Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

249 lines
10 KiB

  1. #ifndef DEFINES_ONLY
  2. #include <windows.h>
  3. #include <ntverp.h>
  4. appicon ICON "trustdom.ico"
  5. #endif //!DEFINES_ONLY
  6. #define VER_FILETYPE VFT_APP
  7. #define VER_FILESUBTYPE VFT2_UNKNOWN
  8. #define VER_FILEDESCRIPTION_STR "TRUSTDOM - Manage Trust Links"
  9. #define VER_INTERNALNAME_STR "trustdom.exe"
  10. #define VER_FILEVERSION 1,4,0,0
  11. #define VER_FILEVERSION_STR "1.4.0.0"
  12. #define VER_FILEVERSION_LSTR L"1.4.0.0"
  13. #include "common.ver"
  14. #define IDS_USAGE 100
  15. #define IDS_GENERATERANDOMSID_F 200
  16. #define IDS_INVALID_DOMAIN_NAME 210
  17. #define IDS_DSGETDCNAME_F 300
  18. #define IDS_DSGETDCNAME_FRET 301
  19. #define IDS_DSGETDCNAME_FFORCE 302
  20. #define IDS_DSGETDCNAME_DC_D 303
  21. #define IDS_DSGETDCNAME_MIT 304
  22. #define IDS_LSAOPENPOLICY_F1 305
  23. #define IDS_ACCESS_DENIED 306
  24. #define IDS_ERROR_FORMAT 307
  25. #define IDS_LOCAL 308
  26. #define IDS_PASSWORD_PROMPT 309
  27. #define IDS_MIT_LOCAL_ONLY_BOTH 310
  28. #define IDS_GETDOMAININFOFORDOMAIN_D 400
  29. #define IDS_PRIMARY_D 401
  30. //#define IDS_GETDOMAININFOFORDOMAINPRI_D 402
  31. #define IDS_DOMAINNAMED 403
  32. #define IDS_LSAENUMERATETRUSTEDDOMAINSEX_D 404
  33. #define IDS_LSAENUMERATETRUSTEDDOMAINS_D 405
  34. #define IDS_NETUSERENUM_D 406
  35. #define IDS_LSACREATETRUSTEDDOMAINEX_F 407
  36. #define IDS_NETUSERADD_F 408
  37. #define IDS_NERR_UserExists 409
  38. #define IDS_LSACREATETRUSTEDDOMAIN_F 410
  39. #define IDS_STATUS_OBJECT_NAME_COLLISION 411
  40. #define IDS_LSACREATESECRET_F 420
  41. #define IDS_LSASETSECRET_F 421
  42. #define IDS_GETTRUSTLINKS_F 422
  43. #define IDS_NO_TRUST_OBJECT_D 423
  44. #define IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F 424
  45. #define IDS_LSASETTRUSTEDDOMAININFOBYNAME_F 425
  46. #define IDS_LSAOPENTRUSTEDDOMAIN_F 426
  47. #define IDS_NONNULL_SID 427
  48. #define IDS_DELETION_F 428
  49. #define IDS_SECRET_NOT_FOUND_D 429
  50. #define IDS_LSAOPENSECRET_F 430
  51. #define IDS_LSADELETE_F 431
  52. #define IDS_NETUSERDEL_F 432
  53. #define IDS_UNKNOWN_OPTION 433
  54. #define IDS_DOMARGUMENTS 434
  55. #define IDS_WARNING 435
  56. #define IDS_ERROR 436
  57. #define IDS_PARENT_REQ_BOTH 437
  58. #define IDS_LOCAL_DEL_TRUST_F 438
  59. #define IDS_REMOTE_DEL_TRUST_F 439
  60. #define IDS_LOCAL_CHK_TRUST_F 440
  61. #define IDS_REMOTE_CHK_TRUST_F 441
  62. #define IDS_NT4_REQ_DOWNLEVEL 445
  63. #define IDS_CREATE_TRUST_F 446
  64. #define IDS_COMMAND_FAILED 447
  65. #define IDS_FORCENT4 450
  66. #define IDS_PROCESSDOM 500
  67. #define IDS_DELTRUSTFROMTO 501
  68. #define IDS_CHKTRUSTFROMTO 502
  69. #define IDS_LSAQUERYNULLSID 510
  70. #define IDS_LSASETNULLSID 511
  71. #define IDS_NULLSID 512
  72. #define IDS_LSATRUSTHANDLE 550
  73. #define IDS_LSADELOBJ 551
  74. #define IDS_VERIFY_VALID 660
  75. #define IDS_VERIFY_INVALID_INCOMING 661
  76. #define IDS_VERIFY_INVALID_OUTGOING 662
  77. #define IDS_VERIFY_CHECK 663
  78. #define IDS_VERIFY_UNMAPPABLE 664
  79. #ifndef DEFINES_ONLY
  80. STRINGTABLE DISCARDABLE
  81. BEGIN
  82. IDS_USAGE, "\
  83. TRUSTDOM - (ver %ws) - Manage Trust Links\n\
  84. Usage:\n\
  85. trustdom [[domain[:dc],]target_domain[:dc]] [Options]\n\n\
  86. Displays/creates/deletes trust links with/between the specified target\n\
  87. domain(s). It can be used remotely, from another machine.\n\
  88. If a pair is specified, the link will be between the two domains.\n\
  89. Default action: '-out', that is a one-way trust is created, as follows:\n\
  90. \040 an outbound trust on the local/specified domain\n\
  91. \040 an inbound trust on the specified target domain\n\
  92. Examples:
  93. \040trustdom DOMB
  94. \040 one-way trust from local domain to DOMB
  95. \040trustdom DOMX,DOMY
  96. \040 one-way trust from DOMX to DOMY
  97. \040trustdom SOMEDOM -list
  98. \040 list trusts for domain SOMEDOM; without the domain name would mean 'local'
  99. Arguments:\n\
  100. \040domain/target_domain\n\
  101. \040 - Domains (flat or DNS names)\n\
  102. \040 For multiple DC domains, you can specify the DC to
  103. \040 connect to in the form 'domain:dc'
  104. Options:
  105. \040-list - list all trust links of the specified target domain\n\
  106. \040 (or local domain if none is specified) and exit (all other\n\
  107. \040 commands are ignored)\n\
  108. \040-untrust - Breaks the trust\n\
  109. \040-sidcheck - Check the sids in the specified trust link\n\
  110. \040-verify - Verify the current domain trusts for viability\n\
  111. \040-both - Establishes a two way trust (bidirectional)\n\
  112. \040-out - Establishes an outbound trust [default]\n\
  113. \040-in - Establishes an inbound trust\n\
  114. \040 Specifying '-in -out' is equivalent with '-both'\n\
  115. \040-localonly - All operations (create/delete) are applied only for the\n\
  116. \040 trust objects on the first/local DC (use with care)\n\
  117. \040-downlevel - Creates a downlevel trust\n\
  118. \040-mit - Creates MIT Kerberos trust (enables 'localonly' and 'both')\n\
  119. \040-parent - Establishes a two way parent/child trust;\n\
  120. \040 set the parent bit in the trust object on the child machine\n\
  121. \040-pw:password - Optional password to set on the object as CLEARTEXT only.\n\
  122. \040 Use '*' to enter password in no-echo mode\n\
  123. \040-debug - Detailed messages about operation\n\
  124. \040-force - Force application of the settings, even if they are illegal\n\
  125. \040 or the target domain is nonexistent/nonaccessible\n\
  126. \040 e.g., setting a trust to a NT4 machine without\n\
  127. \040 specifying 'downlevel'; (use with care)\n\
  128. \040-nt4 - force nt4 style operation even if domains are NT5\n\
  129. \040-sidlist - list SIDs too (enables 'list' option; NT5 only)\n\
  130. The comma-separated fields displayed with the '-list/-sidlist' command:\n\
  131. \040name of domain (if possible, the DNS name)\n\
  132. \040direction of trust: I(nbound), O(utbound), B(idirectional)\n\
  133. \040type of trust: T_downlevel, T_uplevel, T_mit, T_DCE\n\
  134. \040trust attributes (as 4 separate fields; a missing attribute is replaced by _):\n\
  135. \040 A_NonTran,A_UpLevelOnly,A_TreeParent,A_TreeRoot\n\
  136. \040sid from the trust object (if '-sidlist' is specified)\n"
  137. IDS_GENERATERANDOMSID_F "GenerateRandomSID failed: err 0x%08lx\012"
  138. IDS_INVALID_DOMAIN_NAME "Invalid domain name: %ws\n"
  139. IDS_DSGETDCNAME_F "DsGetDcName for %ws failed: 0x%08lx;"
  140. IDS_DSGETDCNAME_FRET " ...now returning Status 0x%08lx (STATUS_NO_SUCH_DOMAIN)\012"
  141. IDS_DSGETDCNAME_FFORCE " ...'-force' option specified; ignoring the previous DsGetDcName error\012"
  142. //IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws (flags:0x%08lx)\012"
  143. IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws\012"
  144. IDS_DSGETDCNAME_MIT "For a MIT trust: assuming %ws is a Unix machine...\n"
  145. IDS_LSAOPENPOLICY_F1 "LsaOpenPolicy on %ws failed with "
  146. IDS_ACCESS_DENIED "STATUS_ACCESS_DENIED\012"
  147. IDS_ERROR_FORMAT "err 0x%08lx\012"
  148. IDS_LOCAL "(local)"
  149. IDS_PASSWORD_PROMPT "Password : "
  150. IDS_MIT_LOCAL_ONLY_BOTH "MIT trusts: always local only and both; enabling 'localonly' and 'both' options\n"
  151. IDS_GETDOMAININFOFORDOMAIN_D "GetDomainInfoForDomain for %ws: LsaQueryInformationPolicy(%ws) returned 0x%lx\012"
  152. IDS_PRIMARY_D "Trying (Primary)...\012"
  153. IDS_DOMAINNAMED "DNSDomainName: %wZ\012"
  154. IDS_LSAENUMERATETRUSTEDDOMAINSEX_D "LsaEnumerateTrustedDomainsEx for %wZ returned 0x%08lx (%lu entries)\012"
  155. IDS_LSAENUMERATETRUSTEDDOMAINS_D "LsaEnumerateTrustedDomains for %wZ returned 0x%08lx (%lu entries)\012"
  156. IDS_NETUSERENUM_D "NetUserEnum for %wZ returned 0x%08lx (%lu entries)\012"
  157. IDS_LSACREATETRUSTEDDOMAINEX_F "LsaCreateTrustedDomainEx on %wZ for %ws failed with 0x%lx\012"
  158. IDS_STATUS_OBJECT_NAME_COLLISION "On %wZ there is already a trust object to %ws\n"
  159. IDS_NETUSERADD_F "NetUserAdd on %ws for %ws failed: err 0x%08lx\012"
  160. IDS_NERR_UserExists "On %ws user %ws already exists\n"
  161. IDS_LSACREATETRUSTEDDOMAIN_F "LsaCreateTrustedDomain failed: err 0x%08lx\012"
  162. IDS_LSACREATESECRET_F "LsaCreateSecret failed: err 0x%08lx\012"
  163. IDS_LSASETSECRET_F "LsaSetSecret failed: err 0x%08lx\012"
  164. IDS_GETTRUSTLINKS_F "GetTrustLinks on %wZ failed: err 0x%08lx\012"
  165. IDS_NO_TRUST_OBJECT_D "On %wZ, no trust object to %wZ found...\012"
  166. IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F "LsaQueryTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012"
  167. IDS_LSASETTRUSTEDDOMAININFOBYNAME_F "LsaSetTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012"
  168. IDS_LSAOPENTRUSTEDDOMAIN_F "LsaOpenTrustedDomain failed: err 0x%08lx\012"
  169. IDS_NONNULL_SID "DeleteTrustLinks: cannot get a nonNULL sid for the trust to %wZ\012"
  170. IDS_DELETION_F "Deletion of trusted domain object on %wZ failed with 0x%lx\012"
  171. IDS_SECRET_NOT_FOUND_D "Secret %wZ not found. Ignoring...\012"
  172. IDS_LSAOPENSECRET_F "LsaOpenSecret failed: err 0x%08lx\012"
  173. IDS_LSADELETE_F "LsaDelete on secret %wZ failed: err 0x%08lx\012"
  174. IDS_NETUSERDEL_F "NetUserDel for user %ws failed: err 0x%08lx\012"
  175. IDS_UNKNOWN_OPTION "Unknown option: %s\012"
  176. IDS_DOMARGUMENTS "Trust Link between domains: [%ws%ws%ws],[%ws%ws%ws]\012"
  177. IDS_WARNING "Warning"
  178. IDS_ERROR "Error"
  179. IDS_PARENT_REQ_BOTH "%ws: '-parent' REQUIRES '-both'\012"
  180. IDS_LOCAL_DEL_TRUST_F "Local: Deleting trust things failed with 0x%lx\012"
  181. IDS_REMOTE_DEL_TRUST_F "Remote: Deleting trust things failed with 0x%lx\012"
  182. IDS_LOCAL_CHK_TRUST_F "Local: Checking trust things failed with 0x%lx\012"
  183. IDS_REMOTE_CHK_TRUST_F "Remote: Checking trust things failed with 0x%lx\012"
  184. IDS_NT4_REQ_DOWNLEVEL "%ws: NT4 DCs REQUIRE '-downlevel'\012"
  185. IDS_CREATE_TRUST_F "Creating trust from %ws to %ws failed with 0x%lx\012"
  186. IDS_COMMAND_FAILED "The command failed: err 0x%0lx\012"
  187. IDS_FORCENT4 "...'-nt4' flag used; force NT4 style trust operation for domain %ws\n"
  188. IDS_PROCESSDOM "-- Processing domain: %wZ...\n"
  189. IDS_DELTRUSTFROMTO "-- Deleting on domain %wZ trust to domain %wZ...\n"
  190. IDS_CHKTRUSTFROMTO "-- Checking on domain %wZ trust to domain %wZ...\n"
  191. IDS_LSAQUERYNULLSID "NULL sid returned by LsaQueryTrustedDomainInfoByName\n"
  192. IDS_LSASETNULLSID "LsaSetTrustedDomainInfoByName: NULL sid\n"
  193. IDS_NULLSID "#### NULL sid\n"
  194. IDS_LSATRUSTHANDLE "Handle returned by LsaOpenTrustedDomain: 0x%08lx (Status: 0x%08lx)\n"
  195. IDS_LSADELOBJ "Attempting deleting LSA Object with handle 0x%08lx\n"
  196. IDS_VERIFY_VALID "\nThe following trusts verfied correctly:\n"
  197. IDS_VERIFY_INVALID_INCOMING "\nThe following trusts where invalid in the inbound direction:\n"
  198. IDS_VERIFY_INVALID_OUTGOING "\nThe following trusts where invalid in the outbound direction:\n"
  199. IDS_VERIFY_CHECK "Validating trust from domain %wZ to domain %wZ\n"
  200. IDS_VERIFY_UNMAPPABLE "unmapped error code 0x%lx\n"
  201. END
  202. #endif //!DEFINES_ONLY