// Retrieve trusts discovered by the domain that is currently joined private ArrayList<WinDomainTrustInfoNative> getDomainTrustsInternal(String domainName) { Map<String, WinDomainTrustInfoNative> trusts_to_ret = new HashMap<String, WinDomainTrustInfoNative>(); ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>(); ArrayList<WinDomainTrustInfoNative> trustRoots = new ArrayList<WinDomainTrustInfoNative>(); // Initial trust enumerate against the joined domain trusts = dsEnumerateDomainTrusts(domainName, WinDomainTrustInfoNative.AllFlags()); if (trusts.size() > 0) { for (WinDomainTrustInfoNative trust : trusts) { if (isEmptyOrNullTrust(trust)) continue; // Add the currently discovered trust trusts_to_ret.put(trust.dnsDomainName.toLowerCase(), trust); if (trust.isRoot()) { trustRoots.add(trust); } } } // Process tree root domains if (trustRoots.size() > 0) { for (WinDomainTrustInfoNative trustRoot : trustRoots) { if (isEmptyOrNullTrust(trustRoot)) continue; ArrayList<WinDomainTrustInfoNative> trustsOutSide = new ArrayList<WinDomainTrustInfoNative>(); try { trustsOutSide = dsEnumerateDomainTrusts(trustRoot.dnsDomainName, WinDomainTrustInfoNative.AllFlags()); } catch (DomainManagerException e) { logger.info( String.format("Failed to enumerate trust for %s ", trustRoot.dnsDomainName) + e.getMessage()); } if (trustsOutSide.size() > 0) { for (WinDomainTrustInfoNative trustOutSide : trustsOutSide) { if (isEmptyOrNullTrust(trustOutSide)) continue; boolean isInBound = trustOutSide.isInBound(); boolean isOutBound = trustOutSide.isOutBound(); boolean isExternal = trustOutSide.isExternal(); // discover trusts outside of the current forest (do not discover if trust is external // external trust is non-transitive if (!isExternal && (isInBound || isOutBound) && (trusts_to_ret.isEmpty() || !trusts_to_ret.containsKey(trustOutSide.dnsDomainName.toLowerCase()))) { trusts_to_ret.put(trustOutSide.dnsDomainName.toLowerCase(), trustOutSide); } } } } } return new ArrayList<WinDomainTrustInfoNative>(trusts_to_ret.values()); }
@Override public DomainTrustInfo[] getDomainTrusts(String domainName) { Map<String, WinDomainTrustInfoNative> complete_trusts = new HashMap<String, WinDomainTrustInfoNative>(); ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>(); ArrayList<WinDomainTrustInfoNative> extra_trusts_to_enum = new ArrayList<WinDomainTrustInfoNative>(); trusts = getDomainTrustsInternal(domainName); if (trusts.size() > 0) { for (WinDomainTrustInfoNative trust : trusts) { if (isEmptyOrNullTrust(trust)) continue; complete_trusts.put(trust.dnsDomainName.toLowerCase(), trust); boolean isInforest = trust.isInForest(); boolean isExternal = trust.isExternal(); boolean isInBound = trust.isInBound(); boolean isOutBound = trust.isOutBound(); // only add 2-way trust as extra trust candidates to discover more if (!isInforest && !isExternal && isInBound && isOutBound) { extra_trusts_to_enum.add(trust); } } if (extra_trusts_to_enum.size() > 0) { for (WinDomainTrustInfoNative extra_trust_to_enum : extra_trusts_to_enum) { if (isEmptyOrNullTrust(extra_trust_to_enum)) continue; ArrayList<WinDomainTrustInfoNative> extra_trusts = new ArrayList<WinDomainTrustInfoNative>(); try { extra_trusts = dsEnumerateDomainTrusts( extra_trust_to_enum.dnsDomainName, WinDomainTrustInfoNative.AllFlags()); } catch (DomainManagerException e) { logger.info( String.format( "Failed to enumerate trust for %s ", extra_trust_to_enum.dnsDomainName) + e.getMessage()); } if (extra_trusts.size() > 0) { for (WinDomainTrustInfoNative extraTrust : extra_trusts) { if (isEmptyOrNullTrust(extraTrust)) continue; if (extraTrust.isInForest() && (complete_trusts.isEmpty() || !complete_trusts.containsKey(extraTrust.dnsDomainName.toLowerCase()))) { complete_trusts.put(extraTrust.dnsDomainName.toLowerCase(), extraTrust); } } } } } } return processTrust(new ArrayList<WinDomainTrustInfoNative>(complete_trusts.values())); }
private ArrayList<WinDomainTrustInfoNative> dsEnumerateDomainTrusts( String domainName, int trustFlags) { PointerByReference ppTrustsInfo = new PointerByReference(Pointer.NULL); Pointer pTrustsInfo = Pointer.NULL; WinDomainTrustInfoNative[] trustsArray = null; ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>(); int numTrusts = 0; IntByReference pNumTrusts = new IntByReference(); DomainControllerInfo dcInfo = null; try { dcInfo = this.getDcInfo(domainName); } catch (DomainManagerException ex) { logger.error( String.format( "Before enumerating trust for domain [%s], getDcInfo failed. ", domainName)); } try { String serverName = dcInfo == null ? domainName : dcInfo.domainFQDN; int dwError = WinNetApi32.INSTANCE.DsEnumerateDomainTrusts( serverName, trustFlags, ppTrustsInfo, pNumTrusts); logAndThrow(String.format("Failed to enumerate domain trusts for %s ", serverName), dwError); numTrusts = pNumTrusts.getValue(); pTrustsInfo = ppTrustsInfo.getValue(); if ((numTrusts > 0) && (pTrustsInfo != null) && (pTrustsInfo != Pointer.NULL)) { WinDomainTrustInfoNative trustsInfo = new WinDomainTrustInfoNative(pTrustsInfo); trustsArray = (WinDomainTrustInfoNative[]) trustsInfo.toArray(numTrusts); } for (int i = 0; i < numTrusts; i++) { if (isEmptyOrNullTrust(trustsArray[i])) continue; trusts.add(trustsArray[i]); } } finally { if (pTrustsInfo != Pointer.NULL) { WinNetApi32.INSTANCE.NetApiBufferFree(pTrustsInfo); } } return trusts; }