// Retrieve trusts discovered by the domain that is currently joined
private ArrayList<WinDomainTrustInfoNative> getDomainTrustsInternal(String domainName) {
Map<String, WinDomainTrustInfoNative> trusts_to_ret =
new HashMap<String, WinDomainTrustInfoNative>();
ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>();
ArrayList<WinDomainTrustInfoNative> trustRoots = new ArrayList<WinDomainTrustInfoNative>();
// Initial trust enumerate against the joined domain
trusts = dsEnumerateDomainTrusts(domainName, WinDomainTrustInfoNative.AllFlags());
if (trusts.size() > 0) {
for (WinDomainTrustInfoNative trust : trusts) {
if (isEmptyOrNullTrust(trust)) continue;
// Add the currently discovered trust
trusts_to_ret.put(trust.dnsDomainName.toLowerCase(), trust);
if (trust.isRoot()) {
trustRoots.add(trust);
}
}
}
// Process tree root domains
if (trustRoots.size() > 0) {
for (WinDomainTrustInfoNative trustRoot : trustRoots) {
if (isEmptyOrNullTrust(trustRoot)) continue;
ArrayList<WinDomainTrustInfoNative> trustsOutSide =
new ArrayList<WinDomainTrustInfoNative>();
try {
trustsOutSide =
dsEnumerateDomainTrusts(trustRoot.dnsDomainName, WinDomainTrustInfoNative.AllFlags());
} catch (DomainManagerException e) {
logger.info(
String.format("Failed to enumerate trust for %s ", trustRoot.dnsDomainName)
+ e.getMessage());
}
if (trustsOutSide.size() > 0) {
for (WinDomainTrustInfoNative trustOutSide : trustsOutSide) {
if (isEmptyOrNullTrust(trustOutSide)) continue;
boolean isInBound = trustOutSide.isInBound();
boolean isOutBound = trustOutSide.isOutBound();
boolean isExternal = trustOutSide.isExternal();
// discover trusts outside of the current forest (do not discover if trust is external
// external trust is non-transitive
if (!isExternal
&& (isInBound || isOutBound)
&& (trusts_to_ret.isEmpty()
|| !trusts_to_ret.containsKey(trustOutSide.dnsDomainName.toLowerCase()))) {
trusts_to_ret.put(trustOutSide.dnsDomainName.toLowerCase(), trustOutSide);
}
}
}
}
}
return new ArrayList<WinDomainTrustInfoNative>(trusts_to_ret.values());
}
@Override
public DomainTrustInfo[] getDomainTrusts(String domainName) {
Map<String, WinDomainTrustInfoNative> complete_trusts =
new HashMap<String, WinDomainTrustInfoNative>();
ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>();
ArrayList<WinDomainTrustInfoNative> extra_trusts_to_enum =
new ArrayList<WinDomainTrustInfoNative>();
trusts = getDomainTrustsInternal(domainName);
if (trusts.size() > 0) {
for (WinDomainTrustInfoNative trust : trusts) {
if (isEmptyOrNullTrust(trust)) continue;
complete_trusts.put(trust.dnsDomainName.toLowerCase(), trust);
boolean isInforest = trust.isInForest();
boolean isExternal = trust.isExternal();
boolean isInBound = trust.isInBound();
boolean isOutBound = trust.isOutBound();
// only add 2-way trust as extra trust candidates to discover more
if (!isInforest && !isExternal && isInBound && isOutBound) {
extra_trusts_to_enum.add(trust);
}
}
if (extra_trusts_to_enum.size() > 0) {
for (WinDomainTrustInfoNative extra_trust_to_enum : extra_trusts_to_enum) {
if (isEmptyOrNullTrust(extra_trust_to_enum)) continue;
ArrayList<WinDomainTrustInfoNative> extra_trusts =
new ArrayList<WinDomainTrustInfoNative>();
try {
extra_trusts =
dsEnumerateDomainTrusts(
extra_trust_to_enum.dnsDomainName, WinDomainTrustInfoNative.AllFlags());
} catch (DomainManagerException e) {
logger.info(
String.format(
"Failed to enumerate trust for %s ", extra_trust_to_enum.dnsDomainName)
+ e.getMessage());
}
if (extra_trusts.size() > 0) {
for (WinDomainTrustInfoNative extraTrust : extra_trusts) {
if (isEmptyOrNullTrust(extraTrust)) continue;
if (extraTrust.isInForest()
&& (complete_trusts.isEmpty()
|| !complete_trusts.containsKey(extraTrust.dnsDomainName.toLowerCase()))) {
complete_trusts.put(extraTrust.dnsDomainName.toLowerCase(), extraTrust);
}
}
}
}
}
}
return processTrust(new ArrayList<WinDomainTrustInfoNative>(complete_trusts.values()));
}
private ArrayList<WinDomainTrustInfoNative> dsEnumerateDomainTrusts(
String domainName, int trustFlags) {
PointerByReference ppTrustsInfo = new PointerByReference(Pointer.NULL);
Pointer pTrustsInfo = Pointer.NULL;
WinDomainTrustInfoNative[] trustsArray = null;
ArrayList<WinDomainTrustInfoNative> trusts = new ArrayList<WinDomainTrustInfoNative>();
int numTrusts = 0;
IntByReference pNumTrusts = new IntByReference();
DomainControllerInfo dcInfo = null;
try {
dcInfo = this.getDcInfo(domainName);
} catch (DomainManagerException ex) {
logger.error(
String.format(
"Before enumerating trust for domain [%s], getDcInfo failed. ", domainName));
}
try {
String serverName = dcInfo == null ? domainName : dcInfo.domainFQDN;
int dwError =
WinNetApi32.INSTANCE.DsEnumerateDomainTrusts(
serverName, trustFlags, ppTrustsInfo, pNumTrusts);
logAndThrow(String.format("Failed to enumerate domain trusts for %s ", serverName), dwError);
numTrusts = pNumTrusts.getValue();
pTrustsInfo = ppTrustsInfo.getValue();
if ((numTrusts > 0) && (pTrustsInfo != null) && (pTrustsInfo != Pointer.NULL)) {
WinDomainTrustInfoNative trustsInfo = new WinDomainTrustInfoNative(pTrustsInfo);
trustsArray = (WinDomainTrustInfoNative[]) trustsInfo.toArray(numTrusts);
}
for (int i = 0; i < numTrusts; i++) {
if (isEmptyOrNullTrust(trustsArray[i])) continue;
trusts.add(trustsArray[i]);
}
} finally {
if (pTrustsInfo != Pointer.NULL) {
WinNetApi32.INSTANCE.NetApiBufferFree(pTrustsInfo);
}
}
return trusts;
}