static BOOL get_downleveltrust(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, struct policy_handle *handle, struct dom_sid **sid) { struct lsa_EnumTrustDom r; uint32_t resume_handle = 0; struct lsa_DomainList domains; NTSTATUS status; int i; r.in.handle = handle; r.in.resume_handle = &resume_handle; r.in.max_size = 1000; r.out.domains = &domains; r.out.resume_handle = &resume_handle; status = dcerpc_lsa_EnumTrustDom(p, mem_ctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) { printf("no trusts\n"); return False; } if (domains.count == 0) { printf("no trusts\n"); return False; } for (i=0; i<domains.count; i++) { struct lsa_QueryTrustedDomainInfoBySid q; if (domains.domains[i].sid == NULL) continue; q.in.handle = handle; q.in.dom_sid = domains.domains[i].sid; q.in.level = 6; status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) continue; if ((q.out.info->info_ex.trust_direction & 2) && (q.out.info->info_ex.trust_type == 1)) { *sid = domains.domains[i].sid; return True; } } printf("I need a AD DC with an outgoing trust to NT4\n"); return False; }
static bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, char ***domain_names, uint32 *num_domains, struct dom_sid **sids ) { struct policy_handle pol; NTSTATUS status, result; fstring dc_name; struct sockaddr_storage dc_ss; uint32 enum_ctx = 0; struct cli_state *cli = NULL; struct rpc_pipe_client *lsa_pipe = NULL; struct lsa_DomainList dom_list; int i; struct dcerpc_binding_handle *b = NULL; *domain_names = NULL; *num_domains = 0; *sids = NULL; /* lookup a DC first */ if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) { DEBUG(3,("enumerate_domain_trusts: can't locate a DC for domain %s\n", domain)); return False; } /* setup the anonymous connection */ status = cli_full_connection( &cli, lp_netbios_name(), dc_name, &dc_ss, 0, "IPC$", "IPC", "", "", "", 0, Undefined); if ( !NT_STATUS_IS_OK(status) ) goto done; /* open the LSARPC_PIPE */ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, &lsa_pipe); if (!NT_STATUS_IS_OK(status)) { goto done; } b = lsa_pipe->binding_handle; /* get a handle */ status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True, LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol); if ( !NT_STATUS_IS_OK(status) ) goto done; /* Lookup list of trusted domains */ status = dcerpc_lsa_EnumTrustDom(b, mem_ctx, &pol, &enum_ctx, &dom_list, (uint32_t)-1, &result); if ( !NT_STATUS_IS_OK(status) ) goto done; if (!NT_STATUS_IS_OK(result)) { status = result; goto done; } *num_domains = dom_list.count; *domain_names = talloc_zero_array(mem_ctx, char *, *num_domains); if (!*domain_names) { status = NT_STATUS_NO_MEMORY; goto done; } *sids = talloc_zero_array(mem_ctx, struct dom_sid, *num_domains); if (!*sids) { status = NT_STATUS_NO_MEMORY; goto done; } for (i=0; i< *num_domains; i++) { (*domain_names)[i] = discard_const_p(char, dom_list.domains[i].name.string); (*sids)[i] = *dom_list.domains[i].sid; } done: /* cleanup */ if (cli) { DEBUG(10,("enumerate_domain_trusts: shutting down connection...\n")); cli_shutdown( cli ); } return NT_STATUS_IS_OK(status); }