예제 #1
0
        private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string? sourceName, string? targetName, bool isForest, int direction, string serverName)
        {
            IntPtr buffer = (IntPtr)0;

            // get trust information
            int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
            if (result != 0)
            {
                int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
                if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
                {
                    if (isForest)
                        throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
                    else
                        throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
                }
                else
                    throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
            }

            Debug.Assert(buffer != (IntPtr)0);

            try
            {
                TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
                Marshal.PtrToStructure(buffer, domainInfo);

                // validate this is the trust that the user refers to
                ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);

                // validate trust direction if applicable
                if (direction != 0)
                {
                    if ((direction & domainInfo.TrustDirection) == 0)
                    {
                        if (isForest)
                            throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(ForestTrustRelationshipInformation), null);
                        else
                            throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.WrongTrustDirection, sourceName, targetName, (TrustDirection)direction), typeof(TrustRelationshipInformation), null);
                    }
                }
            }
            finally
            {
                if (buffer != (IntPtr)0)
                    UnsafeNativeMethods.LsaFreeMemory(buffer);
            }
        }
        private static void ValidateTrust(PolicySafeHandle handle, LSA_UNICODE_STRING trustedDomainName, string sourceName, string targetName, bool isForest, int direction, string serverName)
        {
            IntPtr zero   = IntPtr.Zero;
            int    status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero);

            if (status != 0)
            {
                int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
                if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
                {
                    throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
                }
                if (isForest)
                {
                    throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
                }
                throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
            }
            try
            {
                TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
                Marshal.PtrToStructure(zero, structure);
                ValidateTrustAttribute(structure, isForest, sourceName, targetName);
                if ((direction != 0) && ((direction & structure.TrustDirection) == 0))
                {
                    if (isForest)
                    {
                        throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection)direction }), typeof(ForestTrustRelationshipInformation), null);
                    }
                    throw new ActiveDirectoryObjectNotFoundException(Res.GetString("WrongTrustDirection", new object[] { sourceName, targetName, (TrustDirection)direction }), typeof(TrustRelationshipInformation), null);
                }
            }
            finally
            {
                if (zero != IntPtr.Zero)
                {
                    UnsafeNativeMethods.LsaFreeMemory(zero);
                }
            }
        }
        internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection)
        {
            PolicySafeHandle   handle = null;
            IntPtr             zero   = IntPtr.Zero;
            LSA_UNICODE_STRING result = null;
            IntPtr             ptr    = IntPtr.Zero;
            bool flag = false;
            LSA_AUTH_INFORMATION structure = null;
            IntPtr fileTime = IntPtr.Zero;
            IntPtr hglobal  = IntPtr.Zero;
            IntPtr ptr5     = IntPtr.Zero;
            TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null;
            IntPtr s          = IntPtr.Zero;
            string serverName = null;

            serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
            flag       = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
            try
            {
                try
                {
                    handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
                    result = new LSA_UNICODE_STRING();
                    s      = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(result, s);
                    int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero);
                    if (status != 0)
                    {
                        int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
                        if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
                        }
                        if (isForest)
                        {
                            throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
                        }
                        throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
                    }
                    TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION();
                    Marshal.PtrToStructure(zero, trusted_domain_full_information);
                    ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName);
                    structure = new LSA_AUTH_INFORMATION();
                    fileTime  = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);
                    FileTime time = new FileTime();
                    Marshal.PtrToStructure(fileTime, time);
                    structure.LastUpdateTime          = new LARGE_INTEGER();
                    structure.LastUpdateTime.lowPart  = time.lower;
                    structure.LastUpdateTime.highPart = time.higher;
                    structure.AuthType       = TRUST_AUTH_TYPE_CLEAR;
                    hglobal                  = Marshal.StringToHGlobalUni(password);
                    structure.AuthInfo       = hglobal;
                    structure.AuthInfoLength = password.Length * 2;
                    ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(structure, ptr5, false);
                    trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection)0))
                    {
                        trusted_domain_auth_information.IncomingAuthInfos = 1;
                        trusted_domain_auth_information.IncomingAuthenticationInformation         = ptr5;
                        trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    else
                    {
                        trusted_domain_auth_information.IncomingAuthInfos = 0;
                        trusted_domain_auth_information.IncomingAuthenticationInformation         = IntPtr.Zero;
                        trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection)0))
                    {
                        trusted_domain_auth_information.OutgoingAuthInfos = 1;
                        trusted_domain_auth_information.OutgoingAuthenticationInformation         = ptr5;
                        trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    else
                    {
                        trusted_domain_auth_information.OutgoingAuthInfos = 0;
                        trusted_domain_auth_information.OutgoingAuthenticationInformation         = IntPtr.Zero;
                        trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero;
                    }
                    trusted_domain_full_information.AuthInformation            = trusted_domain_auth_information;
                    trusted_domain_full_information.Information.TrustDirection = (int)newTrustDirection;
                    ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
                    Marshal.StructureToPtr(trusted_domain_full_information, ptr, false);
                    status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr);
                    if (status != 0)
                    {
                        throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
                    }
                }
                finally
                {
                    if (flag)
                    {
                        System.DirectoryServices.ActiveDirectory.Utils.Revert();
                    }
                    if (s != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(s);
                    }
                    if (zero != IntPtr.Zero)
                    {
                        UnsafeNativeMethods.LsaFreeMemory(zero);
                    }
                    if (ptr != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(ptr);
                    }
                    if (fileTime != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(fileTime);
                    }
                    if (hglobal != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(hglobal);
                    }
                    if (ptr5 != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(ptr5);
                    }
                }
            }
            catch
            {
                throw;
            }
        }
        internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest)
        {
            PolicySafeHandle   handle = null;
            IntPtr             zero   = IntPtr.Zero;
            IntPtr             ptr    = IntPtr.Zero;
            LSA_UNICODE_STRING result = null;
            bool   flag       = false;
            IntPtr s          = IntPtr.Zero;
            string serverName = null;

            serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName);
            flag       = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context);
            try
            {
                try
                {
                    handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
                    result = new LSA_UNICODE_STRING();
                    s      = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(result, s);
                    int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref zero);
                    if (num != 0)
                    {
                        int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(num);
                        if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
                        }
                        if (isForest)
                        {
                            throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
                        }
                        throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
                    }
                    TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
                    Marshal.PtrToStructure(zero, structure);
                    ValidateTrustAttribute(structure, isForest, sourceName, targetName);
                    if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
                    {
                        if (status)
                        {
                            structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
                        }
                        else
                        {
                            structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
                        }
                    }
                    else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
                    {
                        if (status)
                        {
                            structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
                        }
                        else
                        {
                            structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
                        }
                    }
                    else
                    {
                        if (attribute != TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
                        {
                            throw new ArgumentException("attribute");
                        }
                        if (status)
                        {
                            structure.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
                        }
                        else
                        {
                            structure.TrustAttributes &= ~TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
                        }
                    }
                    ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX)));
                    Marshal.StructureToPtr(structure, ptr, false);
                    num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ptr);
                    if (num != 0)
                    {
                        throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), serverName);
                    }
                }
                finally
                {
                    if (flag)
                    {
                        System.DirectoryServices.ActiveDirectory.Utils.Revert();
                    }
                    if (s != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(s);
                    }
                    if (zero != IntPtr.Zero)
                    {
                        UnsafeNativeMethods.LsaFreeMemory(zero);
                    }
                    if (ptr != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(ptr);
                    }
                }
            }
            catch
            {
                throw;
            }
        }
        internal static void DeleteTrust(DirectoryContext sourceContext, string sourceName, string targetName, bool isForest)
        {
            PolicySafeHandle   handle = null;
            LSA_UNICODE_STRING result = null;
            int    errorCode          = 0;
            bool   flag       = false;
            IntPtr zero       = IntPtr.Zero;
            string serverName = null;
            IntPtr buffer     = IntPtr.Zero;

            serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);
            flag       = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(sourceContext);
            try
            {
                try
                {
                    handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName));
                    result = new LSA_UNICODE_STRING();
                    zero   = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(result, zero);
                    int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
                    if (status != 0)
                    {
                        errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status);
                        if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName);
                        }
                        if (isForest)
                        {
                            throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null);
                        }
                        throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null);
                    }
                    try
                    {
                        TRUSTED_DOMAIN_INFORMATION_EX structure = new TRUSTED_DOMAIN_INFORMATION_EX();
                        Marshal.PtrToStructure(buffer, structure);
                        ValidateTrustAttribute(structure, isForest, sourceName, targetName);
                        status = UnsafeNativeMethods.LsaDeleteTrustedDomain(handle, structure.Sid);
                        if (status != 0)
                        {
                            throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName);
                        }
                    }
                    finally
                    {
                        if (buffer != IntPtr.Zero)
                        {
                            UnsafeNativeMethods.LsaFreeMemory(buffer);
                        }
                    }
                }
                finally
                {
                    if (flag)
                    {
                        System.DirectoryServices.ActiveDirectory.Utils.Revert();
                    }
                    if (zero != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(zero);
                    }
                }
            }
            catch
            {
                throw;
            }
        }
예제 #6
0
        internal static void UpdateTrustDirection(DirectoryContext context, string? sourceName, string? targetName, string password, bool isForest, TrustDirection newTrustDirection)
        {
            PolicySafeHandle? handle = null;
            IntPtr buffer = (IntPtr)0;
            LSA_UNICODE_STRING? trustedDomainName = null;
            IntPtr newBuffer = (IntPtr)0;
            bool impersonated = false;
            LSA_AUTH_INFORMATION? AuthData = null;
            IntPtr fileTime = (IntPtr)0;
            IntPtr unmanagedPassword = (IntPtr)0;
            IntPtr unmanagedAuthData = (IntPtr)0;
            TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null;
            IntPtr target = (IntPtr)0;
            string? serverName = null;

            serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);

            impersonated = Utils.Impersonate(context);

            try
            {
                try
                {
                    // get the policy handle first
                    handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    // get the target name
                    trustedDomainName = new LSA_UNICODE_STRING();
                    target = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);

                    // get the trusted domain information
                    int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer);
                    if (result != 0)
                    {
                        int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
                        if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
                            else
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
                    }

                    // get the managed structre representation
                    TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION();
                    Marshal.PtrToStructure(buffer, domainInfo);

                    // validate the trust attribute first
                    ValidateTrustAttribute(domainInfo.Information!, isForest, sourceName, targetName);

                    // change the attribute value properly
                    AuthData = new LSA_AUTH_INFORMATION();
                    fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime)));
                    UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime);

                    // set the time
                    FileTime tmp = new FileTime();
                    Marshal.PtrToStructure(fileTime, tmp);
                    AuthData.LastUpdateTime = new LARGE_INTEGER();
                    AuthData.LastUpdateTime.lowPart = tmp.lower;
                    AuthData.LastUpdateTime.highPart = tmp.higher;

                    AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR;
                    unmanagedPassword = Marshal.StringToHGlobalUni(password);
                    AuthData.AuthInfo = unmanagedPassword;
                    AuthData.AuthInfoLength = password.Length * 2;

                    unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION)));
                    Marshal.StructureToPtr(AuthData, unmanagedAuthData, false);

                    AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION();
                    if ((newTrustDirection & TrustDirection.Inbound) != 0)
                    {
                        AuthInfoEx.IncomingAuthInfos = 1;
                        AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }
                    else
                    {
                        AuthInfoEx.IncomingAuthInfos = 0;
                        AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0;
                        AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    if ((newTrustDirection & TrustDirection.Outbound) != 0)
                    {
                        AuthInfoEx.OutgoingAuthInfos = 1;
                        AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }
                    else
                    {
                        AuthInfoEx.OutgoingAuthInfos = 0;
                        AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0;
                        AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0;
                    }

                    // reconstruct the unmanaged structure to set it back
                    domainInfo.AuthInformation = AuthInfoEx;
                    // reset the trust direction
                    domainInfo.Information!.TrustDirection = (int)newTrustDirection;

                    newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION)));
                    Marshal.StructureToPtr(domainInfo, newBuffer, false);

                    result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer);
                    if (result != 0)
                    {
                        throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
                    }

                    return;
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (target != (IntPtr)0)
                        Marshal.FreeHGlobal(target);

                    if (buffer != (IntPtr)0)
                        UnsafeNativeMethods.LsaFreeMemory(buffer);

                    if (newBuffer != (IntPtr)0)
                        Marshal.FreeHGlobal(newBuffer);

                    if (fileTime != (IntPtr)0)
                        Marshal.FreeHGlobal(fileTime);

                    if (unmanagedPassword != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedPassword);

                    if (unmanagedAuthData != (IntPtr)0)
                        Marshal.FreeHGlobal(unmanagedAuthData);
                }
            }
            catch { throw; }
        }
예제 #7
0
        internal static bool GetTrustedDomainInfoStatus(DirectoryContext context, string? sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool isForest)
        {
            PolicySafeHandle? handle = null;
            IntPtr buffer = (IntPtr)0;
            LSA_UNICODE_STRING? trustedDomainName = null;
            bool impersonated = false;
            IntPtr target = (IntPtr)0;
            string? serverName = null;

            // get policy server name
            serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);

            impersonated = Utils.Impersonate(context);

            try
            {
                try
                {
                    // get the policy handle first
                    handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    // get the target name
                    trustedDomainName = new LSA_UNICODE_STRING();
                    target = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);

                    int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
                    if (result != 0)
                    {
                        int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
                        if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
                            else
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
                    }

                    Debug.Assert(buffer != (IntPtr)0);

                    TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
                    Marshal.PtrToStructure(buffer, domainInfo);

                    // validate this is the trust that the user refers to
                    ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);

                    // get the attribute of the trust

                    // selective authentication info
                    if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
                    {
                        if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION) == 0)
                            return false;
                        else
                            return true;
                    }
                    // sid filtering behavior for forest trust
                    else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
                    {
                        if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL) == 0)
                            return true;
                        else
                            return false;
                    }
                    // sid filtering behavior for domain trust
                    else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
                    {
                        if ((domainInfo.TrustAttributes & TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) == 0)
                            return false;
                        else
                            return true;
                    }
                    else
                    {
                        // should not happen
                        throw new ArgumentException(nameof(attribute));
                    }
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (target != (IntPtr)0)
                        Marshal.FreeHGlobal(target);

                    if (buffer != (IntPtr)0)
                        UnsafeNativeMethods.LsaFreeMemory(buffer);
                }
            }
            catch { throw; }
        }
예제 #8
0
        internal static void DeleteTrust(DirectoryContext sourceContext, string? sourceName, string? targetName, bool isForest)
        {
            PolicySafeHandle? policyHandle = null;
            LSA_UNICODE_STRING? trustedDomainName = null;
            int win32Error = 0;
            bool impersonated = false;
            IntPtr target = (IntPtr)0;
            string? serverName = null;
            IntPtr buffer = (IntPtr)0;

            serverName = Utils.GetPolicyServerName(sourceContext, isForest, false, sourceName);

            impersonated = Utils.Impersonate(sourceContext);

            try
            {
                try
                {
                    // get the policy handle
                    policyHandle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    // get the target name
                    trustedDomainName = new LSA_UNICODE_STRING();
                    target = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);

                    // get trust information
                    int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policyHandle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
                    if (result != 0)
                    {
                        win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
                        if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
                            else
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
                    }

                    Debug.Assert(buffer != (IntPtr)0);

                    try
                    {
                        TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
                        Marshal.PtrToStructure(buffer, domainInfo);

                        // validate this is the trust that the user refers to
                        ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);

                        // delete the trust
                        result = UnsafeNativeMethods.LsaDeleteTrustedDomain(policyHandle, domainInfo.Sid);
                        if (result != 0)
                        {
                            win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                            throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
                        }
                    }
                    finally
                    {
                        if (buffer != (IntPtr)0)
                            UnsafeNativeMethods.LsaFreeMemory(buffer);
                    }
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (target != (IntPtr)0)
                        Marshal.FreeHGlobal(target);
                }
            }
            catch { throw; }
        }
예제 #9
0
        internal static void SetTrustedDomainInfoStatus(DirectoryContext context, string? sourceName, string targetName, TRUST_ATTRIBUTE attribute, bool status, bool isForest)
        {
            PolicySafeHandle? handle = null;
            IntPtr buffer = (IntPtr)0;
            IntPtr newInfo = (IntPtr)0;
            LSA_UNICODE_STRING? trustedDomainName = null;
            bool impersonated = false;
            IntPtr target = (IntPtr)0;
            string? serverName = null;

            serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName);

            impersonated = Utils.Impersonate(context);

            try
            {
                try
                {
                    // get the policy handle first
                    handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName));

                    // get the target name
                    trustedDomainName = new LSA_UNICODE_STRING();
                    target = Marshal.StringToHGlobalUni(targetName);
                    UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target);

                    // get the trusted domain information
                    int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, ref buffer);
                    if (result != 0)
                    {
                        int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result);
                        // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND
                        if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND)
                        {
                            if (isForest)
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null);
                            else
                                throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null);
                        }
                        else
                            throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName);
                    }
                    Debug.Assert(buffer != (IntPtr)0);

                    // get the managed structre representation
                    TRUSTED_DOMAIN_INFORMATION_EX domainInfo = new TRUSTED_DOMAIN_INFORMATION_EX();
                    Marshal.PtrToStructure(buffer, domainInfo);

                    // validate this is the trust that the user refers to
                    ValidateTrustAttribute(domainInfo, isForest, sourceName, targetName);

                    // change the attribute value properly

                    // selective authentication
                    if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION)
                    {
                        if (status)
                        {
                            // turns on selective authentication
                            domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION;
                        }
                        else
                        {
                            // turns off selective authentication
                            domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_CROSS_ORGANIZATION);
                        }
                    }
                    // user wants to change sid filtering behavior for forest trust
                    else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL)
                    {
                        if (status)
                        {
                            // user wants sid filtering behavior
                            domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL);
                        }
                        else
                        {
                            // users wants to turn off sid filtering behavior
                            domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL;
                        }
                    }
                    // user wants to change sid filtering behavior for external trust
                    else if (attribute == TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN)
                    {
                        if (status)
                        {
                            // user wants sid filtering behavior
                            domainInfo.TrustAttributes |= TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN;
                        }
                        else
                        {
                            // user wants to turn off sid filtering behavior
                            domainInfo.TrustAttributes &= ~(TRUST_ATTRIBUTE.TRUST_ATTRIBUTE_QUARANTINED_DOMAIN);
                        }
                    }
                    else
                    {
                        throw new ArgumentException(nameof(attribute));
                    }

                    // reconstruct the unmanaged structure to set it back
                    newInfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_INFORMATION_EX)));
                    Marshal.StructureToPtr(domainInfo, newInfo, false);

                    result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainInformationEx, newInfo);
                    if (result != 0)
                    {
                        throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName);
                    }

                    return;
                }
                finally
                {
                    if (impersonated)
                        Utils.Revert();

                    if (target != (IntPtr)0)
                        Marshal.FreeHGlobal(target);

                    if (buffer != (IntPtr)0)
                        UnsafeNativeMethods.LsaFreeMemory(buffer);

                    if (newInfo != (IntPtr)0)
                        Marshal.FreeHGlobal(newInfo);
                }
            }
            catch { throw; }
        }