;
trusted_domain_auth_information.OutgoingAuthenticationInformation = IntPtr.Zero;
trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
}
trusted_domain_full_information.AuthInformation = trusted_domain_auth_information;
trusted_domain_full_information.Information.TrustDirection = (int)newTrustDirection;
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
Marshal.StructureToPtr(trusted_domain_full_information, ptr, false);
status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
if (zero != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(zero);
}
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
if (fileTime != IntPtr.Zero)
{
Marshal.FreeHGlobal(fileTime);
}
if (hglobal != IntPtr.Zero)
{
Marshal.FreeHGlobal(hglobal);
}
if (ptr5 != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr5);
}
}
}
catch
{
throw;
}
}
private void GetForestTrustInfoHelper()
{
IntPtr zero = IntPtr.Zero;
PolicySafeHandle handle = null;
LSA_UNICODE_STRING result = null;
bool flag = false;
IntPtr s = IntPtr.Zero;
string serverName = null;
TopLevelNameCollection names = new TopLevelNameCollection();
StringCollection strings = new StringCollection();
ForestTrustDomainInfoCollection infos = new ForestTrustDomainInfoCollection();
ArrayList list = new ArrayList();
Hashtable hashtable = new Hashtable();
ArrayList list2 = new ArrayList();
try
{
try
{
result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(base.TargetName);
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(result, s);
serverName = Utils.GetPolicyServerName(base.context, true, false, base.source);
flag = Utils.Impersonate(base.context);
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
int status = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaQueryForestTrustInformation(handle, result, ref zero);
if (status != 0)
{
int errorCode = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (errorCode != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
}
try
{
if (zero != IntPtr.Zero)
{
LSA_FOREST_TRUST_INFORMATION structure = new LSA_FOREST_TRUST_INFORMATION();
Marshal.PtrToStructure(zero, structure);
int recordCount = structure.RecordCount;
IntPtr ptr = IntPtr.Zero;
for (int i = 0; i < recordCount; i++)
{
ptr = Marshal.ReadIntPtr(structure.Entries, i * Marshal.SizeOf(typeof(IntPtr)));
LSA_FOREST_TRUST_RECORD lsa_forest_trust_record = new LSA_FOREST_TRUST_RECORD();
Marshal.PtrToStructure(ptr, lsa_forest_trust_record);
if (lsa_forest_trust_record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName)
{
IntPtr ptr4 = (IntPtr)(((long)ptr) + 0x10L);
Marshal.PtrToStructure(ptr4, lsa_forest_trust_record.TopLevelName);
TopLevelName name = new TopLevelName(lsa_forest_trust_record.Flags, lsa_forest_trust_record.TopLevelName, lsa_forest_trust_record.Time);
names.Add(name);
}
else if (lsa_forest_trust_record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx)
{
IntPtr ptr5 = (IntPtr)(((long)ptr) + 0x10L);
Marshal.PtrToStructure(ptr5, lsa_forest_trust_record.TopLevelName);
string str2 = Marshal.PtrToStringUni(lsa_forest_trust_record.TopLevelName.Buffer, lsa_forest_trust_record.TopLevelName.Length / 2);
strings.Add(str2);
hashtable.Add(str2, lsa_forest_trust_record.Time);
}
else if (lsa_forest_trust_record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo)
{
ForestTrustDomainInformation info = new ForestTrustDomainInformation(lsa_forest_trust_record.Flags, lsa_forest_trust_record.DomainInfo, lsa_forest_trust_record.Time);
infos.Add(info);
}
else if (lsa_forest_trust_record.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast)
{
int length = lsa_forest_trust_record.Data.Length;
byte[] destination = new byte[length];
if ((lsa_forest_trust_record.Data.Buffer != IntPtr.Zero) && (length != 0))
{
Marshal.Copy(lsa_forest_trust_record.Data.Buffer, destination, 0, length);
}
list.Add(destination);
list2.Add(lsa_forest_trust_record.Time);
}
}
}
}
finally
{
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaFreeMemory(zero);
}
this.topLevelNames = names;
this.excludedNames = strings;
this.domainInfo = infos;
this.binaryData = list;
this.excludedNameTime = hashtable;
this.binaryDataTime = list2;
this.retrieved = true;
}
finally
{
if (flag)
{
Utils.Revert();
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
}
}
catch
{
throw;
}
}
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer)
{
PolicySafeHandle handle = null;
LSA_UNICODE_STRING result = null;
int errorCode = 0;
IntPtr zero = IntPtr.Zero;
IntPtr ptr = IntPtr.Zero;
IntPtr buffer = IntPtr.Zero;
IntPtr ptr4 = IntPtr.Zero;
bool flag = true;
IntPtr s = IntPtr.Zero;
string serverName = null;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, s);
ValidateTrust(handle, result, sourceName, targetName, isForest, (int)direction, serverName);
if (preferredTargetServer == null)
{
zero = Marshal.StringToHGlobalUni(targetName);
}
else
{
zero = Marshal.StringToHGlobalUni(targetName + @"\" + preferredTargetServer);
}
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr)));
Marshal.WriteIntPtr(ptr, zero);
if (!forceSecureChannelReset)
{
errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer);
if (errorCode != 0)
{
if (errorCode == ERROR_INVALID_LEVEL)
{
throw new NotSupportedException(Res.GetString("TrustVerificationNotSupport"));
}
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode);
}
NETLOGON_INFO_2 structure = new NETLOGON_INFO_2();
Marshal.PtrToStructure(buffer, structure);
if ((structure.netlog2_flags & NETLOGON_VERIFY_STATUS_RETURNED) == 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(structure.netlog2_tc_connection_status);
}
int num2 = structure.netlog2_pdc_connection_status;
if (num2 != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(num2);
}
}
else
{
errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out ptr4);
if (errorCode != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode);
}
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
if (buffer != IntPtr.Zero)
{
UnsafeNativeMethods.NetApiBufferFree(buffer);
}
if (ptr4 != IntPtr.Zero)
{
UnsafeNativeMethods.NetApiBufferFree(ptr4);
}
}
}
catch
{
throw;
}
}
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName)
{
IntPtr buffer = (IntPtr)0;
// get trust information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
try
{
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// validate trust direction if applicable
if (direction != 0)
{
if ((direction & domainInfo.TrustDirection) == 0)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(TrustRelationshipInformation), null);
}
}
}
finally
{
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
{
IntPtr intPtr = (IntPtr)0;
IntPtr hGlobalUni = (IntPtr)0;
IntPtr intPtr1 = (IntPtr)0;
IntPtr intPtr2 = (IntPtr)0;
bool flag = false;
IntPtr trustedDomainInfo = TrustHelper.GetTrustedDomainInfo(targetContext, targetName, isForest);
try
{
try
{
POLICY_DNS_DOMAIN_INFO pOLICYDNSDOMAININFO = new POLICY_DNS_DOMAIN_INFO();
Marshal.PtrToStructure(trustedDomainInfo, pOLICYDNSDOMAININFO);
LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION();
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr);
FileTime fileTime = new FileTime();
Marshal.PtrToStructure(intPtr, fileTime);
lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER();
lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower;
lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher;
lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR;
hGlobalUni = Marshal.StringToHGlobalUni(password);
lSAAUTHINFORMATION.AuthInfo = hGlobalUni;
lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2;
intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr2, false);
TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((direction & TrustDirection.Inbound) != 0)
{
tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1;
tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr2;
tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
if ((direction & TrustDirection.Outbound) != 0)
{
tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1;
tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr2;
tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
TRUSTED_DOMAIN_INFORMATION_EX tRUSTEDDOMAININFORMATIONEX = new TRUSTED_DOMAIN_INFORMATION_EX();
tRUSTEDDOMAININFORMATIONEX.FlatName = pOLICYDNSDOMAININFO.Name;
tRUSTEDDOMAININFORMATIONEX.Name = pOLICYDNSDOMAININFO.DnsDomainName;
tRUSTEDDOMAININFORMATIONEX.Sid = pOLICYDNSDOMAININFO.Sid;
tRUSTEDDOMAININFORMATIONEX.TrustType = TrustHelper.TRUST_TYPE_UPLEVEL;
tRUSTEDDOMAININFORMATIONEX.TrustDirection = (int)direction;
if (!isForest)
{
tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
else
{
tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
}
string policyServerName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
flag = Utils.Impersonate(sourceContext);
PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
int winError = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policySafeHandle, tRUSTEDDOMAININFORMATIONEX, tRUSTEDDOMAINAUTHINFORMATION, TrustHelper.TRUSTED_SET_POSIX | TrustHelper.TRUSTED_SET_AUTH, out intPtr1);
if (winError != 0)
{
winError = UnsafeNativeMethods.LsaNtStatusToWinError(winError);
if (winError != TrustHelper.ERROR_ALREADY_EXISTS)
{
throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName);
}
else
{
if (!isForest)
{
object[] objArray = new object[2];
objArray[0] = sourceName;
objArray[1] = targetName;
throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", objArray));
}
else
{
object[] objArray1 = new object[2];
objArray1[0] = sourceName;
objArray1[1] = targetName;
throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", objArray1));
}
}
}
}
finally
{
if (flag)
{
Utils.Revert();
}
if (intPtr != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr);
}
if (intPtr1 != (IntPtr)0)
{
UnsafeNativeMethods.LsaClose(intPtr1);
}
if (trustedDomainInfo != (IntPtr)0)
{
UnsafeNativeMethods.LsaFreeMemory(trustedDomainInfo);
}
if (hGlobalUni != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni);
}
if (intPtr2 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr2);
}
}
}
catch
{
throw;
}
}
private void GetForestTrustInfoHelper()
{
IntPtr intPtr = (IntPtr)0;
bool flag = false;
IntPtr hGlobalUni = (IntPtr)0;
TopLevelNameCollection topLevelNameCollection = new TopLevelNameCollection();
StringCollection stringCollections = new StringCollection();
ForestTrustDomainInfoCollection forestTrustDomainInfoCollection = new ForestTrustDomainInfoCollection();
ArrayList arrayLists = new ArrayList();
Hashtable hashtables = new Hashtable();
ArrayList arrayLists1 = new ArrayList();
try
{
try
{
LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING();
hGlobalUni = Marshal.StringToHGlobalUni(base.TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni);
string policyServerName = Utils.GetPolicyServerName(this.context, true, false, this.source);
flag = Utils.Impersonate(this.context);
PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
int num = UnsafeNativeMethods.LsaQueryForestTrustInformation(policySafeHandle, lSAUNICODESTRING, ref intPtr);
if (num != 0)
{
int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num);
if (winError != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName);
}
}
try
{
if (intPtr != (IntPtr)0)
{
LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION();
Marshal.PtrToStructure(intPtr, lSAFORESTTRUSTINFORMATION);
int recordCount = lSAFORESTTRUSTINFORMATION.RecordCount;
for (int i = 0; i < recordCount; i++)
{
IntPtr intPtr1 = Marshal.ReadIntPtr(lSAFORESTTRUSTINFORMATION.Entries, i * Marshal.SizeOf(typeof(IntPtr)));
LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD();
Marshal.PtrToStructure(intPtr1, lSAFORESTTRUSTRECORD);
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName)
{
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx)
{
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo)
{
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast)
{
int length = lSAFORESTTRUSTRECORD.Data.Length;
byte[] numArray = new byte[length];
if (lSAFORESTTRUSTRECORD.Data.Buffer != (IntPtr)0 && length != 0)
{
Marshal.Copy(lSAFORESTTRUSTRECORD.Data.Buffer, numArray, 0, length);
}
arrayLists.Add(numArray);
arrayLists1.Add(lSAFORESTTRUSTRECORD.Time);
}
}
else
{
ForestTrustDomainInformation forestTrustDomainInformation = new ForestTrustDomainInformation(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.DomainInfo, lSAFORESTTRUSTRECORD.Time);
forestTrustDomainInfoCollection.Add(forestTrustDomainInformation);
}
}
else
{
IntPtr intPtr2 = (IntPtr)((long)intPtr1 + (long)16);
Marshal.PtrToStructure(intPtr2, lSAFORESTTRUSTRECORD.TopLevelName);
string stringUni = Marshal.PtrToStringUni(lSAFORESTTRUSTRECORD.TopLevelName.Buffer, lSAFORESTTRUSTRECORD.TopLevelName.Length / 2);
stringCollections.Add(stringUni);
hashtables.Add(stringUni, lSAFORESTTRUSTRECORD.Time);
}
}
else
{
IntPtr intPtr3 = (IntPtr)((long)intPtr1 + (long)16);
Marshal.PtrToStructure(intPtr3, lSAFORESTTRUSTRECORD.TopLevelName);
TopLevelName topLevelName = new TopLevelName(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.TopLevelName, lSAFORESTTRUSTRECORD.Time);
topLevelNameCollection.Add(topLevelName);
}
}
}
}
finally
{
UnsafeNativeMethods.LsaFreeMemory(intPtr);
}
this.topLevelNames = topLevelNameCollection;
this.excludedNames = stringCollections;
this.domainInfo = forestTrustDomainInfoCollection;
this.binaryData = arrayLists;
this.excludedNameTime = hashtables;
this.binaryDataTime = arrayLists1;
this.retrieved = true;
}
finally
{
if (flag)
{
Utils.Revert();
}
if (hGlobalUni != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni);
}
}
}
catch
{
throw;
}
}
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
{
IntPtr intPtr = (IntPtr)0;
IntPtr intPtr1 = (IntPtr)0;
IntPtr intPtr2 = (IntPtr)0;
IntPtr hGlobalUni = (IntPtr)0;
IntPtr intPtr3 = (IntPtr)0;
IntPtr hGlobalUni1 = (IntPtr)0;
string policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
bool flag = Utils.Impersonate(context);
try
{
try
{
PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING();
hGlobalUni1 = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1);
int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref intPtr);
if (num == 0)
{
TRUSTED_DOMAIN_FULL_INFORMATION tRUSTEDDOMAINFULLINFORMATION = new TRUSTED_DOMAIN_FULL_INFORMATION();
Marshal.PtrToStructure(intPtr, tRUSTEDDOMAINFULLINFORMATION);
TrustHelper.ValidateTrustAttribute(tRUSTEDDOMAINFULLINFORMATION.Information, isForest, sourceName, targetName);
LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION();
intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr2);
FileTime fileTime = new FileTime();
Marshal.PtrToStructure(intPtr2, fileTime);
lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER();
lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower;
lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher;
lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR;
hGlobalUni = Marshal.StringToHGlobalUni(password);
lSAAUTHINFORMATION.AuthInfo = hGlobalUni;
lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2;
intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr3, false);
TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((newTrustDirection & TrustDirection.Inbound) == 0)
{
tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 0;
tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = (IntPtr)0;
tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
else
{
tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1;
tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr3;
tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
if ((newTrustDirection & TrustDirection.Outbound) == 0)
{
tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 0;
tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = (IntPtr)0;
tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
else
{
tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1;
tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr3;
tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
tRUSTEDDOMAINFULLINFORMATION.AuthInformation = tRUSTEDDOMAINAUTHINFORMATION;
tRUSTEDDOMAINFULLINFORMATION.Information.TrustDirection = (int)newTrustDirection;
intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
Marshal.StructureToPtr(tRUSTEDDOMAINFULLINFORMATION, intPtr1, false);
num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, intPtr1);
if (num != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), policyServerName);
}
}
else
{
int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num);
if (winError != TrustHelper.STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName);
}
else
{
if (!isForest)
{
object[] objArray = new object[2];
objArray[0] = sourceName;
objArray[1] = targetName;
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", objArray), typeof(TrustRelationshipInformation), null);
}
else
{
object[] objArray1 = new object[2];
objArray1[0] = sourceName;
objArray1[1] = targetName;
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", objArray1), typeof(ForestTrustRelationshipInformation), null);
}
}
}
}
finally
{
if (flag)
{
Utils.Revert();
}
if (hGlobalUni1 != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni1);
}
if (intPtr != (IntPtr)0)
{
UnsafeNativeMethods.LsaFreeMemory(intPtr);
}
if (intPtr1 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr1);
}
if (intPtr2 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr2);
}
if (hGlobalUni != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni);
}
if (intPtr3 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr3);
}
}
}
catch
{
throw;
}
}
private void GetForestTrustInfoHelper()
{
IntPtr forestTrustInfo = (IntPtr)0;
PolicySafeHandle handle = null;
LSA_UNICODE_STRING tmpName = null;
bool impersonated = false;
IntPtr targetPtr = (IntPtr)0;
string serverName = null;
TopLevelNameCollection tmpTLNs = new TopLevelNameCollection();
StringCollection tmpExcludedTLNs = new StringCollection();
ForestTrustDomainInfoCollection tmpDomainInformation = new ForestTrustDomainInfoCollection();
// internal members
ArrayList tmpBinaryData = new ArrayList();
Hashtable tmpExcludedNameTime = new Hashtable();
ArrayList tmpBinaryDataTime = new ArrayList();
try
{
try
{
// get the target name
tmpName = new LSA_UNICODE_STRING();
targetPtr = Marshal.StringToHGlobalUni(TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(tmpName, targetPtr);
serverName = Utils.GetPolicyServerName(context, true, false, source);
// do impersonation
impersonated = Utils.Impersonate(context);
// get the policy handle
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
int result = UnsafeNativeMethods.LsaQueryForestTrustInformation(handle, tmpName, ref forestTrustInfo);
// check the result
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
if (win32Error != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
}
try
{
if (forestTrustInfo != (IntPtr)0)
{
LSA_FOREST_TRUST_INFORMATION trustInfo = new LSA_FOREST_TRUST_INFORMATION();
Marshal.PtrToStructure(forestTrustInfo, trustInfo);
int count = trustInfo.RecordCount;
IntPtr addr = (IntPtr)0;
for (int i = 0; i < count; i++)
{
addr = Marshal.ReadIntPtr(trustInfo.Entries, i * Marshal.SizeOf(typeof(IntPtr)));
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
Marshal.PtrToStructure(addr, record);
if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName)
{
IntPtr myPtr = IntPtr.Add(addr, 16);
Marshal.PtrToStructure(myPtr, record.TopLevelName);
TopLevelName TLN = new TopLevelName(record.Flags, record.TopLevelName, record.Time);
tmpTLNs.Add(TLN);
}
else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx)
{
// get the excluded TLN and put it in our collection
IntPtr myPtr = IntPtr.Add(addr, 16);
Marshal.PtrToStructure(myPtr, record.TopLevelName);
string excludedName = Marshal.PtrToStringUni(record.TopLevelName.Buffer, record.TopLevelName.Length / 2);
tmpExcludedTLNs.Add(excludedName);
tmpExcludedNameTime.Add(excludedName, record.Time);
}
else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo)
{
ForestTrustDomainInformation dom = new ForestTrustDomainInformation(record.Flags, record.DomainInfo, record.Time);
tmpDomainInformation.Add(dom);
}
else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast)
{
// enumeration is done, but we might still have some unrecognized entries after that
continue;
}
else
{
int length = record.Data.Length;
byte[] byteArray = new byte[length];
if ((record.Data.Buffer != (IntPtr)0) && (length != 0))
{
Marshal.Copy(record.Data.Buffer, byteArray, 0, length);
}
tmpBinaryData.Add(byteArray);
tmpBinaryDataTime.Add(record.Time);
}
}
}
}
finally
{
UnsafeNativeMethods.LsaFreeMemory(forestTrustInfo);
}
_topLevelNames = tmpTLNs;
_excludedNames = tmpExcludedTLNs;
_domainInfo = tmpDomainInformation;
_binaryData = tmpBinaryData;
_excludedNameTime = tmpExcludedNameTime;
_binaryDataTime = tmpBinaryDataTime;
// mark it as retrieved
retrieved = true;
}
finally
{
if (impersonated)
{
Utils.Revert();
}
if (targetPtr != (IntPtr)0)
{
Marshal.FreeHGlobal(targetPtr);
}
}
}
catch { throw; }
}
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName)
{
IntPtr intPtr = (IntPtr)0;
int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref intPtr);
if (num == 0)
{
try
{
TRUSTED_DOMAIN_INFORMATION_EX tRUSTEDDOMAININFORMATIONEX = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(intPtr, tRUSTEDDOMAININFORMATIONEX);
TrustHelper.ValidateTrustAttribute(tRUSTEDDOMAININFORMATIONEX, isForest, sourceName, targetName);
if (direction != 0 && (direction & tRUSTEDDOMAININFORMATIONEX.TrustDirection) == 0)
{
if (!isForest)
{
object[] objArray = new object[3];
objArray[0] = sourceName;
objArray[1] = targetName;
objArray[2] = (TrustDirection)direction;
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", objArray), typeof(TrustRelationshipInformation), null);
}
else
{
object[] objArray1 = new object[3];
objArray1[0] = sourceName;
objArray1[1] = targetName;
objArray1[2] = (TrustDirection)direction;
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", objArray1), typeof(ForestTrustRelationshipInformation), null);
}
}
}
finally
{
if (intPtr != (IntPtr)0)
{
UnsafeNativeMethods.LsaFreeMemory(intPtr);
}
}
return;
}
else
{
int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num);
if (winError != TrustHelper.STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(winError, serverName);
}
else
{
if (!isForest)
{
object[] objArray2 = new object[2];
objArray2[0] = sourceName;
objArray2[1] = targetName;
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", objArray2), typeof(TrustRelationshipInformation), null);
}
else
{
object[] objArray3 = new object[2];
objArray3[0] = sourceName;
objArray3[1] = targetName;
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", objArray3), typeof(ForestTrustRelationshipInformation), null);
}
}
}
}
public static extern int LsaSetForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, IntPtr forestTrustInfo, int checkOnly, out IntPtr collisionInfo);
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer)
{
int num;
IntPtr hGlobalUni = (IntPtr)0;
IntPtr intPtr = (IntPtr)0;
IntPtr intPtr1 = (IntPtr)0;
IntPtr intPtr2 = (IntPtr)0;
IntPtr hGlobalUni1 = (IntPtr)0;
string policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
bool flag = Utils.Impersonate(context);
try
{
try
{
PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING();
hGlobalUni1 = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1);
TrustHelper.ValidateTrust(policySafeHandle, lSAUNICODESTRING, sourceName, targetName, isForest, (int)direction, policyServerName);
if (preferredTargetServer != null)
{
hGlobalUni = Marshal.StringToHGlobalUni(string.Concat(targetName, "\\", preferredTargetServer));
}
else
{
hGlobalUni = Marshal.StringToHGlobalUni(targetName);
}
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr)));
Marshal.WriteIntPtr(intPtr, hGlobalUni);
if (forceSecureChannelReset)
{
num = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, TrustHelper.NETLOGON_CONTROL_REDISCOVER, TrustHelper.NETLOGON_QUERY_LEVEL, intPtr, out intPtr2);
if (num != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(num);
}
}
else
{
num = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, TrustHelper.NETLOGON_CONTROL_TC_VERIFY, TrustHelper.NETLOGON_QUERY_LEVEL, intPtr, out intPtr1);
if (num != 0)
{
if (num != TrustHelper.ERROR_INVALID_LEVEL)
{
throw ExceptionHelper.GetExceptionFromErrorCode(num);
}
else
{
throw new NotSupportedException(Res.GetString("TrustVerificationNotSupport"));
}
}
else
{
NETLOGON_INFO_2 nETLOGONINFO2 = new NETLOGON_INFO_2();
Marshal.PtrToStructure(intPtr1, nETLOGONINFO2);
if ((nETLOGONINFO2.netlog2_flags & TrustHelper.NETLOGON_VERIFY_STATUS_RETURNED) == 0)
{
int netlog2TcConnectionStatus = nETLOGONINFO2.netlog2_tc_connection_status;
throw ExceptionHelper.GetExceptionFromErrorCode(netlog2TcConnectionStatus);
}
else
{
int netlog2PdcConnectionStatus = nETLOGONINFO2.netlog2_pdc_connection_status;
if (netlog2PdcConnectionStatus != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(netlog2PdcConnectionStatus);
}
else
{
return;
}
}
}
}
}
finally
{
if (flag)
{
Utils.Revert();
}
if (hGlobalUni1 != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni1);
}
if (intPtr != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr);
}
if (hGlobalUni != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni);
}
if (intPtr1 != (IntPtr)0)
{
UnsafeNativeMethods.NetApiBufferFree(intPtr1);
}
if (intPtr2 != (IntPtr)0)
{
UnsafeNativeMethods.NetApiBufferFree(intPtr2);
}
}
}
catch
{
throw;
}
}
public static extern int LsaSetTrustedDomainInfoByName(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomain, TRUSTED_INFORMATION_CLASS infoClass, IntPtr buffer);
private void GetForestTrustInfoHelper()
{
IntPtr intPtr = (IntPtr)0;
bool flag = false;
IntPtr hGlobalUni = (IntPtr)0;
TopLevelNameCollection topLevelNameCollection = new TopLevelNameCollection();
StringCollection stringCollections = new StringCollection();
ForestTrustDomainInfoCollection forestTrustDomainInfoCollection = new ForestTrustDomainInfoCollection();
ArrayList arrayLists = new ArrayList();
Hashtable hashtables = new Hashtable();
ArrayList arrayLists1 = new ArrayList();
try
{
try
{
LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING();
hGlobalUni = Marshal.StringToHGlobalUni(base.TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni);
string policyServerName = Utils.GetPolicyServerName(this.context, true, false, this.source);
flag = Utils.Impersonate(this.context);
PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
int num = UnsafeNativeMethods.LsaQueryForestTrustInformation(policySafeHandle, lSAUNICODESTRING, ref intPtr);
if (num != 0)
{
int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num);
if (winError != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName);
}
}
try
{
if (intPtr != (IntPtr)0)
{
LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION();
Marshal.PtrToStructure(intPtr, lSAFORESTTRUSTINFORMATION);
int recordCount = lSAFORESTTRUSTINFORMATION.RecordCount;
for (int i = 0; i < recordCount; i++)
{
IntPtr intPtr1 = Marshal.ReadIntPtr(lSAFORESTTRUSTINFORMATION.Entries, i * Marshal.SizeOf(typeof(IntPtr)));
LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD();
Marshal.PtrToStructure(intPtr1, lSAFORESTTRUSTRECORD);
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName)
{
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx)
{
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo)
{
if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast)
{
int length = lSAFORESTTRUSTRECORD.Data.Length;
byte[] numArray = new byte[length];
if (lSAFORESTTRUSTRECORD.Data.Buffer != (IntPtr)0 && length != 0)
{
Marshal.Copy(lSAFORESTTRUSTRECORD.Data.Buffer, numArray, 0, length);
}
arrayLists.Add(numArray);
arrayLists1.Add(lSAFORESTTRUSTRECORD.Time);
}
}
else
{
ForestTrustDomainInformation forestTrustDomainInformation = new ForestTrustDomainInformation(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.DomainInfo, lSAFORESTTRUSTRECORD.Time);
forestTrustDomainInfoCollection.Add(forestTrustDomainInformation);
}
}
else
{
IntPtr intPtr2 = (IntPtr)((long)intPtr1 + (long)16);
Marshal.PtrToStructure(intPtr2, lSAFORESTTRUSTRECORD.TopLevelName);
string stringUni = Marshal.PtrToStringUni(lSAFORESTTRUSTRECORD.TopLevelName.Buffer, lSAFORESTTRUSTRECORD.TopLevelName.Length / 2);
stringCollections.Add(stringUni);
hashtables.Add(stringUni, lSAFORESTTRUSTRECORD.Time);
}
}
else
{
IntPtr intPtr3 = (IntPtr)((long)intPtr1 + (long)16);
Marshal.PtrToStructure(intPtr3, lSAFORESTTRUSTRECORD.TopLevelName);
TopLevelName topLevelName = new TopLevelName(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.TopLevelName, lSAFORESTTRUSTRECORD.Time);
topLevelNameCollection.Add(topLevelName);
}
}
}
}
finally
{
UnsafeNativeMethods.LsaFreeMemory(intPtr);
}
this.topLevelNames = topLevelNameCollection;
this.excludedNames = stringCollections;
this.domainInfo = forestTrustDomainInfoCollection;
this.binaryData = arrayLists;
this.excludedNameTime = hashtables;
this.binaryDataTime = arrayLists1;
this.retrieved = true;
}
finally
{
if (flag)
{
Utils.Revert();
}
if (hGlobalUni != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni);
}
}
}
catch
{
throw;
}
}
public static extern int LsaDeleteTrustedDomain(PolicySafeHandle handle, IntPtr pSid);
public void Save()
{
IntPtr intPtr;
IntPtr hGlobalUni;
object length;
object obj;
object length1;
object obj1;
int count = 0;
int num = 0;
IntPtr intPtr1 = (IntPtr)0;
IntPtr intPtr2 = (IntPtr)0;
ArrayList arrayLists = new ArrayList();
ArrayList arrayLists1 = new ArrayList();
bool flag = false;
IntPtr hGlobalUni1 = (IntPtr)0;
IntPtr intPtr3 = (IntPtr)0;
count = count + this.TopLevelNames.Count;
count = count + this.ExcludedTopLevelNames.Count;
count = count + this.TrustedDomainInformation.Count;
if (this.binaryData.Count != 0)
{
count++;
count = count + this.binaryData.Count;
}
IntPtr intPtr4 = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr)));
try
{
try
{
intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr3);
FileTime fileTime = new FileTime();
Marshal.PtrToStructure(intPtr3, fileTime);
for (int i = 0; i < this.topLevelNames.Count; i++)
{
LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD();
lSAFORESTTRUSTRECORD.Flags = (int)this.topLevelNames[i].Status;
lSAFORESTTRUSTRECORD.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName;
TopLevelName item = this.topLevelNames[i];
lSAFORESTTRUSTRECORD.Time = item.time;
lSAFORESTTRUSTRECORD.TopLevelName = new LSA_UNICODE_STRING();
hGlobalUni = Marshal.StringToHGlobalUni(item.Name);
arrayLists.Add(hGlobalUni);
UnsafeNativeMethods.RtlInitUnicodeString(lSAFORESTTRUSTRECORD.TopLevelName, hGlobalUni);
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(lSAFORESTTRUSTRECORD, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
}
for (int j = 0; j < this.excludedNames.Count; j++)
{
LSA_FOREST_TRUST_RECORD lARGEINTEGER = new LSA_FOREST_TRUST_RECORD();
lARGEINTEGER.Flags = 0;
lARGEINTEGER.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx;
if (!this.excludedNameTime.Contains(this.excludedNames[j]))
{
lARGEINTEGER.Time = new LARGE_INTEGER();
lARGEINTEGER.Time.lowPart = fileTime.lower;
lARGEINTEGER.Time.highPart = fileTime.higher;
}
else
{
lARGEINTEGER.Time = (LARGE_INTEGER)this.excludedNameTime[(object)j];
}
lARGEINTEGER.TopLevelName = new LSA_UNICODE_STRING();
hGlobalUni = Marshal.StringToHGlobalUni(this.excludedNames[j]);
arrayLists.Add(hGlobalUni);
UnsafeNativeMethods.RtlInitUnicodeString(lARGEINTEGER.TopLevelName, hGlobalUni);
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(lARGEINTEGER, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
}
int num1 = 0;
while (num1 < this.domainInfo.Count)
{
LSA_FOREST_TRUST_RECORD status = new LSA_FOREST_TRUST_RECORD();
status.Flags = (int)this.domainInfo[num1].Status;
status.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo;
ForestTrustDomainInformation forestTrustDomainInformation = this.domainInfo[num1];
status.Time = forestTrustDomainInformation.time;
IntPtr intPtr5 = (IntPtr)0;
IntPtr hGlobalUni2 = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DomainSid);
arrayLists.Add(hGlobalUni2);
int sidW = UnsafeNativeMethods.ConvertStringSidToSidW(hGlobalUni2, ref intPtr5);
if (sidW != 0)
{
status.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO();
status.DomainInfo.sid = intPtr5;
arrayLists1.Add(intPtr5);
status.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DnsName);
arrayLists.Add(status.DomainInfo.DNSNameBuffer);
LSA_FOREST_TRUST_DOMAIN_INFO domainInfo = status.DomainInfo;
if (forestTrustDomainInformation.DnsName == null)
{
length = null;
}
else
{
length = forestTrustDomainInformation.DnsName.Length * 2;
}
domainInfo.DNSNameLength = (short)length;
LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO = status.DomainInfo;
if (forestTrustDomainInformation.DnsName == null)
{
obj = null;
}
else
{
obj = forestTrustDomainInformation.DnsName.Length * 2;
}
lSAFORESTTRUSTDOMAININFO.DNSNameMaximumLength = (short)obj;
status.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.NetBiosName);
arrayLists.Add(status.DomainInfo.NetBIOSNameBuffer);
LSA_FOREST_TRUST_DOMAIN_INFO domainInfo1 = status.DomainInfo;
if (forestTrustDomainInformation.NetBiosName == null)
{
length1 = null;
}
else
{
length1 = forestTrustDomainInformation.NetBiosName.Length * 2;
}
domainInfo1.NetBIOSNameLength = (short)length1;
LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO1 = status.DomainInfo;
if (forestTrustDomainInformation.NetBiosName == null)
{
obj1 = null;
}
else
{
obj1 = forestTrustDomainInformation.NetBiosName.Length * 2;
}
lSAFORESTTRUSTDOMAININFO1.NetBIOSNameMaximumLength = (short)obj1;
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(status, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
num1++;
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error());
}
}
if (this.binaryData.Count > 0)
{
LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD1 = new LSA_FOREST_TRUST_RECORD();
lSAFORESTTRUSTRECORD1.Flags = 0;
lSAFORESTTRUSTRECORD1.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast;
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(lSAFORESTTRUSTRECORD1, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
for (int k = 0; k < this.binaryData.Count; k++)
{
LSA_FOREST_TRUST_RECORD item1 = new LSA_FOREST_TRUST_RECORD();
item1.Flags = 0;
item1.Time = (LARGE_INTEGER)this.binaryDataTime[k];
item1.Data.Length = (int)((byte[])this.binaryData[k]).Length;
if (item1.Data.Length != 0)
{
item1.Data.Buffer = Marshal.AllocHGlobal(item1.Data.Length);
arrayLists.Add(item1.Data.Buffer);
Marshal.Copy((byte[])this.binaryData[k], 0, item1.Data.Buffer, item1.Data.Length);
}
else
{
item1.Data.Buffer = (IntPtr)0;
}
intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
arrayLists.Add(intPtr);
Marshal.StructureToPtr(item1, intPtr, false);
Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr);
num++;
}
}
LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION();
lSAFORESTTRUSTINFORMATION.RecordCount = count;
lSAFORESTTRUSTINFORMATION.Entries = intPtr4;
intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION)));
Marshal.StructureToPtr(lSAFORESTTRUSTINFORMATION, intPtr1, false);
string policyServerName = Utils.GetPolicyServerName(this.context, true, true, base.SourceName);
flag = Utils.Impersonate(this.context);
PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING();
hGlobalUni1 = Marshal.StringToHGlobalUni(base.TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1);
int num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 1, out intPtr2);
if (num2 == 0)
{
if (intPtr2 == (IntPtr)0)
{
num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 0, out intPtr2);
if (num2 == 0)
{
this.retrieved = false;
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(num2, policyServerName);
}
}
else
{
throw ExceptionHelper.CreateForestTrustCollisionException(intPtr2);
}
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num2), policyServerName);
}
}
finally
{
if (flag)
{
Utils.Revert();
}
for (int l = 0; l < arrayLists.Count; l++)
{
Marshal.FreeHGlobal((IntPtr)arrayLists[l]);
}
for (int m = 0; m < arrayLists1.Count; m++)
{
UnsafeNativeMethods.LocalFree((IntPtr)arrayLists1[m]);
}
if (intPtr4 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr4);
}
if (intPtr1 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr1);
}
if (intPtr2 != (IntPtr)0)
{
UnsafeNativeMethods.LsaFreeMemory(intPtr2);
}
if (hGlobalUni1 != (IntPtr)0)
{
Marshal.FreeHGlobal(hGlobalUni1);
}
if (intPtr3 != (IntPtr)0)
{
Marshal.FreeHGlobal(intPtr3);
}
}
}
catch
{
throw;
}
}
public static extern int LsaCreateTrustedDomainEx(PolicySafeHandle handle, TRUSTED_DOMAIN_INFORMATION_EX domainEx, TRUSTED_DOMAIN_AUTH_INFORMATION authInfo, int classInfo, out IntPtr domainHandle);
private void GetForestTrustInfoHelper()
{
IntPtr forestTrustInfo = (IntPtr)0;
PolicySafeHandle handle = null;
LSA_UNICODE_STRING tmpName = null;
bool impersonated = false;
IntPtr targetPtr = (IntPtr)0;
string serverName = null;
TopLevelNameCollection tmpTLNs = new TopLevelNameCollection();
StringCollection tmpExcludedTLNs = new StringCollection();
ForestTrustDomainInfoCollection tmpDomainInformation = new ForestTrustDomainInfoCollection();
// internal members
ArrayList tmpBinaryData = new ArrayList();
Hashtable tmpExcludedNameTime = new Hashtable();
ArrayList tmpBinaryDataTime = new ArrayList();
try
{
try
{
// get the target name
tmpName = new LSA_UNICODE_STRING();
targetPtr = Marshal.StringToHGlobalUni(TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(tmpName, targetPtr);
serverName = Utils.GetPolicyServerName(context, true, false, source);
// do impersonation
impersonated = Utils.Impersonate(context);
// get the policy handle
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
int result = UnsafeNativeMethods.LsaQueryForestTrustInformation(handle, tmpName, ref forestTrustInfo);
// check the result
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
if (win32Error != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
}
try
{
if (forestTrustInfo != (IntPtr)0)
{
LSA_FOREST_TRUST_INFORMATION trustInfo = new LSA_FOREST_TRUST_INFORMATION();
Marshal.PtrToStructure(forestTrustInfo, trustInfo);
int count = trustInfo.RecordCount;
IntPtr addr = (IntPtr)0;
for (int i = 0; i < count; i++)
{
addr = Marshal.ReadIntPtr(trustInfo.Entries, i * Marshal.SizeOf(typeof(IntPtr)));
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
Marshal.PtrToStructure(addr, record);
if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName)
{
IntPtr myPtr = IntPtr.Add(addr, 16);
Marshal.PtrToStructure(myPtr, record.TopLevelName);
TopLevelName TLN = new TopLevelName(record.Flags, record.TopLevelName, record.Time);
tmpTLNs.Add(TLN);
}
else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx)
{
// get the excluded TLN and put it in our collection
IntPtr myPtr = IntPtr.Add(addr, 16);
Marshal.PtrToStructure(myPtr, record.TopLevelName);
string excludedName = Marshal.PtrToStringUni(record.TopLevelName.Buffer, record.TopLevelName.Length / 2);
tmpExcludedTLNs.Add(excludedName);
tmpExcludedNameTime.Add(excludedName, record.Time);
}
else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo)
{
ForestTrustDomainInformation dom = new ForestTrustDomainInformation(record.Flags, record.DomainInfo, record.Time);
tmpDomainInformation.Add(dom);
}
else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast)
{
// enumeration is done, but we might still have some unrecognized entries after that
continue;
}
else
{
int length = record.Data.Length;
byte[] byteArray = new byte[length];
if ((record.Data.Buffer != (IntPtr)0) && (length != 0))
{
Marshal.Copy(record.Data.Buffer, byteArray, 0, length);
}
tmpBinaryData.Add(byteArray);
tmpBinaryDataTime.Add(record.Time);
}
}
}
}
finally
{
UnsafeNativeMethods.LsaFreeMemory(forestTrustInfo);
}
_topLevelNames = tmpTLNs;
_excludedNames = tmpExcludedTLNs;
_domainInfo = tmpDomainInformation;
_binaryData = tmpBinaryData;
_excludedNameTime = tmpExcludedNameTime;
_binaryDataTime = tmpBinaryDataTime;
// mark it as retrieved
retrieved = true;
}
finally
{
if (impersonated)
Utils.Revert();
if (targetPtr != (IntPtr)0)
{
Marshal.FreeHGlobal(targetPtr);
}
}
}
catch { throw; }
}
private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string targetName, bool isForest)
{
PolicySafeHandle handle = null;
IntPtr ptr2;
IntPtr zero = IntPtr.Zero;
bool flag = false;
string serverName = null;
try
{
try
{
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(targetContext, isForest, false, targetName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(targetContext);
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
}
catch (ActiveDirectoryOperationException)
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
flag = false;
}
System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous();
flag = true;
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
}
catch (UnauthorizedAccessException)
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
flag = false;
}
System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous();
flag = true;
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
}
int status = UnsafeNativeMethods.LsaQueryInformationPolicy(handle, PolicyDnsDomainInformation, out zero);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
}
ptr2 = zero;
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
}
}
catch
{
throw;
}
return ptr2;
}
public void Save()
{
int count = 0;
IntPtr records = (IntPtr)0;
int currentCount = 0;
IntPtr tmpPtr = (IntPtr)0;
IntPtr forestInfo = (IntPtr)0;
PolicySafeHandle handle = null;
LSA_UNICODE_STRING trustedDomainName;
IntPtr collisionInfo = (IntPtr)0;
ArrayList ptrList = new ArrayList();
ArrayList sidList = new ArrayList();
bool impersonated = false;
IntPtr target = (IntPtr)0;
string serverName = null;
IntPtr fileTime = (IntPtr)0;
// first get the count of all the records
int toplevelNamesCount = TopLevelNames.Count;
int excludedNamesCount = ExcludedTopLevelNames.Count;
int trustedDomainCount = TrustedDomainInformation.Count;
int binaryDataCount = 0;
checked
{
count += toplevelNamesCount;
count += excludedNamesCount;
count += trustedDomainCount;
if (_binaryData.Count != 0)
{
binaryDataCount = _binaryData.Count;
// for the ForestTrustRecordTypeLast record
count++;
count += binaryDataCount;
}
// allocate the memory for all the records
records = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr)));
}
try
{
try
{
IntPtr ptr = (IntPtr)0;
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
// set the time
FileTime currentTime = new FileTime();
Marshal.PtrToStructure(fileTime, currentTime);
for (int i = 0; i < toplevelNamesCount; i++)
{
// now begin to construct top leve name record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = (int)_topLevelNames[i].Status;
record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName;
TopLevelName TLN = _topLevelNames[i];
record.Time = TLN.time;
record.TopLevelName = new LSA_UNICODE_STRING();
ptr = Marshal.StringToHGlobalUni(TLN.Name);
ptrList.Add(ptr);
UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr);
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
for (int i = 0; i < excludedNamesCount; i++)
{
// now begin to construct excluded top leve name record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = 0;
record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx;
if (_excludedNameTime.Contains(_excludedNames[i]))
{
record.Time = (LARGE_INTEGER)_excludedNameTime[i];
}
else
{
record.Time = new LARGE_INTEGER();
record.Time.lowPart = currentTime.lower;
record.Time.highPart = currentTime.higher;
}
record.TopLevelName = new LSA_UNICODE_STRING();
ptr = Marshal.StringToHGlobalUni(_excludedNames[i]);
ptrList.Add(ptr);
UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr);
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
for (int i = 0; i < trustedDomainCount; i++)
{
// now begin to construct domain info record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = (int)_domainInfo[i].Status;
record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo;
ForestTrustDomainInformation tmp = _domainInfo[i];
record.Time = tmp.time;
IntPtr pSid = (IntPtr)0;
IntPtr stringSid = (IntPtr)0;
stringSid = Marshal.StringToHGlobalUni(tmp.DomainSid);
ptrList.Add(stringSid);
int result = UnsafeNativeMethods.ConvertStringSidToSidW(stringSid, ref pSid);
if (result == 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error());
}
record.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO();
record.DomainInfo.sid = pSid;
sidList.Add(pSid);
record.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(tmp.DnsName);
ptrList.Add(record.DomainInfo.DNSNameBuffer);
record.DomainInfo.DNSNameLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2); // sizeof(WCHAR)
record.DomainInfo.DNSNameMaximumLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2);
record.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(tmp.NetBiosName);
ptrList.Add(record.DomainInfo.NetBIOSNameBuffer);
record.DomainInfo.NetBIOSNameLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2);
record.DomainInfo.NetBIOSNameMaximumLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2);
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
if (binaryDataCount > 0)
{
// now begin to construct ForestTrustRecordTypeLast
LSA_FOREST_TRUST_RECORD lastRecord = new LSA_FOREST_TRUST_RECORD();
lastRecord.Flags = 0;
lastRecord.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast;
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(lastRecord, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
for (int i = 0; i < binaryDataCount; i++)
{
// now begin to construct excluded top leve name record
LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD();
record.Flags = 0;
record.Time = (LARGE_INTEGER)_binaryDataTime[i];
record.Data.Length = ((byte[])_binaryData[i]).Length;
if (record.Data.Length == 0)
{
record.Data.Buffer = (IntPtr)0;
}
else
{
record.Data.Buffer = Marshal.AllocHGlobal(record.Data.Length);
ptrList.Add(record.Data.Buffer);
Marshal.Copy((byte[])_binaryData[i], 0, record.Data.Buffer, record.Data.Length);
}
tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
ptrList.Add(tmpPtr);
Marshal.StructureToPtr(record, tmpPtr, false);
Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr);
currentCount++;
}
}
// finally construct the LSA_FOREST_TRUST_INFORMATION
LSA_FOREST_TRUST_INFORMATION trustInformation = new LSA_FOREST_TRUST_INFORMATION();
trustInformation.RecordCount = count;
trustInformation.Entries = records;
forestInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION)));
Marshal.StructureToPtr(trustInformation, forestInfo, false);
// get policy server name
serverName = Utils.GetPolicyServerName(context, true, true, SourceName);
// do impersonation first
impersonated = Utils.Impersonate(context);
// get the policy handle
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(TargetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// call the unmanaged function
int error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 1, out collisionInfo);
if (error != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(error), serverName);
}
// there is collision, throw proper exception so user can deal with it
if (collisionInfo != (IntPtr)0)
{
throw ExceptionHelper.CreateForestTrustCollisionException(collisionInfo);
}
// commit the changes
error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 0, out collisionInfo);
if (error != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(error, serverName);
}
// now next time property is invoked, we need to go to the server
retrieved = false;
}
finally
{
if (impersonated)
Utils.Revert();
// release the memory
for (int i = 0; i < ptrList.Count; i++)
{
Marshal.FreeHGlobal((IntPtr)ptrList[i]);
}
for (int i = 0; i < sidList.Count; i++)
{
UnsafeNativeMethods.LocalFree((IntPtr)sidList[i]);
}
if (records != (IntPtr)0)
{
Marshal.FreeHGlobal(records);
}
if (forestInfo != (IntPtr)0)
{
Marshal.FreeHGlobal(forestInfo);
}
if (collisionInfo != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(collisionInfo);
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (fileTime != (IntPtr)0)
Marshal.FreeHGlobal(fileTime);
}
}
catch { throw; }
}
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest)
{
PolicySafeHandle handle = null;
IntPtr zero = IntPtr.Zero;
IntPtr ptr = IntPtr.Zero;
LSA_UNICODE_STRING result = null;
bool flag = false;
IntPtr s = IntPtr.Zero;
string serverName = null;
serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
try
{
try
{
handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(result, s);
int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero);
if (num != 0)
{
int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(num);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(zero, structure);
ValidateTrustAttribute(structure, isForest, sourceName, targetName);
if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
{
if (status)
{
structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
}
else
{
structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
}
}
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
{
if (status)
{
structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
}
else
{
structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
}
}
else
{
if (attribute != TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
{
throw new ArgumentException("attribute");
}
if (status)
{
structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
else
{
structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
}
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX)));
Marshal.StructureToPtr(structure, ptr, false);
num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ptr);
if (num != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), serverName);
}
}
finally
{
if (flag)
{
System.DirectoryServices.ActiveDirectory.Utils.Revert();
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
if (zero != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(zero);
}
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
}
}
catch
{
throw;
}
}
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest)
{
PolicySafeHandle handle = null;
IntPtr buffer = (IntPtr)0;
IntPtr newInfo = (IntPtr)0;
LSA_UNICODE_STRING trustedDomainName = null;
bool impersonated = false;
IntPtr target = (IntPtr)0;
string serverName = null;
serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle first
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// get the trusted domain information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
// get the managed structre representation
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// change the attribute value properly
// selective authentication
if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
{
if (status)
{
// turns on selective authentication
domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
}
else
{
// turns off selective authentication
domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION);
}
}
// user wants to change sid filtering behavior for forest trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
{
if (status)
{
// user wants sid filtering behavior
domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL);
}
else
{
// users wants to turn off sid filtering behavior
domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
}
}
// user wants to change sid filtering behavior for external trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
{
if (status)
{
// user wants sid filtering behavior
domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
else
{
// user wants to turn off sid filtering behavior
domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN);
}
}
else
{
throw new ArgumentException("attribute");
}
// reconstruct the unmanaged structure to set it back
newInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX)));
Marshal.StructureToPtr(domainInfo, newInfo, false);
result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, newInfo);
if (result != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
}
return;
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
if (newInfo != (IntPtr)0)
Marshal.FreeHGlobal(newInfo);
}
}
catch { throw; }
}
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName)
{
IntPtr zero = IntPtr.Zero;
int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero);
if (status != 0)
{
int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
{
throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
}
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
}
try
{
TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(zero, structure);
ValidateTrustAttribute(structure, isForest, sourceName, targetName);
if ((direction != 0) && ((direction & structure.TrustDirection) == 0))
{
if (isForest)
{
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection) direction }), typeof(ForestTrustRelationshipInformation), null);
}
throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection) direction }), typeof(TrustRelationshipInformation), null);
}
}
finally
{
if (zero != IntPtr.Zero)
{
UnsafeNativeMethods.LsaFreeMemory(zero);
}
}
}
internal static void DeleteTrust(DirectoryContext sourceContext, string sourceName, string targetName, bool isForest)
{
PolicySafeHandle policyHandle = null;
LSA_UNICODE_STRING trustedDomainName = null;
int win32Error = 0;
bool impersonated = false;
IntPtr target = (IntPtr)0;
string serverName = null;
IntPtr buffer = (IntPtr)0;
serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
impersonated = Utils.Impersonate(sourceContext);
try
{
try
{
// get the policy handle
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// get trust information
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policyHandle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
try
{
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// delete the trust
result = UnsafeNativeMethods.LsaDeleteTrustedDomain(policyHandle, domainInfo.Sid);
if (result != 0)
{
win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
}
finally
{
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
}
}
catch { throw; }
}
public static extern int LsaSetForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, IntPtr forestTrustInfo, int checkOnly, out IntPtr collisionInfo);
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer)
{
PolicySafeHandle policyHandle = null;
LSA_UNICODE_STRING trustedDomainName = null;
int win32Error = 0;
IntPtr data = (IntPtr)0;
IntPtr ptr = (IntPtr)0;
IntPtr buffer1 = (IntPtr)0;
IntPtr buffer2 = (IntPtr)0;
bool impersonated = true;
IntPtr target = (IntPtr)0;
string policyServerName = null;
policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
// validate the trust existence
ValidateTrust(policyHandle, trustedDomainName, sourceName, targetName, isForest, (int)direction, policyServerName); // need to verify direction
if (preferredTargetServer == null)
data = Marshal.StringToHGlobalUni(targetName);
else
// this is the case that we need to specifically go to a particular server. This is the way to tell netlogon to do that.
data = Marshal.StringToHGlobalUni(targetName + "\\" + preferredTargetServer);
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr)));
Marshal.WriteIntPtr(ptr, data);
if (!forceSecureChannelReset)
{
win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, s_NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer1);
if (win32Error == 0)
{
NETLOGON_INFO_2 info = new NETLOGON_INFO_2();
Marshal.PtrToStructure(buffer1, info);
if ((info.netlog2_flags & s_NETLOGON_VERIFY_STATUS_RETURNED) != 0)
{
int result = info.netlog2_pdc_connection_status;
if (result == 0)
{
// verification succeeded
return;
}
else
{
// don't really know which server is down, the source or the target
throw ExceptionHelper.GetExceptionFromErrorCode(result);
}
}
else
{
int result = info.netlog2_tc_connection_status;
throw ExceptionHelper.GetExceptionFromErrorCode(result);
}
}
else
{
if (win32Error == s_ERROR_INVALID_LEVEL)
{
// it is pre-win2k SP3 dc that does not support NETLOGON_CONTROL_TC_VERIFY
throw new NotSupportedException(Res.GetString(Res.TrustVerificationNotSupport));
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error);
}
}
}
else
{
// then try secure channel reset
win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out buffer2);
if (win32Error != 0)
// don't really know which server is down, the source or the target
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error);
}
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (ptr != (IntPtr)0)
Marshal.FreeHGlobal(ptr);
if (data != (IntPtr)0)
Marshal.FreeHGlobal(data);
if (buffer1 != (IntPtr)0)
UnsafeNativeMethods.NetApiBufferFree(buffer1);
if (buffer2 != (IntPtr)0)
UnsafeNativeMethods.NetApiBufferFree(buffer2);
}
}
catch { throw; }
}
public static extern int LsaSetTrustedDomainInfoByName(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomain, TRUSTED_INFORMATION_CLASS infoClass, IntPtr buffer);
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
{
LSA_AUTH_INFORMATION AuthData = null;
TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null;
TRUSTED_DOMAIN_INFORMATION_EX tdi = null;
IntPtr fileTime = (IntPtr)0;
IntPtr unmanagedPassword = (IntPtr)0;
IntPtr info = (IntPtr)0;
IntPtr domainHandle = (IntPtr)0;
PolicySafeHandle policyHandle = null;
IntPtr unmanagedAuthData = (IntPtr)0;
bool impersonated = false;
string serverName = null;
// get the domain info first
info = GetTrustedDomainInfo(targetContext, targetName, isForest);
try
{
try
{
POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO();
Marshal.PtrToStructure(info, domainInfo);
AuthData = new LSA_AUTH_INFORMATION();
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
// set the time
FileTime tmp = new FileTime();
Marshal.PtrToStructure(fileTime, tmp);
AuthData.LastUpdateTime = new LARGE_INTEGER();
AuthData.LastUpdateTime.lowPart = tmp.lower;
AuthData.LastUpdateTime.highPart = tmp.higher;
AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR;
unmanagedPassword = Marshal.StringToHGlobalUni(password);
AuthData.AuthInfo = unmanagedPassword;
AuthData.AuthInfoLength = password.Length * 2; // sizeof(WCHAR)
unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);
AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
if ((direction & TrustDirection.Inbound) != 0)
{
AuthInfoEx.IncomingAuthInfos = 1;
AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
}
if ((direction & TrustDirection.Outbound) != 0)
{
AuthInfoEx.OutgoingAuthInfos = 1;
AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
}
tdi = new TRUSTED_DOMAIN_INFORMATION_EX();
tdi.FlatName = domainInfo.Name;
tdi.Name = domainInfo.DnsDomainName;
tdi.Sid = domainInfo.Sid;
tdi.TrustType = TRUST_TYPE_UPLEVEL;
tdi.TrustDirection = (int)direction;
if (isForest)
{
tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
}
else
{
tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
}
// get server name
serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
// do impersonation and get policy handle
impersonated = Utils.Impersonate(sourceContext);
policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, s_TRUSTED_SET_POSIX | s_TRUSTED_SET_AUTH, out domainHandle);
if (result != 0)
{
result = UnsafeNativeMethods.LsaNtStatusToWinError(result);
if (result == s_ERROR_ALREADY_EXISTS)
{
if (isForest)
throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingForestTrust, sourceName, targetName));
else
throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingDomainTrust, sourceName, targetName));
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName);
}
}
finally
{
if (impersonated)
Utils.Revert();
if (fileTime != (IntPtr)0)
Marshal.FreeHGlobal(fileTime);
if (domainHandle != (IntPtr)0)
UnsafeNativeMethods.LsaClose(domainHandle);
if (info != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(info);
if (unmanagedPassword != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedPassword);
if (unmanagedAuthData != (IntPtr)0)
Marshal.FreeHGlobal(unmanagedAuthData);
}
}
catch { throw; }
}
public static extern int LsaDeleteTrustedDomain(PolicySafeHandle handle, IntPtr pSid);
internal static bool GetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool isForest)
{
PolicySafeHandle handle = null;
IntPtr buffer = (IntPtr)0;
LSA_UNICODE_STRING trustedDomainName = null;
bool impersonated = false;
IntPtr target = (IntPtr)0;
string serverName = null;
// get policy server name
serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
impersonated = Utils.Impersonate(context);
try
{
try
{
// get the policy handle first
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
// get the target name
trustedDomainName = new LSA_UNICODE_STRING();
target = Marshal.StringToHGlobalUni(targetName);
UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);
int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
if (result != 0)
{
int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
// 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND)
{
if (isForest)
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
else
throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
}
else
throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
}
Debug.Assert(buffer != (IntPtr)0);
TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
Marshal.PtrToStructure(buffer, domainInfo);
// validate this is the trust that the user refers to
ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);
// get the attribute of the trust
// selective authentication info
if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
{
if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) == 0)
return false;
else
return true;
}
// sid filtering behavior for forest trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
{
if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) == 0)
return true;
else
return false;
}
// sid filtering behavior for domain trust
else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
{
if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) == 0)
return false;
else
return true;
}
else
{
// should not happen
throw new ArgumentException("attribute");
}
}
finally
{
if (impersonated)
Utils.Revert();
if (target != (IntPtr)0)
Marshal.FreeHGlobal(target);
if (buffer != (IntPtr)0)
UnsafeNativeMethods.LsaFreeMemory(buffer);
}
}
catch { throw; }
}
public static extern int LsaCreateTrustedDomainEx(PolicySafeHandle handle, TRUSTED_DOMAIN_INFORMATION_EX domainEx, TRUSTED_DOMAIN_AUTH_INFORMATION authInfo, int classInfo, out IntPtr domainHandle);
public void Save()
{
int num = 0;
IntPtr zero = IntPtr.Zero;
int num2 = 0;
IntPtr ptr2 = IntPtr.Zero;
IntPtr ptr = IntPtr.Zero;
PolicySafeHandle handle = null;
IntPtr collisionInfo = IntPtr.Zero;
ArrayList list = new ArrayList();
ArrayList list2 = new ArrayList();
bool flag = false;
IntPtr s = IntPtr.Zero;
string serverName = null;
IntPtr fileTime = IntPtr.Zero;
int count = this.TopLevelNames.Count;
int num4 = this.ExcludedTopLevelNames.Count;
int num5 = this.TrustedDomainInformation.Count;
int num6 = 0;
num += count;
num += num4;
num += num5;
if (this.binaryData.Count != 0)
{
num6 = this.binaryData.Count;
num++;
num += num6;
}
zero = Marshal.AllocHGlobal((int)(num * Marshal.SizeOf(typeof(IntPtr))));
try
{
try
{
IntPtr ptr7 = IntPtr.Zero;
fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
FileTime structure = new FileTime();
Marshal.PtrToStructure(fileTime, structure);
for (int i = 0; i < count; i++)
{
LSA_FOREST_TRUST_RECORD lsa_forest_trust_record = new LSA_FOREST_TRUST_RECORD {
Flags = (int)this.topLevelNames[i].Status,
ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName
};
TopLevelName name = this.topLevelNames[i];
lsa_forest_trust_record.Time = name.time;
lsa_forest_trust_record.TopLevelName = new LSA_UNICODE_STRING();
ptr7 = Marshal.StringToHGlobalUni(name.Name);
list.Add(ptr7);
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(lsa_forest_trust_record.TopLevelName, ptr7);
ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
list.Add(ptr2);
Marshal.StructureToPtr(lsa_forest_trust_record, ptr2, false);
Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2);
num2++;
}
for (int j = 0; j < num4; j++)
{
LSA_FOREST_TRUST_RECORD lsa_forest_trust_record2 = new LSA_FOREST_TRUST_RECORD {
Flags = 0,
ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx
};
if (this.excludedNameTime.Contains(this.excludedNames[j]))
{
lsa_forest_trust_record2.Time = (LARGE_INTEGER)this.excludedNameTime[j];
}
else
{
lsa_forest_trust_record2.Time = new LARGE_INTEGER();
lsa_forest_trust_record2.Time.lowPart = structure.lower;
lsa_forest_trust_record2.Time.highPart = structure.higher;
}
lsa_forest_trust_record2.TopLevelName = new LSA_UNICODE_STRING();
ptr7 = Marshal.StringToHGlobalUni(this.excludedNames[j]);
list.Add(ptr7);
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(lsa_forest_trust_record2.TopLevelName, ptr7);
ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
list.Add(ptr2);
Marshal.StructureToPtr(lsa_forest_trust_record2, ptr2, false);
Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2);
num2++;
}
for (int k = 0; k < num5; k++)
{
LSA_FOREST_TRUST_RECORD lsa_forest_trust_record3 = new LSA_FOREST_TRUST_RECORD {
Flags = (int)this.domainInfo[k].Status,
ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo
};
ForestTrustDomainInformation information = this.domainInfo[k];
lsa_forest_trust_record3.Time = information.time;
IntPtr pSid = IntPtr.Zero;
IntPtr ptr9 = IntPtr.Zero;
ptr9 = Marshal.StringToHGlobalUni(information.DomainSid);
list.Add(ptr9);
if (System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.ConvertStringSidToSidW(ptr9, ref pSid) == 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error());
}
lsa_forest_trust_record3.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO();
lsa_forest_trust_record3.DomainInfo.sid = pSid;
list2.Add(pSid);
lsa_forest_trust_record3.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(information.DnsName);
list.Add(lsa_forest_trust_record3.DomainInfo.DNSNameBuffer);
lsa_forest_trust_record3.DomainInfo.DNSNameLength = (information.DnsName == null) ? ((short)0) : ((short)(information.DnsName.Length * 2));
lsa_forest_trust_record3.DomainInfo.DNSNameMaximumLength = (information.DnsName == null) ? ((short)0) : ((short)(information.DnsName.Length * 2));
lsa_forest_trust_record3.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(information.NetBiosName);
list.Add(lsa_forest_trust_record3.DomainInfo.NetBIOSNameBuffer);
lsa_forest_trust_record3.DomainInfo.NetBIOSNameLength = (information.NetBiosName == null) ? ((short)0) : ((short)(information.NetBiosName.Length * 2));
lsa_forest_trust_record3.DomainInfo.NetBIOSNameMaximumLength = (information.NetBiosName == null) ? ((short)0) : ((short)(information.NetBiosName.Length * 2));
ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
list.Add(ptr2);
Marshal.StructureToPtr(lsa_forest_trust_record3, ptr2, false);
Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2);
num2++;
}
if (num6 > 0)
{
LSA_FOREST_TRUST_RECORD lsa_forest_trust_record4 = new LSA_FOREST_TRUST_RECORD {
Flags = 0,
ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast
};
ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
list.Add(ptr2);
Marshal.StructureToPtr(lsa_forest_trust_record4, ptr2, false);
Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2);
num2++;
for (int m = 0; m < num6; m++)
{
LSA_FOREST_TRUST_RECORD lsa_forest_trust_record5 = new LSA_FOREST_TRUST_RECORD {
Flags = 0,
Time = (LARGE_INTEGER)this.binaryDataTime[m]
};
lsa_forest_trust_record5.Data.Length = ((byte[])this.binaryData[m]).Length;
if (lsa_forest_trust_record5.Data.Length == 0)
{
lsa_forest_trust_record5.Data.Buffer = IntPtr.Zero;
}
else
{
lsa_forest_trust_record5.Data.Buffer = Marshal.AllocHGlobal(lsa_forest_trust_record5.Data.Length);
list.Add(lsa_forest_trust_record5.Data.Buffer);
Marshal.Copy((byte[])this.binaryData[m], 0, lsa_forest_trust_record5.Data.Buffer, lsa_forest_trust_record5.Data.Length);
}
ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD)));
list.Add(ptr2);
Marshal.StructureToPtr(lsa_forest_trust_record5, ptr2, false);
Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2);
num2++;
}
}
LSA_FOREST_TRUST_INFORMATION lsa_forest_trust_information = new LSA_FOREST_TRUST_INFORMATION {
RecordCount = num,
Entries = zero
};
ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION)));
Marshal.StructureToPtr(lsa_forest_trust_information, ptr, false);
serverName = Utils.GetPolicyServerName(base.context, true, true, base.SourceName);
flag = Utils.Impersonate(base.context);
handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));
LSA_UNICODE_STRING result = new LSA_UNICODE_STRING();
s = Marshal.StringToHGlobalUni(base.TargetName);
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(result, s);
int status = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaSetForestTrustInformation(handle, result, ptr, 1, out collisionInfo);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
}
if (collisionInfo != IntPtr.Zero)
{
throw ExceptionHelper.CreateForestTrustCollisionException(collisionInfo);
}
status = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaSetForestTrustInformation(handle, result, ptr, 0, out collisionInfo);
if (status != 0)
{
throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName);
}
this.retrieved = false;
}
finally
{
if (flag)
{
Utils.Revert();
}
for (int n = 0; n < list.Count; n++)
{
Marshal.FreeHGlobal((IntPtr)list[n]);
}
for (int num14 = 0; num14 < list2.Count; num14++)
{
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LocalFree((IntPtr)list2[num14]);
}
if (zero != IntPtr.Zero)
{
Marshal.FreeHGlobal(zero);
}
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
if (collisionInfo != IntPtr.Zero)
{
System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaFreeMemory(collisionInfo);
}
if (s != IntPtr.Zero)
{
Marshal.FreeHGlobal(s);
}
if (fileTime != IntPtr.Zero)
{
Marshal.FreeHGlobal(fileTime);
}
}
}
catch
{
throw;
}
}
