private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string? targetName, bool isForest) { PolicySafeHandle? policyHandle = null; IntPtr buffer = (IntPtr)0; bool impersonated = false; string? serverName = null; try { try { serverName = Utils.GetPolicyServerName(targetContext, isForest, false, targetName); impersonated = Utils.Impersonate(targetContext); try { policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); } catch (ActiveDirectoryOperationException) { if (impersonated) { Utils.Revert(); impersonated = false; } // try anonymous Utils.ImpersonateAnonymous(); impersonated = true; policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); } catch (UnauthorizedAccessException) { if (impersonated) { Utils.Revert(); impersonated = false; } // try anonymous Utils.ImpersonateAnonymous(); impersonated = true; policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); } int result = UnsafeNativeMethods.LsaQueryInformationPolicy(policyHandle, policyDnsDomainInformation, out buffer); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return buffer; } finally { if (impersonated) Utils.Revert(); } } catch { throw; } }
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string? sourceName, string? targetName, bool isForest, int direction, string serverName) { IntPtr buffer = (IntPtr)0; // get trust information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); try { TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // validate trust direction if applicable if (direction != 0) { if ((direction & domainInfo.TrustDirection) == 0) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(TrustRelationshipInformation), null); } } } finally { if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); } }
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName) { IntPtr zero = IntPtr.Zero; int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero); if (status != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } try { TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(zero, structure); ValidateTrustAttribute(structure, isForest, sourceName, targetName); if ((direction != 0) && ((direction & structure.TrustDirection) == 0)) { if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection)direction }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection)direction }), typeof(TrustRelationshipInformation), null); } } finally { if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } } }
private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string targetName, bool isForest) { PolicySafeHandle policyHandle = null; IntPtr buffer = (IntPtr)0; bool impersonated = false; string serverName = null; try { try { serverName = Utils.GetPolicyServerName(targetContext, isForest, false, targetName); impersonated = Utils.Impersonate(targetContext); try { policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); } catch (ActiveDirectoryOperationException) { if (impersonated) { Utils.Revert(); impersonated = false; } // try anonymous Utils.ImpersonateAnonymous(); impersonated = true; policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); } catch (UnauthorizedAccessException) { if (impersonated) { Utils.Revert(); impersonated = false; } // try anonymous Utils.ImpersonateAnonymous(); impersonated = true; policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); } int result = UnsafeNativeMethods.LsaQueryInformationPolicy(policyHandle, s_policyDnsDomainInformation, out buffer); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return buffer; } finally { if (impersonated) Utils.Revert(); } } catch { throw; } }
public void Save() { IntPtr intPtr; IntPtr hGlobalUni; object length; object obj; object length1; object obj1; int count = 0; int num = 0; IntPtr intPtr1 = (IntPtr)0; IntPtr intPtr2 = (IntPtr)0; ArrayList arrayLists = new ArrayList(); ArrayList arrayLists1 = new ArrayList(); bool flag = false; IntPtr hGlobalUni1 = (IntPtr)0; IntPtr intPtr3 = (IntPtr)0; count = count + this.TopLevelNames.Count; count = count + this.ExcludedTopLevelNames.Count; count = count + this.TrustedDomainInformation.Count; if (this.binaryData.Count != 0) { count++; count = count + this.binaryData.Count; } IntPtr intPtr4 = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr))); try { try { intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr3); FileTime fileTime = new FileTime(); Marshal.PtrToStructure(intPtr3, fileTime); for (int i = 0; i < this.topLevelNames.Count; i++) { LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD(); lSAFORESTTRUSTRECORD.Flags = (int)this.topLevelNames[i].Status; lSAFORESTTRUSTRECORD.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName; TopLevelName item = this.topLevelNames[i]; lSAFORESTTRUSTRECORD.Time = item.time; lSAFORESTTRUSTRECORD.TopLevelName = new LSA_UNICODE_STRING(); hGlobalUni = Marshal.StringToHGlobalUni(item.Name); arrayLists.Add(hGlobalUni); UnsafeNativeMethods.RtlInitUnicodeString(lSAFORESTTRUSTRECORD.TopLevelName, hGlobalUni); intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(lSAFORESTTRUSTRECORD, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; } for (int j = 0; j < this.excludedNames.Count; j++) { LSA_FOREST_TRUST_RECORD lARGEINTEGER = new LSA_FOREST_TRUST_RECORD(); lARGEINTEGER.Flags = 0; lARGEINTEGER.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx; if (!this.excludedNameTime.Contains(this.excludedNames[j])) { lARGEINTEGER.Time = new LARGE_INTEGER(); lARGEINTEGER.Time.lowPart = fileTime.lower; lARGEINTEGER.Time.highPart = fileTime.higher; } else { lARGEINTEGER.Time = (LARGE_INTEGER)this.excludedNameTime[(object)j]; } lARGEINTEGER.TopLevelName = new LSA_UNICODE_STRING(); hGlobalUni = Marshal.StringToHGlobalUni(this.excludedNames[j]); arrayLists.Add(hGlobalUni); UnsafeNativeMethods.RtlInitUnicodeString(lARGEINTEGER.TopLevelName, hGlobalUni); intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(lARGEINTEGER, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; } int num1 = 0; while (num1 < this.domainInfo.Count) { LSA_FOREST_TRUST_RECORD status = new LSA_FOREST_TRUST_RECORD(); status.Flags = (int)this.domainInfo[num1].Status; status.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo; ForestTrustDomainInformation forestTrustDomainInformation = this.domainInfo[num1]; status.Time = forestTrustDomainInformation.time; IntPtr intPtr5 = (IntPtr)0; IntPtr hGlobalUni2 = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DomainSid); arrayLists.Add(hGlobalUni2); int sidW = UnsafeNativeMethods.ConvertStringSidToSidW(hGlobalUni2, ref intPtr5); if (sidW != 0) { status.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO(); status.DomainInfo.sid = intPtr5; arrayLists1.Add(intPtr5); status.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DnsName); arrayLists.Add(status.DomainInfo.DNSNameBuffer); LSA_FOREST_TRUST_DOMAIN_INFO domainInfo = status.DomainInfo; if (forestTrustDomainInformation.DnsName == null) { length = null; } else { length = forestTrustDomainInformation.DnsName.Length * 2; } domainInfo.DNSNameLength = (short)length; LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO = status.DomainInfo; if (forestTrustDomainInformation.DnsName == null) { obj = null; } else { obj = forestTrustDomainInformation.DnsName.Length * 2; } lSAFORESTTRUSTDOMAININFO.DNSNameMaximumLength = (short)obj; status.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.NetBiosName); arrayLists.Add(status.DomainInfo.NetBIOSNameBuffer); LSA_FOREST_TRUST_DOMAIN_INFO domainInfo1 = status.DomainInfo; if (forestTrustDomainInformation.NetBiosName == null) { length1 = null; } else { length1 = forestTrustDomainInformation.NetBiosName.Length * 2; } domainInfo1.NetBIOSNameLength = (short)length1; LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO1 = status.DomainInfo; if (forestTrustDomainInformation.NetBiosName == null) { obj1 = null; } else { obj1 = forestTrustDomainInformation.NetBiosName.Length * 2; } lSAFORESTTRUSTDOMAININFO1.NetBIOSNameMaximumLength = (short)obj1; intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(status, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; num1++; } else { throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error()); } } if (this.binaryData.Count > 0) { LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD1 = new LSA_FOREST_TRUST_RECORD(); lSAFORESTTRUSTRECORD1.Flags = 0; lSAFORESTTRUSTRECORD1.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast; intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(lSAFORESTTRUSTRECORD1, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; for (int k = 0; k < this.binaryData.Count; k++) { LSA_FOREST_TRUST_RECORD item1 = new LSA_FOREST_TRUST_RECORD(); item1.Flags = 0; item1.Time = (LARGE_INTEGER)this.binaryDataTime[k]; item1.Data.Length = (int)((byte[])this.binaryData[k]).Length; if (item1.Data.Length != 0) { item1.Data.Buffer = Marshal.AllocHGlobal(item1.Data.Length); arrayLists.Add(item1.Data.Buffer); Marshal.Copy((byte[])this.binaryData[k], 0, item1.Data.Buffer, item1.Data.Length); } else { item1.Data.Buffer = (IntPtr)0; } intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(item1, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; } } LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION(); lSAFORESTTRUSTINFORMATION.RecordCount = count; lSAFORESTTRUSTINFORMATION.Entries = intPtr4; intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION))); Marshal.StructureToPtr(lSAFORESTTRUSTINFORMATION, intPtr1, false); string policyServerName = Utils.GetPolicyServerName(this.context, true, true, base.SourceName); flag = Utils.Impersonate(this.context); PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING(); hGlobalUni1 = Marshal.StringToHGlobalUni(base.TargetName); UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1); int num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 1, out intPtr2); if (num2 == 0) { if (intPtr2 == (IntPtr)0) { num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 0, out intPtr2); if (num2 == 0) { this.retrieved = false; } else { throw ExceptionHelper.GetExceptionFromErrorCode(num2, policyServerName); } } else { throw ExceptionHelper.CreateForestTrustCollisionException(intPtr2); } } else { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num2), policyServerName); } } finally { if (flag) { Utils.Revert(); } for (int l = 0; l < arrayLists.Count; l++) { Marshal.FreeHGlobal((IntPtr)arrayLists[l]); } for (int m = 0; m < arrayLists1.Count; m++) { UnsafeNativeMethods.LocalFree((IntPtr)arrayLists1[m]); } if (intPtr4 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr4); } if (intPtr1 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr1); } if (intPtr2 != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(intPtr2); } if (hGlobalUni1 != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni1); } if (intPtr3 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr3); } } } catch { throw; } }
public static extern int LsaQueryInformationPolicy(PolicySafeHandle handle, int infoClass, out IntPtr buffer);
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle handle = null; IntPtr buffer = (IntPtr)0; LSA_UNICODE_STRING trustedDomainName = null; IntPtr newBuffer = (IntPtr)0; bool impersonated = false; LSA_AUTH_INFORMATION AuthData = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr unmanagedAuthData = (IntPtr)0; TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null; IntPtr target = (IntPtr)0; string serverName = null; serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get the trusted domain information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } // get the managed structre representation TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(buffer, domainInfo); // validate the trust attribute first ValidateTrustAttribute(domainInfo.Information, isForest, sourceName, targetName); // change the attribute value properly AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.IncomingAuthInfos = 0; AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((newTrustDirection & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.OutgoingAuthInfos = 0; AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } // reconstruct the unmanaged structure to set it back domainInfo.AuthInformation = AuthInfoEx; // reset the trust direction domainInfo.Information.TrustDirection = (int)newTrustDirection; newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(domainInfo, newBuffer, false); result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return; } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); if (newBuffer != (IntPtr)0) Marshal.FreeHGlobal(newBuffer); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle handle = null; IntPtr zero = IntPtr.Zero; LSA_UNICODE_STRING result = null; IntPtr ptr = IntPtr.Zero; bool flag = false; LSA_AUTH_INFORMATION structure = null; IntPtr fileTime = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr5 = IntPtr.Zero; TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero); if (status != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(zero, trusted_domain_full_information); ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName); structure = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); FileTime time = new FileTime(); Marshal.PtrToStructure(fileTime, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection) 0)) { trusted_domain_auth_information.IncomingAuthInfos = 1; trusted_domain_auth_information.IncomingAuthenticationInformation = ptr5; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.IncomingAuthInfos = 0; trusted_domain_auth_information.IncomingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection) 0)) { trusted_domain_auth_information.OutgoingAuthInfos = 1; trusted_domain_auth_information.OutgoingAuthenticationInformation = ptr5; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.OutgoingAuthInfos = 0; trusted_domain_auth_information.OutgoingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } trusted_domain_full_information.AuthInformation = trusted_domain_auth_information; trusted_domain_full_information.Information.TrustDirection = (int) newTrustDirection; ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(trusted_domain_full_information, ptr, false); status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } if (fileTime != IntPtr.Zero) { Marshal.FreeHGlobal(fileTime); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
public static extern int LsaQueryForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, ref IntPtr ForestTrustInfo);
public static extern int LsaOpenTrustedDomainByName(PolicySafeHandle policyHandle, LSA_UNICODE_STRING trustedDomain, int access, ref IntPtr trustedDomainHandle);
internal static void DeleteTrust(DirectoryContext sourceContext, string sourceName, string targetName, bool isForest) { PolicySafeHandle handle = null; LSA_UNICODE_STRING result = null; int errorCode = 0; bool flag = false; IntPtr zero = IntPtr.Zero; string serverName = null; IntPtr buffer = IntPtr.Zero; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); zero = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, zero); int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (status != 0) { errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } try { TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, structure); ValidateTrustAttribute(structure, isForest, sourceName, targetName); status = UnsafeNativeMethods.LsaDeleteTrustedDomain(handle, structure.Sid); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } } finally { if (buffer != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(buffer); } } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } } } catch { throw; } }
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string? sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest) { PolicySafeHandle? handle = null; IntPtr buffer = (IntPtr)0; IntPtr newInfo = (IntPtr)0; LSA_UNICODE_STRING? trustedDomainName = null; bool impersonated = false; IntPtr target = (IntPtr)0; string? serverName = null; serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get the trusted domain information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); // get the managed structre representation TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // change the attribute value properly // selective authentication if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) { if (status) { // turns on selective authentication domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION; } else { // turns off selective authentication domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION); } } // user wants to change sid filtering behavior for forest trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) { if (status) { // user wants sid filtering behavior domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL); } else { // users wants to turn off sid filtering behavior domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL; } } // user wants to change sid filtering behavior for external trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) { if (status) { // user wants sid filtering behavior domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } else { // user wants to turn off sid filtering behavior domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN); } } else { throw new ArgumentException(nameof(attribute)); } // reconstruct the unmanaged structure to set it back newInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX))); Marshal.StructureToPtr(domainInfo, newInfo, false); result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, newInfo); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return; } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); if (newInfo != (IntPtr)0) Marshal.FreeHGlobal(newInfo); } } catch { throw; } }
public void Save() { int count = 0; IntPtr records = (IntPtr)0; int currentCount = 0; IntPtr tmpPtr = (IntPtr)0; IntPtr forestInfo = (IntPtr)0; PolicySafeHandle handle = null; LSA_UNICODE_STRING trustedDomainName; IntPtr collisionInfo = (IntPtr)0; ArrayList ptrList = new ArrayList(); ArrayList sidList = new ArrayList(); bool impersonated = false; IntPtr target = (IntPtr)0; string serverName = null; IntPtr fileTime = (IntPtr)0; // first get the count of all the records int toplevelNamesCount = TopLevelNames.Count; int excludedNamesCount = ExcludedTopLevelNames.Count; int trustedDomainCount = TrustedDomainInformation.Count; int binaryDataCount = 0; checked { count += toplevelNamesCount; count += excludedNamesCount; count += trustedDomainCount; if (_binaryData.Count != 0) { binaryDataCount = _binaryData.Count; // for the ForestTrustRecordTypeLast record count++; count += binaryDataCount; } // allocate the memory for all the records records = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr))); } try { try { IntPtr ptr = (IntPtr)0; fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime currentTime = new FileTime(); Marshal.PtrToStructure(fileTime, currentTime); for (int i = 0; i < toplevelNamesCount; i++) { // now begin to construct top leve name record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = (int)_topLevelNames[i].Status; record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName; TopLevelName TLN = _topLevelNames[i]; record.Time = TLN.time; record.TopLevelName = new LSA_UNICODE_STRING(); ptr = Marshal.StringToHGlobalUni(TLN.Name); ptrList.Add(ptr); UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr); tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } for (int i = 0; i < excludedNamesCount; i++) { // now begin to construct excluded top leve name record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = 0; record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx; if (_excludedNameTime.Contains(_excludedNames[i])) { record.Time = (LARGE_INTEGER)_excludedNameTime[i]; } else { record.Time = new LARGE_INTEGER(); record.Time.lowPart = currentTime.lower; record.Time.highPart = currentTime.higher; } record.TopLevelName = new LSA_UNICODE_STRING(); ptr = Marshal.StringToHGlobalUni(_excludedNames[i]); ptrList.Add(ptr); UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr); tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } for (int i = 0; i < trustedDomainCount; i++) { // now begin to construct domain info record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = (int)_domainInfo[i].Status; record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo; ForestTrustDomainInformation tmp = _domainInfo[i]; record.Time = tmp.time; IntPtr pSid = (IntPtr)0; IntPtr stringSid = (IntPtr)0; stringSid = Marshal.StringToHGlobalUni(tmp.DomainSid); ptrList.Add(stringSid); int result = UnsafeNativeMethods.ConvertStringSidToSidW(stringSid, ref pSid); if (result == 0) { throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error()); } record.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO(); record.DomainInfo.sid = pSid; sidList.Add(pSid); record.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(tmp.DnsName); ptrList.Add(record.DomainInfo.DNSNameBuffer); record.DomainInfo.DNSNameLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2); // sizeof(WCHAR) record.DomainInfo.DNSNameMaximumLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2); record.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(tmp.NetBiosName); ptrList.Add(record.DomainInfo.NetBIOSNameBuffer); record.DomainInfo.NetBIOSNameLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2); record.DomainInfo.NetBIOSNameMaximumLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2); tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } if (binaryDataCount > 0) { // now begin to construct ForestTrustRecordTypeLast LSA_FOREST_TRUST_RECORD lastRecord = new LSA_FOREST_TRUST_RECORD(); lastRecord.Flags = 0; lastRecord.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast; tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(lastRecord, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; for (int i = 0; i < binaryDataCount; i++) { // now begin to construct excluded top leve name record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = 0; record.Time = (LARGE_INTEGER)_binaryDataTime[i]; record.Data.Length = ((byte[])_binaryData[i]).Length; if (record.Data.Length == 0) { record.Data.Buffer = (IntPtr)0; } else { record.Data.Buffer = Marshal.AllocHGlobal(record.Data.Length); ptrList.Add(record.Data.Buffer); Marshal.Copy((byte[])_binaryData[i], 0, record.Data.Buffer, record.Data.Length); } tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } } // finally construct the LSA_FOREST_TRUST_INFORMATION LSA_FOREST_TRUST_INFORMATION trustInformation = new LSA_FOREST_TRUST_INFORMATION(); trustInformation.RecordCount = count; trustInformation.Entries = records; forestInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION))); Marshal.StructureToPtr(trustInformation, forestInfo, false); // get policy server name serverName = Utils.GetPolicyServerName(context, true, true, SourceName); // do impersonation first impersonated = Utils.Impersonate(context); // get the policy handle handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(TargetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // call the unmanaged function int error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 1, out collisionInfo); if (error != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(error), serverName); } // there is collision, throw proper exception so user can deal with it if (collisionInfo != (IntPtr)0) { throw ExceptionHelper.CreateForestTrustCollisionException(collisionInfo); } // commit the changes error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 0, out collisionInfo); if (error != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(error, serverName); } // now next time property is invoked, we need to go to the server retrieved = false; } finally { if (impersonated) { Utils.Revert(); } // release the memory for (int i = 0; i < ptrList.Count; i++) { Marshal.FreeHGlobal((IntPtr)ptrList[i]); } for (int i = 0; i < sidList.Count; i++) { UnsafeNativeMethods.LocalFree((IntPtr)sidList[i]); } if (records != (IntPtr)0) { Marshal.FreeHGlobal(records); } if (forestInfo != (IntPtr)0) { Marshal.FreeHGlobal(forestInfo); } if (collisionInfo != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(collisionInfo); } if (target != (IntPtr)0) { Marshal.FreeHGlobal(target); } if (fileTime != (IntPtr)0) { Marshal.FreeHGlobal(fileTime); } } } catch { throw; } }
internal static void UpdateTrustDirection(DirectoryContext context, string? sourceName, string? targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle? handle = null; IntPtr buffer = (IntPtr)0; LSA_UNICODE_STRING? trustedDomainName = null; IntPtr newBuffer = (IntPtr)0; bool impersonated = false; LSA_AUTH_INFORMATION? AuthData = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr unmanagedAuthData = (IntPtr)0; TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null; IntPtr target = (IntPtr)0; string? serverName = null; serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get the trusted domain information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } // get the managed structre representation TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(buffer, domainInfo); // validate the trust attribute first ValidateTrustAttribute(domainInfo.Information!, isForest, sourceName, targetName); // change the attribute value properly AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.IncomingAuthInfos = 0; AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((newTrustDirection & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.OutgoingAuthInfos = 0; AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } // reconstruct the unmanaged structure to set it back domainInfo.AuthInformation = AuthInfoEx; // reset the trust direction domainInfo.Information!.TrustDirection = (int)newTrustDirection; newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(domainInfo, newBuffer, false); result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return; } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); if (newBuffer != (IntPtr)0) Marshal.FreeHGlobal(newBuffer); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }
internal static bool GetTrustedDomainInfoStatus(DirectoryContext context, string? sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool isForest) { PolicySafeHandle? handle = null; IntPtr buffer = (IntPtr)0; LSA_UNICODE_STRING? trustedDomainName = null; bool impersonated = false; IntPtr target = (IntPtr)0; string? serverName = null; // get policy server name serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // get the attribute of the trust // selective authentication info if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) { if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) == 0) return false; else return true; } // sid filtering behavior for forest trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) { if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) == 0) return true; else return false; } // sid filtering behavior for domain trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) { if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) == 0) return false; else return true; } else { // should not happen throw new ArgumentException(nameof(attribute)); } } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); } } catch { throw; } }
internal static void CreateTrust(DirectoryContext sourceContext, string? sourceName, DirectoryContext targetContext, string? targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION? AuthData = null; TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null; TRUSTED_DOMAIN_INFORMATION_EX? tdi = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr info = (IntPtr)0; IntPtr domainHandle = (IntPtr)0; PolicySafeHandle? policyHandle = null; IntPtr unmanagedAuthData = (IntPtr)0; bool impersonated = false; string? serverName = null; // get the domain info first info = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(info, domainInfo); AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; // sizeof(WCHAR) unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((direction & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } tdi = new TRUSTED_DOMAIN_INFORMATION_EX(); tdi.FlatName = domainInfo.Name; tdi.Name = domainInfo.DnsDomainName; tdi.Sid = domainInfo.Sid; tdi.TrustType = TRUST_TYPE_UPLEVEL; tdi.TrustDirection = (int)direction; if (isForest) { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } // get server name serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); // do impersonation and get policy handle impersonated = Utils.Impersonate(sourceContext); policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle); if (result != 0) { result = UnsafeNativeMethods.LsaNtStatusToWinError(result); if (result == ERROR_ALREADY_EXISTS) { if (isForest) throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingForestTrust, sourceName, targetName)); else throw new ActiveDirectoryObjectExistsException(SR.Format(SR.AlreadyExistingDomainTrust, sourceName, targetName)); } else throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName); } } finally { if (impersonated) Utils.Revert(); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (domainHandle != (IntPtr)0) UnsafeNativeMethods.LsaClose(domainHandle); if (info != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(info); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }
internal static void VerifyTrust(DirectoryContext context, string? sourceName, string? targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string? preferredTargetServer) { PolicySafeHandle? policyHandle = null; LSA_UNICODE_STRING? trustedDomainName = null; int win32Error = 0; IntPtr data = (IntPtr)0; IntPtr ptr = (IntPtr)0; IntPtr buffer1 = (IntPtr)0; IntPtr buffer2 = (IntPtr)0; bool impersonated = true; IntPtr target = (IntPtr)0; string? policyServerName = null; policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // validate the trust existence ValidateTrust(policyHandle, trustedDomainName, sourceName, targetName, isForest, (int)direction, policyServerName); // need to verify direction if (preferredTargetServer == null) data = Marshal.StringToHGlobalUni(targetName); else // this is the case that we need to specifically go to a particular server. This is the way to tell netlogon to do that. data = Marshal.StringToHGlobalUni(targetName + "\\" + preferredTargetServer); ptr = Marshal.AllocHGlobal(IntPtr.Size); Marshal.WriteIntPtr(ptr, data); if (!forceSecureChannelReset) { win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer1); if (win32Error == 0) { NETLOGON_INFO_2 info = new NETLOGON_INFO_2(); Marshal.PtrToStructure(buffer1, info); if ((info.netlog2_flags & NETLOGON_VERIFY_STATUS_RETURNED) != 0) { int result = info.netlog2_pdc_connection_status; if (result == 0) { // verification succeeded return; } else { // don't really know which server is down, the source or the target throw ExceptionHelper.GetExceptionFromErrorCode(result); } } else { int result = info.netlog2_tc_connection_status; throw ExceptionHelper.GetExceptionFromErrorCode(result); } } else { if (win32Error == ERROR_INVALID_LEVEL) { // it is pre-win2k SP3 dc that does not support NETLOGON_CONTROL_TC_VERIFY throw new NotSupportedException(SR.TrustVerificationNotSupport); } else { throw ExceptionHelper.GetExceptionFromErrorCode(win32Error); } } } else { // then try secure channel reset win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out buffer2); if (win32Error != 0) // don't really know which server is down, the source or the target throw ExceptionHelper.GetExceptionFromErrorCode(win32Error); } } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (ptr != (IntPtr)0) Marshal.FreeHGlobal(ptr); if (data != (IntPtr)0) Marshal.FreeHGlobal(data); if (buffer1 != (IntPtr)0) UnsafeNativeMethods.NetApiBufferFree(buffer1); if (buffer2 != (IntPtr)0) UnsafeNativeMethods.NetApiBufferFree(buffer2); } } catch { throw; } }
internal static void DeleteTrust(DirectoryContext sourceContext, string? sourceName, string? targetName, bool isForest) { PolicySafeHandle? policyHandle = null; LSA_UNICODE_STRING? trustedDomainName = null; int win32Error = 0; bool impersonated = false; IntPtr target = (IntPtr)0; string? serverName = null; IntPtr buffer = (IntPtr)0; serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); impersonated = Utils.Impersonate(sourceContext); try { try { // get the policy handle policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get trust information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policyHandle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); try { TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // delete the trust result = UnsafeNativeMethods.LsaDeleteTrustedDomain(policyHandle, domainInfo.Sid); if (result != 0) { win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } } finally { if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); } } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); } } catch { throw; } }
public static extern int LsaQueryForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, ref IntPtr ForestTrustInfo);
internal static void DeleteTrust(DirectoryContext sourceContext, string sourceName, string targetName, bool isForest) { PolicySafeHandle handle = null; LSA_UNICODE_STRING result = null; int errorCode = 0; bool flag = false; IntPtr zero = IntPtr.Zero; string serverName = null; IntPtr buffer = IntPtr.Zero; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); zero = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, zero); int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (status != 0) { errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } try { TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, structure); ValidateTrustAttribute(structure, isForest, sourceName, targetName); status = UnsafeNativeMethods.LsaDeleteTrustedDomain(handle, structure.Sid); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } } finally { if (buffer != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(buffer); } } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } } } catch { throw; } }
public static extern int LsaQueryInformationPolicy(PolicySafeHandle handle, int infoClass, out IntPtr buffer);
private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string targetName, bool isForest) { PolicySafeHandle handle = null; IntPtr ptr2; IntPtr zero = IntPtr.Zero; bool flag = false; string serverName = null; try { try { serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(targetContext, isForest, false, targetName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(targetContext); try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); } catch (ActiveDirectoryOperationException) { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); flag = false; } System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous(); flag = true; handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); } catch (UnauthorizedAccessException) { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); flag = false; } System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous(); flag = true; handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); } int status = UnsafeNativeMethods.LsaQueryInformationPolicy(handle, PolicyDnsDomainInformation, out zero); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } ptr2 = zero; } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } } } catch { throw; } return(ptr2); }
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION structure = null; TRUSTED_DOMAIN_AUTH_INFORMATION authInfo = null; TRUSTED_DOMAIN_INFORMATION_EX domainEx = null; IntPtr zero = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; IntPtr domainHandle = IntPtr.Zero; PolicySafeHandle handle = null; IntPtr ptr5 = IntPtr.Zero; bool flag = false; string serverName = null; ptr = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(ptr, policy_dns_domain_info); structure = new LSA_AUTH_INFORMATION(); zero = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(zero); FileTime time = new FileTime(); Marshal.PtrToStructure(zero, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != ((TrustDirection) 0)) { authInfo.IncomingAuthInfos = 1; authInfo.IncomingAuthenticationInformation = ptr5; authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((direction & TrustDirection.Outbound) != ((TrustDirection) 0)) { authInfo.OutgoingAuthInfos = 1; authInfo.OutgoingAuthenticationInformation = ptr5; authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } domainEx = new TRUSTED_DOMAIN_INFORMATION_EX { FlatName = policy_dns_domain_info.Name, Name = policy_dns_domain_info.DnsDomainName, Sid = policy_dns_domain_info.Sid, TrustType = TRUST_TYPE_UPLEVEL, TrustDirection = (int) direction }; if (isForest) { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext); handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle); if (status != 0) { status = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (status != ERROR_ALREADY_EXISTS) { throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName); } if (isForest) { throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName })); } throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName })); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (domainHandle != IntPtr.Zero) { UnsafeNativeMethods.LsaClose(domainHandle); } if (ptr != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(ptr); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION structure = null; TRUSTED_DOMAIN_AUTH_INFORMATION authInfo = null; TRUSTED_DOMAIN_INFORMATION_EX domainEx = null; IntPtr zero = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; IntPtr domainHandle = IntPtr.Zero; PolicySafeHandle handle = null; IntPtr ptr5 = IntPtr.Zero; bool flag = false; string serverName = null; ptr = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO policy_dns_domain_info = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(ptr, policy_dns_domain_info); structure = new LSA_AUTH_INFORMATION(); zero = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(zero); FileTime time = new FileTime(); Marshal.PtrToStructure(zero, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); authInfo = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != ((TrustDirection)0)) { authInfo.IncomingAuthInfos = 1; authInfo.IncomingAuthenticationInformation = ptr5; authInfo.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((direction & TrustDirection.Outbound) != ((TrustDirection)0)) { authInfo.OutgoingAuthInfos = 1; authInfo.OutgoingAuthenticationInformation = ptr5; authInfo.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } domainEx = new TRUSTED_DOMAIN_INFORMATION_EX { FlatName = policy_dns_domain_info.Name, Name = policy_dns_domain_info.DnsDomainName, Sid = policy_dns_domain_info.Sid, TrustType = TRUST_TYPE_UPLEVEL, TrustDirection = (int)direction }; if (isForest) { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { domainEx.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext); handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); int status = UnsafeNativeMethods.LsaCreateTrustedDomainEx(handle, domainEx, authInfo, TRUSTED_SET_POSIX | TRUSTED_SET_AUTH, out domainHandle); if (status != 0) { status = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (status != ERROR_ALREADY_EXISTS) { throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName); } if (isForest) { throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", new object[] { sourceName, targetName })); } throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", new object[] { sourceName, targetName })); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (domainHandle != IntPtr.Zero) { UnsafeNativeMethods.LsaClose(domainHandle); } if (ptr != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(ptr); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer) { PolicySafeHandle handle = null; LSA_UNICODE_STRING result = null; int errorCode = 0; IntPtr zero = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; IntPtr buffer = IntPtr.Zero; IntPtr ptr4 = IntPtr.Zero; bool flag = true; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); ValidateTrust(handle, result, sourceName, targetName, isForest, (int) direction, serverName); if (preferredTargetServer == null) { zero = Marshal.StringToHGlobalUni(targetName); } else { zero = Marshal.StringToHGlobalUni(targetName + @"\" + preferredTargetServer); } ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr))); Marshal.WriteIntPtr(ptr, zero); if (!forceSecureChannelReset) { errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer); if (errorCode != 0) { if (errorCode == ERROR_INVALID_LEVEL) { throw new NotSupportedException(Res.GetString("TrustVerificationNotSupport")); } throw ExceptionHelper.GetExceptionFromErrorCode(errorCode); } NETLOGON_INFO_2 structure = new NETLOGON_INFO_2(); Marshal.PtrToStructure(buffer, structure); if ((structure.netlog2_flags & NETLOGON_VERIFY_STATUS_RETURNED) == 0) { throw ExceptionHelper.GetExceptionFromErrorCode(structure.netlog2_tc_connection_status); } int num2 = structure.netlog2_pdc_connection_status; if (num2 != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(num2); } } else { errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out ptr4); if (errorCode != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode); } } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (buffer != IntPtr.Zero) { UnsafeNativeMethods.NetApiBufferFree(buffer); } if (ptr4 != IntPtr.Zero) { UnsafeNativeMethods.NetApiBufferFree(ptr4); } } } catch { throw; } }
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest) { PolicySafeHandle handle = null; IntPtr zero = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; LSA_UNICODE_STRING result = null; bool flag = false; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero); if (num != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(num); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(zero, structure); ValidateTrustAttribute(structure, isForest, sourceName, targetName); if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) { if (status) { structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION; } else { structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION; } } else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) { if (status) { structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL; } else { structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL; } } else { if (attribute != TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) { throw new ArgumentException("attribute"); } if (status) { structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } else { structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } } ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX))); Marshal.StructureToPtr(structure, ptr, false); num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ptr); if (num != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), serverName); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } } } catch { throw; } }
public static extern int LsaOpenTrustedDomainByName(PolicySafeHandle policyHandle, LSA_UNICODE_STRING trustedDomain, int access, ref IntPtr trustedDomainHandle);
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle handle = null; IntPtr zero = IntPtr.Zero; LSA_UNICODE_STRING result = null; IntPtr ptr = IntPtr.Zero; bool flag = false; LSA_AUTH_INFORMATION structure = null; IntPtr fileTime = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr5 = IntPtr.Zero; TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero); if (status != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(zero, trusted_domain_full_information); ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName); structure = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); FileTime time = new FileTime(); Marshal.PtrToStructure(fileTime, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection)0)) { trusted_domain_auth_information.IncomingAuthInfos = 1; trusted_domain_auth_information.IncomingAuthenticationInformation = ptr5; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.IncomingAuthInfos = 0; trusted_domain_auth_information.IncomingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection)0)) { trusted_domain_auth_information.OutgoingAuthInfos = 1; trusted_domain_auth_information.OutgoingAuthenticationInformation = ptr5; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.OutgoingAuthInfos = 0; trusted_domain_auth_information.OutgoingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } trusted_domain_full_information.AuthInformation = trusted_domain_auth_information; trusted_domain_full_information.Information.TrustDirection = (int)newTrustDirection; ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(trusted_domain_full_information, ptr, false); status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } if (fileTime != IntPtr.Zero) { Marshal.FreeHGlobal(fileTime); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
private void GetForestTrustInfoHelper() { IntPtr zero = IntPtr.Zero; PolicySafeHandle handle = null; LSA_UNICODE_STRING result = null; bool flag = false; IntPtr s = IntPtr.Zero; string serverName = null; TopLevelNameCollection names = new TopLevelNameCollection(); StringCollection strings = new StringCollection(); ForestTrustDomainInfoCollection infos = new ForestTrustDomainInfoCollection(); ArrayList list = new ArrayList(); Hashtable hashtable = new Hashtable(); ArrayList list2 = new ArrayList(); try { try { result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(base.TargetName); System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(result, s); serverName = Utils.GetPolicyServerName(base.context, true, false, base.source); flag = Utils.Impersonate(base.context); handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); int status = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaQueryForestTrustInformation(handle, result, ref zero); if (status != 0) { int errorCode = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } } try { if (zero != IntPtr.Zero) { LSA_FOREST_TRUST_INFORMATION structure = new LSA_FOREST_TRUST_INFORMATION(); Marshal.PtrToStructure(zero, structure); int recordCount = structure.RecordCount; IntPtr ptr = IntPtr.Zero; for (int i = 0; i < recordCount; i++) { ptr = Marshal.ReadIntPtr(structure.Entries, i * Marshal.SizeOf(typeof(IntPtr))); LSA_FOREST_TRUST_RECORD lsa_forest_trust_record = new LSA_FOREST_TRUST_RECORD(); Marshal.PtrToStructure(ptr, lsa_forest_trust_record); if (lsa_forest_trust_record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName) { IntPtr ptr4 = (IntPtr)(((long)ptr) + 0x10L); Marshal.PtrToStructure(ptr4, lsa_forest_trust_record.TopLevelName); TopLevelName name = new TopLevelName(lsa_forest_trust_record.Flags, lsa_forest_trust_record.TopLevelName, lsa_forest_trust_record.Time); names.Add(name); } else if (lsa_forest_trust_record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx) { IntPtr ptr5 = (IntPtr)(((long)ptr) + 0x10L); Marshal.PtrToStructure(ptr5, lsa_forest_trust_record.TopLevelName); string str2 = Marshal.PtrToStringUni(lsa_forest_trust_record.TopLevelName.Buffer, lsa_forest_trust_record.TopLevelName.Length / 2); strings.Add(str2); hashtable.Add(str2, lsa_forest_trust_record.Time); } else if (lsa_forest_trust_record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo) { ForestTrustDomainInformation info = new ForestTrustDomainInformation(lsa_forest_trust_record.Flags, lsa_forest_trust_record.DomainInfo, lsa_forest_trust_record.Time); infos.Add(info); } else if (lsa_forest_trust_record.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast) { int length = lsa_forest_trust_record.Data.Length; byte[] destination = new byte[length]; if ((lsa_forest_trust_record.Data.Buffer != IntPtr.Zero) && (length != 0)) { Marshal.Copy(lsa_forest_trust_record.Data.Buffer, destination, 0, length); } list.Add(destination); list2.Add(lsa_forest_trust_record.Time); } } } } finally { System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaFreeMemory(zero); } this.topLevelNames = names; this.excludedNames = strings; this.domainInfo = infos; this.binaryData = list; this.excludedNameTime = hashtable; this.binaryDataTime = list2; this.retrieved = true; } finally { if (flag) { Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } } } catch { throw; } }
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer) { PolicySafeHandle handle = null; LSA_UNICODE_STRING result = null; int errorCode = 0; IntPtr zero = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; IntPtr buffer = IntPtr.Zero; IntPtr ptr4 = IntPtr.Zero; bool flag = true; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); ValidateTrust(handle, result, sourceName, targetName, isForest, (int)direction, serverName); if (preferredTargetServer == null) { zero = Marshal.StringToHGlobalUni(targetName); } else { zero = Marshal.StringToHGlobalUni(targetName + @"\" + preferredTargetServer); } ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr))); Marshal.WriteIntPtr(ptr, zero); if (!forceSecureChannelReset) { errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer); if (errorCode != 0) { if (errorCode == ERROR_INVALID_LEVEL) { throw new NotSupportedException(Res.GetString("TrustVerificationNotSupport")); } throw ExceptionHelper.GetExceptionFromErrorCode(errorCode); } NETLOGON_INFO_2 structure = new NETLOGON_INFO_2(); Marshal.PtrToStructure(buffer, structure); if ((structure.netlog2_flags & NETLOGON_VERIFY_STATUS_RETURNED) == 0) { throw ExceptionHelper.GetExceptionFromErrorCode(structure.netlog2_tc_connection_status); } int num2 = structure.netlog2_pdc_connection_status; if (num2 != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(num2); } } else { errorCode = UnsafeNativeMethods.I_NetLogonControl2(serverName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out ptr4); if (errorCode != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode); } } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (buffer != IntPtr.Zero) { UnsafeNativeMethods.NetApiBufferFree(buffer); } if (ptr4 != IntPtr.Zero) { UnsafeNativeMethods.NetApiBufferFree(ptr4); } } } catch { throw; } }
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName) { IntPtr buffer = (IntPtr)0; // get trust information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); try { TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // validate trust direction if applicable if (direction != 0) { if ((direction & domainInfo.TrustDirection) == 0) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(TrustRelationshipInformation), null); } } } finally { if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); } }
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { IntPtr intPtr = (IntPtr)0; IntPtr hGlobalUni = (IntPtr)0; IntPtr intPtr1 = (IntPtr)0; IntPtr intPtr2 = (IntPtr)0; bool flag = false; IntPtr trustedDomainInfo = TrustHelper.GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO pOLICYDNSDOMAININFO = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(trustedDomainInfo, pOLICYDNSDOMAININFO); LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION(); intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr); FileTime fileTime = new FileTime(); Marshal.PtrToStructure(intPtr, fileTime); lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER(); lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower; lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher; lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR; hGlobalUni = Marshal.StringToHGlobalUni(password); lSAAUTHINFORMATION.AuthInfo = hGlobalUni; lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2; intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr2, false); TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != 0) { tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr2; tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((direction & TrustDirection.Outbound) != 0) { tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr2; tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } TRUSTED_DOMAIN_INFORMATION_EX tRUSTEDDOMAININFORMATIONEX = new TRUSTED_DOMAIN_INFORMATION_EX(); tRUSTEDDOMAININFORMATIONEX.FlatName = pOLICYDNSDOMAININFO.Name; tRUSTEDDOMAININFORMATIONEX.Name = pOLICYDNSDOMAININFO.DnsDomainName; tRUSTEDDOMAININFORMATIONEX.Sid = pOLICYDNSDOMAININFO.Sid; tRUSTEDDOMAININFORMATIONEX.TrustType = TrustHelper.TRUST_TYPE_UPLEVEL; tRUSTEDDOMAININFORMATIONEX.TrustDirection = (int)direction; if (!isForest) { tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } else { tRUSTEDDOMAININFORMATIONEX.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } string policyServerName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); flag = Utils.Impersonate(sourceContext); PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); int winError = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policySafeHandle, tRUSTEDDOMAININFORMATIONEX, tRUSTEDDOMAINAUTHINFORMATION, TrustHelper.TRUSTED_SET_POSIX | TrustHelper.TRUSTED_SET_AUTH, out intPtr1); if (winError != 0) { winError = UnsafeNativeMethods.LsaNtStatusToWinError(winError); if (winError != TrustHelper.ERROR_ALREADY_EXISTS) { throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName); } else { if (!isForest) { object[] objArray = new object[2]; objArray[0] = sourceName; objArray[1] = targetName; throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingDomainTrust", objArray)); } else { object[] objArray1 = new object[2]; objArray1[0] = sourceName; objArray1[1] = targetName; throw new ActiveDirectoryObjectExistsException(Res.GetString("AlreadyExistingForestTrust", objArray1)); } } } } finally { if (flag) { Utils.Revert(); } if (intPtr != (IntPtr)0) { Marshal.FreeHGlobal(intPtr); } if (intPtr1 != (IntPtr)0) { UnsafeNativeMethods.LsaClose(intPtr1); } if (trustedDomainInfo != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(trustedDomainInfo); } if (hGlobalUni != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni); } if (intPtr2 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr2); } } } catch { throw; } }
private void GetForestTrustInfoHelper() { IntPtr intPtr = (IntPtr)0; bool flag = false; IntPtr hGlobalUni = (IntPtr)0; TopLevelNameCollection topLevelNameCollection = new TopLevelNameCollection(); StringCollection stringCollections = new StringCollection(); ForestTrustDomainInfoCollection forestTrustDomainInfoCollection = new ForestTrustDomainInfoCollection(); ArrayList arrayLists = new ArrayList(); Hashtable hashtables = new Hashtable(); ArrayList arrayLists1 = new ArrayList(); try { try { LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING(); hGlobalUni = Marshal.StringToHGlobalUni(base.TargetName); UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni); string policyServerName = Utils.GetPolicyServerName(this.context, true, false, this.source); flag = Utils.Impersonate(this.context); PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); int num = UnsafeNativeMethods.LsaQueryForestTrustInformation(policySafeHandle, lSAUNICODESTRING, ref intPtr); if (num != 0) { int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num); if (winError != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName); } } try { if (intPtr != (IntPtr)0) { LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION(); Marshal.PtrToStructure(intPtr, lSAFORESTTRUSTINFORMATION); int recordCount = lSAFORESTTRUSTINFORMATION.RecordCount; for (int i = 0; i < recordCount; i++) { IntPtr intPtr1 = Marshal.ReadIntPtr(lSAFORESTTRUSTINFORMATION.Entries, i * Marshal.SizeOf(typeof(IntPtr))); LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD(); Marshal.PtrToStructure(intPtr1, lSAFORESTTRUSTRECORD); if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName) { if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx) { if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo) { if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast) { int length = lSAFORESTTRUSTRECORD.Data.Length; byte[] numArray = new byte[length]; if (lSAFORESTTRUSTRECORD.Data.Buffer != (IntPtr)0 && length != 0) { Marshal.Copy(lSAFORESTTRUSTRECORD.Data.Buffer, numArray, 0, length); } arrayLists.Add(numArray); arrayLists1.Add(lSAFORESTTRUSTRECORD.Time); } } else { ForestTrustDomainInformation forestTrustDomainInformation = new ForestTrustDomainInformation(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.DomainInfo, lSAFORESTTRUSTRECORD.Time); forestTrustDomainInfoCollection.Add(forestTrustDomainInformation); } } else { IntPtr intPtr2 = (IntPtr)((long)intPtr1 + (long)16); Marshal.PtrToStructure(intPtr2, lSAFORESTTRUSTRECORD.TopLevelName); string stringUni = Marshal.PtrToStringUni(lSAFORESTTRUSTRECORD.TopLevelName.Buffer, lSAFORESTTRUSTRECORD.TopLevelName.Length / 2); stringCollections.Add(stringUni); hashtables.Add(stringUni, lSAFORESTTRUSTRECORD.Time); } } else { IntPtr intPtr3 = (IntPtr)((long)intPtr1 + (long)16); Marshal.PtrToStructure(intPtr3, lSAFORESTTRUSTRECORD.TopLevelName); TopLevelName topLevelName = new TopLevelName(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.TopLevelName, lSAFORESTTRUSTRECORD.Time); topLevelNameCollection.Add(topLevelName); } } } } finally { UnsafeNativeMethods.LsaFreeMemory(intPtr); } this.topLevelNames = topLevelNameCollection; this.excludedNames = stringCollections; this.domainInfo = forestTrustDomainInfoCollection; this.binaryData = arrayLists; this.excludedNameTime = hashtables; this.binaryDataTime = arrayLists1; this.retrieved = true; } finally { if (flag) { Utils.Revert(); } if (hGlobalUni != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni); } } } catch { throw; } }
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { IntPtr intPtr = (IntPtr)0; IntPtr intPtr1 = (IntPtr)0; IntPtr intPtr2 = (IntPtr)0; IntPtr hGlobalUni = (IntPtr)0; IntPtr intPtr3 = (IntPtr)0; IntPtr hGlobalUni1 = (IntPtr)0; string policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName); bool flag = Utils.Impersonate(context); try { try { PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING(); hGlobalUni1 = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1); int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref intPtr); if (num == 0) { TRUSTED_DOMAIN_FULL_INFORMATION tRUSTEDDOMAINFULLINFORMATION = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(intPtr, tRUSTEDDOMAINFULLINFORMATION); TrustHelper.ValidateTrustAttribute(tRUSTEDDOMAINFULLINFORMATION.Information, isForest, sourceName, targetName); LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION(); intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr2); FileTime fileTime = new FileTime(); Marshal.PtrToStructure(intPtr2, fileTime); lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER(); lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower; lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher; lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR; hGlobalUni = Marshal.StringToHGlobalUni(password); lSAAUTHINFORMATION.AuthInfo = hGlobalUni; lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2; intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr3, false); TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) == 0) { tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 0; tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = (IntPtr)0; tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0; } else { tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr3; tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((newTrustDirection & TrustDirection.Outbound) == 0) { tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 0; tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = (IntPtr)0; tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } else { tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr3; tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } tRUSTEDDOMAINFULLINFORMATION.AuthInformation = tRUSTEDDOMAINAUTHINFORMATION; tRUSTEDDOMAINFULLINFORMATION.Information.TrustDirection = (int)newTrustDirection; intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(tRUSTEDDOMAINFULLINFORMATION, intPtr1, false); num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, intPtr1); if (num != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), policyServerName); } } else { int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num); if (winError != TrustHelper.STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName); } else { if (!isForest) { object[] objArray = new object[2]; objArray[0] = sourceName; objArray[1] = targetName; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", objArray), typeof(TrustRelationshipInformation), null); } else { object[] objArray1 = new object[2]; objArray1[0] = sourceName; objArray1[1] = targetName; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", objArray1), typeof(ForestTrustRelationshipInformation), null); } } } } finally { if (flag) { Utils.Revert(); } if (hGlobalUni1 != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni1); } if (intPtr != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(intPtr); } if (intPtr1 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr1); } if (intPtr2 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr2); } if (hGlobalUni != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni); } if (intPtr3 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr3); } } } catch { throw; } }
private void GetForestTrustInfoHelper() { IntPtr forestTrustInfo = (IntPtr)0; PolicySafeHandle handle = null; LSA_UNICODE_STRING tmpName = null; bool impersonated = false; IntPtr targetPtr = (IntPtr)0; string serverName = null; TopLevelNameCollection tmpTLNs = new TopLevelNameCollection(); StringCollection tmpExcludedTLNs = new StringCollection(); ForestTrustDomainInfoCollection tmpDomainInformation = new ForestTrustDomainInfoCollection(); // internal members ArrayList tmpBinaryData = new ArrayList(); Hashtable tmpExcludedNameTime = new Hashtable(); ArrayList tmpBinaryDataTime = new ArrayList(); try { try { // get the target name tmpName = new LSA_UNICODE_STRING(); targetPtr = Marshal.StringToHGlobalUni(TargetName); UnsafeNativeMethods.RtlInitUnicodeString(tmpName, targetPtr); serverName = Utils.GetPolicyServerName(context, true, false, source); // do impersonation impersonated = Utils.Impersonate(context); // get the policy handle handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); int result = UnsafeNativeMethods.LsaQueryForestTrustInformation(handle, tmpName, ref forestTrustInfo); // check the result if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); if (win32Error != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } } try { if (forestTrustInfo != (IntPtr)0) { LSA_FOREST_TRUST_INFORMATION trustInfo = new LSA_FOREST_TRUST_INFORMATION(); Marshal.PtrToStructure(forestTrustInfo, trustInfo); int count = trustInfo.RecordCount; IntPtr addr = (IntPtr)0; for (int i = 0; i < count; i++) { addr = Marshal.ReadIntPtr(trustInfo.Entries, i * Marshal.SizeOf(typeof(IntPtr))); LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); Marshal.PtrToStructure(addr, record); if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName) { IntPtr myPtr = IntPtr.Add(addr, 16); Marshal.PtrToStructure(myPtr, record.TopLevelName); TopLevelName TLN = new TopLevelName(record.Flags, record.TopLevelName, record.Time); tmpTLNs.Add(TLN); } else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx) { // get the excluded TLN and put it in our collection IntPtr myPtr = IntPtr.Add(addr, 16); Marshal.PtrToStructure(myPtr, record.TopLevelName); string excludedName = Marshal.PtrToStringUni(record.TopLevelName.Buffer, record.TopLevelName.Length / 2); tmpExcludedTLNs.Add(excludedName); tmpExcludedNameTime.Add(excludedName, record.Time); } else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo) { ForestTrustDomainInformation dom = new ForestTrustDomainInformation(record.Flags, record.DomainInfo, record.Time); tmpDomainInformation.Add(dom); } else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast) { // enumeration is done, but we might still have some unrecognized entries after that continue; } else { int length = record.Data.Length; byte[] byteArray = new byte[length]; if ((record.Data.Buffer != (IntPtr)0) && (length != 0)) { Marshal.Copy(record.Data.Buffer, byteArray, 0, length); } tmpBinaryData.Add(byteArray); tmpBinaryDataTime.Add(record.Time); } } } } finally { UnsafeNativeMethods.LsaFreeMemory(forestTrustInfo); } _topLevelNames = tmpTLNs; _excludedNames = tmpExcludedTLNs; _domainInfo = tmpDomainInformation; _binaryData = tmpBinaryData; _excludedNameTime = tmpExcludedNameTime; _binaryDataTime = tmpBinaryDataTime; // mark it as retrieved retrieved = true; } finally { if (impersonated) { Utils.Revert(); } if (targetPtr != (IntPtr)0) { Marshal.FreeHGlobal(targetPtr); } } } catch { throw; } }
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName) { IntPtr intPtr = (IntPtr)0; int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref intPtr); if (num == 0) { try { TRUSTED_DOMAIN_INFORMATION_EX tRUSTEDDOMAININFORMATIONEX = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(intPtr, tRUSTEDDOMAININFORMATIONEX); TrustHelper.ValidateTrustAttribute(tRUSTEDDOMAININFORMATIONEX, isForest, sourceName, targetName); if (direction != 0 && (direction & tRUSTEDDOMAININFORMATIONEX.TrustDirection) == 0) { if (!isForest) { object[] objArray = new object[3]; objArray[0] = sourceName; objArray[1] = targetName; objArray[2] = (TrustDirection)direction; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", objArray), typeof(TrustRelationshipInformation), null); } else { object[] objArray1 = new object[3]; objArray1[0] = sourceName; objArray1[1] = targetName; objArray1[2] = (TrustDirection)direction; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", objArray1), typeof(ForestTrustRelationshipInformation), null); } } } finally { if (intPtr != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(intPtr); } } return; } else { int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num); if (winError != TrustHelper.STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(winError, serverName); } else { if (!isForest) { object[] objArray2 = new object[2]; objArray2[0] = sourceName; objArray2[1] = targetName; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", objArray2), typeof(TrustRelationshipInformation), null); } else { object[] objArray3 = new object[2]; objArray3[0] = sourceName; objArray3[1] = targetName; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", objArray3), typeof(ForestTrustRelationshipInformation), null); } } } }
public static extern int LsaSetForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, IntPtr forestTrustInfo, int checkOnly, out IntPtr collisionInfo);
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer) { int num; IntPtr hGlobalUni = (IntPtr)0; IntPtr intPtr = (IntPtr)0; IntPtr intPtr1 = (IntPtr)0; IntPtr intPtr2 = (IntPtr)0; IntPtr hGlobalUni1 = (IntPtr)0; string policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName); bool flag = Utils.Impersonate(context); try { try { PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING(); hGlobalUni1 = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1); TrustHelper.ValidateTrust(policySafeHandle, lSAUNICODESTRING, sourceName, targetName, isForest, (int)direction, policyServerName); if (preferredTargetServer != null) { hGlobalUni = Marshal.StringToHGlobalUni(string.Concat(targetName, "\\", preferredTargetServer)); } else { hGlobalUni = Marshal.StringToHGlobalUni(targetName); } intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr))); Marshal.WriteIntPtr(intPtr, hGlobalUni); if (forceSecureChannelReset) { num = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, TrustHelper.NETLOGON_CONTROL_REDISCOVER, TrustHelper.NETLOGON_QUERY_LEVEL, intPtr, out intPtr2); if (num != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(num); } } else { num = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, TrustHelper.NETLOGON_CONTROL_TC_VERIFY, TrustHelper.NETLOGON_QUERY_LEVEL, intPtr, out intPtr1); if (num != 0) { if (num != TrustHelper.ERROR_INVALID_LEVEL) { throw ExceptionHelper.GetExceptionFromErrorCode(num); } else { throw new NotSupportedException(Res.GetString("TrustVerificationNotSupport")); } } else { NETLOGON_INFO_2 nETLOGONINFO2 = new NETLOGON_INFO_2(); Marshal.PtrToStructure(intPtr1, nETLOGONINFO2); if ((nETLOGONINFO2.netlog2_flags & TrustHelper.NETLOGON_VERIFY_STATUS_RETURNED) == 0) { int netlog2TcConnectionStatus = nETLOGONINFO2.netlog2_tc_connection_status; throw ExceptionHelper.GetExceptionFromErrorCode(netlog2TcConnectionStatus); } else { int netlog2PdcConnectionStatus = nETLOGONINFO2.netlog2_pdc_connection_status; if (netlog2PdcConnectionStatus != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(netlog2PdcConnectionStatus); } else { return; } } } } } finally { if (flag) { Utils.Revert(); } if (hGlobalUni1 != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni1); } if (intPtr != (IntPtr)0) { Marshal.FreeHGlobal(intPtr); } if (hGlobalUni != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni); } if (intPtr1 != (IntPtr)0) { UnsafeNativeMethods.NetApiBufferFree(intPtr1); } if (intPtr2 != (IntPtr)0) { UnsafeNativeMethods.NetApiBufferFree(intPtr2); } } } catch { throw; } }
public static extern int LsaSetTrustedDomainInfoByName(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomain, TRUSTED_INFORMATION_CLASS infoClass, IntPtr buffer);
private void GetForestTrustInfoHelper() { IntPtr intPtr = (IntPtr)0; bool flag = false; IntPtr hGlobalUni = (IntPtr)0; TopLevelNameCollection topLevelNameCollection = new TopLevelNameCollection(); StringCollection stringCollections = new StringCollection(); ForestTrustDomainInfoCollection forestTrustDomainInfoCollection = new ForestTrustDomainInfoCollection(); ArrayList arrayLists = new ArrayList(); Hashtable hashtables = new Hashtable(); ArrayList arrayLists1 = new ArrayList(); try { try { LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING(); hGlobalUni = Marshal.StringToHGlobalUni(base.TargetName); UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni); string policyServerName = Utils.GetPolicyServerName(this.context, true, false, this.source); flag = Utils.Impersonate(this.context); PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); int num = UnsafeNativeMethods.LsaQueryForestTrustInformation(policySafeHandle, lSAUNICODESTRING, ref intPtr); if (num != 0) { int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num); if (winError != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName); } } try { if (intPtr != (IntPtr)0) { LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION(); Marshal.PtrToStructure(intPtr, lSAFORESTTRUSTINFORMATION); int recordCount = lSAFORESTTRUSTINFORMATION.RecordCount; for (int i = 0; i < recordCount; i++) { IntPtr intPtr1 = Marshal.ReadIntPtr(lSAFORESTTRUSTINFORMATION.Entries, i * Marshal.SizeOf(typeof(IntPtr))); LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD(); Marshal.PtrToStructure(intPtr1, lSAFORESTTRUSTRECORD); if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName) { if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx) { if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo) { if (lSAFORESTTRUSTRECORD.ForestTrustType != LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast) { int length = lSAFORESTTRUSTRECORD.Data.Length; byte[] numArray = new byte[length]; if (lSAFORESTTRUSTRECORD.Data.Buffer != (IntPtr)0 && length != 0) { Marshal.Copy(lSAFORESTTRUSTRECORD.Data.Buffer, numArray, 0, length); } arrayLists.Add(numArray); arrayLists1.Add(lSAFORESTTRUSTRECORD.Time); } } else { ForestTrustDomainInformation forestTrustDomainInformation = new ForestTrustDomainInformation(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.DomainInfo, lSAFORESTTRUSTRECORD.Time); forestTrustDomainInfoCollection.Add(forestTrustDomainInformation); } } else { IntPtr intPtr2 = (IntPtr)((long)intPtr1 + (long)16); Marshal.PtrToStructure(intPtr2, lSAFORESTTRUSTRECORD.TopLevelName); string stringUni = Marshal.PtrToStringUni(lSAFORESTTRUSTRECORD.TopLevelName.Buffer, lSAFORESTTRUSTRECORD.TopLevelName.Length / 2); stringCollections.Add(stringUni); hashtables.Add(stringUni, lSAFORESTTRUSTRECORD.Time); } } else { IntPtr intPtr3 = (IntPtr)((long)intPtr1 + (long)16); Marshal.PtrToStructure(intPtr3, lSAFORESTTRUSTRECORD.TopLevelName); TopLevelName topLevelName = new TopLevelName(lSAFORESTTRUSTRECORD.Flags, lSAFORESTTRUSTRECORD.TopLevelName, lSAFORESTTRUSTRECORD.Time); topLevelNameCollection.Add(topLevelName); } } } } finally { UnsafeNativeMethods.LsaFreeMemory(intPtr); } this.topLevelNames = topLevelNameCollection; this.excludedNames = stringCollections; this.domainInfo = forestTrustDomainInfoCollection; this.binaryData = arrayLists; this.excludedNameTime = hashtables; this.binaryDataTime = arrayLists1; this.retrieved = true; } finally { if (flag) { Utils.Revert(); } if (hGlobalUni != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni); } } } catch { throw; } }
public static extern int LsaDeleteTrustedDomain(PolicySafeHandle handle, IntPtr pSid);
public void Save() { IntPtr intPtr; IntPtr hGlobalUni; object length; object obj; object length1; object obj1; int count = 0; int num = 0; IntPtr intPtr1 = (IntPtr)0; IntPtr intPtr2 = (IntPtr)0; ArrayList arrayLists = new ArrayList(); ArrayList arrayLists1 = new ArrayList(); bool flag = false; IntPtr hGlobalUni1 = (IntPtr)0; IntPtr intPtr3 = (IntPtr)0; count = count + this.TopLevelNames.Count; count = count + this.ExcludedTopLevelNames.Count; count = count + this.TrustedDomainInformation.Count; if (this.binaryData.Count != 0) { count++; count = count + this.binaryData.Count; } IntPtr intPtr4 = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr))); try { try { intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr3); FileTime fileTime = new FileTime(); Marshal.PtrToStructure(intPtr3, fileTime); for (int i = 0; i < this.topLevelNames.Count; i++) { LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD = new LSA_FOREST_TRUST_RECORD(); lSAFORESTTRUSTRECORD.Flags = (int)this.topLevelNames[i].Status; lSAFORESTTRUSTRECORD.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName; TopLevelName item = this.topLevelNames[i]; lSAFORESTTRUSTRECORD.Time = item.time; lSAFORESTTRUSTRECORD.TopLevelName = new LSA_UNICODE_STRING(); hGlobalUni = Marshal.StringToHGlobalUni(item.Name); arrayLists.Add(hGlobalUni); UnsafeNativeMethods.RtlInitUnicodeString(lSAFORESTTRUSTRECORD.TopLevelName, hGlobalUni); intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(lSAFORESTTRUSTRECORD, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; } for (int j = 0; j < this.excludedNames.Count; j++) { LSA_FOREST_TRUST_RECORD lARGEINTEGER = new LSA_FOREST_TRUST_RECORD(); lARGEINTEGER.Flags = 0; lARGEINTEGER.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx; if (!this.excludedNameTime.Contains(this.excludedNames[j])) { lARGEINTEGER.Time = new LARGE_INTEGER(); lARGEINTEGER.Time.lowPart = fileTime.lower; lARGEINTEGER.Time.highPart = fileTime.higher; } else { lARGEINTEGER.Time = (LARGE_INTEGER)this.excludedNameTime[(object)j]; } lARGEINTEGER.TopLevelName = new LSA_UNICODE_STRING(); hGlobalUni = Marshal.StringToHGlobalUni(this.excludedNames[j]); arrayLists.Add(hGlobalUni); UnsafeNativeMethods.RtlInitUnicodeString(lARGEINTEGER.TopLevelName, hGlobalUni); intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(lARGEINTEGER, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; } int num1 = 0; while (num1 < this.domainInfo.Count) { LSA_FOREST_TRUST_RECORD status = new LSA_FOREST_TRUST_RECORD(); status.Flags = (int)this.domainInfo[num1].Status; status.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo; ForestTrustDomainInformation forestTrustDomainInformation = this.domainInfo[num1]; status.Time = forestTrustDomainInformation.time; IntPtr intPtr5 = (IntPtr)0; IntPtr hGlobalUni2 = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DomainSid); arrayLists.Add(hGlobalUni2); int sidW = UnsafeNativeMethods.ConvertStringSidToSidW(hGlobalUni2, ref intPtr5); if (sidW != 0) { status.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO(); status.DomainInfo.sid = intPtr5; arrayLists1.Add(intPtr5); status.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.DnsName); arrayLists.Add(status.DomainInfo.DNSNameBuffer); LSA_FOREST_TRUST_DOMAIN_INFO domainInfo = status.DomainInfo; if (forestTrustDomainInformation.DnsName == null) { length = null; } else { length = forestTrustDomainInformation.DnsName.Length * 2; } domainInfo.DNSNameLength = (short)length; LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO = status.DomainInfo; if (forestTrustDomainInformation.DnsName == null) { obj = null; } else { obj = forestTrustDomainInformation.DnsName.Length * 2; } lSAFORESTTRUSTDOMAININFO.DNSNameMaximumLength = (short)obj; status.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(forestTrustDomainInformation.NetBiosName); arrayLists.Add(status.DomainInfo.NetBIOSNameBuffer); LSA_FOREST_TRUST_DOMAIN_INFO domainInfo1 = status.DomainInfo; if (forestTrustDomainInformation.NetBiosName == null) { length1 = null; } else { length1 = forestTrustDomainInformation.NetBiosName.Length * 2; } domainInfo1.NetBIOSNameLength = (short)length1; LSA_FOREST_TRUST_DOMAIN_INFO lSAFORESTTRUSTDOMAININFO1 = status.DomainInfo; if (forestTrustDomainInformation.NetBiosName == null) { obj1 = null; } else { obj1 = forestTrustDomainInformation.NetBiosName.Length * 2; } lSAFORESTTRUSTDOMAININFO1.NetBIOSNameMaximumLength = (short)obj1; intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(status, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; num1++; } else { throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error()); } } if (this.binaryData.Count > 0) { LSA_FOREST_TRUST_RECORD lSAFORESTTRUSTRECORD1 = new LSA_FOREST_TRUST_RECORD(); lSAFORESTTRUSTRECORD1.Flags = 0; lSAFORESTTRUSTRECORD1.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast; intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(lSAFORESTTRUSTRECORD1, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; for (int k = 0; k < this.binaryData.Count; k++) { LSA_FOREST_TRUST_RECORD item1 = new LSA_FOREST_TRUST_RECORD(); item1.Flags = 0; item1.Time = (LARGE_INTEGER)this.binaryDataTime[k]; item1.Data.Length = (int)((byte[])this.binaryData[k]).Length; if (item1.Data.Length != 0) { item1.Data.Buffer = Marshal.AllocHGlobal(item1.Data.Length); arrayLists.Add(item1.Data.Buffer); Marshal.Copy((byte[])this.binaryData[k], 0, item1.Data.Buffer, item1.Data.Length); } else { item1.Data.Buffer = (IntPtr)0; } intPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); arrayLists.Add(intPtr); Marshal.StructureToPtr(item1, intPtr, false); Marshal.WriteIntPtr(intPtr4, Marshal.SizeOf(typeof(IntPtr)) * num, intPtr); num++; } } LSA_FOREST_TRUST_INFORMATION lSAFORESTTRUSTINFORMATION = new LSA_FOREST_TRUST_INFORMATION(); lSAFORESTTRUSTINFORMATION.RecordCount = count; lSAFORESTTRUSTINFORMATION.Entries = intPtr4; intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION))); Marshal.StructureToPtr(lSAFORESTTRUSTINFORMATION, intPtr1, false); string policyServerName = Utils.GetPolicyServerName(this.context, true, true, base.SourceName); flag = Utils.Impersonate(this.context); PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING(); hGlobalUni1 = Marshal.StringToHGlobalUni(base.TargetName); UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1); int num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 1, out intPtr2); if (num2 == 0) { if (intPtr2 == (IntPtr)0) { num2 = UnsafeNativeMethods.LsaSetForestTrustInformation(policySafeHandle, lSAUNICODESTRING, intPtr1, 0, out intPtr2); if (num2 == 0) { this.retrieved = false; } else { throw ExceptionHelper.GetExceptionFromErrorCode(num2, policyServerName); } } else { throw ExceptionHelper.CreateForestTrustCollisionException(intPtr2); } } else { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num2), policyServerName); } } finally { if (flag) { Utils.Revert(); } for (int l = 0; l < arrayLists.Count; l++) { Marshal.FreeHGlobal((IntPtr)arrayLists[l]); } for (int m = 0; m < arrayLists1.Count; m++) { UnsafeNativeMethods.LocalFree((IntPtr)arrayLists1[m]); } if (intPtr4 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr4); } if (intPtr1 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr1); } if (intPtr2 != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(intPtr2); } if (hGlobalUni1 != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni1); } if (intPtr3 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr3); } } } catch { throw; } }
public static extern int LsaCreateTrustedDomainEx(PolicySafeHandle handle, TRUSTED_DOMAIN_INFORMATION_EX domainEx, TRUSTED_DOMAIN_AUTH_INFORMATION authInfo, int classInfo, out IntPtr domainHandle);
private void GetForestTrustInfoHelper() { IntPtr forestTrustInfo = (IntPtr)0; PolicySafeHandle handle = null; LSA_UNICODE_STRING tmpName = null; bool impersonated = false; IntPtr targetPtr = (IntPtr)0; string serverName = null; TopLevelNameCollection tmpTLNs = new TopLevelNameCollection(); StringCollection tmpExcludedTLNs = new StringCollection(); ForestTrustDomainInfoCollection tmpDomainInformation = new ForestTrustDomainInfoCollection(); // internal members ArrayList tmpBinaryData = new ArrayList(); Hashtable tmpExcludedNameTime = new Hashtable(); ArrayList tmpBinaryDataTime = new ArrayList(); try { try { // get the target name tmpName = new LSA_UNICODE_STRING(); targetPtr = Marshal.StringToHGlobalUni(TargetName); UnsafeNativeMethods.RtlInitUnicodeString(tmpName, targetPtr); serverName = Utils.GetPolicyServerName(context, true, false, source); // do impersonation impersonated = Utils.Impersonate(context); // get the policy handle handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); int result = UnsafeNativeMethods.LsaQueryForestTrustInformation(handle, tmpName, ref forestTrustInfo); // check the result if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); if (win32Error != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } } try { if (forestTrustInfo != (IntPtr)0) { LSA_FOREST_TRUST_INFORMATION trustInfo = new LSA_FOREST_TRUST_INFORMATION(); Marshal.PtrToStructure(forestTrustInfo, trustInfo); int count = trustInfo.RecordCount; IntPtr addr = (IntPtr)0; for (int i = 0; i < count; i++) { addr = Marshal.ReadIntPtr(trustInfo.Entries, i * Marshal.SizeOf(typeof(IntPtr))); LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); Marshal.PtrToStructure(addr, record); if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName) { IntPtr myPtr = IntPtr.Add(addr, 16); Marshal.PtrToStructure(myPtr, record.TopLevelName); TopLevelName TLN = new TopLevelName(record.Flags, record.TopLevelName, record.Time); tmpTLNs.Add(TLN); } else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx) { // get the excluded TLN and put it in our collection IntPtr myPtr = IntPtr.Add(addr, 16); Marshal.PtrToStructure(myPtr, record.TopLevelName); string excludedName = Marshal.PtrToStringUni(record.TopLevelName.Buffer, record.TopLevelName.Length / 2); tmpExcludedTLNs.Add(excludedName); tmpExcludedNameTime.Add(excludedName, record.Time); } else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo) { ForestTrustDomainInformation dom = new ForestTrustDomainInformation(record.Flags, record.DomainInfo, record.Time); tmpDomainInformation.Add(dom); } else if (record.ForestTrustType == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast) { // enumeration is done, but we might still have some unrecognized entries after that continue; } else { int length = record.Data.Length; byte[] byteArray = new byte[length]; if ((record.Data.Buffer != (IntPtr)0) && (length != 0)) { Marshal.Copy(record.Data.Buffer, byteArray, 0, length); } tmpBinaryData.Add(byteArray); tmpBinaryDataTime.Add(record.Time); } } } } finally { UnsafeNativeMethods.LsaFreeMemory(forestTrustInfo); } _topLevelNames = tmpTLNs; _excludedNames = tmpExcludedTLNs; _domainInfo = tmpDomainInformation; _binaryData = tmpBinaryData; _excludedNameTime = tmpExcludedNameTime; _binaryDataTime = tmpBinaryDataTime; // mark it as retrieved retrieved = true; } finally { if (impersonated) Utils.Revert(); if (targetPtr != (IntPtr)0) { Marshal.FreeHGlobal(targetPtr); } } } catch { throw; } }
private static IntPtr GetTrustedDomainInfo(DirectoryContext targetContext, string targetName, bool isForest) { PolicySafeHandle handle = null; IntPtr ptr2; IntPtr zero = IntPtr.Zero; bool flag = false; string serverName = null; try { try { serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(targetContext, isForest, false, targetName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(targetContext); try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); } catch (ActiveDirectoryOperationException) { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); flag = false; } System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous(); flag = true; handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); } catch (UnauthorizedAccessException) { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); flag = false; } System.DirectoryServices.ActiveDirectory.Utils.ImpersonateAnonymous(); flag = true; handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); } int status = UnsafeNativeMethods.LsaQueryInformationPolicy(handle, PolicyDnsDomainInformation, out zero); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } ptr2 = zero; } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } } } catch { throw; } return ptr2; }
public void Save() { int count = 0; IntPtr records = (IntPtr)0; int currentCount = 0; IntPtr tmpPtr = (IntPtr)0; IntPtr forestInfo = (IntPtr)0; PolicySafeHandle handle = null; LSA_UNICODE_STRING trustedDomainName; IntPtr collisionInfo = (IntPtr)0; ArrayList ptrList = new ArrayList(); ArrayList sidList = new ArrayList(); bool impersonated = false; IntPtr target = (IntPtr)0; string serverName = null; IntPtr fileTime = (IntPtr)0; // first get the count of all the records int toplevelNamesCount = TopLevelNames.Count; int excludedNamesCount = ExcludedTopLevelNames.Count; int trustedDomainCount = TrustedDomainInformation.Count; int binaryDataCount = 0; checked { count += toplevelNamesCount; count += excludedNamesCount; count += trustedDomainCount; if (_binaryData.Count != 0) { binaryDataCount = _binaryData.Count; // for the ForestTrustRecordTypeLast record count++; count += binaryDataCount; } // allocate the memory for all the records records = Marshal.AllocHGlobal(count * Marshal.SizeOf(typeof(IntPtr))); } try { try { IntPtr ptr = (IntPtr)0; fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime currentTime = new FileTime(); Marshal.PtrToStructure(fileTime, currentTime); for (int i = 0; i < toplevelNamesCount; i++) { // now begin to construct top leve name record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = (int)_topLevelNames[i].Status; record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName; TopLevelName TLN = _topLevelNames[i]; record.Time = TLN.time; record.TopLevelName = new LSA_UNICODE_STRING(); ptr = Marshal.StringToHGlobalUni(TLN.Name); ptrList.Add(ptr); UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr); tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } for (int i = 0; i < excludedNamesCount; i++) { // now begin to construct excluded top leve name record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = 0; record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx; if (_excludedNameTime.Contains(_excludedNames[i])) { record.Time = (LARGE_INTEGER)_excludedNameTime[i]; } else { record.Time = new LARGE_INTEGER(); record.Time.lowPart = currentTime.lower; record.Time.highPart = currentTime.higher; } record.TopLevelName = new LSA_UNICODE_STRING(); ptr = Marshal.StringToHGlobalUni(_excludedNames[i]); ptrList.Add(ptr); UnsafeNativeMethods.RtlInitUnicodeString(record.TopLevelName, ptr); tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } for (int i = 0; i < trustedDomainCount; i++) { // now begin to construct domain info record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = (int)_domainInfo[i].Status; record.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo; ForestTrustDomainInformation tmp = _domainInfo[i]; record.Time = tmp.time; IntPtr pSid = (IntPtr)0; IntPtr stringSid = (IntPtr)0; stringSid = Marshal.StringToHGlobalUni(tmp.DomainSid); ptrList.Add(stringSid); int result = UnsafeNativeMethods.ConvertStringSidToSidW(stringSid, ref pSid); if (result == 0) { throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error()); } record.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO(); record.DomainInfo.sid = pSid; sidList.Add(pSid); record.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(tmp.DnsName); ptrList.Add(record.DomainInfo.DNSNameBuffer); record.DomainInfo.DNSNameLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2); // sizeof(WCHAR) record.DomainInfo.DNSNameMaximumLength = (short)(tmp.DnsName == null ? 0 : tmp.DnsName.Length * 2); record.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(tmp.NetBiosName); ptrList.Add(record.DomainInfo.NetBIOSNameBuffer); record.DomainInfo.NetBIOSNameLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2); record.DomainInfo.NetBIOSNameMaximumLength = (short)(tmp.NetBiosName == null ? 0 : tmp.NetBiosName.Length * 2); tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } if (binaryDataCount > 0) { // now begin to construct ForestTrustRecordTypeLast LSA_FOREST_TRUST_RECORD lastRecord = new LSA_FOREST_TRUST_RECORD(); lastRecord.Flags = 0; lastRecord.ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast; tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(lastRecord, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; for (int i = 0; i < binaryDataCount; i++) { // now begin to construct excluded top leve name record LSA_FOREST_TRUST_RECORD record = new LSA_FOREST_TRUST_RECORD(); record.Flags = 0; record.Time = (LARGE_INTEGER)_binaryDataTime[i]; record.Data.Length = ((byte[])_binaryData[i]).Length; if (record.Data.Length == 0) { record.Data.Buffer = (IntPtr)0; } else { record.Data.Buffer = Marshal.AllocHGlobal(record.Data.Length); ptrList.Add(record.Data.Buffer); Marshal.Copy((byte[])_binaryData[i], 0, record.Data.Buffer, record.Data.Length); } tmpPtr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); ptrList.Add(tmpPtr); Marshal.StructureToPtr(record, tmpPtr, false); Marshal.WriteIntPtr(records, Marshal.SizeOf(typeof(IntPtr)) * currentCount, tmpPtr); currentCount++; } } // finally construct the LSA_FOREST_TRUST_INFORMATION LSA_FOREST_TRUST_INFORMATION trustInformation = new LSA_FOREST_TRUST_INFORMATION(); trustInformation.RecordCount = count; trustInformation.Entries = records; forestInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION))); Marshal.StructureToPtr(trustInformation, forestInfo, false); // get policy server name serverName = Utils.GetPolicyServerName(context, true, true, SourceName); // do impersonation first impersonated = Utils.Impersonate(context); // get the policy handle handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(TargetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // call the unmanaged function int error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 1, out collisionInfo); if (error != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(error), serverName); } // there is collision, throw proper exception so user can deal with it if (collisionInfo != (IntPtr)0) { throw ExceptionHelper.CreateForestTrustCollisionException(collisionInfo); } // commit the changes error = UnsafeNativeMethods.LsaSetForestTrustInformation(handle, trustedDomainName, forestInfo, 0, out collisionInfo); if (error != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(error, serverName); } // now next time property is invoked, we need to go to the server retrieved = false; } finally { if (impersonated) Utils.Revert(); // release the memory for (int i = 0; i < ptrList.Count; i++) { Marshal.FreeHGlobal((IntPtr)ptrList[i]); } for (int i = 0; i < sidList.Count; i++) { UnsafeNativeMethods.LocalFree((IntPtr)sidList[i]); } if (records != (IntPtr)0) { Marshal.FreeHGlobal(records); } if (forestInfo != (IntPtr)0) { Marshal.FreeHGlobal(forestInfo); } if (collisionInfo != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(collisionInfo); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); } } catch { throw; } }
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest) { PolicySafeHandle handle = null; IntPtr zero = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; LSA_UNICODE_STRING result = null; bool flag = false; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero); if (num != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(num); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(zero, structure); ValidateTrustAttribute(structure, isForest, sourceName, targetName); if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) { if (status) { structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION; } else { structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION; } } else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) { if (status) { structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL; } else { structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL; } } else { if (attribute != TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) { throw new ArgumentException("attribute"); } if (status) { structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } else { structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } } ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX))); Marshal.StructureToPtr(structure, ptr, false); num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ptr); if (num != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), serverName); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } } } catch { throw; } }
internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest) { PolicySafeHandle handle = null; IntPtr buffer = (IntPtr)0; IntPtr newInfo = (IntPtr)0; LSA_UNICODE_STRING trustedDomainName = null; bool impersonated = false; IntPtr target = (IntPtr)0; string serverName = null; serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get the trusted domain information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); // get the managed structre representation TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // change the attribute value properly // selective authentication if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) { if (status) { // turns on selective authentication domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION; } else { // turns off selective authentication domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION); } } // user wants to change sid filtering behavior for forest trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) { if (status) { // user wants sid filtering behavior domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL); } else { // users wants to turn off sid filtering behavior domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL; } } // user wants to change sid filtering behavior for external trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) { if (status) { // user wants sid filtering behavior domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } else { // user wants to turn off sid filtering behavior domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN); } } else { throw new ArgumentException("attribute"); } // reconstruct the unmanaged structure to set it back newInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX))); Marshal.StructureToPtr(domainInfo, newInfo, false); result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, newInfo); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return; } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); if (newInfo != (IntPtr)0) Marshal.FreeHGlobal(newInfo); } } catch { throw; } }
private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName) { IntPtr zero = IntPtr.Zero; int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero); if (status != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } try { TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(zero, structure); ValidateTrustAttribute(structure, isForest, sourceName, targetName); if ((direction != 0) && ((direction & structure.TrustDirection) == 0)) { if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection) direction }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection) direction }), typeof(TrustRelationshipInformation), null); } } finally { if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } } }
internal static void DeleteTrust(DirectoryContext sourceContext, string sourceName, string targetName, bool isForest) { PolicySafeHandle policyHandle = null; LSA_UNICODE_STRING trustedDomainName = null; int win32Error = 0; bool impersonated = false; IntPtr target = (IntPtr)0; string serverName = null; IntPtr buffer = (IntPtr)0; serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); impersonated = Utils.Impersonate(sourceContext); try { try { // get the policy handle policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get trust information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policyHandle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); try { TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // delete the trust result = UnsafeNativeMethods.LsaDeleteTrustedDomain(policyHandle, domainInfo.Sid); if (result != 0) { win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } } finally { if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); } } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); } } catch { throw; } }
public static extern int LsaSetForestTrustInformation(PolicySafeHandle handle, LSA_UNICODE_STRING target, IntPtr forestTrustInfo, int checkOnly, out IntPtr collisionInfo);
internal static void VerifyTrust(DirectoryContext context, string sourceName, string targetName, bool isForest, TrustDirection direction, bool forceSecureChannelReset, string preferredTargetServer) { PolicySafeHandle policyHandle = null; LSA_UNICODE_STRING trustedDomainName = null; int win32Error = 0; IntPtr data = (IntPtr)0; IntPtr ptr = (IntPtr)0; IntPtr buffer1 = (IntPtr)0; IntPtr buffer2 = (IntPtr)0; bool impersonated = true; IntPtr target = (IntPtr)0; string policyServerName = null; policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // validate the trust existence ValidateTrust(policyHandle, trustedDomainName, sourceName, targetName, isForest, (int)direction, policyServerName); // need to verify direction if (preferredTargetServer == null) data = Marshal.StringToHGlobalUni(targetName); else // this is the case that we need to specifically go to a particular server. This is the way to tell netlogon to do that. data = Marshal.StringToHGlobalUni(targetName + "\\" + preferredTargetServer); ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(IntPtr))); Marshal.WriteIntPtr(ptr, data); if (!forceSecureChannelReset) { win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, s_NETLOGON_CONTROL_TC_VERIFY, NETLOGON_QUERY_LEVEL, ptr, out buffer1); if (win32Error == 0) { NETLOGON_INFO_2 info = new NETLOGON_INFO_2(); Marshal.PtrToStructure(buffer1, info); if ((info.netlog2_flags & s_NETLOGON_VERIFY_STATUS_RETURNED) != 0) { int result = info.netlog2_pdc_connection_status; if (result == 0) { // verification succeeded return; } else { // don't really know which server is down, the source or the target throw ExceptionHelper.GetExceptionFromErrorCode(result); } } else { int result = info.netlog2_tc_connection_status; throw ExceptionHelper.GetExceptionFromErrorCode(result); } } else { if (win32Error == s_ERROR_INVALID_LEVEL) { // it is pre-win2k SP3 dc that does not support NETLOGON_CONTROL_TC_VERIFY throw new NotSupportedException(Res.GetString(Res.TrustVerificationNotSupport)); } else { throw ExceptionHelper.GetExceptionFromErrorCode(win32Error); } } } else { // then try secure channel reset win32Error = UnsafeNativeMethods.I_NetLogonControl2(policyServerName, NETLOGON_CONTROL_REDISCOVER, NETLOGON_QUERY_LEVEL, ptr, out buffer2); if (win32Error != 0) // don't really know which server is down, the source or the target throw ExceptionHelper.GetExceptionFromErrorCode(win32Error); } } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (ptr != (IntPtr)0) Marshal.FreeHGlobal(ptr); if (data != (IntPtr)0) Marshal.FreeHGlobal(data); if (buffer1 != (IntPtr)0) UnsafeNativeMethods.NetApiBufferFree(buffer1); if (buffer2 != (IntPtr)0) UnsafeNativeMethods.NetApiBufferFree(buffer2); } } catch { throw; } }
public static extern int LsaSetTrustedDomainInfoByName(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomain, TRUSTED_INFORMATION_CLASS infoClass, IntPtr buffer);
internal static void CreateTrust(DirectoryContext sourceContext, string sourceName, DirectoryContext targetContext, string targetName, bool isForest, TrustDirection direction, string password) { LSA_AUTH_INFORMATION AuthData = null; TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null; TRUSTED_DOMAIN_INFORMATION_EX tdi = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr info = (IntPtr)0; IntPtr domainHandle = (IntPtr)0; PolicySafeHandle policyHandle = null; IntPtr unmanagedAuthData = (IntPtr)0; bool impersonated = false; string serverName = null; // get the domain info first info = GetTrustedDomainInfo(targetContext, targetName, isForest); try { try { POLICY_DNS_DOMAIN_INFO domainInfo = new POLICY_DNS_DOMAIN_INFO(); Marshal.PtrToStructure(info, domainInfo); AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; // sizeof(WCHAR) unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((direction & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((direction & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } tdi = new TRUSTED_DOMAIN_INFORMATION_EX(); tdi.FlatName = domainInfo.Name; tdi.Name = domainInfo.DnsDomainName; tdi.Sid = domainInfo.Sid; tdi.TrustType = TRUST_TYPE_UPLEVEL; tdi.TrustDirection = (int)direction; if (isForest) { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_FOREST_TRANSITIVE; } else { tdi.TrustAttributes = TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN; } // get server name serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName); // do impersonation and get policy handle impersonated = Utils.Impersonate(sourceContext); policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); int result = UnsafeNativeMethods.LsaCreateTrustedDomainEx(policyHandle, tdi, AuthInfoEx, s_TRUSTED_SET_POSIX | s_TRUSTED_SET_AUTH, out domainHandle); if (result != 0) { result = UnsafeNativeMethods.LsaNtStatusToWinError(result); if (result == s_ERROR_ALREADY_EXISTS) { if (isForest) throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingForestTrust, sourceName, targetName)); else throw new ActiveDirectoryObjectExistsException(Res.GetString(Res.AlreadyExistingDomainTrust, sourceName, targetName)); } else throw ExceptionHelper.GetExceptionFromErrorCode(result, serverName); } } finally { if (impersonated) Utils.Revert(); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (domainHandle != (IntPtr)0) UnsafeNativeMethods.LsaClose(domainHandle); if (info != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(info); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }
public static extern int LsaDeleteTrustedDomain(PolicySafeHandle handle, IntPtr pSid);
internal static bool GetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool isForest) { PolicySafeHandle handle = null; IntPtr buffer = (IntPtr)0; LSA_UNICODE_STRING trustedDomainName = null; bool impersonated = false; IntPtr target = (IntPtr)0; string serverName = null; // get policy server name serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } Debug.Assert(buffer != (IntPtr)0); TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX(); Marshal.PtrToStructure(buffer, domainInfo); // validate this is the trust that the user refers to ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName); // get the attribute of the trust // selective authentication info if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) { if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) == 0) return false; else return true; } // sid filtering behavior for forest trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) { if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) == 0) return true; else return false; } // sid filtering behavior for domain trust else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) { if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) == 0) return false; else return true; } else { // should not happen throw new ArgumentException("attribute"); } } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); } } catch { throw; } }
public static extern int LsaCreateTrustedDomainEx(PolicySafeHandle handle, TRUSTED_DOMAIN_INFORMATION_EX domainEx, TRUSTED_DOMAIN_AUTH_INFORMATION authInfo, int classInfo, out IntPtr domainHandle);
public void Save() { int num = 0; IntPtr zero = IntPtr.Zero; int num2 = 0; IntPtr ptr2 = IntPtr.Zero; IntPtr ptr = IntPtr.Zero; PolicySafeHandle handle = null; IntPtr collisionInfo = IntPtr.Zero; ArrayList list = new ArrayList(); ArrayList list2 = new ArrayList(); bool flag = false; IntPtr s = IntPtr.Zero; string serverName = null; IntPtr fileTime = IntPtr.Zero; int count = this.TopLevelNames.Count; int num4 = this.ExcludedTopLevelNames.Count; int num5 = this.TrustedDomainInformation.Count; int num6 = 0; num += count; num += num4; num += num5; if (this.binaryData.Count != 0) { num6 = this.binaryData.Count; num++; num += num6; } zero = Marshal.AllocHGlobal((int)(num * Marshal.SizeOf(typeof(IntPtr)))); try { try { IntPtr ptr7 = IntPtr.Zero; fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); FileTime structure = new FileTime(); Marshal.PtrToStructure(fileTime, structure); for (int i = 0; i < count; i++) { LSA_FOREST_TRUST_RECORD lsa_forest_trust_record = new LSA_FOREST_TRUST_RECORD { Flags = (int)this.topLevelNames[i].Status, ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName }; TopLevelName name = this.topLevelNames[i]; lsa_forest_trust_record.Time = name.time; lsa_forest_trust_record.TopLevelName = new LSA_UNICODE_STRING(); ptr7 = Marshal.StringToHGlobalUni(name.Name); list.Add(ptr7); System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(lsa_forest_trust_record.TopLevelName, ptr7); ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); list.Add(ptr2); Marshal.StructureToPtr(lsa_forest_trust_record, ptr2, false); Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2); num2++; } for (int j = 0; j < num4; j++) { LSA_FOREST_TRUST_RECORD lsa_forest_trust_record2 = new LSA_FOREST_TRUST_RECORD { Flags = 0, ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx }; if (this.excludedNameTime.Contains(this.excludedNames[j])) { lsa_forest_trust_record2.Time = (LARGE_INTEGER)this.excludedNameTime[j]; } else { lsa_forest_trust_record2.Time = new LARGE_INTEGER(); lsa_forest_trust_record2.Time.lowPart = structure.lower; lsa_forest_trust_record2.Time.highPart = structure.higher; } lsa_forest_trust_record2.TopLevelName = new LSA_UNICODE_STRING(); ptr7 = Marshal.StringToHGlobalUni(this.excludedNames[j]); list.Add(ptr7); System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(lsa_forest_trust_record2.TopLevelName, ptr7); ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); list.Add(ptr2); Marshal.StructureToPtr(lsa_forest_trust_record2, ptr2, false); Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2); num2++; } for (int k = 0; k < num5; k++) { LSA_FOREST_TRUST_RECORD lsa_forest_trust_record3 = new LSA_FOREST_TRUST_RECORD { Flags = (int)this.domainInfo[k].Status, ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo }; ForestTrustDomainInformation information = this.domainInfo[k]; lsa_forest_trust_record3.Time = information.time; IntPtr pSid = IntPtr.Zero; IntPtr ptr9 = IntPtr.Zero; ptr9 = Marshal.StringToHGlobalUni(information.DomainSid); list.Add(ptr9); if (System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.ConvertStringSidToSidW(ptr9, ref pSid) == 0) { throw ExceptionHelper.GetExceptionFromErrorCode(Marshal.GetLastWin32Error()); } lsa_forest_trust_record3.DomainInfo = new LSA_FOREST_TRUST_DOMAIN_INFO(); lsa_forest_trust_record3.DomainInfo.sid = pSid; list2.Add(pSid); lsa_forest_trust_record3.DomainInfo.DNSNameBuffer = Marshal.StringToHGlobalUni(information.DnsName); list.Add(lsa_forest_trust_record3.DomainInfo.DNSNameBuffer); lsa_forest_trust_record3.DomainInfo.DNSNameLength = (information.DnsName == null) ? ((short)0) : ((short)(information.DnsName.Length * 2)); lsa_forest_trust_record3.DomainInfo.DNSNameMaximumLength = (information.DnsName == null) ? ((short)0) : ((short)(information.DnsName.Length * 2)); lsa_forest_trust_record3.DomainInfo.NetBIOSNameBuffer = Marshal.StringToHGlobalUni(information.NetBiosName); list.Add(lsa_forest_trust_record3.DomainInfo.NetBIOSNameBuffer); lsa_forest_trust_record3.DomainInfo.NetBIOSNameLength = (information.NetBiosName == null) ? ((short)0) : ((short)(information.NetBiosName.Length * 2)); lsa_forest_trust_record3.DomainInfo.NetBIOSNameMaximumLength = (information.NetBiosName == null) ? ((short)0) : ((short)(information.NetBiosName.Length * 2)); ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); list.Add(ptr2); Marshal.StructureToPtr(lsa_forest_trust_record3, ptr2, false); Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2); num2++; } if (num6 > 0) { LSA_FOREST_TRUST_RECORD lsa_forest_trust_record4 = new LSA_FOREST_TRUST_RECORD { Flags = 0, ForestTrustType = LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustRecordTypeLast }; ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); list.Add(ptr2); Marshal.StructureToPtr(lsa_forest_trust_record4, ptr2, false); Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2); num2++; for (int m = 0; m < num6; m++) { LSA_FOREST_TRUST_RECORD lsa_forest_trust_record5 = new LSA_FOREST_TRUST_RECORD { Flags = 0, Time = (LARGE_INTEGER)this.binaryDataTime[m] }; lsa_forest_trust_record5.Data.Length = ((byte[])this.binaryData[m]).Length; if (lsa_forest_trust_record5.Data.Length == 0) { lsa_forest_trust_record5.Data.Buffer = IntPtr.Zero; } else { lsa_forest_trust_record5.Data.Buffer = Marshal.AllocHGlobal(lsa_forest_trust_record5.Data.Length); list.Add(lsa_forest_trust_record5.Data.Buffer); Marshal.Copy((byte[])this.binaryData[m], 0, lsa_forest_trust_record5.Data.Buffer, lsa_forest_trust_record5.Data.Length); } ptr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_RECORD))); list.Add(ptr2); Marshal.StructureToPtr(lsa_forest_trust_record5, ptr2, false); Marshal.WriteIntPtr(zero, Marshal.SizeOf(typeof(IntPtr)) * num2, ptr2); num2++; } } LSA_FOREST_TRUST_INFORMATION lsa_forest_trust_information = new LSA_FOREST_TRUST_INFORMATION { RecordCount = num, Entries = zero }; ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_FOREST_TRUST_INFORMATION))); Marshal.StructureToPtr(lsa_forest_trust_information, ptr, false); serverName = Utils.GetPolicyServerName(base.context, true, true, base.SourceName); flag = Utils.Impersonate(base.context); handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); LSA_UNICODE_STRING result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(base.TargetName); System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.RtlInitUnicodeString(result, s); int status = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaSetForestTrustInformation(handle, result, ptr, 1, out collisionInfo); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } if (collisionInfo != IntPtr.Zero) { throw ExceptionHelper.CreateForestTrustCollisionException(collisionInfo); } status = System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaSetForestTrustInformation(handle, result, ptr, 0, out collisionInfo); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(status, serverName); } this.retrieved = false; } finally { if (flag) { Utils.Revert(); } for (int n = 0; n < list.Count; n++) { Marshal.FreeHGlobal((IntPtr)list[n]); } for (int num14 = 0; num14 < list2.Count; num14++) { System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LocalFree((IntPtr)list2[num14]); } if (zero != IntPtr.Zero) { Marshal.FreeHGlobal(zero); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } if (collisionInfo != IntPtr.Zero) { System.DirectoryServices.ActiveDirectory.UnsafeNativeMethods.LsaFreeMemory(collisionInfo); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (fileTime != IntPtr.Zero) { Marshal.FreeHGlobal(fileTime); } } } catch { throw; } }