-
Notifications
You must be signed in to change notification settings - Fork 3
/
djoin.h
157 lines (127 loc) · 4.6 KB
/
djoin.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#ifndef _AUTHENT_DJOIN_H
#define _AUTHENT_DJOIN_H
#include <uuid/uuid.h>
/* Decode the file format produced by off-line domain join files (produced by djoin.exe)
*/
#ifdef __cplusplus
using namespace std;
extern "C" {
#endif
#define OPTIONS_OFFSET 64 /* 0x40 */
#define DNS_POLICY_GUID_OFFSET 108 /* 0x6c */
#define DOMAIN_CONTROLLER_GUID_OFFSET (DNS_POLICY_GUID_OFFSET + 32 /* 0x20 */)
#define DOMAIN_CONTROLLER_ADDR_TYPE_OFFSET 136 /* 0x88 */
#define DOMAIN_CONTROLLER_FLAGS_OFFSET 164 /* 0xa4 */
// start of the string structs
#define GLOBAL_DOMAIN_OFFSET 180 /* 0xb4 */
// then comes the machine name
// then comes the machine password
// Then comes the DomainDNSPolicy:
// NetBIOS Domain String
// DNS Domain String
// DNS Forest String
// -- Domain GUID is defined by the offset: DNS_POLICY_GUID_OFFSET
//
// Then comes the SID - skip 4 bytes, and then: S-1-5-21-782951354-3473015906-526000759
// uint8_t - S1
// uint8_t - ??? Skip. Seems to be 0x4 but I dont know what this means
// Big Endian, 6 bytes (32 bit) - the number of section (including this one) to follow - normally 5 (0x5)
// Little Endian - 32-bits - normally 21 (0x15)
// Little Endian - 32-bits
// .... until the number of sections has been consumed
//
// Then comes the DC Info - back to string encoding again...
// DomainControllerName,
// DomainControllerAddress,
// -- address-type - comes from DOMAIN_CONTROLLER_ADDR_TYPE_OFFSET (32-bit value)
// -- domain GUI - from DOMAIN_CONTROLLER_GUID_OFFSET
// DomainName,
// DnsForestName
// -- flags - comes from DOMAIN_CONTROLLER_FLAGS_OFFSET
#define MAX_SID_ELEMENTS 10
struct djoin_sid
{
uint32_t header;
uint32_t size;
uint32_t data[MAX_SID_ELEMENTS];
} __attribute__((packed));
struct djoin_str
{
uint32_t buf_size; // How wide the buffer is - number of 16-bit (UTF-16-LE) characters
uint32_t buf_offset; // The start of information within the buffera (characters, not bytes!)
uint32_t buf_len; // How many characters to use, starting from buf_offset
char buffer;
} __attribute__((packed));
#define DJOIN_ADDRESS_TYPE_IPV4 0x01
#define DJOIN_ADDRESS_TYPE_NETBIOS_NAME 0x02
#define DJOIN_FLAG_FOREST_NAME_DNS 0x00000001
#define DJOIN_FLAG_DOMAIN_NAME_DNS 0x00000002
#define DJOIN_FLAG_DC_NAME_DNS 0x00000004
#define DJOIN_FLAG_LEVEL_2012 0x00010000
#define DJOIN_FLAG_AD_WEB_SERVICE 0x00040000
#define DJOIN_FLAG_WRITABLE_DC 0x00080000
#define DJOIN_FLAG_READONLY_DC 0x00100000
#define DJOIN_FLAG_DIR_NC_SERVICE 0x00200000
#define DJOIN_FLAG_NTP_HW_AVAILABLE 0x00400000
#define DJOIN_FLAG_WRITABLE_LDAP 0x00800000
#define DJOIN_FLAG_CLOSEST_TO_CLIENT 0x01000000
#define DJOIN_FLAG_NTP_ONLY_AVAILABLE 0x02000000
#define DJOIN_FLAG_KRB_KDC_AVAILABLE 0x04000000
#define DJOIN_FLAG_DIR_SERVICE 0x08000000
#define DJOIN_FLAG_LDAP_SERVICE 0x10000000
#define DJOIN_FLAG_GLOBAL_CATALOGUE 0x20000000
#define DJOIN_FLAG_PRIMARY_DC 0x80000000
struct djoin_domain_controller
{
char *domain_controller_name;
char *domain_controller_address;
uint32_t domain_controller_address_type;
uuid_t guid;
char *dns_domain_name;
char *dns_forest_name;
uint32_t flags;
char *dc_site_name;
char *client_site_name;
};
struct djoin_domain_dns_policy
{
char *netbios_domain_name;
char *dns_domain_name;
char *dns_forest_name;
uuid_t guid;
struct djoin_sid sid;
};
struct djoin_section_header
{
uint64_t version;
uint64_t payload_len;
} __attribute__((packed));
struct djoin_info
{
struct djoin_section_header file_header;
char *domain_name;
char *machine_name;
char *machine_password;
struct djoin_domain_dns_policy policy;
struct djoin_domain_controller controller;
uint32_t options;
};
// Parse the domain info from the specified file
struct djoin_info *djoin_read_domain_file(const char *file);
// Parse the domain info data
struct djoin_info *djoin_get_domain_info(const char *buf, int buf_len);
// Print out the domain information
void djoin_print_domain_info(struct djoin_info *info, int level);
// Get the string represented by the string buffer, making sure it does not go out
// of bounds of the underlying buffer
char * djoin_convert_string(struct djoin_str *str, const char *buf, int buf_len);
// Get the next field after the specified string
char *djoin_advance_string(struct djoin_str *str);
// Convert a SID to a string. str should be at least 64 bytes
void djoin_unparse_sid(struct djoin_sid *sid, char *str);
// Free a domain-info structure
void djoin_free_info(struct djoin_info *i);
#ifdef __cplusplus
}
#endif
#endif /* _AUTHENT_DJOIN_H */