/src/wireshark/epan/dissectors/packet-ldap.c
Line | Count | Source |
1 | | /* Do not modify this file. Changes will be overwritten. */ |
2 | | /* Generated automatically by the ASN.1 to Wireshark dissector compiler */ |
3 | | /* packet-ldap.c */ |
4 | | /* asn2wrs.py -b -q -L -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../.. Lightweight-Directory-Access-Protocol-V3.asn */ |
5 | | |
6 | | /* packet-ldap-template.c |
7 | | * Routines for ldap packet dissection |
8 | | * |
9 | | * See RFC 3494 (LDAP v2), RFC 4511 (LDAP v3), and RFC 2222 (SASL). |
10 | | * |
11 | | * Wireshark - Network traffic analyzer |
12 | | * By Gerald Combs <gerald@wireshark.org> |
13 | | * Copyright 1998 Gerald Combs |
14 | | * |
15 | | * SPDX-License-Identifier: GPL-2.0-or-later |
16 | | */ |
17 | | |
18 | | /* |
19 | | * This is not a complete implementation. It doesn't handle the full version 3, more specifically, |
20 | | * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported. |
21 | | * It's also missing extensible search filters. |
22 | | * |
23 | | * There should probably be a lot more error checking, I simply assume that if we have a full packet, it will be a complete |
24 | | * and correct packet. |
25 | | * |
26 | | * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add |
27 | | * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what |
28 | | * I can do. |
29 | | * |
30 | | * Doug Nazar |
31 | | * nazard@dragoninc.on.ca |
32 | | */ |
33 | | |
34 | | /* |
35 | | * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the |
36 | | * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2 |
37 | | * TCP segments. |
38 | | * |
39 | | * Ronald W. Henderson |
40 | | * ronald.henderson@cognicaseusa.com |
41 | | */ |
42 | | |
43 | | /* |
44 | | * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC |
45 | | * using information from the SNIA 2003 conference paper : |
46 | | * Active Directory Domain Controller Location Service |
47 | | * by Anthony Liguori |
48 | | * ronnie sahlberg |
49 | | */ |
50 | | |
51 | | /* |
52 | | * 17-DEC-2004 - added basic decoding for LDAP Controls |
53 | | * 20-DEC-2004 - added handling for GSS-API encrypted blobs |
54 | | * |
55 | | * Stefan Metzmacher <metze@samba.org> |
56 | | * |
57 | | * 15-NOV-2005 - Changed to use the asn2wrs compiler |
58 | | * Anders Broman <anders.broman@ericsson.com> |
59 | | */ |
60 | | |
61 | | /* |
62 | | * 3-AUG-2008 - Extended the cldap support to include all netlogon data types. |
63 | | * Updated cldap_netlogon_flags to include Windows 2008 flags |
64 | | * Expanded the ntver ldap option with bit field |
65 | | * |
66 | | * Gary Reynolds <gazzadownunder@yahoo.co.uk> |
67 | | */ |
68 | | |
69 | | /* |
70 | | * 09-DEC-2009 - Added support for RFC4533 |
71 | | * Content Synchronization Operation (aka syncrepl) |
72 | | * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511) |
73 | | * Mathieu Parent <math.parent@gmail.com> |
74 | | */ |
75 | | |
76 | | #include "config.h" |
77 | | |
78 | | #include <epan/packet.h> |
79 | | #include <epan/exceptions.h> |
80 | | #include <epan/conversation.h> |
81 | | #include <epan/prefs.h> |
82 | | #include <epan/tap.h> |
83 | | #include <epan/srt_table.h> |
84 | | #include <epan/oids.h> |
85 | | #include <epan/strutil.h> |
86 | | #include <epan/show_exception.h> |
87 | | #include <epan/asn1.h> |
88 | | #include <epan/proto_data.h> |
89 | | #include <epan/expert.h> |
90 | | #include <epan/uat.h> |
91 | | #include <epan/charsets.h> |
92 | | #include <epan/tfs.h> |
93 | | #include <wsutil/str_util.h> |
94 | | #include <wsutil/array.h> |
95 | | #include "packet-frame.h" |
96 | | #include "packet-tcp.h" |
97 | | #include "packet-windows-common.h" |
98 | | #include "packet-dcerpc.h" |
99 | | |
100 | | #include "packet-ldap.h" |
101 | | #include "packet-ntlmssp.h" |
102 | | #include "packet-tls.h" |
103 | | #include "packet-tls-utils.h" |
104 | | #include "packet-gssapi.h" |
105 | | #include "packet-acdr.h" |
106 | | |
107 | | #include "packet-ber.h" |
108 | | #include "packet-per.h" |
109 | | #include "packet-dns.h" |
110 | | |
111 | 14 | #define PNAME "Lightweight Directory Access Protocol" |
112 | 14 | #define PSNAME "LDAP" |
113 | 14 | #define PFNAME "ldap" |
114 | | |
115 | | void proto_register_ldap(void); |
116 | | void proto_reg_handoff_ldap(void); |
117 | | |
118 | | /* Initialize the protocol and registered fields */ |
119 | | static int ldap_tap; |
120 | | static int proto_ldap; |
121 | | static int proto_cldap; |
122 | | |
123 | | static int hf_ldap_sasl_buffer_length; |
124 | | static int hf_ldap_response_in; |
125 | | static int hf_ldap_response_to; |
126 | | static int hf_ldap_time; |
127 | | static int hf_ldap_guid; |
128 | | |
129 | | static int hf_mscldap_ntver_flags; |
130 | | static int hf_mscldap_ntver_flags_v1; |
131 | | static int hf_mscldap_ntver_flags_v5; |
132 | | static int hf_mscldap_ntver_flags_v5ex; |
133 | | static int hf_mscldap_ntver_flags_v5ep; |
134 | | static int hf_mscldap_ntver_flags_vcs; |
135 | | static int hf_mscldap_ntver_flags_vnt4; |
136 | | static int hf_mscldap_ntver_flags_vpdc; |
137 | | static int hf_mscldap_ntver_flags_vip; |
138 | | static int hf_mscldap_ntver_flags_vl; |
139 | | static int hf_mscldap_ntver_flags_vgc; |
140 | | |
141 | | static int hf_mscldap_netlogon_ipaddress_family; |
142 | | static int hf_mscldap_netlogon_ipaddress_port; |
143 | | static int hf_mscldap_netlogon_ipaddress; |
144 | | static int hf_mscldap_netlogon_ipaddress_ipv4; |
145 | | static int hf_mscldap_netlogon_ipaddress_zero; |
146 | | static int hf_mscldap_netlogon_opcode; |
147 | | static int hf_mscldap_netlogon_flags; |
148 | | static int hf_mscldap_netlogon_flags_pdc; |
149 | | static int hf_mscldap_netlogon_flags_gc; |
150 | | static int hf_mscldap_netlogon_flags_ldap; |
151 | | static int hf_mscldap_netlogon_flags_ds; |
152 | | static int hf_mscldap_netlogon_flags_kdc; |
153 | | static int hf_mscldap_netlogon_flags_timeserv; |
154 | | static int hf_mscldap_netlogon_flags_closest; |
155 | | static int hf_mscldap_netlogon_flags_writable; |
156 | | static int hf_mscldap_netlogon_flags_good_timeserv; |
157 | | static int hf_mscldap_netlogon_flags_ndnc; |
158 | | static int hf_mscldap_netlogon_flags_fnc; |
159 | | static int hf_mscldap_netlogon_flags_dnc; |
160 | | static int hf_mscldap_netlogon_flags_dns; |
161 | | static int hf_mscldap_netlogon_flags_wdc; |
162 | | static int hf_mscldap_netlogon_flags_rodc; |
163 | | static int hf_mscldap_domain_guid; |
164 | | static int hf_mscldap_forest; |
165 | | static int hf_mscldap_domain; |
166 | | static int hf_mscldap_hostname; |
167 | | static int hf_mscldap_nb_domain_z; |
168 | | static int hf_mscldap_nb_domain; |
169 | | static int hf_mscldap_nb_hostname_z; |
170 | | static int hf_mscldap_nb_hostname; |
171 | | static int hf_mscldap_username_z; |
172 | | static int hf_mscldap_username; |
173 | | static int hf_mscldap_sitename; |
174 | | static int hf_mscldap_clientsitename; |
175 | | static int hf_mscldap_nextclosestsitename; |
176 | | static int hf_mscldap_netlogon_lm_token; |
177 | | static int hf_mscldap_netlogon_nt_token; |
178 | | static int hf_ldap_sid; |
179 | | static int hf_ldap_AccessMask_ADS_CREATE_CHILD; |
180 | | static int hf_ldap_AccessMask_ADS_DELETE_CHILD; |
181 | | static int hf_ldap_AccessMask_ADS_LIST; |
182 | | static int hf_ldap_AccessMask_ADS_SELF_WRITE; |
183 | | static int hf_ldap_AccessMask_ADS_READ_PROP; |
184 | | static int hf_ldap_AccessMask_ADS_WRITE_PROP; |
185 | | static int hf_ldap_AccessMask_ADS_DELETE_TREE; |
186 | | static int hf_ldap_AccessMask_ADS_LIST_OBJECT; |
187 | | static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS; |
188 | | static int hf_ldap_LDAPMessage_PDU; |
189 | | static int hf_ldap_object_security_flag; |
190 | | static int hf_ldap_ancestor_first_flag; |
191 | | static int hf_ldap_public_data_only_flag; |
192 | | static int hf_ldap_incremental_value_flag; |
193 | | static int hf_ldap_oid; |
194 | | static int hf_ldap_gssapi_encrypted_payload; |
195 | | |
196 | | static int hf_ldap_SearchControlValue_PDU; /* SearchControlValue */ |
197 | | static int hf_ldap_SortKeyList_PDU; /* SortKeyList */ |
198 | | static int hf_ldap_SortResult_PDU; /* SortResult */ |
199 | | static int hf_ldap_DirSyncControlValue_PDU; /* DirSyncControlValue */ |
200 | | static int hf_ldap_PasswdModifyRequestValue_PDU; /* PasswdModifyRequestValue */ |
201 | | static int hf_ldap_CancelRequestValue_PDU; /* CancelRequestValue */ |
202 | | static int hf_ldap_SyncRequestValue_PDU; /* SyncRequestValue */ |
203 | | static int hf_ldap_SyncStateValue_PDU; /* SyncStateValue */ |
204 | | static int hf_ldap_SyncDoneValue_PDU; /* SyncDoneValue */ |
205 | | static int hf_ldap_SyncInfoValue_PDU; /* SyncInfoValue */ |
206 | | static int hf_ldap_PasswordPolicyResponseValue_PDU; /* PasswordPolicyResponseValue */ |
207 | | static int hf_ldap_messageID; /* MessageID */ |
208 | | static int hf_ldap_protocolOp; /* ProtocolOp */ |
209 | | static int hf_ldap_controls; /* Controls */ |
210 | | static int hf_ldap_bindRequest; /* BindRequest */ |
211 | | static int hf_ldap_bindResponse; /* BindResponse */ |
212 | | static int hf_ldap_unbindRequest; /* UnbindRequest */ |
213 | | static int hf_ldap_searchRequest; /* SearchRequest */ |
214 | | static int hf_ldap_searchResEntry; /* SearchResultEntry */ |
215 | | static int hf_ldap_searchResDone; /* SearchResultDone */ |
216 | | static int hf_ldap_searchResRef; /* SearchResultReference */ |
217 | | static int hf_ldap_modifyRequest; /* ModifyRequest */ |
218 | | static int hf_ldap_modifyResponse; /* ModifyResponse */ |
219 | | static int hf_ldap_addRequest; /* AddRequest */ |
220 | | static int hf_ldap_addResponse; /* AddResponse */ |
221 | | static int hf_ldap_delRequest; /* DelRequest */ |
222 | | static int hf_ldap_delResponse; /* DelResponse */ |
223 | | static int hf_ldap_modDNRequest; /* ModifyDNRequest */ |
224 | | static int hf_ldap_modDNResponse; /* ModifyDNResponse */ |
225 | | static int hf_ldap_compareRequest; /* CompareRequest */ |
226 | | static int hf_ldap_compareResponse; /* CompareResponse */ |
227 | | static int hf_ldap_abandonRequest; /* AbandonRequest */ |
228 | | static int hf_ldap_extendedReq; /* ExtendedRequest */ |
229 | | static int hf_ldap_extendedResp; /* ExtendedResponse */ |
230 | | static int hf_ldap_intermediateResponse; /* IntermediateResponse */ |
231 | | static int hf_ldap_AttributeDescriptionList_item; /* AttributeDescription */ |
232 | | static int hf_ldap_attributeDesc; /* AttributeDescription */ |
233 | | static int hf_ldap_assertionValue; /* AssertionValue */ |
234 | | static int hf_ldap_type; /* AttributeDescription */ |
235 | | static int hf_ldap_vals; /* SET_OF_AttributeValue */ |
236 | | static int hf_ldap_vals_item; /* AttributeValue */ |
237 | | static int hf_ldap_resultCode; /* T_resultCode */ |
238 | | static int hf_ldap_matchedDN; /* LDAPDN */ |
239 | | static int hf_ldap_errorMessage; /* ErrorMessage */ |
240 | | static int hf_ldap_referral; /* Referral */ |
241 | | static int hf_ldap_Referral_item; /* LDAPURL */ |
242 | | static int hf_ldap_Controls_item; /* Control */ |
243 | | static int hf_ldap_controlType; /* ControlType */ |
244 | | static int hf_ldap_criticality; /* BOOLEAN */ |
245 | | static int hf_ldap_controlValue; /* T_controlValue */ |
246 | | static int hf_ldap_version; /* INTEGER_1_127 */ |
247 | | static int hf_ldap_name; /* LDAPDN */ |
248 | | static int hf_ldap_authentication; /* AuthenticationChoice */ |
249 | | static int hf_ldap_simple; /* Simple */ |
250 | | static int hf_ldap_sasl; /* SaslCredentials */ |
251 | | static int hf_ldap_ntlmsspNegotiate; /* T_ntlmsspNegotiate */ |
252 | | static int hf_ldap_ntlmsspAuth; /* T_ntlmsspAuth */ |
253 | | static int hf_ldap_mechanism; /* Mechanism */ |
254 | | static int hf_ldap_credentials; /* Credentials */ |
255 | | static int hf_ldap_bindResponse_resultCode; /* BindResponse_resultCode */ |
256 | | static int hf_ldap_bindResponse_matchedDN; /* T_bindResponse_matchedDN */ |
257 | | static int hf_ldap_serverSaslCreds; /* ServerSaslCreds */ |
258 | | static int hf_ldap_baseObject; /* LDAPDN */ |
259 | | static int hf_ldap_scope; /* T_scope */ |
260 | | static int hf_ldap_derefAliases; /* T_derefAliases */ |
261 | | static int hf_ldap_sizeLimit; /* INTEGER_0_maxInt */ |
262 | | static int hf_ldap_timeLimit; /* INTEGER_0_maxInt */ |
263 | | static int hf_ldap_typesOnly; /* BOOLEAN */ |
264 | | static int hf_ldap_filter; /* T_filter */ |
265 | | static int hf_ldap_searchRequest_attributes; /* AttributeDescriptionList */ |
266 | | static int hf_ldap_and; /* T_and */ |
267 | | static int hf_ldap_and_item; /* T_and_item */ |
268 | | static int hf_ldap_or; /* T_or */ |
269 | | static int hf_ldap_or_item; /* T_or_item */ |
270 | | static int hf_ldap_not; /* T_not */ |
271 | | static int hf_ldap_equalityMatch; /* T_equalityMatch */ |
272 | | static int hf_ldap_substrings; /* SubstringFilter */ |
273 | | static int hf_ldap_greaterOrEqual; /* T_greaterOrEqual */ |
274 | | static int hf_ldap_lessOrEqual; /* T_lessOrEqual */ |
275 | | static int hf_ldap_present; /* T_present */ |
276 | | static int hf_ldap_approxMatch; /* T_approxMatch */ |
277 | | static int hf_ldap_extensibleMatch; /* T_extensibleMatch */ |
278 | | static int hf_ldap_substringFilter_substrings; /* T_substringFilter_substrings */ |
279 | | static int hf_ldap_substringFilter_substrings_item; /* T_substringFilter_substrings_item */ |
280 | | static int hf_ldap_initial; /* LDAPString */ |
281 | | static int hf_ldap_any; /* LDAPString */ |
282 | | static int hf_ldap_final; /* LDAPString */ |
283 | | static int hf_ldap_matchingRule; /* MatchingRuleId */ |
284 | | static int hf_ldap_matchValue; /* AssertionValue */ |
285 | | static int hf_ldap_dnAttributes; /* T_dnAttributes */ |
286 | | static int hf_ldap_objectName; /* LDAPDN */ |
287 | | static int hf_ldap_searchResultEntry_attributes; /* PartialAttributeList */ |
288 | | static int hf_ldap_PartialAttributeList_item; /* PartialAttributeList_item */ |
289 | | static int hf_ldap__untag_item; /* LDAPURL */ |
290 | | static int hf_ldap_object; /* LDAPDN */ |
291 | | static int hf_ldap_modifyRequest_modification; /* ModifyRequest_modification */ |
292 | | static int hf_ldap_modifyRequest_modification_item; /* T_modifyRequest_modification_item */ |
293 | | static int hf_ldap_operation; /* T_operation */ |
294 | | static int hf_ldap_modification; /* AttributeTypeAndValues */ |
295 | | static int hf_ldap_entry; /* LDAPDN */ |
296 | | static int hf_ldap_attributes; /* AttributeList */ |
297 | | static int hf_ldap_AttributeList_item; /* AttributeList_item */ |
298 | | static int hf_ldap_newrdn; /* RelativeLDAPDN */ |
299 | | static int hf_ldap_deleteoldrdn; /* BOOLEAN */ |
300 | | static int hf_ldap_newSuperior; /* LDAPDN */ |
301 | | static int hf_ldap_ava; /* AttributeValueAssertion */ |
302 | | static int hf_ldap_requestName; /* LDAPOID */ |
303 | | static int hf_ldap_requestValue; /* T_requestValue */ |
304 | | static int hf_ldap_extendedResponse_resultCode; /* ExtendedResponse_resultCode */ |
305 | | static int hf_ldap_responseName; /* ResponseName */ |
306 | | static int hf_ldap_response; /* OCTET_STRING */ |
307 | | static int hf_ldap_intermediateResponse_responseValue; /* T_intermediateResponse_responseValue */ |
308 | | static int hf_ldap_size; /* INTEGER */ |
309 | | static int hf_ldap_cookie; /* OCTET_STRING */ |
310 | | static int hf_ldap_SortKeyList_item; /* SortKeyList_item */ |
311 | | static int hf_ldap_attributeType; /* AttributeDescription */ |
312 | | static int hf_ldap_orderingRule; /* MatchingRuleId */ |
313 | | static int hf_ldap_reverseOrder; /* BOOLEAN */ |
314 | | static int hf_ldap_sortResult; /* T_sortResult */ |
315 | | static int hf_ldap_flags; /* DirSyncFlags */ |
316 | | static int hf_ldap_maxBytes; /* INTEGER */ |
317 | | static int hf_ldap_userIdentity; /* OCTET_STRING */ |
318 | | static int hf_ldap_oldPasswd; /* OCTET_STRING */ |
319 | | static int hf_ldap_newPasswd; /* OCTET_STRING */ |
320 | | static int hf_ldap_cancelID; /* MessageID */ |
321 | | static int hf_ldap_mode; /* T_mode */ |
322 | | static int hf_ldap_reloadHint; /* BOOLEAN */ |
323 | | static int hf_ldap_state; /* T_state */ |
324 | | static int hf_ldap_entryUUID; /* SyncUUID */ |
325 | | static int hf_ldap_refreshDeletes; /* BOOLEAN */ |
326 | | static int hf_ldap_newcookie; /* OCTET_STRING */ |
327 | | static int hf_ldap_refreshDelete; /* T_refreshDelete */ |
328 | | static int hf_ldap_refreshDone; /* BOOLEAN */ |
329 | | static int hf_ldap_refreshPresent; /* T_refreshPresent */ |
330 | | static int hf_ldap_syncIdSet; /* T_syncIdSet */ |
331 | | static int hf_ldap_syncUUIDs; /* SET_OF_SyncUUID */ |
332 | | static int hf_ldap_syncUUIDs_item; /* SyncUUID */ |
333 | | static int hf_ldap_warning; /* T_warning */ |
334 | | static int hf_ldap_timeBeforeExpiration; /* INTEGER_0_maxInt */ |
335 | | static int hf_ldap_graceAuthNsRemaining; /* INTEGER_0_maxInt */ |
336 | | static int hf_ldap_error; /* T_error */ |
337 | | |
338 | | /* Initialize the subtree pointers */ |
339 | | static int ett_ldap; |
340 | | static int ett_ldap_msg; |
341 | | static int ett_ldap_sasl_blob; |
342 | | static int ett_ldap_payload; |
343 | | static int ett_mscldap_netlogon_flags; |
344 | | static int ett_mscldap_ntver_flags; |
345 | | static int ett_mscldap_ipdetails; |
346 | | static int ett_ldap_DirSyncFlagsSubEntry; |
347 | | |
348 | | static int ett_ldap_LDAPMessage; |
349 | | static int ett_ldap_ProtocolOp; |
350 | | static int ett_ldap_AttributeDescriptionList; |
351 | | static int ett_ldap_AttributeValueAssertion; |
352 | | static int ett_ldap_Attribute; |
353 | | static int ett_ldap_SET_OF_AttributeValue; |
354 | | static int ett_ldap_LDAPResult; |
355 | | static int ett_ldap_Referral; |
356 | | static int ett_ldap_Controls; |
357 | | static int ett_ldap_Control; |
358 | | static int ett_ldap_BindRequest_U; |
359 | | static int ett_ldap_AuthenticationChoice; |
360 | | static int ett_ldap_SaslCredentials; |
361 | | static int ett_ldap_BindResponse_U; |
362 | | static int ett_ldap_SearchRequest_U; |
363 | | static int ett_ldap_Filter; |
364 | | static int ett_ldap_T_and; |
365 | | static int ett_ldap_T_or; |
366 | | static int ett_ldap_SubstringFilter; |
367 | | static int ett_ldap_T_substringFilter_substrings; |
368 | | static int ett_ldap_T_substringFilter_substrings_item; |
369 | | static int ett_ldap_MatchingRuleAssertion; |
370 | | static int ett_ldap_SearchResultEntry_U; |
371 | | static int ett_ldap_PartialAttributeList; |
372 | | static int ett_ldap_PartialAttributeList_item; |
373 | | static int ett_ldap_SEQUENCE_OF_LDAPURL; |
374 | | static int ett_ldap_ModifyRequest_U; |
375 | | static int ett_ldap_ModifyRequest_modification; |
376 | | static int ett_ldap_T_modifyRequest_modification_item; |
377 | | static int ett_ldap_AttributeTypeAndValues; |
378 | | static int ett_ldap_AddRequest_U; |
379 | | static int ett_ldap_AttributeList; |
380 | | static int ett_ldap_AttributeList_item; |
381 | | static int ett_ldap_ModifyDNRequest_U; |
382 | | static int ett_ldap_CompareRequest_U; |
383 | | static int ett_ldap_ExtendedRequest_U; |
384 | | static int ett_ldap_ExtendedResponse_U; |
385 | | static int ett_ldap_IntermediateResponse_U; |
386 | | static int ett_ldap_SearchControlValue; |
387 | | static int ett_ldap_SortKeyList; |
388 | | static int ett_ldap_SortKeyList_item; |
389 | | static int ett_ldap_SortResult; |
390 | | static int ett_ldap_DirSyncControlValue; |
391 | | static int ett_ldap_PasswdModifyRequestValue; |
392 | | static int ett_ldap_CancelRequestValue; |
393 | | static int ett_ldap_SyncRequestValue; |
394 | | static int ett_ldap_SyncStateValue; |
395 | | static int ett_ldap_SyncDoneValue; |
396 | | static int ett_ldap_SyncInfoValue; |
397 | | static int ett_ldap_T_refreshDelete; |
398 | | static int ett_ldap_T_refreshPresent; |
399 | | static int ett_ldap_T_syncIdSet; |
400 | | static int ett_ldap_SET_OF_SyncUUID; |
401 | | static int ett_ldap_PasswordPolicyResponseValue; |
402 | | static int ett_ldap_T_warning; |
403 | | |
404 | | static expert_field ei_ldap_exceeded_filter_length; |
405 | | static expert_field ei_ldap_too_many_filter_elements; |
406 | | |
407 | | static dissector_table_t ldap_name_dissector_table; |
408 | | static const char *object_identifier_id; /* LDAP OID */ |
409 | | |
410 | | static bool do_protocolop; |
411 | | static char *attr_type; |
412 | | static bool is_binary_attr_type; |
413 | | static bool ldap_found_in_frame; |
414 | | |
415 | 14 | #define TCP_PORT_RANGE_LDAP "389,3268" /* 3268 is Windows 2000 Global Catalog */ |
416 | | #define TCP_PORT_LDAPS 636 |
417 | 14 | #define UDP_PORT_CLDAP 389 |
418 | | |
419 | | /* desegmentation of LDAP */ |
420 | | static bool ldap_desegment = true; |
421 | | static unsigned global_ldaps_tcp_port = TCP_PORT_LDAPS; |
422 | | static unsigned ssl_port; |
423 | | |
424 | | static dissector_handle_t gssapi_handle; |
425 | | static dissector_handle_t gssapi_wrap_handle; |
426 | | static dissector_handle_t ntlmssp_handle; |
427 | | static dissector_handle_t spnego_handle; |
428 | | static dissector_handle_t tls_handle; |
429 | | static dissector_handle_t ldap_handle; |
430 | | static dissector_handle_t cldap_handle; |
431 | | |
432 | | static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */ |
433 | | |
434 | | |
435 | | /* different types of rpc calls on top of ms cldap */ |
436 | | #define MSCLDAP_RPC_NETLOGON 1 |
437 | | |
438 | | /* Message type Choice values */ |
439 | | static const value_string ldap_ProtocolOp_choice_vals[] = { |
440 | | { 0, "bindRequest" }, |
441 | | { 1, "bindResponse" }, |
442 | | { 2, "unbindRequest" }, |
443 | | { 3, "searchRequest" }, |
444 | | { 4, "searchResEntry" }, |
445 | | { 5, "searchResDone" }, |
446 | | { 6, "searchResRef" }, |
447 | | { 7, "modifyRequest" }, |
448 | | { 8, "modifyResponse" }, |
449 | | { 9, "addRequest" }, |
450 | | { 10, "addResponse" }, |
451 | | { 11, "delRequest" }, |
452 | | { 12, "delResponse" }, |
453 | | { 13, "modDNRequest" }, |
454 | | { 14, "modDNResponse" }, |
455 | | { 15, "compareRequest" }, |
456 | | { 16, "compareResponse" }, |
457 | | { 17, "abandonRequest" }, |
458 | | { 18, "extendedReq" }, |
459 | | { 19, "extendedResp" }, |
460 | | { 20, "intermediateResponse" }, |
461 | | { 0, NULL } |
462 | | }; |
463 | | |
464 | | /* Procedure names (used in Service Response Time */ |
465 | | const value_string ldap_procedure_names[] = { |
466 | | { 0, "Bind" }, |
467 | | { 3, "Search" }, |
468 | | { 6, "Modify" }, |
469 | | { 8, "Add" }, |
470 | | { 10, "Delete" }, |
471 | | { 12, "Modrdn" }, |
472 | | { 14, "Compare" }, |
473 | | { 23, "Extended" }, |
474 | | { 0, NULL } |
475 | | }; |
476 | | |
477 | | #define LOGON_PRIMARY_QUERY 7 |
478 | | #define LOGON_PRIMARY_RESPONSE 12 |
479 | | #define LOGON_SAM_LOGON_REQUEST 18 |
480 | 0 | #define LOGON_SAM_LOGON_RESPONSE 19 |
481 | | #define LOGON_SAM_PAUSE_RESPONSE 20 |
482 | | #define LOGON_SAM_USER_UNKNOWN 21 |
483 | 0 | #define LOGON_SAM_LOGON_RESPONSE_EX 23 |
484 | | #define LOGON_SAM_PAUSE_RESPONSE_EX 24 |
485 | | #define LOGON_SAM_USER_UNKNOWN_EX 25 |
486 | | |
487 | | static const value_string netlogon_opcode_vals[] = { |
488 | | { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" }, |
489 | | { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" }, |
490 | | { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" }, |
491 | | { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" }, |
492 | | { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" }, |
493 | | { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" }, |
494 | | { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" }, |
495 | | { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" }, |
496 | | { 0, NULL } |
497 | | }; |
498 | | |
499 | 0 | #define LDAP_NUM_PROCEDURES 24 |
500 | | |
501 | | static void |
502 | | ldapstat_init(struct register_srt* srt _U_, GArray* srt_array) |
503 | 0 | { |
504 | 0 | srt_stat_table *ldap_srt_table; |
505 | 0 | uint32_t i; |
506 | |
|
507 | 0 | ldap_srt_table = init_srt_table("LDAP Commands", NULL, srt_array, LDAP_NUM_PROCEDURES, NULL, "ldap.protocolOp", NULL); |
508 | 0 | for (i = 0; i < LDAP_NUM_PROCEDURES; i++) |
509 | 0 | { |
510 | 0 | init_srt_table_row(ldap_srt_table, i, val_to_str_const(i, ldap_procedure_names, "<unknown>")); |
511 | 0 | } |
512 | 0 | } |
513 | | |
514 | | static tap_packet_status |
515 | | ldapstat_packet(void *pldap, packet_info *pinfo, epan_dissect_t *edt _U_, const void *psi, tap_flags_t flags _U_) |
516 | 0 | { |
517 | 0 | unsigned i = 0; |
518 | 0 | srt_stat_table *ldap_srt_table; |
519 | 0 | const ldap_call_response_t *ldap=(const ldap_call_response_t *)psi; |
520 | 0 | srt_data_t *data = (srt_data_t *)pldap; |
521 | | |
522 | | /* we are only interested in reply packets */ |
523 | 0 | if(ldap->is_request){ |
524 | 0 | return TAP_PACKET_DONT_REDRAW; |
525 | 0 | } |
526 | | /* if we haven't seen the request, just ignore it */ |
527 | 0 | if(!ldap->req_frame){ |
528 | 0 | return TAP_PACKET_DONT_REDRAW; |
529 | 0 | } |
530 | | |
531 | | /* only use the commands we know how to handle */ |
532 | 0 | switch(ldap->protocolOpTag){ |
533 | 0 | case LDAP_REQ_BIND: |
534 | 0 | case LDAP_REQ_SEARCH: |
535 | 0 | case LDAP_REQ_MODIFY: |
536 | 0 | case LDAP_REQ_ADD: |
537 | 0 | case LDAP_REQ_DELETE: |
538 | 0 | case LDAP_REQ_MODRDN: |
539 | 0 | case LDAP_REQ_COMPARE: |
540 | 0 | case LDAP_REQ_EXTENDED: |
541 | 0 | break; |
542 | 0 | default: |
543 | 0 | return TAP_PACKET_DONT_REDRAW; |
544 | 0 | } |
545 | | |
546 | 0 | ldap_srt_table = g_array_index(data->srt_array, srt_stat_table*, i); |
547 | |
|
548 | 0 | add_srt_table_data(ldap_srt_table, ldap->protocolOpTag, &ldap->req_time, pinfo); |
549 | 0 | return TAP_PACKET_REDRAW; |
550 | 0 | } |
551 | | |
552 | | /* |
553 | | * Data structure attached to a conversation, giving authentication |
554 | | * information from a bind request. |
555 | | */ |
556 | | typedef struct ldap_conv_info_t { |
557 | | unsigned auth_type; /* authentication type */ |
558 | | char *auth_mech; /* authentication mechanism */ |
559 | | uint32_t first_auth_frame; /* first frame that would use a security layer */ |
560 | | wmem_map_t *unmatched; |
561 | | wmem_map_t *matched; |
562 | | bool is_mscldap; |
563 | | uint32_t num_results; |
564 | | bool start_tls_pending; |
565 | | uint32_t start_tls_frame; |
566 | | } ldap_conv_info_t; |
567 | | |
568 | | static unsigned |
569 | | ldap_info_hash_matched(const void *k) |
570 | 4 | { |
571 | 4 | const ldap_call_response_t *key = (const ldap_call_response_t *)k; |
572 | | |
573 | 4 | return key->messageId; |
574 | 4 | } |
575 | | |
576 | | static int |
577 | | ldap_info_equal_matched(const void *k1, const void *k2) |
578 | 3 | { |
579 | 3 | const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1; |
580 | 3 | const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2; |
581 | | |
582 | 3 | if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){ |
583 | 3 | return 0; |
584 | 3 | } |
585 | | /* a response may span multiple frames |
586 | | if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){ |
587 | | return 0; |
588 | | } |
589 | | */ |
590 | | |
591 | 0 | return key1->messageId==key2->messageId; |
592 | 3 | } |
593 | | |
594 | | static unsigned |
595 | | ldap_info_hash_unmatched(const void *k) |
596 | 38 | { |
597 | 38 | const ldap_call_response_t *key = (const ldap_call_response_t*)k; |
598 | | |
599 | 38 | return key->messageId; |
600 | 38 | } |
601 | | |
602 | | static int |
603 | | ldap_info_equal_unmatched(const void *k1, const void *k2) |
604 | 22 | { |
605 | 22 | const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1; |
606 | 22 | const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2; |
607 | | |
608 | 22 | return key1->messageId==key2->messageId; |
609 | 22 | } |
610 | | |
611 | | |
612 | | /* These are the NtVer flags from MS-ADTS section 6.3.1.1 |
613 | | * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts |
614 | | */ |
615 | | |
616 | | static const true_false_string tfs_ntver_v1 = { |
617 | | "Client requested version 1 netlogon response", |
618 | | "Version 1 netlogon response not requested" |
619 | | }; |
620 | | |
621 | | static const true_false_string tfs_ntver_v5 = { |
622 | | "Client requested version 5 netlogon response", |
623 | | "Version 5 netlogon response not requested" |
624 | | }; |
625 | | static const true_false_string tfs_ntver_v5ex = { |
626 | | "Client requested version 5 extended netlogon response", |
627 | | "Version 5 extended response not requested" |
628 | | }; |
629 | | static const true_false_string tfs_ntver_v5ep = { |
630 | | "Client has requested IP address of the server", |
631 | | "IP address of server not requested" |
632 | | }; |
633 | | static const true_false_string tfs_ntver_vcs = { |
634 | | "Client has asked for the closest site information", |
635 | | "Closest site information not requested" |
636 | | }; |
637 | | static const true_false_string tfs_ntver_vnt4 = { |
638 | | "Client is requesting server to avoid NT4 emulation", |
639 | | "Only full AD DS requested" |
640 | | }; |
641 | | static const true_false_string tfs_ntver_vpdc = { |
642 | | "Client has requested the Primary Domain Controller", |
643 | | "Primary Domain Controller not requested" |
644 | | }; |
645 | | static const true_false_string tfs_ntver_vip = { |
646 | | "Client has requested IP details (obsolete)", |
647 | | "IP details not requested (obsolete)" |
648 | | }; |
649 | | static const true_false_string tfs_ntver_vl = { |
650 | | "Client indicated that it is the local machine", |
651 | | "Client is not the local machine" |
652 | | };static const true_false_string tfs_ntver_vgc = { |
653 | | "Client has requested a Global Catalog server", |
654 | | "Global Catalog not requested" |
655 | | }; |
656 | | |
657 | | /* Stuff for generation/handling of fields for custom AttributeValues */ |
658 | | typedef struct _attribute_type_t { |
659 | | char* attribute_type; |
660 | | char* attribute_desc; |
661 | | } attribute_type_t; |
662 | | |
663 | | static attribute_type_t* attribute_types; |
664 | | static unsigned num_attribute_types; |
665 | | |
666 | | static GHashTable* attribute_types_hash; |
667 | | static hf_register_info* dynamic_hf; |
668 | | static unsigned dynamic_hf_size; |
669 | | |
670 | | static bool |
671 | | attribute_types_update_cb(void *r, char **err) |
672 | 0 | { |
673 | 0 | attribute_type_t *rec = (attribute_type_t *)r; |
674 | 0 | char c; |
675 | |
|
676 | 0 | if (rec->attribute_type == NULL) { |
677 | 0 | *err = g_strdup("Attribute type can't be empty"); |
678 | 0 | return false; |
679 | 0 | } |
680 | | |
681 | 0 | g_strstrip(rec->attribute_type); |
682 | 0 | if (rec->attribute_type[0] == 0) { |
683 | 0 | *err = g_strdup("Attribute type can't be empty"); |
684 | 0 | return false; |
685 | 0 | } |
686 | | |
687 | | /* Check for invalid characters (to avoid asserting out when |
688 | | * registering the field). |
689 | | */ |
690 | 0 | c = proto_check_field_name(rec->attribute_type); |
691 | 0 | if (c) { |
692 | 0 | *err = ws_strdup_printf("Attribute type can't contain '%c'", c); |
693 | 0 | return false; |
694 | 0 | } |
695 | | |
696 | 0 | *err = NULL; |
697 | 0 | return true; |
698 | 0 | } |
699 | | |
700 | | static void * |
701 | | attribute_types_copy_cb(void* n, const void* o, size_t siz _U_) |
702 | 0 | { |
703 | 0 | attribute_type_t* new_rec = (attribute_type_t*)n; |
704 | 0 | const attribute_type_t* old_rec = (const attribute_type_t*)o; |
705 | |
|
706 | 0 | new_rec->attribute_type = g_strdup(old_rec->attribute_type); |
707 | 0 | new_rec->attribute_desc = g_strdup(old_rec->attribute_desc); |
708 | |
|
709 | 0 | return new_rec; |
710 | 0 | } |
711 | | |
712 | | static void |
713 | | attribute_types_free_cb(void*r) |
714 | 0 | { |
715 | 0 | attribute_type_t* rec = (attribute_type_t*)r; |
716 | |
|
717 | 0 | g_free(rec->attribute_type); |
718 | 0 | g_free(rec->attribute_desc); |
719 | 0 | } |
720 | | |
721 | | UAT_CSTRING_CB_DEF(attribute_types, attribute_type, attribute_type_t) |
722 | | UAT_CSTRING_CB_DEF(attribute_types, attribute_desc, attribute_type_t) |
723 | | |
724 | | /* |
725 | | * |
726 | | */ |
727 | | static int* |
728 | | get_hf_for_header(char* attribute_type) |
729 | 0 | { |
730 | 0 | int* hf_id = NULL; |
731 | |
|
732 | 0 | if (attribute_types_hash) { |
733 | 0 | hf_id = (int*) g_hash_table_lookup(attribute_types_hash, attribute_type); |
734 | 0 | } else { |
735 | 0 | hf_id = NULL; |
736 | 0 | } |
737 | |
|
738 | 0 | return hf_id; |
739 | 0 | } |
740 | | |
741 | | /* |
742 | | * |
743 | | */ |
744 | | static void |
745 | | deregister_attribute_types(void) |
746 | 14 | { |
747 | 14 | if (dynamic_hf) { |
748 | | /* Deregister all fields */ |
749 | 0 | for (unsigned i = 0; i < dynamic_hf_size; i++) { |
750 | 0 | proto_deregister_field (proto_ldap, *(dynamic_hf[i].p_id)); |
751 | 0 | g_free (dynamic_hf[i].p_id); |
752 | 0 | } |
753 | |
|
754 | 0 | proto_add_deregistered_data (dynamic_hf); |
755 | 0 | dynamic_hf = NULL; |
756 | 0 | dynamic_hf_size = 0; |
757 | 0 | } |
758 | | |
759 | 14 | if (attribute_types_hash) { |
760 | 0 | g_hash_table_destroy (attribute_types_hash); |
761 | 0 | attribute_types_hash = NULL; |
762 | 0 | } |
763 | 14 | } |
764 | | |
765 | | static void |
766 | | attribute_types_post_update_cb(void) |
767 | 14 | { |
768 | 14 | int* hf_id; |
769 | 14 | char* attribute_type; |
770 | | |
771 | 14 | deregister_attribute_types(); |
772 | | |
773 | 14 | if (num_attribute_types) { |
774 | 0 | attribute_types_hash = g_hash_table_new(g_str_hash, g_str_equal); |
775 | 0 | dynamic_hf = g_new0(hf_register_info,num_attribute_types); |
776 | 0 | dynamic_hf_size = num_attribute_types; |
777 | |
|
778 | 0 | for (unsigned i = 0; i < dynamic_hf_size; i++) { |
779 | 0 | hf_id = g_new(int,1); |
780 | 0 | *hf_id = -1; |
781 | 0 | attribute_type = g_strdup(attribute_types[i].attribute_type); |
782 | |
|
783 | 0 | dynamic_hf[i].p_id = hf_id; |
784 | 0 | dynamic_hf[i].hfinfo.name = attribute_type; |
785 | 0 | dynamic_hf[i].hfinfo.abbrev = ws_strdup_printf("ldap.AttributeValue.%s", attribute_type); |
786 | 0 | dynamic_hf[i].hfinfo.type = FT_STRING; |
787 | 0 | dynamic_hf[i].hfinfo.display = BASE_NONE; |
788 | 0 | dynamic_hf[i].hfinfo.strings = NULL; |
789 | 0 | dynamic_hf[i].hfinfo.bitmask = 0; |
790 | 0 | dynamic_hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc); |
791 | 0 | HFILL_INIT(dynamic_hf[i]); |
792 | |
|
793 | 0 | g_hash_table_insert(attribute_types_hash, attribute_type, hf_id); |
794 | 0 | } |
795 | |
|
796 | 0 | proto_register_field_array(proto_ldap, dynamic_hf, dynamic_hf_size); |
797 | 0 | } |
798 | 14 | } |
799 | | |
800 | | static void |
801 | | attribute_types_reset_cb(void) |
802 | 0 | { |
803 | 0 | deregister_attribute_types(); |
804 | 0 | } |
805 | | |
806 | | /* MS-ADTS specification, section 6.3.1.1, NETLOGON_NT_VERSION Options Bits */ |
807 | | static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset) |
808 | 0 | { |
809 | 0 | static int * const flags[] = { |
810 | 0 | &hf_mscldap_ntver_flags_v1, |
811 | 0 | &hf_mscldap_ntver_flags_v5, |
812 | 0 | &hf_mscldap_ntver_flags_v5ex, |
813 | 0 | &hf_mscldap_ntver_flags_v5ep, |
814 | 0 | &hf_mscldap_ntver_flags_vcs, |
815 | 0 | &hf_mscldap_ntver_flags_vnt4, |
816 | 0 | &hf_mscldap_ntver_flags_vpdc, |
817 | 0 | &hf_mscldap_ntver_flags_vip, |
818 | 0 | &hf_mscldap_ntver_flags_vl, |
819 | 0 | &hf_mscldap_ntver_flags_vgc, |
820 | 0 | NULL |
821 | 0 | }; |
822 | |
|
823 | 0 | proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_ntver_flags, |
824 | 0 | ett_mscldap_ntver_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE); |
825 | 0 | offset += 4; |
826 | |
|
827 | 0 | return offset; |
828 | 0 | } |
829 | | |
830 | | /* This string contains the last LDAPString that was decoded */ |
831 | | static const char *attributedesc_string; |
832 | | |
833 | | /* This string contains the last AssertionValue that was decoded */ |
834 | | static char *ldapvalue_string; |
835 | | |
836 | | /* if the octet string contain all printable ASCII characters, then |
837 | | * display it as a string, othervise just display it in hex. |
838 | | */ |
839 | | static unsigned |
840 | | dissect_ldap_AssertionValue(bool implicit_tag, tvbuff_t *tvb, unsigned offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index) |
841 | 0 | { |
842 | 0 | int8_t ber_class; |
843 | 0 | bool pc, ind, is_ascii; |
844 | 0 | int32_t tag; |
845 | 0 | uint32_t len; |
846 | |
|
847 | 0 | if(!implicit_tag){ |
848 | 0 | offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); |
849 | 0 | offset=get_ber_length(tvb, offset, &len, &ind); |
850 | 0 | } else { |
851 | 0 | len=tvb_reported_length_remaining(tvb,offset); |
852 | 0 | } |
853 | |
|
854 | 0 | if(len==0){ |
855 | 0 | return offset; |
856 | 0 | } |
857 | | |
858 | | |
859 | | /* |
860 | | * Some special/wellknown attributes in common LDAP (read AD) |
861 | | * are neither ascii strings nor blobs of hex data. |
862 | | * Special case these attributes and decode them more nicely. |
863 | | * |
864 | | * Add more special cases as required to prettify further |
865 | | * (there can't be that many ones that are truly interesting) |
866 | | */ |
867 | 0 | if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){ |
868 | 0 | tvbuff_t *sid_tvb; |
869 | 0 | char *tmpstr; |
870 | | |
871 | | /* this octet string contains an NT SID */ |
872 | 0 | sid_tvb=tvb_new_subset_length(tvb, offset, len); |
873 | 0 | dissect_nt_sid(sid_tvb, actx->pinfo, 0, tree, "SID", &tmpstr, hf_index); |
874 | 0 | ldapvalue_string=tmpstr; |
875 | |
|
876 | 0 | goto finished; |
877 | 0 | } else if ( (len==16) /* GUIDs are always 16 bytes */ |
878 | 0 | && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) { |
879 | 0 | uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ |
880 | 0 | e_guid_t uuid; |
881 | | |
882 | | /* This octet string contained a GUID */ |
883 | 0 | dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid); |
884 | |
|
885 | 0 | ldapvalue_string=(char*)wmem_alloc(actx->pinfo->pool, 1024); |
886 | 0 | snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", |
887 | 0 | uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1], |
888 | 0 | uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5], |
889 | 0 | uuid.data4[6], uuid.data4[7]); |
890 | |
|
891 | 0 | goto finished; |
892 | 0 | } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){ |
893 | 0 | uint32_t flags; |
894 | |
|
895 | 0 | len = 0; |
896 | | /* get flag value to populate ldapvalue_string */ |
897 | 0 | flags=tvb_get_letohl(tvb, offset); |
898 | |
|
899 | 0 | ldapvalue_string=(char*)wmem_alloc(actx->pinfo->pool, 1024); |
900 | 0 | snprintf(ldapvalue_string, 1023, "0x%08x",flags); |
901 | | |
902 | | /* populate bitmask subtree */ |
903 | 0 | offset = dissect_mscldap_ntver_flags(tree, tvb, offset); |
904 | |
|
905 | 0 | goto finished; |
906 | | |
907 | |
|
908 | 0 | } |
909 | | |
910 | | /* |
911 | | * It was not one of our "wellknown" attributes so make the best |
912 | | * we can and just try to see if it is an ascii string or if it |
913 | | * is a binary blob. |
914 | | * |
915 | | * XXX - should we support reading RFC 2252-style schemas |
916 | | * for LDAP, and using that to determine how to display |
917 | | * attribute values and assertion values? |
918 | | * |
919 | | * -- I don't think there are full schemas available that describe the |
920 | | * interesting cases i.e. AD -- ronnie |
921 | | */ |
922 | 0 | is_ascii=tvb_ascii_isprint(tvb, offset, len); |
923 | | |
924 | | /* convert the string into a printable string */ |
925 | 0 | if(is_ascii){ |
926 | 0 | ldapvalue_string= (char*)tvb_get_string_enc(actx->pinfo->pool, tvb, offset, len, ENC_UTF_8|ENC_NA); |
927 | 0 | } else { |
928 | 0 | ldapvalue_string= tvb_bytes_to_str_punct(actx->pinfo->pool, tvb, offset, len, ':'); |
929 | 0 | } |
930 | |
|
931 | 0 | proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string); |
932 | | |
933 | |
|
934 | 0 | finished: |
935 | 0 | offset+=len; |
936 | 0 | return offset; |
937 | 0 | } |
938 | | |
939 | | /* This string contains the last Filter item that was decoded */ |
940 | | static const char *Filter_string; |
941 | | static const char *and_filter_string; |
942 | | static const char *or_filter_string; |
943 | | static const char *substring_value; |
944 | | static const char *substring_item_init; |
945 | | static const char *substring_item_any; |
946 | | static const char *substring_item_final; |
947 | | static const char *matching_rule_string; |
948 | | static bool matching_rule_dnattr=false; |
949 | | |
950 | 21 | #define MAX_FILTER_LEN 4096 |
951 | | static int Filter_length; |
952 | | |
953 | 21 | #define MAX_FILTER_ELEMENTS 200 |
954 | | static int Filter_elements; |
955 | | |
956 | | /* Global variables */ |
957 | | static unsigned MessageID; |
958 | | static int ProtocolOp = -1; |
959 | | static proto_item *ldm_tree; /* item to add text to */ |
960 | | |
961 | | static void ldap_do_protocolop(packet_info *pinfo) |
962 | 41 | { |
963 | 41 | const char* valstr; |
964 | | |
965 | 41 | if (do_protocolop) { |
966 | | |
967 | 39 | valstr = val_to_str(pinfo->pool, ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%u)"); |
968 | | |
969 | 39 | col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID); |
970 | | |
971 | 39 | if(ldm_tree) |
972 | 4 | proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID); |
973 | | |
974 | 39 | do_protocolop = false; |
975 | | |
976 | 39 | } |
977 | 41 | } |
978 | | |
979 | | static ldap_call_response_t * |
980 | | ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, unsigned messageId, unsigned protocolOpTag, ldap_conv_info_t *ldap_info) |
981 | 27 | { |
982 | 27 | ldap_call_response_t lcr, *lcrp=NULL; |
983 | | |
984 | | /* first see if we have already matched this */ |
985 | | |
986 | 27 | lcr.messageId=messageId; |
987 | 27 | switch(protocolOpTag){ |
988 | 0 | case LDAP_REQ_BIND: |
989 | 1 | case LDAP_REQ_SEARCH: |
990 | 1 | case LDAP_REQ_MODIFY: |
991 | 1 | case LDAP_REQ_ADD: |
992 | 14 | case LDAP_REQ_DELETE: |
993 | 14 | case LDAP_REQ_MODRDN: |
994 | 15 | case LDAP_REQ_COMPARE: |
995 | 15 | case LDAP_REQ_EXTENDED: |
996 | 15 | lcr.is_request=true; |
997 | 15 | lcr.req_frame=pinfo->num; |
998 | 15 | lcr.rep_frame=0; |
999 | 15 | break; |
1000 | 0 | case LDAP_RES_BIND: |
1001 | 1 | case LDAP_RES_SEARCH_ENTRY: |
1002 | 3 | case LDAP_RES_SEARCH_REF: |
1003 | 4 | case LDAP_RES_SEARCH_RESULT: |
1004 | 6 | case LDAP_RES_MODIFY: |
1005 | 7 | case LDAP_RES_ADD: |
1006 | 9 | case LDAP_RES_DELETE: |
1007 | 9 | case LDAP_RES_MODRDN: |
1008 | 9 | case LDAP_RES_COMPARE: |
1009 | 9 | case LDAP_RES_EXTENDED: |
1010 | 11 | case LDAP_RES_INTERMEDIATE: |
1011 | 11 | lcr.is_request=false; |
1012 | 11 | lcr.req_frame=0; |
1013 | 11 | lcr.rep_frame=pinfo->num; |
1014 | 11 | break; |
1015 | 1 | default: |
1016 | 1 | return NULL; |
1017 | 27 | } |
1018 | 26 | lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->matched, &lcr); |
1019 | | |
1020 | 26 | if(lcrp){ |
1021 | |
|
1022 | 0 | lcrp->is_request=lcr.is_request; |
1023 | |
|
1024 | 26 | } else { |
1025 | | |
1026 | | /* we haven't found a match - try and match it up */ |
1027 | | |
1028 | 26 | switch(protocolOpTag){ |
1029 | 0 | case LDAP_REQ_BIND: |
1030 | 1 | case LDAP_REQ_SEARCH: |
1031 | 1 | case LDAP_REQ_MODIFY: |
1032 | 1 | case LDAP_REQ_ADD: |
1033 | 14 | case LDAP_REQ_DELETE: |
1034 | 14 | case LDAP_REQ_MODRDN: |
1035 | 15 | case LDAP_REQ_COMPARE: |
1036 | 15 | case LDAP_REQ_EXTENDED: |
1037 | | |
1038 | | /* this is a request - add it to the unmatched list */ |
1039 | | |
1040 | | /* check that we don't already have one of those in the |
1041 | | unmatched list and if so remove it */ |
1042 | | |
1043 | 15 | lcr.messageId=messageId; |
1044 | 15 | lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr); |
1045 | 15 | if(lcrp){ |
1046 | 10 | wmem_map_remove(ldap_info->unmatched, lcrp); |
1047 | 10 | } |
1048 | | /* if we can't reuse the old one, grab a new chunk */ |
1049 | 15 | if(!lcrp){ |
1050 | 5 | lcrp=wmem_new0(wmem_file_scope(), ldap_call_response_t); |
1051 | 5 | } |
1052 | 15 | lcrp->messageId=messageId; |
1053 | 15 | lcrp->req_frame=pinfo->num; |
1054 | 15 | lcrp->req_time=pinfo->abs_ts; |
1055 | 15 | lcrp->rep_frame=0; |
1056 | 15 | lcrp->protocolOpTag=protocolOpTag; |
1057 | 15 | lcrp->is_request=true; |
1058 | 15 | wmem_map_insert(ldap_info->unmatched, lcrp, lcrp); |
1059 | 15 | return NULL; |
1060 | 0 | case LDAP_RES_BIND: |
1061 | 1 | case LDAP_RES_SEARCH_ENTRY: |
1062 | 3 | case LDAP_RES_SEARCH_REF: |
1063 | 4 | case LDAP_RES_SEARCH_RESULT: |
1064 | 6 | case LDAP_RES_MODIFY: |
1065 | 7 | case LDAP_RES_ADD: |
1066 | 9 | case LDAP_RES_DELETE: |
1067 | 9 | case LDAP_RES_MODRDN: |
1068 | 9 | case LDAP_RES_COMPARE: |
1069 | 9 | case LDAP_RES_EXTENDED: |
1070 | 11 | case LDAP_RES_INTERMEDIATE: |
1071 | | |
1072 | | /* this is a result - it should be in our unmatched list */ |
1073 | | |
1074 | 11 | lcr.messageId=messageId; |
1075 | 11 | lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr); |
1076 | | |
1077 | 11 | if(lcrp){ |
1078 | | |
1079 | 1 | if(!lcrp->rep_frame){ |
1080 | 1 | wmem_map_remove(ldap_info->unmatched, lcrp); |
1081 | 1 | lcrp->rep_frame=pinfo->num; |
1082 | 1 | lcrp->is_request=false; |
1083 | 1 | wmem_map_insert(ldap_info->matched, lcrp, lcrp); |
1084 | 1 | } |
1085 | 1 | } |
1086 | | |
1087 | 11 | break; |
1088 | 26 | } |
1089 | | |
1090 | 26 | } |
1091 | | /* we have found a match */ |
1092 | | |
1093 | 11 | if(lcrp){ |
1094 | 1 | proto_item *it; |
1095 | | |
1096 | 1 | if(lcrp->is_request){ |
1097 | 0 | it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame); |
1098 | 0 | proto_item_set_generated(it); |
1099 | 1 | } else { |
1100 | 1 | nstime_t ns; |
1101 | 1 | it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame); |
1102 | 1 | proto_item_set_generated(it); |
1103 | 1 | nstime_delta(&ns, &pinfo->abs_ts, &lcrp->req_time); |
1104 | 1 | it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns); |
1105 | 1 | proto_item_set_generated(it); |
1106 | 1 | } |
1107 | 1 | } |
1108 | | |
1109 | 11 | return lcrp; |
1110 | 26 | } |
1111 | | |
1112 | | /*--- Cyclic dependencies ---*/ |
1113 | | |
1114 | | /* Filter -> Filter/and -> Filter/and/_item -> Filter */ |
1115 | | /* Filter -> Filter/or -> Filter/or/_item -> Filter */ |
1116 | | /* Filter -> Filter/not -> Filter */ |
1117 | | static unsigned dissect_ldap_Filter(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); |
1118 | | |
1119 | | |
1120 | | |
1121 | | |
1122 | | static unsigned |
1123 | 10 | dissect_ldap_MessageID(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1124 | | |
1125 | 10 | offset = dissect_ber_constrained_integer(implicit_tag, actx, tree, tvb, offset, |
1126 | 10 | 0U, maxInt, hf_index, &MessageID); |
1127 | | |
1128 | | |
1129 | 10 | ldm_tree = tree; |
1130 | | |
1131 | | |
1132 | 10 | return offset; |
1133 | 10 | } |
1134 | | |
1135 | | |
1136 | | |
1137 | | static unsigned |
1138 | 0 | dissect_ldap_INTEGER_1_127(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1139 | 0 | offset = dissect_ber_constrained_integer(implicit_tag, actx, tree, tvb, offset, |
1140 | 0 | 1U, 127U, hf_index, NULL); |
1141 | |
|
1142 | 0 | return offset; |
1143 | 0 | } |
1144 | | |
1145 | | |
1146 | | |
1147 | | static unsigned |
1148 | 44 | dissect_ldap_LDAPString(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1149 | 44 | tvbuff_t *parameter_tvb = NULL; |
1150 | 44 | const char *ldapstring = NULL; |
1151 | 44 | char *sc = NULL; /* semi-colon pointer */ |
1152 | | |
1153 | 44 | offset = dissect_ber_octet_string_with_encoding(implicit_tag, actx, tree, tvb, offset, hf_index, |
1154 | 44 | ¶meter_tvb, ENC_UTF_8|ENC_NA); |
1155 | | |
1156 | 44 | if (parameter_tvb || (hf_index == hf_ldap_baseObject)) { |
1157 | | |
1158 | 25 | ldap_do_protocolop(actx->pinfo); |
1159 | | |
1160 | 25 | if(parameter_tvb) |
1161 | 21 | ldapstring = (char*)tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA); |
1162 | | |
1163 | 25 | if(hf_index == hf_ldap_baseObject) { |
1164 | | /* this is search - put it on the scanline */ |
1165 | 8 | if(!ldapstring || !*ldapstring) |
1166 | 4 | ldapstring = "<ROOT>"; |
1167 | | |
1168 | 8 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring); |
1169 | | |
1170 | 8 | if(ldm_tree) |
1171 | 0 | proto_item_append_text(ldm_tree, " \"%s\"", ldapstring); |
1172 | | |
1173 | | |
1174 | 8 | if(!parameter_tvb) { |
1175 | | |
1176 | 4 | proto_item_append_text(actx->created_item, " (%s)", ldapstring); |
1177 | 4 | } |
1178 | | |
1179 | 17 | } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */ |
1180 | 1 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", ldapstring); |
1181 | | |
1182 | 1 | if(ldm_tree) |
1183 | 0 | proto_item_append_text(ldm_tree, " (%s)", ldapstring); |
1184 | | |
1185 | 16 | } else if ((hf_index == hf_ldap_objectName) || |
1186 | 16 | (hf_index == hf_ldap_name) || |
1187 | 16 | (hf_index == hf_ldap_entry) || |
1188 | 16 | (hf_index == hf_ldap_object) || |
1189 | 16 | (hf_index == hf_ldap_delRequest) ) { |
1190 | | |
1191 | 13 | if(!ldapstring || !*ldapstring) |
1192 | 9 | ldapstring = "<ROOT>"; |
1193 | | |
1194 | 13 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring); |
1195 | | |
1196 | 13 | if(ldm_tree) |
1197 | 0 | proto_item_append_text(ldm_tree, " \"%s\"", ldapstring); |
1198 | 13 | } else if (hf_index == hf_ldap_attributeDesc){ |
1199 | | /* remember the attribute description */ |
1200 | 0 | attributedesc_string=ldapstring; |
1201 | 3 | } else if (hf_index == hf_ldap_initial){ |
1202 | | /* remember the substring item */ |
1203 | 0 | substring_item_init=ldapstring; |
1204 | 3 | } else if (hf_index == hf_ldap_any){ |
1205 | | /* remember the substring item */ |
1206 | 0 | substring_item_any=ldapstring; |
1207 | 3 | } else if (hf_index == hf_ldap_final){ |
1208 | | /* remember the substring item */ |
1209 | 0 | substring_item_final=ldapstring; |
1210 | 3 | } else if (hf_index == hf_ldap_matchingRule){ |
1211 | | /* remember the matching rule */ |
1212 | 0 | matching_rule_string=ldapstring; |
1213 | 3 | } else if (hf_index == hf_ldap_present){ |
1214 | | /* remember the present name */ |
1215 | 0 | Filter_string=ldapstring; |
1216 | 3 | } else if (hf_index == hf_ldap_type) { |
1217 | | /* remember attribute type name */ |
1218 | 0 | attr_type = wmem_strdup(actx->pinfo->pool, ldapstring); |
1219 | | |
1220 | | /* append it to the parent entry */ |
1221 | 0 | proto_item_append_text(tree, " %s", attr_type); |
1222 | | |
1223 | | /* remove the ";binary" component if present */ |
1224 | 0 | if((sc = strchr(attr_type, ';')) != NULL) { |
1225 | 0 | if(!strcmp(sc, ";binary")) { |
1226 | 0 | *sc = '\0'; /* terminate the string */ |
1227 | 0 | is_binary_attr_type = true; |
1228 | 0 | } |
1229 | 0 | } else { |
1230 | 0 | is_binary_attr_type = false; |
1231 | 0 | } |
1232 | 0 | } |
1233 | | |
1234 | 25 | } |
1235 | | |
1236 | | |
1237 | 44 | return offset; |
1238 | 44 | } |
1239 | | |
1240 | | |
1241 | | |
1242 | | static unsigned |
1243 | 42 | dissect_ldap_LDAPDN(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1244 | 42 | offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); |
1245 | | |
1246 | 42 | return offset; |
1247 | 42 | } |
1248 | | |
1249 | | |
1250 | | |
1251 | | static unsigned |
1252 | 0 | dissect_ldap_Simple(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1253 | 0 | ldap_conv_info_t *ldap_info; |
1254 | |
|
1255 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
1256 | 0 | NULL); |
1257 | | |
1258 | |
|
1259 | 0 | ldap_info = (ldap_conv_info_t *)actx->private_data; |
1260 | 0 | ldap_info->auth_type = LDAP_AUTH_SIMPLE; |
1261 | | |
1262 | |
|
1263 | 0 | return offset; |
1264 | 0 | } |
1265 | | |
1266 | | |
1267 | | |
1268 | | static unsigned |
1269 | 0 | dissect_ldap_Mechanism(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1270 | |
|
1271 | 0 | ldap_conv_info_t *ldap_info; |
1272 | 0 | tvbuff_t *parameter_tvb; |
1273 | 0 | char *mechanism = NULL; |
1274 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
1275 | 0 | ¶meter_tvb); |
1276 | |
|
1277 | 0 | ldap_info = (ldap_conv_info_t *)actx->private_data; |
1278 | 0 | ldap_info->auth_type = LDAP_AUTH_SASL; |
1279 | |
|
1280 | 0 | if (!parameter_tvb) |
1281 | 0 | return offset; |
1282 | | |
1283 | | /* |
1284 | | * We need to remember the authentication type and mechanism for this |
1285 | | * conversation. |
1286 | | * |
1287 | | * XXX - actually, we might need to remember more than one |
1288 | | * type and mechanism, if you can unbind and rebind with a |
1289 | | * different type and/or mechanism. |
1290 | | */ |
1291 | 0 | if(!actx->pinfo->fd->visited) { |
1292 | 0 | mechanism = (char*)tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA); |
1293 | 0 | ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */ |
1294 | | /* |
1295 | | * If the mechanism in this request is an empty string (which is |
1296 | | * returned as a null pointer), use the saved mechanism instead. |
1297 | | * Otherwise, if the saved mechanism is an empty string (null), |
1298 | | * save this mechanism. |
1299 | | */ |
1300 | 0 | if (mechanism != NULL) { |
1301 | 0 | wmem_free(wmem_file_scope(), ldap_info->auth_mech); |
1302 | 0 | ldap_info->auth_mech = mechanism; |
1303 | 0 | } |
1304 | 0 | } |
1305 | |
|
1306 | 0 | return offset; |
1307 | 0 | } |
1308 | | |
1309 | | |
1310 | | |
1311 | | static unsigned |
1312 | 0 | dissect_ldap_Credentials(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1313 | |
|
1314 | 0 | tvbuff_t *parameter_tvb; |
1315 | 0 | ldap_conv_info_t *ldap_info; |
1316 | 0 | int8_t ber_class; |
1317 | 0 | bool pc; |
1318 | 0 | int32_t tag; |
1319 | |
|
1320 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
1321 | 0 | ¶meter_tvb); |
1322 | | |
1323 | |
|
1324 | 0 | if (!parameter_tvb) |
1325 | 0 | return offset; |
1326 | | |
1327 | 0 | ldap_info = (ldap_conv_info_t *)actx->private_data; |
1328 | 0 | get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag); |
1329 | | |
1330 | | /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/ |
1331 | 0 | if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) { |
1332 | | /* |
1333 | | * This is a GSS-API token ancapsulated within GSS-SPNEGO. |
1334 | | * We need to check the first byte to check whether the blob |
1335 | | * contains SPNEGO or GSSAPI. |
1336 | | * All SPNEGO PDUs are of class CONSTRUCTED while |
1337 | | * GSS PDUs are class APPLICATION |
1338 | | */ |
1339 | 0 | if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) |
1340 | 0 | call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); |
1341 | 0 | } |
1342 | | /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/ |
1343 | 0 | if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) { |
1344 | | /* |
1345 | | * This is a raw GSS-API token. |
1346 | | */ |
1347 | 0 | if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) { |
1348 | 0 | call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); |
1349 | 0 | } |
1350 | 0 | } |
1351 | | /* Restore private data */ |
1352 | 0 | actx->private_data = ldap_info; |
1353 | | |
1354 | | |
1355 | |
|
1356 | 0 | return offset; |
1357 | 0 | } |
1358 | | |
1359 | | |
1360 | | static const ber_sequence_t SaslCredentials_sequence[] = { |
1361 | | { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism }, |
1362 | | { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials }, |
1363 | | { NULL, 0, 0, 0, NULL } |
1364 | | }; |
1365 | | |
1366 | | static unsigned |
1367 | 0 | dissect_ldap_SaslCredentials(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1368 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
1369 | 0 | SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials); |
1370 | |
|
1371 | 0 | return offset; |
1372 | 0 | } |
1373 | | |
1374 | | |
1375 | | |
1376 | | static unsigned |
1377 | 0 | dissect_ldap_T_ntlmsspNegotiate(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1378 | | /* make sure the protocol op comes first */ |
1379 | 0 | ldap_do_protocolop(actx->pinfo); |
1380 | |
|
1381 | 0 | call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree); |
1382 | 0 | offset+=tvb_reported_length_remaining(tvb, offset); |
1383 | | |
1384 | |
|
1385 | 0 | return offset; |
1386 | 0 | } |
1387 | | |
1388 | | |
1389 | | |
1390 | | static unsigned |
1391 | 0 | dissect_ldap_T_ntlmsspAuth(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1392 | | /* make sure the protocol op comes first */ |
1393 | 0 | ldap_do_protocolop(actx->pinfo); |
1394 | |
|
1395 | 0 | call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree); |
1396 | 0 | offset+=tvb_reported_length_remaining(tvb, offset); |
1397 | | |
1398 | |
|
1399 | 0 | return offset; |
1400 | 0 | } |
1401 | | |
1402 | | |
1403 | | static const value_string ldap_AuthenticationChoice_vals[] = { |
1404 | | { 0, "simple" }, |
1405 | | { 3, "sasl" }, |
1406 | | { 10, "ntlmsspNegotiate" }, |
1407 | | { 11, "ntlmsspAuth" }, |
1408 | | { 0, NULL } |
1409 | | }; |
1410 | | |
1411 | | static const ber_choice_t AuthenticationChoice_choice[] = { |
1412 | | { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple }, |
1413 | | { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials }, |
1414 | | { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate }, |
1415 | | { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth }, |
1416 | | { 0, NULL, 0, 0, 0, NULL } |
1417 | | }; |
1418 | | |
1419 | | static unsigned |
1420 | 1 | dissect_ldap_AuthenticationChoice(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1421 | 1 | int branch = -1; |
1422 | 1 | int auth = -1; |
1423 | 1 | const char *valstr; |
1424 | | |
1425 | 1 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
1426 | 1 | AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice, |
1427 | 1 | &branch); |
1428 | | |
1429 | | |
1430 | 1 | ldap_do_protocolop(actx->pinfo); |
1431 | | |
1432 | 1 | if((branch > -1) && (branch < (int)array_length(AuthenticationChoice_choice))) |
1433 | 0 | auth = AuthenticationChoice_choice[branch].value; |
1434 | | |
1435 | 1 | valstr = val_to_str(actx->pinfo->pool, auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)"); |
1436 | | |
1437 | | /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */ |
1438 | 1 | if ((auth != 10) && (auth != 11)) |
1439 | 1 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); |
1440 | | |
1441 | 1 | if(ldm_tree) |
1442 | 0 | proto_item_append_text(ldm_tree, " %s", valstr); |
1443 | | |
1444 | | |
1445 | | |
1446 | 1 | return offset; |
1447 | 1 | } |
1448 | | |
1449 | | |
1450 | | static const ber_sequence_t BindRequest_U_sequence[] = { |
1451 | | { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 }, |
1452 | | { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
1453 | | { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice }, |
1454 | | { NULL, 0, 0, 0, NULL } |
1455 | | }; |
1456 | | |
1457 | | static unsigned |
1458 | 2 | dissect_ldap_BindRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1459 | 2 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
1460 | 2 | BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U); |
1461 | | |
1462 | 2 | return offset; |
1463 | 2 | } |
1464 | | |
1465 | | |
1466 | | |
1467 | | static unsigned |
1468 | 2 | dissect_ldap_BindRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1469 | 2 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
1470 | 2 | hf_index, BER_CLASS_APP, 0, true, dissect_ldap_BindRequest_U); |
1471 | | |
1472 | 2 | return offset; |
1473 | 2 | } |
1474 | | |
1475 | | |
1476 | | static const value_string ldap_BindResponse_resultCode_vals[] = { |
1477 | | { 0, "success" }, |
1478 | | { 1, "operationsError" }, |
1479 | | { 2, "protocolError" }, |
1480 | | { 3, "timeLimitExceeded" }, |
1481 | | { 4, "sizeLimitExceeded" }, |
1482 | | { 5, "compareFalse" }, |
1483 | | { 6, "compareTrue" }, |
1484 | | { 7, "authMethodNotSupported" }, |
1485 | | { 8, "strongAuthRequired" }, |
1486 | | { 10, "referral" }, |
1487 | | { 11, "adminLimitExceeded" }, |
1488 | | { 12, "unavailableCriticalExtension" }, |
1489 | | { 13, "confidentialityRequired" }, |
1490 | | { 14, "saslBindInProgress" }, |
1491 | | { 16, "noSuchAttribute" }, |
1492 | | { 17, "undefinedAttributeType" }, |
1493 | | { 18, "inappropriateMatching" }, |
1494 | | { 19, "constraintViolation" }, |
1495 | | { 20, "attributeOrValueExists" }, |
1496 | | { 21, "invalidAttributeSyntax" }, |
1497 | | { 32, "noSuchObject" }, |
1498 | | { 33, "aliasProblem" }, |
1499 | | { 34, "invalidDNSyntax" }, |
1500 | | { 36, "aliasDereferencingProblem" }, |
1501 | | { 48, "inappropriateAuthentication" }, |
1502 | | { 49, "invalidCredentials" }, |
1503 | | { 50, "insufficientAccessRights" }, |
1504 | | { 51, "busy" }, |
1505 | | { 52, "unavailable" }, |
1506 | | { 53, "unwillingToPerform" }, |
1507 | | { 54, "loopDetect" }, |
1508 | | { 64, "namingViolation" }, |
1509 | | { 65, "objectClassViolation" }, |
1510 | | { 66, "notAllowedOnNonLeaf" }, |
1511 | | { 67, "notAllowedOnRDN" }, |
1512 | | { 68, "entryAlreadyExists" }, |
1513 | | { 69, "objectClassModsProhibited" }, |
1514 | | { 71, "affectsMultipleDSAs" }, |
1515 | | { 80, "other" }, |
1516 | | { 118, "canceled" }, |
1517 | | { 119, "noSuchOperation" }, |
1518 | | { 120, "tooLate" }, |
1519 | | { 121, "cannotCancel" }, |
1520 | | { 0, NULL } |
1521 | | }; |
1522 | | |
1523 | | |
1524 | | static unsigned |
1525 | 0 | dissect_ldap_BindResponse_resultCode(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1526 | |
|
1527 | 0 | const char *valstr; |
1528 | 0 | unsigned result; |
1529 | |
|
1530 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
1531 | 0 | &result); |
1532 | | |
1533 | |
|
1534 | 0 | ldap_do_protocolop(actx->pinfo); |
1535 | |
|
1536 | 0 | valstr = val_to_str(actx->pinfo->pool, result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)"); |
1537 | |
|
1538 | 0 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); |
1539 | |
|
1540 | 0 | if(ldm_tree) |
1541 | 0 | proto_item_append_text(ldm_tree, " %s", valstr); |
1542 | | |
1543 | |
|
1544 | 0 | return offset; |
1545 | 0 | } |
1546 | | |
1547 | | |
1548 | | |
1549 | | static unsigned |
1550 | 0 | dissect_ldap_T_bindResponse_matchedDN(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1551 | 0 | tvbuff_t *new_tvb=NULL; |
1552 | |
|
1553 | 0 | offset = dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb); |
1554 | |
|
1555 | 0 | if( new_tvb |
1556 | 0 | && (tvb_reported_length(new_tvb)>=7) |
1557 | 0 | && (!tvb_memeql(new_tvb, 0, (const uint8_t*)"NTLMSSP", 7))){ |
1558 | | |
1559 | | /* make sure the protocol op comes first */ |
1560 | 0 | ldap_do_protocolop(actx->pinfo); |
1561 | |
|
1562 | 0 | call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree); |
1563 | 0 | } |
1564 | | |
1565 | |
|
1566 | 0 | return offset; |
1567 | 0 | } |
1568 | | |
1569 | | |
1570 | | |
1571 | | static unsigned |
1572 | 1 | dissect_ldap_ErrorMessage(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1573 | 1 | offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); |
1574 | | |
1575 | 1 | return offset; |
1576 | 1 | } |
1577 | | |
1578 | | |
1579 | | |
1580 | | static unsigned |
1581 | 2 | dissect_ldap_LDAPURL(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1582 | 2 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
1583 | 2 | NULL); |
1584 | | |
1585 | 2 | proto_item_set_url(actx->created_item); |
1586 | | |
1587 | 2 | return offset; |
1588 | 2 | } |
1589 | | |
1590 | | |
1591 | | static const ber_sequence_t Referral_sequence_of[1] = { |
1592 | | { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL }, |
1593 | | }; |
1594 | | |
1595 | | static unsigned |
1596 | 0 | dissect_ldap_Referral(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1597 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
1598 | 0 | Referral_sequence_of, hf_index, ett_ldap_Referral); |
1599 | |
|
1600 | 0 | return offset; |
1601 | 0 | } |
1602 | | |
1603 | | |
1604 | | |
1605 | | static unsigned |
1606 | 0 | dissect_ldap_ServerSaslCreds(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1607 | |
|
1608 | 0 | tvbuff_t *parameter_tvb = NULL; |
1609 | 0 | ldap_conv_info_t *ldap_info; |
1610 | |
|
1611 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
1612 | 0 | ¶meter_tvb); |
1613 | |
|
1614 | 0 | if (!parameter_tvb) |
1615 | 0 | return offset; |
1616 | 0 | ldap_info = (ldap_conv_info_t *)actx->private_data; |
1617 | 0 | switch (ldap_info->auth_type) { |
1618 | | |
1619 | | /* For Kerberos V4, dissect it as a ticket. */ |
1620 | | /* XXX - what about LDAP_AUTH_SIMPLE? */ |
1621 | | |
1622 | 0 | case LDAP_AUTH_SASL: |
1623 | | /* |
1624 | | * All frames after this are assumed to use a security layer. |
1625 | | * |
1626 | | * XXX - won't work if there's another reply, with the security |
1627 | | * layer, starting in the same TCP segment that ends this |
1628 | | * reply, but as LDAP is a request/response protocol, and |
1629 | | * as the client probably can't start using authentication until |
1630 | | * it gets the bind reply and the server won't send a reply until |
1631 | | * it gets a request, that probably won't happen. |
1632 | | * |
1633 | | * XXX - that assumption is invalid; it's not clear where the |
1634 | | * hell you find out whether there's any security layer. In |
1635 | | * one capture, we have two GSS-SPNEGO negotiations, both of |
1636 | | * which select MS KRB5, and the only differences in the tokens |
1637 | | * is in the RC4-HMAC ciphertext. The various |
1638 | | * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply |
1639 | | * that the RFC 2222 spoo with the bitmask and maximum |
1640 | | * output message size stuff is done - but where does that |
1641 | | * stuff show up? Is it in the ciphertext, which means it's |
1642 | | * presumably encrypted? |
1643 | | * |
1644 | | * Grrr. We have to do a gross heuristic, checking whether the |
1645 | | * putative LDAP message begins with 0x00 or not, making the |
1646 | | * assumption that we won't have more than 2^24 bytes of |
1647 | | * encapsulated stuff. |
1648 | | */ |
1649 | 0 | ldap_info->first_auth_frame = actx->pinfo->num + 1; |
1650 | 0 | if (ldap_info->auth_mech != NULL && |
1651 | 0 | strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) { |
1652 | | /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP |
1653 | | * which might not be wrapped in GSS-SPNEGO but be a raw |
1654 | | * NTLMSSP blob |
1655 | | */ |
1656 | 0 | if ( (tvb_reported_length(parameter_tvb)>=7) |
1657 | 0 | && (!tvb_memeql(parameter_tvb, 0, (const uint8_t*)"NTLMSSP", 7))){ |
1658 | 0 | call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree); |
1659 | 0 | break; |
1660 | 0 | } |
1661 | | /* |
1662 | | * This is a GSS-API token. |
1663 | | */ |
1664 | 0 | if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) |
1665 | 0 | call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); |
1666 | 0 | } else if (ldap_info->auth_mech != NULL && |
1667 | 0 | strcmp(ldap_info->auth_mech, "GSSAPI") == 0) { |
1668 | | /* |
1669 | | * This is a GSS-API token. |
1670 | | */ |
1671 | 0 | if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) |
1672 | 0 | call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); |
1673 | 0 | } |
1674 | 0 | break; |
1675 | 0 | } |
1676 | 0 | actx->private_data = ldap_info; |
1677 | | |
1678 | |
|
1679 | 0 | return offset; |
1680 | 0 | } |
1681 | | |
1682 | | |
1683 | | static const ber_sequence_t BindResponse_U_sequence[] = { |
1684 | | { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode }, |
1685 | | { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN }, |
1686 | | { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage }, |
1687 | | { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral }, |
1688 | | { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds }, |
1689 | | { NULL, 0, 0, 0, NULL } |
1690 | | }; |
1691 | | |
1692 | | static unsigned |
1693 | 3 | dissect_ldap_BindResponse_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1694 | 3 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
1695 | 3 | BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U); |
1696 | | |
1697 | 3 | return offset; |
1698 | 3 | } |
1699 | | |
1700 | | |
1701 | | |
1702 | | static unsigned |
1703 | 3 | dissect_ldap_BindResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1704 | 3 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
1705 | 3 | hf_index, BER_CLASS_APP, 1, true, dissect_ldap_BindResponse_U); |
1706 | | |
1707 | 3 | return offset; |
1708 | 3 | } |
1709 | | |
1710 | | |
1711 | | |
1712 | | static unsigned |
1713 | 6 | dissect_ldap_NULL(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1714 | 6 | offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index); |
1715 | | |
1716 | 6 | return offset; |
1717 | 6 | } |
1718 | | |
1719 | | |
1720 | | |
1721 | | static unsigned |
1722 | 6 | dissect_ldap_UnbindRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1723 | | |
1724 | 6 | implicit_tag = true; /* correct problem with asn2wrs */ |
1725 | | |
1726 | 6 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
1727 | 6 | hf_index, BER_CLASS_APP, 2, true, dissect_ldap_NULL); |
1728 | | |
1729 | | |
1730 | 6 | ldap_do_protocolop(actx->pinfo); |
1731 | | |
1732 | | |
1733 | | |
1734 | | |
1735 | | |
1736 | | |
1737 | 6 | return offset; |
1738 | 6 | } |
1739 | | |
1740 | | |
1741 | | static const value_string ldap_T_scope_vals[] = { |
1742 | | { 0, "baseObject" }, |
1743 | | { 1, "singleLevel" }, |
1744 | | { 2, "wholeSubtree" }, |
1745 | | { 0, NULL } |
1746 | | }; |
1747 | | |
1748 | | |
1749 | | static unsigned |
1750 | 2 | dissect_ldap_T_scope(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1751 | | |
1752 | 2 | uint32_t scope = 0xffff; |
1753 | 2 | const char *valstr; |
1754 | | |
1755 | 2 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
1756 | 2 | &scope); |
1757 | | |
1758 | | |
1759 | 2 | ldap_do_protocolop(actx->pinfo); |
1760 | | |
1761 | 2 | valstr = val_to_str(actx->pinfo->pool, scope, ldap_T_scope_vals, "Unknown scope(%u)"); |
1762 | | |
1763 | 2 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); |
1764 | | |
1765 | 2 | if(ldm_tree) |
1766 | 0 | proto_item_append_text(ldm_tree, " %s", valstr); |
1767 | | |
1768 | | |
1769 | 2 | return offset; |
1770 | 2 | } |
1771 | | |
1772 | | |
1773 | | static const value_string ldap_T_derefAliases_vals[] = { |
1774 | | { 0, "neverDerefAliases" }, |
1775 | | { 1, "derefInSearching" }, |
1776 | | { 2, "derefFindingBaseObj" }, |
1777 | | { 3, "derefAlways" }, |
1778 | | { 0, NULL } |
1779 | | }; |
1780 | | |
1781 | | |
1782 | | static unsigned |
1783 | 0 | dissect_ldap_T_derefAliases(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1784 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
1785 | 0 | NULL); |
1786 | |
|
1787 | 0 | return offset; |
1788 | 0 | } |
1789 | | |
1790 | | |
1791 | | |
1792 | | static unsigned |
1793 | 10 | dissect_ldap_INTEGER_0_maxInt(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1794 | 10 | offset = dissect_ber_constrained_integer(implicit_tag, actx, tree, tvb, offset, |
1795 | 10 | 0U, maxInt, hf_index, NULL); |
1796 | | |
1797 | 10 | return offset; |
1798 | 10 | } |
1799 | | |
1800 | | |
1801 | | |
1802 | | static unsigned |
1803 | 1 | dissect_ldap_BOOLEAN(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1804 | 1 | offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); |
1805 | | |
1806 | 1 | return offset; |
1807 | 1 | } |
1808 | | |
1809 | | |
1810 | | |
1811 | | static unsigned |
1812 | 0 | dissect_ldap_T_and_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1813 | 0 | offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); |
1814 | |
|
1815 | 0 | if(and_filter_string){ |
1816 | 0 | and_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(&%s%s)",and_filter_string,Filter_string); |
1817 | 0 | } else { |
1818 | 0 | and_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(&%s)",Filter_string); |
1819 | 0 | } |
1820 | |
|
1821 | 0 | return offset; |
1822 | 0 | } |
1823 | | |
1824 | | |
1825 | | static const ber_sequence_t T_and_set_of[1] = { |
1826 | | { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item }, |
1827 | | }; |
1828 | | |
1829 | | static unsigned |
1830 | 0 | dissect_ldap_T_and(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1831 | 0 | proto_tree *tr=NULL; |
1832 | 0 | proto_item *it=NULL; |
1833 | 0 | const char *old_and_filter_string=and_filter_string; |
1834 | |
|
1835 | 0 | and_filter_string=NULL; |
1836 | |
|
1837 | 0 | tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: "); |
1838 | 0 | tree = tr; |
1839 | |
|
1840 | 0 | offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, |
1841 | 0 | T_and_set_of, hf_index, ett_ldap_T_and); |
1842 | | |
1843 | |
|
1844 | 0 | if(and_filter_string) { |
1845 | 0 | proto_item_append_text(it, "%s", and_filter_string); |
1846 | 0 | Filter_string=wmem_strdup(actx->pinfo->pool, and_filter_string); |
1847 | 0 | } |
1848 | 0 | and_filter_string=old_and_filter_string; |
1849 | | |
1850 | |
|
1851 | 0 | return offset; |
1852 | 0 | } |
1853 | | |
1854 | | |
1855 | | |
1856 | | static unsigned |
1857 | 0 | dissect_ldap_T_or_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1858 | 0 | offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); |
1859 | |
|
1860 | 0 | if(or_filter_string){ |
1861 | 0 | or_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(|%s%s)",or_filter_string,Filter_string); |
1862 | 0 | } else { |
1863 | 0 | or_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(|%s)",Filter_string); |
1864 | 0 | } |
1865 | | |
1866 | |
|
1867 | 0 | return offset; |
1868 | 0 | } |
1869 | | |
1870 | | |
1871 | | static const ber_sequence_t T_or_set_of[1] = { |
1872 | | { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item }, |
1873 | | }; |
1874 | | |
1875 | | static unsigned |
1876 | 0 | dissect_ldap_T_or(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1877 | 0 | proto_tree *tr; |
1878 | 0 | proto_item *it; |
1879 | 0 | const char *old_or_filter_string=or_filter_string; |
1880 | |
|
1881 | 0 | or_filter_string=NULL; |
1882 | 0 | tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: "); |
1883 | 0 | tree = tr; |
1884 | |
|
1885 | 0 | offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, |
1886 | 0 | T_or_set_of, hf_index, ett_ldap_T_or); |
1887 | |
|
1888 | 0 | if(or_filter_string) { |
1889 | 0 | proto_item_append_text(it, "%s", or_filter_string); |
1890 | 0 | Filter_string=wmem_strdup(actx->pinfo->pool, or_filter_string); |
1891 | 0 | } |
1892 | 0 | or_filter_string=old_or_filter_string; |
1893 | | |
1894 | |
|
1895 | 0 | return offset; |
1896 | 0 | } |
1897 | | |
1898 | | |
1899 | | |
1900 | | static unsigned |
1901 | 13 | dissect_ldap_T_not(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1902 | 13 | offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); |
1903 | | |
1904 | 13 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(!%s)",string_or_null(Filter_string)); |
1905 | | |
1906 | 13 | return offset; |
1907 | 13 | } |
1908 | | |
1909 | | |
1910 | | |
1911 | | static unsigned |
1912 | 0 | dissect_ldap_AttributeDescription(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1913 | 0 | offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); |
1914 | |
|
1915 | 0 | return offset; |
1916 | 0 | } |
1917 | | |
1918 | | |
1919 | | |
1920 | | static const ber_sequence_t AttributeValueAssertion_sequence[] = { |
1921 | | { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, |
1922 | | { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue }, |
1923 | | { NULL, 0, 0, 0, NULL } |
1924 | | }; |
1925 | | |
1926 | | static unsigned |
1927 | 3 | dissect_ldap_AttributeValueAssertion(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1928 | 3 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
1929 | 3 | AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion); |
1930 | | |
1931 | 3 | return offset; |
1932 | 3 | } |
1933 | | |
1934 | | |
1935 | | |
1936 | | static unsigned |
1937 | 1 | dissect_ldap_T_equalityMatch(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1938 | 1 | offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); |
1939 | | |
1940 | 1 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=%s)", |
1941 | 1 | string_or_null(attributedesc_string), |
1942 | 1 | string_or_null(ldapvalue_string)); |
1943 | | |
1944 | | |
1945 | 1 | return offset; |
1946 | 1 | } |
1947 | | |
1948 | | |
1949 | | static const value_string ldap_T_substringFilter_substrings_item_vals[] = { |
1950 | | { 0, "initial" }, |
1951 | | { 1, "any" }, |
1952 | | { 2, "final" }, |
1953 | | { 0, NULL } |
1954 | | }; |
1955 | | |
1956 | | static const ber_choice_t T_substringFilter_substrings_item_choice[] = { |
1957 | | { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString }, |
1958 | | { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString }, |
1959 | | { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString }, |
1960 | | { 0, NULL, 0, 0, 0, NULL } |
1961 | | }; |
1962 | | |
1963 | | static unsigned |
1964 | 0 | dissect_ldap_T_substringFilter_substrings_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1965 | 0 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
1966 | 0 | T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item, |
1967 | 0 | NULL); |
1968 | |
|
1969 | 0 | if (substring_item_final) { |
1970 | 0 | substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s", |
1971 | 0 | (substring_value?substring_value:"*"), |
1972 | 0 | substring_item_final); |
1973 | 0 | } else if (substring_item_any) { |
1974 | 0 | substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s*", |
1975 | 0 | (substring_value?substring_value:"*"), |
1976 | 0 | substring_item_any); |
1977 | 0 | } else if (substring_item_init) { |
1978 | 0 | substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s*", |
1979 | 0 | substring_item_init); |
1980 | 0 | } |
1981 | |
|
1982 | 0 | return offset; |
1983 | 0 | } |
1984 | | |
1985 | | |
1986 | | static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = { |
1987 | | { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item }, |
1988 | | }; |
1989 | | |
1990 | | static unsigned |
1991 | 0 | dissect_ldap_T_substringFilter_substrings(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
1992 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
1993 | 0 | T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings); |
1994 | |
|
1995 | 0 | return offset; |
1996 | 0 | } |
1997 | | |
1998 | | |
1999 | | static const ber_sequence_t SubstringFilter_sequence[] = { |
2000 | | { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, |
2001 | | { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings }, |
2002 | | { NULL, 0, 0, 0, NULL } |
2003 | | }; |
2004 | | |
2005 | | static unsigned |
2006 | 0 | dissect_ldap_SubstringFilter(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2007 | 0 | proto_tree *tr; |
2008 | 0 | proto_item *it; |
2009 | 0 | const char *old_substring_value=substring_value; |
2010 | |
|
2011 | 0 | attr_type=NULL; |
2012 | 0 | substring_value=NULL; |
2013 | 0 | substring_item_init=NULL; |
2014 | 0 | substring_item_any=NULL; |
2015 | 0 | substring_item_final=NULL; |
2016 | |
|
2017 | 0 | tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: "); |
2018 | 0 | tree = tr; |
2019 | |
|
2020 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2021 | 0 | SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter); |
2022 | |
|
2023 | 0 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=%s)", |
2024 | 0 | string_or_null(attr_type), |
2025 | 0 | string_or_null(substring_value)); |
2026 | 0 | proto_item_append_text(it, "%s", Filter_string); |
2027 | 0 | substring_value=old_substring_value; |
2028 | | |
2029 | |
|
2030 | 0 | return offset; |
2031 | 0 | } |
2032 | | |
2033 | | |
2034 | | |
2035 | | static unsigned |
2036 | 0 | dissect_ldap_T_greaterOrEqual(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2037 | 0 | offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); |
2038 | |
|
2039 | 0 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s>=%s)", |
2040 | 0 | string_or_null(attributedesc_string), |
2041 | 0 | string_or_null(ldapvalue_string)); |
2042 | | |
2043 | |
|
2044 | 0 | return offset; |
2045 | 0 | } |
2046 | | |
2047 | | |
2048 | | |
2049 | | static unsigned |
2050 | 2 | dissect_ldap_T_lessOrEqual(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2051 | 2 | offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); |
2052 | | |
2053 | 2 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s<=%s)", |
2054 | 2 | string_or_null(attributedesc_string), |
2055 | 2 | string_or_null(ldapvalue_string)); |
2056 | | |
2057 | | |
2058 | 2 | return offset; |
2059 | 2 | } |
2060 | | |
2061 | | |
2062 | | |
2063 | | static unsigned |
2064 | 0 | dissect_ldap_T_present(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2065 | 0 | offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index); |
2066 | |
|
2067 | 0 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=*)",string_or_null(Filter_string)); |
2068 | |
|
2069 | 0 | return offset; |
2070 | 0 | } |
2071 | | |
2072 | | |
2073 | | |
2074 | | static unsigned |
2075 | 0 | dissect_ldap_T_approxMatch(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2076 | 0 | offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); |
2077 | |
|
2078 | 0 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s~=%s)", |
2079 | 0 | string_or_null(attributedesc_string), |
2080 | 0 | string_or_null(ldapvalue_string)); |
2081 | |
|
2082 | 0 | return offset; |
2083 | 0 | } |
2084 | | |
2085 | | |
2086 | | |
2087 | | static unsigned |
2088 | 0 | dissect_ldap_MatchingRuleId(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2089 | 0 | offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); |
2090 | |
|
2091 | 0 | return offset; |
2092 | 0 | } |
2093 | | |
2094 | | |
2095 | | |
2096 | | static unsigned |
2097 | 0 | dissect_ldap_T_dnAttributes(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2098 | 0 | bool val; |
2099 | |
|
2100 | 0 | offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val); |
2101 | | |
2102 | |
|
2103 | 0 | matching_rule_dnattr = val; |
2104 | | |
2105 | | |
2106 | |
|
2107 | 0 | return offset; |
2108 | 0 | } |
2109 | | |
2110 | | |
2111 | | static const ber_sequence_t MatchingRuleAssertion_sequence[] = { |
2112 | | { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId }, |
2113 | | { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription }, |
2114 | | { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue }, |
2115 | | { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes }, |
2116 | | { NULL, 0, 0, 0, NULL } |
2117 | | }; |
2118 | | |
2119 | | static unsigned |
2120 | 0 | dissect_ldap_MatchingRuleAssertion(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2121 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2122 | 0 | MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion); |
2123 | |
|
2124 | 0 | return offset; |
2125 | 0 | } |
2126 | | |
2127 | | |
2128 | | |
2129 | | static unsigned |
2130 | 0 | dissect_ldap_T_extensibleMatch(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2131 | 0 | attr_type=NULL; |
2132 | 0 | matching_rule_string=NULL; |
2133 | 0 | ldapvalue_string=NULL; |
2134 | 0 | matching_rule_dnattr=false; |
2135 | |
|
2136 | 0 | offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); |
2137 | |
|
2138 | 0 | Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s:%s%s%s=%s)", |
2139 | 0 | (attr_type?attr_type:""), |
2140 | 0 | (matching_rule_dnattr?"dn:":""), |
2141 | 0 | (matching_rule_string?matching_rule_string:""), |
2142 | 0 | (matching_rule_string?":":""), |
2143 | 0 | string_or_null(ldapvalue_string)); |
2144 | |
|
2145 | 0 | return offset; |
2146 | 0 | } |
2147 | | |
2148 | | |
2149 | | static const value_string ldap_Filter_vals[] = { |
2150 | | { 0, "and" }, |
2151 | | { 1, "or" }, |
2152 | | { 2, "not" }, |
2153 | | { 3, "equalityMatch" }, |
2154 | | { 4, "substrings" }, |
2155 | | { 5, "greaterOrEqual" }, |
2156 | | { 6, "lessOrEqual" }, |
2157 | | { 7, "present" }, |
2158 | | { 8, "approxMatch" }, |
2159 | | { 9, "extensibleMatch" }, |
2160 | | { 0, NULL } |
2161 | | }; |
2162 | | |
2163 | | static const ber_choice_t Filter_choice[] = { |
2164 | | { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and }, |
2165 | | { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or }, |
2166 | | { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not }, |
2167 | | { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch }, |
2168 | | { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter }, |
2169 | | { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual }, |
2170 | | { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual }, |
2171 | | { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present }, |
2172 | | { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch }, |
2173 | | { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch }, |
2174 | | { 0, NULL, 0, 0, 0, NULL } |
2175 | | }; |
2176 | | |
2177 | | static unsigned |
2178 | 21 | dissect_ldap_Filter(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2179 | | // Filter -> Filter/and -> Filter/and/_item -> Filter |
2180 | 21 | actx->pinfo->dissection_depth += 3; |
2181 | 21 | increment_dissection_depth(actx->pinfo); |
2182 | 21 | proto_tree *tr; |
2183 | 21 | proto_item *it; |
2184 | 21 | attributedesc_string=NULL; |
2185 | | |
2186 | 21 | if (Filter_length++ > MAX_FILTER_LEN) { |
2187 | 0 | expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN); |
2188 | 0 | THROW(ReportedBoundsError); |
2189 | 0 | } |
2190 | | |
2191 | 21 | if (Filter_elements++ > MAX_FILTER_ELEMENTS) { |
2192 | 0 | expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS); |
2193 | 0 | THROW(ReportedBoundsError); |
2194 | 0 | } |
2195 | | |
2196 | 21 | tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: "); |
2197 | 21 | tree = tr; |
2198 | | |
2199 | 21 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
2200 | 21 | Filter_choice, hf_index, ett_ldap_Filter, |
2201 | 21 | NULL); |
2202 | | |
2203 | 21 | if(Filter_string) |
2204 | 2 | proto_item_append_text(it, "%s", string_or_null(Filter_string)); |
2205 | | |
2206 | | |
2207 | 21 | actx->pinfo->dissection_depth -= 3; |
2208 | 21 | decrement_dissection_depth(actx->pinfo); |
2209 | 21 | return offset; |
2210 | 21 | } |
2211 | | |
2212 | | |
2213 | | |
2214 | | static unsigned |
2215 | 8 | dissect_ldap_T_filter(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2216 | 8 | Filter_string=NULL; |
2217 | 8 | Filter_elements = 0; |
2218 | 8 | Filter_length = 0; |
2219 | | |
2220 | 8 | offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); |
2221 | | |
2222 | 8 | Filter_string=NULL; |
2223 | 8 | and_filter_string=NULL; |
2224 | 8 | Filter_elements = 0; |
2225 | 8 | Filter_length = 0; |
2226 | | |
2227 | 8 | return offset; |
2228 | 8 | } |
2229 | | |
2230 | | |
2231 | | static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = { |
2232 | | { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, |
2233 | | }; |
2234 | | |
2235 | | static unsigned |
2236 | 0 | dissect_ldap_AttributeDescriptionList(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2237 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
2238 | 0 | AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList); |
2239 | |
|
2240 | 0 | return offset; |
2241 | 0 | } |
2242 | | |
2243 | | |
2244 | | static const ber_sequence_t SearchRequest_U_sequence[] = { |
2245 | | { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2246 | | { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope }, |
2247 | | { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases }, |
2248 | | { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt }, |
2249 | | { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt }, |
2250 | | { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
2251 | | { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter }, |
2252 | | { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList }, |
2253 | | { NULL, 0, 0, 0, NULL } |
2254 | | }; |
2255 | | |
2256 | | static unsigned |
2257 | 21 | dissect_ldap_SearchRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2258 | 21 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2259 | 21 | SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U); |
2260 | | |
2261 | 21 | return offset; |
2262 | 21 | } |
2263 | | |
2264 | | |
2265 | | |
2266 | | static unsigned |
2267 | 21 | dissect_ldap_SearchRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2268 | 21 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2269 | 21 | hf_index, BER_CLASS_APP, 3, true, dissect_ldap_SearchRequest_U); |
2270 | | |
2271 | 21 | return offset; |
2272 | 21 | } |
2273 | | |
2274 | | |
2275 | | |
2276 | | static unsigned |
2277 | 0 | dissect_ldap_AttributeValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2278 | |
|
2279 | 0 | tvbuff_t *next_tvb = NULL; |
2280 | 0 | char *string; |
2281 | 0 | int old_offset = offset; |
2282 | 0 | int *hf_id; |
2283 | | |
2284 | | /* attr_type, should be set before calling this function */ |
2285 | | |
2286 | | /* extract the value of the octetstring */ |
2287 | 0 | offset = dissect_ber_octet_string(false, actx, tree, tvb, offset, -1, &next_tvb); |
2288 | | |
2289 | | /* first check if we have a custom attribute type configured */ |
2290 | 0 | if ((hf_id = get_hf_for_header (attr_type)) != NULL) |
2291 | 0 | proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA); |
2292 | | |
2293 | | /* if we have an attribute type that isn't binary see if there is a better dissector */ |
2294 | 0 | else if(!attr_type || !next_tvb || !dissector_try_string_with_data(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, false, NULL)) { |
2295 | 0 | offset = old_offset; |
2296 | | |
2297 | | /* do the default thing */ |
2298 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
2299 | 0 | NULL); |
2300 | | |
2301 | |
|
2302 | 0 | if(tvb_ascii_isprint(next_tvb, 0, tvb_reported_length(next_tvb))) { |
2303 | 0 | string = (char*)tvb_get_string_enc(actx->pinfo->pool, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA); |
2304 | 0 | proto_item_set_text(actx->created_item, "AttributeValue: %s", string); |
2305 | 0 | } |
2306 | 0 | } |
2307 | | |
2308 | |
|
2309 | 0 | return offset; |
2310 | 0 | } |
2311 | | |
2312 | | |
2313 | | static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = { |
2314 | | { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue }, |
2315 | | }; |
2316 | | |
2317 | | static unsigned |
2318 | 0 | dissect_ldap_SET_OF_AttributeValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2319 | 0 | offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, |
2320 | 0 | SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue); |
2321 | |
|
2322 | 0 | return offset; |
2323 | 0 | } |
2324 | | |
2325 | | |
2326 | | static const ber_sequence_t PartialAttributeList_item_sequence[] = { |
2327 | | { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, |
2328 | | { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue }, |
2329 | | { NULL, 0, 0, 0, NULL } |
2330 | | }; |
2331 | | |
2332 | | static unsigned |
2333 | 0 | dissect_ldap_PartialAttributeList_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2334 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2335 | 0 | PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item); |
2336 | |
|
2337 | 0 | return offset; |
2338 | 0 | } |
2339 | | |
2340 | | |
2341 | | static const ber_sequence_t PartialAttributeList_sequence_of[1] = { |
2342 | | { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item }, |
2343 | | }; |
2344 | | |
2345 | | static unsigned |
2346 | 0 | dissect_ldap_PartialAttributeList(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2347 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
2348 | 0 | PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList); |
2349 | |
|
2350 | 0 | return offset; |
2351 | 0 | } |
2352 | | |
2353 | | |
2354 | | static const ber_sequence_t SearchResultEntry_U_sequence[] = { |
2355 | | { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2356 | | { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList }, |
2357 | | { NULL, 0, 0, 0, NULL } |
2358 | | }; |
2359 | | |
2360 | | static unsigned |
2361 | 5 | dissect_ldap_SearchResultEntry_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2362 | 5 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2363 | 5 | SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U); |
2364 | | |
2365 | 5 | return offset; |
2366 | 5 | } |
2367 | | |
2368 | | |
2369 | | |
2370 | | static unsigned |
2371 | 5 | dissect_ldap_SearchResultEntry(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2372 | 5 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2373 | 5 | hf_index, BER_CLASS_APP, 4, true, dissect_ldap_SearchResultEntry_U); |
2374 | | |
2375 | 5 | return offset; |
2376 | 5 | } |
2377 | | |
2378 | | |
2379 | | static const value_string ldap_T_resultCode_vals[] = { |
2380 | | { 0, "success" }, |
2381 | | { 1, "operationsError" }, |
2382 | | { 2, "protocolError" }, |
2383 | | { 3, "timeLimitExceeded" }, |
2384 | | { 4, "sizeLimitExceeded" }, |
2385 | | { 5, "compareFalse" }, |
2386 | | { 6, "compareTrue" }, |
2387 | | { 7, "authMethodNotSupported" }, |
2388 | | { 8, "strongAuthRequired" }, |
2389 | | { 10, "referral" }, |
2390 | | { 11, "adminLimitExceeded" }, |
2391 | | { 12, "unavailableCriticalExtension" }, |
2392 | | { 13, "confidentialityRequired" }, |
2393 | | { 14, "saslBindInProgress" }, |
2394 | | { 16, "noSuchAttribute" }, |
2395 | | { 17, "undefinedAttributeType" }, |
2396 | | { 18, "inappropriateMatching" }, |
2397 | | { 19, "constraintViolation" }, |
2398 | | { 20, "attributeOrValueExists" }, |
2399 | | { 21, "invalidAttributeSyntax" }, |
2400 | | { 32, "noSuchObject" }, |
2401 | | { 33, "aliasProblem" }, |
2402 | | { 34, "invalidDNSyntax" }, |
2403 | | { 36, "aliasDereferencingProblem" }, |
2404 | | { 48, "inappropriateAuthentication" }, |
2405 | | { 49, "invalidCredentials" }, |
2406 | | { 50, "insufficientAccessRights" }, |
2407 | | { 51, "busy" }, |
2408 | | { 52, "unavailable" }, |
2409 | | { 53, "unwillingToPerform" }, |
2410 | | { 54, "loopDetect" }, |
2411 | | { 64, "namingViolation" }, |
2412 | | { 65, "objectClassViolation" }, |
2413 | | { 66, "notAllowedOnNonLeaf" }, |
2414 | | { 67, "notAllowedOnRDN" }, |
2415 | | { 68, "entryAlreadyExists" }, |
2416 | | { 69, "objectClassModsProhibited" }, |
2417 | | { 71, "affectsMultipleDSAs" }, |
2418 | | { 80, "other" }, |
2419 | | { 118, "canceled" }, |
2420 | | { 119, "noSuchOperation" }, |
2421 | | { 120, "tooLate" }, |
2422 | | { 121, "cannotCancel" }, |
2423 | | { 0, NULL } |
2424 | | }; |
2425 | | |
2426 | | |
2427 | | static unsigned |
2428 | 1 | dissect_ldap_T_resultCode(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2429 | | |
2430 | 1 | const char *valstr; |
2431 | 1 | unsigned result; |
2432 | | |
2433 | 1 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
2434 | 1 | &result); |
2435 | | |
2436 | | |
2437 | 1 | ldap_do_protocolop(actx->pinfo); |
2438 | | |
2439 | 1 | valstr = val_to_str(actx->pinfo->pool, result, ldap_T_resultCode_vals, "Unknown result(%u)"); |
2440 | | |
2441 | 1 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); |
2442 | | |
2443 | 1 | if(ldm_tree) |
2444 | 1 | proto_item_append_text(ldm_tree, " %s", valstr); |
2445 | | |
2446 | | |
2447 | | |
2448 | 1 | return offset; |
2449 | 1 | } |
2450 | | |
2451 | | |
2452 | | static const ber_sequence_t LDAPResult_sequence[] = { |
2453 | | { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode }, |
2454 | | { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2455 | | { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage }, |
2456 | | { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral }, |
2457 | | { NULL, 0, 0, 0, NULL } |
2458 | | }; |
2459 | | |
2460 | | static unsigned |
2461 | 21 | dissect_ldap_LDAPResult(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2462 | 21 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2463 | 21 | LDAPResult_sequence, hf_index, ett_ldap_LDAPResult); |
2464 | | |
2465 | 21 | return offset; |
2466 | 21 | } |
2467 | | |
2468 | | |
2469 | | |
2470 | | static unsigned |
2471 | 7 | dissect_ldap_SearchResultDone(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2472 | 7 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2473 | 7 | hf_index, BER_CLASS_APP, 5, true, dissect_ldap_LDAPResult); |
2474 | | |
2475 | 7 | return offset; |
2476 | 7 | } |
2477 | | |
2478 | | |
2479 | | static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = { |
2480 | | { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL }, |
2481 | | }; |
2482 | | |
2483 | | static unsigned |
2484 | 18 | dissect_ldap_SEQUENCE_OF_LDAPURL(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2485 | 18 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
2486 | 18 | SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL); |
2487 | | |
2488 | 18 | return offset; |
2489 | 18 | } |
2490 | | |
2491 | | |
2492 | | |
2493 | | static unsigned |
2494 | 18 | dissect_ldap_SearchResultReference(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2495 | | |
2496 | 18 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2497 | 18 | hf_index, BER_CLASS_APP, 19, true, dissect_ldap_SEQUENCE_OF_LDAPURL); |
2498 | | |
2499 | | |
2500 | 18 | ldap_do_protocolop(actx->pinfo); |
2501 | | |
2502 | | |
2503 | | |
2504 | 18 | return offset; |
2505 | 18 | } |
2506 | | |
2507 | | |
2508 | | static const value_string ldap_T_operation_vals[] = { |
2509 | | { 0, "add" }, |
2510 | | { 1, "delete" }, |
2511 | | { 2, "replace" }, |
2512 | | { 3, "increment" }, |
2513 | | { 0, NULL } |
2514 | | }; |
2515 | | |
2516 | | |
2517 | | static unsigned |
2518 | 0 | dissect_ldap_T_operation(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2519 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
2520 | 0 | NULL); |
2521 | |
|
2522 | 0 | return offset; |
2523 | 0 | } |
2524 | | |
2525 | | |
2526 | | static const ber_sequence_t AttributeTypeAndValues_sequence[] = { |
2527 | | { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, |
2528 | | { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue }, |
2529 | | { NULL, 0, 0, 0, NULL } |
2530 | | }; |
2531 | | |
2532 | | static unsigned |
2533 | 0 | dissect_ldap_AttributeTypeAndValues(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2534 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2535 | 0 | AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues); |
2536 | |
|
2537 | 0 | return offset; |
2538 | 0 | } |
2539 | | |
2540 | | |
2541 | | static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = { |
2542 | | { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation }, |
2543 | | { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues }, |
2544 | | { NULL, 0, 0, 0, NULL } |
2545 | | }; |
2546 | | |
2547 | | static unsigned |
2548 | 0 | dissect_ldap_T_modifyRequest_modification_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2549 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2550 | 0 | T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item); |
2551 | |
|
2552 | 0 | return offset; |
2553 | 0 | } |
2554 | | |
2555 | | |
2556 | | static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = { |
2557 | | { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item }, |
2558 | | }; |
2559 | | |
2560 | | static unsigned |
2561 | 0 | dissect_ldap_ModifyRequest_modification(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2562 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
2563 | 0 | ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification); |
2564 | |
|
2565 | 0 | return offset; |
2566 | 0 | } |
2567 | | |
2568 | | |
2569 | | static const ber_sequence_t ModifyRequest_U_sequence[] = { |
2570 | | { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2571 | | { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification }, |
2572 | | { NULL, 0, 0, 0, NULL } |
2573 | | }; |
2574 | | |
2575 | | static unsigned |
2576 | 1 | dissect_ldap_ModifyRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2577 | 1 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2578 | 1 | ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U); |
2579 | | |
2580 | 1 | return offset; |
2581 | 1 | } |
2582 | | |
2583 | | |
2584 | | |
2585 | | static unsigned |
2586 | 1 | dissect_ldap_ModifyRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2587 | 1 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2588 | 1 | hf_index, BER_CLASS_APP, 6, true, dissect_ldap_ModifyRequest_U); |
2589 | | |
2590 | 1 | return offset; |
2591 | 1 | } |
2592 | | |
2593 | | |
2594 | | |
2595 | | static unsigned |
2596 | 6 | dissect_ldap_ModifyResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2597 | 6 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2598 | 6 | hf_index, BER_CLASS_APP, 7, true, dissect_ldap_LDAPResult); |
2599 | | |
2600 | 6 | return offset; |
2601 | 6 | } |
2602 | | |
2603 | | |
2604 | | static const ber_sequence_t AttributeList_item_sequence[] = { |
2605 | | { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, |
2606 | | { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue }, |
2607 | | { NULL, 0, 0, 0, NULL } |
2608 | | }; |
2609 | | |
2610 | | static unsigned |
2611 | 0 | dissect_ldap_AttributeList_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2612 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2613 | 0 | AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item); |
2614 | |
|
2615 | 0 | return offset; |
2616 | 0 | } |
2617 | | |
2618 | | |
2619 | | static const ber_sequence_t AttributeList_sequence_of[1] = { |
2620 | | { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item }, |
2621 | | }; |
2622 | | |
2623 | | static unsigned |
2624 | 1 | dissect_ldap_AttributeList(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2625 | 1 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
2626 | 1 | AttributeList_sequence_of, hf_index, ett_ldap_AttributeList); |
2627 | | |
2628 | 1 | return offset; |
2629 | 1 | } |
2630 | | |
2631 | | |
2632 | | static const ber_sequence_t AddRequest_U_sequence[] = { |
2633 | | { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2634 | | { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList }, |
2635 | | { NULL, 0, 0, 0, NULL } |
2636 | | }; |
2637 | | |
2638 | | static unsigned |
2639 | 2 | dissect_ldap_AddRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2640 | 2 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2641 | 2 | AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U); |
2642 | | |
2643 | 2 | return offset; |
2644 | 2 | } |
2645 | | |
2646 | | |
2647 | | |
2648 | | static unsigned |
2649 | 2 | dissect_ldap_AddRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2650 | 2 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2651 | 2 | hf_index, BER_CLASS_APP, 8, true, dissect_ldap_AddRequest_U); |
2652 | | |
2653 | 2 | return offset; |
2654 | 2 | } |
2655 | | |
2656 | | |
2657 | | |
2658 | | static unsigned |
2659 | 4 | dissect_ldap_AddResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2660 | 4 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2661 | 4 | hf_index, BER_CLASS_APP, 9, true, dissect_ldap_LDAPResult); |
2662 | | |
2663 | 4 | return offset; |
2664 | 4 | } |
2665 | | |
2666 | | |
2667 | | |
2668 | | static unsigned |
2669 | 27 | dissect_ldap_DelRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2670 | 27 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2671 | 27 | hf_index, BER_CLASS_APP, 10, true, dissect_ldap_LDAPDN); |
2672 | | |
2673 | 27 | return offset; |
2674 | 27 | } |
2675 | | |
2676 | | |
2677 | | |
2678 | | static unsigned |
2679 | 2 | dissect_ldap_DelResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2680 | 2 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2681 | 2 | hf_index, BER_CLASS_APP, 11, true, dissect_ldap_LDAPResult); |
2682 | | |
2683 | 2 | return offset; |
2684 | 2 | } |
2685 | | |
2686 | | |
2687 | | |
2688 | | static unsigned |
2689 | 1 | dissect_ldap_RelativeLDAPDN(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2690 | 1 | offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); |
2691 | | |
2692 | 1 | return offset; |
2693 | 1 | } |
2694 | | |
2695 | | |
2696 | | static const ber_sequence_t ModifyDNRequest_U_sequence[] = { |
2697 | | { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2698 | | { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN }, |
2699 | | { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
2700 | | { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN }, |
2701 | | { NULL, 0, 0, 0, NULL } |
2702 | | }; |
2703 | | |
2704 | | static unsigned |
2705 | 3 | dissect_ldap_ModifyDNRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2706 | 3 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2707 | 3 | ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U); |
2708 | | |
2709 | 3 | return offset; |
2710 | 3 | } |
2711 | | |
2712 | | |
2713 | | |
2714 | | static unsigned |
2715 | 3 | dissect_ldap_ModifyDNRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2716 | 3 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2717 | 3 | hf_index, BER_CLASS_APP, 12, true, dissect_ldap_ModifyDNRequest_U); |
2718 | | |
2719 | 3 | return offset; |
2720 | 3 | } |
2721 | | |
2722 | | |
2723 | | |
2724 | | static unsigned |
2725 | 0 | dissect_ldap_ModifyDNResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2726 | 0 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2727 | 0 | hf_index, BER_CLASS_APP, 13, true, dissect_ldap_LDAPResult); |
2728 | |
|
2729 | 0 | return offset; |
2730 | 0 | } |
2731 | | |
2732 | | |
2733 | | static const ber_sequence_t CompareRequest_U_sequence[] = { |
2734 | | { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2735 | | { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion }, |
2736 | | { NULL, 0, 0, 0, NULL } |
2737 | | }; |
2738 | | |
2739 | | static unsigned |
2740 | 4 | dissect_ldap_CompareRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2741 | 4 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2742 | 4 | CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U); |
2743 | | |
2744 | 4 | return offset; |
2745 | 4 | } |
2746 | | |
2747 | | |
2748 | | |
2749 | | static unsigned |
2750 | 4 | dissect_ldap_CompareRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2751 | 4 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2752 | 4 | hf_index, BER_CLASS_APP, 14, true, dissect_ldap_CompareRequest_U); |
2753 | | |
2754 | 4 | return offset; |
2755 | 4 | } |
2756 | | |
2757 | | |
2758 | | |
2759 | | static unsigned |
2760 | 2 | dissect_ldap_CompareResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2761 | 2 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2762 | 2 | hf_index, BER_CLASS_APP, 15, true, dissect_ldap_LDAPResult); |
2763 | | |
2764 | 2 | return offset; |
2765 | 2 | } |
2766 | | |
2767 | | |
2768 | | |
2769 | | static unsigned |
2770 | 3 | dissect_ldap_AbandonRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2771 | | |
2772 | 3 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2773 | 3 | hf_index, BER_CLASS_APP, 16, true, dissect_ldap_MessageID); |
2774 | | |
2775 | | |
2776 | 3 | ldap_do_protocolop(actx->pinfo); |
2777 | | |
2778 | | |
2779 | 3 | return offset; |
2780 | 3 | } |
2781 | | |
2782 | | |
2783 | | |
2784 | | static unsigned |
2785 | 0 | dissect_ldap_LDAPOID(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2786 | |
|
2787 | 0 | tvbuff_t *parameter_tvb; |
2788 | 0 | const char *name; |
2789 | 0 | ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data; |
2790 | |
|
2791 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
2792 | 0 | ¶meter_tvb); |
2793 | | |
2794 | |
|
2795 | 0 | object_identifier_id = NULL; |
2796 | |
|
2797 | 0 | if (!parameter_tvb) |
2798 | 0 | return offset; |
2799 | | |
2800 | 0 | object_identifier_id = (char*)tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA); |
2801 | 0 | name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id); |
2802 | |
|
2803 | 0 | if(name){ |
2804 | 0 | proto_item_append_text(actx->created_item, " (%s)", name); |
2805 | |
|
2806 | 0 | if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) { |
2807 | 0 | ldap_do_protocolop(actx->pinfo); |
2808 | 0 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name); |
2809 | 0 | } |
2810 | 0 | } |
2811 | | |
2812 | | /* Has the client requested the Start TLS operation? */ |
2813 | 0 | if (ldap_info && hf_index == hf_ldap_requestName && |
2814 | 0 | !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) { |
2815 | | /* remember we have asked to start_tls */ |
2816 | 0 | ldap_info->start_tls_pending = true; |
2817 | 0 | } |
2818 | |
|
2819 | 0 | return offset; |
2820 | 0 | } |
2821 | | |
2822 | | |
2823 | | |
2824 | | static unsigned |
2825 | 0 | dissect_ldap_T_requestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2826 | |
|
2827 | 0 | if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { |
2828 | 0 | offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); |
2829 | 0 | } else { |
2830 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
2831 | 0 | NULL); |
2832 | |
|
2833 | 0 | } |
2834 | | |
2835 | |
|
2836 | 0 | return offset; |
2837 | 0 | } |
2838 | | |
2839 | | |
2840 | | static const ber_sequence_t ExtendedRequest_U_sequence[] = { |
2841 | | { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID }, |
2842 | | { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue }, |
2843 | | { NULL, 0, 0, 0, NULL } |
2844 | | }; |
2845 | | |
2846 | | static unsigned |
2847 | 2 | dissect_ldap_ExtendedRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2848 | 2 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2849 | 2 | ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U); |
2850 | | |
2851 | 2 | return offset; |
2852 | 2 | } |
2853 | | |
2854 | | |
2855 | | |
2856 | | static unsigned |
2857 | 2 | dissect_ldap_ExtendedRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2858 | 2 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2859 | 2 | hf_index, BER_CLASS_APP, 23, true, dissect_ldap_ExtendedRequest_U); |
2860 | | |
2861 | 2 | return offset; |
2862 | 2 | } |
2863 | | |
2864 | | |
2865 | | static const value_string ldap_ExtendedResponse_resultCode_vals[] = { |
2866 | | { 0, "success" }, |
2867 | | { 1, "operationsError" }, |
2868 | | { 2, "protocolError" }, |
2869 | | { 3, "timeLimitExceeded" }, |
2870 | | { 4, "sizeLimitExceeded" }, |
2871 | | { 5, "compareFalse" }, |
2872 | | { 6, "compareTrue" }, |
2873 | | { 7, "authMethodNotSupported" }, |
2874 | | { 8, "strongAuthRequired" }, |
2875 | | { 10, "referral" }, |
2876 | | { 11, "adminLimitExceeded" }, |
2877 | | { 12, "unavailableCriticalExtension" }, |
2878 | | { 13, "confidentialityRequired" }, |
2879 | | { 14, "saslBindInProgress" }, |
2880 | | { 16, "noSuchAttribute" }, |
2881 | | { 17, "undefinedAttributeType" }, |
2882 | | { 18, "inappropriateMatching" }, |
2883 | | { 19, "constraintViolation" }, |
2884 | | { 20, "attributeOrValueExists" }, |
2885 | | { 21, "invalidAttributeSyntax" }, |
2886 | | { 32, "noSuchObject" }, |
2887 | | { 33, "aliasProblem" }, |
2888 | | { 34, "invalidDNSyntax" }, |
2889 | | { 36, "aliasDereferencingProblem" }, |
2890 | | { 48, "inappropriateAuthentication" }, |
2891 | | { 49, "invalidCredentials" }, |
2892 | | { 50, "insufficientAccessRights" }, |
2893 | | { 51, "busy" }, |
2894 | | { 52, "unavailable" }, |
2895 | | { 53, "unwillingToPerform" }, |
2896 | | { 54, "loopDetect" }, |
2897 | | { 64, "namingViolation" }, |
2898 | | { 65, "objectClassViolation" }, |
2899 | | { 66, "notAllowedOnNonLeaf" }, |
2900 | | { 67, "notAllowedOnRDN" }, |
2901 | | { 68, "entryAlreadyExists" }, |
2902 | | { 69, "objectClassModsProhibited" }, |
2903 | | { 71, "affectsMultipleDSAs" }, |
2904 | | { 80, "other" }, |
2905 | | { 118, "canceled" }, |
2906 | | { 119, "noSuchOperation" }, |
2907 | | { 120, "tooLate" }, |
2908 | | { 121, "cannotCancel" }, |
2909 | | { 0, NULL } |
2910 | | }; |
2911 | | |
2912 | | |
2913 | | static unsigned |
2914 | 0 | dissect_ldap_ExtendedResponse_resultCode(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2915 | 0 | uint32_t resultCode; |
2916 | 0 | ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data; |
2917 | |
|
2918 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
2919 | 0 | &resultCode); |
2920 | | /* If Start TLS request was sent and resultCode is success... */ |
2921 | 0 | if (ldap_info && ldap_info->start_tls_pending && |
2922 | 0 | hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) { |
2923 | | /* The conversation will continue using SSL */ |
2924 | 0 | ssl_starttls_ack(find_dissector("tls"), actx->pinfo, ldap_handle); |
2925 | 0 | ldap_info->start_tls_pending = false; |
2926 | 0 | } |
2927 | | |
2928 | | |
2929 | |
|
2930 | 0 | return offset; |
2931 | 0 | } |
2932 | | |
2933 | | |
2934 | | |
2935 | | static unsigned |
2936 | 0 | dissect_ldap_ResponseName(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2937 | 0 | offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index); |
2938 | |
|
2939 | 0 | return offset; |
2940 | 0 | } |
2941 | | |
2942 | | |
2943 | | |
2944 | | static unsigned |
2945 | 0 | dissect_ldap_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2946 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
2947 | 0 | NULL); |
2948 | |
|
2949 | 0 | return offset; |
2950 | 0 | } |
2951 | | |
2952 | | |
2953 | | static const ber_sequence_t ExtendedResponse_U_sequence[] = { |
2954 | | { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode }, |
2955 | | { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, |
2956 | | { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage }, |
2957 | | { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral }, |
2958 | | { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName }, |
2959 | | { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, |
2960 | | { NULL, 0, 0, 0, NULL } |
2961 | | }; |
2962 | | |
2963 | | static unsigned |
2964 | 1 | dissect_ldap_ExtendedResponse_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2965 | 1 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
2966 | 1 | ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U); |
2967 | | |
2968 | 1 | return offset; |
2969 | 1 | } |
2970 | | |
2971 | | |
2972 | | |
2973 | | static unsigned |
2974 | 1 | dissect_ldap_ExtendedResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2975 | 1 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
2976 | 1 | hf_index, BER_CLASS_APP, 24, true, dissect_ldap_ExtendedResponse_U); |
2977 | | |
2978 | 1 | return offset; |
2979 | 1 | } |
2980 | | |
2981 | | |
2982 | | |
2983 | | static unsigned |
2984 | 0 | dissect_ldap_T_intermediateResponse_responseValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
2985 | |
|
2986 | 0 | const char *name; |
2987 | |
|
2988 | 0 | if(ldm_tree && object_identifier_id) { |
2989 | 0 | proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id); |
2990 | 0 | name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id); |
2991 | 0 | if(name) |
2992 | 0 | proto_item_append_text(ldm_tree, " (%s)", name); |
2993 | 0 | } |
2994 | 0 | if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { |
2995 | 0 | offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); |
2996 | 0 | } else { |
2997 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
2998 | 0 | NULL); |
2999 | |
|
3000 | 0 | } |
3001 | | |
3002 | |
|
3003 | 0 | return offset; |
3004 | 0 | } |
3005 | | |
3006 | | |
3007 | | static const ber_sequence_t IntermediateResponse_U_sequence[] = { |
3008 | | { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName }, |
3009 | | { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue }, |
3010 | | { NULL, 0, 0, 0, NULL } |
3011 | | }; |
3012 | | |
3013 | | static unsigned |
3014 | 3 | dissect_ldap_IntermediateResponse_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3015 | 3 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3016 | 3 | IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U); |
3017 | | |
3018 | 3 | return offset; |
3019 | 3 | } |
3020 | | |
3021 | | |
3022 | | |
3023 | | static unsigned |
3024 | 3 | dissect_ldap_IntermediateResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3025 | 3 | offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, |
3026 | 3 | hf_index, BER_CLASS_APP, 25, true, dissect_ldap_IntermediateResponse_U); |
3027 | | |
3028 | 3 | return offset; |
3029 | 3 | } |
3030 | | |
3031 | | |
3032 | | static const value_string ldap_ProtocolOp_vals[] = { |
3033 | | { 0, "bindRequest" }, |
3034 | | { 1, "bindResponse" }, |
3035 | | { 2, "unbindRequest" }, |
3036 | | { 3, "searchRequest" }, |
3037 | | { 4, "searchResEntry" }, |
3038 | | { 5, "searchResDone" }, |
3039 | | { 19, "searchResRef" }, |
3040 | | { 6, "modifyRequest" }, |
3041 | | { 7, "modifyResponse" }, |
3042 | | { 8, "addRequest" }, |
3043 | | { 9, "addResponse" }, |
3044 | | { 10, "delRequest" }, |
3045 | | { 11, "delResponse" }, |
3046 | | { 12, "modDNRequest" }, |
3047 | | { 13, "modDNResponse" }, |
3048 | | { 14, "compareRequest" }, |
3049 | | { 15, "compareResponse" }, |
3050 | | { 16, "abandonRequest" }, |
3051 | | { 23, "extendedReq" }, |
3052 | | { 24, "extendedResp" }, |
3053 | | { 25, "intermediateResponse" }, |
3054 | | { 0, NULL } |
3055 | | }; |
3056 | | |
3057 | | static const ber_choice_t ProtocolOp_choice[] = { |
3058 | | { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest }, |
3059 | | { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse }, |
3060 | | { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest }, |
3061 | | { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest }, |
3062 | | { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry }, |
3063 | | { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone }, |
3064 | | { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference }, |
3065 | | { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest }, |
3066 | | { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse }, |
3067 | | { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest }, |
3068 | | { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse }, |
3069 | | { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest }, |
3070 | | { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse }, |
3071 | | { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest }, |
3072 | | { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse }, |
3073 | | { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest }, |
3074 | | { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse }, |
3075 | | { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest }, |
3076 | | { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest }, |
3077 | | { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse }, |
3078 | | { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse }, |
3079 | | { 0, NULL, 0, 0, 0, NULL } |
3080 | | }; |
3081 | | |
3082 | | static unsigned |
3083 | 174 | dissect_ldap_ProtocolOp(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3084 | | |
3085 | 174 | ldap_call_response_t *lcrp; |
3086 | 174 | ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data; |
3087 | 174 | do_protocolop = true; |
3088 | | |
3089 | 174 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
3090 | 174 | ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp, |
3091 | 174 | &ProtocolOp); |
3092 | | |
3093 | | |
3094 | 174 | if (ProtocolOp == -1) { |
3095 | 52 | return offset; |
3096 | 52 | } |
3097 | | |
3098 | | /* ProtocolOp is the index, not the tag so convert it to the tag value */ |
3099 | 122 | ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value; |
3100 | | |
3101 | 122 | lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info); |
3102 | 122 | if(lcrp){ |
3103 | 1 | tap_queue_packet(ldap_tap, actx->pinfo, lcrp); |
3104 | 1 | } |
3105 | | |
3106 | | /* XXX: the count will not work if the results span multiple TCP packets */ |
3107 | | |
3108 | 122 | if(ldap_info) { /* only count once */ |
3109 | 27 | switch(ProtocolOp) { |
3110 | | |
3111 | 1 | case LDAP_RES_SEARCH_ENTRY: |
3112 | 1 | if (!actx->pinfo->fd->visited) |
3113 | 1 | ldap_info->num_results++; |
3114 | | |
3115 | 1 | proto_item_append_text(tree, " [%d result%s]", |
3116 | 1 | ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s"); |
3117 | | |
3118 | 1 | break; |
3119 | | |
3120 | 1 | case LDAP_RES_SEARCH_RESULT: |
3121 | | |
3122 | 1 | col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]", |
3123 | 1 | ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s"); |
3124 | | |
3125 | 1 | proto_item_append_text(tree, " [%d result%s]", |
3126 | 1 | ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s"); |
3127 | | |
3128 | 1 | break; |
3129 | 25 | default: |
3130 | 25 | break; |
3131 | 27 | } |
3132 | 27 | } |
3133 | | |
3134 | | |
3135 | 122 | return offset; |
3136 | 122 | } |
3137 | | |
3138 | | |
3139 | | |
3140 | | static unsigned |
3141 | 0 | dissect_ldap_ControlType(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3142 | 0 | offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index); |
3143 | |
|
3144 | 0 | return offset; |
3145 | 0 | } |
3146 | | |
3147 | | |
3148 | | |
3149 | | static unsigned |
3150 | 0 | dissect_ldap_T_controlValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3151 | 0 | int8_t ber_class; |
3152 | 0 | bool pc, ind; |
3153 | 0 | int32_t tag; |
3154 | 0 | uint32_t len; |
3155 | |
|
3156 | 0 | if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { |
3157 | | /* remove the OCTET STRING encoding */ |
3158 | 0 | offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag); |
3159 | 0 | offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind); |
3160 | |
|
3161 | 0 | call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); |
3162 | |
|
3163 | 0 | offset += len; |
3164 | 0 | } else { |
3165 | 0 | offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, |
3166 | 0 | NULL); |
3167 | |
|
3168 | 0 | } |
3169 | | |
3170 | | |
3171 | |
|
3172 | 0 | return offset; |
3173 | 0 | } |
3174 | | |
3175 | | |
3176 | | static const ber_sequence_t Control_sequence[] = { |
3177 | | { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType }, |
3178 | | { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
3179 | | { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue }, |
3180 | | { NULL, 0, 0, 0, NULL } |
3181 | | }; |
3182 | | |
3183 | | static unsigned |
3184 | 0 | dissect_ldap_Control(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3185 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3186 | 0 | Control_sequence, hf_index, ett_ldap_Control); |
3187 | |
|
3188 | 0 | return offset; |
3189 | 0 | } |
3190 | | |
3191 | | |
3192 | | static const ber_sequence_t Controls_sequence_of[1] = { |
3193 | | { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control }, |
3194 | | }; |
3195 | | |
3196 | | static unsigned |
3197 | 1 | dissect_ldap_Controls(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3198 | 1 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
3199 | 1 | Controls_sequence_of, hf_index, ett_ldap_Controls); |
3200 | | |
3201 | 1 | return offset; |
3202 | 1 | } |
3203 | | |
3204 | | |
3205 | | static const ber_sequence_t LDAPMessage_sequence[] = { |
3206 | | { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID }, |
3207 | | { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp }, |
3208 | | { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls }, |
3209 | | { NULL, 0, 0, 0, NULL } |
3210 | | }; |
3211 | | |
3212 | | static unsigned |
3213 | 490 | dissect_ldap_LDAPMessage(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3214 | 490 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3215 | 490 | LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage); |
3216 | | |
3217 | 490 | return offset; |
3218 | 490 | } |
3219 | | |
3220 | | |
3221 | | |
3222 | | |
3223 | | |
3224 | | static unsigned |
3225 | 0 | dissect_ldap_INTEGER(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3226 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
3227 | 0 | NULL); |
3228 | |
|
3229 | 0 | return offset; |
3230 | 0 | } |
3231 | | |
3232 | | |
3233 | | static const ber_sequence_t SearchControlValue_sequence[] = { |
3234 | | { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER }, |
3235 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3236 | | { NULL, 0, 0, 0, NULL } |
3237 | | }; |
3238 | | |
3239 | | static unsigned |
3240 | 0 | dissect_ldap_SearchControlValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3241 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3242 | 0 | SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue); |
3243 | |
|
3244 | 0 | return offset; |
3245 | 0 | } |
3246 | | |
3247 | | |
3248 | | static const ber_sequence_t SortKeyList_item_sequence[] = { |
3249 | | { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, |
3250 | | { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId }, |
3251 | | { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN }, |
3252 | | { NULL, 0, 0, 0, NULL } |
3253 | | }; |
3254 | | |
3255 | | static unsigned |
3256 | 0 | dissect_ldap_SortKeyList_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3257 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3258 | 0 | SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item); |
3259 | |
|
3260 | 0 | return offset; |
3261 | 0 | } |
3262 | | |
3263 | | |
3264 | | static const ber_sequence_t SortKeyList_sequence_of[1] = { |
3265 | | { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item }, |
3266 | | }; |
3267 | | |
3268 | | static unsigned |
3269 | 0 | dissect_ldap_SortKeyList(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3270 | 0 | offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, |
3271 | 0 | SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList); |
3272 | |
|
3273 | 0 | return offset; |
3274 | 0 | } |
3275 | | |
3276 | | |
3277 | | static const value_string ldap_T_sortResult_vals[] = { |
3278 | | { 0, "success" }, |
3279 | | { 1, "operationsError" }, |
3280 | | { 3, "timeLimitExceeded" }, |
3281 | | { 8, "strongAuthRequired" }, |
3282 | | { 11, "adminLimitExceeded" }, |
3283 | | { 16, "noSuchAttribute" }, |
3284 | | { 18, "inappropriateMatching" }, |
3285 | | { 50, "insufficientAccessRights" }, |
3286 | | { 51, "busy" }, |
3287 | | { 53, "unwillingToPerform" }, |
3288 | | { 80, "other" }, |
3289 | | { 0, NULL } |
3290 | | }; |
3291 | | |
3292 | | |
3293 | | static unsigned |
3294 | 0 | dissect_ldap_T_sortResult(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3295 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
3296 | 0 | NULL); |
3297 | |
|
3298 | 0 | return offset; |
3299 | 0 | } |
3300 | | |
3301 | | |
3302 | | static const ber_sequence_t SortResult_sequence[] = { |
3303 | | { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult }, |
3304 | | { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription }, |
3305 | | { NULL, 0, 0, 0, NULL } |
3306 | | }; |
3307 | | |
3308 | | static unsigned |
3309 | 0 | dissect_ldap_SortResult(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3310 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3311 | 0 | SortResult_sequence, hf_index, ett_ldap_SortResult); |
3312 | |
|
3313 | 0 | return offset; |
3314 | 0 | } |
3315 | | |
3316 | | |
3317 | | |
3318 | | static unsigned |
3319 | 0 | dissect_ldap_DirSyncFlags(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3320 | 0 | int8_t ber_class; |
3321 | 0 | bool pc; |
3322 | 0 | int32_t tag; |
3323 | 0 | uint32_t len; |
3324 | 0 | uint32_t val; |
3325 | |
|
3326 | 0 | int otheroffset = offset; |
3327 | 0 | if(!implicit_tag){ |
3328 | 0 | dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag); |
3329 | 0 | otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); |
3330 | 0 | } else { |
3331 | 0 | int32_t remaining=tvb_reported_length_remaining(tvb, offset); |
3332 | 0 | len=remaining>0 ? remaining : 0; |
3333 | 0 | } |
3334 | |
|
3335 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val); |
3336 | |
|
3337 | 0 | if (val >0) { |
3338 | 0 | static int * const flags[] = { |
3339 | 0 | &hf_ldap_object_security_flag, |
3340 | 0 | &hf_ldap_ancestor_first_flag, |
3341 | 0 | &hf_ldap_public_data_only_flag, |
3342 | 0 | &hf_ldap_incremental_value_flag, |
3343 | 0 | NULL |
3344 | 0 | }; |
3345 | |
|
3346 | 0 | proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index, |
3347 | 0 | ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND); |
3348 | 0 | } else { |
3349 | 0 | proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0); |
3350 | 0 | } |
3351 | | |
3352 | |
|
3353 | 0 | return offset; |
3354 | 0 | } |
3355 | | |
3356 | | |
3357 | | static const ber_sequence_t DirSyncControlValue_sequence[] = { |
3358 | | { &hf_ldap_flags , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_DirSyncFlags }, |
3359 | | { &hf_ldap_maxBytes , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER }, |
3360 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3361 | | { NULL, 0, 0, 0, NULL } |
3362 | | }; |
3363 | | |
3364 | | static unsigned |
3365 | 0 | dissect_ldap_DirSyncControlValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3366 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3367 | 0 | DirSyncControlValue_sequence, hf_index, ett_ldap_DirSyncControlValue); |
3368 | |
|
3369 | 0 | return offset; |
3370 | 0 | } |
3371 | | |
3372 | | |
3373 | | static const ber_sequence_t PasswdModifyRequestValue_sequence[] = { |
3374 | | { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, |
3375 | | { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, |
3376 | | { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, |
3377 | | { NULL, 0, 0, 0, NULL } |
3378 | | }; |
3379 | | |
3380 | | static unsigned |
3381 | 0 | dissect_ldap_PasswdModifyRequestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3382 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3383 | 0 | PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue); |
3384 | |
|
3385 | 0 | return offset; |
3386 | 0 | } |
3387 | | |
3388 | | |
3389 | | static const ber_sequence_t CancelRequestValue_sequence[] = { |
3390 | | { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID }, |
3391 | | { NULL, 0, 0, 0, NULL } |
3392 | | }; |
3393 | | |
3394 | | static unsigned |
3395 | 0 | dissect_ldap_CancelRequestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3396 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3397 | 0 | CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue); |
3398 | |
|
3399 | 0 | return offset; |
3400 | 0 | } |
3401 | | |
3402 | | |
3403 | | static const value_string ldap_T_mode_vals[] = { |
3404 | | { 1, "refreshOnly" }, |
3405 | | { 3, "refreshAndPersist" }, |
3406 | | { 0, NULL } |
3407 | | }; |
3408 | | |
3409 | | |
3410 | | static unsigned |
3411 | 0 | dissect_ldap_T_mode(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3412 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
3413 | 0 | NULL); |
3414 | |
|
3415 | 0 | return offset; |
3416 | 0 | } |
3417 | | |
3418 | | |
3419 | | static const ber_sequence_t SyncRequestValue_sequence[] = { |
3420 | | { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode }, |
3421 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3422 | | { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
3423 | | { NULL, 0, 0, 0, NULL } |
3424 | | }; |
3425 | | |
3426 | | static unsigned |
3427 | 0 | dissect_ldap_SyncRequestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3428 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3429 | 0 | SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue); |
3430 | |
|
3431 | 0 | return offset; |
3432 | 0 | } |
3433 | | |
3434 | | |
3435 | | static const value_string ldap_T_state_vals[] = { |
3436 | | { 0, "present" }, |
3437 | | { 1, "add" }, |
3438 | | { 2, "modify" }, |
3439 | | { 3, "delete" }, |
3440 | | { 0, NULL } |
3441 | | }; |
3442 | | |
3443 | | |
3444 | | static unsigned |
3445 | 0 | dissect_ldap_T_state(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3446 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
3447 | 0 | NULL); |
3448 | |
|
3449 | 0 | return offset; |
3450 | 0 | } |
3451 | | |
3452 | | |
3453 | | |
3454 | | static unsigned |
3455 | 0 | dissect_ldap_SyncUUID(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3456 | 0 | offset = dissect_ber_constrained_octet_string(implicit_tag, actx, tree, tvb, offset, |
3457 | 0 | 16, 16, hf_index, NULL); |
3458 | |
|
3459 | 0 | return offset; |
3460 | 0 | } |
3461 | | |
3462 | | |
3463 | | static const ber_sequence_t SyncStateValue_sequence[] = { |
3464 | | { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state }, |
3465 | | { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID }, |
3466 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3467 | | { NULL, 0, 0, 0, NULL } |
3468 | | }; |
3469 | | |
3470 | | static unsigned |
3471 | 0 | dissect_ldap_SyncStateValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3472 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3473 | 0 | SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue); |
3474 | |
|
3475 | 0 | return offset; |
3476 | 0 | } |
3477 | | |
3478 | | |
3479 | | static const ber_sequence_t SyncDoneValue_sequence[] = { |
3480 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3481 | | { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
3482 | | { NULL, 0, 0, 0, NULL } |
3483 | | }; |
3484 | | |
3485 | | static unsigned |
3486 | 0 | dissect_ldap_SyncDoneValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3487 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3488 | 0 | SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue); |
3489 | |
|
3490 | 0 | return offset; |
3491 | 0 | } |
3492 | | |
3493 | | |
3494 | | static const ber_sequence_t T_refreshDelete_sequence[] = { |
3495 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3496 | | { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
3497 | | { NULL, 0, 0, 0, NULL } |
3498 | | }; |
3499 | | |
3500 | | static unsigned |
3501 | 0 | dissect_ldap_T_refreshDelete(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3502 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3503 | 0 | T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete); |
3504 | |
|
3505 | 0 | return offset; |
3506 | 0 | } |
3507 | | |
3508 | | |
3509 | | static const ber_sequence_t T_refreshPresent_sequence[] = { |
3510 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3511 | | { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
3512 | | { NULL, 0, 0, 0, NULL } |
3513 | | }; |
3514 | | |
3515 | | static unsigned |
3516 | 0 | dissect_ldap_T_refreshPresent(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3517 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3518 | 0 | T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent); |
3519 | |
|
3520 | 0 | return offset; |
3521 | 0 | } |
3522 | | |
3523 | | |
3524 | | static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = { |
3525 | | { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID }, |
3526 | | }; |
3527 | | |
3528 | | static unsigned |
3529 | 0 | dissect_ldap_SET_OF_SyncUUID(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3530 | 0 | offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, |
3531 | 0 | SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID); |
3532 | |
|
3533 | 0 | return offset; |
3534 | 0 | } |
3535 | | |
3536 | | |
3537 | | static const ber_sequence_t T_syncIdSet_sequence[] = { |
3538 | | { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, |
3539 | | { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, |
3540 | | { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID }, |
3541 | | { NULL, 0, 0, 0, NULL } |
3542 | | }; |
3543 | | |
3544 | | static unsigned |
3545 | 0 | dissect_ldap_T_syncIdSet(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3546 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3547 | 0 | T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet); |
3548 | |
|
3549 | 0 | return offset; |
3550 | 0 | } |
3551 | | |
3552 | | |
3553 | | static const value_string ldap_SyncInfoValue_vals[] = { |
3554 | | { 0, "newcookie" }, |
3555 | | { 1, "refreshDelete" }, |
3556 | | { 2, "refreshPresent" }, |
3557 | | { 3, "syncIdSet" }, |
3558 | | { 0, NULL } |
3559 | | }; |
3560 | | |
3561 | | static const ber_choice_t SyncInfoValue_choice[] = { |
3562 | | { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, |
3563 | | { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete }, |
3564 | | { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent }, |
3565 | | { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet }, |
3566 | | { 0, NULL, 0, 0, 0, NULL } |
3567 | | }; |
3568 | | |
3569 | | static unsigned |
3570 | 0 | dissect_ldap_SyncInfoValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3571 | 0 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
3572 | 0 | SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue, |
3573 | 0 | NULL); |
3574 | |
|
3575 | 0 | return offset; |
3576 | 0 | } |
3577 | | |
3578 | | |
3579 | | static const value_string ldap_T_warning_vals[] = { |
3580 | | { 0, "timeBeforeExpiration" }, |
3581 | | { 1, "graceAuthNsRemaining" }, |
3582 | | { 0, NULL } |
3583 | | }; |
3584 | | |
3585 | | static const ber_choice_t T_warning_choice[] = { |
3586 | | { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt }, |
3587 | | { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt }, |
3588 | | { 0, NULL, 0, 0, 0, NULL } |
3589 | | }; |
3590 | | |
3591 | | static unsigned |
3592 | 0 | dissect_ldap_T_warning(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3593 | 0 | offset = dissect_ber_choice(actx, tree, tvb, offset, |
3594 | 0 | T_warning_choice, hf_index, ett_ldap_T_warning, |
3595 | 0 | NULL); |
3596 | |
|
3597 | 0 | return offset; |
3598 | 0 | } |
3599 | | |
3600 | | |
3601 | | static const value_string ldap_T_error_vals[] = { |
3602 | | { 0, "passwordExpired" }, |
3603 | | { 1, "accountLocked" }, |
3604 | | { 2, "changeAfterReset" }, |
3605 | | { 3, "passwordModNotAllowed" }, |
3606 | | { 4, "mustSupplyOldPassword" }, |
3607 | | { 5, "insufficientPasswordQuality" }, |
3608 | | { 6, "passwordTooShort" }, |
3609 | | { 7, "passwordTooYoung" }, |
3610 | | { 8, "passwordInHistory" }, |
3611 | | { 0, NULL } |
3612 | | }; |
3613 | | |
3614 | | |
3615 | | static unsigned |
3616 | 0 | dissect_ldap_T_error(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3617 | 0 | offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, |
3618 | 0 | NULL); |
3619 | |
|
3620 | 0 | return offset; |
3621 | 0 | } |
3622 | | |
3623 | | |
3624 | | static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = { |
3625 | | { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning }, |
3626 | | { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error }, |
3627 | | { NULL, 0, 0, 0, NULL } |
3628 | | }; |
3629 | | |
3630 | | static unsigned |
3631 | 0 | dissect_ldap_PasswordPolicyResponseValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, unsigned offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { |
3632 | 0 | offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, |
3633 | 0 | PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue); |
3634 | |
|
3635 | 0 | return offset; |
3636 | 0 | } |
3637 | | |
3638 | | /*--- PDUs ---*/ |
3639 | | |
3640 | 0 | static int dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3641 | 0 | unsigned offset = 0; |
3642 | 0 | asn1_ctx_t asn1_ctx; |
3643 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3644 | 0 | offset = dissect_ldap_SearchControlValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU); |
3645 | 0 | return offset; |
3646 | 0 | } |
3647 | 0 | static int dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3648 | 0 | unsigned offset = 0; |
3649 | 0 | asn1_ctx_t asn1_ctx; |
3650 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3651 | 0 | offset = dissect_ldap_SortKeyList(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU); |
3652 | 0 | return offset; |
3653 | 0 | } |
3654 | 0 | static int dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3655 | 0 | unsigned offset = 0; |
3656 | 0 | asn1_ctx_t asn1_ctx; |
3657 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3658 | 0 | offset = dissect_ldap_SortResult(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SortResult_PDU); |
3659 | 0 | return offset; |
3660 | 0 | } |
3661 | 0 | static int dissect_DirSyncControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3662 | 0 | unsigned offset = 0; |
3663 | 0 | asn1_ctx_t asn1_ctx; |
3664 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3665 | 0 | offset = dissect_ldap_DirSyncControlValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_DirSyncControlValue_PDU); |
3666 | 0 | return offset; |
3667 | 0 | } |
3668 | 0 | static int dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3669 | 0 | unsigned offset = 0; |
3670 | 0 | asn1_ctx_t asn1_ctx; |
3671 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3672 | 0 | offset = dissect_ldap_PasswdModifyRequestValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU); |
3673 | 0 | return offset; |
3674 | 0 | } |
3675 | 0 | static int dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3676 | 0 | unsigned offset = 0; |
3677 | 0 | asn1_ctx_t asn1_ctx; |
3678 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3679 | 0 | offset = dissect_ldap_CancelRequestValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU); |
3680 | 0 | return offset; |
3681 | 0 | } |
3682 | 0 | static int dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3683 | 0 | unsigned offset = 0; |
3684 | 0 | asn1_ctx_t asn1_ctx; |
3685 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3686 | 0 | offset = dissect_ldap_SyncRequestValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU); |
3687 | 0 | return offset; |
3688 | 0 | } |
3689 | 0 | static int dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3690 | 0 | unsigned offset = 0; |
3691 | 0 | asn1_ctx_t asn1_ctx; |
3692 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3693 | 0 | offset = dissect_ldap_SyncStateValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU); |
3694 | 0 | return offset; |
3695 | 0 | } |
3696 | 0 | static int dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3697 | 0 | unsigned offset = 0; |
3698 | 0 | asn1_ctx_t asn1_ctx; |
3699 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3700 | 0 | offset = dissect_ldap_SyncDoneValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU); |
3701 | 0 | return offset; |
3702 | 0 | } |
3703 | 0 | static int dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3704 | 0 | unsigned offset = 0; |
3705 | 0 | asn1_ctx_t asn1_ctx; |
3706 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3707 | 0 | offset = dissect_ldap_SyncInfoValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU); |
3708 | 0 | return offset; |
3709 | 0 | } |
3710 | 0 | static int dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { |
3711 | 0 | unsigned offset = 0; |
3712 | 0 | asn1_ctx_t asn1_ctx; |
3713 | 0 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3714 | 0 | offset = dissect_ldap_PasswordPolicyResponseValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU); |
3715 | 0 | return offset; |
3716 | 0 | } |
3717 | | |
3718 | 490 | static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) { |
3719 | | |
3720 | 490 | int offset = 0; |
3721 | 490 | asn1_ctx_t asn1_ctx; |
3722 | 490 | asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo); |
3723 | | |
3724 | 490 | asn1_ctx.private_data = ldap_info; |
3725 | 490 | offset = dissect_ldap_LDAPMessage(false, tvb, offset, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU); |
3726 | 490 | return offset; |
3727 | 490 | } |
3728 | | |
3729 | | static void |
3730 | | dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo, |
3731 | | proto_tree *tree, ldap_conv_info_t *ldap_info, |
3732 | | bool is_mscldap) |
3733 | 513 | { |
3734 | 513 | int offset = 0; |
3735 | 513 | unsigned length_remaining; |
3736 | 513 | unsigned msg_len = 0; |
3737 | 513 | int messageOffset = 0; |
3738 | 513 | unsigned headerLength = 0; |
3739 | 513 | tvbuff_t *msg_tvb = NULL; |
3740 | 513 | int8_t ber_class; |
3741 | 513 | bool pc, ind = 0; |
3742 | 513 | int32_t ber_tag; |
3743 | | |
3744 | 513 | attributedesc_string=NULL; |
3745 | | |
3746 | | |
3747 | 523 | one_more_pdu: |
3748 | | |
3749 | 523 | length_remaining = tvb_ensure_captured_length_remaining(tvb, offset); |
3750 | | |
3751 | 523 | if (length_remaining < 6) return; |
3752 | | |
3753 | | /* |
3754 | | * OK, try to read the "Sequence Of" header; this gets the total |
3755 | | * length of the LDAP message. |
3756 | | */ |
3757 | 519 | messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag); |
3758 | 519 | messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind); |
3759 | | |
3760 | | /* sanity check */ |
3761 | 519 | if((msg_len<4) || (msg_len>10000000)) return; |
3762 | | |
3763 | 503 | if ( (ber_class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) { |
3764 | | /* |
3765 | | * Add the length of the "Sequence Of" header to the message |
3766 | | * length. |
3767 | | */ |
3768 | 100 | headerLength = messageOffset - offset; |
3769 | 100 | msg_len += headerLength; |
3770 | 100 | if (msg_len < headerLength) { |
3771 | | /* |
3772 | | * The message length was probably so large that the total length |
3773 | | * overflowed. |
3774 | | * |
3775 | | * Report this as an error. |
3776 | | */ |
3777 | 0 | show_reported_bounds_error(tvb, pinfo, tree); |
3778 | 0 | return; |
3779 | 0 | } |
3780 | 403 | } else { |
3781 | | /* |
3782 | | * We couldn't parse the header; just make it the amount of data |
3783 | | * remaining in the tvbuff, so we'll give up on this segment |
3784 | | * after attempting to parse the message - there's nothing more |
3785 | | * we can do. "dissect_ldap_message()" will display the error. |
3786 | | */ |
3787 | 403 | msg_len = length_remaining; |
3788 | 403 | } |
3789 | | |
3790 | | /* |
3791 | | * Construct a tvbuff containing the amount of the payload we have |
3792 | | * available. Make its reported length the amount of data in the |
3793 | | * LDAP message. |
3794 | | */ |
3795 | 503 | msg_tvb = tvb_new_subset_length(tvb, offset, msg_len); |
3796 | | |
3797 | | /* |
3798 | | * Now dissect the LDAP message. |
3799 | | */ |
3800 | 503 | ldap_info->is_mscldap = is_mscldap; |
3801 | 503 | dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree, ldap_info); |
3802 | | |
3803 | 503 | offset += msg_len; |
3804 | | |
3805 | | /* If this was a sasl blob there might be another PDU following in the |
3806 | | * same blob |
3807 | | */ |
3808 | 503 | if(tvb_reported_length_remaining(tvb, offset)>=6){ |
3809 | 10 | tvb = tvb_new_subset_remaining(tvb, offset); |
3810 | 10 | offset = 0; |
3811 | | |
3812 | 10 | goto one_more_pdu; |
3813 | 10 | } |
3814 | | |
3815 | 503 | } |
3816 | | |
3817 | | static void |
3818 | | ldap_frame_end(void) |
3819 | 175 | { |
3820 | 175 | ldap_found_in_frame = false; |
3821 | 175 | attr_type = NULL; |
3822 | 175 | ldapvalue_string = NULL; |
3823 | | /* ? */ |
3824 | 175 | attributedesc_string = NULL; |
3825 | 175 | Filter_string = NULL; |
3826 | 175 | and_filter_string = NULL; |
3827 | 175 | object_identifier_id = NULL; |
3828 | 175 | or_filter_string = NULL; |
3829 | | |
3830 | 175 | substring_item_any = NULL; |
3831 | 175 | substring_item_final = NULL; |
3832 | 175 | substring_item_init = NULL; |
3833 | 175 | substring_value = NULL; |
3834 | | |
3835 | 175 | ldm_tree = NULL; |
3836 | | |
3837 | 175 | Filter_elements = 0; |
3838 | 175 | Filter_length = 0; |
3839 | 175 | do_protocolop = false; |
3840 | | |
3841 | | /* seems to be ok, but reset just in case */ |
3842 | 175 | matching_rule_string = NULL; |
3843 | 175 | } |
3844 | | |
3845 | | static void |
3846 | | dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, bool is_mscldap) |
3847 | 513 | { |
3848 | 513 | int offset = 0; |
3849 | 513 | conversation_t *conversation; |
3850 | 513 | bool doing_sasl_security = false; |
3851 | 513 | ldap_conv_info_t *ldap_info = NULL; |
3852 | 513 | proto_item *ldap_item = NULL; |
3853 | 513 | proto_tree *ldap_tree = NULL; |
3854 | 513 | uint32_t sasl_length = 0; |
3855 | 513 | uint32_t remaining_length = 0; |
3856 | 513 | uint8_t sasl_start[2] = { 0, }; |
3857 | 513 | bool detected_sasl_security = false; |
3858 | | |
3859 | 513 | ldm_tree = NULL; |
3860 | | |
3861 | 513 | conversation = find_or_create_conversation(pinfo); |
3862 | | |
3863 | | /* |
3864 | | * Do we already have a type and mechanism? |
3865 | | */ |
3866 | 513 | ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap); |
3867 | 513 | if (ldap_info == NULL) { |
3868 | | /* No. Attach that information to the conversation, and add |
3869 | | * it to the list of information structures. |
3870 | | */ |
3871 | 72 | ldap_info = wmem_new0(wmem_file_scope(), ldap_conv_info_t); |
3872 | 72 | ldap_info->matched=wmem_map_new(wmem_file_scope(), ldap_info_hash_matched, ldap_info_equal_matched); |
3873 | 72 | ldap_info->unmatched=wmem_map_new(wmem_file_scope(), ldap_info_hash_unmatched, ldap_info_equal_unmatched); |
3874 | | |
3875 | 72 | conversation_add_proto_data(conversation, proto_ldap, ldap_info); |
3876 | 72 | } |
3877 | | |
3878 | 513 | switch (ldap_info->auth_type) { |
3879 | 115 | case LDAP_AUTH_SASL: |
3880 | | /* |
3881 | | * It's SASL; are we using a security layer? |
3882 | | */ |
3883 | 115 | if (ldap_info->first_auth_frame != 0 && |
3884 | 115 | pinfo->num >= ldap_info->first_auth_frame) { |
3885 | 115 | doing_sasl_security = true; /* yes */ |
3886 | 115 | } |
3887 | 513 | } |
3888 | | |
3889 | 513 | tvb_ensure_captured_length_remaining(tvb, offset); |
3890 | | |
3891 | | /* It might still be a packet containing a SASL security layer |
3892 | | * but it's just that we never saw the BIND packet. |
3893 | | * check if it looks like it could be a SASL blob here |
3894 | | * and in that case just assume it is GSS-SPNEGO |
3895 | | */ |
3896 | 513 | if(!doing_sasl_security && tvb_bytes_exist(tvb, offset, 6)) { |
3897 | 394 | sasl_length = tvb_get_ntohl(tvb, offset); |
3898 | 394 | remaining_length = tvb_reported_length_remaining(tvb, offset); |
3899 | 394 | sasl_start[0] = tvb_get_uint8(tvb, offset+4); |
3900 | 394 | sasl_start[1] = tvb_get_uint8(tvb, offset+5); |
3901 | 394 | } |
3902 | 513 | if ((sasl_length + 4) <= remaining_length) { |
3903 | 9 | if (sasl_start[0] == 0x05 && sasl_start[1] == 0x04) { |
3904 | | /* |
3905 | | * Likely modern kerberos signing |
3906 | | */ |
3907 | 0 | detected_sasl_security = true; |
3908 | 9 | } else if (sasl_start[0] == 0x60) { |
3909 | | /* |
3910 | | * Likely ASN.1 based kerberos |
3911 | | */ |
3912 | 1 | detected_sasl_security = true; |
3913 | 1 | } |
3914 | 9 | } |
3915 | 513 | if (detected_sasl_security) { |
3916 | 1 | ldap_info->auth_type=LDAP_AUTH_SASL; |
3917 | 1 | ldap_info->first_auth_frame=pinfo->num; |
3918 | 1 | ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO"); |
3919 | 1 | doing_sasl_security=true; |
3920 | 1 | } |
3921 | | |
3922 | | /* |
3923 | | * This is the first PDU, set the Protocol column and clear the |
3924 | | * Info column. |
3925 | | */ |
3926 | 513 | col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto); |
3927 | | |
3928 | 513 | if(ldap_found_in_frame) { |
3929 | | /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */ |
3930 | 338 | col_append_str(pinfo->cinfo, COL_INFO, " | "); |
3931 | 338 | col_set_fence(pinfo->cinfo, COL_INFO); |
3932 | 338 | } else { |
3933 | 175 | col_clear(pinfo->cinfo, COL_INFO); |
3934 | 175 | register_frame_end_routine (pinfo, ldap_frame_end); |
3935 | 175 | ldap_found_in_frame = true; |
3936 | 175 | } |
3937 | | |
3938 | 513 | ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA); |
3939 | 513 | ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap); |
3940 | | |
3941 | | /* |
3942 | | * Might we be doing a SASL security layer and, if so, *are* we doing |
3943 | | * one? |
3944 | | * |
3945 | | * Just because we've seen a bind reply for SASL, that doesn't mean |
3946 | | * that we're using a SASL security layer; I've seen captures in |
3947 | | * which some SASL negotiations lead to a security layer being used |
3948 | | * and other negotiations don't, and it's not obvious what's different |
3949 | | * in the two negotiations. Therefore, we assume that if the first |
3950 | | * byte is 0, it's a length for a SASL security layer (that way, we |
3951 | | * never reassemble more than 16 megabytes, protecting us from |
3952 | | * chewing up *too* much memory), and otherwise that it's an LDAP |
3953 | | * message (actually, if it's an LDAP message it should begin with 0x30, |
3954 | | * but we want to parse garbage as LDAP messages rather than really |
3955 | | * huge lengths). |
3956 | | */ |
3957 | | |
3958 | 513 | if (doing_sasl_security && tvb_get_uint8(tvb, offset) == 0) { |
3959 | 0 | proto_tree *sasl_tree; |
3960 | 0 | tvbuff_t *sasl_tvb; |
3961 | 0 | unsigned sasl_len, sasl_msg_len; |
3962 | | /* |
3963 | | * Yes. The frame begins with a 4-byte big-endian length. |
3964 | | * And we know we have at least 6 bytes |
3965 | | */ |
3966 | | |
3967 | | /* |
3968 | | * Get the SASL length, which is the length of data in the buffer |
3969 | | * following the length (i.e., it's 4 less than the total length). |
3970 | | * |
3971 | | * XXX - do we need to reassemble buffers? For now, we |
3972 | | * assume that each LDAP message is entirely contained within |
3973 | | * a buffer. |
3974 | | */ |
3975 | 0 | sasl_len = tvb_get_ntohl(tvb, offset); |
3976 | 0 | sasl_msg_len = sasl_len + 4; |
3977 | 0 | if (sasl_msg_len < 4) { |
3978 | | /* |
3979 | | * The message length was probably so large that the total length |
3980 | | * overflowed. |
3981 | | * |
3982 | | * Report this as an error. |
3983 | | */ |
3984 | 0 | show_reported_bounds_error(tvb, pinfo, tree); |
3985 | 0 | return; |
3986 | 0 | } |
3987 | | |
3988 | | /* |
3989 | | * Construct a tvbuff containing the amount of the payload we have |
3990 | | * available. Make its reported length the amount of data in the PDU. |
3991 | | */ |
3992 | 0 | sasl_tvb = tvb_new_subset_length(tvb, offset, sasl_msg_len); |
3993 | |
|
3994 | 0 | proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, sasl_len); |
3995 | |
|
3996 | 0 | sasl_tree = proto_tree_add_subtree(ldap_tree, sasl_tvb, 4, sasl_msg_len - 4, ett_ldap_sasl_blob, NULL, "SASL Buffer"); |
3997 | |
|
3998 | 0 | if (ldap_info->auth_mech != NULL && |
3999 | 0 | ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) || |
4000 | | /* auth_mech may have been set from the bind */ |
4001 | 0 | (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) { |
4002 | 0 | tvbuff_t *gssapi_tvb = NULL; |
4003 | 0 | int ver_len; |
4004 | 0 | gssapi_encrypt_info_t gssapi_encrypt; |
4005 | | |
4006 | | /* |
4007 | | * This is GSS-API (using SPNEGO, but we should be done with |
4008 | | * the negotiation by now). |
4009 | | * |
4010 | | * Dissect the GSS_Wrap() token; it'll return the length of |
4011 | | * the token, from which we compute the offset in the tvbuff at |
4012 | | * which the plaintext data, i.e. the LDAP message, begins. |
4013 | | */ |
4014 | 0 | gssapi_tvb = tvb_new_subset_length(sasl_tvb, 4, sasl_len); |
4015 | | |
4016 | | /* Attempt decryption of the GSSAPI wrapped data if possible */ |
4017 | 0 | memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt)); |
4018 | 0 | gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; |
4019 | 0 | ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree, &gssapi_encrypt); |
4020 | | /* |
4021 | | * If ver_len is 0, it probably means that we got a PDU that is not |
4022 | | * aligned to the start of the segment. |
4023 | | */ |
4024 | 0 | if(ver_len==0){ |
4025 | 0 | return; |
4026 | 0 | } |
4027 | 0 | if (gssapi_encrypt.gssapi_data_encrypted) { |
4028 | 0 | if (gssapi_encrypt.gssapi_decrypted_tvb) { |
4029 | 0 | tvbuff_t *decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb; |
4030 | 0 | proto_tree *enc_tree = NULL; |
4031 | | |
4032 | | /* |
4033 | | * The LDAP payload (blob) was encrypted and we were able to decrypt it. |
4034 | | * The data was signed via a MIC token, sealed (encrypted), and "wrapped" |
4035 | | * within the mechanism's "blob." Call dissect_ldap_payload to dissect |
4036 | | * one or more LDAPMessages such as searchRequest messages within this |
4037 | | * payload. |
4038 | | */ |
4039 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): "); |
4040 | |
|
4041 | 0 | if (sasl_tree) { |
4042 | 0 | unsigned decr_len = tvb_reported_length(decr_tvb); |
4043 | |
|
4044 | 0 | enc_tree = proto_tree_add_subtree_format(sasl_tree, decr_tvb, 0, -1, |
4045 | 0 | ett_ldap_payload, NULL, "GSS-API Encrypted payload (%d byte%s)", |
4046 | 0 | decr_len, plurality(decr_len, "", "s")); |
4047 | 0 | } |
4048 | |
|
4049 | 0 | dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap); |
4050 | 0 | } else { |
4051 | | /* |
4052 | | * The LDAP message was encrypted but couldn't be decrypted so just display the |
4053 | | * encrypted data all of which is found in Packet Bytes. |
4054 | | */ |
4055 | 0 | col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)", |
4056 | 0 | sasl_len-ver_len, plurality(sasl_len-ver_len, "", "s")); |
4057 | |
|
4058 | 0 | proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA); |
4059 | 0 | } |
4060 | 0 | } else { |
4061 | 0 | tvbuff_t *plain_tvb; |
4062 | 0 | if (gssapi_encrypt.gssapi_decrypted_tvb) { |
4063 | 0 | plain_tvb = gssapi_encrypt.gssapi_decrypted_tvb; |
4064 | 0 | } else { |
4065 | 0 | plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len); |
4066 | 0 | } |
4067 | 0 | proto_tree *plain_tree = NULL; |
4068 | | |
4069 | | /* |
4070 | | * The payload was not encrypted (sealed) but was signed via a MIC token. |
4071 | | * If krb5_tok_id == KRB_TOKEN_CFX_WRAP, the payload was wrapped within |
4072 | | * the mechanism's blob. Call dissect_ldap_payload to dissect one or more |
4073 | | * LDAPMessages within the payload. |
4074 | | */ |
4075 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: "); |
4076 | |
|
4077 | 0 | if (sasl_tree) { |
4078 | 0 | unsigned plain_len = tvb_reported_length(plain_tvb); |
4079 | |
|
4080 | 0 | plain_tree = proto_tree_add_subtree_format(sasl_tree, plain_tvb, 0, -1, |
4081 | 0 | ett_ldap_payload, NULL, "GSS-API payload (%d byte%s)", |
4082 | 0 | plain_len, plurality(plain_len, "", "s")); |
4083 | 0 | } |
4084 | |
|
4085 | 0 | dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap); |
4086 | 0 | } |
4087 | 0 | } |
4088 | 513 | } else { |
4089 | | /* |
4090 | | * The LDAP packet does not contain a SASL security layer. Such messages are typically sent |
4091 | | * prior to the LDAP "bind" negotiation exchange which establishes the "context" of the session. |
4092 | | * This means the data could neither be "signed" (no data origin auth or data integrity |
4093 | | * check) nor "sealed" (encrypted). |
4094 | | */ |
4095 | 513 | dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap); |
4096 | 513 | } |
4097 | 513 | } |
4098 | | |
4099 | | int dissect_mscldap_string(wmem_allocator_t *scope, tvbuff_t *tvb, int offset, int max_len, char **str) |
4100 | 0 | { |
4101 | 0 | int compr_len; |
4102 | 0 | const char *name; |
4103 | 0 | int name_len; |
4104 | | |
4105 | | /* The name data MUST start at offset 0 of the tvb */ |
4106 | 0 | compr_len = get_dns_name(scope, tvb, offset, max_len, 0, &name, &name_len); |
4107 | 0 | *str = (char*)get_utf_8_string(scope, (const uint8_t*)name, name_len); |
4108 | 0 | return offset + compr_len; |
4109 | 0 | } |
4110 | | |
4111 | | |
4112 | | /* These are the cldap DC flags |
4113 | | http://msdn.microsoft.com/en-us/library/cc201036.aspx |
4114 | | */ |
4115 | | static const true_false_string tfs_ads_pdc = { |
4116 | | "This is a PDC", |
4117 | | "This is NOT a pdc" |
4118 | | }; |
4119 | | static const true_false_string tfs_ads_gc = { |
4120 | | "This is a GLOBAL CATALOGUE of forest", |
4121 | | "This is NOT a global catalog of forest" |
4122 | | }; |
4123 | | static const true_false_string tfs_ads_ldap = { |
4124 | | "This is an LDAP server", |
4125 | | "This is NOT an ldap server" |
4126 | | }; |
4127 | | static const true_false_string tfs_ads_ds = { |
4128 | | "This dc supports DS", |
4129 | | "This dc does NOT support ds" |
4130 | | }; |
4131 | | static const true_false_string tfs_ads_kdc = { |
4132 | | "This is a KDC (kerberos)", |
4133 | | "This is NOT a kdc (kerberos)" |
4134 | | }; |
4135 | | static const true_false_string tfs_ads_timeserv = { |
4136 | | "This dc is running TIME SERVICES (ntp)", |
4137 | | "This dc is NOT running time services (ntp)" |
4138 | | }; |
4139 | | static const true_false_string tfs_ads_closest = { |
4140 | | "This server is in the same site as the client", |
4141 | | "This server is NOT in the same site as the client" |
4142 | | }; |
4143 | | static const true_false_string tfs_ads_writable = { |
4144 | | "This dc is WRITABLE", |
4145 | | "This dc is NOT writable" |
4146 | | }; |
4147 | | static const true_false_string tfs_ads_good_timeserv = { |
4148 | | "This dc has a GOOD TIME SERVICE (i.e. hardware clock)", |
4149 | | "This dc does NOT have a good time service (i.e. no hardware clock)" |
4150 | | }; |
4151 | | static const true_false_string tfs_ads_ndnc = { |
4152 | | "Domain is NON-DOMAIN NC serviced by ldap server", |
4153 | | "Domain is NOT non-domain nc serviced by ldap server" |
4154 | | }; |
4155 | | static const true_false_string tfs_ads_rodc = { |
4156 | | "Domain controller is a Windows 2008 RODC", |
4157 | | "Domain controller is not a Windows 2008 RODC" |
4158 | | }; |
4159 | | static const true_false_string tfs_ads_wdc = { |
4160 | | "Domain controller is a Windows 2008 writable NC", |
4161 | | "Domain controller is not a Windows 2008 writable NC" |
4162 | | }; |
4163 | | static const true_false_string tfs_ads_dns = { |
4164 | | "Server name is in DNS format (Windows 2008)", |
4165 | | "Server name is not in DNS format (Windows 2008)" |
4166 | | }; |
4167 | | static const true_false_string tfs_ads_dnc = { |
4168 | | "The NC is the default NC (Windows 2008)", |
4169 | | "The NC is not the default NC (Windows 2008)" |
4170 | | }; |
4171 | | static const true_false_string tfs_ads_fnc = { |
4172 | | "The NC is the default forest NC(Windows 2008)", |
4173 | | "The NC is not the default forest NC (Windows 2008)" |
4174 | | }; |
4175 | | static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset) |
4176 | 0 | { |
4177 | 0 | static int * const flags[] = { |
4178 | 0 | &hf_mscldap_netlogon_flags_fnc, |
4179 | 0 | &hf_mscldap_netlogon_flags_dnc, |
4180 | 0 | &hf_mscldap_netlogon_flags_dns, |
4181 | 0 | &hf_mscldap_netlogon_flags_wdc, |
4182 | 0 | &hf_mscldap_netlogon_flags_rodc, |
4183 | 0 | &hf_mscldap_netlogon_flags_ndnc, |
4184 | 0 | &hf_mscldap_netlogon_flags_good_timeserv, |
4185 | 0 | &hf_mscldap_netlogon_flags_writable, |
4186 | 0 | &hf_mscldap_netlogon_flags_closest, |
4187 | 0 | &hf_mscldap_netlogon_flags_timeserv, |
4188 | 0 | &hf_mscldap_netlogon_flags_kdc, |
4189 | 0 | &hf_mscldap_netlogon_flags_ds, |
4190 | 0 | &hf_mscldap_netlogon_flags_ldap, |
4191 | 0 | &hf_mscldap_netlogon_flags_gc, |
4192 | 0 | &hf_mscldap_netlogon_flags_pdc, |
4193 | 0 | NULL |
4194 | 0 | }; |
4195 | |
|
4196 | 0 | proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_netlogon_flags, |
4197 | 0 | ett_mscldap_netlogon_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE); |
4198 | 0 | offset += 4; |
4199 | |
|
4200 | 0 | return offset; |
4201 | 0 | } |
4202 | | |
4203 | | static int dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
4204 | 0 | { |
4205 | 0 | int old_offset, offset=0; |
4206 | 0 | char *str; |
4207 | 0 | uint16_t itype; |
4208 | 0 | uint16_t len; |
4209 | 0 | uint32_t version; |
4210 | 0 | int fn_len; |
4211 | 0 | proto_item *item; |
4212 | |
|
4213 | 0 | ldm_tree = NULL; |
4214 | | |
4215 | | |
4216 | | /* Get the length of the buffer */ |
4217 | 0 | len=tvb_reported_length_remaining(tvb,offset); |
4218 | | |
4219 | | /* check the len if it is to small return */ |
4220 | 0 | if (len < 10) |
4221 | 0 | return tvb_captured_length(tvb); |
4222 | | |
4223 | | /* Type */ |
4224 | 0 | proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4225 | 0 | itype = tvb_get_letohs(tvb, offset); |
4226 | 0 | offset += 2; |
4227 | |
|
4228 | 0 | switch(itype){ |
4229 | | |
4230 | 0 | case LOGON_SAM_LOGON_RESPONSE: |
4231 | | /* logon server name; must be aligned on a 2-byte boundary */ |
4232 | 0 | if ((offset & 1) != 0) { |
4233 | 0 | offset++; |
4234 | 0 | } |
4235 | 0 | proto_tree_add_item_ret_length(tree, hf_mscldap_nb_hostname_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len); |
4236 | 0 | offset +=fn_len; |
4237 | | |
4238 | | /* username; must be aligned on a 2-byte boundary */ |
4239 | 0 | if ((offset & 1) != 0) { |
4240 | 0 | offset++; |
4241 | 0 | } |
4242 | 0 | proto_tree_add_item_ret_length(tree, hf_mscldap_username_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len); |
4243 | 0 | offset +=fn_len; |
4244 | | |
4245 | | /* domain name; must be aligned on a 2-byte boundary */ |
4246 | 0 | if ((offset & 1) != 0) { |
4247 | 0 | offset++; |
4248 | 0 | } |
4249 | 0 | proto_tree_add_item_ret_length(tree, hf_mscldap_nb_domain_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len); |
4250 | 0 | offset +=fn_len; |
4251 | | |
4252 | | /* get the version number from the end of the buffer, as the |
4253 | | length is variable and the version determines what fields |
4254 | | need to be decoded */ |
4255 | 0 | version = tvb_get_letohl(tvb,len-8); |
4256 | | |
4257 | | /* include the extra version 5 fields */ |
4258 | 0 | if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){ |
4259 | | |
4260 | | /* domain guid */ |
4261 | 0 | proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN); |
4262 | 0 | offset += 16; |
4263 | | |
4264 | | /* domain guid part 2 |
4265 | | there is another 16 byte guid but this is alway zero, so we will skip it */ |
4266 | 0 | offset += 16; |
4267 | | |
4268 | | /* Forest */ |
4269 | 0 | old_offset=offset; |
4270 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4271 | 0 | proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str); |
4272 | | |
4273 | | /* Domain */ |
4274 | 0 | old_offset=offset; |
4275 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4276 | 0 | proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str); |
4277 | | |
4278 | | /* Hostname */ |
4279 | 0 | old_offset=offset; |
4280 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4281 | 0 | proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str); |
4282 | | |
4283 | | /* DC IP Address */ |
4284 | 0 | proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, ENC_BIG_ENDIAN); |
4285 | 0 | offset += 4; |
4286 | | |
4287 | | /* Flags */ |
4288 | 0 | dissect_mscldap_netlogon_flags(tree, tvb, offset); |
4289 | 0 | } |
4290 | |
|
4291 | 0 | break; |
4292 | | |
4293 | 0 | case LOGON_SAM_LOGON_RESPONSE_EX: |
4294 | | /* MS-ADTS 6.3.1.9 */ |
4295 | 0 | offset += 2; /* Skip over "Sbz" field (MUST be set to 0) */ |
4296 | | |
4297 | | /* Flags */ |
4298 | 0 | offset = dissect_mscldap_netlogon_flags(tree, tvb, offset); |
4299 | | |
4300 | | /* Domain GUID */ |
4301 | 0 | proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN); |
4302 | 0 | offset += 16; |
4303 | | |
4304 | | /* Forest */ |
4305 | 0 | old_offset=offset; |
4306 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4307 | 0 | proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str); |
4308 | | |
4309 | | /* Domain */ |
4310 | 0 | old_offset=offset; |
4311 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4312 | 0 | proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str); |
4313 | | |
4314 | | /* Hostname */ |
4315 | 0 | old_offset=offset; |
4316 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4317 | 0 | proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str); |
4318 | | |
4319 | | /* NetBIOS Domain */ |
4320 | 0 | old_offset=offset; |
4321 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4322 | 0 | proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str); |
4323 | | |
4324 | | /* NetBIOS Hostname */ |
4325 | 0 | old_offset=offset; |
4326 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4327 | 0 | proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str); |
4328 | | |
4329 | | /* User */ |
4330 | 0 | old_offset=offset; |
4331 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4332 | 0 | proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str); |
4333 | | |
4334 | | /* Server Site */ |
4335 | 0 | old_offset=offset; |
4336 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4337 | 0 | proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str); |
4338 | | |
4339 | | /* Client Site */ |
4340 | 0 | old_offset=offset; |
4341 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4342 | 0 | proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str); |
4343 | | |
4344 | | /* get the version number from the end of the buffer, as the |
4345 | | length is variable and the version determines what fields |
4346 | | need to be decoded */ |
4347 | 0 | version = tvb_get_letohl(tvb,len-8); |
4348 | | |
4349 | | /* include the extra fields for version 5 with IP s */ |
4350 | 0 | if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){ |
4351 | | /* The ip address is returned as a sockaddr_in structure |
4352 | | * |
4353 | | * This section may need to be updated if the base Windows APIs |
4354 | | * are changed to support ipv6, which currently is not the case. |
4355 | | * |
4356 | | * The dissector assumes the length is based on ipv4 and |
4357 | | * ignores the length |
4358 | | */ |
4359 | | |
4360 | | /* skip the length of the sockaddr_in */ |
4361 | |
|
4362 | 0 | offset +=1; |
4363 | | |
4364 | | /* add IP address and dissect the sockaddr_in structure */ |
4365 | |
|
4366 | 0 | old_offset = offset + 4; |
4367 | 0 | item = proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, ENC_BIG_ENDIAN); |
4368 | |
|
4369 | 0 | proto_tree *subtree; |
4370 | |
|
4371 | 0 | subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails); |
4372 | | |
4373 | | /* get sockaddr family */ |
4374 | 0 | proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4375 | 0 | offset +=2; |
4376 | | |
4377 | | /* get sockaddr port */ |
4378 | 0 | proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4379 | 0 | offset +=2; |
4380 | | |
4381 | | /* get IP address */ |
4382 | 0 | proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN); |
4383 | 0 | offset += 4; |
4384 | | |
4385 | | /* sin_zero (reserved 8 bytes, MUST be set to zero and ignored on receipt) */ |
4386 | 0 | proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_zero, tvb, offset, 8, ENC_NA); |
4387 | 0 | offset += 8; |
4388 | 0 | } |
4389 | 0 | if ((version & NETLOGON_NT_VERSION_WITH_CLOSEST_SITE) == NETLOGON_NT_VERSION_WITH_CLOSEST_SITE){ |
4390 | 0 | old_offset=offset; |
4391 | 0 | offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str); |
4392 | 0 | proto_tree_add_string(tree, hf_mscldap_nextclosestsitename, tvb, old_offset, offset-old_offset, str); |
4393 | 0 | } |
4394 | |
|
4395 | 0 | break; |
4396 | 0 | } |
4397 | | |
4398 | | |
4399 | | /* complete the decode with the version and token details */ |
4400 | | |
4401 | 0 | offset = len - 8; |
4402 | | |
4403 | | /* NETLOGON_NT_VERSION Options (MS-ADTS 6.3.1.1) */ |
4404 | 0 | offset = dissect_mscldap_ntver_flags(tree, tvb, offset); |
4405 | | |
4406 | | /* LM Token */ |
4407 | 0 | proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4408 | 0 | offset += 2; |
4409 | | |
4410 | | /* NT Token */ |
4411 | 0 | proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
4412 | |
|
4413 | 0 | return tvb_captured_length(tvb); |
4414 | 0 | } |
4415 | | |
4416 | | |
4417 | | static unsigned |
4418 | | get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, |
4419 | | int offset, void *data _U_) |
4420 | 0 | { |
4421 | | /* sasl encapsulated ldap is 4 bytes plus the length in size */ |
4422 | 0 | return tvb_get_ntohl(tvb, offset)+4; |
4423 | 0 | } |
4424 | | |
4425 | | static int |
4426 | | dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
4427 | 0 | { |
4428 | 0 | dissect_ldap_pdu(tvb, pinfo, tree, false); |
4429 | 0 | return tvb_captured_length(tvb); |
4430 | 0 | } |
4431 | | |
4432 | | static unsigned |
4433 | | get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, |
4434 | | int offset, void *data _U_) |
4435 | 417 | { |
4436 | 417 | uint32_t len; |
4437 | 417 | bool ind; |
4438 | 417 | int data_offset; |
4439 | | |
4440 | | /* normal ldap is tag+len bytes plus the length |
4441 | | * offset is where the tag is |
4442 | | * offset+1 is where length starts |
4443 | | */ |
4444 | 417 | data_offset=get_ber_length(tvb, offset+1, &len, &ind); |
4445 | 417 | return len+data_offset-offset; |
4446 | 417 | } |
4447 | | |
4448 | | static int |
4449 | | dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
4450 | 398 | { |
4451 | 398 | dissect_ldap_pdu(tvb, pinfo, tree, false); |
4452 | 398 | return tvb_captured_length(tvb); |
4453 | 398 | } |
4454 | | |
4455 | | static int |
4456 | | dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_) |
4457 | 0 | { |
4458 | 0 | char *oid; |
4459 | 0 | const char *oidname; |
4460 | | |
4461 | | /* tvb here contains an ascii string that is really an oid */ |
4462 | | /* XXX we should convert the string oid into a real oid so we can use |
4463 | | * proto_tree_add_oid() instead. |
4464 | | */ |
4465 | |
|
4466 | 0 | oid=(char*)tvb_get_string_enc(pinfo->pool, tvb, 0, tvb_reported_length(tvb), ENC_UTF_8|ENC_NA); |
4467 | 0 | if(!oid){ |
4468 | 0 | return tvb_captured_length(tvb); |
4469 | 0 | } |
4470 | | |
4471 | 0 | oidname=oid_resolved_from_string(pinfo->pool, oid); |
4472 | |
|
4473 | 0 | if(oidname){ |
4474 | 0 | proto_tree_add_string_format_value(tree, hf_ldap_oid, tvb, 0, tvb_reported_length(tvb), oid, "%s (%s)",oid,oidname); |
4475 | 0 | } else { |
4476 | 0 | proto_tree_add_string(tree, hf_ldap_oid, tvb, 0, tvb_captured_length(tvb), oid); |
4477 | 0 | } |
4478 | 0 | return tvb_captured_length(tvb); |
4479 | 0 | } |
4480 | | |
4481 | 14 | #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001 |
4482 | 14 | #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002 |
4483 | 14 | #define LDAP_ACCESSMASK_ADS_LIST 0x00000004 |
4484 | 14 | #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008 |
4485 | 14 | #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010 |
4486 | 14 | #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020 |
4487 | 14 | #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040 |
4488 | 14 | #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080 |
4489 | 14 | #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100 |
4490 | | |
4491 | | static void |
4492 | | ldap_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access) |
4493 | 0 | { |
4494 | 0 | static int * const access_flags[] = { |
4495 | 0 | &hf_ldap_AccessMask_ADS_CONTROL_ACCESS, |
4496 | 0 | &hf_ldap_AccessMask_ADS_LIST_OBJECT, |
4497 | 0 | &hf_ldap_AccessMask_ADS_DELETE_TREE, |
4498 | 0 | &hf_ldap_AccessMask_ADS_WRITE_PROP, |
4499 | 0 | &hf_ldap_AccessMask_ADS_READ_PROP, |
4500 | 0 | &hf_ldap_AccessMask_ADS_SELF_WRITE, |
4501 | 0 | &hf_ldap_AccessMask_ADS_LIST, |
4502 | 0 | &hf_ldap_AccessMask_ADS_DELETE_CHILD, |
4503 | 0 | &hf_ldap_AccessMask_ADS_CREATE_CHILD, |
4504 | 0 | NULL |
4505 | 0 | }; |
4506 | |
|
4507 | 0 | proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access); |
4508 | 0 | } |
4509 | | |
4510 | | static struct access_mask_info ldap_access_mask_info = { |
4511 | | "LDAP", /* Name of specific rights */ |
4512 | | ldap_specific_rights, /* Dissection function */ |
4513 | | NULL, /* Generic mapping table */ |
4514 | | NULL /* Standard mapping table */ |
4515 | | }; |
4516 | | |
4517 | | static int |
4518 | | dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
4519 | 0 | { |
4520 | 0 | dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, true, tvb_reported_length(tvb), &ldap_access_mask_info); |
4521 | 0 | return tvb_captured_length(tvb); |
4522 | 0 | } |
4523 | | |
4524 | | static int |
4525 | | dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
4526 | 0 | { |
4527 | 0 | char *tmpstr; |
4528 | | |
4529 | | /* this octet string contains an NT SID */ |
4530 | 0 | dissect_nt_sid(tvb, pinfo, 0, tree, "SID", &tmpstr, hf_ldap_sid); |
4531 | 0 | ldapvalue_string=tmpstr; |
4532 | 0 | return tvb_captured_length(tvb); |
4533 | 0 | } |
4534 | | |
4535 | | static int |
4536 | | dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
4537 | 0 | { |
4538 | 0 | uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ |
4539 | 0 | e_guid_t uuid; |
4540 | | |
4541 | | /* This octet string contained a GUID */ |
4542 | 0 | dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid); |
4543 | |
|
4544 | 0 | ldapvalue_string=(char*)wmem_alloc(pinfo->pool, 1024); |
4545 | 0 | snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", |
4546 | 0 | uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1], |
4547 | 0 | uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5], |
4548 | 0 | uuid.data4[6], uuid.data4[7]); |
4549 | 0 | return tvb_captured_length(tvb); |
4550 | 0 | } |
4551 | | |
4552 | | static int |
4553 | | dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) |
4554 | 70 | { |
4555 | 70 | uint32_t sasl_len; |
4556 | 70 | uint32_t ldap_len; |
4557 | 70 | bool ind; |
4558 | 70 | conversation_t *conversation; |
4559 | 70 | ldap_conv_info_t *ldap_info = NULL; |
4560 | | |
4561 | | /* |
4562 | | * Do we have a conversation for this connection? |
4563 | | */ |
4564 | 70 | conversation = find_conversation_pinfo(pinfo, 0); |
4565 | 70 | if(conversation){ |
4566 | 70 | ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap); |
4567 | 70 | } |
4568 | | |
4569 | 70 | ldm_tree = NULL; |
4570 | | |
4571 | | /* This is a bit tricky. We have to find out whether SASL is used |
4572 | | * so that we know how big a header we are supposed to pass |
4573 | | * to tcp_dissect_pdus() |
4574 | | * We must also cope with the case when a client connects to LDAP |
4575 | | * and performs a few unauthenticated searches of LDAP before |
4576 | | * it performs the bind on the same tcp connection. |
4577 | | */ |
4578 | | /* check for a SASL header, i.e. assume it is SASL if |
4579 | | * 1, first four bytes (SASL length) is an integer |
4580 | | * with a value that must be <LDAP_SASL_MAX_BUF and >2 |
4581 | | * (>2 to fight false positives, 0x00000000 is a common |
4582 | | * "random" tcp payload) |
4583 | | * (SASL ldap PDUs might be >64k in size, which is why |
4584 | | * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h) |
4585 | | * |
4586 | | * 2, we must have a conversation and the auth type must |
4587 | | * be LDAP_AUTH_SASL |
4588 | | */ |
4589 | 70 | sasl_len=tvb_get_ntohl(tvb, 0); |
4590 | | |
4591 | 70 | if( sasl_len<2 ){ |
4592 | 2 | goto this_was_not_sasl; |
4593 | 2 | } |
4594 | | |
4595 | 68 | if( sasl_len>LDAP_SASL_MAX_BUF ){ |
4596 | 66 | goto this_was_not_sasl; |
4597 | 66 | } |
4598 | | |
4599 | 2 | if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){ |
4600 | 2 | goto this_was_not_sasl; |
4601 | 2 | } |
4602 | | |
4603 | 0 | tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data); |
4604 | 0 | return tvb_captured_length(tvb); |
4605 | | |
4606 | 70 | this_was_not_sasl: |
4607 | | /* check if it is a normal BER encoded LDAP packet |
4608 | | * i.e. first byte is 0x30 followed by a length that is |
4609 | | * <64k |
4610 | | * (no ldap PDUs are ever >64kb? ) |
4611 | | */ |
4612 | 70 | if(tvb_get_uint8(tvb, 0)!=0x30){ |
4613 | 8 | goto this_was_not_normal_ldap; |
4614 | 8 | } |
4615 | | |
4616 | | /* check that length makes sense */ |
4617 | 62 | get_ber_length(tvb, 1, &ldap_len, &ind); |
4618 | | |
4619 | | /* don't check ind since indefinite length is never used for ldap (famous last words)*/ |
4620 | 62 | if(ldap_len<2){ |
4621 | 2 | goto this_was_not_normal_ldap; |
4622 | 2 | } |
4623 | | |
4624 | | /* |
4625 | | * The minimum size of a LDAP pdu is 7 bytes |
4626 | | * |
4627 | | * dumpasn1 -hh ldap-unbind-min.dat |
4628 | | * |
4629 | | * <30 05 02 01 09 42 00> |
4630 | | * 0 5: SEQUENCE { |
4631 | | * <02 01 09> |
4632 | | * 2 1: INTEGER 9 |
4633 | | * <42 00> |
4634 | | * 5 0: [APPLICATION 2] |
4635 | | * : Error: Object has zero length. |
4636 | | * : } |
4637 | | * |
4638 | | * dumpasn1 -hh ldap-unbind-windows.dat |
4639 | | * |
4640 | | * <30 84 00 00 00 05 02 01 09 42 00> |
4641 | | * 0 5: SEQUENCE { |
4642 | | * <02 01 09> |
4643 | | * 6 1: INTEGER 9 |
4644 | | * <42 00> |
4645 | | * 9 0: [APPLICATION 2] |
4646 | | * : Error: Object has zero length. |
4647 | | * : } |
4648 | | * |
4649 | | * 6 bytes would also be ok to get the full length of |
4650 | | * the pdu, but as the smallest pdu can be 7 bytes |
4651 | | * we can use 7. |
4652 | | */ |
4653 | 60 | tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data); |
4654 | | |
4655 | 60 | goto end; |
4656 | | |
4657 | 10 | this_was_not_normal_ldap: |
4658 | | |
4659 | | /* Ok it might be a strange case of SASL still |
4660 | | * It has been seen with Exchange setup to MS AD |
4661 | | * when Exchange pretend that there is SASL but in fact data are still |
4662 | | * in clear*/ |
4663 | 10 | if ((sasl_len + 4) == (uint32_t)tvb_reported_length_remaining(tvb, 0)) |
4664 | 0 | tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data); |
4665 | 36 | end: |
4666 | 36 | return tvb_captured_length(tvb); |
4667 | 10 | } |
4668 | | |
4669 | | static int |
4670 | | dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
4671 | 115 | { |
4672 | 115 | dissect_ldap_pdu(tvb, pinfo, tree, true); |
4673 | 115 | return tvb_captured_length(tvb); |
4674 | 115 | } |
4675 | | |
4676 | | |
4677 | | /*--- proto_register_ldap -------------------------------------------*/ |
4678 | 14 | void proto_register_ldap(void) { |
4679 | | |
4680 | | /* List of fields */ |
4681 | | |
4682 | 14 | static hf_register_info hf[] = { |
4683 | | |
4684 | 14 | { &hf_ldap_sasl_buffer_length, |
4685 | 14 | { "SASL Buffer Length", "ldap.sasl_buffer_length", |
4686 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
4687 | 14 | NULL, HFILL }}, |
4688 | 14 | { &hf_ldap_response_in, |
4689 | 14 | { "Response In", "ldap.response_in", |
4690 | 14 | FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0x0, |
4691 | 14 | "The response to this LDAP request is in this frame", HFILL }}, |
4692 | 14 | { &hf_ldap_response_to, |
4693 | 14 | { "Response To", "ldap.response_to", |
4694 | 14 | FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0x0, |
4695 | 14 | "This is a response to the LDAP request in this frame", HFILL }}, |
4696 | 14 | { &hf_ldap_time, |
4697 | 14 | { "Time", "ldap.time", |
4698 | 14 | FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, |
4699 | 14 | "The time between the Call and the Reply", HFILL }}, |
4700 | | |
4701 | 14 | { &hf_mscldap_netlogon_opcode, |
4702 | 14 | { "Operation code", "mscldap.netlogon.opcode", |
4703 | 14 | FT_UINT16, BASE_DEC, VALS(netlogon_opcode_vals), 0x0, |
4704 | 14 | "LDAP ping operation code", HFILL }}, |
4705 | | |
4706 | 14 | { &hf_mscldap_netlogon_ipaddress_family, |
4707 | 14 | { "Family", "mscldap.netlogon.ipaddress.family", |
4708 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
4709 | 14 | NULL, HFILL }}, |
4710 | | |
4711 | 14 | { &hf_mscldap_netlogon_ipaddress_ipv4, |
4712 | 14 | { "IPv4", "mscldap.netlogon.ipaddress.ipv4", |
4713 | 14 | FT_IPv4, BASE_NONE, NULL, 0x0, |
4714 | 14 | "IP Address", HFILL }}, |
4715 | | |
4716 | 14 | { &hf_mscldap_netlogon_ipaddress_port, |
4717 | 14 | { "Port", "mscldap.netlogon.ipaddress.port", |
4718 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
4719 | 14 | NULL, HFILL }}, |
4720 | | |
4721 | 14 | { &hf_mscldap_netlogon_ipaddress_zero, |
4722 | 14 | { "Reserved", "mscldap.netlogon.ipaddress.zero", |
4723 | 14 | FT_BYTES, BASE_NONE, NULL, 0x0, |
4724 | 14 | "MUST be set to zero", HFILL }}, |
4725 | | |
4726 | 14 | { &hf_mscldap_netlogon_ipaddress, |
4727 | 14 | { "IP Address","mscldap.netlogon.ipaddress", |
4728 | 14 | FT_IPv4, BASE_NONE, NULL, 0x0, |
4729 | 14 | "Domain Controller IP Address", HFILL }}, |
4730 | | |
4731 | 14 | { &hf_mscldap_netlogon_lm_token, |
4732 | 14 | { "LM Token", "mscldap.netlogon.lm_token", |
4733 | 14 | FT_UINT16, BASE_HEX, NULL, 0x0, |
4734 | 14 | "MUST be set to 0xFFFF", HFILL }}, |
4735 | | |
4736 | 14 | { &hf_mscldap_netlogon_nt_token, |
4737 | 14 | { "NT Token", "mscldap.netlogon.nt_token", |
4738 | 14 | FT_UINT16, BASE_HEX, NULL, 0x0, |
4739 | 14 | "MUST be set to 0xFFFF", HFILL }}, |
4740 | | |
4741 | 14 | { &hf_mscldap_netlogon_flags, |
4742 | 14 | { "Flags", "mscldap.netlogon.flags", |
4743 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, |
4744 | 14 | "Netlogon flags describing the DC properties", HFILL }}, |
4745 | | |
4746 | 14 | { &hf_mscldap_ntver_flags, |
4747 | 14 | { "Version Flags", "mscldap.ntver.flags", |
4748 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, |
4749 | 14 | "NETLOGON_NT_VERSION Options Bits", HFILL }}, |
4750 | | |
4751 | 14 | { &hf_mscldap_domain_guid, |
4752 | 14 | { "Domain GUID", "mscldap.domain.guid", |
4753 | 14 | FT_GUID, BASE_NONE, NULL, 0x0, |
4754 | 14 | "Value of the NC's GUID attribute", HFILL }}, |
4755 | | |
4756 | 14 | { &hf_mscldap_forest, |
4757 | 14 | { "Forest", "mscldap.forest", |
4758 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4759 | 14 | "DNS name of the forest", HFILL }}, |
4760 | | |
4761 | 14 | { &hf_mscldap_domain, |
4762 | 14 | { "Domain", "mscldap.domain", |
4763 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4764 | 14 | "DNS name of the NC", HFILL }}, |
4765 | | |
4766 | 14 | { &hf_mscldap_hostname, |
4767 | 14 | { "Hostname", "mscldap.hostname", |
4768 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4769 | 14 | "DNS name of server", HFILL }}, |
4770 | | |
4771 | 14 | { &hf_mscldap_nb_domain_z, |
4772 | 14 | { "NetBIOS Domain", "mscldap.nb_domain", |
4773 | 14 | FT_STRINGZ, BASE_NONE, NULL, 0x0, |
4774 | 14 | "NetBIOS name of the NC", HFILL }}, |
4775 | | |
4776 | 14 | { &hf_mscldap_nb_domain, |
4777 | 14 | { "NetBIOS Domain", "mscldap.nb_domain", |
4778 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4779 | 14 | "NetBIOS name of the NC", HFILL }}, |
4780 | | |
4781 | 14 | { &hf_mscldap_nb_hostname_z, |
4782 | 14 | { "NetBIOS Hostname", "mscldap.nb_hostname", |
4783 | 14 | FT_STRINGZ, BASE_NONE, NULL, 0x0, |
4784 | 14 | "NetBIOS name of the server", HFILL }}, |
4785 | | |
4786 | 14 | { &hf_mscldap_nb_hostname, |
4787 | 14 | { "NetBIOS Hostname", "mscldap.nb_hostname", |
4788 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4789 | 14 | "NetBIOS name of the server", HFILL }}, |
4790 | | |
4791 | 14 | { &hf_mscldap_username_z, |
4792 | 14 | { "Username", "mscldap.username", |
4793 | 14 | FT_STRINGZ, BASE_NONE, NULL, 0x0, |
4794 | 14 | "User specified in client's request", HFILL }}, |
4795 | | |
4796 | 14 | { &hf_mscldap_username, |
4797 | 14 | { "Username", "mscldap.username", |
4798 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4799 | 14 | "User specified in client's request", HFILL }}, |
4800 | | |
4801 | 14 | { &hf_mscldap_sitename, |
4802 | 14 | { "Server Site", "mscldap.sitename", |
4803 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4804 | 14 | "Site name of the server", HFILL }}, |
4805 | | |
4806 | 14 | { &hf_mscldap_clientsitename, |
4807 | 14 | { "Client Site", "mscldap.clientsitename", |
4808 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4809 | 14 | "Site name of the client", HFILL }}, |
4810 | | |
4811 | 14 | { &hf_mscldap_nextclosestsitename, |
4812 | 14 | { "Next Closest Site", "mscldap.nextclosestsitename", |
4813 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4814 | 14 | "Name of the site that is closest by cost to ClientSiteName without being equal", HFILL }}, |
4815 | | |
4816 | 14 | { &hf_ldap_sid, |
4817 | 14 | { "Sid", "ldap.sid", |
4818 | 14 | FT_STRING, BASE_NONE, NULL, 0x0, |
4819 | 14 | NULL, HFILL }}, |
4820 | | |
4821 | 14 | { &hf_mscldap_ntver_flags_v1, |
4822 | 14 | { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32, |
4823 | 14 | TFS(&tfs_ntver_v1), 0x00000001, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4824 | | |
4825 | 14 | { &hf_mscldap_ntver_flags_v5, |
4826 | 14 | { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32, |
4827 | 14 | TFS(&tfs_ntver_v5), 0x00000002, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4828 | | |
4829 | 14 | { &hf_mscldap_ntver_flags_v5ex, |
4830 | 14 | { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32, |
4831 | 14 | TFS(&tfs_ntver_v5ex), 0x00000004, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4832 | | |
4833 | 14 | { &hf_mscldap_ntver_flags_v5ep, |
4834 | 14 | { "V5EP", "mscldap.ntver.searchflags.v5ep", FT_BOOLEAN, 32, |
4835 | 14 | TFS(&tfs_ntver_v5ep), 0x00000008, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4836 | | |
4837 | 14 | { &hf_mscldap_ntver_flags_vcs, |
4838 | 14 | { "VCS", "mscldap.ntver.searchflags.vcs", FT_BOOLEAN, 32, |
4839 | 14 | TFS(&tfs_ntver_vcs), 0x00000010, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4840 | | |
4841 | 14 | { &hf_mscldap_ntver_flags_vnt4, |
4842 | 14 | { "VNT4", "mscldap.ntver.searchflags.vnt4", FT_BOOLEAN, 32, |
4843 | 14 | TFS(&tfs_ntver_vnt4), 0x01000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4844 | | |
4845 | 14 | { &hf_mscldap_ntver_flags_vpdc, |
4846 | 14 | { "VPDC", "mscldap.ntver.searchflags.vpdc", FT_BOOLEAN, 32, |
4847 | 14 | TFS(&tfs_ntver_vpdc), 0x10000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4848 | | |
4849 | 14 | { &hf_mscldap_ntver_flags_vip, |
4850 | 14 | { "VIP", "mscldap.ntver.searchflags.vip", FT_BOOLEAN, 32, |
4851 | 14 | TFS(&tfs_ntver_vip), 0x20000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4852 | | |
4853 | 14 | { &hf_mscldap_ntver_flags_vl, |
4854 | 14 | { "VL", "mscldap.ntver.searchflags.vl", FT_BOOLEAN, 32, |
4855 | 14 | TFS(&tfs_ntver_vl), 0x40000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4856 | | |
4857 | 14 | { &hf_mscldap_ntver_flags_vgc, |
4858 | 14 | { "VGC", "mscldap.ntver.searchflags.vgc", FT_BOOLEAN, 32, |
4859 | 14 | TFS(&tfs_ntver_vgc), 0x80000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, |
4860 | | |
4861 | | |
4862 | 14 | { &hf_mscldap_netlogon_flags_pdc, |
4863 | 14 | { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32, |
4864 | 14 | TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }}, |
4865 | | |
4866 | 14 | { &hf_mscldap_netlogon_flags_gc, |
4867 | 14 | { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32, |
4868 | 14 | TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }}, |
4869 | | |
4870 | 14 | { &hf_mscldap_netlogon_flags_ldap, |
4871 | 14 | { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32, |
4872 | 14 | TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }}, |
4873 | | |
4874 | 14 | { &hf_mscldap_netlogon_flags_ds, |
4875 | 14 | { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32, |
4876 | 14 | TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }}, |
4877 | | |
4878 | 14 | { &hf_mscldap_netlogon_flags_kdc, |
4879 | 14 | { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32, |
4880 | 14 | TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }}, |
4881 | | |
4882 | 14 | { &hf_mscldap_netlogon_flags_timeserv, |
4883 | 14 | { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32, |
4884 | 14 | TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }}, |
4885 | | |
4886 | 14 | { &hf_mscldap_netlogon_flags_closest, |
4887 | 14 | { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32, |
4888 | 14 | TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }}, |
4889 | | |
4890 | 14 | { &hf_mscldap_netlogon_flags_writable, |
4891 | 14 | { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32, |
4892 | 14 | TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }}, |
4893 | | |
4894 | 14 | { &hf_mscldap_netlogon_flags_good_timeserv, |
4895 | 14 | { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32, |
4896 | 14 | TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }}, |
4897 | | |
4898 | 14 | { &hf_mscldap_netlogon_flags_ndnc, |
4899 | 14 | { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32, |
4900 | 14 | TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }}, |
4901 | | |
4902 | 14 | { &hf_mscldap_netlogon_flags_rodc, |
4903 | 14 | { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32, |
4904 | 14 | TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }}, |
4905 | | |
4906 | 14 | { &hf_mscldap_netlogon_flags_wdc, |
4907 | 14 | { "WDC", "mscldap.netlogon.flags.writabledc", FT_BOOLEAN, 32, |
4908 | 14 | TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }}, |
4909 | | |
4910 | 14 | { &hf_mscldap_netlogon_flags_dns, |
4911 | 14 | { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32, |
4912 | 14 | TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }}, |
4913 | | |
4914 | 14 | { &hf_mscldap_netlogon_flags_dnc, |
4915 | 14 | { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32, |
4916 | 14 | TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }}, |
4917 | | |
4918 | 14 | { &hf_mscldap_netlogon_flags_fnc, |
4919 | 14 | { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32, |
4920 | 14 | TFS(&tfs_ads_fnc), 0x80000000, "Is the NC the default forest root(Windows 2008)?", HFILL }}, |
4921 | | |
4922 | 14 | { &hf_ldap_guid, |
4923 | 14 | { "GUID", "ldap.guid", FT_GUID, BASE_NONE, |
4924 | 14 | NULL, 0, NULL, HFILL }}, |
4925 | | |
4926 | 14 | { &hf_ldap_AccessMask_ADS_CREATE_CHILD, |
4927 | 14 | { "Ads Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }}, |
4928 | | |
4929 | 14 | { &hf_ldap_AccessMask_ADS_DELETE_CHILD, |
4930 | 14 | { "Ads Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }}, |
4931 | | |
4932 | 14 | { &hf_ldap_AccessMask_ADS_LIST, |
4933 | 14 | { "Ads List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }}, |
4934 | | |
4935 | 14 | { &hf_ldap_AccessMask_ADS_SELF_WRITE, |
4936 | 14 | { "Ads Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }}, |
4937 | | |
4938 | 14 | { &hf_ldap_AccessMask_ADS_READ_PROP, |
4939 | 14 | { "Ads Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }}, |
4940 | | |
4941 | 14 | { &hf_ldap_AccessMask_ADS_WRITE_PROP, |
4942 | 14 | { "Ads Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }}, |
4943 | | |
4944 | 14 | { &hf_ldap_AccessMask_ADS_DELETE_TREE, |
4945 | 14 | { "Ads Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }}, |
4946 | | |
4947 | 14 | { &hf_ldap_AccessMask_ADS_LIST_OBJECT, |
4948 | 14 | { "Ads List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }}, |
4949 | | |
4950 | 14 | { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS, |
4951 | 14 | { "Ads Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }}, |
4952 | | |
4953 | 14 | { &hf_ldap_LDAPMessage_PDU, |
4954 | 14 | { "LDAPMessage", "ldap.LDAPMessage_element", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, |
4955 | | |
4956 | 14 | { &hf_ldap_object_security_flag, |
4957 | 14 | { "Flag Object_Security", "ldap.object_security_flag", FT_BOOLEAN, 32, NULL, 0x00000001, NULL, HFILL }}, |
4958 | | |
4959 | 14 | { &hf_ldap_ancestor_first_flag, |
4960 | 14 | { "Flag Ancestor_First", "ldap.ancestor_first_flag", FT_BOOLEAN, 32, NULL, 0x00000800, NULL, HFILL }}, |
4961 | | |
4962 | 14 | { &hf_ldap_public_data_only_flag, |
4963 | 14 | { "Flag Public_Data_Only", "ldap.public_data_only_flag", FT_BOOLEAN, 32, NULL, 0x00002000, NULL, HFILL }}, |
4964 | | |
4965 | 14 | { &hf_ldap_incremental_value_flag, |
4966 | 14 | { "Flag Incremental_Value", "ldap.incremental_value_flag", FT_BOOLEAN, 32, NULL, 0x80000000, NULL, HFILL }}, |
4967 | | |
4968 | 14 | { &hf_ldap_oid, |
4969 | 14 | { "OID", "ldap.oid", FT_STRING, BASE_NONE, |
4970 | 14 | NULL, 0, NULL, HFILL }}, |
4971 | | |
4972 | 14 | { &hf_ldap_gssapi_encrypted_payload, |
4973 | 14 | { "GSS-API Encrypted payload", "ldap.gssapi_encrypted_payload", FT_BYTES, BASE_NONE, |
4974 | 14 | NULL, 0, NULL, HFILL }}, |
4975 | | |
4976 | 14 | { &hf_ldap_SearchControlValue_PDU, |
4977 | 14 | { "SearchControlValue", "ldap.SearchControlValue_element", |
4978 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
4979 | 14 | NULL, HFILL }}, |
4980 | 14 | { &hf_ldap_SortKeyList_PDU, |
4981 | 14 | { "SortKeyList", "ldap.SortKeyList", |
4982 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
4983 | 14 | NULL, HFILL }}, |
4984 | 14 | { &hf_ldap_SortResult_PDU, |
4985 | 14 | { "SortResult", "ldap.SortResult_element", |
4986 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
4987 | 14 | NULL, HFILL }}, |
4988 | 14 | { &hf_ldap_DirSyncControlValue_PDU, |
4989 | 14 | { "DirSyncControlValue", "ldap.DirSyncControlValue_element", |
4990 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
4991 | 14 | NULL, HFILL }}, |
4992 | 14 | { &hf_ldap_PasswdModifyRequestValue_PDU, |
4993 | 14 | { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue_element", |
4994 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
4995 | 14 | NULL, HFILL }}, |
4996 | 14 | { &hf_ldap_CancelRequestValue_PDU, |
4997 | 14 | { "CancelRequestValue", "ldap.CancelRequestValue_element", |
4998 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
4999 | 14 | NULL, HFILL }}, |
5000 | 14 | { &hf_ldap_SyncRequestValue_PDU, |
5001 | 14 | { "SyncRequestValue", "ldap.SyncRequestValue_element", |
5002 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5003 | 14 | NULL, HFILL }}, |
5004 | 14 | { &hf_ldap_SyncStateValue_PDU, |
5005 | 14 | { "SyncStateValue", "ldap.SyncStateValue_element", |
5006 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5007 | 14 | NULL, HFILL }}, |
5008 | 14 | { &hf_ldap_SyncDoneValue_PDU, |
5009 | 14 | { "SyncDoneValue", "ldap.SyncDoneValue_element", |
5010 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5011 | 14 | NULL, HFILL }}, |
5012 | 14 | { &hf_ldap_SyncInfoValue_PDU, |
5013 | 14 | { "SyncInfoValue", "ldap.SyncInfoValue", |
5014 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0, |
5015 | 14 | NULL, HFILL }}, |
5016 | 14 | { &hf_ldap_PasswordPolicyResponseValue_PDU, |
5017 | 14 | { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue_element", |
5018 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5019 | 14 | NULL, HFILL }}, |
5020 | 14 | { &hf_ldap_messageID, |
5021 | 14 | { "messageID", "ldap.messageID", |
5022 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5023 | 14 | NULL, HFILL }}, |
5024 | 14 | { &hf_ldap_protocolOp, |
5025 | 14 | { "protocolOp", "ldap.protocolOp", |
5026 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0, |
5027 | 14 | NULL, HFILL }}, |
5028 | 14 | { &hf_ldap_controls, |
5029 | 14 | { "controls", "ldap.controls", |
5030 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5031 | 14 | NULL, HFILL }}, |
5032 | 14 | { &hf_ldap_bindRequest, |
5033 | 14 | { "bindRequest", "ldap.bindRequest_element", |
5034 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5035 | 14 | NULL, HFILL }}, |
5036 | 14 | { &hf_ldap_bindResponse, |
5037 | 14 | { "bindResponse", "ldap.bindResponse_element", |
5038 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5039 | 14 | NULL, HFILL }}, |
5040 | 14 | { &hf_ldap_unbindRequest, |
5041 | 14 | { "unbindRequest", "ldap.unbindRequest_element", |
5042 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5043 | 14 | NULL, HFILL }}, |
5044 | 14 | { &hf_ldap_searchRequest, |
5045 | 14 | { "searchRequest", "ldap.searchRequest_element", |
5046 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5047 | 14 | NULL, HFILL }}, |
5048 | 14 | { &hf_ldap_searchResEntry, |
5049 | 14 | { "searchResEntry", "ldap.searchResEntry_element", |
5050 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5051 | 14 | "SearchResultEntry", HFILL }}, |
5052 | 14 | { &hf_ldap_searchResDone, |
5053 | 14 | { "searchResDone", "ldap.searchResDone_element", |
5054 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5055 | 14 | "SearchResultDone", HFILL }}, |
5056 | 14 | { &hf_ldap_searchResRef, |
5057 | 14 | { "searchResRef", "ldap.searchResRef", |
5058 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5059 | 14 | "SearchResultReference", HFILL }}, |
5060 | 14 | { &hf_ldap_modifyRequest, |
5061 | 14 | { "modifyRequest", "ldap.modifyRequest_element", |
5062 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5063 | 14 | NULL, HFILL }}, |
5064 | 14 | { &hf_ldap_modifyResponse, |
5065 | 14 | { "modifyResponse", "ldap.modifyResponse_element", |
5066 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5067 | 14 | NULL, HFILL }}, |
5068 | 14 | { &hf_ldap_addRequest, |
5069 | 14 | { "addRequest", "ldap.addRequest_element", |
5070 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5071 | 14 | NULL, HFILL }}, |
5072 | 14 | { &hf_ldap_addResponse, |
5073 | 14 | { "addResponse", "ldap.addResponse_element", |
5074 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5075 | 14 | NULL, HFILL }}, |
5076 | 14 | { &hf_ldap_delRequest, |
5077 | 14 | { "delRequest", "ldap.delRequest", |
5078 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5079 | 14 | NULL, HFILL }}, |
5080 | 14 | { &hf_ldap_delResponse, |
5081 | 14 | { "delResponse", "ldap.delResponse_element", |
5082 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5083 | 14 | NULL, HFILL }}, |
5084 | 14 | { &hf_ldap_modDNRequest, |
5085 | 14 | { "modDNRequest", "ldap.modDNRequest_element", |
5086 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5087 | 14 | "ModifyDNRequest", HFILL }}, |
5088 | 14 | { &hf_ldap_modDNResponse, |
5089 | 14 | { "modDNResponse", "ldap.modDNResponse_element", |
5090 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5091 | 14 | "ModifyDNResponse", HFILL }}, |
5092 | 14 | { &hf_ldap_compareRequest, |
5093 | 14 | { "compareRequest", "ldap.compareRequest_element", |
5094 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5095 | 14 | NULL, HFILL }}, |
5096 | 14 | { &hf_ldap_compareResponse, |
5097 | 14 | { "compareResponse", "ldap.compareResponse_element", |
5098 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5099 | 14 | NULL, HFILL }}, |
5100 | 14 | { &hf_ldap_abandonRequest, |
5101 | 14 | { "abandonRequest", "ldap.abandonRequest", |
5102 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5103 | 14 | NULL, HFILL }}, |
5104 | 14 | { &hf_ldap_extendedReq, |
5105 | 14 | { "extendedReq", "ldap.extendedReq_element", |
5106 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5107 | 14 | "ExtendedRequest", HFILL }}, |
5108 | 14 | { &hf_ldap_extendedResp, |
5109 | 14 | { "extendedResp", "ldap.extendedResp_element", |
5110 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5111 | 14 | "ExtendedResponse", HFILL }}, |
5112 | 14 | { &hf_ldap_intermediateResponse, |
5113 | 14 | { "intermediateResponse", "ldap.intermediateResponse_element", |
5114 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5115 | 14 | NULL, HFILL }}, |
5116 | 14 | { &hf_ldap_AttributeDescriptionList_item, |
5117 | 14 | { "AttributeDescription", "ldap.AttributeDescription", |
5118 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5119 | 14 | NULL, HFILL }}, |
5120 | 14 | { &hf_ldap_attributeDesc, |
5121 | 14 | { "attributeDesc", "ldap.attributeDesc", |
5122 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5123 | 14 | "AttributeDescription", HFILL }}, |
5124 | 14 | { &hf_ldap_assertionValue, |
5125 | 14 | { "assertionValue", "ldap.assertionValue", |
5126 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5127 | 14 | NULL, HFILL }}, |
5128 | 14 | { &hf_ldap_type, |
5129 | 14 | { "type", "ldap.type", |
5130 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5131 | 14 | "AttributeDescription", HFILL }}, |
5132 | 14 | { &hf_ldap_vals, |
5133 | 14 | { "vals", "ldap.vals", |
5134 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5135 | 14 | "SET_OF_AttributeValue", HFILL }}, |
5136 | 14 | { &hf_ldap_vals_item, |
5137 | 14 | { "AttributeValue", "ldap.AttributeValue", |
5138 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5139 | 14 | NULL, HFILL }}, |
5140 | 14 | { &hf_ldap_resultCode, |
5141 | 14 | { "resultCode", "ldap.resultCode", |
5142 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0, |
5143 | 14 | NULL, HFILL }}, |
5144 | 14 | { &hf_ldap_matchedDN, |
5145 | 14 | { "matchedDN", "ldap.matchedDN", |
5146 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5147 | 14 | "LDAPDN", HFILL }}, |
5148 | 14 | { &hf_ldap_errorMessage, |
5149 | 14 | { "errorMessage", "ldap.errorMessage", |
5150 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5151 | 14 | NULL, HFILL }}, |
5152 | 14 | { &hf_ldap_referral, |
5153 | 14 | { "referral", "ldap.referral", |
5154 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5155 | 14 | NULL, HFILL }}, |
5156 | 14 | { &hf_ldap_Referral_item, |
5157 | 14 | { "LDAPURL", "ldap.LDAPURL", |
5158 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5159 | 14 | NULL, HFILL }}, |
5160 | 14 | { &hf_ldap_Controls_item, |
5161 | 14 | { "Control", "ldap.Control_element", |
5162 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5163 | 14 | NULL, HFILL }}, |
5164 | 14 | { &hf_ldap_controlType, |
5165 | 14 | { "controlType", "ldap.controlType", |
5166 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5167 | 14 | NULL, HFILL }}, |
5168 | 14 | { &hf_ldap_criticality, |
5169 | 14 | { "criticality", "ldap.criticality", |
5170 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5171 | 14 | "BOOLEAN", HFILL }}, |
5172 | 14 | { &hf_ldap_controlValue, |
5173 | 14 | { "controlValue", "ldap.controlValue", |
5174 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5175 | 14 | NULL, HFILL }}, |
5176 | 14 | { &hf_ldap_version, |
5177 | 14 | { "version", "ldap.version", |
5178 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5179 | 14 | "INTEGER_1_127", HFILL }}, |
5180 | 14 | { &hf_ldap_name, |
5181 | 14 | { "name", "ldap.name", |
5182 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5183 | 14 | "LDAPDN", HFILL }}, |
5184 | 14 | { &hf_ldap_authentication, |
5185 | 14 | { "authentication", "ldap.authentication", |
5186 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0, |
5187 | 14 | "AuthenticationChoice", HFILL }}, |
5188 | 14 | { &hf_ldap_simple, |
5189 | 14 | { "simple", "ldap.simple", |
5190 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5191 | 14 | NULL, HFILL }}, |
5192 | 14 | { &hf_ldap_sasl, |
5193 | 14 | { "sasl", "ldap.sasl_element", |
5194 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5195 | 14 | "SaslCredentials", HFILL }}, |
5196 | 14 | { &hf_ldap_ntlmsspNegotiate, |
5197 | 14 | { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate", |
5198 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5199 | 14 | NULL, HFILL }}, |
5200 | 14 | { &hf_ldap_ntlmsspAuth, |
5201 | 14 | { "ntlmsspAuth", "ldap.ntlmsspAuth", |
5202 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5203 | 14 | NULL, HFILL }}, |
5204 | 14 | { &hf_ldap_mechanism, |
5205 | 14 | { "mechanism", "ldap.mechanism", |
5206 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5207 | 14 | NULL, HFILL }}, |
5208 | 14 | { &hf_ldap_credentials, |
5209 | 14 | { "credentials", "ldap.credentials", |
5210 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5211 | 14 | NULL, HFILL }}, |
5212 | 14 | { &hf_ldap_bindResponse_resultCode, |
5213 | 14 | { "resultCode", "ldap.bindResponse_resultCode", |
5214 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0, |
5215 | 14 | "BindResponse_resultCode", HFILL }}, |
5216 | 14 | { &hf_ldap_bindResponse_matchedDN, |
5217 | 14 | { "matchedDN", "ldap.bindResponse_matchedDN", |
5218 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5219 | 14 | "T_bindResponse_matchedDN", HFILL }}, |
5220 | 14 | { &hf_ldap_serverSaslCreds, |
5221 | 14 | { "serverSaslCreds", "ldap.serverSaslCreds", |
5222 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5223 | 14 | NULL, HFILL }}, |
5224 | 14 | { &hf_ldap_baseObject, |
5225 | 14 | { "baseObject", "ldap.baseObject", |
5226 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5227 | 14 | "LDAPDN", HFILL }}, |
5228 | 14 | { &hf_ldap_scope, |
5229 | 14 | { "scope", "ldap.scope", |
5230 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0, |
5231 | 14 | NULL, HFILL }}, |
5232 | 14 | { &hf_ldap_derefAliases, |
5233 | 14 | { "derefAliases", "ldap.derefAliases", |
5234 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0, |
5235 | 14 | NULL, HFILL }}, |
5236 | 14 | { &hf_ldap_sizeLimit, |
5237 | 14 | { "sizeLimit", "ldap.sizeLimit", |
5238 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5239 | 14 | "INTEGER_0_maxInt", HFILL }}, |
5240 | 14 | { &hf_ldap_timeLimit, |
5241 | 14 | { "timeLimit", "ldap.timeLimit", |
5242 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5243 | 14 | "INTEGER_0_maxInt", HFILL }}, |
5244 | 14 | { &hf_ldap_typesOnly, |
5245 | 14 | { "typesOnly", "ldap.typesOnly", |
5246 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5247 | 14 | "BOOLEAN", HFILL }}, |
5248 | 14 | { &hf_ldap_filter, |
5249 | 14 | { "filter", "ldap.filter", |
5250 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, |
5251 | 14 | NULL, HFILL }}, |
5252 | 14 | { &hf_ldap_searchRequest_attributes, |
5253 | 14 | { "attributes", "ldap.searchRequest_attributes", |
5254 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5255 | 14 | "AttributeDescriptionList", HFILL }}, |
5256 | 14 | { &hf_ldap_and, |
5257 | 14 | { "and", "ldap.and", |
5258 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5259 | 14 | NULL, HFILL }}, |
5260 | 14 | { &hf_ldap_and_item, |
5261 | 14 | { "and item", "ldap.and_item", |
5262 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, |
5263 | 14 | NULL, HFILL }}, |
5264 | 14 | { &hf_ldap_or, |
5265 | 14 | { "or", "ldap.or", |
5266 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5267 | 14 | NULL, HFILL }}, |
5268 | 14 | { &hf_ldap_or_item, |
5269 | 14 | { "or item", "ldap.or_item", |
5270 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, |
5271 | 14 | NULL, HFILL }}, |
5272 | 14 | { &hf_ldap_not, |
5273 | 14 | { "not", "ldap.not", |
5274 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, |
5275 | 14 | NULL, HFILL }}, |
5276 | 14 | { &hf_ldap_equalityMatch, |
5277 | 14 | { "equalityMatch", "ldap.equalityMatch_element", |
5278 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5279 | 14 | NULL, HFILL }}, |
5280 | 14 | { &hf_ldap_substrings, |
5281 | 14 | { "substrings", "ldap.substrings_element", |
5282 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5283 | 14 | "SubstringFilter", HFILL }}, |
5284 | 14 | { &hf_ldap_greaterOrEqual, |
5285 | 14 | { "greaterOrEqual", "ldap.greaterOrEqual_element", |
5286 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5287 | 14 | NULL, HFILL }}, |
5288 | 14 | { &hf_ldap_lessOrEqual, |
5289 | 14 | { "lessOrEqual", "ldap.lessOrEqual_element", |
5290 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5291 | 14 | NULL, HFILL }}, |
5292 | 14 | { &hf_ldap_present, |
5293 | 14 | { "present", "ldap.present", |
5294 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5295 | 14 | NULL, HFILL }}, |
5296 | 14 | { &hf_ldap_approxMatch, |
5297 | 14 | { "approxMatch", "ldap.approxMatch_element", |
5298 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5299 | 14 | NULL, HFILL }}, |
5300 | 14 | { &hf_ldap_extensibleMatch, |
5301 | 14 | { "extensibleMatch", "ldap.extensibleMatch_element", |
5302 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5303 | 14 | NULL, HFILL }}, |
5304 | 14 | { &hf_ldap_substringFilter_substrings, |
5305 | 14 | { "substrings", "ldap.substringFilter_substrings", |
5306 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5307 | 14 | "T_substringFilter_substrings", HFILL }}, |
5308 | 14 | { &hf_ldap_substringFilter_substrings_item, |
5309 | 14 | { "substrings item", "ldap.substringFilter_substrings_item", |
5310 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0, |
5311 | 14 | "T_substringFilter_substrings_item", HFILL }}, |
5312 | 14 | { &hf_ldap_initial, |
5313 | 14 | { "initial", "ldap.initial", |
5314 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5315 | 14 | "LDAPString", HFILL }}, |
5316 | 14 | { &hf_ldap_any, |
5317 | 14 | { "any", "ldap.any", |
5318 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5319 | 14 | "LDAPString", HFILL }}, |
5320 | 14 | { &hf_ldap_final, |
5321 | 14 | { "final", "ldap.final", |
5322 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5323 | 14 | "LDAPString", HFILL }}, |
5324 | 14 | { &hf_ldap_matchingRule, |
5325 | 14 | { "matchingRule", "ldap.matchingRule", |
5326 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5327 | 14 | "MatchingRuleId", HFILL }}, |
5328 | 14 | { &hf_ldap_matchValue, |
5329 | 14 | { "matchValue", "ldap.matchValue", |
5330 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5331 | 14 | "AssertionValue", HFILL }}, |
5332 | 14 | { &hf_ldap_dnAttributes, |
5333 | 14 | { "dnAttributes", "ldap.dnAttributes", |
5334 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5335 | 14 | NULL, HFILL }}, |
5336 | 14 | { &hf_ldap_objectName, |
5337 | 14 | { "objectName", "ldap.objectName", |
5338 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5339 | 14 | "LDAPDN", HFILL }}, |
5340 | 14 | { &hf_ldap_searchResultEntry_attributes, |
5341 | 14 | { "attributes", "ldap.searchResultEntry_attributes", |
5342 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5343 | 14 | "PartialAttributeList", HFILL }}, |
5344 | 14 | { &hf_ldap_PartialAttributeList_item, |
5345 | 14 | { "PartialAttributeList item", "ldap.PartialAttributeList_item_element", |
5346 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5347 | 14 | NULL, HFILL }}, |
5348 | 14 | { &hf_ldap__untag_item, |
5349 | 14 | { "LDAPURL", "ldap.LDAPURL", |
5350 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5351 | 14 | NULL, HFILL }}, |
5352 | 14 | { &hf_ldap_object, |
5353 | 14 | { "object", "ldap.object", |
5354 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5355 | 14 | "LDAPDN", HFILL }}, |
5356 | 14 | { &hf_ldap_modifyRequest_modification, |
5357 | 14 | { "modification", "ldap.modifyRequest_modification", |
5358 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5359 | 14 | "ModifyRequest_modification", HFILL }}, |
5360 | 14 | { &hf_ldap_modifyRequest_modification_item, |
5361 | 14 | { "modification item", "ldap.modifyRequest_modification_item_element", |
5362 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5363 | 14 | "T_modifyRequest_modification_item", HFILL }}, |
5364 | 14 | { &hf_ldap_operation, |
5365 | 14 | { "operation", "ldap.operation", |
5366 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0, |
5367 | 14 | NULL, HFILL }}, |
5368 | 14 | { &hf_ldap_modification, |
5369 | 14 | { "modification", "ldap.modification_element", |
5370 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5371 | 14 | "AttributeTypeAndValues", HFILL }}, |
5372 | 14 | { &hf_ldap_entry, |
5373 | 14 | { "entry", "ldap.entry", |
5374 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5375 | 14 | "LDAPDN", HFILL }}, |
5376 | 14 | { &hf_ldap_attributes, |
5377 | 14 | { "attributes", "ldap.attributes", |
5378 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5379 | 14 | "AttributeList", HFILL }}, |
5380 | 14 | { &hf_ldap_AttributeList_item, |
5381 | 14 | { "AttributeList item", "ldap.AttributeList_item_element", |
5382 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5383 | 14 | NULL, HFILL }}, |
5384 | 14 | { &hf_ldap_newrdn, |
5385 | 14 | { "newrdn", "ldap.newrdn", |
5386 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5387 | 14 | "RelativeLDAPDN", HFILL }}, |
5388 | 14 | { &hf_ldap_deleteoldrdn, |
5389 | 14 | { "deleteoldrdn", "ldap.deleteoldrdn", |
5390 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5391 | 14 | "BOOLEAN", HFILL }}, |
5392 | 14 | { &hf_ldap_newSuperior, |
5393 | 14 | { "newSuperior", "ldap.newSuperior", |
5394 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5395 | 14 | "LDAPDN", HFILL }}, |
5396 | 14 | { &hf_ldap_ava, |
5397 | 14 | { "ava", "ldap.ava_element", |
5398 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5399 | 14 | "AttributeValueAssertion", HFILL }}, |
5400 | 14 | { &hf_ldap_requestName, |
5401 | 14 | { "requestName", "ldap.requestName", |
5402 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5403 | 14 | "LDAPOID", HFILL }}, |
5404 | 14 | { &hf_ldap_requestValue, |
5405 | 14 | { "requestValue", "ldap.requestValue", |
5406 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5407 | 14 | NULL, HFILL }}, |
5408 | 14 | { &hf_ldap_extendedResponse_resultCode, |
5409 | 14 | { "resultCode", "ldap.extendedResponse_resultCode", |
5410 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0, |
5411 | 14 | "ExtendedResponse_resultCode", HFILL }}, |
5412 | 14 | { &hf_ldap_responseName, |
5413 | 14 | { "responseName", "ldap.responseName", |
5414 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5415 | 14 | NULL, HFILL }}, |
5416 | 14 | { &hf_ldap_response, |
5417 | 14 | { "response", "ldap.response", |
5418 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5419 | 14 | "OCTET_STRING", HFILL }}, |
5420 | 14 | { &hf_ldap_intermediateResponse_responseValue, |
5421 | 14 | { "responseValue", "ldap.intermediateResponse_responseValue", |
5422 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5423 | 14 | "T_intermediateResponse_responseValue", HFILL }}, |
5424 | 14 | { &hf_ldap_size, |
5425 | 14 | { "size", "ldap.size", |
5426 | 14 | FT_INT32, BASE_DEC, NULL, 0, |
5427 | 14 | "INTEGER", HFILL }}, |
5428 | 14 | { &hf_ldap_cookie, |
5429 | 14 | { "cookie", "ldap.cookie", |
5430 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5431 | 14 | "OCTET_STRING", HFILL }}, |
5432 | 14 | { &hf_ldap_SortKeyList_item, |
5433 | 14 | { "SortKeyList item", "ldap.SortKeyList_item_element", |
5434 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5435 | 14 | NULL, HFILL }}, |
5436 | 14 | { &hf_ldap_attributeType, |
5437 | 14 | { "attributeType", "ldap.attributeType", |
5438 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5439 | 14 | "AttributeDescription", HFILL }}, |
5440 | 14 | { &hf_ldap_orderingRule, |
5441 | 14 | { "orderingRule", "ldap.orderingRule", |
5442 | 14 | FT_STRING, BASE_NONE, NULL, 0, |
5443 | 14 | "MatchingRuleId", HFILL }}, |
5444 | 14 | { &hf_ldap_reverseOrder, |
5445 | 14 | { "reverseOrder", "ldap.reverseOrder", |
5446 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5447 | 14 | "BOOLEAN", HFILL }}, |
5448 | 14 | { &hf_ldap_sortResult, |
5449 | 14 | { "sortResult", "ldap.sortResult", |
5450 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0, |
5451 | 14 | NULL, HFILL }}, |
5452 | 14 | { &hf_ldap_flags, |
5453 | 14 | { "flags", "ldap.flags", |
5454 | 14 | FT_UINT32, BASE_HEX, NULL, 0, |
5455 | 14 | "DirSyncFlags", HFILL }}, |
5456 | 14 | { &hf_ldap_maxBytes, |
5457 | 14 | { "maxBytes", "ldap.maxBytes", |
5458 | 14 | FT_INT32, BASE_DEC, NULL, 0, |
5459 | 14 | "INTEGER", HFILL }}, |
5460 | 14 | { &hf_ldap_userIdentity, |
5461 | 14 | { "userIdentity", "ldap.userIdentity", |
5462 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5463 | 14 | "OCTET_STRING", HFILL }}, |
5464 | 14 | { &hf_ldap_oldPasswd, |
5465 | 14 | { "oldPasswd", "ldap.oldPasswd", |
5466 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5467 | 14 | "OCTET_STRING", HFILL }}, |
5468 | 14 | { &hf_ldap_newPasswd, |
5469 | 14 | { "newPasswd", "ldap.newPasswd", |
5470 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5471 | 14 | "OCTET_STRING", HFILL }}, |
5472 | 14 | { &hf_ldap_cancelID, |
5473 | 14 | { "cancelID", "ldap.cancelID", |
5474 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5475 | 14 | "MessageID", HFILL }}, |
5476 | 14 | { &hf_ldap_mode, |
5477 | 14 | { "mode", "ldap.mode", |
5478 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0, |
5479 | 14 | NULL, HFILL }}, |
5480 | 14 | { &hf_ldap_reloadHint, |
5481 | 14 | { "reloadHint", "ldap.reloadHint", |
5482 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5483 | 14 | "BOOLEAN", HFILL }}, |
5484 | 14 | { &hf_ldap_state, |
5485 | 14 | { "state", "ldap.state", |
5486 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0, |
5487 | 14 | NULL, HFILL }}, |
5488 | 14 | { &hf_ldap_entryUUID, |
5489 | 14 | { "entryUUID", "ldap.entryUUID", |
5490 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5491 | 14 | "SyncUUID", HFILL }}, |
5492 | 14 | { &hf_ldap_refreshDeletes, |
5493 | 14 | { "refreshDeletes", "ldap.refreshDeletes", |
5494 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5495 | 14 | "BOOLEAN", HFILL }}, |
5496 | 14 | { &hf_ldap_newcookie, |
5497 | 14 | { "newcookie", "ldap.newcookie", |
5498 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5499 | 14 | "OCTET_STRING", HFILL }}, |
5500 | 14 | { &hf_ldap_refreshDelete, |
5501 | 14 | { "refreshDelete", "ldap.refreshDelete_element", |
5502 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5503 | 14 | NULL, HFILL }}, |
5504 | 14 | { &hf_ldap_refreshDone, |
5505 | 14 | { "refreshDone", "ldap.refreshDone", |
5506 | 14 | FT_BOOLEAN, BASE_NONE, NULL, 0, |
5507 | 14 | "BOOLEAN", HFILL }}, |
5508 | 14 | { &hf_ldap_refreshPresent, |
5509 | 14 | { "refreshPresent", "ldap.refreshPresent_element", |
5510 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5511 | 14 | NULL, HFILL }}, |
5512 | 14 | { &hf_ldap_syncIdSet, |
5513 | 14 | { "syncIdSet", "ldap.syncIdSet_element", |
5514 | 14 | FT_NONE, BASE_NONE, NULL, 0, |
5515 | 14 | NULL, HFILL }}, |
5516 | 14 | { &hf_ldap_syncUUIDs, |
5517 | 14 | { "syncUUIDs", "ldap.syncUUIDs", |
5518 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5519 | 14 | "SET_OF_SyncUUID", HFILL }}, |
5520 | 14 | { &hf_ldap_syncUUIDs_item, |
5521 | 14 | { "SyncUUID", "ldap.SyncUUID", |
5522 | 14 | FT_BYTES, BASE_NONE, NULL, 0, |
5523 | 14 | NULL, HFILL }}, |
5524 | 14 | { &hf_ldap_warning, |
5525 | 14 | { "warning", "ldap.warning", |
5526 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0, |
5527 | 14 | NULL, HFILL }}, |
5528 | 14 | { &hf_ldap_timeBeforeExpiration, |
5529 | 14 | { "timeBeforeExpiration", "ldap.timeBeforeExpiration", |
5530 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5531 | 14 | "INTEGER_0_maxInt", HFILL }}, |
5532 | 14 | { &hf_ldap_graceAuthNsRemaining, |
5533 | 14 | { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining", |
5534 | 14 | FT_UINT32, BASE_DEC, NULL, 0, |
5535 | 14 | "INTEGER_0_maxInt", HFILL }}, |
5536 | 14 | { &hf_ldap_error, |
5537 | 14 | { "error", "ldap.error", |
5538 | 14 | FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0, |
5539 | 14 | NULL, HFILL }}, |
5540 | 14 | }; |
5541 | | |
5542 | | /* List of subtrees */ |
5543 | 14 | static int *ett[] = { |
5544 | 14 | &ett_ldap, |
5545 | 14 | &ett_ldap_payload, |
5546 | 14 | &ett_ldap_sasl_blob, |
5547 | 14 | &ett_ldap_msg, |
5548 | 14 | &ett_mscldap_netlogon_flags, |
5549 | 14 | &ett_mscldap_ntver_flags, |
5550 | 14 | &ett_mscldap_ipdetails, |
5551 | 14 | &ett_ldap_DirSyncFlagsSubEntry, |
5552 | | |
5553 | 14 | &ett_ldap_LDAPMessage, |
5554 | 14 | &ett_ldap_ProtocolOp, |
5555 | 14 | &ett_ldap_AttributeDescriptionList, |
5556 | 14 | &ett_ldap_AttributeValueAssertion, |
5557 | 14 | &ett_ldap_Attribute, |
5558 | 14 | &ett_ldap_SET_OF_AttributeValue, |
5559 | 14 | &ett_ldap_LDAPResult, |
5560 | 14 | &ett_ldap_Referral, |
5561 | 14 | &ett_ldap_Controls, |
5562 | 14 | &ett_ldap_Control, |
5563 | 14 | &ett_ldap_BindRequest_U, |
5564 | 14 | &ett_ldap_AuthenticationChoice, |
5565 | 14 | &ett_ldap_SaslCredentials, |
5566 | 14 | &ett_ldap_BindResponse_U, |
5567 | 14 | &ett_ldap_SearchRequest_U, |
5568 | 14 | &ett_ldap_Filter, |
5569 | 14 | &ett_ldap_T_and, |
5570 | 14 | &ett_ldap_T_or, |
5571 | 14 | &ett_ldap_SubstringFilter, |
5572 | 14 | &ett_ldap_T_substringFilter_substrings, |
5573 | 14 | &ett_ldap_T_substringFilter_substrings_item, |
5574 | 14 | &ett_ldap_MatchingRuleAssertion, |
5575 | 14 | &ett_ldap_SearchResultEntry_U, |
5576 | 14 | &ett_ldap_PartialAttributeList, |
5577 | 14 | &ett_ldap_PartialAttributeList_item, |
5578 | 14 | &ett_ldap_SEQUENCE_OF_LDAPURL, |
5579 | 14 | &ett_ldap_ModifyRequest_U, |
5580 | 14 | &ett_ldap_ModifyRequest_modification, |
5581 | 14 | &ett_ldap_T_modifyRequest_modification_item, |
5582 | 14 | &ett_ldap_AttributeTypeAndValues, |
5583 | 14 | &ett_ldap_AddRequest_U, |
5584 | 14 | &ett_ldap_AttributeList, |
5585 | 14 | &ett_ldap_AttributeList_item, |
5586 | 14 | &ett_ldap_ModifyDNRequest_U, |
5587 | 14 | &ett_ldap_CompareRequest_U, |
5588 | 14 | &ett_ldap_ExtendedRequest_U, |
5589 | 14 | &ett_ldap_ExtendedResponse_U, |
5590 | 14 | &ett_ldap_IntermediateResponse_U, |
5591 | 14 | &ett_ldap_SearchControlValue, |
5592 | 14 | &ett_ldap_SortKeyList, |
5593 | 14 | &ett_ldap_SortKeyList_item, |
5594 | 14 | &ett_ldap_SortResult, |
5595 | 14 | &ett_ldap_DirSyncControlValue, |
5596 | 14 | &ett_ldap_PasswdModifyRequestValue, |
5597 | 14 | &ett_ldap_CancelRequestValue, |
5598 | 14 | &ett_ldap_SyncRequestValue, |
5599 | 14 | &ett_ldap_SyncStateValue, |
5600 | 14 | &ett_ldap_SyncDoneValue, |
5601 | 14 | &ett_ldap_SyncInfoValue, |
5602 | 14 | &ett_ldap_T_refreshDelete, |
5603 | 14 | &ett_ldap_T_refreshPresent, |
5604 | 14 | &ett_ldap_T_syncIdSet, |
5605 | 14 | &ett_ldap_SET_OF_SyncUUID, |
5606 | 14 | &ett_ldap_PasswordPolicyResponseValue, |
5607 | 14 | &ett_ldap_T_warning, |
5608 | 14 | }; |
5609 | | /* UAT for header fields */ |
5610 | 14 | static uat_field_t custom_attribute_types_uat_fields[] = { |
5611 | 14 | UAT_FLD_CSTRING(attribute_types, attribute_type, "Attribute type", "Attribute type"), |
5612 | 14 | UAT_FLD_CSTRING(attribute_types, attribute_desc, "Description", "Description of the value matching type"), |
5613 | 14 | UAT_END_FIELDS |
5614 | 14 | }; |
5615 | | |
5616 | 14 | static ei_register_info ei[] = { |
5617 | 14 | { &ei_ldap_exceeded_filter_length, { "ldap.exceeded_filter_length", PI_UNDECODED, PI_ERROR, "Filter length exceeds number. Giving up", EXPFILL }}, |
5618 | 14 | { &ei_ldap_too_many_filter_elements, { "ldap.too_many_filter_elements", PI_UNDECODED, PI_ERROR, "Found too many filter elements. Giving up.", EXPFILL }}, |
5619 | 14 | }; |
5620 | | |
5621 | 14 | expert_module_t* expert_ldap; |
5622 | 14 | module_t *ldap_module; |
5623 | 14 | uat_t *attributes_uat; |
5624 | | |
5625 | | /* Register protocol */ |
5626 | 14 | proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME); |
5627 | | /* Register fields and subtrees */ |
5628 | 14 | proto_register_field_array(proto_ldap, hf, array_length(hf)); |
5629 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
5630 | 14 | expert_ldap = expert_register_protocol(proto_ldap); |
5631 | 14 | expert_register_field_array(expert_ldap, ei, array_length(ei)); |
5632 | | |
5633 | 14 | ldap_handle = register_dissector("ldap", dissect_ldap_tcp, proto_ldap); |
5634 | | |
5635 | 14 | ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap); |
5636 | 14 | prefs_register_bool_preference(ldap_module, "desegment_ldap_messages", |
5637 | 14 | "Reassemble LDAP messages spanning multiple TCP segments", |
5638 | 14 | "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments." |
5639 | 14 | " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", |
5640 | 14 | &ldap_desegment); |
5641 | | |
5642 | 14 | prefs_register_uint_preference(ldap_module, "tls.port", "LDAPS TCP Port", |
5643 | 14 | "Set the port for LDAP operations over TLS", |
5644 | 14 | 10, &global_ldaps_tcp_port); |
5645 | 14 | prefs_register_obsolete_preference(ldap_module, "ssl.port"); |
5646 | | /* UAT */ |
5647 | 14 | attributes_uat = uat_new("Custom LDAP AttributeValue types", |
5648 | 14 | sizeof(attribute_type_t), |
5649 | 14 | "custom_ldap_attribute_types", |
5650 | 14 | true, |
5651 | 14 | &attribute_types, |
5652 | 14 | &num_attribute_types, |
5653 | | /* specifies named fields, so affects dissection |
5654 | | and the set of named fields */ |
5655 | 14 | UAT_AFFECTS_DISSECTION|UAT_AFFECTS_FIELDS, |
5656 | 14 | NULL, |
5657 | 14 | attribute_types_copy_cb, |
5658 | 14 | attribute_types_update_cb, |
5659 | 14 | attribute_types_free_cb, |
5660 | 14 | attribute_types_post_update_cb, |
5661 | 14 | attribute_types_reset_cb, |
5662 | 14 | custom_attribute_types_uat_fields); |
5663 | | |
5664 | 14 | prefs_register_uat_preference(ldap_module, "custom_ldap_attribute_types", |
5665 | 14 | "Custom AttributeValue types", |
5666 | 14 | "A table to define custom LDAP attribute type values for which fields can be setup and used for filtering/data extraction etc.", |
5667 | 14 | attributes_uat); |
5668 | | |
5669 | 14 | prefs_register_obsolete_preference(ldap_module, "max_pdu"); |
5670 | | |
5671 | 14 | proto_cldap = proto_register_protocol("Connectionless Lightweight Directory Access Protocol", "CLDAP", "cldap"); |
5672 | 14 | cldap_handle = register_dissector("cldap", dissect_mscldap, proto_cldap); |
5673 | | |
5674 | 14 | ldap_tap=register_tap("ldap"); |
5675 | | |
5676 | 14 | ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", proto_cldap, FT_STRING, STRING_CASE_INSENSITIVE); |
5677 | | |
5678 | 14 | register_srt_table(proto_ldap, NULL, 1, ldapstat_packet, ldapstat_init, NULL); |
5679 | 14 | } |
5680 | | |
5681 | | |
5682 | | /*--- proto_reg_handoff_ldap ---------------------------------------*/ |
5683 | | void |
5684 | | proto_reg_handoff_ldap(void) |
5685 | 14 | { |
5686 | 14 | dissector_handle_t ldap_sid_handle = NULL; |
5687 | | |
5688 | 14 | dissector_add_uint_with_preference("udp.port", UDP_PORT_CLDAP, cldap_handle); |
5689 | | |
5690 | 14 | gssapi_handle = find_dissector_add_dependency("gssapi", proto_ldap); |
5691 | 14 | gssapi_wrap_handle = find_dissector_add_dependency("gssapi_verf", proto_ldap); |
5692 | 14 | spnego_handle = find_dissector_add_dependency("spnego", proto_ldap); |
5693 | | |
5694 | 14 | ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_ldap); |
5695 | | |
5696 | 14 | tls_handle = find_dissector_add_dependency("tls", proto_ldap); |
5697 | | |
5698 | 14 | prefs_register_ldap(); |
5699 | | |
5700 | 14 | oid_add_from_string("ISO assigned OIDs, USA", "1.2.840"); |
5701 | | |
5702 | | /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */ |
5703 | | /* https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c5e87db-4728-4f29-b164-01dd7d7391ea */ |
5704 | 14 | oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417"); |
5705 | 14 | oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521"); |
5706 | 14 | oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528"); |
5707 | 14 | oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529"); |
5708 | 14 | oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582"); |
5709 | 14 | oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619"); |
5710 | 14 | oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650"); |
5711 | 14 | oid_add_from_string("managedObjects","1.2.840.113556.1.4.654"); |
5712 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800"); |
5713 | 14 | oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801"); |
5714 | 14 | oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802"); |
5715 | 14 | oid_add_from_string("LDAP_MATCHING_RULE_BIT_AND", "1.2.840.113556.1.4.803"); |
5716 | 14 | oid_add_from_string("LDAP_MATCHING_RULE_BIT_OR","1.2.840.113556.1.4.804"); |
5717 | 14 | oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805"); |
5718 | 14 | oid_add_from_string("LDAP_SERVER_GET_STATS_OID","1.2.840.113556.1.4.970"); |
5719 | 14 | oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338"); |
5720 | 14 | oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339"); |
5721 | 14 | oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340"); |
5722 | 14 | oid_add_from_string("LDAP_SERVER_RODC_DCPROMO_OID","1.2.840.113556.1.4.1341"); |
5723 | 14 | oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413"); |
5724 | 14 | oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504"); |
5725 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670"); |
5726 | 14 | oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711"); |
5727 | 14 | oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717"); |
5728 | 14 | oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781"); |
5729 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791"); |
5730 | 14 | oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840"); |
5731 | 14 | oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848"); |
5732 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851"); |
5733 | 14 | oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852"); |
5734 | 14 | oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860"); |
5735 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_DIGEST_OID", "1.2.840.113556.1.4.1880"); |
5736 | 14 | oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907"); |
5737 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_PARTIAL_SECRETS_OID", "1.2.840.113556.1.4.1920"); |
5738 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V60_OID", "1.2.840.113556.1.4.1935"); |
5739 | 14 | oid_add_from_string("LDAP_MATCHING_RULE_TRANSITIVE_EVAL", "1.2.840.113556.1.4.1941"); |
5740 | 14 | oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948"); |
5741 | 14 | oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960"); |
5742 | 14 | oid_add_from_string("LDAP_SERVER_FORCE_UPDATE_OID","1.2.840.113556.1.4.1974"); |
5743 | 14 | oid_add_from_string("LDAP_SERVER_DN_INPUT_OID","1.2.840.113556.1.4.2026"); |
5744 | 14 | oid_add_from_string("LDAP_SERVER_SHOW_RECYCLED_OID","1.2.840.113556.1.4.2064"); |
5745 | 14 | oid_add_from_string("LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID","1.2.840.113556.1.4.2065"); |
5746 | 14 | oid_add_from_string("LDAP_SERVER_POLICY_HINTS_DEPRECATED_OID","1.2.840.113556.1.4.2066"); |
5747 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V61_R2_OID", "1.2.840.113556.1.4.2080"); |
5748 | 14 | oid_add_from_string("LDAP_SERVER_DIRSYNC_EX_OID","1.2.840.113556.1.4.2090"); |
5749 | 14 | oid_add_from_string("LDAP_SERVER_TREE_DELETE_EX_OID","1.2.840.113556.1.4.2204"); |
5750 | 14 | oid_add_from_string("LDAP_SERVER_UPDATE_STATS_OID","1.2.840.113556.1.4.2205"); |
5751 | 14 | oid_add_from_string("LDAP_SERVER_SEARCH_HINTS_OID","1.2.840.113556.1.4.2206"); |
5752 | 14 | oid_add_from_string("LDAP_SERVER_EXPECTED_ENTRY_COUNT_OID","1.2.840.113556.1.4.2211"); |
5753 | 14 | oid_add_from_string("LDAP_SERVER_BATCH_REQUEST_OID", "1.2.840.113556.1.4.2212"); |
5754 | 14 | oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_W8_OID", "1.2.840.113556.1.4.2237"); |
5755 | 14 | oid_add_from_string("LDAP_SERVER_POLICY_HINTS_OID","1.2.840.113556.1.4.2239"); |
5756 | 14 | oid_add_from_string("LDAP_MATCHING_RULE_DN_WITH_DATA", "1.2.840.113556.1.4.2253"); |
5757 | 14 | oid_add_from_string("LDAP_SERVER_SET_OWNER_OID","1.2.840.113556.1.4.2255"); |
5758 | 14 | oid_add_from_string("LDAP_SERVER_BYPASS_QUOTA_OID","1.2.840.113556.1.4.2256"); |
5759 | 14 | oid_add_from_string("LDAP_SERVER_LINK_TTL_OID","1.2.840.113556.1.4.2309"); |
5760 | 14 | oid_add_from_string("LDAP_SERVER_SET_CORRELATION_ID_OID","1.2.840.113556.1.4.2330"); |
5761 | 14 | oid_add_from_string("LDAP_SERVER_THREAD_TRACE_OVERRIDE_OID","1.2.840.113556.1.4.2354"); |
5762 | | |
5763 | | /* RFC4532 */ |
5764 | 14 | oid_add_from_string("LDAP_SERVER_WHO_AM_I_OID", "1.3.6.1.4.1.4203.1.11.3"); |
5765 | | |
5766 | | /* Mark Wahl (Critical Angle) */ |
5767 | 14 | oid_add_from_string("DYNAMIC_REFRESH","1.3.6.1.4.1.1466.101.119.1"); |
5768 | 14 | oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037"); |
5769 | | |
5770 | 14 | oid_add_from_string("inetOrgPerson", "2.16.840.1.113730.3.2.2"); |
5771 | | /* RFC2798 */ |
5772 | 14 | oid_add_from_string("US company arc", "2.16.840.1"); |
5773 | | |
5774 | | /* http://www.alvestrand.no/objectid/2.16.840.1.113730.3.4.html */ |
5775 | 14 | oid_add_from_string("Manage DSA IT LDAPv3 control", "2.16.840.1.113730.3.4.2"); |
5776 | 14 | oid_add_from_string("Persistent Search LDAPv3 control", "2.16.840.1.113730.3.4.3"); |
5777 | 14 | oid_add_from_string("Netscape Password Expired LDAPv3 control", "2.16.840.1.113730.3.4.4"); |
5778 | 14 | oid_add_from_string("Netscape Password Expiring LDAPv3 control", "2.16.840.1.113730.3.4.5"); |
5779 | 14 | oid_add_from_string("Netscape NT Synchronization Client LDAPv3 control", "2.16.840.1.113730.3.4.6"); |
5780 | 14 | oid_add_from_string("Entry Change Notification LDAPv3 control", "2.16.840.1.113730.3.4.7"); |
5781 | 14 | oid_add_from_string("Transaction ID Request Control", "2.16.840.1.113730.3.4.8"); |
5782 | 14 | oid_add_from_string("VLV Request LDAPv3 control", "2.16.840.1.113730.3.4.9"); |
5783 | 14 | oid_add_from_string("VLV Response LDAPv3 control", "2.16.840.1.113730.3.4.10"); |
5784 | 14 | oid_add_from_string("Transaction ID Response Control", "2.16.840.1.113730.3.4.11"); |
5785 | 14 | oid_add_from_string("Proxied Authorization (version 1) control", "2.16.840.1.113730.3.4.12"); |
5786 | 14 | oid_add_from_string("iPlanet Directory Server Replication Update Information Control", "2.16.840.1.113730.3.4.13"); |
5787 | 14 | oid_add_from_string("iPlanet Directory Server search on specific backend control", "2.16.840.1.113730.3.4.14"); |
5788 | 14 | oid_add_from_string("Authentication Response Control", "2.16.840.1.113730.3.4.15"); |
5789 | 14 | oid_add_from_string("Authentication Request Control", "2.16.840.1.113730.3.4.16"); |
5790 | 14 | oid_add_from_string("Real Attributes Only Request Control", "2.16.840.1.113730.3.4.17"); |
5791 | 14 | oid_add_from_string("Proxied Authorization (version 2) Control", "2.16.840.1.113730.3.4.18"); |
5792 | 14 | oid_add_from_string("Chaining loop detection", "2.16.840.1.113730.3.4.19"); |
5793 | 14 | oid_add_from_string("iPlanet Replication Modrdn Extra Mods Control", "2.16.840.1.113730.3.4.999"); |
5794 | | |
5795 | | |
5796 | 14 | ldap_sid_handle = create_dissector_handle(dissect_ldap_sid, proto_ldap); |
5797 | 14 | dissector_add_string("ldap.name", "netlogon", create_dissector_handle(dissect_NetLogon_PDU, proto_cldap)); |
5798 | 14 | dissector_add_string("ldap.name", "objectGUID", create_dissector_handle(dissect_ldap_guid, proto_ldap)); |
5799 | 14 | dissector_add_string("ldap.name", "supportedControl", create_dissector_handle(dissect_ldap_oid, proto_ldap)); |
5800 | 14 | dissector_add_string("ldap.name", "supportedCapabilities", create_dissector_handle(dissect_ldap_oid, proto_ldap)); |
5801 | 14 | dissector_add_string("ldap.name", "mS-DS-CreatorSID", ldap_sid_handle); |
5802 | 14 | dissector_add_string("ldap.name", "msDS-QuotaTrustee", ldap_sid_handle); |
5803 | 14 | dissector_add_string("ldap.name", "objectSid", ldap_sid_handle); |
5804 | 14 | dissector_add_string("ldap.name", "securityIdentifier", ldap_sid_handle); |
5805 | 14 | dissector_add_string("ldap.name", "sIDHistory", ldap_sid_handle); |
5806 | 14 | dissector_add_string("ldap.name", "syncWithSID", ldap_sid_handle); |
5807 | 14 | dissector_add_string("ldap.name", "tokenGroups", ldap_sid_handle); |
5808 | 14 | dissector_add_string("ldap.name", "tokenGroupsGlobalAndUniversal", ldap_sid_handle); |
5809 | 14 | dissector_add_string("ldap.name", "tokenGroupsNoGCAcceptable", ldap_sid_handle); |
5810 | 14 | dissector_add_string("ldap.name", "nTSecurityDescriptor", create_dissector_handle(dissect_ldap_nt_sec_desc, proto_ldap)); |
5811 | | |
5812 | 14 | register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "LDAP_PAGED_RESULT_OID_STRING"); |
5813 | 14 | register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "LDAP_SERVER_SORT_OID"); |
5814 | 14 | register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "LDAP_SERVER_RESP_SORT_OID"); |
5815 | 14 | register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "LDAP_SERVER_DIRSYNC_OID"); |
5816 | 14 | register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID"); |
5817 | 14 | register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID"); |
5818 | 14 | register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID"); |
5819 | 14 | register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID"); |
5820 | 14 | register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID"); |
5821 | 14 | register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID"); |
5822 | 14 | register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy"); |
5823 | | |
5824 | | |
5825 | 14 | dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle); |
5826 | | |
5827 | 14 | dissector_add_uint("acdr.tls_application_port", 636, ldap_handle); |
5828 | 14 | dissector_add_uint("acdr.tls_application", TLS_APP_LDAP, ldap_handle); |
5829 | 14 | } |
5830 | | |
5831 | | static void |
5832 | | prefs_register_ldap(void) |
5833 | 14 | { |
5834 | 14 | if(ssl_port != global_ldaps_tcp_port) { |
5835 | 14 | if(ssl_port) |
5836 | 0 | ssl_dissector_delete(ssl_port, ldap_handle); |
5837 | | |
5838 | | /* Set our port number for future use */ |
5839 | 14 | ssl_port = global_ldaps_tcp_port; |
5840 | | |
5841 | 14 | if(ssl_port) |
5842 | 14 | ssl_dissector_add(ssl_port, ldap_handle); |
5843 | 14 | } |
5844 | | |
5845 | 14 | } |
5846 | | |
5847 | | /* |
5848 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
5849 | | * |
5850 | | * Local Variables: |
5851 | | * c-basic-offset: 2 |
5852 | | * tab-width: 8 |
5853 | | * indent-tabs-mode: nil |
5854 | | * End: |
5855 | | * |
5856 | | * vi: set shiftwidth=2 tabstop=8 expandtab: |
5857 | | * :indentSize=2:tabSize=8:noTabs=true: |
5858 | | */ |