Class: Rex::Proto::Kerberos::Pac::Krb5ValidationInfo

Inherits:

RubySMB::Dcerpc::Ndr::NdrStruct

• Object
• RubySMB::Dcerpc::Ndr::NdrStruct
• Rex::Proto::Kerberos::Pac::Krb5ValidationInfo

Defined in:

lib/rex/proto/kerberos/pac/krb5_pac.rb

Overview

learn.microsoft.com/en-us/openspecs/windows_protocols/ms-pac/69e86ccc-85e3-41b9-b514-7d969cd0ed73

Direct Known Subclasses

Krb5ValidationInfoPtr

Instance Attribute Summary

• #bad_password_count ⇒ Integer

  User account's badPwdCount attribute.

• #effective_name ⇒ RpcUnicodeString

  User account's samAccountName attribute.

• #extra_sids ⇒ Integer

  corresponding to groups in domains other than the account domain to which the principal belongs.

• #failed_i_logon_count ⇒ Integer

  User account's msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon.

• #full_name ⇒ RpcUnicodeString

  User account's full name for interactive logon.

• #group_count ⇒ Integer

  Number of groups within the account domain to which the account belongs.

• #group_memberships ⇒ Integer

  List of GROUP_MEMBERSHIP structures that contains the groups to which the account belongs in the account domain.

• #home_directory ⇒ RpcUnicodeString

  User account's HomeDirectory attribute.

• #home_directory_drive ⇒ RpcUnicodeString

  User account's HomeDrive attribute.

• #kick_off_time ⇒ FileTime

  Logoff_time minus the user account's forceLogoff attribute.

• #last_failed_i_logon ⇒ FileTime

  User account's msDS-LastFailedInteractiveLogonTime.

• #last_successful_i_logon ⇒ FileTime

  User account's msDS-LastSuccessfulInteractiveLogonTime.

• #logoff_time ⇒ FileTime

  Time the client's logon session is set to expire.

• #logon_count ⇒ Integer

  User account's LogonCount attribute.

• #logon_domain_id ⇒ Integer

  SID for the domain specified in LogonDomainName.

• #logon_domain_name ⇒ RpcUnicodeString

  NetBIOS name of the domain to which this account belongs.

• #logon_script ⇒ RpcUnicodeString

  User account's scriptPath attribute.

• #logon_server ⇒ RpcUnicodeString

  NetBIOS name of the Kerberos KDC that performed the authentication server (AS) ticket request.

• #logon_time ⇒ FileTime

  User account's lastLogon attributeÏ.

• #password_can_change ⇒ FileTime

  Time at which the client's password is allowed to change.

• #password_last_set ⇒ FileTime

  User account's pwdLastSet attribute.

• #password_must_change ⇒ FileTime

  Time at which the client's password expires.

• #primary_group_id ⇒ Integer

  RID for the primary group to which this account belongs.

• #profile_path ⇒ RpcUnicodeString

  User account's profilePath attribute.

• #reserved_1 ⇒ Integer

  This member is reserved.

• #reserved_3 ⇒ Integer

  This member is reserved.

• #resource_group_count ⇒ Integer

  Number of resource group identifiers stored in ResourceGroupIds.

• #resource_group_domain_sid ⇒ Integer

  SID of the domain for the server whose resources the client is authenticating to.

• #resource_group_ids_ptr ⇒ Integer

  account's groups in the resource domain.

• #sid_count ⇒ Integer

  Total number of SIDs present in the ExtraSids member.

• #sub_auth_status ⇒ Integer

  Subauthentication package's status code.

• #user_account_control ⇒ Integer

  Set of bit flags that represent information about this account.

• #user_flags ⇒ Integer

  A set of bit flags that describe the user's logon information.

• #user_id ⇒ Integer

  RID of the account.

• #user_session_key ⇒ Integer

  A session key that is used for cryptographic operations on a session.

Instance Method Summary

• #group_ids=(group_ids) ⇒ Object

Instance Attribute Details

#bad_password_count ⇒ Integer

Returns User account's badPwdCount attribute.

Returns:

• (Integer) —

  User account's badPwdCount attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 444

ndr_uint16 :bad_password_count

#effective_name ⇒ RpcUnicodeString

Returns User account's samAccountName attribute.

Returns:

• (RpcUnicodeString) —

  User account's samAccountName attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 416

rpc_unicode_string :effective_name

#extra_sids ⇒ Integer

corresponding to groups in domains other than the account domain to which the principal belongs

Returns:

• (Integer) —

  A list of KERB_SID_AND_ATTRIBUTES structures that contain a list of SIDs

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 527

krb5_sid_and_attributes_ptr :extra_sids

#failed_i_logon_count ⇒ Integer

Returns User account's msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon.

Returns:

• (Integer) —

  User account's msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 514

ndr_uint32 :failed_i_logon_count

#full_name ⇒ RpcUnicodeString

Returns User account's full name for interactive logon.

Returns:

• (RpcUnicodeString) —

  User account's full name for interactive logon

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 420

rpc_unicode_string :full_name

#group_count ⇒ Integer

Returns Number of groups within the account domain to which the account belongs.

Returns:

• (Integer) —

  Number of groups within the account domain to which the account belongs

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 456

ndr_uint32 :group_count, initial_value: -> { group_memberships.length }

#group_memberships ⇒ Integer

Returns List of GROUP_MEMBERSHIP structures that contains the groups to which the account belongs in the account domain.

Returns:

• (Integer) —

  List of GROUP_MEMBERSHIP structures that contains the groups to which the account belongs in the account domain

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 460

pgroup_membership_array :group_memberships, type: [:group_membership, { byte_align: 4 }]

#home_directory ⇒ RpcUnicodeString

Returns User account's HomeDirectory attribute.

Returns:

• (RpcUnicodeString) —

  User account's HomeDirectory attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 432

rpc_unicode_string :home_directory

#home_directory_drive ⇒ RpcUnicodeString

Returns User account's HomeDrive attribute.

Returns:

• (RpcUnicodeString) —

  User account's HomeDrive attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 436

rpc_unicode_string :home_directory_drive

#kick_off_time ⇒ FileTime

Returns logoff_time minus the user account's forceLogoff attribute.

Returns:

• (FileTime) —

  logoff_time minus the user account's forceLogoff attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 400

ndr_file_time :kick_off_time, initial_value: NEVER_EXPIRE

#last_failed_i_logon ⇒ FileTime

Returns User account's msDS-LastFailedInteractiveLogonTime.

Returns:

• (FileTime) —

  User account's msDS-LastFailedInteractiveLogonTime

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 510

ndr_file_time :last_failed_i_logon

#last_successful_i_logon ⇒ FileTime

Returns User account's msDS-LastSuccessfulInteractiveLogonTime.

Returns:

• (FileTime) —

  User account's msDS-LastSuccessfulInteractiveLogonTime

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 506

ndr_file_time :last_successful_i_logon

#logoff_time ⇒ FileTime

Returns Time the client's logon session is set to expire.

Returns:

• (FileTime) —

  Time the client's logon session is set to expire

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 396

ndr_file_time :logoff_time, initial_value: NEVER_EXPIRE

#logon_count ⇒ Integer

Returns User account's LogonCount attribute.

Returns:

• (Integer) —

  User account's LogonCount attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 440

ndr_uint16 :logon_count

#logon_domain_id ⇒ Integer

Returns SID for the domain specified in LogonDomainName.

Returns:

• (Integer) —

  SID for the domain specified in LogonDomainName

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 489

prpc_sid :logon_domain_id

#logon_domain_name ⇒ RpcUnicodeString

Returns NetBIOS name of the domain to which this account belongs.

Returns:

• (RpcUnicodeString) —

  NetBIOS name of the domain to which this account belongs

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 485

rpc_unicode_string :logon_domain_name

#logon_script ⇒ RpcUnicodeString

Returns User account's scriptPath attribute.

Returns:

• (RpcUnicodeString) —

  User account's scriptPath attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 424

rpc_unicode_string :logon_script

#logon_server ⇒ RpcUnicodeString

Returns NetBIOS name of the Kerberos KDC that performed the authentication server (AS) ticket request.

Returns:

• (RpcUnicodeString) —

  NetBIOS name of the Kerberos KDC that performed the authentication server (AS) ticket request

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 481

rpc_unicode_string :logon_server

#logon_time ⇒ FileTime

Returns User account's lastLogon attributeÏ.

Returns:

• (FileTime) —

  User account's lastLogon attributeÏ

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 392

ndr_file_time :logon_time

#password_can_change ⇒ FileTime

Returns Time at which the client's password is allowed to change.

Returns:

• (FileTime) —

  Time at which the client's password is allowed to change

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 408

ndr_file_time :password_can_change

#password_last_set ⇒ FileTime

Returns User account's pwdLastSet attribute.

Returns:

• (FileTime) —

  User account's pwdLastSet attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 404

ndr_file_time :password_last_set

#password_must_change ⇒ FileTime

Returns Time at which the client's password expires.

Returns:

• (FileTime) —

  Time at which the client's password expires

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 412

ndr_file_time :password_must_change, initial_value: NEVER_EXPIRE

#primary_group_id ⇒ Integer

Returns RID for the primary group to which this account belongs.

Returns:

• (Integer) —

  RID for the primary group to which this account belongs

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 452

ndr_uint32 :primary_group_id

#profile_path ⇒ RpcUnicodeString

Returns User account's profilePath attribute.

Returns:

• (RpcUnicodeString) —

  User account's profilePath attribute

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 428

rpc_unicode_string :profile_path

#reserved_1 ⇒ Integer

Returns This member is reserved.

Returns:

• (Integer) —

  This member is reserved

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 494

ndr_fix_array :reserved_1, initial_length: 2, type: :ndr_uint32

#reserved_3 ⇒ Integer

Returns This member is reserved.

Returns:

• (Integer) —

  This member is reserved

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 518

ndr_uint32 :reserved_3

#resource_group_count ⇒ Integer

Returns Number of resource group identifiers stored in ResourceGroupIds.

Returns:

• (Integer) —

  Number of resource group identifiers stored in ResourceGroupIds

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 535

ndr_uint32 :resource_group_count

#resource_group_domain_sid ⇒ Integer

Returns SID of the domain for the server whose resources the client is authenticating to.

Returns:

• (Integer) —

  SID of the domain for the server whose resources the client is authenticating to

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 531

prpc_sid :resource_group_domain_sid

#resource_group_ids_ptr ⇒ Integer

account's groups in the resource domain

Returns:

• (Integer) —

  Pointer to list of GROUP_MEMBERSHIP structures that contain the RIDs and attributes of the

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 540

pgroup_membership_array :resource_group_ids_ptr, type: [:group_membership, { byte_align: 4 }]

#sid_count ⇒ Integer

Returns Total number of SIDs present in the ExtraSids member.

Returns:

• (Integer) —

  Total number of SIDs present in the ExtraSids member

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 522

ndr_uint32 :sid_count, initial_value: -> { extra_sids.length }

#sub_auth_status ⇒ Integer

Returns Subauthentication package's status code.

Returns:

• (Integer) —

  Subauthentication package's status code

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 502

ndr_uint32 :sub_auth_status

#user_account_control ⇒ Integer

Returns Set of bit flags that represent information about this account.

Returns:

• (Integer) —

  Set of bit flags that represent information about this account

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 498

ndr_uint32 :user_account_control, initial_value: USER_NORMAL_ACCOUNT | USER_DONT_EXPIRE_PASSWORD

#user_flags ⇒ Integer

Returns A set of bit flags that describe the user's logon information.

Returns:

• (Integer) —

  A set of bit flags that describe the user's logon information

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 465

ndr_uint32 :user_flags,
initial_value: -> do
  value = 0
  # Bit D: Indicates that the ExtraSids field is populated and contains additional SIDs.
  value |= (1 << 5) if self.sid_count > 0
  # Bit H: Indicates that the ResourceGroupIds field is populated.
  value |= (1 << 9) if self.resource_group_count > 0
  value
end

#user_id ⇒ Integer

Returns RID of the account.

Returns:

• (Integer) —

  RID of the account

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 448

ndr_uint32 :user_id

#user_session_key ⇒ Integer

Returns A session key that is used for cryptographic operations on a session.

Returns:

• (Integer) —

  A session key that is used for cryptographic operations on a session

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 477

user_session_key :user_session_key

Instance Method Details

#group_ids=(group_ids) ⇒ Object

# File 'lib/rex/proto/kerberos/pac/krb5_pac.rb', line 542

def group_ids=(group_ids)
  self.group_memberships = group_ids.map do |id|
    { relative_id: id, attributes: SE_GROUP_ALL }
  end
end