Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2173 lines
58 KiB

  1. /*++
  2. Copyright (c) 1987-2001 Microsoft Corporation
  3. Module Name:
  4. ftnfoctx.c
  5. Abstract:
  6. Utility routines to manipulate the forest trust context
  7. Author:
  8. 27-Jul-00 (cliffv)
  9. Environment:
  10. User mode only.
  11. Contains NT-specific code.
  12. Requires ANSI C extensions: slash-slash comments, long external names.
  13. Revision History:
  14. --*/
  15. #include <nt.h>
  16. #include <ntrtl.h>
  17. #include <nturtl.h>
  18. #include <netdebug.h>
  19. #include <ntlsa.h>
  20. #include <ftnfoctx.h>
  21. #include <align.h> // ROUND_UP_POINTER
  22. #include <rpcutil.h> // MIDL_user_free
  23. #include <stdlib.h> // qsort
  24. VOID
  25. NetpInitFtinfoContext(
  26. OUT PNL_FTINFO_CONTEXT FtinfoContext
  27. )
  28. /*++
  29. Routine Description:
  30. Routine to initialize the Ftinfo context structure.
  31. Arguments:
  32. FtinfoContext - Context to initialize
  33. Return Value:
  34. None
  35. --*/
  36. {
  37. RtlZeroMemory( FtinfoContext, sizeof(*FtinfoContext) );
  38. InitializeListHead( &FtinfoContext->FtinfoList );
  39. }
  40. VOID
  41. NetpMarshalFtinfoEntry (
  42. IN PLSA_FOREST_TRUST_RECORD InFtinfoRecord,
  43. OUT PLSA_FOREST_TRUST_RECORD OutFtinfoRecord,
  44. IN OUT LPBYTE *WherePtr
  45. )
  46. /*++
  47. Routine Description:
  48. Routine to marshalls a single Ftinfo entry
  49. Arguments:
  50. InFtinfoRecord - Template to copy into InFtinfoRecord
  51. OutFtinfoRecord - Entry to fill in
  52. On input, points to a zeroed buffer.
  53. WherePtr - On input, specifies where to marshal to.
  54. On output, points to the first byte past the marshalled data.
  55. Return Value:
  56. TRUE - Success
  57. FALSE - if no memory can be allocated
  58. --*/
  59. {
  60. LPBYTE Where = *WherePtr;
  61. ULONG Size;
  62. ULONG SidSize;
  63. ULONG NameSize;
  64. NetpAssert( Where == ROUND_UP_POINTER( Where, ALIGN_WORST ));
  65. //
  66. // Copy the fixed size data
  67. //
  68. OutFtinfoRecord->ForestTrustType = InFtinfoRecord->ForestTrustType;
  69. OutFtinfoRecord->Flags = InFtinfoRecord->Flags;
  70. OutFtinfoRecord->Time = InFtinfoRecord->Time;
  71. //
  72. // Fill in a domain entry
  73. //
  74. switch( InFtinfoRecord->ForestTrustType ) {
  75. case ForestTrustDomainInfo:
  76. //
  77. // Copy the DWORD aligned data
  78. //
  79. if ( InFtinfoRecord->ForestTrustData.DomainInfo.Sid != NULL ) {
  80. SidSize = RtlLengthSid( InFtinfoRecord->ForestTrustData.DomainInfo.Sid );
  81. OutFtinfoRecord->ForestTrustData.DomainInfo.Sid = (PISID) Where;
  82. RtlCopyMemory( Where, InFtinfoRecord->ForestTrustData.DomainInfo.Sid, SidSize );
  83. Where += SidSize;
  84. }
  85. //
  86. // Copy the WCHAR aligned data
  87. //
  88. NameSize = InFtinfoRecord->ForestTrustData.DomainInfo.DnsName.Length;
  89. if ( NameSize != 0 ) {
  90. OutFtinfoRecord->ForestTrustData.DomainInfo.DnsName.Buffer = (LPWSTR) Where;
  91. OutFtinfoRecord->ForestTrustData.DomainInfo.DnsName.MaximumLength = (USHORT) (NameSize+sizeof(WCHAR));
  92. OutFtinfoRecord->ForestTrustData.DomainInfo.DnsName.Length = (USHORT)NameSize;
  93. RtlCopyMemory( Where, InFtinfoRecord->ForestTrustData.DomainInfo.DnsName.Buffer, NameSize );
  94. Where += NameSize;
  95. *((LPWSTR)Where) = L'\0';
  96. Where += sizeof(WCHAR);
  97. }
  98. NameSize = InFtinfoRecord->ForestTrustData.DomainInfo.NetbiosName.Length;
  99. if ( NameSize != 0 ) {
  100. OutFtinfoRecord->ForestTrustData.DomainInfo.NetbiosName.Buffer = (LPWSTR) Where;
  101. OutFtinfoRecord->ForestTrustData.DomainInfo.NetbiosName.MaximumLength = (USHORT) (NameSize+sizeof(WCHAR));
  102. OutFtinfoRecord->ForestTrustData.DomainInfo.NetbiosName.Length = (USHORT)NameSize;
  103. RtlCopyMemory( Where, InFtinfoRecord->ForestTrustData.DomainInfo.NetbiosName.Buffer, NameSize );
  104. Where += NameSize;
  105. *((LPWSTR)Where) = L'\0';
  106. Where += sizeof(WCHAR);
  107. }
  108. break;
  109. //
  110. // Fill in a TLN entry
  111. //
  112. case ForestTrustTopLevelName:
  113. case ForestTrustTopLevelNameEx:
  114. //
  115. // Copy the WCHAR aligned data
  116. //
  117. NameSize = InFtinfoRecord->ForestTrustData.TopLevelName.Length;
  118. if ( NameSize != 0 ) {
  119. OutFtinfoRecord->ForestTrustData.TopLevelName.Buffer = (LPWSTR) Where;
  120. OutFtinfoRecord->ForestTrustData.TopLevelName.MaximumLength = (USHORT) (NameSize+sizeof(WCHAR));
  121. OutFtinfoRecord->ForestTrustData.TopLevelName.Length = (USHORT)NameSize;
  122. RtlCopyMemory( Where, InFtinfoRecord->ForestTrustData.TopLevelName.Buffer, NameSize );
  123. Where += NameSize;
  124. *((LPWSTR)Where) = L'\0';
  125. Where += sizeof(WCHAR);
  126. }
  127. break;
  128. default:
  129. NetpAssert( FALSE );
  130. }
  131. Where = ROUND_UP_POINTER( Where, ALIGN_WORST );
  132. *WherePtr = Where;
  133. }
  134. VOID
  135. NetpCompareHelper (
  136. IN PUNICODE_STRING Name,
  137. IN OUT PULONG Index,
  138. OUT PUNICODE_STRING CurrentLabel
  139. )
  140. /*++
  141. Routine Description:
  142. This routine is a helper routine for finding the next rightmost label in a string.
  143. Arguments:
  144. Name - The input dns name. The dns name should not have a trailing .
  145. Index - On input, should contain the value returned by the previous call to this routine.
  146. On input for the first call, should be set to Name->Length/sizeof(WCHAR).
  147. On output, zero is returned to indicate that this is the last of the name. The
  148. caller should not call again. Any other value output is a context for the next
  149. call to this routine.
  150. CurrentLabel - Returns a descriptor describing the substring which is the next label.
  151. Return Value:
  152. None.
  153. --*/
  154. {
  155. ULONG PreviousIndex = *Index;
  156. ULONG CurrentIndex = *Index;
  157. ULONG LabelIndex;
  158. NetpAssert( CurrentIndex != 0 );
  159. //
  160. // Find the beginning of the next label
  161. //
  162. while ( CurrentIndex > 0 ) {
  163. CurrentIndex--;
  164. if ( Name->Buffer[CurrentIndex] == L'.' ) {
  165. break;
  166. }
  167. }
  168. if ( CurrentIndex == 0 ) {
  169. LabelIndex = CurrentIndex;
  170. } else {
  171. LabelIndex = CurrentIndex + 1;
  172. }
  173. //
  174. // Return it to the caller
  175. //
  176. CurrentLabel->Buffer = &Name->Buffer[LabelIndex];
  177. CurrentLabel->Length = (USHORT)((PreviousIndex - LabelIndex) * sizeof(WCHAR));
  178. CurrentLabel->MaximumLength = CurrentLabel->Length;
  179. *Index = CurrentIndex;
  180. }
  181. int
  182. NetpCompareDnsNameWithSortOrder(
  183. IN PUNICODE_STRING Name1,
  184. IN PUNICODE_STRING Name2
  185. )
  186. /*++
  187. Routine Description:
  188. Routine to compare two DNS names. The DNS names must not have a trailing "."
  189. Labels are compare right to left to present a pleasent viewing order.
  190. Arguments:
  191. Name1 - First name to compare.
  192. Name2 - Second name to compare.
  193. Return Value:
  194. Signed value that gives the results of the comparison:
  195. Zero - String1 equals String2
  196. < Zero - String1 less than String2
  197. > Zero - String1 greater than String2
  198. --*/
  199. {
  200. ULONG Index1 = Name1->Length/sizeof(WCHAR);
  201. ULONG Index2 = Name2->Length/sizeof(WCHAR);
  202. UNICODE_STRING Label1;
  203. UNICODE_STRING Label2;
  204. LONG Result;
  205. //
  206. // Loop comparing labels
  207. //
  208. while ( Index1 != 0 && Index2 != 0 ) {
  209. //
  210. // Get the next label from each string
  211. //
  212. NetpCompareHelper ( Name1, &Index1, &Label1 );
  213. NetpCompareHelper ( Name2, &Index2, &Label2 );
  214. //
  215. // If the labels are different,
  216. // return that result to the caller.
  217. //
  218. Result = RtlCompareUnicodeString( &Label1, &Label2, TRUE );
  219. if ( Result != 0 ) {
  220. return (int)Result;
  221. }
  222. }
  223. //
  224. // ASSERT: one label is a (proper) substring of the other
  225. //
  226. // If the first name is longer, indicate it is greater than the second
  227. //
  228. return Index1-Index2;
  229. }
  230. int __cdecl NetpCompareFtinfoEntryDns(
  231. const void *String1,
  232. const void *String2
  233. )
  234. /*++
  235. Routine Description:
  236. qsort comparison routine for Dns string in Ftinfo entries
  237. Arguments:
  238. String1: First string to compare
  239. String2: Second string to compare
  240. Return Value:
  241. Signed value that gives the results of the comparison:
  242. Zero - String1 equals String2
  243. < Zero - String1 less than String2
  244. > Zero - String1 greater than String2
  245. --*/
  246. {
  247. PLSA_FOREST_TRUST_RECORD Entry1 = *((PLSA_FOREST_TRUST_RECORD *)String1);
  248. PLSA_FOREST_TRUST_RECORD Entry2 = *((PLSA_FOREST_TRUST_RECORD *)String2);
  249. PUNICODE_STRING Name1;
  250. PUNICODE_STRING Name2;
  251. int Result;
  252. //
  253. // Get the name from the entry
  254. //
  255. switch ( Entry1->ForestTrustType ) {
  256. case ForestTrustTopLevelName:
  257. case ForestTrustTopLevelNameEx:
  258. Name1 = &Entry1->ForestTrustData.TopLevelName;
  259. break;
  260. case ForestTrustDomainInfo:
  261. Name1 = &Entry1->ForestTrustData.DomainInfo.DnsName;
  262. break;
  263. default:
  264. //
  265. // If Entry2 can be recognized,
  266. // then entry 2 is less than this one.
  267. //
  268. switch ( Entry2->ForestTrustType ) {
  269. case ForestTrustTopLevelName:
  270. case ForestTrustTopLevelNameEx:
  271. case ForestTrustDomainInfo:
  272. return 1; // This name is greater than the other
  273. }
  274. //
  275. // Otherwise simply leave them in the same order
  276. //
  277. if ((Entry1 - Entry2) < 0 ) {
  278. return -1;
  279. } else if ((Entry1 - Entry2) > 0 ) {
  280. return 1;
  281. } else {
  282. return 0;
  283. }
  284. }
  285. switch ( Entry2->ForestTrustType ) {
  286. case ForestTrustTopLevelName:
  287. case ForestTrustTopLevelNameEx:
  288. Name2 = &Entry2->ForestTrustData.TopLevelName;
  289. break;
  290. case ForestTrustDomainInfo:
  291. Name2 = &Entry2->ForestTrustData.DomainInfo.DnsName;
  292. break;
  293. default:
  294. //
  295. // Since Entry1 is a recognized type,
  296. // this Entry2 is greater.
  297. //
  298. return -1; // This name is greater than the other
  299. }
  300. //
  301. // If the labels are different,
  302. // return the difference to the caller.
  303. //
  304. Result = NetpCompareDnsNameWithSortOrder( Name1, Name2 );
  305. if ( Result != 0 ) {
  306. return Result;
  307. }
  308. //
  309. // If the labels are the same,
  310. // indicate TLNs are before domain info records.
  311. //
  312. return Entry1->ForestTrustType - Entry2->ForestTrustType;
  313. }
  314. int
  315. NetpCompareSid(
  316. PSID Sid1,
  317. PSID Sid2
  318. )
  319. /*++
  320. Routine description:
  321. SID comparison routine that actually indicates if one sid is greater than another
  322. Arguments:
  323. Sid1 - First Sid
  324. Sid2 - Second Sid
  325. Returns:
  326. Signed value that gives the results of the comparison:
  327. Zero - String1 equals String2
  328. < Zero - String1 less than String2
  329. > Zero - String1 greater than String2
  330. --*/
  331. {
  332. DWORD Size1;
  333. DWORD Size2;
  334. LPBYTE Byte1;
  335. LPBYTE Byte2;
  336. ULONG i;
  337. NetpAssert( Sid1 && RtlValidSid( Sid1 ));
  338. NetpAssert( Sid2 && RtlValidSid( Sid2 ));
  339. //
  340. // The NULL SID is smaller
  341. //
  342. if ( Sid1 == NULL ) {
  343. if ( Sid2 != NULL ) {
  344. return -1;
  345. } else {
  346. return 0;
  347. }
  348. }
  349. if ( Sid2 == NULL ) {
  350. if ( Sid1 != NULL ) {
  351. return 1;
  352. } else {
  353. return 0;
  354. }
  355. }
  356. //
  357. // The longer sid is greater
  358. //
  359. Size1 = RtlLengthSid( Sid1 );
  360. Size2 = RtlLengthSid( Sid2 );
  361. if ( Size1 != Size2 ) {
  362. return Size1 - Size2;
  363. }
  364. //
  365. // Otherwise compare the bytes
  366. //
  367. Byte1 = (LPBYTE)Sid1;
  368. Byte2 = (LPBYTE)Sid2;
  369. for ( i=0; i<Size1; i++ ) {
  370. if ( Byte1[i] != Byte2[i] ) {
  371. return Byte1[i] - Byte2[i];
  372. }
  373. }
  374. return 0;
  375. }
  376. int __cdecl NetpCompareFtinfoEntrySid(
  377. const void *String1,
  378. const void *String2
  379. )
  380. /*++
  381. Routine Description:
  382. qsort comparison routine for Sid string in Ftinfo entries
  383. Arguments:
  384. String1: First string to compare
  385. String2: Second string to compare
  386. Return Value:
  387. Signed value that gives the results of the comparison:
  388. Zero - String1 equals String2
  389. < Zero - String1 less than String2
  390. > Zero - String1 greater than String2
  391. --*/
  392. {
  393. PLSA_FOREST_TRUST_RECORD Entry1 = *((PLSA_FOREST_TRUST_RECORD *)String1);
  394. PLSA_FOREST_TRUST_RECORD Entry2 = *((PLSA_FOREST_TRUST_RECORD *)String2);
  395. PSID Sid1;
  396. PSID Sid2;
  397. int Result;
  398. //
  399. // Get the Sid from the entry
  400. //
  401. switch ( Entry1->ForestTrustType ) {
  402. case ForestTrustDomainInfo:
  403. Sid1 = Entry1->ForestTrustData.DomainInfo.Sid;
  404. break;
  405. default:
  406. //
  407. // If Entry2 can be recognized,
  408. // then entry 2 is less than this one.
  409. //
  410. switch ( Entry2->ForestTrustType ) {
  411. case ForestTrustDomainInfo:
  412. return 1; // This name is greater than the other
  413. }
  414. //
  415. // Otherwise simply leave them in the same order
  416. //
  417. if ((Entry1 - Entry2) < 0 ) {
  418. return -1;
  419. } else if ((Entry1 - Entry2) > 0 ) {
  420. return 1;
  421. } else {
  422. return 0;
  423. }
  424. }
  425. switch ( Entry2->ForestTrustType ) {
  426. case ForestTrustDomainInfo:
  427. Sid2 = Entry2->ForestTrustData.DomainInfo.Sid;
  428. break;
  429. default:
  430. //
  431. // Since Entry1 is a recognized type,
  432. // this Entry2 is greater.
  433. //
  434. return -1; // This name is greater than the other
  435. }
  436. //
  437. // Simply return the different of the sids.
  438. //
  439. return NetpCompareSid( Sid1, Sid2 );
  440. }
  441. int __cdecl NetpCompareFtinfoEntryNetbios(
  442. const void *String1,
  443. const void *String2
  444. )
  445. /*++
  446. Routine Description:
  447. qsort comparison routine for Netbios name in Ftinfo entries
  448. Arguments:
  449. String1: First string to compare
  450. String2: Second string to compare
  451. Return Value:
  452. Signed value that gives the results of the comparison:
  453. Zero - String1 equals String2
  454. < Zero - String1 less than String2
  455. > Zero - String1 greater than String2
  456. --*/
  457. {
  458. PLSA_FOREST_TRUST_RECORD Entry1 = *((PLSA_FOREST_TRUST_RECORD *)String1);
  459. PLSA_FOREST_TRUST_RECORD Entry2 = *((PLSA_FOREST_TRUST_RECORD *)String2);
  460. PUNICODE_STRING Name1;
  461. PUNICODE_STRING Name2;
  462. int Result;
  463. //
  464. // Get the Sid from the entry
  465. //
  466. switch ( Entry1->ForestTrustType ) {
  467. case ForestTrustDomainInfo:
  468. Name1 = &Entry1->ForestTrustData.DomainInfo.NetbiosName;
  469. if ( Name1->Length != 0 && Name1->Buffer != NULL ) {
  470. break;
  471. }
  472. default:
  473. //
  474. // If Entry2 can be recognized,
  475. // then entry 2 is less than this one.
  476. //
  477. switch ( Entry2->ForestTrustType ) {
  478. case ForestTrustDomainInfo:
  479. return 1; // This name is greater than the other
  480. }
  481. //
  482. // Otherwise simply leave them in the same order
  483. //
  484. if ((Entry1 - Entry2) < 0 ) {
  485. return -1;
  486. } else if ((Entry1 - Entry2) > 0 ) {
  487. return 1;
  488. } else {
  489. return 0;
  490. }
  491. }
  492. switch ( Entry2->ForestTrustType ) {
  493. case ForestTrustDomainInfo:
  494. Name2 = &Entry2->ForestTrustData.DomainInfo.NetbiosName;
  495. if ( Name2->Length != 0 && Name2->Buffer != NULL ) {
  496. break;
  497. }
  498. default:
  499. //
  500. // Since Entry1 is a recognized type,
  501. // this Entry2 is greater.
  502. //
  503. return -1; // This name is greater than the other
  504. }
  505. //
  506. // Simply return the difference of the names
  507. //
  508. return RtlCompareUnicodeString( Name1, Name2, TRUE );
  509. }
  510. PLSA_FOREST_TRUST_INFORMATION
  511. NetpCopyFtinfoContext(
  512. IN PNL_FTINFO_CONTEXT FtinfoContext
  513. )
  514. /*++
  515. Routine Description:
  516. Routine to allocate an FTinfo array from an FTinfo context.
  517. Arguments:
  518. FtinfoContext - Context to use
  519. The caller must have previously called NetpInitFtinfoContext
  520. Return Value:
  521. FTinfo array. The caller should free this array using MIDL_user_free.
  522. If NULL, not enough memory was available.
  523. --*/
  524. {
  525. PNL_FTINFO_ENTRY FtinfoEntry;
  526. PLIST_ENTRY ListEntry;
  527. PLSA_FOREST_TRUST_INFORMATION LocalForestTrustInfo;
  528. LPBYTE Where;
  529. ULONG Size;
  530. ULONG i;
  531. PLSA_FOREST_TRUST_RECORD Entries;
  532. //
  533. // Allocate a structure to return to the caller.
  534. //
  535. Size = ROUND_UP_COUNT( sizeof( *LocalForestTrustInfo ), ALIGN_WORST) +
  536. ROUND_UP_COUNT( FtinfoContext->FtinfoCount * sizeof(LSA_FOREST_TRUST_RECORD), ALIGN_WORST) +
  537. ROUND_UP_COUNT( FtinfoContext->FtinfoCount * sizeof(PLSA_FOREST_TRUST_RECORD), ALIGN_WORST) +
  538. FtinfoContext->FtinfoSize;
  539. LocalForestTrustInfo = MIDL_user_allocate( Size );
  540. if ( LocalForestTrustInfo == NULL ) {
  541. return NULL;
  542. }
  543. RtlZeroMemory( LocalForestTrustInfo, Size );
  544. Where = (LPBYTE)(LocalForestTrustInfo+1);
  545. Where = ROUND_UP_POINTER( Where, ALIGN_WORST );
  546. //
  547. // Fill it in
  548. //
  549. LocalForestTrustInfo->RecordCount = FtinfoContext->FtinfoCount;
  550. //
  551. // Grab a huge chunk of ALIGN_WORST
  552. // (We fill it in during the loop below.)
  553. //
  554. Entries = (PLSA_FOREST_TRUST_RECORD) Where;
  555. Where = (LPBYTE)(&Entries[FtinfoContext->FtinfoCount]);
  556. Where = ROUND_UP_POINTER( Where, ALIGN_WORST );
  557. //
  558. // Grab a huge chunk of dword aligned
  559. // (We fill it in during the loop below.)
  560. //
  561. LocalForestTrustInfo->Entries = (PLSA_FOREST_TRUST_RECORD *) Where;
  562. Where = (LPBYTE)(&LocalForestTrustInfo->Entries[FtinfoContext->FtinfoCount]);
  563. Where = ROUND_UP_POINTER( Where, ALIGN_WORST );
  564. //
  565. // Fill in the individual entries
  566. //
  567. i = 0;
  568. for ( ListEntry = FtinfoContext->FtinfoList.Flink ;
  569. ListEntry != &FtinfoContext->FtinfoList ;
  570. ListEntry = ListEntry->Flink) {
  571. FtinfoEntry = CONTAINING_RECORD( ListEntry, NL_FTINFO_ENTRY, Next );
  572. LocalForestTrustInfo->Entries[i] = &Entries[i];
  573. NetpMarshalFtinfoEntry (
  574. &FtinfoEntry->Record,
  575. &Entries[i],
  576. &Where );
  577. i++;
  578. }
  579. NetpAssert( i == FtinfoContext->FtinfoCount );
  580. NetpAssert( Where == ((LPBYTE)LocalForestTrustInfo) + Size );
  581. //
  582. // Sort them into alphabetical order
  583. //
  584. qsort( LocalForestTrustInfo->Entries,
  585. LocalForestTrustInfo->RecordCount,
  586. sizeof(PLSA_FOREST_TRUST_RECORD),
  587. NetpCompareFtinfoEntryDns );
  588. //
  589. // Return the allocated buffer to the caller.
  590. //
  591. return LocalForestTrustInfo;
  592. }
  593. VOID
  594. NetpCleanFtinfoContext(
  595. IN PNL_FTINFO_CONTEXT FtinfoContext
  596. )
  597. /*++
  598. Routine Description:
  599. Routine to cleanup the Ftinfo context structure.
  600. Arguments:
  601. FtinfoContext - Context to clean
  602. The caller must have previously called NetpInitFtinfoContext
  603. Return Value:
  604. None
  605. --*/
  606. {
  607. PLIST_ENTRY ListEntry;
  608. PNL_FTINFO_ENTRY FtinfoEntry;
  609. //
  610. // Loop freeing the entries
  611. //
  612. while ( !IsListEmpty( &FtinfoContext->FtinfoList ) ) {
  613. //
  614. // Delink an entry
  615. //
  616. ListEntry = RemoveHeadList( &FtinfoContext->FtinfoList );
  617. FtinfoEntry = CONTAINING_RECORD( ListEntry, NL_FTINFO_ENTRY, Next );
  618. FtinfoContext->FtinfoCount -= 1;
  619. FtinfoContext->FtinfoSize -= FtinfoEntry->Size;
  620. RtlFreeHeap( RtlProcessHeap(), 0, FtinfoEntry );
  621. }
  622. NetpAssert( FtinfoContext->FtinfoCount == 0 );
  623. NetpAssert( FtinfoContext->FtinfoSize == 0 );
  624. }
  625. PLSA_FOREST_TRUST_RECORD
  626. NetpAllocFtinfoEntry2 (
  627. IN PNL_FTINFO_CONTEXT FtinfoContext,
  628. IN PLSA_FOREST_TRUST_RECORD InFtinfoRecord
  629. )
  630. /*++
  631. Routine Description:
  632. Same as NetpAllocFtinfoEntry except takes a template of an FTinfo entry on input.
  633. Arguments:
  634. FtinfoContext - Context to link the entry onto.
  635. InFtinfoRecord - Template to copy into InFtinfoRecord
  636. Return Value:
  637. Returns the address of the allocated forest trust record.
  638. The caller should not and cannot deallocate this buffer. It has a header and is
  639. linked into the FtinfoContext.
  640. Returns NULL if no memory can be allocated.
  641. --*/
  642. {
  643. PNL_FTINFO_ENTRY FtinfoEntry;
  644. ULONG Size = ROUND_UP_COUNT(sizeof(NL_FTINFO_ENTRY), ALIGN_WORST);
  645. ULONG DataSize = 0;
  646. LPBYTE Where;
  647. //
  648. // Compute the size of the entry.
  649. //
  650. switch( InFtinfoRecord->ForestTrustType ) {
  651. case ForestTrustDomainInfo:
  652. if ( InFtinfoRecord->ForestTrustData.DomainInfo.Sid != NULL ) {
  653. DataSize += RtlLengthSid( InFtinfoRecord->ForestTrustData.DomainInfo.Sid );
  654. }
  655. if ( InFtinfoRecord->ForestTrustData.DomainInfo.DnsName.Length != 0 ) {
  656. DataSize += InFtinfoRecord->ForestTrustData.DomainInfo.DnsName.Length + sizeof(WCHAR);
  657. }
  658. if ( InFtinfoRecord->ForestTrustData.DomainInfo.NetbiosName.Length != 0 ) {
  659. DataSize += InFtinfoRecord->ForestTrustData.DomainInfo.NetbiosName.Length + sizeof(WCHAR);
  660. }
  661. break;
  662. case ForestTrustTopLevelName:
  663. case ForestTrustTopLevelNameEx:
  664. if ( InFtinfoRecord->ForestTrustData.TopLevelName.Length != 0 ) {
  665. DataSize += InFtinfoRecord->ForestTrustData.TopLevelName.Length + sizeof(WCHAR);
  666. }
  667. break;
  668. default:
  669. NetpAssert( FALSE );
  670. return NULL;
  671. }
  672. DataSize = ROUND_UP_COUNT(DataSize, ALIGN_WORST);
  673. //
  674. // Allocate an entry
  675. //
  676. Size += DataSize;
  677. FtinfoEntry = RtlAllocateHeap( RtlProcessHeap(), 0, Size );
  678. if ( FtinfoEntry == NULL ) {
  679. return NULL;
  680. }
  681. RtlZeroMemory( FtinfoEntry, Size );
  682. Where = (LPBYTE)(FtinfoEntry+1);
  683. //
  684. // Fill it in.
  685. //
  686. FtinfoEntry->Size = DataSize;
  687. NetpMarshalFtinfoEntry ( InFtinfoRecord,
  688. &FtinfoEntry->Record,
  689. &Where );
  690. NetpAssert( Where == ((LPBYTE)FtinfoEntry) + Size )
  691. //
  692. // Link it onto the list
  693. //
  694. InsertHeadList( &FtinfoContext->FtinfoList, &FtinfoEntry->Next );
  695. FtinfoContext->FtinfoSize += FtinfoEntry->Size;
  696. FtinfoContext->FtinfoCount += 1;
  697. return &FtinfoEntry->Record;
  698. }
  699. BOOLEAN
  700. NetpAllocFtinfoEntry (
  701. IN PNL_FTINFO_CONTEXT FtinfoContext,
  702. IN LSA_FOREST_TRUST_RECORD_TYPE ForestTrustType,
  703. IN PUNICODE_STRING Name,
  704. IN PSID Sid,
  705. IN PUNICODE_STRING NetbiosName
  706. )
  707. /*++
  708. Routine Description:
  709. Routine to allocate a single Ftinfo entry and link it onto the context.
  710. Arguments:
  711. FtinfoContext - Context to link the entry onto.
  712. ForestTypeType - Specifies the type of record to allocate. This must be
  713. ForestTrustTopLevelName or ForestTrustDomainInfo.
  714. Name - Specifies the name for the record.
  715. Sid - Specifies the SID for the record. (Ignored for ForestTrustTopLevelName.)
  716. NetbiosName - Specifies the netbios name for the record. (Ignored for ForestTrustTopLevelName.)
  717. Return Value:
  718. TRUE - Success
  719. FALSE - if no memory can be allocated
  720. --*/
  721. {
  722. LSA_FOREST_TRUST_RECORD FtinfoRecord = {0};
  723. //
  724. // Initialize the template Ftinfo entry
  725. //
  726. FtinfoRecord.ForestTrustType = ForestTrustType;
  727. switch( ForestTrustType ) {
  728. case ForestTrustDomainInfo:
  729. FtinfoRecord.ForestTrustData.DomainInfo.Sid = Sid;
  730. FtinfoRecord.ForestTrustData.DomainInfo.DnsName = *Name;
  731. FtinfoRecord.ForestTrustData.DomainInfo.NetbiosName = *NetbiosName;
  732. break;
  733. case ForestTrustTopLevelName:
  734. case ForestTrustTopLevelNameEx:
  735. FtinfoRecord.ForestTrustData.TopLevelName = *Name;
  736. break;
  737. default:
  738. NetpAssert( FALSE );
  739. return FALSE;
  740. }
  741. //
  742. // Call the routine that takes a template and does the rest of the job
  743. //
  744. return (NetpAllocFtinfoEntry2( FtinfoContext, &FtinfoRecord ) != NULL);
  745. }
  746. BOOLEAN
  747. NetpIsSubordinate(
  748. IN const UNICODE_STRING * Subordinate,
  749. IN const UNICODE_STRING * Superior,
  750. IN BOOLEAN EqualReturnsTrue
  751. )
  752. /*++
  753. Routine Description:
  754. Determines if Subordinate string is indeed subordinate to Superior
  755. For example, "NY.acme.com" is subordinate to "acme.com", but
  756. "NY.acme.com" is NOT subordinate to "me.com" or "NY.acme.com"
  757. Arguments:
  758. Subordinate name to test for subordinate status
  759. Superior name to test for superior status
  760. EqualReturnsTrue - TRUE if equal names should return TRUE also
  761. Returns:
  762. TRUE is Subordinate is subordinate to Superior
  763. FALSE otherwise
  764. --*/
  765. {
  766. USHORT SubIndex, SupIndex;
  767. UNICODE_STRING Temp;
  768. ASSERT( Subordinate && Subordinate->Buffer );
  769. ASSERT( Superior && Superior->Buffer );
  770. //
  771. // If equal names are to be considered subordinate,
  772. // compare the names for equality.
  773. //
  774. if ( EqualReturnsTrue &&
  775. RtlEqualUnicodeString( Subordinate, Superior, TRUE )) {
  776. return TRUE;
  777. }
  778. //
  779. // A subordinate name must be longer than the superior name
  780. //
  781. if ( Subordinate->Length <= Superior->Length ) {
  782. return FALSE;
  783. }
  784. //
  785. // Subordinate name must be separated from the superior part by a period
  786. //
  787. if ( Subordinate->Buffer[( Subordinate->Length - Superior->Length ) / sizeof( WCHAR ) - 1] != L'.' ) {
  788. return FALSE;
  789. }
  790. //
  791. // Ensure the trailing part of the two names are the same.
  792. //
  793. Temp = *Subordinate;
  794. Temp.Buffer += ( Subordinate->Length - Superior->Length ) / sizeof( WCHAR );
  795. Temp.Length = Superior->Length;
  796. Temp.MaximumLength = Temp.Length;
  797. if ( !RtlEqualUnicodeString( &Temp, Superior, TRUE )) {
  798. return FALSE;
  799. }
  800. return TRUE;
  801. }
  802. BOOLEAN
  803. NetpAddTlnFtinfoEntry (
  804. IN PNL_FTINFO_CONTEXT FtinfoContext,
  805. IN PUNICODE_STRING Name
  806. )
  807. /*++
  808. Routine Description:
  809. Routine to add a TLN Ftinfo entry to the list.
  810. If there is already a TLN that is equal to or superior to this one, this TLN is
  811. ignored. (e.g., a TLN of a.acme.com is ignored of acme.com already exists in the list.)
  812. If there is already a TLN that is inferior to this one, the inferior TLN is
  813. removed and this one is added. (e.g., a TLN of acme.com causes an existing TLN of
  814. a.acme.com to be replaced by the new entry.)
  815. Arguments:
  816. FtinfoContext - Context to link the entry onto.
  817. Name - Specifies the name for the record.
  818. Return Value:
  819. TRUE - Success
  820. FALSE - if no memory can be allocated
  821. --*/
  822. {
  823. PNL_FTINFO_ENTRY FtinfoEntry;
  824. PLIST_ENTRY ListEntry;
  825. //
  826. // Loop through the list of existing entries
  827. //
  828. for ( ListEntry = FtinfoContext->FtinfoList.Flink ;
  829. ListEntry != &FtinfoContext->FtinfoList ;
  830. ) {
  831. FtinfoEntry = CONTAINING_RECORD( ListEntry, NL_FTINFO_ENTRY, Next );
  832. ListEntry = ListEntry->Flink;
  833. //
  834. // Ignore entries that aren't TLNs.
  835. //
  836. if ( FtinfoEntry->Record.ForestTrustType != ForestTrustTopLevelName ) {
  837. continue;
  838. }
  839. //
  840. // If the new name is subordinate (or equal to) to one already in the list,
  841. // ignore the new name.
  842. //
  843. if ( NetpIsSubordinate( Name,
  844. &FtinfoEntry->Record.ForestTrustData.TopLevelName,
  845. TRUE ) ) {
  846. return TRUE;
  847. }
  848. //
  849. // If the existing name is subordinate to the new name,
  850. // remove the existing name.
  851. //
  852. if ( NetpIsSubordinate( &FtinfoEntry->Record.ForestTrustData.TopLevelName,
  853. Name,
  854. FALSE ) ) {
  855. RemoveEntryList( &FtinfoEntry->Next );
  856. FtinfoContext->FtinfoCount -= 1;
  857. FtinfoContext->FtinfoSize -= FtinfoEntry->Size;
  858. RtlFreeHeap( RtlProcessHeap(), 0, FtinfoEntry );
  859. // continue looping since there may be more names to remove
  860. }
  861. }
  862. //
  863. // Add the new entry to the list
  864. //
  865. return NetpAllocFtinfoEntry( FtinfoContext,
  866. ForestTrustTopLevelName,
  867. Name,
  868. NULL, // No sid
  869. NULL ); // No Netbios name
  870. }
  871. VOID
  872. NetpMergeFtinfoHelper(
  873. IN PLSA_FOREST_TRUST_INFORMATION NewForestTrustInfo,
  874. IN PLSA_FOREST_TRUST_INFORMATION OldForestTrustInfo,
  875. IN OUT PULONG NewIndex,
  876. IN OUT PULONG OldIndex,
  877. OUT PLSA_FOREST_TRUST_RECORD *NewEntry,
  878. OUT PLSA_FOREST_TRUST_RECORD *OldEntry,
  879. OUT PULONG OldFlags,
  880. IN int (__cdecl *Routine) (const void *, const void *)
  881. )
  882. /*++
  883. Routine Description:
  884. This routine walks a pair of FTinfo arrays in sorted order and returns the next
  885. entry. If both entries are the same in the sort order, this routine returns an entry
  886. from both arrays
  887. Arguments:
  888. NewForestTrustInfo - Pointer to the first array
  889. OldForestTrustInfo - Pointer to the second array
  890. NewIndex - Current index into the first sorted array
  891. OldIndex - Current index into the second sorted array
  892. Before calling this routine the first time, the caller should set these parameters to zero.
  893. Both indices zero triggers this routine to qsort the arrays.
  894. The caller should *not* call this routine if both NewIndex and OldIndex are greater
  895. than the corresponding record count.
  896. NewEntry - Returns a pointer to an entry to be processed from the first sorted array.
  897. OldEntry - Returns a pointer to an entry to be processed from the second sorted array.
  898. Returns NULL if no entry is to be processed from the corresponding array.
  899. OldFlags - Returns the Flags field that corresponds to OldEntry.
  900. If there are duplicates of OldEntry, those duplicates are silently ignored by
  901. this routine. This field returns the logical OR of the Flags field of those entries.
  902. Routine - Comparison routine to passed to qsort to sort the FTinfo arrays.
  903. Return Value:
  904. None.
  905. --*/
  906. {
  907. int RetVal;
  908. //
  909. // Sort the arrays
  910. //
  911. if ( *NewIndex == 0 && *OldIndex == 0 ) {
  912. qsort( NewForestTrustInfo->Entries,
  913. NewForestTrustInfo->RecordCount,
  914. sizeof(PLSA_FOREST_TRUST_RECORD),
  915. Routine );
  916. qsort( OldForestTrustInfo->Entries,
  917. OldForestTrustInfo->RecordCount,
  918. sizeof(PLSA_FOREST_TRUST_RECORD),
  919. Routine );
  920. }
  921. //
  922. // Compare the first entry at the front of each list to determine which list
  923. // to consume an entry from.
  924. //
  925. *NewEntry = NULL;
  926. *OldEntry = NULL;
  927. *OldFlags = 0;
  928. if ( *NewIndex < NewForestTrustInfo->RecordCount ) {
  929. //
  930. // If neither list is empty,
  931. // compare the entries to determine which is next.
  932. //
  933. if ( *OldIndex < OldForestTrustInfo->RecordCount ) {
  934. RetVal = (*Routine)(
  935. &NewForestTrustInfo->Entries[*NewIndex],
  936. &OldForestTrustInfo->Entries[*OldIndex] );
  937. //
  938. // If the new entry is less than or equal to the old entry,
  939. // consume the new entry.
  940. //
  941. if ( RetVal <= 0 ) {
  942. *NewEntry = NewForestTrustInfo->Entries[*NewIndex];
  943. (*NewIndex) ++;
  944. }
  945. //
  946. // If the old entry is less than or equal to the new entry,
  947. // consume the old entry.
  948. //
  949. if ( RetVal >= 0 ) {
  950. *OldEntry = OldForestTrustInfo->Entries[*OldIndex];
  951. (*OldIndex) ++;
  952. }
  953. //
  954. // If the old list is empty and the new list isn't,
  955. // consume an entry from the new list.
  956. //
  957. } else {
  958. *NewEntry = NewForestTrustInfo->Entries[*NewIndex];
  959. (*NewIndex) ++;
  960. }
  961. } else {
  962. //
  963. // If the new list is empty and the old list isn't,
  964. // consume an entry from the old list.
  965. //
  966. if ( *OldIndex < OldForestTrustInfo->RecordCount ) {
  967. *OldEntry = OldForestTrustInfo->Entries[*OldIndex];
  968. (*OldIndex) ++;
  969. }
  970. }
  971. //
  972. // If we're returning an "OldEntry",
  973. // weed out all duplicates of that OldEntry.
  974. //
  975. if ( *OldEntry != NULL ) {
  976. *OldFlags |= (*OldEntry)->Flags;
  977. while ( *OldIndex < OldForestTrustInfo->RecordCount ) {
  978. //
  979. // Stop as soon as we hit an entry that isn't a duplicate.
  980. //
  981. RetVal = (*Routine)(
  982. OldEntry,
  983. &OldForestTrustInfo->Entries[*OldIndex] );
  984. if ( RetVal != 0 ) {
  985. break;
  986. }
  987. *OldFlags |= (*OldEntry)->Flags;
  988. }
  989. }
  990. }
  991. NTSTATUS
  992. NetpMergeFtinfo(
  993. IN PUNICODE_STRING TrustedDomainName,
  994. IN PLSA_FOREST_TRUST_INFORMATION InNewForestTrustInfo,
  995. IN PLSA_FOREST_TRUST_INFORMATION InOldForestTrustInfo OPTIONAL,
  996. OUT PLSA_FOREST_TRUST_INFORMATION *MergedForestTrustInfo
  997. )
  998. /*++
  999. Routine Description:
  1000. This function merges the changes from a new FTinfo into an old FTinfo and
  1001. produces the resultant FTinfo.
  1002. The merged FTinfo records are a combinition of the new and old records.
  1003. Here's where the merged records come from:
  1004. * The TLN exclusion records are copied from the TDO intact.
  1005. * The TLN record from the trusted domain that maps to the dns domain name of the
  1006. TDO is copied enabled. This reflects the LSA requirement that such a TLN not
  1007. be disabled. For instance, if the TDO is for a.acme.com and there is a TLN for
  1008. a.acme.com that TLN will be enabled. Also, if the TDO is for a.acme.com and
  1009. there is a TLN for acme.com, that TLN will be enabled.
  1010. * All other TLN records from the trusted domain are copied disabled with the
  1011. following exceptions. If there is an enabled TLN on the TDO, all TLNs from the
  1012. trusted domain that equal (or are subordinate to) the TDO TLN are marked as
  1013. disabled. This follows the philosophy that new TLNs are imported as enabled.
  1014. For instance, if the TDO had an enabled TLN for a.acme.com that TLN will still
  1015. be enabled after the automatic update. If the TDO had an enabled TLN for
  1016. acme.com and the trusted forest now has a TLN for a.acme.com, the resultant
  1017. FTinfo will have an enabled TLN for a.acme.com.
  1018. * The domain records from the trusted domain are copied enabled with the
  1019. following exceptions. If there is a disabled domain record on the TDO whose
  1020. dns domain name, or domain sid exactly matches the domain record, then the domain
  1021. remains disabled. If there is a domain record on the TDO whose netbios name is
  1022. disabled and whose netbios name exactly matches the netbios name on a domain
  1023. record, then the netbios name is disabled.
  1024. * Finally, orphaned exclusion records (those that are not subordinate to any TLN)
  1025. are removed (Bug #707630).
  1026. Arguments:
  1027. TrustedDomainName - Trusted domain that is to be updated.
  1028. NewForestTrustInfo - Specified the new array of FTinfo records as returned from the
  1029. TrustedDomainName.
  1030. The Flags field and Time field of the TLN entries are ignored.
  1031. OldForestTrustInfo - Specified the array of FTinfo records as returned from the
  1032. TDO. This field may be NULL if there is no existing records.
  1033. MergedForestTrustInfo - Returns the resulant FTinfo records.
  1034. The caller should free this buffer using MIDL_user_free.
  1035. Return Value:
  1036. STATUS_SUCCESS: Success.
  1037. STATUS_INVALID_PARAMETER: One of the following happened:
  1038. * There was no New TLN that TrustedDomainName is subordinate to.
  1039. --*/
  1040. {
  1041. NTSTATUS Status;
  1042. LSA_FOREST_TRUST_INFORMATION OldForestTrustInfo;
  1043. LSA_FOREST_TRUST_INFORMATION NewForestTrustInfo;
  1044. LSA_FOREST_TRUST_INFORMATION NetbiosForestTrustInfo;
  1045. NL_FTINFO_CONTEXT FtinfoContext;
  1046. ULONG NewIndex;
  1047. ULONG OldIndex;
  1048. ULONG OldFlags;
  1049. PLSA_FOREST_TRUST_RECORD NewEntry;
  1050. PLSA_FOREST_TRUST_RECORD PreviousNewEntry;
  1051. PLSA_FOREST_TRUST_RECORD OldEntry;
  1052. BOOLEAN DomainTlnFound = FALSE;
  1053. PLSA_FOREST_TRUST_RECORD OldTlnPrefix;
  1054. ULONG Index;
  1055. //
  1056. // Initialization
  1057. //
  1058. *MergedForestTrustInfo = NULL;
  1059. NetpInitFtinfoContext( &FtinfoContext );
  1060. RtlZeroMemory( &OldForestTrustInfo, sizeof(OldForestTrustInfo) );
  1061. RtlZeroMemory( &NewForestTrustInfo, sizeof(NewForestTrustInfo) );
  1062. RtlZeroMemory( &NetbiosForestTrustInfo, sizeof(NetbiosForestTrustInfo) );
  1063. //
  1064. // Make a copy of the data that'll be qsorted so that we don't modify the caller's buffer.
  1065. //
  1066. if ( InOldForestTrustInfo != NULL ) {
  1067. OldForestTrustInfo.RecordCount = InOldForestTrustInfo->RecordCount;
  1068. OldForestTrustInfo.Entries = RtlAllocateHeap( RtlProcessHeap(), 0, OldForestTrustInfo.RecordCount * sizeof(PLSA_FOREST_TRUST_RECORD) );
  1069. if ( OldForestTrustInfo.Entries == NULL ) {
  1070. Status = STATUS_NO_MEMORY;
  1071. goto Cleanup;
  1072. }
  1073. RtlCopyMemory( OldForestTrustInfo.Entries,
  1074. InOldForestTrustInfo->Entries,
  1075. OldForestTrustInfo.RecordCount * sizeof(PLSA_FOREST_TRUST_RECORD) );
  1076. }
  1077. NewForestTrustInfo.RecordCount = InNewForestTrustInfo->RecordCount;
  1078. NewForestTrustInfo.Entries = RtlAllocateHeap( RtlProcessHeap(), 0, NewForestTrustInfo.RecordCount * sizeof(PLSA_FOREST_TRUST_RECORD) );
  1079. if ( NewForestTrustInfo.Entries == NULL ) {
  1080. Status = STATUS_NO_MEMORY;
  1081. goto Cleanup;
  1082. }
  1083. RtlCopyMemory( NewForestTrustInfo.Entries,
  1084. InNewForestTrustInfo->Entries,
  1085. NewForestTrustInfo.RecordCount * sizeof(PLSA_FOREST_TRUST_RECORD) );
  1086. //
  1087. // Allocate a temporary Ftinfo array containing all of the domain entries.
  1088. // Allocate it a worst case size.
  1089. //
  1090. NetbiosForestTrustInfo.Entries = RtlAllocateHeap(
  1091. RtlProcessHeap(),
  1092. 0,
  1093. (OldForestTrustInfo.RecordCount+NewForestTrustInfo.RecordCount) * sizeof(PLSA_FOREST_TRUST_RECORD) );
  1094. if ( NetbiosForestTrustInfo.Entries == NULL ) {
  1095. Status = STATUS_NO_MEMORY;
  1096. goto Cleanup;
  1097. }
  1098. //
  1099. // Loop through each list in DNS canonical order processing the least entry.
  1100. //
  1101. // This loop handles TLN and TLNEX entries only
  1102. //
  1103. NewIndex = 0;
  1104. OldIndex = 0;
  1105. OldTlnPrefix = NULL;
  1106. PreviousNewEntry = NULL;
  1107. while ( NewIndex < NewForestTrustInfo.RecordCount ||
  1108. OldIndex < OldForestTrustInfo.RecordCount ) {
  1109. //
  1110. // Grab the next entry from each of the sorted arrays
  1111. //
  1112. NetpMergeFtinfoHelper( &NewForestTrustInfo,
  1113. &OldForestTrustInfo,
  1114. &NewIndex,
  1115. &OldIndex,
  1116. &NewEntry,
  1117. &OldEntry,
  1118. &OldFlags,
  1119. NetpCompareFtinfoEntryDns );
  1120. //
  1121. // Process the old entry
  1122. //
  1123. if ( OldEntry != NULL ) {
  1124. //
  1125. // Remember to most recent TLN record from the old array.
  1126. //
  1127. if ( OldEntry->ForestTrustType == ForestTrustTopLevelName ) {
  1128. OldTlnPrefix = OldEntry;
  1129. //
  1130. // TLN exclusion records are taken from the old entries
  1131. //
  1132. } else if ( OldEntry->ForestTrustType == ForestTrustTopLevelNameEx ) {
  1133. if ( NetpAllocFtinfoEntry2( &FtinfoContext, OldEntry ) == NULL ) {
  1134. Status = STATUS_NO_MEMORY;
  1135. goto Cleanup;
  1136. }
  1137. }
  1138. }
  1139. //
  1140. // Process the new entry
  1141. //
  1142. if ( NewEntry != NULL ) {
  1143. //
  1144. // Handle TLN entries
  1145. //
  1146. if ( NewEntry->ForestTrustType == ForestTrustTopLevelName ) {
  1147. BOOLEAN SetTlnNewFlag;
  1148. LSA_FOREST_TRUST_RECORD NewEntryCopy;
  1149. //
  1150. // Make a copy of the new entry.
  1151. //
  1152. // We modify the entry to get the time and flags right. We don't want
  1153. // to modify the callers buffer.
  1154. //
  1155. NewEntryCopy = *NewEntry;
  1156. //
  1157. // Ignore duplicate new entries
  1158. //
  1159. // If the name of this new entry is subordinate to the previous new entry,
  1160. // then this TLN can be quietly dropped.
  1161. //
  1162. // This is the case where the trusted domain sent us a TLN for both
  1163. // acme.com and a.acme.com. The second entry is a duplicate.
  1164. //
  1165. if ( PreviousNewEntry != NULL &&
  1166. PreviousNewEntry->ForestTrustType == ForestTrustTopLevelName ) {
  1167. if ( NetpIsSubordinate( &NewEntry->ForestTrustData.TopLevelName,
  1168. &PreviousNewEntry->ForestTrustData.TopLevelName,
  1169. TRUE ) ) {
  1170. continue;
  1171. }
  1172. }
  1173. //
  1174. // By default any TLN from the new list should be marked as new.
  1175. //
  1176. SetTlnNewFlag = TRUE;
  1177. //
  1178. // Set the flags and timestamp on the new entry.
  1179. //
  1180. // If we're processing an entry from both lists,
  1181. // grab the flags and timestamp from the old entry.
  1182. //
  1183. if ( OldEntry != NULL ) {
  1184. NewEntryCopy.Flags = OldFlags;
  1185. NewEntryCopy.Time = OldEntry->Time;
  1186. // This entry isn't 'new'.
  1187. SetTlnNewFlag = FALSE;
  1188. //
  1189. // Otherwise indicate that we have no information
  1190. //
  1191. } else {
  1192. NewEntryCopy.Flags = 0;
  1193. NewEntryCopy.Time.QuadPart = 0;
  1194. }
  1195. //
  1196. // If this new entry is subordinate to the most recent old TLN record,
  1197. // use the flag bits from that most recent old TLN record.
  1198. //
  1199. if ( OldTlnPrefix != NULL &&
  1200. NetpIsSubordinate( &NewEntryCopy.ForestTrustData.TopLevelName,
  1201. &OldTlnPrefix->ForestTrustData.TopLevelName,
  1202. FALSE ) ) {
  1203. //
  1204. // If the old TLN was disabled by the admin,
  1205. // so should the new entry.
  1206. //
  1207. if ( OldTlnPrefix->Flags & LSA_TLN_DISABLED_ADMIN ) {
  1208. NewEntryCopy.Flags |= LSA_TLN_DISABLED_ADMIN;
  1209. SetTlnNewFlag = FALSE;
  1210. //
  1211. // If the old TLN was enabled,
  1212. // so should the new entry.
  1213. //
  1214. } else if ( (OldTlnPrefix->Flags & LSA_FTRECORD_DISABLED_REASONS) == 0 ) {
  1215. SetTlnNewFlag = FALSE;
  1216. }
  1217. }
  1218. //
  1219. // If the name of the forest is subordinate of or equal to the TLN name,
  1220. // enable the entry.
  1221. //
  1222. if ( NetpIsSubordinate( TrustedDomainName,
  1223. &NewEntryCopy.ForestTrustData.TopLevelName,
  1224. TRUE )) {
  1225. SetTlnNewFlag = FALSE;
  1226. DomainTlnFound = TRUE;
  1227. }
  1228. //
  1229. // If this is a new TLN,
  1230. // mark it as such.
  1231. //
  1232. if ( SetTlnNewFlag ) {
  1233. NewEntryCopy.Flags |= LSA_TLN_DISABLED_NEW;
  1234. }
  1235. //
  1236. // Merge the new entry into the list
  1237. //
  1238. if ( NetpAllocFtinfoEntry2( &FtinfoContext, &NewEntryCopy ) == NULL ) {
  1239. Status = STATUS_NO_MEMORY;
  1240. goto Cleanup;
  1241. }
  1242. //
  1243. // Remember this previous entry for the next iteration.
  1244. //
  1245. PreviousNewEntry = NewEntry;
  1246. }
  1247. }
  1248. }
  1249. //
  1250. // Loop through each list in SID canonical order processing the least entry.
  1251. //
  1252. // This loop handles DOMAIN entries only
  1253. //
  1254. // This is in a separate loop since we want to process domain entries in SID order
  1255. // to ensure the correct disabled bits are merged from the old list even though the
  1256. // DNS domain name changes.
  1257. //
  1258. NewIndex = 0;
  1259. OldIndex = 0;
  1260. PreviousNewEntry = NULL;
  1261. while ( NewIndex < NewForestTrustInfo.RecordCount ||
  1262. OldIndex < OldForestTrustInfo.RecordCount ) {
  1263. //
  1264. // Grab the next entry from each of the sorted arrays
  1265. //
  1266. NetpMergeFtinfoHelper( &NewForestTrustInfo,
  1267. &OldForestTrustInfo,
  1268. &NewIndex,
  1269. &OldIndex,
  1270. &NewEntry,
  1271. &OldEntry,
  1272. &OldFlags,
  1273. NetpCompareFtinfoEntrySid );
  1274. //
  1275. // Ignore the netbios bits for now (We'll get them on the next pass through the data.)
  1276. //
  1277. OldFlags &= ~(LSA_NB_DISABLED_ADMIN|LSA_NB_DISABLED_CONFLICT);
  1278. //
  1279. // Process the old entry
  1280. //
  1281. if ( OldEntry != NULL ) {
  1282. //
  1283. // Don't let the lack of a new entry allow an admin disabled entry to be deleted.
  1284. //
  1285. if ( OldEntry->ForestTrustType == ForestTrustDomainInfo &&
  1286. (OldFlags & LSA_SID_DISABLED_ADMIN) != 0 &&
  1287. NewEntry == NULL ) {
  1288. //
  1289. // Make a copy of the entry to ensure we don't modify the caller's buffer
  1290. //
  1291. LSA_FOREST_TRUST_RECORD OldEntryCopy;
  1292. OldEntryCopy = *OldEntry;
  1293. OldEntryCopy.Flags = OldFlags;
  1294. //
  1295. // Allocate entry.
  1296. //
  1297. // Remember the address of the entry for the netbios pass.
  1298. //
  1299. NetbiosForestTrustInfo.Entries[NetbiosForestTrustInfo.RecordCount] =
  1300. NetpAllocFtinfoEntry2( &FtinfoContext, &OldEntryCopy );
  1301. if ( NetbiosForestTrustInfo.Entries[NetbiosForestTrustInfo.RecordCount] == NULL ) {
  1302. Status = STATUS_NO_MEMORY;
  1303. goto Cleanup;
  1304. }
  1305. NetbiosForestTrustInfo.RecordCount++;
  1306. }
  1307. }
  1308. //
  1309. // Process the new entry
  1310. //
  1311. if ( NewEntry != NULL ) {
  1312. //
  1313. // Handle domain entries
  1314. //
  1315. if ( NewEntry->ForestTrustType == ForestTrustDomainInfo ) {
  1316. LSA_FOREST_TRUST_RECORD NewEntryCopy;
  1317. //
  1318. // Make a copy of the new entry.
  1319. //
  1320. // We modify the entry to get the time and flags right. We don't want
  1321. // to modify the callers buffer.
  1322. //
  1323. NewEntryCopy = *NewEntry;
  1324. //
  1325. // Ignore duplicate new entries
  1326. //
  1327. // If the name of this new entry is subordinate to the previous new entry,
  1328. // then this entry can be quietly dropped.
  1329. //
  1330. // We arbitrarily drop the second entry even though the other fields of the
  1331. // triple might be different.
  1332. //
  1333. if ( PreviousNewEntry != NULL &&
  1334. PreviousNewEntry->ForestTrustType == ForestTrustDomainInfo ) {
  1335. if ( RtlEqualSid( NewEntryCopy.ForestTrustData.DomainInfo.Sid,
  1336. PreviousNewEntry->ForestTrustData.DomainInfo.Sid ) ) {
  1337. continue;
  1338. }
  1339. }
  1340. //
  1341. // Set the flags and timestamp on the new entry.
  1342. //
  1343. // If we're processing an entry from both lists,
  1344. // grab the flags and timestamp from the old entry.
  1345. //
  1346. if ( OldEntry != NULL ) {
  1347. NewEntryCopy.Flags = OldFlags;
  1348. NewEntryCopy.Time = OldEntry->Time;
  1349. //
  1350. // Otherwise indicate that we have no information
  1351. //
  1352. } else {
  1353. NewEntryCopy.Flags = 0;
  1354. NewEntryCopy.Time.QuadPart = 0;
  1355. }
  1356. //
  1357. // Merge the new entry into the list
  1358. //
  1359. // Remember the address of the entry for the netbios pass.
  1360. //
  1361. NetbiosForestTrustInfo.Entries[NetbiosForestTrustInfo.RecordCount] =
  1362. NetpAllocFtinfoEntry2( &FtinfoContext, &NewEntryCopy );
  1363. if ( NetbiosForestTrustInfo.Entries[NetbiosForestTrustInfo.RecordCount] == NULL ) {
  1364. Status = STATUS_NO_MEMORY;
  1365. goto Cleanup;
  1366. }
  1367. NetbiosForestTrustInfo.RecordCount++;
  1368. //
  1369. // Ensure there is a TLN for this domain entry
  1370. //
  1371. if ( !NetpAddTlnFtinfoEntry ( &FtinfoContext,
  1372. &NewEntryCopy.ForestTrustData.DomainInfo.DnsName ) ) {
  1373. Status = STATUS_NO_MEMORY;
  1374. goto Cleanup;
  1375. }
  1376. //
  1377. // Remember this previous entry for the next iteration.
  1378. //
  1379. PreviousNewEntry = NewEntry;
  1380. }
  1381. }
  1382. }
  1383. //
  1384. // Loop through each list in Netbios canonical order processing the least entry.
  1385. //
  1386. // This loop handle the Netbios name in the domain entries.
  1387. //
  1388. // This is in a separate loop since we want to process domain entries in Netbios order
  1389. // to ensure the correct disabled bits are merged from the old list even though the
  1390. // DNS domain name or domain sid changes.
  1391. //
  1392. // This iteration is fundamentally different than the previous two. This iteration
  1393. // uses NetbiosForestTrustInfo as the 'new' array. It is a psuedo ftinfo array that
  1394. // is built as the list of all the domain entries that have been copied into FtinfoContext.
  1395. // So, this iteration simply has to find that pre-existing entry and set the flags
  1396. // appropriately.
  1397. //
  1398. NewIndex = 0;
  1399. OldIndex = 0;
  1400. PreviousNewEntry = NULL;
  1401. while ( NewIndex < NetbiosForestTrustInfo.RecordCount ||
  1402. OldIndex < OldForestTrustInfo.RecordCount ) {
  1403. //
  1404. // Grab the next entry from each of the sorted arrays
  1405. //
  1406. NetpMergeFtinfoHelper( &NetbiosForestTrustInfo,
  1407. &OldForestTrustInfo,
  1408. &NewIndex,
  1409. &OldIndex,
  1410. &NewEntry,
  1411. &OldEntry,
  1412. &OldFlags,
  1413. NetpCompareFtinfoEntryNetbios );
  1414. //
  1415. // Ignore everything except the netbios bits.
  1416. //
  1417. // Everything else was processed on the previous iteration.
  1418. //
  1419. OldFlags &= (LSA_NB_DISABLED_ADMIN|LSA_NB_DISABLED_CONFLICT);
  1420. //
  1421. // This loop preserves the netbios disabled bits.
  1422. // If there is no old entry, there's nothing to preserve.
  1423. //
  1424. if ( OldEntry == NULL ) {
  1425. continue;
  1426. }
  1427. //
  1428. // If there is no new entry,
  1429. // ensure the *admin* disabled bit it preserved anyway.
  1430. //
  1431. if ( NewEntry == NULL ) {
  1432. //
  1433. // Don't let the lack of a new entry allow an admin disabled entry to be deleted.
  1434. //
  1435. // Note that the newly added entry might have a duplicate DNS name or SID.
  1436. //
  1437. if ( OldEntry->ForestTrustType == ForestTrustDomainInfo &&
  1438. (OldFlags & LSA_NB_DISABLED_ADMIN) != 0 ) {
  1439. //
  1440. // Make a copy of the entry to ensure we don't modify the caller's buffer
  1441. //
  1442. LSA_FOREST_TRUST_RECORD OldEntryCopy;
  1443. OldEntryCopy = *OldEntry;
  1444. OldEntryCopy.Flags = OldFlags;
  1445. if ( !NetpAllocFtinfoEntry2( &FtinfoContext, &OldEntryCopy ) ) {
  1446. Status = STATUS_NO_MEMORY;
  1447. goto Cleanup;
  1448. }
  1449. }
  1450. //
  1451. // Copy any netbios disabled bits to the existing new entry.
  1452. //
  1453. } else {
  1454. //
  1455. // The NetbiosForestTrustInfo array only has domain entries.
  1456. // And the entries are equal so both must be domain entries.
  1457. //
  1458. NetpAssert( NewEntry->ForestTrustType == ForestTrustDomainInfo );
  1459. NetpAssert( OldEntry->ForestTrustType == ForestTrustDomainInfo );
  1460. NewEntry->Flags |= OldFlags;
  1461. }
  1462. }
  1463. //
  1464. // Ensure there is a TLN that DomainName is subordinate to
  1465. //
  1466. if ( !DomainTlnFound ) {
  1467. Status = STATUS_INVALID_PARAMETER;
  1468. goto Cleanup;
  1469. }
  1470. //
  1471. // Return the collected entries to the caller.
  1472. //
  1473. *MergedForestTrustInfo = NetpCopyFtinfoContext( &FtinfoContext );
  1474. if ( *MergedForestTrustInfo == NULL ) {
  1475. Status = STATUS_NO_MEMORY;
  1476. goto Cleanup;
  1477. }
  1478. //
  1479. // Remove orphaned TLN exclusion records from the merged information
  1480. //
  1481. for ( Index = 0; Index < (*MergedForestTrustInfo)->RecordCount; Index++ ) {
  1482. PLSA_FOREST_TRUST_RECORD This = (*MergedForestTrustInfo)->Entries[Index];
  1483. UNICODE_STRING * ExclusionName;
  1484. ULONG Index2;
  1485. BOOL Subordinate = FALSE;
  1486. if ( This->ForestTrustType != ForestTrustTopLevelNameEx ) {
  1487. //
  1488. // Only interested in orphaned exclusions
  1489. //
  1490. continue;
  1491. }
  1492. ExclusionName = &This->ForestTrustData.TopLevelName;
  1493. for ( Index2 = 0; Index2 < (*MergedForestTrustInfo)->RecordCount; Index2++ ) {
  1494. PLSA_FOREST_TRUST_RECORD Other = (*MergedForestTrustInfo)->Entries[Index2];
  1495. UNICODE_STRING * TopLevelName;
  1496. if ( Other->ForestTrustType != ForestTrustTopLevelName ) {
  1497. //
  1498. // Only interested in top level names (exclusion must be subordinate to it)
  1499. //
  1500. continue;
  1501. }
  1502. TopLevelName = &Other->ForestTrustData.TopLevelName;
  1503. //
  1504. // First perform a subordinate check where equality is not enough
  1505. //
  1506. if ( NetpIsSubordinate( ExclusionName, TopLevelName, FALSE )) {
  1507. Subordinate = TRUE;
  1508. //
  1509. // Now check for equality
  1510. //
  1511. } else if ( RtlEqualUnicodeString( ExclusionName, TopLevelName, TRUE )) {
  1512. //
  1513. // A top level name is the same as an exclusion name.
  1514. // Throw away the exclusion record, but ensure that
  1515. // the top level name record is marked "disabled".
  1516. //
  1517. if (( Other->Flags & LSA_FTRECORD_DISABLED_REASONS ) == 0 ) {
  1518. Other->Flags |= LSA_TLN_DISABLED_NEW;
  1519. }
  1520. break;
  1521. }
  1522. if ( Subordinate ) {
  1523. break;
  1524. }
  1525. }
  1526. if ( !Subordinate ) {
  1527. //
  1528. // This is an orphaned exclusion record. Remove it.
  1529. //
  1530. (*MergedForestTrustInfo)->RecordCount -= 1;
  1531. (*MergedForestTrustInfo)->Entries[Index] = (*MergedForestTrustInfo)->Entries[(*MergedForestTrustInfo)->RecordCount];
  1532. Index -= 1;
  1533. }
  1534. }
  1535. Status = STATUS_SUCCESS;
  1536. Cleanup:
  1537. //
  1538. // Clean FtInfoContext
  1539. //
  1540. NetpCleanFtinfoContext( &FtinfoContext );
  1541. if ( OldForestTrustInfo.Entries != NULL ) {
  1542. RtlFreeHeap( RtlProcessHeap(), 0, OldForestTrustInfo.Entries );
  1543. }
  1544. if ( NewForestTrustInfo.Entries != NULL ) {
  1545. RtlFreeHeap( RtlProcessHeap(), 0, NewForestTrustInfo.Entries );
  1546. }
  1547. if ( NetbiosForestTrustInfo.Entries != NULL ) {
  1548. RtlFreeHeap( RtlProcessHeap(), 0, NetbiosForestTrustInfo.Entries );
  1549. }
  1550. return Status;
  1551. }