2 * Routines for Novell Modular Authentication Service
3 * Greg Morris <gmorris@novell.com>
4 * Copyright (c) Novell, Inc. 2002-2004
6 * $Id: packet-ncp-nmas.c,v 1.1 2004/02/29 08:01:22 guy Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
33 #include <epan/packet.h>
35 #include "packet-ncp-int.h"
36 #include "packet-ncp-nmas.h"
38 static gint ett_nmas = -1;
40 static int proto_nmas = -1;
41 static int hf_func = -1;
42 static int hf_subfunc = -1;
43 static int hf_ping_version = -1;
44 static int hf_ping_flags = -1;
45 static int hf_frag_handle = -1;
46 static int hf_length = -1;
47 static int hf_subverb = -1;
48 static int hf_tree = -1;
49 static int hf_user = -1;
50 static int hf_nmas_version = -1;
51 static int hf_msg_version = -1;
52 static int hf_session_ident = -1;
53 static int hf_msg_verb = -1;
54 static int hf_attribute = -1;
55 static int hf_clearence = -1;
56 static int hf_login_sequence = -1;
57 static int hf_opaque = -1;
58 static int hf_data = -1;
59 static int hf_return_code = -1;
60 static int hf_lsm_verb = -1;
61 static int hf_squeue_bytes = -1;
62 static int hf_cqueue_bytes = -1;
63 static int hf_num_creds = -1;
64 static int hf_cred_type = -1;
65 static int hf_login_state = -1;
66 static int hf_enc_cred = -1;
67 static int hf_enc_data = -1;
69 static const value_string nmas_func_enum[] = {
70 { 0x00000001, "Ping" },
71 { 0x00000002, "Fragment" },
72 { 0x00000003, "Abort" },
76 static const value_string nmas_subverb_enum[] = {
77 { 0, "Fragmented Ping" },
78 { 2, "Client Put Data" },
79 { 4, "Client Get Data" },
80 { 6, "Client Get User NDS Credentials" },
81 { 8, "Login Store Management" },
82 { 10, "Writable Object Check" },
83 { 1242, "Message Handler" },
87 static const value_string nmas_msgverb_enum[] = {
89 { 3, "Start Session" },
90 { 5, "Client Write Data" },
91 { 7, "Client Read Data" },
96 static const value_string nmas_attribute_enum[] = {
100 { 11, "Login Sequence" },
104 static const value_string nmas_lsmverb_enum[] = {
105 { 1, "Put Login Configuration" },
106 { 2, "Get Login Configuration" },
107 { 4, "Delete Login Configuration" },
108 { 5, "Put Login Secret" },
109 { 6, "Delete Login Secret" },
113 static const value_string nmas_errors_enum[] = {
114 { 0xFFFFF9A1, "(-1631) FRAGMENT FAILURE" },
115 { 0xFFFFF9A0, "(-1632) BAD REQUEST SYNTAX" },
116 { 0xFFFFF99F, "(-1633) BUFFER OVERFLOW" },
117 { 0xFFFFF99E, "(-1634) SYSTEM RESOURCES" },
118 { 0xFFFFF99D, "(-1635) INSUFFICIENT MEMORY" },
119 { 0xFFFFF99C, "(-1636) NOT SUPPORTED" },
120 { 0xFFFFF99B, "(-1637) BUFFER UNDERFLOW" },
121 { 0xFFFFF99A, "(-1638) NOT FOUND" },
122 { 0xFFFFF999, "(-1639) INVALID OPERATION" },
123 { 0xFFFFF998, "(-1640) ASN1 DECODE" },
124 { 0xFFFFF997, "(-1641) ASN1 ENCODE" },
125 { 0xFFFFF996, "(-1642) LOGIN FAILED" },
126 { 0xFFFFF995, "(-1643) INVALID PARAMETER" },
127 { 0xFFFFF994, "(-1644) TIMED OUT RECOVERABLE" },
128 { 0xFFFFF993, "(-1645) TIMED OUT NOT RECOVERABLE" },
129 { 0xFFFFF992, "(-1646) TIMED OUT UNKNOWN" },
130 { 0xFFFFF991, "(-1647) AUTHORIZATION FAILURE" },
131 { 0xFFFFF990, "(-1648) INVALID DISTINGUSHED NAME" },
132 { 0xFFFFF98F, "(-1649) CANNOT RESOLVE DISTINGUISHED NAME" },
133 { 0xFFFFF98E, "(-1650) CANNOT RESOLVE CONNECTION" },
134 { 0xFFFFF98D, "(-1651) NO CRYPTOGRAPHY" },
135 { 0xFFFFF98C, "(-1652) INVALID VERSION" },
136 { 0xFFFFF98B, "(-1653) SYNC NEEDED" },
137 { 0xFFFFF98A, "(-1654) PROTOCOL STATE" },
138 { 0xFFFFF989, "(-1655) INVALID HANDLE" },
139 { 0xFFFFF988, "(-1656) INVALID METHOD" },
140 { 0xFFFFF987, "(-1657) DEVELOPMENT VERSION" },
141 { 0xFFFFF986, "(-1658) MISSING KEY" },
142 { 0xFFFFF985, "(-1659) ACCESS NOT ALLOWED" },
143 { 0xFFFFF984, "(-1660) SEQUENCE NOT FOUND" },
144 { 0xFFFFF983, "(-1661) CLEARANCE NOT FOUND" },
145 { 0xFFFFF982, "(-1662) LOGIN SERVER METHOD NOT FOUND" },
146 { 0xFFFFF981, "(-1663) LOGIN CLIENT METHOD NOT FOUND" },
147 { 0xFFFFF980, "(-1664) SERVER NOT FOUND" },
148 { 0xFFFFF97F, "(-1665) LOGIN ATTRIBUTE NOT FOUND" },
149 { 0xFFFFF97E, "(-1666) LEGACY INVALID PASSWORD" },
150 { 0xFFFFF97D, "(-1667) ACCOUNT DISABLED" },
151 { 0xFFFFF97C, "(-1668) ACCOUNT LOCKED" },
152 { 0xFFFFF97B, "(-1669) ADDRESS RESTRICTION" },
153 { 0xFFFFF97A, "(-1670) CONNECTION CLEARED" },
154 { 0xFFFFF979, "(-1671) TIME RESTRICTION" },
155 { 0xFFFFF978, "(-1672) SHORT TERM SECRET" },
156 { 0xFFFFF977, "(-1673) NO NMAS ON TREE" },
157 { 0xFFFFF976, "(-1674) NO NMAS ON SERVER" },
158 { 0xFFFFF975, "(-1675) REQUEST CHALLENGED" },
159 { 0xFFFFF974, "(-1676) LOGIN CANCELED" },
160 { 0xFFFFF973, "(-1677) LOCAL CREDENTIAL STORE" },
161 { 0xFFFFF972, "(-1678) REMOTE CREDENTIAL STORE" },
162 { 0xFFFFF971, "(-1679) SMC NICM" },
163 { 0xFFFFF970, "(-1680) SEQUENCE NOT AUTHORIZED" },
164 { 0xFFFFF96F, "(-1681) TRANSPORT" },
165 { 0xFFFFF96E, "(-1682) CRYPTO FAILED INIT" },
166 { 0xFFFFF96D, "(-1683) DOUBLEBYTE FAILED INIT" },
167 { 0xFFFFF96C, "(-1684) CODEPAGE FAILED INIT" },
168 { 0xFFFFF96B, "(-1685) UNICODE FAILED INIT" },
169 { 0xFFFFF96A, "(-1686) DLL FAILED LOADING" },
170 { 0xFFFFF969, "(-1687) EVALUATION VERSION WARNING" },
171 { 0xFFFFF968, "(-1688) CONCURRENT LOGIN" },
172 { 0xFFFFF969, "(-1689) THREAD CREATE" },
173 { 0xFFFFF96A, "(-1690) SECURE CHANNEL REQUIRED" },
174 { 0xFFFFF96B, "(-1691) NO DEFAULT USER SEQUENCE" },
175 { 0xFFFFF96C, "(-1692) NO TREENAME" },
176 { 0xFFFFF96D, "(-1693) MECHANISM NOT FOUND" },
181 align_4(tvbuff_t *tvb, int aoffset)
183 if(tvb_length_remaining(tvb, aoffset) > 4 )
191 nmas_string(tvbuff_t* tvb, int hfinfo, proto_tree *nmas_tree, int offset, gboolean little)
193 int foffset = offset;
198 guint32 length_remaining = 0;
201 str_length = tvb_get_letohl(tvb, foffset);
205 str_length = tvb_get_ntohl(tvb, foffset);
208 length_remaining = tvb_length_remaining(tvb, foffset);
209 if(str_length > (guint)length_remaining || str_length > 1024)
211 proto_tree_add_string(nmas_tree, hfinfo, tvb, foffset,
212 length_remaining + 4, "<String too long to process>");
213 foffset += length_remaining;
218 proto_tree_add_string(nmas_tree, hfinfo, tvb, offset,
219 4, "<Not Specified>");
222 for ( i = 0; i < str_length; i++ )
224 c_char = tvb_get_guint8(tvb, foffset );
225 if (c_char<0x20 || c_char>0x7e)
230 buffer[i] = c_char & 0xff;
240 buffer[i] = c_char & 0xff;
245 if(length_remaining==1)
254 str_length = tvb_get_letohl(tvb, offset);
258 str_length = tvb_get_ntohl(tvb, offset);
260 proto_tree_add_string(nmas_tree, hfinfo, tvb, offset+4,
262 foffset += align_4(tvb, foffset);
267 dissect_nmas_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, ncp_req_hash_value *request_value)
269 guint8 func, subfunc = 0;
270 guint32 msg_length=0;
279 func = tvb_get_guint8(tvb, foffset);
281 subfunc = tvb_get_guint8(tvb, foffset);
284 /* Fill in the INFO column. */
285 if (check_col(pinfo->cinfo, COL_INFO)) {
286 col_set_str(pinfo->cinfo, COL_PROTOCOL, "NMAS");
287 col_add_fstr(pinfo->cinfo, COL_INFO, "C NMAS - %s", match_strval(subfunc, nmas_func_enum));
289 aitem = proto_tree_add_text(ncp_tree, tvb, foffset, tvb_length_remaining(tvb, foffset), "Packet Type: %s", match_strval(subfunc, nmas_func_enum));
290 atree = proto_item_add_subtree(aitem, ett_nmas);
293 proto_tree_add_item(atree, hf_ping_version, tvb, foffset, 4, TRUE);
295 proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, TRUE);
299 proto_tree_add_item(atree, hf_frag_handle, tvb, foffset, 4, TRUE);
301 foffset += 4; /* Dont know what this is */
302 proto_tree_add_item(atree, hf_length, tvb, foffset, 4, TRUE);
303 msg_length = tvb_get_letohl(tvb, foffset);
307 proto_tree_add_item(atree, hf_subverb, tvb, foffset, 4, TRUE);
308 subverb = tvb_get_letohl(tvb, foffset);
310 request_value->req_nds_flags=subverb;
314 if (check_col(pinfo->cinfo, COL_INFO)) {
315 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", match_strval(subverb, nmas_subverb_enum));
318 case 0: /* Fragmented Ping */
319 proto_tree_add_item(atree, hf_ping_version, tvb, foffset, 4, TRUE);
321 proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, TRUE);
324 case 2: /* Client Put Data */
325 proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, FALSE);
326 foffset += msg_length;
328 case 4: /* Client Get Data */
329 case 6: /* Client Get User NDS Credentials */
332 case 8: /* Login Store Management */
333 msgverb = tvb_get_guint8(tvb, foffset);
335 request_value->nds_request_verb=msgverb; /* Use nds_request_verb for passed subverb */
337 proto_tree_add_item(atree, hf_lsm_verb, tvb, foffset, 1, TRUE);
339 if (check_col(pinfo->cinfo, COL_INFO)) {
340 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", match_strval(msgverb, nmas_lsmverb_enum));
358 case 10: /* Writable Object Check */
359 /* The first GUINT32 value is the len of the header? */
361 /* The next two GUINT32 values are reserved and always 0 */
363 foffset = nmas_string(tvb, hf_tree, atree, foffset, TRUE);
364 foffset = nmas_string(tvb, hf_user, atree, foffset, TRUE);
366 case 1242: /* Message Handler */
368 proto_tree_add_item(atree, hf_msg_version, tvb, foffset, 4, FALSE);
370 proto_tree_add_item(atree, hf_session_ident, tvb, foffset, 4, FALSE);
373 msgverb = tvb_get_guint8(tvb, foffset);
375 request_value->nds_request_verb=msgverb; /* Use nds_request_verb for passed subverb */
377 proto_tree_add_item(atree, hf_msg_verb, tvb, foffset, 1, FALSE);
380 if (check_col(pinfo->cinfo, COL_INFO)) {
381 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", match_strval(msgverb, nmas_msgverb_enum));
386 msg_length = tvb_get_ntohl(tvb, foffset);
387 proto_tree_add_item(atree, hf_length, tvb, foffset, 4, FALSE);
389 proto_tree_add_item(atree, hf_data, tvb, foffset, msg_length, FALSE);
390 foffset += msg_length;
393 msg_length = tvb_get_ntohl(tvb, foffset);
395 proto_tree_add_item(atree, hf_length, tvb, foffset, 4, FALSE);
397 while (msg_length > 0)
399 attribute = tvb_get_ntohl(tvb, foffset);
403 foffset = nmas_string(tvb, hf_user, atree, foffset, FALSE);
406 foffset = nmas_string(tvb, hf_tree, atree, foffset, FALSE);
409 foffset = nmas_string(tvb, hf_clearence, atree, foffset, FALSE);
412 foffset = nmas_string(tvb, hf_login_sequence, atree, foffset, FALSE);
417 msg_length -= foffset;
418 if (tvb_get_ntohl(tvb, foffset)==0)
425 proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, FALSE);
426 foffset += msg_length;
449 dissect_nmas_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, guint8 func _U_, guint8 subfunc, ncp_req_hash_value *request_value)
454 guint32 msg_length=0;
455 guint32 return_code=0;
461 subverb = request_value->req_nds_flags;
462 msgverb = request_value->nds_request_verb;
464 if (check_col(pinfo->cinfo, COL_INFO)) {
465 col_set_str(pinfo->cinfo, COL_PROTOCOL, "NMAS");
467 if (tvb_length_remaining(tvb, foffset)<4) {
471 aitem = proto_tree_add_text(ncp_tree, tvb, foffset, tvb_length_remaining(tvb, foffset), "Packet Type: %s", match_strval(subfunc, nmas_func_enum));
472 atree = proto_item_add_subtree(aitem, ett_nmas);
475 proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, TRUE);
477 proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, TRUE);
481 proto_tree_add_item(atree, hf_length, tvb, foffset, 4, TRUE);
482 msg_length = tvb_get_letohl(tvb, foffset);
483 return_code = tvb_get_ntohl(tvb, foffset+msg_length);
486 proto_tree_add_item(atree, hf_frag_handle, tvb, foffset, 4, TRUE);
489 proto_tree_add_text(atree, tvb, foffset, tvb_length_remaining(tvb, foffset), "Verb: %s", match_strval(subverb, nmas_subverb_enum));
491 case 0: /* Fragmented Ping */
492 proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, TRUE);
494 proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, TRUE);
497 case 2: /* Client Put Data */
498 proto_tree_add_item(atree, hf_squeue_bytes, tvb, foffset, 4, TRUE);
500 proto_tree_add_item(atree, hf_cqueue_bytes, tvb, foffset, 4, TRUE);
503 case 4: /* Client Get Data */
504 proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, TRUE);
505 foffset += msg_length;
507 case 6: /* Client Get User NDS Credentials */
508 proto_tree_add_item(atree, hf_num_creds, tvb, foffset, 4, TRUE);
510 proto_tree_add_item(atree, hf_cred_type, tvb, foffset, 4, TRUE);
512 proto_tree_add_item(atree, hf_login_state, tvb, foffset, 4, TRUE);
515 proto_tree_add_item(atree, hf_enc_cred, tvb, foffset, msg_length, TRUE);
516 foffset += msg_length;
518 case 8: /* Login Store Management */
519 proto_tree_add_text(atree, tvb, foffset, tvb_length_remaining(tvb, foffset), "Subverb: %s", match_strval(msgverb, nmas_msgverb_enum));
522 /* The data within these structures is all encrypted. */
528 proto_tree_add_item(atree, hf_enc_data, tvb, foffset, msg_length, TRUE);
529 foffset += msg_length;
535 case 10: /* Writable Object Check */
536 if (tvb_length_remaining(tvb, foffset) < 8)
538 return_code = tvb_get_letohl(tvb, foffset);
539 if (match_strval(return_code, nmas_errors_enum)!=NULL)
541 proto_tree_add_item(atree, hf_return_code, tvb, foffset, 4, FALSE);
542 if (check_col(pinfo->cinfo, COL_INFO)) {
543 col_add_fstr(pinfo->cinfo, COL_INFO, "R Error - %s", match_strval(return_code, nmas_errors_enum));
548 proto_tree_add_item(atree, hf_ping_flags, tvb, foffset, 4, TRUE);
550 proto_tree_add_item(atree, hf_nmas_version, tvb, foffset, 4, TRUE);
553 case 1242: /* Message Handler */
554 proto_tree_add_text(atree, tvb, foffset, tvb_length_remaining(tvb, foffset), "Subverb: %s", match_strval(msgverb, nmas_msgverb_enum));
558 msg_length = tvb_get_ntohl(tvb, foffset);
559 proto_tree_add_item(atree, hf_length, tvb, foffset, 4, FALSE);
561 proto_tree_add_item(atree, hf_data, tvb, foffset, msg_length, FALSE);
562 foffset += msg_length;
565 proto_tree_add_item(atree, hf_session_ident, tvb, foffset, 4, FALSE);
572 proto_tree_add_item(atree, hf_opaque, tvb, foffset, msg_length, FALSE);
573 foffset += msg_length;
585 if (match_strval(return_code, nmas_errors_enum)!=NULL)
587 proto_tree_add_item(atree, hf_return_code, tvb, foffset-4, 4, FALSE);
588 if (check_col(pinfo->cinfo, COL_INFO)) {
589 col_add_fstr(pinfo->cinfo, COL_INFO, "R Error - %s", match_strval(return_code, nmas_errors_enum));
592 if (return_code == 0 && msgverb!=7) {
593 proto_tree_add_text(atree, tvb, foffset, 4, "Return Code: Success (0x00000000)");
604 proto_register_nmas(void)
606 static hf_register_info hf_nmas[] = {
608 { "Function", "nmas.func", FT_UINT8, BASE_HEX, NULL, 0x0,
609 "Function", HFILL }},
612 { "Subfunction", "nmas.subfunc", FT_UINT8, BASE_HEX, NULL, 0x0,
613 "Subfunction", HFILL }},
616 { "Ping Version", "nmas.ping_version", FT_UINT32, BASE_HEX, NULL, 0x0,
617 "Ping Version", HFILL }},
620 { "Flags", "nmas.ping_flags", FT_UINT32, BASE_HEX, NULL, 0x0,
624 { "Fragment Handle", "nmas.frag_handle", FT_UINT32, BASE_HEX, NULL, 0x0,
625 "Fragment Handle", HFILL }},
628 { "Length", "nmas.length", FT_UINT32, BASE_DEC, NULL, 0x0,
632 { "Sub Verb", "nmas.subverb",
633 FT_UINT32, BASE_HEX, VALS(nmas_subverb_enum), 0x0,
634 "Sub Verb", HFILL }},
637 { "Tree", "nmas.tree",
638 FT_STRING, BASE_NONE, NULL, 0x0,
642 { "User", "nmas.user",
643 FT_STRING, BASE_NONE, NULL, 0x0,
647 { "NMAS Protocol Version", "nmas.version", FT_UINT32, BASE_HEX, NULL, 0x0,
648 "NMAS Protocol Version", HFILL }},
651 { "Message Version", "nmas.msg_version", FT_UINT32, BASE_HEX, NULL, 0x0,
652 "Message Version", HFILL }},
655 { "Session Identifier", "nmas.session_ident", FT_UINT32, BASE_HEX, NULL, 0x0,
656 "Session Identifier", HFILL }},
659 { "Message Verb", "nmas.msg_verb", FT_UINT8, BASE_HEX, VALS(nmas_msgverb_enum), 0x0,
660 "Message Verb", HFILL }},
663 { "Attribute Type", "nmas.attribute", FT_UINT32, BASE_DEC, VALS(nmas_attribute_enum), 0x0,
664 "Attribute Type", HFILL }},
667 { "Requested Clearence", "nmas.clearence",
668 FT_STRING, BASE_NONE, NULL, 0x0,
669 "Requested Clearence", HFILL }},
671 { &hf_login_sequence,
672 { "Requested Login Sequence", "nmas.login_seq",
673 FT_STRING, BASE_NONE, NULL, 0x0,
674 "Requested Login Sequence", HFILL }},
677 { "Opaque Data", "nmas.opaque",
678 FT_BYTES, BASE_NONE, NULL, 0x0,
679 "Opaque Data", HFILL }},
682 { "Data", "nmas.data",
683 FT_BYTES, BASE_NONE, NULL, 0x0,
687 { "Return Code", "nmas.return_code", FT_UINT32, BASE_HEX, VALS(nmas_errors_enum), 0x0,
688 "Return Code", HFILL }},
691 { "Login Store Message Verb", "nmas.lsm_verb", FT_UINT8, BASE_HEX, VALS(nmas_lsmverb_enum), 0x0,
692 "Login Store Message Verb", HFILL }},
695 { "Server Queue Number of Bytes", "nmas.squeue_bytes", FT_UINT32, BASE_DEC, NULL, 0x0,
696 "Server Queue Number of Bytes", HFILL }},
699 { "Client Queue Number of Bytes", "nmas.cqueue_bytes", FT_UINT32, BASE_DEC, NULL, 0x0,
700 "Client Queue Number of Bytes", HFILL }},
703 { "Number of Credentials", "nmas.num_creds", FT_UINT32, BASE_DEC, NULL, 0x0,
704 "Number of Credentials", HFILL }},
707 { "Credential Type", "nmas.cred_type", FT_UINT32, BASE_DEC, NULL, 0x0,
708 "Credential Type", HFILL }},
711 { "Login State", "nmas.login_state", FT_UINT32, BASE_DEC, NULL, 0x0,
712 "Login State", HFILL }},
715 { "Encrypted Credential", "nmas.enc_cred",
716 FT_BYTES, BASE_NONE, NULL, 0x0,
717 "Encrypted Credential", HFILL }},
720 { "Encrypted Data", "nmas.enc_data",
721 FT_BYTES, BASE_NONE, NULL, 0x0,
722 "Encrypted Data", HFILL }},
727 static gint *ett[] = {
731 proto_nmas = proto_register_protocol("Novell Modular Authentication Service", "NMAS", "nmas");
732 proto_register_field_array(proto_nmas, hf_nmas, array_length(hf_nmas));
733 proto_register_subtree_array(ett, array_length(ett));