internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
 {
     PolicySafeHandle handle = null;
     IntPtr zero = IntPtr.Zero;
     LSA_UNICODE_STRING result = null;
     IntPtr ptr = IntPtr.Zero;
     bool flag = false;
     LSA_AUTH_INFORMATION structure = null;
     IntPtr fileTime = IntPtr.Zero;
     IntPtr hglobal = IntPtr.Zero;
     IntPtr ptr5 = IntPtr.Zero;
     TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null;
     IntPtr s = IntPtr.Zero;
     string serverName = null;
     serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
     flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
     try
     {
         try
         {
             handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
             result = new LSA_UNICODE_STRING();
             s = Marshal.StringToHGlobalUni(targetName);
             UnsafeNativeMethods.RtlInitUnicodeString(result, s);
             int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero);
             if (status != 0)
             {
                 int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
                 if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
                 {
                     throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
                 }
                 if (isForest)
                 {
                     throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
                 }
                 throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
             }
             TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION();
             Marshal.PtrToStructure(zero, trusted_domain_full_information);
             ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName);
             structure = new LSA_AUTH_INFORMATION();
             fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
             UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
             FileTime time = new FileTime();
             Marshal.PtrToStructure(fileTime, time);
             structure.LastUpdateTime = new LARGE_INTEGER();
             structure.LastUpdateTime.lowPart = time.lower;
             structure.LastUpdateTime.highPart = time.higher;
             structure.AuthType = TRUST_AUTH_TYPE_CLEAR;
             hglobal = Marshal.StringToHGlobalUni(password);
             structure.AuthInfo = hglobal;
             structure.AuthInfoLength = password.Length * 2;
             ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
             Marshal.StructureToPtr(structure, ptr5, false);
             trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION();
             if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection) 0))
             {
                 trusted_domain_auth_information.IncomingAuthInfos = 1;
                 trusted_domain_auth_information.IncomingAuthenticationInformation = ptr5;
                 trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
             }
             else
             {
                 trusted_domain_auth_information.IncomingAuthInfos = 0;
                 trusted_domain_auth_information.IncomingAuthenticationInformation = IntPtr.Zero;
                 trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
             }
             if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection) 0))
             {
                 trusted_domain_auth_information.OutgoingAuthInfos = 1;
                 trusted_domain_auth_information.OutgoingAuthenticationInformation = ptr5;
                 trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
             }
             else
             {
                 trusted_domain_auth_information.OutgoingAuthInfos = 0;
                 trusted_domain_auth_information.OutgoingAuthenticationInformation = IntPtr.Zero;
                 trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
             }
             trusted_domain_full_information.AuthInformation = trusted_domain_auth_information;
             trusted_domain_full_information.Information.TrustDirection = (int) newTrustDirection;
             ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
             Marshal.StructureToPtr(trusted_domain_full_information, ptr, false);
             status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr);
             if (status != 0)
             {
                 throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
             }
         }
         finally
         {
             if (flag)
             {
                 System.DirectoryServices.ActiveDirectory.Utils.Revert();
             }
             if (s != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(s);
             }
             if (zero != IntPtr.Zero)
             {
                 UnsafeNativeMethods.LsaFreeMemory(zero);
             }
             if (ptr != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(ptr);
             }
             if (fileTime != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(fileTime);
             }
             if (hglobal != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(hglobal);
             }
             if (ptr5 != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(ptr5);
             }
         }
     }
     catch
     {
         throw;
     }
 }
Esempio n. 2
0
        internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
        {
            PolicySafeHandle handle = null;
            IntPtr buffer = (IntPtr)0;
            LSA_UNICODE_STRING trustedDomainName = null;
            IntPtr newBuffer = (IntPtr)0;
            bool impersonated = false;
            LSA_AUTH_INFORMATION AuthData = null;
            IntPtr fileTime = (IntPtr)0;
            IntPtr unmanagedPassword = (IntPtr)0;
            IntPtr unmanagedAuthData = (IntPtr)0;
            TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null;
            IntPtr target = (IntPtr)0;
            string serverName = null;

            serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);

            impersonated = Utils.Impersonate(context);

            try
            {
                try
                {
                    // get the policy handle first
                    handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    // get the target name
                    trustedDomainName = new LSA_UNICODE_STRING();
                    target = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);

                    // get the trusted domain information                
                    int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer);
                    if (result != 0)
                    {
                        int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
                        if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
                            else
                                throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
                    }

                    // get the managed structre representation
                    TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION();
                    Marshal.PtrToStructure(buffer, domainInfo);

                    // validate the trust attribute first
                    ValidateTrustAttribute(domainInfo.Information, isForest, sourceName, targetName);

                    // change the attribute value properly
                    AuthData = new LSA_AUTH_INFORMATION();
                    fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);

                    // set the time
                    FileTime tmp = new FileTime();
                    Marshal.PtrToStructure(fileTime, tmp);
                    AuthData.LastUpdateTime = new LARGE_INTEGER();
                    AuthData.LastUpdateTime.lowPart = tmp.lower;
                    AuthData.LastUpdateTime.highPart = tmp.higher;

                    AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR;
                    unmanagedPassword = Marshal.StringToHGlobalUni(password);
                    AuthData.AuthInfo = unmanagedPassword;
                    AuthData.AuthInfoLength = password.Length * 2;

                    unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);

                    AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((newTrustDirection & TrustDirection.Inbound) != 0)
                    {
                        AuthInfoEx.IncomingAuthInfos = 1;
                        AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }
                    else
                    {
                        AuthInfoEx.IncomingAuthInfos = 0;
                        AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    if ((newTrustDirection & TrustDirection.Outbound) != 0)
                    {
                        AuthInfoEx.OutgoingAuthInfos = 1;
                        AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }
                    else
                    {
                        AuthInfoEx.OutgoingAuthInfos = 0;
                        AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    // reconstruct the unmanaged structure to set it back              
                    domainInfo.AuthInformation = AuthInfoEx;
                    // reset the trust direction
                    domainInfo.Information.TrustDirection = (int)newTrustDirection;

                    newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
                    Marshal.StructureToPtr(domainInfo, newBuffer, false);

                    result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer);
                    if (result != 0)
                    {
                        throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
                    }

                    return;
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (target != (IntPtr)0)
                        Marshal.FreeHGlobal(target);

                    if (buffer != (IntPtr)0)
                        UnsafeNativeMethods.LsaFreeMemory(buffer);

                    if (newBuffer != (IntPtr)0)
                        Marshal.FreeHGlobal(newBuffer);

                    if (fileTime != (IntPtr)0)
                        Marshal.FreeHGlobal(fileTime);

                    if (unmanagedPassword != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedPassword);

                    if (unmanagedAuthData != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedAuthData);
                }
            }
            catch { throw; }
        }
 internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
 {
     LSA_AUTH_INFORMATION structure = null;
     TRUSTED_DOMAIN_AUTH_INFORMATION authInfo = null;
     TRUSTED_DOMAIN_INFORMATION_EX domainEx = null;
     IntPtr zero = IntPtr.Zero;
     IntPtr hglobal = IntPtr.Zero;
     IntPtr ptr = IntPtr.Zero;
     IntPtr domainHandle = IntPtr.Zero;
     PolicySafeHandle handle = null;
     IntPtr ptr5 = IntPtr.Zero;
     bool flag = false;
     string serverName = null;
     ptr = GetTrustedDomainInfo(targetContext, targetName, isForest);
     try
     {
         try
         {
             POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO();
             Marshal.PtrToStructure(ptr, policy_dns_domain_info);
             structure = new LSA_AUTH_INFORMATION();
             zero = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
             UnsafeNativeMethods.GetSystemTimeAsFileTime(zero);
             FileTime time = new FileTime();
             Marshal.PtrToStructure(zero, time);
             structure.LastUpdateTime = new LARGE_INTEGER();
             structure.LastUpdateTime.lowPart = time.lower;
             structure.LastUpdateTime.highPart = time.higher;
             structure.AuthType = TRUST_AUTH_TYPE_CLEAR;
             hglobal = Marshal.StringToHGlobalUni(password);
             structure.AuthInfo = hglobal;
             structure.AuthInfoLength = password.Length * 2;
             ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
             Marshal.StructureToPtr(structure, ptr5, false);
             authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION();
             if ((direction & TrustDirection.Inbound) != ((TrustDirection) 0))
             {
                 authInfo.IncomingAuthInfos = 1;
                 authInfo.IncomingAuthenticationInformation = ptr5;
                 authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
             }
             if ((direction & TrustDirection.Outbound) != ((TrustDirection) 0))
             {
                 authInfo.OutgoingAuthInfos = 1;
                 authInfo.OutgoingAuthenticationInformation = ptr5;
                 authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
             }
             domainEx = new TRUSTED_DOMAIN_INFORMATION_EX {
                 FlatName = policy_dns_domain_info.Name,
                 Name = policy_dns_domain_info.DnsDomainName,
                 Sid = policy_dns_domain_info.Sid,
                 TrustType = TRUST_TYPE_UPLEVEL,
                 TrustDirection = (int) direction
             };
             if (isForest)
             {
                 domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
             }
             else
             {
                 domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
             }
             serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
             flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext);
             handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
             int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle);
             if (status != 0)
             {
                 status = UnsafeNativeMethods.LsaNtStatusToWinError(status);
                 if (status != ERROR_ALREADY_EXISTS)
                 {
                     throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName);
                 }
                 if (isForest)
                 {
                     throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName }));
                 }
                 throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName }));
             }
         }
         finally
         {
             if (flag)
             {
                 System.DirectoryServices.ActiveDirectory.Utils.Revert();
             }
             if (zero != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(zero);
             }
             if (domainHandle != IntPtr.Zero)
             {
                 UnsafeNativeMethods.LsaClose(domainHandle);
             }
             if (ptr != IntPtr.Zero)
             {
                 UnsafeNativeMethods.LsaFreeMemory(ptr);
             }
             if (hglobal != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(hglobal);
             }
             if (ptr5 != IntPtr.Zero)
             {
                 Marshal.FreeHGlobal(ptr5);
             }
         }
     }
     catch
     {
         throw;
     }
 }
Esempio n. 4
0
		internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
		{
			IntPtr intPtr = (IntPtr)0;
			IntPtr intPtr1 = (IntPtr)0;
			IntPtr intPtr2 = (IntPtr)0;
			IntPtr hGlobalUni = (IntPtr)0;
			IntPtr intPtr3 = (IntPtr)0;
			IntPtr hGlobalUni1 = (IntPtr)0;
			string policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName);
			bool flag = Utils.Impersonate(context);
			try
			{
				try
				{
					PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
					LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING();
					hGlobalUni1 = Marshal.StringToHGlobalUni(targetName);
					UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1);
					int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref intPtr);
					if (num == 0)
					{
						TRUSTED_DOMAIN_FULL_INFORMATION tRUSTEDDOMAINFULLINFORMATION = new TRUSTED_DOMAIN_FULL_INFORMATION();
						Marshal.PtrToStructure(intPtr, tRUSTEDDOMAINFULLINFORMATION);
						TrustHelper.ValidateTrustAttribute(tRUSTEDDOMAINFULLINFORMATION.Information, isForest, sourceName, targetName);
						LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION();
						intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
						UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr2);
						FileTime fileTime = new FileTime();
						Marshal.PtrToStructure(intPtr2, fileTime);
						lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER();
						lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower;
						lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher;
						lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR;
						hGlobalUni = Marshal.StringToHGlobalUni(password);
						lSAAUTHINFORMATION.AuthInfo = hGlobalUni;
						lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2;
						intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
						Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr3, false);
						TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION();
						if ((newTrustDirection & TrustDirection.Inbound) == 0)
						{
							tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 0;
							tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = (IntPtr)0;
							tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0;
						}
						else
						{
							tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1;
							tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr3;
							tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0;
						}
						if ((newTrustDirection & TrustDirection.Outbound) == 0)
						{
							tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 0;
							tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = (IntPtr)0;
							tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
						}
						else
						{
							tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1;
							tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr3;
							tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
						}
						tRUSTEDDOMAINFULLINFORMATION.AuthInformation = tRUSTEDDOMAINAUTHINFORMATION;
						tRUSTEDDOMAINFULLINFORMATION.Information.TrustDirection = (int)newTrustDirection;
						intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
						Marshal.StructureToPtr(tRUSTEDDOMAINFULLINFORMATION, intPtr1, false);
						num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, intPtr1);
						if (num != 0)
						{
							throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), policyServerName);
						}
					}
					else
					{
						int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num);
						if (winError != TrustHelper.STATUS_OBJECT_NAME_NOT_FOUND)
						{
							throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName);
						}
						else
						{
							if (!isForest)
							{
								object[] objArray = new object[2];
								objArray[0] = sourceName;
								objArray[1] = targetName;
								throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", objArray), typeof(TrustRelationshipInformation), null);
							}
							else
							{
								object[] objArray1 = new object[2];
								objArray1[0] = sourceName;
								objArray1[1] = targetName;
								throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", objArray1), typeof(ForestTrustRelationshipInformation), null);
							}
						}
					}
				}
				finally
				{
					if (flag)
					{
						Utils.Revert();
					}
					if (hGlobalUni1 != (IntPtr)0)
					{
						Marshal.FreeHGlobal(hGlobalUni1);
					}
					if (intPtr != (IntPtr)0)
					{
						UnsafeNativeMethods.LsaFreeMemory(intPtr);
					}
					if (intPtr1 != (IntPtr)0)
					{
						Marshal.FreeHGlobal(intPtr1);
					}
					if (intPtr2 != (IntPtr)0)
					{
						Marshal.FreeHGlobal(intPtr2);
					}
					if (hGlobalUni != (IntPtr)0)
					{
						Marshal.FreeHGlobal(hGlobalUni);
					}
					if (intPtr3 != (IntPtr)0)
					{
						Marshal.FreeHGlobal(intPtr3);
					}
				}
			}
			catch
			{
				throw;
			}
		}
Esempio n. 5
0
        internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
        {
            LSA_AUTH_INFORMATION AuthData = null;
            TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null;
            TRUSTED_DOMAIN_INFORMATION_EX tdi = null;
            IntPtr fileTime = (IntPtr)0;
            IntPtr unmanagedPassword = (IntPtr)0;
            IntPtr info = (IntPtr)0;
            IntPtr domainHandle = (IntPtr)0;
            PolicySafeHandle policyHandle = null;
            IntPtr unmanagedAuthData = (IntPtr)0;
            bool impersonated = false;
            string serverName = null;

            // get the domain info first
            info = GetTrustedDomainInfo(targetContext, targetName, isForest);

            try
            {
                try
                {
                    POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO();
                    Marshal.PtrToStructure(info, domainInfo);

                    AuthData = new LSA_AUTH_INFORMATION();
                    fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);

                    // set the time
                    FileTime tmp = new FileTime();
                    Marshal.PtrToStructure(fileTime, tmp);
                    AuthData.LastUpdateTime = new LARGE_INTEGER();
                    AuthData.LastUpdateTime.lowPart = tmp.lower;
                    AuthData.LastUpdateTime.highPart = tmp.higher;

                    AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR;
                    unmanagedPassword = Marshal.StringToHGlobalUni(password);
                    AuthData.AuthInfo = unmanagedPassword;
                    AuthData.AuthInfoLength = password.Length * 2;          // sizeof(WCHAR)

                    unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);

                    AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((direction & TrustDirection.Inbound) != 0)
                    {
                        AuthInfoEx.IncomingAuthInfos = 1;
                        AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    if ((direction & TrustDirection.Outbound) != 0)
                    {
                        AuthInfoEx.OutgoingAuthInfos = 1;
                        AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    tdi = new TRUSTED_DOMAIN_INFORMATION_EX();
                    tdi.FlatName = domainInfo.Name;
                    tdi.Name = domainInfo.DnsDomainName;
                    tdi.Sid = domainInfo.Sid;
                    tdi.TrustType = TRUST_TYPE_UPLEVEL;
                    tdi.TrustDirection = (int)direction;
                    if (isForest)
                    {
                        tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
                    }
                    else
                    {
                        tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
                    }

                    // get server name
                    serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);

                    // do impersonation and get policy handle
                    impersonated = Utils.Impersonate(sourceContext);
                    policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, s_TRUSTED_SET_POSIX | s_TRUSTED_SET_AUTH, out domainHandle);
                    if (result != 0)
                    {
                        result = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        if (result == s_ERROR_ALREADY_EXISTS)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingForestTrust, sourceName, targetName));
                            else
                                throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingDomainTrust, sourceName, targetName));
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName);
                    }
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (fileTime != (IntPtr)0)
                        Marshal.FreeHGlobal(fileTime);

                    if (domainHandle != (IntPtr)0)
                        UnsafeNativeMethods.LsaClose(domainHandle);

                    if (info != (IntPtr)0)
                        UnsafeNativeMethods.LsaFreeMemory(info);

                    if (unmanagedPassword != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedPassword);

                    if (unmanagedAuthData != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedAuthData);
                }
            }
            catch { throw; }
        }
Esempio n. 6
0
		internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
		{
			IntPtr intPtr = (IntPtr)0;
			IntPtr hGlobalUni = (IntPtr)0;
			IntPtr intPtr1 = (IntPtr)0;
			IntPtr intPtr2 = (IntPtr)0;
			bool flag = false;
			IntPtr trustedDomainInfo = TrustHelper.GetTrustedDomainInfo(targetContext, targetName, isForest);
			try
			{
				try
				{
					POLICY_DNS_DOMAIN_INFO pOLICYDNSDOMAININFO = new POLICY_DNS_DOMAIN_INFO();
					Marshal.PtrToStructure(trustedDomainInfo, pOLICYDNSDOMAININFO);
					LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION();
					intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
					UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr);
					FileTime fileTime = new FileTime();
					Marshal.PtrToStructure(intPtr, fileTime);
					lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER();
					lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower;
					lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher;
					lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR;
					hGlobalUni = Marshal.StringToHGlobalUni(password);
					lSAAUTHINFORMATION.AuthInfo = hGlobalUni;
					lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2;
					intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
					Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr2, false);
					TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION();
					if ((direction & TrustDirection.Inbound) != 0)
					{
						tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1;
						tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr2;
						tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0;
					}
					if ((direction & TrustDirection.Outbound) != 0)
					{
						tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1;
						tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr2;
						tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
					}
					TRUSTED_DOMAIN_INFORMATION_EX tRUSTEDDOMAININFORMATIONEX = new TRUSTED_DOMAIN_INFORMATION_EX();
					tRUSTEDDOMAININFORMATIONEX.FlatName = pOLICYDNSDOMAININFO.Name;
					tRUSTEDDOMAININFORMATIONEX.Name = pOLICYDNSDOMAININFO.DnsDomainName;
					tRUSTEDDOMAININFORMATIONEX.Sid = pOLICYDNSDOMAININFO.Sid;
					tRUSTEDDOMAININFORMATIONEX.TrustType = TrustHelper.TRUST_TYPE_UPLEVEL;
					tRUSTEDDOMAININFORMATIONEX.TrustDirection = (int)direction;
					if (!isForest)
					{
						tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
					}
					else
					{
						tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
					}
					string policyServerName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
					flag = Utils.Impersonate(sourceContext);
					PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName));
					int winError = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policySafeHandle, tRUSTEDDOMAININFORMATIONEX, tRUSTEDDOMAINAUTHINFORMATION, TrustHelper.TRUSTED_SET_POSIX | TrustHelper.TRUSTED_SET_AUTH, out intPtr1);
					if (winError != 0)
					{
						winError = UnsafeNativeMethods.LsaNtStatusToWinError(winError);
						if (winError != TrustHelper.ERROR_ALREADY_EXISTS)
						{
							throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName);
						}
						else
						{
							if (!isForest)
							{
								object[] objArray = new object[2];
								objArray[0] = sourceName;
								objArray[1] = targetName;
								throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", objArray));
							}
							else
							{
								object[] objArray1 = new object[2];
								objArray1[0] = sourceName;
								objArray1[1] = targetName;
								throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", objArray1));
							}
						}
					}
				}
				finally
				{
					if (flag)
					{
						Utils.Revert();
					}
					if (intPtr != (IntPtr)0)
					{
						Marshal.FreeHGlobal(intPtr);
					}
					if (intPtr1 != (IntPtr)0)
					{
						UnsafeNativeMethods.LsaClose(intPtr1);
					}
					if (trustedDomainInfo != (IntPtr)0)
					{
						UnsafeNativeMethods.LsaFreeMemory(trustedDomainInfo);
					}
					if (hGlobalUni != (IntPtr)0)
					{
						Marshal.FreeHGlobal(hGlobalUni);
					}
					if (intPtr2 != (IntPtr)0)
					{
						Marshal.FreeHGlobal(intPtr2);
					}
				}
			}
			catch
			{
				throw;
			}
		}
        internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
        {
            PolicySafeHandle   handle = null;
            IntPtr             zero   = IntPtr.Zero;
            LSA_UNICODE_STRING result = null;
            IntPtr             ptr    = IntPtr.Zero;
            bool flag = false;
            LSA_AUTH_INFORMATION structure = null;
            IntPtr fileTime = IntPtr.Zero;
            IntPtr hglobal  = IntPtr.Zero;
            IntPtr ptr5     = IntPtr.Zero;
            TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null;
            IntPtr s          = IntPtr.Zero;
            string serverName = null;

            serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
            flag       = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
            try
            {
                try
                {
                    handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
                    result = new LSA_UNICODE_STRING();
                    s      = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(result, s);
                    int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero);
                    if (status != 0)
                    {
                        int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
                        if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
                        }
                        if (isForest)
                        {
                            throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
                        }
                        throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
                    }
                    TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION();
                    Marshal.PtrToStructure(zero, trusted_domain_full_information);
                    ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName);
                    structure = new LSA_AUTH_INFORMATION();
                    fileTime  = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
                    FileTime time = new FileTime();
                    Marshal.PtrToStructure(fileTime, time);
                    structure.LastUpdateTime          = new LARGE_INTEGER();
                    structure.LastUpdateTime.lowPart  = time.lower;
                    structure.LastUpdateTime.highPart = time.higher;
                    structure.AuthType       = TRUST_AUTH_TYPE_CLEAR;
                    hglobal                  = Marshal.StringToHGlobalUni(password);
                    structure.AuthInfo       = hglobal;
                    structure.AuthInfoLength = password.Length * 2;
                    ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(structure, ptr5, false);
                    trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection)0))
                    {
                        trusted_domain_auth_information.IncomingAuthInfos = 1;
                        trusted_domain_auth_information.IncomingAuthenticationInformation         = ptr5;
                        trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    else
                    {
                        trusted_domain_auth_information.IncomingAuthInfos = 0;
                        trusted_domain_auth_information.IncomingAuthenticationInformation         = IntPtr.Zero;
                        trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection)0))
                    {
                        trusted_domain_auth_information.OutgoingAuthInfos = 1;
                        trusted_domain_auth_information.OutgoingAuthenticationInformation         = ptr5;
                        trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    else
                    {
                        trusted_domain_auth_information.OutgoingAuthInfos = 0;
                        trusted_domain_auth_information.OutgoingAuthenticationInformation         = IntPtr.Zero;
                        trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    trusted_domain_full_information.AuthInformation            = trusted_domain_auth_information;
                    trusted_domain_full_information.Information.TrustDirection = (int)newTrustDirection;
                    ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
                    Marshal.StructureToPtr(trusted_domain_full_information, ptr, false);
                    status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr);
                    if (status != 0)
                    {
                        throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
                    }
                }
                finally
                {
                    if (flag)
                    {
                        System.DirectoryServices.ActiveDirectory.Utils.Revert();
                    }
                    if (s != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(s);
                    }
                    if (zero != IntPtr.Zero)
                    {
                        UnsafeNativeMethods.LsaFreeMemory(zero);
                    }
                    if (ptr != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(ptr);
                    }
                    if (fileTime != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(fileTime);
                    }
                    if (hglobal != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(hglobal);
                    }
                    if (ptr5 != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(ptr5);
                    }
                }
            }
            catch
            {
                throw;
            }
        }
        internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password)
        {
            LSA_AUTH_INFORMATION            structure = null;
            TRUSTED_DOMAIN_AUTH_INFORMATION authInfo  = null;
            TRUSTED_DOMAIN_INFORMATION_EX   domainEx  = null;
            IntPtr           zero         = IntPtr.Zero;
            IntPtr           hglobal      = IntPtr.Zero;
            IntPtr           ptr          = IntPtr.Zero;
            IntPtr           domainHandle = IntPtr.Zero;
            PolicySafeHandle handle       = null;
            IntPtr           ptr5         = IntPtr.Zero;
            bool             flag         = false;
            string           serverName   = null;

            ptr = GetTrustedDomainInfo(targetContext, targetName, isForest);
            try
            {
                try
                {
                    POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO();
                    Marshal.PtrToStructure(ptr, policy_dns_domain_info);
                    structure = new LSA_AUTH_INFORMATION();
                    zero      = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(zero);
                    FileTime time = new FileTime();
                    Marshal.PtrToStructure(zero, time);
                    structure.LastUpdateTime          = new LARGE_INTEGER();
                    structure.LastUpdateTime.lowPart  = time.lower;
                    structure.LastUpdateTime.highPart = time.higher;
                    structure.AuthType       = TRUST_AUTH_TYPE_CLEAR;
                    hglobal                  = Marshal.StringToHGlobalUni(password);
                    structure.AuthInfo       = hglobal;
                    structure.AuthInfoLength = password.Length * 2;
                    ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(structure, ptr5, false);
                    authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((direction & TrustDirection.Inbound) != ((TrustDirection)0))
                    {
                        authInfo.IncomingAuthInfos = 1;
                        authInfo.IncomingAuthenticationInformation         = ptr5;
                        authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    if ((direction & TrustDirection.Outbound) != ((TrustDirection)0))
                    {
                        authInfo.OutgoingAuthInfos = 1;
                        authInfo.OutgoingAuthenticationInformation         = ptr5;
                        authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    domainEx = new TRUSTED_DOMAIN_INFORMATION_EX {
                        FlatName       = policy_dns_domain_info.Name,
                        Name           = policy_dns_domain_info.DnsDomainName,
                        Sid            = policy_dns_domain_info.Sid,
                        TrustType      = TRUST_TYPE_UPLEVEL,
                        TrustDirection = (int)direction
                    };
                    if (isForest)
                    {
                        domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
                    }
                    else
                    {
                        domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
                    }
                    serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
                    flag       = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext);
                    handle     = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
                    int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle);
                    if (status != 0)
                    {
                        status = UnsafeNativeMethods.LsaNtStatusToWinError(status);
                        if (status != ERROR_ALREADY_EXISTS)
                        {
                            throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName);
                        }
                        if (isForest)
                        {
                            throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName }));
                        }
                        throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName }));
                    }
                }
                finally
                {
                    if (flag)
                    {
                        System.DirectoryServices.ActiveDirectory.Utils.Revert();
                    }
                    if (zero != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(zero);
                    }
                    if (domainHandle != IntPtr.Zero)
                    {
                        UnsafeNativeMethods.LsaClose(domainHandle);
                    }
                    if (ptr != IntPtr.Zero)
                    {
                        UnsafeNativeMethods.LsaFreeMemory(ptr);
                    }
                    if (hglobal != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(hglobal);
                    }
                    if (ptr5 != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(ptr5);
                    }
                }
            }
            catch
            {
                throw;
            }
        }
Esempio n. 9
0
        internal static void UpdateTrustDirection(DirectoryContext context, string? sourceName, string? targetName, string password, bool isForest, TrustDirection newTrustDirection)
        {
            PolicySafeHandle? handle = null;
            IntPtr buffer = (IntPtr)0;
            LSA_UNICODE_STRING? trustedDomainName = null;
            IntPtr newBuffer = (IntPtr)0;
            bool impersonated = false;
            LSA_AUTH_INFORMATION? AuthData = null;
            IntPtr fileTime = (IntPtr)0;
            IntPtr unmanagedPassword = (IntPtr)0;
            IntPtr unmanagedAuthData = (IntPtr)0;
            TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null;
            IntPtr target = (IntPtr)0;
            string? serverName = null;

            serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);

            impersonated = Utils.Impersonate(context);

            try
            {
                try
                {
                    // get the policy handle first
                    handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    // get the target name
                    trustedDomainName = new LSA_UNICODE_STRING();
                    target = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);

                    // get the trusted domain information
                    int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer);
                    if (result != 0)
                    {
                        int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
                        if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
                            else
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
                    }

                    // get the managed structre representation
                    TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION();
                    Marshal.PtrToStructure(buffer, domainInfo);

                    // validate the trust attribute first
                    ValidateTrustAttribute(domainInfo.Information!, isForest, sourceName, targetName);

                    // change the attribute value properly
                    AuthData = new LSA_AUTH_INFORMATION();
                    fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);

                    // set the time
                    FileTime tmp = new FileTime();
                    Marshal.PtrToStructure(fileTime, tmp);
                    AuthData.LastUpdateTime = new LARGE_INTEGER();
                    AuthData.LastUpdateTime.lowPart = tmp.lower;
                    AuthData.LastUpdateTime.highPart = tmp.higher;

                    AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR;
                    unmanagedPassword = Marshal.StringToHGlobalUni(password);
                    AuthData.AuthInfo = unmanagedPassword;
                    AuthData.AuthInfoLength = password.Length * 2;

                    unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);

                    AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((newTrustDirection & TrustDirection.Inbound) != 0)
                    {
                        AuthInfoEx.IncomingAuthInfos = 1;
                        AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }
                    else
                    {
                        AuthInfoEx.IncomingAuthInfos = 0;
                        AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    if ((newTrustDirection & TrustDirection.Outbound) != 0)
                    {
                        AuthInfoEx.OutgoingAuthInfos = 1;
                        AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }
                    else
                    {
                        AuthInfoEx.OutgoingAuthInfos = 0;
                        AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    // reconstruct the unmanaged structure to set it back
                    domainInfo.AuthInformation = AuthInfoEx;
                    // reset the trust direction
                    domainInfo.Information!.TrustDirection = (int)newTrustDirection;

                    newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
                    Marshal.StructureToPtr(domainInfo, newBuffer, false);

                    result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer);
                    if (result != 0)
                    {
                        throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
                    }

                    return;
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (target != (IntPtr)0)
                        Marshal.FreeHGlobal(target);

                    if (buffer != (IntPtr)0)
                        UnsafeNativeMethods.LsaFreeMemory(buffer);

                    if (newBuffer != (IntPtr)0)
                        Marshal.FreeHGlobal(newBuffer);

                    if (fileTime != (IntPtr)0)
                        Marshal.FreeHGlobal(fileTime);

                    if (unmanagedPassword != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedPassword);

                    if (unmanagedAuthData != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedAuthData);
                }
            }
            catch { throw; }
        }
Esempio n. 10
0
        internal static void CreateTrust(DirectoryContext sourceContext, string? sourceName, DirectoryContext targetContext, string? targetName, bool isForest, TrustDirection direction, string password)
        {
            LSA_AUTH_INFORMATION? AuthData = null;
            TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null;
            TRUSTED_DOMAIN_INFORMATION_EX? tdi = null;
            IntPtr fileTime = (IntPtr)0;
            IntPtr unmanagedPassword = (IntPtr)0;
            IntPtr info = (IntPtr)0;
            IntPtr domainHandle = (IntPtr)0;
            PolicySafeHandle? policyHandle = null;
            IntPtr unmanagedAuthData = (IntPtr)0;
            bool impersonated = false;
            string? serverName = null;

            // get the domain info first
            info = GetTrustedDomainInfo(targetContext, targetName, isForest);

            try
            {
                try
                {
                    POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO();
                    Marshal.PtrToStructure(info, domainInfo);

                    AuthData = new LSA_AUTH_INFORMATION();
                    fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);

                    // set the time
                    FileTime tmp = new FileTime();
                    Marshal.PtrToStructure(fileTime, tmp);
                    AuthData.LastUpdateTime = new LARGE_INTEGER();
                    AuthData.LastUpdateTime.lowPart = tmp.lower;
                    AuthData.LastUpdateTime.highPart = tmp.higher;

                    AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR;
                    unmanagedPassword = Marshal.StringToHGlobalUni(password);
                    AuthData.AuthInfo = unmanagedPassword;
                    AuthData.AuthInfoLength = password.Length * 2;          // sizeof(WCHAR)

                    unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);

                    AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((direction & TrustDirection.Inbound) != 0)
                    {
                        AuthInfoEx.IncomingAuthInfos = 1;
                        AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    if ((direction & TrustDirection.Outbound) != 0)
                    {
                        AuthInfoEx.OutgoingAuthInfos = 1;
                        AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    tdi = new TRUSTED_DOMAIN_INFORMATION_EX();
                    tdi.FlatName = domainInfo.Name;
                    tdi.Name = domainInfo.DnsDomainName;
                    tdi.Sid = domainInfo.Sid;
                    tdi.TrustType = TRUST_TYPE_UPLEVEL;
                    tdi.TrustDirection = (int)direction;
                    if (isForest)
                    {
                        tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE;
                    }
                    else
                    {
                        tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
                    }

                    // get server name
                    serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);

                    // do impersonation and get policy handle
                    impersonated = Utils.Impersonate(sourceContext);
                    policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle);
                    if (result != 0)
                    {
                        result = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        if (result == ERROR_ALREADY_EXISTS)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingForestTrust, sourceName, targetName));
                            else
                                throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingDomainTrust, sourceName, targetName));
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName);
                    }
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (fileTime != (IntPtr)0)
                        Marshal.FreeHGlobal(fileTime);

                    if (domainHandle != (IntPtr)0)
                        UnsafeNativeMethods.LsaClose(domainHandle);

                    if (info != (IntPtr)0)
                        UnsafeNativeMethods.LsaFreeMemory(info);

                    if (unmanagedPassword != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedPassword);

                    if (unmanagedAuthData != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedAuthData);
                }
            }
            catch { throw; }
        }