Documentation
¶
Overview ¶
Microsoft Privilege Attribute Certificate (PAC) processing.
Index ¶
- Constants
- type KerbValidationInfo
- type NTLM_SupplementalCred
- type PACInfoBuffer
- type PACType
- type PAC_ClientClaimsInfo
- type PAC_ClientInfo
- type PAC_CredentialData
- type PAC_CredentialsInfo
- type PAC_DeviceClaimsInfo
- type PAC_DeviceInfo
- type PAC_SignatureData
- type S4U_DelegationInfo
- type SECPKG_SupplementalCred
- type UPN_DNSInfo
Constants ¶
View Source
const ( NTLM_SUP_CRED_LMOWF = 31 // Indicates that the LM OWF member is present and valid. NTLM_SUP_CRED_NTOWF = 30 // Indicates that the NT OWF member is present and valid. )
View Source
const ( USERFLAG_GUEST = 31 // Authentication was done via the GUEST account; no password was used. USERFLAG_NO_ENCRYPTION_AVAILABLE = 30 // No encryption is available. USERFLAG_LAN_MANAGER_KEY = 28 // LAN Manager key was used for authentication. USERFLAG_SUB_AUTH = 25 // Sub-authentication used; session key came from the sub-authentication package. USERFLAG_EXTRA_SIDS = 26 // Indicates that the ExtraSids field is populated and contains additional SIDs. USERFLAG_MACHINE_ACCOUNT = 24 // Indicates that the account is a machine account. USERFLAG_DC_NTLM2 = 23 // Indicates that the domain controller understands NTLMv2. USERFLAG_RESOURCE_GROUPIDS = 22 // Indicates that the ResourceGroupIds field is populated. USERFLAG_PROFILEPATH = 21 // Indicates that ProfilePath is populated. USERFLAG_NTLM2_NTCHALLENGERESP = 20 // The NTLMv2 response from the NtChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and session key generation. USERFLAG_LM2_LMCHALLENGERESP = 19 // The LMv2 response from the LmChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and session key generation. USERFLAG_AUTH_LMCHALLENGERESP_KEY_NTCHALLENGERESP = 18 // The LMv2 response from the LmChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and the NTLMv2 response from the NtChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used session key generation. )
View Source
const ( ULTYPE_KERB_VALIDATION_INFO = 1 ULTYPE_CREDENTIALS = 2 ULTYPE_PAC_SERVER_SIGNATURE_DATA = 6 ULTYPE_PAC_KDC_SIGNATURE_DATA = 7 ULTYPE_PAC_CLIENT_INFO = 10 ULTYPE_S4U_DELEGATION_INFO = 11 ULTYPE_UPN_DNS_INFO = 12 ULTYPE_PAC_CLIENT_CLAIMS_INFO = 13 ULTYPE_PAC_DEVICE_INFO = 14 ULTYPE_PAC_DEVICE_CLAIMS_INFO = 15 )
View Source
const (
UPN_NO_UPN_ATTR = 31 // The user account object does not have the userPrincipalName attribute ([MS-ADA3] section 2.349) set. A UPN constructed by concatenating the user name with the DNS domain name of the account domain is provided.
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KerbValidationInfo ¶
type KerbValidationInfo struct {
LogOnTime mstypes.FileTime
LogOffTime mstypes.FileTime
KickOffTime mstypes.FileTime
PasswordLastSet mstypes.FileTime
PasswordCanChange mstypes.FileTime
PasswordMustChange mstypes.FileTime
EffectiveName mstypes.RPC_UnicodeString
FullName mstypes.RPC_UnicodeString
LogonScript mstypes.RPC_UnicodeString
ProfilePath mstypes.RPC_UnicodeString
HomeDirectory mstypes.RPC_UnicodeString
HomeDirectoryDrive mstypes.RPC_UnicodeString
LogonCount uint16
BadPasswordCount uint16
UserID uint32
PrimaryGroupID uint32
GroupCount uint32
GroupIDs []mstypes.GroupMembership
UserFlags uint32
UserSessionKey mstypes.UserSessionKey
LogonServer mstypes.RPC_UnicodeString
LogonDomainName mstypes.RPC_UnicodeString
LogonDomainID mstypes.RPC_SID
Reserved1 []uint32 // Has 2 elements
UserAccountControl uint32
SubAuthStatus uint32
LastSuccessfulILogon mstypes.FileTime
LastFailedILogon mstypes.FileTime
FailedILogonCount uint32
Reserved3 uint32
SIDCount uint32
ExtraSIDs []mstypes.KerbSidAndAttributes
ResourceGroupDomainSID mstypes.RPC_SID
ResourceGroupCount uint32
ResourceGroupIDs []mstypes.GroupMembership
// contains filtered or unexported fields
}
https://msdn.microsoft.com/en-us/library/cc237948.aspx The KERB_VALIDATION_INFO structure defines the user's logon and authorization information provided by the DC. The KERB_VALIDATION_INFO structure is a subset of the NETLOGON_VALIDATION_SAM_INFO4 structure ([MS-NRPC] section 2.2.1.4.13). It is a subset due to historical reasons and to the use of the common Active Directory to generate this information. The KERB_VALIDATION_INFO structure is marshaled by RPC [MS-RPCE].
func (*KerbValidationInfo) GetGroupMembershipSIDs ¶
func (k *KerbValidationInfo) GetGroupMembershipSIDs() []string
func (*KerbValidationInfo) Unmarshal ¶
func (k *KerbValidationInfo) Unmarshal(b []byte) (err error)
type NTLM_SupplementalCred ¶
type NTLM_SupplementalCred struct {
Version uint32 // A 32-bit unsigned integer that defines the credential version.This field MUST be 0x00000000.
Flags uint32
LMPassword []byte // A 16-element array of unsigned 8-bit integers that define the LM OWF. The LmPassword member MUST be ignored if the L flag is not set in the Flags member.
NTPassword []byte // A 16-element array of unsigned 8-bit integers that define the NT OWF. The LtPassword member MUST be ignored if the N flag is not set in the Flags member.
}
https://msdn.microsoft.com/en-us/library/cc237949.aspx
func Read_NTLM_SupplementalCred ¶
func Read_NTLM_SupplementalCred(b *[]byte, p *int, e *binary.ByteOrder) NTLM_SupplementalCred
type PACInfoBuffer ¶
type PACInfoBuffer struct {
ULType uint32 // A 32-bit unsigned integer in little-endian format that describes the type of data present in the buffer contained at Offset.
CBBufferSize uint32 // A 32-bit unsigned integer in little-endian format that contains the size, in bytes, of the buffer in the PAC located at Offset.
Offset uint64 // A 64-bit unsigned integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the PACTYPE structure. The data offset MUST be a multiple of eight. The following sections specify the format of each type of element.
}
https://msdn.microsoft.com/en-us/library/cc237954.aspx
func Read_PACInfoBuffer ¶
func Read_PACInfoBuffer(b *[]byte, p *int, e *binary.ByteOrder) PACInfoBuffer
type PACType ¶
type PACType struct {
CBuffers uint32
Version uint32
Buffers []PACInfoBuffer
Data []byte
KerbValidationInfo *KerbValidationInfo
CredentialsInfo *PAC_CredentialsInfo
ServerChecksum *PAC_SignatureData
KDCChecksum *PAC_SignatureData
ClientInfo *PAC_ClientInfo
S4U_DelegationInfo *S4U_DelegationInfo
UPN_DNSInfo *UPN_DNSInfo
ClientClaimsInfo *PAC_ClientClaimsInfo
DeviceInfo *PAC_DeviceInfo
DeviceClaimsInfo *PAC_DeviceClaimsInfo
ZeroSigData []byte
}
https://msdn.microsoft.com/en-us/library/cc237950.aspx
func (*PACType) ProcessPACInfoBuffers ¶
func (pac *PACType) ProcessPACInfoBuffers(key types.EncryptionKey) error
type PAC_ClientClaimsInfo ¶
type PAC_ClientClaimsInfo struct {
Claims mstypes.ClaimsSetMetadata
}
https://msdn.microsoft.com/en-us/library/hh536365.aspx
func (*PAC_ClientClaimsInfo) Unmarshal ¶
func (k *PAC_ClientClaimsInfo) Unmarshal(b []byte) error
type PAC_ClientInfo ¶
type PAC_ClientInfo struct {
ClientID mstypes.FileTime // A FILETIME structure in little-endian format that contains the Kerberos initial ticket-granting ticket TGT authentication time
NameLength uint16 // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the Name field.
Name string // An array of 16-bit Unicode characters in little-endian format that contains the client's account name.
}
https://msdn.microsoft.com/en-us/library/cc237951.aspx
func (*PAC_ClientInfo) Unmarshal ¶
func (k *PAC_ClientInfo) Unmarshal(b []byte) error
type PAC_CredentialData ¶
type PAC_CredentialData struct {
CredentialCount uint32
Credentials []SECPKG_SupplementalCred // Size is the value of CredentialCount
}
https://msdn.microsoft.com/en-us/library/cc237952.aspx This structure is encrypted prior to being encoded in any other structures. Encryption is performed by first serializing the data structure via Network Data Representation (NDR) encoding, as specified in [MS-RPCE]. Once serialized, the data is encrypted using the key and cryptographic system selected through the AS protocol and the KRB_AS_REP message Fields (for capturing this information) and cryptographic parameters are specified in PAC_CREDENTIAL_INFO (section 2.6.1).
func Read_PAC_CredentialData ¶
func Read_PAC_CredentialData(b *[]byte, p *int, e *binary.ByteOrder) PAC_CredentialData
type PAC_CredentialsInfo ¶
type PAC_CredentialsInfo struct {
Version uint32 // A 32-bit unsigned integer in little-endian format that defines the version. MUST be 0x00000000.
EType uint32
PAC_CredentialData_Encrypted []byte // Key usage number for encryption: KERB_NON_KERB_SALT (16)
PAC_CredentialData PAC_CredentialData
}
https://msdn.microsoft.com/en-us/library/cc237953.aspx
func (*PAC_CredentialsInfo) DecryptEncPart ¶
func (c *PAC_CredentialsInfo) DecryptEncPart(k types.EncryptionKey, e *binary.ByteOrder) error
func (*PAC_CredentialsInfo) Unmarshal ¶
func (c *PAC_CredentialsInfo) Unmarshal(b []byte, k types.EncryptionKey) error
type PAC_DeviceClaimsInfo ¶
type PAC_DeviceClaimsInfo struct {
Claims mstypes.ClaimsSetMetadata
}
https://msdn.microsoft.com/en-us/library/hh554226.aspx
func (*PAC_DeviceClaimsInfo) Unmarshal ¶
func (k *PAC_DeviceClaimsInfo) Unmarshal(b []byte) error
type PAC_DeviceInfo ¶
type PAC_DeviceInfo struct {
UserID uint32 // A 32-bit unsigned integer that contains the RID of the account. If the UserId member equals 0x00000000, the first group SID in this member is the SID for this account.
PrimaryGroupID uint32 // A 32-bit unsigned integer that contains the RID for the primary group to which this account belongs.
AccountDomainID mstypes.RPC_SID // A SID structure that contains the SID for the domain of the account.This member is used in conjunction with the UserId, and GroupIds members to create the user and group SIDs for the client.
AccountGroupCount uint32 // A 32-bit unsigned integer that contains the number of groups within the account domain to which the account belongs
AccountGroupIDs []mstypes.GroupMembership // A pointer to a list of GROUP_MEMBERSHIP (section 2.2.2) structures that contains the groups to which the account belongs in the account domain. The number of groups in this list MUST be equal to GroupCount.
SIDCount uint32 // A 32-bit unsigned integer that contains the total number of SIDs present in the ExtraSids member.
ExtraSIDs []mstypes.KerbSidAndAttributes // A pointer to a list of KERB_SID_AND_ATTRIBUTES structures that contain a list of SIDs corresponding to groups not in domains. If the UserId member equals 0x00000000, the first group SID in this member is the SID for this account.
DomainGroupCount uint32 // A 32-bit unsigned integer that contains the number of domains with groups to which the account belongs.
DomainGroup []mstypes.DomainGroupMembership // A pointer to a list of DOMAIN_GROUP_MEMBERSHIP structures (section 2.2.3) that contains the domains to which the account belongs to a group. The number of sets in this list MUST be equal to DomainCount.
}
https://msdn.microsoft.com/en-us/library/hh536402.aspx
func (*PAC_DeviceInfo) Unmarshal ¶
func (k *PAC_DeviceInfo) Unmarshal(b []byte) error
type PAC_SignatureData ¶
type PAC_SignatureData struct {
SignatureType uint32 // A 32-bit unsigned integer value in little-endian format that defines the cryptographic system used to calculate the checksum. This MUST be one of the following checksum types: KERB_CHECKSUM_HMAC_MD5 (signature size = 16), HMAC_SHA1_96_AES128 (signature size = 12), HMAC_SHA1_96_AES256 (signature size = 12).
Signature []byte // Size depends on the type. See comment above.
RODCIdentifier uint16 // A 16-bit unsigned integer value in little-endian format that contains the first 16 bits of the key version number ([MS-KILE] section 3.1.5.8) when the KDC is an RODC. When the KDC is not an RODC, this field does not exist.
}
type S4U_DelegationInfo ¶
type S4U_DelegationInfo struct {
S4U2proxyTarget mstypes.RPC_UnicodeString // The name of the principal to whom the application can forward the ticket.
TransitedListSize uint32
S4UTransitedServices []mstypes.RPC_UnicodeString // List of all services that have been delegated through by this client and subsequent services or servers.. Size is value of TransitedListSize
}
https://msdn.microsoft.com/en-us/library/cc237944.aspx
func (*S4U_DelegationInfo) Unmarshal ¶
func (k *S4U_DelegationInfo) Unmarshal(b []byte) error
type SECPKG_SupplementalCred ¶
type SECPKG_SupplementalCred struct {
PackageName mstypes.RPC_UnicodeString
CredentialSize uint32
Credentials []uint8 // Is a ptr. Size is the value of CredentialSize
}
https://msdn.microsoft.com/en-us/library/cc237956.aspx
func Read_SECPKG_SupplementalCred ¶
func Read_SECPKG_SupplementalCred(b *[]byte, p *int, e *binary.ByteOrder) SECPKG_SupplementalCred
type UPN_DNSInfo ¶
type UPN_DNSInfo struct {
UPNLength uint16 // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the UPN field.
UPNOffset uint16 // An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the UPN_DNS_INFO structure.
DNSDomainNameLength uint16
DNSDomainNameOffset uint16
Flags uint32
UPN string
DNSDomain string
}
https://msdn.microsoft.com/en-us/library/dd240468.aspx
func (*UPN_DNSInfo) Unmarshal ¶
func (k *UPN_DNSInfo) Unmarshal(b []byte) error
Source Files
Click to show internal directories.
Click to hide internal directories.