ldap_attributes

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2025 License: GPL-3.0 Imports: 3 Imported by: 6

Documentation

Index

Constants

View Source 
const (
	RID_DOMAIN_USER_KRBTGT                                  = 0x000001F6
	RID_DOMAIN_USER_ADMIN                                   = 0x000001F4
	RID_DOMAIN_USER_GUEST                                   = 0x000001F5
	RID_DOMAIN_GROUP_ADMINS                                 = 0x00000200
	RID_DOMAIN_GROUP_USERS                                  = 0x00000201
	RID_DOMAIN_GROUP_GUESTS                                 = 0x00000202
	RID_DOMAIN_GROUP_COMPUTERS                              = 0x00000203
	RID_DOMAIN_GROUP_CONTROLLERS                            = 0x00000204
	RID_DOMAIN_GROUP_CERT_PUBLISHERS                        = 0x00000205
	RID_DOMAIN_GROUP_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS = 0x000001F2
	RID_DOMAIN_GROUP_SCHEMA_ADMINS                          = 0x00000206
	RID_DOMAIN_GROUP_ENTERPRISE_ADMINS                      = 0x00000207
	RID_DOMAIN_GROUP_POLICY_ADMINS                          = 0x00000208
	RID_DOMAIN_GROUP_READONLY_CONTROLLERS                   = 0x00000209
	RID_DOMAIN_GROUP_CLONEABLE_CONTROLLERS                  = 0x0000020A
	RID_DOMAIN_GROUP_CDC_RESERVED                           = 0x0000020C
	RID_DOMAIN_GROUP_PROTECTED_USERS                        = 0x0000020D
	RID_DOMAIN_GROUP_KEY_ADMINS                             = 0x0000020E
	RID_DOMAIN_GROUP_ENTERPRISE_KEY_ADMINS                  = 0x0000020F
	RID_DOMAIN_GROUP_DENIED_RODC_PASSWORD_REPLICATION       = 0x0000023C
	RID_DOMAIN_GROUP_ALIAS_CERTSVC_DCOM_ACCESS              = 0x0000023E
)

Predefined RIDs Src: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/565a6584-3061-4ede-a531-f5c53826504b

View Source 
const (
	RID_LOCAL_ADMINS                         = 0x00000220
	RID_LOCAL_USERS                          = 0x00000221
	RID_LOCAL_GUESTS                         = 0x00000222
	RID_LOCAL_POWER_USERS                    = 0x00000223
	RID_LOCAL_ACCOUNT_OPS                    = 0x00000224
	RID_LOCAL_SERVER_OPS                     = 0x00000225
	RID_LOCAL_PRINT_OPS                      = 0x00000226
	RID_LOCAL_BACKUP_OPS                     = 0x00000227
	RID_LOCAL_REPLICATOR                     = 0x00000228
	RID_LOCAL_RAS_SERVERS                    = 0x00000229
	RID_LOCAL_PREW2KCOMPACCESS               = 0x0000022A
	RID_LOCAL_REMOTE_DESKTOP_USERS           = 0x0000022B
	RID_LOCAL_NETWORK_CONFIGURATION_OPS      = 0x0000022C
	RID_LOCAL_INCOMING_FOREST_TRUST_BUILDERS = 0x0000022D
	RID_LOCAL_MONITORING_USERS               = 0x0000022E
	RID_LOCAL_LOGGING_USERS                  = 0x0000022F
	RID_LOCAL_AUTHORIZATIONACCESS            = 0x00000230
	RID_LOCAL_TS_LICENSE_SERVERS             = 0x00000231
	RID_LOCAL_DCOM_USERS                     = 0x00000232
	RID_LOCAL_IUSERS                         = 0x00000238
	RID_LOCAL_CRYPTO_OPERATORS               = 0x00000239
	RID_LOCAL_CACHEABLE_PRINCIPALS_GROUP     = 0x0000023B
	RID_LOCAL_NON_CACHEABLE_PRINCIPALS_GROUP = 0x0000023C
	RID_LOCAL_EVENT_LOG_READERS_GROUP        = 0x0000023D
	RID_LOCAL_CERTSVC_DCOM_ACCESS_GROUP      = 0x0000023E
	RID_LOCAL_RDS_REMOTE_ACCESS_SERVERS      = 0x0000023F
	RID_LOCAL_RDS_ENDPOINT_SERVERS           = 0x00000240
	RID_LOCAL_RDS_MANAGEMENT_SERVERS         = 0x00000241
	RID_LOCAL_HYPER_V_ADMINS                 = 0x00000242
	RID_LOCAL_ACCESS_CONTROL_ASSISTANCE_OPS  = 0x00000243
	RID_LOCAL_REMOTE_MANAGEMENT_USERS        = 0x00000244
	RID_LOCAL_DEFAULT_ACCOUNT                = 0x00000245
	RID_LOCAL_STORAGE_REPLICA_ADMINS         = 0x00000246
	RID_LOCAL_DEVICE_OWNERS                  = 0x00000247
)

Local RID Src: https://learn.microsoft.com/en-us/windows/win32/secauthz/well-known-sids

View Source 
const (
	// Microsoft EKU OIDs
	EKU_CLIENT_AUTHENTICATION     = "1.3.6.1.5.5.7.3.2"
	EKU_SERVER_AUTHENTICATION     = "1.3.6.1.5.5.7.3.1"
	EKU_CODE_SIGNING              = "1.3.6.1.5.5.7.3.3"
	EKU_EMAIL_PROTECTION          = "1.3.6.1.5.5.7.3.4"
	EKU_TIME_STAMPING             = "1.3.6.1.5.5.7.3.8"
	EKU_OCSP_SIGNING              = "1.3.6.1.5.5.7.3.9"
	EKU_IPSEC_END_SYSTEM          = "1.3.6.1.5.5.7.3.5"
	EKU_IPSEC_TUNNEL              = "1.3.6.1.5.5.7.3.6"
	EKU_IPSEC_USER                = "1.3.6.1.5.5.7.3.7"
	EKU_ANY                       = "2.5.29.37.0"
	EKU_CERTIFICATE_REQUEST_AGENT = "1.3.6.1.4.1.311.20.2.1"
	EKU_SMART_CARD_LOGON          = "1.3.6.1.4.1.311.20.2.2"
	EKU_DS_EMAIL_REPLICATION      = "1.3.6.1.4.1.311.21.19"
	EKU_KDC_AUTHENTICATION        = "1.3.6.1.5.2.3.5"
	EKU_FILE_RECOVERY             = "1.3.6.1.4.1.311.10.3.4"
	EKU_QUALIFIED_SUBORDINATION   = "1.3.6.1.4.1.311.10.3.10"
	EKU_KEY_RECOVERY_AGENT        = "1.3.6.1.4.1.311.21.6"
	EKU_CA_EXCHANGE               = "1.3.6.1.4.1.311.21.5"
	EKU_LIFETIME_SIGNING          = "1.3.6.1.4.1.311.10.3.13"
	EKU_DOCUMENT_SIGNING          = "1.3.6.1.4.1.311.10.3.12"
	EKU_KEY_PACK_LICENSES         = "1.3.6.1.4.1.311.10.6.2"
	EKU_KEY_PACK_SILENT_USER      = "1.3.6.1.4.1.311.10.6.1"
)

We need to check if they are real

View Source 
const (
	ENROLLMENT_FLAG_ADD_EMAIL         = 0x00000002
	ENROLLMENT_FLAG_PUBLISH_TO_DS     = 0x00000008
	ENROLLMENT_FLAG_EXPORTABLE_KEY    = 0x00000010
	ENROLLMENT_FLAG_AUTO_ENROLLMENT   = 0x00000020
	ENROLLMENT_FLAG_MACHINE_TYPE      = 0x00000040
	ENROLLMENT_FLAG_IS_CA             = 0x00000080
	ENROLLMENT_FLAG_ADD_TEMPLATE_NAME = 0x00000200
	ENROLLMENT_FLAG_IS_CROSS_CA       = 0x00000800
	ENROLLMENT_FLAG_DONOTPERSISTINDB  = 0x00001000
	ENROLLMENT_FLAG_IS_DEFAULT        = 0x00010000
	ENROLLMENT_FLAG_IS_MODIFIED       = 0x00020000
)

General Enrollment Flags Src: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/6cc7eb79-3e84-477a-b398-b0ff2b68a6c0

View Source 
const (
	MSPKI_CERTIFICATE_NAME_FLAG_ENROLLEE_SUPPLIES_SUBJECT              = 0x00000001
	MSPKI_CERTIFICATE_NAME_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME     = 0x00010000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_ALT_REQUIRE_DOMAIN_DNS         = 0x00400000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_ALT_REQUIRE_SPN                = 0x00800000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_ALT_REQUIRE_DIRECTORY_GUID     = 0x01000000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_ALT_REQUIRE_UPN                = 0x02000000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_ALT_REQUIRE_EMAIL              = 0x04000000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_ALT_REQUIRE_DNS                = 0x08000000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_REQUIRE_DNS_AS_CN              = 0x10000000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_REQUIRE_EMAIL                  = 0x20000000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_REQUIRE_COMMON_NAME            = 0x40000000
	MSPKI_CERTIFICATE_NAME_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH         = 0x80000000
	MSPKI_CERTIFICATE_NAME_FLAG_OLD_CERT_SUPPLIES_SUBJECT_AND_ALT_NAME = 0x00000008
)

msPKI-Certificate-Name-Flag Attribute Src: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/1192823c-d839-4bc3-9b6b-fa8c53507ae1

View Source 
const (
	MSPKI_ENROLLMENT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS                                  = 0x00000001
	MSPKI_ENROLLMENT_FLAG_PEND_ALL_REQUESTS                                             = 0x00000002
	MSPKI_ENROLLMENT_FLAG_PUBLISH_TO_KRA_CONTAINER                                      = 0x00000004
	MSPKI_ENROLLMENT_FLAG_PUBLISH_TO_DS                                                 = 0x00000008
	MSPKI_ENROLLMENT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE                     = 0x00000010
	MSPKI_ENROLLMENT_FLAG_AUTO_ENROLLMENT                                               = 0x00000020
	MSPKI_ENROLLMENT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT                       = 0x00000040
	MSPKI_ENROLLMENT_FLAG_USER_INTERACTION_REQUIRED                                     = 0x00000100
	MSPKI_ENROLLMENT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE                = 0x00000400
	MSPKI_ENROLLMENT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF                                     = 0x00000800
	MSPKI_ENROLLMENT_FLAG_ADD_OCSP_NOCHECK                                              = 0x00001000
	MSPKI_ENROLLMENT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL              = 0x00002000
	MSPKI_ENROLLMENT_FLAG_NOREVOCATIONINFOINISSUEDCERTS                                 = 0x00004000
	MSPKI_ENROLLMENT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS                        = 0x00008000
	MSPKI_ENROLLMENT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT = 0x00010000
	MSPKI_ENROLLMENT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST                                = 0x00020000
	MSPKI_ENROLLMENT_FLAG_SKIP_AUTO_RENEWAL                                             = 0x00040000
	MSPKI_ENROLLMENT_FLAG_NO_SECURITY_EXTENSION                                         = 0x00080000
)

msPKI-Enrollment-Flag Attribute Src: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/ec71fd43-61c2-407b-83c9-b52272dec8a1

View Source 
const (
	SAM_DOMAIN_OBJECT             = 0x00000000
	SAM_GROUP_OBJECT              = 0x10000000
	SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001
	SAM_ALIAS_OBJECT              = 0x20000000
	SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001
	SAM_USER_OBJECT               = 0x30000000
	SAM_MACHINE_ACCOUNT           = 0x30000001
	SAM_TRUST_ACCOUNT             = 0x30000002
	SAM_APP_BASIC_GROUP           = 0x40000000
	SAM_APP_QUERY_GROUP           = 0x40000001
)

sAMAccountType Values Src: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/e742be45-665d-4576-b872-0bc99d1e1fbe

Variables

View Source 
var DomainFunctionalityLevelToWindowsVersion = map[DomainFunctionalityLevel]string{
	DOMAIN_FUNCTIONALITY_LEVEL_2000:         "Windows 2000",
	DOMAIN_FUNCTIONALITY_LEVEL_2003_INTERIM: "Windows Server 2003 Interim",
	DOMAIN_FUNCTIONALITY_LEVEL_2003:         "Windows Server 2003",
	DOMAIN_FUNCTIONALITY_LEVEL_2008:         "Windows Server 2008",
	DOMAIN_FUNCTIONALITY_LEVEL_2008_R2:      "Windows Server 2008 R2",
	DOMAIN_FUNCTIONALITY_LEVEL_2012:         "Windows Server 2012",
	DOMAIN_FUNCTIONALITY_LEVEL_2012_R2:      "Windows Server 2012 R2",
	DOMAIN_FUNCTIONALITY_LEVEL_2016:         "Windows Server 2016",
	DOMAIN_FUNCTIONALITY_LEVEL_2025:         "Windows Server 2025",
}
View Source 
var DomainRIDs = []int{
	RID_DOMAIN_USER_KRBTGT,
	RID_DOMAIN_USER_ADMIN,
	RID_DOMAIN_USER_GUEST,
	RID_DOMAIN_GROUP_ADMINS,
	RID_DOMAIN_GROUP_USERS,
	RID_DOMAIN_GROUP_GUESTS,
	RID_DOMAIN_GROUP_COMPUTERS,
	RID_DOMAIN_GROUP_CONTROLLERS,
	RID_DOMAIN_GROUP_CERT_PUBLISHERS,
	RID_DOMAIN_GROUP_ENTERPRISE_READONLY_DOMAIN_CONTROLLERS,
	RID_DOMAIN_GROUP_SCHEMA_ADMINS,
	RID_DOMAIN_GROUP_ENTERPRISE_ADMINS,
	RID_DOMAIN_GROUP_POLICY_ADMINS,
	RID_DOMAIN_GROUP_READONLY_CONTROLLERS,
	RID_DOMAIN_GROUP_CLONEABLE_CONTROLLERS,
	RID_DOMAIN_GROUP_CDC_RESERVED,
	RID_DOMAIN_GROUP_PROTECTED_USERS,
	RID_DOMAIN_GROUP_KEY_ADMINS,
	RID_DOMAIN_GROUP_ENTERPRISE_KEY_ADMINS,
	RID_DOMAIN_GROUP_DENIED_RODC_PASSWORD_REPLICATION,
	RID_DOMAIN_GROUP_ALIAS_CERTSVC_DCOM_ACCESS,
}
View Source 
var LocalRIDs = []int{
	RID_LOCAL_ADMINS,
	RID_LOCAL_USERS,
	RID_LOCAL_GUESTS,
	RID_LOCAL_POWER_USERS,
	RID_LOCAL_ACCOUNT_OPS,
	RID_LOCAL_SERVER_OPS,
	RID_LOCAL_PRINT_OPS,
	RID_LOCAL_BACKUP_OPS,
	RID_LOCAL_REPLICATOR,
	RID_LOCAL_RAS_SERVERS,
	RID_LOCAL_PREW2KCOMPACCESS,
	RID_LOCAL_REMOTE_DESKTOP_USERS,
	RID_LOCAL_NETWORK_CONFIGURATION_OPS,
	RID_LOCAL_INCOMING_FOREST_TRUST_BUILDERS,
	RID_LOCAL_MONITORING_USERS,
	RID_LOCAL_LOGGING_USERS,
	RID_LOCAL_AUTHORIZATIONACCESS,
	RID_LOCAL_TS_LICENSE_SERVERS,
	RID_LOCAL_DCOM_USERS,
	RID_LOCAL_IUSERS,
	RID_LOCAL_CRYPTO_OPERATORS,
	RID_LOCAL_CACHEABLE_PRINCIPALS_GROUP,
	RID_LOCAL_NON_CACHEABLE_PRINCIPALS_GROUP,
	RID_LOCAL_EVENT_LOG_READERS_GROUP,
	RID_LOCAL_CERTSVC_DCOM_ACCESS_GROUP,
	RID_LOCAL_RDS_REMOTE_ACCESS_SERVERS,
	RID_LOCAL_RDS_ENDPOINT_SERVERS,
	RID_LOCAL_RDS_MANAGEMENT_SERVERS,
	RID_LOCAL_HYPER_V_ADMINS,
	RID_LOCAL_ACCESS_CONTROL_ASSISTANCE_OPS,
	RID_LOCAL_REMOTE_MANAGEMENT_USERS,
	RID_LOCAL_DEFAULT_ACCOUNT,
	RID_LOCAL_STORAGE_REPLICA_ADMINS,
	RID_LOCAL_DEVICE_OWNERS,
}
View Source 
var PasswordPropertiesDescriptions = map[PasswordProperties]string{
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_COMPLEX:         "The password must have a mix of at least two of the following types of characters: Uppercase characters, Lowercase characters, Numerals.",
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_NO_ANON_CHANGE:  "The password cannot be changed without logging on. Otherwise, if your password has expired, you can change your password and then log on.",
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_NO_CLEAR_CHANGE: "Forces the client to use a protocol that does not allow the domain controller to get the plaintext password.",
	PASSWORD_PROPERTY_DOMAIN_LOCKOUT_ADMINS:           "Allows the built-in administrator account to be locked out from network logons.",
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_STORE_CLEARTEXT: "The directory service is storing a plaintext password for all users instead of a hash function of the password.",
	PASSWORD_PROPERTY_DOMAIN_REFUSE_PASSWORD_CHANGE:   "Removes the requirement that the machine account password be automatically changed every week. This value should not be used as it can weaken security.",
}
View Source 
var PasswordPropertiesMap = map[PasswordProperties]string{
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_COMPLEX:         "DOMAIN_PASSWORD_COMPLEX",
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_NO_ANON_CHANGE:  "DOMAIN_PASSWORD_NO_ANON_CHANGE",
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_NO_CLEAR_CHANGE: "DOMAIN_PASSWORD_NO_CLEAR_CHANGE",
	PASSWORD_PROPERTY_DOMAIN_LOCKOUT_ADMINS:           "DOMAIN_LOCKOUT_ADMINS",
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_STORE_CLEARTEXT: "DOMAIN_PASSWORD_STORE_CLEARTEXT",
	PASSWORD_PROPERTY_DOMAIN_REFUSE_PASSWORD_CHANGE:   "DOMAIN_REFUSE_PASSWORD_CHANGE",
}
View Source 
var SAMAccountTypeMap = map[SAMAccountType]string{
	SAM_DOMAIN_OBJECT:             "DOMAIN_OBJECT",
	SAM_GROUP_OBJECT:              "GROUP_OBJECT",
	SAM_NON_SECURITY_GROUP_OBJECT: "NON_SECURITY_GROUP_OBJECT",
	SAM_ALIAS_OBJECT:              "ALIAS_OBJECT",
	SAM_NON_SECURITY_ALIAS_OBJECT: "NON_SECURITY_ALIAS_OBJECT",
	SAM_USER_OBJECT:               "USER_OBJECT",
	SAM_MACHINE_ACCOUNT:           "MACHINE_ACCOUNT",
	SAM_TRUST_ACCOUNT:             "TRUST_ACCOUNT",
	SAM_APP_BASIC_GROUP:           "APP_BASIC_GROUP",
	SAM_APP_QUERY_GROUP:           "APP_QUERY_GROUP",
}
View Source 
var UserAccountControlMap = map[UserAccountControl]string{
	UAF_SCRIPT:                         "SCRIPT",
	UAF_ACCOUNT_DISABLED:               "ACCOUNT_DISABLED",
	UAF_HOMEDIR_REQUIRED:               "HOMEDIR_REQUIRED",
	UAF_LOCKOUT:                        "LOCKOUT",
	UAF_PASSWD_NOTREQD:                 "PASSWD_NOTREQD",
	UAF_PASSWD_CANT_CHANGE:             "PASSWD_CANT_CHANGE",
	UAF_ENCRYPTED_TEXT_PWD_ALLOWED:     "ENCRYPTED_TEXT_PWD_ALLOWED",
	UAF_TEMP_DUPLICATE_ACCOUNT:         "TEMP_DUPLICATE_ACCOUNT",
	UAF_NORMAL_ACCOUNT:                 "NORMAL_ACCOUNT",
	UAF_INTERDOMAIN_TRUST_ACCOUNT:      "INTERDOMAIN_TRUST_ACCOUNT",
	UAF_WORKSTATION_TRUST_ACCOUNT:      "WORKSTATION_TRUST_ACCOUNT",
	UAF_SERVER_TRUST_ACCOUNT:           "SERVER_TRUST_ACCOUNT",
	UAF_DONT_EXPIRE_PASSWORD:           "DONT_EXPIRE_PASSWORD",
	UAF_MNS_LOGON_ACCOUNT:              "MNS_LOGON_ACCOUNT",
	UAF_SMARTCARD_REQUIRED:             "SMARTCARD_REQUIRED",
	UAF_TRUSTED_FOR_DELEGATION:         "TRUSTED_FOR_DELEGATION",
	UAF_NOT_DELEGATED:                  "NOT_DELEGATED",
	UAF_USE_DES_KEY_ONLY:               "USE_DES_KEY_ONLY",
	UAF_DONT_REQ_PREAUTH:               "DONT_REQ_PREAUTH",
	UAF_PASSWORD_EXPIRED:               "PASSWORD_EXPIRED",
	UAF_TRUSTED_TO_AUTH_FOR_DELEGATION: "TRUSTED_TO_AUTH_FOR_DELEGATION",
	UAF_PARTIAL_SECRETS_ACCOUNT:        "PARTIAL_SECRETS_ACCOUNT",
}

Functions

This section is empty.

Types

type DomainFunctionalityLevel 

type DomainFunctionalityLevel uint8
const (
	DOMAIN_FUNCTIONALITY_LEVEL_2000         DomainFunctionalityLevel = 0
	DOMAIN_FUNCTIONALITY_LEVEL_2003_INTERIM DomainFunctionalityLevel = 1
	DOMAIN_FUNCTIONALITY_LEVEL_2003         DomainFunctionalityLevel = 2
	DOMAIN_FUNCTIONALITY_LEVEL_2008         DomainFunctionalityLevel = 3
	DOMAIN_FUNCTIONALITY_LEVEL_2008_R2      DomainFunctionalityLevel = 4
	DOMAIN_FUNCTIONALITY_LEVEL_2012         DomainFunctionalityLevel = 5
	DOMAIN_FUNCTIONALITY_LEVEL_2012_R2      DomainFunctionalityLevel = 6
	DOMAIN_FUNCTIONALITY_LEVEL_2016         DomainFunctionalityLevel = 7
	DOMAIN_FUNCTIONALITY_LEVEL_2025         DomainFunctionalityLevel = 10
)

func (DomainFunctionalityLevel) IsSupported 

func (v DomainFunctionalityLevel) IsSupported() bool

func (DomainFunctionalityLevel) String 

func (v DomainFunctionalityLevel) String() string

type PasswordProperties 

type PasswordProperties uint32
const (
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_COMPLEX         PasswordProperties = 1
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_NO_ANON_CHANGE  PasswordProperties = 2
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_NO_CLEAR_CHANGE PasswordProperties = 4
	PASSWORD_PROPERTY_DOMAIN_LOCKOUT_ADMINS           PasswordProperties = 8
	PASSWORD_PROPERTY_DOMAIN_PASSWORD_STORE_CLEARTEXT PasswordProperties = 16
	PASSWORD_PROPERTY_DOMAIN_REFUSE_PASSWORD_CHANGE   PasswordProperties = 32
)

PasswordProperties Src: https://learn.microsoft.com/en-us/windows/win32/api/ntsecapi/ns-ntsecapi-domain_password_information

func (PasswordProperties) Description 

func (pwdProperties PasswordProperties) Description() string

func (PasswordProperties) String 

func (pwdProperties PasswordProperties) String() string

type SAMAccountType 

type SAMAccountType uint32

func (SAMAccountType) String 

func (sam SAMAccountType) String() string

type UserAccountControl 

type UserAccountControl uint32
const (
	UAF_SCRIPT                         UserAccountControl = 1       // 1
	UAF_ACCOUNT_DISABLED               UserAccountControl = 1 << 1  // 2
	UAF_HOMEDIR_REQUIRED               UserAccountControl = 1 << 2  // 4
	UAF_RESERVED_03                    UserAccountControl = 1 << 3  // 8
	UAF_LOCKOUT                        UserAccountControl = 1 << 4  // 16
	UAF_PASSWD_NOTREQD                 UserAccountControl = 1 << 5  // 32
	UAF_PASSWD_CANT_CHANGE             UserAccountControl = 1 << 6  // 64
	UAF_ENCRYPTED_TEXT_PWD_ALLOWED     UserAccountControl = 1 << 7  // 128
	UAF_TEMP_DUPLICATE_ACCOUNT         UserAccountControl = 1 << 8  // 256
	UAF_NORMAL_ACCOUNT                 UserAccountControl = 1 << 9  // 512
	UAF_RESERVED_10                    UserAccountControl = 1 << 10 // 1024
	UAF_INTERDOMAIN_TRUST_ACCOUNT      UserAccountControl = 1 << 11 // 2048
	UAF_WORKSTATION_TRUST_ACCOUNT      UserAccountControl = 1 << 12 // 4096
	UAF_SERVER_TRUST_ACCOUNT           UserAccountControl = 1 << 13 // 8192
	UAF_RESERVED_14                    UserAccountControl = 1 << 14 // 16384
	UAF_RESERVED_15                    UserAccountControl = 1 << 15 // 32768
	UAF_DONT_EXPIRE_PASSWORD           UserAccountControl = 1 << 16 // 65536
	UAF_MNS_LOGON_ACCOUNT              UserAccountControl = 1 << 17 // 131072
	UAF_SMARTCARD_REQUIRED             UserAccountControl = 1 << 18 // 262144
	UAF_TRUSTED_FOR_DELEGATION         UserAccountControl = 1 << 19 // 524288
	UAF_NOT_DELEGATED                  UserAccountControl = 1 << 20 // 1048576
	UAF_USE_DES_KEY_ONLY               UserAccountControl = 1 << 21 // 2097152
	UAF_DONT_REQ_PREAUTH               UserAccountControl = 1 << 22 // 4194304
	UAF_PASSWORD_EXPIRED               UserAccountControl = 1 << 23 // 8388608
	UAF_TRUSTED_TO_AUTH_FOR_DELEGATION UserAccountControl = 1 << 24 // 16777216
	UAF_RESERVED_25                    UserAccountControl = 1 << 25 // 33554432
	UAF_RESERVED_26                    UserAccountControl = 1 << 26 // 67108864
	UAF_PARTIAL_SECRETS_ACCOUNT        UserAccountControl = 1 << 27 // 134217728
	UAF_RESERVED_28                    UserAccountControl = 1 << 28 // 268435456
	UAF_RESERVED_29                    UserAccountControl = 1 << 29 // 536870912
	UAF_RESERVED_30                    UserAccountControl = 1 << 30 // 1073741824
	UAF_RESERVED_31                    UserAccountControl = 1 << 31 // 2147483648
)

UserAccountControl Src: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/useraccountcontrol-manipulate-account-properties

func (UserAccountControl) GetFlags 

func (uac UserAccountControl) GetFlags() []UserAccountControl

GetFlags returns a slice of UserAccountControl flags that are set in the UserAccountControl value.

The function iterates over the UserAccountControlMap to check which flags are set in the UserAccountControl value. It collects the flags that are set and returns them as a slice of UserAccountControl values, sorted in ascending order.

Returns:

  • A slice of UserAccountControl values representing the set flags, sorted in ascending order.

Example usage: 

uac := ldap_attributes.UserAccountControl(0x00000010 | 0x00000020)
flags := uac.GetFlags()
for _, flag := range flags {
    fmt.Println(flag)
}

This function is useful for obtaining a list of individual flags set in the UserAccountControl value, which can be used for further processing or analysis.

func (UserAccountControl) String 

func (uac UserAccountControl) String() string

String returns a string representation of the UserAccountControl flags.

The function iterates over the UserAccountControlMap to check which flags are set in the UserAccountControl value. It collects the string representations of the set flags, sorts them alphabetically, and joins them with a pipe ("|") separator.

Returns:

  • A string containing the names of the set flags, separated by a pipe ("|").

Example usage: 

uac := ldap_attributes.UserAccountControl(0x00000010 | 0x00000020)
fmt.Println(uac.String()) // Output: "LOCKOUT|PASSWD_NOTREQD"

This function is useful for debugging and logging purposes, allowing a human-readable representation of the UserAccountControl flags.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.