The IDL parser for the Microsoft Extension of the C706: DCE/RPC 1.1.
The client stub generator for many MSRPC / DCOM services including (but not limited to - see complete list below) Netlogon, Windows Registry, Eventlog, DCOM (OXID resolver), WMI (query and method exec) support.
See examples and dcerpc package documentation.
Examples rely on following environment variables:
| Name | Description | Example |
|---|---|---|
| USERNAME | The Domain\Username | "MSAD2.COM\User" |
| PASSWORD | The password | "password" |
| PASSWORD_MD4 | The password hash (use go run examples/helpers/nt_hash.go -d $PASSWORD to generate the hash) | "f077ca4b7d73486a45e75dcdd74cd5bd" |
| WORKSTATION | The workstation name | "Ubuntu" |
| SERVER | The server FQDN or IP | "192.168.0.22" |
| SERVER_NAME | The server NetBIOS name | "WIN2019" |
| SERVER_HOST | The server FQDN | "my-server.win2019.com" |
| SAM_USERNAME | The machine account name (see examples/netlogon_sec_channel.go) | "COMPUTER$" |
| SAM_PASSWORD | The machine account password (see examples/netlogon_sec_channel.go) | "password" |
| SAM_WORKSTATION | The machine account workstation name | "COMPUTER" |
| TARGET | The target name (SPN) for kerberos. | "host/my-server.win2019.com" |
| KRB5_CONFIG | The kerberos config path. | "/path/to/krb5.conf" |
For codegeneration, run make all to regenerate all sources, or make nrpc.go.
The library implements the CO RPC v5 (dcerpc package) with following features:
-
Connection Multiplexing: multiple clients over single connection
-
Multiple Connection per Association Group: ability to use context handles from one connection on another, flexibility in arranging the clients-per-connection-per-association
-
Verification Trailer: ability to add verification trailer to the request payload
-
Kerberos, Netlogon, NTLM, SPNEGO Authentication
-
Endpoint mapper / string binding support
-
DCOM basic support
-
Eventlog BinXML parser
-
WMIO object unmarshaler / marshaler.
The library implements some of the extensions defined in MS-RPCE document:
-
Security Context Multiplexing: ability to create multiple security contexts over the same logical connection.
-
Bind-time Feature Negotiation: (actually not a feature).
-
Header Signing: (legacy thing,
The library contains the GSS-API interface definitions. (ssp/gssapi)
The library contains the ssp package which has an implementation for the
various security service providers, like Kerberos, NTLM, Netlogon (Secure Channel),
SPNEGO.
-
GSSAPI interface implementation including Ex-methods defined in Microsoft documentation
-
Kerberos:
-
Supported Enc Types: RC4-HMAC, AES128-CTS-HMAC-SHA1, AES256-CTS-HMAC-SHA1
-
DCE and non-DCE APReq/APRep style
-
-
NTLM
- Supported Versions: NTLMv1, NTLMv2
-
Netlogon:
- Supported Encryption Types: RC4-HMAC, AES-SHA2
-
SPNEGO:
-
Supported Mech List MIC
-
Supported NegTokenInit2
-
The codegen package also generates the documentation for the generated code pulled from the MSDN portal. (it can be quite inaccurate with determining general comment boundaries vs actual field descriptions, so inaccurate can be an HTML on MSDN side).
The codegen/go_names contains the ad-hoc naming engine, which sometimes
quite sucks (so does the overall naming convention in IDL documents, seriously,
how much time the average microsoft developer saves by writing para instead of param),
but for most of the situations, provide a way to generate the
names that comply with golang naming convention and give more intuition behind
this or that field.
-
L.0001:
#definestatements are applicable only for constant declaration; -
L.0002:
cpp_quotecontents are limited only for constant declaration; -
L.0005:
int constdeclaration is not supported. -
L.0006:
wchar_t,status_error_tare predefined.
-
Testing (I don't have much time)
-
Handle reserved arguments/structure fields used for
switch_isandsize_isstatements. -
Derive the type from field name, like
^f[A-Z]->boolean. -
Pipes support
-
Callbacks Support / Server-Side Support
-
Static strings
-
Investigate: Association Group ID is not shared across several named pipe connections. (each NP requires dedicated connection).
-
Convenient way to combine SPNEGO and NTLM/KRB5 within connection option.
Without these projects, it would be absolutely impossible to implement go-msrpc.
Don't hesitate to raise an issues (and only then raise a PR), the project is quite raw, and I don't have much time, so, a lot of errors and issues are yet to discover.