internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION structure = null; TRUSTED_DOMAIN_AUTH_INFORMATION authInfo = null; TRUSTED_DOMAIN_INFORMATION_EX domainEx = null; IntPtr zero = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; IntPtr domainHandle = IntPtr.Zero; PolicySafeHandle handle = null; IntPtr ptr5 = IntPtr.Zero; bool flag = false; string serverName = null; ptr = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(ptr, policy_dns_domain_info); structure = new LSA_AUTH_INFORMATION(); zero = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(zero); FileTime time = new FileTime(); Marshal.PtrToStructure(zero, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != ((TrustDirection) 0)) { authInfo.IncomingAuthInfos = 1; authInfo.IncomingAuthenticationInformation = ptr5; authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((direction & TrustDirection.Outbound) != ((TrustDirection) 0)) { authInfo.OutgoingAuthInfos = 1; authInfo.OutgoingAuthenticationInformation = ptr5; authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } domainEx = new TRUSTED_DOMAIN_INFORMATION_EX { FlatName = policy_dns_domain_info.Name, Name = policy_dns_domain_info.DnsDomainName, Sid = policy_dns_domain_info.Sid, TrustType = TRUST_TYPE_UPLEVEL, TrustDirection = (int) direction }; if (isForest) { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext); handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle); if (status != 0) { status = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (status != ERROR_ALREADY_EXISTS) { throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName); } if (isForest) { throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName })); } throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName })); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (domainHandle != IntPtr.Zero) { UnsafeNativeMethods.LsaClose(domainHandle); } if (ptr != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(ptr); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION AuthData = null; TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null; TRUSTED_DOMAIN_INFORMATION_EX tdi = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr info = (IntPtr)0; IntPtr domainHandle = (IntPtr)0; PolicySafeHandle policyHandle = null; IntPtr unmanagedAuthData = (IntPtr)0; bool impersonated = false; string serverName = null; // get the domain info first info = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(info, domainInfo); AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; // sizeof(WCHAR) unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((direction & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } tdi = new TRUSTED_DOMAIN_INFORMATION_EX(); tdi.FlatName = domainInfo.Name; tdi.Name = domainInfo.DnsDomainName; tdi.Sid = domainInfo.Sid; tdi.TrustType = TRUST_TYPE_UPLEVEL; tdi.TrustDirection = (int)direction; if (isForest) { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } // get server name serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); // do impersonation and get policy handle impersonated = Utils.Impersonate(sourceContext); policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, s_TRUSTED_SET_POSIX | s_TRUSTED_SET_AUTH, out domainHandle); if (result != 0) { result = UnsafeNativeMethods.LsaNtStatusToWinError(result); if (result == s_ERROR_ALREADY_EXISTS) { if (isForest) throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingForestTrust, sourceName, targetName)); else throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingDomainTrust, sourceName, targetName)); } else throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName); } } finally { if (impersonated) Utils.Revert(); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (domainHandle != (IntPtr)0) UnsafeNativeMethods.LsaClose(domainHandle); if (info != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(info); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION structure = null; TRUSTED_DOMAIN_AUTH_INFORMATION authInfo = null; TRUSTED_DOMAIN_INFORMATION_EX domainEx = null; IntPtr zero = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; IntPtr domainHandle = IntPtr.Zero; PolicySafeHandle handle = null; IntPtr ptr5 = IntPtr.Zero; bool flag = false; string serverName = null; ptr = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(ptr, policy_dns_domain_info); structure = new LSA_AUTH_INFORMATION(); zero = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(zero); FileTime time = new FileTime(); Marshal.PtrToStructure(zero, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != ((TrustDirection)0)) { authInfo.IncomingAuthInfos = 1; authInfo.IncomingAuthenticationInformation = ptr5; authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((direction & TrustDirection.Outbound) != ((TrustDirection)0)) { authInfo.OutgoingAuthInfos = 1; authInfo.OutgoingAuthenticationInformation = ptr5; authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } domainEx = new TRUSTED_DOMAIN_INFORMATION_EX { FlatName = policy_dns_domain_info.Name, Name = policy_dns_domain_info.DnsDomainName, Sid = policy_dns_domain_info.Sid, TrustType = TRUST_TYPE_UPLEVEL, TrustDirection = (int)direction }; if (isForest) { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext); handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle); if (status != 0) { status = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (status != ERROR_ALREADY_EXISTS) { throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName); } if (isForest) { throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName })); } throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName })); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (domainHandle != IntPtr.Zero) { UnsafeNativeMethods.LsaClose(domainHandle); } if (ptr != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(ptr); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { IntPtr intPtr = (IntPtr)0; IntPtr hGlobalUni = (IntPtr)0; IntPtr intPtr1 = (IntPtr)0; IntPtr intPtr2 = (IntPtr)0; bool flag = false; IntPtr trustedDomainInfo = TrustHelper.GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO pOLICYDNSDOMAININFO = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(trustedDomainInfo, pOLICYDNSDOMAININFO); LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION(); intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr); FileTime fileTime = new FileTime(); Marshal.PtrToStructure(intPtr, fileTime); lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER(); lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower; lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher; lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR; hGlobalUni = Marshal.StringToHGlobalUni(password); lSAAUTHINFORMATION.AuthInfo = hGlobalUni; lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2; intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr2, false); TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != 0) { tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr2; tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((direction & TrustDirection.Outbound) != 0) { tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr2; tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } TRUSTED_DOMAIN_INFORMATION_EX tRUSTEDDOMAININFORMATIONEX = new TRUSTED_DOMAIN_INFORMATION_EX(); tRUSTEDDOMAININFORMATIONEX.FlatName = pOLICYDNSDOMAININFO.Name; tRUSTEDDOMAININFORMATIONEX.Name = pOLICYDNSDOMAININFO.DnsDomainName; tRUSTEDDOMAININFORMATIONEX.Sid = pOLICYDNSDOMAININFO.Sid; tRUSTEDDOMAININFORMATIONEX.TrustType = TrustHelper.TRUST_TYPE_UPLEVEL; tRUSTEDDOMAININFORMATIONEX.TrustDirection = (int)direction; if (!isForest) { tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } else { tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } string policyServerName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = Utils.Impersonate(sourceContext); PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); int winError = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policySafeHandle, tRUSTEDDOMAININFORMATIONEX, tRUSTEDDOMAINAUTHINFORMATION, TrustHelper.TRUSTED_SET_POSIX | TrustHelper.TRUSTED_SET_AUTH, out intPtr1); if (winError != 0) { winError = UnsafeNativeMethods.LsaNtStatusToWinError(winError); if (winError != TrustHelper.ERROR_ALREADY_EXISTS) { throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName); } else { if (!isForest) { object[] objArray = new object[2]; objArray[0] = sourceName; objArray[1] = targetName; throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", objArray)); } else { object[] objArray1 = new object[2]; objArray1[0] = sourceName; objArray1[1] = targetName; throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", objArray1)); } } } } finally { if (flag) { Utils.Revert(); } if (intPtr != (IntPtr)0) { Marshal.FreeHGlobal(intPtr); } if (intPtr1 != (IntPtr)0) { UnsafeNativeMethods.LsaClose(intPtr1); } if (trustedDomainInfo != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(trustedDomainInfo); } if (hGlobalUni != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni); } if (intPtr2 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr2); } } } catch { throw; } }
internal static void CreateTrust(DirectoryContext sourceContext, string? sourceName, DirectoryContext targetContext, string? targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION? AuthData = null; TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null; TRUSTED_DOMAIN_INFORMATION_EX? tdi = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr info = (IntPtr)0; IntPtr domainHandle = (IntPtr)0; PolicySafeHandle? policyHandle = null; IntPtr unmanagedAuthData = (IntPtr)0; bool impersonated = false; string? serverName = null; // get the domain info first info = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(info, domainInfo); AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; // sizeof(WCHAR) unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((direction & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } tdi = new TRUSTED_DOMAIN_INFORMATION_EX(); tdi.FlatName = domainInfo.Name; tdi.Name = domainInfo.DnsDomainName; tdi.Sid = domainInfo.Sid; tdi.TrustType = TRUST_TYPE_UPLEVEL; tdi.TrustDirection = (int)direction; if (isForest) { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } // get server name serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); // do impersonation and get policy handle impersonated = Utils.Impersonate(sourceContext); policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle); if (result != 0) { result = UnsafeNativeMethods.LsaNtStatusToWinError(result); if (result == ERROR_ALREADY_EXISTS) { if (isForest) throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingForestTrust, sourceName, targetName)); else throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingDomainTrust, sourceName, targetName)); } else throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName); } } finally { if (impersonated) Utils.Revert(); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (domainHandle != (IntPtr)0) UnsafeNativeMethods.LsaClose(domainHandle); if (info != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(info); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }