static krb5_error_code samba_wdc_check_client_access(void *priv,
krb5_context context,
krb5_kdc_configuration *config,
hdb_entry_ex *client_ex, const char *client_name,
hdb_entry_ex *server_ex, const char *server_name,
KDC_REQ *req,
krb5_data *e_data)
{
struct samba_kdc_entry *kdc_entry;
bool password_change;
char *workstation;
NTSTATUS nt_status;
kdc_entry = talloc_get_type(client_ex->ctx, struct samba_kdc_entry);
password_change = (server_ex && server_ex->entry.flags.change_pw);
workstation = get_netbios_name((TALLOC_CTX *)client_ex->ctx,
req->req_body.addresses);
nt_status = samba_kdc_check_client_access(kdc_entry,
client_name,
workstation,
password_change);
if (!NT_STATUS_IS_OK(nt_status)) {
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) {
return ENOMEM;
}
if (e_data) {
DATA_BLOB data;
samba_kdc_build_edata_reply(nt_status, &data);
*e_data = fill_krb5_data(data.data, data.length);
}
return samba_kdc_map_policy_err(nt_status);
}
/* Now do the standard Heimdal check */
return kdc_check_flags(context, config,
client_ex, client_name,
server_ex, server_name,
req->msg_type == krb_as_req);
}
void
netbios_add_name(const char* label, tvbuff_t *tvb, int offset, proto_tree *tree)
{/* add a name field display tree. Display the name and station type in sub-tree */
proto_tree *field_tree;
proto_item *tf;
char name_str[(NETBIOS_NAME_LEN - 1)*4 + 1];
int name_type;
const char *name_type_str;
/* decode the name field */
name_type = get_netbios_name( tvb, offset, name_str, (NETBIOS_NAME_LEN - 1)*4 + 1);
name_type_str = netbios_name_type_descr(name_type);
tf = proto_tree_add_text( tree, tvb, offset, NETBIOS_NAME_LEN,
"%s: %s<%02x> (%s)", label, name_str, name_type, name_type_str);
field_tree = proto_item_add_subtree( tf, ett_netb_name);
proto_tree_add_string_format( field_tree, hf_netb_nb_name, tvb, offset,
15, name_str, "%s", name_str);
proto_tree_add_uint_format( field_tree, hf_netb_nb_name_type, tvb, offset + 15, 1, name_type,
"0x%02x (%s)", name_type, name_type_str);
}
static int
dissect_nbipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
{
gboolean has_routes;
proto_tree *nbipx_tree = NULL;
proto_item *ti = NULL;
int offset = 0;
guint8 packet_type;
proto_tree *name_type_flag_tree;
proto_item *tf;
char name[(NETBIOS_NAME_LEN - 1)*4 + 1];
int name_type;
gboolean has_payload;
tvbuff_t *next_tvb;
ipxhdr_t *ipxh;
/* Reject the packet if data is NULL */
if (data == NULL)
return 0;
ipxh = (ipxhdr_t*)data;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBIPX");
col_clear(pinfo->cinfo, COL_INFO);
if (ipxh->ipx_type == IPX_PACKET_TYPE_WANBCAST) {
/*
* This is a WAN Broadcast packet; we assume it will have
* 8 IPX addresses at the beginning.
*/
has_routes = TRUE;
} else {
/*
* This isn't a WAN Broadcast packet, but it still might
* have the 8 addresses.
*
* If it's the right length for a name operation,
* and, if we assume it has routes, the packet type
* is a name operation, assume it has routes.
*
* NOTE: this will throw an exception if the byte that
* would be the packet type byte if this has the 8
* addresses isn't present; if that's the case, we don't
* know how to interpret this packet, so we can't dissect
* it anyway.
*/
has_routes = FALSE; /* start out assuming it doesn't */
if (tvb_reported_length(tvb) == 50) {
packet_type = tvb_get_guint8(tvb, offset + 32 + 1);
switch (packet_type) {
case NBIPX_FIND_NAME:
case NBIPX_NAME_RECOGNIZED:
case NBIPX_CHECK_NAME:
case NBIPX_NAME_IN_USE:
case NBIPX_DEREGISTER_NAME:
has_routes = TRUE;
break;
}
}
}
if (tree) {
ti = proto_tree_add_item(tree, proto_nbipx, tvb, 0,
-1, ENC_NA);
nbipx_tree = proto_item_add_subtree(ti, ett_nbipx);
}
if (has_routes) {
if (tree)
add_routers(nbipx_tree, tvb, 0);
offset += 32;
}
packet_type = tvb_get_guint8(tvb, offset + 1);
switch (packet_type) {
case NBIPX_FIND_NAME:
case NBIPX_NAME_RECOGNIZED:
case NBIPX_CHECK_NAME:
case NBIPX_NAME_IN_USE:
case NBIPX_DEREGISTER_NAME:
name_type = get_netbios_name(tvb, offset+2, name, (NETBIOS_NAME_LEN - 1)*4 + 1);
col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s<%02x>",
val_to_str_const(packet_type, nbipx_data_stream_type_vals, "Unknown"),
name, name_type);
if (nbipx_tree) {
tf = proto_tree_add_item(nbipx_tree, hf_nbipx_name_flags, tvb, offset, 1, ENC_LITTLE_ENDIAN);
name_type_flag_tree = proto_item_add_subtree(tf, ett_nbipx_name_type_flags);
proto_tree_add_item(name_type_flag_tree, hf_nbipx_name_flags_group, tvb, offset, 1, ENC_LITTLE_ENDIAN);
proto_tree_add_item(name_type_flag_tree, hf_nbipx_name_flags_in_use, tvb, offset, 1, ENC_LITTLE_ENDIAN);
proto_tree_add_item(name_type_flag_tree, hf_nbipx_name_flags_registered, tvb, offset, 1, ENC_LITTLE_ENDIAN);
proto_tree_add_item(name_type_flag_tree, hf_nbipx_name_flags_duplicated, tvb, offset, 1, ENC_LITTLE_ENDIAN);
proto_tree_add_item(name_type_flag_tree, hf_nbipx_name_flags_deregistered, tvb, offset, 1, ENC_LITTLE_ENDIAN);
}
offset += 1;
proto_tree_add_uint(nbipx_tree, hf_nbipx_packettype, tvb, offset, 1, packet_type);
offset += 1;
if (nbipx_tree)
netbios_add_name("Name", tvb, offset, nbipx_tree);
offset += NETBIOS_NAME_LEN;
/*
* No payload to be interpreted by another protocol.
*/
has_payload = FALSE;
break;
case NBIPX_SESSION_DATA:
case NBIPX_SESSION_END:
case NBIPX_SESSION_END_ACK:
col_set_str(pinfo->cinfo, COL_INFO,
val_to_str_const(packet_type, nbipx_data_stream_type_vals, "Unknown"));
dissect_conn_control(tvb, offset, nbipx_tree);
offset += 1;
proto_tree_add_uint(nbipx_tree, hf_nbipx_packettype, tvb, offset, 1, packet_type);
offset += 1;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_src_conn_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_dest_conn_id, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_send_seq_number, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_total_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_data_length, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_recv_seq_number, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
proto_tree_add_item(nbipx_tree, hf_nbipx_session_bytes_received, tvb, offset, 2, ENC_LITTLE_ENDIAN);
offset += 2;
/*
* We may have payload to dissect.
*/
has_payload = TRUE;
break;
case NBIPX_DIRECTED_DATAGRAM:
col_set_str(pinfo->cinfo, COL_INFO,
val_to_str_const(packet_type, nbipx_data_stream_type_vals, "Unknown"));
dissect_conn_control(tvb, offset, nbipx_tree);
offset += 1;
proto_tree_add_uint(nbipx_tree, hf_nbipx_packettype, tvb, offset, 1, packet_type);
offset += 1;
if (nbipx_tree)
netbios_add_name("Receiver's Name", tvb, offset,
nbipx_tree);
offset += NETBIOS_NAME_LEN;
if (nbipx_tree)
netbios_add_name("Sender's Name", tvb, offset,
nbipx_tree);
offset += NETBIOS_NAME_LEN;
/*
* We may have payload to dissect.
*/
has_payload = TRUE;
break;
default:
col_set_str(pinfo->cinfo, COL_INFO,
val_to_str_const(packet_type, nbipx_data_stream_type_vals, "Unknown"));
/*
* We don't know what the first byte is.
*/
offset += 1;
/*
* The second byte is a data stream type byte.
*/
proto_tree_add_uint(nbipx_tree, hf_nbipx_packettype, tvb, offset, 1, packet_type);
offset += 1;
/*
* We don't know what the rest of the packet is.
*/
has_payload = FALSE;
}
/*
* Set the length of the NBIPX tree item.
*/
if (ti != NULL)
proto_item_set_len(ti, offset);
if (has_payload && tvb_offset_exists(tvb, offset)) {
next_tvb = tvb_new_subset_remaining(tvb, offset);
dissect_netbios_payload(next_tvb, pinfo, tree);
}
return tvb_captured_length(tvb);
}
static void
dissect_nmpi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *nmpi_tree = NULL;
proto_item *ti;
int offset = 0;
guint8 opcode;
guint8 nmpi_name_type;
char name[(NETBIOS_NAME_LEN - 1)*4 + 1];
int name_type;
char node_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
int node_name_type = 0;
tvbuff_t *next_tvb;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NMPI");
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
ti = proto_tree_add_item(tree, proto_nmpi, tvb, offset, 68,
FALSE);
nmpi_tree = proto_item_add_subtree(ti, ett_nmpi);
add_routers(nmpi_tree, tvb, offset);
}
offset += 32;
/*
* XXX - we don't use "node_name" or "node_name_type".
*/
opcode = tvb_get_guint8(tvb, offset);
nmpi_name_type = tvb_get_guint8(tvb, offset+1);
name_type = get_netbios_name(tvb, offset+4, name, (NETBIOS_NAME_LEN - 1)*4 + 1);
node_name_type = get_netbios_name(tvb, offset+20, node_name, (NETBIOS_NAME_LEN - 1)*4 + 1);
if (check_col(pinfo->cinfo, COL_INFO)) {
switch (opcode) {
case INAME_CLAIM:
col_add_fstr(pinfo->cinfo, COL_INFO, "Claim name %s<%02x>",
name, name_type);
break;
case INAME_DELETE:
col_add_fstr(pinfo->cinfo, COL_INFO, "Delete name %s<%02x>",
name, name_type);
break;
case INAME_QUERY:
col_add_fstr(pinfo->cinfo, COL_INFO, "Query name %s<%02x>",
name, name_type);
break;
case INAME_FOUND:
col_add_fstr(pinfo->cinfo, COL_INFO, "Name %s<%02x> found",
name, name_type);
break;
case IMSG_HANGUP:
col_add_fstr(pinfo->cinfo, COL_INFO,
"Messenger hangup on %s<%02x>", name, name_type);
break;
case IMSLOT_SEND:
col_add_fstr(pinfo->cinfo, COL_INFO,
"Mailslot write to %s<%02x>", name, name_type);
break;
case IMSLOT_FIND:
col_add_fstr(pinfo->cinfo, COL_INFO,
"Find mailslot name %s<%02x>", name, name_type);
break;
case IMSLOT_NAME:
col_add_fstr(pinfo->cinfo, COL_INFO,
"Mailslot name %s<%02x> found", name, name_type);
break;
default:
col_add_fstr(pinfo->cinfo, COL_INFO,
"Unknown NMPI op 0x%02x: name %s<%02x>",
opcode, name, name_type);
break;
}
}
if (tree) {
proto_tree_add_text(nmpi_tree, tvb, offset, 1,
"Opcode: %s (0x%02x)",
val_to_str(opcode, nmpi_opcode_vals, "Unknown"),
opcode);
proto_tree_add_text(nmpi_tree, tvb, offset+1, 1,
"Name Type: %s (0x%02x)",
val_to_str(nmpi_name_type, nmpi_name_type_vals, "Unknown"),
nmpi_name_type);
proto_tree_add_text(nmpi_tree, tvb, offset+2, 2,
"Message ID: 0x%04x",
tvb_get_letohs(tvb, offset+2));
netbios_add_name("Requested name", tvb, offset+4, nmpi_tree);
netbios_add_name("Source name", tvb, offset+20, nmpi_tree);
}
offset += 1 + 1 + 2 + NETBIOS_NAME_LEN + NETBIOS_NAME_LEN;
if (opcode == IMSLOT_SEND && tvb_offset_exists(tvb, offset)) {
next_tvb = tvb_new_subset_remaining(tvb, offset);
dissect_netbios_payload(next_tvb, pinfo, tree);
}
}
static void
dissect_nbipx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
gboolean has_routes;
proto_tree *nbipx_tree = NULL;
proto_item *ti = NULL;
int offset = 0;
guint8 packet_type;
guint8 name_type_flag;
proto_tree *name_type_flag_tree;
proto_item *tf;
char name[(NETBIOS_NAME_LEN - 1)*4 + 1];
int name_type;
gboolean has_payload;
tvbuff_t *next_tvb;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "NBIPX");
col_clear(pinfo->cinfo, COL_INFO);
if (pinfo->ipxptype == IPX_PACKET_TYPE_WANBCAST) {
/*
* This is a WAN Broadcast packet; we assume it will have
* 8 IPX addresses at the beginning.
*/
has_routes = TRUE;
} else {
/*
* This isn't a WAN Broadcast packet, but it still might
* have the 8 addresses.
*
* If it's the right length for a name operation,
* and, if we assume it has routes, the packet type
* is a name operation, assume it has routes.
*
* NOTE: this will throw an exception if the byte that
* would be the packet type byte if this has the 8
* addresses isn't present; if that's the case, we don't
* know how to interpret this packet, so we can't dissect
* it anyway.
*/
has_routes = FALSE; /* start out assuming it doesn't */
if (tvb_reported_length(tvb) == 50) {
packet_type = tvb_get_guint8(tvb, offset + 32 + 1);
switch (packet_type) {
case NBIPX_FIND_NAME:
case NBIPX_NAME_RECOGNIZED:
case NBIPX_CHECK_NAME:
case NBIPX_NAME_IN_USE:
case NBIPX_DEREGISTER_NAME:
has_routes = TRUE;
break;
}
}
}
if (tree) {
ti = proto_tree_add_item(tree, proto_nbipx, tvb, 0,
-1, FALSE);
nbipx_tree = proto_item_add_subtree(ti, ett_nbipx);
}
if (has_routes) {
if (tree)
add_routers(nbipx_tree, tvb, 0);
offset += 32;
}
packet_type = tvb_get_guint8(tvb, offset + 1);
switch (packet_type) {
case NBIPX_FIND_NAME:
case NBIPX_NAME_RECOGNIZED:
case NBIPX_CHECK_NAME:
case NBIPX_NAME_IN_USE:
case NBIPX_DEREGISTER_NAME:
name_type_flag = tvb_get_guint8(tvb, offset);
name_type = get_netbios_name(tvb, offset+2, name, (NETBIOS_NAME_LEN - 1)*4 + 1);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%s %s<%02x>",
val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"),
name, name_type);
}
if (nbipx_tree) {
tf = proto_tree_add_text(nbipx_tree, tvb, offset, 1,
"Name type flag: 0x%02x", name_type_flag);
name_type_flag_tree = proto_item_add_subtree(tf,
ett_nbipx_name_type_flags);
proto_tree_add_text(name_type_flag_tree, tvb, offset,
1, "%s",
decode_boolean_bitfield(name_type_flag, 0x80, 8,
"Group name", "Unique name"));
proto_tree_add_text(name_type_flag_tree, tvb, offset,
1, "%s",
decode_boolean_bitfield(name_type_flag, 0x40, 8,
"Name in use", "Name not used"));
proto_tree_add_text(name_type_flag_tree, tvb, offset,
1, "%s",
decode_boolean_bitfield(name_type_flag, 0x04, 8,
"Name registered", "Name not registered"));
proto_tree_add_text(name_type_flag_tree, tvb, offset,
1, "%s",
decode_boolean_bitfield(name_type_flag, 0x02, 8,
"Name duplicated", "Name not duplicated"));
proto_tree_add_text(name_type_flag_tree, tvb, offset,
1, "%s",
decode_boolean_bitfield(name_type_flag, 0x01, 8,
"Name deregistered", "Name not deregistered"));
}
offset += 1;
dissect_packet_type(tvb, offset, packet_type, nbipx_tree);
offset += 1;
if (nbipx_tree)
netbios_add_name("Name", tvb, offset, nbipx_tree);
offset += NETBIOS_NAME_LEN;
/*
* No payload to be interpreted by another protocol.
*/
has_payload = FALSE;
break;
case NBIPX_SESSION_DATA:
case NBIPX_SESSION_END:
case NBIPX_SESSION_END_ACK:
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"));
}
dissect_conn_control(tvb, offset, nbipx_tree);
offset += 1;
dissect_packet_type(tvb, offset, packet_type, nbipx_tree);
offset += 1;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Source connection ID: 0x%04X",
tvb_get_letohs(tvb, offset));
}
offset += 2;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Destination connection ID: 0x%04X",
tvb_get_letohs(tvb, offset));
}
offset += 2;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Send sequence number: %u",
tvb_get_letohs(tvb, offset));
}
offset += 2;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Total data length: %u",
tvb_get_letohs(tvb, offset));
}
offset += 2;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Offset: %u",
tvb_get_letohs(tvb, offset));
}
offset += 2;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Data length: %u",
tvb_get_letohs(tvb, offset));
}
offset += 2;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Receive sequence number: %u",
tvb_get_letohs(tvb, offset));
}
offset += 2;
if (nbipx_tree) {
proto_tree_add_text(nbipx_tree, tvb, offset, 2,
"Bytes received: %u",
tvb_get_letohs(tvb, offset));
}
offset += 2;
/*
* We may have payload to dissect.
*/
has_payload = TRUE;
break;
case NBIPX_DIRECTED_DATAGRAM:
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"));
}
dissect_conn_control(tvb, offset, nbipx_tree);
offset += 1;
dissect_packet_type(tvb, offset, packet_type, nbipx_tree);
offset += 1;
if (nbipx_tree)
netbios_add_name("Receiver's Name", tvb, offset,
nbipx_tree);
offset += NETBIOS_NAME_LEN;
if (nbipx_tree)
netbios_add_name("Sender's Name", tvb, offset,
nbipx_tree);
offset += NETBIOS_NAME_LEN;
/*
* We may have payload to dissect.
*/
has_payload = TRUE;
break;
default:
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_str(pinfo->cinfo, COL_INFO,
val_to_str(packet_type, nbipx_data_stream_type_vals, "Unknown"));
}
/*
* We don't know what the first byte is.
*/
offset += 1;
/*
* The second byte is a data stream type byte.
*/
dissect_packet_type(tvb, offset, packet_type, nbipx_tree);
offset += 1;
/*
* We don't know what the rest of the packet is.
*/
has_payload = FALSE;
}
/*
* Set the length of the NBIPX tree item.
*/
if (ti != NULL)
proto_item_set_len(ti, offset);
if (has_payload && tvb_offset_exists(tvb, offset)) {
next_tvb = tvb_new_subset_remaining(tvb, offset);
dissect_netbios_payload(next_tvb, pinfo, tree);
}
}
