mstypes definitions

iana/adtype/constants.go

@@ -2,11 +2,21 @@
 package adtype
 
 const (
-	AD_IF_RELEVANT             = 1
-	AD_KDCIssued               = 4
-	AD_AND_OR                  = 5
-	AD_MANDATORY_FOR_KDC       = 8
+	AD_IF_RELEVANT                    = 1
+	AD_INTENDED_FOR_SERVER            = 2
+	AD_INTENDED_FOR_APPLICATION_CLASS = 3
+	AD_KDC_ISSUED                     = 4
+	AD_AND_OR                         = 5
+	AD_MANDATORY_TICKET_EXTENSIONS    = 6
+	AD_IN_TICKET_EXTENSIONS           = 7
+	AD_MANDATORY_FOR_KDC              = 8
+	//Reserved values                   9-63
+	OSF_DCE                    = 64
+	SESAME                     = 65
+	AD_OSF_DCE_PKI_CERTID      = 66
 	AD_Authentication_Strength = 70
 	AD_FX_Fast_Armor           = 71
 	AD_FX_Fast_Used            = 72
+	AD_WIN2K_PAC               = 128
+	AD_ETYPE_NEGOTIATION       = 129
 )

iana/chksumtype/constants.go

@@ -26,4 +26,5 @@ const (
 	//UNASSIGNED : 21-32770
 	GSSAPI = 32771
 	//UNASSIGNED : 32772-2147483647
+	KERB_CHECKSUM_HMAC_MD5 = 4294967158 // 0xFFFFFF76 documentation says this is -138 but in an unsigned int this is 4294967158
 )

iana/keyusage/constants.go

@@ -18,7 +18,9 @@ const (
 	KRB_PRIV_ENCPART                               = 13
 	KRB_CRED_ENCPART                               = 14
 	KRB_SAFE_CHKSUM                                = 15
-	//16-18.  Reserved for future use in Kerberos and related protocols.
+	KERB_NON_KERB_SALT                             = 16
+	KERB_NON_KERB_CKSUM_SALT                       = 17
+	//18.  Reserved for future use in Kerberos and related protocols.
 	AD_KDC_ISSUED_CHKSUM = 19
 	//20-21.  Reserved for future use in Kerberos and related protocols.
 	GSSAPI_ACCEPTOR_SEAL           = 22

mstypes/common.go

@@ -0,0 +1,24 @@
+// Microsoft types for Privilege Attribute Certificate (PAC): https://msdn.microsoft.com/en-us/library/cc237928.aspx
+package mstypes
+
+// A BYTE is an 8-bit unsigned value that corresponds to a single octet in a network protocol.
+type Byte uint8
+
+// A ULONG is a 32-bit unsigned integer (range: 0 through 4294967295 decimal).
+// Because a ULONG is unsigned, its first bit (Most Significant Bit (MSB)) is not reserved for signing.
+type ULong uint32
+
+// A ULONG64 is a 64-bit unsigned integer (range: 0 through 18446744073709551615 decimal).
+// Because a ULONG64 is unsigned, its first bit (Most Significant Bit (MSB)) is not reserved for signing.
+type ULong64 uint64
+
+// A USHORT is a 16-bit unsigned integer (range: 0 through 65535 decimal).
+// Because a USHORT is unsigned, its first bit (Most Significant Bit (MSB)) is not reserved for signing.
+type UShort uint16
+
+// A UCHAR is an 8-bit integer with the range: 0 through 255 decimal.
+// Because a UCHAR is unsigned, its first bit (Most Significant Bit (MSB)) is not reserved for signing.
+type UChar uint8
+
+// A WCHAR is a 16-bit Unicode character.
+type WChar uint16

mstypes/crypto.go

@@ -0,0 +1,9 @@
+package mstypes
+
+type CypherBlock struct {
+	Data []byte // size = 8
+}
+
+type UserSessionKey struct {
+	Data []CypherBlock // size = 2
+}

mstypes/group_membership.go

@@ -0,0 +1,19 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc237945.aspx
+// RelativeID : A 32-bit unsigned integer that contains the RID of a particular group.
+// The possible values for the Attributes flags are identical to those specified in KERB_SID_AND_ATTRIBUTES
+type GroupMembership struct {
+	RelativeID ULong
+	Attributes ULong
+}
+
+// https://msdn.microsoft.com/en-us/library/hh536344.aspx
+// DomainId: A SID structure that contains the SID for the domain.This member is used in conjunction with the GroupIds members to create group SIDs for the device.
+// GroupCount: A 32-bit unsigned integer that contains the number of groups within the domain to which the account belongs.
+// GroupIds: A pointer to a list of GROUP_MEMBERSHIP structures that contain the groups to which the account belongs in the domain. The number of groups in this list MUST be equal to GroupCount.
+type DomainGroupMembership struct {
+	DomainID   RPC_SID
+	GroupCount ULong
+	GroupIDs   []GroupMembership // Size is value of GroupCount
+}

mstypes/kerb_sid_and_attributes.go

@@ -0,0 +1,20 @@
+package mstypes
+
+const (
+	SE_GROUP_MANDATORY          = 31
+	SE_GROUP_ENABLED_BY_DEFAULT = 30
+	SE_GROUP_ENABLED            = 29
+	SE_GROUP_OWNER              = 28
+	SE_GROUP_RESOURCE           = 2
+	//All other bits MUST be set to zero and MUST be  ignored on receipt.
+)
+
+// https://msdn.microsoft.com/en-us/library/cc237947.aspx
+type KerbSidAndAttributes struct {
+	SID        RPC_SID // A pointer to an RPC_SID structure.
+	Attributes ULong
+}
+
+func SetFlag(a *ULong, i uint) {
+	a = a | (1 << (31 - i))
+}

mstypes/kerb_validation_info.go

@@ -0,0 +1,55 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc237948.aspx
+type KerbValidationInfo struct {
+	LogOnTime              FileTime
+	LogOffTime             FileTime
+	KickOffTime            FileTime
+	PasswordLastSet        FileTime
+	PasswordCanChange      FileTime
+	PasswordMustChange     FileTime
+	EffectiveName          RPC_UnicodeString
+	FullName               RPC_UnicodeString
+	LogonScript            RPC_UnicodeString
+	ProfilePath            RPC_UnicodeString
+	HomeDirectory          RPC_UnicodeString
+	HomeDirectoryDrive     RPC_UnicodeString
+	LogonCount             UShort
+	BadPasswordCount       UShort
+	UserID                 ULong
+	PrimaryGroupID         ULong
+	GroupCount             ULong
+	GroupIDs               []GroupMembership //TODO ptr - size of the slice is GroupCount value
+	UserFlags              ULong
+	UserSessionKey         UserSessionKey
+	LogonServer            RPC_UnicodeString
+	LogonDomainName        RPC_UnicodeString
+	LogonDomainID          RPC_SID
+	Reserved1              ULong
+	UserAccountControl     ULong
+	Reserved3              ULong
+	SIDCount               ULong
+	ExtraSIDs              KerbSidAndAttributes //TODO ptr
+	ResourceGroupDomainSID RPC_SID
+	ResourceGroupCount     ULong
+	ResourceGroupIDs       []GroupMembership //TODO ptr - size of the slice is ResourceGroupCount value
+	//SubAuthStatus          ULong
+	//LastSuccessfullILogon   FileTime
+	//LastFailedILogon       FileTime
+	//FailedILogonCount      ULong
+}
+
+const (
+	USERFLAG_GUEST                                    = 31 // Authentication was done via the GUEST account; no password was used.
+	USERFLAG_NO_ENCRYPTION_AVAILABLE                  = 30 // No encryption is available.
+	USERFLAG_LAN_MANAGER_KEY                          = 28 // LAN Manager key was used for authentication.
+	USERFLAG_SUB_AUTH                                 = 25 // Sub-authentication used; session key came from the sub-authentication package.
+	USERFLAG_EXTRA_SIDS                               = 26 // Indicates that the ExtraSids field is populated and contains additional SIDs.
+	USERFLAG_MACHINE_ACCOUNT                          = 24 // Indicates that the account is a machine account.
+	USERFLAG_DC_NTLM2                                 = 23 // Indicates that the domain controller understands NTLMv2.
+	USERFLAG_RESOURCE_GROUPIDS                        = 22 // Indicates that the ResourceGroupIds field is populated.
+	USERFLAG_PROFILEPATH                              = 21 // Indicates that ProfilePath is populated.
+	USERFLAG_NTLM2_NTCHALLENGERESP                    = 20 // The NTLMv2 response from the NtChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and session key generation.
+	USERFLAG_LM2_LMCHALLENGERESP                      = 19 // The LMv2 response from the LmChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and session key generation.
+	USERFLAG_AUTH_LMCHALLENGERESP_KEY_NTCHALLENGERESP = 18 // The LMv2 response from the LmChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used for authentication and the NTLMv2 response from the NtChallengeResponseFields ([MS-NLMP] section 2.2.1.3) was used session key generation.
+)

mstypes/pac_client.go

@@ -0,0 +1,14 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc237951.aspx
+type PAC_ClientInfo struct {
+	ClientID   FileTime // A FILETIME structure in little-endian format that contains the Kerberos initial ticket-granting ticket TGT authentication time
+	NameLength UShort   // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the Name field.
+	Name       []WChar  // An array of 16-bit Unicode characters in little-endian format that contains the client's account name.
+}
+
+// TODO come back to this struct
+// https://msdn.microsoft.com/en-us/library/hh536365.aspx
+//type PAC_ClientClaimsInfo struct {
+//	Claims ClaimsSetMetadata
+//}

mstypes/pac_credentials.go

@@ -0,0 +1,40 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc237931.aspx
+
+//https://msdn.microsoft.com/en-us/library/cc237953.aspx
+type PAC_CredentialsInfo struct {
+	Version                      uint32 // A 32-bit unsigned integer in little-endian format that defines the version. MUST be 0x00000000.
+	EType                        uint32
+	PAC_CredentialData_Encrypted []byte // Key usage number for encryption: KERB_NON_KERB_SALT (16)
+}
+
+// https://msdn.microsoft.com/en-us/library/cc237952.aspx
+// This structure is encrypted prior to being encoded in any other structures.
+// Encryption is performed by first serializing the data structure via Network Data Representation (NDR) encoding, as specified in [MS-RPCE].
+// Once serialized, the data is encrypted using the key and cryptographic system selected through the AS protocol and the KRB_AS_REP message
+// Fields (for capturing this information) and cryptographic parameters are specified in PAC_CREDENTIAL_INFO (section 2.6.1).
+type PAC_CredentialData struct {
+	CredentialCount ULong
+	Credentials     []SECPKG_SupplementalCred // Size is the value of CredentialCount
+}
+
+// https://msdn.microsoft.com/en-us/library/cc237956.aspx
+type SECPKG_SupplementalCred struct {
+	PackageName    RPC_UnicodeString
+	CredentialSize ULong
+	Credentials    []UChar // Is a ptr. Size is the value of CredentialSize
+}
+
+// https://msdn.microsoft.com/en-us/library/cc237949.aspx
+type NTLM_SupplementalCred struct {
+	Version    ULong // A 32-bit unsigned integer that defines the credential version.This field MUST be 0x00000000.
+	Flags      ULong
+	LMPassword []byte // A 16-element array of unsigned 8-bit integers that define the LM OWF. The LmPassword member MUST be ignored if the L flag is not set in the Flags member.
+	NTPassword []byte // A 16-element array of unsigned 8-bit integers that define the NT OWF. The LtPassword member MUST be ignored if the N flag is not set in the Flags member.
+}
+
+const (
+	NTLM_SUP_CRED_LMOWF = 31 // Indicates that the LM OWF member is present and valid.
+	NTLM_SUP_CRED_NTOWF = 30 // Indicates that the NT OWF member is present and valid.
+)

mstypes/pac_device_info.go

@@ -0,0 +1,20 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/hh536402.aspx
+type PAC_DeviceInfo struct {
+	UserID            ULong                   // A 32-bit unsigned integer that contains the RID of the account. If the UserId member equals 0x00000000, the first group SID in this member is the SID for this account.
+	PrimaryGroupID    ULong                   // A 32-bit unsigned integer that contains the RID for the primary group to which this account belongs.
+	AccountDomainID   RPC_SID                 // A SID structure that contains the SID for the domain of the account.This member is used in conjunction with the UserId, and GroupIds members to create the user and group SIDs for the client.
+	AccountGroupCount ULong                   // A 32-bit unsigned integer that contains the number of groups within the account domain to which the account belongs
+	AccountGroupIDs   []GroupMembership       // A pointer to a list of GROUP_MEMBERSHIP (section 2.2.2) structures that contains the groups to which the account belongs in the account domain. The number of groups in this list MUST be equal to GroupCount.
+	SIDCount          ULong                   // A 32-bit unsigned integer that contains the total number of SIDs present in the ExtraSids member.
+	ExtraSIDs         []KerbSidAndAttributes  // A pointer to a list of KERB_SID_AND_ATTRIBUTES structures that contain a list of SIDs corresponding to groups not in domains. If the UserId member equals 0x00000000, the first group SID in this member is the SID for this account.
+	DomainGroupCount  ULong                   // A 32-bit unsigned integer that contains the number of domains with groups to which the account belongs.
+	DomainGroup       []DomainGroupMembership // A pointer to a list of DOMAIN_GROUP_MEMBERSHIP structures (section 2.2.3) that contains the domains to which the account belongs to a group. The number of sets in this list MUST be equal to DomainCount.
+}
+
+// TODO come back to this struct
+// https://msdn.microsoft.com/en-us/library/hh554226.aspx
+//type PAC_DeviceClaimsInfo struct {
+//	Claims ClaimsSetMetadata
+//}

mstypes/pac_info_buffer.go

@@ -0,0 +1,21 @@
+package mstypes
+
+const (
+	ULTYPE_KERB_VALIDATION_INFO      = 1
+	ULTYPE_CREDENTIALS               = 2
+	ULTYPE_PAC_SERVER_SIGNATURE_DATA = 6
+	ULTYPE_PAC_KDC_SIGNATURE_DATA    = 7
+	ULTYPE_PAC_CLIENT_INFO           = 10
+	ULTYPE_S4U_DELEGATION_INFO       = 11
+	ULTYPE_UPN_DNS_INFO              = 12
+	ULTYPE_PAC_CLIENT_CLAIMS_INFO    = 13
+	ULTYPE_PAC_DEVICE_INFO           = 14
+	ULTYPE_PAC_DEVICE_CLAIMS_INFO    = 15
+)
+
+// https://msdn.microsoft.com/en-us/library/cc237954.aspx
+type PACInfoBuffer struct {
+	ULType       ULong   // A 32-bit unsigned integer in little-endian format that describes the type of data present in the buffer contained at Offset.
+	CBBufferSize ULong   // A 32-bit unsigned integer in little-endian format that contains the size, in bytes, of the buffer in the PAC located at Offset.
+	Offset       ULong64 // A 64-bit unsigned integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the PACTYPE structure. The data offset MUST be a multiple of eight. The following sections specify the format of each type of element.
+}

mstypes/pac_signature_data.go

@@ -0,0 +1,31 @@
+package mstypes
+
+/*
+https://msdn.microsoft.com/en-us/library/cc237955.aspx
+
+The Key Usage Value MUST be KERB_NON_KERB_CKSUM_SALT (17) [MS-KILE] (section 3.1.5.9).
+
+Server Signature (SignatureType = 0x00000006)
+https://msdn.microsoft.com/en-us/library/cc237957.aspx
+The KDC will use the long-term key that the KDC shares with the server, so that the server can verify this signature on receiving a PAC.
+The server signature is a keyed hash [RFC4757] of the entire PAC message, with the Signature fields of both PAC_SIGNATURE_DATA structures set to zero.
+The key used to protect the ciphertext part of the response is used.
+The checksum type corresponds to the key unless the key is DES, in which case the KERB_CHECKSUM_HMAC_MD5 key is used.
+The resulting hash value is then placed in the Signature field of the server's PAC_SIGNATURE_DATA structure.
+
+KDC Signature (SignatureType = 0x00000007)
+https://msdn.microsoft.com/en-us/library/dd357117.aspx
+The KDC will use KDC (krbtgt) key [RFC4120], so that other KDCs can verify this signature on receiving a PAC.
+The KDC signature is a keyed hash [RFC4757] of the Server Signature field in the PAC message.
+The cryptographic system that is used to calculate the checksum depends on which system the KDC supports, as defined below:
+- Supports RC4-HMAC --> KERB_CHECKSUM_HMAC_MD5
+- Does not support RC4-HMAC and supports AES256 --> HMAC_SHA1_96_AES256
+- Does not support RC4-HMAC or AES256-CTS-HMAC-SHA1-96, and supports AES128-CTS-HMAC-SHA1-96 --> HMAC_SHA1_96_AES128
+- Does not support RC4-HMAC, AES128-CTS-HMAC-SHA1-96 or AES256-CTS-HMAC-SHA1-96 -->  None. The checksum operation will fail.
+*/
+
+type PAC_SignatureDate struct {
+	SignatureType  uint32 // A 32-bit unsigned integer value in little-endian format that defines the cryptographic system used to calculate the checksum. This MUST be one of the following checksum types: KERB_CHECKSUM_HMAC_MD5 (signature size = 16), HMAC_SHA1_96_AES128 (signature size = 12), HMAC_SHA1_96_AES256 (signature size = 12).
+	Signature      []byte // Size depends on the type. See comment above.
+	RODCIdentifier uint16 // A 16-bit unsigned integer value in little-endian format that contains the first 16 bits of the key version number ([MS-KILE] section 3.1.5.8) when the KDC is an RODC. When the KDC is not an RODC, this field does not exist.
+}

mstypes/pac_type.go

@@ -0,0 +1,8 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc237950.aspx
+type PACType struct {
+	CBuffers ULong
+	Verion   ULong
+	Buffers  []PACInfoBuffer
+}

mstypes/rpc_unicode_string.go

@@ -0,0 +1,8 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc230365.aspx
+type RPC_UnicodeString struct {
+	Length        UShort // The length, in bytes, of the string pointed to by the Buffer member, not including the terminating null character if any. The length MUST be a multiple of 2. The length SHOULD equal the entire size of the Buffer, in which case there is no terminating null character. Any method that accesses this structure MUST use the Length specified instead of relying on the presence or absence of a null character.
+	MaximumLength UShort // The maximum size, in bytes, of the string pointed to by Buffer. The size MUST be a multiple of 2. If not, the size MUST be decremented by 1 prior to use. This value MUST not be less than Length.
+	Buffer        WChar  // A pointer to a string buffer. If MaximumLength is greater than zero, the buffer MUST contain a non-null value.
+}

mstypes/s4u_delegation_info.go

@@ -0,0 +1,8 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc237944.aspx
+type S4U_DelegationInfo struct {
+	S4U2proxyTarget      RPC_UnicodeString // The name of the principal to whom the application can forward the ticket.
+	TransitedListSize    ULong
+	S4UTransitedServices []RPC_UnicodeString // List of all services that have been delegated through by this client and subsequent services or servers.. Size is value of TransitedListSize
+}

mstypes/sid.go

@@ -0,0 +1,14 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/cc230364.aspx
+type RPC_SID struct {
+	Revision            uint8                      // An 8-bit unsigned integer that specifies the revision level of the SID. This value MUST be set to 0x01.
+	SubAuthorityCount   uint8                      // An 8-bit unsigned integer that specifies the number of elements in the SubAuthority array. The maximum number of elements allowed is 15.
+	IdentifierAuthority RPC_SIDIdentifierAuthority // An RPC_SID_IDENTIFIER_AUTHORITY structure that indicates the authority under which the SID was created. It describes the entity that created the SID. The Identifier Authority value {0,0,0,0,0,5} denotes SIDs created by the NT SID authority.
+	SubAuthority        []uint32                   // A variable length array of unsigned 32-bit integers that uniquely identifies a principal relative to the IdentifierAuthority. Its length is determined by SubAuthorityCount.
+}
+
+// https://msdn.microsoft.com/en-us/library/cc230372.aspx
+type RPC_SIDIdentifierAuthority struct {
+	Value Byte
+}

mstypes/upn_dns_info.go

@@ -0,0 +1,14 @@
+package mstypes
+
+// https://msdn.microsoft.com/en-us/library/dd240468.aspx
+type UPN_DNSInfo struct {
+	UPNLength           UShort // An unsigned 16-bit integer in little-endian format that specifies the length, in bytes, of the UPN field.
+	UPNOffset           UShort // An unsigned 16-bit integer in little-endian format that contains the offset to the beginning of the buffer, in bytes, from the beginning of the UPN_DNS_INFO structure.
+	DNSDomainNameLength UShort
+	DNSDomainNameOffset UShort
+	Flags               ULong
+}
+
+const (
+	UPN_NO_UPN_ATTR = 31 // The user account object does not have the userPrincipalName attribute ([MS-ADA3] section 2.349) set. A UPN constructed by concatenating the user name with the DNS domain name of the account domain is provided.
+)