Пример #1
0
  // Retrieve trusts discovered by the domain that is currently joined
  private ArrayList<WinDomainTrustInfoNative> getDomainTrustsInternal(String domainName) {
    Map<String, WinDomainTrustInfoNative> trusts_to_ret =
        new HashMap<String, WinDomainTrustInfoNative>();
    ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>();
    ArrayList<WinDomainTrustInfoNative> trustRoots = new ArrayList<WinDomainTrustInfoNative>();

    // Initial trust enumerate against the joined domain
    trusts = dsEnumerateDomainTrusts(domainName, WinDomainTrustInfoNative.AllFlags());

    if (trusts.size() > 0) {
      for (WinDomainTrustInfoNative trust : trusts) {
        if (isEmptyOrNullTrust(trust)) continue;

        // Add the currently discovered trust
        trusts_to_ret.put(trust.dnsDomainName.toLowerCase(), trust);
        if (trust.isRoot()) {
          trustRoots.add(trust);
        }
      }
    }

    // Process tree root domains
    if (trustRoots.size() > 0) {
      for (WinDomainTrustInfoNative trustRoot : trustRoots) {
        if (isEmptyOrNullTrust(trustRoot)) continue;

        ArrayList<WinDomainTrustInfoNative> trustsOutSide =
            new ArrayList<WinDomainTrustInfoNative>();
        try {
          trustsOutSide =
              dsEnumerateDomainTrusts(trustRoot.dnsDomainName, WinDomainTrustInfoNative.AllFlags());
        } catch (DomainManagerException e) {
          logger.info(
              String.format("Failed to enumerate trust for %s ", trustRoot.dnsDomainName)
                  + e.getMessage());
        }

        if (trustsOutSide.size() > 0) {
          for (WinDomainTrustInfoNative trustOutSide : trustsOutSide) {
            if (isEmptyOrNullTrust(trustOutSide)) continue;

            boolean isInBound = trustOutSide.isInBound();
            boolean isOutBound = trustOutSide.isOutBound();
            boolean isExternal = trustOutSide.isExternal();

            // discover trusts outside of the current forest (do not discover if trust is external
            // external trust is non-transitive
            if (!isExternal
                && (isInBound || isOutBound)
                && (trusts_to_ret.isEmpty()
                    || !trusts_to_ret.containsKey(trustOutSide.dnsDomainName.toLowerCase()))) {
              trusts_to_ret.put(trustOutSide.dnsDomainName.toLowerCase(), trustOutSide);
            }
          }
        }
      }
    }

    return new ArrayList<WinDomainTrustInfoNative>(trusts_to_ret.values());
  }
Пример #2
0
  @Override
  public DomainTrustInfo[] getDomainTrusts(String domainName) {
    Map<String, WinDomainTrustInfoNative> complete_trusts =
        new HashMap<String, WinDomainTrustInfoNative>();
    ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>();
    ArrayList<WinDomainTrustInfoNative> extra_trusts_to_enum =
        new ArrayList<WinDomainTrustInfoNative>();

    trusts = getDomainTrustsInternal(domainName);

    if (trusts.size() > 0) {
      for (WinDomainTrustInfoNative trust : trusts) {
        if (isEmptyOrNullTrust(trust)) continue;

        complete_trusts.put(trust.dnsDomainName.toLowerCase(), trust);

        boolean isInforest = trust.isInForest();
        boolean isExternal = trust.isExternal();
        boolean isInBound = trust.isInBound();
        boolean isOutBound = trust.isOutBound();
        // only add 2-way trust as extra trust candidates to discover more
        if (!isInforest && !isExternal && isInBound && isOutBound) {
          extra_trusts_to_enum.add(trust);
        }
      }

      if (extra_trusts_to_enum.size() > 0) {
        for (WinDomainTrustInfoNative extra_trust_to_enum : extra_trusts_to_enum) {
          if (isEmptyOrNullTrust(extra_trust_to_enum)) continue;

          ArrayList<WinDomainTrustInfoNative> extra_trusts =
              new ArrayList<WinDomainTrustInfoNative>();
          try {
            extra_trusts =
                dsEnumerateDomainTrusts(
                    extra_trust_to_enum.dnsDomainName, WinDomainTrustInfoNative.AllFlags());
          } catch (DomainManagerException e) {
            logger.info(
                String.format(
                        "Failed to enumerate trust for %s ", extra_trust_to_enum.dnsDomainName)
                    + e.getMessage());
          }

          if (extra_trusts.size() > 0) {
            for (WinDomainTrustInfoNative extraTrust : extra_trusts) {
              if (isEmptyOrNullTrust(extraTrust)) continue;

              if (extraTrust.isInForest()
                  && (complete_trusts.isEmpty()
                      || !complete_trusts.containsKey(extraTrust.dnsDomainName.toLowerCase()))) {
                complete_trusts.put(extraTrust.dnsDomainName.toLowerCase(), extraTrust);
              }
            }
          }
        }
      }
    }

    return processTrust(new ArrayList<WinDomainTrustInfoNative>(complete_trusts.values()));
  }
Пример #3
0
  private ArrayList<WinDomainTrustInfoNative> dsEnumerateDomainTrusts(
      String domainName, int trustFlags) {
    PointerByReference ppTrustsInfo = new PointerByReference(Pointer.NULL);
    Pointer pTrustsInfo = Pointer.NULL;
    WinDomainTrustInfoNative[] trustsArray = null;
    ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>();
    int numTrusts = 0;
    IntByReference pNumTrusts = new IntByReference();

    DomainControllerInfo dcInfo = null;
    try {
      dcInfo = this.getDcInfo(domainName);
    } catch (DomainManagerException ex) {
      logger.error(
          String.format(
              "Before enumerating trust for domain [%s], getDcInfo failed. ", domainName));
    }

    try {
      String serverName = dcInfo == null ? domainName : dcInfo.domainFQDN;
      int dwError =
          WinNetApi32.INSTANCE.DsEnumerateDomainTrusts(
              serverName, trustFlags, ppTrustsInfo, pNumTrusts);
      logAndThrow(String.format("Failed to enumerate domain trusts for %s ", serverName), dwError);

      numTrusts = pNumTrusts.getValue();
      pTrustsInfo = ppTrustsInfo.getValue();

      if ((numTrusts > 0) && (pTrustsInfo != null) && (pTrustsInfo != Pointer.NULL)) {
        WinDomainTrustInfoNative trustsInfo = new WinDomainTrustInfoNative(pTrustsInfo);
        trustsArray = (WinDomainTrustInfoNative[]) trustsInfo.toArray(numTrusts);
      }

      for (int i = 0; i < numTrusts; i++) {
        if (isEmptyOrNullTrust(trustsArray[i])) continue;
        trusts.add(trustsArray[i]);
      }
    } finally {
      if (pTrustsInfo != Pointer.NULL) {
        WinNetApi32.INSTANCE.NetApiBufferFree(pTrustsInfo);
      }
    }

    return trusts;
  }