Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

746 lines
18 KiB

  1. /*++
  2. Copyright (c) 1987-1996 Microsoft Corporation
  3. Module Name:
  4. ftinfo.c
  5. Abstract:
  6. Utilities routine to manage the forest trust info list
  7. Author:
  8. 27-Jul-00 (cliffv)
  9. Environment:
  10. User mode only.
  11. Contains NT-specific code.
  12. Requires ANSI C extensions: slash-slash comments, long external names.
  13. Revision History:
  14. --*/
  15. //
  16. // Common include files.
  17. //
  18. #include "logonsrv.h" // Include files common to entire service
  19. #pragma hdrstop
  20. #include <ftnfoctx.h>
  21. NTSTATUS
  22. NlpUpdateFtinfo(
  23. IN PDOMAIN_INFO DomainInfo,
  24. IN LPWSTR TrustedDomainName,
  25. IN BOOLEAN ImpersonateCaller,
  26. IN PLSA_FOREST_TRUST_INFORMATION NewForestTrustInfo
  27. )
  28. /*++
  29. Routine Description:
  30. This function write the specified NewForestTrustInfo onto the named TDO.
  31. The NewForestTrustInfo is merged with the exsiting information using the following algorithm:
  32. The FTinfo records written are described in the NetpMergeFTinfo routine.
  33. Arguments:
  34. DomainInfo - Hosted Domain that trusts the domain to query.
  35. TrustedDomainName - Trusted domain that is to be updated. This domain must have the
  36. TRUST_ATTRIBUTE_FOREST_TRANSITIVE bit set.
  37. ImpersonateCaller - TRUE if the caller is to be impersonated.
  38. FALSE, if the trusted policy handle should be used to write the local LSA.
  39. NewForestTrustInfo - Specified the new array of FTinfo records as returned from the
  40. trusted domain.
  41. Return Value:
  42. STATUS_SUCCESS: Success.
  43. --*/
  44. {
  45. NTSTATUS Status;
  46. LSAPR_HANDLE PolicyHandle = NULL;
  47. UNICODE_STRING TrustedDomainNameString;
  48. //
  49. // Open a handle to the LSA.
  50. //
  51. if ( ImpersonateCaller ) {
  52. OBJECT_ATTRIBUTES ObjectAttributes;
  53. InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);
  54. Status = LsarOpenPolicy( NULL, // local server
  55. (PLSAPR_OBJECT_ATTRIBUTES) &ObjectAttributes,
  56. POLICY_TRUST_ADMIN,
  57. &PolicyHandle );
  58. if ( !NT_SUCCESS(Status) ) {
  59. NlPrint(( NL_CRITICAL,
  60. "NlpUpdateTdo: %ws: Cannot LsarOpenPolicy 0x%lx\n",
  61. TrustedDomainName,
  62. Status ));
  63. goto Cleanup;
  64. }
  65. } else {
  66. PolicyHandle = DomainInfo->DomLsaPolicyHandle;
  67. }
  68. //
  69. // Read the existing FTINFO
  70. //
  71. RtlInitUnicodeString( &TrustedDomainNameString, TrustedDomainName );
  72. Status = LsaIUpdateForestTrustInformation(
  73. PolicyHandle,
  74. &TrustedDomainNameString,
  75. NewForestTrustInfo
  76. );
  77. if ( !NT_SUCCESS( Status )) {
  78. goto Cleanup;
  79. }
  80. Cleanup:
  81. if ( PolicyHandle != NULL ) {
  82. if ( ImpersonateCaller ) {
  83. (VOID) LsarClose( &PolicyHandle );
  84. }
  85. }
  86. return Status;
  87. }
  88. NTSTATUS
  89. NlpGetForestTrustInfoHigher(
  90. IN PCLIENT_SESSION ClientSession,
  91. IN DWORD Flags,
  92. IN BOOLEAN ImpersonateCaller,
  93. OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo
  94. )
  95. /*++
  96. Routine Description:
  97. This function is the client side stub for getting the forest trust info from a
  98. trusted forest.
  99. Arguments:
  100. ClientSession - Trusted domain that is to be queried. This domain must have the
  101. TRUST_ATTRIBUTE_FOREST_TRANSITIVE bit set.
  102. Flags - Specifies a set of bits that modify the behavior of the API.
  103. Valid bits are:
  104. DS_GFTI_UPDATE_TDO - If this bit is set, the API will update
  105. the FTinfo attribute of the TDO named by the ClientSession
  106. parameter.
  107. The caller must have access to modify the FTinfo attribute or
  108. ERROR_ACCESS_DENIED will be returned. The algorithm describing
  109. how the FTinfo from the trusted domain is merged with the FTinfo
  110. from the TDO is described below.
  111. This bit in only valid if ServerName specifies the PDC of its domain.
  112. ImpersonateCaller - TRUE if the caller is to be impersonated.
  113. FALSE, if the trusted policy handle should be used to write the local LSA.
  114. ForestTrustInfo - Returns a pointer to a structure containing a count and an
  115. array of FTInfo records describing the namespaces claimed by the
  116. domain specified by ClientSession. The Accepted field and Time
  117. field of all returned records will be zero. The buffer should be freed
  118. by calling NetApiBufferFree.
  119. Return Value:
  120. STATUS_SUCCESS: Message successfully sent
  121. --*/
  122. {
  123. NTSTATUS Status;
  124. NETLOGON_AUTHENTICATOR OurAuthenticator;
  125. NETLOGON_AUTHENTICATOR ReturnAuthenticator;
  126. SESSION_INFO SessionInfo;
  127. BOOLEAN FirstTry = TRUE;
  128. NlAssert( ClientSession->CsReferenceCount > 0 );
  129. NlAssert( ClientSession->CsFlags & CS_WRITER );
  130. //
  131. // Only allow TDO update on the PDC.
  132. //
  133. if ( (Flags & DS_GFTI_UPDATE_TDO) != 0 &&
  134. ClientSession->CsDomainInfo->DomRole != RolePrimary ) {
  135. Status = STATUS_BACKUP_CONTROLLER;
  136. goto Cleanup;
  137. }
  138. //
  139. // Ensure the F bit is set.
  140. //
  141. if ( (ClientSession->CsTrustAttributes & TRUST_ATTRIBUTE_FOREST_TRANSITIVE) == 0 ) {
  142. NlPrintCs((NL_CRITICAL, ClientSession,
  143. "NlpGetForestTrustInfoHigher: trust isn't marked as cross forest trust: 0x%lX\n",
  144. ClientSession->CsTrustAttributes ));
  145. Status = STATUS_NO_SUCH_DOMAIN;
  146. goto Cleanup;
  147. }
  148. //
  149. // If the session isn't authenticated,
  150. // do so now.
  151. //
  152. FirstTryFailed:
  153. Status = NlEnsureSessionAuthenticated( ClientSession, 0 );
  154. if ( !NT_SUCCESS(Status) ) {
  155. goto Cleanup;
  156. }
  157. SessionInfo.SessionKey = ClientSession->CsSessionKey;
  158. SessionInfo.NegotiatedFlags = ClientSession->CsNegotiatedFlags;
  159. //
  160. // If the DC doesn't support the new function,
  161. // fail now.
  162. //
  163. if ( (SessionInfo.NegotiatedFlags & NETLOGON_SUPPORTS_CROSS_FOREST) == 0 ) {
  164. NlPrintCs((NL_CRITICAL, ClientSession,
  165. "NlpGetForestTrustInfoHigher: remote DC doesn't support this function.\n" ));
  166. Status = STATUS_NOT_SUPPORTED;
  167. goto Cleanup;
  168. }
  169. //
  170. // Build the Authenticator for this request to the PDC.
  171. //
  172. NlBuildAuthenticator(
  173. &ClientSession->CsAuthenticationSeed,
  174. &ClientSession->CsSessionKey,
  175. &OurAuthenticator);
  176. //
  177. // Remote the request to the trusted DC.
  178. //
  179. NL_API_START( Status, ClientSession, TRUE ) {
  180. NlAssert( ClientSession->CsUncServerName != NULL );
  181. Status = I_NetGetForestTrustInformation(
  182. ClientSession->CsUncServerName,
  183. ClientSession->CsDomainInfo->DomUnicodeComputerNameString.Buffer,
  184. &OurAuthenticator,
  185. &ReturnAuthenticator,
  186. 0, // No flags yet
  187. ForestTrustInfo );
  188. // NOTE: This call may drop the secure channel behind our back
  189. } NL_API_ELSE( Status, ClientSession, TRUE ) {
  190. } NL_API_END;
  191. //
  192. // Now verify authenticator and update our seed
  193. //
  194. if ( NlpDidDcFail( Status ) ||
  195. !NlUpdateSeed( &ClientSession->CsAuthenticationSeed,
  196. &ReturnAuthenticator.Credential,
  197. &ClientSession->CsSessionKey) ) {
  198. NlPrintCs(( NL_CRITICAL, ClientSession,
  199. "NlpDidDcFail: denying access after status: 0x%lx\n",
  200. Status ));
  201. //
  202. // Preserve any status indicating a communication error.
  203. //
  204. if ( NT_SUCCESS(Status) ) {
  205. Status = STATUS_ACCESS_DENIED;
  206. }
  207. NlSetStatusClientSession( ClientSession, Status );
  208. //
  209. // Perhaps the netlogon service on the server has just restarted.
  210. // Try just once to set up a session to the server again.
  211. //
  212. if ( FirstTry ) {
  213. FirstTry = FALSE;
  214. goto FirstTryFailed;
  215. }
  216. }
  217. //
  218. // Handle failures
  219. //
  220. if ( !NT_SUCCESS(Status) ) {
  221. goto Cleanup;
  222. }
  223. //
  224. // Handle updating the FTINFO on the TDO
  225. //
  226. if ( (Flags & DS_GFTI_UPDATE_TDO) != 0 ) {
  227. LOCK_TRUST_LIST( ClientSession->CsDomainInfo );
  228. Status = NlpUpdateFtinfo( ClientSession->CsDomainInfo,
  229. ClientSession->CsDnsDomainName.Buffer,
  230. ImpersonateCaller,
  231. *ForestTrustInfo );
  232. UNLOCK_TRUST_LIST( ClientSession->CsDomainInfo );
  233. if ( !NT_SUCCESS(Status) ) {
  234. goto Cleanup;
  235. }
  236. }
  237. Status = STATUS_SUCCESS;
  238. //
  239. // Common exit
  240. //
  241. Cleanup:
  242. if ( !NT_SUCCESS(Status) ) {
  243. NlPrintCs((NL_CRITICAL, ClientSession,
  244. "NlpGetForestTrustInfoHigher: failed %lX\n",
  245. Status));
  246. }
  247. return Status;
  248. }
  249. NET_API_STATUS
  250. DsrGetForestTrustInformation (
  251. IN LPWSTR ServerName OPTIONAL,
  252. IN LPWSTR TrustedDomainName OPTIONAL,
  253. IN ULONG Flags,
  254. OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo
  255. )
  256. /*++
  257. Routine Description:
  258. This is the server side stub for DsGetForestTrustInformationW. See that routine
  259. for documentation.
  260. Arguments:
  261. See DsGetForestTrustInformationW
  262. Return Value:
  263. See DsGetForestTrustInformationW
  264. --*/
  265. {
  266. NET_API_STATUS NetStatus;
  267. PDOMAIN_INFO DomainInfo = NULL;
  268. PCLIENT_SESSION ClientSession = NULL;
  269. BOOLEAN AmWriter = FALSE;
  270. //
  271. // Perform access validation on the caller
  272. //
  273. NetStatus = NetpAccessCheck(
  274. NlGlobalNetlogonSecurityDescriptor, // Security descriptor
  275. NETLOGON_FTINFO_ACCESS, // Desired access
  276. &NlGlobalNetlogonInfoMapping ); // Generic mapping
  277. if ( NetStatus != NERR_Success) {
  278. NetStatus = ERROR_ACCESS_DENIED;
  279. goto Cleanup;
  280. }
  281. //
  282. // This API is not supported on workstations.
  283. //
  284. if ( NlGlobalMemberWorkstation ) {
  285. NetStatus = ERROR_NOT_SUPPORTED;
  286. goto Cleanup;
  287. }
  288. //
  289. // Validate the Flags parameter
  290. //
  291. if ((Flags & ~DS_GFTI_VALID_FLAGS) != 0 ) {
  292. NetStatus = ERROR_INVALID_FLAGS;
  293. goto Cleanup;
  294. }
  295. //
  296. // Find the referenced domain
  297. //
  298. DomainInfo = NlFindDomainByServerName( ServerName ); // Primary domain
  299. if ( DomainInfo == NULL ) {
  300. // Default to primary domain to handle the case where the ComputerName
  301. // is an IP address.
  302. DomainInfo = NlFindNetbiosDomain( NULL, TRUE );
  303. if ( DomainInfo == NULL ) {
  304. NetStatus = ERROR_INVALID_COMPUTERNAME;
  305. goto Cleanup;
  306. }
  307. }
  308. NlPrintDom((NL_SESSION_SETUP, DomainInfo,
  309. "DsrGetForestTrustInformation: %ws called: 0x%lx\n", TrustedDomainName, Flags ));
  310. //
  311. // Get the ForestTrustInformation for a particular TDO
  312. //
  313. if ( TrustedDomainName != NULL &&
  314. *TrustedDomainName != L'\0' ) {
  315. NTSTATUS Status;
  316. UNICODE_STRING TrustedDomainNameString;
  317. //
  318. // Only allow TDO update on the PDC.
  319. //
  320. if ( (Flags & DS_GFTI_UPDATE_TDO) != 0 &&
  321. DomainInfo->DomRole != RolePrimary ) {
  322. NetStatus = NERR_NotPrimary;
  323. goto Cleanup;
  324. }
  325. //
  326. // Find the client session to the trusted domain.
  327. //
  328. RtlInitUnicodeString(&TrustedDomainNameString, TrustedDomainName );
  329. ClientSession = NlFindNamedClientSession( DomainInfo,
  330. &TrustedDomainNameString,
  331. NL_DIRECT_TRUST_REQUIRED,
  332. NULL );
  333. if( ClientSession == NULL ) {
  334. NlPrintDom((NL_CRITICAL, DomainInfo,
  335. "DsrGetForestTrustInformation: %ws: can't find the client structure of the domain specified.\n",
  336. TrustedDomainName ));
  337. NetStatus = ERROR_NO_SUCH_DOMAIN;
  338. goto Cleanup;
  339. }
  340. //
  341. // Become a Writer of the ClientSession.
  342. //
  343. if ( !NlTimeoutSetWriterClientSession( ClientSession, WRITER_WAIT_PERIOD ) ) {
  344. NlPrintCs((NL_CRITICAL, ClientSession,
  345. "NlpGetForestTrustInfoHigher: Can't become writer of client session.\n" ));
  346. Status = STATUS_NO_LOGON_SERVERS;
  347. goto Cleanup;
  348. }
  349. AmWriter = TRUE;
  350. //
  351. // Call the DC in the trusted domain.
  352. //
  353. Status = NlpGetForestTrustInfoHigher( ClientSession,
  354. Flags,
  355. TRUE, // Impersonate caller
  356. ForestTrustInfo );
  357. if ( !NT_SUCCESS(Status ) ) {
  358. NetStatus = NetpNtStatusToApiStatus( Status );
  359. goto Cleanup;
  360. }
  361. //
  362. // Get the local ForestTrustInformation.
  363. //
  364. } else {
  365. NTSTATUS Status;
  366. //
  367. // Don't allow an Update TDO request if there is no TDO.
  368. //
  369. if ( Flags & DS_GFTI_UPDATE_TDO ) {
  370. NetStatus = ERROR_INVALID_FLAGS;
  371. goto Cleanup;
  372. }
  373. //
  374. // Simply grab the local ForestTrustInformation
  375. //
  376. Status = LsaIGetForestTrustInformation( ForestTrustInfo );
  377. if ( !NT_SUCCESS( Status )) {
  378. NetStatus = NetpNtStatusToApiStatus( Status );
  379. goto Cleanup;
  380. }
  381. }
  382. NetStatus = NO_ERROR;
  383. Cleanup:
  384. if ( ClientSession != NULL ) {
  385. if ( AmWriter ) {
  386. NlResetWriterClientSession( ClientSession );
  387. }
  388. NlUnrefClientSession( ClientSession );
  389. }
  390. NlPrintDom(( NL_SESSION_SETUP, DomainInfo,
  391. "DsrGetForestTrustInformation: %ws returns %ld\n",
  392. TrustedDomainName,
  393. NetStatus ));
  394. if ( DomainInfo != NULL ) {
  395. NlDereferenceDomain( DomainInfo );
  396. }
  397. return NetStatus;
  398. }
  399. NTSTATUS
  400. NetrGetForestTrustInformation (
  401. IN LPWSTR ServerName OPTIONAL,
  402. IN LPWSTR ComputerName,
  403. IN PNETLOGON_AUTHENTICATOR Authenticator,
  404. OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
  405. IN DWORD Flags,
  406. OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo
  407. )
  408. /*++
  409. Routine Description:
  410. The server side of the secure channel version of DsGetForestTrustInformation.
  411. The inbound secure channel identified by ComputerName must be for an interdomain trust
  412. and the inbound TDO must have the TRUST_ATTRIBUTE_FOREST_TRANSITIVE bit set.
  413. Arguments:
  414. ServerName - The name of the domain controller this API is remoted to.
  415. ComputerName -- Name of the DC server making the call.
  416. Authenticator -- supplied by the server.
  417. ReturnAuthenticator -- Receives an authenticator returned by the PDC.
  418. Flags - Specifies a set of bits that modify the behavior of the API.
  419. No values are currently defined. The caller should pass zero.
  420. ForestTrustInfo - Returns a pointer to a structure containing a count and an
  421. array of FTInfo records describing the namespaces claimed by the
  422. domain specified by TrustedDomainName. The Accepted field and Time
  423. field of all returned records will be zero. The buffer should be freed
  424. by calling NetApiBufferFree.
  425. Return Value:
  426. STATUS_SUCCESS -- The function completed successfully.
  427. STATUS_ACCESS_DENIED -- The replicant should re-authenticate with
  428. the PDC.
  429. --*/
  430. {
  431. NTSTATUS Status;
  432. NET_API_STATUS NetStatus;
  433. PDOMAIN_INFO DomainInfo = NULL;
  434. PSERVER_SESSION ServerSession;
  435. NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType;
  436. //
  437. // Lookup which domain this call pertains to.
  438. //
  439. *ForestTrustInfo = NULL;
  440. DomainInfo = NlFindDomainByServerName( ServerName );
  441. NlPrintDom((NL_SESSION_SETUP, DomainInfo,
  442. "NetrGetForestTrustInformation: %ws called: 0x%lx\n", ComputerName, Flags ));
  443. if ( DomainInfo == NULL ) {
  444. Status = STATUS_INVALID_COMPUTER_NAME;
  445. goto Cleanup;
  446. }
  447. //
  448. // This API is not supported on workstations.
  449. //
  450. if ( NlGlobalMemberWorkstation ) {
  451. Status = STATUS_NOT_SUPPORTED;
  452. goto Cleanup;
  453. }
  454. //
  455. // Find the server session entry for this secure channel.
  456. //
  457. LOCK_SERVER_SESSION_TABLE( DomainInfo );
  458. ServerSession = NlFindNamedServerSession( DomainInfo, ComputerName );
  459. if (ServerSession == NULL) {
  460. UNLOCK_SERVER_SESSION_TABLE( DomainInfo );
  461. Status = STATUS_ACCESS_DENIED;
  462. goto Cleanup;
  463. }
  464. //
  465. // Now verify the Authenticator and update seed if OK
  466. //
  467. Status = NlCheckAuthenticator(
  468. ServerSession,
  469. Authenticator,
  470. ReturnAuthenticator);
  471. if ( !NT_SUCCESS(Status) ) {
  472. UNLOCK_SERVER_SESSION_TABLE( DomainInfo );
  473. goto Cleanup;
  474. }
  475. SecureChannelType = ServerSession->SsSecureChannelType;
  476. //
  477. // This call is only valid on FOREST_TRANSITIVE trusts
  478. //
  479. if ( (ServerSession->SsFlags & SS_FOREST_TRANSITIVE) == 0 ) {
  480. UNLOCK_SERVER_SESSION_TABLE( DomainInfo );
  481. NlPrintDom((NL_SESSION_SETUP, DomainInfo,
  482. "NetrGetForestTrustInformation: %ws failed because F bit isn't set on the TDO\n",
  483. ComputerName ));
  484. Status = STATUS_NOT_IMPLEMENTED;
  485. goto Cleanup;
  486. }
  487. UNLOCK_SERVER_SESSION_TABLE( DomainInfo );
  488. if ( !IsDomainSecureChannelType( SecureChannelType ) ) {
  489. NlPrintDom((NL_SESSION_SETUP, DomainInfo,
  490. "NetrGetForestTrustInformation: %ws failed because secure channel isn't a domain secure channel\n",
  491. ComputerName ));
  492. Status = STATUS_NOT_IMPLEMENTED;
  493. goto Cleanup;
  494. }
  495. //
  496. // Get the forest trust information for the local machine
  497. //
  498. Status = LsaIGetForestTrustInformation( ForestTrustInfo );
  499. if ( !NT_SUCCESS( Status )) {
  500. goto Cleanup;
  501. }
  502. Status = STATUS_SUCCESS;
  503. Cleanup:
  504. //
  505. // If the request failed, be carefull to not leak authentication
  506. // information.
  507. //
  508. if ( Status == STATUS_ACCESS_DENIED ) {
  509. if ( ReturnAuthenticator != NULL ) {
  510. RtlZeroMemory( ReturnAuthenticator, sizeof(*ReturnAuthenticator) );
  511. }
  512. }
  513. NlPrintDom(( NL_SESSION_SETUP, DomainInfo,
  514. "NetrGetForestTrustInformation: %ws returns %lX\n",
  515. ComputerName,
  516. Status ));
  517. if ( DomainInfo != NULL ) {
  518. NlDereferenceDomain( DomainInfo );
  519. }
  520. return Status;
  521. }