1 /* Do not modify this file. Changes will be overwritten. */ 2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */ 3 /* packet-ldap.c */ 4 /* asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../.. Lightweight-Directory-Access-Protocol-V3.asn */ 5 6 /* Input file: packet-ldap-template.c */ 7 8 #line 1 "./asn1/ldap/packet-ldap-template.c" 9 /* packet-ldap-template.c 10 * Routines for ldap packet dissection 11 * 12 * See RFC 3494 (LDAP v2), RFC 4511 (LDAP v3), and RFC 2222 (SASL). 13 * 14 * Wireshark - Network traffic analyzer 15 * By Gerald Combs <gerald@wireshark.org> 16 * Copyright 1998 Gerald Combs 17 * 18 * SPDX-License-Identifier: GPL-2.0-or-later 19 */ 20 21 /* 22 * This is not a complete implementation. It doesn't handle the full version 3, more specifically, 23 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported. 24 * It's also missing extensible search filters. 25 * 26 * There should probably be a lot more error checking, I simply assume that if we have a full packet, it will be a complete 27 * and correct packet. 28 * 29 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add 30 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what 31 * I can do. 32 * 33 * Doug Nazar 34 * nazard@dragoninc.on.ca 35 */ 36 37 /* 38 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the 39 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2 40 * TCP segments. 41 * 42 * Ronald W. Henderson 43 * ronald.henderson@cognicaseusa.com 44 */ 45 46 /* 47 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC 48 * using information from the SNIA 2003 conference paper : 49 * Active Directory Domain Controller Location Service 50 * by Anthony Liguori 51 * ronnie sahlberg 52 */ 53 54 /* 55 * 17-DEC-2004 - added basic decoding for LDAP Controls 56 * 20-DEC-2004 - added handling for GSS-API encrypted blobs 57 * 58 * Stefan Metzmacher <metze@samba.org> 59 * 60 * 15-NOV-2005 - Changed to use the asn2wrs compiler 61 * Anders Broman <anders.broman@ericsson.com> 62 */ 63 64 /* 65 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types. 66 * Updated cldap_netlogon_flags to include Windows 2008 flags 67 * Expanded the ntver ldap option with bit field 68 * 69 * Gary Reynolds <gazzadownunder@yahoo.co.uk> 70 */ 71 72 /* 73 * 09-DEC-2009 - Added support for RFC4533 74 * Content Synchronization Operation (aka syncrepl) 75 * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511) 76 * Mathieu Parent <math.parent@gmail.com> 77 */ 78 79 #include "config.h" 80 81 #include <epan/packet.h> 82 #include <epan/exceptions.h> 83 #include <epan/conversation.h> 84 #include <epan/prefs.h> 85 #include <epan/tap.h> 86 #include <epan/srt_table.h> 87 #include <epan/oids.h> 88 #include <epan/strutil.h> 89 #include <epan/show_exception.h> 90 #include <epan/asn1.h> 91 #include <epan/expert.h> 92 #include <epan/uat.h> 93 #include <wsutil/str_util.h> 94 #include "packet-frame.h" 95 #include "packet-tcp.h" 96 #include "packet-windows-common.h" 97 #include "packet-dcerpc.h" 98 99 #include "packet-ldap.h" 100 #include "packet-ntlmssp.h" 101 #include "packet-tls.h" 102 #include "packet-tls-utils.h" 103 #include "packet-gssapi.h" 104 #include "packet-acdr.h" 105 106 #include "packet-ber.h" 107 #include "packet-per.h" 108 #include "packet-dns.h" 109 110 #define PNAME "Lightweight Directory Access Protocol" 111 #define PSNAME "LDAP" 112 #define PFNAME "ldap" 113 114 void proto_register_ldap(void); 115 void proto_reg_handoff_ldap(void); 116 117 /* Initialize the protocol and registered fields */ 118 static int ldap_tap = -1; 119 static int proto_ldap = -1; 120 static int proto_cldap = -1; 121 122 static int hf_ldap_sasl_buffer_length = -1; 123 static int hf_ldap_response_in = -1; 124 static int hf_ldap_response_to = -1; 125 static int hf_ldap_time = -1; 126 static int hf_ldap_guid = -1; 127 128 static int hf_mscldap_ntver_flags = -1; 129 static int hf_mscldap_ntver_flags_v1 = -1; 130 static int hf_mscldap_ntver_flags_v5 = -1; 131 static int hf_mscldap_ntver_flags_v5ex = -1; 132 static int hf_mscldap_ntver_flags_v5ep = -1; 133 static int hf_mscldap_ntver_flags_vcs = -1; 134 static int hf_mscldap_ntver_flags_vnt4 = -1; 135 static int hf_mscldap_ntver_flags_vpdc = -1; 136 static int hf_mscldap_ntver_flags_vip = -1; 137 static int hf_mscldap_ntver_flags_vl = -1; 138 static int hf_mscldap_ntver_flags_vgc = -1; 139 140 static int hf_mscldap_netlogon_ipaddress_family = -1; 141 static int hf_mscldap_netlogon_ipaddress_port = -1; 142 static int hf_mscldap_netlogon_ipaddress = -1; 143 static int hf_mscldap_netlogon_ipaddress_ipv4 = -1; 144 static int hf_mscldap_netlogon_opcode = -1; 145 static int hf_mscldap_netlogon_flags = -1; 146 static int hf_mscldap_netlogon_flags_pdc = -1; 147 static int hf_mscldap_netlogon_flags_gc = -1; 148 static int hf_mscldap_netlogon_flags_ldap = -1; 149 static int hf_mscldap_netlogon_flags_ds = -1; 150 static int hf_mscldap_netlogon_flags_kdc = -1; 151 static int hf_mscldap_netlogon_flags_timeserv = -1; 152 static int hf_mscldap_netlogon_flags_closest = -1; 153 static int hf_mscldap_netlogon_flags_writable = -1; 154 static int hf_mscldap_netlogon_flags_good_timeserv = -1; 155 static int hf_mscldap_netlogon_flags_ndnc = -1; 156 static int hf_mscldap_netlogon_flags_fnc = -1; 157 static int hf_mscldap_netlogon_flags_dnc = -1; 158 static int hf_mscldap_netlogon_flags_dns = -1; 159 static int hf_mscldap_netlogon_flags_wdc = -1; 160 static int hf_mscldap_netlogon_flags_rodc = -1; 161 static int hf_mscldap_domain_guid = -1; 162 static int hf_mscldap_forest = -1; 163 static int hf_mscldap_domain = -1; 164 static int hf_mscldap_hostname = -1; 165 static int hf_mscldap_nb_domain_z = -1; 166 static int hf_mscldap_nb_domain = -1; 167 static int hf_mscldap_nb_hostname_z = -1; 168 static int hf_mscldap_nb_hostname = -1; 169 static int hf_mscldap_username_z = -1; 170 static int hf_mscldap_username = -1; 171 static int hf_mscldap_sitename = -1; 172 static int hf_mscldap_clientsitename = -1; 173 static int hf_mscldap_netlogon_lm_token = -1; 174 static int hf_mscldap_netlogon_nt_token = -1; 175 static int hf_ldap_sid = -1; 176 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1; 177 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1; 178 static int hf_ldap_AccessMask_ADS_LIST = -1; 179 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1; 180 static int hf_ldap_AccessMask_ADS_READ_PROP = -1; 181 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1; 182 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1; 183 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1; 184 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1; 185 static int hf_ldap_LDAPMessage_PDU = -1; 186 static int hf_ldap_object_security_flag = -1; 187 static int hf_ldap_ancestor_first_flag = -1; 188 static int hf_ldap_public_data_only_flag = -1; 189 static int hf_ldap_incremental_value_flag = -1; 190 static int hf_ldap_oid = -1; 191 static int hf_ldap_gssapi_encrypted_payload = -1; 192 193 194 /*--- Included file: packet-ldap-hf.c ---*/ 195 #line 1 "./asn1/ldap/packet-ldap-hf.c" 196 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */ 197 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */ 198 static int hf_ldap_SortResult_PDU = -1; /* SortResult */ 199 static int hf_ldap_DirSyncControlValue_PDU = -1; /* DirSyncControlValue */ 200 static int hf_ldap_PasswdModifyRequestValue_PDU = -1; /* PasswdModifyRequestValue */ 201 static int hf_ldap_CancelRequestValue_PDU = -1; /* CancelRequestValue */ 202 static int hf_ldap_SyncRequestValue_PDU = -1; /* SyncRequestValue */ 203 static int hf_ldap_SyncStateValue_PDU = -1; /* SyncStateValue */ 204 static int hf_ldap_SyncDoneValue_PDU = -1; /* SyncDoneValue */ 205 static int hf_ldap_SyncInfoValue_PDU = -1; /* SyncInfoValue */ 206 static int hf_ldap_PasswordPolicyResponseValue_PDU = -1; /* PasswordPolicyResponseValue */ 207 static int hf_ldap_messageID = -1; /* MessageID */ 208 static int hf_ldap_protocolOp = -1; /* ProtocolOp */ 209 static int hf_ldap_controls = -1; /* Controls */ 210 static int hf_ldap_bindRequest = -1; /* BindRequest */ 211 static int hf_ldap_bindResponse = -1; /* BindResponse */ 212 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */ 213 static int hf_ldap_searchRequest = -1; /* SearchRequest */ 214 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */ 215 static int hf_ldap_searchResDone = -1; /* SearchResultDone */ 216 static int hf_ldap_searchResRef = -1; /* SearchResultReference */ 217 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */ 218 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */ 219 static int hf_ldap_addRequest = -1; /* AddRequest */ 220 static int hf_ldap_addResponse = -1; /* AddResponse */ 221 static int hf_ldap_delRequest = -1; /* DelRequest */ 222 static int hf_ldap_delResponse = -1; /* DelResponse */ 223 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */ 224 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */ 225 static int hf_ldap_compareRequest = -1; /* CompareRequest */ 226 static int hf_ldap_compareResponse = -1; /* CompareResponse */ 227 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */ 228 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */ 229 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */ 230 static int hf_ldap_intermediateResponse = -1; /* IntermediateResponse */ 231 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */ 232 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */ 233 static int hf_ldap_assertionValue = -1; /* AssertionValue */ 234 static int hf_ldap_type = -1; /* AttributeDescription */ 235 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */ 236 static int hf_ldap_vals_item = -1; /* AttributeValue */ 237 static int hf_ldap_resultCode = -1; /* T_resultCode */ 238 static int hf_ldap_matchedDN = -1; /* LDAPDN */ 239 static int hf_ldap_errorMessage = -1; /* ErrorMessage */ 240 static int hf_ldap_referral = -1; /* Referral */ 241 static int hf_ldap_Referral_item = -1; /* LDAPURL */ 242 static int hf_ldap_Controls_item = -1; /* Control */ 243 static int hf_ldap_controlType = -1; /* ControlType */ 244 static int hf_ldap_criticality = -1; /* BOOLEAN */ 245 static int hf_ldap_controlValue = -1; /* T_controlValue */ 246 static int hf_ldap_version = -1; /* INTEGER_1_127 */ 247 static int hf_ldap_name = -1; /* LDAPDN */ 248 static int hf_ldap_authentication = -1; /* AuthenticationChoice */ 249 static int hf_ldap_simple = -1; /* Simple */ 250 static int hf_ldap_sasl = -1; /* SaslCredentials */ 251 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */ 252 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */ 253 static int hf_ldap_mechanism = -1; /* Mechanism */ 254 static int hf_ldap_credentials = -1; /* Credentials */ 255 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */ 256 static int hf_ldap_bindResponse_matchedDN = -1; /* T_bindResponse_matchedDN */ 257 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */ 258 static int hf_ldap_baseObject = -1; /* LDAPDN */ 259 static int hf_ldap_scope = -1; /* T_scope */ 260 static int hf_ldap_derefAliases = -1; /* T_derefAliases */ 261 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */ 262 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */ 263 static int hf_ldap_typesOnly = -1; /* BOOLEAN */ 264 static int hf_ldap_filter = -1; /* T_filter */ 265 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */ 266 static int hf_ldap_and = -1; /* T_and */ 267 static int hf_ldap_and_item = -1; /* T_and_item */ 268 static int hf_ldap_or = -1; /* T_or */ 269 static int hf_ldap_or_item = -1; /* T_or_item */ 270 static int hf_ldap_not = -1; /* T_not */ 271 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */ 272 static int hf_ldap_substrings = -1; /* SubstringFilter */ 273 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */ 274 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */ 275 static int hf_ldap_present = -1; /* T_present */ 276 static int hf_ldap_approxMatch = -1; /* T_approxMatch */ 277 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */ 278 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */ 279 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */ 280 static int hf_ldap_initial = -1; /* LDAPString */ 281 static int hf_ldap_any = -1; /* LDAPString */ 282 static int hf_ldap_final = -1; /* LDAPString */ 283 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */ 284 static int hf_ldap_matchValue = -1; /* AssertionValue */ 285 static int hf_ldap_dnAttributes = -1; /* T_dnAttributes */ 286 static int hf_ldap_objectName = -1; /* LDAPDN */ 287 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */ 288 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */ 289 static int hf_ldap__untag_item = -1; /* LDAPURL */ 290 static int hf_ldap_object = -1; /* LDAPDN */ 291 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */ 292 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */ 293 static int hf_ldap_operation = -1; /* T_operation */ 294 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */ 295 static int hf_ldap_entry = -1; /* LDAPDN */ 296 static int hf_ldap_attributes = -1; /* AttributeList */ 297 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */ 298 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */ 299 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */ 300 static int hf_ldap_newSuperior = -1; /* LDAPDN */ 301 static int hf_ldap_ava = -1; /* AttributeValueAssertion */ 302 static int hf_ldap_requestName = -1; /* LDAPOID */ 303 static int hf_ldap_requestValue = -1; /* T_requestValue */ 304 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */ 305 static int hf_ldap_responseName = -1; /* ResponseName */ 306 static int hf_ldap_response = -1; /* OCTET_STRING */ 307 static int hf_ldap_intermediateResponse_responseValue = -1; /* T_intermediateResponse_responseValue */ 308 static int hf_ldap_size = -1; /* INTEGER */ 309 static int hf_ldap_cookie = -1; /* OCTET_STRING */ 310 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */ 311 static int hf_ldap_attributeType = -1; /* AttributeDescription */ 312 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */ 313 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */ 314 static int hf_ldap_sortResult = -1; /* T_sortResult */ 315 static int hf_ldap_flags = -1; /* DirSyncFlags */ 316 static int hf_ldap_maxBytes = -1; /* INTEGER */ 317 static int hf_ldap_userIdentity = -1; /* OCTET_STRING */ 318 static int hf_ldap_oldPasswd = -1; /* OCTET_STRING */ 319 static int hf_ldap_newPasswd = -1; /* OCTET_STRING */ 320 static int hf_ldap_cancelID = -1; /* MessageID */ 321 static int hf_ldap_mode = -1; /* T_mode */ 322 static int hf_ldap_reloadHint = -1; /* BOOLEAN */ 323 static int hf_ldap_state = -1; /* T_state */ 324 static int hf_ldap_entryUUID = -1; /* SyncUUID */ 325 static int hf_ldap_refreshDeletes = -1; /* BOOLEAN */ 326 static int hf_ldap_newcookie = -1; /* OCTET_STRING */ 327 static int hf_ldap_refreshDelete = -1; /* T_refreshDelete */ 328 static int hf_ldap_refreshDone = -1; /* BOOLEAN */ 329 static int hf_ldap_refreshPresent = -1; /* T_refreshPresent */ 330 static int hf_ldap_syncIdSet = -1; /* T_syncIdSet */ 331 static int hf_ldap_syncUUIDs = -1; /* SET_OF_SyncUUID */ 332 static int hf_ldap_syncUUIDs_item = -1; /* SyncUUID */ 333 static int hf_ldap_warning = -1; /* T_warning */ 334 static int hf_ldap_timeBeforeExpiration = -1; /* INTEGER_0_maxInt */ 335 static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */ 336 static int hf_ldap_error = -1; /* T_error */ 337 338 /*--- End of included file: packet-ldap-hf.c ---*/ 339 #line 186 "./asn1/ldap/packet-ldap-template.c" 340 341 /* Initialize the subtree pointers */ 342 static gint ett_ldap = -1; 343 static gint ett_ldap_msg = -1; 344 static gint ett_ldap_sasl_blob = -1; 345 static gint ett_ldap_payload = -1; 346 static gint ett_mscldap_netlogon_flags = -1; 347 static gint ett_mscldap_ntver_flags = -1; 348 static gint ett_mscldap_ipdetails = -1; 349 static gint ett_ldap_DirSyncFlagsSubEntry = -1; 350 351 352 /*--- Included file: packet-ldap-ett.c ---*/ 353 #line 1 "./asn1/ldap/packet-ldap-ett.c" 354 static gint ett_ldap_LDAPMessage = -1; 355 static gint ett_ldap_ProtocolOp = -1; 356 static gint ett_ldap_AttributeDescriptionList = -1; 357 static gint ett_ldap_AttributeValueAssertion = -1; 358 static gint ett_ldap_Attribute = -1; 359 static gint ett_ldap_SET_OF_AttributeValue = -1; 360 static gint ett_ldap_LDAPResult = -1; 361 static gint ett_ldap_Referral = -1; 362 static gint ett_ldap_Controls = -1; 363 static gint ett_ldap_Control = -1; 364 static gint ett_ldap_BindRequest_U = -1; 365 static gint ett_ldap_AuthenticationChoice = -1; 366 static gint ett_ldap_SaslCredentials = -1; 367 static gint ett_ldap_BindResponse_U = -1; 368 static gint ett_ldap_SearchRequest_U = -1; 369 static gint ett_ldap_Filter = -1; 370 static gint ett_ldap_T_and = -1; 371 static gint ett_ldap_T_or = -1; 372 static gint ett_ldap_SubstringFilter = -1; 373 static gint ett_ldap_T_substringFilter_substrings = -1; 374 static gint ett_ldap_T_substringFilter_substrings_item = -1; 375 static gint ett_ldap_MatchingRuleAssertion = -1; 376 static gint ett_ldap_SearchResultEntry_U = -1; 377 static gint ett_ldap_PartialAttributeList = -1; 378 static gint ett_ldap_PartialAttributeList_item = -1; 379 static gint ett_ldap_SEQUENCE_OF_LDAPURL = -1; 380 static gint ett_ldap_ModifyRequest_U = -1; 381 static gint ett_ldap_ModifyRequest_modification = -1; 382 static gint ett_ldap_T_modifyRequest_modification_item = -1; 383 static gint ett_ldap_AttributeTypeAndValues = -1; 384 static gint ett_ldap_AddRequest_U = -1; 385 static gint ett_ldap_AttributeList = -1; 386 static gint ett_ldap_AttributeList_item = -1; 387 static gint ett_ldap_ModifyDNRequest_U = -1; 388 static gint ett_ldap_CompareRequest_U = -1; 389 static gint ett_ldap_ExtendedRequest_U = -1; 390 static gint ett_ldap_ExtendedResponse_U = -1; 391 static gint ett_ldap_IntermediateResponse_U = -1; 392 static gint ett_ldap_SearchControlValue = -1; 393 static gint ett_ldap_SortKeyList = -1; 394 static gint ett_ldap_SortKeyList_item = -1; 395 static gint ett_ldap_SortResult = -1; 396 static gint ett_ldap_DirSyncControlValue = -1; 397 static gint ett_ldap_PasswdModifyRequestValue = -1; 398 static gint ett_ldap_CancelRequestValue = -1; 399 static gint ett_ldap_SyncRequestValue = -1; 400 static gint ett_ldap_SyncStateValue = -1; 401 static gint ett_ldap_SyncDoneValue = -1; 402 static gint ett_ldap_SyncInfoValue = -1; 403 static gint ett_ldap_T_refreshDelete = -1; 404 static gint ett_ldap_T_refreshPresent = -1; 405 static gint ett_ldap_T_syncIdSet = -1; 406 static gint ett_ldap_SET_OF_SyncUUID = -1; 407 static gint ett_ldap_PasswordPolicyResponseValue = -1; 408 static gint ett_ldap_T_warning = -1; 409 410 /*--- End of included file: packet-ldap-ett.c ---*/ 411 #line 198 "./asn1/ldap/packet-ldap-template.c" 412 413 static expert_field ei_ldap_exceeded_filter_length = EI_INIT; 414 static expert_field ei_ldap_too_many_filter_elements = EI_INIT; 415 416 static dissector_table_t ldap_name_dissector_table=NULL; 417 static const char *object_identifier_id = NULL; /* LDAP OID */ 418 419 static gboolean do_protocolop = FALSE; 420 static gchar *attr_type = NULL; 421 static gboolean is_binary_attr_type = FALSE; 422 static gboolean ldap_found_in_frame = FALSE; 423 424 #define TCP_PORT_RANGE_LDAP "389,3268" /* 3268 is Windows 2000 Global Catalog */ 425 #define TCP_PORT_LDAPS 636 426 #define UDP_PORT_CLDAP 389 427 428 /* desegmentation of LDAP */ 429 static gboolean ldap_desegment = TRUE; 430 static guint global_ldaps_tcp_port = TCP_PORT_LDAPS; 431 static guint ssl_port = 0; 432 433 static dissector_handle_t gssapi_handle; 434 static dissector_handle_t gssapi_wrap_handle; 435 static dissector_handle_t ntlmssp_handle; 436 static dissector_handle_t spnego_handle; 437 static dissector_handle_t tls_handle; 438 static dissector_handle_t ldap_handle ; 439 440 static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */ 441 442 443 /* different types of rpc calls ontop of ms cldap */ 444 #define MSCLDAP_RPC_NETLOGON 1 445 446 /* Message type Choice values */ 447 static const value_string ldap_ProtocolOp_choice_vals[] = { 448 { 0, "bindRequest" }, 449 { 1, "bindResponse" }, 450 { 2, "unbindRequest" }, 451 { 3, "searchRequest" }, 452 { 4, "searchResEntry" }, 453 { 5, "searchResDone" }, 454 { 6, "searchResRef" }, 455 { 7, "modifyRequest" }, 456 { 8, "modifyResponse" }, 457 { 9, "addRequest" }, 458 { 10, "addResponse" }, 459 { 11, "delRequest" }, 460 { 12, "delResponse" }, 461 { 13, "modDNRequest" }, 462 { 14, "modDNResponse" }, 463 { 15, "compareRequest" }, 464 { 16, "compareResponse" }, 465 { 17, "abandonRequest" }, 466 { 18, "extendedReq" }, 467 { 19, "extendedResp" }, 468 { 20, "intermediateResponse" }, 469 { 0, NULL } 470 }; 471 472 /* Procedure names (used in Service Response Time */ 473 const value_string ldap_procedure_names[] = { 474 { 0, "Bind" }, 475 { 3, "Search" }, 476 { 6, "Modify" }, 477 { 8, "Add" }, 478 { 10, "Delete" }, 479 { 12, "Modrdn" }, 480 { 14, "Compare" }, 481 { 23, "Extended" }, 482 { 0, NULL } 483 }; 484 485 #define LOGON_PRIMARY_QUERY 7 486 #define LOGON_PRIMARY_RESPONSE 12 487 #define LOGON_SAM_LOGON_REQUEST 18 488 #define LOGON_SAM_LOGON_RESPONSE 19 489 #define LOGON_SAM_PAUSE_RESPONSE 20 490 #define LOGON_SAM_USER_UNKNOWN 21 491 #define LOGON_SAM_LOGON_RESPONSE_EX 23 492 #define LOGON_SAM_PAUSE_RESPONSE_EX 24 493 #define LOGON_SAM_USER_UNKNOWN_EX 25 494 495 static const value_string netlogon_opcode_vals[] = { 496 { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" }, 497 { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" }, 498 { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" }, 499 { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" }, 500 { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" }, 501 { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" }, 502 { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" }, 503 { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" }, 504 { 0, NULL } 505 }; 506 507 #define LDAP_NUM_PROCEDURES 24 508 509 static void 510 ldapstat_init(struct register_srt* srt _U_, GArray* srt_array) 511 { 512 srt_stat_table *ldap_srt_table; 513 guint32 i; 514 515 ldap_srt_table = init_srt_table("LDAP Commands", NULL, srt_array, LDAP_NUM_PROCEDURES, NULL, "ldap.protocolOp", NULL); 516 for (i = 0; i < LDAP_NUM_PROCEDURES; i++) 517 { 518 init_srt_table_row(ldap_srt_table, i, val_to_str_const(i, ldap_procedure_names, "<unknown>")); 519 } 520 } 521 522 static tap_packet_status 523 ldapstat_packet(void *pldap, packet_info *pinfo, epan_dissect_t *edt _U_, const void *psi) 524 { 525 guint i = 0; 526 srt_stat_table *ldap_srt_table; 527 const ldap_call_response_t *ldap=(const ldap_call_response_t *)psi; 528 srt_data_t *data = (srt_data_t *)pldap; 529 530 /* we are only interested in reply packets */ 531 if(ldap->is_request){ 532 return TAP_PACKET_DONT_REDRAW; 533 } 534 /* if we havnt seen the request, just ignore it */ 535 if(!ldap->req_frame){ 536 return TAP_PACKET_DONT_REDRAW; 537 } 538 539 /* only use the commands we know how to handle */ 540 switch(ldap->protocolOpTag){ 541 case LDAP_REQ_BIND: 542 case LDAP_REQ_SEARCH: 543 case LDAP_REQ_MODIFY: 544 case LDAP_REQ_ADD: 545 case LDAP_REQ_DELETE: 546 case LDAP_REQ_MODRDN: 547 case LDAP_REQ_COMPARE: 548 case LDAP_REQ_EXTENDED: 549 break; 550 default: 551 return TAP_PACKET_DONT_REDRAW; 552 } 553 554 ldap_srt_table = g_array_index(data->srt_array, srt_stat_table*, i); 555 556 add_srt_table_data(ldap_srt_table, ldap->protocolOpTag, &ldap->req_time, pinfo); 557 return TAP_PACKET_REDRAW; 558 } 559 560 /* 561 * Data structure attached to a conversation, giving authentication 562 * information from a bind request. 563 */ 564 typedef struct ldap_conv_info_t { 565 guint auth_type; /* authentication type */ 566 char *auth_mech; /* authentication mechanism */ 567 guint32 first_auth_frame; /* first frame that would use a security layer */ 568 wmem_map_t *unmatched; 569 wmem_map_t *matched; 570 gboolean is_mscldap; 571 guint32 num_results; 572 gboolean start_tls_pending; 573 guint32 start_tls_frame; 574 } ldap_conv_info_t; 575 576 static guint 577 ldap_info_hash_matched(gconstpointer k) 578 { 579 const ldap_call_response_t *key = (const ldap_call_response_t *)k; 580 581 return key->messageId; 582 } 583 584 static gint 585 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2) 586 { 587 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1; 588 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2; 589 590 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){ 591 return 0; 592 } 593 /* a response may span multiple frames 594 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){ 595 return 0; 596 } 597 */ 598 599 return key1->messageId==key2->messageId; 600 } 601 602 static guint 603 ldap_info_hash_unmatched(gconstpointer k) 604 { 605 const ldap_call_response_t *key = (const ldap_call_response_t*)k; 606 607 return key->messageId; 608 } 609 610 static gint 611 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2) 612 { 613 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1; 614 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2; 615 616 return key1->messageId==key2->messageId; 617 } 618 619 620 /* These are the NtVer flags from MS-ADTS section 6.3.1.1 621 * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts 622 */ 623 624 static const true_false_string tfs_ntver_v1 = { 625 "Client requested version 1 netlogon response", 626 "Version 1 netlogon response not requested" 627 }; 628 629 static const true_false_string tfs_ntver_v5 = { 630 "Client requested version 5 netlogon response", 631 "Version 5 netlogon response not requested" 632 }; 633 static const true_false_string tfs_ntver_v5ex = { 634 "Client requested version 5 extended netlogon response", 635 "Version 5 extended response not requested" 636 }; 637 static const true_false_string tfs_ntver_v5ep = { 638 "Client has requested IP address of the server", 639 "IP address of server not requested" 640 }; 641 static const true_false_string tfs_ntver_vcs = { 642 "Client has asked for the closest site information", 643 "Closest site information not requested" 644 }; 645 static const true_false_string tfs_ntver_vnt4 = { 646 "Client is requesting server to avoid NT4 emulation", 647 "Only full AD DS requested" 648 }; 649 static const true_false_string tfs_ntver_vpdc = { 650 "Client has requested the Primary Domain Controller", 651 "Primary Domain Controller not requested" 652 }; 653 static const true_false_string tfs_ntver_vip = { 654 "Client has requested IP details (obsolete)", 655 "IP details not requested (obsolete)" 656 }; 657 static const true_false_string tfs_ntver_vl = { 658 "Client indicated that it is the local machine", 659 "Client is not the local machine" 660 };static const true_false_string tfs_ntver_vgc = { 661 "Client has requested a Global Catalog server", 662 "Global Catalog not requested" 663 }; 664 665 /* Stuff for generation/handling of fields for custom AttributeValues */ 666 typedef struct _attribute_type_t { 667 gchar* attribute_type; 668 gchar* attribute_desc; 669 } attribute_type_t; 670 671 static attribute_type_t* attribute_types; 672 static guint num_attribute_types; 673 674 static GHashTable* attribute_types_hash; 675 static hf_register_info* dynamic_hf; 676 static guint dynamic_hf_size; 677 678 static gboolean 679 attribute_types_update_cb(void *r, char **err) 680 { 681 attribute_type_t *rec = (attribute_type_t *)r; 682 char c; 683 684 if (rec->attribute_type == NULL) { 685 *err = g_strdup("Attribute type can't be empty"); 686 return FALSE; 687 } 688 689 g_strstrip(rec->attribute_type); 690 if (rec->attribute_type[0] == 0) { 691 *err = g_strdup("Attribute type can't be empty"); 692 return FALSE; 693 } 694 695 /* Check for invalid characters (to avoid asserting out when 696 * registering the field). 697 */ 698 c = proto_check_field_name(rec->attribute_type); 699 if (c) { 700 *err = g_strdup_printf("Attribute type can't contain '%c'", c); 701 return FALSE; 702 } 703 704 *err = NULL; 705 return TRUE; 706 } 707 708 static void * 709 attribute_types_copy_cb(void* n, const void* o, size_t siz _U_) 710 { 711 attribute_type_t* new_rec = (attribute_type_t*)n; 712 const attribute_type_t* old_rec = (const attribute_type_t*)o; 713 714 new_rec->attribute_type = g_strdup(old_rec->attribute_type); 715 new_rec->attribute_desc = g_strdup(old_rec->attribute_desc); 716 717 return new_rec; 718 } 719 720 static void 721 attribute_types_free_cb(void*r) 722 { 723 attribute_type_t* rec = (attribute_type_t*)r; 724 725 g_free(rec->attribute_type); 726 g_free(rec->attribute_desc); 727 } 728 729 UAT_CSTRING_CB_DEF(attribute_types, attribute_type, attribute_type_t) 730 UAT_CSTRING_CB_DEF(attribute_types, attribute_desc, attribute_type_t) 731 732 /* 733 * 734 */ 735 static gint* 736 get_hf_for_header(char* attribute_type) 737 { 738 gint* hf_id = NULL; 739 740 if (attribute_types_hash) { 741 hf_id = (gint*) g_hash_table_lookup(attribute_types_hash, attribute_type); 742 } else { 743 hf_id = NULL; 744 } 745 746 return hf_id; 747 } 748 749 /* 750 * 751 */ 752 static void 753 deregister_attribute_types(void) 754 { 755 if (dynamic_hf) { 756 /* Deregister all fields */ 757 for (guint i = 0; i < dynamic_hf_size; i++) { 758 proto_deregister_field (proto_ldap, *(dynamic_hf[i].p_id)); 759 g_free (dynamic_hf[i].p_id); 760 } 761 762 proto_add_deregistered_data (dynamic_hf); 763 dynamic_hf = NULL; 764 dynamic_hf_size = 0; 765 } 766 767 if (attribute_types_hash) { 768 g_hash_table_destroy (attribute_types_hash); 769 attribute_types_hash = NULL; 770 } 771 } 772 773 static void 774 attribute_types_post_update_cb(void) 775 { 776 gint* hf_id; 777 gchar* attribute_type; 778 779 deregister_attribute_types(); 780 781 if (num_attribute_types) { 782 attribute_types_hash = g_hash_table_new(g_str_hash, g_str_equal); 783 dynamic_hf = g_new0(hf_register_info,num_attribute_types); 784 dynamic_hf_size = num_attribute_types; 785 786 for (guint i = 0; i < dynamic_hf_size; i++) { 787 hf_id = g_new(gint,1); 788 *hf_id = -1; 789 attribute_type = g_strdup(attribute_types[i].attribute_type); 790 791 dynamic_hf[i].p_id = hf_id; 792 dynamic_hf[i].hfinfo.name = attribute_type; 793 dynamic_hf[i].hfinfo.abbrev = g_strdup_printf("ldap.AttributeValue.%s", attribute_type); 794 dynamic_hf[i].hfinfo.type = FT_STRING; 795 dynamic_hf[i].hfinfo.display = BASE_NONE; 796 dynamic_hf[i].hfinfo.strings = NULL; 797 dynamic_hf[i].hfinfo.bitmask = 0; 798 dynamic_hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc); 799 HFILL_INIT(dynamic_hf[i]); 800 801 g_hash_table_insert(attribute_types_hash, attribute_type, hf_id); 802 } 803 804 proto_register_field_array(proto_ldap, dynamic_hf, dynamic_hf_size); 805 } 806 } 807 808 static void 809 attribute_types_reset_cb(void) 810 { 811 deregister_attribute_types(); 812 } 813 814 /* MS-ADTS specification, section 6.3.1.1, NETLOGON_NT_VERSION Options Bits */ 815 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset) 816 { 817 static int * const flags[] = { 818 &hf_mscldap_ntver_flags_v1, 819 &hf_mscldap_ntver_flags_v5, 820 &hf_mscldap_ntver_flags_v5ex, 821 &hf_mscldap_ntver_flags_v5ep, 822 &hf_mscldap_ntver_flags_vcs, 823 &hf_mscldap_ntver_flags_vnt4, 824 &hf_mscldap_ntver_flags_vpdc, 825 &hf_mscldap_ntver_flags_vip, 826 &hf_mscldap_ntver_flags_vl, 827 &hf_mscldap_ntver_flags_vgc, 828 NULL 829 }; 830 831 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_ntver_flags, 832 ett_mscldap_ntver_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE); 833 offset += 4; 834 835 return offset; 836 } 837 838 /* This string contains the last LDAPString that was decoded */ 839 static const char *attributedesc_string=NULL; 840 841 /* This string contains the last AssertionValue that was decoded */ 842 static char *ldapvalue_string=NULL; 843 844 /* if the octet string contain all printable ASCII characters, then 845 * display it as a string, othervise just display it in hex. 846 */ 847 static int 848 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index) 849 { 850 gint8 ber_class; 851 gboolean pc, ind, is_ascii; 852 gint32 tag; 853 guint32 len; 854 855 if(!implicit_tag){ 856 offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag); 857 offset=get_ber_length(tvb, offset, &len, &ind); 858 } else { 859 len=tvb_reported_length_remaining(tvb,offset); 860 } 861 862 if(len==0){ 863 return offset; 864 } 865 866 867 /* 868 * Some special/wellknown attributes in common LDAP (read AD) 869 * are neither ascii strings nor blobs of hex data. 870 * Special case these attributes and decode them more nicely. 871 * 872 * Add more special cases as required to prettify further 873 * (there can't be that many ones that are truly interesting) 874 */ 875 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){ 876 tvbuff_t *sid_tvb; 877 char *tmpstr; 878 879 /* this octet string contains an NT SID */ 880 sid_tvb=tvb_new_subset_length(tvb, offset, len); 881 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index); 882 ldapvalue_string=tmpstr; 883 884 goto finished; 885 } else if ( (len==16) /* GUIDs are always 16 bytes */ 886 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) { 887 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ 888 e_guid_t uuid; 889 890 /* This octet string contained a GUID */ 891 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid); 892 893 ldapvalue_string=(char*)wmem_alloc(actx->pinfo->pool, 1024); 894 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", 895 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1], 896 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5], 897 uuid.data4[6], uuid.data4[7]); 898 899 goto finished; 900 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){ 901 guint32 flags; 902 903 len = 0; 904 /* get flag value to populate ldapvalue_string */ 905 flags=tvb_get_letohl(tvb, offset); 906 907 ldapvalue_string=(char*)wmem_alloc(actx->pinfo->pool, 1024); 908 g_snprintf(ldapvalue_string, 1023, "0x%08x",flags); 909 910 /* populate bitmask subtree */ 911 offset = dissect_mscldap_ntver_flags(tree, tvb, offset); 912 913 goto finished; 914 915 916 } 917 918 /* 919 * It was not one of our "wellknown" attributes so make the best 920 * we can and just try to see if it is an ascii string or if it 921 * is a binary blob. 922 * 923 * XXX - should we support reading RFC 2252-style schemas 924 * for LDAP, and using that to determine how to display 925 * attribute values and assertion values? 926 * 927 * -- I don't think there are full schemas available that describe the 928 * interesting cases i.e. AD -- ronnie 929 */ 930 is_ascii=tvb_ascii_isprint(tvb, offset, len); 931 932 /* convert the string into a printable string */ 933 if(is_ascii){ 934 ldapvalue_string= tvb_get_string_enc(actx->pinfo->pool, tvb, offset, len, ENC_UTF_8|ENC_NA); 935 } else { 936 ldapvalue_string= tvb_bytes_to_str_punct(actx->pinfo->pool, tvb, offset, len, ':'); 937 } 938 939 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string); 940 941 942 finished: 943 offset+=len; 944 return offset; 945 } 946 947 /* This string contains the last Filter item that was decoded */ 948 static const char *Filter_string=NULL; 949 static const char *and_filter_string=NULL; 950 static const char *or_filter_string=NULL; 951 static const char *substring_value=NULL; 952 static const char *substring_item_init=NULL; 953 static const char *substring_item_any=NULL; 954 static const char *substring_item_final=NULL; 955 static const char *matching_rule_string=NULL; 956 static gboolean matching_rule_dnattr=FALSE; 957 958 #define MAX_FILTER_LEN 4096 959 static gint Filter_length; 960 961 #define MAX_FILTER_ELEMENTS 200 962 static gint Filter_elements; 963 964 /* Global variables */ 965 static gint MessageID =-1; 966 static gint ProtocolOp = -1; 967 static gint result = 0; 968 static proto_item *ldm_tree = NULL; /* item to add text to */ 969 970 static void ldap_do_protocolop(packet_info *pinfo) 971 { 972 const gchar* valstr; 973 974 if (do_protocolop) { 975 976 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)"); 977 978 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID); 979 980 if(ldm_tree) 981 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID); 982 983 do_protocolop = FALSE; 984 985 } 986 } 987 988 static ldap_call_response_t * 989 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag, ldap_conv_info_t *ldap_info) 990 { 991 ldap_call_response_t lcr, *lcrp=NULL; 992 993 /* first see if we have already matched this */ 994 995 lcr.messageId=messageId; 996 switch(protocolOpTag){ 997 case LDAP_REQ_BIND: 998 case LDAP_REQ_SEARCH: 999 case LDAP_REQ_MODIFY: 1000 case LDAP_REQ_ADD: 1001 case LDAP_REQ_DELETE: 1002 case LDAP_REQ_MODRDN: 1003 case LDAP_REQ_COMPARE: 1004 case LDAP_REQ_EXTENDED: 1005 lcr.is_request=TRUE; 1006 lcr.req_frame=pinfo->num; 1007 lcr.rep_frame=0; 1008 break; 1009 case LDAP_RES_BIND: 1010 case LDAP_RES_SEARCH_ENTRY: 1011 case LDAP_RES_SEARCH_REF: 1012 case LDAP_RES_SEARCH_RESULT: 1013 case LDAP_RES_MODIFY: 1014 case LDAP_RES_ADD: 1015 case LDAP_RES_DELETE: 1016 case LDAP_RES_MODRDN: 1017 case LDAP_RES_COMPARE: 1018 case LDAP_RES_EXTENDED: 1019 case LDAP_RES_INTERMEDIATE: 1020 lcr.is_request=FALSE; 1021 lcr.req_frame=0; 1022 lcr.rep_frame=pinfo->num; 1023 break; 1024 default: 1025 return NULL; 1026 } 1027 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->matched, &lcr); 1028 1029 if(lcrp){ 1030 1031 lcrp->is_request=lcr.is_request; 1032 1033 } else { 1034 1035 /* we haven't found a match - try and match it up */ 1036 1037 switch(protocolOpTag){ 1038 case LDAP_REQ_BIND: 1039 case LDAP_REQ_SEARCH: 1040 case LDAP_REQ_MODIFY: 1041 case LDAP_REQ_ADD: 1042 case LDAP_REQ_DELETE: 1043 case LDAP_REQ_MODRDN: 1044 case LDAP_REQ_COMPARE: 1045 case LDAP_REQ_EXTENDED: 1046 1047 /* this a a request - add it to the unmatched list */ 1048 1049 /* check that we don't already have one of those in the 1050 unmatched list and if so remove it */ 1051 1052 lcr.messageId=messageId; 1053 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr); 1054 if(lcrp){ 1055 wmem_map_remove(ldap_info->unmatched, lcrp); 1056 } 1057 /* if we can't reuse the old one, grab a new chunk */ 1058 if(!lcrp){ 1059 lcrp=wmem_new0(wmem_file_scope(), ldap_call_response_t); 1060 } 1061 lcrp->messageId=messageId; 1062 lcrp->req_frame=pinfo->num; 1063 lcrp->req_time=pinfo->abs_ts; 1064 lcrp->rep_frame=0; 1065 lcrp->protocolOpTag=protocolOpTag; 1066 lcrp->is_request=TRUE; 1067 wmem_map_insert(ldap_info->unmatched, lcrp, lcrp); 1068 return NULL; 1069 break; 1070 case LDAP_RES_BIND: 1071 case LDAP_RES_SEARCH_ENTRY: 1072 case LDAP_RES_SEARCH_REF: 1073 case LDAP_RES_SEARCH_RESULT: 1074 case LDAP_RES_MODIFY: 1075 case LDAP_RES_ADD: 1076 case LDAP_RES_DELETE: 1077 case LDAP_RES_MODRDN: 1078 case LDAP_RES_COMPARE: 1079 case LDAP_RES_EXTENDED: 1080 case LDAP_RES_INTERMEDIATE: 1081 1082 /* this is a result - it should be in our unmatched list */ 1083 1084 lcr.messageId=messageId; 1085 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr); 1086 1087 if(lcrp){ 1088 1089 if(!lcrp->rep_frame){ 1090 wmem_map_remove(ldap_info->unmatched, lcrp); 1091 lcrp->rep_frame=pinfo->num; 1092 lcrp->is_request=FALSE; 1093 wmem_map_insert(ldap_info->matched, lcrp, lcrp); 1094 } 1095 } 1096 1097 break; 1098 } 1099 1100 } 1101 /* we have found a match */ 1102 1103 if(lcrp){ 1104 proto_item *it; 1105 1106 if(lcrp->is_request){ 1107 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame); 1108 proto_item_set_generated(it); 1109 } else { 1110 nstime_t ns; 1111 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame); 1112 proto_item_set_generated(it); 1113 nstime_delta(&ns, &pinfo->abs_ts, &lcrp->req_time); 1114 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns); 1115 proto_item_set_generated(it); 1116 } 1117 } 1118 1119 return lcrp; 1120 } 1121 1122 1123 /*--- Included file: packet-ldap-fn.c ---*/ 1124 #line 1 "./asn1/ldap/packet-ldap-fn.c" 1125 /*--- Cyclic dependencies ---*/ 1126 1127 /* Filter -> Filter/and -> Filter/and/_item -> Filter */ 1128 /* Filter -> Filter/or -> Filter/or/_item -> Filter */ 1129 /* Filter -> Filter/not -> Filter */ 1130 static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 1131 1132 1133 1134 1135 static int 1136 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1137 #line 91 "./asn1/ldap/ldap.cnf" 1138 1139 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 1140 &MessageID); 1141 1142 1143 ldm_tree = tree; 1144 1145 1146 1147 return offset; 1148 } 1149 1150 1151 1152 static int 1153 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1154 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 1155 NULL); 1156 1157 return offset; 1158 } 1159 1160 1161 1162 static int 1163 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1164 #line 301 "./asn1/ldap/ldap.cnf" 1165 tvbuff_t *parameter_tvb = NULL; 1166 const char *ldapstring = NULL; 1167 gchar *sc = NULL; /* semi-colon pointer */ 1168 1169 offset = dissect_ber_octet_string_with_encoding(implicit_tag, actx, tree, tvb, offset, hf_index, 1170 ¶meter_tvb, ENC_UTF_8|ENC_NA); 1171 1172 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) { 1173 1174 ldap_do_protocolop(actx->pinfo); 1175 1176 if(parameter_tvb) 1177 ldapstring = tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA); 1178 1179 if(hf_index == hf_ldap_baseObject) { 1180 /* this is search - put it on the scanline */ 1181 if(!ldapstring || !*ldapstring) 1182 ldapstring = "<ROOT>"; 1183 1184 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring))); 1185 1186 if(ldm_tree) 1187 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring); 1188 1189 1190 if(!parameter_tvb) { 1191 1192 proto_item_append_text(actx->created_item, " (%s)", ldapstring); 1193 } 1194 1195 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */ 1196 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring))); 1197 1198 if(ldm_tree) 1199 proto_item_append_text(ldm_tree, " (%s)", ldapstring); 1200 1201 } else if ((hf_index == hf_ldap_objectName) || 1202 (hf_index == hf_ldap_name) || 1203 (hf_index == hf_ldap_entry) || 1204 (hf_index == hf_ldap_object) || 1205 (hf_index == hf_ldap_delRequest) ) { 1206 1207 if(!ldapstring || !*ldapstring) 1208 ldapstring = "<ROOT>"; 1209 1210 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring))); 1211 1212 if(ldm_tree) 1213 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring); 1214 } else if (hf_index == hf_ldap_attributeDesc){ 1215 /* remember the attribute description */ 1216 attributedesc_string=ldapstring; 1217 } else if (hf_index == hf_ldap_initial){ 1218 /* remember the substring item */ 1219 substring_item_init=ldapstring; 1220 } else if (hf_index == hf_ldap_any){ 1221 /* remember the substring item */ 1222 substring_item_any=ldapstring; 1223 } else if (hf_index == hf_ldap_final){ 1224 /* remember the substring item */ 1225 substring_item_final=ldapstring; 1226 } else if (hf_index == hf_ldap_matchingRule){ 1227 /* remember the matching rule */ 1228 matching_rule_string=ldapstring; 1229 } else if (hf_index == hf_ldap_present){ 1230 /* remember the present name */ 1231 Filter_string=ldapstring; 1232 } else if (hf_index == hf_ldap_type) { 1233 /* remember attribute type name */ 1234 attr_type = wmem_strdup(actx->pinfo->pool, ldapstring); 1235 1236 /* append it to the parent entry */ 1237 proto_item_append_text(tree, " %s", attr_type); 1238 1239 /* remove the ";binary" component if present */ 1240 if((sc = strchr(attr_type, ';')) != NULL) { 1241 if(!strcmp(sc, ";binary")) { 1242 *sc = '\0'; /* terminate the string */ 1243 is_binary_attr_type = TRUE; 1244 } 1245 } else { 1246 is_binary_attr_type = FALSE; 1247 } 1248 } 1249 1250 } 1251 1252 1253 1254 return offset; 1255 } 1256 1257 1258 1259 static int 1260 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1261 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); 1262 1263 return offset; 1264 } 1265 1266 1267 1268 static int 1269 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1270 #line 148 "./asn1/ldap/ldap.cnf" 1271 ldap_conv_info_t *ldap_info; 1272 1273 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 1274 NULL); 1275 1276 1277 ldap_info = (ldap_conv_info_t *)actx->private_data; 1278 ldap_info->auth_type = LDAP_AUTH_SIMPLE; 1279 1280 1281 1282 return offset; 1283 } 1284 1285 1286 1287 static int 1288 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1289 #line 156 "./asn1/ldap/ldap.cnf" 1290 1291 ldap_conv_info_t *ldap_info; 1292 tvbuff_t *parameter_tvb; 1293 char *mechanism = NULL; 1294 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 1295 ¶meter_tvb); 1296 1297 ldap_info = (ldap_conv_info_t *)actx->private_data; 1298 ldap_info->auth_type = LDAP_AUTH_SASL; 1299 1300 if (!parameter_tvb) 1301 return offset; 1302 1303 /* 1304 * We need to remember the authentication type and mechanism for this 1305 * conversation. 1306 * 1307 * XXX - actually, we might need to remember more than one 1308 * type and mechanism, if you can unbind and rebind with a 1309 * different type and/or mechanism. 1310 */ 1311 if(!actx->pinfo->fd->visited) { 1312 mechanism = tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA); 1313 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */ 1314 /* 1315 * If the mechanism in this request is an empty string (which is 1316 * returned as a null pointer), use the saved mechanism instead. 1317 * Otherwise, if the saved mechanism is an empty string (null), 1318 * save this mechanism. 1319 */ 1320 if (mechanism != NULL) { 1321 wmem_free(wmem_file_scope(), ldap_info->auth_mech); 1322 ldap_info->auth_mech = mechanism; 1323 } 1324 } 1325 1326 1327 return offset; 1328 } 1329 1330 1331 1332 static int 1333 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1334 #line 190 "./asn1/ldap/ldap.cnf" 1335 1336 tvbuff_t *parameter_tvb; 1337 ldap_conv_info_t *ldap_info; 1338 gint8 ber_class; 1339 gboolean pc; 1340 gint32 tag; 1341 1342 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 1343 ¶meter_tvb); 1344 1345 1346 if (!parameter_tvb) 1347 return offset; 1348 1349 ldap_info = (ldap_conv_info_t *)actx->private_data; 1350 get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag); 1351 1352 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/ 1353 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) { 1354 /* 1355 * This is a GSS-API token ancapsulated within GSS-SPNEGO. 1356 * We need to check the first byte to check whether the blob 1357 * contains SPNEGO or GSSAPI. 1358 * All SPNEGO PDUs are of class CONSTRUCTED while 1359 * GSS PDUs are class APPLICATION 1360 */ 1361 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) 1362 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); 1363 } 1364 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/ 1365 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) { 1366 /* 1367 * This is a raw GSS-API token. 1368 */ 1369 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) { 1370 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); 1371 } 1372 } 1373 /* Restore private data */ 1374 actx->private_data = ldap_info; 1375 1376 1377 1378 1379 return offset; 1380 } 1381 1382 1383 static const ber_sequence_t SaslCredentials_sequence[] = { 1384 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism }, 1385 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials }, 1386 { NULL, 0, 0, 0, NULL } 1387 }; 1388 1389 static int 1390 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1391 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 1392 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials); 1393 1394 return offset; 1395 } 1396 1397 1398 1399 static int 1400 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1401 #line 683 "./asn1/ldap/ldap.cnf" 1402 /* make sure the protocol op comes first */ 1403 ldap_do_protocolop(actx->pinfo); 1404 1405 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree); 1406 offset+=tvb_reported_length_remaining(tvb, offset); 1407 1408 1409 1410 return offset; 1411 } 1412 1413 1414 1415 static int 1416 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1417 #line 690 "./asn1/ldap/ldap.cnf" 1418 /* make sure the protocol op comes first */ 1419 ldap_do_protocolop(actx->pinfo); 1420 1421 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree); 1422 offset+=tvb_reported_length_remaining(tvb, offset); 1423 1424 1425 1426 return offset; 1427 } 1428 1429 1430 static const value_string ldap_AuthenticationChoice_vals[] = { 1431 { 0, "simple" }, 1432 { 3, "sasl" }, 1433 { 10, "ntlmsspNegotiate" }, 1434 { 11, "ntlmsspAuth" }, 1435 { 0, NULL } 1436 }; 1437 1438 static const ber_choice_t AuthenticationChoice_choice[] = { 1439 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple }, 1440 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials }, 1441 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate }, 1442 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth }, 1443 { 0, NULL, 0, 0, 0, NULL } 1444 }; 1445 1446 static int 1447 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1448 #line 480 "./asn1/ldap/ldap.cnf" 1449 gint branch = -1; 1450 gint auth = -1; 1451 const gchar *valstr; 1452 1453 offset = dissect_ber_choice(actx, tree, tvb, offset, 1454 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice, 1455 &branch); 1456 1457 1458 ldap_do_protocolop(actx->pinfo); 1459 1460 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0]))) 1461 auth = AuthenticationChoice_choice[branch].value; 1462 1463 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)"); 1464 1465 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */ 1466 if ((auth != 10) && (auth != 11)) 1467 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); 1468 1469 if(ldm_tree) 1470 proto_item_append_text(ldm_tree, " %s", valstr); 1471 1472 1473 1474 1475 return offset; 1476 } 1477 1478 1479 static const ber_sequence_t BindRequest_U_sequence[] = { 1480 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 }, 1481 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 1482 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice }, 1483 { NULL, 0, 0, 0, NULL } 1484 }; 1485 1486 static int 1487 dissect_ldap_BindRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1488 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 1489 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U); 1490 1491 return offset; 1492 } 1493 1494 1495 1496 static int 1497 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1498 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 1499 hf_index, BER_CLASS_APP, 0, TRUE, dissect_ldap_BindRequest_U); 1500 1501 return offset; 1502 } 1503 1504 1505 static const value_string ldap_BindResponse_resultCode_vals[] = { 1506 { 0, "success" }, 1507 { 1, "operationsError" }, 1508 { 2, "protocolError" }, 1509 { 3, "timeLimitExceeded" }, 1510 { 4, "sizeLimitExceeded" }, 1511 { 5, "compareFalse" }, 1512 { 6, "compareTrue" }, 1513 { 7, "authMethodNotSupported" }, 1514 { 8, "strongAuthRequired" }, 1515 { 10, "referral" }, 1516 { 11, "adminLimitExceeded" }, 1517 { 12, "unavailableCriticalExtension" }, 1518 { 13, "confidentialityRequired" }, 1519 { 14, "saslBindInProgress" }, 1520 { 16, "noSuchAttribute" }, 1521 { 17, "undefinedAttributeType" }, 1522 { 18, "inappropriateMatching" }, 1523 { 19, "constraintViolation" }, 1524 { 20, "attributeOrValueExists" }, 1525 { 21, "invalidAttributeSyntax" }, 1526 { 32, "noSuchObject" }, 1527 { 33, "aliasProblem" }, 1528 { 34, "invalidDNSyntax" }, 1529 { 36, "aliasDereferencingProblem" }, 1530 { 48, "inappropriateAuthentication" }, 1531 { 49, "invalidCredentials" }, 1532 { 50, "insufficientAccessRights" }, 1533 { 51, "busy" }, 1534 { 52, "unavailable" }, 1535 { 53, "unwillingToPerform" }, 1536 { 54, "loopDetect" }, 1537 { 64, "namingViolation" }, 1538 { 65, "objectClassViolation" }, 1539 { 66, "notAllowedOnNonLeaf" }, 1540 { 67, "notAllowedOnRDN" }, 1541 { 68, "entryAlreadyExists" }, 1542 { 69, "objectClassModsProhibited" }, 1543 { 71, "affectsMultipleDSAs" }, 1544 { 80, "other" }, 1545 { 118, "canceled" }, 1546 { 119, "noSuchOperation" }, 1547 { 120, "tooLate" }, 1548 { 121, "cannotCancel" }, 1549 { 0, NULL } 1550 }; 1551 1552 1553 static int 1554 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1555 #line 421 "./asn1/ldap/ldap.cnf" 1556 1557 const gchar *valstr; 1558 1559 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 1560 &result); 1561 1562 1563 ldap_do_protocolop(actx->pinfo); 1564 1565 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)"); 1566 1567 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); 1568 1569 if(ldm_tree) 1570 proto_item_append_text(ldm_tree, " %s", valstr); 1571 1572 1573 1574 return offset; 1575 } 1576 1577 1578 1579 static int 1580 dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1581 #line 697 "./asn1/ldap/ldap.cnf" 1582 tvbuff_t *new_tvb=NULL; 1583 1584 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb); 1585 1586 if( new_tvb 1587 && (tvb_reported_length(new_tvb)>=7) 1588 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){ 1589 1590 /* make sure the protocol op comes first */ 1591 ldap_do_protocolop(actx->pinfo); 1592 1593 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree); 1594 } 1595 1596 1597 1598 return offset; 1599 } 1600 1601 1602 1603 static int 1604 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1605 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); 1606 1607 return offset; 1608 } 1609 1610 1611 1612 static int 1613 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1614 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 1615 NULL); 1616 1617 #line 54 "./asn1/ldap/ldap.cnf" 1618 proto_item_set_url(actx->created_item); 1619 1620 1621 return offset; 1622 } 1623 1624 1625 static const ber_sequence_t Referral_sequence_of[1] = { 1626 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL }, 1627 }; 1628 1629 static int 1630 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1631 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 1632 Referral_sequence_of, hf_index, ett_ldap_Referral); 1633 1634 return offset; 1635 } 1636 1637 1638 1639 static int 1640 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1641 #line 231 "./asn1/ldap/ldap.cnf" 1642 1643 tvbuff_t *parameter_tvb = NULL; 1644 ldap_conv_info_t *ldap_info; 1645 1646 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 1647 ¶meter_tvb); 1648 1649 if (!parameter_tvb) 1650 return offset; 1651 ldap_info = (ldap_conv_info_t *)actx->private_data; 1652 switch (ldap_info->auth_type) { 1653 1654 /* For Kerberos V4, dissect it as a ticket. */ 1655 /* XXX - what about LDAP_AUTH_SIMPLE? */ 1656 1657 case LDAP_AUTH_SASL: 1658 /* 1659 * All frames after this are assumed to use a security layer. 1660 * 1661 * XXX - won't work if there's another reply, with the security 1662 * layer, starting in the same TCP segment that ends this 1663 * reply, but as LDAP is a request/response protocol, and 1664 * as the client probably can't start using authentication until 1665 * it gets the bind reply and the server won't send a reply until 1666 * it gets a request, that probably won't happen. 1667 * 1668 * XXX - that assumption is invalid; it's not clear where the 1669 * hell you find out whether there's any security layer. In 1670 * one capture, we have two GSS-SPNEGO negotiations, both of 1671 * which select MS KRB5, and the only differences in the tokens 1672 * is in the RC4-HMAC ciphertext. The various 1673 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply 1674 * that the RFC 2222 spoo with the bitmask and maximum 1675 * output message size stuff is done - but where does that 1676 * stuff show up? Is it in the ciphertext, which means it's 1677 * presumably encrypted? 1678 * 1679 * Grrr. We have to do a gross heuristic, checking whether the 1680 * putative LDAP message begins with 0x00 or not, making the 1681 * assumption that we won't have more than 2^24 bytes of 1682 * encapsulated stuff. 1683 */ 1684 ldap_info->first_auth_frame = actx->pinfo->num + 1; 1685 if (ldap_info->auth_mech != NULL && 1686 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) { 1687 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP 1688 * which might not be wrapped in GSS-SPNEGO but be a raw 1689 * NTLMSSP blob 1690 */ 1691 if ( (tvb_reported_length(parameter_tvb)>=7) 1692 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){ 1693 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree); 1694 break; 1695 } 1696 /* 1697 * This is a GSS-API token. 1698 */ 1699 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) 1700 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree); 1701 } else if (ldap_info->auth_mech != NULL && 1702 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) { 1703 /* 1704 * This is a GSS-API token. 1705 */ 1706 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) 1707 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree); 1708 } 1709 break; 1710 } 1711 actx->private_data = ldap_info; 1712 1713 1714 1715 return offset; 1716 } 1717 1718 1719 static const ber_sequence_t BindResponse_U_sequence[] = { 1720 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode }, 1721 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN }, 1722 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage }, 1723 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral }, 1724 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds }, 1725 { NULL, 0, 0, 0, NULL } 1726 }; 1727 1728 static int 1729 dissect_ldap_BindResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1730 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 1731 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U); 1732 1733 return offset; 1734 } 1735 1736 1737 1738 static int 1739 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1740 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 1741 hf_index, BER_CLASS_APP, 1, TRUE, dissect_ldap_BindResponse_U); 1742 1743 return offset; 1744 } 1745 1746 1747 1748 static int 1749 dissect_ldap_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1750 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index); 1751 1752 return offset; 1753 } 1754 1755 1756 1757 static int 1758 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1759 #line 502 "./asn1/ldap/ldap.cnf" 1760 1761 implicit_tag = TRUE; /* correct problem with asn2wrs */ 1762 1763 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 1764 hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL); 1765 1766 1767 ldap_do_protocolop(actx->pinfo); 1768 1769 1770 1771 1772 1773 1774 1775 return offset; 1776 } 1777 1778 1779 static const value_string ldap_T_scope_vals[] = { 1780 { 0, "baseObject" }, 1781 { 1, "singleLevel" }, 1782 { 2, "wholeSubtree" }, 1783 { 0, NULL } 1784 }; 1785 1786 1787 static int 1788 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1789 #line 389 "./asn1/ldap/ldap.cnf" 1790 1791 guint32 scope = 0xffff; 1792 const gchar *valstr; 1793 1794 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 1795 &scope); 1796 1797 1798 ldap_do_protocolop(actx->pinfo); 1799 1800 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)"); 1801 1802 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); 1803 1804 if(ldm_tree) 1805 proto_item_append_text(ldm_tree, " %s", valstr); 1806 1807 1808 1809 return offset; 1810 } 1811 1812 1813 static const value_string ldap_T_derefAliases_vals[] = { 1814 { 0, "neverDerefAliases" }, 1815 { 1, "derefInSearching" }, 1816 { 2, "derefFindingBaseObj" }, 1817 { 3, "derefAlways" }, 1818 { 0, NULL } 1819 }; 1820 1821 1822 static int 1823 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1824 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 1825 NULL); 1826 1827 return offset; 1828 } 1829 1830 1831 1832 static int 1833 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1834 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 1835 NULL); 1836 1837 return offset; 1838 } 1839 1840 1841 1842 static int 1843 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1844 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); 1845 1846 return offset; 1847 } 1848 1849 1850 1851 static int 1852 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1853 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); 1854 1855 #line 548 "./asn1/ldap/ldap.cnf" 1856 if(and_filter_string){ 1857 and_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(&%s%s)",and_filter_string,Filter_string); 1858 } else { 1859 and_filter_string=Filter_string; 1860 } 1861 1862 1863 return offset; 1864 } 1865 1866 1867 static const ber_sequence_t T_and_set_of[1] = { 1868 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item }, 1869 }; 1870 1871 static int 1872 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1873 #line 555 "./asn1/ldap/ldap.cnf" 1874 proto_tree *tr=NULL; 1875 proto_item *it=NULL; 1876 const char *old_and_filter_string=and_filter_string; 1877 1878 and_filter_string=NULL; 1879 1880 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: "); 1881 tree = tr; 1882 1883 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, 1884 T_and_set_of, hf_index, ett_ldap_T_and); 1885 1886 1887 if(and_filter_string) { 1888 proto_item_append_text(it, "%s", and_filter_string); 1889 Filter_string=wmem_strdup(actx->pinfo->pool, and_filter_string); 1890 } 1891 and_filter_string=old_and_filter_string; 1892 1893 1894 1895 return offset; 1896 } 1897 1898 1899 1900 static int 1901 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1902 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); 1903 1904 #line 573 "./asn1/ldap/ldap.cnf" 1905 if(or_filter_string){ 1906 or_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(|%s%s)",or_filter_string,Filter_string); 1907 } else { 1908 or_filter_string=Filter_string; 1909 } 1910 1911 1912 1913 return offset; 1914 } 1915 1916 1917 static const ber_sequence_t T_or_set_of[1] = { 1918 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item }, 1919 }; 1920 1921 static int 1922 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1923 #line 581 "./asn1/ldap/ldap.cnf" 1924 proto_tree *tr; 1925 proto_item *it; 1926 const char *old_or_filter_string=or_filter_string; 1927 1928 or_filter_string=NULL; 1929 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: "); 1930 tree = tr; 1931 1932 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, 1933 T_or_set_of, hf_index, ett_ldap_T_or); 1934 1935 if(or_filter_string) { 1936 proto_item_append_text(it, "%s", or_filter_string); 1937 Filter_string=wmem_strdup(actx->pinfo->pool, or_filter_string); 1938 } 1939 or_filter_string=old_or_filter_string; 1940 1941 1942 1943 return offset; 1944 } 1945 1946 1947 1948 static int 1949 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1950 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); 1951 1952 #line 600 "./asn1/ldap/ldap.cnf" 1953 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(!%s)",string_or_null(Filter_string)); 1954 1955 1956 return offset; 1957 } 1958 1959 1960 1961 static int 1962 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1963 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); 1964 1965 return offset; 1966 } 1967 1968 1969 1970 static const ber_sequence_t AttributeValueAssertion_sequence[] = { 1971 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, 1972 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue }, 1973 { NULL, 0, 0, 0, NULL } 1974 }; 1975 1976 static int 1977 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1978 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 1979 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion); 1980 1981 return offset; 1982 } 1983 1984 1985 1986 static int 1987 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 1988 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); 1989 1990 #line 525 "./asn1/ldap/ldap.cnf" 1991 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=%s)", 1992 string_or_null(attributedesc_string), 1993 string_or_null(ldapvalue_string)); 1994 1995 1996 1997 return offset; 1998 } 1999 2000 2001 static const value_string ldap_T_substringFilter_substrings_item_vals[] = { 2002 { 0, "initial" }, 2003 { 1, "any" }, 2004 { 2, "final" }, 2005 { 0, NULL } 2006 }; 2007 2008 static const ber_choice_t T_substringFilter_substrings_item_choice[] = { 2009 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString }, 2010 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString }, 2011 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString }, 2012 { 0, NULL, 0, 0, 0, NULL } 2013 }; 2014 2015 static int 2016 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2017 offset = dissect_ber_choice(actx, tree, tvb, offset, 2018 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item, 2019 NULL); 2020 2021 #line 626 "./asn1/ldap/ldap.cnf" 2022 if (substring_item_final) { 2023 substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s", 2024 (substring_value?substring_value:"*"), 2025 substring_item_final); 2026 } else if (substring_item_any) { 2027 substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s*", 2028 (substring_value?substring_value:"*"), 2029 substring_item_any); 2030 } else if (substring_item_init) { 2031 substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s*", 2032 substring_item_init); 2033 } 2034 2035 2036 return offset; 2037 } 2038 2039 2040 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = { 2041 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item }, 2042 }; 2043 2044 static int 2045 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2046 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 2047 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings); 2048 2049 return offset; 2050 } 2051 2052 2053 static const ber_sequence_t SubstringFilter_sequence[] = { 2054 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, 2055 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings }, 2056 { NULL, 0, 0, 0, NULL } 2057 }; 2058 2059 static int 2060 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2061 #line 640 "./asn1/ldap/ldap.cnf" 2062 proto_tree *tr; 2063 proto_item *it; 2064 const char *old_substring_value=substring_value; 2065 2066 attr_type=NULL; 2067 substring_value=NULL; 2068 substring_item_init=NULL; 2069 substring_item_any=NULL; 2070 substring_item_final=NULL; 2071 2072 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: "); 2073 tree = tr; 2074 2075 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2076 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter); 2077 2078 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=%s)", 2079 string_or_null(attr_type), 2080 string_or_null(substring_value)); 2081 proto_item_append_text(it, "%s", Filter_string); 2082 substring_value=old_substring_value; 2083 2084 2085 2086 return offset; 2087 } 2088 2089 2090 2091 static int 2092 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2093 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); 2094 2095 #line 531 "./asn1/ldap/ldap.cnf" 2096 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s>=%s)", 2097 string_or_null(attributedesc_string), 2098 string_or_null(ldapvalue_string)); 2099 2100 2101 2102 return offset; 2103 } 2104 2105 2106 2107 static int 2108 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2109 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); 2110 2111 #line 537 "./asn1/ldap/ldap.cnf" 2112 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s<=%s)", 2113 string_or_null(attributedesc_string), 2114 string_or_null(ldapvalue_string)); 2115 2116 2117 2118 return offset; 2119 } 2120 2121 2122 2123 static int 2124 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2125 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index); 2126 2127 #line 597 "./asn1/ldap/ldap.cnf" 2128 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=*)",string_or_null(Filter_string)); 2129 2130 2131 return offset; 2132 } 2133 2134 2135 2136 static int 2137 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2138 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); 2139 2140 #line 543 "./asn1/ldap/ldap.cnf" 2141 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s~=%s)", 2142 string_or_null(attributedesc_string), 2143 string_or_null(ldapvalue_string)); 2144 2145 2146 return offset; 2147 } 2148 2149 2150 2151 static int 2152 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2153 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); 2154 2155 return offset; 2156 } 2157 2158 2159 2160 static int 2161 dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2162 #line 603 "./asn1/ldap/ldap.cnf" 2163 gboolean val; 2164 2165 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val); 2166 2167 2168 matching_rule_dnattr = val; 2169 2170 2171 2172 2173 return offset; 2174 } 2175 2176 2177 static const ber_sequence_t MatchingRuleAssertion_sequence[] = { 2178 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId }, 2179 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription }, 2180 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue }, 2181 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes }, 2182 { NULL, 0, 0, 0, NULL } 2183 }; 2184 2185 static int 2186 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2187 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2188 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion); 2189 2190 return offset; 2191 } 2192 2193 2194 2195 static int 2196 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2197 #line 612 "./asn1/ldap/ldap.cnf" 2198 attr_type=NULL; 2199 matching_rule_string=NULL; 2200 ldapvalue_string=NULL; 2201 matching_rule_dnattr=FALSE; 2202 2203 2204 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index); 2205 2206 #line 618 "./asn1/ldap/ldap.cnf" 2207 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s:%s%s%s=%s)", 2208 (attr_type?attr_type:""), 2209 (matching_rule_dnattr?"dn:":""), 2210 (matching_rule_string?matching_rule_string:""), 2211 (matching_rule_string?":":""), 2212 string_or_null(ldapvalue_string)); 2213 2214 2215 return offset; 2216 } 2217 2218 2219 static const value_string ldap_Filter_vals[] = { 2220 { 0, "and" }, 2221 { 1, "or" }, 2222 { 2, "not" }, 2223 { 3, "equalityMatch" }, 2224 { 4, "substrings" }, 2225 { 5, "greaterOrEqual" }, 2226 { 6, "lessOrEqual" }, 2227 { 7, "present" }, 2228 { 8, "approxMatch" }, 2229 { 9, "extensibleMatch" }, 2230 { 0, NULL } 2231 }; 2232 2233 static const ber_choice_t Filter_choice[] = { 2234 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and }, 2235 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or }, 2236 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not }, 2237 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch }, 2238 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter }, 2239 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual }, 2240 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual }, 2241 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present }, 2242 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch }, 2243 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch }, 2244 { 0, NULL, 0, 0, 0, NULL } 2245 }; 2246 2247 static int 2248 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2249 #line 661 "./asn1/ldap/ldap.cnf" 2250 proto_tree *tr; 2251 proto_item *it; 2252 attributedesc_string=NULL; 2253 2254 if (Filter_length++ > MAX_FILTER_LEN) { 2255 expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN); 2256 THROW(ReportedBoundsError); 2257 } 2258 2259 if (Filter_elements++ > MAX_FILTER_ELEMENTS) { 2260 expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS); 2261 THROW(ReportedBoundsError); 2262 } 2263 2264 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: "); 2265 tree = tr; 2266 2267 offset = dissect_ber_choice(actx, tree, tvb, offset, 2268 Filter_choice, hf_index, ett_ldap_Filter, 2269 NULL); 2270 2271 if(Filter_string) 2272 proto_item_append_text(it, "%s", string_or_null(Filter_string)); 2273 2274 2275 2276 return offset; 2277 } 2278 2279 2280 2281 static int 2282 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2283 #line 514 "./asn1/ldap/ldap.cnf" 2284 Filter_string=NULL; 2285 Filter_elements = 0; 2286 Filter_length = 0; 2287 2288 2289 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index); 2290 2291 #line 519 "./asn1/ldap/ldap.cnf" 2292 Filter_string=NULL; 2293 and_filter_string=NULL; 2294 Filter_elements = 0; 2295 Filter_length = 0; 2296 2297 2298 return offset; 2299 } 2300 2301 2302 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = { 2303 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, 2304 }; 2305 2306 static int 2307 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2308 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 2309 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList); 2310 2311 return offset; 2312 } 2313 2314 2315 static const ber_sequence_t SearchRequest_U_sequence[] = { 2316 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 2317 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope }, 2318 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases }, 2319 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt }, 2320 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt }, 2321 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 2322 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter }, 2323 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList }, 2324 { NULL, 0, 0, 0, NULL } 2325 }; 2326 2327 static int 2328 dissect_ldap_SearchRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2329 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2330 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U); 2331 2332 return offset; 2333 } 2334 2335 2336 2337 static int 2338 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2339 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2340 hf_index, BER_CLASS_APP, 3, TRUE, dissect_ldap_SearchRequest_U); 2341 2342 return offset; 2343 } 2344 2345 2346 2347 static int 2348 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2349 #line 451 "./asn1/ldap/ldap.cnf" 2350 2351 tvbuff_t *next_tvb = NULL; 2352 gchar *string; 2353 int old_offset = offset; 2354 gint *hf_id; 2355 2356 /* attr_type, should be set before calling this function */ 2357 2358 /* extract the value of the octetstring */ 2359 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb); 2360 2361 /* first check if we have a custom attribute type configured */ 2362 if ((hf_id = get_hf_for_header (attr_type)) != NULL) 2363 proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA); 2364 2365 /* if we have an attribute type that isn't binary see if there is a better dissector */ 2366 else if(!attr_type || !next_tvb || !dissector_try_string_new(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, FALSE, NULL)) { 2367 offset = old_offset; 2368 2369 /* do the default thing */ 2370 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 2371 NULL); 2372 2373 2374 if(tvb_ascii_isprint(next_tvb, 0, tvb_reported_length(next_tvb))) { 2375 string = tvb_get_string_enc(actx->pinfo->pool, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA); 2376 proto_item_set_text(actx->created_item, "AttributeValue: %s", string); 2377 } 2378 } 2379 2380 2381 2382 return offset; 2383 } 2384 2385 2386 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = { 2387 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue }, 2388 }; 2389 2390 static int 2391 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2392 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, 2393 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue); 2394 2395 return offset; 2396 } 2397 2398 2399 static const ber_sequence_t PartialAttributeList_item_sequence[] = { 2400 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, 2401 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue }, 2402 { NULL, 0, 0, 0, NULL } 2403 }; 2404 2405 static int 2406 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2407 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2408 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item); 2409 2410 return offset; 2411 } 2412 2413 2414 static const ber_sequence_t PartialAttributeList_sequence_of[1] = { 2415 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item }, 2416 }; 2417 2418 static int 2419 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2420 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 2421 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList); 2422 2423 return offset; 2424 } 2425 2426 2427 static const ber_sequence_t SearchResultEntry_U_sequence[] = { 2428 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 2429 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList }, 2430 { NULL, 0, 0, 0, NULL } 2431 }; 2432 2433 static int 2434 dissect_ldap_SearchResultEntry_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2435 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2436 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U); 2437 2438 return offset; 2439 } 2440 2441 2442 2443 static int 2444 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2445 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2446 hf_index, BER_CLASS_APP, 4, TRUE, dissect_ldap_SearchResultEntry_U); 2447 2448 return offset; 2449 } 2450 2451 2452 static const value_string ldap_T_resultCode_vals[] = { 2453 { 0, "success" }, 2454 { 1, "operationsError" }, 2455 { 2, "protocolError" }, 2456 { 3, "timeLimitExceeded" }, 2457 { 4, "sizeLimitExceeded" }, 2458 { 5, "compareFalse" }, 2459 { 6, "compareTrue" }, 2460 { 7, "authMethodNotSupported" }, 2461 { 8, "strongAuthRequired" }, 2462 { 10, "referral" }, 2463 { 11, "adminLimitExceeded" }, 2464 { 12, "unavailableCriticalExtension" }, 2465 { 13, "confidentialityRequired" }, 2466 { 14, "saslBindInProgress" }, 2467 { 16, "noSuchAttribute" }, 2468 { 17, "undefinedAttributeType" }, 2469 { 18, "inappropriateMatching" }, 2470 { 19, "constraintViolation" }, 2471 { 20, "attributeOrValueExists" }, 2472 { 21, "invalidAttributeSyntax" }, 2473 { 32, "noSuchObject" }, 2474 { 33, "aliasProblem" }, 2475 { 34, "invalidDNSyntax" }, 2476 { 36, "aliasDereferencingProblem" }, 2477 { 48, "inappropriateAuthentication" }, 2478 { 49, "invalidCredentials" }, 2479 { 50, "insufficientAccessRights" }, 2480 { 51, "busy" }, 2481 { 52, "unavailable" }, 2482 { 53, "unwillingToPerform" }, 2483 { 54, "loopDetect" }, 2484 { 64, "namingViolation" }, 2485 { 65, "objectClassViolation" }, 2486 { 66, "notAllowedOnNonLeaf" }, 2487 { 67, "notAllowedOnRDN" }, 2488 { 68, "entryAlreadyExists" }, 2489 { 69, "objectClassModsProhibited" }, 2490 { 71, "affectsMultipleDSAs" }, 2491 { 80, "other" }, 2492 { 118, "canceled" }, 2493 { 119, "noSuchOperation" }, 2494 { 120, "tooLate" }, 2495 { 121, "cannotCancel" }, 2496 { 0, NULL } 2497 }; 2498 2499 2500 static int 2501 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2502 #line 405 "./asn1/ldap/ldap.cnf" 2503 2504 const gchar *valstr; 2505 2506 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 2507 &result); 2508 2509 2510 ldap_do_protocolop(actx->pinfo); 2511 2512 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)"); 2513 2514 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr); 2515 2516 if(ldm_tree) 2517 proto_item_append_text(ldm_tree, " %s", valstr); 2518 2519 2520 2521 2522 return offset; 2523 } 2524 2525 2526 static const ber_sequence_t LDAPResult_sequence[] = { 2527 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode }, 2528 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 2529 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage }, 2530 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral }, 2531 { NULL, 0, 0, 0, NULL } 2532 }; 2533 2534 static int 2535 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2536 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2537 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult); 2538 2539 return offset; 2540 } 2541 2542 2543 2544 static int 2545 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2546 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2547 hf_index, BER_CLASS_APP, 5, TRUE, dissect_ldap_LDAPResult); 2548 2549 return offset; 2550 } 2551 2552 2553 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = { 2554 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL }, 2555 }; 2556 2557 static int 2558 dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2559 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 2560 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL); 2561 2562 return offset; 2563 } 2564 2565 2566 2567 static int 2568 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2569 #line 789 "./asn1/ldap/ldap.cnf" 2570 2571 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2572 hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL); 2573 2574 2575 ldap_do_protocolop(actx->pinfo); 2576 2577 2578 2579 2580 return offset; 2581 } 2582 2583 2584 static const value_string ldap_T_operation_vals[] = { 2585 { 0, "add" }, 2586 { 1, "delete" }, 2587 { 2, "replace" }, 2588 { 3, "increment" }, 2589 { 0, NULL } 2590 }; 2591 2592 2593 static int 2594 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2595 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 2596 NULL); 2597 2598 return offset; 2599 } 2600 2601 2602 static const ber_sequence_t AttributeTypeAndValues_sequence[] = { 2603 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, 2604 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue }, 2605 { NULL, 0, 0, 0, NULL } 2606 }; 2607 2608 static int 2609 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2610 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2611 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues); 2612 2613 return offset; 2614 } 2615 2616 2617 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = { 2618 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation }, 2619 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues }, 2620 { NULL, 0, 0, 0, NULL } 2621 }; 2622 2623 static int 2624 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2625 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2626 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item); 2627 2628 return offset; 2629 } 2630 2631 2632 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = { 2633 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item }, 2634 }; 2635 2636 static int 2637 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2638 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 2639 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification); 2640 2641 return offset; 2642 } 2643 2644 2645 static const ber_sequence_t ModifyRequest_U_sequence[] = { 2646 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 2647 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification }, 2648 { NULL, 0, 0, 0, NULL } 2649 }; 2650 2651 static int 2652 dissect_ldap_ModifyRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2653 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2654 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U); 2655 2656 return offset; 2657 } 2658 2659 2660 2661 static int 2662 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2663 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2664 hf_index, BER_CLASS_APP, 6, TRUE, dissect_ldap_ModifyRequest_U); 2665 2666 return offset; 2667 } 2668 2669 2670 2671 static int 2672 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2673 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2674 hf_index, BER_CLASS_APP, 7, TRUE, dissect_ldap_LDAPResult); 2675 2676 return offset; 2677 } 2678 2679 2680 static const ber_sequence_t AttributeList_item_sequence[] = { 2681 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, 2682 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue }, 2683 { NULL, 0, 0, 0, NULL } 2684 }; 2685 2686 static int 2687 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2688 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2689 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item); 2690 2691 return offset; 2692 } 2693 2694 2695 static const ber_sequence_t AttributeList_sequence_of[1] = { 2696 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item }, 2697 }; 2698 2699 static int 2700 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2701 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 2702 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList); 2703 2704 return offset; 2705 } 2706 2707 2708 static const ber_sequence_t AddRequest_U_sequence[] = { 2709 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 2710 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList }, 2711 { NULL, 0, 0, 0, NULL } 2712 }; 2713 2714 static int 2715 dissect_ldap_AddRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2716 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2717 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U); 2718 2719 return offset; 2720 } 2721 2722 2723 2724 static int 2725 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2726 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2727 hf_index, BER_CLASS_APP, 8, TRUE, dissect_ldap_AddRequest_U); 2728 2729 return offset; 2730 } 2731 2732 2733 2734 static int 2735 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2736 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2737 hf_index, BER_CLASS_APP, 9, TRUE, dissect_ldap_LDAPResult); 2738 2739 return offset; 2740 } 2741 2742 2743 2744 static int 2745 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2746 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2747 hf_index, BER_CLASS_APP, 10, TRUE, dissect_ldap_LDAPDN); 2748 2749 return offset; 2750 } 2751 2752 2753 2754 static int 2755 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2756 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2757 hf_index, BER_CLASS_APP, 11, TRUE, dissect_ldap_LDAPResult); 2758 2759 return offset; 2760 } 2761 2762 2763 2764 static int 2765 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2766 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index); 2767 2768 return offset; 2769 } 2770 2771 2772 static const ber_sequence_t ModifyDNRequest_U_sequence[] = { 2773 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 2774 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN }, 2775 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 2776 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN }, 2777 { NULL, 0, 0, 0, NULL } 2778 }; 2779 2780 static int 2781 dissect_ldap_ModifyDNRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2782 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2783 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U); 2784 2785 return offset; 2786 } 2787 2788 2789 2790 static int 2791 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2792 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2793 hf_index, BER_CLASS_APP, 12, TRUE, dissect_ldap_ModifyDNRequest_U); 2794 2795 return offset; 2796 } 2797 2798 2799 2800 static int 2801 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2802 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2803 hf_index, BER_CLASS_APP, 13, TRUE, dissect_ldap_LDAPResult); 2804 2805 return offset; 2806 } 2807 2808 2809 static const ber_sequence_t CompareRequest_U_sequence[] = { 2810 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 2811 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion }, 2812 { NULL, 0, 0, 0, NULL } 2813 }; 2814 2815 static int 2816 dissect_ldap_CompareRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2817 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2818 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U); 2819 2820 return offset; 2821 } 2822 2823 2824 2825 static int 2826 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2827 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2828 hf_index, BER_CLASS_APP, 14, TRUE, dissect_ldap_CompareRequest_U); 2829 2830 return offset; 2831 } 2832 2833 2834 2835 static int 2836 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2837 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2838 hf_index, BER_CLASS_APP, 15, TRUE, dissect_ldap_LDAPResult); 2839 2840 return offset; 2841 } 2842 2843 2844 2845 static int 2846 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2847 #line 796 "./asn1/ldap/ldap.cnf" 2848 2849 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2850 hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID); 2851 2852 2853 ldap_do_protocolop(actx->pinfo); 2854 2855 2856 2857 return offset; 2858 } 2859 2860 2861 2862 static int 2863 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2864 #line 57 "./asn1/ldap/ldap.cnf" 2865 2866 tvbuff_t *parameter_tvb; 2867 const gchar *name; 2868 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data; 2869 2870 2871 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 2872 ¶meter_tvb); 2873 2874 #line 65 "./asn1/ldap/ldap.cnf" 2875 2876 object_identifier_id = NULL; 2877 2878 if (!parameter_tvb) 2879 return offset; 2880 2881 object_identifier_id = tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA); 2882 name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id); 2883 2884 if(name){ 2885 proto_item_append_text(actx->created_item, " (%s)", name); 2886 2887 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) { 2888 ldap_do_protocolop(actx->pinfo); 2889 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name); 2890 } 2891 } 2892 2893 /* Has the client requested the Start TLS operation? */ 2894 if (ldap_info && hf_index == hf_ldap_requestName && 2895 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) { 2896 /* remember we have asked to start_tls */ 2897 ldap_info->start_tls_pending = TRUE; 2898 } 2899 2900 2901 return offset; 2902 } 2903 2904 2905 2906 static int 2907 dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2908 #line 731 "./asn1/ldap/ldap.cnf" 2909 2910 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { 2911 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); 2912 } else { 2913 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 2914 NULL); 2915 2916 } 2917 2918 2919 2920 return offset; 2921 } 2922 2923 2924 static const ber_sequence_t ExtendedRequest_U_sequence[] = { 2925 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID }, 2926 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue }, 2927 { NULL, 0, 0, 0, NULL } 2928 }; 2929 2930 static int 2931 dissect_ldap_ExtendedRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2932 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 2933 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U); 2934 2935 return offset; 2936 } 2937 2938 2939 2940 static int 2941 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2942 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 2943 hf_index, BER_CLASS_APP, 23, TRUE, dissect_ldap_ExtendedRequest_U); 2944 2945 return offset; 2946 } 2947 2948 2949 static const value_string ldap_ExtendedResponse_resultCode_vals[] = { 2950 { 0, "success" }, 2951 { 1, "operationsError" }, 2952 { 2, "protocolError" }, 2953 { 3, "timeLimitExceeded" }, 2954 { 4, "sizeLimitExceeded" }, 2955 { 5, "compareFalse" }, 2956 { 6, "compareTrue" }, 2957 { 7, "authMethodNotSupported" }, 2958 { 8, "strongAuthRequired" }, 2959 { 10, "referral" }, 2960 { 11, "adminLimitExceeded" }, 2961 { 12, "unavailableCriticalExtension" }, 2962 { 13, "confidentialityRequired" }, 2963 { 14, "saslBindInProgress" }, 2964 { 16, "noSuchAttribute" }, 2965 { 17, "undefinedAttributeType" }, 2966 { 18, "inappropriateMatching" }, 2967 { 19, "constraintViolation" }, 2968 { 20, "attributeOrValueExists" }, 2969 { 21, "invalidAttributeSyntax" }, 2970 { 32, "noSuchObject" }, 2971 { 33, "aliasProblem" }, 2972 { 34, "invalidDNSyntax" }, 2973 { 36, "aliasDereferencingProblem" }, 2974 { 48, "inappropriateAuthentication" }, 2975 { 49, "invalidCredentials" }, 2976 { 50, "insufficientAccessRights" }, 2977 { 51, "busy" }, 2978 { 52, "unavailable" }, 2979 { 53, "unwillingToPerform" }, 2980 { 54, "loopDetect" }, 2981 { 64, "namingViolation" }, 2982 { 65, "objectClassViolation" }, 2983 { 66, "notAllowedOnNonLeaf" }, 2984 { 67, "notAllowedOnRDN" }, 2985 { 68, "entryAlreadyExists" }, 2986 { 69, "objectClassModsProhibited" }, 2987 { 71, "affectsMultipleDSAs" }, 2988 { 80, "other" }, 2989 { 118, "canceled" }, 2990 { 119, "noSuchOperation" }, 2991 { 120, "tooLate" }, 2992 { 121, "cannotCancel" }, 2993 { 0, NULL } 2994 }; 2995 2996 2997 static int 2998 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 2999 #line 436 "./asn1/ldap/ldap.cnf" 3000 guint32 resultCode; 3001 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data; 3002 3003 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 3004 &resultCode); 3005 /* If Start TLS request was sent and resultCode is success... */ 3006 if (ldap_info && ldap_info->start_tls_pending && 3007 hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) { 3008 /* The conversation will continue using SSL */ 3009 ssl_starttls_ack(find_dissector("tls"), actx->pinfo, ldap_handle); 3010 ldap_info->start_tls_pending = FALSE; 3011 } 3012 3013 3014 3015 3016 return offset; 3017 } 3018 3019 3020 3021 static int 3022 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3023 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index); 3024 3025 return offset; 3026 } 3027 3028 3029 3030 static int 3031 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3032 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 3033 NULL); 3034 3035 return offset; 3036 } 3037 3038 3039 static const ber_sequence_t ExtendedResponse_U_sequence[] = { 3040 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode }, 3041 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN }, 3042 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage }, 3043 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral }, 3044 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName }, 3045 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, 3046 { NULL, 0, 0, 0, NULL } 3047 }; 3048 3049 static int 3050 dissect_ldap_ExtendedResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3051 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3052 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U); 3053 3054 return offset; 3055 } 3056 3057 3058 3059 static int 3060 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3061 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 3062 hf_index, BER_CLASS_APP, 24, TRUE, dissect_ldap_ExtendedResponse_U); 3063 3064 return offset; 3065 } 3066 3067 3068 3069 static int 3070 dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3071 #line 739 "./asn1/ldap/ldap.cnf" 3072 3073 const gchar *name; 3074 3075 3076 #line 743 "./asn1/ldap/ldap.cnf" 3077 if(ldm_tree && object_identifier_id) { 3078 proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id); 3079 name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id); 3080 if(name) 3081 proto_item_append_text(ldm_tree, " (%s)", name); 3082 } 3083 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { 3084 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); 3085 } else { 3086 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 3087 NULL); 3088 3089 } 3090 3091 3092 3093 return offset; 3094 } 3095 3096 3097 static const ber_sequence_t IntermediateResponse_U_sequence[] = { 3098 { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName }, 3099 { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue }, 3100 { NULL, 0, 0, 0, NULL } 3101 }; 3102 3103 static int 3104 dissect_ldap_IntermediateResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3105 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3106 IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U); 3107 3108 return offset; 3109 } 3110 3111 3112 3113 static int 3114 dissect_ldap_IntermediateResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3115 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 3116 hf_index, BER_CLASS_APP, 25, TRUE, dissect_ldap_IntermediateResponse_U); 3117 3118 return offset; 3119 } 3120 3121 3122 static const value_string ldap_ProtocolOp_vals[] = { 3123 { 0, "bindRequest" }, 3124 { 1, "bindResponse" }, 3125 { 2, "unbindRequest" }, 3126 { 3, "searchRequest" }, 3127 { 4, "searchResEntry" }, 3128 { 5, "searchResDone" }, 3129 { 19, "searchResRef" }, 3130 { 6, "modifyRequest" }, 3131 { 7, "modifyResponse" }, 3132 { 8, "addRequest" }, 3133 { 9, "addResponse" }, 3134 { 10, "delRequest" }, 3135 { 11, "delResponse" }, 3136 { 12, "modDNRequest" }, 3137 { 13, "modDNResponse" }, 3138 { 14, "compareRequest" }, 3139 { 15, "compareResponse" }, 3140 { 16, "abandonRequest" }, 3141 { 23, "extendedReq" }, 3142 { 24, "extendedResp" }, 3143 { 25, "intermediateResponse" }, 3144 { 0, NULL } 3145 }; 3146 3147 static const ber_choice_t ProtocolOp_choice[] = { 3148 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest }, 3149 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse }, 3150 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest }, 3151 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest }, 3152 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry }, 3153 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone }, 3154 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference }, 3155 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest }, 3156 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse }, 3157 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest }, 3158 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse }, 3159 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest }, 3160 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse }, 3161 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest }, 3162 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse }, 3163 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest }, 3164 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse }, 3165 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest }, 3166 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest }, 3167 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse }, 3168 { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse }, 3169 { 0, NULL, 0, 0, 0, NULL } 3170 }; 3171 3172 static int 3173 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3174 #line 99 "./asn1/ldap/ldap.cnf" 3175 3176 ldap_call_response_t *lcrp; 3177 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data; 3178 do_protocolop = TRUE; 3179 3180 3181 offset = dissect_ber_choice(actx, tree, tvb, offset, 3182 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp, 3183 &ProtocolOp); 3184 3185 #line 105 "./asn1/ldap/ldap.cnf" 3186 3187 if (ProtocolOp == -1) { 3188 return offset; 3189 } 3190 3191 /* ProtocolOp is the index, not the tag so convert it to the tag value */ 3192 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value; 3193 3194 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info); 3195 if(lcrp){ 3196 tap_queue_packet(ldap_tap, actx->pinfo, lcrp); 3197 } 3198 3199 /* XXX: the count will not work if the results span multiple TCP packets */ 3200 3201 if(ldap_info) { /* only count once */ 3202 switch(ProtocolOp) { 3203 3204 case LDAP_RES_SEARCH_ENTRY: 3205 if (!actx->pinfo->fd->visited) 3206 ldap_info->num_results++; 3207 3208 proto_item_append_text(tree, " [%d result%s]", 3209 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s"); 3210 3211 break; 3212 3213 case LDAP_RES_SEARCH_RESULT: 3214 3215 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]", 3216 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s"); 3217 3218 proto_item_append_text(tree, " [%d result%s]", 3219 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s"); 3220 3221 break; 3222 default: 3223 break; 3224 } 3225 } 3226 3227 3228 3229 return offset; 3230 } 3231 3232 3233 3234 static int 3235 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3236 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index); 3237 3238 return offset; 3239 } 3240 3241 3242 3243 static int 3244 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3245 #line 712 "./asn1/ldap/ldap.cnf" 3246 gint8 ber_class; 3247 gboolean pc, ind; 3248 gint32 tag; 3249 guint32 len; 3250 3251 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { 3252 /* remove the OCTET STRING encoding */ 3253 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag); 3254 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind); 3255 3256 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL); 3257 3258 offset += len; 3259 } else { 3260 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 3261 NULL); 3262 3263 } 3264 3265 3266 3267 3268 return offset; 3269 } 3270 3271 3272 static const ber_sequence_t Control_sequence[] = { 3273 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType }, 3274 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 3275 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue }, 3276 { NULL, 0, 0, 0, NULL } 3277 }; 3278 3279 static int 3280 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3281 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3282 Control_sequence, hf_index, ett_ldap_Control); 3283 3284 return offset; 3285 } 3286 3287 3288 static const ber_sequence_t Controls_sequence_of[1] = { 3289 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control }, 3290 }; 3291 3292 static int 3293 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3294 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 3295 Controls_sequence_of, hf_index, ett_ldap_Controls); 3296 3297 return offset; 3298 } 3299 3300 3301 static const ber_sequence_t LDAPMessage_sequence[] = { 3302 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID }, 3303 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp }, 3304 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls }, 3305 { NULL, 0, 0, 0, NULL } 3306 }; 3307 3308 static int 3309 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3310 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3311 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage); 3312 3313 return offset; 3314 } 3315 3316 3317 3318 3319 3320 static int 3321 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3322 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 3323 NULL); 3324 3325 return offset; 3326 } 3327 3328 3329 static const ber_sequence_t SearchControlValue_sequence[] = { 3330 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER }, 3331 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3332 { NULL, 0, 0, 0, NULL } 3333 }; 3334 3335 static int 3336 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3337 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3338 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue); 3339 3340 return offset; 3341 } 3342 3343 3344 static const ber_sequence_t SortKeyList_item_sequence[] = { 3345 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription }, 3346 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId }, 3347 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN }, 3348 { NULL, 0, 0, 0, NULL } 3349 }; 3350 3351 static int 3352 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3353 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3354 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item); 3355 3356 return offset; 3357 } 3358 3359 3360 static const ber_sequence_t SortKeyList_sequence_of[1] = { 3361 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item }, 3362 }; 3363 3364 static int 3365 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3366 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 3367 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList); 3368 3369 return offset; 3370 } 3371 3372 3373 static const value_string ldap_T_sortResult_vals[] = { 3374 { 0, "success" }, 3375 { 1, "operationsError" }, 3376 { 3, "timeLimitExceeded" }, 3377 { 8, "strongAuthRequired" }, 3378 { 11, "adminLimitExceeded" }, 3379 { 16, "noSuchAttribute" }, 3380 { 18, "inappropriateMatching" }, 3381 { 50, "insufficientAccessRights" }, 3382 { 51, "busy" }, 3383 { 53, "unwillingToPerform" }, 3384 { 80, "other" }, 3385 { 0, NULL } 3386 }; 3387 3388 3389 static int 3390 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3391 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 3392 NULL); 3393 3394 return offset; 3395 } 3396 3397 3398 static const ber_sequence_t SortResult_sequence[] = { 3399 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult }, 3400 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription }, 3401 { NULL, 0, 0, 0, NULL } 3402 }; 3403 3404 static int 3405 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3406 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3407 SortResult_sequence, hf_index, ett_ldap_SortResult); 3408 3409 return offset; 3410 } 3411 3412 3413 3414 static int 3415 dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3416 #line 756 "./asn1/ldap/ldap.cnf" 3417 gint8 ber_class; 3418 gboolean pc; 3419 gint32 tag; 3420 guint32 len; 3421 gint32 val; 3422 3423 int otheroffset = offset; 3424 if(!implicit_tag){ 3425 dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag); 3426 otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); 3427 } else { 3428 gint32 remaining=tvb_reported_length_remaining(tvb, offset); 3429 len=remaining>0 ? remaining : 0; 3430 } 3431 3432 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val); 3433 3434 if (val >0) { 3435 static int * const flags[] = { 3436 &hf_ldap_object_security_flag, 3437 &hf_ldap_ancestor_first_flag, 3438 &hf_ldap_public_data_only_flag, 3439 &hf_ldap_incremental_value_flag, 3440 NULL 3441 }; 3442 3443 proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index, 3444 ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND); 3445 } else { 3446 proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0); 3447 } 3448 3449 3450 3451 return offset; 3452 } 3453 3454 3455 static const ber_sequence_t DirSyncControlValue_sequence[] = { 3456 { &hf_ldap_flags , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_DirSyncFlags }, 3457 { &hf_ldap_maxBytes , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER }, 3458 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3459 { NULL, 0, 0, 0, NULL } 3460 }; 3461 3462 static int 3463 dissect_ldap_DirSyncControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3464 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3465 DirSyncControlValue_sequence, hf_index, ett_ldap_DirSyncControlValue); 3466 3467 return offset; 3468 } 3469 3470 3471 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = { 3472 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, 3473 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, 3474 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, 3475 { NULL, 0, 0, 0, NULL } 3476 }; 3477 3478 static int 3479 dissect_ldap_PasswdModifyRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3480 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3481 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue); 3482 3483 return offset; 3484 } 3485 3486 3487 static const ber_sequence_t CancelRequestValue_sequence[] = { 3488 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID }, 3489 { NULL, 0, 0, 0, NULL } 3490 }; 3491 3492 static int 3493 dissect_ldap_CancelRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3494 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3495 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue); 3496 3497 return offset; 3498 } 3499 3500 3501 static const value_string ldap_T_mode_vals[] = { 3502 { 1, "refreshOnly" }, 3503 { 3, "refreshAndPersist" }, 3504 { 0, NULL } 3505 }; 3506 3507 3508 static int 3509 dissect_ldap_T_mode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3510 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 3511 NULL); 3512 3513 return offset; 3514 } 3515 3516 3517 static const ber_sequence_t SyncRequestValue_sequence[] = { 3518 { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode }, 3519 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3520 { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 3521 { NULL, 0, 0, 0, NULL } 3522 }; 3523 3524 static int 3525 dissect_ldap_SyncRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3526 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3527 SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue); 3528 3529 return offset; 3530 } 3531 3532 3533 static const value_string ldap_T_state_vals[] = { 3534 { 0, "present" }, 3535 { 1, "add" }, 3536 { 2, "modify" }, 3537 { 3, "delete" }, 3538 { 0, NULL } 3539 }; 3540 3541 3542 static int 3543 dissect_ldap_T_state(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3544 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 3545 NULL); 3546 3547 return offset; 3548 } 3549 3550 3551 3552 static int 3553 dissect_ldap_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3554 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 3555 NULL); 3556 3557 return offset; 3558 } 3559 3560 3561 static const ber_sequence_t SyncStateValue_sequence[] = { 3562 { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state }, 3563 { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID }, 3564 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3565 { NULL, 0, 0, 0, NULL } 3566 }; 3567 3568 static int 3569 dissect_ldap_SyncStateValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3570 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3571 SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue); 3572 3573 return offset; 3574 } 3575 3576 3577 static const ber_sequence_t SyncDoneValue_sequence[] = { 3578 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3579 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 3580 { NULL, 0, 0, 0, NULL } 3581 }; 3582 3583 static int 3584 dissect_ldap_SyncDoneValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3585 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3586 SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue); 3587 3588 return offset; 3589 } 3590 3591 3592 static const ber_sequence_t T_refreshDelete_sequence[] = { 3593 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3594 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 3595 { NULL, 0, 0, 0, NULL } 3596 }; 3597 3598 static int 3599 dissect_ldap_T_refreshDelete(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3600 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3601 T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete); 3602 3603 return offset; 3604 } 3605 3606 3607 static const ber_sequence_t T_refreshPresent_sequence[] = { 3608 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3609 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 3610 { NULL, 0, 0, 0, NULL } 3611 }; 3612 3613 static int 3614 dissect_ldap_T_refreshPresent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3615 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3616 T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent); 3617 3618 return offset; 3619 } 3620 3621 3622 static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = { 3623 { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID }, 3624 }; 3625 3626 static int 3627 dissect_ldap_SET_OF_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3628 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, 3629 SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID); 3630 3631 return offset; 3632 } 3633 3634 3635 static const ber_sequence_t T_syncIdSet_sequence[] = { 3636 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING }, 3637 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN }, 3638 { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID }, 3639 { NULL, 0, 0, 0, NULL } 3640 }; 3641 3642 static int 3643 dissect_ldap_T_syncIdSet(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3644 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3645 T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet); 3646 3647 return offset; 3648 } 3649 3650 3651 static const value_string ldap_SyncInfoValue_vals[] = { 3652 { 0, "newcookie" }, 3653 { 1, "refreshDelete" }, 3654 { 2, "refreshPresent" }, 3655 { 3, "syncIdSet" }, 3656 { 0, NULL } 3657 }; 3658 3659 static const ber_choice_t SyncInfoValue_choice[] = { 3660 { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING }, 3661 { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete }, 3662 { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent }, 3663 { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet }, 3664 { 0, NULL, 0, 0, 0, NULL } 3665 }; 3666 3667 static int 3668 dissect_ldap_SyncInfoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3669 offset = dissect_ber_choice(actx, tree, tvb, offset, 3670 SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue, 3671 NULL); 3672 3673 return offset; 3674 } 3675 3676 3677 static const value_string ldap_T_warning_vals[] = { 3678 { 0, "timeBeforeExpiration" }, 3679 { 1, "graceAuthNsRemaining" }, 3680 { 0, NULL } 3681 }; 3682 3683 static const ber_choice_t T_warning_choice[] = { 3684 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt }, 3685 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt }, 3686 { 0, NULL, 0, 0, 0, NULL } 3687 }; 3688 3689 static int 3690 dissect_ldap_T_warning(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3691 offset = dissect_ber_choice(actx, tree, tvb, offset, 3692 T_warning_choice, hf_index, ett_ldap_T_warning, 3693 NULL); 3694 3695 return offset; 3696 } 3697 3698 3699 static const value_string ldap_T_error_vals[] = { 3700 { 0, "passwordExpired" }, 3701 { 1, "accountLocked" }, 3702 { 2, "changeAfterReset" }, 3703 { 3, "passwordModNotAllowed" }, 3704 { 4, "mustSupplyOldPassword" }, 3705 { 5, "insufficientPasswordQuality" }, 3706 { 6, "passwordTooShort" }, 3707 { 7, "passwordTooYoung" }, 3708 { 8, "passwordInHistory" }, 3709 { 0, NULL } 3710 }; 3711 3712 3713 static int 3714 dissect_ldap_T_error(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3715 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 3716 NULL); 3717 3718 return offset; 3719 } 3720 3721 3722 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = { 3723 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning }, 3724 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error }, 3725 { NULL, 0, 0, 0, NULL } 3726 }; 3727 3728 static int 3729 dissect_ldap_PasswordPolicyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 3730 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 3731 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue); 3732 3733 return offset; 3734 } 3735 3736 /*--- PDUs ---*/ 3737 3738 static int dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3739 int offset = 0; 3740 asn1_ctx_t asn1_ctx; 3741 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3742 offset = dissect_ldap_SearchControlValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU); 3743 return offset; 3744 } 3745 static int dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3746 int offset = 0; 3747 asn1_ctx_t asn1_ctx; 3748 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3749 offset = dissect_ldap_SortKeyList(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU); 3750 return offset; 3751 } 3752 static int dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3753 int offset = 0; 3754 asn1_ctx_t asn1_ctx; 3755 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3756 offset = dissect_ldap_SortResult(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SortResult_PDU); 3757 return offset; 3758 } 3759 static int dissect_DirSyncControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3760 int offset = 0; 3761 asn1_ctx_t asn1_ctx; 3762 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3763 offset = dissect_ldap_DirSyncControlValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_DirSyncControlValue_PDU); 3764 return offset; 3765 } 3766 static int dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3767 int offset = 0; 3768 asn1_ctx_t asn1_ctx; 3769 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3770 offset = dissect_ldap_PasswdModifyRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU); 3771 return offset; 3772 } 3773 static int dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3774 int offset = 0; 3775 asn1_ctx_t asn1_ctx; 3776 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3777 offset = dissect_ldap_CancelRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU); 3778 return offset; 3779 } 3780 static int dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3781 int offset = 0; 3782 asn1_ctx_t asn1_ctx; 3783 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3784 offset = dissect_ldap_SyncRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU); 3785 return offset; 3786 } 3787 static int dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3788 int offset = 0; 3789 asn1_ctx_t asn1_ctx; 3790 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3791 offset = dissect_ldap_SyncStateValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU); 3792 return offset; 3793 } 3794 static int dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3795 int offset = 0; 3796 asn1_ctx_t asn1_ctx; 3797 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3798 offset = dissect_ldap_SyncDoneValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU); 3799 return offset; 3800 } 3801 static int dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3802 int offset = 0; 3803 asn1_ctx_t asn1_ctx; 3804 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3805 offset = dissect_ldap_SyncInfoValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU); 3806 return offset; 3807 } 3808 static int dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) { 3809 int offset = 0; 3810 asn1_ctx_t asn1_ctx; 3811 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3812 offset = dissect_ldap_PasswordPolicyResponseValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU); 3813 return offset; 3814 } 3815 3816 3817 /*--- End of included file: packet-ldap-fn.c ---*/ 3818 #line 909 "./asn1/ldap/packet-ldap-template.c" 3819 static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) { 3820 3821 int offset = 0; 3822 asn1_ctx_t asn1_ctx; 3823 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 3824 3825 asn1_ctx.private_data = ldap_info; 3826 offset = dissect_ldap_LDAPMessage(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU); 3827 return offset; 3828 } 3829 3830 static void 3831 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo, 3832 proto_tree *tree, ldap_conv_info_t *ldap_info, 3833 gboolean is_mscldap) 3834 { 3835 int offset = 0; 3836 guint length_remaining; 3837 guint msg_len = 0; 3838 int messageOffset = 0; 3839 guint headerLength = 0; 3840 guint length = 0; 3841 tvbuff_t *msg_tvb = NULL; 3842 gint8 ber_class; 3843 gboolean pc, ind = 0; 3844 gint32 ber_tag; 3845 3846 attributedesc_string=NULL; 3847 3848 3849 one_more_pdu: 3850 3851 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset); 3852 3853 if (length_remaining < 6) return; 3854 3855 /* 3856 * OK, try to read the "Sequence Of" header; this gets the total 3857 * length of the LDAP message. 3858 */ 3859 messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag); 3860 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind); 3861 3862 /* sanity check */ 3863 if((msg_len<4) || (msg_len>10000000)) return; 3864 3865 if ( (ber_class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) { 3866 /* 3867 * Add the length of the "Sequence Of" header to the message 3868 * length. 3869 */ 3870 headerLength = messageOffset - offset; 3871 msg_len += headerLength; 3872 if (msg_len < headerLength) { 3873 /* 3874 * The message length was probably so large that the total length 3875 * overflowed. 3876 * 3877 * Report this as an error. 3878 */ 3879 show_reported_bounds_error(tvb, pinfo, tree); 3880 return; 3881 } 3882 } else { 3883 /* 3884 * We couldn't parse the header; just make it the amount of data 3885 * remaining in the tvbuff, so we'll give up on this segment 3886 * after attempting to parse the message - there's nothing more 3887 * we can do. "dissect_ldap_message()" will display the error. 3888 */ 3889 msg_len = length_remaining; 3890 } 3891 3892 /* 3893 * Construct a tvbuff containing the amount of the payload we have 3894 * available. Make its reported length the amount of data in the 3895 * LDAP message. 3896 * 3897 * XXX - if reassembly isn't enabled. the subdissector will throw a 3898 * BoundsError exception, rather than a ReportedBoundsError exception. 3899 * We really want a tvbuff where the length is "length", the reported 3900 * length is "plen", and the "if the snapshot length were infinite" 3901 * length is the minimum of the reported length of the tvbuff handed 3902 * to us and "plen", with a new type of exception thrown if the offset 3903 * is within the reported length but beyond that third length, with 3904 * that exception getting the "Unreassembled Packet" error. 3905 */ 3906 length = length_remaining; 3907 if (length > msg_len) length = msg_len; 3908 msg_tvb = tvb_new_subset_length_caplen(tvb, offset, length, msg_len); 3909 3910 /* 3911 * Now dissect the LDAP message. 3912 */ 3913 ldap_info->is_mscldap = is_mscldap; 3914 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree, ldap_info); 3915 3916 offset += msg_len; 3917 3918 /* If this was a sasl blob there might be another PDU following in the 3919 * same blob 3920 */ 3921 if(tvb_reported_length_remaining(tvb, offset)>=6){ 3922 tvb = tvb_new_subset_remaining(tvb, offset); 3923 offset = 0; 3924 3925 goto one_more_pdu; 3926 } 3927 3928 } 3929 3930 static void 3931 ldap_frame_end(void) 3932 { 3933 ldap_found_in_frame = FALSE; 3934 attr_type = NULL; 3935 ldapvalue_string = NULL; 3936 /* ? */ 3937 attributedesc_string = NULL; 3938 Filter_string = NULL; 3939 and_filter_string = NULL; 3940 object_identifier_id = NULL; 3941 or_filter_string = NULL; 3942 3943 substring_item_any = NULL; 3944 substring_item_final = NULL; 3945 substring_item_init = NULL; 3946 substring_value = NULL; 3947 3948 ldm_tree = NULL; 3949 3950 Filter_elements = 0; 3951 Filter_length = 0; 3952 do_protocolop = FALSE; 3953 result = 0; 3954 3955 /* seems to be ok, but reset just in case */ 3956 matching_rule_string = NULL; 3957 } 3958 3959 static void 3960 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap) 3961 { 3962 int offset = 0; 3963 conversation_t *conversation; 3964 gboolean doing_sasl_security = FALSE; 3965 guint length_remaining; 3966 ldap_conv_info_t *ldap_info = NULL; 3967 proto_item *ldap_item = NULL; 3968 proto_tree *ldap_tree = NULL; 3969 3970 ldm_tree = NULL; 3971 3972 conversation = find_or_create_conversation(pinfo); 3973 3974 /* 3975 * Do we already have a type and mechanism? 3976 */ 3977 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap); 3978 if (ldap_info == NULL) { 3979 /* No. Attach that information to the conversation, and add 3980 * it to the list of information structures. 3981 */ 3982 ldap_info = wmem_new0(wmem_file_scope(), ldap_conv_info_t); 3983 ldap_info->matched=wmem_map_new(wmem_file_scope(), ldap_info_hash_matched, ldap_info_equal_matched); 3984 ldap_info->unmatched=wmem_map_new(wmem_file_scope(), ldap_info_hash_unmatched, ldap_info_equal_unmatched); 3985 3986 conversation_add_proto_data(conversation, proto_ldap, ldap_info); 3987 } 3988 3989 switch (ldap_info->auth_type) { 3990 case LDAP_AUTH_SASL: 3991 /* 3992 * It's SASL; are we using a security layer? 3993 */ 3994 if (ldap_info->first_auth_frame != 0 && 3995 pinfo->num >= ldap_info->first_auth_frame) { 3996 doing_sasl_security = TRUE; /* yes */ 3997 } 3998 } 3999 4000 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset); 4001 4002 /* It might still be a packet containing a SASL security layer 4003 * but it's just that we never saw the BIND packet. 4004 * check if it looks like it could be a SASL blob here 4005 * and in that case just assume it is GSS-SPNEGO 4006 */ 4007 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5)) 4008 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4)) 4009 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){ 4010 ldap_info->auth_type=LDAP_AUTH_SASL; 4011 ldap_info->first_auth_frame=pinfo->num; 4012 ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO"); 4013 doing_sasl_security=TRUE; 4014 } 4015 4016 /* 4017 * This is the first PDU, set the Protocol column and clear the 4018 * Info column. 4019 */ 4020 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto); 4021 4022 if(ldap_found_in_frame) { 4023 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */ 4024 col_append_str(pinfo->cinfo, COL_INFO, " | "); 4025 col_set_fence(pinfo->cinfo, COL_INFO); 4026 } else { 4027 col_clear(pinfo->cinfo, COL_INFO); 4028 register_frame_end_routine (pinfo, ldap_frame_end); 4029 ldap_found_in_frame = TRUE; 4030 } 4031 4032 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA); 4033 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap); 4034 4035 /* 4036 * Might we be doing a SASL security layer and, if so, *are* we doing 4037 * one? 4038 * 4039 * Just because we've seen a bind reply for SASL, that doesn't mean 4040 * that we're using a SASL security layer; I've seen captures in 4041 * which some SASL negotiations lead to a security layer being used 4042 * and other negotiations don't, and it's not obvious what's different 4043 * in the two negotiations. Therefore, we assume that if the first 4044 * byte is 0, it's a length for a SASL security layer (that way, we 4045 * never reassemble more than 16 megabytes, protecting us from 4046 * chewing up *too* much memory), and otherwise that it's an LDAP 4047 * message (actually, if it's an LDAP message it should begin with 0x30, 4048 * but we want to parse garbage as LDAP messages rather than really 4049 * huge lengths). 4050 */ 4051 4052 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) { 4053 proto_tree *sasl_tree; 4054 tvbuff_t *sasl_tvb; 4055 guint sasl_len, sasl_msg_len, length; 4056 /* 4057 * Yes. The frame begins with a 4-byte big-endian length. 4058 * And we know we have at least 6 bytes 4059 */ 4060 4061 /* 4062 * Get the SASL length, which is the length of data in the buffer 4063 * following the length (i.e., it's 4 less than the total length). 4064 * 4065 * XXX - do we need to reassemble buffers? For now, we 4066 * assume that each LDAP message is entirely contained within 4067 * a buffer. 4068 */ 4069 sasl_len = tvb_get_ntohl(tvb, offset); 4070 sasl_msg_len = sasl_len + 4; 4071 if (sasl_msg_len < 4) { 4072 /* 4073 * The message length was probably so large that the total length 4074 * overflowed. 4075 * 4076 * Report this as an error. 4077 */ 4078 show_reported_bounds_error(tvb, pinfo, tree); 4079 return; 4080 } 4081 4082 /* 4083 * Construct a tvbuff containing the amount of the payload we have 4084 * available. Make its reported length the amount of data in the PDU. 4085 * 4086 * XXX - if reassembly isn't enabled. the subdissector will throw a 4087 * BoundsError exception, rather than a ReportedBoundsError exception. 4088 * We really want a tvbuff where the length is "length", the reported 4089 * length is "plen", and the "if the snapshot length were infinite" 4090 * length is the minimum of the reported length of the tvbuff handed 4091 * to us and "plen", with a new type of exception thrown if the offset 4092 * is within the reported length but beyond that third length, with 4093 * that exception getting the "Unreassembled Packet" error. 4094 */ 4095 length = length_remaining; 4096 if (length > sasl_msg_len) length = sasl_msg_len; 4097 sasl_tvb = tvb_new_subset_length_caplen(tvb, offset, length, sasl_msg_len); 4098 4099 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, sasl_len); 4100 4101 sasl_tree = proto_tree_add_subtree(ldap_tree, sasl_tvb, 4, sasl_msg_len - 4, ett_ldap_sasl_blob, NULL, "SASL Buffer"); 4102 4103 if (ldap_info->auth_mech != NULL && 4104 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) || 4105 /* auth_mech may have been set from the bind */ 4106 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) { 4107 tvbuff_t *gssapi_tvb = NULL; 4108 int ver_len; 4109 int tmp_length; 4110 gssapi_encrypt_info_t gssapi_encrypt; 4111 4112 /* 4113 * This is GSS-API (using SPNEGO, but we should be done with 4114 * the negotiation by now). 4115 * 4116 * Dissect the GSS_Wrap() token; it'll return the length of 4117 * the token, from which we compute the offset in the tvbuff at 4118 * which the plaintext data, i.e. the LDAP message, begins. 4119 */ 4120 tmp_length = tvb_reported_length_remaining(sasl_tvb, 4); 4121 if ((guint)tmp_length > sasl_len) 4122 tmp_length = sasl_len; 4123 gssapi_tvb = tvb_new_subset_length_caplen(sasl_tvb, 4, tmp_length, sasl_len); 4124 4125 /* Attempt decryption of the GSSAPI wrapped data if possible */ 4126 memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt)); 4127 gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; 4128 ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree, &gssapi_encrypt); 4129 /* 4130 * If ver_len is 0, it probably means that we got a PDU that is not 4131 * aligned to the start of the segment. 4132 */ 4133 if(ver_len==0){ 4134 return; 4135 } 4136 if (gssapi_encrypt.gssapi_decrypted_tvb) { 4137 tvbuff_t *decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb; 4138 proto_tree *enc_tree = NULL; 4139 4140 /* 4141 * The LDAP payload (blob) was encrypted and we were able to decrypt it. 4142 * The data was signed via a MIC token, sealed (encrypted), and "wrapped" 4143 * within the mechanism's "blob." Call dissect_ldap_payload to dissect 4144 * one or more LDAPMessages such as searchRequest messages within this 4145 * payload. 4146 */ 4147 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): "); 4148 4149 if (sasl_tree) { 4150 guint decr_len = tvb_reported_length(decr_tvb); 4151 4152 enc_tree = proto_tree_add_subtree_format(sasl_tree, decr_tvb, 0, -1, 4153 ett_ldap_payload, NULL, "GSS-API Encrypted payload (%d byte%s)", 4154 decr_len, plurality(decr_len, "", "s")); 4155 } 4156 4157 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap); 4158 } 4159 else if (gssapi_encrypt.gssapi_data_encrypted) { 4160 /* 4161 * The LDAP message was encrypted but couldn't be decrypted so just display the 4162 * encrypted data all of which is found in Packet Bytes. 4163 */ 4164 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)", 4165 sasl_len-ver_len, plurality(sasl_len-ver_len, "", "s")); 4166 4167 proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA); 4168 } 4169 else { 4170 tvbuff_t *plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len); 4171 proto_tree *plain_tree = NULL; 4172 4173 /* 4174 * The payload was not encrypted (sealed) but was signed via a MIC token. 4175 * If krb5_tok_id == KRB_TOKEN_CFX_WRAP, the payload was wrapped within 4176 * the mechanism's blob. Call dissect_ldap_payload to dissect one or more 4177 * LDAPMessages within the payload. 4178 */ 4179 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: "); 4180 4181 if (sasl_tree) { 4182 guint plain_len = tvb_reported_length(plain_tvb); 4183 4184 plain_tree = proto_tree_add_subtree_format(sasl_tree, plain_tvb, 0, -1, 4185 ett_ldap_payload, NULL, "GSS-API payload (%d byte%s)", 4186 plain_len, plurality(plain_len, "", "s")); 4187 } 4188 4189 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap); 4190 } 4191 } 4192 } else { 4193 /* 4194 * The LDAP packet does not contain a SASL security layer. Such messages are typically sent 4195 * prior to the LDAP "bind" negotiation exchange which establishes the "context" of the session. 4196 * This means the data could neither be "signed" (no data origin auth or data integrity 4197 * check) nor "sealed" (encrypted). 4198 */ 4199 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap); 4200 } 4201 } 4202 4203 /* 4204 * prepend_dot is no longer used, but is being left in place in order to 4205 * maintain ABI compatibility. 4206 */ 4207 int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int max_len, gboolean prepend_dot _U_) 4208 { 4209 int compr_len; 4210 const gchar *name; 4211 guint name_len; 4212 4213 /* The name data MUST start at offset 0 of the tvb */ 4214 compr_len = get_dns_name(tvb, offset, max_len, 0, &name, &name_len); 4215 (void) g_strlcpy(str, name, max_len); 4216 return offset + compr_len; 4217 } 4218 4219 4220 /* These are the cldap DC flags 4221 http://msdn.microsoft.com/en-us/library/cc201036.aspx 4222 */ 4223 static const true_false_string tfs_ads_pdc = { 4224 "This is a PDC", 4225 "This is NOT a pdc" 4226 }; 4227 static const true_false_string tfs_ads_gc = { 4228 "This is a GLOBAL CATALOGUE of forest", 4229 "This is NOT a global catalog of forest" 4230 }; 4231 static const true_false_string tfs_ads_ldap = { 4232 "This is an LDAP server", 4233 "This is NOT an ldap server" 4234 }; 4235 static const true_false_string tfs_ads_ds = { 4236 "This dc supports DS", 4237 "This dc does NOT support ds" 4238 }; 4239 static const true_false_string tfs_ads_kdc = { 4240 "This is a KDC (kerberos)", 4241 "This is NOT a kdc (kerberos)" 4242 }; 4243 static const true_false_string tfs_ads_timeserv = { 4244 "This dc is running TIME SERVICES (ntp)", 4245 "This dc is NOT running time services (ntp)" 4246 }; 4247 static const true_false_string tfs_ads_closest = { 4248 "This server is in the same site as the client", 4249 "This server is NOT in the same site as the client" 4250 }; 4251 static const true_false_string tfs_ads_writable = { 4252 "This dc is WRITABLE", 4253 "This dc is NOT writable" 4254 }; 4255 static const true_false_string tfs_ads_good_timeserv = { 4256 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)", 4257 "This dc does NOT have a good time service (i.e. no hardware clock)" 4258 }; 4259 static const true_false_string tfs_ads_ndnc = { 4260 "Domain is NON-DOMAIN NC serviced by ldap server", 4261 "Domain is NOT non-domain nc serviced by ldap server" 4262 }; 4263 static const true_false_string tfs_ads_rodc = { 4264 "Domain controller is a Windows 2008 RODC", 4265 "Domain controller is not a Windows 2008 RODC" 4266 }; 4267 static const true_false_string tfs_ads_wdc = { 4268 "Domain controller is a Windows 2008 writable NC", 4269 "Domain controller is not a Windows 2008 writable NC" 4270 }; 4271 static const true_false_string tfs_ads_dns = { 4272 "Server name is in DNS format (Windows 2008)", 4273 "Server name is not in DNS format (Windows 2008)" 4274 }; 4275 static const true_false_string tfs_ads_dnc = { 4276 "The NC is the default NC (Windows 2008)", 4277 "The NC is not the default NC (Windows 2008)" 4278 }; 4279 static const true_false_string tfs_ads_fnc = { 4280 "The NC is the default forest NC(Windows 2008)", 4281 "The NC is not the default forest NC (Windows 2008)" 4282 }; 4283 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset) 4284 { 4285 static int * const flags[] = { 4286 &hf_mscldap_netlogon_flags_fnc, 4287 &hf_mscldap_netlogon_flags_dnc, 4288 &hf_mscldap_netlogon_flags_dns, 4289 &hf_mscldap_netlogon_flags_wdc, 4290 &hf_mscldap_netlogon_flags_rodc, 4291 &hf_mscldap_netlogon_flags_ndnc, 4292 &hf_mscldap_netlogon_flags_good_timeserv, 4293 &hf_mscldap_netlogon_flags_writable, 4294 &hf_mscldap_netlogon_flags_closest, 4295 &hf_mscldap_netlogon_flags_timeserv, 4296 &hf_mscldap_netlogon_flags_kdc, 4297 &hf_mscldap_netlogon_flags_ds, 4298 &hf_mscldap_netlogon_flags_ldap, 4299 &hf_mscldap_netlogon_flags_gc, 4300 &hf_mscldap_netlogon_flags_pdc, 4301 NULL 4302 }; 4303 4304 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_netlogon_flags, 4305 ett_mscldap_netlogon_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE); 4306 offset += 4; 4307 4308 return offset; 4309 } 4310 4311 static int dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_) 4312 { 4313 int old_offset, offset=0; 4314 char str[256]; 4315 guint16 itype; 4316 guint16 len; 4317 guint32 version; 4318 int fn_len; 4319 proto_item *item; 4320 4321 ldm_tree = NULL; 4322 4323 4324 /* Get the length of the buffer */ 4325 len=tvb_reported_length_remaining(tvb,offset); 4326 4327 /* check the len if it is to small return */ 4328 if (len < 10) 4329 return tvb_captured_length(tvb); 4330 4331 /* Type */ 4332 proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4333 itype = tvb_get_letohs(tvb, offset); 4334 offset += 2; 4335 4336 switch(itype){ 4337 4338 case LOGON_SAM_LOGON_RESPONSE: 4339 /* logon server name; must be aligned on a 2-byte boundary */ 4340 if ((offset & 1) != 0) { 4341 offset++; 4342 } 4343 proto_tree_add_item_ret_length(tree, hf_mscldap_nb_hostname_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len); 4344 offset +=fn_len; 4345 4346 /* username; must be aligned on a 2-byte boundary */ 4347 if ((offset & 1) != 0) { 4348 offset++; 4349 } 4350 proto_tree_add_item_ret_length(tree, hf_mscldap_username_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len); 4351 offset +=fn_len; 4352 4353 /* domain name; must be aligned on a 2-byte boundary */ 4354 if ((offset & 1) != 0) { 4355 offset++; 4356 } 4357 proto_tree_add_item_ret_length(tree, hf_mscldap_nb_domain_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len); 4358 offset +=fn_len; 4359 4360 /* get the version number from the end of the buffer, as the 4361 length is variable and the version determines what fields 4362 need to be decoded */ 4363 version = tvb_get_letohl(tvb,len-8); 4364 4365 /* include the extra version 5 fields */ 4366 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){ 4367 4368 /* domain guid */ 4369 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN); 4370 offset += 16; 4371 4372 /* domain guid part 2 4373 there is another 16 byte guid but this is alway zero, so we will skip it */ 4374 offset += 16; 4375 4376 /* Forest */ 4377 old_offset=offset; 4378 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4379 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str); 4380 4381 /* Domain */ 4382 old_offset=offset; 4383 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4384 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str); 4385 4386 /* Hostname */ 4387 old_offset=offset; 4388 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4389 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str); 4390 4391 /* DC IP Address */ 4392 proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, ENC_BIG_ENDIAN); 4393 offset += 4; 4394 4395 /* Flags */ 4396 dissect_mscldap_netlogon_flags(tree, tvb, offset); 4397 } 4398 4399 break; 4400 4401 case LOGON_SAM_LOGON_RESPONSE_EX: 4402 /* MS-ADTS 6.3.1.9 */ 4403 offset += 2; /* Skip over "Sbz" field (MUST be set to 0) */ 4404 4405 /* Flags */ 4406 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset); 4407 4408 /* Domain GUID */ 4409 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN); 4410 offset += 16; 4411 4412 /* Forest */ 4413 old_offset=offset; 4414 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4415 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str); 4416 4417 /* Domain */ 4418 old_offset=offset; 4419 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4420 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str); 4421 4422 /* Hostname */ 4423 old_offset=offset; 4424 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4425 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str); 4426 4427 /* NetBIOS Domain */ 4428 old_offset=offset; 4429 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4430 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str); 4431 4432 /* NetBIOS Hostname */ 4433 old_offset=offset; 4434 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4435 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str); 4436 4437 /* User */ 4438 old_offset=offset; 4439 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4440 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str); 4441 4442 /* Server Site */ 4443 old_offset=offset; 4444 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4445 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str); 4446 4447 /* Client Site */ 4448 old_offset=offset; 4449 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); 4450 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str); 4451 4452 /* get the version number from the end of the buffer, as the 4453 length is variable and the version determines what fields 4454 need to be decoded */ 4455 version = tvb_get_letohl(tvb,len-8); 4456 4457 /* include the extra fields for version 5 with IP s */ 4458 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){ 4459 /* The ip address is returned as a sockaddr_in structure 4460 * 4461 * This section may need to be updated if the base Windows APIs 4462 * are changed to support ipv6, which currently is not the case. 4463 * 4464 * The desector assumes the length is based on ipv4 and 4465 * ignores the length 4466 */ 4467 4468 /* skip the length of the sockaddr_in */ 4469 4470 offset +=1; 4471 4472 /* add IP address and desect the sockaddr_in structure */ 4473 4474 old_offset = offset + 4; 4475 item = proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, ENC_BIG_ENDIAN); 4476 4477 if (tree) { 4478 proto_tree *subtree; 4479 4480 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails); 4481 4482 /* get sockaddr family */ 4483 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4484 offset +=2; 4485 4486 /* get sockaddr port */ 4487 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4488 offset +=2; 4489 4490 /* get IP address */ 4491 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN); 4492 } 4493 4494 } 4495 4496 break; 4497 } 4498 4499 4500 /* complete the decode with the version and token details */ 4501 4502 offset = len - 8; 4503 4504 /* NETLOGON_NT_VERISON Options (MS-ADTS 6.3.1.1) */ 4505 offset = dissect_mscldap_ntver_flags(tree, tvb, offset); 4506 4507 /* LM Token */ 4508 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4509 offset += 2; 4510 4511 /* NT Token */ 4512 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4513 4514 return tvb_captured_length(tvb); 4515 } 4516 4517 4518 static guint 4519 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, 4520 int offset, void *data _U_) 4521 { 4522 /* sasl encapsulated ldap is 4 bytes plus the length in size */ 4523 return tvb_get_ntohl(tvb, offset)+4; 4524 } 4525 4526 static int 4527 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4528 { 4529 dissect_ldap_pdu(tvb, pinfo, tree, FALSE); 4530 return tvb_captured_length(tvb); 4531 } 4532 4533 static guint 4534 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, 4535 int offset, void *data _U_) 4536 { 4537 guint32 len; 4538 gboolean ind; 4539 int data_offset; 4540 4541 /* normal ldap is tag+len bytes plus the length 4542 * offset is where the tag is 4543 * offset+1 is where length starts 4544 */ 4545 data_offset=get_ber_length(tvb, offset+1, &len, &ind); 4546 return len+data_offset-offset; 4547 } 4548 4549 static int 4550 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4551 { 4552 dissect_ldap_pdu(tvb, pinfo, tree, FALSE); 4553 return tvb_captured_length(tvb); 4554 } 4555 4556 static int 4557 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_) 4558 { 4559 char *oid; 4560 const char *oidname; 4561 4562 /* tvb here contains an ascii string that is really an oid */ 4563 /* XXX we should convert the string oid into a real oid so we can use 4564 * proto_tree_add_oid() instead. 4565 */ 4566 4567 oid=tvb_get_string_enc(pinfo->pool, tvb, 0, tvb_reported_length(tvb), ENC_UTF_8|ENC_NA); 4568 if(!oid){ 4569 return tvb_captured_length(tvb); 4570 } 4571 4572 oidname=oid_resolved_from_string(pinfo->pool, oid); 4573 4574 if(oidname){ 4575 proto_tree_add_string_format_value(tree, hf_ldap_oid, tvb, 0, tvb_reported_length(tvb), oid, "%s (%s)",oid,oidname); 4576 } else { 4577 proto_tree_add_string(tree, hf_ldap_oid, tvb, 0, tvb_captured_length(tvb), oid); 4578 } 4579 return tvb_captured_length(tvb); 4580 } 4581 4582 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001 4583 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002 4584 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004 4585 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008 4586 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010 4587 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020 4588 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040 4589 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080 4590 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100 4591 4592 static void 4593 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access) 4594 { 4595 static int * const access_flags[] = { 4596 &hf_ldap_AccessMask_ADS_CONTROL_ACCESS, 4597 &hf_ldap_AccessMask_ADS_LIST_OBJECT, 4598 &hf_ldap_AccessMask_ADS_DELETE_TREE, 4599 &hf_ldap_AccessMask_ADS_WRITE_PROP, 4600 &hf_ldap_AccessMask_ADS_READ_PROP, 4601 &hf_ldap_AccessMask_ADS_SELF_WRITE, 4602 &hf_ldap_AccessMask_ADS_LIST, 4603 &hf_ldap_AccessMask_ADS_DELETE_CHILD, 4604 &hf_ldap_AccessMask_ADS_CREATE_CHILD, 4605 NULL 4606 }; 4607 4608 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access); 4609 } 4610 struct access_mask_info ldap_access_mask_info = { 4611 "LDAP", /* Name of specific rights */ 4612 ldap_specific_rights, /* Dissection function */ 4613 NULL, /* Generic mapping table */ 4614 NULL /* Standard mapping table */ 4615 }; 4616 4617 static int 4618 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4619 { 4620 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_reported_length(tvb), &ldap_access_mask_info); 4621 return tvb_captured_length(tvb); 4622 } 4623 4624 static int 4625 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_) 4626 { 4627 char *tmpstr; 4628 4629 /* this octet string contains an NT SID */ 4630 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid); 4631 ldapvalue_string=tmpstr; 4632 return tvb_captured_length(tvb); 4633 } 4634 4635 static int 4636 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4637 { 4638 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ 4639 e_guid_t uuid; 4640 4641 /* This octet string contained a GUID */ 4642 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid); 4643 4644 ldapvalue_string=(char*)wmem_alloc(pinfo->pool, 1024); 4645 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", 4646 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1], 4647 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5], 4648 uuid.data4[6], uuid.data4[7]); 4649 return tvb_captured_length(tvb); 4650 } 4651 4652 static int 4653 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) 4654 { 4655 guint32 sasl_len; 4656 guint32 ldap_len; 4657 gboolean ind; 4658 conversation_t *conversation; 4659 ldap_conv_info_t *ldap_info = NULL; 4660 4661 /* 4662 * Do we have a conversation for this connection? 4663 */ 4664 conversation = find_conversation_pinfo(pinfo, 0); 4665 if(conversation){ 4666 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap); 4667 } 4668 4669 ldm_tree = NULL; 4670 4671 /* This is a bit tricky. We have to find out whether SASL is used 4672 * so that we know how big a header we are supposed to pass 4673 * to tcp_dissect_pdus() 4674 * We must also cope with the case when a client connects to LDAP 4675 * and performs a few unauthenticated searches of LDAP before 4676 * it performs the bind on the same tcp connection. 4677 */ 4678 /* check for a SASL header, i.e. assume it is SASL if 4679 * 1, first four bytes (SASL length) is an integer 4680 * with a value that must be <LDAP_SASL_MAX_BUF and >2 4681 * (>2 to fight false positives, 0x00000000 is a common 4682 * "random" tcp payload) 4683 * (SASL ldap PDUs might be >64k in size, which is why 4684 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h) 4685 * 4686 * 2, we must have a conversation and the auth type must 4687 * be LDAP_AUTH_SASL 4688 */ 4689 sasl_len=tvb_get_ntohl(tvb, 0); 4690 4691 if( sasl_len<2 ){ 4692 goto this_was_not_sasl; 4693 } 4694 4695 if( sasl_len>LDAP_SASL_MAX_BUF ){ 4696 goto this_was_not_sasl; 4697 } 4698 4699 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){ 4700 goto this_was_not_sasl; 4701 } 4702 4703 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data); 4704 return tvb_captured_length(tvb); 4705 4706 this_was_not_sasl: 4707 /* check if it is a normal BER encoded LDAP packet 4708 * i.e. first byte is 0x30 followed by a length that is 4709 * <64k 4710 * (no ldap PDUs are ever >64kb? ) 4711 */ 4712 if(tvb_get_guint8(tvb, 0)!=0x30){ 4713 goto this_was_not_normal_ldap; 4714 } 4715 4716 /* check that length makes sense */ 4717 get_ber_length(tvb, 1, &ldap_len, &ind); 4718 4719 /* don't check ind since indefinite length is never used for ldap (famous last words)*/ 4720 if(ldap_len<2){ 4721 goto this_was_not_normal_ldap; 4722 } 4723 4724 /* 4725 * The minimum size of a LDAP pdu is 7 bytes 4726 * 4727 * dumpasn1 -hh ldap-unbind-min.dat 4728 * 4729 * <30 05 02 01 09 42 00> 4730 * 0 5: SEQUENCE { 4731 * <02 01 09> 4732 * 2 1: INTEGER 9 4733 * <42 00> 4734 * 5 0: [APPLICATION 2] 4735 * : Error: Object has zero length. 4736 * : } 4737 * 4738 * dumpasn1 -hh ldap-unbind-windows.dat 4739 * 4740 * <30 84 00 00 00 05 02 01 09 42 00> 4741 * 0 5: SEQUENCE { 4742 * <02 01 09> 4743 * 6 1: INTEGER 9 4744 * <42 00> 4745 * 9 0: [APPLICATION 2] 4746 * : Error: Object has zero length. 4747 * : } 4748 * 4749 * 6 bytes would also be ok to get the full length of 4750 * the pdu, but as the smallest pdu can be 7 bytes 4751 * we can use 7. 4752 */ 4753 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data); 4754 4755 goto end; 4756 4757 this_was_not_normal_ldap: 4758 4759 /* Ok it might be a strange case of SASL still 4760 * It has been seen with Exchange setup to MS AD 4761 * when Exchange pretend that there is SASL but in fact data are still 4762 * in clear*/ 4763 if ((sasl_len + 4) == (guint32)tvb_reported_length_remaining(tvb, 0)) 4764 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data); 4765 end: 4766 return tvb_captured_length(tvb); 4767 } 4768 4769 static int 4770 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 4771 { 4772 dissect_ldap_pdu(tvb, pinfo, tree, TRUE); 4773 return tvb_captured_length(tvb); 4774 } 4775 4776 4777 /*--- proto_register_ldap -------------------------------------------*/ 4778 void proto_register_ldap(void) { 4779 4780 /* List of fields */ 4781 4782 static hf_register_info hf[] = { 4783 4784 { &hf_ldap_sasl_buffer_length, 4785 { "SASL Buffer Length", "ldap.sasl_buffer_length", 4786 FT_UINT32, BASE_DEC, NULL, 0x0, 4787 NULL, HFILL }}, 4788 { &hf_ldap_response_in, 4789 { "Response In", "ldap.response_in", 4790 FT_FRAMENUM, BASE_NONE, NULL, 0x0, 4791 "The response to this LDAP request is in this frame", HFILL }}, 4792 { &hf_ldap_response_to, 4793 { "Response To", "ldap.response_to", 4794 FT_FRAMENUM, BASE_NONE, NULL, 0x0, 4795 "This is a response to the LDAP request in this frame", HFILL }}, 4796 { &hf_ldap_time, 4797 { "Time", "ldap.time", 4798 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, 4799 "The time between the Call and the Reply", HFILL }}, 4800 4801 { &hf_mscldap_netlogon_opcode, 4802 { "Operation code", "mscldap.netlogon.opcode", 4803 FT_UINT16, BASE_DEC, VALS(netlogon_opcode_vals), 0x0, 4804 "LDAP ping operation code", HFILL }}, 4805 4806 { &hf_mscldap_netlogon_ipaddress_family, 4807 { "Family", "mscldap.netlogon.ipaddress.family", 4808 FT_UINT16, BASE_DEC, NULL, 0x0, 4809 NULL, HFILL }}, 4810 4811 { &hf_mscldap_netlogon_ipaddress_ipv4, 4812 { "IPv4", "mscldap.netlogon.ipaddress.ipv4", 4813 FT_IPv4, BASE_NONE, NULL, 0x0, 4814 "IP Address", HFILL }}, 4815 4816 { &hf_mscldap_netlogon_ipaddress_port, 4817 { "Port", "mscldap.netlogon.ipaddress.port", 4818 FT_UINT16, BASE_DEC, NULL, 0x0, 4819 NULL, HFILL }}, 4820 4821 { &hf_mscldap_netlogon_ipaddress, 4822 { "IP Address","mscldap.netlogon.ipaddress", 4823 FT_IPv4, BASE_NONE, NULL, 0x0, 4824 "Domain Controller IP Address", HFILL }}, 4825 4826 { &hf_mscldap_netlogon_lm_token, 4827 { "LM Token", "mscldap.netlogon.lm_token", 4828 FT_UINT16, BASE_HEX, NULL, 0x0, 4829 "MUST be set to 0xFFFF", HFILL }}, 4830 4831 { &hf_mscldap_netlogon_nt_token, 4832 { "NT Token", "mscldap.netlogon.nt_token", 4833 FT_UINT16, BASE_HEX, NULL, 0x0, 4834 "MUST be set to 0xFFFF", HFILL }}, 4835 4836 { &hf_mscldap_netlogon_flags, 4837 { "Flags", "mscldap.netlogon.flags", 4838 FT_UINT32, BASE_HEX, NULL, 0x0, 4839 "Netlogon flags describing the DC properties", HFILL }}, 4840 4841 { &hf_mscldap_ntver_flags, 4842 { "Version Flags", "mscldap.ntver.flags", 4843 FT_UINT32, BASE_HEX, NULL, 0x0, 4844 "NETLOGON_NT_VERSION Options Bits", HFILL }}, 4845 4846 { &hf_mscldap_domain_guid, 4847 { "Domain GUID", "mscldap.domain.guid", 4848 FT_GUID, BASE_NONE, NULL, 0x0, 4849 "Value of the NC's GUID attribute", HFILL }}, 4850 4851 { &hf_mscldap_forest, 4852 { "Forest", "mscldap.forest", 4853 FT_STRING, BASE_NONE, NULL, 0x0, 4854 "DNS name of the forest", HFILL }}, 4855 4856 { &hf_mscldap_domain, 4857 { "Domain", "mscldap.domain", 4858 FT_STRING, BASE_NONE, NULL, 0x0, 4859 "DNS name of the NC", HFILL }}, 4860 4861 { &hf_mscldap_hostname, 4862 { "Hostname", "mscldap.hostname", 4863 FT_STRING, BASE_NONE, NULL, 0x0, 4864 "DNS name of server", HFILL }}, 4865 4866 { &hf_mscldap_nb_domain_z, 4867 { "NetBIOS Domain", "mscldap.nb_domain", 4868 FT_STRINGZ, BASE_NONE, NULL, 0x0, 4869 "NetBIOS name of the NC", HFILL }}, 4870 4871 { &hf_mscldap_nb_domain, 4872 { "NetBIOS Domain", "mscldap.nb_domain", 4873 FT_STRING, BASE_NONE, NULL, 0x0, 4874 "NetBIOS name of the NC", HFILL }}, 4875 4876 { &hf_mscldap_nb_hostname_z, 4877 { "NetBIOS Hostname", "mscldap.nb_hostname", 4878 FT_STRINGZ, BASE_NONE, NULL, 0x0, 4879 "NetBIOS name of the server", HFILL }}, 4880 4881 { &hf_mscldap_nb_hostname, 4882 { "NetBIOS Hostname", "mscldap.nb_hostname", 4883 FT_STRING, BASE_NONE, NULL, 0x0, 4884 "NetBIOS name of the server", HFILL }}, 4885 4886 { &hf_mscldap_username_z, 4887 { "Username", "mscldap.username", 4888 FT_STRINGZ, BASE_NONE, NULL, 0x0, 4889 "User specified in client's request", HFILL }}, 4890 4891 { &hf_mscldap_username, 4892 { "Username", "mscldap.username", 4893 FT_STRING, BASE_NONE, NULL, 0x0, 4894 "User specified in client's request", HFILL }}, 4895 4896 { &hf_mscldap_sitename, 4897 { "Server Site", "mscldap.sitename", 4898 FT_STRING, BASE_NONE, NULL, 0x0, 4899 "Site name of the server", HFILL }}, 4900 4901 { &hf_mscldap_clientsitename, 4902 { "Client Site", "mscldap.clientsitename", 4903 FT_STRING, BASE_NONE, NULL, 0x0, 4904 "Site name of the client", HFILL }}, 4905 4906 { &hf_ldap_sid, 4907 { "Sid", "ldap.sid", 4908 FT_STRING, BASE_NONE, NULL, 0x0, 4909 NULL, HFILL }}, 4910 4911 { &hf_mscldap_ntver_flags_v1, 4912 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32, 4913 TFS(&tfs_ntver_v1), 0x00000001, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4914 4915 { &hf_mscldap_ntver_flags_v5, 4916 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32, 4917 TFS(&tfs_ntver_v5), 0x00000002, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4918 4919 { &hf_mscldap_ntver_flags_v5ex, 4920 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32, 4921 TFS(&tfs_ntver_v5ex), 0x00000004, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4922 4923 { &hf_mscldap_ntver_flags_v5ep, 4924 { "V5EP", "mscldap.ntver.searchflags.v5ep", FT_BOOLEAN, 32, 4925 TFS(&tfs_ntver_v5ep), 0x00000008, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4926 4927 { &hf_mscldap_ntver_flags_vcs, 4928 { "VCS", "mscldap.ntver.searchflags.vcs", FT_BOOLEAN, 32, 4929 TFS(&tfs_ntver_vcs), 0x00000010, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4930 4931 { &hf_mscldap_ntver_flags_vnt4, 4932 { "VNT4", "mscldap.ntver.searchflags.vnt4", FT_BOOLEAN, 32, 4933 TFS(&tfs_ntver_vnt4), 0x01000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4934 4935 { &hf_mscldap_ntver_flags_vpdc, 4936 { "VPDC", "mscldap.ntver.searchflags.vpdc", FT_BOOLEAN, 32, 4937 TFS(&tfs_ntver_vpdc), 0x10000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4938 4939 { &hf_mscldap_ntver_flags_vip, 4940 { "VIP", "mscldap.ntver.searchflags.vip", FT_BOOLEAN, 32, 4941 TFS(&tfs_ntver_vip), 0x20000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4942 4943 { &hf_mscldap_ntver_flags_vl, 4944 { "VL", "mscldap.ntver.searchflags.vl", FT_BOOLEAN, 32, 4945 TFS(&tfs_ntver_vl), 0x40000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4946 4947 { &hf_mscldap_ntver_flags_vgc, 4948 { "VGC", "mscldap.ntver.searchflags.vgc", FT_BOOLEAN, 32, 4949 TFS(&tfs_ntver_vgc), 0x80000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }}, 4950 4951 4952 { &hf_mscldap_netlogon_flags_pdc, 4953 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32, 4954 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }}, 4955 4956 { &hf_mscldap_netlogon_flags_gc, 4957 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32, 4958 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }}, 4959 4960 { &hf_mscldap_netlogon_flags_ldap, 4961 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32, 4962 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }}, 4963 4964 { &hf_mscldap_netlogon_flags_ds, 4965 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32, 4966 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }}, 4967 4968 { &hf_mscldap_netlogon_flags_kdc, 4969 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32, 4970 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }}, 4971 4972 { &hf_mscldap_netlogon_flags_timeserv, 4973 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32, 4974 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }}, 4975 4976 { &hf_mscldap_netlogon_flags_closest, 4977 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32, 4978 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }}, 4979 4980 { &hf_mscldap_netlogon_flags_writable, 4981 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32, 4982 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }}, 4983 4984 { &hf_mscldap_netlogon_flags_good_timeserv, 4985 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32, 4986 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }}, 4987 4988 { &hf_mscldap_netlogon_flags_ndnc, 4989 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32, 4990 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }}, 4991 4992 { &hf_mscldap_netlogon_flags_rodc, 4993 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32, 4994 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }}, 4995 4996 { &hf_mscldap_netlogon_flags_wdc, 4997 { "WDC", "mscldap.netlogon.flags.writabledc", FT_BOOLEAN, 32, 4998 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }}, 4999 5000 { &hf_mscldap_netlogon_flags_dns, 5001 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32, 5002 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }}, 5003 5004 { &hf_mscldap_netlogon_flags_dnc, 5005 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32, 5006 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }}, 5007 5008 { &hf_mscldap_netlogon_flags_fnc, 5009 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32, 5010 TFS(&tfs_ads_fnc), 0x80000000, "Is the the NC the default forest root(Windows 2008)?", HFILL }}, 5011 5012 { &hf_ldap_guid, 5013 { "GUID", "ldap.guid", FT_GUID, BASE_NONE, 5014 NULL, 0, NULL, HFILL }}, 5015 5016 { &hf_ldap_AccessMask_ADS_CREATE_CHILD, 5017 { "Ads Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }}, 5018 5019 { &hf_ldap_AccessMask_ADS_DELETE_CHILD, 5020 { "Ads Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }}, 5021 5022 { &hf_ldap_AccessMask_ADS_LIST, 5023 { "Ads List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }}, 5024 5025 { &hf_ldap_AccessMask_ADS_SELF_WRITE, 5026 { "Ads Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }}, 5027 5028 { &hf_ldap_AccessMask_ADS_READ_PROP, 5029 { "Ads Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }}, 5030 5031 { &hf_ldap_AccessMask_ADS_WRITE_PROP, 5032 { "Ads Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }}, 5033 5034 { &hf_ldap_AccessMask_ADS_DELETE_TREE, 5035 { "Ads Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }}, 5036 5037 { &hf_ldap_AccessMask_ADS_LIST_OBJECT, 5038 { "Ads List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }}, 5039 5040 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS, 5041 { "Ads Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }}, 5042 5043 { &hf_ldap_LDAPMessage_PDU, 5044 { "LDAPMessage", "ldap.LDAPMessage_element", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, 5045 5046 { &hf_ldap_object_security_flag, 5047 { "Flag Object_Security", "ldap.object_security_flag", FT_BOOLEAN, 32, NULL, 0x00000001, NULL, HFILL }}, 5048 5049 { &hf_ldap_ancestor_first_flag, 5050 { "Flag Ancestor_First", "ldap.ancestor_first_flag", FT_BOOLEAN, 32, NULL, 0x00000800, NULL, HFILL }}, 5051 5052 { &hf_ldap_public_data_only_flag, 5053 { "Flag Public_Data_Only", "ldap.public_data_only_flag", FT_BOOLEAN, 32, NULL, 0x00002000, NULL, HFILL }}, 5054 5055 { &hf_ldap_incremental_value_flag, 5056 { "Flag Incremental_Value", "ldap.incremental_value_flag", FT_BOOLEAN, 32, NULL, 0x80000000, NULL, HFILL }}, 5057 5058 { &hf_ldap_oid, 5059 { "OID", "ldap.oid", FT_STRING, BASE_NONE, 5060 NULL, 0, NULL, HFILL }}, 5061 5062 { &hf_ldap_gssapi_encrypted_payload, 5063 { "GSS-API Encrypted payload", "ldap.gssapi_encrypted_payload", FT_BYTES, BASE_NONE, 5064 NULL, 0, NULL, HFILL }}, 5065 5066 5067 /*--- Included file: packet-ldap-hfarr.c ---*/ 5068 #line 1 "./asn1/ldap/packet-ldap-hfarr.c" 5069 { &hf_ldap_SearchControlValue_PDU, 5070 { "SearchControlValue", "ldap.SearchControlValue_element", 5071 FT_NONE, BASE_NONE, NULL, 0, 5072 NULL, HFILL }}, 5073 { &hf_ldap_SortKeyList_PDU, 5074 { "SortKeyList", "ldap.SortKeyList", 5075 FT_UINT32, BASE_DEC, NULL, 0, 5076 NULL, HFILL }}, 5077 { &hf_ldap_SortResult_PDU, 5078 { "SortResult", "ldap.SortResult_element", 5079 FT_NONE, BASE_NONE, NULL, 0, 5080 NULL, HFILL }}, 5081 { &hf_ldap_DirSyncControlValue_PDU, 5082 { "DirSyncControlValue", "ldap.DirSyncControlValue_element", 5083 FT_NONE, BASE_NONE, NULL, 0, 5084 NULL, HFILL }}, 5085 { &hf_ldap_PasswdModifyRequestValue_PDU, 5086 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue_element", 5087 FT_NONE, BASE_NONE, NULL, 0, 5088 NULL, HFILL }}, 5089 { &hf_ldap_CancelRequestValue_PDU, 5090 { "CancelRequestValue", "ldap.CancelRequestValue_element", 5091 FT_NONE, BASE_NONE, NULL, 0, 5092 NULL, HFILL }}, 5093 { &hf_ldap_SyncRequestValue_PDU, 5094 { "SyncRequestValue", "ldap.SyncRequestValue_element", 5095 FT_NONE, BASE_NONE, NULL, 0, 5096 NULL, HFILL }}, 5097 { &hf_ldap_SyncStateValue_PDU, 5098 { "SyncStateValue", "ldap.SyncStateValue_element", 5099 FT_NONE, BASE_NONE, NULL, 0, 5100 NULL, HFILL }}, 5101 { &hf_ldap_SyncDoneValue_PDU, 5102 { "SyncDoneValue", "ldap.SyncDoneValue_element", 5103 FT_NONE, BASE_NONE, NULL, 0, 5104 NULL, HFILL }}, 5105 { &hf_ldap_SyncInfoValue_PDU, 5106 { "SyncInfoValue", "ldap.SyncInfoValue", 5107 FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0, 5108 NULL, HFILL }}, 5109 { &hf_ldap_PasswordPolicyResponseValue_PDU, 5110 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue_element", 5111 FT_NONE, BASE_NONE, NULL, 0, 5112 NULL, HFILL }}, 5113 { &hf_ldap_messageID, 5114 { "messageID", "ldap.messageID", 5115 FT_UINT32, BASE_DEC, NULL, 0, 5116 NULL, HFILL }}, 5117 { &hf_ldap_protocolOp, 5118 { "protocolOp", "ldap.protocolOp", 5119 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0, 5120 NULL, HFILL }}, 5121 { &hf_ldap_controls, 5122 { "controls", "ldap.controls", 5123 FT_UINT32, BASE_DEC, NULL, 0, 5124 NULL, HFILL }}, 5125 { &hf_ldap_bindRequest, 5126 { "bindRequest", "ldap.bindRequest_element", 5127 FT_NONE, BASE_NONE, NULL, 0, 5128 NULL, HFILL }}, 5129 { &hf_ldap_bindResponse, 5130 { "bindResponse", "ldap.bindResponse_element", 5131 FT_NONE, BASE_NONE, NULL, 0, 5132 NULL, HFILL }}, 5133 { &hf_ldap_unbindRequest, 5134 { "unbindRequest", "ldap.unbindRequest_element", 5135 FT_NONE, BASE_NONE, NULL, 0, 5136 NULL, HFILL }}, 5137 { &hf_ldap_searchRequest, 5138 { "searchRequest", "ldap.searchRequest_element", 5139 FT_NONE, BASE_NONE, NULL, 0, 5140 NULL, HFILL }}, 5141 { &hf_ldap_searchResEntry, 5142 { "searchResEntry", "ldap.searchResEntry_element", 5143 FT_NONE, BASE_NONE, NULL, 0, 5144 "SearchResultEntry", HFILL }}, 5145 { &hf_ldap_searchResDone, 5146 { "searchResDone", "ldap.searchResDone_element", 5147 FT_NONE, BASE_NONE, NULL, 0, 5148 "SearchResultDone", HFILL }}, 5149 { &hf_ldap_searchResRef, 5150 { "searchResRef", "ldap.searchResRef", 5151 FT_UINT32, BASE_DEC, NULL, 0, 5152 "SearchResultReference", HFILL }}, 5153 { &hf_ldap_modifyRequest, 5154 { "modifyRequest", "ldap.modifyRequest_element", 5155 FT_NONE, BASE_NONE, NULL, 0, 5156 NULL, HFILL }}, 5157 { &hf_ldap_modifyResponse, 5158 { "modifyResponse", "ldap.modifyResponse_element", 5159 FT_NONE, BASE_NONE, NULL, 0, 5160 NULL, HFILL }}, 5161 { &hf_ldap_addRequest, 5162 { "addRequest", "ldap.addRequest_element", 5163 FT_NONE, BASE_NONE, NULL, 0, 5164 NULL, HFILL }}, 5165 { &hf_ldap_addResponse, 5166 { "addResponse", "ldap.addResponse_element", 5167 FT_NONE, BASE_NONE, NULL, 0, 5168 NULL, HFILL }}, 5169 { &hf_ldap_delRequest, 5170 { "delRequest", "ldap.delRequest", 5171 FT_STRING, STR_UNICODE, NULL, 0, 5172 NULL, HFILL }}, 5173 { &hf_ldap_delResponse, 5174 { "delResponse", "ldap.delResponse_element", 5175 FT_NONE, BASE_NONE, NULL, 0, 5176 NULL, HFILL }}, 5177 { &hf_ldap_modDNRequest, 5178 { "modDNRequest", "ldap.modDNRequest_element", 5179 FT_NONE, BASE_NONE, NULL, 0, 5180 "ModifyDNRequest", HFILL }}, 5181 { &hf_ldap_modDNResponse, 5182 { "modDNResponse", "ldap.modDNResponse_element", 5183 FT_NONE, BASE_NONE, NULL, 0, 5184 "ModifyDNResponse", HFILL }}, 5185 { &hf_ldap_compareRequest, 5186 { "compareRequest", "ldap.compareRequest_element", 5187 FT_NONE, BASE_NONE, NULL, 0, 5188 NULL, HFILL }}, 5189 { &hf_ldap_compareResponse, 5190 { "compareResponse", "ldap.compareResponse_element", 5191 FT_NONE, BASE_NONE, NULL, 0, 5192 NULL, HFILL }}, 5193 { &hf_ldap_abandonRequest, 5194 { "abandonRequest", "ldap.abandonRequest", 5195 FT_UINT32, BASE_DEC, NULL, 0, 5196 NULL, HFILL }}, 5197 { &hf_ldap_extendedReq, 5198 { "extendedReq", "ldap.extendedReq_element", 5199 FT_NONE, BASE_NONE, NULL, 0, 5200 "ExtendedRequest", HFILL }}, 5201 { &hf_ldap_extendedResp, 5202 { "extendedResp", "ldap.extendedResp_element", 5203 FT_NONE, BASE_NONE, NULL, 0, 5204 "ExtendedResponse", HFILL }}, 5205 { &hf_ldap_intermediateResponse, 5206 { "intermediateResponse", "ldap.intermediateResponse_element", 5207 FT_NONE, BASE_NONE, NULL, 0, 5208 NULL, HFILL }}, 5209 { &hf_ldap_AttributeDescriptionList_item, 5210 { "AttributeDescription", "ldap.AttributeDescription", 5211 FT_STRING, STR_UNICODE, NULL, 0, 5212 NULL, HFILL }}, 5213 { &hf_ldap_attributeDesc, 5214 { "attributeDesc", "ldap.attributeDesc", 5215 FT_STRING, STR_UNICODE, NULL, 0, 5216 "AttributeDescription", HFILL }}, 5217 { &hf_ldap_assertionValue, 5218 { "assertionValue", "ldap.assertionValue", 5219 FT_STRING, BASE_NONE, NULL, 0, 5220 NULL, HFILL }}, 5221 { &hf_ldap_type, 5222 { "type", "ldap.type", 5223 FT_STRING, STR_UNICODE, NULL, 0, 5224 "AttributeDescription", HFILL }}, 5225 { &hf_ldap_vals, 5226 { "vals", "ldap.vals", 5227 FT_UINT32, BASE_DEC, NULL, 0, 5228 "SET_OF_AttributeValue", HFILL }}, 5229 { &hf_ldap_vals_item, 5230 { "AttributeValue", "ldap.AttributeValue", 5231 FT_BYTES, BASE_NONE, NULL, 0, 5232 NULL, HFILL }}, 5233 { &hf_ldap_resultCode, 5234 { "resultCode", "ldap.resultCode", 5235 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0, 5236 NULL, HFILL }}, 5237 { &hf_ldap_matchedDN, 5238 { "matchedDN", "ldap.matchedDN", 5239 FT_STRING, STR_UNICODE, NULL, 0, 5240 "LDAPDN", HFILL }}, 5241 { &hf_ldap_errorMessage, 5242 { "errorMessage", "ldap.errorMessage", 5243 FT_STRING, STR_UNICODE, NULL, 0, 5244 NULL, HFILL }}, 5245 { &hf_ldap_referral, 5246 { "referral", "ldap.referral", 5247 FT_UINT32, BASE_DEC, NULL, 0, 5248 NULL, HFILL }}, 5249 { &hf_ldap_Referral_item, 5250 { "LDAPURL", "ldap.LDAPURL", 5251 FT_STRING, BASE_NONE, NULL, 0, 5252 NULL, HFILL }}, 5253 { &hf_ldap_Controls_item, 5254 { "Control", "ldap.Control_element", 5255 FT_NONE, BASE_NONE, NULL, 0, 5256 NULL, HFILL }}, 5257 { &hf_ldap_controlType, 5258 { "controlType", "ldap.controlType", 5259 FT_STRING, BASE_NONE, NULL, 0, 5260 NULL, HFILL }}, 5261 { &hf_ldap_criticality, 5262 { "criticality", "ldap.criticality", 5263 FT_BOOLEAN, BASE_NONE, NULL, 0, 5264 "BOOLEAN", HFILL }}, 5265 { &hf_ldap_controlValue, 5266 { "controlValue", "ldap.controlValue", 5267 FT_BYTES, BASE_NONE, NULL, 0, 5268 NULL, HFILL }}, 5269 { &hf_ldap_version, 5270 { "version", "ldap.version", 5271 FT_UINT32, BASE_DEC, NULL, 0, 5272 "INTEGER_1_127", HFILL }}, 5273 { &hf_ldap_name, 5274 { "name", "ldap.name", 5275 FT_STRING, STR_UNICODE, NULL, 0, 5276 "LDAPDN", HFILL }}, 5277 { &hf_ldap_authentication, 5278 { "authentication", "ldap.authentication", 5279 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0, 5280 "AuthenticationChoice", HFILL }}, 5281 { &hf_ldap_simple, 5282 { "simple", "ldap.simple", 5283 FT_STRING, BASE_NONE, NULL, 0, 5284 NULL, HFILL }}, 5285 { &hf_ldap_sasl, 5286 { "sasl", "ldap.sasl_element", 5287 FT_NONE, BASE_NONE, NULL, 0, 5288 "SaslCredentials", HFILL }}, 5289 { &hf_ldap_ntlmsspNegotiate, 5290 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate", 5291 FT_BYTES, BASE_NONE, NULL, 0, 5292 NULL, HFILL }}, 5293 { &hf_ldap_ntlmsspAuth, 5294 { "ntlmsspAuth", "ldap.ntlmsspAuth", 5295 FT_BYTES, BASE_NONE, NULL, 0, 5296 NULL, HFILL }}, 5297 { &hf_ldap_mechanism, 5298 { "mechanism", "ldap.mechanism", 5299 FT_STRING, BASE_NONE, NULL, 0, 5300 NULL, HFILL }}, 5301 { &hf_ldap_credentials, 5302 { "credentials", "ldap.credentials", 5303 FT_BYTES, BASE_NONE, NULL, 0, 5304 NULL, HFILL }}, 5305 { &hf_ldap_bindResponse_resultCode, 5306 { "resultCode", "ldap.resultCode", 5307 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0, 5308 "BindResponse_resultCode", HFILL }}, 5309 { &hf_ldap_bindResponse_matchedDN, 5310 { "matchedDN", "ldap.matchedDN", 5311 FT_STRING, STR_UNICODE, NULL, 0, 5312 "T_bindResponse_matchedDN", HFILL }}, 5313 { &hf_ldap_serverSaslCreds, 5314 { "serverSaslCreds", "ldap.serverSaslCreds", 5315 FT_BYTES, BASE_NONE, NULL, 0, 5316 NULL, HFILL }}, 5317 { &hf_ldap_baseObject, 5318 { "baseObject", "ldap.baseObject", 5319 FT_STRING, STR_UNICODE, NULL, 0, 5320 "LDAPDN", HFILL }}, 5321 { &hf_ldap_scope, 5322 { "scope", "ldap.scope", 5323 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0, 5324 NULL, HFILL }}, 5325 { &hf_ldap_derefAliases, 5326 { "derefAliases", "ldap.derefAliases", 5327 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0, 5328 NULL, HFILL }}, 5329 { &hf_ldap_sizeLimit, 5330 { "sizeLimit", "ldap.sizeLimit", 5331 FT_UINT32, BASE_DEC, NULL, 0, 5332 "INTEGER_0_maxInt", HFILL }}, 5333 { &hf_ldap_timeLimit, 5334 { "timeLimit", "ldap.timeLimit", 5335 FT_UINT32, BASE_DEC, NULL, 0, 5336 "INTEGER_0_maxInt", HFILL }}, 5337 { &hf_ldap_typesOnly, 5338 { "typesOnly", "ldap.typesOnly", 5339 FT_BOOLEAN, BASE_NONE, NULL, 0, 5340 "BOOLEAN", HFILL }}, 5341 { &hf_ldap_filter, 5342 { "filter", "ldap.filter", 5343 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, 5344 NULL, HFILL }}, 5345 { &hf_ldap_searchRequest_attributes, 5346 { "attributes", "ldap.attributes", 5347 FT_UINT32, BASE_DEC, NULL, 0, 5348 "AttributeDescriptionList", HFILL }}, 5349 { &hf_ldap_and, 5350 { "and", "ldap.and", 5351 FT_UINT32, BASE_DEC, NULL, 0, 5352 NULL, HFILL }}, 5353 { &hf_ldap_and_item, 5354 { "and item", "ldap.and_item", 5355 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, 5356 NULL, HFILL }}, 5357 { &hf_ldap_or, 5358 { "or", "ldap.or", 5359 FT_UINT32, BASE_DEC, NULL, 0, 5360 NULL, HFILL }}, 5361 { &hf_ldap_or_item, 5362 { "or item", "ldap.or_item", 5363 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, 5364 NULL, HFILL }}, 5365 { &hf_ldap_not, 5366 { "not", "ldap.not", 5367 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0, 5368 NULL, HFILL }}, 5369 { &hf_ldap_equalityMatch, 5370 { "equalityMatch", "ldap.equalityMatch_element", 5371 FT_NONE, BASE_NONE, NULL, 0, 5372 NULL, HFILL }}, 5373 { &hf_ldap_substrings, 5374 { "substrings", "ldap.substrings_element", 5375 FT_NONE, BASE_NONE, NULL, 0, 5376 "SubstringFilter", HFILL }}, 5377 { &hf_ldap_greaterOrEqual, 5378 { "greaterOrEqual", "ldap.greaterOrEqual_element", 5379 FT_NONE, BASE_NONE, NULL, 0, 5380 NULL, HFILL }}, 5381 { &hf_ldap_lessOrEqual, 5382 { "lessOrEqual", "ldap.lessOrEqual_element", 5383 FT_NONE, BASE_NONE, NULL, 0, 5384 NULL, HFILL }}, 5385 { &hf_ldap_present, 5386 { "present", "ldap.present", 5387 FT_STRING, STR_UNICODE, NULL, 0, 5388 NULL, HFILL }}, 5389 { &hf_ldap_approxMatch, 5390 { "approxMatch", "ldap.approxMatch_element", 5391 FT_NONE, BASE_NONE, NULL, 0, 5392 NULL, HFILL }}, 5393 { &hf_ldap_extensibleMatch, 5394 { "extensibleMatch", "ldap.extensibleMatch_element", 5395 FT_NONE, BASE_NONE, NULL, 0, 5396 NULL, HFILL }}, 5397 { &hf_ldap_substringFilter_substrings, 5398 { "substrings", "ldap.substrings", 5399 FT_UINT32, BASE_DEC, NULL, 0, 5400 "T_substringFilter_substrings", HFILL }}, 5401 { &hf_ldap_substringFilter_substrings_item, 5402 { "substrings item", "ldap.substrings_item", 5403 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0, 5404 "T_substringFilter_substrings_item", HFILL }}, 5405 { &hf_ldap_initial, 5406 { "initial", "ldap.initial", 5407 FT_STRING, STR_UNICODE, NULL, 0, 5408 "LDAPString", HFILL }}, 5409 { &hf_ldap_any, 5410 { "any", "ldap.any", 5411 FT_STRING, STR_UNICODE, NULL, 0, 5412 "LDAPString", HFILL }}, 5413 { &hf_ldap_final, 5414 { "final", "ldap.final", 5415 FT_STRING, STR_UNICODE, NULL, 0, 5416 "LDAPString", HFILL }}, 5417 { &hf_ldap_matchingRule, 5418 { "matchingRule", "ldap.matchingRule", 5419 FT_STRING, STR_UNICODE, NULL, 0, 5420 "MatchingRuleId", HFILL }}, 5421 { &hf_ldap_matchValue, 5422 { "matchValue", "ldap.matchValue", 5423 FT_STRING, BASE_NONE, NULL, 0, 5424 "AssertionValue", HFILL }}, 5425 { &hf_ldap_dnAttributes, 5426 { "dnAttributes", "ldap.dnAttributes", 5427 FT_BOOLEAN, BASE_NONE, NULL, 0, 5428 NULL, HFILL }}, 5429 { &hf_ldap_objectName, 5430 { "objectName", "ldap.objectName", 5431 FT_STRING, STR_UNICODE, NULL, 0, 5432 "LDAPDN", HFILL }}, 5433 { &hf_ldap_searchResultEntry_attributes, 5434 { "attributes", "ldap.attributes", 5435 FT_UINT32, BASE_DEC, NULL, 0, 5436 "PartialAttributeList", HFILL }}, 5437 { &hf_ldap_PartialAttributeList_item, 5438 { "PartialAttributeList item", "ldap.PartialAttributeList_item_element", 5439 FT_NONE, BASE_NONE, NULL, 0, 5440 NULL, HFILL }}, 5441 { &hf_ldap__untag_item, 5442 { "LDAPURL", "ldap.LDAPURL", 5443 FT_STRING, BASE_NONE, NULL, 0, 5444 NULL, HFILL }}, 5445 { &hf_ldap_object, 5446 { "object", "ldap.object", 5447 FT_STRING, STR_UNICODE, NULL, 0, 5448 "LDAPDN", HFILL }}, 5449 { &hf_ldap_modifyRequest_modification, 5450 { "modification", "ldap.modification", 5451 FT_UINT32, BASE_DEC, NULL, 0, 5452 "ModifyRequest_modification", HFILL }}, 5453 { &hf_ldap_modifyRequest_modification_item, 5454 { "modification item", "ldap.modification_item_element", 5455 FT_NONE, BASE_NONE, NULL, 0, 5456 "T_modifyRequest_modification_item", HFILL }}, 5457 { &hf_ldap_operation, 5458 { "operation", "ldap.operation", 5459 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0, 5460 NULL, HFILL }}, 5461 { &hf_ldap_modification, 5462 { "modification", "ldap.modification_element", 5463 FT_NONE, BASE_NONE, NULL, 0, 5464 "AttributeTypeAndValues", HFILL }}, 5465 { &hf_ldap_entry, 5466 { "entry", "ldap.entry", 5467 FT_STRING, STR_UNICODE, NULL, 0, 5468 "LDAPDN", HFILL }}, 5469 { &hf_ldap_attributes, 5470 { "attributes", "ldap.attributes", 5471 FT_UINT32, BASE_DEC, NULL, 0, 5472 "AttributeList", HFILL }}, 5473 { &hf_ldap_AttributeList_item, 5474 { "AttributeList item", "ldap.AttributeList_item_element", 5475 FT_NONE, BASE_NONE, NULL, 0, 5476 NULL, HFILL }}, 5477 { &hf_ldap_newrdn, 5478 { "newrdn", "ldap.newrdn", 5479 FT_STRING, STR_UNICODE, NULL, 0, 5480 "RelativeLDAPDN", HFILL }}, 5481 { &hf_ldap_deleteoldrdn, 5482 { "deleteoldrdn", "ldap.deleteoldrdn", 5483 FT_BOOLEAN, BASE_NONE, NULL, 0, 5484 "BOOLEAN", HFILL }}, 5485 { &hf_ldap_newSuperior, 5486 { "newSuperior", "ldap.newSuperior", 5487 FT_STRING, STR_UNICODE, NULL, 0, 5488 "LDAPDN", HFILL }}, 5489 { &hf_ldap_ava, 5490 { "ava", "ldap.ava_element", 5491 FT_NONE, BASE_NONE, NULL, 0, 5492 "AttributeValueAssertion", HFILL }}, 5493 { &hf_ldap_requestName, 5494 { "requestName", "ldap.requestName", 5495 FT_STRING, BASE_NONE, NULL, 0, 5496 "LDAPOID", HFILL }}, 5497 { &hf_ldap_requestValue, 5498 { "requestValue", "ldap.requestValue", 5499 FT_BYTES, BASE_NONE, NULL, 0, 5500 NULL, HFILL }}, 5501 { &hf_ldap_extendedResponse_resultCode, 5502 { "resultCode", "ldap.resultCode", 5503 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0, 5504 "ExtendedResponse_resultCode", HFILL }}, 5505 { &hf_ldap_responseName, 5506 { "responseName", "ldap.responseName", 5507 FT_STRING, BASE_NONE, NULL, 0, 5508 NULL, HFILL }}, 5509 { &hf_ldap_response, 5510 { "response", "ldap.response", 5511 FT_BYTES, BASE_NONE, NULL, 0, 5512 "OCTET_STRING", HFILL }}, 5513 { &hf_ldap_intermediateResponse_responseValue, 5514 { "responseValue", "ldap.responseValue", 5515 FT_BYTES, BASE_NONE, NULL, 0, 5516 "T_intermediateResponse_responseValue", HFILL }}, 5517 { &hf_ldap_size, 5518 { "size", "ldap.size", 5519 FT_INT32, BASE_DEC, NULL, 0, 5520 "INTEGER", HFILL }}, 5521 { &hf_ldap_cookie, 5522 { "cookie", "ldap.cookie", 5523 FT_BYTES, BASE_NONE, NULL, 0, 5524 "OCTET_STRING", HFILL }}, 5525 { &hf_ldap_SortKeyList_item, 5526 { "SortKeyList item", "ldap.SortKeyList_item_element", 5527 FT_NONE, BASE_NONE, NULL, 0, 5528 NULL, HFILL }}, 5529 { &hf_ldap_attributeType, 5530 { "attributeType", "ldap.attributeType", 5531 FT_STRING, STR_UNICODE, NULL, 0, 5532 "AttributeDescription", HFILL }}, 5533 { &hf_ldap_orderingRule, 5534 { "orderingRule", "ldap.orderingRule", 5535 FT_STRING, STR_UNICODE, NULL, 0, 5536 "MatchingRuleId", HFILL }}, 5537 { &hf_ldap_reverseOrder, 5538 { "reverseOrder", "ldap.reverseOrder", 5539 FT_BOOLEAN, BASE_NONE, NULL, 0, 5540 "BOOLEAN", HFILL }}, 5541 { &hf_ldap_sortResult, 5542 { "sortResult", "ldap.sortResult", 5543 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0, 5544 NULL, HFILL }}, 5545 { &hf_ldap_flags, 5546 { "flags", "ldap.flags", 5547 FT_UINT32, BASE_HEX, NULL, 0, 5548 "DirSyncFlags", HFILL }}, 5549 { &hf_ldap_maxBytes, 5550 { "maxBytes", "ldap.maxBytes", 5551 FT_INT32, BASE_DEC, NULL, 0, 5552 "INTEGER", HFILL }}, 5553 { &hf_ldap_userIdentity, 5554 { "userIdentity", "ldap.userIdentity", 5555 FT_BYTES, BASE_NONE, NULL, 0, 5556 "OCTET_STRING", HFILL }}, 5557 { &hf_ldap_oldPasswd, 5558 { "oldPasswd", "ldap.oldPasswd", 5559 FT_BYTES, BASE_NONE, NULL, 0, 5560 "OCTET_STRING", HFILL }}, 5561 { &hf_ldap_newPasswd, 5562 { "newPasswd", "ldap.newPasswd", 5563 FT_BYTES, BASE_NONE, NULL, 0, 5564 "OCTET_STRING", HFILL }}, 5565 { &hf_ldap_cancelID, 5566 { "cancelID", "ldap.cancelID", 5567 FT_UINT32, BASE_DEC, NULL, 0, 5568 "MessageID", HFILL }}, 5569 { &hf_ldap_mode, 5570 { "mode", "ldap.mode", 5571 FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0, 5572 NULL, HFILL }}, 5573 { &hf_ldap_reloadHint, 5574 { "reloadHint", "ldap.reloadHint", 5575 FT_BOOLEAN, BASE_NONE, NULL, 0, 5576 "BOOLEAN", HFILL }}, 5577 { &hf_ldap_state, 5578 { "state", "ldap.state", 5579 FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0, 5580 NULL, HFILL }}, 5581 { &hf_ldap_entryUUID, 5582 { "entryUUID", "ldap.entryUUID", 5583 FT_BYTES, BASE_NONE, NULL, 0, 5584 "SyncUUID", HFILL }}, 5585 { &hf_ldap_refreshDeletes, 5586 { "refreshDeletes", "ldap.refreshDeletes", 5587 FT_BOOLEAN, BASE_NONE, NULL, 0, 5588 "BOOLEAN", HFILL }}, 5589 { &hf_ldap_newcookie, 5590 { "newcookie", "ldap.newcookie", 5591 FT_BYTES, BASE_NONE, NULL, 0, 5592 "OCTET_STRING", HFILL }}, 5593 { &hf_ldap_refreshDelete, 5594 { "refreshDelete", "ldap.refreshDelete_element", 5595 FT_NONE, BASE_NONE, NULL, 0, 5596 NULL, HFILL }}, 5597 { &hf_ldap_refreshDone, 5598 { "refreshDone", "ldap.refreshDone", 5599 FT_BOOLEAN, BASE_NONE, NULL, 0, 5600 "BOOLEAN", HFILL }}, 5601 { &hf_ldap_refreshPresent, 5602 { "refreshPresent", "ldap.refreshPresent_element", 5603 FT_NONE, BASE_NONE, NULL, 0, 5604 NULL, HFILL }}, 5605 { &hf_ldap_syncIdSet, 5606 { "syncIdSet", "ldap.syncIdSet_element", 5607 FT_NONE, BASE_NONE, NULL, 0, 5608 NULL, HFILL }}, 5609 { &hf_ldap_syncUUIDs, 5610 { "syncUUIDs", "ldap.syncUUIDs", 5611 FT_UINT32, BASE_DEC, NULL, 0, 5612 "SET_OF_SyncUUID", HFILL }}, 5613 { &hf_ldap_syncUUIDs_item, 5614 { "SyncUUID", "ldap.SyncUUID", 5615 FT_BYTES, BASE_NONE, NULL, 0, 5616 NULL, HFILL }}, 5617 { &hf_ldap_warning, 5618 { "warning", "ldap.warning", 5619 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0, 5620 NULL, HFILL }}, 5621 { &hf_ldap_timeBeforeExpiration, 5622 { "timeBeforeExpiration", "ldap.timeBeforeExpiration", 5623 FT_UINT32, BASE_DEC, NULL, 0, 5624 "INTEGER_0_maxInt", HFILL }}, 5625 { &hf_ldap_graceAuthNsRemaining, 5626 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining", 5627 FT_UINT32, BASE_DEC, NULL, 0, 5628 "INTEGER_0_maxInt", HFILL }}, 5629 { &hf_ldap_error, 5630 { "error", "ldap.error", 5631 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0, 5632 NULL, HFILL }}, 5633 5634 /*--- End of included file: packet-ldap-hfarr.c ---*/ 5635 #line 2157 "./asn1/ldap/packet-ldap-template.c" 5636 }; 5637 5638 /* List of subtrees */ 5639 static gint *ett[] = { 5640 &ett_ldap, 5641 &ett_ldap_payload, 5642 &ett_ldap_sasl_blob, 5643 &ett_ldap_msg, 5644 &ett_mscldap_netlogon_flags, 5645 &ett_mscldap_ntver_flags, 5646 &ett_mscldap_ipdetails, 5647 &ett_ldap_DirSyncFlagsSubEntry, 5648 5649 5650 /*--- Included file: packet-ldap-ettarr.c ---*/ 5651 #line 1 "./asn1/ldap/packet-ldap-ettarr.c" 5652 &ett_ldap_LDAPMessage, 5653 &ett_ldap_ProtocolOp, 5654 &ett_ldap_AttributeDescriptionList, 5655 &ett_ldap_AttributeValueAssertion, 5656 &ett_ldap_Attribute, 5657 &ett_ldap_SET_OF_AttributeValue, 5658 &ett_ldap_LDAPResult, 5659 &ett_ldap_Referral, 5660 &ett_ldap_Controls, 5661 &ett_ldap_Control, 5662 &ett_ldap_BindRequest_U, 5663 &ett_ldap_AuthenticationChoice, 5664 &ett_ldap_SaslCredentials, 5665 &ett_ldap_BindResponse_U, 5666 &ett_ldap_SearchRequest_U, 5667 &ett_ldap_Filter, 5668 &ett_ldap_T_and, 5669 &ett_ldap_T_or, 5670 &ett_ldap_SubstringFilter, 5671 &ett_ldap_T_substringFilter_substrings, 5672 &ett_ldap_T_substringFilter_substrings_item, 5673 &ett_ldap_MatchingRuleAssertion, 5674 &ett_ldap_SearchResultEntry_U, 5675 &ett_ldap_PartialAttributeList, 5676 &ett_ldap_PartialAttributeList_item, 5677 &ett_ldap_SEQUENCE_OF_LDAPURL, 5678 &ett_ldap_ModifyRequest_U, 5679 &ett_ldap_ModifyRequest_modification, 5680 &ett_ldap_T_modifyRequest_modification_item, 5681 &ett_ldap_AttributeTypeAndValues, 5682 &ett_ldap_AddRequest_U, 5683 &ett_ldap_AttributeList, 5684 &ett_ldap_AttributeList_item, 5685 &ett_ldap_ModifyDNRequest_U, 5686 &ett_ldap_CompareRequest_U, 5687 &ett_ldap_ExtendedRequest_U, 5688 &ett_ldap_ExtendedResponse_U, 5689 &ett_ldap_IntermediateResponse_U, 5690 &ett_ldap_SearchControlValue, 5691 &ett_ldap_SortKeyList, 5692 &ett_ldap_SortKeyList_item, 5693 &ett_ldap_SortResult, 5694 &ett_ldap_DirSyncControlValue, 5695 &ett_ldap_PasswdModifyRequestValue, 5696 &ett_ldap_CancelRequestValue, 5697 &ett_ldap_SyncRequestValue, 5698 &ett_ldap_SyncStateValue, 5699 &ett_ldap_SyncDoneValue, 5700 &ett_ldap_SyncInfoValue, 5701 &ett_ldap_T_refreshDelete, 5702 &ett_ldap_T_refreshPresent, 5703 &ett_ldap_T_syncIdSet, 5704 &ett_ldap_SET_OF_SyncUUID, 5705 &ett_ldap_PasswordPolicyResponseValue, 5706 &ett_ldap_T_warning, 5707 5708 /*--- End of included file: packet-ldap-ettarr.c ---*/ 5709 #line 2171 "./asn1/ldap/packet-ldap-template.c" 5710 }; 5711 /* UAT for header fields */ 5712 static uat_field_t custom_attribute_types_uat_fields[] = { 5713 UAT_FLD_CSTRING(attribute_types, attribute_type, "Attribute type", "Attribute type"), 5714 UAT_FLD_CSTRING(attribute_types, attribute_desc, "Description", "Description of the value matching type"), 5715 UAT_END_FIELDS 5716 }; 5717 5718 static ei_register_info ei[] = { 5719 { &ei_ldap_exceeded_filter_length, { "ldap.exceeded_filter_length", PI_UNDECODED, PI_ERROR, "Filter length exceeds number. Giving up", EXPFILL }}, 5720 { &ei_ldap_too_many_filter_elements, { "ldap.too_many_filter_elements", PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", EXPFILL }}, 5721 }; 5722 5723 expert_module_t* expert_ldap; 5724 module_t *ldap_module; 5725 uat_t *attributes_uat; 5726 5727 /* Register protocol */ 5728 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME); 5729 /* Register fields and subtrees */ 5730 proto_register_field_array(proto_ldap, hf, array_length(hf)); 5731 proto_register_subtree_array(ett, array_length(ett)); 5732 expert_ldap = expert_register_protocol(proto_ldap); 5733 expert_register_field_array(expert_ldap, ei, array_length(ei)); 5734 5735 ldap_handle = register_dissector("ldap", dissect_ldap_tcp, proto_ldap); 5736 5737 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap); 5738 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages", 5739 "Reassemble LDAP messages spanning multiple TCP segments", 5740 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments." 5741 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", 5742 &ldap_desegment); 5743 5744 prefs_register_uint_preference(ldap_module, "tls.port", "LDAPS TCP Port", 5745 "Set the port for LDAP operations over TLS", 5746 10, &global_ldaps_tcp_port); 5747 prefs_register_obsolete_preference(ldap_module, "ssl.port"); 5748 /* UAT */ 5749 attributes_uat = uat_new("Custom LDAP AttributeValue types", 5750 sizeof(attribute_type_t), 5751 "custom_ldap_attribute_types", 5752 TRUE, 5753 &attribute_types, 5754 &num_attribute_types, 5755 /* specifies named fields, so affects dissection 5756 and the set of named fields */ 5757 UAT_AFFECTS_DISSECTION|UAT_AFFECTS_FIELDS, 5758 NULL, 5759 attribute_types_copy_cb, 5760 attribute_types_update_cb, 5761 attribute_types_free_cb, 5762 attribute_types_post_update_cb, 5763 attribute_types_reset_cb, 5764 custom_attribute_types_uat_fields); 5765 5766 prefs_register_uat_preference(ldap_module, "custom_ldap_attribute_types", 5767 "Custom AttributeValue types", 5768 "A table to define custom LDAP attribute type values for which fields can be setup and used for filtering/data extraction etc.", 5769 attributes_uat); 5770 5771 prefs_register_obsolete_preference(ldap_module, "max_pdu"); 5772 5773 proto_cldap = proto_register_protocol( 5774 "Connectionless Lightweight Directory Access Protocol", 5775 "CLDAP", "cldap"); 5776 5777 ldap_tap=register_tap("ldap"); 5778 5779 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", proto_cldap, FT_STRING, BASE_NONE); 5780 5781 register_srt_table(proto_ldap, NULL, 1, ldapstat_packet, ldapstat_init, NULL); 5782 } 5783 5784 5785 /*--- proto_reg_handoff_ldap ---------------------------------------*/ 5786 void 5787 proto_reg_handoff_ldap(void) 5788 { 5789 dissector_handle_t cldap_handle; 5790 5791 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap); 5792 dissector_add_uint_with_preference("udp.port", UDP_PORT_CLDAP, cldap_handle); 5793 5794 gssapi_handle = find_dissector_add_dependency("gssapi", proto_ldap); 5795 gssapi_wrap_handle = find_dissector_add_dependency("gssapi_verf", proto_ldap); 5796 spnego_handle = find_dissector_add_dependency("spnego", proto_ldap); 5797 5798 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_ldap); 5799 5800 tls_handle = find_dissector_add_dependency("tls", proto_ldap); 5801 5802 prefs_register_ldap(); 5803 5804 oid_add_from_string("ISO assigned OIDs, USA", "1.2.840"); 5805 5806 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */ 5807 /* https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c5e87db-4728-4f29-b164-01dd7d7391ea */ 5808 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319"); 5809 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417"); 5810 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473"); 5811 oid_add_from_string("LDAP_SERVER_RESP_SORT_OID","1.2.840.113556.1.4.474"); 5812 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521"); 5813 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528"); 5814 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529"); 5815 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582"); 5816 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619"); 5817 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650"); 5818 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654"); 5819 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800"); 5820 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801"); 5821 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802"); 5822 oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804"); 5823 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805"); 5824 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841"); 5825 oid_add_from_string("LDAP_SERVER_GET_STATS_OID","1.2.840.113556.1.4.970"); 5826 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338"); 5827 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339"); 5828 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340"); 5829 oid_add_from_string("LDAP_SERVER_RODC_DCPROMO_OID","1.2.840.113556.1.4.1341"); 5830 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413"); 5831 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504"); 5832 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670"); 5833 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711"); 5834 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717"); 5835 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781"); 5836 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791"); 5837 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840"); 5838 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848"); 5839 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851"); 5840 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852"); 5841 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860"); 5842 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907"); 5843 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948"); 5844 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960"); 5845 oid_add_from_string("LDAP_SERVER_FORCE_UPDATE_OID","1.2.840.113556.1.4.1974"); 5846 oid_add_from_string("LDAP_SERVER_DN_INPUT_OID","1.2.840.113556.1.4.2026"); 5847 oid_add_from_string("LDAP_SERVER_SHOW_RECYCLED_OID","1.2.840.113556.1.4.2064"); 5848 oid_add_from_string("LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID","1.2.840.113556.1.4.2065"); 5849 oid_add_from_string("LDAP_SERVER_POLICY_HINTS_DEPRECATED_OID","1.2.840.113556.1.4.2066"); 5850 oid_add_from_string("LDAP_SERVER_DIRSYNC_EX_OID","1.2.840.113556.1.4.2090"); 5851 oid_add_from_string("LDAP_SERVER_TREE_DELETE_EX_OID","1.2.840.113556.1.4.2204"); 5852 oid_add_from_string("LDAP_SERVER_UPDATE_STATS_OID","1.2.840.113556.1.4.2205"); 5853 oid_add_from_string("LDAP_SERVER_SEARCH_HINTS_OID","1.2.840.113556.1.4.2206"); 5854 oid_add_from_string("LDAP_SERVER_EXPECTED_ENTRY_COUNT_OID","1.2.840.113556.1.4.2211"); 5855 oid_add_from_string("LDAP_SERVER_POLICY_HINTS_OID","1.2.840.113556.1.4.2239"); 5856 oid_add_from_string("LDAP_SERVER_SET_OWNER_OID","1.2.840.113556.1.4.2255"); 5857 oid_add_from_string("LDAP_SERVER_BYPASS_QUOTA_OID","1.2.840.113556.1.4.2256"); 5858 oid_add_from_string("LDAP_SERVER_LINK_TTL_OID","1.2.840.113556.1.4.2309"); 5859 oid_add_from_string("LDAP_SERVER_SET_CORRELATION_ID_OID","1.2.840.113556.1.4.2330"); 5860 oid_add_from_string("LDAP_SERVER_THREAD_TRACE_OVERRIDE_OID","1.2.840.113556.1.4.2354"); 5861 oid_add_from_string("DYNAMIC_REFRESH","1.3.6.1.4.1.1466.101.119.1"); 5862 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037"); 5863 5864 oid_add_from_string("inetOrgPerson", "2.16.840.1.113730.3.2.2"); 5865 /* RFC2798 */ 5866 oid_add_from_string("US company arc", "2.16.840.1"); 5867 5868 /* http://www.alvestrand.no/objectid/2.16.840.1.113730.3.4.html */ 5869 oid_add_from_string("Manage DSA IT LDAPv3 control", "2.16.840.1.113730.3.4.2"); 5870 oid_add_from_string("Persistent Search LDAPv3 control", "2.16.840.1.113730.3.4.3"); 5871 oid_add_from_string("Netscape Password Expired LDAPv3 control", "2.16.840.1.113730.3.4.4"); 5872 oid_add_from_string("Netscape Password Expiring LDAPv3 control", "2.16.840.1.113730.3.4.5"); 5873 oid_add_from_string("Netscape NT Synchronization Client LDAPv3 control", "2.16.840.1.113730.3.4.6"); 5874 oid_add_from_string("Entry Change Notification LDAPv3 control", "2.16.840.1.113730.3.4.7"); 5875 oid_add_from_string("Transaction ID Request Control", "2.16.840.1.113730.3.4.8"); 5876 oid_add_from_string("VLV Request LDAPv3 control", "2.16.840.1.113730.3.4.9"); 5877 oid_add_from_string("VLV Response LDAPv3 control", "2.16.840.1.113730.3.4.10"); 5878 oid_add_from_string("Transaction ID Response Control", "2.16.840.1.113730.3.4.11"); 5879 oid_add_from_string("Proxied Authorization (version 1) control", "2.16.840.1.113730.3.4.12"); 5880 oid_add_from_string("iPlanet Directory Server Replication Update Information Control", "2.16.840.1.113730.3.4.13"); 5881 oid_add_from_string("iPlanet Directory Server search on specific backend control", "2.16.840.1.113730.3.4.14"); 5882 oid_add_from_string("Authentication Response Control", "2.16.840.1.113730.3.4.15"); 5883 oid_add_from_string("Authentication Request Control", "2.16.840.1.113730.3.4.16"); 5884 oid_add_from_string("Real Attributes Only Request Control", "2.16.840.1.113730.3.4.17"); 5885 oid_add_from_string("Proxied Authorization (version 2) Control", "2.16.840.1.113730.3.4.18"); 5886 oid_add_from_string("Chaining loop detection", "2.16.840.1.113730.3.4.19"); 5887 oid_add_from_string("iPlanet Replication Modrdn Extra Mods Control", "2.16.840.1.113730.3.4.999"); 5888 5889 5890 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID", "1.2.840.113556.1.4.1852"); 5891 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID", "1.2.840.113556.1.4.802"); 5892 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID", "1.2.840.113556.1.4.1907"); 5893 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID", "1.2.840.113556.1.4.1948"); 5894 5895 5896 dissector_add_string("ldap.name", "netlogon", create_dissector_handle(dissect_NetLogon_PDU, proto_cldap)); 5897 dissector_add_string("ldap.name", "objectGUID", create_dissector_handle(dissect_ldap_guid, proto_ldap)); 5898 dissector_add_string("ldap.name", "supportedControl", create_dissector_handle(dissect_ldap_oid, proto_ldap)); 5899 dissector_add_string("ldap.name", "supportedCapabilities", create_dissector_handle(dissect_ldap_oid, proto_ldap)); 5900 dissector_add_string("ldap.name", "objectSid", create_dissector_handle(dissect_ldap_sid, proto_ldap)); 5901 dissector_add_string("ldap.name", "nTSecurityDescriptor", create_dissector_handle(dissect_ldap_nt_sec_desc, proto_ldap)); 5902 5903 5904 /*--- Included file: packet-ldap-dis-tab.c ---*/ 5905 #line 1 "./asn1/ldap/packet-ldap-dis-tab.c" 5906 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl"); 5907 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList"); 5908 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult"); 5909 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "dirsync"); 5910 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID"); 5911 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID"); 5912 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID"); 5913 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID"); 5914 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID"); 5915 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID"); 5916 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy"); 5917 5918 5919 /*--- End of included file: packet-ldap-dis-tab.c ---*/ 5920 #line 2365 "./asn1/ldap/packet-ldap-template.c" 5921 5922 dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle); 5923 5924 dissector_add_uint("acdr.tls_application_port", 636, ldap_handle); 5925 dissector_add_uint("acdr.tls_application", TLS_APP_LDAP, ldap_handle); 5926 } 5927 5928 static void 5929 prefs_register_ldap(void) 5930 { 5931 if(ssl_port != global_ldaps_tcp_port) { 5932 if(ssl_port) 5933 ssl_dissector_delete(ssl_port, ldap_handle); 5934 5935 /* Set our port number for future use */ 5936 ssl_port = global_ldaps_tcp_port; 5937 5938 if(ssl_port) 5939 ssl_dissector_add(ssl_port, ldap_handle); 5940 } 5941 5942 } 5943 5944 /* 5945 * Editor modelines - https://www.wireshark.org/tools/modelines.html 5946 * 5947 * Local Variables: 5948 * c-basic-offset: 2 5949 * tab-width: 8 5950 * indent-tabs-mode: nil 5951 * End: 5952 * 5953 * vi: set shiftwidth=2 tabstop=8 expandtab: 5954 * :indentSize=2:tabSize=8:noTabs=true: 5955 */ 5956