1/*queries trusted domain information*/ 2 3#include "libmsrpc.h" 4#include "includes.h" 5 6#define MAX_STRING_LEN 50; 7 8void print_info(LSA_TRUSTED_DOMAIN_INFO *info) { 9 switch(info->info_class) { 10 case CAC_INFO_TRUSTED_DOMAIN_FULL_INFO: 11 case CAC_INFO_TRUSTED_DOMAIN_INFO_ALL: 12 printf(" Domain Name: %s\n", unistr2_static(&info->info_ex.domain_name.unistring)); 13 printf(" Netbios Name: %s\n", unistr2_static(&info->info_ex.netbios_name.unistring)); 14 printf(" Domain Sid: %s\n", sid_string_static(&info->info_ex.sid.sid)); 15 printf(" Trust direction: %d\n", info->info_ex.trust_direction); 16 printf(" Trust Type: %d\n", info->info_ex.trust_type); 17 printf(" Trust attr: %d\n", info->info_ex.trust_attributes); 18 printf(" Posix Offset: %d\n", info->posix_offset.posix_offset); 19 break; 20 } 21} 22 23int main() { 24 CacServerHandle *hnd = NULL; 25 TALLOC_CTX *mem_ctx = NULL; 26 POLICY_HND *lsa_pol = NULL; 27 28 int i; 29 30 mem_ctx = talloc_init("lsatrust"); 31 32 hnd = cac_NewServerHandle(False); 33 34 /*malloc some memory so get_auth_data_fn can work*/ 35 hnd->username = SMB_MALLOC_ARRAY(char, sizeof(fstring)); 36 hnd->domain = SMB_MALLOC_ARRAY(char, sizeof(fstring)); 37 hnd->netbios_name = SMB_MALLOC_ARRAY(char, sizeof(fstring)); 38 hnd->password = SMB_MALLOC_ARRAY(char, sizeof(fstring)); 39 40 hnd->server = SMB_MALLOC_ARRAY(char, sizeof(fstring)); 41 42 43 printf("Server: "); 44 fscanf(stdin, "%s", hnd->server); 45 46 printf("Connecting to server....\n"); 47 48 if(!cac_Connect(hnd, NULL)) { 49 fprintf(stderr, "Could not connect to server.\n Error: %s\n errno %s\n", nt_errstr(hnd->status), strerror(errno)); 50 cac_FreeHandle(hnd); 51 exit(-1); 52 } 53 54 printf("Connected to server\n"); 55 56 struct LsaOpenPolicy lop; 57 ZERO_STRUCT(lop); 58 59 lop.in.access = SEC_RIGHT_MAXIMUM_ALLOWED; 60 lop.in.security_qos = True; 61 62 63 if(!cac_LsaOpenPolicy(hnd, mem_ctx, &lop)) { 64 fprintf(stderr, "Could not open policy handle.\n Error: %s\n", nt_errstr(hnd->status)); 65 cac_FreeHandle(hnd); 66 exit(-1); 67 } 68 69 lsa_pol = lop.out.pol; 70 71 printf("Enumerating Trusted Domains\n"); 72 73 struct LsaEnumTrustedDomains etd; 74 ZERO_STRUCT(etd); 75 76 etd.in.pol = lsa_pol; 77 78 while(cac_LsaEnumTrustedDomains(hnd, mem_ctx, &etd)) { 79 printf(" Enumerated %d domains\n", etd.out.num_domains); 80 81 for(i = 0; i < etd.out.num_domains; i++) { 82 printf(" Name: %s\n", etd.out.domain_names[i]); 83 printf(" SID: %s\n", sid_string_static(&etd.out.domain_sids[i])); 84 85 printf("\n Attempting to open domain...\n"); 86 87 struct LsaOpenTrustedDomain otd; 88 ZERO_STRUCT(otd); 89 90 otd.in.pol = lsa_pol; 91 otd.in.domain_sid = &etd.out.domain_sids[i]; 92 otd.in.access = SEC_RIGHT_MAXIMUM_ALLOWED; 93 94 /*try to query trusted domain info by name*/ 95 struct LsaQueryTrustedDomainInfo qtd; 96 ZERO_STRUCT(qtd); 97 98 qtd.in.pol = lsa_pol; 99 qtd.in.domain_name = etd.out.domain_names[i]; 100 101 102 int j; 103 for(j = 0; j < 100; j++ ) { 104 qtd.in.info_class = j; 105 106 printf(" Querying trustdom by name\n"); 107 if(!cac_LsaQueryTrustedDomainInfo(hnd, mem_ctx, &qtd)) { 108 fprintf(stderr, " could not query trusted domain info.\n Error %s\n", nt_errstr(hnd->status)); 109 continue; 110 } 111 112 printf(" info_class %d succeeded\n", j); 113 printf(" Query result:\n"); 114 printf(" size %d\n", sizeof(*qtd.out.info)); 115 } 116 117 /*try to query trusted domain info by SID*/ 118 printf(" Querying trustdom by sid\n"); 119 qtd.in.domain_sid = &etd.out.domain_sids[i]; 120 if(!cac_LsaQueryTrustedDomainInfo(hnd, mem_ctx, &qtd)) { 121 fprintf(stderr, " could not query trusted domain info.\n Error %s\n", nt_errstr(hnd->status)); 122 continue; 123 } 124 125 printf(" Query result:\n"); 126/* print_info(qtd.out.info);*/ 127 128 if(CAC_OP_FAILED(hnd->status)) { 129 fprintf(stderr, " Could not enum sids.\n Error: %s\n", nt_errstr(hnd->status)); 130 continue; 131 } 132 } 133 134 printf("\n"); 135 } 136 137 if(CAC_OP_FAILED(hnd->status)) { 138 fprintf(stderr, "Error while enumerating trusted domains.\n Error: %s\n", nt_errstr(hnd->status)); 139 goto done; 140 } 141 142done: 143 if(!cac_LsaClosePolicy(hnd, mem_ctx, lsa_pol)) { 144 fprintf(stderr, "Could not close policy handle.\n Error: %s\n", nt_errstr(hnd->status)); 145 } 146 147 cac_FreeHandle(hnd); 148 talloc_destroy(mem_ctx); 149 150 return 0; 151} 152