Coverage for /root/GitHubProjects/impacket/impacket/krb5/pac.py : 100%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
2#
3# This software is provided under under a slightly modified version
4# of the Apache Software License. See the accompanying LICENSE file
5# for more information.
6#
7# Author: Alberto Solino (@agsolino)
8#
9# Description:
10# [MS-PAC] Implementation
11#
12from impacket.dcerpc.v5.dtypes import ULONG, RPC_UNICODE_STRING, FILETIME, PRPC_SID, USHORT
13from impacket.dcerpc.v5.ndr import NDRSTRUCT, NDRUniConformantArray, NDRPOINTER
14from impacket.dcerpc.v5.nrpc import USER_SESSION_KEY, CHAR_FIXED_8_ARRAY, PUCHAR_ARRAY, PRPC_UNICODE_STRING_ARRAY
15from impacket.dcerpc.v5.rpcrt import TypeSerialization1
16from impacket.structure import Structure
18################################################################################
19# CONSTANTS
20################################################################################
21# From https://msdn.microsoft.com/library/aa302203#msdn_pac_credentials
22# and http://diswww.mit.edu/menelaus.mit.edu/cvs-krb5/25862
23PAC_LOGON_INFO = 1
24PAC_CREDENTIALS_INFO = 2
25PAC_SERVER_CHECKSUM = 6
26PAC_PRIVSVR_CHECKSUM = 7
27PAC_CLIENT_INFO_TYPE = 10
28PAC_DELEGATION_INFO = 11
29PAC_UPN_DNS_INFO = 12
31################################################################################
32# STRUCTURES
33################################################################################
35PISID = PRPC_SID
37# 2.2.1 KERB_SID_AND_ATTRIBUTES
38class KERB_SID_AND_ATTRIBUTES(NDRSTRUCT):
39 structure = (
40 ('Sid', PISID),
41 ('Attributes', ULONG),
42 )
44class KERB_SID_AND_ATTRIBUTES_ARRAY(NDRUniConformantArray):
45 item = KERB_SID_AND_ATTRIBUTES
47class PKERB_SID_AND_ATTRIBUTES_ARRAY(NDRPOINTER):
48 referent = (
49 ('Data', KERB_SID_AND_ATTRIBUTES_ARRAY),
50 )
52# 2.2.2 GROUP_MEMBERSHIP
53from impacket.dcerpc.v5.nrpc import PGROUP_MEMBERSHIP_ARRAY
55# 2.2.3 DOMAIN_GROUP_MEMBERSHIP
56class DOMAIN_GROUP_MEMBERSHIP(NDRSTRUCT):
57 structure = (
58 ('DomainId', PISID),
59 ('GroupCount', ULONG),
60 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
61 )
63class DOMAIN_GROUP_MEMBERSHIP_ARRAY(NDRUniConformantArray):
64 item = DOMAIN_GROUP_MEMBERSHIP
66class PDOMAIN_GROUP_MEMBERSHIP_ARRAY(NDRPOINTER):
67 referent = (
68 ('Data', KERB_SID_AND_ATTRIBUTES_ARRAY),
69 )
71# 2.3 PACTYPE
72class PACTYPE(Structure):
73 structure = (
74 ('cBuffers', '<L=0'),
75 ('Version', '<L=0'),
76 ('Buffers', ':'),
77 )
79# 2.4 PAC_INFO_BUFFER
80class PAC_INFO_BUFFER(Structure):
81 structure = (
82 ('ulType', '<L=0'),
83 ('cbBufferSize', '<L=0'),
84 ('Offset', '<Q=0'),
85 )
87# 2.5 KERB_VALIDATION_INFO
88class KERB_VALIDATION_INFO(NDRSTRUCT):
89 structure = (
90 ('LogonTime', FILETIME),
91 ('LogoffTime', FILETIME),
92 ('KickOffTime', FILETIME),
93 ('PasswordLastSet', FILETIME),
94 ('PasswordCanChange', FILETIME),
95 ('PasswordMustChange', FILETIME),
96 ('EffectiveName', RPC_UNICODE_STRING),
97 ('FullName', RPC_UNICODE_STRING),
98 ('LogonScript', RPC_UNICODE_STRING),
99 ('ProfilePath', RPC_UNICODE_STRING),
100 ('HomeDirectory', RPC_UNICODE_STRING),
101 ('HomeDirectoryDrive', RPC_UNICODE_STRING),
102 ('LogonCount', USHORT),
103 ('BadPasswordCount', USHORT),
104 ('UserId', ULONG),
105 ('PrimaryGroupId', ULONG),
106 ('GroupCount', ULONG),
107 ('GroupIds', PGROUP_MEMBERSHIP_ARRAY),
108 ('UserFlags', ULONG),
109 ('UserSessionKey', USER_SESSION_KEY),
110 ('LogonServer', RPC_UNICODE_STRING),
111 ('LogonDomainName', RPC_UNICODE_STRING),
112 ('LogonDomainId', PRPC_SID),
114 # Also called Reserved1
115 ('LMKey', CHAR_FIXED_8_ARRAY),
117 ('UserAccountControl', ULONG),
118 ('SubAuthStatus', ULONG),
119 ('LastSuccessfulILogon', FILETIME),
120 ('LastFailedILogon', FILETIME),
121 ('FailedILogonCount', ULONG),
122 ('Reserved3', ULONG),
124 ('SidCount', ULONG),
125 #('ExtraSids', PNETLOGON_SID_AND_ATTRIBUTES_ARRAY),
126 ('ExtraSids', PKERB_SID_AND_ATTRIBUTES_ARRAY),
127 ('ResourceGroupDomainSid', PISID),
128 ('ResourceGroupCount', ULONG),
129 ('ResourceGroupIds', PGROUP_MEMBERSHIP_ARRAY),
130 )
132class PKERB_VALIDATION_INFO(NDRPOINTER):
133 referent = (
134 ('Data', KERB_VALIDATION_INFO),
135 )
137# 2.6.1 PAC_CREDENTIAL_INFO
138class PAC_CREDENTIAL_INFO(Structure):
139 structure = (
140 ('Version', '<L=0'),
141 ('EncryptionType', '<L=0'),
142 ('SerializedData', ':'),
143 )
145# 2.6.3 SECPKG_SUPPLEMENTAL_CRED
146class SECPKG_SUPPLEMENTAL_CRED(NDRSTRUCT):
147 structure = (
148 ('PackageName', RPC_UNICODE_STRING),
149 ('CredentialSize', ULONG),
150 ('Credentials', PUCHAR_ARRAY),
151 )
153class SECPKG_SUPPLEMENTAL_CRED_ARRAY(NDRUniConformantArray):
154 item = SECPKG_SUPPLEMENTAL_CRED
156# 2.6.2 PAC_CREDENTIAL_DATA
157class PAC_CREDENTIAL_DATA(NDRSTRUCT):
158 structure = (
159 ('CredentialCount', ULONG),
160 ('Credentials', SECPKG_SUPPLEMENTAL_CRED_ARRAY),
161 )
163# 2.6.4 NTLM_SUPPLEMENTAL_CREDENTIAL
164class NTLM_SUPPLEMENTAL_CREDENTIAL(NDRSTRUCT):
165 structure = (
166 ('Version', ULONG),
167 ('Flags', ULONG),
168 ('LmPassword', '16s=b""'),
169 ('NtPassword', '16s=b""'),
170 )
172# 2.7 PAC_CLIENT_INFO
173class PAC_CLIENT_INFO(Structure):
174 structure = (
175 ('ClientId', '<Q=0'),
176 ('NameLength', '<H=0'),
177 ('_Name', '_-Name', 'self["NameLength"]'),
178 ('Name', ':'),
179 )
181# 2.8 PAC_SIGNATURE_DATA
182class PAC_SIGNATURE_DATA(Structure):
183 structure = (
184 ('SignatureType', '<l=0'),
185 ('Signature', ':'),
186 )
188# 2.9 Constrained Delegation Information - S4U_DELEGATION_INFO
189class S4U_DELEGATION_INFO(NDRSTRUCT):
190 structure = (
191 ('S4U2proxyTarget', RPC_UNICODE_STRING),
192 ('TransitedListSize', ULONG),
193 ('S4UTransitedServices', PRPC_UNICODE_STRING_ARRAY ),
194 )
196# 2.10 UPN_DNS_INFO
197class UPN_DNS_INFO(Structure):
198 structure = (
199 ('UpnLength', '<H=0'),
200 ('UpnOffset', '<H=0'),
201 ('DnsDomainNameLength', '<H=0'),
202 ('DnsDomainNameOffset', '<H=0'),
203 ('Flags', '<L=0'),
204 )
206# 2.11 PAC_CLIENT_CLAIMS_INFO
207class PAC_CLIENT_CLAIMS_INFO(Structure):
208 structure = (
209 ('Claims', ':'),
210 )
212# 2.12 PAC_DEVICE_INFO
213class PAC_DEVICE_INFO(NDRSTRUCT):
214 structure = (
215 ('UserId', ULONG),
216 ('PrimaryGroupId', ULONG),
217 ('AccountDomainId', PISID ),
218 ('AccountGroupCount', ULONG ),
219 ('AccountGroupIds', PGROUP_MEMBERSHIP_ARRAY ),
220 ('SidCount', ULONG ),
221 ('ExtraSids', PKERB_SID_AND_ATTRIBUTES_ARRAY ),
222 ('DomainGroupCount', ULONG ),
223 ('DomainGroup', PDOMAIN_GROUP_MEMBERSHIP_ARRAY ),
224 )
226# 2.13 PAC_DEVICE_CLAIMS_INFO
227class PAC_DEVICE_CLAIMS_INFO(Structure):
228 structure = (
229 ('Claims', ':'),
230 )
232class VALIDATION_INFO(TypeSerialization1):
233 structure = (
234 ('Data', PKERB_VALIDATION_INFO),
235 )