search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: 2nd try to match RowsetProperties
[wireshark-wip.git] / epan / dissectors / packet-ncp-sss.c
blobd25d194e7313d93dbb78dc7b30bcbb4d960d47b6
1 /* packet-ncp-sss.c
2 * Routines for Novell SecretStore Services
3 * Greg Morris <gmorris@novell.com>
4 * Copyright (c) Novell, Inc. 2002-2003
5 *
6 * $Id$
7 *
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 */
26
27 #include "config.h"
28
29 #include <glib.h>
30 #include <epan/packet.h>
31 #include <epan/strutil.h>
32 #include "packet-ncp-int.h"
33 #include "packet-ncp-sss.h"
34 #include "isprint.h"
35
36 static gint ett_sss = -1;
37
38 static int proto_sss = -1;
39 static int hf_buffer_size = -1;
40 static int hf_ping_version = -1;
41 static int hf_flags = -1;
42 static int hf_context = -1;
43 static int hf_frag_handle = -1;
44 static int hf_length = -1;
45 static int hf_verb = -1;
46 static int hf_user = -1;
47 static int hf_secret = -1;
48 static int hf_sss_version = -1;
49 static int hf_return_code = -1;
50 static int hf_enc_cred = -1;
51 static int hf_enc_data = -1;
52 static int hfbit1 = -1;
53 static int hfbit2 = -1;
54 static int hfbit3 = -1;
55 static int hfbit4 = -1;
56 static int hfbit5 = -1;
57 static int hfbit6 = -1;
58 static int hfbit7 = -1;
59 static int hfbit8 = -1;
60 static int hfbit9 = -1;
61 static int hfbit10 = -1;
62 static int hfbit11 = -1;
63 static int hfbit12 = -1;
64 static int hfbit13 = -1;
65 static int hfbit14 = -1;
66 static int hfbit15 = -1;
67 static int hfbit16 = -1;
68 static int hfbit17 = -1;
69 static int hfbit18 = -1;
70 static int hfbit19 = -1;
71 static int hfbit20 = -1;
72 static int hfbit21 = -1;
73 static int hfbit22 = -1;
74 static int hfbit23 = -1;
75 static int hfbit24 = -1;
76 static int hfbit25 = -1;
77 static int hfbit26 = -1;
78 static int hfbit27 = -1;
79 static int hfbit28 = -1;
80 static int hfbit29 = -1;
81 static int hfbit30 = -1;
82 static int hfbit31 = -1;
83 static int hfbit32 = -1;
84
85 static expert_field ei_return_code = EI_INIT;
86
87 static const value_string sss_func_enum[] = {
88 { 0x00000001, "Ping Server" },
89 { 0x00000002, "Fragment" },
90 { 0x00000003, "Write App Secrets" },
91 { 0x00000004, "Add Secret ID" },
92 { 0x00000005, "Remove Secret ID" },
93 { 0x00000006, "Remove SecretStore" },
94 { 0x00000007, "Enumerate Secret IDs" },
95 { 0x00000008, "Unlock Store" },
96 { 0x00000009, "Set Master Password" },
97 { 0x0000000a, "Get Service Information" },
98 { 0, NULL }
99 };
100
101
102 static const value_string sss_verb_enum[] = {
103 { 0x00000000, "Query Server" },
104 { 0x00000001, "Read App Secrets" },
105 { 0x00000002, "Write App Secrets" },
106 { 0x00000003, "Add Secret ID" },
107 { 0x00000004, "Remove Secret ID" },
108 { 0x00000005, "Remove SecretStore" },
109 { 0x00000006, "Enumerate Secret IDs" },
110 { 0x00000007, "Unlock Store" },
111 { 0x00000008, "Set Master Password" },
112 { 0x00000009, "Get Service Information" },
113 { 0x000000ff, "Fragment"},
114 { 0, NULL }
115 };
116
117 static const value_string sss_errors_enum[] = {
118 { 0xFFFFFCE0, "(-800) Target object could not be found" },
119 { 0xFFFFFCDF, "(-801) NICI operations have failed" },
120 { 0xFFFFFCDE, "(-802) The Secret ID is not in the user secret store" },
121 { 0xFFFFFCDD, "(-803) Some internal operating system services have not been available" },
122 { 0xFFFFFCDC, "(-804) Access to the target Secret Store has been denied" },
123 { 0xFFFFFCDB, "(-805) NDS internal NDS services have not been available" },
124 { 0xFFFFFCDA, "(-806) Secret has not been initialized with a write" },
125 { 0xFFFFFCD9, "(-807) Size of the buffer is not in a nominal range between minimum and maximum" },
126 { 0xFFFFFCD8, "(-808) Client and server components are not of the compatible versions" },
127 { 0xFFFFFCD7, "(-809) Secret Store data on the server has been corrupted" },
128 { 0xFFFFFCD6, "(-810) Secret ID already exists in the SecretStore" },
129 { 0xFFFFFCD5, "(-811) User NDS password has been changed by the administrator" },
130 { 0xFFFFFCD4, "(-812) Target NDS user object not found" },
131 { 0xFFFFFCD3, "(-813) Target NDS user object does not have a Secret Store" },
132 { 0xFFFFFCD2, "(-814) Secret Store is not on the network" },
133 { 0xFFFFFCD1, "(-815) Length of the Secret ID buffer exceeds the limit" },
134 { 0xFFFFFCD0, "(-816) Length of the enumeration buffer is too short" },
135 { 0xFFFFFCCF, "(-817) User not authenticated" },
136 { 0xFFFFFCCE, "(-818) Not supported operations" },
137 { 0xFFFFFCCD, "(-819) Typed in NDS password not valid" },
138 { 0xFFFFFCCC, "(-820) Session keys of the client and server NICI are out of sync" },
139 { 0xFFFFFCCB, "(-821) Requested service not yet supported" },
140 { 0xFFFFFCCA, "(-822) NDS authentication type not supported" },
141 { 0xFFFFFCC9, "(-823) Unicode text conversion operation failed" },
142 { 0xFFFFFCC8, "(-824) Connection to server is lost" },
143 { 0xFFFFFCC7, "(-825) Cryptographic operation failed" },
144 { 0xFFFFFCC6, "(-826) Opening a connection to the server failed" },
145 { 0xFFFFFCC5, "(-827) Access to server connection failed" },
146 { 0xFFFFFCC4, "(-828) Size of the enumeration buffer exceeds the limit" },
147 { 0xFFFFFCC3, "(-829) Size of the Secret buffer exceeds the limit" },
148 { 0xFFFFFCC2, "(-830) Length of the Secret ID should be greater than zero" },
149 { 0xFFFFFCC1, "(-831) Protocol data corrupted on the wire" },
150 { 0xFFFFFCC0, "(-832) Enhanced protection's password validation failed. Access to the secret denied" },
151 { 0xFFFFFCBF, "(-833) Schema is not extended to support SecretStore on the target tree" },
152 { 0xFFFFFCBE, "(-834) One of the optional service attributes is not instantiated" },
153 { 0xFFFFFCBD, "(-835) Server has been upgraded and the users SecretStore should be updated" },
154 { 0xFFFFFCBC, "(-836) Master password could not be verified to read or unlock the secrets" },
155 { 0xFFFFFCBB, "(-837) Master password has not been set on the SecretStore" },
156 { 0xFFFFFCBA, "(-838) Ability to use master password has been disabled" },
157 { 0xFFFFFCB9, "(-839) Not a writeable replica of NDS" },
158 { 0xFFFFFCB8, "(-840) The API was unable to find a value for an attribute in the Directory" },
159 { 0xFFFFFCB7, "(-841) A parameter passed to the API has not been properly initialized" },
160 { 0xFFFFFCB6, "(-842) The connection to SecretStore requires SSL to be secure" },
161 { 0xFFFFFCB5, "(-843) The client could not locate a server that supports the policy override required by the caller" },
162 { 0xFFFFFCB4, "(-844) Attempt to unlock SecretStore failed because the store is not locked" },
163 { 0xFFFFFCB3, "(-845) NDS Replica on the server that holds SecretStore is out of sync with the replica ring" },
164 { 0xFFFFFC88, "(-888) Feature not yet implemented" },
165 { 0xFFFFFC7D, "(-899) Products BETA life has expired" },
166 { 0, NULL }
167 };
168
169
170 static void
171 process_flags(proto_tree *sss_tree, tvbuff_t *tvb, guint32 foffset)
172 {
173 gchar flags_str[1024];
174 const gchar *sep;
175 proto_item *tinew;
176 proto_tree *flags_tree;
177 guint32 i;
178 guint32 bvalue = 0;
179 guint32 flags = 0;
180
181 bvalue = 0x00000001;
182 flags_str[0]='\0';
183 sep="";
184 flags = tvb_get_ntohl(tvb, foffset);
185 for (i = 0 ; i < 256; i++) {
186 if (flags & bvalue) {
187 g_strlcat(flags_str, sep, 1024);
188 switch(bvalue) {
189 case 0x00000001:
190 g_strlcat(flags_str, "Enhanced Protection", 1024);
191 break;
192 case 0x00000002:
193 g_strlcat(flags_str, "Create ID", 1024);
194 break;
195 case 0x00000004:
196 g_strlcat(flags_str, "Remove Lock", 1024);
197 break;
198 case 0x00000008:
199 g_strlcat(flags_str, "Repair", 1024);
200 break;
201 case 0x00000010:
202 g_strlcat(flags_str, "Unicode", 1024);
203 break;
204 case 0x00000020:
205 g_strlcat(flags_str, "EP Master Password Used", 1024);
206 break;
207 case 0x00000040:
208 g_strlcat(flags_str, "EP Password Used", 1024);
209 break;
210 case 0x00000080:
211 g_strlcat(flags_str, "Set Tree Name", 1024);
212 break;
213 case 0x00000100:
214 g_strlcat(flags_str, "Get Context", 1024);
215 break;
216 case 0x00000200:
217 g_strlcat(flags_str, "Destroy Context", 1024);
218 break;
219 case 0x00000400:
220 g_strlcat(flags_str, "Not Defined", 1024);
221 break;
222 case 0x00000800:
223 g_strlcat(flags_str, "Not Defined", 1024);
224 break;
225 case 0x00001000:
226 g_strlcat(flags_str, "EP Lock", 1024);
227 break;
228 case 0x00002000:
229 g_strlcat(flags_str, "Not Initialized", 1024);
230 break;
231 case 0x00004000:
232 g_strlcat(flags_str, "Enhanced Protection", 1024);
233 break;
234 case 0x00008000:
235 g_strlcat(flags_str, "Store Not Synced", 1024);
236 break;
237 case 0x00010000:
238 g_strlcat(flags_str, "Admin Last Modified", 1024);
239 break;
240 case 0x00020000:
241 g_strlcat(flags_str, "EP Password Present", 1024);
242 break;
243 case 0x00040000:
244 g_strlcat(flags_str, "EP Master Password Present", 1024);
245 break;
246 case 0x00080000:
247 g_strlcat(flags_str, "MP Disabled", 1024);
248 break;
249 case 0x00100000:
250 g_strlcat(flags_str, "Not Defined", 1024);
251 break;
252 case 0x00200000:
253 g_strlcat(flags_str, "Not Defined", 1024);
254 break;
255 case 0x00400000:
256 g_strlcat(flags_str, "Not Defined", 1024);
257 break;
258 case 0x00800000:
259 g_strlcat(flags_str, "Not Defined", 1024);
260 break;
261 case 0x01000000:
262 g_strlcat(flags_str, "Not Defined", 1024);
263 break;
264 case 0x02000000:
265 g_strlcat(flags_str, "Not Defined", 1024);
266 break;
267 case 0x04000000:
268 g_strlcat(flags_str, "Not Defined", 1024);
269 break;
270 case 0x08000000:
271 g_strlcat(flags_str, "Not Defined", 1024);
272 break;
273 case 0x10000000:
274 g_strlcat(flags_str, "Not Defined", 1024);
275 break;
276 case 0x20000000:
277 g_strlcat(flags_str, "Not Defined", 1024);
278 break;
279 case 0x40000000:
280 g_strlcat(flags_str, "Not Defined", 1024);
281 break;
282 case 0x80000000:
283 g_strlcat(flags_str, "Not Defined", 1024);
284 break;
285 default:
286 break;
287 }
288 sep = ", ";
289 }
290 bvalue = bvalue*2;
291 }
292
293 tinew = proto_tree_add_uint(sss_tree, hf_flags, tvb, foffset, 4, flags);
294 flags_tree = proto_item_add_subtree(tinew, ett_nds);
295
296 bvalue = 0x00000001;
297
298 for (i = 0 ; i < 256; i++ ) {
299 if (flags & bvalue) {
300 switch(bvalue) {
301 case 0x00000001:
302 proto_tree_add_item(flags_tree, hfbit1, tvb, foffset, 4, ENC_BIG_ENDIAN);
303 break;
304 case 0x00000002:
305 proto_tree_add_item(flags_tree, hfbit2, tvb, foffset, 4, ENC_BIG_ENDIAN);
306 break;
307 case 0x00000004:
308 proto_tree_add_item(flags_tree, hfbit3, tvb, foffset, 4, ENC_BIG_ENDIAN);
309 break;
310 case 0x00000008:
311 proto_tree_add_item(flags_tree, hfbit4, tvb, foffset, 4, ENC_BIG_ENDIAN);
312 break;
313 case 0x00000010:
314 proto_tree_add_item(flags_tree, hfbit5, tvb, foffset, 4, ENC_BIG_ENDIAN);
315 break;
316 case 0x00000020:
317 proto_tree_add_item(flags_tree, hfbit6, tvb, foffset, 4, ENC_BIG_ENDIAN);
318 break;
319 case 0x00000040:
320 proto_tree_add_item(flags_tree, hfbit7, tvb, foffset, 4, ENC_BIG_ENDIAN);
321 break;
322 case 0x00000080:
323 proto_tree_add_item(flags_tree, hfbit8, tvb, foffset, 4, ENC_BIG_ENDIAN);
324 break;
325 case 0x00000100:
326 proto_tree_add_item(flags_tree, hfbit9, tvb, foffset, 4, ENC_BIG_ENDIAN);
327 break;
328 case 0x00000200:
329 proto_tree_add_item(flags_tree, hfbit10, tvb, foffset, 4, ENC_BIG_ENDIAN);
330 break;
331 case 0x00000400:
332 proto_tree_add_item(flags_tree, hfbit11, tvb, foffset, 4, ENC_BIG_ENDIAN);
333 break;
334 case 0x00000800:
335 proto_tree_add_item(flags_tree, hfbit12, tvb, foffset, 4, ENC_BIG_ENDIAN);
336 break;
337 case 0x00001000:
338 proto_tree_add_item(flags_tree, hfbit13, tvb, foffset, 4, ENC_BIG_ENDIAN);
339 break;
340 case 0x00002000:
341 proto_tree_add_item(flags_tree, hfbit14, tvb, foffset, 4, ENC_BIG_ENDIAN);
342 break;
343 case 0x00004000:
344 proto_tree_add_item(flags_tree, hfbit15, tvb, foffset, 4, ENC_BIG_ENDIAN);
345 break;
346 case 0x00008000:
347 proto_tree_add_item(flags_tree, hfbit16, tvb, foffset, 4, ENC_BIG_ENDIAN);
348 break;
349 case 0x00010000:
350 proto_tree_add_item(flags_tree, hfbit17, tvb, foffset, 4, ENC_BIG_ENDIAN);
351 break;
352 case 0x00020000:
353 proto_tree_add_item(flags_tree, hfbit18, tvb, foffset, 4, ENC_BIG_ENDIAN);
354 break;
355 case 0x00040000:
356 proto_tree_add_item(flags_tree, hfbit19, tvb, foffset, 4, ENC_BIG_ENDIAN);
357 break;
358 case 0x00080000:
359 proto_tree_add_item(flags_tree, hfbit20, tvb, foffset, 4, ENC_BIG_ENDIAN);
360 break;
361 case 0x00100000:
362 proto_tree_add_item(flags_tree, hfbit21, tvb, foffset, 4, ENC_BIG_ENDIAN);
363 break;
364 case 0x00200000:
365 proto_tree_add_item(flags_tree, hfbit22, tvb, foffset, 4, ENC_BIG_ENDIAN);
366 break;
367 case 0x00400000:
368 proto_tree_add_item(flags_tree, hfbit23, tvb, foffset, 4, ENC_BIG_ENDIAN);
369 break;
370 case 0x00800000:
371 proto_tree_add_item(flags_tree, hfbit24, tvb, foffset, 4, ENC_BIG_ENDIAN);
372 break;
373 case 0x01000000:
374 proto_tree_add_item(flags_tree, hfbit25, tvb, foffset, 4, ENC_BIG_ENDIAN);
375 break;
376 case 0x02000000:
377 proto_tree_add_item(flags_tree, hfbit26, tvb, foffset, 4, ENC_BIG_ENDIAN);
378 break;
379 case 0x04000000:
380 proto_tree_add_item(flags_tree, hfbit27, tvb, foffset, 4, ENC_BIG_ENDIAN);
381 break;
382 case 0x08000000:
383 proto_tree_add_item(flags_tree, hfbit28, tvb, foffset, 4, ENC_BIG_ENDIAN);
384 break;
385 case 0x10000000:
386 proto_tree_add_item(flags_tree, hfbit29, tvb, foffset, 4, ENC_BIG_ENDIAN);
387 break;
388 case 0x20000000:
389 proto_tree_add_item(flags_tree, hfbit30, tvb, foffset, 4, ENC_BIG_ENDIAN);
390 break;
391 case 0x40000000:
392 proto_tree_add_item(flags_tree, hfbit31, tvb, foffset, 4, ENC_BIG_ENDIAN);
393 break;
394 case 0x80000000:
395 proto_tree_add_item(flags_tree, hfbit32, tvb, foffset, 4, ENC_BIG_ENDIAN);
396 break;
397 default:
398 break;
399 }
400 }
401 bvalue = bvalue*2;
402 }
403 return;
404 }
405
406 /* Find the delimiter, '*'.
407 * Returns the number of bytes from foffset to the delimiter or 0 if not
408 * found within 256 bytes from foffset */
409 static int
410 find_delimiter(tvbuff_t *tvb, int foffset)
411 {
412 int offset;
413
414 offset = tvb_find_guint8(tvb, foffset, 256, '*');
415 if (offset >= foffset) {
416 return offset - foffset;
417 }
418 return 0;
419 }
420
421 static int
422 sss_string(tvbuff_t* tvb, int hfinfo, proto_tree *sss_tree, int offset, gboolean little, guint32 length)
423 {
424 int foffset = offset;
425 guint32 str_length;
426 char buffer[1024];
427 guint32 i;
428 guint8 c_char;
429 gint length_remaining;
430
431 if (length==0) {
432 if (little) {
433 str_length = tvb_get_letohl(tvb, foffset);
434 } else {
435 str_length = tvb_get_ntohl(tvb, foffset);
436 }
437 foffset += 4;
438 } else {
439 str_length = length;
440 }
441 length_remaining = tvb_length_remaining(tvb, foffset);
442 if (length_remaining <= 0) {
443 return foffset;
444 }
445 if (str_length > (guint)length_remaining || str_length > (sizeof(buffer)-1)) {
446 proto_tree_add_string(sss_tree, hfinfo, tvb, foffset,
447 length_remaining + 4, "<String too long to process>");
448 foffset += length_remaining;
449 return foffset;
450 }
451 if (str_length == 0) {
452 proto_tree_add_string(sss_tree, hfinfo, tvb, offset, 4, "<Not Specified>");
453 return foffset;
454 }
455 for ( i = 0; i < str_length; i++ ) {
456 c_char = tvb_get_guint8(tvb, foffset);
457 if (isprint(c_char)) {
458 buffer[i] = c_char;
459 } else {
460 if (c_char) {
461 buffer[i] = '.';
462 } else {
463 /* Skip NULL-terminators */
464 i--;
465 str_length--;
466 }
467 }
468 foffset++;
469 }
470 buffer[i] = '\0';
471
472 if (length==0) {
473 if (little) {
474 str_length = tvb_get_letohl(tvb, offset);
475 } else {
476 str_length = tvb_get_ntohl(tvb, offset);
477 }
478 offset += 4;
479 } else {
480 str_length = length;
481 }
482 proto_tree_add_string(sss_tree, hfinfo, tvb, offset, str_length, buffer);
483 return foffset;
484 }
485
486 void
487 dissect_sss_request(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, ncp_req_hash_value *request_value)
488 {
489 guint8 /*func,*/ subfunc = 0;
490 guint32 subverb=0;
491 guint32 msg_length=0;
492 guint32 foffset= 0;
493 proto_tree *atree;
494 proto_item *aitem;
495
496
497 if (tvb_length_remaining(tvb, foffset)<4) {
498 return;
499 }
500 foffset = 6;
501 /*func = tvb_get_guint8(tvb, foffset);*/
502 foffset += 1;
503 subfunc = tvb_get_guint8(tvb, foffset);
504 foffset += 1;
505
506 /* Fill in the PROTOCOL & INFO columns. */
507 col_set_str(pinfo->cinfo, COL_PROTOCOL, "NSSS");
508 col_add_fstr(pinfo->cinfo, COL_INFO, "C SecretStore - %s", val_to_str(subfunc, sss_func_enum, "Unknown (%d)"));
509
510 switch (subfunc) {
511 case 1:
512 aitem = proto_tree_add_text(ncp_tree, tvb, foffset, tvb_length_remaining(tvb, foffset), "Packet Type: %s", val_to_str(subfunc, sss_func_enum, "Unknown (%d)"));
513 atree = proto_item_add_subtree(aitem, ett_sss);
514 proto_tree_add_item(atree, hf_ping_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
515 foffset += 4;
516 proto_tree_add_item(atree, hf_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
517 /*foffset += 4;*/
518 break;
519 case 2:
520 proto_tree_add_item(ncp_tree, hf_frag_handle, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
521 if (tvb_get_letohl(tvb, foffset)==0xffffffff) { /* Fragment handle of -1 means no fragment. So process packet */
522 foffset += 4;
523 proto_tree_add_item(ncp_tree, hf_buffer_size, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
524 foffset += 4;
525 proto_tree_add_item(ncp_tree, hf_length, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
526 foffset += 4;
527 foffset += 12; /* Blank Context */
528 subverb = tvb_get_letohl(tvb, foffset);
529 col_append_fstr(pinfo->cinfo, COL_INFO, ", %s", val_to_str(subverb, sss_verb_enum, "Unknown (%d)"));
530
531 aitem = proto_tree_add_item(ncp_tree, hf_verb, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
532 atree = proto_item_add_subtree(aitem, ett_sss);
533 if (request_value) {
534 request_value->req_nds_flags=subverb;
535 }
536 foffset += 4;
537 process_flags(atree, tvb, foffset);
538 foffset += 4;
539 proto_tree_add_item(atree, hf_context, tvb, foffset, 4, ENC_BIG_ENDIAN);
540 foffset += 4;
541 switch (subverb) {
542 case 0:
543 foffset += 4;
544 /*foffset =*/ sss_string(tvb, hf_user, atree, foffset, TRUE, 0);
545 break;
546 case 1:
547 foffset = sss_string(tvb, hf_secret, atree, foffset, TRUE, 0);
548 msg_length = tvb_get_letohl(tvb, foffset);
549 foffset += (msg_length+4); /* Unsure of what this length and parameter are */
550 /* A bad secret of length greater then 256 characters will cause frag
551 packets and then we will see these as malformed packets.
552 So check to make sure we still have data in the packet anytime
553 we read a secret. */
554 if (tvb_length_remaining(tvb, foffset) > 4) {
555 /*foffset =*/ sss_string(tvb, hf_user, atree, foffset, TRUE, 0);
556 }
557 break;
558 case 2:
559 foffset += 4;
560 foffset = sss_string(tvb, hf_secret, atree, foffset, TRUE, 0);
561 if (tvb_length_remaining(tvb, foffset) > 4) {
562 msg_length = tvb_get_letohl(tvb, foffset);
563 foffset += 4;
564 if (tvb_length_remaining(tvb, foffset) < (gint) msg_length) {
565 proto_tree_add_item(atree, hf_enc_data, tvb, foffset, -1, ENC_NA);
566 } else {
567 proto_tree_add_item(atree, hf_enc_data, tvb, foffset, msg_length, ENC_NA);
568 }
569 }
570 break;
571 case 3:
572 case 4:
573 foffset = sss_string(tvb, hf_secret, atree, foffset, TRUE, 0);
574 if (tvb_length_remaining(tvb, foffset) > 4) {
575 /*foffset =*/ sss_string(tvb, hf_user, atree, foffset, TRUE, 0);
576 }
577 break;
578 case 5:
579 break;
580 case 6:
581 foffset = sss_string(tvb, hf_secret, atree, foffset, TRUE, 0);
582 if (tvb_length_remaining(tvb, foffset) > 4) {
583 /*foffset =*/ sss_string(tvb, hf_user, atree, foffset, TRUE, 0);
584 }
585 break;
586 case 7:
587 msg_length = tvb_get_letohl(tvb, foffset);
588 foffset += 4;
589 proto_tree_add_item(atree, hf_enc_cred, tvb, foffset, msg_length, ENC_NA);
590 break;
591 case 8:
592 case 9:
593 default:
594 break;
595 }
596 } else {
597 col_set_str(pinfo->cinfo, COL_INFO, "C SecretStore - fragment");
598 proto_tree_add_text(ncp_tree, tvb, foffset, 4, "Fragment");
599
600 /* Fragments don't really carry a subverb so store 0xff as the subverb number */
601 if (request_value) {
602 request_value->req_nds_flags=255;
603 }
604 if (tvb_length_remaining(tvb, foffset) > 8) {
605 foffset += 4;
606 proto_tree_add_item(ncp_tree, hf_enc_data, tvb, foffset, tvb_length_remaining(tvb, foffset), ENC_NA);
607 }
608 }
609 break;
610 case 3:
611 /* No Op */
612 break;
613 default:
614 break;
615 }
616 }
617
618 void
619 dissect_sss_reply(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ncp_tree, guint8 subfunc, ncp_req_hash_value *request_value)
620 {
621 guint32 foffset=0;
622 guint32 subverb=0;
623 guint32 msg_length=0;
624 guint32 return_code=0;
625 guint32 number_of_items=0;
626 gint32 length_of_string=0;
627 guint32 i = 0;
628 const gchar *str;
629
630 proto_tree *atree;
631 proto_item *aitem;
632 proto_item *expert_item;
633
634 foffset = 8;
635 col_set_str(pinfo->cinfo, COL_PROTOCOL, "NSSS");
636 if (tvb_length_remaining(tvb, foffset)<4) {
637 return;
638 }
639 aitem = proto_tree_add_text(ncp_tree, tvb, foffset, -1, "Function: %s", val_to_str_const(subfunc, sss_func_enum, "Unknown"));
640 atree = proto_item_add_subtree(aitem, ett_sss);
641 switch (subfunc) {
642 case 1:
643 proto_tree_add_item(atree, hf_flags, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
644 foffset += 4;
645 proto_tree_add_item(atree, hf_sss_version, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
646 /*foffset += 4;*/
647 break;
648 case 2:
649 if (request_value) {
650 subverb = request_value->req_nds_flags;
651 str = try_val_to_str(subverb, sss_verb_enum);
652 if (str) {
653 proto_tree_add_text(atree, tvb, foffset, tvb_length_remaining(tvb, foffset), "Verb: %s", str);
654 }
655 }
656 proto_tree_add_item(atree, hf_length, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
657 msg_length = tvb_get_letohl(tvb, foffset);
658 foffset += 4;
659 proto_tree_add_item(atree, hf_frag_handle, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
660 foffset += 4;
661 msg_length -= 4;
662 if ((tvb_get_letohl(tvb, foffset-4)==0xffffffff) && (msg_length > 4)) {
663 foffset += 4;
664 return_code = tvb_get_letohl(tvb, foffset);
665 str = try_val_to_str(return_code, sss_errors_enum);
666 if (str) {
667 expert_item = proto_tree_add_item(atree, hf_return_code, tvb, foffset, 4, ENC_LITTLE_ENDIAN);
668 expert_add_info_format(pinfo, expert_item, &ei_return_code, "SSS Error: %s", str);
669 col_add_fstr(pinfo->cinfo, COL_INFO, "R Error - %s", val_to_str(return_code, sss_errors_enum, "Unknown (%d)"));
670 /*foffset+=4;*/
671 } else {
672 proto_tree_add_text(atree, tvb, foffset, 4, "Return Code: Success (0x00000000)");
673 if (tvb_length_remaining(tvb, foffset) > 8) {
674 foffset += 4;
675 if (request_value && subverb == 6) {
676 foffset += 4;
677 number_of_items = tvb_get_letohl(tvb, foffset);
678 foffset += 8;
679 for (i=0; i<number_of_items; i++) {
680 length_of_string = find_delimiter(tvb, foffset);
681 if (length_of_string > tvb_length_remaining(tvb, foffset)) {
682 return;
683 }
684 foffset = sss_string(tvb, hf_secret, atree, foffset, TRUE, length_of_string);
685 if (tvb_length_remaining(tvb, foffset) < 8) {
686 return;
687 }
688 foffset++;
689 }
690 } else {
691 proto_tree_add_item(atree, hf_enc_data, tvb, foffset, tvb_length_remaining(tvb, foffset), ENC_NA);
692 }
693 }
694 }
695 } else {
696 proto_tree_add_text(atree, tvb, foffset, 4, "Return Code: Success (0x00000000)");
697 if (tvb_length_remaining(tvb, foffset) > 8) {
698 foffset += 4;
699 proto_tree_add_item(atree, hf_enc_data, tvb, foffset, tvb_length_remaining(tvb, foffset), ENC_NA);
700 }
701 }
702 break;
703 case 3:
704 break;
705 default:
706 break;
707 }
708 }
709
710 void
711 proto_register_sss(void)
712 {
713 static hf_register_info hf_sss[] = {
714 { &hf_buffer_size,
715 { "Buffer Size", "sss.buffer", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
716
717 { &hf_ping_version,
718 { "Ping Version", "sss.ping_version", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
719
720 { &hf_flags,
721 { "Flags", "sss.flags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
722
723 { &hf_context,
724 { "Context", "sss.context", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
725
726 { &hf_frag_handle,
727 { "Fragment Handle", "sss.frag_handle", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
728
729 { &hf_length,
730 { "Length", "sss.length", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
731
732 { &hf_verb,
733 { "Verb", "sss.verb", FT_UINT32, BASE_HEX, VALS(sss_verb_enum), 0x0, NULL, HFILL }},
734
735 { &hf_user,
736 { "User", "sss.user", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
737
738 { &hf_secret,
739 { "Secret ID", "sss.secret", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
740
741 { &hf_sss_version,
742 { "SecretStore Protocol Version", "sss.version", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }},
743
744 { &hf_return_code,
745 { "Return Code", "sss.return_code", FT_UINT32, BASE_HEX, VALS(sss_errors_enum), 0x0, NULL, HFILL }},
746
747 { &hf_enc_cred,
748 { "Encrypted Credential", "sss.enc_cred", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
749
750 { &hf_enc_data,
751 { "Encrypted Data", "sss.enc_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
752
753 { &hfbit1,
754 { "Enhanced Protection", "ncp.sss_bit1", FT_BOOLEAN, 32, NULL, 0x00000001, NULL, HFILL }},
755
756 { &hfbit2,
757 { "Create ID", "ncp.sss_bit2", FT_BOOLEAN, 32, NULL, 0x00000002, NULL, HFILL }},
758
759 { &hfbit3,
760 { "Remove Lock", "ncp.sss_bit3", FT_BOOLEAN, 32, NULL, 0x00000004, NULL, HFILL }},
761
762 { &hfbit4,
763 { "Repair", "ncp.sss_bit4", FT_BOOLEAN, 32, NULL, 0x00000008, NULL, HFILL }},
764
765 { &hfbit5,
766 { "Unicode", "ncp.sss_bit5", FT_BOOLEAN, 32, NULL, 0x00000010, NULL, HFILL }},
767
768 { &hfbit6,
769 { "EP Master Password Used", "ncp.sss_bit6", FT_BOOLEAN, 32, NULL, 0x00000020, NULL, HFILL }},
770
771 { &hfbit7,
772 { "EP Password Used", "ncp.sss_bit7", FT_BOOLEAN, 32, NULL, 0x00000040, NULL, HFILL }},
773
774 { &hfbit8,
775 { "Set Tree Name", "ncp.sss_bit8", FT_BOOLEAN, 32, NULL, 0x00000080, NULL, HFILL }},
776
777 { &hfbit9,
778 { "Get Context", "ncp.sss_bit9", FT_BOOLEAN, 32, NULL, 0x00000100, NULL, HFILL }},
779
780 { &hfbit10,
781 { "Destroy Context", "ncp.sss_bit10", FT_BOOLEAN, 32, NULL, 0x00000200, NULL, HFILL }},
782
783 { &hfbit11,
784 { "Not Defined", "ncp.sss_bit11", FT_BOOLEAN, 32, NULL, 0x00000400, NULL, HFILL }},
785
786 { &hfbit12,
787 { "Not Defined", "ncp.sss_bit12", FT_BOOLEAN, 32, NULL, 0x00000800, NULL, HFILL }},
788
789 { &hfbit13,
790 { "Not Defined", "ncp.sss_bit13", FT_BOOLEAN, 32, NULL, 0x00001000, NULL, HFILL }},
791
792 { &hfbit14,
793 { "Not Defined", "ncp.sss_bit14", FT_BOOLEAN, 32, NULL, 0x00002000, NULL, HFILL }},
794
795 { &hfbit15,
796 { "Not Defined", "ncp.sss_bit15", FT_BOOLEAN, 32, NULL, 0x00004000, NULL, HFILL }},
797
798 { &hfbit16,
799 { "Not Defined", "ncp.sss_bit16", FT_BOOLEAN, 32, NULL, 0x00008000, NULL, HFILL }},
800
801 { &hfbit17,
802 { "EP Lock", "ncp.sss_bit17", FT_BOOLEAN, 32, NULL, 0x00010000, NULL, HFILL }},
803
804 { &hfbit18,
805 { "Not Initialized", "ncp.sss_bit18", FT_BOOLEAN, 32, NULL, 0x00020000, NULL, HFILL }},
806
807 { &hfbit19,
808 { "Enhanced Protection", "ncp.sss_bit19", FT_BOOLEAN, 32, NULL, 0x00040000, NULL, HFILL }},
809
810 { &hfbit20,
811 { "Store Not Synced", "ncp.sss_bit20", FT_BOOLEAN, 32, NULL, 0x00080000, NULL, HFILL }},
812
813 { &hfbit21,
814 { "Admin Last Modified", "ncp.sss_bit21", FT_BOOLEAN, 32, NULL, 0x00100000, NULL, HFILL }},
815
816 { &hfbit22,
817 { "EP Password Present", "ncp.sss_bit22", FT_BOOLEAN, 32, NULL, 0x00200000, NULL, HFILL }},
818
819 { &hfbit23,
820 { "EP Master Password Present", "ncp.sss_bit23", FT_BOOLEAN, 32, NULL, 0x00400000, NULL, HFILL }},
821
822 { &hfbit24,
823 { "MP Disabled", "ncp.sss_bit24", FT_BOOLEAN, 32, NULL, 0x00800000, NULL, HFILL }},
824
825 { &hfbit25,
826 { "Not Defined", "ncp.sss_bit25", FT_BOOLEAN, 32, NULL, 0x01000000, NULL, HFILL }},
827
828 { &hfbit26,
829 { "Not Defined", "ncp.sss_bit26", FT_BOOLEAN, 32, NULL, 0x02000000, NULL, HFILL }},
830
831 { &hfbit27,
832 { "Not Defined", "ncp.sss_bit27", FT_BOOLEAN, 32, NULL, 0x04000000, NULL, HFILL }},
833
834 { &hfbit28,
835 { "Not Defined", "ncp.sss_bit28", FT_BOOLEAN, 32, NULL, 0x08000000, NULL, HFILL }},
836
837 { &hfbit29,
838 { "Not Defined", "ncp.sss_bit29", FT_BOOLEAN, 32, NULL, 0x10000000, NULL, HFILL }},
839
840 { &hfbit30,
841 { "Not Defined", "ncp.sss_bit30", FT_BOOLEAN, 32, NULL, 0x20000000, NULL, HFILL }},
842
843 { &hfbit31,
844 { "Not Defined", "ncp.sss_bit31", FT_BOOLEAN, 32, NULL, 0x40000000, NULL, HFILL }},
845
846 { &hfbit32,
847 { "Not Defined", "ncp.sss_bit32", FT_BOOLEAN, 32, NULL, 0x80000000, NULL, HFILL }}
848 };
849
850 static gint *ett[] = {
851 &ett_sss
852 };
853
854 static ei_register_info ei[] = {
855 { &ei_return_code, { "sss.return_code.expert", PI_RESPONSE_CODE, PI_NOTE, "SSS Error", EXPFILL }}
856 };
857
858 expert_module_t* expert_sss;
859 /*module_t *sss_module;*/
860
861 proto_sss = proto_register_protocol("Novell SecretStore Services", "SSS", "sss");
862 proto_register_field_array(proto_sss, hf_sss, array_length(hf_sss));
863 proto_register_subtree_array(ett, array_length(ett));
864 expert_sss = expert_register_protocol(proto_sss);
865 expert_register_field_array(expert_sss, ei, array_length(ei));
866 }
867
868 /*
869 * Editor modelines - http://www.wireshark.org/tools/modelines.html
870 *
871 * Local variables:
872 * c-basic-offset: 4
873 * tab-width: 4
874 * indent-tabs-mode: nil
875 * End:
876 *
877 * vi: set shiftwidth=4 tabstop=4 expandtab:
878 * :indentSize=4:tabSize=4:noTabs=true:
879 */
880