Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

249 lines
10 KiB

#ifndef DEFINES_ONLY
#include <windows.h>
#include <ntverp.h>
appicon ICON "trustdom.ico"
#endif //!DEFINES_ONLY
#define VER_FILETYPE VFT_APP
#define VER_FILESUBTYPE VFT2_UNKNOWN
#define VER_FILEDESCRIPTION_STR "TRUSTDOM - Manage Trust Links"
#define VER_INTERNALNAME_STR "trustdom.exe"
#define VER_FILEVERSION 1,4,0,0
#define VER_FILEVERSION_STR "1.4.0.0"
#define VER_FILEVERSION_LSTR L"1.4.0.0"
#include "common.ver"
#define IDS_USAGE 100
#define IDS_GENERATERANDOMSID_F 200
#define IDS_INVALID_DOMAIN_NAME 210
#define IDS_DSGETDCNAME_F 300
#define IDS_DSGETDCNAME_FRET 301
#define IDS_DSGETDCNAME_FFORCE 302
#define IDS_DSGETDCNAME_DC_D 303
#define IDS_DSGETDCNAME_MIT 304
#define IDS_LSAOPENPOLICY_F1 305
#define IDS_ACCESS_DENIED 306
#define IDS_ERROR_FORMAT 307
#define IDS_LOCAL 308
#define IDS_PASSWORD_PROMPT 309
#define IDS_MIT_LOCAL_ONLY_BOTH 310
#define IDS_GETDOMAININFOFORDOMAIN_D 400
#define IDS_PRIMARY_D 401
//#define IDS_GETDOMAININFOFORDOMAINPRI_D 402
#define IDS_DOMAINNAMED 403
#define IDS_LSAENUMERATETRUSTEDDOMAINSEX_D 404
#define IDS_LSAENUMERATETRUSTEDDOMAINS_D 405
#define IDS_NETUSERENUM_D 406
#define IDS_LSACREATETRUSTEDDOMAINEX_F 407
#define IDS_NETUSERADD_F 408
#define IDS_NERR_UserExists 409
#define IDS_LSACREATETRUSTEDDOMAIN_F 410
#define IDS_STATUS_OBJECT_NAME_COLLISION 411
#define IDS_LSACREATESECRET_F 420
#define IDS_LSASETSECRET_F 421
#define IDS_GETTRUSTLINKS_F 422
#define IDS_NO_TRUST_OBJECT_D 423
#define IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F 424
#define IDS_LSASETTRUSTEDDOMAININFOBYNAME_F 425
#define IDS_LSAOPENTRUSTEDDOMAIN_F 426
#define IDS_NONNULL_SID 427
#define IDS_DELETION_F 428
#define IDS_SECRET_NOT_FOUND_D 429
#define IDS_LSAOPENSECRET_F 430
#define IDS_LSADELETE_F 431
#define IDS_NETUSERDEL_F 432
#define IDS_UNKNOWN_OPTION 433
#define IDS_DOMARGUMENTS 434
#define IDS_WARNING 435
#define IDS_ERROR 436
#define IDS_PARENT_REQ_BOTH 437
#define IDS_LOCAL_DEL_TRUST_F 438
#define IDS_REMOTE_DEL_TRUST_F 439
#define IDS_LOCAL_CHK_TRUST_F 440
#define IDS_REMOTE_CHK_TRUST_F 441
#define IDS_NT4_REQ_DOWNLEVEL 445
#define IDS_CREATE_TRUST_F 446
#define IDS_COMMAND_FAILED 447
#define IDS_FORCENT4 450
#define IDS_PROCESSDOM 500
#define IDS_DELTRUSTFROMTO 501
#define IDS_CHKTRUSTFROMTO 502
#define IDS_LSAQUERYNULLSID 510
#define IDS_LSASETNULLSID 511
#define IDS_NULLSID 512
#define IDS_LSATRUSTHANDLE 550
#define IDS_LSADELOBJ 551
#define IDS_VERIFY_VALID 660
#define IDS_VERIFY_INVALID_INCOMING 661
#define IDS_VERIFY_INVALID_OUTGOING 662
#define IDS_VERIFY_CHECK 663
#define IDS_VERIFY_UNMAPPABLE 664
#ifndef DEFINES_ONLY
STRINGTABLE DISCARDABLE
BEGIN
IDS_USAGE, "\
TRUSTDOM - (ver %ws) - Manage Trust Links\n\
Usage:\n\
trustdom [[domain[:dc],]target_domain[:dc]] [Options]\n\n\
Displays/creates/deletes trust links with/between the specified target\n\
domain(s). It can be used remotely, from another machine.\n\
If a pair is specified, the link will be between the two domains.\n\
Default action: '-out', that is a one-way trust is created, as follows:\n\
\040 an outbound trust on the local/specified domain\n\
\040 an inbound trust on the specified target domain\n\
Examples:
\040trustdom DOMB
\040 one-way trust from local domain to DOMB
\040trustdom DOMX,DOMY
\040 one-way trust from DOMX to DOMY
\040trustdom SOMEDOM -list
\040 list trusts for domain SOMEDOM; without the domain name would mean 'local'
Arguments:\n\
\040domain/target_domain\n\
\040 - Domains (flat or DNS names)\n\
\040 For multiple DC domains, you can specify the DC to
\040 connect to in the form 'domain:dc'
Options:
\040-list - list all trust links of the specified target domain\n\
\040 (or local domain if none is specified) and exit (all other\n\
\040 commands are ignored)\n\
\040-untrust - Breaks the trust\n\
\040-sidcheck - Check the sids in the specified trust link\n\
\040-verify - Verify the current domain trusts for viability\n\
\040-both - Establishes a two way trust (bidirectional)\n\
\040-out - Establishes an outbound trust [default]\n\
\040-in - Establishes an inbound trust\n\
\040 Specifying '-in -out' is equivalent with '-both'\n\
\040-localonly - All operations (create/delete) are applied only for the\n\
\040 trust objects on the first/local DC (use with care)\n\
\040-downlevel - Creates a downlevel trust\n\
\040-mit - Creates MIT Kerberos trust (enables 'localonly' and 'both')\n\
\040-parent - Establishes a two way parent/child trust;\n\
\040 set the parent bit in the trust object on the child machine\n\
\040-pw:password - Optional password to set on the object as CLEARTEXT only.\n\
\040 Use '*' to enter password in no-echo mode\n\
\040-debug - Detailed messages about operation\n\
\040-force - Force application of the settings, even if they are illegal\n\
\040 or the target domain is nonexistent/nonaccessible\n\
\040 e.g., setting a trust to a NT4 machine without\n\
\040 specifying 'downlevel'; (use with care)\n\
\040-nt4 - force nt4 style operation even if domains are NT5\n\
\040-sidlist - list SIDs too (enables 'list' option; NT5 only)\n\
The comma-separated fields displayed with the '-list/-sidlist' command:\n\
\040name of domain (if possible, the DNS name)\n\
\040direction of trust: I(nbound), O(utbound), B(idirectional)\n\
\040type of trust: T_downlevel, T_uplevel, T_mit, T_DCE\n\
\040trust attributes (as 4 separate fields; a missing attribute is replaced by _):\n\
\040 A_NonTran,A_UpLevelOnly,A_TreeParent,A_TreeRoot\n\
\040sid from the trust object (if '-sidlist' is specified)\n"
IDS_GENERATERANDOMSID_F "GenerateRandomSID failed: err 0x%08lx\012"
IDS_INVALID_DOMAIN_NAME "Invalid domain name: %ws\n"
IDS_DSGETDCNAME_F "DsGetDcName for %ws failed: 0x%08lx;"
IDS_DSGETDCNAME_FRET " ...now returning Status 0x%08lx (STATUS_NO_SUCH_DOMAIN)\012"
IDS_DSGETDCNAME_FFORCE " ...'-force' option specified; ignoring the previous DsGetDcName error\012"
//IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws (flags:0x%08lx)\012"
IDS_DSGETDCNAME_DC_D "DC used for domain %ws: %ws\012"
IDS_DSGETDCNAME_MIT "For a MIT trust: assuming %ws is a Unix machine...\n"
IDS_LSAOPENPOLICY_F1 "LsaOpenPolicy on %ws failed with "
IDS_ACCESS_DENIED "STATUS_ACCESS_DENIED\012"
IDS_ERROR_FORMAT "err 0x%08lx\012"
IDS_LOCAL "(local)"
IDS_PASSWORD_PROMPT "Password : "
IDS_MIT_LOCAL_ONLY_BOTH "MIT trusts: always local only and both; enabling 'localonly' and 'both' options\n"
IDS_GETDOMAININFOFORDOMAIN_D "GetDomainInfoForDomain for %ws: LsaQueryInformationPolicy(%ws) returned 0x%lx\012"
IDS_PRIMARY_D "Trying (Primary)...\012"
IDS_DOMAINNAMED "DNSDomainName: %wZ\012"
IDS_LSAENUMERATETRUSTEDDOMAINSEX_D "LsaEnumerateTrustedDomainsEx for %wZ returned 0x%08lx (%lu entries)\012"
IDS_LSAENUMERATETRUSTEDDOMAINS_D "LsaEnumerateTrustedDomains for %wZ returned 0x%08lx (%lu entries)\012"
IDS_NETUSERENUM_D "NetUserEnum for %wZ returned 0x%08lx (%lu entries)\012"
IDS_LSACREATETRUSTEDDOMAINEX_F "LsaCreateTrustedDomainEx on %wZ for %ws failed with 0x%lx\012"
IDS_STATUS_OBJECT_NAME_COLLISION "On %wZ there is already a trust object to %ws\n"
IDS_NETUSERADD_F "NetUserAdd on %ws for %ws failed: err 0x%08lx\012"
IDS_NERR_UserExists "On %ws user %ws already exists\n"
IDS_LSACREATETRUSTEDDOMAIN_F "LsaCreateTrustedDomain failed: err 0x%08lx\012"
IDS_LSACREATESECRET_F "LsaCreateSecret failed: err 0x%08lx\012"
IDS_LSASETSECRET_F "LsaSetSecret failed: err 0x%08lx\012"
IDS_GETTRUSTLINKS_F "GetTrustLinks on %wZ failed: err 0x%08lx\012"
IDS_NO_TRUST_OBJECT_D "On %wZ, no trust object to %wZ found...\012"
IDS_LSAQUERYTRUSTEDDOMAININFOBYNAME_F "LsaQueryTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012"
IDS_LSASETTRUSTEDDOMAININFOBYNAME_F "LsaSetTrustedDomainInfoByName on %wZ for %wZ failed: err 0x%08lx\012"
IDS_LSAOPENTRUSTEDDOMAIN_F "LsaOpenTrustedDomain failed: err 0x%08lx\012"
IDS_NONNULL_SID "DeleteTrustLinks: cannot get a nonNULL sid for the trust to %wZ\012"
IDS_DELETION_F "Deletion of trusted domain object on %wZ failed with 0x%lx\012"
IDS_SECRET_NOT_FOUND_D "Secret %wZ not found. Ignoring...\012"
IDS_LSAOPENSECRET_F "LsaOpenSecret failed: err 0x%08lx\012"
IDS_LSADELETE_F "LsaDelete on secret %wZ failed: err 0x%08lx\012"
IDS_NETUSERDEL_F "NetUserDel for user %ws failed: err 0x%08lx\012"
IDS_UNKNOWN_OPTION "Unknown option: %s\012"
IDS_DOMARGUMENTS "Trust Link between domains: [%ws%ws%ws],[%ws%ws%ws]\012"
IDS_WARNING "Warning"
IDS_ERROR "Error"
IDS_PARENT_REQ_BOTH "%ws: '-parent' REQUIRES '-both'\012"
IDS_LOCAL_DEL_TRUST_F "Local: Deleting trust things failed with 0x%lx\012"
IDS_REMOTE_DEL_TRUST_F "Remote: Deleting trust things failed with 0x%lx\012"
IDS_LOCAL_CHK_TRUST_F "Local: Checking trust things failed with 0x%lx\012"
IDS_REMOTE_CHK_TRUST_F "Remote: Checking trust things failed with 0x%lx\012"
IDS_NT4_REQ_DOWNLEVEL "%ws: NT4 DCs REQUIRE '-downlevel'\012"
IDS_CREATE_TRUST_F "Creating trust from %ws to %ws failed with 0x%lx\012"
IDS_COMMAND_FAILED "The command failed: err 0x%0lx\012"
IDS_FORCENT4 "...'-nt4' flag used; force NT4 style trust operation for domain %ws\n"
IDS_PROCESSDOM "-- Processing domain: %wZ...\n"
IDS_DELTRUSTFROMTO "-- Deleting on domain %wZ trust to domain %wZ...\n"
IDS_CHKTRUSTFROMTO "-- Checking on domain %wZ trust to domain %wZ...\n"
IDS_LSAQUERYNULLSID "NULL sid returned by LsaQueryTrustedDomainInfoByName\n"
IDS_LSASETNULLSID "LsaSetTrustedDomainInfoByName: NULL sid\n"
IDS_NULLSID "#### NULL sid\n"
IDS_LSATRUSTHANDLE "Handle returned by LsaOpenTrustedDomain: 0x%08lx (Status: 0x%08lx)\n"
IDS_LSADELOBJ "Attempting deleting LSA Object with handle 0x%08lx\n"
IDS_VERIFY_VALID "\nThe following trusts verfied correctly:\n"
IDS_VERIFY_INVALID_INCOMING "\nThe following trusts where invalid in the inbound direction:\n"
IDS_VERIFY_INVALID_OUTGOING "\nThe following trusts where invalid in the outbound direction:\n"
IDS_VERIFY_CHECK "Validating trust from domain %wZ to domain %wZ\n"
IDS_VERIFY_UNMAPPABLE "unmapped error code 0x%lx\n"
END
#endif //!DEFINES_ONLY