public static IEnumerable <IDomainTrust> Get_NetDomainTrust(Args_Get_DomainTrust args = null) { return(GetDomainTrust.Get_DomainTrust(args)); }
public static IEnumerable <IDomainTrust> Get_DomainTrust(Args_Get_DomainTrust args = null) { if (args == null) { args = new Args_Get_DomainTrust(); } var LdapSearcherArguments = new Args_Get_DomainSearcher { Domain = args.Domain, LDAPFilter = args.LDAPFilter, Properties = args.Properties, SearchBase = args.SearchBase, Server = args.Server, SearchScope = args.SearchScope, ResultPageSize = args.ResultPageSize, ServerTimeLimit = args.ServerTimeLimit, Tombstone = args.Tombstone, Credential = args.Credential }; Args_Get_DomainSID NetSearcherArguments = null; string SourceDomain = null; if (!args.API) { NetSearcherArguments = new Args_Get_DomainSID(); if (args.Domain.IsNotNullOrEmpty() && args.Domain.Trim() != "") { SourceDomain = args.Domain; } else { if (args.Credential != null) { SourceDomain = GetDomain.Get_Domain(new Args_Get_Domain { Credential = args.Credential }).Name; } else { SourceDomain = GetDomain.Get_Domain().Name; } } } else if (!args.NET) { if (args.Domain != null && args.Domain.Trim() != "") { SourceDomain = args.Domain; } else { SourceDomain = Environment.GetEnvironmentVariable("USERDNSDOMAIN"); } } var DomainTrusts = new List <IDomainTrust>(); if (!args.API && !args.NET) { // if we're searching for domain trusts through LDAP/ADSI var TrustSearcher = GetDomainSearcher.Get_DomainSearcher(LdapSearcherArguments); var SourceSID = GetDomainSID.Get_DomainSID(NetSearcherArguments); if (TrustSearcher != null) { TrustSearcher.Filter = @"(objectClass=trustedDomain)"; SearchResult[] Results = null; if (args.FindOne) { Results = new SearchResult[] { TrustSearcher.FindOne() }; } else { var items = TrustSearcher.FindAll(); if (items != null) { Results = new SearchResult[items.Count]; items.CopyTo(Results, 0); } } if (Results != null) { foreach (var result in Results) { var Props = result.Properties; var DomainTrust = new LdapDomainTrust(); var TrustAttrib = (TrustAttribute)Props[@"trustattributes"][0]; var Direction = (TrustDirection)Props[@"trustdirection"][0]; var TrustType = (TrustType)Props[@"trusttype"][0]; var Distinguishedname = Props[@"distinguishedname"][0] as string; var SourceNameIndex = Distinguishedname.IndexOf(@"DC="); if (SourceNameIndex != 0) { SourceDomain = Distinguishedname.Substring(SourceNameIndex).Replace(@"DC=", @"").Replace(@",", @"."); } else { SourceDomain = @""; } var TargetNameIndex = Distinguishedname.IndexOf(@",CN=System"); string TargetDomain = null; if (SourceNameIndex != 0) { TargetDomain = Distinguishedname.Substring(3, TargetNameIndex - 3); } else { TargetDomain = @""; } var ObjectGuid = new Guid(Props[@"objectguid"][0] as byte[]); var TargetSID = (new System.Security.Principal.SecurityIdentifier(Props[@"securityidentifier"][0] as byte[], 0)).Value; DomainTrust = new LdapDomainTrust { SourceName = SourceDomain, TargetName = Props[@"name"][0] as string, TrustType = TrustType, TrustAttributes = TrustAttrib, TrustDirection = Direction, WhenCreated = Props[@"whencreated"][0], WhenChanged = Props[@"whenchanged"][0] }; DomainTrusts.Add(DomainTrust); } } TrustSearcher.Dispose(); } } else if (args.API) { // if we're searching for domain trusts through Win32 API functions string TargetDC = null; if (args.Server.IsNotNullOrEmpty()) { TargetDC = args.Server; } else if (args.Domain != null && args.Domain.Trim() != @"") { TargetDC = args.Domain; } else { // see https://msdn.microsoft.com/en-us/library/ms675976(v=vs.85).aspx for default NULL behavior TargetDC = null; } // arguments for DsEnumerateDomainTrusts var PtrInfo = IntPtr.Zero; // 63 = DS_DOMAIN_IN_FOREST + DS_DOMAIN_DIRECT_OUTBOUND + DS_DOMAIN_TREE_ROOT + DS_DOMAIN_PRIMARY + DS_DOMAIN_NATIVE_MODE + DS_DOMAIN_DIRECT_INBOUND uint Flags = 63; uint DomainCount = 0; // get the trust information from the target server var Result = NativeMethods.DsEnumerateDomainTrusts(TargetDC, Flags, out PtrInfo, out DomainCount); // Locate the offset of the initial intPtr var Offset = PtrInfo.ToInt64(); // 0 = success if (Result == 0 && Offset > 0) { // Work out how much to increment the pointer by finding out the size of the structure var Increment = Marshal.SizeOf(typeof(NativeMethods.DS_DOMAIN_TRUSTS)); // parse all the result structures for (var i = 0; i < DomainCount; i++) { // create a new int ptr at the given offset and cast the pointer as our result structure var NewIntPtr = new IntPtr(Offset); var Info = (NativeMethods.DS_DOMAIN_TRUSTS)Marshal.PtrToStructure(NewIntPtr, typeof(NativeMethods.DS_DOMAIN_TRUSTS)); Offset = NewIntPtr.ToInt64(); Offset += Increment; var SidString = @""; bool ret = NativeMethods.ConvertSidToStringSid(Info.DomainSid, out SidString); var LastError = Marshal.GetLastWin32Error(); if (ret == false) { Logger.Write_Verbose($@"[Get-DomainTrust] Error: {new System.ComponentModel.Win32Exception(LastError).Message}"); } else { var DomainTrust = new ApiDomainTrust { SourceName = SourceDomain, TargetName = Info.DnsDomainName, TargetNetbiosName = Info.NetbiosDomainName, Flags = Info.Flags, ParentIndex = Info.ParentIndex, TrustType = (NativeMethods.DS_DOMAIN_TRUST_TYPE)Info.TrustType, TrustAttributes = Info.TrustAttributes, TargetSid = SidString, TargetGuid = Info.DomainGuid }; DomainTrusts.Add(DomainTrust); } } // free up the result buffer NativeMethods.NetApiBufferFree(PtrInfo); } else { Logger.Write_Verbose($@"[Get-DomainTrust] Error: {new System.ComponentModel.Win32Exception((int)Result).Message}"); } } else { // if we're searching for domain trusts through .NET methods var FoundDomain = GetDomain.Get_Domain(new Args_Get_Domain { Domain = NetSearcherArguments.Domain, Credential = NetSearcherArguments.Credential }); if (FoundDomain != null) { var items = FoundDomain.GetAllTrustRelationships(); foreach (TrustRelationshipInformation item in items) { DomainTrusts.Add(new NetDomainTrust { SourceName = item.SourceName, TargetName = item.TargetName, TrustDirection = item.TrustDirection, TrustType = item.TrustType }); } } } return(DomainTrusts); }
public static IEnumerable <IDomainTrust> Get_DomainTrustMapping(Args_Get_DomainTrustMapping args = null) { if (args == null) { args = new Args_Get_DomainTrustMapping(); } // keep track of domains seen so we don't hit infinite recursion var SeenDomains = new Dictionary <string, string>(); // our domain status tracker var Domains = new System.Collections.Stack(); var DomainTrustArguments = new Args_Get_DomainTrust { API = args.API, NET = args.NET, LDAPFilter = args.LDAPFilter, Properties = args.Properties, SearchBase = args.SearchBase, Server = args.Server, SearchScope = args.SearchScope, ResultPageSize = args.ResultPageSize, ServerTimeLimit = args.ServerTimeLimit, Tombstone = args.Tombstone, Credential = args.Credential }; // get the current domain and push it onto the stack string CurrentDomain = null; if (args.Credential != null) { CurrentDomain = GetDomain.Get_Domain(new Args_Get_Domain { Credential = args.Credential }).Name; } else { CurrentDomain = GetDomain.Get_Domain().Name; } Domains.Push(CurrentDomain); var DomainTrustMappings = new List <IDomainTrust>(); while (Domains.Count != 0) { string Domain = Domains.Pop() as string; // if we haven't seen this domain before if (Domain != null && Domain.Trim() != @"" && !SeenDomains.ContainsKey(Domain)) { Logger.Write_Verbose($@"[Get-DomainTrustMapping] Enumerating trusts for domain: '{Domain}'"); // mark it as seen in our list SeenDomains.Add(Domain, ""); try { // get all the trusts for this domain DomainTrustArguments.Domain = Domain; var Trusts = GetDomainTrust.Get_DomainTrust(DomainTrustArguments); // get any forest trusts, if they exist if (args.NET) { var ForestTrustArguments = new Args_Get_Forest { Forest = args.Forest, Credential = args.Credential }; Trusts.Union(GetForestTrust.Get_ForestTrust(ForestTrustArguments)); } if (Trusts != null) { // enumerate each trust found foreach (var Trust in Trusts) { if (Trust.SourceName.IsNotNullOrEmpty() && Trust.TargetName.IsNotNullOrEmpty()) { // make sure we process the target Domains.Push(Trust.TargetName); DomainTrustMappings.Add(Trust); } } } } catch (Exception e) { Logger.Write_Verbose($@"[Get-DomainTrustMapping] Error: {e}"); } } } return(DomainTrustMappings); }