internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle handle = null; IntPtr zero = IntPtr.Zero; LSA_UNICODE_STRING result = null; IntPtr ptr = IntPtr.Zero; bool flag = false; LSA_AUTH_INFORMATION structure = null; IntPtr fileTime = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr5 = IntPtr.Zero; TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero); if (status != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(zero, trusted_domain_full_information); ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName); structure = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); FileTime time = new FileTime(); Marshal.PtrToStructure(fileTime, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection) 0)) { trusted_domain_auth_information.IncomingAuthInfos = 1; trusted_domain_auth_information.IncomingAuthenticationInformation = ptr5; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.IncomingAuthInfos = 0; trusted_domain_auth_information.IncomingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection) 0)) { trusted_domain_auth_information.OutgoingAuthInfos = 1; trusted_domain_auth_information.OutgoingAuthenticationInformation = ptr5; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.OutgoingAuthInfos = 0; trusted_domain_auth_information.OutgoingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } trusted_domain_full_information.AuthInformation = trusted_domain_auth_information; trusted_domain_full_information.Information.TrustDirection = (int) newTrustDirection; ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(trusted_domain_full_information, ptr, false); status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } if (fileTime != IntPtr.Zero) { Marshal.FreeHGlobal(fileTime); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle handle = null; IntPtr buffer = (IntPtr)0; LSA_UNICODE_STRING trustedDomainName = null; IntPtr newBuffer = (IntPtr)0; bool impersonated = false; LSA_AUTH_INFORMATION AuthData = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr unmanagedAuthData = (IntPtr)0; TRUSTED_DOMAIN_AUTH_INFORMATION AuthInfoEx = null; IntPtr target = (IntPtr)0; string serverName = null; serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get the trusted domain information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == s_STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(Res.GetString(Res.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } // get the managed structre representation TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(buffer, domainInfo); // validate the trust attribute first ValidateTrustAttribute(domainInfo.Information, isForest, sourceName, targetName); // change the attribute value properly AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = s_TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.IncomingAuthInfos = 0; AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((newTrustDirection & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.OutgoingAuthInfos = 0; AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } // reconstruct the unmanaged structure to set it back domainInfo.AuthInformation = AuthInfoEx; // reset the trust direction domainInfo.Information.TrustDirection = (int)newTrustDirection; newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(domainInfo, newBuffer, false); result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return; } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); if (newBuffer != (IntPtr)0) Marshal.FreeHGlobal(newBuffer); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle handle = null; IntPtr zero = IntPtr.Zero; LSA_UNICODE_STRING result = null; IntPtr ptr = IntPtr.Zero; bool flag = false; LSA_AUTH_INFORMATION structure = null; IntPtr fileTime = IntPtr.Zero; IntPtr hglobal = IntPtr.Zero; IntPtr ptr5 = IntPtr.Zero; TRUSTED_DOMAIN_AUTH_INFORMATION trusted_domain_auth_information = null; IntPtr s = IntPtr.Zero; string serverName = null; serverName = System.DirectoryServices.ActiveDirectory.Utils.GetPolicyServerName(context, isForest, false, sourceName); flag = System.DirectoryServices.ActiveDirectory.Utils.Impersonate(context); try { try { handle = new PolicySafeHandle(System.DirectoryServices.ActiveDirectory.Utils.GetPolicyHandle(serverName)); result = new LSA_UNICODE_STRING(); s = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(result, s); int status = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref zero); if (status != 0) { int errorCode = UnsafeNativeMethods.LsaNtStatusToWinError(status); if (errorCode != STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(errorCode, serverName); } if (isForest) { throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(ForestTrustRelationshipInformation), null); } throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", new object[] { sourceName, targetName }), typeof(TrustRelationshipInformation), null); } TRUSTED_DOMAIN_FULL_INFORMATION trusted_domain_full_information = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(zero, trusted_domain_full_information); ValidateTrustAttribute(trusted_domain_full_information.Information, isForest, sourceName, targetName); structure = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); FileTime time = new FileTime(); Marshal.PtrToStructure(fileTime, time); structure.LastUpdateTime = new LARGE_INTEGER(); structure.LastUpdateTime.lowPart = time.lower; structure.LastUpdateTime.highPart = time.higher; structure.AuthType = TRUST_AUTH_TYPE_CLEAR; hglobal = Marshal.StringToHGlobalUni(password); structure.AuthInfo = hglobal; structure.AuthInfoLength = password.Length * 2; ptr5 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(structure, ptr5, false); trusted_domain_auth_information = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != ((TrustDirection)0)) { trusted_domain_auth_information.IncomingAuthInfos = 1; trusted_domain_auth_information.IncomingAuthenticationInformation = ptr5; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.IncomingAuthInfos = 0; trusted_domain_auth_information.IncomingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.IncomingPreviousAuthenticationInformation = IntPtr.Zero; } if ((newTrustDirection & TrustDirection.Outbound) != ((TrustDirection)0)) { trusted_domain_auth_information.OutgoingAuthInfos = 1; trusted_domain_auth_information.OutgoingAuthenticationInformation = ptr5; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } else { trusted_domain_auth_information.OutgoingAuthInfos = 0; trusted_domain_auth_information.OutgoingAuthenticationInformation = IntPtr.Zero; trusted_domain_auth_information.OutgoingPreviousAuthenticationInformation = IntPtr.Zero; } trusted_domain_full_information.AuthInformation = trusted_domain_auth_information; trusted_domain_full_information.Information.TrustDirection = (int)newTrustDirection; ptr = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(trusted_domain_full_information, ptr, false); status = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, result, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ptr); if (status != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(status), serverName); } } finally { if (flag) { System.DirectoryServices.ActiveDirectory.Utils.Revert(); } if (s != IntPtr.Zero) { Marshal.FreeHGlobal(s); } if (zero != IntPtr.Zero) { UnsafeNativeMethods.LsaFreeMemory(zero); } if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } if (fileTime != IntPtr.Zero) { Marshal.FreeHGlobal(fileTime); } if (hglobal != IntPtr.Zero) { Marshal.FreeHGlobal(hglobal); } if (ptr5 != IntPtr.Zero) { Marshal.FreeHGlobal(ptr5); } } } catch { throw; } }
internal static void UpdateTrustDirection(DirectoryContext context, string sourceName, string targetName, string password, bool isForest, TrustDirection newTrustDirection) { IntPtr intPtr = (IntPtr)0; IntPtr intPtr1 = (IntPtr)0; IntPtr intPtr2 = (IntPtr)0; IntPtr hGlobalUni = (IntPtr)0; IntPtr intPtr3 = (IntPtr)0; IntPtr hGlobalUni1 = (IntPtr)0; string policyServerName = Utils.GetPolicyServerName(context, isForest, false, sourceName); bool flag = Utils.Impersonate(context); try { try { PolicySafeHandle policySafeHandle = new PolicySafeHandle(Utils.GetPolicyHandle(policyServerName)); LSA_UNICODE_STRING lSAUNICODESTRING = new LSA_UNICODE_STRING(); hGlobalUni1 = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(lSAUNICODESTRING, hGlobalUni1); int num = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref intPtr); if (num == 0) { TRUSTED_DOMAIN_FULL_INFORMATION tRUSTEDDOMAINFULLINFORMATION = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(intPtr, tRUSTEDDOMAINFULLINFORMATION); TrustHelper.ValidateTrustAttribute(tRUSTEDDOMAINFULLINFORMATION.Information, isForest, sourceName, targetName); LSA_AUTH_INFORMATION lSAAUTHINFORMATION = new LSA_AUTH_INFORMATION(); intPtr2 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(intPtr2); FileTime fileTime = new FileTime(); Marshal.PtrToStructure(intPtr2, fileTime); lSAAUTHINFORMATION.LastUpdateTime = new LARGE_INTEGER(); lSAAUTHINFORMATION.LastUpdateTime.lowPart = fileTime.lower; lSAAUTHINFORMATION.LastUpdateTime.highPart = fileTime.higher; lSAAUTHINFORMATION.AuthType = TrustHelper.TRUST_AUTH_TYPE_CLEAR; hGlobalUni = Marshal.StringToHGlobalUni(password); lSAAUTHINFORMATION.AuthInfo = hGlobalUni; lSAAUTHINFORMATION.AuthInfoLength = password.Length * 2; intPtr3 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(lSAAUTHINFORMATION, intPtr3, false); TRUSTED_DOMAIN_AUTH_INFORMATION tRUSTEDDOMAINAUTHINFORMATION = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) == 0) { tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 0; tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = (IntPtr)0; tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0; } else { tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.IncomingAuthenticationInformation = intPtr3; tRUSTEDDOMAINAUTHINFORMATION.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((newTrustDirection & TrustDirection.Outbound) == 0) { tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 0; tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = (IntPtr)0; tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } else { tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthInfos = 1; tRUSTEDDOMAINAUTHINFORMATION.OutgoingAuthenticationInformation = intPtr3; tRUSTEDDOMAINAUTHINFORMATION.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } tRUSTEDDOMAINFULLINFORMATION.AuthInformation = tRUSTEDDOMAINAUTHINFORMATION; tRUSTEDDOMAINFULLINFORMATION.Information.TrustDirection = (int)newTrustDirection; intPtr1 = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(tRUSTEDDOMAINFULLINFORMATION, intPtr1, false); num = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(policySafeHandle, lSAUNICODESTRING, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, intPtr1); if (num != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(num), policyServerName); } } else { int winError = UnsafeNativeMethods.LsaNtStatusToWinError(num); if (winError != TrustHelper.STATUS_OBJECT_NAME_NOT_FOUND) { throw ExceptionHelper.GetExceptionFromErrorCode(winError, policyServerName); } else { if (!isForest) { object[] objArray = new object[2]; objArray[0] = sourceName; objArray[1] = targetName; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("DomainTrustDoesNotExist", objArray), typeof(TrustRelationshipInformation), null); } else { object[] objArray1 = new object[2]; objArray1[0] = sourceName; objArray1[1] = targetName; throw new ActiveDirectoryObjectNotFoundException(Res.GetString("ForestTrustDoesNotExist", objArray1), typeof(ForestTrustRelationshipInformation), null); } } } } finally { if (flag) { Utils.Revert(); } if (hGlobalUni1 != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni1); } if (intPtr != (IntPtr)0) { UnsafeNativeMethods.LsaFreeMemory(intPtr); } if (intPtr1 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr1); } if (intPtr2 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr2); } if (hGlobalUni != (IntPtr)0) { Marshal.FreeHGlobal(hGlobalUni); } if (intPtr3 != (IntPtr)0) { Marshal.FreeHGlobal(intPtr3); } } } catch { throw; } }
internal static void UpdateTrustDirection(DirectoryContext context, string? sourceName, string? targetName, string password, bool isForest, TrustDirection newTrustDirection) { PolicySafeHandle? handle = null; IntPtr buffer = (IntPtr)0; LSA_UNICODE_STRING? trustedDomainName = null; IntPtr newBuffer = (IntPtr)0; bool impersonated = false; LSA_AUTH_INFORMATION? AuthData = null; IntPtr fileTime = (IntPtr)0; IntPtr unmanagedPassword = (IntPtr)0; IntPtr unmanagedAuthData = (IntPtr)0; TRUSTED_DOMAIN_AUTH_INFORMATION? AuthInfoEx = null; IntPtr target = (IntPtr)0; string? serverName = null; serverName = Utils.GetPolicyServerName(context, isForest, false, sourceName); impersonated = Utils.Impersonate(context); try { try { // get the policy handle first handle = new PolicySafeHandle(Utils.GetPolicyHandle(serverName)); // get the target name trustedDomainName = new LSA_UNICODE_STRING(); target = Marshal.StringToHGlobalUni(targetName); UnsafeNativeMethods.RtlInitUnicodeString(trustedDomainName, target); // get the trusted domain information int result = UnsafeNativeMethods.LsaQueryTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, ref buffer); if (result != 0) { int win32Error = UnsafeNativeMethods.LsaNtStatusToWinError(result); // 2 ERROR_FILE_NOT_FOUND <--> 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND if (win32Error == STATUS_OBJECT_NAME_NOT_FOUND) { if (isForest) throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.ForestTrustDoesNotExist, sourceName, targetName), typeof(ForestTrustRelationshipInformation), null); else throw new ActiveDirectoryObjectNotFoundException(SR.Format(SR.DomainTrustDoesNotExist, sourceName, targetName), typeof(TrustRelationshipInformation), null); } else throw ExceptionHelper.GetExceptionFromErrorCode(win32Error, serverName); } // get the managed structre representation TRUSTED_DOMAIN_FULL_INFORMATION domainInfo = new TRUSTED_DOMAIN_FULL_INFORMATION(); Marshal.PtrToStructure(buffer, domainInfo); // validate the trust attribute first ValidateTrustAttribute(domainInfo.Information!, isForest, sourceName, targetName); // change the attribute value properly AuthData = new LSA_AUTH_INFORMATION(); fileTime = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(FileTime))); UnsafeNativeMethods.GetSystemTimeAsFileTime(fileTime); // set the time FileTime tmp = new FileTime(); Marshal.PtrToStructure(fileTime, tmp); AuthData.LastUpdateTime = new LARGE_INTEGER(); AuthData.LastUpdateTime.lowPart = tmp.lower; AuthData.LastUpdateTime.highPart = tmp.higher; AuthData.AuthType = TRUST_AUTH_TYPE_CLEAR; unmanagedPassword = Marshal.StringToHGlobalUni(password); AuthData.AuthInfo = unmanagedPassword; AuthData.AuthInfoLength = password.Length * 2; unmanagedAuthData = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(LSA_AUTH_INFORMATION))); Marshal.StructureToPtr(AuthData, unmanagedAuthData, false); AuthInfoEx = new TRUSTED_DOMAIN_AUTH_INFORMATION(); if ((newTrustDirection & TrustDirection.Inbound) != 0) { AuthInfoEx.IncomingAuthInfos = 1; AuthInfoEx.IncomingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.IncomingAuthInfos = 0; AuthInfoEx.IncomingAuthenticationInformation = (IntPtr)0; AuthInfoEx.IncomingPreviousAuthenticationInformation = (IntPtr)0; } if ((newTrustDirection & TrustDirection.Outbound) != 0) { AuthInfoEx.OutgoingAuthInfos = 1; AuthInfoEx.OutgoingAuthenticationInformation = unmanagedAuthData; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } else { AuthInfoEx.OutgoingAuthInfos = 0; AuthInfoEx.OutgoingAuthenticationInformation = (IntPtr)0; AuthInfoEx.OutgoingPreviousAuthenticationInformation = (IntPtr)0; } // reconstruct the unmanaged structure to set it back domainInfo.AuthInformation = AuthInfoEx; // reset the trust direction domainInfo.Information!.TrustDirection = (int)newTrustDirection; newBuffer = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(TRUSTED_DOMAIN_FULL_INFORMATION))); Marshal.StructureToPtr(domainInfo, newBuffer, false); result = UnsafeNativeMethods.LsaSetTrustedDomainInfoByName(handle, trustedDomainName, TRUSTED_INFORMATION_CLASS.TrustedDomainFullInformation, newBuffer); if (result != 0) { throw ExceptionHelper.GetExceptionFromErrorCode(UnsafeNativeMethods.LsaNtStatusToWinError(result), serverName); } return; } finally { if (impersonated) Utils.Revert(); if (target != (IntPtr)0) Marshal.FreeHGlobal(target); if (buffer != (IntPtr)0) UnsafeNativeMethods.LsaFreeMemory(buffer); if (newBuffer != (IntPtr)0) Marshal.FreeHGlobal(newBuffer); if (fileTime != (IntPtr)0) Marshal.FreeHGlobal(fileTime); if (unmanagedPassword != (IntPtr)0) Marshal.FreeHGlobal(unmanagedPassword); if (unmanagedAuthData != (IntPtr)0) Marshal.FreeHGlobal(unmanagedAuthData); } } catch { throw; } }