Documentation

Overview

    Package pac implements Microsoft Privilege Attribute Certificate (PAC) processing.

    Index

    Constants

    View Source
    const (
    	USERFLAG_GUEST                                    = 31 // Authentication was done via the GUEST account; no password was used.
    	USERFLAG_NO_ENCRYPTION_AVAILABLE                  = 30 // No encryption is available.
    	USERFLAG_LAN_MANAGER_KEY                          = 28 // LAN Manager key was used for authentication.
    	USERFLAG_SUB_AUTH                                 = 25 // Sub-authentication used; session key came from the sub-authentication package.
    	USERFLAG_EXTRA_SIDS                               = 26 // Indicates that the ExtraSids field is populated and contains additional SIDs.
    	USERFLAG_MACHINE_ACCOUNT                          = 24 // Indicates that the account is a machine account.
    	USERFLAG_DC_NTLM2                                 = 23 // Indicates that the domain controller understands NTLMv2.
    	USERFLAG_RESOURCE_GROUPIDS                        = 22 // Indicates that the ResourceGroupIds field is populated.
    	USERFLAG_PROFILEPATH                              = 21 // Indicates that ProfilePath is populated.
    	USERFLAG_NTLM2_NTCHALLENGERESP                    = 20 // The NTLMv2 response from the NtChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and session key generation.
    	USERFLAG_LM2_LMCHALLENGERESP                      = 19 // The LMv2 response from the LmChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and session key generation.
    	USERFLAG_AUTH_LMCHALLENGERESP_KEY_NTCHALLENGERESP = 18 // The LMv2 response from the LmChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and the NTLMv2 response from the NtChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used session key generation.
    )

      KERB_VALIDATION_INFO flags.

      View Source
      const (
      	// NTLMSupCredLMOWF indicates that the LM OWF member is present and valid.
      	NTLMSupCredLMOWF uint32 = 31
      	// NTLMSupCredNTOWF indicates that the NT OWF member is present and valid.
      	NTLMSupCredNTOWF uint32 = 30
      )

      Variables

      This section is empty.

      Functions

      This section is empty.

      Types

      type ClientClaimsInfo

      type ClientClaimsInfo struct {
      	ClaimsSetMetadata mstypes.ClaimsSetMetadata
      	ClaimsSet         mstypes.ClaimsSet
      }

        ClientClaimsInfo implements https://msdn.microsoft.com/en-us/library/hh536365.aspx

        func (*ClientClaimsInfo) Unmarshal

        func (k *ClientClaimsInfo) Unmarshal(b []byte) (err error)

          Unmarshal bytes into the ClientClaimsInfo struct

          type ClientInfo

          type ClientInfo struct {
          	ClientID   mstypes.FileTime // A FILETIME structure in little-endian format that contains the Kerberos initial ticket-granting ticket TGT authentication time
          	NameLength uint16           // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the Name field.
          	Name       string           // An array of 16-bit Unicode characters in little-endian format that contains the client's account name.
          }

            ClientInfo implements https://msdn.microsoft.com/en-us/library/cc237951.aspx

            func (*ClientInfo) Unmarshal

            func (k *ClientInfo) Unmarshal(b []byte) (err error)

              Unmarshal bytes into the ClientInfo struct

              type CredentialData

              type CredentialData struct {
              	CredentialCount uint32
              	Credentials     []SECPKGSupplementalCred // Size is the value of CredentialCount
              }

                CredentialData implements https://msdn.microsoft.com/en-us/library/cc237952.aspx

                func (*CredentialData) Unmarshal

                func (c *CredentialData) Unmarshal(b []byte) (err error)

                  Unmarshal converts the bytes provided into a CredentialData type.

                  type CredentialsInfo

                  type CredentialsInfo struct {
                  	Version                    uint32 // A 32-bit unsigned integer in little-endian format that defines the version. MUST be 0x00000000.
                  	EType                      uint32
                  	PACCredentialDataEncrypted []byte // Key usage number for encryption: KERB_NON_KERB_SALT (16)
                  	PACCredentialData          CredentialData
                  }

                    CredentialsInfo implements https://msdn.microsoft.com/en-us/library/cc237953.aspx

                    func (*CredentialsInfo) DecryptEncPart

                    func (c *CredentialsInfo) DecryptEncPart(k types.EncryptionKey) error

                      DecryptEncPart decrypts the encrypted part of the CredentialsInfo.

                      func (*CredentialsInfo) Unmarshal

                      func (c *CredentialsInfo) Unmarshal(b []byte, k types.EncryptionKey) (err error)

                        Unmarshal bytes into the CredentialsInfo struct

                        type DeviceClaimsInfo

                        type DeviceClaimsInfo struct {
                        	ClaimsSetMetadata mstypes.ClaimsSetMetadata
                        	ClaimsSet         mstypes.ClaimsSet
                        }

                          DeviceClaimsInfo implements https://msdn.microsoft.com/en-us/library/hh554226.aspx

                          func (*DeviceClaimsInfo) Unmarshal

                          func (k *DeviceClaimsInfo) Unmarshal(b []byte) (err error)

                            Unmarshal bytes into the ClientClaimsInfo struct

                            type DeviceInfo

                            type DeviceInfo struct {
                            	UserID            uint32                          // A 32-bit unsigned integer that contains the RID of the account. If the UserId member equals 0x00000000, the first group SID in this member is the SID for this account.
                            	PrimaryGroupID    uint32                          // A 32-bit unsigned integer that contains the RID for the primary group to which this account belongs.
                            	AccountDomainID   mstypes.RPCSID                  `ndr:"pointer"` // A SID structure that contains the SID for the domain of the account.This member is used in conjunction with the UserId, and GroupIds members to create the user and group SIDs for the client.
                            	AccountGroupCount uint32                          // A 32-bit unsigned integer that contains the number of groups within the account domain to which the account belongs
                            	AccountGroupIDs   []mstypes.GroupMembership       `ndr:"pointer,conformant"` // A pointer to a list of GROUP_MEMBERSHIP (section 2.2.2) structures that contains the groups to which the account belongs in the account domain. The number of groups in this list MUST be equal to GroupCount.
                            	SIDCount          uint32                          // A 32-bit unsigned integer that contains the total number of SIDs present in the ExtraSids member.
                            	ExtraSIDs         []mstypes.KerbSidAndAttributes  `ndr:"pointer,conformant"` // A pointer to a list of KERB_SID_AND_ATTRIBUTES structures that contain a list of SIDs corresponding to groups not in domains. If the UserId member equals 0x00000000, the first group SID in this member is the SID for this account.
                            	DomainGroupCount  uint32                          // A 32-bit unsigned integer that contains the number of domains with groups to which the account belongs.
                            	DomainGroup       []mstypes.DomainGroupMembership `ndr:"pointer,conformant"` // A pointer to a list of DOMAIN_GROUP_MEMBERSHIP structures (section 2.2.3) that contains the domains to which the account belongs to a group. The number of sets in this list MUST be equal to DomainCount.
                            }

                              DeviceInfo implements https://msdn.microsoft.com/en-us/library/hh536402.aspx

                              func (*DeviceInfo) Unmarshal

                              func (k *DeviceInfo) Unmarshal(b []byte) (err error)

                                Unmarshal bytes into the DeviceInfo struct

                                type InfoBuffer

                                type InfoBuffer struct {
                                	ULType       uint32 // A 32-bit unsigned integer in little-endian format that describes the type of data present in the buffer contained at Offset.
                                	CBBufferSize uint32 // A 32-bit unsigned integer in little-endian format that contains the size, in bytes, of the buffer in the PAC located at Offset.
                                	Offset       uint64 // A 64-bit unsigned integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the PACTYPE structure. The data offset MUST be a multiple of eight. The following sections specify the format of each type of element.
                                }

                                  InfoBuffer implements the PAC Info Buffer: https://msdn.microsoft.com/en-us/library/cc237954.aspx

                                  type KerbValidationInfo

                                  type KerbValidationInfo struct {
                                  	LogOnTime              mstypes.FileTime
                                  	LogOffTime             mstypes.FileTime
                                  	KickOffTime            mstypes.FileTime
                                  	PasswordLastSet        mstypes.FileTime
                                  	PasswordCanChange      mstypes.FileTime
                                  	PasswordMustChange     mstypes.FileTime
                                  	EffectiveName          mstypes.RPCUnicodeString
                                  	FullName               mstypes.RPCUnicodeString
                                  	LogonScript            mstypes.RPCUnicodeString
                                  	ProfilePath            mstypes.RPCUnicodeString
                                  	HomeDirectory          mstypes.RPCUnicodeString
                                  	HomeDirectoryDrive     mstypes.RPCUnicodeString
                                  	LogonCount             uint16
                                  	BadPasswordCount       uint16
                                  	UserID                 uint32
                                  	PrimaryGroupID         uint32
                                  	GroupCount             uint32
                                  	GroupIDs               []mstypes.GroupMembership `ndr:"pointer,conformant"`
                                  	UserFlags              uint32
                                  	UserSessionKey         mstypes.UserSessionKey
                                  	LogonServer            mstypes.RPCUnicodeString
                                  	LogonDomainName        mstypes.RPCUnicodeString
                                  	LogonDomainID          mstypes.RPCSID `ndr:"pointer"`
                                  	Reserved1              [2]uint32      // Has 2 elements
                                  	UserAccountControl     uint32
                                  	SubAuthStatus          uint32
                                  	LastSuccessfulILogon   mstypes.FileTime
                                  	LastFailedILogon       mstypes.FileTime
                                  	FailedILogonCount      uint32
                                  	Reserved3              uint32
                                  	SIDCount               uint32
                                  	ExtraSIDs              []mstypes.KerbSidAndAttributes `ndr:"pointer,conformant"`
                                  	ResourceGroupDomainSID mstypes.RPCSID                 `ndr:"pointer"`
                                  	ResourceGroupCount     uint32
                                  	ResourceGroupIDs       []mstypes.GroupMembership `ndr:"pointer,conformant"`
                                  }

                                    KerbValidationInfo implement https://msdn.microsoft.com/en-us/library/cc237948.aspx

                                    func (*KerbValidationInfo) GetGroupMembershipSIDs

                                    func (k *KerbValidationInfo) GetGroupMembershipSIDs() []string

                                      GetGroupMembershipSIDs returns a slice of strings containing the group membership SIDs found in the PAC.

                                      func (*KerbValidationInfo) Unmarshal

                                      func (k *KerbValidationInfo) Unmarshal(b []byte) (err error)

                                        Unmarshal bytes into the DeviceInfo struct

                                        type NTLMSupplementalCred

                                        type NTLMSupplementalCred struct {
                                        	Version    uint32 // A 32-bit unsigned integer that defines the credential version.This field MUST be 0x00000000.
                                        	Flags      uint32
                                        	LMPassword []byte // A 16-element array of unsigned 8-bit integers that define the LM OWF. The LMPassword member MUST be ignored if the L flag is not set in the Flags member.
                                        	NTPassword []byte // A 16-element array of unsigned 8-bit integers that define the NT OWF. The NTPassword member MUST be ignored if the N flag is not set in the Flags member.
                                        }

                                          NTLMSupplementalCred implements https://msdn.microsoft.com/en-us/library/cc237949.aspx

                                          func (*NTLMSupplementalCred) Unmarshal

                                          func (c *NTLMSupplementalCred) Unmarshal(b []byte) (err error)

                                            Unmarshal converts the bytes provided into a NTLMSupplementalCred.

                                            type PACType

                                            type PACType struct {
                                            	CBuffers           uint32
                                            	Version            uint32
                                            	Buffers            []InfoBuffer
                                            	Data               []byte
                                            	KerbValidationInfo *KerbValidationInfo
                                            	CredentialsInfo    *CredentialsInfo
                                            	ServerChecksum     *SignatureData
                                            	KDCChecksum        *SignatureData
                                            	ClientInfo         *ClientInfo
                                            	S4UDelegationInfo  *S4UDelegationInfo
                                            	UPNDNSInfo         *UPNDNSInfo
                                            	ClientClaimsInfo   *ClientClaimsInfo
                                            	DeviceInfo         *DeviceInfo
                                            	DeviceClaimsInfo   *DeviceClaimsInfo
                                            	ZeroSigData        []byte
                                            }

                                              PACType implements: https://msdn.microsoft.com/en-us/library/cc237950.aspx

                                              func (*PACType) ProcessPACInfoBuffers

                                              func (pac *PACType) ProcessPACInfoBuffers(key types.EncryptionKey, l *log.Logger) error

                                                ProcessPACInfoBuffers processes the PAC Info Buffers. https://msdn.microsoft.com/en-us/library/cc237954.aspx

                                                func (*PACType) Unmarshal

                                                func (pac *PACType) Unmarshal(b []byte) (err error)

                                                  Unmarshal bytes into the PACType struct

                                                  type S4UDelegationInfo

                                                  type S4UDelegationInfo struct {
                                                  	S4U2proxyTarget      mstypes.RPCUnicodeString // The name of the principal to whom the application can forward the ticket.
                                                  	TransitedListSize    uint32
                                                  	S4UTransitedServices []mstypes.RPCUnicodeString `ndr:"pointer,conformant"` // List of all services that have been delegated through by this client and subsequent services or servers.. Size is value of TransitedListSize
                                                  }

                                                    S4UDelegationInfo implements https://msdn.microsoft.com/en-us/library/cc237944.aspx

                                                    func (*S4UDelegationInfo) Unmarshal

                                                    func (k *S4UDelegationInfo) Unmarshal(b []byte) (err error)

                                                      Unmarshal bytes into the S4UDelegationInfo struct

                                                      type SECPKGSupplementalCred

                                                      type SECPKGSupplementalCred struct {
                                                      	PackageName    mstypes.RPCUnicodeString
                                                      	CredentialSize uint32
                                                      	Credentials    []uint8 `ndr:"pointer,conformant"` // Is a ptr. Size is the value of CredentialSize
                                                      }

                                                        SECPKGSupplementalCred implements https://msdn.microsoft.com/en-us/library/cc237956.aspx

                                                        func (*SECPKGSupplementalCred) Unmarshal

                                                        func (c *SECPKGSupplementalCred) Unmarshal(b []byte) (err error)

                                                          Unmarshal converts the bytes provided into a SECPKGSupplementalCred.

                                                          type SignatureData

                                                          type SignatureData struct {
                                                          	SignatureType  uint32 // A 32-bit unsigned integer value in little-endian format that defines the cryptographic system used to calculate the checksum. This MUST be one of the following checksum types: KERB_CHECKSUM_HMAC_MD5 (signature size = 16), HMAC_SHA1_96_AES128 (signature size = 12), HMAC_SHA1_96_AES256 (signature size = 12).
                                                          	Signature      []byte // Size depends on the type. See comment above.
                                                          	RODCIdentifier uint16 // A 16-bit unsigned integer value in little-endian format that contains the first 16 bits of the key version number ([MS-KILE] section 3.1.5.8) when the KDC is an RODC. When the KDC is not an RODC, this field does not exist.
                                                          }

                                                            SignatureData implements https://msdn.microsoft.com/en-us/library/cc237955.aspx

                                                            func (*SignatureData) Unmarshal

                                                            func (k *SignatureData) Unmarshal(b []byte) (rb []byte, err error)

                                                              Unmarshal bytes into the SignatureData struct

                                                              type UPNDNSInfo

                                                              type UPNDNSInfo struct {
                                                              	UPNLength           uint16 // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the UPN field.
                                                              	UPNOffset           uint16 // An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the UPN_DNS_INFO structure.
                                                              	DNSDomainNameLength uint16
                                                              	DNSDomainNameOffset uint16
                                                              	Flags               uint32
                                                              	UPN                 string
                                                              	DNSDomain           string
                                                              }

                                                                UPNDNSInfo implements https://msdn.microsoft.com/en-us/library/dd240468.aspx

                                                                func (*UPNDNSInfo) Unmarshal

                                                                func (k *UPNDNSInfo) Unmarshal(b []byte) (err error)

                                                                  Unmarshal bytes into the UPN_DNSInfo struct