/// <summary>
/// Returns true if the domain identified by sid is in a forest trusted by the caller's forest,
/// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise.
/// </summary>
/// <param name="dc"></param>
/// <param name="sid">The SID of a domain.</param>
/// <returns></returns>
static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid)
{
FOREST_TRUST_INFORMATION f;
bool b;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo &&
(DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) &&
((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0))
{
b = true;
foreach (Record g in f.Records)
{
if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx &&
(g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 &&
(
((RecordTopLevelName)g.ForestTrustData).TopLevelName
== ((RecordDomainInfo)e.ForestTrustData).DnsName
||
TrustInfo.IsSubdomainOf(
((RecordDomainInfo)e.ForestTrustData).DnsName,
((RecordTopLevelName)g.ForestTrustData).TopLevelName)
)
)
{
b = false;
break;
}
}
if (b)
{
return(true);
}
}
}
}
return(false);
}
static bool IsDomainDnsNameInTrustedForest(DsServer dc, string name, ref string referredDomain)
{
FOREST_TRUST_INFORMATION f;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
if (tdos == null)
{
return(false);
}
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo)
{
RecordDomainInfo ee = (RecordDomainInfo)e.ForestTrustData;
if (ee.DnsName == name &&
(e.Flags & (uint)TrustInfo.FOREST_TRUST_RECORD_FLAGS_DOMAIN_INFO.LSA_SID_DISABLED_ADMIN) == 0 &&
(e.Flags & (uint)TrustInfo.FOREST_TRUST_RECORD_FLAGS_DOMAIN_INFO.LSA_SID_DISABLED_CONFLICT) == 0 &&
ForestTrustOwnsName(f, ee.DnsName))
{
referredDomain = (string)LdapUtility.GetAttributeValue(dc, o, "trustPartner");
return(true);
}
}
}
}
return(false);
}
public DS_NAME_RESULT_ITEMW LookupNames(
DsServer dc,
uint flags,
uint formatOffered,
uint formatDesired,
string name)
{
DS_NAME_RESULT_ITEMW result = new DS_NAME_RESULT_ITEMW();
string referredDomain = "";
// Unknown name
if (formatOffered == (uint)DS_NAME_FORMAT.DS_UNKNOWN_NAME)
{
return(LookupUnknownName(dc, flags, formatDesired, name));
}
DSNAME[] rt = null;
string domainName = null;
switch (formatOffered)
{
case (uint)DS_NAME_FORMAT.DS_UNKNOWN_NAME:
return(LookupUnknownName(dc, flags, formatDesired, name));
case (uint)DS_NAME_FORMAT.DS_FQDN_1779_NAME:
{
rt = LookupAttr(dc, flags, "distinguishedName", name);
if (EnvironmentConfig.TestDS)
{
DSNAME?dcDsname = GetDsName(dc, RetrieveDCSuffixFromDn(name));
if (dcDsname != null)
{
domainName = DomainDNSNameFromDomain(dc, dcDsname.Value);
}
}
}
break;
case (uint)DS_NAME_FORMAT.DS_NT4_ACCOUNT_NAME:
{
rt = LookupAttr(dc, flags, "sAMAccountName", LdapUtility.UserNameFromNT4AccountName(name));
if (EnvironmentConfig.TestDS)
{
domainName = LdapUtility.DomainNameFromNT4AccountName(name);
}
}
break;
case (uint)DS_NAME_FORMAT.DS_USER_PRINCIPAL_NAME:
{
rt = LookupUPNAndAltSecID(dc, flags, false, name);
if (EnvironmentConfig.TestDS)
{
domainName = DomainNameFromUPN(name);
}
}
break;
case (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME:
{
DSNAME?v = LookupCanonicalName(dc, name);
if (v != null)
{
rt = new DSNAME[] { v.Value }
}
;
else
{
rt = null;
}
if (EnvironmentConfig.TestDS)
{
domainName = DomainNameFromCanonicalName(name);
}
}
break;
case (uint)DS_NAME_FORMAT.DS_UNIQUE_ID_NAME:
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
// The GUID is in the curly braced form, so we need
// to remove the braces first.
if (!name.Contains("{") && name.Contains("}"))
{
rt = null;
break;
}
string guidStr = name.Substring(1, name.Length - 2);
Guid guid = new Guid(guidStr);
string dn = null;
dn = LdapUtility.GetObjectDnByGuid(dc, rootDse.rootDomainNamingContext, guid);
if (dn == null)
{
dn = LdapUtility.GetObjectDnByGuid(dc, rootDse.configurationNamingContext, guid);
}
if (dn == null)
{
dn = LdapUtility.GetObjectDnByGuid(dc, rootDse.schemaNamingContext, guid);
}
if (dn == null)
{
break;
}
rt = new DSNAME[] { LdapUtility.CreateDSNameForObject(dc, dn) };
}
break;
case (uint)DS_NAME_FORMAT.DS_DISPLAY_NAME:
{
rt = LookupAttr(dc, flags, "displayName", name);
}
break;
case (uint)DS_NAME_FORMAT.DS_SERVICE_PRINCIPAL_NAME:
{
rt = LookupSPN(dc, flags, name);
if (EnvironmentConfig.TestDS)
{
domainName = GetServiceNameFromSPN(name);
}
}
break;
case (uint)DS_NAME_FORMAT.DS_SID_OR_SID_HISTORY_NAME:
case (uint)formatOffered_Values.DS_STRING_SID_NAME:
{
rt = LookupSID(dc, flags, SidFromStringSid(name));
if (EnvironmentConfig.TestDS)
{
domainName = DomainNameFromSid(dc, DomainSidFromSid(SidFromStringSid(name)));
}
}
break;
case (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME_EX:
{
DSNAME?v = LookupCanonicalName(dc, CanonicalNameFromCanonicalNameEx(name));
if (v == null)
{
rt = null;
}
else
{
rt = new DSNAME[] { v.Value }
};
if (EnvironmentConfig.TestDS)
{
domainName = DomainNameFromCanonicalName(name);
}
}
break;
case (uint)formatOffered_Values.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN:
case (uint)formatOffered_Values.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX:
{
rt = LookupAttr(dc, flags, "sAMAccountName", name);
}
break;
case (uint)formatOffered_Values.DS_ALT_SECURITY_IDENTITIES_NAME:
{
rt = LookupAttr(dc, flags, "altSecurityIdentities", name);
}
break;
case (uint)formatOffered_Values.DS_USER_PRINCIPAL_NAME_AND_ALTSECID:
{
rt = LookupUPNAndAltSecID(dc, flags, true, name);
if (EnvironmentConfig.TestDS)
{
domainName = DomainNameFromUPN(name);
}
}
break;
default:
rt = null;
break;
}
if (rt == null && domainName != null)
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_DOMAIN_ONLY;
if (formatOffered == (uint)DS_NAME_FORMAT.DS_NT4_ACCOUNT_NAME ||
formatOffered == (uint)DS_NAME_FORMAT.DS_USER_PRINCIPAL_NAME ||
formatOffered == (uint)DS_NAME_FORMAT.DS_SERVICE_PRINCIPAL_NAME ||
formatOffered == (uint)DS_NAME_FORMAT.DS_SID_OR_SID_HISTORY_NAME ||
formatOffered == (uint)formatOffered_Values.DS_STRING_SID_NAME ||
formatOffered == (uint)formatOffered_Values.DS_USER_PRINCIPAL_NAME_AND_ALTSECID)
{
if (TrustInfo.IsDomainNameInTrustedForest(dc, domainName, ref referredDomain))
{
result.pDomain = referredDomain;
if ((flags & (uint)DRS_MSG_CRACKREQ_FLAGS.DS_NAME_FLAG_TRUST_REFERRAL) > 0)
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_TRUST_REFERRAL;
}
else
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_DOMAIN_ONLY;
}
}
}
return(result);
}
if (rt == null)
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_NOT_FOUND;
return(result);
}
if (rt.Length > 1)
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_NOT_UNIQUE;
return(result);
}
DSNAME obj = rt[0];
if (formatOffered == (uint)formatOffered_Values.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX)
{
string uacStr = (string)GetAttributeValue(
dc,
LdapUtility.ConvertUshortArrayToString(obj.StringName),
"userAccountControl");
uint uac = Convert.ToUInt32(uacStr);
const uint ADS_UF_ACCOUNTDISABLE = 0x0002;
const uint ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0x0100;
if ((uac & (ADS_UF_ACCOUNTDISABLE | ADS_UF_TEMP_DUPLICATE_ACCOUNT)) > 0)
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_NOT_FOUND;
return(result);
}
}
string[] names = ConstructOutput(dc, obj, formatDesired);
if ((names == null) &&
(obj.SidLen != 0) &&
((flags & (uint)DRS_MSG_CRACKREQ_FLAGS.DS_NAME_FLAG_PRIVATE_RESOLVE_FPOS) > 0))
{
if (formatDesired == (uint)DS_NAME_FORMAT.DS_NT4_ACCOUNT_NAME ||
formatDesired == (uint)DS_NAME_FORMAT.DS_DISPLAY_NAME ||
formatDesired == (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME ||
formatDesired == (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME_EX ||
formatDesired == (uint)DS_NAME_FORMAT.DS_USER_PRINCIPAL_NAME ||
formatDesired == (uint)formatDesired_Values.DS_USER_PRINCIPAL_NAME_FOR_LOGON ||
formatDesired == (uint)DS_NAME_FORMAT.DS_SERVICE_PRINCIPAL_NAME)
{
bool fCanonicalEx = false;
if (formatDesired == (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME_EX)
{
fCanonicalEx = true;
}
result = LookupFPO(fCanonicalEx, obj, result);
return(result);
}
}
if (names == null)
{
if (formatDesired == (uint)DS_NAME_FORMAT.DS_SID_OR_SID_HISTORY_NAME ||
formatDesired == (uint)DS_NAME_FORMAT.DS_UNKNOWN_NAME)
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_RESOLVING;
}
else
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_NO_MAPPING;
}
return(result);
}
if (names.Length > 1)
{
result.status = DS_NAME_ERROR.DS_NAME_ERROR_NOT_UNIQUE;
return(result);
}
result.pName = names[0];
if (EnvironmentConfig.TestDS)
{
string objDn = LdapUtility.ConvertUshortArrayToString(obj.StringName);
DSNAME?dcDsname = GetDsName(dc, RetrieveDCSuffixFromDn(objDn));
string domainDn = "";
if (dcDsname != null)
{
domainDn = DomainDNSNameFromDomain(dc, dcDsname.Value);
}
result.pDomain = domainDn;
}
else
{
result.pDomain = "";
}
result.status = DS_NAME_ERROR.DS_NAME_NO_ERROR;
return(result);
}
