search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
packet-ldap: fix regression for SASL handling
[wireshark-sm.git] / epan / dissectors / packet-ldap.c
blob0e774275db7084358d1937d8da419dd7910e025e
1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
3 /* packet-ldap.c */
4 /* asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../.. Lightweight-Directory-Access-Protocol-V3.asn */
5
6 /* Input file: packet-ldap-template.c */
7
8 #line 1 "./asn1/ldap/packet-ldap-template.c"
9 /* packet-ldap-template.c
10 * Routines for ldap packet dissection
11 *
12 * See RFC 3494 (LDAP v2), RFC 4511 (LDAP v3), and RFC 2222 (SASL).
13 *
14 * Wireshark - Network traffic analyzer
15 * By Gerald Combs <gerald@wireshark.org>
16 * Copyright 1998 Gerald Combs
17 *
18 * SPDX-License-Identifier: GPL-2.0-or-later
19 */
20
21 /*
22 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
23 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
24 * It's also missing extensible search filters.
25 *
26 * There should probably be a lot more error checking, I simply assume that if we have a full packet, it will be a complete
27 * and correct packet.
28 *
29 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
30 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
31 * I can do.
32 *
33 * Doug Nazar
34 * nazard@dragoninc.on.ca
35 */
36
37 /*
38 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
39 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
40 * TCP segments.
41 *
42 * Ronald W. Henderson
43 * ronald.henderson@cognicaseusa.com
44 */
45
46 /*
47 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
48 * using information from the SNIA 2003 conference paper :
49 * Active Directory Domain Controller Location Service
50 * by Anthony Liguori
51 * ronnie sahlberg
52 */
53
54 /*
55 * 17-DEC-2004 - added basic decoding for LDAP Controls
56 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
57 *
58 * Stefan Metzmacher <metze@samba.org>
59 *
60 * 15-NOV-2005 - Changed to use the asn2wrs compiler
61 * Anders Broman <anders.broman@ericsson.com>
62 */
63
64 /*
65 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
66 * Updated cldap_netlogon_flags to include Windows 2008 flags
67 * Expanded the ntver ldap option with bit field
68 *
69 * Gary Reynolds <gazzadownunder@yahoo.co.uk>
70 */
71
72 /*
73 * 09-DEC-2009 - Added support for RFC4533
74 * Content Synchronization Operation (aka syncrepl)
75 * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511)
76 * Mathieu Parent <math.parent@gmail.com>
77 */
78
79 #include "config.h"
80
81 #include <epan/packet.h>
82 #include <epan/exceptions.h>
83 #include <epan/conversation.h>
84 #include <epan/prefs.h>
85 #include <epan/tap.h>
86 #include <epan/srt_table.h>
87 #include <epan/oids.h>
88 #include <epan/strutil.h>
89 #include <epan/show_exception.h>
90 #include <epan/asn1.h>
91 #include <epan/expert.h>
92 #include <epan/uat.h>
93 #include <wsutil/str_util.h>
94 #include "packet-frame.h"
95 #include "packet-tcp.h"
96 #include "packet-windows-common.h"
97 #include "packet-dcerpc.h"
98
99 #include "packet-ldap.h"
100 #include "packet-ntlmssp.h"
101 #include "packet-tls.h"
102 #include "packet-tls-utils.h"
103 #include "packet-gssapi.h"
104 #include "packet-acdr.h"
105
106 #include "packet-ber.h"
107 #include "packet-per.h"
108 #include "packet-dns.h"
109
110 #define PNAME "Lightweight Directory Access Protocol"
111 #define PSNAME "LDAP"
112 #define PFNAME "ldap"
113
114 void proto_register_ldap(void);
115 void proto_reg_handoff_ldap(void);
116
117 /* Initialize the protocol and registered fields */
118 static int ldap_tap = -1;
119 static int proto_ldap = -1;
120 static int proto_cldap = -1;
121
122 static int hf_ldap_sasl_buffer_length = -1;
123 static int hf_ldap_response_in = -1;
124 static int hf_ldap_response_to = -1;
125 static int hf_ldap_time = -1;
126 static int hf_ldap_guid = -1;
127
128 static int hf_mscldap_ntver_flags = -1;
129 static int hf_mscldap_ntver_flags_v1 = -1;
130 static int hf_mscldap_ntver_flags_v5 = -1;
131 static int hf_mscldap_ntver_flags_v5ex = -1;
132 static int hf_mscldap_ntver_flags_v5ep = -1;
133 static int hf_mscldap_ntver_flags_vcs = -1;
134 static int hf_mscldap_ntver_flags_vnt4 = -1;
135 static int hf_mscldap_ntver_flags_vpdc = -1;
136 static int hf_mscldap_ntver_flags_vip = -1;
137 static int hf_mscldap_ntver_flags_vl = -1;
138 static int hf_mscldap_ntver_flags_vgc = -1;
139
140 static int hf_mscldap_netlogon_ipaddress_family = -1;
141 static int hf_mscldap_netlogon_ipaddress_port = -1;
142 static int hf_mscldap_netlogon_ipaddress = -1;
143 static int hf_mscldap_netlogon_ipaddress_ipv4 = -1;
144 static int hf_mscldap_netlogon_opcode = -1;
145 static int hf_mscldap_netlogon_flags = -1;
146 static int hf_mscldap_netlogon_flags_pdc = -1;
147 static int hf_mscldap_netlogon_flags_gc = -1;
148 static int hf_mscldap_netlogon_flags_ldap = -1;
149 static int hf_mscldap_netlogon_flags_ds = -1;
150 static int hf_mscldap_netlogon_flags_kdc = -1;
151 static int hf_mscldap_netlogon_flags_timeserv = -1;
152 static int hf_mscldap_netlogon_flags_closest = -1;
153 static int hf_mscldap_netlogon_flags_writable = -1;
154 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
155 static int hf_mscldap_netlogon_flags_ndnc = -1;
156 static int hf_mscldap_netlogon_flags_fnc = -1;
157 static int hf_mscldap_netlogon_flags_dnc = -1;
158 static int hf_mscldap_netlogon_flags_dns = -1;
159 static int hf_mscldap_netlogon_flags_wdc = -1;
160 static int hf_mscldap_netlogon_flags_rodc = -1;
161 static int hf_mscldap_domain_guid = -1;
162 static int hf_mscldap_forest = -1;
163 static int hf_mscldap_domain = -1;
164 static int hf_mscldap_hostname = -1;
165 static int hf_mscldap_nb_domain_z = -1;
166 static int hf_mscldap_nb_domain = -1;
167 static int hf_mscldap_nb_hostname_z = -1;
168 static int hf_mscldap_nb_hostname = -1;
169 static int hf_mscldap_username_z = -1;
170 static int hf_mscldap_username = -1;
171 static int hf_mscldap_sitename = -1;
172 static int hf_mscldap_clientsitename = -1;
173 static int hf_mscldap_netlogon_lm_token = -1;
174 static int hf_mscldap_netlogon_nt_token = -1;
175 static int hf_ldap_sid = -1;
176 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
177 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
178 static int hf_ldap_AccessMask_ADS_LIST = -1;
179 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
180 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
181 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
182 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
183 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
184 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
185 static int hf_ldap_LDAPMessage_PDU = -1;
186 static int hf_ldap_object_security_flag = -1;
187 static int hf_ldap_ancestor_first_flag = -1;
188 static int hf_ldap_public_data_only_flag = -1;
189 static int hf_ldap_incremental_value_flag = -1;
190 static int hf_ldap_oid = -1;
191 static int hf_ldap_gssapi_encrypted_payload = -1;
192
193
194 /*--- Included file: packet-ldap-hf.c ---*/
195 #line 1 "./asn1/ldap/packet-ldap-hf.c"
196 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
197 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
198 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
199 static int hf_ldap_DirSyncControlValue_PDU = -1; /* DirSyncControlValue */
200 static int hf_ldap_PasswdModifyRequestValue_PDU = -1; /* PasswdModifyRequestValue */
201 static int hf_ldap_CancelRequestValue_PDU = -1; /* CancelRequestValue */
202 static int hf_ldap_SyncRequestValue_PDU = -1; /* SyncRequestValue */
203 static int hf_ldap_SyncStateValue_PDU = -1; /* SyncStateValue */
204 static int hf_ldap_SyncDoneValue_PDU = -1; /* SyncDoneValue */
205 static int hf_ldap_SyncInfoValue_PDU = -1; /* SyncInfoValue */
206 static int hf_ldap_PasswordPolicyResponseValue_PDU = -1; /* PasswordPolicyResponseValue */
207 static int hf_ldap_messageID = -1; /* MessageID */
208 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
209 static int hf_ldap_controls = -1; /* Controls */
210 static int hf_ldap_bindRequest = -1; /* BindRequest */
211 static int hf_ldap_bindResponse = -1; /* BindResponse */
212 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
213 static int hf_ldap_searchRequest = -1; /* SearchRequest */
214 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
215 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
216 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
217 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
218 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
219 static int hf_ldap_addRequest = -1; /* AddRequest */
220 static int hf_ldap_addResponse = -1; /* AddResponse */
221 static int hf_ldap_delRequest = -1; /* DelRequest */
222 static int hf_ldap_delResponse = -1; /* DelResponse */
223 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
224 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
225 static int hf_ldap_compareRequest = -1; /* CompareRequest */
226 static int hf_ldap_compareResponse = -1; /* CompareResponse */
227 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
228 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
229 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
230 static int hf_ldap_intermediateResponse = -1; /* IntermediateResponse */
231 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
232 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
233 static int hf_ldap_assertionValue = -1; /* AssertionValue */
234 static int hf_ldap_type = -1; /* AttributeDescription */
235 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
236 static int hf_ldap_vals_item = -1; /* AttributeValue */
237 static int hf_ldap_resultCode = -1; /* T_resultCode */
238 static int hf_ldap_matchedDN = -1; /* LDAPDN */
239 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
240 static int hf_ldap_referral = -1; /* Referral */
241 static int hf_ldap_Referral_item = -1; /* LDAPURL */
242 static int hf_ldap_Controls_item = -1; /* Control */
243 static int hf_ldap_controlType = -1; /* ControlType */
244 static int hf_ldap_criticality = -1; /* BOOLEAN */
245 static int hf_ldap_controlValue = -1; /* T_controlValue */
246 static int hf_ldap_version = -1; /* INTEGER_1_127 */
247 static int hf_ldap_name = -1; /* LDAPDN */
248 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
249 static int hf_ldap_simple = -1; /* Simple */
250 static int hf_ldap_sasl = -1; /* SaslCredentials */
251 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
252 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
253 static int hf_ldap_mechanism = -1; /* Mechanism */
254 static int hf_ldap_credentials = -1; /* Credentials */
255 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
256 static int hf_ldap_bindResponse_matchedDN = -1; /* T_bindResponse_matchedDN */
257 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
258 static int hf_ldap_baseObject = -1; /* LDAPDN */
259 static int hf_ldap_scope = -1; /* T_scope */
260 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
261 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
262 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
263 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
264 static int hf_ldap_filter = -1; /* T_filter */
265 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
266 static int hf_ldap_and = -1; /* T_and */
267 static int hf_ldap_and_item = -1; /* T_and_item */
268 static int hf_ldap_or = -1; /* T_or */
269 static int hf_ldap_or_item = -1; /* T_or_item */
270 static int hf_ldap_not = -1; /* T_not */
271 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
272 static int hf_ldap_substrings = -1; /* SubstringFilter */
273 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
274 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
275 static int hf_ldap_present = -1; /* T_present */
276 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
277 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
278 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
279 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
280 static int hf_ldap_initial = -1; /* LDAPString */
281 static int hf_ldap_any = -1; /* LDAPString */
282 static int hf_ldap_final = -1; /* LDAPString */
283 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
284 static int hf_ldap_matchValue = -1; /* AssertionValue */
285 static int hf_ldap_dnAttributes = -1; /* T_dnAttributes */
286 static int hf_ldap_objectName = -1; /* LDAPDN */
287 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
288 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
289 static int hf_ldap__untag_item = -1; /* LDAPURL */
290 static int hf_ldap_object = -1; /* LDAPDN */
291 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
292 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
293 static int hf_ldap_operation = -1; /* T_operation */
294 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
295 static int hf_ldap_entry = -1; /* LDAPDN */
296 static int hf_ldap_attributes = -1; /* AttributeList */
297 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
298 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
299 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
300 static int hf_ldap_newSuperior = -1; /* LDAPDN */
301 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
302 static int hf_ldap_requestName = -1; /* LDAPOID */
303 static int hf_ldap_requestValue = -1; /* T_requestValue */
304 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
305 static int hf_ldap_responseName = -1; /* ResponseName */
306 static int hf_ldap_response = -1; /* OCTET_STRING */
307 static int hf_ldap_intermediateResponse_responseValue = -1; /* T_intermediateResponse_responseValue */
308 static int hf_ldap_size = -1; /* INTEGER */
309 static int hf_ldap_cookie = -1; /* OCTET_STRING */
310 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
311 static int hf_ldap_attributeType = -1; /* AttributeDescription */
312 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
313 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
314 static int hf_ldap_sortResult = -1; /* T_sortResult */
315 static int hf_ldap_flags = -1; /* DirSyncFlags */
316 static int hf_ldap_maxBytes = -1; /* INTEGER */
317 static int hf_ldap_userIdentity = -1; /* OCTET_STRING */
318 static int hf_ldap_oldPasswd = -1; /* OCTET_STRING */
319 static int hf_ldap_newPasswd = -1; /* OCTET_STRING */
320 static int hf_ldap_cancelID = -1; /* MessageID */
321 static int hf_ldap_mode = -1; /* T_mode */
322 static int hf_ldap_reloadHint = -1; /* BOOLEAN */
323 static int hf_ldap_state = -1; /* T_state */
324 static int hf_ldap_entryUUID = -1; /* SyncUUID */
325 static int hf_ldap_refreshDeletes = -1; /* BOOLEAN */
326 static int hf_ldap_newcookie = -1; /* OCTET_STRING */
327 static int hf_ldap_refreshDelete = -1; /* T_refreshDelete */
328 static int hf_ldap_refreshDone = -1; /* BOOLEAN */
329 static int hf_ldap_refreshPresent = -1; /* T_refreshPresent */
330 static int hf_ldap_syncIdSet = -1; /* T_syncIdSet */
331 static int hf_ldap_syncUUIDs = -1; /* SET_OF_SyncUUID */
332 static int hf_ldap_syncUUIDs_item = -1; /* SyncUUID */
333 static int hf_ldap_warning = -1; /* T_warning */
334 static int hf_ldap_timeBeforeExpiration = -1; /* INTEGER_0_maxInt */
335 static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
336 static int hf_ldap_error = -1; /* T_error */
337
338 /*--- End of included file: packet-ldap-hf.c ---*/
339 #line 186 "./asn1/ldap/packet-ldap-template.c"
340
341 /* Initialize the subtree pointers */
342 static gint ett_ldap = -1;
343 static gint ett_ldap_msg = -1;
344 static gint ett_ldap_sasl_blob = -1;
345 static gint ett_ldap_payload = -1;
346 static gint ett_mscldap_netlogon_flags = -1;
347 static gint ett_mscldap_ntver_flags = -1;
348 static gint ett_mscldap_ipdetails = -1;
349 static gint ett_ldap_DirSyncFlagsSubEntry = -1;
350
351
352 /*--- Included file: packet-ldap-ett.c ---*/
353 #line 1 "./asn1/ldap/packet-ldap-ett.c"
354 static gint ett_ldap_LDAPMessage = -1;
355 static gint ett_ldap_ProtocolOp = -1;
356 static gint ett_ldap_AttributeDescriptionList = -1;
357 static gint ett_ldap_AttributeValueAssertion = -1;
358 static gint ett_ldap_Attribute = -1;
359 static gint ett_ldap_SET_OF_AttributeValue = -1;
360 static gint ett_ldap_LDAPResult = -1;
361 static gint ett_ldap_Referral = -1;
362 static gint ett_ldap_Controls = -1;
363 static gint ett_ldap_Control = -1;
364 static gint ett_ldap_BindRequest_U = -1;
365 static gint ett_ldap_AuthenticationChoice = -1;
366 static gint ett_ldap_SaslCredentials = -1;
367 static gint ett_ldap_BindResponse_U = -1;
368 static gint ett_ldap_SearchRequest_U = -1;
369 static gint ett_ldap_Filter = -1;
370 static gint ett_ldap_T_and = -1;
371 static gint ett_ldap_T_or = -1;
372 static gint ett_ldap_SubstringFilter = -1;
373 static gint ett_ldap_T_substringFilter_substrings = -1;
374 static gint ett_ldap_T_substringFilter_substrings_item = -1;
375 static gint ett_ldap_MatchingRuleAssertion = -1;
376 static gint ett_ldap_SearchResultEntry_U = -1;
377 static gint ett_ldap_PartialAttributeList = -1;
378 static gint ett_ldap_PartialAttributeList_item = -1;
379 static gint ett_ldap_SEQUENCE_OF_LDAPURL = -1;
380 static gint ett_ldap_ModifyRequest_U = -1;
381 static gint ett_ldap_ModifyRequest_modification = -1;
382 static gint ett_ldap_T_modifyRequest_modification_item = -1;
383 static gint ett_ldap_AttributeTypeAndValues = -1;
384 static gint ett_ldap_AddRequest_U = -1;
385 static gint ett_ldap_AttributeList = -1;
386 static gint ett_ldap_AttributeList_item = -1;
387 static gint ett_ldap_ModifyDNRequest_U = -1;
388 static gint ett_ldap_CompareRequest_U = -1;
389 static gint ett_ldap_ExtendedRequest_U = -1;
390 static gint ett_ldap_ExtendedResponse_U = -1;
391 static gint ett_ldap_IntermediateResponse_U = -1;
392 static gint ett_ldap_SearchControlValue = -1;
393 static gint ett_ldap_SortKeyList = -1;
394 static gint ett_ldap_SortKeyList_item = -1;
395 static gint ett_ldap_SortResult = -1;
396 static gint ett_ldap_DirSyncControlValue = -1;
397 static gint ett_ldap_PasswdModifyRequestValue = -1;
398 static gint ett_ldap_CancelRequestValue = -1;
399 static gint ett_ldap_SyncRequestValue = -1;
400 static gint ett_ldap_SyncStateValue = -1;
401 static gint ett_ldap_SyncDoneValue = -1;
402 static gint ett_ldap_SyncInfoValue = -1;
403 static gint ett_ldap_T_refreshDelete = -1;
404 static gint ett_ldap_T_refreshPresent = -1;
405 static gint ett_ldap_T_syncIdSet = -1;
406 static gint ett_ldap_SET_OF_SyncUUID = -1;
407 static gint ett_ldap_PasswordPolicyResponseValue = -1;
408 static gint ett_ldap_T_warning = -1;
409
410 /*--- End of included file: packet-ldap-ett.c ---*/
411 #line 198 "./asn1/ldap/packet-ldap-template.c"
412
413 static expert_field ei_ldap_exceeded_filter_length = EI_INIT;
414 static expert_field ei_ldap_too_many_filter_elements = EI_INIT;
415
416 static dissector_table_t ldap_name_dissector_table=NULL;
417 static const char *object_identifier_id = NULL; /* LDAP OID */
418
419 static gboolean do_protocolop = FALSE;
420 static gchar *attr_type = NULL;
421 static gboolean is_binary_attr_type = FALSE;
422 static gboolean ldap_found_in_frame = FALSE;
423
424 #define TCP_PORT_RANGE_LDAP "389,3268" /* 3268 is Windows 2000 Global Catalog */
425 #define TCP_PORT_LDAPS 636
426 #define UDP_PORT_CLDAP 389
427
428 /* desegmentation of LDAP */
429 static gboolean ldap_desegment = TRUE;
430 static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
431 static guint ssl_port = 0;
432
433 static dissector_handle_t gssapi_handle;
434 static dissector_handle_t gssapi_wrap_handle;
435 static dissector_handle_t ntlmssp_handle;
436 static dissector_handle_t spnego_handle;
437 static dissector_handle_t tls_handle;
438 static dissector_handle_t ldap_handle ;
439
440 static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
441
442
443 /* different types of rpc calls ontop of ms cldap */
444 #define MSCLDAP_RPC_NETLOGON 1
445
446 /* Message type Choice values */
447 static const value_string ldap_ProtocolOp_choice_vals[] = {
448 { 0, "bindRequest" },
449 { 1, "bindResponse" },
450 { 2, "unbindRequest" },
451 { 3, "searchRequest" },
452 { 4, "searchResEntry" },
453 { 5, "searchResDone" },
454 { 6, "searchResRef" },
455 { 7, "modifyRequest" },
456 { 8, "modifyResponse" },
457 { 9, "addRequest" },
458 { 10, "addResponse" },
459 { 11, "delRequest" },
460 { 12, "delResponse" },
461 { 13, "modDNRequest" },
462 { 14, "modDNResponse" },
463 { 15, "compareRequest" },
464 { 16, "compareResponse" },
465 { 17, "abandonRequest" },
466 { 18, "extendedReq" },
467 { 19, "extendedResp" },
468 { 20, "intermediateResponse" },
469 { 0, NULL }
470 };
471
472 /* Procedure names (used in Service Response Time */
473 const value_string ldap_procedure_names[] = {
474 { 0, "Bind" },
475 { 3, "Search" },
476 { 6, "Modify" },
477 { 8, "Add" },
478 { 10, "Delete" },
479 { 12, "Modrdn" },
480 { 14, "Compare" },
481 { 23, "Extended" },
482 { 0, NULL }
483 };
484
485 #define LOGON_PRIMARY_QUERY 7
486 #define LOGON_PRIMARY_RESPONSE 12
487 #define LOGON_SAM_LOGON_REQUEST 18
488 #define LOGON_SAM_LOGON_RESPONSE 19
489 #define LOGON_SAM_PAUSE_RESPONSE 20
490 #define LOGON_SAM_USER_UNKNOWN 21
491 #define LOGON_SAM_LOGON_RESPONSE_EX 23
492 #define LOGON_SAM_PAUSE_RESPONSE_EX 24
493 #define LOGON_SAM_USER_UNKNOWN_EX 25
494
495 static const value_string netlogon_opcode_vals[] = {
496 { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" },
497 { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" },
498 { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" },
499 { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" },
500 { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" },
501 { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" },
502 { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" },
503 { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" },
504 { 0, NULL }
505 };
506
507 #define LDAP_NUM_PROCEDURES 24
508
509 static void
510 ldapstat_init(struct register_srt* srt _U_, GArray* srt_array)
511 {
512 srt_stat_table *ldap_srt_table;
513 guint32 i;
514
515 ldap_srt_table = init_srt_table("LDAP Commands", NULL, srt_array, LDAP_NUM_PROCEDURES, NULL, "ldap.protocolOp", NULL);
516 for (i = 0; i < LDAP_NUM_PROCEDURES; i++)
517 {
518 init_srt_table_row(ldap_srt_table, i, val_to_str_const(i, ldap_procedure_names, "<unknown>"));
519 }
520 }
521
522 static tap_packet_status
523 ldapstat_packet(void *pldap, packet_info *pinfo, epan_dissect_t *edt _U_, const void *psi)
524 {
525 guint i = 0;
526 srt_stat_table *ldap_srt_table;
527 const ldap_call_response_t *ldap=(const ldap_call_response_t *)psi;
528 srt_data_t *data = (srt_data_t *)pldap;
529
530 /* we are only interested in reply packets */
531 if(ldap->is_request){
532 return TAP_PACKET_DONT_REDRAW;
533 }
534 /* if we havnt seen the request, just ignore it */
535 if(!ldap->req_frame){
536 return TAP_PACKET_DONT_REDRAW;
537 }
538
539 /* only use the commands we know how to handle */
540 switch(ldap->protocolOpTag){
541 case LDAP_REQ_BIND:
542 case LDAP_REQ_SEARCH:
543 case LDAP_REQ_MODIFY:
544 case LDAP_REQ_ADD:
545 case LDAP_REQ_DELETE:
546 case LDAP_REQ_MODRDN:
547 case LDAP_REQ_COMPARE:
548 case LDAP_REQ_EXTENDED:
549 break;
550 default:
551 return TAP_PACKET_DONT_REDRAW;
552 }
553
554 ldap_srt_table = g_array_index(data->srt_array, srt_stat_table*, i);
555
556 add_srt_table_data(ldap_srt_table, ldap->protocolOpTag, &ldap->req_time, pinfo);
557 return TAP_PACKET_REDRAW;
558 }
559
560 /*
561 * Data structure attached to a conversation, giving authentication
562 * information from a bind request.
563 */
564 typedef struct ldap_conv_info_t {
565 guint auth_type; /* authentication type */
566 char *auth_mech; /* authentication mechanism */
567 guint32 first_auth_frame; /* first frame that would use a security layer */
568 wmem_map_t *unmatched;
569 wmem_map_t *matched;
570 gboolean is_mscldap;
571 guint32 num_results;
572 gboolean start_tls_pending;
573 guint32 start_tls_frame;
574 } ldap_conv_info_t;
575
576 static guint
577 ldap_info_hash_matched(gconstpointer k)
578 {
579 const ldap_call_response_t *key = (const ldap_call_response_t *)k;
580
581 return key->messageId;
582 }
583
584 static gint
585 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
586 {
587 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
588 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
589
590 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
591 return 0;
592 }
593 /* a response may span multiple frames
594 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
595 return 0;
596 }
597 */
598
599 return key1->messageId==key2->messageId;
600 }
601
602 static guint
603 ldap_info_hash_unmatched(gconstpointer k)
604 {
605 const ldap_call_response_t *key = (const ldap_call_response_t*)k;
606
607 return key->messageId;
608 }
609
610 static gint
611 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
612 {
613 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
614 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
615
616 return key1->messageId==key2->messageId;
617 }
618
619
620 /* These are the NtVer flags from MS-ADTS section 6.3.1.1
621 * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts
622 */
623
624 static const true_false_string tfs_ntver_v1 = {
625 "Client requested version 1 netlogon response",
626 "Version 1 netlogon response not requested"
627 };
628
629 static const true_false_string tfs_ntver_v5 = {
630 "Client requested version 5 netlogon response",
631 "Version 5 netlogon response not requested"
632 };
633 static const true_false_string tfs_ntver_v5ex = {
634 "Client requested version 5 extended netlogon response",
635 "Version 5 extended response not requested"
636 };
637 static const true_false_string tfs_ntver_v5ep = {
638 "Client has requested IP address of the server",
639 "IP address of server not requested"
640 };
641 static const true_false_string tfs_ntver_vcs = {
642 "Client has asked for the closest site information",
643 "Closest site information not requested"
644 };
645 static const true_false_string tfs_ntver_vnt4 = {
646 "Client is requesting server to avoid NT4 emulation",
647 "Only full AD DS requested"
648 };
649 static const true_false_string tfs_ntver_vpdc = {
650 "Client has requested the Primary Domain Controller",
651 "Primary Domain Controller not requested"
652 };
653 static const true_false_string tfs_ntver_vip = {
654 "Client has requested IP details (obsolete)",
655 "IP details not requested (obsolete)"
656 };
657 static const true_false_string tfs_ntver_vl = {
658 "Client indicated that it is the local machine",
659 "Client is not the local machine"
660 };static const true_false_string tfs_ntver_vgc = {
661 "Client has requested a Global Catalog server",
662 "Global Catalog not requested"
663 };
664
665 /* Stuff for generation/handling of fields for custom AttributeValues */
666 typedef struct _attribute_type_t {
667 gchar* attribute_type;
668 gchar* attribute_desc;
669 } attribute_type_t;
670
671 static attribute_type_t* attribute_types;
672 static guint num_attribute_types;
673
674 static GHashTable* attribute_types_hash;
675 static hf_register_info* dynamic_hf;
676 static guint dynamic_hf_size;
677
678 static gboolean
679 attribute_types_update_cb(void *r, char **err)
680 {
681 attribute_type_t *rec = (attribute_type_t *)r;
682 char c;
683
684 if (rec->attribute_type == NULL) {
685 *err = g_strdup("Attribute type can't be empty");
686 return FALSE;
687 }
688
689 g_strstrip(rec->attribute_type);
690 if (rec->attribute_type[0] == 0) {
691 *err = g_strdup("Attribute type can't be empty");
692 return FALSE;
693 }
694
695 /* Check for invalid characters (to avoid asserting out when
696 * registering the field).
697 */
698 c = proto_check_field_name(rec->attribute_type);
699 if (c) {
700 *err = g_strdup_printf("Attribute type can't contain '%c'", c);
701 return FALSE;
702 }
703
704 *err = NULL;
705 return TRUE;
706 }
707
708 static void *
709 attribute_types_copy_cb(void* n, const void* o, size_t siz _U_)
710 {
711 attribute_type_t* new_rec = (attribute_type_t*)n;
712 const attribute_type_t* old_rec = (const attribute_type_t*)o;
713
714 new_rec->attribute_type = g_strdup(old_rec->attribute_type);
715 new_rec->attribute_desc = g_strdup(old_rec->attribute_desc);
716
717 return new_rec;
718 }
719
720 static void
721 attribute_types_free_cb(void*r)
722 {
723 attribute_type_t* rec = (attribute_type_t*)r;
724
725 g_free(rec->attribute_type);
726 g_free(rec->attribute_desc);
727 }
728
729 UAT_CSTRING_CB_DEF(attribute_types, attribute_type, attribute_type_t)
730 UAT_CSTRING_CB_DEF(attribute_types, attribute_desc, attribute_type_t)
731
732 /*
733 *
734 */
735 static gint*
736 get_hf_for_header(char* attribute_type)
737 {
738 gint* hf_id = NULL;
739
740 if (attribute_types_hash) {
741 hf_id = (gint*) g_hash_table_lookup(attribute_types_hash, attribute_type);
742 } else {
743 hf_id = NULL;
744 }
745
746 return hf_id;
747 }
748
749 /*
750 *
751 */
752 static void
753 deregister_attribute_types(void)
754 {
755 if (dynamic_hf) {
756 /* Deregister all fields */
757 for (guint i = 0; i < dynamic_hf_size; i++) {
758 proto_deregister_field (proto_ldap, *(dynamic_hf[i].p_id));
759 g_free (dynamic_hf[i].p_id);
760 }
761
762 proto_add_deregistered_data (dynamic_hf);
763 dynamic_hf = NULL;
764 dynamic_hf_size = 0;
765 }
766
767 if (attribute_types_hash) {
768 g_hash_table_destroy (attribute_types_hash);
769 attribute_types_hash = NULL;
770 }
771 }
772
773 static void
774 attribute_types_post_update_cb(void)
775 {
776 gint* hf_id;
777 gchar* attribute_type;
778
779 deregister_attribute_types();
780
781 if (num_attribute_types) {
782 attribute_types_hash = g_hash_table_new(g_str_hash, g_str_equal);
783 dynamic_hf = g_new0(hf_register_info,num_attribute_types);
784 dynamic_hf_size = num_attribute_types;
785
786 for (guint i = 0; i < dynamic_hf_size; i++) {
787 hf_id = g_new(gint,1);
788 *hf_id = -1;
789 attribute_type = g_strdup(attribute_types[i].attribute_type);
790
791 dynamic_hf[i].p_id = hf_id;
792 dynamic_hf[i].hfinfo.name = attribute_type;
793 dynamic_hf[i].hfinfo.abbrev = g_strdup_printf("ldap.AttributeValue.%s", attribute_type);
794 dynamic_hf[i].hfinfo.type = FT_STRING;
795 dynamic_hf[i].hfinfo.display = BASE_NONE;
796 dynamic_hf[i].hfinfo.strings = NULL;
797 dynamic_hf[i].hfinfo.bitmask = 0;
798 dynamic_hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc);
799 HFILL_INIT(dynamic_hf[i]);
800
801 g_hash_table_insert(attribute_types_hash, attribute_type, hf_id);
802 }
803
804 proto_register_field_array(proto_ldap, dynamic_hf, dynamic_hf_size);
805 }
806 }
807
808 static void
809 attribute_types_reset_cb(void)
810 {
811 deregister_attribute_types();
812 }
813
814 /* MS-ADTS specification, section 6.3.1.1, NETLOGON_NT_VERSION Options Bits */
815 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
816 {
817 static int * const flags[] = {
818 &hf_mscldap_ntver_flags_v1,
819 &hf_mscldap_ntver_flags_v5,
820 &hf_mscldap_ntver_flags_v5ex,
821 &hf_mscldap_ntver_flags_v5ep,
822 &hf_mscldap_ntver_flags_vcs,
823 &hf_mscldap_ntver_flags_vnt4,
824 &hf_mscldap_ntver_flags_vpdc,
825 &hf_mscldap_ntver_flags_vip,
826 &hf_mscldap_ntver_flags_vl,
827 &hf_mscldap_ntver_flags_vgc,
828 NULL
829 };
830
831 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_ntver_flags,
832 ett_mscldap_ntver_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
833 offset += 4;
834
835 return offset;
836 }
837
838 /* This string contains the last LDAPString that was decoded */
839 static const char *attributedesc_string=NULL;
840
841 /* This string contains the last AssertionValue that was decoded */
842 static char *ldapvalue_string=NULL;
843
844 /* if the octet string contain all printable ASCII characters, then
845 * display it as a string, othervise just display it in hex.
846 */
847 static int
848 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
849 {
850 gint8 ber_class;
851 gboolean pc, ind, is_ascii;
852 gint32 tag;
853 guint32 len;
854
855 if(!implicit_tag){
856 offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
857 offset=get_ber_length(tvb, offset, &len, &ind);
858 } else {
859 len=tvb_reported_length_remaining(tvb,offset);
860 }
861
862 if(len==0){
863 return offset;
864 }
865
866
867 /*
868 * Some special/wellknown attributes in common LDAP (read AD)
869 * are neither ascii strings nor blobs of hex data.
870 * Special case these attributes and decode them more nicely.
871 *
872 * Add more special cases as required to prettify further
873 * (there can't be that many ones that are truly interesting)
874 */
875 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
876 tvbuff_t *sid_tvb;
877 char *tmpstr;
878
879 /* this octet string contains an NT SID */
880 sid_tvb=tvb_new_subset_length(tvb, offset, len);
881 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
882 ldapvalue_string=tmpstr;
883
884 goto finished;
885 } else if ( (len==16) /* GUIDs are always 16 bytes */
886 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
887 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
888 e_guid_t uuid;
889
890 /* This octet string contained a GUID */
891 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
892
893 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
894 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
895 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
896 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
897 uuid.data4[6], uuid.data4[7]);
898
899 goto finished;
900 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
901 guint32 flags;
902
903 len = 0;
904 /* get flag value to populate ldapvalue_string */
905 flags=tvb_get_letohl(tvb, offset);
906
907 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
908 g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
909
910 /* populate bitmask subtree */
911 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
912
913 goto finished;
914
915
916 }
917
918 /*
919 * It was not one of our "wellknown" attributes so make the best
920 * we can and just try to see if it is an ascii string or if it
921 * is a binary blob.
922 *
923 * XXX - should we support reading RFC 2252-style schemas
924 * for LDAP, and using that to determine how to display
925 * attribute values and assertion values?
926 *
927 * -- I don't think there are full schemas available that describe the
928 * interesting cases i.e. AD -- ronnie
929 */
930 is_ascii=tvb_ascii_isprint(tvb, offset, len);
931
932 /* convert the string into a printable string */
933 if(is_ascii){
934 ldapvalue_string= tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len, ENC_UTF_8|ENC_NA);
935 } else {
936 ldapvalue_string= tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset, len, ':');
937 }
938
939 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
940
941
942 finished:
943 offset+=len;
944 return offset;
945 }
946
947 /* This string contains the last Filter item that was decoded */
948 static const char *Filter_string=NULL;
949 static const char *and_filter_string=NULL;
950 static const char *or_filter_string=NULL;
951 static const char *substring_value=NULL;
952 static const char *substring_item_init=NULL;
953 static const char *substring_item_any=NULL;
954 static const char *substring_item_final=NULL;
955 static const char *matching_rule_string=NULL;
956 static gboolean matching_rule_dnattr=FALSE;
957
958 #define MAX_FILTER_LEN 4096
959 static gint Filter_length;
960
961 #define MAX_FILTER_ELEMENTS 200
962 static gint Filter_elements;
963
964 /* Global variables */
965 static gint MessageID =-1;
966 static gint ProtocolOp = -1;
967 static gint result = 0;
968 static proto_item *ldm_tree = NULL; /* item to add text to */
969
970 static void ldap_do_protocolop(packet_info *pinfo)
971 {
972 const gchar* valstr;
973
974 if (do_protocolop) {
975
976 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
977
978 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
979
980 if(ldm_tree)
981 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
982
983 do_protocolop = FALSE;
984
985 }
986 }
987
988 static ldap_call_response_t *
989 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag, ldap_conv_info_t *ldap_info)
990 {
991 ldap_call_response_t lcr, *lcrp=NULL;
992
993 /* first see if we have already matched this */
994
995 lcr.messageId=messageId;
996 switch(protocolOpTag){
997 case LDAP_REQ_BIND:
998 case LDAP_REQ_SEARCH:
999 case LDAP_REQ_MODIFY:
1000 case LDAP_REQ_ADD:
1001 case LDAP_REQ_DELETE:
1002 case LDAP_REQ_MODRDN:
1003 case LDAP_REQ_COMPARE:
1004 case LDAP_REQ_EXTENDED:
1005 lcr.is_request=TRUE;
1006 lcr.req_frame=pinfo->num;
1007 lcr.rep_frame=0;
1008 break;
1009 case LDAP_RES_BIND:
1010 case LDAP_RES_SEARCH_ENTRY:
1011 case LDAP_RES_SEARCH_REF:
1012 case LDAP_RES_SEARCH_RESULT:
1013 case LDAP_RES_MODIFY:
1014 case LDAP_RES_ADD:
1015 case LDAP_RES_DELETE:
1016 case LDAP_RES_MODRDN:
1017 case LDAP_RES_COMPARE:
1018 case LDAP_RES_EXTENDED:
1019 case LDAP_RES_INTERMEDIATE:
1020 lcr.is_request=FALSE;
1021 lcr.req_frame=0;
1022 lcr.rep_frame=pinfo->num;
1023 break;
1024 default:
1025 return NULL;
1026 }
1027 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->matched, &lcr);
1028
1029 if(lcrp){
1030
1031 lcrp->is_request=lcr.is_request;
1032
1033 } else {
1034
1035 /* we haven't found a match - try and match it up */
1036
1037 switch(protocolOpTag){
1038 case LDAP_REQ_BIND:
1039 case LDAP_REQ_SEARCH:
1040 case LDAP_REQ_MODIFY:
1041 case LDAP_REQ_ADD:
1042 case LDAP_REQ_DELETE:
1043 case LDAP_REQ_MODRDN:
1044 case LDAP_REQ_COMPARE:
1045 case LDAP_REQ_EXTENDED:
1046
1047 /* this a a request - add it to the unmatched list */
1048
1049 /* check that we don't already have one of those in the
1050 unmatched list and if so remove it */
1051
1052 lcr.messageId=messageId;
1053 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr);
1054 if(lcrp){
1055 wmem_map_remove(ldap_info->unmatched, lcrp);
1056 }
1057 /* if we can't reuse the old one, grab a new chunk */
1058 if(!lcrp){
1059 lcrp=wmem_new0(wmem_file_scope(), ldap_call_response_t);
1060 }
1061 lcrp->messageId=messageId;
1062 lcrp->req_frame=pinfo->num;
1063 lcrp->req_time=pinfo->abs_ts;
1064 lcrp->rep_frame=0;
1065 lcrp->protocolOpTag=protocolOpTag;
1066 lcrp->is_request=TRUE;
1067 wmem_map_insert(ldap_info->unmatched, lcrp, lcrp);
1068 return NULL;
1069 break;
1070 case LDAP_RES_BIND:
1071 case LDAP_RES_SEARCH_ENTRY:
1072 case LDAP_RES_SEARCH_REF:
1073 case LDAP_RES_SEARCH_RESULT:
1074 case LDAP_RES_MODIFY:
1075 case LDAP_RES_ADD:
1076 case LDAP_RES_DELETE:
1077 case LDAP_RES_MODRDN:
1078 case LDAP_RES_COMPARE:
1079 case LDAP_RES_EXTENDED:
1080 case LDAP_RES_INTERMEDIATE:
1081
1082 /* this is a result - it should be in our unmatched list */
1083
1084 lcr.messageId=messageId;
1085 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr);
1086
1087 if(lcrp){
1088
1089 if(!lcrp->rep_frame){
1090 wmem_map_remove(ldap_info->unmatched, lcrp);
1091 lcrp->rep_frame=pinfo->num;
1092 lcrp->is_request=FALSE;
1093 wmem_map_insert(ldap_info->matched, lcrp, lcrp);
1094 }
1095 }
1096
1097 break;
1098 }
1099
1100 }
1101 /* we have found a match */
1102
1103 if(lcrp){
1104 proto_item *it;
1105
1106 if(lcrp->is_request){
1107 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
1108 proto_item_set_generated(it);
1109 } else {
1110 nstime_t ns;
1111 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
1112 proto_item_set_generated(it);
1113 nstime_delta(&ns, &pinfo->abs_ts, &lcrp->req_time);
1114 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
1115 proto_item_set_generated(it);
1116 }
1117 }
1118
1119 return lcrp;
1120 }
1121
1122
1123 /*--- Included file: packet-ldap-fn.c ---*/
1124 #line 1 "./asn1/ldap/packet-ldap-fn.c"
1125 /*--- Cyclic dependencies ---*/
1126
1127 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
1128 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
1129 /* Filter -> Filter/not -> Filter */
1130 static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
1131
1132
1133
1134
1135 static int
1136 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1137 #line 91 "./asn1/ldap/ldap.cnf"
1138
1139 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1140 &MessageID);
1141
1142
1143 ldm_tree = tree;
1144
1145
1146
1147 return offset;
1148 }
1149
1150
1151
1152 static int
1153 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1154 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1155 NULL);
1156
1157 return offset;
1158 }
1159
1160
1161
1162 static int
1163 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1164 #line 301 "./asn1/ldap/ldap.cnf"
1165 tvbuff_t *parameter_tvb = NULL;
1166 const char *ldapstring = NULL;
1167 gchar *sc = NULL; /* semi-colon pointer */
1168
1169 offset = dissect_ber_octet_string_with_encoding(implicit_tag, actx, tree, tvb, offset, hf_index,
1170 &parameter_tvb, ENC_UTF_8|ENC_NA);
1171
1172 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
1173
1174 ldap_do_protocolop(actx->pinfo);
1175
1176 if(parameter_tvb)
1177 ldapstring = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
1178
1179 if(hf_index == hf_ldap_baseObject) {
1180 /* this is search - put it on the scanline */
1181 if(!ldapstring || !*ldapstring)
1182 ldapstring = "<ROOT>";
1183
1184 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
1185
1186 if(ldm_tree)
1187 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1188
1189
1190 if(!parameter_tvb) {
1191
1192 proto_item_append_text(actx->created_item, " (%s)", ldapstring);
1193 }
1194
1195 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
1196 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
1197
1198 if(ldm_tree)
1199 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
1200
1201 } else if ((hf_index == hf_ldap_objectName) ||
1202 (hf_index == hf_ldap_name) ||
1203 (hf_index == hf_ldap_entry) ||
1204 (hf_index == hf_ldap_object) ||
1205 (hf_index == hf_ldap_delRequest) ) {
1206
1207 if(!ldapstring || !*ldapstring)
1208 ldapstring = "<ROOT>";
1209
1210 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
1211
1212 if(ldm_tree)
1213 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1214 } else if (hf_index == hf_ldap_attributeDesc){
1215 /* remember the attribute description */
1216 attributedesc_string=ldapstring;
1217 } else if (hf_index == hf_ldap_initial){
1218 /* remember the substring item */
1219 substring_item_init=ldapstring;
1220 } else if (hf_index == hf_ldap_any){
1221 /* remember the substring item */
1222 substring_item_any=ldapstring;
1223 } else if (hf_index == hf_ldap_final){
1224 /* remember the substring item */
1225 substring_item_final=ldapstring;
1226 } else if (hf_index == hf_ldap_matchingRule){
1227 /* remember the matching rule */
1228 matching_rule_string=ldapstring;
1229 } else if (hf_index == hf_ldap_present){
1230 /* remember the present name */
1231 Filter_string=ldapstring;
1232 } else if (hf_index == hf_ldap_type) {
1233 /* remember attribute type name */
1234 attr_type = wmem_strdup(wmem_packet_scope(), ldapstring);
1235
1236 /* append it to the parent entry */
1237 proto_item_append_text(tree, " %s", attr_type);
1238
1239 /* remove the ";binary" component if present */
1240 if((sc = strchr(attr_type, ';')) != NULL) {
1241 if(!strcmp(sc, ";binary")) {
1242 *sc = '\0'; /* terminate the string */
1243 is_binary_attr_type = TRUE;
1244 }
1245 } else {
1246 is_binary_attr_type = FALSE;
1247 }
1248 }
1249
1250 }
1251
1252
1253
1254 return offset;
1255 }
1256
1257
1258
1259 static int
1260 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1261 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1262
1263 return offset;
1264 }
1265
1266
1267
1268 static int
1269 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1270 #line 148 "./asn1/ldap/ldap.cnf"
1271 ldap_conv_info_t *ldap_info;
1272
1273 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1274 NULL);
1275
1276
1277 ldap_info = (ldap_conv_info_t *)actx->private_data;
1278 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
1279
1280
1281
1282 return offset;
1283 }
1284
1285
1286
1287 static int
1288 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1289 #line 156 "./asn1/ldap/ldap.cnf"
1290
1291 ldap_conv_info_t *ldap_info;
1292 tvbuff_t *parameter_tvb;
1293 char *mechanism = NULL;
1294 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1295 &parameter_tvb);
1296
1297 ldap_info = (ldap_conv_info_t *)actx->private_data;
1298 ldap_info->auth_type = LDAP_AUTH_SASL;
1299
1300 if (!parameter_tvb)
1301 return offset;
1302
1303 /*
1304 * We need to remember the authentication type and mechanism for this
1305 * conversation.
1306 *
1307 * XXX - actually, we might need to remember more than one
1308 * type and mechanism, if you can unbind and rebind with a
1309 * different type and/or mechanism.
1310 */
1311 if(!actx->pinfo->fd->visited) {
1312 mechanism = tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
1313 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
1314 /*
1315 * If the mechanism in this request is an empty string (which is
1316 * returned as a null pointer), use the saved mechanism instead.
1317 * Otherwise, if the saved mechanism is an empty string (null),
1318 * save this mechanism.
1319 */
1320 if (mechanism != NULL) {
1321 wmem_free(wmem_file_scope(), ldap_info->auth_mech);
1322 ldap_info->auth_mech = mechanism;
1323 }
1324 }
1325
1326
1327 return offset;
1328 }
1329
1330
1331
1332 static int
1333 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1334 #line 190 "./asn1/ldap/ldap.cnf"
1335
1336 tvbuff_t *parameter_tvb;
1337 ldap_conv_info_t *ldap_info;
1338 gint8 ber_class;
1339 gboolean pc;
1340 gint32 tag;
1341
1342 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1343 &parameter_tvb);
1344
1345
1346 if (!parameter_tvb)
1347 return offset;
1348
1349 ldap_info = (ldap_conv_info_t *)actx->private_data;
1350 get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
1351
1352 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
1353 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
1354 /*
1355 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
1356 * We need to check the first byte to check whether the blob
1357 * contains SPNEGO or GSSAPI.
1358 * All SPNEGO PDUs are of class CONSTRUCTED while
1359 * GSS PDUs are class APPLICATION
1360 */
1361 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1362 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1363 }
1364 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
1365 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
1366 /*
1367 * This is a raw GSS-API token.
1368 */
1369 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) {
1370 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1371 }
1372 }
1373 /* Restore private data */
1374 actx->private_data = ldap_info;
1375
1376
1377
1378
1379 return offset;
1380 }
1381
1382
1383 static const ber_sequence_t SaslCredentials_sequence[] = {
1384 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism },
1385 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials },
1386 { NULL, 0, 0, 0, NULL }
1387 };
1388
1389 static int
1390 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1391 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1392 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1393
1394 return offset;
1395 }
1396
1397
1398
1399 static int
1400 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1401 #line 683 "./asn1/ldap/ldap.cnf"
1402 /* make sure the protocol op comes first */
1403 ldap_do_protocolop(actx->pinfo);
1404
1405 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1406 offset+=tvb_reported_length_remaining(tvb, offset);
1407
1408
1409
1410 return offset;
1411 }
1412
1413
1414
1415 static int
1416 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1417 #line 690 "./asn1/ldap/ldap.cnf"
1418 /* make sure the protocol op comes first */
1419 ldap_do_protocolop(actx->pinfo);
1420
1421 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1422 offset+=tvb_reported_length_remaining(tvb, offset);
1423
1424
1425
1426 return offset;
1427 }
1428
1429
1430 static const value_string ldap_AuthenticationChoice_vals[] = {
1431 { 0, "simple" },
1432 { 3, "sasl" },
1433 { 10, "ntlmsspNegotiate" },
1434 { 11, "ntlmsspAuth" },
1435 { 0, NULL }
1436 };
1437
1438 static const ber_choice_t AuthenticationChoice_choice[] = {
1439 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple },
1440 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials },
1441 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate },
1442 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth },
1443 { 0, NULL, 0, 0, 0, NULL }
1444 };
1445
1446 static int
1447 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1448 #line 480 "./asn1/ldap/ldap.cnf"
1449 gint branch = -1;
1450 gint auth = -1;
1451 const gchar *valstr;
1452
1453 offset = dissect_ber_choice(actx, tree, tvb, offset,
1454 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1455 &branch);
1456
1457
1458 ldap_do_protocolop(actx->pinfo);
1459
1460 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1461 auth = AuthenticationChoice_choice[branch].value;
1462
1463 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1464
1465 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1466 if ((auth != 10) && (auth != 11))
1467 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1468
1469 if(ldm_tree)
1470 proto_item_append_text(ldm_tree, " %s", valstr);
1471
1472
1473
1474
1475 return offset;
1476 }
1477
1478
1479 static const ber_sequence_t BindRequest_U_sequence[] = {
1480 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 },
1481 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
1482 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice },
1483 { NULL, 0, 0, 0, NULL }
1484 };
1485
1486 static int
1487 dissect_ldap_BindRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1488 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1489 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U);
1490
1491 return offset;
1492 }
1493
1494
1495
1496 static int
1497 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1498 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1499 hf_index, BER_CLASS_APP, 0, TRUE, dissect_ldap_BindRequest_U);
1500
1501 return offset;
1502 }
1503
1504
1505 static const value_string ldap_BindResponse_resultCode_vals[] = {
1506 { 0, "success" },
1507 { 1, "operationsError" },
1508 { 2, "protocolError" },
1509 { 3, "timeLimitExceeded" },
1510 { 4, "sizeLimitExceeded" },
1511 { 5, "compareFalse" },
1512 { 6, "compareTrue" },
1513 { 7, "authMethodNotSupported" },
1514 { 8, "strongAuthRequired" },
1515 { 10, "referral" },
1516 { 11, "adminLimitExceeded" },
1517 { 12, "unavailableCriticalExtension" },
1518 { 13, "confidentialityRequired" },
1519 { 14, "saslBindInProgress" },
1520 { 16, "noSuchAttribute" },
1521 { 17, "undefinedAttributeType" },
1522 { 18, "inappropriateMatching" },
1523 { 19, "constraintViolation" },
1524 { 20, "attributeOrValueExists" },
1525 { 21, "invalidAttributeSyntax" },
1526 { 32, "noSuchObject" },
1527 { 33, "aliasProblem" },
1528 { 34, "invalidDNSyntax" },
1529 { 36, "aliasDereferencingProblem" },
1530 { 48, "inappropriateAuthentication" },
1531 { 49, "invalidCredentials" },
1532 { 50, "insufficientAccessRights" },
1533 { 51, "busy" },
1534 { 52, "unavailable" },
1535 { 53, "unwillingToPerform" },
1536 { 54, "loopDetect" },
1537 { 64, "namingViolation" },
1538 { 65, "objectClassViolation" },
1539 { 66, "notAllowedOnNonLeaf" },
1540 { 67, "notAllowedOnRDN" },
1541 { 68, "entryAlreadyExists" },
1542 { 69, "objectClassModsProhibited" },
1543 { 71, "affectsMultipleDSAs" },
1544 { 80, "other" },
1545 { 118, "canceled" },
1546 { 119, "noSuchOperation" },
1547 { 120, "tooLate" },
1548 { 121, "cannotCancel" },
1549 { 0, NULL }
1550 };
1551
1552
1553 static int
1554 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1555 #line 421 "./asn1/ldap/ldap.cnf"
1556
1557 const gchar *valstr;
1558
1559 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1560 &result);
1561
1562
1563 ldap_do_protocolop(actx->pinfo);
1564
1565 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1566
1567 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1568
1569 if(ldm_tree)
1570 proto_item_append_text(ldm_tree, " %s", valstr);
1571
1572
1573
1574 return offset;
1575 }
1576
1577
1578
1579 static int
1580 dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1581 #line 697 "./asn1/ldap/ldap.cnf"
1582 tvbuff_t *new_tvb=NULL;
1583
1584 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1585
1586 if( new_tvb
1587 && (tvb_reported_length(new_tvb)>=7)
1588 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1589
1590 /* make sure the protocol op comes first */
1591 ldap_do_protocolop(actx->pinfo);
1592
1593 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
1594 }
1595
1596
1597
1598 return offset;
1599 }
1600
1601
1602
1603 static int
1604 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1605 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1606
1607 return offset;
1608 }
1609
1610
1611
1612 static int
1613 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1614 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1615 NULL);
1616
1617 #line 54 "./asn1/ldap/ldap.cnf"
1618 proto_item_set_url(actx->created_item);
1619
1620
1621 return offset;
1622 }
1623
1624
1625 static const ber_sequence_t Referral_sequence_of[1] = {
1626 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
1627 };
1628
1629 static int
1630 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1631 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1632 Referral_sequence_of, hf_index, ett_ldap_Referral);
1633
1634 return offset;
1635 }
1636
1637
1638
1639 static int
1640 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1641 #line 231 "./asn1/ldap/ldap.cnf"
1642
1643 tvbuff_t *parameter_tvb = NULL;
1644 ldap_conv_info_t *ldap_info;
1645
1646 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1647 &parameter_tvb);
1648
1649 if (!parameter_tvb)
1650 return offset;
1651 ldap_info = (ldap_conv_info_t *)actx->private_data;
1652 switch (ldap_info->auth_type) {
1653
1654 /* For Kerberos V4, dissect it as a ticket. */
1655 /* XXX - what about LDAP_AUTH_SIMPLE? */
1656
1657 case LDAP_AUTH_SASL:
1658 /*
1659 * All frames after this are assumed to use a security layer.
1660 *
1661 * XXX - won't work if there's another reply, with the security
1662 * layer, starting in the same TCP segment that ends this
1663 * reply, but as LDAP is a request/response protocol, and
1664 * as the client probably can't start using authentication until
1665 * it gets the bind reply and the server won't send a reply until
1666 * it gets a request, that probably won't happen.
1667 *
1668 * XXX - that assumption is invalid; it's not clear where the
1669 * hell you find out whether there's any security layer. In
1670 * one capture, we have two GSS-SPNEGO negotiations, both of
1671 * which select MS KRB5, and the only differences in the tokens
1672 * is in the RC4-HMAC ciphertext. The various
1673 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1674 * that the RFC 2222 spoo with the bitmask and maximum
1675 * output message size stuff is done - but where does that
1676 * stuff show up? Is it in the ciphertext, which means it's
1677 * presumably encrypted?
1678 *
1679 * Grrr. We have to do a gross heuristic, checking whether the
1680 * putative LDAP message begins with 0x00 or not, making the
1681 * assumption that we won't have more than 2^24 bytes of
1682 * encapsulated stuff.
1683 */
1684 ldap_info->first_auth_frame = actx->pinfo->num + 1;
1685 if (ldap_info->auth_mech != NULL &&
1686 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1687 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
1688 * which might not be wrapped in GSS-SPNEGO but be a raw
1689 * NTLMSSP blob
1690 */
1691 if ( (tvb_reported_length(parameter_tvb)>=7)
1692 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
1693 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
1694 break;
1695 }
1696 /*
1697 * This is a GSS-API token.
1698 */
1699 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1700 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1701 } else if (ldap_info->auth_mech != NULL &&
1702 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1703 /*
1704 * This is a GSS-API token.
1705 */
1706 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1707 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1708 }
1709 break;
1710 }
1711 actx->private_data = ldap_info;
1712
1713
1714
1715 return offset;
1716 }
1717
1718
1719 static const ber_sequence_t BindResponse_U_sequence[] = {
1720 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode },
1721 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN },
1722 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
1723 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
1724 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds },
1725 { NULL, 0, 0, 0, NULL }
1726 };
1727
1728 static int
1729 dissect_ldap_BindResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1730 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1731 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U);
1732
1733 return offset;
1734 }
1735
1736
1737
1738 static int
1739 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1740 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1741 hf_index, BER_CLASS_APP, 1, TRUE, dissect_ldap_BindResponse_U);
1742
1743 return offset;
1744 }
1745
1746
1747
1748 static int
1749 dissect_ldap_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1750 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1751
1752 return offset;
1753 }
1754
1755
1756
1757 static int
1758 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1759 #line 502 "./asn1/ldap/ldap.cnf"
1760
1761 implicit_tag = TRUE; /* correct problem with asn2wrs */
1762
1763 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1764 hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL);
1765
1766
1767 ldap_do_protocolop(actx->pinfo);
1768
1769
1770
1771
1772
1773
1774
1775 return offset;
1776 }
1777
1778
1779 static const value_string ldap_T_scope_vals[] = {
1780 { 0, "baseObject" },
1781 { 1, "singleLevel" },
1782 { 2, "wholeSubtree" },
1783 { 0, NULL }
1784 };
1785
1786
1787 static int
1788 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1789 #line 389 "./asn1/ldap/ldap.cnf"
1790
1791 guint32 scope = 0xffff;
1792 const gchar *valstr;
1793
1794 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1795 &scope);
1796
1797
1798 ldap_do_protocolop(actx->pinfo);
1799
1800 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1801
1802 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1803
1804 if(ldm_tree)
1805 proto_item_append_text(ldm_tree, " %s", valstr);
1806
1807
1808
1809 return offset;
1810 }
1811
1812
1813 static const value_string ldap_T_derefAliases_vals[] = {
1814 { 0, "neverDerefAliases" },
1815 { 1, "derefInSearching" },
1816 { 2, "derefFindingBaseObj" },
1817 { 3, "derefAlways" },
1818 { 0, NULL }
1819 };
1820
1821
1822 static int
1823 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1824 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1825 NULL);
1826
1827 return offset;
1828 }
1829
1830
1831
1832 static int
1833 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1834 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1835 NULL);
1836
1837 return offset;
1838 }
1839
1840
1841
1842 static int
1843 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1844 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1845
1846 return offset;
1847 }
1848
1849
1850
1851 static int
1852 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1853 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1854
1855 #line 548 "./asn1/ldap/ldap.cnf"
1856 if(and_filter_string){
1857 and_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(&%s%s)",and_filter_string,Filter_string);
1858 } else {
1859 and_filter_string=Filter_string;
1860 }
1861
1862
1863 return offset;
1864 }
1865
1866
1867 static const ber_sequence_t T_and_set_of[1] = {
1868 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item },
1869 };
1870
1871 static int
1872 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1873 #line 555 "./asn1/ldap/ldap.cnf"
1874 proto_tree *tr=NULL;
1875 proto_item *it=NULL;
1876 const char *old_and_filter_string=and_filter_string;
1877
1878 and_filter_string=NULL;
1879
1880 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
1881 tree = tr;
1882
1883 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1884 T_and_set_of, hf_index, ett_ldap_T_and);
1885
1886
1887 if(and_filter_string) {
1888 proto_item_append_text(it, "%s", and_filter_string);
1889 Filter_string=wmem_strdup(wmem_packet_scope(), and_filter_string);
1890 }
1891 and_filter_string=old_and_filter_string;
1892
1893
1894
1895 return offset;
1896 }
1897
1898
1899
1900 static int
1901 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1902 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1903
1904 #line 573 "./asn1/ldap/ldap.cnf"
1905 if(or_filter_string){
1906 or_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(|%s%s)",or_filter_string,Filter_string);
1907 } else {
1908 or_filter_string=Filter_string;
1909 }
1910
1911
1912
1913 return offset;
1914 }
1915
1916
1917 static const ber_sequence_t T_or_set_of[1] = {
1918 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item },
1919 };
1920
1921 static int
1922 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1923 #line 581 "./asn1/ldap/ldap.cnf"
1924 proto_tree *tr;
1925 proto_item *it;
1926 const char *old_or_filter_string=or_filter_string;
1927
1928 or_filter_string=NULL;
1929 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
1930 tree = tr;
1931
1932 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1933 T_or_set_of, hf_index, ett_ldap_T_or);
1934
1935 if(or_filter_string) {
1936 proto_item_append_text(it, "%s", or_filter_string);
1937 Filter_string=wmem_strdup(wmem_packet_scope(), or_filter_string);
1938 }
1939 or_filter_string=old_or_filter_string;
1940
1941
1942
1943 return offset;
1944 }
1945
1946
1947
1948 static int
1949 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1950 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1951
1952 #line 600 "./asn1/ldap/ldap.cnf"
1953 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(!%s)",string_or_null(Filter_string));
1954
1955
1956 return offset;
1957 }
1958
1959
1960
1961 static int
1962 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1963 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1964
1965 return offset;
1966 }
1967
1968
1969
1970 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1971 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1972 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue },
1973 { NULL, 0, 0, 0, NULL }
1974 };
1975
1976 static int
1977 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1978 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1979 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1980
1981 return offset;
1982 }
1983
1984
1985
1986 static int
1987 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1988 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1989
1990 #line 525 "./asn1/ldap/ldap.cnf"
1991 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
1992 string_or_null(attributedesc_string),
1993 string_or_null(ldapvalue_string));
1994
1995
1996
1997 return offset;
1998 }
1999
2000
2001 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
2002 { 0, "initial" },
2003 { 1, "any" },
2004 { 2, "final" },
2005 { 0, NULL }
2006 };
2007
2008 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
2009 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
2010 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
2011 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
2012 { 0, NULL, 0, 0, 0, NULL }
2013 };
2014
2015 static int
2016 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2017 offset = dissect_ber_choice(actx, tree, tvb, offset,
2018 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
2019 NULL);
2020
2021 #line 626 "./asn1/ldap/ldap.cnf"
2022 if (substring_item_final) {
2023 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s",
2024 (substring_value?substring_value:"*"),
2025 substring_item_final);
2026 } else if (substring_item_any) {
2027 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s*",
2028 (substring_value?substring_value:"*"),
2029 substring_item_any);
2030 } else if (substring_item_init) {
2031 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s*",
2032 substring_item_init);
2033 }
2034
2035
2036 return offset;
2037 }
2038
2039
2040 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
2041 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item },
2042 };
2043
2044 static int
2045 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2046 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2047 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
2048
2049 return offset;
2050 }
2051
2052
2053 static const ber_sequence_t SubstringFilter_sequence[] = {
2054 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2055 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings },
2056 { NULL, 0, 0, 0, NULL }
2057 };
2058
2059 static int
2060 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2061 #line 640 "./asn1/ldap/ldap.cnf"
2062 proto_tree *tr;
2063 proto_item *it;
2064 const char *old_substring_value=substring_value;
2065
2066 attr_type=NULL;
2067 substring_value=NULL;
2068 substring_item_init=NULL;
2069 substring_item_any=NULL;
2070 substring_item_final=NULL;
2071
2072 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
2073 tree = tr;
2074
2075 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2076 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
2077
2078 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
2079 string_or_null(attr_type),
2080 string_or_null(substring_value));
2081 proto_item_append_text(it, "%s", Filter_string);
2082 substring_value=old_substring_value;
2083
2084
2085
2086 return offset;
2087 }
2088
2089
2090
2091 static int
2092 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2093 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2094
2095 #line 531 "./asn1/ldap/ldap.cnf"
2096 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s>=%s)",
2097 string_or_null(attributedesc_string),
2098 string_or_null(ldapvalue_string));
2099
2100
2101
2102 return offset;
2103 }
2104
2105
2106
2107 static int
2108 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2109 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2110
2111 #line 537 "./asn1/ldap/ldap.cnf"
2112 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s<=%s)",
2113 string_or_null(attributedesc_string),
2114 string_or_null(ldapvalue_string));
2115
2116
2117
2118 return offset;
2119 }
2120
2121
2122
2123 static int
2124 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2125 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
2126
2127 #line 597 "./asn1/ldap/ldap.cnf"
2128 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=*)",string_or_null(Filter_string));
2129
2130
2131 return offset;
2132 }
2133
2134
2135
2136 static int
2137 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2138 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2139
2140 #line 543 "./asn1/ldap/ldap.cnf"
2141 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s~=%s)",
2142 string_or_null(attributedesc_string),
2143 string_or_null(ldapvalue_string));
2144
2145
2146 return offset;
2147 }
2148
2149
2150
2151 static int
2152 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2153 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2154
2155 return offset;
2156 }
2157
2158
2159
2160 static int
2161 dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2162 #line 603 "./asn1/ldap/ldap.cnf"
2163 gboolean val;
2164
2165 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
2166
2167
2168 matching_rule_dnattr = val;
2169
2170
2171
2172
2173 return offset;
2174 }
2175
2176
2177 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
2178 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
2179 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
2180 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue },
2181 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes },
2182 { NULL, 0, 0, 0, NULL }
2183 };
2184
2185 static int
2186 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2187 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2188 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
2189
2190 return offset;
2191 }
2192
2193
2194
2195 static int
2196 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2197 #line 612 "./asn1/ldap/ldap.cnf"
2198 attr_type=NULL;
2199 matching_rule_string=NULL;
2200 ldapvalue_string=NULL;
2201 matching_rule_dnattr=FALSE;
2202
2203
2204 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2205
2206 #line 618 "./asn1/ldap/ldap.cnf"
2207 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s:%s%s%s=%s)",
2208 (attr_type?attr_type:""),
2209 (matching_rule_dnattr?"dn:":""),
2210 (matching_rule_string?matching_rule_string:""),
2211 (matching_rule_string?":":""),
2212 string_or_null(ldapvalue_string));
2213
2214
2215 return offset;
2216 }
2217
2218
2219 static const value_string ldap_Filter_vals[] = {
2220 { 0, "and" },
2221 { 1, "or" },
2222 { 2, "not" },
2223 { 3, "equalityMatch" },
2224 { 4, "substrings" },
2225 { 5, "greaterOrEqual" },
2226 { 6, "lessOrEqual" },
2227 { 7, "present" },
2228 { 8, "approxMatch" },
2229 { 9, "extensibleMatch" },
2230 { 0, NULL }
2231 };
2232
2233 static const ber_choice_t Filter_choice[] = {
2234 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and },
2235 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or },
2236 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not },
2237 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch },
2238 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter },
2239 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual },
2240 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual },
2241 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present },
2242 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch },
2243 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch },
2244 { 0, NULL, 0, 0, 0, NULL }
2245 };
2246
2247 static int
2248 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2249 #line 661 "./asn1/ldap/ldap.cnf"
2250 proto_tree *tr;
2251 proto_item *it;
2252 attributedesc_string=NULL;
2253
2254 if (Filter_length++ > MAX_FILTER_LEN) {
2255 expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
2256 THROW(ReportedBoundsError);
2257 }
2258
2259 if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
2260 expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
2261 THROW(ReportedBoundsError);
2262 }
2263
2264 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
2265 tree = tr;
2266
2267 offset = dissect_ber_choice(actx, tree, tvb, offset,
2268 Filter_choice, hf_index, ett_ldap_Filter,
2269 NULL);
2270
2271 if(Filter_string)
2272 proto_item_append_text(it, "%s", string_or_null(Filter_string));
2273
2274
2275
2276 return offset;
2277 }
2278
2279
2280
2281 static int
2282 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2283 #line 514 "./asn1/ldap/ldap.cnf"
2284 Filter_string=NULL;
2285 Filter_elements = 0;
2286 Filter_length = 0;
2287
2288
2289 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
2290
2291 #line 519 "./asn1/ldap/ldap.cnf"
2292 Filter_string=NULL;
2293 and_filter_string=NULL;
2294 Filter_elements = 0;
2295 Filter_length = 0;
2296
2297
2298 return offset;
2299 }
2300
2301
2302 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2303 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2304 };
2305
2306 static int
2307 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2308 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2309 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2310
2311 return offset;
2312 }
2313
2314
2315 static const ber_sequence_t SearchRequest_U_sequence[] = {
2316 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2317 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope },
2318 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases },
2319 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2320 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2321 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2322 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter },
2323 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList },
2324 { NULL, 0, 0, 0, NULL }
2325 };
2326
2327 static int
2328 dissect_ldap_SearchRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2329 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2330 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U);
2331
2332 return offset;
2333 }
2334
2335
2336
2337 static int
2338 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2339 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2340 hf_index, BER_CLASS_APP, 3, TRUE, dissect_ldap_SearchRequest_U);
2341
2342 return offset;
2343 }
2344
2345
2346
2347 static int
2348 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2349 #line 451 "./asn1/ldap/ldap.cnf"
2350
2351 tvbuff_t *next_tvb = NULL;
2352 gchar *string;
2353 int old_offset = offset;
2354 gint *hf_id;
2355
2356 /* attr_type, should be set before calling this function */
2357
2358 /* extract the value of the octetstring */
2359 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
2360
2361 /* first check if we have a custom attribute type configured */
2362 if ((hf_id = get_hf_for_header (attr_type)) != NULL)
2363 proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
2364
2365 /* if we have an attribute type that isn't binary see if there is a better dissector */
2366 else if(!attr_type || !next_tvb || !dissector_try_string_new(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, FALSE, NULL)) {
2367 offset = old_offset;
2368
2369 /* do the default thing */
2370 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2371 NULL);
2372
2373
2374 if(tvb_ascii_isprint(next_tvb, 0, tvb_reported_length(next_tvb))) {
2375 string = tvb_get_string_enc(wmem_packet_scope(), next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
2376 proto_item_set_text(actx->created_item, "AttributeValue: %s", string);
2377 }
2378 }
2379
2380
2381
2382 return offset;
2383 }
2384
2385
2386 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2387 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },
2388 };
2389
2390 static int
2391 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2392 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
2393 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2394
2395 return offset;
2396 }
2397
2398
2399 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2400 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2401 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2402 { NULL, 0, 0, 0, NULL }
2403 };
2404
2405 static int
2406 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2407 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2408 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2409
2410 return offset;
2411 }
2412
2413
2414 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2415 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item },
2416 };
2417
2418 static int
2419 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2420 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2421 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2422
2423 return offset;
2424 }
2425
2426
2427 static const ber_sequence_t SearchResultEntry_U_sequence[] = {
2428 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2429 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList },
2430 { NULL, 0, 0, 0, NULL }
2431 };
2432
2433 static int
2434 dissect_ldap_SearchResultEntry_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2435 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2436 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U);
2437
2438 return offset;
2439 }
2440
2441
2442
2443 static int
2444 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2445 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2446 hf_index, BER_CLASS_APP, 4, TRUE, dissect_ldap_SearchResultEntry_U);
2447
2448 return offset;
2449 }
2450
2451
2452 static const value_string ldap_T_resultCode_vals[] = {
2453 { 0, "success" },
2454 { 1, "operationsError" },
2455 { 2, "protocolError" },
2456 { 3, "timeLimitExceeded" },
2457 { 4, "sizeLimitExceeded" },
2458 { 5, "compareFalse" },
2459 { 6, "compareTrue" },
2460 { 7, "authMethodNotSupported" },
2461 { 8, "strongAuthRequired" },
2462 { 10, "referral" },
2463 { 11, "adminLimitExceeded" },
2464 { 12, "unavailableCriticalExtension" },
2465 { 13, "confidentialityRequired" },
2466 { 14, "saslBindInProgress" },
2467 { 16, "noSuchAttribute" },
2468 { 17, "undefinedAttributeType" },
2469 { 18, "inappropriateMatching" },
2470 { 19, "constraintViolation" },
2471 { 20, "attributeOrValueExists" },
2472 { 21, "invalidAttributeSyntax" },
2473 { 32, "noSuchObject" },
2474 { 33, "aliasProblem" },
2475 { 34, "invalidDNSyntax" },
2476 { 36, "aliasDereferencingProblem" },
2477 { 48, "inappropriateAuthentication" },
2478 { 49, "invalidCredentials" },
2479 { 50, "insufficientAccessRights" },
2480 { 51, "busy" },
2481 { 52, "unavailable" },
2482 { 53, "unwillingToPerform" },
2483 { 54, "loopDetect" },
2484 { 64, "namingViolation" },
2485 { 65, "objectClassViolation" },
2486 { 66, "notAllowedOnNonLeaf" },
2487 { 67, "notAllowedOnRDN" },
2488 { 68, "entryAlreadyExists" },
2489 { 69, "objectClassModsProhibited" },
2490 { 71, "affectsMultipleDSAs" },
2491 { 80, "other" },
2492 { 118, "canceled" },
2493 { 119, "noSuchOperation" },
2494 { 120, "tooLate" },
2495 { 121, "cannotCancel" },
2496 { 0, NULL }
2497 };
2498
2499
2500 static int
2501 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2502 #line 405 "./asn1/ldap/ldap.cnf"
2503
2504 const gchar *valstr;
2505
2506 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2507 &result);
2508
2509
2510 ldap_do_protocolop(actx->pinfo);
2511
2512 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2513
2514 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
2515
2516 if(ldm_tree)
2517 proto_item_append_text(ldm_tree, " %s", valstr);
2518
2519
2520
2521
2522 return offset;
2523 }
2524
2525
2526 static const ber_sequence_t LDAPResult_sequence[] = {
2527 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode },
2528 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2529 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2530 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2531 { NULL, 0, 0, 0, NULL }
2532 };
2533
2534 static int
2535 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2536 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2537 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2538
2539 return offset;
2540 }
2541
2542
2543
2544 static int
2545 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2546 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2547 hf_index, BER_CLASS_APP, 5, TRUE, dissect_ldap_LDAPResult);
2548
2549 return offset;
2550 }
2551
2552
2553 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = {
2554 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
2555 };
2556
2557 static int
2558 dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2559 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2560 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL);
2561
2562 return offset;
2563 }
2564
2565
2566
2567 static int
2568 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2569 #line 789 "./asn1/ldap/ldap.cnf"
2570
2571 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2572 hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
2573
2574
2575 ldap_do_protocolop(actx->pinfo);
2576
2577
2578
2579
2580 return offset;
2581 }
2582
2583
2584 static const value_string ldap_T_operation_vals[] = {
2585 { 0, "add" },
2586 { 1, "delete" },
2587 { 2, "replace" },
2588 { 3, "increment" },
2589 { 0, NULL }
2590 };
2591
2592
2593 static int
2594 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2595 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2596 NULL);
2597
2598 return offset;
2599 }
2600
2601
2602 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2603 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2604 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2605 { NULL, 0, 0, 0, NULL }
2606 };
2607
2608 static int
2609 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2610 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2611 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2612
2613 return offset;
2614 }
2615
2616
2617 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2618 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation },
2619 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues },
2620 { NULL, 0, 0, 0, NULL }
2621 };
2622
2623 static int
2624 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2625 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2626 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2627
2628 return offset;
2629 }
2630
2631
2632 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2633 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item },
2634 };
2635
2636 static int
2637 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2638 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2639 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2640
2641 return offset;
2642 }
2643
2644
2645 static const ber_sequence_t ModifyRequest_U_sequence[] = {
2646 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2647 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification },
2648 { NULL, 0, 0, 0, NULL }
2649 };
2650
2651 static int
2652 dissect_ldap_ModifyRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2653 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2654 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U);
2655
2656 return offset;
2657 }
2658
2659
2660
2661 static int
2662 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2663 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2664 hf_index, BER_CLASS_APP, 6, TRUE, dissect_ldap_ModifyRequest_U);
2665
2666 return offset;
2667 }
2668
2669
2670
2671 static int
2672 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2673 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2674 hf_index, BER_CLASS_APP, 7, TRUE, dissect_ldap_LDAPResult);
2675
2676 return offset;
2677 }
2678
2679
2680 static const ber_sequence_t AttributeList_item_sequence[] = {
2681 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2682 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2683 { NULL, 0, 0, 0, NULL }
2684 };
2685
2686 static int
2687 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2688 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2689 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2690
2691 return offset;
2692 }
2693
2694
2695 static const ber_sequence_t AttributeList_sequence_of[1] = {
2696 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item },
2697 };
2698
2699 static int
2700 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2701 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2702 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2703
2704 return offset;
2705 }
2706
2707
2708 static const ber_sequence_t AddRequest_U_sequence[] = {
2709 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2710 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList },
2711 { NULL, 0, 0, 0, NULL }
2712 };
2713
2714 static int
2715 dissect_ldap_AddRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2716 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2717 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U);
2718
2719 return offset;
2720 }
2721
2722
2723
2724 static int
2725 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2726 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2727 hf_index, BER_CLASS_APP, 8, TRUE, dissect_ldap_AddRequest_U);
2728
2729 return offset;
2730 }
2731
2732
2733
2734 static int
2735 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2736 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2737 hf_index, BER_CLASS_APP, 9, TRUE, dissect_ldap_LDAPResult);
2738
2739 return offset;
2740 }
2741
2742
2743
2744 static int
2745 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2746 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2747 hf_index, BER_CLASS_APP, 10, TRUE, dissect_ldap_LDAPDN);
2748
2749 return offset;
2750 }
2751
2752
2753
2754 static int
2755 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2756 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2757 hf_index, BER_CLASS_APP, 11, TRUE, dissect_ldap_LDAPResult);
2758
2759 return offset;
2760 }
2761
2762
2763
2764 static int
2765 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2766 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2767
2768 return offset;
2769 }
2770
2771
2772 static const ber_sequence_t ModifyDNRequest_U_sequence[] = {
2773 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2774 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN },
2775 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2776 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN },
2777 { NULL, 0, 0, 0, NULL }
2778 };
2779
2780 static int
2781 dissect_ldap_ModifyDNRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2782 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2783 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U);
2784
2785 return offset;
2786 }
2787
2788
2789
2790 static int
2791 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2792 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2793 hf_index, BER_CLASS_APP, 12, TRUE, dissect_ldap_ModifyDNRequest_U);
2794
2795 return offset;
2796 }
2797
2798
2799
2800 static int
2801 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2802 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2803 hf_index, BER_CLASS_APP, 13, TRUE, dissect_ldap_LDAPResult);
2804
2805 return offset;
2806 }
2807
2808
2809 static const ber_sequence_t CompareRequest_U_sequence[] = {
2810 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2811 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion },
2812 { NULL, 0, 0, 0, NULL }
2813 };
2814
2815 static int
2816 dissect_ldap_CompareRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2817 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2818 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U);
2819
2820 return offset;
2821 }
2822
2823
2824
2825 static int
2826 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2827 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2828 hf_index, BER_CLASS_APP, 14, TRUE, dissect_ldap_CompareRequest_U);
2829
2830 return offset;
2831 }
2832
2833
2834
2835 static int
2836 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2837 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2838 hf_index, BER_CLASS_APP, 15, TRUE, dissect_ldap_LDAPResult);
2839
2840 return offset;
2841 }
2842
2843
2844
2845 static int
2846 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2847 #line 796 "./asn1/ldap/ldap.cnf"
2848
2849 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2850 hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
2851
2852
2853 ldap_do_protocolop(actx->pinfo);
2854
2855
2856
2857 return offset;
2858 }
2859
2860
2861
2862 static int
2863 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2864 #line 57 "./asn1/ldap/ldap.cnf"
2865
2866 tvbuff_t *parameter_tvb;
2867 const gchar *name;
2868 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
2869
2870
2871 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2872 &parameter_tvb);
2873
2874 #line 65 "./asn1/ldap/ldap.cnf"
2875
2876 object_identifier_id = NULL;
2877
2878 if (!parameter_tvb)
2879 return offset;
2880
2881 object_identifier_id = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
2882 name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
2883
2884 if(name){
2885 proto_item_append_text(actx->created_item, " (%s)", name);
2886
2887 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
2888 ldap_do_protocolop(actx->pinfo);
2889 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
2890 }
2891 }
2892
2893 /* Has the client requested the Start TLS operation? */
2894 if (ldap_info && hf_index == hf_ldap_requestName &&
2895 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
2896 /* remember we have asked to start_tls */
2897 ldap_info->start_tls_pending = TRUE;
2898 }
2899
2900
2901 return offset;
2902 }
2903
2904
2905
2906 static int
2907 dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2908 #line 731 "./asn1/ldap/ldap.cnf"
2909
2910 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2911 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
2912 } else {
2913 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2914 NULL);
2915
2916 }
2917
2918
2919
2920 return offset;
2921 }
2922
2923
2924 static const ber_sequence_t ExtendedRequest_U_sequence[] = {
2925 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID },
2926 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue },
2927 { NULL, 0, 0, 0, NULL }
2928 };
2929
2930 static int
2931 dissect_ldap_ExtendedRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2932 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2933 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U);
2934
2935 return offset;
2936 }
2937
2938
2939
2940 static int
2941 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2942 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2943 hf_index, BER_CLASS_APP, 23, TRUE, dissect_ldap_ExtendedRequest_U);
2944
2945 return offset;
2946 }
2947
2948
2949 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2950 { 0, "success" },
2951 { 1, "operationsError" },
2952 { 2, "protocolError" },
2953 { 3, "timeLimitExceeded" },
2954 { 4, "sizeLimitExceeded" },
2955 { 5, "compareFalse" },
2956 { 6, "compareTrue" },
2957 { 7, "authMethodNotSupported" },
2958 { 8, "strongAuthRequired" },
2959 { 10, "referral" },
2960 { 11, "adminLimitExceeded" },
2961 { 12, "unavailableCriticalExtension" },
2962 { 13, "confidentialityRequired" },
2963 { 14, "saslBindInProgress" },
2964 { 16, "noSuchAttribute" },
2965 { 17, "undefinedAttributeType" },
2966 { 18, "inappropriateMatching" },
2967 { 19, "constraintViolation" },
2968 { 20, "attributeOrValueExists" },
2969 { 21, "invalidAttributeSyntax" },
2970 { 32, "noSuchObject" },
2971 { 33, "aliasProblem" },
2972 { 34, "invalidDNSyntax" },
2973 { 36, "aliasDereferencingProblem" },
2974 { 48, "inappropriateAuthentication" },
2975 { 49, "invalidCredentials" },
2976 { 50, "insufficientAccessRights" },
2977 { 51, "busy" },
2978 { 52, "unavailable" },
2979 { 53, "unwillingToPerform" },
2980 { 54, "loopDetect" },
2981 { 64, "namingViolation" },
2982 { 65, "objectClassViolation" },
2983 { 66, "notAllowedOnNonLeaf" },
2984 { 67, "notAllowedOnRDN" },
2985 { 68, "entryAlreadyExists" },
2986 { 69, "objectClassModsProhibited" },
2987 { 71, "affectsMultipleDSAs" },
2988 { 80, "other" },
2989 { 118, "canceled" },
2990 { 119, "noSuchOperation" },
2991 { 120, "tooLate" },
2992 { 121, "cannotCancel" },
2993 { 0, NULL }
2994 };
2995
2996
2997 static int
2998 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2999 #line 436 "./asn1/ldap/ldap.cnf"
3000 guint32 resultCode;
3001 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
3002
3003 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3004 &resultCode);
3005 /* If Start TLS request was sent and resultCode is success... */
3006 if (ldap_info && ldap_info->start_tls_pending &&
3007 hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) {
3008 /* The conversation will continue using SSL */
3009 ssl_starttls_ack(find_dissector("tls"), actx->pinfo, ldap_handle);
3010 ldap_info->start_tls_pending = FALSE;
3011 }
3012
3013
3014
3015
3016 return offset;
3017 }
3018
3019
3020
3021 static int
3022 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3023 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3024
3025 return offset;
3026 }
3027
3028
3029
3030 static int
3031 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3032 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3033 NULL);
3034
3035 return offset;
3036 }
3037
3038
3039 static const ber_sequence_t ExtendedResponse_U_sequence[] = {
3040 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode },
3041 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
3042 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
3043 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
3044 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
3045 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3046 { NULL, 0, 0, 0, NULL }
3047 };
3048
3049 static int
3050 dissect_ldap_ExtendedResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3051 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3052 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U);
3053
3054 return offset;
3055 }
3056
3057
3058
3059 static int
3060 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3061 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3062 hf_index, BER_CLASS_APP, 24, TRUE, dissect_ldap_ExtendedResponse_U);
3063
3064 return offset;
3065 }
3066
3067
3068
3069 static int
3070 dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3071 #line 739 "./asn1/ldap/ldap.cnf"
3072
3073 const gchar *name;
3074
3075
3076 #line 743 "./asn1/ldap/ldap.cnf"
3077 if(ldm_tree && object_identifier_id) {
3078 proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
3079 name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
3080 if(name)
3081 proto_item_append_text(ldm_tree, " (%s)", name);
3082 }
3083 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3084 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
3085 } else {
3086 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3087 NULL);
3088
3089 }
3090
3091
3092
3093 return offset;
3094 }
3095
3096
3097 static const ber_sequence_t IntermediateResponse_U_sequence[] = {
3098 { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
3099 { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue },
3100 { NULL, 0, 0, 0, NULL }
3101 };
3102
3103 static int
3104 dissect_ldap_IntermediateResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3105 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3106 IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U);
3107
3108 return offset;
3109 }
3110
3111
3112
3113 static int
3114 dissect_ldap_IntermediateResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3115 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3116 hf_index, BER_CLASS_APP, 25, TRUE, dissect_ldap_IntermediateResponse_U);
3117
3118 return offset;
3119 }
3120
3121
3122 static const value_string ldap_ProtocolOp_vals[] = {
3123 { 0, "bindRequest" },
3124 { 1, "bindResponse" },
3125 { 2, "unbindRequest" },
3126 { 3, "searchRequest" },
3127 { 4, "searchResEntry" },
3128 { 5, "searchResDone" },
3129 { 19, "searchResRef" },
3130 { 6, "modifyRequest" },
3131 { 7, "modifyResponse" },
3132 { 8, "addRequest" },
3133 { 9, "addResponse" },
3134 { 10, "delRequest" },
3135 { 11, "delResponse" },
3136 { 12, "modDNRequest" },
3137 { 13, "modDNResponse" },
3138 { 14, "compareRequest" },
3139 { 15, "compareResponse" },
3140 { 16, "abandonRequest" },
3141 { 23, "extendedReq" },
3142 { 24, "extendedResp" },
3143 { 25, "intermediateResponse" },
3144 { 0, NULL }
3145 };
3146
3147 static const ber_choice_t ProtocolOp_choice[] = {
3148 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest },
3149 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse },
3150 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest },
3151 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest },
3152 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry },
3153 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone },
3154 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference },
3155 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest },
3156 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse },
3157 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest },
3158 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse },
3159 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest },
3160 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse },
3161 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest },
3162 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse },
3163 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest },
3164 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse },
3165 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest },
3166 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest },
3167 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse },
3168 { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse },
3169 { 0, NULL, 0, 0, 0, NULL }
3170 };
3171
3172 static int
3173 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3174 #line 99 "./asn1/ldap/ldap.cnf"
3175
3176 ldap_call_response_t *lcrp;
3177 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
3178 do_protocolop = TRUE;
3179
3180
3181 offset = dissect_ber_choice(actx, tree, tvb, offset,
3182 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
3183 &ProtocolOp);
3184
3185 #line 105 "./asn1/ldap/ldap.cnf"
3186
3187 if (ProtocolOp == -1) {
3188 return offset;
3189 }
3190
3191 /* ProtocolOp is the index, not the tag so convert it to the tag value */
3192 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
3193
3194 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info);
3195 if(lcrp){
3196 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
3197 }
3198
3199 /* XXX: the count will not work if the results span multiple TCP packets */
3200
3201 if(ldap_info) { /* only count once */
3202 switch(ProtocolOp) {
3203
3204 case LDAP_RES_SEARCH_ENTRY:
3205 if (!actx->pinfo->fd->visited)
3206 ldap_info->num_results++;
3207
3208 proto_item_append_text(tree, " [%d result%s]",
3209 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3210
3211 break;
3212
3213 case LDAP_RES_SEARCH_RESULT:
3214
3215 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
3216 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3217
3218 proto_item_append_text(tree, " [%d result%s]",
3219 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3220
3221 break;
3222 default:
3223 break;
3224 }
3225 }
3226
3227
3228
3229 return offset;
3230 }
3231
3232
3233
3234 static int
3235 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3236 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3237
3238 return offset;
3239 }
3240
3241
3242
3243 static int
3244 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3245 #line 712 "./asn1/ldap/ldap.cnf"
3246 gint8 ber_class;
3247 gboolean pc, ind;
3248 gint32 tag;
3249 guint32 len;
3250
3251 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3252 /* remove the OCTET STRING encoding */
3253 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
3254 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
3255
3256 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
3257
3258 offset += len;
3259 } else {
3260 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3261 NULL);
3262
3263 }
3264
3265
3266
3267
3268 return offset;
3269 }
3270
3271
3272 static const ber_sequence_t Control_sequence[] = {
3273 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType },
3274 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3275 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue },
3276 { NULL, 0, 0, 0, NULL }
3277 };
3278
3279 static int
3280 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3281 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3282 Control_sequence, hf_index, ett_ldap_Control);
3283
3284 return offset;
3285 }
3286
3287
3288 static const ber_sequence_t Controls_sequence_of[1] = {
3289 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control },
3290 };
3291
3292 static int
3293 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3294 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3295 Controls_sequence_of, hf_index, ett_ldap_Controls);
3296
3297 return offset;
3298 }
3299
3300
3301 static const ber_sequence_t LDAPMessage_sequence[] = {
3302 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3303 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp },
3304 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls },
3305 { NULL, 0, 0, 0, NULL }
3306 };
3307
3308 static int
3309 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3310 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3311 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
3312
3313 return offset;
3314 }
3315
3316
3317
3318
3319
3320 static int
3321 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3322 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3323 NULL);
3324
3325 return offset;
3326 }
3327
3328
3329 static const ber_sequence_t SearchControlValue_sequence[] = {
3330 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3331 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3332 { NULL, 0, 0, 0, NULL }
3333 };
3334
3335 static int
3336 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3337 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3338 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
3339
3340 return offset;
3341 }
3342
3343
3344 static const ber_sequence_t SortKeyList_item_sequence[] = {
3345 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
3346 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
3347 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN },
3348 { NULL, 0, 0, 0, NULL }
3349 };
3350
3351 static int
3352 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3353 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3354 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
3355
3356 return offset;
3357 }
3358
3359
3360 static const ber_sequence_t SortKeyList_sequence_of[1] = {
3361 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item },
3362 };
3363
3364 static int
3365 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3366 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3367 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
3368
3369 return offset;
3370 }
3371
3372
3373 static const value_string ldap_T_sortResult_vals[] = {
3374 { 0, "success" },
3375 { 1, "operationsError" },
3376 { 3, "timeLimitExceeded" },
3377 { 8, "strongAuthRequired" },
3378 { 11, "adminLimitExceeded" },
3379 { 16, "noSuchAttribute" },
3380 { 18, "inappropriateMatching" },
3381 { 50, "insufficientAccessRights" },
3382 { 51, "busy" },
3383 { 53, "unwillingToPerform" },
3384 { 80, "other" },
3385 { 0, NULL }
3386 };
3387
3388
3389 static int
3390 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3391 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3392 NULL);
3393
3394 return offset;
3395 }
3396
3397
3398 static const ber_sequence_t SortResult_sequence[] = {
3399 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult },
3400 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
3401 { NULL, 0, 0, 0, NULL }
3402 };
3403
3404 static int
3405 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3406 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3407 SortResult_sequence, hf_index, ett_ldap_SortResult);
3408
3409 return offset;
3410 }
3411
3412
3413
3414 static int
3415 dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3416 #line 756 "./asn1/ldap/ldap.cnf"
3417 gint8 ber_class;
3418 gboolean pc;
3419 gint32 tag;
3420 guint32 len;
3421 gint32 val;
3422
3423 int otheroffset = offset;
3424 if(!implicit_tag){
3425 dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
3426 otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
3427 } else {
3428 gint32 remaining=tvb_reported_length_remaining(tvb, offset);
3429 len=remaining>0 ? remaining : 0;
3430 }
3431
3432 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
3433
3434 if (val >0) {
3435 static int * const flags[] = {
3436 &hf_ldap_object_security_flag,
3437 &hf_ldap_ancestor_first_flag,
3438 &hf_ldap_public_data_only_flag,
3439 &hf_ldap_incremental_value_flag,
3440 NULL
3441 };
3442
3443 proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index,
3444 ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND);
3445 } else {
3446 proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
3447 }
3448
3449
3450
3451 return offset;
3452 }
3453
3454
3455 static const ber_sequence_t DirSyncControlValue_sequence[] = {
3456 { &hf_ldap_flags , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_DirSyncFlags },
3457 { &hf_ldap_maxBytes , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3458 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3459 { NULL, 0, 0, 0, NULL }
3460 };
3461
3462 static int
3463 dissect_ldap_DirSyncControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3464 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3465 DirSyncControlValue_sequence, hf_index, ett_ldap_DirSyncControlValue);
3466
3467 return offset;
3468 }
3469
3470
3471 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = {
3472 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3473 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3474 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3475 { NULL, 0, 0, 0, NULL }
3476 };
3477
3478 static int
3479 dissect_ldap_PasswdModifyRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3480 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3481 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue);
3482
3483 return offset;
3484 }
3485
3486
3487 static const ber_sequence_t CancelRequestValue_sequence[] = {
3488 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3489 { NULL, 0, 0, 0, NULL }
3490 };
3491
3492 static int
3493 dissect_ldap_CancelRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3494 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3495 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue);
3496
3497 return offset;
3498 }
3499
3500
3501 static const value_string ldap_T_mode_vals[] = {
3502 { 1, "refreshOnly" },
3503 { 3, "refreshAndPersist" },
3504 { 0, NULL }
3505 };
3506
3507
3508 static int
3509 dissect_ldap_T_mode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3510 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3511 NULL);
3512
3513 return offset;
3514 }
3515
3516
3517 static const ber_sequence_t SyncRequestValue_sequence[] = {
3518 { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode },
3519 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3520 { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3521 { NULL, 0, 0, 0, NULL }
3522 };
3523
3524 static int
3525 dissect_ldap_SyncRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3526 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3527 SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue);
3528
3529 return offset;
3530 }
3531
3532
3533 static const value_string ldap_T_state_vals[] = {
3534 { 0, "present" },
3535 { 1, "add" },
3536 { 2, "modify" },
3537 { 3, "delete" },
3538 { 0, NULL }
3539 };
3540
3541
3542 static int
3543 dissect_ldap_T_state(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3544 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3545 NULL);
3546
3547 return offset;
3548 }
3549
3550
3551
3552 static int
3553 dissect_ldap_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3554 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3555 NULL);
3556
3557 return offset;
3558 }
3559
3560
3561 static const ber_sequence_t SyncStateValue_sequence[] = {
3562 { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state },
3563 { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3564 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3565 { NULL, 0, 0, 0, NULL }
3566 };
3567
3568 static int
3569 dissect_ldap_SyncStateValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3570 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3571 SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue);
3572
3573 return offset;
3574 }
3575
3576
3577 static const ber_sequence_t SyncDoneValue_sequence[] = {
3578 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3579 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3580 { NULL, 0, 0, 0, NULL }
3581 };
3582
3583 static int
3584 dissect_ldap_SyncDoneValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3585 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3586 SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue);
3587
3588 return offset;
3589 }
3590
3591
3592 static const ber_sequence_t T_refreshDelete_sequence[] = {
3593 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3594 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3595 { NULL, 0, 0, 0, NULL }
3596 };
3597
3598 static int
3599 dissect_ldap_T_refreshDelete(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3600 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3601 T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete);
3602
3603 return offset;
3604 }
3605
3606
3607 static const ber_sequence_t T_refreshPresent_sequence[] = {
3608 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3609 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3610 { NULL, 0, 0, 0, NULL }
3611 };
3612
3613 static int
3614 dissect_ldap_T_refreshPresent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3615 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3616 T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent);
3617
3618 return offset;
3619 }
3620
3621
3622 static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = {
3623 { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3624 };
3625
3626 static int
3627 dissect_ldap_SET_OF_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3628 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
3629 SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID);
3630
3631 return offset;
3632 }
3633
3634
3635 static const ber_sequence_t T_syncIdSet_sequence[] = {
3636 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3637 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3638 { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID },
3639 { NULL, 0, 0, 0, NULL }
3640 };
3641
3642 static int
3643 dissect_ldap_T_syncIdSet(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3644 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3645 T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet);
3646
3647 return offset;
3648 }
3649
3650
3651 static const value_string ldap_SyncInfoValue_vals[] = {
3652 { 0, "newcookie" },
3653 { 1, "refreshDelete" },
3654 { 2, "refreshPresent" },
3655 { 3, "syncIdSet" },
3656 { 0, NULL }
3657 };
3658
3659 static const ber_choice_t SyncInfoValue_choice[] = {
3660 { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3661 { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete },
3662 { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent },
3663 { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet },
3664 { 0, NULL, 0, 0, 0, NULL }
3665 };
3666
3667 static int
3668 dissect_ldap_SyncInfoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3669 offset = dissect_ber_choice(actx, tree, tvb, offset,
3670 SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue,
3671 NULL);
3672
3673 return offset;
3674 }
3675
3676
3677 static const value_string ldap_T_warning_vals[] = {
3678 { 0, "timeBeforeExpiration" },
3679 { 1, "graceAuthNsRemaining" },
3680 { 0, NULL }
3681 };
3682
3683 static const ber_choice_t T_warning_choice[] = {
3684 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3685 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3686 { 0, NULL, 0, 0, 0, NULL }
3687 };
3688
3689 static int
3690 dissect_ldap_T_warning(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3691 offset = dissect_ber_choice(actx, tree, tvb, offset,
3692 T_warning_choice, hf_index, ett_ldap_T_warning,
3693 NULL);
3694
3695 return offset;
3696 }
3697
3698
3699 static const value_string ldap_T_error_vals[] = {
3700 { 0, "passwordExpired" },
3701 { 1, "accountLocked" },
3702 { 2, "changeAfterReset" },
3703 { 3, "passwordModNotAllowed" },
3704 { 4, "mustSupplyOldPassword" },
3705 { 5, "insufficientPasswordQuality" },
3706 { 6, "passwordTooShort" },
3707 { 7, "passwordTooYoung" },
3708 { 8, "passwordInHistory" },
3709 { 0, NULL }
3710 };
3711
3712
3713 static int
3714 dissect_ldap_T_error(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3715 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3716 NULL);
3717
3718 return offset;
3719 }
3720
3721
3722 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = {
3723 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning },
3724 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error },
3725 { NULL, 0, 0, 0, NULL }
3726 };
3727
3728 static int
3729 dissect_ldap_PasswordPolicyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3730 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3731 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue);
3732
3733 return offset;
3734 }
3735
3736 /*--- PDUs ---*/
3737
3738 static int dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3739 int offset = 0;
3740 asn1_ctx_t asn1_ctx;
3741 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3742 offset = dissect_ldap_SearchControlValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU);
3743 return offset;
3744 }
3745 static int dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3746 int offset = 0;
3747 asn1_ctx_t asn1_ctx;
3748 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3749 offset = dissect_ldap_SortKeyList(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU);
3750 return offset;
3751 }
3752 static int dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3753 int offset = 0;
3754 asn1_ctx_t asn1_ctx;
3755 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3756 offset = dissect_ldap_SortResult(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SortResult_PDU);
3757 return offset;
3758 }
3759 static int dissect_DirSyncControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3760 int offset = 0;
3761 asn1_ctx_t asn1_ctx;
3762 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3763 offset = dissect_ldap_DirSyncControlValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_DirSyncControlValue_PDU);
3764 return offset;
3765 }
3766 static int dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3767 int offset = 0;
3768 asn1_ctx_t asn1_ctx;
3769 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3770 offset = dissect_ldap_PasswdModifyRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU);
3771 return offset;
3772 }
3773 static int dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3774 int offset = 0;
3775 asn1_ctx_t asn1_ctx;
3776 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3777 offset = dissect_ldap_CancelRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU);
3778 return offset;
3779 }
3780 static int dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3781 int offset = 0;
3782 asn1_ctx_t asn1_ctx;
3783 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3784 offset = dissect_ldap_SyncRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU);
3785 return offset;
3786 }
3787 static int dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3788 int offset = 0;
3789 asn1_ctx_t asn1_ctx;
3790 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3791 offset = dissect_ldap_SyncStateValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU);
3792 return offset;
3793 }
3794 static int dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3795 int offset = 0;
3796 asn1_ctx_t asn1_ctx;
3797 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3798 offset = dissect_ldap_SyncDoneValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU);
3799 return offset;
3800 }
3801 static int dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3802 int offset = 0;
3803 asn1_ctx_t asn1_ctx;
3804 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3805 offset = dissect_ldap_SyncInfoValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU);
3806 return offset;
3807 }
3808 static int dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3809 int offset = 0;
3810 asn1_ctx_t asn1_ctx;
3811 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3812 offset = dissect_ldap_PasswordPolicyResponseValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU);
3813 return offset;
3814 }
3815
3816
3817 /*--- End of included file: packet-ldap-fn.c ---*/
3818 #line 909 "./asn1/ldap/packet-ldap-template.c"
3819 static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) {
3820
3821 int offset = 0;
3822 asn1_ctx_t asn1_ctx;
3823 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3824
3825 asn1_ctx.private_data = ldap_info;
3826 offset = dissect_ldap_LDAPMessage(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU);
3827 return offset;
3828 }
3829
3830 static void
3831 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3832 proto_tree *tree, ldap_conv_info_t *ldap_info,
3833 gboolean is_mscldap)
3834 {
3835 int offset = 0;
3836 guint length_remaining;
3837 guint msg_len = 0;
3838 int messageOffset = 0;
3839 guint headerLength = 0;
3840 guint length = 0;
3841 tvbuff_t *msg_tvb = NULL;
3842 gint8 ber_class;
3843 gboolean pc, ind = 0;
3844 gint32 ber_tag;
3845
3846 attributedesc_string=NULL;
3847
3848
3849 one_more_pdu:
3850
3851 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
3852
3853 if (length_remaining < 6) return;
3854
3855 /*
3856 * OK, try to read the "Sequence Of" header; this gets the total
3857 * length of the LDAP message.
3858 */
3859 messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag);
3860 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
3861
3862 /* sanity check */
3863 if((msg_len<4) || (msg_len>10000000)) return;
3864
3865 if ( (ber_class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
3866 /*
3867 * Add the length of the "Sequence Of" header to the message
3868 * length.
3869 */
3870 headerLength = messageOffset - offset;
3871 msg_len += headerLength;
3872 if (msg_len < headerLength) {
3873 /*
3874 * The message length was probably so large that the total length
3875 * overflowed.
3876 *
3877 * Report this as an error.
3878 */
3879 show_reported_bounds_error(tvb, pinfo, tree);
3880 return;
3881 }
3882 } else {
3883 /*
3884 * We couldn't parse the header; just make it the amount of data
3885 * remaining in the tvbuff, so we'll give up on this segment
3886 * after attempting to parse the message - there's nothing more
3887 * we can do. "dissect_ldap_message()" will display the error.
3888 */
3889 msg_len = length_remaining;
3890 }
3891
3892 /*
3893 * Construct a tvbuff containing the amount of the payload we have
3894 * available. Make its reported length the amount of data in the
3895 * LDAP message.
3896 *
3897 * XXX - if reassembly isn't enabled. the subdissector will throw a
3898 * BoundsError exception, rather than a ReportedBoundsError exception.
3899 * We really want a tvbuff where the length is "length", the reported
3900 * length is "plen", and the "if the snapshot length were infinite"
3901 * length is the minimum of the reported length of the tvbuff handed
3902 * to us and "plen", with a new type of exception thrown if the offset
3903 * is within the reported length but beyond that third length, with
3904 * that exception getting the "Unreassembled Packet" error.
3905 */
3906 length = length_remaining;
3907 if (length > msg_len) length = msg_len;
3908 msg_tvb = tvb_new_subset_length_caplen(tvb, offset, length, msg_len);
3909
3910 /*
3911 * Now dissect the LDAP message.
3912 */
3913 ldap_info->is_mscldap = is_mscldap;
3914 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree, ldap_info);
3915
3916 offset += msg_len;
3917
3918 /* If this was a sasl blob there might be another PDU following in the
3919 * same blob
3920 */
3921 if(tvb_reported_length_remaining(tvb, offset)>=6){
3922 tvb = tvb_new_subset_remaining(tvb, offset);
3923 offset = 0;
3924
3925 goto one_more_pdu;
3926 }
3927
3928 }
3929
3930 static void
3931 ldap_frame_end(void)
3932 {
3933 ldap_found_in_frame = FALSE;
3934 attr_type = NULL;
3935 ldapvalue_string = NULL;
3936 /* ? */
3937 attributedesc_string = NULL;
3938 Filter_string = NULL;
3939 and_filter_string = NULL;
3940 object_identifier_id = NULL;
3941 or_filter_string = NULL;
3942
3943 substring_item_any = NULL;
3944 substring_item_final = NULL;
3945 substring_item_init = NULL;
3946 substring_value = NULL;
3947
3948 ldm_tree = NULL;
3949
3950 Filter_elements = 0;
3951 Filter_length = 0;
3952 do_protocolop = FALSE;
3953 result = 0;
3954
3955 /* seems to be ok, but reset just in case */
3956 matching_rule_string = NULL;
3957 }
3958
3959 static void
3960 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3961 {
3962 int offset = 0;
3963 conversation_t *conversation;
3964 gboolean doing_sasl_security = FALSE;
3965 guint length_remaining;
3966 ldap_conv_info_t *ldap_info = NULL;
3967 proto_item *ldap_item = NULL;
3968 proto_tree *ldap_tree = NULL;
3969
3970 ldm_tree = NULL;
3971
3972 conversation = find_or_create_conversation(pinfo);
3973
3974 /*
3975 * Do we already have a type and mechanism?
3976 */
3977 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
3978 if (ldap_info == NULL) {
3979 /* No. Attach that information to the conversation, and add
3980 * it to the list of information structures.
3981 */
3982 ldap_info = wmem_new0(wmem_file_scope(), ldap_conv_info_t);
3983 ldap_info->matched=wmem_map_new(wmem_file_scope(), ldap_info_hash_matched, ldap_info_equal_matched);
3984 ldap_info->unmatched=wmem_map_new(wmem_file_scope(), ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3985
3986 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3987 }
3988
3989 switch (ldap_info->auth_type) {
3990 case LDAP_AUTH_SASL:
3991 /*
3992 * It's SASL; are we using a security layer?
3993 */
3994 if (ldap_info->first_auth_frame != 0 &&
3995 pinfo->num >= ldap_info->first_auth_frame) {
3996 doing_sasl_security = TRUE; /* yes */
3997 }
3998 }
3999
4000 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
4001
4002 /* It might still be a packet containing a SASL security layer
4003 * but it's just that we never saw the BIND packet.
4004 * check if it looks like it could be a SASL blob here
4005 * and in that case just assume it is GSS-SPNEGO
4006 */
4007 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
4008 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
4009 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
4010 ldap_info->auth_type=LDAP_AUTH_SASL;
4011 ldap_info->first_auth_frame=pinfo->num;
4012 ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
4013 doing_sasl_security=TRUE;
4014 }
4015
4016 /*
4017 * This is the first PDU, set the Protocol column and clear the
4018 * Info column.
4019 */
4020 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
4021
4022 if(ldap_found_in_frame) {
4023 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
4024 col_append_str(pinfo->cinfo, COL_INFO, " | ");
4025 col_set_fence(pinfo->cinfo, COL_INFO);
4026 } else {
4027 col_clear(pinfo->cinfo, COL_INFO);
4028 register_frame_end_routine (pinfo, ldap_frame_end);
4029 ldap_found_in_frame = TRUE;
4030 }
4031
4032 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA);
4033 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
4034
4035 /*
4036 * Might we be doing a SASL security layer and, if so, *are* we doing
4037 * one?
4038 *
4039 * Just because we've seen a bind reply for SASL, that doesn't mean
4040 * that we're using a SASL security layer; I've seen captures in
4041 * which some SASL negotiations lead to a security layer being used
4042 * and other negotiations don't, and it's not obvious what's different
4043 * in the two negotiations. Therefore, we assume that if the first
4044 * byte is 0, it's a length for a SASL security layer (that way, we
4045 * never reassemble more than 16 megabytes, protecting us from
4046 * chewing up *too* much memory), and otherwise that it's an LDAP
4047 * message (actually, if it's an LDAP message it should begin with 0x30,
4048 * but we want to parse garbage as LDAP messages rather than really
4049 * huge lengths).
4050 */
4051
4052 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
4053 proto_tree *sasl_tree;
4054 tvbuff_t *sasl_tvb;
4055 guint sasl_len, sasl_msg_len, length;
4056 /*
4057 * Yes. The frame begins with a 4-byte big-endian length.
4058 * And we know we have at least 6 bytes
4059 */
4060
4061 /*
4062 * Get the SASL length, which is the length of data in the buffer
4063 * following the length (i.e., it's 4 less than the total length).
4064 *
4065 * XXX - do we need to reassemble buffers? For now, we
4066 * assume that each LDAP message is entirely contained within
4067 * a buffer.
4068 */
4069 sasl_len = tvb_get_ntohl(tvb, offset);
4070 sasl_msg_len = sasl_len + 4;
4071 if (sasl_msg_len < 4) {
4072 /*
4073 * The message length was probably so large that the total length
4074 * overflowed.
4075 *
4076 * Report this as an error.
4077 */
4078 show_reported_bounds_error(tvb, pinfo, tree);
4079 return;
4080 }
4081
4082 /*
4083 * Construct a tvbuff containing the amount of the payload we have
4084 * available. Make its reported length the amount of data in the PDU.
4085 *
4086 * XXX - if reassembly isn't enabled. the subdissector will throw a
4087 * BoundsError exception, rather than a ReportedBoundsError exception.
4088 * We really want a tvbuff where the length is "length", the reported
4089 * length is "plen", and the "if the snapshot length were infinite"
4090 * length is the minimum of the reported length of the tvbuff handed
4091 * to us and "plen", with a new type of exception thrown if the offset
4092 * is within the reported length but beyond that third length, with
4093 * that exception getting the "Unreassembled Packet" error.
4094 */
4095 length = length_remaining;
4096 if (length > sasl_msg_len) length = sasl_msg_len;
4097 sasl_tvb = tvb_new_subset_length_caplen(tvb, offset, length, sasl_msg_len);
4098
4099 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, sasl_len);
4100
4101 sasl_tree = proto_tree_add_subtree(ldap_tree, sasl_tvb, 4, sasl_msg_len - 4, ett_ldap_sasl_blob, NULL, "SASL Buffer");
4102
4103 if (ldap_info->auth_mech != NULL &&
4104 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
4105 /* auth_mech may have been set from the bind */
4106 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
4107 tvbuff_t *gssapi_tvb = NULL;
4108 int ver_len;
4109 int tmp_length;
4110 gssapi_encrypt_info_t gssapi_encrypt;
4111
4112 /*
4113 * This is GSS-API (using SPNEGO, but we should be done with
4114 * the negotiation by now).
4115 *
4116 * Dissect the GSS_Wrap() token; it'll return the length of
4117 * the token, from which we compute the offset in the tvbuff at
4118 * which the plaintext data, i.e. the LDAP message, begins.
4119 */
4120 tmp_length = tvb_reported_length_remaining(sasl_tvb, 4);
4121 if ((guint)tmp_length > sasl_len)
4122 tmp_length = sasl_len;
4123 gssapi_tvb = tvb_new_subset_length_caplen(sasl_tvb, 4, tmp_length, sasl_len);
4124
4125 /* Attempt decryption of the GSSAPI wrapped data if possible */
4126 memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
4127 gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
4128 ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree, &gssapi_encrypt);
4129 /*
4130 * If ver_len is 0, it probably means that we got a PDU that is not
4131 * aligned to the start of the segment.
4132 */
4133 if(ver_len==0){
4134 return;
4135 }
4136 if (gssapi_encrypt.gssapi_decrypted_tvb) {
4137 tvbuff_t *decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;
4138 proto_tree *enc_tree = NULL;
4139
4140 /*
4141 * The LDAP payload (blob) was encrypted and we were able to decrypt it.
4142 * The data was signed via a MIC token, sealed (encrypted), and "wrapped"
4143 * within the mechanism's "blob." Call dissect_ldap_payload to dissect
4144 * one or more LDAPMessages such as searchRequest messages within this
4145 * payload.
4146 */
4147 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
4148
4149 if (sasl_tree) {
4150 guint decr_len = tvb_reported_length(decr_tvb);
4151
4152 enc_tree = proto_tree_add_subtree_format(sasl_tree, decr_tvb, 0, -1,
4153 ett_ldap_payload, NULL, "GSS-API Encrypted payload (%d byte%s)",
4154 decr_len, plurality(decr_len, "", "s"));
4155 }
4156
4157 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
4158 }
4159 else if (gssapi_encrypt.gssapi_data_encrypted) {
4160 /*
4161 * The LDAP message was encrypted but couldn't be decrypted so just display the
4162 * encrypted data all of which is found in Packet Bytes.
4163 */
4164 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
4165 sasl_len-ver_len, plurality(sasl_len-ver_len, "", "s"));
4166
4167 proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
4168 }
4169 else {
4170 tvbuff_t *plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
4171 proto_tree *plain_tree = NULL;
4172
4173 /*
4174 * The payload was not encrypted (sealed) but was signed via a MIC token.
4175 * If krb5_tok_id == KRB_TOKEN_CFX_WRAP, the payload was wrapped within
4176 * the mechanism's blob. Call dissect_ldap_payload to dissect one or more
4177 * LDAPMessages within the payload.
4178 */
4179 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
4180
4181 if (sasl_tree) {
4182 guint plain_len = tvb_reported_length(plain_tvb);
4183
4184 plain_tree = proto_tree_add_subtree_format(sasl_tree, plain_tvb, 0, -1,
4185 ett_ldap_payload, NULL, "GSS-API payload (%d byte%s)",
4186 plain_len, plurality(plain_len, "", "s"));
4187 }
4188
4189 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
4190 }
4191 }
4192 } else {
4193 /*
4194 * The LDAP packet does not contain a SASL security layer. Such messages are typically sent
4195 * prior to the LDAP "bind" negotiation exchange which establishes the "context" of the session.
4196 * This means the data could neither be "signed" (no data origin auth or data integrity
4197 * check) nor "sealed" (encrypted).
4198 */
4199 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
4200 }
4201 }
4202
4203 /*
4204 * prepend_dot is no longer used, but is being left in place in order to
4205 * maintain ABI compatibility.
4206 */
4207 int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int max_len, gboolean prepend_dot _U_)
4208 {
4209 int compr_len;
4210 const gchar *name;
4211 guint name_len;
4212
4213 /* The name data MUST start at offset 0 of the tvb */
4214 compr_len = get_dns_name(tvb, offset, max_len, 0, &name, &name_len);
4215 g_strlcpy(str, name, max_len);
4216 return offset + compr_len;
4217 }
4218
4219
4220 /* These are the cldap DC flags
4221 http://msdn.microsoft.com/en-us/library/cc201036.aspx
4222 */
4223 static const true_false_string tfs_ads_pdc = {
4224 "This is a PDC",
4225 "This is NOT a pdc"
4226 };
4227 static const true_false_string tfs_ads_gc = {
4228 "This is a GLOBAL CATALOGUE of forest",
4229 "This is NOT a global catalog of forest"
4230 };
4231 static const true_false_string tfs_ads_ldap = {
4232 "This is an LDAP server",
4233 "This is NOT an ldap server"
4234 };
4235 static const true_false_string tfs_ads_ds = {
4236 "This dc supports DS",
4237 "This dc does NOT support ds"
4238 };
4239 static const true_false_string tfs_ads_kdc = {
4240 "This is a KDC (kerberos)",
4241 "This is NOT a kdc (kerberos)"
4242 };
4243 static const true_false_string tfs_ads_timeserv = {
4244 "This dc is running TIME SERVICES (ntp)",
4245 "This dc is NOT running time services (ntp)"
4246 };
4247 static const true_false_string tfs_ads_closest = {
4248 "This server is in the same site as the client",
4249 "This server is NOT in the same site as the client"
4250 };
4251 static const true_false_string tfs_ads_writable = {
4252 "This dc is WRITABLE",
4253 "This dc is NOT writable"
4254 };
4255 static const true_false_string tfs_ads_good_timeserv = {
4256 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
4257 "This dc does NOT have a good time service (i.e. no hardware clock)"
4258 };
4259 static const true_false_string tfs_ads_ndnc = {
4260 "Domain is NON-DOMAIN NC serviced by ldap server",
4261 "Domain is NOT non-domain nc serviced by ldap server"
4262 };
4263 static const true_false_string tfs_ads_rodc = {
4264 "Domain controller is a Windows 2008 RODC",
4265 "Domain controller is not a Windows 2008 RODC"
4266 };
4267 static const true_false_string tfs_ads_wdc = {
4268 "Domain controller is a Windows 2008 writable NC",
4269 "Domain controller is not a Windows 2008 writable NC"
4270 };
4271 static const true_false_string tfs_ads_dns = {
4272 "Server name is in DNS format (Windows 2008)",
4273 "Server name is not in DNS format (Windows 2008)"
4274 };
4275 static const true_false_string tfs_ads_dnc = {
4276 "The NC is the default NC (Windows 2008)",
4277 "The NC is not the default NC (Windows 2008)"
4278 };
4279 static const true_false_string tfs_ads_fnc = {
4280 "The NC is the default forest NC(Windows 2008)",
4281 "The NC is not the default forest NC (Windows 2008)"
4282 };
4283 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
4284 {
4285 static int * const flags[] = {
4286 &hf_mscldap_netlogon_flags_fnc,
4287 &hf_mscldap_netlogon_flags_dnc,
4288 &hf_mscldap_netlogon_flags_dns,
4289 &hf_mscldap_netlogon_flags_wdc,
4290 &hf_mscldap_netlogon_flags_rodc,
4291 &hf_mscldap_netlogon_flags_ndnc,
4292 &hf_mscldap_netlogon_flags_good_timeserv,
4293 &hf_mscldap_netlogon_flags_writable,
4294 &hf_mscldap_netlogon_flags_closest,
4295 &hf_mscldap_netlogon_flags_timeserv,
4296 &hf_mscldap_netlogon_flags_kdc,
4297 &hf_mscldap_netlogon_flags_ds,
4298 &hf_mscldap_netlogon_flags_ldap,
4299 &hf_mscldap_netlogon_flags_gc,
4300 &hf_mscldap_netlogon_flags_pdc,
4301 NULL
4302 };
4303
4304 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_netlogon_flags,
4305 ett_mscldap_netlogon_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
4306 offset += 4;
4307
4308 return offset;
4309 }
4310
4311 static int dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4312 {
4313 int old_offset, offset=0;
4314 char str[256];
4315 guint16 itype;
4316 guint16 len;
4317 guint32 version;
4318 int fn_len;
4319 proto_item *item;
4320
4321 ldm_tree = NULL;
4322
4323
4324 /* Get the length of the buffer */
4325 len=tvb_reported_length_remaining(tvb,offset);
4326
4327 /* check the len if it is to small return */
4328 if (len < 10)
4329 return tvb_captured_length(tvb);
4330
4331 /* Type */
4332 proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4333 itype = tvb_get_letohs(tvb, offset);
4334 offset += 2;
4335
4336 switch(itype){
4337
4338 case LOGON_SAM_LOGON_RESPONSE:
4339 /* logon server name; must be aligned on a 2-byte boundary */
4340 if ((offset & 1) != 0) {
4341 offset++;
4342 }
4343 proto_tree_add_item_ret_length(tree, hf_mscldap_nb_hostname_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len);
4344 offset +=fn_len;
4345
4346 /* username; must be aligned on a 2-byte boundary */
4347 if ((offset & 1) != 0) {
4348 offset++;
4349 }
4350 proto_tree_add_item_ret_length(tree, hf_mscldap_username_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len);
4351 offset +=fn_len;
4352
4353 /* domain name; must be aligned on a 2-byte boundary */
4354 if ((offset & 1) != 0) {
4355 offset++;
4356 }
4357 proto_tree_add_item_ret_length(tree, hf_mscldap_nb_domain_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len);
4358 offset +=fn_len;
4359
4360 /* get the version number from the end of the buffer, as the
4361 length is variable and the version determines what fields
4362 need to be decoded */
4363 version = tvb_get_letohl(tvb,len-8);
4364
4365 /* include the extra version 5 fields */
4366 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){
4367
4368 /* domain guid */
4369 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4370 offset += 16;
4371
4372 /* domain guid part 2
4373 there is another 16 byte guid but this is alway zero, so we will skip it */
4374 offset += 16;
4375
4376 /* Forest */
4377 old_offset=offset;
4378 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4379 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4380
4381 /* Domain */
4382 old_offset=offset;
4383 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4384 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4385
4386 /* Hostname */
4387 old_offset=offset;
4388 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4389 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4390
4391 /* DC IP Address */
4392 proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, ENC_BIG_ENDIAN);
4393 offset += 4;
4394
4395 /* Flags */
4396 dissect_mscldap_netlogon_flags(tree, tvb, offset);
4397 }
4398
4399 break;
4400
4401 case LOGON_SAM_LOGON_RESPONSE_EX:
4402 /* MS-ADTS 6.3.1.9 */
4403 offset += 2; /* Skip over "Sbz" field (MUST be set to 0) */
4404
4405 /* Flags */
4406 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4407
4408 /* Domain GUID */
4409 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4410 offset += 16;
4411
4412 /* Forest */
4413 old_offset=offset;
4414 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4415 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4416
4417 /* Domain */
4418 old_offset=offset;
4419 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4420 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4421
4422 /* Hostname */
4423 old_offset=offset;
4424 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4425 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4426
4427 /* NetBIOS Domain */
4428 old_offset=offset;
4429 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4430 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
4431
4432 /* NetBIOS Hostname */
4433 old_offset=offset;
4434 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4435 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
4436
4437 /* User */
4438 old_offset=offset;
4439 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4440 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
4441
4442 /* Server Site */
4443 old_offset=offset;
4444 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4445 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
4446
4447 /* Client Site */
4448 old_offset=offset;
4449 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4450 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
4451
4452 /* get the version number from the end of the buffer, as the
4453 length is variable and the version determines what fields
4454 need to be decoded */
4455 version = tvb_get_letohl(tvb,len-8);
4456
4457 /* include the extra fields for version 5 with IP s */
4458 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){
4459 /* The ip address is returned as a sockaddr_in structure
4460 *
4461 * This section may need to be updated if the base Windows APIs
4462 * are changed to support ipv6, which currently is not the case.
4463 *
4464 * The desector assumes the length is based on ipv4 and
4465 * ignores the length
4466 */
4467
4468 /* skip the length of the sockaddr_in */
4469
4470 offset +=1;
4471
4472 /* add IP address and desect the sockaddr_in structure */
4473
4474 old_offset = offset + 4;
4475 item = proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, ENC_BIG_ENDIAN);
4476
4477 if (tree) {
4478 proto_tree *subtree;
4479
4480 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails);
4481
4482 /* get sockaddr family */
4483 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4484 offset +=2;
4485
4486 /* get sockaddr port */
4487 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4488 offset +=2;
4489
4490 /* get IP address */
4491 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
4492 }
4493
4494 }
4495
4496 break;
4497 }
4498
4499
4500 /* complete the decode with the version and token details */
4501
4502 offset = len - 8;
4503
4504 /* NETLOGON_NT_VERISON Options (MS-ADTS 6.3.1.1) */
4505 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
4506
4507 /* LM Token */
4508 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4509 offset += 2;
4510
4511 /* NT Token */
4512 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4513
4514 return tvb_captured_length(tvb);
4515 }
4516
4517
4518 static guint
4519 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
4520 int offset, void *data _U_)
4521 {
4522 /* sasl encapsulated ldap is 4 bytes plus the length in size */
4523 return tvb_get_ntohl(tvb, offset)+4;
4524 }
4525
4526 static int
4527 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4528 {
4529 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4530 return tvb_captured_length(tvb);
4531 }
4532
4533 static guint
4534 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
4535 int offset, void *data _U_)
4536 {
4537 guint32 len;
4538 gboolean ind;
4539 int data_offset;
4540
4541 /* normal ldap is tag+len bytes plus the length
4542 * offset is where the tag is
4543 * offset+1 is where length starts
4544 */
4545 data_offset=get_ber_length(tvb, offset+1, &len, &ind);
4546 return len+data_offset-offset;
4547 }
4548
4549 static int
4550 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4551 {
4552 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4553 return tvb_captured_length(tvb);
4554 }
4555
4556 static int
4557 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4558 {
4559 char *oid;
4560 const char *oidname;
4561
4562 /* tvb here contains an ascii string that is really an oid */
4563 /* XXX we should convert the string oid into a real oid so we can use
4564 * proto_tree_add_oid() instead.
4565 */
4566
4567 oid=tvb_get_string_enc(wmem_packet_scope(), tvb, 0, tvb_reported_length(tvb), ENC_UTF_8|ENC_NA);
4568 if(!oid){
4569 return tvb_captured_length(tvb);
4570 }
4571
4572 oidname=oid_resolved_from_string(wmem_packet_scope(), oid);
4573
4574 if(oidname){
4575 proto_tree_add_string_format_value(tree, hf_ldap_oid, tvb, 0, tvb_reported_length(tvb), oid, "%s (%s)",oid,oidname);
4576 } else {
4577 proto_tree_add_string(tree, hf_ldap_oid, tvb, 0, tvb_captured_length(tvb), oid);
4578 }
4579 return tvb_captured_length(tvb);
4580 }
4581
4582 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
4583 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
4584 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
4585 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
4586 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
4587 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
4588 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
4589 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
4590 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
4591
4592 static void
4593 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
4594 {
4595 static int * const access_flags[] = {
4596 &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
4597 &hf_ldap_AccessMask_ADS_LIST_OBJECT,
4598 &hf_ldap_AccessMask_ADS_DELETE_TREE,
4599 &hf_ldap_AccessMask_ADS_WRITE_PROP,
4600 &hf_ldap_AccessMask_ADS_READ_PROP,
4601 &hf_ldap_AccessMask_ADS_SELF_WRITE,
4602 &hf_ldap_AccessMask_ADS_LIST,
4603 &hf_ldap_AccessMask_ADS_DELETE_CHILD,
4604 &hf_ldap_AccessMask_ADS_CREATE_CHILD,
4605 NULL
4606 };
4607
4608 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
4609 }
4610 struct access_mask_info ldap_access_mask_info = {
4611 "LDAP", /* Name of specific rights */
4612 ldap_specific_rights, /* Dissection function */
4613 NULL, /* Generic mapping table */
4614 NULL /* Standard mapping table */
4615 };
4616
4617 static int
4618 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4619 {
4620 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_reported_length(tvb), &ldap_access_mask_info);
4621 return tvb_captured_length(tvb);
4622 }
4623
4624 static int
4625 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4626 {
4627 char *tmpstr;
4628
4629 /* this octet string contains an NT SID */
4630 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
4631 ldapvalue_string=tmpstr;
4632 return tvb_captured_length(tvb);
4633 }
4634
4635 static int
4636 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4637 {
4638 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4639 e_guid_t uuid;
4640
4641 /* This octet string contained a GUID */
4642 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
4643
4644 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
4645 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
4646 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
4647 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
4648 uuid.data4[6], uuid.data4[7]);
4649 return tvb_captured_length(tvb);
4650 }
4651
4652 static int
4653 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
4654 {
4655 guint32 sasl_len;
4656 guint32 ldap_len;
4657 gboolean ind;
4658 conversation_t *conversation;
4659 ldap_conv_info_t *ldap_info = NULL;
4660
4661 /*
4662 * Do we have a conversation for this connection?
4663 */
4664 conversation = find_conversation_pinfo(pinfo, 0);
4665 if(conversation){
4666 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
4667 }
4668
4669 ldm_tree = NULL;
4670
4671 /* This is a bit tricky. We have to find out whether SASL is used
4672 * so that we know how big a header we are supposed to pass
4673 * to tcp_dissect_pdus()
4674 * We must also cope with the case when a client connects to LDAP
4675 * and performs a few unauthenticated searches of LDAP before
4676 * it performs the bind on the same tcp connection.
4677 */
4678 /* check for a SASL header, i.e. assume it is SASL if
4679 * 1, first four bytes (SASL length) is an integer
4680 * with a value that must be <LDAP_SASL_MAX_BUF and >2
4681 * (>2 to fight false positives, 0x00000000 is a common
4682 * "random" tcp payload)
4683 * (SASL ldap PDUs might be >64k in size, which is why
4684 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
4685 *
4686 * 2, we must have a conversation and the auth type must
4687 * be LDAP_AUTH_SASL
4688 */
4689 sasl_len=tvb_get_ntohl(tvb, 0);
4690
4691 if( sasl_len<2 ){
4692 goto this_was_not_sasl;
4693 }
4694
4695 if( sasl_len>LDAP_SASL_MAX_BUF ){
4696 goto this_was_not_sasl;
4697 }
4698
4699 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
4700 goto this_was_not_sasl;
4701 }
4702
4703 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4704 return tvb_captured_length(tvb);
4705
4706 this_was_not_sasl:
4707 /* check if it is a normal BER encoded LDAP packet
4708 * i.e. first byte is 0x30 followed by a length that is
4709 * <64k
4710 * (no ldap PDUs are ever >64kb? )
4711 */
4712 if(tvb_get_guint8(tvb, 0)!=0x30){
4713 goto this_was_not_normal_ldap;
4714 }
4715
4716 /* check that length makes sense */
4717 get_ber_length(tvb, 1, &ldap_len, &ind);
4718
4719 /* don't check ind since indefinite length is never used for ldap (famous last words)*/
4720 if(ldap_len<2){
4721 goto this_was_not_normal_ldap;
4722 }
4723
4724 /*
4725 * The minimum size of a LDAP pdu is 7 bytes
4726 *
4727 * dumpasn1 -hh ldap-unbind-min.dat
4728 *
4729 * <30 05 02 01 09 42 00>
4730 * 0 5: SEQUENCE {
4731 * <02 01 09>
4732 * 2 1: INTEGER 9
4733 * <42 00>
4734 * 5 0: [APPLICATION 2]
4735 * : Error: Object has zero length.
4736 * : }
4737 *
4738 * dumpasn1 -hh ldap-unbind-windows.dat
4739 *
4740 * <30 84 00 00 00 05 02 01 09 42 00>
4741 * 0 5: SEQUENCE {
4742 * <02 01 09>
4743 * 6 1: INTEGER 9
4744 * <42 00>
4745 * 9 0: [APPLICATION 2]
4746 * : Error: Object has zero length.
4747 * : }
4748 *
4749 * 6 bytes would also be ok to get the full length of
4750 * the pdu, but as the smallest pdu can be 7 bytes
4751 * we can use 7.
4752 */
4753 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data);
4754
4755 goto end;
4756
4757 this_was_not_normal_ldap:
4758
4759 /* Ok it might be a strange case of SASL still
4760 * It has been seen with Exchange setup to MS AD
4761 * when Exchange pretend that there is SASL but in fact data are still
4762 * in clear*/
4763 if ((sasl_len + 4) == (guint32)tvb_reported_length_remaining(tvb, 0))
4764 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4765 end:
4766 return tvb_captured_length(tvb);
4767 }
4768
4769 static int
4770 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4771 {
4772 dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
4773 return tvb_captured_length(tvb);
4774 }
4775
4776
4777 /*--- proto_register_ldap -------------------------------------------*/
4778 void proto_register_ldap(void) {
4779
4780 /* List of fields */
4781
4782 static hf_register_info hf[] = {
4783
4784 { &hf_ldap_sasl_buffer_length,
4785 { "SASL Buffer Length", "ldap.sasl_buffer_length",
4786 FT_UINT32, BASE_DEC, NULL, 0x0,
4787 NULL, HFILL }},
4788 { &hf_ldap_response_in,
4789 { "Response In", "ldap.response_in",
4790 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4791 "The response to this LDAP request is in this frame", HFILL }},
4792 { &hf_ldap_response_to,
4793 { "Response To", "ldap.response_to",
4794 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4795 "This is a response to the LDAP request in this frame", HFILL }},
4796 { &hf_ldap_time,
4797 { "Time", "ldap.time",
4798 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
4799 "The time between the Call and the Reply", HFILL }},
4800
4801 { &hf_mscldap_netlogon_opcode,
4802 { "Operation code", "mscldap.netlogon.opcode",
4803 FT_UINT16, BASE_DEC, VALS(netlogon_opcode_vals), 0x0,
4804 "LDAP ping operation code", HFILL }},
4805
4806 { &hf_mscldap_netlogon_ipaddress_family,
4807 { "Family", "mscldap.netlogon.ipaddress.family",
4808 FT_UINT16, BASE_DEC, NULL, 0x0,
4809 NULL, HFILL }},
4810
4811 { &hf_mscldap_netlogon_ipaddress_ipv4,
4812 { "IPv4", "mscldap.netlogon.ipaddress.ipv4",
4813 FT_IPv4, BASE_NONE, NULL, 0x0,
4814 "IP Address", HFILL }},
4815
4816 { &hf_mscldap_netlogon_ipaddress_port,
4817 { "Port", "mscldap.netlogon.ipaddress.port",
4818 FT_UINT16, BASE_DEC, NULL, 0x0,
4819 NULL, HFILL }},
4820
4821 { &hf_mscldap_netlogon_ipaddress,
4822 { "IP Address","mscldap.netlogon.ipaddress",
4823 FT_IPv4, BASE_NONE, NULL, 0x0,
4824 "Domain Controller IP Address", HFILL }},
4825
4826 { &hf_mscldap_netlogon_lm_token,
4827 { "LM Token", "mscldap.netlogon.lm_token",
4828 FT_UINT16, BASE_HEX, NULL, 0x0,
4829 "MUST be set to 0xFFFF", HFILL }},
4830
4831 { &hf_mscldap_netlogon_nt_token,
4832 { "NT Token", "mscldap.netlogon.nt_token",
4833 FT_UINT16, BASE_HEX, NULL, 0x0,
4834 "MUST be set to 0xFFFF", HFILL }},
4835
4836 { &hf_mscldap_netlogon_flags,
4837 { "Flags", "mscldap.netlogon.flags",
4838 FT_UINT32, BASE_HEX, NULL, 0x0,
4839 "Netlogon flags describing the DC properties", HFILL }},
4840
4841 { &hf_mscldap_ntver_flags,
4842 { "Version Flags", "mscldap.ntver.flags",
4843 FT_UINT32, BASE_HEX, NULL, 0x0,
4844 "NETLOGON_NT_VERSION Options Bits", HFILL }},
4845
4846 { &hf_mscldap_domain_guid,
4847 { "Domain GUID", "mscldap.domain.guid",
4848 FT_GUID, BASE_NONE, NULL, 0x0,
4849 "Value of the NC's GUID attribute", HFILL }},
4850
4851 { &hf_mscldap_forest,
4852 { "Forest", "mscldap.forest",
4853 FT_STRING, BASE_NONE, NULL, 0x0,
4854 "DNS name of the forest", HFILL }},
4855
4856 { &hf_mscldap_domain,
4857 { "Domain", "mscldap.domain",
4858 FT_STRING, BASE_NONE, NULL, 0x0,
4859 "DNS name of the NC", HFILL }},
4860
4861 { &hf_mscldap_hostname,
4862 { "Hostname", "mscldap.hostname",
4863 FT_STRING, BASE_NONE, NULL, 0x0,
4864 "DNS name of server", HFILL }},
4865
4866 { &hf_mscldap_nb_domain_z,
4867 { "NetBIOS Domain", "mscldap.nb_domain",
4868 FT_STRINGZ, BASE_NONE, NULL, 0x0,
4869 "NetBIOS name of the NC", HFILL }},
4870
4871 { &hf_mscldap_nb_domain,
4872 { "NetBIOS Domain", "mscldap.nb_domain",
4873 FT_STRING, BASE_NONE, NULL, 0x0,
4874 "NetBIOS name of the NC", HFILL }},
4875
4876 { &hf_mscldap_nb_hostname_z,
4877 { "NetBIOS Hostname", "mscldap.nb_hostname",
4878 FT_STRINGZ, BASE_NONE, NULL, 0x0,
4879 "NetBIOS name of the server", HFILL }},
4880
4881 { &hf_mscldap_nb_hostname,
4882 { "NetBIOS Hostname", "mscldap.nb_hostname",
4883 FT_STRING, BASE_NONE, NULL, 0x0,
4884 "NetBIOS name of the server", HFILL }},
4885
4886 { &hf_mscldap_username_z,
4887 { "Username", "mscldap.username",
4888 FT_STRINGZ, BASE_NONE, NULL, 0x0,
4889 "User specified in client's request", HFILL }},
4890
4891 { &hf_mscldap_username,
4892 { "Username", "mscldap.username",
4893 FT_STRING, BASE_NONE, NULL, 0x0,
4894 "User specified in client's request", HFILL }},
4895
4896 { &hf_mscldap_sitename,
4897 { "Server Site", "mscldap.sitename",
4898 FT_STRING, BASE_NONE, NULL, 0x0,
4899 "Site name of the server", HFILL }},
4900
4901 { &hf_mscldap_clientsitename,
4902 { "Client Site", "mscldap.clientsitename",
4903 FT_STRING, BASE_NONE, NULL, 0x0,
4904 "Site name of the client", HFILL }},
4905
4906 { &hf_ldap_sid,
4907 { "Sid", "ldap.sid",
4908 FT_STRING, BASE_NONE, NULL, 0x0,
4909 NULL, HFILL }},
4910
4911 { &hf_mscldap_ntver_flags_v1,
4912 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32,
4913 TFS(&tfs_ntver_v1), 0x00000001, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4914
4915 { &hf_mscldap_ntver_flags_v5,
4916 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32,
4917 TFS(&tfs_ntver_v5), 0x00000002, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4918
4919 { &hf_mscldap_ntver_flags_v5ex,
4920 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32,
4921 TFS(&tfs_ntver_v5ex), 0x00000004, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4922
4923 { &hf_mscldap_ntver_flags_v5ep,
4924 { "V5EP", "mscldap.ntver.searchflags.v5ep", FT_BOOLEAN, 32,
4925 TFS(&tfs_ntver_v5ep), 0x00000008, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4926
4927 { &hf_mscldap_ntver_flags_vcs,
4928 { "VCS", "mscldap.ntver.searchflags.vcs", FT_BOOLEAN, 32,
4929 TFS(&tfs_ntver_vcs), 0x00000010, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4930
4931 { &hf_mscldap_ntver_flags_vnt4,
4932 { "VNT4", "mscldap.ntver.searchflags.vnt4", FT_BOOLEAN, 32,
4933 TFS(&tfs_ntver_vnt4), 0x01000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4934
4935 { &hf_mscldap_ntver_flags_vpdc,
4936 { "VPDC", "mscldap.ntver.searchflags.vpdc", FT_BOOLEAN, 32,
4937 TFS(&tfs_ntver_vpdc), 0x10000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4938
4939 { &hf_mscldap_ntver_flags_vip,
4940 { "VIP", "mscldap.ntver.searchflags.vip", FT_BOOLEAN, 32,
4941 TFS(&tfs_ntver_vip), 0x20000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4942
4943 { &hf_mscldap_ntver_flags_vl,
4944 { "VL", "mscldap.ntver.searchflags.vl", FT_BOOLEAN, 32,
4945 TFS(&tfs_ntver_vl), 0x40000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4946
4947 { &hf_mscldap_ntver_flags_vgc,
4948 { "VGC", "mscldap.ntver.searchflags.vgc", FT_BOOLEAN, 32,
4949 TFS(&tfs_ntver_vgc), 0x80000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4950
4951
4952 { &hf_mscldap_netlogon_flags_pdc,
4953 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
4954 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
4955
4956 { &hf_mscldap_netlogon_flags_gc,
4957 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
4958 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
4959
4960 { &hf_mscldap_netlogon_flags_ldap,
4961 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
4962 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
4963
4964 { &hf_mscldap_netlogon_flags_ds,
4965 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
4966 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
4967
4968 { &hf_mscldap_netlogon_flags_kdc,
4969 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
4970 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
4971
4972 { &hf_mscldap_netlogon_flags_timeserv,
4973 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
4974 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
4975
4976 { &hf_mscldap_netlogon_flags_closest,
4977 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
4978 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }},
4979
4980 { &hf_mscldap_netlogon_flags_writable,
4981 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
4982 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }},
4983
4984 { &hf_mscldap_netlogon_flags_good_timeserv,
4985 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
4986 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
4987
4988 { &hf_mscldap_netlogon_flags_ndnc,
4989 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
4990 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
4991
4992 { &hf_mscldap_netlogon_flags_rodc,
4993 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32,
4994 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
4995
4996 { &hf_mscldap_netlogon_flags_wdc,
4997 { "WDC", "mscldap.netlogon.flags.writabledc", FT_BOOLEAN, 32,
4998 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
4999
5000 { &hf_mscldap_netlogon_flags_dns,
5001 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32,
5002 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }},
5003
5004 { &hf_mscldap_netlogon_flags_dnc,
5005 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32,
5006 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }},
5007
5008 { &hf_mscldap_netlogon_flags_fnc,
5009 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32,
5010 TFS(&tfs_ads_fnc), 0x80000000, "Is the the NC the default forest root(Windows 2008)?", HFILL }},
5011
5012 { &hf_ldap_guid,
5013 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
5014 NULL, 0, NULL, HFILL }},
5015
5016 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
5017 { "Ads Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }},
5018
5019 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
5020 { "Ads Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }},
5021
5022 { &hf_ldap_AccessMask_ADS_LIST,
5023 { "Ads List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }},
5024
5025 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
5026 { "Ads Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }},
5027
5028 { &hf_ldap_AccessMask_ADS_READ_PROP,
5029 { "Ads Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }},
5030
5031 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
5032 { "Ads Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }},
5033
5034 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
5035 { "Ads Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }},
5036
5037 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
5038 { "Ads List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }},
5039
5040 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
5041 { "Ads Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }},
5042
5043 { &hf_ldap_LDAPMessage_PDU,
5044 { "LDAPMessage", "ldap.LDAPMessage_element", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
5045
5046 { &hf_ldap_object_security_flag,
5047 { "Flag Object_Security", "ldap.object_security_flag", FT_BOOLEAN, 32, NULL, 0x00000001, NULL, HFILL }},
5048
5049 { &hf_ldap_ancestor_first_flag,
5050 { "Flag Ancestor_First", "ldap.ancestor_first_flag", FT_BOOLEAN, 32, NULL, 0x00000800, NULL, HFILL }},
5051
5052 { &hf_ldap_public_data_only_flag,
5053 { "Flag Public_Data_Only", "ldap.public_data_only_flag", FT_BOOLEAN, 32, NULL, 0x00002000, NULL, HFILL }},
5054
5055 { &hf_ldap_incremental_value_flag,
5056 { "Flag Incremental_Value", "ldap.incremental_value_flag", FT_BOOLEAN, 32, NULL, 0x80000000, NULL, HFILL }},
5057
5058 { &hf_ldap_oid,
5059 { "OID", "ldap.oid", FT_STRING, BASE_NONE,
5060 NULL, 0, NULL, HFILL }},
5061
5062 { &hf_ldap_gssapi_encrypted_payload,
5063 { "GSS-API Encrypted payload", "ldap.gssapi_encrypted_payload", FT_BYTES, BASE_NONE,
5064 NULL, 0, NULL, HFILL }},
5065
5066
5067 /*--- Included file: packet-ldap-hfarr.c ---*/
5068 #line 1 "./asn1/ldap/packet-ldap-hfarr.c"
5069 { &hf_ldap_SearchControlValue_PDU,
5070 { "SearchControlValue", "ldap.SearchControlValue_element",
5071 FT_NONE, BASE_NONE, NULL, 0,
5072 NULL, HFILL }},
5073 { &hf_ldap_SortKeyList_PDU,
5074 { "SortKeyList", "ldap.SortKeyList",
5075 FT_UINT32, BASE_DEC, NULL, 0,
5076 NULL, HFILL }},
5077 { &hf_ldap_SortResult_PDU,
5078 { "SortResult", "ldap.SortResult_element",
5079 FT_NONE, BASE_NONE, NULL, 0,
5080 NULL, HFILL }},
5081 { &hf_ldap_DirSyncControlValue_PDU,
5082 { "DirSyncControlValue", "ldap.DirSyncControlValue_element",
5083 FT_NONE, BASE_NONE, NULL, 0,
5084 NULL, HFILL }},
5085 { &hf_ldap_PasswdModifyRequestValue_PDU,
5086 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue_element",
5087 FT_NONE, BASE_NONE, NULL, 0,
5088 NULL, HFILL }},
5089 { &hf_ldap_CancelRequestValue_PDU,
5090 { "CancelRequestValue", "ldap.CancelRequestValue_element",
5091 FT_NONE, BASE_NONE, NULL, 0,
5092 NULL, HFILL }},
5093 { &hf_ldap_SyncRequestValue_PDU,
5094 { "SyncRequestValue", "ldap.SyncRequestValue_element",
5095 FT_NONE, BASE_NONE, NULL, 0,
5096 NULL, HFILL }},
5097 { &hf_ldap_SyncStateValue_PDU,
5098 { "SyncStateValue", "ldap.SyncStateValue_element",
5099 FT_NONE, BASE_NONE, NULL, 0,
5100 NULL, HFILL }},
5101 { &hf_ldap_SyncDoneValue_PDU,
5102 { "SyncDoneValue", "ldap.SyncDoneValue_element",
5103 FT_NONE, BASE_NONE, NULL, 0,
5104 NULL, HFILL }},
5105 { &hf_ldap_SyncInfoValue_PDU,
5106 { "SyncInfoValue", "ldap.SyncInfoValue",
5107 FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0,
5108 NULL, HFILL }},
5109 { &hf_ldap_PasswordPolicyResponseValue_PDU,
5110 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue_element",
5111 FT_NONE, BASE_NONE, NULL, 0,
5112 NULL, HFILL }},
5113 { &hf_ldap_messageID,
5114 { "messageID", "ldap.messageID",
5115 FT_UINT32, BASE_DEC, NULL, 0,
5116 NULL, HFILL }},
5117 { &hf_ldap_protocolOp,
5118 { "protocolOp", "ldap.protocolOp",
5119 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
5120 NULL, HFILL }},
5121 { &hf_ldap_controls,
5122 { "controls", "ldap.controls",
5123 FT_UINT32, BASE_DEC, NULL, 0,
5124 NULL, HFILL }},
5125 { &hf_ldap_bindRequest,
5126 { "bindRequest", "ldap.bindRequest_element",
5127 FT_NONE, BASE_NONE, NULL, 0,
5128 NULL, HFILL }},
5129 { &hf_ldap_bindResponse,
5130 { "bindResponse", "ldap.bindResponse_element",
5131 FT_NONE, BASE_NONE, NULL, 0,
5132 NULL, HFILL }},
5133 { &hf_ldap_unbindRequest,
5134 { "unbindRequest", "ldap.unbindRequest_element",
5135 FT_NONE, BASE_NONE, NULL, 0,
5136 NULL, HFILL }},
5137 { &hf_ldap_searchRequest,
5138 { "searchRequest", "ldap.searchRequest_element",
5139 FT_NONE, BASE_NONE, NULL, 0,
5140 NULL, HFILL }},
5141 { &hf_ldap_searchResEntry,
5142 { "searchResEntry", "ldap.searchResEntry_element",
5143 FT_NONE, BASE_NONE, NULL, 0,
5144 "SearchResultEntry", HFILL }},
5145 { &hf_ldap_searchResDone,
5146 { "searchResDone", "ldap.searchResDone_element",
5147 FT_NONE, BASE_NONE, NULL, 0,
5148 "SearchResultDone", HFILL }},
5149 { &hf_ldap_searchResRef,
5150 { "searchResRef", "ldap.searchResRef",
5151 FT_UINT32, BASE_DEC, NULL, 0,
5152 "SearchResultReference", HFILL }},
5153 { &hf_ldap_modifyRequest,
5154 { "modifyRequest", "ldap.modifyRequest_element",
5155 FT_NONE, BASE_NONE, NULL, 0,
5156 NULL, HFILL }},
5157 { &hf_ldap_modifyResponse,
5158 { "modifyResponse", "ldap.modifyResponse_element",
5159 FT_NONE, BASE_NONE, NULL, 0,
5160 NULL, HFILL }},
5161 { &hf_ldap_addRequest,
5162 { "addRequest", "ldap.addRequest_element",
5163 FT_NONE, BASE_NONE, NULL, 0,
5164 NULL, HFILL }},
5165 { &hf_ldap_addResponse,
5166 { "addResponse", "ldap.addResponse_element",
5167 FT_NONE, BASE_NONE, NULL, 0,
5168 NULL, HFILL }},
5169 { &hf_ldap_delRequest,
5170 { "delRequest", "ldap.delRequest",
5171 FT_STRING, STR_UNICODE, NULL, 0,
5172 NULL, HFILL }},
5173 { &hf_ldap_delResponse,
5174 { "delResponse", "ldap.delResponse_element",
5175 FT_NONE, BASE_NONE, NULL, 0,
5176 NULL, HFILL }},
5177 { &hf_ldap_modDNRequest,
5178 { "modDNRequest", "ldap.modDNRequest_element",
5179 FT_NONE, BASE_NONE, NULL, 0,
5180 "ModifyDNRequest", HFILL }},
5181 { &hf_ldap_modDNResponse,
5182 { "modDNResponse", "ldap.modDNResponse_element",
5183 FT_NONE, BASE_NONE, NULL, 0,
5184 "ModifyDNResponse", HFILL }},
5185 { &hf_ldap_compareRequest,
5186 { "compareRequest", "ldap.compareRequest_element",
5187 FT_NONE, BASE_NONE, NULL, 0,
5188 NULL, HFILL }},
5189 { &hf_ldap_compareResponse,
5190 { "compareResponse", "ldap.compareResponse_element",
5191 FT_NONE, BASE_NONE, NULL, 0,
5192 NULL, HFILL }},
5193 { &hf_ldap_abandonRequest,
5194 { "abandonRequest", "ldap.abandonRequest",
5195 FT_UINT32, BASE_DEC, NULL, 0,
5196 NULL, HFILL }},
5197 { &hf_ldap_extendedReq,
5198 { "extendedReq", "ldap.extendedReq_element",
5199 FT_NONE, BASE_NONE, NULL, 0,
5200 "ExtendedRequest", HFILL }},
5201 { &hf_ldap_extendedResp,
5202 { "extendedResp", "ldap.extendedResp_element",
5203 FT_NONE, BASE_NONE, NULL, 0,
5204 "ExtendedResponse", HFILL }},
5205 { &hf_ldap_intermediateResponse,
5206 { "intermediateResponse", "ldap.intermediateResponse_element",
5207 FT_NONE, BASE_NONE, NULL, 0,
5208 NULL, HFILL }},
5209 { &hf_ldap_AttributeDescriptionList_item,
5210 { "AttributeDescription", "ldap.AttributeDescription",
5211 FT_STRING, STR_UNICODE, NULL, 0,
5212 NULL, HFILL }},
5213 { &hf_ldap_attributeDesc,
5214 { "attributeDesc", "ldap.attributeDesc",
5215 FT_STRING, STR_UNICODE, NULL, 0,
5216 "AttributeDescription", HFILL }},
5217 { &hf_ldap_assertionValue,
5218 { "assertionValue", "ldap.assertionValue",
5219 FT_STRING, BASE_NONE, NULL, 0,
5220 NULL, HFILL }},
5221 { &hf_ldap_type,
5222 { "type", "ldap.type",
5223 FT_STRING, STR_UNICODE, NULL, 0,
5224 "AttributeDescription", HFILL }},
5225 { &hf_ldap_vals,
5226 { "vals", "ldap.vals",
5227 FT_UINT32, BASE_DEC, NULL, 0,
5228 "SET_OF_AttributeValue", HFILL }},
5229 { &hf_ldap_vals_item,
5230 { "AttributeValue", "ldap.AttributeValue",
5231 FT_BYTES, BASE_NONE, NULL, 0,
5232 NULL, HFILL }},
5233 { &hf_ldap_resultCode,
5234 { "resultCode", "ldap.resultCode",
5235 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
5236 NULL, HFILL }},
5237 { &hf_ldap_matchedDN,
5238 { "matchedDN", "ldap.matchedDN",
5239 FT_STRING, STR_UNICODE, NULL, 0,
5240 "LDAPDN", HFILL }},
5241 { &hf_ldap_errorMessage,
5242 { "errorMessage", "ldap.errorMessage",
5243 FT_STRING, STR_UNICODE, NULL, 0,
5244 NULL, HFILL }},
5245 { &hf_ldap_referral,
5246 { "referral", "ldap.referral",
5247 FT_UINT32, BASE_DEC, NULL, 0,
5248 NULL, HFILL }},
5249 { &hf_ldap_Referral_item,
5250 { "LDAPURL", "ldap.LDAPURL",
5251 FT_STRING, BASE_NONE, NULL, 0,
5252 NULL, HFILL }},
5253 { &hf_ldap_Controls_item,
5254 { "Control", "ldap.Control_element",
5255 FT_NONE, BASE_NONE, NULL, 0,
5256 NULL, HFILL }},
5257 { &hf_ldap_controlType,
5258 { "controlType", "ldap.controlType",
5259 FT_STRING, BASE_NONE, NULL, 0,
5260 NULL, HFILL }},
5261 { &hf_ldap_criticality,
5262 { "criticality", "ldap.criticality",
5263 FT_BOOLEAN, BASE_NONE, NULL, 0,
5264 "BOOLEAN", HFILL }},
5265 { &hf_ldap_controlValue,
5266 { "controlValue", "ldap.controlValue",
5267 FT_BYTES, BASE_NONE, NULL, 0,
5268 NULL, HFILL }},
5269 { &hf_ldap_version,
5270 { "version", "ldap.version",
5271 FT_UINT32, BASE_DEC, NULL, 0,
5272 "INTEGER_1_127", HFILL }},
5273 { &hf_ldap_name,
5274 { "name", "ldap.name",
5275 FT_STRING, STR_UNICODE, NULL, 0,
5276 "LDAPDN", HFILL }},
5277 { &hf_ldap_authentication,
5278 { "authentication", "ldap.authentication",
5279 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
5280 "AuthenticationChoice", HFILL }},
5281 { &hf_ldap_simple,
5282 { "simple", "ldap.simple",
5283 FT_STRING, BASE_NONE, NULL, 0,
5284 NULL, HFILL }},
5285 { &hf_ldap_sasl,
5286 { "sasl", "ldap.sasl_element",
5287 FT_NONE, BASE_NONE, NULL, 0,
5288 "SaslCredentials", HFILL }},
5289 { &hf_ldap_ntlmsspNegotiate,
5290 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
5291 FT_BYTES, BASE_NONE, NULL, 0,
5292 NULL, HFILL }},
5293 { &hf_ldap_ntlmsspAuth,
5294 { "ntlmsspAuth", "ldap.ntlmsspAuth",
5295 FT_BYTES, BASE_NONE, NULL, 0,
5296 NULL, HFILL }},
5297 { &hf_ldap_mechanism,
5298 { "mechanism", "ldap.mechanism",
5299 FT_STRING, BASE_NONE, NULL, 0,
5300 NULL, HFILL }},
5301 { &hf_ldap_credentials,
5302 { "credentials", "ldap.credentials",
5303 FT_BYTES, BASE_NONE, NULL, 0,
5304 NULL, HFILL }},
5305 { &hf_ldap_bindResponse_resultCode,
5306 { "resultCode", "ldap.resultCode",
5307 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
5308 "BindResponse_resultCode", HFILL }},
5309 { &hf_ldap_bindResponse_matchedDN,
5310 { "matchedDN", "ldap.matchedDN",
5311 FT_STRING, STR_UNICODE, NULL, 0,
5312 "T_bindResponse_matchedDN", HFILL }},
5313 { &hf_ldap_serverSaslCreds,
5314 { "serverSaslCreds", "ldap.serverSaslCreds",
5315 FT_BYTES, BASE_NONE, NULL, 0,
5316 NULL, HFILL }},
5317 { &hf_ldap_baseObject,
5318 { "baseObject", "ldap.baseObject",
5319 FT_STRING, STR_UNICODE, NULL, 0,
5320 "LDAPDN", HFILL }},
5321 { &hf_ldap_scope,
5322 { "scope", "ldap.scope",
5323 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
5324 NULL, HFILL }},
5325 { &hf_ldap_derefAliases,
5326 { "derefAliases", "ldap.derefAliases",
5327 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
5328 NULL, HFILL }},
5329 { &hf_ldap_sizeLimit,
5330 { "sizeLimit", "ldap.sizeLimit",
5331 FT_UINT32, BASE_DEC, NULL, 0,
5332 "INTEGER_0_maxInt", HFILL }},
5333 { &hf_ldap_timeLimit,
5334 { "timeLimit", "ldap.timeLimit",
5335 FT_UINT32, BASE_DEC, NULL, 0,
5336 "INTEGER_0_maxInt", HFILL }},
5337 { &hf_ldap_typesOnly,
5338 { "typesOnly", "ldap.typesOnly",
5339 FT_BOOLEAN, BASE_NONE, NULL, 0,
5340 "BOOLEAN", HFILL }},
5341 { &hf_ldap_filter,
5342 { "filter", "ldap.filter",
5343 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5344 NULL, HFILL }},
5345 { &hf_ldap_searchRequest_attributes,
5346 { "attributes", "ldap.attributes",
5347 FT_UINT32, BASE_DEC, NULL, 0,
5348 "AttributeDescriptionList", HFILL }},
5349 { &hf_ldap_and,
5350 { "and", "ldap.and",
5351 FT_UINT32, BASE_DEC, NULL, 0,
5352 NULL, HFILL }},
5353 { &hf_ldap_and_item,
5354 { "and item", "ldap.and_item",
5355 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5356 NULL, HFILL }},
5357 { &hf_ldap_or,
5358 { "or", "ldap.or",
5359 FT_UINT32, BASE_DEC, NULL, 0,
5360 NULL, HFILL }},
5361 { &hf_ldap_or_item,
5362 { "or item", "ldap.or_item",
5363 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5364 NULL, HFILL }},
5365 { &hf_ldap_not,
5366 { "not", "ldap.not",
5367 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5368 NULL, HFILL }},
5369 { &hf_ldap_equalityMatch,
5370 { "equalityMatch", "ldap.equalityMatch_element",
5371 FT_NONE, BASE_NONE, NULL, 0,
5372 NULL, HFILL }},
5373 { &hf_ldap_substrings,
5374 { "substrings", "ldap.substrings_element",
5375 FT_NONE, BASE_NONE, NULL, 0,
5376 "SubstringFilter", HFILL }},
5377 { &hf_ldap_greaterOrEqual,
5378 { "greaterOrEqual", "ldap.greaterOrEqual_element",
5379 FT_NONE, BASE_NONE, NULL, 0,
5380 NULL, HFILL }},
5381 { &hf_ldap_lessOrEqual,
5382 { "lessOrEqual", "ldap.lessOrEqual_element",
5383 FT_NONE, BASE_NONE, NULL, 0,
5384 NULL, HFILL }},
5385 { &hf_ldap_present,
5386 { "present", "ldap.present",
5387 FT_STRING, STR_UNICODE, NULL, 0,
5388 NULL, HFILL }},
5389 { &hf_ldap_approxMatch,
5390 { "approxMatch", "ldap.approxMatch_element",
5391 FT_NONE, BASE_NONE, NULL, 0,
5392 NULL, HFILL }},
5393 { &hf_ldap_extensibleMatch,
5394 { "extensibleMatch", "ldap.extensibleMatch_element",
5395 FT_NONE, BASE_NONE, NULL, 0,
5396 NULL, HFILL }},
5397 { &hf_ldap_substringFilter_substrings,
5398 { "substrings", "ldap.substrings",
5399 FT_UINT32, BASE_DEC, NULL, 0,
5400 "T_substringFilter_substrings", HFILL }},
5401 { &hf_ldap_substringFilter_substrings_item,
5402 { "substrings item", "ldap.substrings_item",
5403 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
5404 "T_substringFilter_substrings_item", HFILL }},
5405 { &hf_ldap_initial,
5406 { "initial", "ldap.initial",
5407 FT_STRING, STR_UNICODE, NULL, 0,
5408 "LDAPString", HFILL }},
5409 { &hf_ldap_any,
5410 { "any", "ldap.any",
5411 FT_STRING, STR_UNICODE, NULL, 0,
5412 "LDAPString", HFILL }},
5413 { &hf_ldap_final,
5414 { "final", "ldap.final",
5415 FT_STRING, STR_UNICODE, NULL, 0,
5416 "LDAPString", HFILL }},
5417 { &hf_ldap_matchingRule,
5418 { "matchingRule", "ldap.matchingRule",
5419 FT_STRING, STR_UNICODE, NULL, 0,
5420 "MatchingRuleId", HFILL }},
5421 { &hf_ldap_matchValue,
5422 { "matchValue", "ldap.matchValue",
5423 FT_STRING, BASE_NONE, NULL, 0,
5424 "AssertionValue", HFILL }},
5425 { &hf_ldap_dnAttributes,
5426 { "dnAttributes", "ldap.dnAttributes",
5427 FT_BOOLEAN, BASE_NONE, NULL, 0,
5428 NULL, HFILL }},
5429 { &hf_ldap_objectName,
5430 { "objectName", "ldap.objectName",
5431 FT_STRING, STR_UNICODE, NULL, 0,
5432 "LDAPDN", HFILL }},
5433 { &hf_ldap_searchResultEntry_attributes,
5434 { "attributes", "ldap.attributes",
5435 FT_UINT32, BASE_DEC, NULL, 0,
5436 "PartialAttributeList", HFILL }},
5437 { &hf_ldap_PartialAttributeList_item,
5438 { "PartialAttributeList item", "ldap.PartialAttributeList_item_element",
5439 FT_NONE, BASE_NONE, NULL, 0,
5440 NULL, HFILL }},
5441 { &hf_ldap__untag_item,
5442 { "LDAPURL", "ldap.LDAPURL",
5443 FT_STRING, BASE_NONE, NULL, 0,
5444 NULL, HFILL }},
5445 { &hf_ldap_object,
5446 { "object", "ldap.object",
5447 FT_STRING, STR_UNICODE, NULL, 0,
5448 "LDAPDN", HFILL }},
5449 { &hf_ldap_modifyRequest_modification,
5450 { "modification", "ldap.modification",
5451 FT_UINT32, BASE_DEC, NULL, 0,
5452 "ModifyRequest_modification", HFILL }},
5453 { &hf_ldap_modifyRequest_modification_item,
5454 { "modification item", "ldap.modification_item_element",
5455 FT_NONE, BASE_NONE, NULL, 0,
5456 "T_modifyRequest_modification_item", HFILL }},
5457 { &hf_ldap_operation,
5458 { "operation", "ldap.operation",
5459 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
5460 NULL, HFILL }},
5461 { &hf_ldap_modification,
5462 { "modification", "ldap.modification_element",
5463 FT_NONE, BASE_NONE, NULL, 0,
5464 "AttributeTypeAndValues", HFILL }},
5465 { &hf_ldap_entry,
5466 { "entry", "ldap.entry",
5467 FT_STRING, STR_UNICODE, NULL, 0,
5468 "LDAPDN", HFILL }},
5469 { &hf_ldap_attributes,
5470 { "attributes", "ldap.attributes",
5471 FT_UINT32, BASE_DEC, NULL, 0,
5472 "AttributeList", HFILL }},
5473 { &hf_ldap_AttributeList_item,
5474 { "AttributeList item", "ldap.AttributeList_item_element",
5475 FT_NONE, BASE_NONE, NULL, 0,
5476 NULL, HFILL }},
5477 { &hf_ldap_newrdn,
5478 { "newrdn", "ldap.newrdn",
5479 FT_STRING, STR_UNICODE, NULL, 0,
5480 "RelativeLDAPDN", HFILL }},
5481 { &hf_ldap_deleteoldrdn,
5482 { "deleteoldrdn", "ldap.deleteoldrdn",
5483 FT_BOOLEAN, BASE_NONE, NULL, 0,
5484 "BOOLEAN", HFILL }},
5485 { &hf_ldap_newSuperior,
5486 { "newSuperior", "ldap.newSuperior",
5487 FT_STRING, STR_UNICODE, NULL, 0,
5488 "LDAPDN", HFILL }},
5489 { &hf_ldap_ava,
5490 { "ava", "ldap.ava_element",
5491 FT_NONE, BASE_NONE, NULL, 0,
5492 "AttributeValueAssertion", HFILL }},
5493 { &hf_ldap_requestName,
5494 { "requestName", "ldap.requestName",
5495 FT_STRING, BASE_NONE, NULL, 0,
5496 "LDAPOID", HFILL }},
5497 { &hf_ldap_requestValue,
5498 { "requestValue", "ldap.requestValue",
5499 FT_BYTES, BASE_NONE, NULL, 0,
5500 NULL, HFILL }},
5501 { &hf_ldap_extendedResponse_resultCode,
5502 { "resultCode", "ldap.resultCode",
5503 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
5504 "ExtendedResponse_resultCode", HFILL }},
5505 { &hf_ldap_responseName,
5506 { "responseName", "ldap.responseName",
5507 FT_STRING, BASE_NONE, NULL, 0,
5508 NULL, HFILL }},
5509 { &hf_ldap_response,
5510 { "response", "ldap.response",
5511 FT_BYTES, BASE_NONE, NULL, 0,
5512 "OCTET_STRING", HFILL }},
5513 { &hf_ldap_intermediateResponse_responseValue,
5514 { "responseValue", "ldap.responseValue",
5515 FT_BYTES, BASE_NONE, NULL, 0,
5516 "T_intermediateResponse_responseValue", HFILL }},
5517 { &hf_ldap_size,
5518 { "size", "ldap.size",
5519 FT_INT32, BASE_DEC, NULL, 0,
5520 "INTEGER", HFILL }},
5521 { &hf_ldap_cookie,
5522 { "cookie", "ldap.cookie",
5523 FT_BYTES, BASE_NONE, NULL, 0,
5524 "OCTET_STRING", HFILL }},
5525 { &hf_ldap_SortKeyList_item,
5526 { "SortKeyList item", "ldap.SortKeyList_item_element",
5527 FT_NONE, BASE_NONE, NULL, 0,
5528 NULL, HFILL }},
5529 { &hf_ldap_attributeType,
5530 { "attributeType", "ldap.attributeType",
5531 FT_STRING, STR_UNICODE, NULL, 0,
5532 "AttributeDescription", HFILL }},
5533 { &hf_ldap_orderingRule,
5534 { "orderingRule", "ldap.orderingRule",
5535 FT_STRING, STR_UNICODE, NULL, 0,
5536 "MatchingRuleId", HFILL }},
5537 { &hf_ldap_reverseOrder,
5538 { "reverseOrder", "ldap.reverseOrder",
5539 FT_BOOLEAN, BASE_NONE, NULL, 0,
5540 "BOOLEAN", HFILL }},
5541 { &hf_ldap_sortResult,
5542 { "sortResult", "ldap.sortResult",
5543 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
5544 NULL, HFILL }},
5545 { &hf_ldap_flags,
5546 { "flags", "ldap.flags",
5547 FT_UINT32, BASE_HEX, NULL, 0,
5548 "DirSyncFlags", HFILL }},
5549 { &hf_ldap_maxBytes,
5550 { "maxBytes", "ldap.maxBytes",
5551 FT_INT32, BASE_DEC, NULL, 0,
5552 "INTEGER", HFILL }},
5553 { &hf_ldap_userIdentity,
5554 { "userIdentity", "ldap.userIdentity",
5555 FT_BYTES, BASE_NONE, NULL, 0,
5556 "OCTET_STRING", HFILL }},
5557 { &hf_ldap_oldPasswd,
5558 { "oldPasswd", "ldap.oldPasswd",
5559 FT_BYTES, BASE_NONE, NULL, 0,
5560 "OCTET_STRING", HFILL }},
5561 { &hf_ldap_newPasswd,
5562 { "newPasswd", "ldap.newPasswd",
5563 FT_BYTES, BASE_NONE, NULL, 0,
5564 "OCTET_STRING", HFILL }},
5565 { &hf_ldap_cancelID,
5566 { "cancelID", "ldap.cancelID",
5567 FT_UINT32, BASE_DEC, NULL, 0,
5568 "MessageID", HFILL }},
5569 { &hf_ldap_mode,
5570 { "mode", "ldap.mode",
5571 FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0,
5572 NULL, HFILL }},
5573 { &hf_ldap_reloadHint,
5574 { "reloadHint", "ldap.reloadHint",
5575 FT_BOOLEAN, BASE_NONE, NULL, 0,
5576 "BOOLEAN", HFILL }},
5577 { &hf_ldap_state,
5578 { "state", "ldap.state",
5579 FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0,
5580 NULL, HFILL }},
5581 { &hf_ldap_entryUUID,
5582 { "entryUUID", "ldap.entryUUID",
5583 FT_BYTES, BASE_NONE, NULL, 0,
5584 "SyncUUID", HFILL }},
5585 { &hf_ldap_refreshDeletes,
5586 { "refreshDeletes", "ldap.refreshDeletes",
5587 FT_BOOLEAN, BASE_NONE, NULL, 0,
5588 "BOOLEAN", HFILL }},
5589 { &hf_ldap_newcookie,
5590 { "newcookie", "ldap.newcookie",
5591 FT_BYTES, BASE_NONE, NULL, 0,
5592 "OCTET_STRING", HFILL }},
5593 { &hf_ldap_refreshDelete,
5594 { "refreshDelete", "ldap.refreshDelete_element",
5595 FT_NONE, BASE_NONE, NULL, 0,
5596 NULL, HFILL }},
5597 { &hf_ldap_refreshDone,
5598 { "refreshDone", "ldap.refreshDone",
5599 FT_BOOLEAN, BASE_NONE, NULL, 0,
5600 "BOOLEAN", HFILL }},
5601 { &hf_ldap_refreshPresent,
5602 { "refreshPresent", "ldap.refreshPresent_element",
5603 FT_NONE, BASE_NONE, NULL, 0,
5604 NULL, HFILL }},
5605 { &hf_ldap_syncIdSet,
5606 { "syncIdSet", "ldap.syncIdSet_element",
5607 FT_NONE, BASE_NONE, NULL, 0,
5608 NULL, HFILL }},
5609 { &hf_ldap_syncUUIDs,
5610 { "syncUUIDs", "ldap.syncUUIDs",
5611 FT_UINT32, BASE_DEC, NULL, 0,
5612 "SET_OF_SyncUUID", HFILL }},
5613 { &hf_ldap_syncUUIDs_item,
5614 { "SyncUUID", "ldap.SyncUUID",
5615 FT_BYTES, BASE_NONE, NULL, 0,
5616 NULL, HFILL }},
5617 { &hf_ldap_warning,
5618 { "warning", "ldap.warning",
5619 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0,
5620 NULL, HFILL }},
5621 { &hf_ldap_timeBeforeExpiration,
5622 { "timeBeforeExpiration", "ldap.timeBeforeExpiration",
5623 FT_UINT32, BASE_DEC, NULL, 0,
5624 "INTEGER_0_maxInt", HFILL }},
5625 { &hf_ldap_graceAuthNsRemaining,
5626 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining",
5627 FT_UINT32, BASE_DEC, NULL, 0,
5628 "INTEGER_0_maxInt", HFILL }},
5629 { &hf_ldap_error,
5630 { "error", "ldap.error",
5631 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0,
5632 NULL, HFILL }},
5633
5634 /*--- End of included file: packet-ldap-hfarr.c ---*/
5635 #line 2157 "./asn1/ldap/packet-ldap-template.c"
5636 };
5637
5638 /* List of subtrees */
5639 static gint *ett[] = {
5640 &ett_ldap,
5641 &ett_ldap_payload,
5642 &ett_ldap_sasl_blob,
5643 &ett_ldap_msg,
5644 &ett_mscldap_netlogon_flags,
5645 &ett_mscldap_ntver_flags,
5646 &ett_mscldap_ipdetails,
5647 &ett_ldap_DirSyncFlagsSubEntry,
5648
5649
5650 /*--- Included file: packet-ldap-ettarr.c ---*/
5651 #line 1 "./asn1/ldap/packet-ldap-ettarr.c"
5652 &ett_ldap_LDAPMessage,
5653 &ett_ldap_ProtocolOp,
5654 &ett_ldap_AttributeDescriptionList,
5655 &ett_ldap_AttributeValueAssertion,
5656 &ett_ldap_Attribute,
5657 &ett_ldap_SET_OF_AttributeValue,
5658 &ett_ldap_LDAPResult,
5659 &ett_ldap_Referral,
5660 &ett_ldap_Controls,
5661 &ett_ldap_Control,
5662 &ett_ldap_BindRequest_U,
5663 &ett_ldap_AuthenticationChoice,
5664 &ett_ldap_SaslCredentials,
5665 &ett_ldap_BindResponse_U,
5666 &ett_ldap_SearchRequest_U,
5667 &ett_ldap_Filter,
5668 &ett_ldap_T_and,
5669 &ett_ldap_T_or,
5670 &ett_ldap_SubstringFilter,
5671 &ett_ldap_T_substringFilter_substrings,
5672 &ett_ldap_T_substringFilter_substrings_item,
5673 &ett_ldap_MatchingRuleAssertion,
5674 &ett_ldap_SearchResultEntry_U,
5675 &ett_ldap_PartialAttributeList,
5676 &ett_ldap_PartialAttributeList_item,
5677 &ett_ldap_SEQUENCE_OF_LDAPURL,
5678 &ett_ldap_ModifyRequest_U,
5679 &ett_ldap_ModifyRequest_modification,
5680 &ett_ldap_T_modifyRequest_modification_item,
5681 &ett_ldap_AttributeTypeAndValues,
5682 &ett_ldap_AddRequest_U,
5683 &ett_ldap_AttributeList,
5684 &ett_ldap_AttributeList_item,
5685 &ett_ldap_ModifyDNRequest_U,
5686 &ett_ldap_CompareRequest_U,
5687 &ett_ldap_ExtendedRequest_U,
5688 &ett_ldap_ExtendedResponse_U,
5689 &ett_ldap_IntermediateResponse_U,
5690 &ett_ldap_SearchControlValue,
5691 &ett_ldap_SortKeyList,
5692 &ett_ldap_SortKeyList_item,
5693 &ett_ldap_SortResult,
5694 &ett_ldap_DirSyncControlValue,
5695 &ett_ldap_PasswdModifyRequestValue,
5696 &ett_ldap_CancelRequestValue,
5697 &ett_ldap_SyncRequestValue,
5698 &ett_ldap_SyncStateValue,
5699 &ett_ldap_SyncDoneValue,
5700 &ett_ldap_SyncInfoValue,
5701 &ett_ldap_T_refreshDelete,
5702 &ett_ldap_T_refreshPresent,
5703 &ett_ldap_T_syncIdSet,
5704 &ett_ldap_SET_OF_SyncUUID,
5705 &ett_ldap_PasswordPolicyResponseValue,
5706 &ett_ldap_T_warning,
5707
5708 /*--- End of included file: packet-ldap-ettarr.c ---*/
5709 #line 2171 "./asn1/ldap/packet-ldap-template.c"
5710 };
5711 /* UAT for header fields */
5712 static uat_field_t custom_attribute_types_uat_fields[] = {
5713 UAT_FLD_CSTRING(attribute_types, attribute_type, "Attribute type", "Attribute type"),
5714 UAT_FLD_CSTRING(attribute_types, attribute_desc, "Description", "Description of the value matching type"),
5715 UAT_END_FIELDS
5716 };
5717
5718 static ei_register_info ei[] = {
5719 { &ei_ldap_exceeded_filter_length, { "ldap.exceeded_filter_length", PI_UNDECODED, PI_ERROR, "Filter length exceeds number. Giving up", EXPFILL }},
5720 { &ei_ldap_too_many_filter_elements, { "ldap.too_many_filter_elements", PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", EXPFILL }},
5721 };
5722
5723 expert_module_t* expert_ldap;
5724 module_t *ldap_module;
5725 uat_t *attributes_uat;
5726
5727 /* Register protocol */
5728 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
5729 /* Register fields and subtrees */
5730 proto_register_field_array(proto_ldap, hf, array_length(hf));
5731 proto_register_subtree_array(ett, array_length(ett));
5732 expert_ldap = expert_register_protocol(proto_ldap);
5733 expert_register_field_array(expert_ldap, ei, array_length(ei));
5734
5735 ldap_handle = register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
5736
5737 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
5738 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
5739 "Reassemble LDAP messages spanning multiple TCP segments",
5740 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
5741 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5742 &ldap_desegment);
5743
5744 prefs_register_uint_preference(ldap_module, "tls.port", "LDAPS TCP Port",
5745 "Set the port for LDAP operations over TLS",
5746 10, &global_ldaps_tcp_port);
5747 prefs_register_obsolete_preference(ldap_module, "ssl.port");
5748 /* UAT */
5749 attributes_uat = uat_new("Custom LDAP AttributeValue types",
5750 sizeof(attribute_type_t),
5751 "custom_ldap_attribute_types",
5752 TRUE,
5753 &attribute_types,
5754 &num_attribute_types,
5755 /* specifies named fields, so affects dissection
5756 and the set of named fields */
5757 UAT_AFFECTS_DISSECTION|UAT_AFFECTS_FIELDS,
5758 NULL,
5759 attribute_types_copy_cb,
5760 attribute_types_update_cb,
5761 attribute_types_free_cb,
5762 attribute_types_post_update_cb,
5763 attribute_types_reset_cb,
5764 custom_attribute_types_uat_fields);
5765
5766 prefs_register_uat_preference(ldap_module, "custom_ldap_attribute_types",
5767 "Custom AttributeValue types",
5768 "A table to define custom LDAP attribute type values for which fields can be setup and used for filtering/data extraction etc.",
5769 attributes_uat);
5770
5771 prefs_register_obsolete_preference(ldap_module, "max_pdu");
5772
5773 proto_cldap = proto_register_protocol(
5774 "Connectionless Lightweight Directory Access Protocol",
5775 "CLDAP", "cldap");
5776
5777 ldap_tap=register_tap("ldap");
5778
5779 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", proto_cldap, FT_STRING, BASE_NONE);
5780
5781 register_srt_table(proto_ldap, NULL, 1, ldapstat_packet, ldapstat_init, NULL);
5782 }
5783
5784
5785 /*--- proto_reg_handoff_ldap ---------------------------------------*/
5786 void
5787 proto_reg_handoff_ldap(void)
5788 {
5789 dissector_handle_t cldap_handle;
5790
5791 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
5792 dissector_add_uint_with_preference("udp.port", UDP_PORT_CLDAP, cldap_handle);
5793
5794 gssapi_handle = find_dissector_add_dependency("gssapi", proto_ldap);
5795 gssapi_wrap_handle = find_dissector_add_dependency("gssapi_verf", proto_ldap);
5796 spnego_handle = find_dissector_add_dependency("spnego", proto_ldap);
5797
5798 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_ldap);
5799
5800 tls_handle = find_dissector_add_dependency("tls", proto_ldap);
5801
5802 prefs_register_ldap();
5803
5804 oid_add_from_string("ISO assigned OIDs, USA", "1.2.840");
5805
5806 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
5807 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
5808 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
5809 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
5810 oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
5811 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
5812 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
5813 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
5814 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
5815 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
5816 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
5817 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
5818 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
5819 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
5820 oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
5821 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
5822 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
5823 oid_add_from_string("None","1.2.840.113556.1.4.970");
5824 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
5825 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
5826 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
5827 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
5828 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
5829 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
5830 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
5831 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
5832 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
5833 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
5834 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
5835 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
5836 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
5837 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
5838 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
5839 oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
5840 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
5841
5842 oid_add_from_string("inetOrgPerson", "2.16.840.1.113730.3.2.2");
5843 /* RFC2798 */
5844 oid_add_from_string("US company arc", "2.16.840.1");
5845
5846 /* http://www.alvestrand.no/objectid/2.16.840.1.113730.3.4.html */
5847 oid_add_from_string("Manage DSA IT LDAPv3 control", "2.16.840.1.113730.3.4.2");
5848 oid_add_from_string("Persistent Search LDAPv3 control", "2.16.840.1.113730.3.4.3");
5849 oid_add_from_string("Netscape Password Expired LDAPv3 control", "2.16.840.1.113730.3.4.4");
5850 oid_add_from_string("Netscape Password Expiring LDAPv3 control", "2.16.840.1.113730.3.4.5");
5851 oid_add_from_string("Netscape NT Synchronization Client LDAPv3 control", "2.16.840.1.113730.3.4.6");
5852 oid_add_from_string("Entry Change Notification LDAPv3 control", "2.16.840.1.113730.3.4.7");
5853 oid_add_from_string("Transaction ID Request Control", "2.16.840.1.113730.3.4.8");
5854 oid_add_from_string("VLV Request LDAPv3 control", "2.16.840.1.113730.3.4.9");
5855 oid_add_from_string("VLV Response LDAPv3 control", "2.16.840.1.113730.3.4.10");
5856 oid_add_from_string("Transaction ID Response Control", "2.16.840.1.113730.3.4.11");
5857 oid_add_from_string("Proxied Authorization (version 1) control", "2.16.840.1.113730.3.4.12");
5858 oid_add_from_string("iPlanet Directory Server Replication Update Information Control", "2.16.840.1.113730.3.4.13");
5859 oid_add_from_string("iPlanet Directory Server search on specific backend control", "2.16.840.1.113730.3.4.14");
5860 oid_add_from_string("Authentication Response Control", "2.16.840.1.113730.3.4.15");
5861 oid_add_from_string("Authentication Request Control", "2.16.840.1.113730.3.4.16");
5862 oid_add_from_string("Real Attributes Only Request Control", "2.16.840.1.113730.3.4.17");
5863 oid_add_from_string("Proxied Authorization (version 2) Control", "2.16.840.1.113730.3.4.18");
5864 oid_add_from_string("Chaining loop detection", "2.16.840.1.113730.3.4.19");
5865 oid_add_from_string("iPlanet Replication Modrdn Extra Mods Control", "2.16.840.1.113730.3.4.999");
5866
5867
5868 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID", "1.2.840.113556.1.4.1852");
5869 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID", "1.2.840.113556.1.4.802");
5870 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID", "1.2.840.113556.1.4.1907");
5871 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID", "1.2.840.113556.1.4.1948");
5872
5873
5874 dissector_add_string("ldap.name", "netlogon", create_dissector_handle(dissect_NetLogon_PDU, proto_cldap));
5875 dissector_add_string("ldap.name", "objectGUID", create_dissector_handle(dissect_ldap_guid, proto_ldap));
5876 dissector_add_string("ldap.name", "supportedControl", create_dissector_handle(dissect_ldap_oid, proto_ldap));
5877 dissector_add_string("ldap.name", "supportedCapabilities", create_dissector_handle(dissect_ldap_oid, proto_ldap));
5878 dissector_add_string("ldap.name", "objectSid", create_dissector_handle(dissect_ldap_sid, proto_ldap));
5879 dissector_add_string("ldap.name", "nTSecurityDescriptor", create_dissector_handle(dissect_ldap_nt_sec_desc, proto_ldap));
5880
5881
5882 /*--- Included file: packet-ldap-dis-tab.c ---*/
5883 #line 1 "./asn1/ldap/packet-ldap-dis-tab.c"
5884 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
5885 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
5886 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
5887 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "dirsync");
5888 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
5889 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
5890 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
5891 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
5892 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
5893 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
5894 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
5895
5896
5897 /*--- End of included file: packet-ldap-dis-tab.c ---*/
5898 #line 2343 "./asn1/ldap/packet-ldap-template.c"
5899
5900 dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle);
5901
5902 dissector_add_uint("acdr.tls_application_port", 636, ldap_handle);
5903 dissector_add_uint("acdr.tls_application", TLS_APP_LDAP, ldap_handle);
5904 }
5905
5906 static void
5907 prefs_register_ldap(void)
5908 {
5909 if(ssl_port != global_ldaps_tcp_port) {
5910 if(ssl_port)
5911 ssl_dissector_delete(ssl_port, ldap_handle);
5912
5913 /* Set our port number for future use */
5914 ssl_port = global_ldaps_tcp_port;
5915
5916 if(ssl_port)
5917 ssl_dissector_add(ssl_port, ldap_handle);
5918 }
5919
5920 }
5921
5922 /*
5923 * Editor modelines - https://www.wireshark.org/tools/modelines.html
5924 *
5925 * Local Variables:
5926 * c-basic-offset: 2
5927 * tab-width: 8
5928 * indent-tabs-mode: nil
5929 * End:
5930 *
5931 * vi: set shiftwidth=2 tabstop=8 expandtab:
5932 * :indentSize=2:tabSize=8:noTabs=true:
5933 */
Metzes wireshark repo