You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
249 lines
10 KiB
249 lines
10 KiB
#ifndef DEFINES_ONLY
|
|
#include <windows.h>
|
|
#include <ntverp.h>
|
|
|
|
appicon ICON "trustdom.ico"
|
|
#endif //!DEFINES_ONLY
|
|
|
|
#define VER_FILETYPE VFT_APP
|
|
#define VER_FILESUBTYPE VFT2_UNKNOWN
|
|
#define VER_FILEDESCRIPTION_STR "TRUSTDOM - Manage Trust Links"
|
|
#define VER_INTERNALNAME_STR "trustdom.exe"
|
|
#define VER_FILEVERSION 1,4,0,0
|
|
#define VER_FILEVERSION_STR "1.4.0.0"
|
|
#define VER_FILEVERSION_LSTR L"1.4.0.0"
|
|
|
|
#include "common.ver"
|
|
|
|
#define IDS_USAGE 100
|
|
#define IDS_GENERATERANDOMSID_F 200
|
|
|
|
#define IDS_INVALID_DOMAIN_NAME 210
|
|
|
|
#define IDS_DSGETDCNAME_F 300
|
|
#define IDS_DSGETDCNAME_FRET 301
|
|
#define IDS_DSGETDCNAME_FFORCE 302
|
|
#define IDS_DSGETDCNAME_DC_D 303
|
|
#define IDS_DSGETDCNAME_MIT 304
|
|
|
|
#define IDS_LSAOPENPOLICY_F1 305
|
|
#define IDS_ACCESS_DENIED 306
|
|
#define IDS_ERROR_FORMAT 307
|
|
#define IDS_LOCAL 308
|
|
#define IDS_PASSWORD_PROMPT 309
|
|
|
|
#define IDS_MIT_LOCAL_ONLY_BOTH 310
|
|
|
|
#define IDS_GETDOMAININFOFORDOMAIN_D 400
|
|
#define IDS_PRIMARY_D 401
|
|
//#define IDS_GETDOMAININFOFORDOMAINPRI_D 402
|
|
#define IDS_DOMAINNAMED 403
|
|
#define IDS_LSAENUMERATETRUSTEDDOMAINSEX_D 404
|
|
#define IDS_LSAENUMERATETRUSTEDDOMAINS_D 405
|
|
#define IDS_NETUSERENUM_D 406
|
|
#define IDS_LSACREATETRUSTEDDOMAINEX_F 407
|
|
#define IDS_NETUSERADD_F 408
|
|
#define IDS_NERR_UserExists 409
|
|
#define IDS_LSACREATETRUSTEDDOMAIN_F 410
|
|
#define IDS_STATUS_OBJECT_NAME_COLLISION 411
|
|
|
|
#define IDS_LSACREATESECRET_F 420
|
|
#define IDS_LSASETSECRET_F 421
|
|
#define IDS_GETTRUSTLINKS_F 422
|
|
#define IDS_NO_TRUST_OBJECT_D 423
|
|
#define IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F 424
|
|
#define IDS_LSASETTRUSTEDDOMAININFOBYNAME_F 425
|
|
#define IDS_LSAOPENTRUSTEDDOMAIN_F 426
|
|
#define IDS_NONNULL_SID 427
|
|
#define IDS_DELETION_F 428
|
|
#define IDS_SECRET_NOT_FOUND_D 429
|
|
#define IDS_LSAOPENSECRET_F 430
|
|
#define IDS_LSADELETE_F 431
|
|
#define IDS_NETUSERDEL_F 432
|
|
#define IDS_UNKNOWN_OPTION 433
|
|
#define IDS_DOMARGUMENTS 434
|
|
#define IDS_WARNING 435
|
|
#define IDS_ERROR 436
|
|
#define IDS_PARENT_REQ_BOTH 437
|
|
#define IDS_LOCAL_DEL_TRUST_F 438
|
|
#define IDS_REMOTE_DEL_TRUST_F 439
|
|
#define IDS_LOCAL_CHK_TRUST_F 440
|
|
#define IDS_REMOTE_CHK_TRUST_F 441
|
|
|
|
|
|
#define IDS_NT4_REQ_DOWNLEVEL 445
|
|
#define IDS_CREATE_TRUST_F 446
|
|
#define IDS_COMMAND_FAILED 447
|
|
|
|
|
|
|
|
#define IDS_FORCENT4 450
|
|
|
|
#define IDS_PROCESSDOM 500
|
|
#define IDS_DELTRUSTFROMTO 501
|
|
#define IDS_CHKTRUSTFROMTO 502
|
|
|
|
#define IDS_LSAQUERYNULLSID 510
|
|
#define IDS_LSASETNULLSID 511
|
|
#define IDS_NULLSID 512
|
|
|
|
#define IDS_LSATRUSTHANDLE 550
|
|
#define IDS_LSADELOBJ 551
|
|
|
|
#define IDS_VERIFY_VALID 660
|
|
#define IDS_VERIFY_INVALID_INCOMING 661
|
|
#define IDS_VERIFY_INVALID_OUTGOING 662
|
|
#define IDS_VERIFY_CHECK 663
|
|
#define IDS_VERIFY_UNMAPPABLE 664
|
|
|
|
|
|
#ifndef DEFINES_ONLY
|
|
|
|
STRINGTABLE DISCARDABLE
|
|
BEGIN
|
|
IDS_USAGE, "\
|
|
TRUSTDOM - (ver %ws) - Manage Trust Links\n\
|
|
Usage:\n\
|
|
trustdom [[domain[:dc],]target_domain[:dc]] [Options]\n\n\
|
|
Displays/creates/deletes trust links with/between the specified target\n\
|
|
domain(s). It can be used remotely, from another machine.\n\
|
|
If a pair is specified, the link will be between the two domains.\n\
|
|
Default action: '-out', that is a one-way trust is created, as follows:\n\
|
|
\040 an outbound trust on the local/specified domain\n\
|
|
\040 an inbound trust on the specified target domain\n\
|
|
Examples:
|
|
\040trustdom DOMB
|
|
\040 one-way trust from local domain to DOMB
|
|
\040trustdom DOMX,DOMY
|
|
\040 one-way trust from DOMX to DOMY
|
|
\040trustdom SOMEDOM -list
|
|
\040 list trusts for domain SOMEDOM; without the domain name would mean 'local'
|
|
Arguments:\n\
|
|
\040domain/target_domain\n\
|
|
\040 - Domains (flat or DNS names)\n\
|
|
\040 For multiple DC domains, you can specify the DC to
|
|
\040 connect to in the form 'domain:dc'
|
|
Options:
|
|
\040-list - list all trust links of the specified target domain\n\
|
|
\040 (or local domain if none is specified) and exit (all other\n\
|
|
\040 commands are ignored)\n\
|
|
\040-untrust - Breaks the trust\n\
|
|
\040-sidcheck - Check the sids in the specified trust link\n\
|
|
\040-verify - Verify the current domain trusts for viability\n\
|
|
\040-both - Establishes a two way trust (bidirectional)\n\
|
|
\040-out - Establishes an outbound trust [default]\n\
|
|
\040-in - Establishes an inbound trust\n\
|
|
\040 Specifying '-in -out' is equivalent with '-both'\n\
|
|
\040-localonly - All operations (create/delete) are applied only for the\n\
|
|
\040 trust objects on the first/local DC (use with care)\n\
|
|
\040-downlevel - Creates a downlevel trust\n\
|
|
\040-mit - Creates MIT Kerberos trust (enables 'localonly' and 'both')\n\
|
|
\040-parent - Establishes a two way parent/child trust;\n\
|
|
\040 set the parent bit in the trust object on the child machine\n\
|
|
\040-pw:password - Optional password to set on the object as CLEARTEXT only.\n\
|
|
\040 Use '*' to enter password in no-echo mode\n\
|
|
\040-debug - Detailed messages about operation\n\
|
|
\040-force - Force application of the settings, even if they are illegal\n\
|
|
\040 or the target domain is nonexistent/nonaccessible\n\
|
|
\040 e.g., setting a trust to a NT4 machine without\n\
|
|
\040 specifying 'downlevel'; (use with care)\n\
|
|
\040-nt4 - force nt4 style operation even if domains are NT5\n\
|
|
\040-sidlist - list SIDs too (enables 'list' option; NT5 only)\n\
|
|
The comma-separated fields displayed with the '-list/-sidlist' command:\n\
|
|
\040name of domain (if possible, the DNS name)\n\
|
|
\040direction of trust: I(nbound), O(utbound), B(idirectional)\n\
|
|
\040type of trust: T_downlevel, T_uplevel, T_mit, T_DCE\n\
|
|
\040trust attributes (as 4 separate fields; a missing attribute is replaced by _):\n\
|
|
\040 A_NonTran,A_UpLevelOnly,A_TreeParent,A_TreeRoot\n\
|
|
\040sid from the trust object (if '-sidlist' is specified)\n"
|
|
|
|
|
|
IDS_GENERATERANDOMSID_F "GenerateRandomSID failed: err 0x%08lx\012"
|
|
|
|
IDS_INVALID_DOMAIN_NAME "Invalid domain name: %ws\n"
|
|
|
|
|
|
IDS_DSGETDCNAME_F "DsGetDcName for %ws failed: 0x%08lx;"
|
|
IDS_DSGETDCNAME_FRET " ...now returning Status 0x%08lx (STATUS_NO_SUCH_DOMAIN)\012"
|
|
IDS_DSGETDCNAME_FFORCE " ...'-force' option specified; ignoring the previous DsGetDcName error\012"
|
|
//IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws (flags:0x%08lx)\012"
|
|
IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws\012"
|
|
IDS_DSGETDCNAME_MIT "For a MIT trust: assuming %ws is a Unix machine...\n"
|
|
|
|
IDS_LSAOPENPOLICY_F1 "LsaOpenPolicy on %ws failed with "
|
|
IDS_ACCESS_DENIED "STATUS_ACCESS_DENIED\012"
|
|
IDS_ERROR_FORMAT "err 0x%08lx\012"
|
|
IDS_LOCAL "(local)"
|
|
IDS_PASSWORD_PROMPT "Password : "
|
|
|
|
IDS_MIT_LOCAL_ONLY_BOTH "MIT trusts: always local only and both; enabling 'localonly' and 'both' options\n"
|
|
|
|
IDS_GETDOMAININFOFORDOMAIN_D "GetDomainInfoForDomain for %ws: LsaQueryInformationPolicy(%ws) returned 0x%lx\012"
|
|
IDS_PRIMARY_D "Trying (Primary)...\012"
|
|
|
|
IDS_DOMAINNAMED "DNSDomainName: %wZ\012"
|
|
|
|
IDS_LSAENUMERATETRUSTEDDOMAINSEX_D "LsaEnumerateTrustedDomainsEx for %wZ returned 0x%08lx (%lu entries)\012"
|
|
IDS_LSAENUMERATETRUSTEDDOMAINS_D "LsaEnumerateTrustedDomains for %wZ returned 0x%08lx (%lu entries)\012"
|
|
|
|
IDS_NETUSERENUM_D "NetUserEnum for %wZ returned 0x%08lx (%lu entries)\012"
|
|
|
|
IDS_LSACREATETRUSTEDDOMAINEX_F "LsaCreateTrustedDomainEx on %wZ for %ws failed with 0x%lx\012"
|
|
IDS_STATUS_OBJECT_NAME_COLLISION "On %wZ there is already a trust object to %ws\n"
|
|
|
|
IDS_NETUSERADD_F "NetUserAdd on %ws for %ws failed: err 0x%08lx\012"
|
|
IDS_NERR_UserExists "On %ws user %ws already exists\n"
|
|
|
|
IDS_LSACREATETRUSTEDDOMAIN_F "LsaCreateTrustedDomain failed: err 0x%08lx\012"
|
|
IDS_LSACREATESECRET_F "LsaCreateSecret failed: err 0x%08lx\012"
|
|
IDS_LSASETSECRET_F "LsaSetSecret failed: err 0x%08lx\012"
|
|
|
|
IDS_GETTRUSTLINKS_F "GetTrustLinks on %wZ failed: err 0x%08lx\012"
|
|
IDS_NO_TRUST_OBJECT_D "On %wZ, no trust object to %wZ found...\012"
|
|
IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F "LsaQueryTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012"
|
|
IDS_LSASETTRUSTEDDOMAININFOBYNAME_F "LsaSetTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012"
|
|
IDS_LSAOPENTRUSTEDDOMAIN_F "LsaOpenTrustedDomain failed: err 0x%08lx\012"
|
|
IDS_NONNULL_SID "DeleteTrustLinks: cannot get a nonNULL sid for the trust to %wZ\012"
|
|
IDS_DELETION_F "Deletion of trusted domain object on %wZ failed with 0x%lx\012"
|
|
IDS_SECRET_NOT_FOUND_D "Secret %wZ not found. Ignoring...\012"
|
|
IDS_LSAOPENSECRET_F "LsaOpenSecret failed: err 0x%08lx\012"
|
|
IDS_LSADELETE_F "LsaDelete on secret %wZ failed: err 0x%08lx\012"
|
|
IDS_NETUSERDEL_F "NetUserDel for user %ws failed: err 0x%08lx\012"
|
|
|
|
IDS_UNKNOWN_OPTION "Unknown option: %s\012"
|
|
IDS_DOMARGUMENTS "Trust Link between domains: [%ws%ws%ws],[%ws%ws%ws]\012"
|
|
IDS_WARNING "Warning"
|
|
IDS_ERROR "Error"
|
|
IDS_PARENT_REQ_BOTH "%ws: '-parent' REQUIRES '-both'\012"
|
|
IDS_LOCAL_DEL_TRUST_F "Local: Deleting trust things failed with 0x%lx\012"
|
|
IDS_REMOTE_DEL_TRUST_F "Remote: Deleting trust things failed with 0x%lx\012"
|
|
IDS_LOCAL_CHK_TRUST_F "Local: Checking trust things failed with 0x%lx\012"
|
|
IDS_REMOTE_CHK_TRUST_F "Remote: Checking trust things failed with 0x%lx\012"
|
|
|
|
IDS_NT4_REQ_DOWNLEVEL "%ws: NT4 DCs REQUIRE '-downlevel'\012"
|
|
IDS_CREATE_TRUST_F "Creating trust from %ws to %ws failed with 0x%lx\012"
|
|
IDS_COMMAND_FAILED "The command failed: err 0x%0lx\012"
|
|
|
|
IDS_FORCENT4 "...'-nt4' flag used; force NT4 style trust operation for domain %ws\n"
|
|
|
|
IDS_PROCESSDOM "-- Processing domain: %wZ...\n"
|
|
IDS_DELTRUSTFROMTO "-- Deleting on domain %wZ trust to domain %wZ...\n"
|
|
IDS_CHKTRUSTFROMTO "-- Checking on domain %wZ trust to domain %wZ...\n"
|
|
|
|
IDS_LSAQUERYNULLSID "NULL sid returned by LsaQueryTrustedDomainInfoByName\n"
|
|
IDS_LSASETNULLSID "LsaSetTrustedDomainInfoByName: NULL sid\n"
|
|
IDS_NULLSID "#### NULL sid\n"
|
|
IDS_LSATRUSTHANDLE "Handle returned by LsaOpenTrustedDomain: 0x%08lx (Status: 0x%08lx)\n"
|
|
IDS_LSADELOBJ "Attempting deleting LSA Object with handle 0x%08lx\n"
|
|
|
|
IDS_VERIFY_VALID "\nThe following trusts verfied correctly:\n"
|
|
IDS_VERIFY_INVALID_INCOMING "\nThe following trusts where invalid in the inbound direction:\n"
|
|
IDS_VERIFY_INVALID_OUTGOING "\nThe following trusts where invalid in the outbound direction:\n"
|
|
IDS_VERIFY_CHECK "Validating trust from domain %wZ to domain %wZ\n"
|
|
IDS_VERIFY_UNMAPPABLE "unmapped error code 0x%lx\n"
|
|
|
|
END
|
|
|
|
|
|
|
|
#endif //!DEFINES_ONLY
|