search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/samr/samr.cnf cnf_dissect_lsa_BinaryString => lsarpc_dissect_str...
[wireshark-sm.git] / epan / dissectors / packet-ldap.c
blobdd69e5e40ed59484302abedcd9dcc6bf9c71f478
1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
3 /* packet-ldap.c */
4 /* asn2wrs.py -b -q -L -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../.. Lightweight-Directory-Access-Protocol-V3.asn */
5
6 /* packet-ldap-template.c
7 * Routines for ldap packet dissection
8 *
9 * See RFC 3494 (LDAP v2), RFC 4511 (LDAP v3), and RFC 2222 (SASL).
10 *
11 * Wireshark - Network traffic analyzer
12 * By Gerald Combs <gerald@wireshark.org>
13 * Copyright 1998 Gerald Combs
14 *
15 * SPDX-License-Identifier: GPL-2.0-or-later
16 */
17
18 /*
19 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
20 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
21 * It's also missing extensible search filters.
22 *
23 * There should probably be a lot more error checking, I simply assume that if we have a full packet, it will be a complete
24 * and correct packet.
25 *
26 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
27 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
28 * I can do.
29 *
30 * Doug Nazar
31 * nazard@dragoninc.on.ca
32 */
33
34 /*
35 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
36 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
37 * TCP segments.
38 *
39 * Ronald W. Henderson
40 * ronald.henderson@cognicaseusa.com
41 */
42
43 /*
44 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
45 * using information from the SNIA 2003 conference paper :
46 * Active Directory Domain Controller Location Service
47 * by Anthony Liguori
48 * ronnie sahlberg
49 */
50
51 /*
52 * 17-DEC-2004 - added basic decoding for LDAP Controls
53 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
54 *
55 * Stefan Metzmacher <metze@samba.org>
56 *
57 * 15-NOV-2005 - Changed to use the asn2wrs compiler
58 * Anders Broman <anders.broman@ericsson.com>
59 */
60
61 /*
62 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
63 * Updated cldap_netlogon_flags to include Windows 2008 flags
64 * Expanded the ntver ldap option with bit field
65 *
66 * Gary Reynolds <gazzadownunder@yahoo.co.uk>
67 */
68
69 /*
70 * 09-DEC-2009 - Added support for RFC4533
71 * Content Synchronization Operation (aka syncrepl)
72 * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511)
73 * Mathieu Parent <math.parent@gmail.com>
74 */
75
76 #include "config.h"
77
78 #include <epan/packet.h>
79 #include <epan/exceptions.h>
80 #include <epan/conversation.h>
81 #include <epan/prefs.h>
82 #include <epan/tap.h>
83 #include <epan/srt_table.h>
84 #include <epan/oids.h>
85 #include <epan/strutil.h>
86 #include <epan/show_exception.h>
87 #include <epan/asn1.h>
88 #include <epan/proto_data.h>
89 #include <epan/expert.h>
90 #include <epan/uat.h>
91 #include <epan/charsets.h>
92 #include <epan/tfs.h>
93 #include <wsutil/str_util.h>
94 #include <wsutil/array.h>
95 #include "packet-frame.h"
96 #include "packet-tcp.h"
97 #include "packet-windows-common.h"
98 #include "packet-dcerpc.h"
99
100 #include "packet-ldap.h"
101 #include "packet-ntlmssp.h"
102 #include "packet-tls.h"
103 #include "packet-tls-utils.h"
104 #include "packet-gssapi.h"
105 #include "packet-acdr.h"
106
107 #include "packet-ber.h"
108 #include "packet-per.h"
109 #include "packet-dns.h"
110
111 #define PNAME "Lightweight Directory Access Protocol"
112 #define PSNAME "LDAP"
113 #define PFNAME "ldap"
114
115 void proto_register_ldap(void);
116 void proto_reg_handoff_ldap(void);
117
118 /* Initialize the protocol and registered fields */
119 static int ldap_tap;
120 static int proto_ldap;
121 static int proto_cldap;
122
123 static int hf_ldap_sasl_buffer_length;
124 static int hf_ldap_response_in;
125 static int hf_ldap_response_to;
126 static int hf_ldap_time;
127 static int hf_ldap_guid;
128
129 static int hf_mscldap_ntver_flags;
130 static int hf_mscldap_ntver_flags_v1;
131 static int hf_mscldap_ntver_flags_v5;
132 static int hf_mscldap_ntver_flags_v5ex;
133 static int hf_mscldap_ntver_flags_v5ep;
134 static int hf_mscldap_ntver_flags_vcs;
135 static int hf_mscldap_ntver_flags_vnt4;
136 static int hf_mscldap_ntver_flags_vpdc;
137 static int hf_mscldap_ntver_flags_vip;
138 static int hf_mscldap_ntver_flags_vl;
139 static int hf_mscldap_ntver_flags_vgc;
140
141 static int hf_mscldap_netlogon_ipaddress_family;
142 static int hf_mscldap_netlogon_ipaddress_port;
143 static int hf_mscldap_netlogon_ipaddress;
144 static int hf_mscldap_netlogon_ipaddress_ipv4;
145 static int hf_mscldap_netlogon_opcode;
146 static int hf_mscldap_netlogon_flags;
147 static int hf_mscldap_netlogon_flags_pdc;
148 static int hf_mscldap_netlogon_flags_gc;
149 static int hf_mscldap_netlogon_flags_ldap;
150 static int hf_mscldap_netlogon_flags_ds;
151 static int hf_mscldap_netlogon_flags_kdc;
152 static int hf_mscldap_netlogon_flags_timeserv;
153 static int hf_mscldap_netlogon_flags_closest;
154 static int hf_mscldap_netlogon_flags_writable;
155 static int hf_mscldap_netlogon_flags_good_timeserv;
156 static int hf_mscldap_netlogon_flags_ndnc;
157 static int hf_mscldap_netlogon_flags_fnc;
158 static int hf_mscldap_netlogon_flags_dnc;
159 static int hf_mscldap_netlogon_flags_dns;
160 static int hf_mscldap_netlogon_flags_wdc;
161 static int hf_mscldap_netlogon_flags_rodc;
162 static int hf_mscldap_domain_guid;
163 static int hf_mscldap_forest;
164 static int hf_mscldap_domain;
165 static int hf_mscldap_hostname;
166 static int hf_mscldap_nb_domain_z;
167 static int hf_mscldap_nb_domain;
168 static int hf_mscldap_nb_hostname_z;
169 static int hf_mscldap_nb_hostname;
170 static int hf_mscldap_username_z;
171 static int hf_mscldap_username;
172 static int hf_mscldap_sitename;
173 static int hf_mscldap_clientsitename;
174 static int hf_mscldap_netlogon_lm_token;
175 static int hf_mscldap_netlogon_nt_token;
176 static int hf_ldap_sid;
177 static int hf_ldap_AccessMask_ADS_CREATE_CHILD;
178 static int hf_ldap_AccessMask_ADS_DELETE_CHILD;
179 static int hf_ldap_AccessMask_ADS_LIST;
180 static int hf_ldap_AccessMask_ADS_SELF_WRITE;
181 static int hf_ldap_AccessMask_ADS_READ_PROP;
182 static int hf_ldap_AccessMask_ADS_WRITE_PROP;
183 static int hf_ldap_AccessMask_ADS_DELETE_TREE;
184 static int hf_ldap_AccessMask_ADS_LIST_OBJECT;
185 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS;
186 static int hf_ldap_LDAPMessage_PDU;
187 static int hf_ldap_object_security_flag;
188 static int hf_ldap_ancestor_first_flag;
189 static int hf_ldap_public_data_only_flag;
190 static int hf_ldap_incremental_value_flag;
191 static int hf_ldap_oid;
192 static int hf_ldap_gssapi_encrypted_payload;
193
194 static int hf_ldap_SearchControlValue_PDU; /* SearchControlValue */
195 static int hf_ldap_SortKeyList_PDU; /* SortKeyList */
196 static int hf_ldap_SortResult_PDU; /* SortResult */
197 static int hf_ldap_DirSyncControlValue_PDU; /* DirSyncControlValue */
198 static int hf_ldap_PasswdModifyRequestValue_PDU; /* PasswdModifyRequestValue */
199 static int hf_ldap_CancelRequestValue_PDU; /* CancelRequestValue */
200 static int hf_ldap_SyncRequestValue_PDU; /* SyncRequestValue */
201 static int hf_ldap_SyncStateValue_PDU; /* SyncStateValue */
202 static int hf_ldap_SyncDoneValue_PDU; /* SyncDoneValue */
203 static int hf_ldap_SyncInfoValue_PDU; /* SyncInfoValue */
204 static int hf_ldap_PasswordPolicyResponseValue_PDU; /* PasswordPolicyResponseValue */
205 static int hf_ldap_messageID; /* MessageID */
206 static int hf_ldap_protocolOp; /* ProtocolOp */
207 static int hf_ldap_controls; /* Controls */
208 static int hf_ldap_bindRequest; /* BindRequest */
209 static int hf_ldap_bindResponse; /* BindResponse */
210 static int hf_ldap_unbindRequest; /* UnbindRequest */
211 static int hf_ldap_searchRequest; /* SearchRequest */
212 static int hf_ldap_searchResEntry; /* SearchResultEntry */
213 static int hf_ldap_searchResDone; /* SearchResultDone */
214 static int hf_ldap_searchResRef; /* SearchResultReference */
215 static int hf_ldap_modifyRequest; /* ModifyRequest */
216 static int hf_ldap_modifyResponse; /* ModifyResponse */
217 static int hf_ldap_addRequest; /* AddRequest */
218 static int hf_ldap_addResponse; /* AddResponse */
219 static int hf_ldap_delRequest; /* DelRequest */
220 static int hf_ldap_delResponse; /* DelResponse */
221 static int hf_ldap_modDNRequest; /* ModifyDNRequest */
222 static int hf_ldap_modDNResponse; /* ModifyDNResponse */
223 static int hf_ldap_compareRequest; /* CompareRequest */
224 static int hf_ldap_compareResponse; /* CompareResponse */
225 static int hf_ldap_abandonRequest; /* AbandonRequest */
226 static int hf_ldap_extendedReq; /* ExtendedRequest */
227 static int hf_ldap_extendedResp; /* ExtendedResponse */
228 static int hf_ldap_intermediateResponse; /* IntermediateResponse */
229 static int hf_ldap_AttributeDescriptionList_item; /* AttributeDescription */
230 static int hf_ldap_attributeDesc; /* AttributeDescription */
231 static int hf_ldap_assertionValue; /* AssertionValue */
232 static int hf_ldap_type; /* AttributeDescription */
233 static int hf_ldap_vals; /* SET_OF_AttributeValue */
234 static int hf_ldap_vals_item; /* AttributeValue */
235 static int hf_ldap_resultCode; /* T_resultCode */
236 static int hf_ldap_matchedDN; /* LDAPDN */
237 static int hf_ldap_errorMessage; /* ErrorMessage */
238 static int hf_ldap_referral; /* Referral */
239 static int hf_ldap_Referral_item; /* LDAPURL */
240 static int hf_ldap_Controls_item; /* Control */
241 static int hf_ldap_controlType; /* ControlType */
242 static int hf_ldap_criticality; /* BOOLEAN */
243 static int hf_ldap_controlValue; /* T_controlValue */
244 static int hf_ldap_version; /* INTEGER_1_127 */
245 static int hf_ldap_name; /* LDAPDN */
246 static int hf_ldap_authentication; /* AuthenticationChoice */
247 static int hf_ldap_simple; /* Simple */
248 static int hf_ldap_sasl; /* SaslCredentials */
249 static int hf_ldap_ntlmsspNegotiate; /* T_ntlmsspNegotiate */
250 static int hf_ldap_ntlmsspAuth; /* T_ntlmsspAuth */
251 static int hf_ldap_mechanism; /* Mechanism */
252 static int hf_ldap_credentials; /* Credentials */
253 static int hf_ldap_bindResponse_resultCode; /* BindResponse_resultCode */
254 static int hf_ldap_bindResponse_matchedDN; /* T_bindResponse_matchedDN */
255 static int hf_ldap_serverSaslCreds; /* ServerSaslCreds */
256 static int hf_ldap_baseObject; /* LDAPDN */
257 static int hf_ldap_scope; /* T_scope */
258 static int hf_ldap_derefAliases; /* T_derefAliases */
259 static int hf_ldap_sizeLimit; /* INTEGER_0_maxInt */
260 static int hf_ldap_timeLimit; /* INTEGER_0_maxInt */
261 static int hf_ldap_typesOnly; /* BOOLEAN */
262 static int hf_ldap_filter; /* T_filter */
263 static int hf_ldap_searchRequest_attributes; /* AttributeDescriptionList */
264 static int hf_ldap_and; /* T_and */
265 static int hf_ldap_and_item; /* T_and_item */
266 static int hf_ldap_or; /* T_or */
267 static int hf_ldap_or_item; /* T_or_item */
268 static int hf_ldap_not; /* T_not */
269 static int hf_ldap_equalityMatch; /* T_equalityMatch */
270 static int hf_ldap_substrings; /* SubstringFilter */
271 static int hf_ldap_greaterOrEqual; /* T_greaterOrEqual */
272 static int hf_ldap_lessOrEqual; /* T_lessOrEqual */
273 static int hf_ldap_present; /* T_present */
274 static int hf_ldap_approxMatch; /* T_approxMatch */
275 static int hf_ldap_extensibleMatch; /* T_extensibleMatch */
276 static int hf_ldap_substringFilter_substrings; /* T_substringFilter_substrings */
277 static int hf_ldap_substringFilter_substrings_item; /* T_substringFilter_substrings_item */
278 static int hf_ldap_initial; /* LDAPString */
279 static int hf_ldap_any; /* LDAPString */
280 static int hf_ldap_final; /* LDAPString */
281 static int hf_ldap_matchingRule; /* MatchingRuleId */
282 static int hf_ldap_matchValue; /* AssertionValue */
283 static int hf_ldap_dnAttributes; /* T_dnAttributes */
284 static int hf_ldap_objectName; /* LDAPDN */
285 static int hf_ldap_searchResultEntry_attributes; /* PartialAttributeList */
286 static int hf_ldap_PartialAttributeList_item; /* PartialAttributeList_item */
287 static int hf_ldap__untag_item; /* LDAPURL */
288 static int hf_ldap_object; /* LDAPDN */
289 static int hf_ldap_modifyRequest_modification; /* ModifyRequest_modification */
290 static int hf_ldap_modifyRequest_modification_item; /* T_modifyRequest_modification_item */
291 static int hf_ldap_operation; /* T_operation */
292 static int hf_ldap_modification; /* AttributeTypeAndValues */
293 static int hf_ldap_entry; /* LDAPDN */
294 static int hf_ldap_attributes; /* AttributeList */
295 static int hf_ldap_AttributeList_item; /* AttributeList_item */
296 static int hf_ldap_newrdn; /* RelativeLDAPDN */
297 static int hf_ldap_deleteoldrdn; /* BOOLEAN */
298 static int hf_ldap_newSuperior; /* LDAPDN */
299 static int hf_ldap_ava; /* AttributeValueAssertion */
300 static int hf_ldap_requestName; /* LDAPOID */
301 static int hf_ldap_requestValue; /* T_requestValue */
302 static int hf_ldap_extendedResponse_resultCode; /* ExtendedResponse_resultCode */
303 static int hf_ldap_responseName; /* ResponseName */
304 static int hf_ldap_response; /* OCTET_STRING */
305 static int hf_ldap_intermediateResponse_responseValue; /* T_intermediateResponse_responseValue */
306 static int hf_ldap_size; /* INTEGER */
307 static int hf_ldap_cookie; /* OCTET_STRING */
308 static int hf_ldap_SortKeyList_item; /* SortKeyList_item */
309 static int hf_ldap_attributeType; /* AttributeDescription */
310 static int hf_ldap_orderingRule; /* MatchingRuleId */
311 static int hf_ldap_reverseOrder; /* BOOLEAN */
312 static int hf_ldap_sortResult; /* T_sortResult */
313 static int hf_ldap_flags; /* DirSyncFlags */
314 static int hf_ldap_maxBytes; /* INTEGER */
315 static int hf_ldap_userIdentity; /* OCTET_STRING */
316 static int hf_ldap_oldPasswd; /* OCTET_STRING */
317 static int hf_ldap_newPasswd; /* OCTET_STRING */
318 static int hf_ldap_cancelID; /* MessageID */
319 static int hf_ldap_mode; /* T_mode */
320 static int hf_ldap_reloadHint; /* BOOLEAN */
321 static int hf_ldap_state; /* T_state */
322 static int hf_ldap_entryUUID; /* SyncUUID */
323 static int hf_ldap_refreshDeletes; /* BOOLEAN */
324 static int hf_ldap_newcookie; /* OCTET_STRING */
325 static int hf_ldap_refreshDelete; /* T_refreshDelete */
326 static int hf_ldap_refreshDone; /* BOOLEAN */
327 static int hf_ldap_refreshPresent; /* T_refreshPresent */
328 static int hf_ldap_syncIdSet; /* T_syncIdSet */
329 static int hf_ldap_syncUUIDs; /* SET_OF_SyncUUID */
330 static int hf_ldap_syncUUIDs_item; /* SyncUUID */
331 static int hf_ldap_warning; /* T_warning */
332 static int hf_ldap_timeBeforeExpiration; /* INTEGER_0_maxInt */
333 static int hf_ldap_graceAuthNsRemaining; /* INTEGER_0_maxInt */
334 static int hf_ldap_error; /* T_error */
335
336 /* Initialize the subtree pointers */
337 static int ett_ldap;
338 static int ett_ldap_msg;
339 static int ett_ldap_sasl_blob;
340 static int ett_ldap_payload;
341 static int ett_mscldap_netlogon_flags;
342 static int ett_mscldap_ntver_flags;
343 static int ett_mscldap_ipdetails;
344 static int ett_ldap_DirSyncFlagsSubEntry;
345
346 static int ett_ldap_LDAPMessage;
347 static int ett_ldap_ProtocolOp;
348 static int ett_ldap_AttributeDescriptionList;
349 static int ett_ldap_AttributeValueAssertion;
350 static int ett_ldap_Attribute;
351 static int ett_ldap_SET_OF_AttributeValue;
352 static int ett_ldap_LDAPResult;
353 static int ett_ldap_Referral;
354 static int ett_ldap_Controls;
355 static int ett_ldap_Control;
356 static int ett_ldap_BindRequest_U;
357 static int ett_ldap_AuthenticationChoice;
358 static int ett_ldap_SaslCredentials;
359 static int ett_ldap_BindResponse_U;
360 static int ett_ldap_SearchRequest_U;
361 static int ett_ldap_Filter;
362 static int ett_ldap_T_and;
363 static int ett_ldap_T_or;
364 static int ett_ldap_SubstringFilter;
365 static int ett_ldap_T_substringFilter_substrings;
366 static int ett_ldap_T_substringFilter_substrings_item;
367 static int ett_ldap_MatchingRuleAssertion;
368 static int ett_ldap_SearchResultEntry_U;
369 static int ett_ldap_PartialAttributeList;
370 static int ett_ldap_PartialAttributeList_item;
371 static int ett_ldap_SEQUENCE_OF_LDAPURL;
372 static int ett_ldap_ModifyRequest_U;
373 static int ett_ldap_ModifyRequest_modification;
374 static int ett_ldap_T_modifyRequest_modification_item;
375 static int ett_ldap_AttributeTypeAndValues;
376 static int ett_ldap_AddRequest_U;
377 static int ett_ldap_AttributeList;
378 static int ett_ldap_AttributeList_item;
379 static int ett_ldap_ModifyDNRequest_U;
380 static int ett_ldap_CompareRequest_U;
381 static int ett_ldap_ExtendedRequest_U;
382 static int ett_ldap_ExtendedResponse_U;
383 static int ett_ldap_IntermediateResponse_U;
384 static int ett_ldap_SearchControlValue;
385 static int ett_ldap_SortKeyList;
386 static int ett_ldap_SortKeyList_item;
387 static int ett_ldap_SortResult;
388 static int ett_ldap_DirSyncControlValue;
389 static int ett_ldap_PasswdModifyRequestValue;
390 static int ett_ldap_CancelRequestValue;
391 static int ett_ldap_SyncRequestValue;
392 static int ett_ldap_SyncStateValue;
393 static int ett_ldap_SyncDoneValue;
394 static int ett_ldap_SyncInfoValue;
395 static int ett_ldap_T_refreshDelete;
396 static int ett_ldap_T_refreshPresent;
397 static int ett_ldap_T_syncIdSet;
398 static int ett_ldap_SET_OF_SyncUUID;
399 static int ett_ldap_PasswordPolicyResponseValue;
400 static int ett_ldap_T_warning;
401
402 static expert_field ei_ldap_exceeded_filter_length;
403 static expert_field ei_ldap_too_many_filter_elements;
404
405 static dissector_table_t ldap_name_dissector_table;
406 static const char *object_identifier_id; /* LDAP OID */
407
408 static bool do_protocolop;
409 static char *attr_type;
410 static bool is_binary_attr_type;
411 static bool ldap_found_in_frame;
412
413 #define TCP_PORT_RANGE_LDAP "389,3268" /* 3268 is Windows 2000 Global Catalog */
414 #define TCP_PORT_LDAPS 636
415 #define UDP_PORT_CLDAP 389
416
417 /* desegmentation of LDAP */
418 static bool ldap_desegment = true;
419 static unsigned global_ldaps_tcp_port = TCP_PORT_LDAPS;
420 static unsigned ssl_port;
421
422 static dissector_handle_t gssapi_handle;
423 static dissector_handle_t gssapi_wrap_handle;
424 static dissector_handle_t ntlmssp_handle;
425 static dissector_handle_t spnego_handle;
426 static dissector_handle_t tls_handle;
427 static dissector_handle_t ldap_handle;
428 static dissector_handle_t cldap_handle;
429
430 static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
431
432
433 /* different types of rpc calls ontop of ms cldap */
434 #define MSCLDAP_RPC_NETLOGON 1
435
436 /* Message type Choice values */
437 static const value_string ldap_ProtocolOp_choice_vals[] = {
438 { 0, "bindRequest" },
439 { 1, "bindResponse" },
440 { 2, "unbindRequest" },
441 { 3, "searchRequest" },
442 { 4, "searchResEntry" },
443 { 5, "searchResDone" },
444 { 6, "searchResRef" },
445 { 7, "modifyRequest" },
446 { 8, "modifyResponse" },
447 { 9, "addRequest" },
448 { 10, "addResponse" },
449 { 11, "delRequest" },
450 { 12, "delResponse" },
451 { 13, "modDNRequest" },
452 { 14, "modDNResponse" },
453 { 15, "compareRequest" },
454 { 16, "compareResponse" },
455 { 17, "abandonRequest" },
456 { 18, "extendedReq" },
457 { 19, "extendedResp" },
458 { 20, "intermediateResponse" },
459 { 0, NULL }
460 };
461
462 /* Procedure names (used in Service Response Time */
463 const value_string ldap_procedure_names[] = {
464 { 0, "Bind" },
465 { 3, "Search" },
466 { 6, "Modify" },
467 { 8, "Add" },
468 { 10, "Delete" },
469 { 12, "Modrdn" },
470 { 14, "Compare" },
471 { 23, "Extended" },
472 { 0, NULL }
473 };
474
475 #define LOGON_PRIMARY_QUERY 7
476 #define LOGON_PRIMARY_RESPONSE 12
477 #define LOGON_SAM_LOGON_REQUEST 18
478 #define LOGON_SAM_LOGON_RESPONSE 19
479 #define LOGON_SAM_PAUSE_RESPONSE 20
480 #define LOGON_SAM_USER_UNKNOWN 21
481 #define LOGON_SAM_LOGON_RESPONSE_EX 23
482 #define LOGON_SAM_PAUSE_RESPONSE_EX 24
483 #define LOGON_SAM_USER_UNKNOWN_EX 25
484
485 static const value_string netlogon_opcode_vals[] = {
486 { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" },
487 { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" },
488 { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" },
489 { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" },
490 { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" },
491 { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" },
492 { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" },
493 { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" },
494 { 0, NULL }
495 };
496
497 #define LDAP_NUM_PROCEDURES 24
498
499 static void
500 ldapstat_init(struct register_srt* srt _U_, GArray* srt_array)
501 {
502 srt_stat_table *ldap_srt_table;
503 uint32_t i;
504
505 ldap_srt_table = init_srt_table("LDAP Commands", NULL, srt_array, LDAP_NUM_PROCEDURES, NULL, "ldap.protocolOp", NULL);
506 for (i = 0; i < LDAP_NUM_PROCEDURES; i++)
507 {
508 init_srt_table_row(ldap_srt_table, i, val_to_str_const(i, ldap_procedure_names, "<unknown>"));
509 }
510 }
511
512 static tap_packet_status
513 ldapstat_packet(void *pldap, packet_info *pinfo, epan_dissect_t *edt _U_, const void *psi, tap_flags_t flags _U_)
514 {
515 unsigned i = 0;
516 srt_stat_table *ldap_srt_table;
517 const ldap_call_response_t *ldap=(const ldap_call_response_t *)psi;
518 srt_data_t *data = (srt_data_t *)pldap;
519
520 /* we are only interested in reply packets */
521 if(ldap->is_request){
522 return TAP_PACKET_DONT_REDRAW;
523 }
524 /* if we haven't seen the request, just ignore it */
525 if(!ldap->req_frame){
526 return TAP_PACKET_DONT_REDRAW;
527 }
528
529 /* only use the commands we know how to handle */
530 switch(ldap->protocolOpTag){
531 case LDAP_REQ_BIND:
532 case LDAP_REQ_SEARCH:
533 case LDAP_REQ_MODIFY:
534 case LDAP_REQ_ADD:
535 case LDAP_REQ_DELETE:
536 case LDAP_REQ_MODRDN:
537 case LDAP_REQ_COMPARE:
538 case LDAP_REQ_EXTENDED:
539 break;
540 default:
541 return TAP_PACKET_DONT_REDRAW;
542 }
543
544 ldap_srt_table = g_array_index(data->srt_array, srt_stat_table*, i);
545
546 add_srt_table_data(ldap_srt_table, ldap->protocolOpTag, &ldap->req_time, pinfo);
547 return TAP_PACKET_REDRAW;
548 }
549
550 /*
551 * Data structure attached to a conversation, giving authentication
552 * information from a bind request.
553 */
554 typedef struct ldap_conv_info_t {
555 unsigned auth_type; /* authentication type */
556 char *auth_mech; /* authentication mechanism */
557 uint32_t first_auth_frame; /* first frame that would use a security layer */
558 wmem_map_t *unmatched;
559 wmem_map_t *matched;
560 bool is_mscldap;
561 uint32_t num_results;
562 bool start_tls_pending;
563 uint32_t start_tls_frame;
564 } ldap_conv_info_t;
565
566 static unsigned
567 ldap_info_hash_matched(const void *k)
568 {
569 const ldap_call_response_t *key = (const ldap_call_response_t *)k;
570
571 return key->messageId;
572 }
573
574 static int
575 ldap_info_equal_matched(const void *k1, const void *k2)
576 {
577 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
578 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
579
580 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
581 return 0;
582 }
583 /* a response may span multiple frames
584 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
585 return 0;
586 }
587 */
588
589 return key1->messageId==key2->messageId;
590 }
591
592 static unsigned
593 ldap_info_hash_unmatched(const void *k)
594 {
595 const ldap_call_response_t *key = (const ldap_call_response_t*)k;
596
597 return key->messageId;
598 }
599
600 static int
601 ldap_info_equal_unmatched(const void *k1, const void *k2)
602 {
603 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
604 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
605
606 return key1->messageId==key2->messageId;
607 }
608
609
610 /* These are the NtVer flags from MS-ADTS section 6.3.1.1
611 * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts
612 */
613
614 static const true_false_string tfs_ntver_v1 = {
615 "Client requested version 1 netlogon response",
616 "Version 1 netlogon response not requested"
617 };
618
619 static const true_false_string tfs_ntver_v5 = {
620 "Client requested version 5 netlogon response",
621 "Version 5 netlogon response not requested"
622 };
623 static const true_false_string tfs_ntver_v5ex = {
624 "Client requested version 5 extended netlogon response",
625 "Version 5 extended response not requested"
626 };
627 static const true_false_string tfs_ntver_v5ep = {
628 "Client has requested IP address of the server",
629 "IP address of server not requested"
630 };
631 static const true_false_string tfs_ntver_vcs = {
632 "Client has asked for the closest site information",
633 "Closest site information not requested"
634 };
635 static const true_false_string tfs_ntver_vnt4 = {
636 "Client is requesting server to avoid NT4 emulation",
637 "Only full AD DS requested"
638 };
639 static const true_false_string tfs_ntver_vpdc = {
640 "Client has requested the Primary Domain Controller",
641 "Primary Domain Controller not requested"
642 };
643 static const true_false_string tfs_ntver_vip = {
644 "Client has requested IP details (obsolete)",
645 "IP details not requested (obsolete)"
646 };
647 static const true_false_string tfs_ntver_vl = {
648 "Client indicated that it is the local machine",
649 "Client is not the local machine"
650 };static const true_false_string tfs_ntver_vgc = {
651 "Client has requested a Global Catalog server",
652 "Global Catalog not requested"
653 };
654
655 /* Stuff for generation/handling of fields for custom AttributeValues */
656 typedef struct _attribute_type_t {
657 char* attribute_type;
658 char* attribute_desc;
659 } attribute_type_t;
660
661 static attribute_type_t* attribute_types;
662 static unsigned num_attribute_types;
663
664 static GHashTable* attribute_types_hash;
665 static hf_register_info* dynamic_hf;
666 static unsigned dynamic_hf_size;
667
668 static bool
669 attribute_types_update_cb(void *r, char **err)
670 {
671 attribute_type_t *rec = (attribute_type_t *)r;
672 char c;
673
674 if (rec->attribute_type == NULL) {
675 *err = g_strdup("Attribute type can't be empty");
676 return false;
677 }
678
679 g_strstrip(rec->attribute_type);
680 if (rec->attribute_type[0] == 0) {
681 *err = g_strdup("Attribute type can't be empty");
682 return false;
683 }
684
685 /* Check for invalid characters (to avoid asserting out when
686 * registering the field).
687 */
688 c = proto_check_field_name(rec->attribute_type);
689 if (c) {
690 *err = ws_strdup_printf("Attribute type can't contain '%c'", c);
691 return false;
692 }
693
694 *err = NULL;
695 return true;
696 }
697
698 static void *
699 attribute_types_copy_cb(void* n, const void* o, size_t siz _U_)
700 {
701 attribute_type_t* new_rec = (attribute_type_t*)n;
702 const attribute_type_t* old_rec = (const attribute_type_t*)o;
703
704 new_rec->attribute_type = g_strdup(old_rec->attribute_type);
705 new_rec->attribute_desc = g_strdup(old_rec->attribute_desc);
706
707 return new_rec;
708 }
709
710 static void
711 attribute_types_free_cb(void*r)
712 {
713 attribute_type_t* rec = (attribute_type_t*)r;
714
715 g_free(rec->attribute_type);
716 g_free(rec->attribute_desc);
717 }
718
719 UAT_CSTRING_CB_DEF(attribute_types, attribute_type, attribute_type_t)
720 UAT_CSTRING_CB_DEF(attribute_types, attribute_desc, attribute_type_t)
721
722 /*
723 *
724 */
725 static int*
726 get_hf_for_header(char* attribute_type)
727 {
728 int* hf_id = NULL;
729
730 if (attribute_types_hash) {
731 hf_id = (int*) g_hash_table_lookup(attribute_types_hash, attribute_type);
732 } else {
733 hf_id = NULL;
734 }
735
736 return hf_id;
737 }
738
739 /*
740 *
741 */
742 static void
743 deregister_attribute_types(void)
744 {
745 if (dynamic_hf) {
746 /* Deregister all fields */
747 for (unsigned i = 0; i < dynamic_hf_size; i++) {
748 proto_deregister_field (proto_ldap, *(dynamic_hf[i].p_id));
749 g_free (dynamic_hf[i].p_id);
750 }
751
752 proto_add_deregistered_data (dynamic_hf);
753 dynamic_hf = NULL;
754 dynamic_hf_size = 0;
755 }
756
757 if (attribute_types_hash) {
758 g_hash_table_destroy (attribute_types_hash);
759 attribute_types_hash = NULL;
760 }
761 }
762
763 static void
764 attribute_types_post_update_cb(void)
765 {
766 int* hf_id;
767 char* attribute_type;
768
769 deregister_attribute_types();
770
771 if (num_attribute_types) {
772 attribute_types_hash = g_hash_table_new(g_str_hash, g_str_equal);
773 dynamic_hf = g_new0(hf_register_info,num_attribute_types);
774 dynamic_hf_size = num_attribute_types;
775
776 for (unsigned i = 0; i < dynamic_hf_size; i++) {
777 hf_id = g_new(int,1);
778 *hf_id = -1;
779 attribute_type = g_strdup(attribute_types[i].attribute_type);
780
781 dynamic_hf[i].p_id = hf_id;
782 dynamic_hf[i].hfinfo.name = attribute_type;
783 dynamic_hf[i].hfinfo.abbrev = ws_strdup_printf("ldap.AttributeValue.%s", attribute_type);
784 dynamic_hf[i].hfinfo.type = FT_STRING;
785 dynamic_hf[i].hfinfo.display = BASE_NONE;
786 dynamic_hf[i].hfinfo.strings = NULL;
787 dynamic_hf[i].hfinfo.bitmask = 0;
788 dynamic_hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc);
789 HFILL_INIT(dynamic_hf[i]);
790
791 g_hash_table_insert(attribute_types_hash, attribute_type, hf_id);
792 }
793
794 proto_register_field_array(proto_ldap, dynamic_hf, dynamic_hf_size);
795 }
796 }
797
798 static void
799 attribute_types_reset_cb(void)
800 {
801 deregister_attribute_types();
802 }
803
804 /* MS-ADTS specification, section 6.3.1.1, NETLOGON_NT_VERSION Options Bits */
805 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
806 {
807 static int * const flags[] = {
808 &hf_mscldap_ntver_flags_v1,
809 &hf_mscldap_ntver_flags_v5,
810 &hf_mscldap_ntver_flags_v5ex,
811 &hf_mscldap_ntver_flags_v5ep,
812 &hf_mscldap_ntver_flags_vcs,
813 &hf_mscldap_ntver_flags_vnt4,
814 &hf_mscldap_ntver_flags_vpdc,
815 &hf_mscldap_ntver_flags_vip,
816 &hf_mscldap_ntver_flags_vl,
817 &hf_mscldap_ntver_flags_vgc,
818 NULL
819 };
820
821 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_ntver_flags,
822 ett_mscldap_ntver_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
823 offset += 4;
824
825 return offset;
826 }
827
828 /* This string contains the last LDAPString that was decoded */
829 static const char *attributedesc_string;
830
831 /* This string contains the last AssertionValue that was decoded */
832 static char *ldapvalue_string;
833
834 /* if the octet string contain all printable ASCII characters, then
835 * display it as a string, othervise just display it in hex.
836 */
837 static int
838 dissect_ldap_AssertionValue(bool implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
839 {
840 int8_t ber_class;
841 bool pc, ind, is_ascii;
842 int32_t tag;
843 uint32_t len;
844
845 if(!implicit_tag){
846 offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
847 offset=get_ber_length(tvb, offset, &len, &ind);
848 } else {
849 len=tvb_reported_length_remaining(tvb,offset);
850 }
851
852 if(len==0){
853 return offset;
854 }
855
856
857 /*
858 * Some special/wellknown attributes in common LDAP (read AD)
859 * are neither ascii strings nor blobs of hex data.
860 * Special case these attributes and decode them more nicely.
861 *
862 * Add more special cases as required to prettify further
863 * (there can't be that many ones that are truly interesting)
864 */
865 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
866 tvbuff_t *sid_tvb;
867 char *tmpstr;
868
869 /* this octet string contains an NT SID */
870 sid_tvb=tvb_new_subset_length(tvb, offset, len);
871 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
872 ldapvalue_string=tmpstr;
873
874 goto finished;
875 } else if ( (len==16) /* GUIDs are always 16 bytes */
876 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
877 uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
878 e_guid_t uuid;
879
880 /* This octet string contained a GUID */
881 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
882
883 ldapvalue_string=(char*)wmem_alloc(actx->pinfo->pool, 1024);
884 snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
885 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
886 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
887 uuid.data4[6], uuid.data4[7]);
888
889 goto finished;
890 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
891 uint32_t flags;
892
893 len = 0;
894 /* get flag value to populate ldapvalue_string */
895 flags=tvb_get_letohl(tvb, offset);
896
897 ldapvalue_string=(char*)wmem_alloc(actx->pinfo->pool, 1024);
898 snprintf(ldapvalue_string, 1023, "0x%08x",flags);
899
900 /* populate bitmask subtree */
901 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
902
903 goto finished;
904
905
906 }
907
908 /*
909 * It was not one of our "wellknown" attributes so make the best
910 * we can and just try to see if it is an ascii string or if it
911 * is a binary blob.
912 *
913 * XXX - should we support reading RFC 2252-style schemas
914 * for LDAP, and using that to determine how to display
915 * attribute values and assertion values?
916 *
917 * -- I don't think there are full schemas available that describe the
918 * interesting cases i.e. AD -- ronnie
919 */
920 is_ascii=tvb_ascii_isprint(tvb, offset, len);
921
922 /* convert the string into a printable string */
923 if(is_ascii){
924 ldapvalue_string= tvb_get_string_enc(actx->pinfo->pool, tvb, offset, len, ENC_UTF_8|ENC_NA);
925 } else {
926 ldapvalue_string= tvb_bytes_to_str_punct(actx->pinfo->pool, tvb, offset, len, ':');
927 }
928
929 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
930
931
932 finished:
933 offset+=len;
934 return offset;
935 }
936
937 /* This string contains the last Filter item that was decoded */
938 static const char *Filter_string;
939 static const char *and_filter_string;
940 static const char *or_filter_string;
941 static const char *substring_value;
942 static const char *substring_item_init;
943 static const char *substring_item_any;
944 static const char *substring_item_final;
945 static const char *matching_rule_string;
946 static bool matching_rule_dnattr=false;
947
948 #define MAX_FILTER_LEN 4096
949 static int Filter_length;
950
951 #define MAX_FILTER_ELEMENTS 200
952 static int Filter_elements;
953
954 /* Global variables */
955 static int MessageID =-1;
956 static int ProtocolOp = -1;
957 static int result;
958 static proto_item *ldm_tree; /* item to add text to */
959
960 static void ldap_do_protocolop(packet_info *pinfo)
961 {
962 const char* valstr;
963
964 if (do_protocolop) {
965
966 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%u)");
967
968 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
969
970 if(ldm_tree)
971 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
972
973 do_protocolop = false;
974
975 }
976 }
977
978 static ldap_call_response_t *
979 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, unsigned messageId, unsigned protocolOpTag, ldap_conv_info_t *ldap_info)
980 {
981 ldap_call_response_t lcr, *lcrp=NULL;
982
983 /* first see if we have already matched this */
984
985 lcr.messageId=messageId;
986 switch(protocolOpTag){
987 case LDAP_REQ_BIND:
988 case LDAP_REQ_SEARCH:
989 case LDAP_REQ_MODIFY:
990 case LDAP_REQ_ADD:
991 case LDAP_REQ_DELETE:
992 case LDAP_REQ_MODRDN:
993 case LDAP_REQ_COMPARE:
994 case LDAP_REQ_EXTENDED:
995 lcr.is_request=true;
996 lcr.req_frame=pinfo->num;
997 lcr.rep_frame=0;
998 break;
999 case LDAP_RES_BIND:
1000 case LDAP_RES_SEARCH_ENTRY:
1001 case LDAP_RES_SEARCH_REF:
1002 case LDAP_RES_SEARCH_RESULT:
1003 case LDAP_RES_MODIFY:
1004 case LDAP_RES_ADD:
1005 case LDAP_RES_DELETE:
1006 case LDAP_RES_MODRDN:
1007 case LDAP_RES_COMPARE:
1008 case LDAP_RES_EXTENDED:
1009 case LDAP_RES_INTERMEDIATE:
1010 lcr.is_request=false;
1011 lcr.req_frame=0;
1012 lcr.rep_frame=pinfo->num;
1013 break;
1014 default:
1015 return NULL;
1016 }
1017 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->matched, &lcr);
1018
1019 if(lcrp){
1020
1021 lcrp->is_request=lcr.is_request;
1022
1023 } else {
1024
1025 /* we haven't found a match - try and match it up */
1026
1027 switch(protocolOpTag){
1028 case LDAP_REQ_BIND:
1029 case LDAP_REQ_SEARCH:
1030 case LDAP_REQ_MODIFY:
1031 case LDAP_REQ_ADD:
1032 case LDAP_REQ_DELETE:
1033 case LDAP_REQ_MODRDN:
1034 case LDAP_REQ_COMPARE:
1035 case LDAP_REQ_EXTENDED:
1036
1037 /* this is a request - add it to the unmatched list */
1038
1039 /* check that we don't already have one of those in the
1040 unmatched list and if so remove it */
1041
1042 lcr.messageId=messageId;
1043 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr);
1044 if(lcrp){
1045 wmem_map_remove(ldap_info->unmatched, lcrp);
1046 }
1047 /* if we can't reuse the old one, grab a new chunk */
1048 if(!lcrp){
1049 lcrp=wmem_new0(wmem_file_scope(), ldap_call_response_t);
1050 }
1051 lcrp->messageId=messageId;
1052 lcrp->req_frame=pinfo->num;
1053 lcrp->req_time=pinfo->abs_ts;
1054 lcrp->rep_frame=0;
1055 lcrp->protocolOpTag=protocolOpTag;
1056 lcrp->is_request=true;
1057 wmem_map_insert(ldap_info->unmatched, lcrp, lcrp);
1058 return NULL;
1059 case LDAP_RES_BIND:
1060 case LDAP_RES_SEARCH_ENTRY:
1061 case LDAP_RES_SEARCH_REF:
1062 case LDAP_RES_SEARCH_RESULT:
1063 case LDAP_RES_MODIFY:
1064 case LDAP_RES_ADD:
1065 case LDAP_RES_DELETE:
1066 case LDAP_RES_MODRDN:
1067 case LDAP_RES_COMPARE:
1068 case LDAP_RES_EXTENDED:
1069 case LDAP_RES_INTERMEDIATE:
1070
1071 /* this is a result - it should be in our unmatched list */
1072
1073 lcr.messageId=messageId;
1074 lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr);
1075
1076 if(lcrp){
1077
1078 if(!lcrp->rep_frame){
1079 wmem_map_remove(ldap_info->unmatched, lcrp);
1080 lcrp->rep_frame=pinfo->num;
1081 lcrp->is_request=false;
1082 wmem_map_insert(ldap_info->matched, lcrp, lcrp);
1083 }
1084 }
1085
1086 break;
1087 }
1088
1089 }
1090 /* we have found a match */
1091
1092 if(lcrp){
1093 proto_item *it;
1094
1095 if(lcrp->is_request){
1096 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
1097 proto_item_set_generated(it);
1098 } else {
1099 nstime_t ns;
1100 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
1101 proto_item_set_generated(it);
1102 nstime_delta(&ns, &pinfo->abs_ts, &lcrp->req_time);
1103 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
1104 proto_item_set_generated(it);
1105 }
1106 }
1107
1108 return lcrp;
1109 }
1110
1111 /*--- Cyclic dependencies ---*/
1112
1113 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
1114 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
1115 /* Filter -> Filter/not -> Filter */
1116 static int dissect_ldap_Filter(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
1117
1118
1119
1120
1121 static int
1122 dissect_ldap_MessageID(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1123
1124 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1125 &MessageID);
1126
1127
1128 ldm_tree = tree;
1129
1130
1131 return offset;
1132 }
1133
1134
1135
1136 static int
1137 dissect_ldap_INTEGER_1_127(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1138 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1139 NULL);
1140
1141 return offset;
1142 }
1143
1144
1145
1146 static int
1147 dissect_ldap_LDAPString(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1148 tvbuff_t *parameter_tvb = NULL;
1149 const char *ldapstring = NULL;
1150 char *sc = NULL; /* semi-colon pointer */
1151
1152 offset = dissect_ber_octet_string_with_encoding(implicit_tag, actx, tree, tvb, offset, hf_index,
1153 &parameter_tvb, ENC_UTF_8|ENC_NA);
1154
1155 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
1156
1157 ldap_do_protocolop(actx->pinfo);
1158
1159 if(parameter_tvb)
1160 ldapstring = tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
1161
1162 if(hf_index == hf_ldap_baseObject) {
1163 /* this is search - put it on the scanline */
1164 if(!ldapstring || !*ldapstring)
1165 ldapstring = "<ROOT>";
1166
1167 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring)));
1168
1169 if(ldm_tree)
1170 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1171
1172
1173 if(!parameter_tvb) {
1174
1175 proto_item_append_text(actx->created_item, " (%s)", ldapstring);
1176 }
1177
1178 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
1179 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring)));
1180
1181 if(ldm_tree)
1182 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
1183
1184 } else if ((hf_index == hf_ldap_objectName) ||
1185 (hf_index == hf_ldap_name) ||
1186 (hf_index == hf_ldap_entry) ||
1187 (hf_index == hf_ldap_object) ||
1188 (hf_index == hf_ldap_delRequest) ) {
1189
1190 if(!ldapstring || !*ldapstring)
1191 ldapstring = "<ROOT>";
1192
1193 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring)));
1194
1195 if(ldm_tree)
1196 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1197 } else if (hf_index == hf_ldap_attributeDesc){
1198 /* remember the attribute description */
1199 attributedesc_string=ldapstring;
1200 } else if (hf_index == hf_ldap_initial){
1201 /* remember the substring item */
1202 substring_item_init=ldapstring;
1203 } else if (hf_index == hf_ldap_any){
1204 /* remember the substring item */
1205 substring_item_any=ldapstring;
1206 } else if (hf_index == hf_ldap_final){
1207 /* remember the substring item */
1208 substring_item_final=ldapstring;
1209 } else if (hf_index == hf_ldap_matchingRule){
1210 /* remember the matching rule */
1211 matching_rule_string=ldapstring;
1212 } else if (hf_index == hf_ldap_present){
1213 /* remember the present name */
1214 Filter_string=ldapstring;
1215 } else if (hf_index == hf_ldap_type) {
1216 /* remember attribute type name */
1217 attr_type = wmem_strdup(actx->pinfo->pool, ldapstring);
1218
1219 /* append it to the parent entry */
1220 proto_item_append_text(tree, " %s", attr_type);
1221
1222 /* remove the ";binary" component if present */
1223 if((sc = strchr(attr_type, ';')) != NULL) {
1224 if(!strcmp(sc, ";binary")) {
1225 *sc = '\0'; /* terminate the string */
1226 is_binary_attr_type = true;
1227 }
1228 } else {
1229 is_binary_attr_type = false;
1230 }
1231 }
1232
1233 }
1234
1235
1236 return offset;
1237 }
1238
1239
1240
1241 static int
1242 dissect_ldap_LDAPDN(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1243 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1244
1245 return offset;
1246 }
1247
1248
1249
1250 static int
1251 dissect_ldap_Simple(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1252 ldap_conv_info_t *ldap_info;
1253
1254 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1255 NULL);
1256
1257
1258 ldap_info = (ldap_conv_info_t *)actx->private_data;
1259 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
1260
1261
1262 return offset;
1263 }
1264
1265
1266
1267 static int
1268 dissect_ldap_Mechanism(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1269
1270 ldap_conv_info_t *ldap_info;
1271 tvbuff_t *parameter_tvb;
1272 char *mechanism = NULL;
1273 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1274 &parameter_tvb);
1275
1276 ldap_info = (ldap_conv_info_t *)actx->private_data;
1277 ldap_info->auth_type = LDAP_AUTH_SASL;
1278
1279 if (!parameter_tvb)
1280 return offset;
1281
1282 /*
1283 * We need to remember the authentication type and mechanism for this
1284 * conversation.
1285 *
1286 * XXX - actually, we might need to remember more than one
1287 * type and mechanism, if you can unbind and rebind with a
1288 * different type and/or mechanism.
1289 */
1290 if(!actx->pinfo->fd->visited) {
1291 mechanism = tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
1292 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
1293 /*
1294 * If the mechanism in this request is an empty string (which is
1295 * returned as a null pointer), use the saved mechanism instead.
1296 * Otherwise, if the saved mechanism is an empty string (null),
1297 * save this mechanism.
1298 */
1299 if (mechanism != NULL) {
1300 wmem_free(wmem_file_scope(), ldap_info->auth_mech);
1301 ldap_info->auth_mech = mechanism;
1302 }
1303 }
1304
1305 return offset;
1306 }
1307
1308
1309
1310 static int
1311 dissect_ldap_Credentials(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1312
1313 tvbuff_t *parameter_tvb;
1314 ldap_conv_info_t *ldap_info;
1315 int8_t ber_class;
1316 bool pc;
1317 int32_t tag;
1318
1319 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1320 &parameter_tvb);
1321
1322
1323 if (!parameter_tvb)
1324 return offset;
1325
1326 ldap_info = (ldap_conv_info_t *)actx->private_data;
1327 get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
1328
1329 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
1330 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
1331 /*
1332 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
1333 * We need to check the first byte to check whether the blob
1334 * contains SPNEGO or GSSAPI.
1335 * All SPNEGO PDUs are of class CONSTRUCTED while
1336 * GSS PDUs are class APPLICATION
1337 */
1338 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1339 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1340 }
1341 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
1342 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
1343 /*
1344 * This is a raw GSS-API token.
1345 */
1346 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) {
1347 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1348 }
1349 }
1350 /* Restore private data */
1351 actx->private_data = ldap_info;
1352
1353
1354
1355 return offset;
1356 }
1357
1358
1359 static const ber_sequence_t SaslCredentials_sequence[] = {
1360 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism },
1361 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials },
1362 { NULL, 0, 0, 0, NULL }
1363 };
1364
1365 static int
1366 dissect_ldap_SaslCredentials(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1367 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1368 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1369
1370 return offset;
1371 }
1372
1373
1374
1375 static int
1376 dissect_ldap_T_ntlmsspNegotiate(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1377 /* make sure the protocol op comes first */
1378 ldap_do_protocolop(actx->pinfo);
1379
1380 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1381 offset+=tvb_reported_length_remaining(tvb, offset);
1382
1383
1384 return offset;
1385 }
1386
1387
1388
1389 static int
1390 dissect_ldap_T_ntlmsspAuth(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1391 /* make sure the protocol op comes first */
1392 ldap_do_protocolop(actx->pinfo);
1393
1394 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1395 offset+=tvb_reported_length_remaining(tvb, offset);
1396
1397
1398 return offset;
1399 }
1400
1401
1402 static const value_string ldap_AuthenticationChoice_vals[] = {
1403 { 0, "simple" },
1404 { 3, "sasl" },
1405 { 10, "ntlmsspNegotiate" },
1406 { 11, "ntlmsspAuth" },
1407 { 0, NULL }
1408 };
1409
1410 static const ber_choice_t AuthenticationChoice_choice[] = {
1411 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple },
1412 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials },
1413 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate },
1414 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth },
1415 { 0, NULL, 0, 0, 0, NULL }
1416 };
1417
1418 static int
1419 dissect_ldap_AuthenticationChoice(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1420 int branch = -1;
1421 int auth = -1;
1422 const char *valstr;
1423
1424 offset = dissect_ber_choice(actx, tree, tvb, offset,
1425 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1426 &branch);
1427
1428
1429 ldap_do_protocolop(actx->pinfo);
1430
1431 if((branch > -1) && (branch < (int)array_length(AuthenticationChoice_choice)))
1432 auth = AuthenticationChoice_choice[branch].value;
1433
1434 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1435
1436 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1437 if ((auth != 10) && (auth != 11))
1438 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1439
1440 if(ldm_tree)
1441 proto_item_append_text(ldm_tree, " %s", valstr);
1442
1443
1444
1445 return offset;
1446 }
1447
1448
1449 static const ber_sequence_t BindRequest_U_sequence[] = {
1450 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 },
1451 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
1452 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice },
1453 { NULL, 0, 0, 0, NULL }
1454 };
1455
1456 static int
1457 dissect_ldap_BindRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1458 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1459 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U);
1460
1461 return offset;
1462 }
1463
1464
1465
1466 static int
1467 dissect_ldap_BindRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1468 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1469 hf_index, BER_CLASS_APP, 0, true, dissect_ldap_BindRequest_U);
1470
1471 return offset;
1472 }
1473
1474
1475 static const value_string ldap_BindResponse_resultCode_vals[] = {
1476 { 0, "success" },
1477 { 1, "operationsError" },
1478 { 2, "protocolError" },
1479 { 3, "timeLimitExceeded" },
1480 { 4, "sizeLimitExceeded" },
1481 { 5, "compareFalse" },
1482 { 6, "compareTrue" },
1483 { 7, "authMethodNotSupported" },
1484 { 8, "strongAuthRequired" },
1485 { 10, "referral" },
1486 { 11, "adminLimitExceeded" },
1487 { 12, "unavailableCriticalExtension" },
1488 { 13, "confidentialityRequired" },
1489 { 14, "saslBindInProgress" },
1490 { 16, "noSuchAttribute" },
1491 { 17, "undefinedAttributeType" },
1492 { 18, "inappropriateMatching" },
1493 { 19, "constraintViolation" },
1494 { 20, "attributeOrValueExists" },
1495 { 21, "invalidAttributeSyntax" },
1496 { 32, "noSuchObject" },
1497 { 33, "aliasProblem" },
1498 { 34, "invalidDNSyntax" },
1499 { 36, "aliasDereferencingProblem" },
1500 { 48, "inappropriateAuthentication" },
1501 { 49, "invalidCredentials" },
1502 { 50, "insufficientAccessRights" },
1503 { 51, "busy" },
1504 { 52, "unavailable" },
1505 { 53, "unwillingToPerform" },
1506 { 54, "loopDetect" },
1507 { 64, "namingViolation" },
1508 { 65, "objectClassViolation" },
1509 { 66, "notAllowedOnNonLeaf" },
1510 { 67, "notAllowedOnRDN" },
1511 { 68, "entryAlreadyExists" },
1512 { 69, "objectClassModsProhibited" },
1513 { 71, "affectsMultipleDSAs" },
1514 { 80, "other" },
1515 { 118, "canceled" },
1516 { 119, "noSuchOperation" },
1517 { 120, "tooLate" },
1518 { 121, "cannotCancel" },
1519 { 0, NULL }
1520 };
1521
1522
1523 static int
1524 dissect_ldap_BindResponse_resultCode(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1525
1526 const char *valstr;
1527
1528 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1529 &result);
1530
1531
1532 ldap_do_protocolop(actx->pinfo);
1533
1534 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1535
1536 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1537
1538 if(ldm_tree)
1539 proto_item_append_text(ldm_tree, " %s", valstr);
1540
1541
1542 return offset;
1543 }
1544
1545
1546
1547 static int
1548 dissect_ldap_T_bindResponse_matchedDN(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1549 tvbuff_t *new_tvb=NULL;
1550
1551 offset = dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1552
1553 if( new_tvb
1554 && (tvb_reported_length(new_tvb)>=7)
1555 && (!tvb_memeql(new_tvb, 0, (const uint8_t*)"NTLMSSP", 7))){
1556
1557 /* make sure the protocol op comes first */
1558 ldap_do_protocolop(actx->pinfo);
1559
1560 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
1561 }
1562
1563
1564 return offset;
1565 }
1566
1567
1568
1569 static int
1570 dissect_ldap_ErrorMessage(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1571 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1572
1573 return offset;
1574 }
1575
1576
1577
1578 static int
1579 dissect_ldap_LDAPURL(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1580 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1581 NULL);
1582
1583 proto_item_set_url(actx->created_item);
1584
1585 return offset;
1586 }
1587
1588
1589 static const ber_sequence_t Referral_sequence_of[1] = {
1590 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
1591 };
1592
1593 static int
1594 dissect_ldap_Referral(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1595 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1596 Referral_sequence_of, hf_index, ett_ldap_Referral);
1597
1598 return offset;
1599 }
1600
1601
1602
1603 static int
1604 dissect_ldap_ServerSaslCreds(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1605
1606 tvbuff_t *parameter_tvb = NULL;
1607 ldap_conv_info_t *ldap_info;
1608
1609 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1610 &parameter_tvb);
1611
1612 if (!parameter_tvb)
1613 return offset;
1614 ldap_info = (ldap_conv_info_t *)actx->private_data;
1615 switch (ldap_info->auth_type) {
1616
1617 /* For Kerberos V4, dissect it as a ticket. */
1618 /* XXX - what about LDAP_AUTH_SIMPLE? */
1619
1620 case LDAP_AUTH_SASL:
1621 /*
1622 * All frames after this are assumed to use a security layer.
1623 *
1624 * XXX - won't work if there's another reply, with the security
1625 * layer, starting in the same TCP segment that ends this
1626 * reply, but as LDAP is a request/response protocol, and
1627 * as the client probably can't start using authentication until
1628 * it gets the bind reply and the server won't send a reply until
1629 * it gets a request, that probably won't happen.
1630 *
1631 * XXX - that assumption is invalid; it's not clear where the
1632 * hell you find out whether there's any security layer. In
1633 * one capture, we have two GSS-SPNEGO negotiations, both of
1634 * which select MS KRB5, and the only differences in the tokens
1635 * is in the RC4-HMAC ciphertext. The various
1636 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1637 * that the RFC 2222 spoo with the bitmask and maximum
1638 * output message size stuff is done - but where does that
1639 * stuff show up? Is it in the ciphertext, which means it's
1640 * presumably encrypted?
1641 *
1642 * Grrr. We have to do a gross heuristic, checking whether the
1643 * putative LDAP message begins with 0x00 or not, making the
1644 * assumption that we won't have more than 2^24 bytes of
1645 * encapsulated stuff.
1646 */
1647 ldap_info->first_auth_frame = actx->pinfo->num + 1;
1648 if (ldap_info->auth_mech != NULL &&
1649 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1650 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
1651 * which might not be wrapped in GSS-SPNEGO but be a raw
1652 * NTLMSSP blob
1653 */
1654 if ( (tvb_reported_length(parameter_tvb)>=7)
1655 && (!tvb_memeql(parameter_tvb, 0, (const uint8_t*)"NTLMSSP", 7))){
1656 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
1657 break;
1658 }
1659 /*
1660 * This is a GSS-API token.
1661 */
1662 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1663 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1664 } else if (ldap_info->auth_mech != NULL &&
1665 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1666 /*
1667 * This is a GSS-API token.
1668 */
1669 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1670 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1671 }
1672 break;
1673 }
1674 actx->private_data = ldap_info;
1675
1676
1677 return offset;
1678 }
1679
1680
1681 static const ber_sequence_t BindResponse_U_sequence[] = {
1682 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode },
1683 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN },
1684 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
1685 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
1686 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds },
1687 { NULL, 0, 0, 0, NULL }
1688 };
1689
1690 static int
1691 dissect_ldap_BindResponse_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1692 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1693 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U);
1694
1695 return offset;
1696 }
1697
1698
1699
1700 static int
1701 dissect_ldap_BindResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1702 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1703 hf_index, BER_CLASS_APP, 1, true, dissect_ldap_BindResponse_U);
1704
1705 return offset;
1706 }
1707
1708
1709
1710 static int
1711 dissect_ldap_NULL(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1712 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1713
1714 return offset;
1715 }
1716
1717
1718
1719 static int
1720 dissect_ldap_UnbindRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1721
1722 implicit_tag = true; /* correct problem with asn2wrs */
1723
1724 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1725 hf_index, BER_CLASS_APP, 2, true, dissect_ldap_NULL);
1726
1727
1728 ldap_do_protocolop(actx->pinfo);
1729
1730
1731
1732
1733
1734
1735 return offset;
1736 }
1737
1738
1739 static const value_string ldap_T_scope_vals[] = {
1740 { 0, "baseObject" },
1741 { 1, "singleLevel" },
1742 { 2, "wholeSubtree" },
1743 { 0, NULL }
1744 };
1745
1746
1747 static int
1748 dissect_ldap_T_scope(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1749
1750 uint32_t scope = 0xffff;
1751 const char *valstr;
1752
1753 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1754 &scope);
1755
1756
1757 ldap_do_protocolop(actx->pinfo);
1758
1759 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1760
1761 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1762
1763 if(ldm_tree)
1764 proto_item_append_text(ldm_tree, " %s", valstr);
1765
1766
1767 return offset;
1768 }
1769
1770
1771 static const value_string ldap_T_derefAliases_vals[] = {
1772 { 0, "neverDerefAliases" },
1773 { 1, "derefInSearching" },
1774 { 2, "derefFindingBaseObj" },
1775 { 3, "derefAlways" },
1776 { 0, NULL }
1777 };
1778
1779
1780 static int
1781 dissect_ldap_T_derefAliases(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1782 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1783 NULL);
1784
1785 return offset;
1786 }
1787
1788
1789
1790 static int
1791 dissect_ldap_INTEGER_0_maxInt(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1792 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1793 NULL);
1794
1795 return offset;
1796 }
1797
1798
1799
1800 static int
1801 dissect_ldap_BOOLEAN(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1802 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1803
1804 return offset;
1805 }
1806
1807
1808
1809 static int
1810 dissect_ldap_T_and_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1811 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1812
1813 if(and_filter_string){
1814 and_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(&%s%s)",and_filter_string,Filter_string);
1815 } else {
1816 and_filter_string=Filter_string;
1817 }
1818
1819 return offset;
1820 }
1821
1822
1823 static const ber_sequence_t T_and_set_of[1] = {
1824 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item },
1825 };
1826
1827 static int
1828 dissect_ldap_T_and(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1829 proto_tree *tr=NULL;
1830 proto_item *it=NULL;
1831 const char *old_and_filter_string=and_filter_string;
1832
1833 and_filter_string=NULL;
1834
1835 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
1836 tree = tr;
1837
1838 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1839 T_and_set_of, hf_index, ett_ldap_T_and);
1840
1841
1842 if(and_filter_string) {
1843 proto_item_append_text(it, "%s", and_filter_string);
1844 Filter_string=wmem_strdup(actx->pinfo->pool, and_filter_string);
1845 }
1846 and_filter_string=old_and_filter_string;
1847
1848
1849 return offset;
1850 }
1851
1852
1853
1854 static int
1855 dissect_ldap_T_or_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1856 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1857
1858 if(or_filter_string){
1859 or_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(|%s%s)",or_filter_string,Filter_string);
1860 } else {
1861 or_filter_string=Filter_string;
1862 }
1863
1864
1865 return offset;
1866 }
1867
1868
1869 static const ber_sequence_t T_or_set_of[1] = {
1870 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item },
1871 };
1872
1873 static int
1874 dissect_ldap_T_or(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1875 proto_tree *tr;
1876 proto_item *it;
1877 const char *old_or_filter_string=or_filter_string;
1878
1879 or_filter_string=NULL;
1880 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
1881 tree = tr;
1882
1883 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1884 T_or_set_of, hf_index, ett_ldap_T_or);
1885
1886 if(or_filter_string) {
1887 proto_item_append_text(it, "%s", or_filter_string);
1888 Filter_string=wmem_strdup(actx->pinfo->pool, or_filter_string);
1889 }
1890 or_filter_string=old_or_filter_string;
1891
1892
1893 return offset;
1894 }
1895
1896
1897
1898 static int
1899 dissect_ldap_T_not(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1900 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1901
1902 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(!%s)",string_or_null(Filter_string));
1903
1904 return offset;
1905 }
1906
1907
1908
1909 static int
1910 dissect_ldap_AttributeDescription(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1911 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1912
1913 return offset;
1914 }
1915
1916
1917
1918 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1919 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1920 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue },
1921 { NULL, 0, 0, 0, NULL }
1922 };
1923
1924 static int
1925 dissect_ldap_AttributeValueAssertion(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1926 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1927 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1928
1929 return offset;
1930 }
1931
1932
1933
1934 static int
1935 dissect_ldap_T_equalityMatch(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1936 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1937
1938 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=%s)",
1939 string_or_null(attributedesc_string),
1940 string_or_null(ldapvalue_string));
1941
1942
1943 return offset;
1944 }
1945
1946
1947 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
1948 { 0, "initial" },
1949 { 1, "any" },
1950 { 2, "final" },
1951 { 0, NULL }
1952 };
1953
1954 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
1955 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1956 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1957 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1958 { 0, NULL, 0, 0, 0, NULL }
1959 };
1960
1961 static int
1962 dissect_ldap_T_substringFilter_substrings_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1963 offset = dissect_ber_choice(actx, tree, tvb, offset,
1964 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
1965 NULL);
1966
1967 if (substring_item_final) {
1968 substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s",
1969 (substring_value?substring_value:"*"),
1970 substring_item_final);
1971 } else if (substring_item_any) {
1972 substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s*",
1973 (substring_value?substring_value:"*"),
1974 substring_item_any);
1975 } else if (substring_item_init) {
1976 substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s*",
1977 substring_item_init);
1978 }
1979
1980 return offset;
1981 }
1982
1983
1984 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
1985 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item },
1986 };
1987
1988 static int
1989 dissect_ldap_T_substringFilter_substrings(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1990 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1991 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
1992
1993 return offset;
1994 }
1995
1996
1997 static const ber_sequence_t SubstringFilter_sequence[] = {
1998 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1999 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings },
2000 { NULL, 0, 0, 0, NULL }
2001 };
2002
2003 static int
2004 dissect_ldap_SubstringFilter(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2005 proto_tree *tr;
2006 proto_item *it;
2007 const char *old_substring_value=substring_value;
2008
2009 attr_type=NULL;
2010 substring_value=NULL;
2011 substring_item_init=NULL;
2012 substring_item_any=NULL;
2013 substring_item_final=NULL;
2014
2015 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
2016 tree = tr;
2017
2018 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2019 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
2020
2021 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=%s)",
2022 string_or_null(attr_type),
2023 string_or_null(substring_value));
2024 proto_item_append_text(it, "%s", Filter_string);
2025 substring_value=old_substring_value;
2026
2027
2028 return offset;
2029 }
2030
2031
2032
2033 static int
2034 dissect_ldap_T_greaterOrEqual(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2035 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2036
2037 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s>=%s)",
2038 string_or_null(attributedesc_string),
2039 string_or_null(ldapvalue_string));
2040
2041
2042 return offset;
2043 }
2044
2045
2046
2047 static int
2048 dissect_ldap_T_lessOrEqual(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2049 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2050
2051 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s<=%s)",
2052 string_or_null(attributedesc_string),
2053 string_or_null(ldapvalue_string));
2054
2055
2056 return offset;
2057 }
2058
2059
2060
2061 static int
2062 dissect_ldap_T_present(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2063 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
2064
2065 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=*)",string_or_null(Filter_string));
2066
2067 return offset;
2068 }
2069
2070
2071
2072 static int
2073 dissect_ldap_T_approxMatch(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2074 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2075
2076 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s~=%s)",
2077 string_or_null(attributedesc_string),
2078 string_or_null(ldapvalue_string));
2079
2080 return offset;
2081 }
2082
2083
2084
2085 static int
2086 dissect_ldap_MatchingRuleId(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2087 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2088
2089 return offset;
2090 }
2091
2092
2093
2094 static int
2095 dissect_ldap_T_dnAttributes(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2096 bool val;
2097
2098 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
2099
2100
2101 matching_rule_dnattr = val;
2102
2103
2104
2105 return offset;
2106 }
2107
2108
2109 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
2110 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
2111 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
2112 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue },
2113 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes },
2114 { NULL, 0, 0, 0, NULL }
2115 };
2116
2117 static int
2118 dissect_ldap_MatchingRuleAssertion(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2119 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2120 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
2121
2122 return offset;
2123 }
2124
2125
2126
2127 static int
2128 dissect_ldap_T_extensibleMatch(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2129 attr_type=NULL;
2130 matching_rule_string=NULL;
2131 ldapvalue_string=NULL;
2132 matching_rule_dnattr=false;
2133
2134 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2135
2136 Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s:%s%s%s=%s)",
2137 (attr_type?attr_type:""),
2138 (matching_rule_dnattr?"dn:":""),
2139 (matching_rule_string?matching_rule_string:""),
2140 (matching_rule_string?":":""),
2141 string_or_null(ldapvalue_string));
2142
2143 return offset;
2144 }
2145
2146
2147 static const value_string ldap_Filter_vals[] = {
2148 { 0, "and" },
2149 { 1, "or" },
2150 { 2, "not" },
2151 { 3, "equalityMatch" },
2152 { 4, "substrings" },
2153 { 5, "greaterOrEqual" },
2154 { 6, "lessOrEqual" },
2155 { 7, "present" },
2156 { 8, "approxMatch" },
2157 { 9, "extensibleMatch" },
2158 { 0, NULL }
2159 };
2160
2161 static const ber_choice_t Filter_choice[] = {
2162 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and },
2163 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or },
2164 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not },
2165 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch },
2166 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter },
2167 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual },
2168 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual },
2169 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present },
2170 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch },
2171 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch },
2172 { 0, NULL, 0, 0, 0, NULL }
2173 };
2174
2175 static int
2176 dissect_ldap_Filter(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2177 // Filter -> Filter/and -> Filter/and/_item -> Filter
2178 actx->pinfo->dissection_depth += 3;
2179 increment_dissection_depth(actx->pinfo);
2180 proto_tree *tr;
2181 proto_item *it;
2182 attributedesc_string=NULL;
2183
2184 if (Filter_length++ > MAX_FILTER_LEN) {
2185 expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
2186 THROW(ReportedBoundsError);
2187 }
2188
2189 if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
2190 expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
2191 THROW(ReportedBoundsError);
2192 }
2193
2194 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
2195 tree = tr;
2196
2197 offset = dissect_ber_choice(actx, tree, tvb, offset,
2198 Filter_choice, hf_index, ett_ldap_Filter,
2199 NULL);
2200
2201 if(Filter_string)
2202 proto_item_append_text(it, "%s", string_or_null(Filter_string));
2203
2204
2205 actx->pinfo->dissection_depth -= 3;
2206 decrement_dissection_depth(actx->pinfo);
2207 return offset;
2208 }
2209
2210
2211
2212 static int
2213 dissect_ldap_T_filter(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2214 Filter_string=NULL;
2215 Filter_elements = 0;
2216 Filter_length = 0;
2217
2218 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
2219
2220 Filter_string=NULL;
2221 and_filter_string=NULL;
2222 Filter_elements = 0;
2223 Filter_length = 0;
2224
2225 return offset;
2226 }
2227
2228
2229 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2230 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2231 };
2232
2233 static int
2234 dissect_ldap_AttributeDescriptionList(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2235 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2236 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2237
2238 return offset;
2239 }
2240
2241
2242 static const ber_sequence_t SearchRequest_U_sequence[] = {
2243 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2244 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope },
2245 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases },
2246 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2247 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2248 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2249 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter },
2250 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList },
2251 { NULL, 0, 0, 0, NULL }
2252 };
2253
2254 static int
2255 dissect_ldap_SearchRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2256 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2257 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U);
2258
2259 return offset;
2260 }
2261
2262
2263
2264 static int
2265 dissect_ldap_SearchRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2266 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2267 hf_index, BER_CLASS_APP, 3, true, dissect_ldap_SearchRequest_U);
2268
2269 return offset;
2270 }
2271
2272
2273
2274 static int
2275 dissect_ldap_AttributeValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2276
2277 tvbuff_t *next_tvb = NULL;
2278 char *string;
2279 int old_offset = offset;
2280 int *hf_id;
2281
2282 /* attr_type, should be set before calling this function */
2283
2284 /* extract the value of the octetstring */
2285 offset = dissect_ber_octet_string(false, actx, NULL, tvb, offset, hf_index, &next_tvb);
2286
2287 /* first check if we have a custom attribute type configured */
2288 if ((hf_id = get_hf_for_header (attr_type)) != NULL)
2289 proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
2290
2291 /* if we have an attribute type that isn't binary see if there is a better dissector */
2292 else if(!attr_type || !next_tvb || !dissector_try_string_new(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, false, NULL)) {
2293 offset = old_offset;
2294
2295 /* do the default thing */
2296 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2297 NULL);
2298
2299
2300 if(tvb_ascii_isprint(next_tvb, 0, tvb_reported_length(next_tvb))) {
2301 string = tvb_get_string_enc(actx->pinfo->pool, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
2302 proto_item_set_text(actx->created_item, "AttributeValue: %s", string);
2303 }
2304 }
2305
2306
2307 return offset;
2308 }
2309
2310
2311 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2312 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },
2313 };
2314
2315 static int
2316 dissect_ldap_SET_OF_AttributeValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2317 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
2318 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2319
2320 return offset;
2321 }
2322
2323
2324 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2325 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2326 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2327 { NULL, 0, 0, 0, NULL }
2328 };
2329
2330 static int
2331 dissect_ldap_PartialAttributeList_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2332 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2333 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2334
2335 return offset;
2336 }
2337
2338
2339 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2340 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item },
2341 };
2342
2343 static int
2344 dissect_ldap_PartialAttributeList(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2345 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2346 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2347
2348 return offset;
2349 }
2350
2351
2352 static const ber_sequence_t SearchResultEntry_U_sequence[] = {
2353 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2354 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList },
2355 { NULL, 0, 0, 0, NULL }
2356 };
2357
2358 static int
2359 dissect_ldap_SearchResultEntry_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2360 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2361 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U);
2362
2363 return offset;
2364 }
2365
2366
2367
2368 static int
2369 dissect_ldap_SearchResultEntry(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2370 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2371 hf_index, BER_CLASS_APP, 4, true, dissect_ldap_SearchResultEntry_U);
2372
2373 return offset;
2374 }
2375
2376
2377 static const value_string ldap_T_resultCode_vals[] = {
2378 { 0, "success" },
2379 { 1, "operationsError" },
2380 { 2, "protocolError" },
2381 { 3, "timeLimitExceeded" },
2382 { 4, "sizeLimitExceeded" },
2383 { 5, "compareFalse" },
2384 { 6, "compareTrue" },
2385 { 7, "authMethodNotSupported" },
2386 { 8, "strongAuthRequired" },
2387 { 10, "referral" },
2388 { 11, "adminLimitExceeded" },
2389 { 12, "unavailableCriticalExtension" },
2390 { 13, "confidentialityRequired" },
2391 { 14, "saslBindInProgress" },
2392 { 16, "noSuchAttribute" },
2393 { 17, "undefinedAttributeType" },
2394 { 18, "inappropriateMatching" },
2395 { 19, "constraintViolation" },
2396 { 20, "attributeOrValueExists" },
2397 { 21, "invalidAttributeSyntax" },
2398 { 32, "noSuchObject" },
2399 { 33, "aliasProblem" },
2400 { 34, "invalidDNSyntax" },
2401 { 36, "aliasDereferencingProblem" },
2402 { 48, "inappropriateAuthentication" },
2403 { 49, "invalidCredentials" },
2404 { 50, "insufficientAccessRights" },
2405 { 51, "busy" },
2406 { 52, "unavailable" },
2407 { 53, "unwillingToPerform" },
2408 { 54, "loopDetect" },
2409 { 64, "namingViolation" },
2410 { 65, "objectClassViolation" },
2411 { 66, "notAllowedOnNonLeaf" },
2412 { 67, "notAllowedOnRDN" },
2413 { 68, "entryAlreadyExists" },
2414 { 69, "objectClassModsProhibited" },
2415 { 71, "affectsMultipleDSAs" },
2416 { 80, "other" },
2417 { 118, "canceled" },
2418 { 119, "noSuchOperation" },
2419 { 120, "tooLate" },
2420 { 121, "cannotCancel" },
2421 { 0, NULL }
2422 };
2423
2424
2425 static int
2426 dissect_ldap_T_resultCode(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2427
2428 const char *valstr;
2429
2430 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2431 &result);
2432
2433
2434 ldap_do_protocolop(actx->pinfo);
2435
2436 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2437
2438 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
2439
2440 if(ldm_tree)
2441 proto_item_append_text(ldm_tree, " %s", valstr);
2442
2443
2444
2445 return offset;
2446 }
2447
2448
2449 static const ber_sequence_t LDAPResult_sequence[] = {
2450 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode },
2451 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2452 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2453 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2454 { NULL, 0, 0, 0, NULL }
2455 };
2456
2457 static int
2458 dissect_ldap_LDAPResult(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2459 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2460 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2461
2462 return offset;
2463 }
2464
2465
2466
2467 static int
2468 dissect_ldap_SearchResultDone(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2469 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2470 hf_index, BER_CLASS_APP, 5, true, dissect_ldap_LDAPResult);
2471
2472 return offset;
2473 }
2474
2475
2476 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = {
2477 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
2478 };
2479
2480 static int
2481 dissect_ldap_SEQUENCE_OF_LDAPURL(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2482 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2483 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL);
2484
2485 return offset;
2486 }
2487
2488
2489
2490 static int
2491 dissect_ldap_SearchResultReference(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2492
2493 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2494 hf_index, BER_CLASS_APP, 19, true, dissect_ldap_SEQUENCE_OF_LDAPURL);
2495
2496
2497 ldap_do_protocolop(actx->pinfo);
2498
2499
2500
2501 return offset;
2502 }
2503
2504
2505 static const value_string ldap_T_operation_vals[] = {
2506 { 0, "add" },
2507 { 1, "delete" },
2508 { 2, "replace" },
2509 { 3, "increment" },
2510 { 0, NULL }
2511 };
2512
2513
2514 static int
2515 dissect_ldap_T_operation(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2516 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2517 NULL);
2518
2519 return offset;
2520 }
2521
2522
2523 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2524 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2525 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2526 { NULL, 0, 0, 0, NULL }
2527 };
2528
2529 static int
2530 dissect_ldap_AttributeTypeAndValues(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2531 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2532 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2533
2534 return offset;
2535 }
2536
2537
2538 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2539 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation },
2540 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues },
2541 { NULL, 0, 0, 0, NULL }
2542 };
2543
2544 static int
2545 dissect_ldap_T_modifyRequest_modification_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2546 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2547 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2548
2549 return offset;
2550 }
2551
2552
2553 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2554 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item },
2555 };
2556
2557 static int
2558 dissect_ldap_ModifyRequest_modification(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2559 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2560 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2561
2562 return offset;
2563 }
2564
2565
2566 static const ber_sequence_t ModifyRequest_U_sequence[] = {
2567 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2568 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification },
2569 { NULL, 0, 0, 0, NULL }
2570 };
2571
2572 static int
2573 dissect_ldap_ModifyRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2574 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2575 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U);
2576
2577 return offset;
2578 }
2579
2580
2581
2582 static int
2583 dissect_ldap_ModifyRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2584 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2585 hf_index, BER_CLASS_APP, 6, true, dissect_ldap_ModifyRequest_U);
2586
2587 return offset;
2588 }
2589
2590
2591
2592 static int
2593 dissect_ldap_ModifyResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2594 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2595 hf_index, BER_CLASS_APP, 7, true, dissect_ldap_LDAPResult);
2596
2597 return offset;
2598 }
2599
2600
2601 static const ber_sequence_t AttributeList_item_sequence[] = {
2602 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2603 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2604 { NULL, 0, 0, 0, NULL }
2605 };
2606
2607 static int
2608 dissect_ldap_AttributeList_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2609 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2610 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2611
2612 return offset;
2613 }
2614
2615
2616 static const ber_sequence_t AttributeList_sequence_of[1] = {
2617 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item },
2618 };
2619
2620 static int
2621 dissect_ldap_AttributeList(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2622 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2623 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2624
2625 return offset;
2626 }
2627
2628
2629 static const ber_sequence_t AddRequest_U_sequence[] = {
2630 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2631 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList },
2632 { NULL, 0, 0, 0, NULL }
2633 };
2634
2635 static int
2636 dissect_ldap_AddRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2637 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2638 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U);
2639
2640 return offset;
2641 }
2642
2643
2644
2645 static int
2646 dissect_ldap_AddRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2647 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2648 hf_index, BER_CLASS_APP, 8, true, dissect_ldap_AddRequest_U);
2649
2650 return offset;
2651 }
2652
2653
2654
2655 static int
2656 dissect_ldap_AddResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2657 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2658 hf_index, BER_CLASS_APP, 9, true, dissect_ldap_LDAPResult);
2659
2660 return offset;
2661 }
2662
2663
2664
2665 static int
2666 dissect_ldap_DelRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2667 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2668 hf_index, BER_CLASS_APP, 10, true, dissect_ldap_LDAPDN);
2669
2670 return offset;
2671 }
2672
2673
2674
2675 static int
2676 dissect_ldap_DelResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2677 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2678 hf_index, BER_CLASS_APP, 11, true, dissect_ldap_LDAPResult);
2679
2680 return offset;
2681 }
2682
2683
2684
2685 static int
2686 dissect_ldap_RelativeLDAPDN(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2687 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2688
2689 return offset;
2690 }
2691
2692
2693 static const ber_sequence_t ModifyDNRequest_U_sequence[] = {
2694 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2695 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN },
2696 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2697 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN },
2698 { NULL, 0, 0, 0, NULL }
2699 };
2700
2701 static int
2702 dissect_ldap_ModifyDNRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2703 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2704 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U);
2705
2706 return offset;
2707 }
2708
2709
2710
2711 static int
2712 dissect_ldap_ModifyDNRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2713 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2714 hf_index, BER_CLASS_APP, 12, true, dissect_ldap_ModifyDNRequest_U);
2715
2716 return offset;
2717 }
2718
2719
2720
2721 static int
2722 dissect_ldap_ModifyDNResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2723 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2724 hf_index, BER_CLASS_APP, 13, true, dissect_ldap_LDAPResult);
2725
2726 return offset;
2727 }
2728
2729
2730 static const ber_sequence_t CompareRequest_U_sequence[] = {
2731 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2732 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion },
2733 { NULL, 0, 0, 0, NULL }
2734 };
2735
2736 static int
2737 dissect_ldap_CompareRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2738 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2739 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U);
2740
2741 return offset;
2742 }
2743
2744
2745
2746 static int
2747 dissect_ldap_CompareRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2748 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2749 hf_index, BER_CLASS_APP, 14, true, dissect_ldap_CompareRequest_U);
2750
2751 return offset;
2752 }
2753
2754
2755
2756 static int
2757 dissect_ldap_CompareResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2758 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2759 hf_index, BER_CLASS_APP, 15, true, dissect_ldap_LDAPResult);
2760
2761 return offset;
2762 }
2763
2764
2765
2766 static int
2767 dissect_ldap_AbandonRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2768
2769 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2770 hf_index, BER_CLASS_APP, 16, true, dissect_ldap_MessageID);
2771
2772
2773 ldap_do_protocolop(actx->pinfo);
2774
2775
2776 return offset;
2777 }
2778
2779
2780
2781 static int
2782 dissect_ldap_LDAPOID(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2783
2784 tvbuff_t *parameter_tvb;
2785 const char *name;
2786 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
2787
2788 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2789 &parameter_tvb);
2790
2791
2792 object_identifier_id = NULL;
2793
2794 if (!parameter_tvb)
2795 return offset;
2796
2797 object_identifier_id = tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
2798 name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id);
2799
2800 if(name){
2801 proto_item_append_text(actx->created_item, " (%s)", name);
2802
2803 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
2804 ldap_do_protocolop(actx->pinfo);
2805 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
2806 }
2807 }
2808
2809 /* Has the client requested the Start TLS operation? */
2810 if (ldap_info && hf_index == hf_ldap_requestName &&
2811 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
2812 /* remember we have asked to start_tls */
2813 ldap_info->start_tls_pending = true;
2814 }
2815
2816 return offset;
2817 }
2818
2819
2820
2821 static int
2822 dissect_ldap_T_requestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2823
2824 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2825 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
2826 } else {
2827 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2828 NULL);
2829
2830 }
2831
2832
2833 return offset;
2834 }
2835
2836
2837 static const ber_sequence_t ExtendedRequest_U_sequence[] = {
2838 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID },
2839 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue },
2840 { NULL, 0, 0, 0, NULL }
2841 };
2842
2843 static int
2844 dissect_ldap_ExtendedRequest_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2845 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2846 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U);
2847
2848 return offset;
2849 }
2850
2851
2852
2853 static int
2854 dissect_ldap_ExtendedRequest(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2855 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2856 hf_index, BER_CLASS_APP, 23, true, dissect_ldap_ExtendedRequest_U);
2857
2858 return offset;
2859 }
2860
2861
2862 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2863 { 0, "success" },
2864 { 1, "operationsError" },
2865 { 2, "protocolError" },
2866 { 3, "timeLimitExceeded" },
2867 { 4, "sizeLimitExceeded" },
2868 { 5, "compareFalse" },
2869 { 6, "compareTrue" },
2870 { 7, "authMethodNotSupported" },
2871 { 8, "strongAuthRequired" },
2872 { 10, "referral" },
2873 { 11, "adminLimitExceeded" },
2874 { 12, "unavailableCriticalExtension" },
2875 { 13, "confidentialityRequired" },
2876 { 14, "saslBindInProgress" },
2877 { 16, "noSuchAttribute" },
2878 { 17, "undefinedAttributeType" },
2879 { 18, "inappropriateMatching" },
2880 { 19, "constraintViolation" },
2881 { 20, "attributeOrValueExists" },
2882 { 21, "invalidAttributeSyntax" },
2883 { 32, "noSuchObject" },
2884 { 33, "aliasProblem" },
2885 { 34, "invalidDNSyntax" },
2886 { 36, "aliasDereferencingProblem" },
2887 { 48, "inappropriateAuthentication" },
2888 { 49, "invalidCredentials" },
2889 { 50, "insufficientAccessRights" },
2890 { 51, "busy" },
2891 { 52, "unavailable" },
2892 { 53, "unwillingToPerform" },
2893 { 54, "loopDetect" },
2894 { 64, "namingViolation" },
2895 { 65, "objectClassViolation" },
2896 { 66, "notAllowedOnNonLeaf" },
2897 { 67, "notAllowedOnRDN" },
2898 { 68, "entryAlreadyExists" },
2899 { 69, "objectClassModsProhibited" },
2900 { 71, "affectsMultipleDSAs" },
2901 { 80, "other" },
2902 { 118, "canceled" },
2903 { 119, "noSuchOperation" },
2904 { 120, "tooLate" },
2905 { 121, "cannotCancel" },
2906 { 0, NULL }
2907 };
2908
2909
2910 static int
2911 dissect_ldap_ExtendedResponse_resultCode(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2912 uint32_t resultCode;
2913 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
2914
2915 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2916 &resultCode);
2917 /* If Start TLS request was sent and resultCode is success... */
2918 if (ldap_info && ldap_info->start_tls_pending &&
2919 hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) {
2920 /* The conversation will continue using SSL */
2921 ssl_starttls_ack(find_dissector("tls"), actx->pinfo, ldap_handle);
2922 ldap_info->start_tls_pending = false;
2923 }
2924
2925
2926
2927 return offset;
2928 }
2929
2930
2931
2932 static int
2933 dissect_ldap_ResponseName(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2934 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
2935
2936 return offset;
2937 }
2938
2939
2940
2941 static int
2942 dissect_ldap_OCTET_STRING(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2943 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2944 NULL);
2945
2946 return offset;
2947 }
2948
2949
2950 static const ber_sequence_t ExtendedResponse_U_sequence[] = {
2951 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode },
2952 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2953 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2954 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2955 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
2956 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
2957 { NULL, 0, 0, 0, NULL }
2958 };
2959
2960 static int
2961 dissect_ldap_ExtendedResponse_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2962 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2963 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U);
2964
2965 return offset;
2966 }
2967
2968
2969
2970 static int
2971 dissect_ldap_ExtendedResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2972 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2973 hf_index, BER_CLASS_APP, 24, true, dissect_ldap_ExtendedResponse_U);
2974
2975 return offset;
2976 }
2977
2978
2979
2980 static int
2981 dissect_ldap_T_intermediateResponse_responseValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2982
2983 const char *name;
2984
2985 if(ldm_tree && object_identifier_id) {
2986 proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
2987 name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id);
2988 if(name)
2989 proto_item_append_text(ldm_tree, " (%s)", name);
2990 }
2991 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2992 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
2993 } else {
2994 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2995 NULL);
2996
2997 }
2998
2999
3000 return offset;
3001 }
3002
3003
3004 static const ber_sequence_t IntermediateResponse_U_sequence[] = {
3005 { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
3006 { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue },
3007 { NULL, 0, 0, 0, NULL }
3008 };
3009
3010 static int
3011 dissect_ldap_IntermediateResponse_U(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3012 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3013 IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U);
3014
3015 return offset;
3016 }
3017
3018
3019
3020 static int
3021 dissect_ldap_IntermediateResponse(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3022 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3023 hf_index, BER_CLASS_APP, 25, true, dissect_ldap_IntermediateResponse_U);
3024
3025 return offset;
3026 }
3027
3028
3029 static const value_string ldap_ProtocolOp_vals[] = {
3030 { 0, "bindRequest" },
3031 { 1, "bindResponse" },
3032 { 2, "unbindRequest" },
3033 { 3, "searchRequest" },
3034 { 4, "searchResEntry" },
3035 { 5, "searchResDone" },
3036 { 19, "searchResRef" },
3037 { 6, "modifyRequest" },
3038 { 7, "modifyResponse" },
3039 { 8, "addRequest" },
3040 { 9, "addResponse" },
3041 { 10, "delRequest" },
3042 { 11, "delResponse" },
3043 { 12, "modDNRequest" },
3044 { 13, "modDNResponse" },
3045 { 14, "compareRequest" },
3046 { 15, "compareResponse" },
3047 { 16, "abandonRequest" },
3048 { 23, "extendedReq" },
3049 { 24, "extendedResp" },
3050 { 25, "intermediateResponse" },
3051 { 0, NULL }
3052 };
3053
3054 static const ber_choice_t ProtocolOp_choice[] = {
3055 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest },
3056 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse },
3057 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest },
3058 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest },
3059 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry },
3060 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone },
3061 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference },
3062 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest },
3063 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse },
3064 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest },
3065 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse },
3066 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest },
3067 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse },
3068 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest },
3069 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse },
3070 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest },
3071 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse },
3072 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest },
3073 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest },
3074 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse },
3075 { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse },
3076 { 0, NULL, 0, 0, 0, NULL }
3077 };
3078
3079 static int
3080 dissect_ldap_ProtocolOp(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3081
3082 ldap_call_response_t *lcrp;
3083 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
3084 do_protocolop = true;
3085
3086 offset = dissect_ber_choice(actx, tree, tvb, offset,
3087 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
3088 &ProtocolOp);
3089
3090
3091 if (ProtocolOp == -1) {
3092 return offset;
3093 }
3094
3095 /* ProtocolOp is the index, not the tag so convert it to the tag value */
3096 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
3097
3098 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info);
3099 if(lcrp){
3100 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
3101 }
3102
3103 /* XXX: the count will not work if the results span multiple TCP packets */
3104
3105 if(ldap_info) { /* only count once */
3106 switch(ProtocolOp) {
3107
3108 case LDAP_RES_SEARCH_ENTRY:
3109 if (!actx->pinfo->fd->visited)
3110 ldap_info->num_results++;
3111
3112 proto_item_append_text(tree, " [%d result%s]",
3113 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3114
3115 break;
3116
3117 case LDAP_RES_SEARCH_RESULT:
3118
3119 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
3120 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3121
3122 proto_item_append_text(tree, " [%d result%s]",
3123 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3124
3125 break;
3126 default:
3127 break;
3128 }
3129 }
3130
3131
3132 return offset;
3133 }
3134
3135
3136
3137 static int
3138 dissect_ldap_ControlType(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3139 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3140
3141 return offset;
3142 }
3143
3144
3145
3146 static int
3147 dissect_ldap_T_controlValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3148 int8_t ber_class;
3149 bool pc, ind;
3150 int32_t tag;
3151 uint32_t len;
3152
3153 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3154 /* remove the OCTET STRING encoding */
3155 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
3156 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
3157
3158 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
3159
3160 offset += len;
3161 } else {
3162 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3163 NULL);
3164
3165 }
3166
3167
3168
3169 return offset;
3170 }
3171
3172
3173 static const ber_sequence_t Control_sequence[] = {
3174 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType },
3175 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3176 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue },
3177 { NULL, 0, 0, 0, NULL }
3178 };
3179
3180 static int
3181 dissect_ldap_Control(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3182 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3183 Control_sequence, hf_index, ett_ldap_Control);
3184
3185 return offset;
3186 }
3187
3188
3189 static const ber_sequence_t Controls_sequence_of[1] = {
3190 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control },
3191 };
3192
3193 static int
3194 dissect_ldap_Controls(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3195 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3196 Controls_sequence_of, hf_index, ett_ldap_Controls);
3197
3198 return offset;
3199 }
3200
3201
3202 static const ber_sequence_t LDAPMessage_sequence[] = {
3203 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3204 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp },
3205 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls },
3206 { NULL, 0, 0, 0, NULL }
3207 };
3208
3209 static int
3210 dissect_ldap_LDAPMessage(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3211 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3212 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
3213
3214 return offset;
3215 }
3216
3217
3218
3219
3220
3221 static int
3222 dissect_ldap_INTEGER(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3223 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3224 NULL);
3225
3226 return offset;
3227 }
3228
3229
3230 static const ber_sequence_t SearchControlValue_sequence[] = {
3231 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3232 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3233 { NULL, 0, 0, 0, NULL }
3234 };
3235
3236 static int
3237 dissect_ldap_SearchControlValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3238 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3239 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
3240
3241 return offset;
3242 }
3243
3244
3245 static const ber_sequence_t SortKeyList_item_sequence[] = {
3246 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
3247 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
3248 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN },
3249 { NULL, 0, 0, 0, NULL }
3250 };
3251
3252 static int
3253 dissect_ldap_SortKeyList_item(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3254 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3255 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
3256
3257 return offset;
3258 }
3259
3260
3261 static const ber_sequence_t SortKeyList_sequence_of[1] = {
3262 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item },
3263 };
3264
3265 static int
3266 dissect_ldap_SortKeyList(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3267 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3268 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
3269
3270 return offset;
3271 }
3272
3273
3274 static const value_string ldap_T_sortResult_vals[] = {
3275 { 0, "success" },
3276 { 1, "operationsError" },
3277 { 3, "timeLimitExceeded" },
3278 { 8, "strongAuthRequired" },
3279 { 11, "adminLimitExceeded" },
3280 { 16, "noSuchAttribute" },
3281 { 18, "inappropriateMatching" },
3282 { 50, "insufficientAccessRights" },
3283 { 51, "busy" },
3284 { 53, "unwillingToPerform" },
3285 { 80, "other" },
3286 { 0, NULL }
3287 };
3288
3289
3290 static int
3291 dissect_ldap_T_sortResult(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3292 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3293 NULL);
3294
3295 return offset;
3296 }
3297
3298
3299 static const ber_sequence_t SortResult_sequence[] = {
3300 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult },
3301 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
3302 { NULL, 0, 0, 0, NULL }
3303 };
3304
3305 static int
3306 dissect_ldap_SortResult(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3307 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3308 SortResult_sequence, hf_index, ett_ldap_SortResult);
3309
3310 return offset;
3311 }
3312
3313
3314
3315 static int
3316 dissect_ldap_DirSyncFlags(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3317 int8_t ber_class;
3318 bool pc;
3319 int32_t tag;
3320 uint32_t len;
3321 int32_t val;
3322
3323 int otheroffset = offset;
3324 if(!implicit_tag){
3325 dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
3326 otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
3327 } else {
3328 int32_t remaining=tvb_reported_length_remaining(tvb, offset);
3329 len=remaining>0 ? remaining : 0;
3330 }
3331
3332 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
3333
3334 if (val >0) {
3335 static int * const flags[] = {
3336 &hf_ldap_object_security_flag,
3337 &hf_ldap_ancestor_first_flag,
3338 &hf_ldap_public_data_only_flag,
3339 &hf_ldap_incremental_value_flag,
3340 NULL
3341 };
3342
3343 proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index,
3344 ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND);
3345 } else {
3346 proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
3347 }
3348
3349
3350 return offset;
3351 }
3352
3353
3354 static const ber_sequence_t DirSyncControlValue_sequence[] = {
3355 { &hf_ldap_flags , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_DirSyncFlags },
3356 { &hf_ldap_maxBytes , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3357 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3358 { NULL, 0, 0, 0, NULL }
3359 };
3360
3361 static int
3362 dissect_ldap_DirSyncControlValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3363 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3364 DirSyncControlValue_sequence, hf_index, ett_ldap_DirSyncControlValue);
3365
3366 return offset;
3367 }
3368
3369
3370 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = {
3371 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3372 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3373 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3374 { NULL, 0, 0, 0, NULL }
3375 };
3376
3377 static int
3378 dissect_ldap_PasswdModifyRequestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3379 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3380 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue);
3381
3382 return offset;
3383 }
3384
3385
3386 static const ber_sequence_t CancelRequestValue_sequence[] = {
3387 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3388 { NULL, 0, 0, 0, NULL }
3389 };
3390
3391 static int
3392 dissect_ldap_CancelRequestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3393 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3394 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue);
3395
3396 return offset;
3397 }
3398
3399
3400 static const value_string ldap_T_mode_vals[] = {
3401 { 1, "refreshOnly" },
3402 { 3, "refreshAndPersist" },
3403 { 0, NULL }
3404 };
3405
3406
3407 static int
3408 dissect_ldap_T_mode(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3409 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3410 NULL);
3411
3412 return offset;
3413 }
3414
3415
3416 static const ber_sequence_t SyncRequestValue_sequence[] = {
3417 { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode },
3418 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3419 { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3420 { NULL, 0, 0, 0, NULL }
3421 };
3422
3423 static int
3424 dissect_ldap_SyncRequestValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3425 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3426 SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue);
3427
3428 return offset;
3429 }
3430
3431
3432 static const value_string ldap_T_state_vals[] = {
3433 { 0, "present" },
3434 { 1, "add" },
3435 { 2, "modify" },
3436 { 3, "delete" },
3437 { 0, NULL }
3438 };
3439
3440
3441 static int
3442 dissect_ldap_T_state(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3443 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3444 NULL);
3445
3446 return offset;
3447 }
3448
3449
3450
3451 static int
3452 dissect_ldap_SyncUUID(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3453 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3454 NULL);
3455
3456 return offset;
3457 }
3458
3459
3460 static const ber_sequence_t SyncStateValue_sequence[] = {
3461 { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state },
3462 { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3463 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3464 { NULL, 0, 0, 0, NULL }
3465 };
3466
3467 static int
3468 dissect_ldap_SyncStateValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3469 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3470 SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue);
3471
3472 return offset;
3473 }
3474
3475
3476 static const ber_sequence_t SyncDoneValue_sequence[] = {
3477 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3478 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3479 { NULL, 0, 0, 0, NULL }
3480 };
3481
3482 static int
3483 dissect_ldap_SyncDoneValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3484 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3485 SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue);
3486
3487 return offset;
3488 }
3489
3490
3491 static const ber_sequence_t T_refreshDelete_sequence[] = {
3492 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3493 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3494 { NULL, 0, 0, 0, NULL }
3495 };
3496
3497 static int
3498 dissect_ldap_T_refreshDelete(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3499 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3500 T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete);
3501
3502 return offset;
3503 }
3504
3505
3506 static const ber_sequence_t T_refreshPresent_sequence[] = {
3507 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3508 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3509 { NULL, 0, 0, 0, NULL }
3510 };
3511
3512 static int
3513 dissect_ldap_T_refreshPresent(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3514 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3515 T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent);
3516
3517 return offset;
3518 }
3519
3520
3521 static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = {
3522 { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3523 };
3524
3525 static int
3526 dissect_ldap_SET_OF_SyncUUID(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3527 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
3528 SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID);
3529
3530 return offset;
3531 }
3532
3533
3534 static const ber_sequence_t T_syncIdSet_sequence[] = {
3535 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3536 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3537 { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID },
3538 { NULL, 0, 0, 0, NULL }
3539 };
3540
3541 static int
3542 dissect_ldap_T_syncIdSet(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3543 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3544 T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet);
3545
3546 return offset;
3547 }
3548
3549
3550 static const value_string ldap_SyncInfoValue_vals[] = {
3551 { 0, "newcookie" },
3552 { 1, "refreshDelete" },
3553 { 2, "refreshPresent" },
3554 { 3, "syncIdSet" },
3555 { 0, NULL }
3556 };
3557
3558 static const ber_choice_t SyncInfoValue_choice[] = {
3559 { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3560 { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete },
3561 { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent },
3562 { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet },
3563 { 0, NULL, 0, 0, 0, NULL }
3564 };
3565
3566 static int
3567 dissect_ldap_SyncInfoValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3568 offset = dissect_ber_choice(actx, tree, tvb, offset,
3569 SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue,
3570 NULL);
3571
3572 return offset;
3573 }
3574
3575
3576 static const value_string ldap_T_warning_vals[] = {
3577 { 0, "timeBeforeExpiration" },
3578 { 1, "graceAuthNsRemaining" },
3579 { 0, NULL }
3580 };
3581
3582 static const ber_choice_t T_warning_choice[] = {
3583 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3584 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3585 { 0, NULL, 0, 0, 0, NULL }
3586 };
3587
3588 static int
3589 dissect_ldap_T_warning(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3590 offset = dissect_ber_choice(actx, tree, tvb, offset,
3591 T_warning_choice, hf_index, ett_ldap_T_warning,
3592 NULL);
3593
3594 return offset;
3595 }
3596
3597
3598 static const value_string ldap_T_error_vals[] = {
3599 { 0, "passwordExpired" },
3600 { 1, "accountLocked" },
3601 { 2, "changeAfterReset" },
3602 { 3, "passwordModNotAllowed" },
3603 { 4, "mustSupplyOldPassword" },
3604 { 5, "insufficientPasswordQuality" },
3605 { 6, "passwordTooShort" },
3606 { 7, "passwordTooYoung" },
3607 { 8, "passwordInHistory" },
3608 { 0, NULL }
3609 };
3610
3611
3612 static int
3613 dissect_ldap_T_error(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3614 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3615 NULL);
3616
3617 return offset;
3618 }
3619
3620
3621 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = {
3622 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning },
3623 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error },
3624 { NULL, 0, 0, 0, NULL }
3625 };
3626
3627 static int
3628 dissect_ldap_PasswordPolicyResponseValue(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3629 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3630 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue);
3631
3632 return offset;
3633 }
3634
3635 /*--- PDUs ---*/
3636
3637 static int dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3638 int offset = 0;
3639 asn1_ctx_t asn1_ctx;
3640 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3641 offset = dissect_ldap_SearchControlValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU);
3642 return offset;
3643 }
3644 static int dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3645 int offset = 0;
3646 asn1_ctx_t asn1_ctx;
3647 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3648 offset = dissect_ldap_SortKeyList(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU);
3649 return offset;
3650 }
3651 static int dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3652 int offset = 0;
3653 asn1_ctx_t asn1_ctx;
3654 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3655 offset = dissect_ldap_SortResult(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SortResult_PDU);
3656 return offset;
3657 }
3658 static int dissect_DirSyncControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3659 int offset = 0;
3660 asn1_ctx_t asn1_ctx;
3661 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3662 offset = dissect_ldap_DirSyncControlValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_DirSyncControlValue_PDU);
3663 return offset;
3664 }
3665 static int dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3666 int offset = 0;
3667 asn1_ctx_t asn1_ctx;
3668 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3669 offset = dissect_ldap_PasswdModifyRequestValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU);
3670 return offset;
3671 }
3672 static int dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3673 int offset = 0;
3674 asn1_ctx_t asn1_ctx;
3675 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3676 offset = dissect_ldap_CancelRequestValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU);
3677 return offset;
3678 }
3679 static int dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3680 int offset = 0;
3681 asn1_ctx_t asn1_ctx;
3682 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3683 offset = dissect_ldap_SyncRequestValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU);
3684 return offset;
3685 }
3686 static int dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3687 int offset = 0;
3688 asn1_ctx_t asn1_ctx;
3689 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3690 offset = dissect_ldap_SyncStateValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU);
3691 return offset;
3692 }
3693 static int dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3694 int offset = 0;
3695 asn1_ctx_t asn1_ctx;
3696 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3697 offset = dissect_ldap_SyncDoneValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU);
3698 return offset;
3699 }
3700 static int dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3701 int offset = 0;
3702 asn1_ctx_t asn1_ctx;
3703 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3704 offset = dissect_ldap_SyncInfoValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU);
3705 return offset;
3706 }
3707 static int dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3708 int offset = 0;
3709 asn1_ctx_t asn1_ctx;
3710 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3711 offset = dissect_ldap_PasswordPolicyResponseValue(false, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU);
3712 return offset;
3713 }
3714
3715 static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) {
3716
3717 int offset = 0;
3718 asn1_ctx_t asn1_ctx;
3719 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, true, pinfo);
3720
3721 asn1_ctx.private_data = ldap_info;
3722 offset = dissect_ldap_LDAPMessage(false, tvb, offset, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU);
3723 return offset;
3724 }
3725
3726 static void
3727 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3728 proto_tree *tree, ldap_conv_info_t *ldap_info,
3729 bool is_mscldap)
3730 {
3731 int offset = 0;
3732 unsigned length_remaining;
3733 unsigned msg_len = 0;
3734 int messageOffset = 0;
3735 unsigned headerLength = 0;
3736 unsigned length = 0;
3737 tvbuff_t *msg_tvb = NULL;
3738 int8_t ber_class;
3739 bool pc, ind = 0;
3740 int32_t ber_tag;
3741
3742 attributedesc_string=NULL;
3743
3744
3745 one_more_pdu:
3746
3747 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
3748
3749 if (length_remaining < 6) return;
3750
3751 /*
3752 * OK, try to read the "Sequence Of" header; this gets the total
3753 * length of the LDAP message.
3754 */
3755 messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag);
3756 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
3757
3758 /* sanity check */
3759 if((msg_len<4) || (msg_len>10000000)) return;
3760
3761 if ( (ber_class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
3762 /*
3763 * Add the length of the "Sequence Of" header to the message
3764 * length.
3765 */
3766 headerLength = messageOffset - offset;
3767 msg_len += headerLength;
3768 if (msg_len < headerLength) {
3769 /*
3770 * The message length was probably so large that the total length
3771 * overflowed.
3772 *
3773 * Report this as an error.
3774 */
3775 show_reported_bounds_error(tvb, pinfo, tree);
3776 return;
3777 }
3778 } else {
3779 /*
3780 * We couldn't parse the header; just make it the amount of data
3781 * remaining in the tvbuff, so we'll give up on this segment
3782 * after attempting to parse the message - there's nothing more
3783 * we can do. "dissect_ldap_message()" will display the error.
3784 */
3785 msg_len = length_remaining;
3786 }
3787
3788 /*
3789 * Construct a tvbuff containing the amount of the payload we have
3790 * available. Make its reported length the amount of data in the
3791 * LDAP message.
3792 *
3793 * XXX - if reassembly isn't enabled. the subdissector will throw a
3794 * BoundsError exception, rather than a ReportedBoundsError exception.
3795 * We really want a tvbuff where the length is "length", the reported
3796 * length is "plen", and the "if the snapshot length were infinite"
3797 * length is the minimum of the reported length of the tvbuff handed
3798 * to us and "plen", with a new type of exception thrown if the offset
3799 * is within the reported length but beyond that third length, with
3800 * that exception getting the "Unreassembled Packet" error.
3801 */
3802 length = length_remaining;
3803 if (length > msg_len) length = msg_len;
3804 msg_tvb = tvb_new_subset_length_caplen(tvb, offset, length, msg_len);
3805
3806 /*
3807 * Now dissect the LDAP message.
3808 */
3809 ldap_info->is_mscldap = is_mscldap;
3810 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree, ldap_info);
3811
3812 offset += msg_len;
3813
3814 /* If this was a sasl blob there might be another PDU following in the
3815 * same blob
3816 */
3817 if(tvb_reported_length_remaining(tvb, offset)>=6){
3818 tvb = tvb_new_subset_remaining(tvb, offset);
3819 offset = 0;
3820
3821 goto one_more_pdu;
3822 }
3823
3824 }
3825
3826 static void
3827 ldap_frame_end(void)
3828 {
3829 ldap_found_in_frame = false;
3830 attr_type = NULL;
3831 ldapvalue_string = NULL;
3832 /* ? */
3833 attributedesc_string = NULL;
3834 Filter_string = NULL;
3835 and_filter_string = NULL;
3836 object_identifier_id = NULL;
3837 or_filter_string = NULL;
3838
3839 substring_item_any = NULL;
3840 substring_item_final = NULL;
3841 substring_item_init = NULL;
3842 substring_value = NULL;
3843
3844 ldm_tree = NULL;
3845
3846 Filter_elements = 0;
3847 Filter_length = 0;
3848 do_protocolop = false;
3849 result = 0;
3850
3851 /* seems to be ok, but reset just in case */
3852 matching_rule_string = NULL;
3853 }
3854
3855 static void
3856 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, bool is_mscldap)
3857 {
3858 int offset = 0;
3859 conversation_t *conversation;
3860 bool doing_sasl_security = false;
3861 unsigned length_remaining;
3862 ldap_conv_info_t *ldap_info = NULL;
3863 proto_item *ldap_item = NULL;
3864 proto_tree *ldap_tree = NULL;
3865 uint32_t sasl_length = 0;
3866 uint32_t remaining_length = 0;
3867 uint8_t sasl_start[2] = { 0, };
3868 bool detected_sasl_security = false;
3869
3870 ldm_tree = NULL;
3871
3872 conversation = find_or_create_conversation(pinfo);
3873
3874 /*
3875 * Do we already have a type and mechanism?
3876 */
3877 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
3878 if (ldap_info == NULL) {
3879 /* No. Attach that information to the conversation, and add
3880 * it to the list of information structures.
3881 */
3882 ldap_info = wmem_new0(wmem_file_scope(), ldap_conv_info_t);
3883 ldap_info->matched=wmem_map_new(wmem_file_scope(), ldap_info_hash_matched, ldap_info_equal_matched);
3884 ldap_info->unmatched=wmem_map_new(wmem_file_scope(), ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3885
3886 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3887 }
3888
3889 switch (ldap_info->auth_type) {
3890 case LDAP_AUTH_SASL:
3891 /*
3892 * It's SASL; are we using a security layer?
3893 */
3894 if (ldap_info->first_auth_frame != 0 &&
3895 pinfo->num >= ldap_info->first_auth_frame) {
3896 doing_sasl_security = true; /* yes */
3897 }
3898 }
3899
3900 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
3901
3902 /* It might still be a packet containing a SASL security layer
3903 * but it's just that we never saw the BIND packet.
3904 * check if it looks like it could be a SASL blob here
3905 * and in that case just assume it is GSS-SPNEGO
3906 */
3907 if(!doing_sasl_security && tvb_bytes_exist(tvb, offset, 6)) {
3908 sasl_length = tvb_get_ntohl(tvb, offset);
3909 remaining_length = tvb_reported_length_remaining(tvb, offset);
3910 sasl_start[0] = tvb_get_uint8(tvb, offset+4);
3911 sasl_start[1] = tvb_get_uint8(tvb, offset+5);
3912 }
3913 if ((sasl_length + 4) <= remaining_length) {
3914 if (sasl_start[0] == 0x05 && sasl_start[1] == 0x04) {
3915 /*
3916 * Likely modern kerberos signing
3917 */
3918 detected_sasl_security = true;
3919 } else if (sasl_start[0] == 0x60) {
3920 /*
3921 * Likely ASN.1 based kerberos
3922 */
3923 detected_sasl_security = true;
3924 }
3925 }
3926 if (detected_sasl_security) {
3927 ldap_info->auth_type=LDAP_AUTH_SASL;
3928 ldap_info->first_auth_frame=pinfo->num;
3929 ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
3930 doing_sasl_security=true;
3931 }
3932
3933 /*
3934 * This is the first PDU, set the Protocol column and clear the
3935 * Info column.
3936 */
3937 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
3938
3939 if(ldap_found_in_frame) {
3940 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
3941 col_append_str(pinfo->cinfo, COL_INFO, " | ");
3942 col_set_fence(pinfo->cinfo, COL_INFO);
3943 } else {
3944 col_clear(pinfo->cinfo, COL_INFO);
3945 register_frame_end_routine (pinfo, ldap_frame_end);
3946 ldap_found_in_frame = true;
3947 }
3948
3949 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA);
3950 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
3951
3952 /*
3953 * Might we be doing a SASL security layer and, if so, *are* we doing
3954 * one?
3955 *
3956 * Just because we've seen a bind reply for SASL, that doesn't mean
3957 * that we're using a SASL security layer; I've seen captures in
3958 * which some SASL negotiations lead to a security layer being used
3959 * and other negotiations don't, and it's not obvious what's different
3960 * in the two negotiations. Therefore, we assume that if the first
3961 * byte is 0, it's a length for a SASL security layer (that way, we
3962 * never reassemble more than 16 megabytes, protecting us from
3963 * chewing up *too* much memory), and otherwise that it's an LDAP
3964 * message (actually, if it's an LDAP message it should begin with 0x30,
3965 * but we want to parse garbage as LDAP messages rather than really
3966 * huge lengths).
3967 */
3968
3969 if (doing_sasl_security && tvb_get_uint8(tvb, offset) == 0) {
3970 proto_tree *sasl_tree;
3971 tvbuff_t *sasl_tvb;
3972 unsigned sasl_len, sasl_msg_len, length;
3973 /*
3974 * Yes. The frame begins with a 4-byte big-endian length.
3975 * And we know we have at least 6 bytes
3976 */
3977
3978 /*
3979 * Get the SASL length, which is the length of data in the buffer
3980 * following the length (i.e., it's 4 less than the total length).
3981 *
3982 * XXX - do we need to reassemble buffers? For now, we
3983 * assume that each LDAP message is entirely contained within
3984 * a buffer.
3985 */
3986 sasl_len = tvb_get_ntohl(tvb, offset);
3987 sasl_msg_len = sasl_len + 4;
3988 if (sasl_msg_len < 4) {
3989 /*
3990 * The message length was probably so large that the total length
3991 * overflowed.
3992 *
3993 * Report this as an error.
3994 */
3995 show_reported_bounds_error(tvb, pinfo, tree);
3996 return;
3997 }
3998
3999 /*
4000 * Construct a tvbuff containing the amount of the payload we have
4001 * available. Make its reported length the amount of data in the PDU.
4002 *
4003 * XXX - if reassembly isn't enabled. the subdissector will throw a
4004 * BoundsError exception, rather than a ReportedBoundsError exception.
4005 * We really want a tvbuff where the length is "length", the reported
4006 * length is "plen", and the "if the snapshot length were infinite"
4007 * length is the minimum of the reported length of the tvbuff handed
4008 * to us and "plen", with a new type of exception thrown if the offset
4009 * is within the reported length but beyond that third length, with
4010 * that exception getting the "Unreassembled Packet" error.
4011 */
4012 length = length_remaining;
4013 if (length > sasl_msg_len) length = sasl_msg_len;
4014 sasl_tvb = tvb_new_subset_length_caplen(tvb, offset, length, sasl_msg_len);
4015
4016 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, sasl_len);
4017
4018 sasl_tree = proto_tree_add_subtree(ldap_tree, sasl_tvb, 4, sasl_msg_len - 4, ett_ldap_sasl_blob, NULL, "SASL Buffer");
4019
4020 if (ldap_info->auth_mech != NULL &&
4021 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
4022 /* auth_mech may have been set from the bind */
4023 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
4024 tvbuff_t *gssapi_tvb = NULL;
4025 int ver_len;
4026 int tmp_length;
4027 gssapi_encrypt_info_t gssapi_encrypt;
4028
4029 /*
4030 * This is GSS-API (using SPNEGO, but we should be done with
4031 * the negotiation by now).
4032 *
4033 * Dissect the GSS_Wrap() token; it'll return the length of
4034 * the token, from which we compute the offset in the tvbuff at
4035 * which the plaintext data, i.e. the LDAP message, begins.
4036 */
4037 tmp_length = tvb_reported_length_remaining(sasl_tvb, 4);
4038 if ((unsigned)tmp_length > sasl_len)
4039 tmp_length = sasl_len;
4040 gssapi_tvb = tvb_new_subset_length_caplen(sasl_tvb, 4, tmp_length, sasl_len);
4041
4042 /* Attempt decryption of the GSSAPI wrapped data if possible */
4043 memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
4044 gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
4045 ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree, &gssapi_encrypt);
4046 /*
4047 * If ver_len is 0, it probably means that we got a PDU that is not
4048 * aligned to the start of the segment.
4049 */
4050 if(ver_len==0){
4051 return;
4052 }
4053 if (gssapi_encrypt.gssapi_data_encrypted) {
4054 if (gssapi_encrypt.gssapi_decrypted_tvb) {
4055 tvbuff_t *decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;
4056 proto_tree *enc_tree = NULL;
4057
4058 /*
4059 * The LDAP payload (blob) was encrypted and we were able to decrypt it.
4060 * The data was signed via a MIC token, sealed (encrypted), and "wrapped"
4061 * within the mechanism's "blob." Call dissect_ldap_payload to dissect
4062 * one or more LDAPMessages such as searchRequest messages within this
4063 * payload.
4064 */
4065 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
4066
4067 if (sasl_tree) {
4068 unsigned decr_len = tvb_reported_length(decr_tvb);
4069
4070 enc_tree = proto_tree_add_subtree_format(sasl_tree, decr_tvb, 0, -1,
4071 ett_ldap_payload, NULL, "GSS-API Encrypted payload (%d byte%s)",
4072 decr_len, plurality(decr_len, "", "s"));
4073 }
4074
4075 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
4076 } else {
4077 /*
4078 * The LDAP message was encrypted but couldn't be decrypted so just display the
4079 * encrypted data all of which is found in Packet Bytes.
4080 */
4081 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
4082 sasl_len-ver_len, plurality(sasl_len-ver_len, "", "s"));
4083
4084 proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
4085 }
4086 } else {
4087 tvbuff_t *plain_tvb;
4088 if (gssapi_encrypt.gssapi_decrypted_tvb) {
4089 plain_tvb = gssapi_encrypt.gssapi_decrypted_tvb;
4090 } else {
4091 plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
4092 }
4093 proto_tree *plain_tree = NULL;
4094
4095 /*
4096 * The payload was not encrypted (sealed) but was signed via a MIC token.
4097 * If krb5_tok_id == KRB_TOKEN_CFX_WRAP, the payload was wrapped within
4098 * the mechanism's blob. Call dissect_ldap_payload to dissect one or more
4099 * LDAPMessages within the payload.
4100 */
4101 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
4102
4103 if (sasl_tree) {
4104 unsigned plain_len = tvb_reported_length(plain_tvb);
4105
4106 plain_tree = proto_tree_add_subtree_format(sasl_tree, plain_tvb, 0, -1,
4107 ett_ldap_payload, NULL, "GSS-API payload (%d byte%s)",
4108 plain_len, plurality(plain_len, "", "s"));
4109 }
4110
4111 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
4112 }
4113 }
4114 } else {
4115 /*
4116 * The LDAP packet does not contain a SASL security layer. Such messages are typically sent
4117 * prior to the LDAP "bind" negotiation exchange which establishes the "context" of the session.
4118 * This means the data could neither be "signed" (no data origin auth or data integrity
4119 * check) nor "sealed" (encrypted).
4120 */
4121 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
4122 }
4123 }
4124
4125 int dissect_mscldap_string(wmem_allocator_t *scope, tvbuff_t *tvb, int offset, int max_len, char **str)
4126 {
4127 int compr_len;
4128 const char *name;
4129 unsigned name_len;
4130
4131 /* The name data MUST start at offset 0 of the tvb */
4132 compr_len = get_dns_name(tvb, offset, max_len, 0, &name, &name_len);
4133 *str = get_utf_8_string(scope, name, name_len);
4134 return offset + compr_len;
4135 }
4136
4137
4138 /* These are the cldap DC flags
4139 http://msdn.microsoft.com/en-us/library/cc201036.aspx
4140 */
4141 static const true_false_string tfs_ads_pdc = {
4142 "This is a PDC",
4143 "This is NOT a pdc"
4144 };
4145 static const true_false_string tfs_ads_gc = {
4146 "This is a GLOBAL CATALOGUE of forest",
4147 "This is NOT a global catalog of forest"
4148 };
4149 static const true_false_string tfs_ads_ldap = {
4150 "This is an LDAP server",
4151 "This is NOT an ldap server"
4152 };
4153 static const true_false_string tfs_ads_ds = {
4154 "This dc supports DS",
4155 "This dc does NOT support ds"
4156 };
4157 static const true_false_string tfs_ads_kdc = {
4158 "This is a KDC (kerberos)",
4159 "This is NOT a kdc (kerberos)"
4160 };
4161 static const true_false_string tfs_ads_timeserv = {
4162 "This dc is running TIME SERVICES (ntp)",
4163 "This dc is NOT running time services (ntp)"
4164 };
4165 static const true_false_string tfs_ads_closest = {
4166 "This server is in the same site as the client",
4167 "This server is NOT in the same site as the client"
4168 };
4169 static const true_false_string tfs_ads_writable = {
4170 "This dc is WRITABLE",
4171 "This dc is NOT writable"
4172 };
4173 static const true_false_string tfs_ads_good_timeserv = {
4174 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
4175 "This dc does NOT have a good time service (i.e. no hardware clock)"
4176 };
4177 static const true_false_string tfs_ads_ndnc = {
4178 "Domain is NON-DOMAIN NC serviced by ldap server",
4179 "Domain is NOT non-domain nc serviced by ldap server"
4180 };
4181 static const true_false_string tfs_ads_rodc = {
4182 "Domain controller is a Windows 2008 RODC",
4183 "Domain controller is not a Windows 2008 RODC"
4184 };
4185 static const true_false_string tfs_ads_wdc = {
4186 "Domain controller is a Windows 2008 writable NC",
4187 "Domain controller is not a Windows 2008 writable NC"
4188 };
4189 static const true_false_string tfs_ads_dns = {
4190 "Server name is in DNS format (Windows 2008)",
4191 "Server name is not in DNS format (Windows 2008)"
4192 };
4193 static const true_false_string tfs_ads_dnc = {
4194 "The NC is the default NC (Windows 2008)",
4195 "The NC is not the default NC (Windows 2008)"
4196 };
4197 static const true_false_string tfs_ads_fnc = {
4198 "The NC is the default forest NC(Windows 2008)",
4199 "The NC is not the default forest NC (Windows 2008)"
4200 };
4201 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
4202 {
4203 static int * const flags[] = {
4204 &hf_mscldap_netlogon_flags_fnc,
4205 &hf_mscldap_netlogon_flags_dnc,
4206 &hf_mscldap_netlogon_flags_dns,
4207 &hf_mscldap_netlogon_flags_wdc,
4208 &hf_mscldap_netlogon_flags_rodc,
4209 &hf_mscldap_netlogon_flags_ndnc,
4210 &hf_mscldap_netlogon_flags_good_timeserv,
4211 &hf_mscldap_netlogon_flags_writable,
4212 &hf_mscldap_netlogon_flags_closest,
4213 &hf_mscldap_netlogon_flags_timeserv,
4214 &hf_mscldap_netlogon_flags_kdc,
4215 &hf_mscldap_netlogon_flags_ds,
4216 &hf_mscldap_netlogon_flags_ldap,
4217 &hf_mscldap_netlogon_flags_gc,
4218 &hf_mscldap_netlogon_flags_pdc,
4219 NULL
4220 };
4221
4222 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_netlogon_flags,
4223 ett_mscldap_netlogon_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
4224 offset += 4;
4225
4226 return offset;
4227 }
4228
4229 static int dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4230 {
4231 int old_offset, offset=0;
4232 char *str;
4233 uint16_t itype;
4234 uint16_t len;
4235 uint32_t version;
4236 int fn_len;
4237 proto_item *item;
4238
4239 ldm_tree = NULL;
4240
4241
4242 /* Get the length of the buffer */
4243 len=tvb_reported_length_remaining(tvb,offset);
4244
4245 /* check the len if it is to small return */
4246 if (len < 10)
4247 return tvb_captured_length(tvb);
4248
4249 /* Type */
4250 proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4251 itype = tvb_get_letohs(tvb, offset);
4252 offset += 2;
4253
4254 switch(itype){
4255
4256 case LOGON_SAM_LOGON_RESPONSE:
4257 /* logon server name; must be aligned on a 2-byte boundary */
4258 if ((offset & 1) != 0) {
4259 offset++;
4260 }
4261 proto_tree_add_item_ret_length(tree, hf_mscldap_nb_hostname_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len);
4262 offset +=fn_len;
4263
4264 /* username; must be aligned on a 2-byte boundary */
4265 if ((offset & 1) != 0) {
4266 offset++;
4267 }
4268 proto_tree_add_item_ret_length(tree, hf_mscldap_username_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len);
4269 offset +=fn_len;
4270
4271 /* domain name; must be aligned on a 2-byte boundary */
4272 if ((offset & 1) != 0) {
4273 offset++;
4274 }
4275 proto_tree_add_item_ret_length(tree, hf_mscldap_nb_domain_z, tvb,offset, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN, &fn_len);
4276 offset +=fn_len;
4277
4278 /* get the version number from the end of the buffer, as the
4279 length is variable and the version determines what fields
4280 need to be decoded */
4281 version = tvb_get_letohl(tvb,len-8);
4282
4283 /* include the extra version 5 fields */
4284 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){
4285
4286 /* domain guid */
4287 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4288 offset += 16;
4289
4290 /* domain guid part 2
4291 there is another 16 byte guid but this is alway zero, so we will skip it */
4292 offset += 16;
4293
4294 /* Forest */
4295 old_offset=offset;
4296 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4297 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4298
4299 /* Domain */
4300 old_offset=offset;
4301 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4302 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4303
4304 /* Hostname */
4305 old_offset=offset;
4306 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4307 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4308
4309 /* DC IP Address */
4310 proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, ENC_BIG_ENDIAN);
4311 offset += 4;
4312
4313 /* Flags */
4314 dissect_mscldap_netlogon_flags(tree, tvb, offset);
4315 }
4316
4317 break;
4318
4319 case LOGON_SAM_LOGON_RESPONSE_EX:
4320 /* MS-ADTS 6.3.1.9 */
4321 offset += 2; /* Skip over "Sbz" field (MUST be set to 0) */
4322
4323 /* Flags */
4324 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4325
4326 /* Domain GUID */
4327 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4328 offset += 16;
4329
4330 /* Forest */
4331 old_offset=offset;
4332 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4333 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4334
4335 /* Domain */
4336 old_offset=offset;
4337 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4338 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4339
4340 /* Hostname */
4341 old_offset=offset;
4342 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4343 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4344
4345 /* NetBIOS Domain */
4346 old_offset=offset;
4347 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4348 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
4349
4350 /* NetBIOS Hostname */
4351 old_offset=offset;
4352 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4353 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
4354
4355 /* User */
4356 old_offset=offset;
4357 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4358 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
4359
4360 /* Server Site */
4361 old_offset=offset;
4362 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4363 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
4364
4365 /* Client Site */
4366 old_offset=offset;
4367 offset=dissect_mscldap_string(pinfo->pool, tvb, offset, 255, &str);
4368 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
4369
4370 /* get the version number from the end of the buffer, as the
4371 length is variable and the version determines what fields
4372 need to be decoded */
4373 version = tvb_get_letohl(tvb,len-8);
4374
4375 /* include the extra fields for version 5 with IP s */
4376 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){
4377 /* The ip address is returned as a sockaddr_in structure
4378 *
4379 * This section may need to be updated if the base Windows APIs
4380 * are changed to support ipv6, which currently is not the case.
4381 *
4382 * The dissector assumes the length is based on ipv4 and
4383 * ignores the length
4384 */
4385
4386 /* skip the length of the sockaddr_in */
4387
4388 offset +=1;
4389
4390 /* add IP address and dissect the sockaddr_in structure */
4391
4392 old_offset = offset + 4;
4393 item = proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, ENC_BIG_ENDIAN);
4394
4395 if (tree) {
4396 proto_tree *subtree;
4397
4398 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails);
4399
4400 /* get sockaddr family */
4401 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4402 offset +=2;
4403
4404 /* get sockaddr port */
4405 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4406 offset +=2;
4407
4408 /* get IP address */
4409 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
4410 }
4411
4412 }
4413
4414 break;
4415 }
4416
4417
4418 /* complete the decode with the version and token details */
4419
4420 offset = len - 8;
4421
4422 /* NETLOGON_NT_VERSION Options (MS-ADTS 6.3.1.1) */
4423 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
4424
4425 /* LM Token */
4426 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4427 offset += 2;
4428
4429 /* NT Token */
4430 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4431
4432 return tvb_captured_length(tvb);
4433 }
4434
4435
4436 static unsigned
4437 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
4438 int offset, void *data _U_)
4439 {
4440 /* sasl encapsulated ldap is 4 bytes plus the length in size */
4441 return tvb_get_ntohl(tvb, offset)+4;
4442 }
4443
4444 static int
4445 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4446 {
4447 dissect_ldap_pdu(tvb, pinfo, tree, false);
4448 return tvb_captured_length(tvb);
4449 }
4450
4451 static unsigned
4452 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
4453 int offset, void *data _U_)
4454 {
4455 uint32_t len;
4456 bool ind;
4457 int data_offset;
4458
4459 /* normal ldap is tag+len bytes plus the length
4460 * offset is where the tag is
4461 * offset+1 is where length starts
4462 */
4463 data_offset=get_ber_length(tvb, offset+1, &len, &ind);
4464 return len+data_offset-offset;
4465 }
4466
4467 static int
4468 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4469 {
4470 dissect_ldap_pdu(tvb, pinfo, tree, false);
4471 return tvb_captured_length(tvb);
4472 }
4473
4474 static int
4475 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4476 {
4477 char *oid;
4478 const char *oidname;
4479
4480 /* tvb here contains an ascii string that is really an oid */
4481 /* XXX we should convert the string oid into a real oid so we can use
4482 * proto_tree_add_oid() instead.
4483 */
4484
4485 oid=tvb_get_string_enc(pinfo->pool, tvb, 0, tvb_reported_length(tvb), ENC_UTF_8|ENC_NA);
4486 if(!oid){
4487 return tvb_captured_length(tvb);
4488 }
4489
4490 oidname=oid_resolved_from_string(pinfo->pool, oid);
4491
4492 if(oidname){
4493 proto_tree_add_string_format_value(tree, hf_ldap_oid, tvb, 0, tvb_reported_length(tvb), oid, "%s (%s)",oid,oidname);
4494 } else {
4495 proto_tree_add_string(tree, hf_ldap_oid, tvb, 0, tvb_captured_length(tvb), oid);
4496 }
4497 return tvb_captured_length(tvb);
4498 }
4499
4500 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
4501 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
4502 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
4503 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
4504 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
4505 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
4506 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
4507 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
4508 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
4509
4510 static void
4511 ldap_specific_rights(tvbuff_t *tvb, int offset, proto_tree *tree, uint32_t access)
4512 {
4513 static int * const access_flags[] = {
4514 &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
4515 &hf_ldap_AccessMask_ADS_LIST_OBJECT,
4516 &hf_ldap_AccessMask_ADS_DELETE_TREE,
4517 &hf_ldap_AccessMask_ADS_WRITE_PROP,
4518 &hf_ldap_AccessMask_ADS_READ_PROP,
4519 &hf_ldap_AccessMask_ADS_SELF_WRITE,
4520 &hf_ldap_AccessMask_ADS_LIST,
4521 &hf_ldap_AccessMask_ADS_DELETE_CHILD,
4522 &hf_ldap_AccessMask_ADS_CREATE_CHILD,
4523 NULL
4524 };
4525
4526 proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
4527 }
4528
4529 static struct access_mask_info ldap_access_mask_info = {
4530 "LDAP", /* Name of specific rights */
4531 ldap_specific_rights, /* Dissection function */
4532 NULL, /* Generic mapping table */
4533 NULL /* Standard mapping table */
4534 };
4535
4536 static int
4537 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4538 {
4539 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, true, tvb_reported_length(tvb), &ldap_access_mask_info);
4540 return tvb_captured_length(tvb);
4541 }
4542
4543 static int
4544 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4545 {
4546 char *tmpstr;
4547
4548 /* this octet string contains an NT SID */
4549 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
4550 ldapvalue_string=tmpstr;
4551 return tvb_captured_length(tvb);
4552 }
4553
4554 static int
4555 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4556 {
4557 uint8_t drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4558 e_guid_t uuid;
4559
4560 /* This octet string contained a GUID */
4561 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
4562
4563 ldapvalue_string=(char*)wmem_alloc(pinfo->pool, 1024);
4564 snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
4565 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
4566 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
4567 uuid.data4[6], uuid.data4[7]);
4568 return tvb_captured_length(tvb);
4569 }
4570
4571 static int
4572 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
4573 {
4574 uint32_t sasl_len;
4575 uint32_t ldap_len;
4576 bool ind;
4577 conversation_t *conversation;
4578 ldap_conv_info_t *ldap_info = NULL;
4579
4580 /*
4581 * Do we have a conversation for this connection?
4582 */
4583 conversation = find_conversation_pinfo(pinfo, 0);
4584 if(conversation){
4585 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
4586 }
4587
4588 ldm_tree = NULL;
4589
4590 /* This is a bit tricky. We have to find out whether SASL is used
4591 * so that we know how big a header we are supposed to pass
4592 * to tcp_dissect_pdus()
4593 * We must also cope with the case when a client connects to LDAP
4594 * and performs a few unauthenticated searches of LDAP before
4595 * it performs the bind on the same tcp connection.
4596 */
4597 /* check for a SASL header, i.e. assume it is SASL if
4598 * 1, first four bytes (SASL length) is an integer
4599 * with a value that must be <LDAP_SASL_MAX_BUF and >2
4600 * (>2 to fight false positives, 0x00000000 is a common
4601 * "random" tcp payload)
4602 * (SASL ldap PDUs might be >64k in size, which is why
4603 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
4604 *
4605 * 2, we must have a conversation and the auth type must
4606 * be LDAP_AUTH_SASL
4607 */
4608 sasl_len=tvb_get_ntohl(tvb, 0);
4609
4610 if( sasl_len<2 ){
4611 goto this_was_not_sasl;
4612 }
4613
4614 if( sasl_len>LDAP_SASL_MAX_BUF ){
4615 goto this_was_not_sasl;
4616 }
4617
4618 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
4619 goto this_was_not_sasl;
4620 }
4621
4622 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4623 return tvb_captured_length(tvb);
4624
4625 this_was_not_sasl:
4626 /* check if it is a normal BER encoded LDAP packet
4627 * i.e. first byte is 0x30 followed by a length that is
4628 * <64k
4629 * (no ldap PDUs are ever >64kb? )
4630 */
4631 if(tvb_get_uint8(tvb, 0)!=0x30){
4632 goto this_was_not_normal_ldap;
4633 }
4634
4635 /* check that length makes sense */
4636 get_ber_length(tvb, 1, &ldap_len, &ind);
4637
4638 /* don't check ind since indefinite length is never used for ldap (famous last words)*/
4639 if(ldap_len<2){
4640 goto this_was_not_normal_ldap;
4641 }
4642
4643 /*
4644 * The minimum size of a LDAP pdu is 7 bytes
4645 *
4646 * dumpasn1 -hh ldap-unbind-min.dat
4647 *
4648 * <30 05 02 01 09 42 00>
4649 * 0 5: SEQUENCE {
4650 * <02 01 09>
4651 * 2 1: INTEGER 9
4652 * <42 00>
4653 * 5 0: [APPLICATION 2]
4654 * : Error: Object has zero length.
4655 * : }
4656 *
4657 * dumpasn1 -hh ldap-unbind-windows.dat
4658 *
4659 * <30 84 00 00 00 05 02 01 09 42 00>
4660 * 0 5: SEQUENCE {
4661 * <02 01 09>
4662 * 6 1: INTEGER 9
4663 * <42 00>
4664 * 9 0: [APPLICATION 2]
4665 * : Error: Object has zero length.
4666 * : }
4667 *
4668 * 6 bytes would also be ok to get the full length of
4669 * the pdu, but as the smallest pdu can be 7 bytes
4670 * we can use 7.
4671 */
4672 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data);
4673
4674 goto end;
4675
4676 this_was_not_normal_ldap:
4677
4678 /* Ok it might be a strange case of SASL still
4679 * It has been seen with Exchange setup to MS AD
4680 * when Exchange pretend that there is SASL but in fact data are still
4681 * in clear*/
4682 if ((sasl_len + 4) == (uint32_t)tvb_reported_length_remaining(tvb, 0))
4683 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4684 end:
4685 return tvb_captured_length(tvb);
4686 }
4687
4688 static int
4689 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4690 {
4691 dissect_ldap_pdu(tvb, pinfo, tree, true);
4692 return tvb_captured_length(tvb);
4693 }
4694
4695
4696 /*--- proto_register_ldap -------------------------------------------*/
4697 void proto_register_ldap(void) {
4698
4699 /* List of fields */
4700
4701 static hf_register_info hf[] = {
4702
4703 { &hf_ldap_sasl_buffer_length,
4704 { "SASL Buffer Length", "ldap.sasl_buffer_length",
4705 FT_UINT32, BASE_DEC, NULL, 0x0,
4706 NULL, HFILL }},
4707 { &hf_ldap_response_in,
4708 { "Response In", "ldap.response_in",
4709 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_RESPONSE), 0x0,
4710 "The response to this LDAP request is in this frame", HFILL }},
4711 { &hf_ldap_response_to,
4712 { "Response To", "ldap.response_to",
4713 FT_FRAMENUM, BASE_NONE, FRAMENUM_TYPE(FT_FRAMENUM_REQUEST), 0x0,
4714 "This is a response to the LDAP request in this frame", HFILL }},
4715 { &hf_ldap_time,
4716 { "Time", "ldap.time",
4717 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
4718 "The time between the Call and the Reply", HFILL }},
4719
4720 { &hf_mscldap_netlogon_opcode,
4721 { "Operation code", "mscldap.netlogon.opcode",
4722 FT_UINT16, BASE_DEC, VALS(netlogon_opcode_vals), 0x0,
4723 "LDAP ping operation code", HFILL }},
4724
4725 { &hf_mscldap_netlogon_ipaddress_family,
4726 { "Family", "mscldap.netlogon.ipaddress.family",
4727 FT_UINT16, BASE_DEC, NULL, 0x0,
4728 NULL, HFILL }},
4729
4730 { &hf_mscldap_netlogon_ipaddress_ipv4,
4731 { "IPv4", "mscldap.netlogon.ipaddress.ipv4",
4732 FT_IPv4, BASE_NONE, NULL, 0x0,
4733 "IP Address", HFILL }},
4734
4735 { &hf_mscldap_netlogon_ipaddress_port,
4736 { "Port", "mscldap.netlogon.ipaddress.port",
4737 FT_UINT16, BASE_DEC, NULL, 0x0,
4738 NULL, HFILL }},
4739
4740 { &hf_mscldap_netlogon_ipaddress,
4741 { "IP Address","mscldap.netlogon.ipaddress",
4742 FT_IPv4, BASE_NONE, NULL, 0x0,
4743 "Domain Controller IP Address", HFILL }},
4744
4745 { &hf_mscldap_netlogon_lm_token,
4746 { "LM Token", "mscldap.netlogon.lm_token",
4747 FT_UINT16, BASE_HEX, NULL, 0x0,
4748 "MUST be set to 0xFFFF", HFILL }},
4749
4750 { &hf_mscldap_netlogon_nt_token,
4751 { "NT Token", "mscldap.netlogon.nt_token",
4752 FT_UINT16, BASE_HEX, NULL, 0x0,
4753 "MUST be set to 0xFFFF", HFILL }},
4754
4755 { &hf_mscldap_netlogon_flags,
4756 { "Flags", "mscldap.netlogon.flags",
4757 FT_UINT32, BASE_HEX, NULL, 0x0,
4758 "Netlogon flags describing the DC properties", HFILL }},
4759
4760 { &hf_mscldap_ntver_flags,
4761 { "Version Flags", "mscldap.ntver.flags",
4762 FT_UINT32, BASE_HEX, NULL, 0x0,
4763 "NETLOGON_NT_VERSION Options Bits", HFILL }},
4764
4765 { &hf_mscldap_domain_guid,
4766 { "Domain GUID", "mscldap.domain.guid",
4767 FT_GUID, BASE_NONE, NULL, 0x0,
4768 "Value of the NC's GUID attribute", HFILL }},
4769
4770 { &hf_mscldap_forest,
4771 { "Forest", "mscldap.forest",
4772 FT_STRING, BASE_NONE, NULL, 0x0,
4773 "DNS name of the forest", HFILL }},
4774
4775 { &hf_mscldap_domain,
4776 { "Domain", "mscldap.domain",
4777 FT_STRING, BASE_NONE, NULL, 0x0,
4778 "DNS name of the NC", HFILL }},
4779
4780 { &hf_mscldap_hostname,
4781 { "Hostname", "mscldap.hostname",
4782 FT_STRING, BASE_NONE, NULL, 0x0,
4783 "DNS name of server", HFILL }},
4784
4785 { &hf_mscldap_nb_domain_z,
4786 { "NetBIOS Domain", "mscldap.nb_domain",
4787 FT_STRINGZ, BASE_NONE, NULL, 0x0,
4788 "NetBIOS name of the NC", HFILL }},
4789
4790 { &hf_mscldap_nb_domain,
4791 { "NetBIOS Domain", "mscldap.nb_domain",
4792 FT_STRING, BASE_NONE, NULL, 0x0,
4793 "NetBIOS name of the NC", HFILL }},
4794
4795 { &hf_mscldap_nb_hostname_z,
4796 { "NetBIOS Hostname", "mscldap.nb_hostname",
4797 FT_STRINGZ, BASE_NONE, NULL, 0x0,
4798 "NetBIOS name of the server", HFILL }},
4799
4800 { &hf_mscldap_nb_hostname,
4801 { "NetBIOS Hostname", "mscldap.nb_hostname",
4802 FT_STRING, BASE_NONE, NULL, 0x0,
4803 "NetBIOS name of the server", HFILL }},
4804
4805 { &hf_mscldap_username_z,
4806 { "Username", "mscldap.username",
4807 FT_STRINGZ, BASE_NONE, NULL, 0x0,
4808 "User specified in client's request", HFILL }},
4809
4810 { &hf_mscldap_username,
4811 { "Username", "mscldap.username",
4812 FT_STRING, BASE_NONE, NULL, 0x0,
4813 "User specified in client's request", HFILL }},
4814
4815 { &hf_mscldap_sitename,
4816 { "Server Site", "mscldap.sitename",
4817 FT_STRING, BASE_NONE, NULL, 0x0,
4818 "Site name of the server", HFILL }},
4819
4820 { &hf_mscldap_clientsitename,
4821 { "Client Site", "mscldap.clientsitename",
4822 FT_STRING, BASE_NONE, NULL, 0x0,
4823 "Site name of the client", HFILL }},
4824
4825 { &hf_ldap_sid,
4826 { "Sid", "ldap.sid",
4827 FT_STRING, BASE_NONE, NULL, 0x0,
4828 NULL, HFILL }},
4829
4830 { &hf_mscldap_ntver_flags_v1,
4831 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32,
4832 TFS(&tfs_ntver_v1), 0x00000001, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4833
4834 { &hf_mscldap_ntver_flags_v5,
4835 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32,
4836 TFS(&tfs_ntver_v5), 0x00000002, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4837
4838 { &hf_mscldap_ntver_flags_v5ex,
4839 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32,
4840 TFS(&tfs_ntver_v5ex), 0x00000004, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4841
4842 { &hf_mscldap_ntver_flags_v5ep,
4843 { "V5EP", "mscldap.ntver.searchflags.v5ep", FT_BOOLEAN, 32,
4844 TFS(&tfs_ntver_v5ep), 0x00000008, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4845
4846 { &hf_mscldap_ntver_flags_vcs,
4847 { "VCS", "mscldap.ntver.searchflags.vcs", FT_BOOLEAN, 32,
4848 TFS(&tfs_ntver_vcs), 0x00000010, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4849
4850 { &hf_mscldap_ntver_flags_vnt4,
4851 { "VNT4", "mscldap.ntver.searchflags.vnt4", FT_BOOLEAN, 32,
4852 TFS(&tfs_ntver_vnt4), 0x01000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4853
4854 { &hf_mscldap_ntver_flags_vpdc,
4855 { "VPDC", "mscldap.ntver.searchflags.vpdc", FT_BOOLEAN, 32,
4856 TFS(&tfs_ntver_vpdc), 0x10000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4857
4858 { &hf_mscldap_ntver_flags_vip,
4859 { "VIP", "mscldap.ntver.searchflags.vip", FT_BOOLEAN, 32,
4860 TFS(&tfs_ntver_vip), 0x20000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4861
4862 { &hf_mscldap_ntver_flags_vl,
4863 { "VL", "mscldap.ntver.searchflags.vl", FT_BOOLEAN, 32,
4864 TFS(&tfs_ntver_vl), 0x40000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4865
4866 { &hf_mscldap_ntver_flags_vgc,
4867 { "VGC", "mscldap.ntver.searchflags.vgc", FT_BOOLEAN, 32,
4868 TFS(&tfs_ntver_vgc), 0x80000000, "See section 6.3.1.1 of MS-ADTS specification", HFILL }},
4869
4870
4871 { &hf_mscldap_netlogon_flags_pdc,
4872 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
4873 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
4874
4875 { &hf_mscldap_netlogon_flags_gc,
4876 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
4877 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
4878
4879 { &hf_mscldap_netlogon_flags_ldap,
4880 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
4881 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
4882
4883 { &hf_mscldap_netlogon_flags_ds,
4884 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
4885 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
4886
4887 { &hf_mscldap_netlogon_flags_kdc,
4888 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
4889 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
4890
4891 { &hf_mscldap_netlogon_flags_timeserv,
4892 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
4893 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
4894
4895 { &hf_mscldap_netlogon_flags_closest,
4896 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
4897 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }},
4898
4899 { &hf_mscldap_netlogon_flags_writable,
4900 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
4901 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }},
4902
4903 { &hf_mscldap_netlogon_flags_good_timeserv,
4904 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
4905 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
4906
4907 { &hf_mscldap_netlogon_flags_ndnc,
4908 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
4909 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
4910
4911 { &hf_mscldap_netlogon_flags_rodc,
4912 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32,
4913 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
4914
4915 { &hf_mscldap_netlogon_flags_wdc,
4916 { "WDC", "mscldap.netlogon.flags.writabledc", FT_BOOLEAN, 32,
4917 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
4918
4919 { &hf_mscldap_netlogon_flags_dns,
4920 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32,
4921 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }},
4922
4923 { &hf_mscldap_netlogon_flags_dnc,
4924 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32,
4925 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }},
4926
4927 { &hf_mscldap_netlogon_flags_fnc,
4928 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32,
4929 TFS(&tfs_ads_fnc), 0x80000000, "Is the NC the default forest root(Windows 2008)?", HFILL }},
4930
4931 { &hf_ldap_guid,
4932 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
4933 NULL, 0, NULL, HFILL }},
4934
4935 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
4936 { "Ads Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }},
4937
4938 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
4939 { "Ads Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }},
4940
4941 { &hf_ldap_AccessMask_ADS_LIST,
4942 { "Ads List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }},
4943
4944 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
4945 { "Ads Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }},
4946
4947 { &hf_ldap_AccessMask_ADS_READ_PROP,
4948 { "Ads Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }},
4949
4950 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
4951 { "Ads Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }},
4952
4953 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
4954 { "Ads Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }},
4955
4956 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
4957 { "Ads List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }},
4958
4959 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
4960 { "Ads Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }},
4961
4962 { &hf_ldap_LDAPMessage_PDU,
4963 { "LDAPMessage", "ldap.LDAPMessage_element", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
4964
4965 { &hf_ldap_object_security_flag,
4966 { "Flag Object_Security", "ldap.object_security_flag", FT_BOOLEAN, 32, NULL, 0x00000001, NULL, HFILL }},
4967
4968 { &hf_ldap_ancestor_first_flag,
4969 { "Flag Ancestor_First", "ldap.ancestor_first_flag", FT_BOOLEAN, 32, NULL, 0x00000800, NULL, HFILL }},
4970
4971 { &hf_ldap_public_data_only_flag,
4972 { "Flag Public_Data_Only", "ldap.public_data_only_flag", FT_BOOLEAN, 32, NULL, 0x00002000, NULL, HFILL }},
4973
4974 { &hf_ldap_incremental_value_flag,
4975 { "Flag Incremental_Value", "ldap.incremental_value_flag", FT_BOOLEAN, 32, NULL, 0x80000000, NULL, HFILL }},
4976
4977 { &hf_ldap_oid,
4978 { "OID", "ldap.oid", FT_STRING, BASE_NONE,
4979 NULL, 0, NULL, HFILL }},
4980
4981 { &hf_ldap_gssapi_encrypted_payload,
4982 { "GSS-API Encrypted payload", "ldap.gssapi_encrypted_payload", FT_BYTES, BASE_NONE,
4983 NULL, 0, NULL, HFILL }},
4984
4985 { &hf_ldap_SearchControlValue_PDU,
4986 { "SearchControlValue", "ldap.SearchControlValue_element",
4987 FT_NONE, BASE_NONE, NULL, 0,
4988 NULL, HFILL }},
4989 { &hf_ldap_SortKeyList_PDU,
4990 { "SortKeyList", "ldap.SortKeyList",
4991 FT_UINT32, BASE_DEC, NULL, 0,
4992 NULL, HFILL }},
4993 { &hf_ldap_SortResult_PDU,
4994 { "SortResult", "ldap.SortResult_element",
4995 FT_NONE, BASE_NONE, NULL, 0,
4996 NULL, HFILL }},
4997 { &hf_ldap_DirSyncControlValue_PDU,
4998 { "DirSyncControlValue", "ldap.DirSyncControlValue_element",
4999 FT_NONE, BASE_NONE, NULL, 0,
5000 NULL, HFILL }},
5001 { &hf_ldap_PasswdModifyRequestValue_PDU,
5002 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue_element",
5003 FT_NONE, BASE_NONE, NULL, 0,
5004 NULL, HFILL }},
5005 { &hf_ldap_CancelRequestValue_PDU,
5006 { "CancelRequestValue", "ldap.CancelRequestValue_element",
5007 FT_NONE, BASE_NONE, NULL, 0,
5008 NULL, HFILL }},
5009 { &hf_ldap_SyncRequestValue_PDU,
5010 { "SyncRequestValue", "ldap.SyncRequestValue_element",
5011 FT_NONE, BASE_NONE, NULL, 0,
5012 NULL, HFILL }},
5013 { &hf_ldap_SyncStateValue_PDU,
5014 { "SyncStateValue", "ldap.SyncStateValue_element",
5015 FT_NONE, BASE_NONE, NULL, 0,
5016 NULL, HFILL }},
5017 { &hf_ldap_SyncDoneValue_PDU,
5018 { "SyncDoneValue", "ldap.SyncDoneValue_element",
5019 FT_NONE, BASE_NONE, NULL, 0,
5020 NULL, HFILL }},
5021 { &hf_ldap_SyncInfoValue_PDU,
5022 { "SyncInfoValue", "ldap.SyncInfoValue",
5023 FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0,
5024 NULL, HFILL }},
5025 { &hf_ldap_PasswordPolicyResponseValue_PDU,
5026 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue_element",
5027 FT_NONE, BASE_NONE, NULL, 0,
5028 NULL, HFILL }},
5029 { &hf_ldap_messageID,
5030 { "messageID", "ldap.messageID",
5031 FT_UINT32, BASE_DEC, NULL, 0,
5032 NULL, HFILL }},
5033 { &hf_ldap_protocolOp,
5034 { "protocolOp", "ldap.protocolOp",
5035 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
5036 NULL, HFILL }},
5037 { &hf_ldap_controls,
5038 { "controls", "ldap.controls",
5039 FT_UINT32, BASE_DEC, NULL, 0,
5040 NULL, HFILL }},
5041 { &hf_ldap_bindRequest,
5042 { "bindRequest", "ldap.bindRequest_element",
5043 FT_NONE, BASE_NONE, NULL, 0,
5044 NULL, HFILL }},
5045 { &hf_ldap_bindResponse,
5046 { "bindResponse", "ldap.bindResponse_element",
5047 FT_NONE, BASE_NONE, NULL, 0,
5048 NULL, HFILL }},
5049 { &hf_ldap_unbindRequest,
5050 { "unbindRequest", "ldap.unbindRequest_element",
5051 FT_NONE, BASE_NONE, NULL, 0,
5052 NULL, HFILL }},
5053 { &hf_ldap_searchRequest,
5054 { "searchRequest", "ldap.searchRequest_element",
5055 FT_NONE, BASE_NONE, NULL, 0,
5056 NULL, HFILL }},
5057 { &hf_ldap_searchResEntry,
5058 { "searchResEntry", "ldap.searchResEntry_element",
5059 FT_NONE, BASE_NONE, NULL, 0,
5060 "SearchResultEntry", HFILL }},
5061 { &hf_ldap_searchResDone,
5062 { "searchResDone", "ldap.searchResDone_element",
5063 FT_NONE, BASE_NONE, NULL, 0,
5064 "SearchResultDone", HFILL }},
5065 { &hf_ldap_searchResRef,
5066 { "searchResRef", "ldap.searchResRef",
5067 FT_UINT32, BASE_DEC, NULL, 0,
5068 "SearchResultReference", HFILL }},
5069 { &hf_ldap_modifyRequest,
5070 { "modifyRequest", "ldap.modifyRequest_element",
5071 FT_NONE, BASE_NONE, NULL, 0,
5072 NULL, HFILL }},
5073 { &hf_ldap_modifyResponse,
5074 { "modifyResponse", "ldap.modifyResponse_element",
5075 FT_NONE, BASE_NONE, NULL, 0,
5076 NULL, HFILL }},
5077 { &hf_ldap_addRequest,
5078 { "addRequest", "ldap.addRequest_element",
5079 FT_NONE, BASE_NONE, NULL, 0,
5080 NULL, HFILL }},
5081 { &hf_ldap_addResponse,
5082 { "addResponse", "ldap.addResponse_element",
5083 FT_NONE, BASE_NONE, NULL, 0,
5084 NULL, HFILL }},
5085 { &hf_ldap_delRequest,
5086 { "delRequest", "ldap.delRequest",
5087 FT_STRING, BASE_NONE, NULL, 0,
5088 NULL, HFILL }},
5089 { &hf_ldap_delResponse,
5090 { "delResponse", "ldap.delResponse_element",
5091 FT_NONE, BASE_NONE, NULL, 0,
5092 NULL, HFILL }},
5093 { &hf_ldap_modDNRequest,
5094 { "modDNRequest", "ldap.modDNRequest_element",
5095 FT_NONE, BASE_NONE, NULL, 0,
5096 "ModifyDNRequest", HFILL }},
5097 { &hf_ldap_modDNResponse,
5098 { "modDNResponse", "ldap.modDNResponse_element",
5099 FT_NONE, BASE_NONE, NULL, 0,
5100 "ModifyDNResponse", HFILL }},
5101 { &hf_ldap_compareRequest,
5102 { "compareRequest", "ldap.compareRequest_element",
5103 FT_NONE, BASE_NONE, NULL, 0,
5104 NULL, HFILL }},
5105 { &hf_ldap_compareResponse,
5106 { "compareResponse", "ldap.compareResponse_element",
5107 FT_NONE, BASE_NONE, NULL, 0,
5108 NULL, HFILL }},
5109 { &hf_ldap_abandonRequest,
5110 { "abandonRequest", "ldap.abandonRequest",
5111 FT_UINT32, BASE_DEC, NULL, 0,
5112 NULL, HFILL }},
5113 { &hf_ldap_extendedReq,
5114 { "extendedReq", "ldap.extendedReq_element",
5115 FT_NONE, BASE_NONE, NULL, 0,
5116 "ExtendedRequest", HFILL }},
5117 { &hf_ldap_extendedResp,
5118 { "extendedResp", "ldap.extendedResp_element",
5119 FT_NONE, BASE_NONE, NULL, 0,
5120 "ExtendedResponse", HFILL }},
5121 { &hf_ldap_intermediateResponse,
5122 { "intermediateResponse", "ldap.intermediateResponse_element",
5123 FT_NONE, BASE_NONE, NULL, 0,
5124 NULL, HFILL }},
5125 { &hf_ldap_AttributeDescriptionList_item,
5126 { "AttributeDescription", "ldap.AttributeDescription",
5127 FT_STRING, BASE_NONE, NULL, 0,
5128 NULL, HFILL }},
5129 { &hf_ldap_attributeDesc,
5130 { "attributeDesc", "ldap.attributeDesc",
5131 FT_STRING, BASE_NONE, NULL, 0,
5132 "AttributeDescription", HFILL }},
5133 { &hf_ldap_assertionValue,
5134 { "assertionValue", "ldap.assertionValue",
5135 FT_STRING, BASE_NONE, NULL, 0,
5136 NULL, HFILL }},
5137 { &hf_ldap_type,
5138 { "type", "ldap.type",
5139 FT_STRING, BASE_NONE, NULL, 0,
5140 "AttributeDescription", HFILL }},
5141 { &hf_ldap_vals,
5142 { "vals", "ldap.vals",
5143 FT_UINT32, BASE_DEC, NULL, 0,
5144 "SET_OF_AttributeValue", HFILL }},
5145 { &hf_ldap_vals_item,
5146 { "AttributeValue", "ldap.AttributeValue",
5147 FT_BYTES, BASE_NONE, NULL, 0,
5148 NULL, HFILL }},
5149 { &hf_ldap_resultCode,
5150 { "resultCode", "ldap.resultCode",
5151 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
5152 NULL, HFILL }},
5153 { &hf_ldap_matchedDN,
5154 { "matchedDN", "ldap.matchedDN",
5155 FT_STRING, BASE_NONE, NULL, 0,
5156 "LDAPDN", HFILL }},
5157 { &hf_ldap_errorMessage,
5158 { "errorMessage", "ldap.errorMessage",
5159 FT_STRING, BASE_NONE, NULL, 0,
5160 NULL, HFILL }},
5161 { &hf_ldap_referral,
5162 { "referral", "ldap.referral",
5163 FT_UINT32, BASE_DEC, NULL, 0,
5164 NULL, HFILL }},
5165 { &hf_ldap_Referral_item,
5166 { "LDAPURL", "ldap.LDAPURL",
5167 FT_STRING, BASE_NONE, NULL, 0,
5168 NULL, HFILL }},
5169 { &hf_ldap_Controls_item,
5170 { "Control", "ldap.Control_element",
5171 FT_NONE, BASE_NONE, NULL, 0,
5172 NULL, HFILL }},
5173 { &hf_ldap_controlType,
5174 { "controlType", "ldap.controlType",
5175 FT_STRING, BASE_NONE, NULL, 0,
5176 NULL, HFILL }},
5177 { &hf_ldap_criticality,
5178 { "criticality", "ldap.criticality",
5179 FT_BOOLEAN, BASE_NONE, NULL, 0,
5180 "BOOLEAN", HFILL }},
5181 { &hf_ldap_controlValue,
5182 { "controlValue", "ldap.controlValue",
5183 FT_BYTES, BASE_NONE, NULL, 0,
5184 NULL, HFILL }},
5185 { &hf_ldap_version,
5186 { "version", "ldap.version",
5187 FT_UINT32, BASE_DEC, NULL, 0,
5188 "INTEGER_1_127", HFILL }},
5189 { &hf_ldap_name,
5190 { "name", "ldap.name",
5191 FT_STRING, BASE_NONE, NULL, 0,
5192 "LDAPDN", HFILL }},
5193 { &hf_ldap_authentication,
5194 { "authentication", "ldap.authentication",
5195 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
5196 "AuthenticationChoice", HFILL }},
5197 { &hf_ldap_simple,
5198 { "simple", "ldap.simple",
5199 FT_STRING, BASE_NONE, NULL, 0,
5200 NULL, HFILL }},
5201 { &hf_ldap_sasl,
5202 { "sasl", "ldap.sasl_element",
5203 FT_NONE, BASE_NONE, NULL, 0,
5204 "SaslCredentials", HFILL }},
5205 { &hf_ldap_ntlmsspNegotiate,
5206 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
5207 FT_BYTES, BASE_NONE, NULL, 0,
5208 NULL, HFILL }},
5209 { &hf_ldap_ntlmsspAuth,
5210 { "ntlmsspAuth", "ldap.ntlmsspAuth",
5211 FT_BYTES, BASE_NONE, NULL, 0,
5212 NULL, HFILL }},
5213 { &hf_ldap_mechanism,
5214 { "mechanism", "ldap.mechanism",
5215 FT_STRING, BASE_NONE, NULL, 0,
5216 NULL, HFILL }},
5217 { &hf_ldap_credentials,
5218 { "credentials", "ldap.credentials",
5219 FT_BYTES, BASE_NONE, NULL, 0,
5220 NULL, HFILL }},
5221 { &hf_ldap_bindResponse_resultCode,
5222 { "resultCode", "ldap.resultCode",
5223 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
5224 "BindResponse_resultCode", HFILL }},
5225 { &hf_ldap_bindResponse_matchedDN,
5226 { "matchedDN", "ldap.matchedDN",
5227 FT_STRING, BASE_NONE, NULL, 0,
5228 "T_bindResponse_matchedDN", HFILL }},
5229 { &hf_ldap_serverSaslCreds,
5230 { "serverSaslCreds", "ldap.serverSaslCreds",
5231 FT_BYTES, BASE_NONE, NULL, 0,
5232 NULL, HFILL }},
5233 { &hf_ldap_baseObject,
5234 { "baseObject", "ldap.baseObject",
5235 FT_STRING, BASE_NONE, NULL, 0,
5236 "LDAPDN", HFILL }},
5237 { &hf_ldap_scope,
5238 { "scope", "ldap.scope",
5239 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
5240 NULL, HFILL }},
5241 { &hf_ldap_derefAliases,
5242 { "derefAliases", "ldap.derefAliases",
5243 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
5244 NULL, HFILL }},
5245 { &hf_ldap_sizeLimit,
5246 { "sizeLimit", "ldap.sizeLimit",
5247 FT_UINT32, BASE_DEC, NULL, 0,
5248 "INTEGER_0_maxInt", HFILL }},
5249 { &hf_ldap_timeLimit,
5250 { "timeLimit", "ldap.timeLimit",
5251 FT_UINT32, BASE_DEC, NULL, 0,
5252 "INTEGER_0_maxInt", HFILL }},
5253 { &hf_ldap_typesOnly,
5254 { "typesOnly", "ldap.typesOnly",
5255 FT_BOOLEAN, BASE_NONE, NULL, 0,
5256 "BOOLEAN", HFILL }},
5257 { &hf_ldap_filter,
5258 { "filter", "ldap.filter",
5259 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5260 NULL, HFILL }},
5261 { &hf_ldap_searchRequest_attributes,
5262 { "attributes", "ldap.attributes",
5263 FT_UINT32, BASE_DEC, NULL, 0,
5264 "AttributeDescriptionList", HFILL }},
5265 { &hf_ldap_and,
5266 { "and", "ldap.and",
5267 FT_UINT32, BASE_DEC, NULL, 0,
5268 NULL, HFILL }},
5269 { &hf_ldap_and_item,
5270 { "and item", "ldap.and_item",
5271 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5272 NULL, HFILL }},
5273 { &hf_ldap_or,
5274 { "or", "ldap.or",
5275 FT_UINT32, BASE_DEC, NULL, 0,
5276 NULL, HFILL }},
5277 { &hf_ldap_or_item,
5278 { "or item", "ldap.or_item",
5279 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5280 NULL, HFILL }},
5281 { &hf_ldap_not,
5282 { "not", "ldap.not",
5283 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5284 NULL, HFILL }},
5285 { &hf_ldap_equalityMatch,
5286 { "equalityMatch", "ldap.equalityMatch_element",
5287 FT_NONE, BASE_NONE, NULL, 0,
5288 NULL, HFILL }},
5289 { &hf_ldap_substrings,
5290 { "substrings", "ldap.substrings_element",
5291 FT_NONE, BASE_NONE, NULL, 0,
5292 "SubstringFilter", HFILL }},
5293 { &hf_ldap_greaterOrEqual,
5294 { "greaterOrEqual", "ldap.greaterOrEqual_element",
5295 FT_NONE, BASE_NONE, NULL, 0,
5296 NULL, HFILL }},
5297 { &hf_ldap_lessOrEqual,
5298 { "lessOrEqual", "ldap.lessOrEqual_element",
5299 FT_NONE, BASE_NONE, NULL, 0,
5300 NULL, HFILL }},
5301 { &hf_ldap_present,
5302 { "present", "ldap.present",
5303 FT_STRING, BASE_NONE, NULL, 0,
5304 NULL, HFILL }},
5305 { &hf_ldap_approxMatch,
5306 { "approxMatch", "ldap.approxMatch_element",
5307 FT_NONE, BASE_NONE, NULL, 0,
5308 NULL, HFILL }},
5309 { &hf_ldap_extensibleMatch,
5310 { "extensibleMatch", "ldap.extensibleMatch_element",
5311 FT_NONE, BASE_NONE, NULL, 0,
5312 NULL, HFILL }},
5313 { &hf_ldap_substringFilter_substrings,
5314 { "substrings", "ldap.substrings",
5315 FT_UINT32, BASE_DEC, NULL, 0,
5316 "T_substringFilter_substrings", HFILL }},
5317 { &hf_ldap_substringFilter_substrings_item,
5318 { "substrings item", "ldap.substrings_item",
5319 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
5320 "T_substringFilter_substrings_item", HFILL }},
5321 { &hf_ldap_initial,
5322 { "initial", "ldap.initial",
5323 FT_STRING, BASE_NONE, NULL, 0,
5324 "LDAPString", HFILL }},
5325 { &hf_ldap_any,
5326 { "any", "ldap.any",
5327 FT_STRING, BASE_NONE, NULL, 0,
5328 "LDAPString", HFILL }},
5329 { &hf_ldap_final,
5330 { "final", "ldap.final",
5331 FT_STRING, BASE_NONE, NULL, 0,
5332 "LDAPString", HFILL }},
5333 { &hf_ldap_matchingRule,
5334 { "matchingRule", "ldap.matchingRule",
5335 FT_STRING, BASE_NONE, NULL, 0,
5336 "MatchingRuleId", HFILL }},
5337 { &hf_ldap_matchValue,
5338 { "matchValue", "ldap.matchValue",
5339 FT_STRING, BASE_NONE, NULL, 0,
5340 "AssertionValue", HFILL }},
5341 { &hf_ldap_dnAttributes,
5342 { "dnAttributes", "ldap.dnAttributes",
5343 FT_BOOLEAN, BASE_NONE, NULL, 0,
5344 NULL, HFILL }},
5345 { &hf_ldap_objectName,
5346 { "objectName", "ldap.objectName",
5347 FT_STRING, BASE_NONE, NULL, 0,
5348 "LDAPDN", HFILL }},
5349 { &hf_ldap_searchResultEntry_attributes,
5350 { "attributes", "ldap.attributes",
5351 FT_UINT32, BASE_DEC, NULL, 0,
5352 "PartialAttributeList", HFILL }},
5353 { &hf_ldap_PartialAttributeList_item,
5354 { "PartialAttributeList item", "ldap.PartialAttributeList_item_element",
5355 FT_NONE, BASE_NONE, NULL, 0,
5356 NULL, HFILL }},
5357 { &hf_ldap__untag_item,
5358 { "LDAPURL", "ldap.LDAPURL",
5359 FT_STRING, BASE_NONE, NULL, 0,
5360 NULL, HFILL }},
5361 { &hf_ldap_object,
5362 { "object", "ldap.object",
5363 FT_STRING, BASE_NONE, NULL, 0,
5364 "LDAPDN", HFILL }},
5365 { &hf_ldap_modifyRequest_modification,
5366 { "modification", "ldap.modification",
5367 FT_UINT32, BASE_DEC, NULL, 0,
5368 "ModifyRequest_modification", HFILL }},
5369 { &hf_ldap_modifyRequest_modification_item,
5370 { "modification item", "ldap.modification_item_element",
5371 FT_NONE, BASE_NONE, NULL, 0,
5372 "T_modifyRequest_modification_item", HFILL }},
5373 { &hf_ldap_operation,
5374 { "operation", "ldap.operation",
5375 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
5376 NULL, HFILL }},
5377 { &hf_ldap_modification,
5378 { "modification", "ldap.modification_element",
5379 FT_NONE, BASE_NONE, NULL, 0,
5380 "AttributeTypeAndValues", HFILL }},
5381 { &hf_ldap_entry,
5382 { "entry", "ldap.entry",
5383 FT_STRING, BASE_NONE, NULL, 0,
5384 "LDAPDN", HFILL }},
5385 { &hf_ldap_attributes,
5386 { "attributes", "ldap.attributes",
5387 FT_UINT32, BASE_DEC, NULL, 0,
5388 "AttributeList", HFILL }},
5389 { &hf_ldap_AttributeList_item,
5390 { "AttributeList item", "ldap.AttributeList_item_element",
5391 FT_NONE, BASE_NONE, NULL, 0,
5392 NULL, HFILL }},
5393 { &hf_ldap_newrdn,
5394 { "newrdn", "ldap.newrdn",
5395 FT_STRING, BASE_NONE, NULL, 0,
5396 "RelativeLDAPDN", HFILL }},
5397 { &hf_ldap_deleteoldrdn,
5398 { "deleteoldrdn", "ldap.deleteoldrdn",
5399 FT_BOOLEAN, BASE_NONE, NULL, 0,
5400 "BOOLEAN", HFILL }},
5401 { &hf_ldap_newSuperior,
5402 { "newSuperior", "ldap.newSuperior",
5403 FT_STRING, BASE_NONE, NULL, 0,
5404 "LDAPDN", HFILL }},
5405 { &hf_ldap_ava,
5406 { "ava", "ldap.ava_element",
5407 FT_NONE, BASE_NONE, NULL, 0,
5408 "AttributeValueAssertion", HFILL }},
5409 { &hf_ldap_requestName,
5410 { "requestName", "ldap.requestName",
5411 FT_STRING, BASE_NONE, NULL, 0,
5412 "LDAPOID", HFILL }},
5413 { &hf_ldap_requestValue,
5414 { "requestValue", "ldap.requestValue",
5415 FT_BYTES, BASE_NONE, NULL, 0,
5416 NULL, HFILL }},
5417 { &hf_ldap_extendedResponse_resultCode,
5418 { "resultCode", "ldap.resultCode",
5419 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
5420 "ExtendedResponse_resultCode", HFILL }},
5421 { &hf_ldap_responseName,
5422 { "responseName", "ldap.responseName",
5423 FT_STRING, BASE_NONE, NULL, 0,
5424 NULL, HFILL }},
5425 { &hf_ldap_response,
5426 { "response", "ldap.response",
5427 FT_BYTES, BASE_NONE, NULL, 0,
5428 "OCTET_STRING", HFILL }},
5429 { &hf_ldap_intermediateResponse_responseValue,
5430 { "responseValue", "ldap.responseValue",
5431 FT_BYTES, BASE_NONE, NULL, 0,
5432 "T_intermediateResponse_responseValue", HFILL }},
5433 { &hf_ldap_size,
5434 { "size", "ldap.size",
5435 FT_INT32, BASE_DEC, NULL, 0,
5436 "INTEGER", HFILL }},
5437 { &hf_ldap_cookie,
5438 { "cookie", "ldap.cookie",
5439 FT_BYTES, BASE_NONE, NULL, 0,
5440 "OCTET_STRING", HFILL }},
5441 { &hf_ldap_SortKeyList_item,
5442 { "SortKeyList item", "ldap.SortKeyList_item_element",
5443 FT_NONE, BASE_NONE, NULL, 0,
5444 NULL, HFILL }},
5445 { &hf_ldap_attributeType,
5446 { "attributeType", "ldap.attributeType",
5447 FT_STRING, BASE_NONE, NULL, 0,
5448 "AttributeDescription", HFILL }},
5449 { &hf_ldap_orderingRule,
5450 { "orderingRule", "ldap.orderingRule",
5451 FT_STRING, BASE_NONE, NULL, 0,
5452 "MatchingRuleId", HFILL }},
5453 { &hf_ldap_reverseOrder,
5454 { "reverseOrder", "ldap.reverseOrder",
5455 FT_BOOLEAN, BASE_NONE, NULL, 0,
5456 "BOOLEAN", HFILL }},
5457 { &hf_ldap_sortResult,
5458 { "sortResult", "ldap.sortResult",
5459 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
5460 NULL, HFILL }},
5461 { &hf_ldap_flags,
5462 { "flags", "ldap.flags",
5463 FT_UINT32, BASE_HEX, NULL, 0,
5464 "DirSyncFlags", HFILL }},
5465 { &hf_ldap_maxBytes,
5466 { "maxBytes", "ldap.maxBytes",
5467 FT_INT32, BASE_DEC, NULL, 0,
5468 "INTEGER", HFILL }},
5469 { &hf_ldap_userIdentity,
5470 { "userIdentity", "ldap.userIdentity",
5471 FT_BYTES, BASE_NONE, NULL, 0,
5472 "OCTET_STRING", HFILL }},
5473 { &hf_ldap_oldPasswd,
5474 { "oldPasswd", "ldap.oldPasswd",
5475 FT_BYTES, BASE_NONE, NULL, 0,
5476 "OCTET_STRING", HFILL }},
5477 { &hf_ldap_newPasswd,
5478 { "newPasswd", "ldap.newPasswd",
5479 FT_BYTES, BASE_NONE, NULL, 0,
5480 "OCTET_STRING", HFILL }},
5481 { &hf_ldap_cancelID,
5482 { "cancelID", "ldap.cancelID",
5483 FT_UINT32, BASE_DEC, NULL, 0,
5484 "MessageID", HFILL }},
5485 { &hf_ldap_mode,
5486 { "mode", "ldap.mode",
5487 FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0,
5488 NULL, HFILL }},
5489 { &hf_ldap_reloadHint,
5490 { "reloadHint", "ldap.reloadHint",
5491 FT_BOOLEAN, BASE_NONE, NULL, 0,
5492 "BOOLEAN", HFILL }},
5493 { &hf_ldap_state,
5494 { "state", "ldap.state",
5495 FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0,
5496 NULL, HFILL }},
5497 { &hf_ldap_entryUUID,
5498 { "entryUUID", "ldap.entryUUID",
5499 FT_BYTES, BASE_NONE, NULL, 0,
5500 "SyncUUID", HFILL }},
5501 { &hf_ldap_refreshDeletes,
5502 { "refreshDeletes", "ldap.refreshDeletes",
5503 FT_BOOLEAN, BASE_NONE, NULL, 0,
5504 "BOOLEAN", HFILL }},
5505 { &hf_ldap_newcookie,
5506 { "newcookie", "ldap.newcookie",
5507 FT_BYTES, BASE_NONE, NULL, 0,
5508 "OCTET_STRING", HFILL }},
5509 { &hf_ldap_refreshDelete,
5510 { "refreshDelete", "ldap.refreshDelete_element",
5511 FT_NONE, BASE_NONE, NULL, 0,
5512 NULL, HFILL }},
5513 { &hf_ldap_refreshDone,
5514 { "refreshDone", "ldap.refreshDone",
5515 FT_BOOLEAN, BASE_NONE, NULL, 0,
5516 "BOOLEAN", HFILL }},
5517 { &hf_ldap_refreshPresent,
5518 { "refreshPresent", "ldap.refreshPresent_element",
5519 FT_NONE, BASE_NONE, NULL, 0,
5520 NULL, HFILL }},
5521 { &hf_ldap_syncIdSet,
5522 { "syncIdSet", "ldap.syncIdSet_element",
5523 FT_NONE, BASE_NONE, NULL, 0,
5524 NULL, HFILL }},
5525 { &hf_ldap_syncUUIDs,
5526 { "syncUUIDs", "ldap.syncUUIDs",
5527 FT_UINT32, BASE_DEC, NULL, 0,
5528 "SET_OF_SyncUUID", HFILL }},
5529 { &hf_ldap_syncUUIDs_item,
5530 { "SyncUUID", "ldap.SyncUUID",
5531 FT_BYTES, BASE_NONE, NULL, 0,
5532 NULL, HFILL }},
5533 { &hf_ldap_warning,
5534 { "warning", "ldap.warning",
5535 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0,
5536 NULL, HFILL }},
5537 { &hf_ldap_timeBeforeExpiration,
5538 { "timeBeforeExpiration", "ldap.timeBeforeExpiration",
5539 FT_UINT32, BASE_DEC, NULL, 0,
5540 "INTEGER_0_maxInt", HFILL }},
5541 { &hf_ldap_graceAuthNsRemaining,
5542 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining",
5543 FT_UINT32, BASE_DEC, NULL, 0,
5544 "INTEGER_0_maxInt", HFILL }},
5545 { &hf_ldap_error,
5546 { "error", "ldap.error",
5547 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0,
5548 NULL, HFILL }},
5549 };
5550
5551 /* List of subtrees */
5552 static int *ett[] = {
5553 &ett_ldap,
5554 &ett_ldap_payload,
5555 &ett_ldap_sasl_blob,
5556 &ett_ldap_msg,
5557 &ett_mscldap_netlogon_flags,
5558 &ett_mscldap_ntver_flags,
5559 &ett_mscldap_ipdetails,
5560 &ett_ldap_DirSyncFlagsSubEntry,
5561
5562 &ett_ldap_LDAPMessage,
5563 &ett_ldap_ProtocolOp,
5564 &ett_ldap_AttributeDescriptionList,
5565 &ett_ldap_AttributeValueAssertion,
5566 &ett_ldap_Attribute,
5567 &ett_ldap_SET_OF_AttributeValue,
5568 &ett_ldap_LDAPResult,
5569 &ett_ldap_Referral,
5570 &ett_ldap_Controls,
5571 &ett_ldap_Control,
5572 &ett_ldap_BindRequest_U,
5573 &ett_ldap_AuthenticationChoice,
5574 &ett_ldap_SaslCredentials,
5575 &ett_ldap_BindResponse_U,
5576 &ett_ldap_SearchRequest_U,
5577 &ett_ldap_Filter,
5578 &ett_ldap_T_and,
5579 &ett_ldap_T_or,
5580 &ett_ldap_SubstringFilter,
5581 &ett_ldap_T_substringFilter_substrings,
5582 &ett_ldap_T_substringFilter_substrings_item,
5583 &ett_ldap_MatchingRuleAssertion,
5584 &ett_ldap_SearchResultEntry_U,
5585 &ett_ldap_PartialAttributeList,
5586 &ett_ldap_PartialAttributeList_item,
5587 &ett_ldap_SEQUENCE_OF_LDAPURL,
5588 &ett_ldap_ModifyRequest_U,
5589 &ett_ldap_ModifyRequest_modification,
5590 &ett_ldap_T_modifyRequest_modification_item,
5591 &ett_ldap_AttributeTypeAndValues,
5592 &ett_ldap_AddRequest_U,
5593 &ett_ldap_AttributeList,
5594 &ett_ldap_AttributeList_item,
5595 &ett_ldap_ModifyDNRequest_U,
5596 &ett_ldap_CompareRequest_U,
5597 &ett_ldap_ExtendedRequest_U,
5598 &ett_ldap_ExtendedResponse_U,
5599 &ett_ldap_IntermediateResponse_U,
5600 &ett_ldap_SearchControlValue,
5601 &ett_ldap_SortKeyList,
5602 &ett_ldap_SortKeyList_item,
5603 &ett_ldap_SortResult,
5604 &ett_ldap_DirSyncControlValue,
5605 &ett_ldap_PasswdModifyRequestValue,
5606 &ett_ldap_CancelRequestValue,
5607 &ett_ldap_SyncRequestValue,
5608 &ett_ldap_SyncStateValue,
5609 &ett_ldap_SyncDoneValue,
5610 &ett_ldap_SyncInfoValue,
5611 &ett_ldap_T_refreshDelete,
5612 &ett_ldap_T_refreshPresent,
5613 &ett_ldap_T_syncIdSet,
5614 &ett_ldap_SET_OF_SyncUUID,
5615 &ett_ldap_PasswordPolicyResponseValue,
5616 &ett_ldap_T_warning,
5617 };
5618 /* UAT for header fields */
5619 static uat_field_t custom_attribute_types_uat_fields[] = {
5620 UAT_FLD_CSTRING(attribute_types, attribute_type, "Attribute type", "Attribute type"),
5621 UAT_FLD_CSTRING(attribute_types, attribute_desc, "Description", "Description of the value matching type"),
5622 UAT_END_FIELDS
5623 };
5624
5625 static ei_register_info ei[] = {
5626 { &ei_ldap_exceeded_filter_length, { "ldap.exceeded_filter_length", PI_UNDECODED, PI_ERROR, "Filter length exceeds number. Giving up", EXPFILL }},
5627 { &ei_ldap_too_many_filter_elements, { "ldap.too_many_filter_elements", PI_UNDECODED, PI_ERROR, "Found too many filter elements. Giving up.", EXPFILL }},
5628 };
5629
5630 expert_module_t* expert_ldap;
5631 module_t *ldap_module;
5632 uat_t *attributes_uat;
5633
5634 /* Register protocol */
5635 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
5636 /* Register fields and subtrees */
5637 proto_register_field_array(proto_ldap, hf, array_length(hf));
5638 proto_register_subtree_array(ett, array_length(ett));
5639 expert_ldap = expert_register_protocol(proto_ldap);
5640 expert_register_field_array(expert_ldap, ei, array_length(ei));
5641
5642 ldap_handle = register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
5643
5644 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
5645 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
5646 "Reassemble LDAP messages spanning multiple TCP segments",
5647 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
5648 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5649 &ldap_desegment);
5650
5651 prefs_register_uint_preference(ldap_module, "tls.port", "LDAPS TCP Port",
5652 "Set the port for LDAP operations over TLS",
5653 10, &global_ldaps_tcp_port);
5654 prefs_register_obsolete_preference(ldap_module, "ssl.port");
5655 /* UAT */
5656 attributes_uat = uat_new("Custom LDAP AttributeValue types",
5657 sizeof(attribute_type_t),
5658 "custom_ldap_attribute_types",
5659 true,
5660 &attribute_types,
5661 &num_attribute_types,
5662 /* specifies named fields, so affects dissection
5663 and the set of named fields */
5664 UAT_AFFECTS_DISSECTION|UAT_AFFECTS_FIELDS,
5665 NULL,
5666 attribute_types_copy_cb,
5667 attribute_types_update_cb,
5668 attribute_types_free_cb,
5669 attribute_types_post_update_cb,
5670 attribute_types_reset_cb,
5671 custom_attribute_types_uat_fields);
5672
5673 prefs_register_uat_preference(ldap_module, "custom_ldap_attribute_types",
5674 "Custom AttributeValue types",
5675 "A table to define custom LDAP attribute type values for which fields can be setup and used for filtering/data extraction etc.",
5676 attributes_uat);
5677
5678 prefs_register_obsolete_preference(ldap_module, "max_pdu");
5679
5680 proto_cldap = proto_register_protocol("Connectionless Lightweight Directory Access Protocol", "CLDAP", "cldap");
5681 cldap_handle = register_dissector("cldap", dissect_mscldap, proto_cldap);
5682
5683 ldap_tap=register_tap("ldap");
5684
5685 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", proto_cldap, FT_STRING, STRING_CASE_INSENSITIVE);
5686
5687 register_srt_table(proto_ldap, NULL, 1, ldapstat_packet, ldapstat_init, NULL);
5688 }
5689
5690
5691 /*--- proto_reg_handoff_ldap ---------------------------------------*/
5692 void
5693 proto_reg_handoff_ldap(void)
5694 {
5695 dissector_add_uint_with_preference("udp.port", UDP_PORT_CLDAP, cldap_handle);
5696
5697 gssapi_handle = find_dissector_add_dependency("gssapi", proto_ldap);
5698 gssapi_wrap_handle = find_dissector_add_dependency("gssapi_verf", proto_ldap);
5699 spnego_handle = find_dissector_add_dependency("spnego", proto_ldap);
5700
5701 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_ldap);
5702
5703 tls_handle = find_dissector_add_dependency("tls", proto_ldap);
5704
5705 prefs_register_ldap();
5706
5707 oid_add_from_string("ISO assigned OIDs, USA", "1.2.840");
5708
5709 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
5710 /* https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c5e87db-4728-4f29-b164-01dd7d7391ea */
5711 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
5712 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
5713 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
5714 oid_add_from_string("LDAP_SERVER_RESP_SORT_OID","1.2.840.113556.1.4.474");
5715 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
5716 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
5717 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
5718 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
5719 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
5720 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
5721 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
5722 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
5723 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
5724 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802");
5725 oid_add_from_string("LDAP_MATCHING_RULE_BIT_AND", "1.2.840.113556.1.4.803");
5726 oid_add_from_string("LDAP_MATCHING_RULE_BIT_OR","1.2.840.113556.1.4.804");
5727 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
5728 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
5729 oid_add_from_string("LDAP_SERVER_GET_STATS_OID","1.2.840.113556.1.4.970");
5730 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
5731 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
5732 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
5733 oid_add_from_string("LDAP_SERVER_RODC_DCPROMO_OID","1.2.840.113556.1.4.1341");
5734 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
5735 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
5736 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
5737 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
5738 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
5739 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
5740 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
5741 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
5742 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
5743 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
5744 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852");
5745 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
5746 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_DIGEST_OID", "1.2.840.113556.1.4.1880");
5747 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907");
5748 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_PARTIAL_SECRETS_OID", "1.2.840.113556.1.4.1920");
5749 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V60_OID", "1.2.840.113556.1.4.1935");
5750 oid_add_from_string("LDAP_MATCHING_RULE_TRANSITIVE_EVAL", "1.2.840.113556.1.4.1941");
5751 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948");
5752 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
5753 oid_add_from_string("LDAP_SERVER_FORCE_UPDATE_OID","1.2.840.113556.1.4.1974");
5754 oid_add_from_string("LDAP_SERVER_DN_INPUT_OID","1.2.840.113556.1.4.2026");
5755 oid_add_from_string("LDAP_SERVER_SHOW_RECYCLED_OID","1.2.840.113556.1.4.2064");
5756 oid_add_from_string("LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID","1.2.840.113556.1.4.2065");
5757 oid_add_from_string("LDAP_SERVER_POLICY_HINTS_DEPRECATED_OID","1.2.840.113556.1.4.2066");
5758 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V61_R2_OID", "1.2.840.113556.1.4.2080");
5759 oid_add_from_string("LDAP_SERVER_DIRSYNC_EX_OID","1.2.840.113556.1.4.2090");
5760 oid_add_from_string("LDAP_SERVER_TREE_DELETE_EX_OID","1.2.840.113556.1.4.2204");
5761 oid_add_from_string("LDAP_SERVER_UPDATE_STATS_OID","1.2.840.113556.1.4.2205");
5762 oid_add_from_string("LDAP_SERVER_SEARCH_HINTS_OID","1.2.840.113556.1.4.2206");
5763 oid_add_from_string("LDAP_SERVER_EXPECTED_ENTRY_COUNT_OID","1.2.840.113556.1.4.2211");
5764 oid_add_from_string("LDAP_SERVER_BATCH_REQUEST_OID", "1.2.840.113556.1.4.2212");
5765 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_W8_OID", "1.2.840.113556.1.4.2237");
5766 oid_add_from_string("LDAP_SERVER_POLICY_HINTS_OID","1.2.840.113556.1.4.2239");
5767 oid_add_from_string("LDAP_MATCHING_RULE_DN_WITH_DATA", "1.2.840.113556.1.4.2253");
5768 oid_add_from_string("LDAP_SERVER_SET_OWNER_OID","1.2.840.113556.1.4.2255");
5769 oid_add_from_string("LDAP_SERVER_BYPASS_QUOTA_OID","1.2.840.113556.1.4.2256");
5770 oid_add_from_string("LDAP_SERVER_LINK_TTL_OID","1.2.840.113556.1.4.2309");
5771 oid_add_from_string("LDAP_SERVER_SET_CORRELATION_ID_OID","1.2.840.113556.1.4.2330");
5772 oid_add_from_string("LDAP_SERVER_THREAD_TRACE_OVERRIDE_OID","1.2.840.113556.1.4.2354");
5773
5774 /* RFC4532 */
5775 oid_add_from_string("LDAP_SERVER_WHO_AM_I_OID", "1.3.6.1.4.1.4203.1.11.3");
5776
5777 /* Mark Wahl (Critical Angle) */
5778 oid_add_from_string("DYNAMIC_REFRESH","1.3.6.1.4.1.1466.101.119.1");
5779 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
5780
5781 oid_add_from_string("inetOrgPerson", "2.16.840.1.113730.3.2.2");
5782 /* RFC2798 */
5783 oid_add_from_string("US company arc", "2.16.840.1");
5784
5785 /* http://www.alvestrand.no/objectid/2.16.840.1.113730.3.4.html */
5786 oid_add_from_string("Manage DSA IT LDAPv3 control", "2.16.840.1.113730.3.4.2");
5787 oid_add_from_string("Persistent Search LDAPv3 control", "2.16.840.1.113730.3.4.3");
5788 oid_add_from_string("Netscape Password Expired LDAPv3 control", "2.16.840.1.113730.3.4.4");
5789 oid_add_from_string("Netscape Password Expiring LDAPv3 control", "2.16.840.1.113730.3.4.5");
5790 oid_add_from_string("Netscape NT Synchronization Client LDAPv3 control", "2.16.840.1.113730.3.4.6");
5791 oid_add_from_string("Entry Change Notification LDAPv3 control", "2.16.840.1.113730.3.4.7");
5792 oid_add_from_string("Transaction ID Request Control", "2.16.840.1.113730.3.4.8");
5793 oid_add_from_string("VLV Request LDAPv3 control", "2.16.840.1.113730.3.4.9");
5794 oid_add_from_string("VLV Response LDAPv3 control", "2.16.840.1.113730.3.4.10");
5795 oid_add_from_string("Transaction ID Response Control", "2.16.840.1.113730.3.4.11");
5796 oid_add_from_string("Proxied Authorization (version 1) control", "2.16.840.1.113730.3.4.12");
5797 oid_add_from_string("iPlanet Directory Server Replication Update Information Control", "2.16.840.1.113730.3.4.13");
5798 oid_add_from_string("iPlanet Directory Server search on specific backend control", "2.16.840.1.113730.3.4.14");
5799 oid_add_from_string("Authentication Response Control", "2.16.840.1.113730.3.4.15");
5800 oid_add_from_string("Authentication Request Control", "2.16.840.1.113730.3.4.16");
5801 oid_add_from_string("Real Attributes Only Request Control", "2.16.840.1.113730.3.4.17");
5802 oid_add_from_string("Proxied Authorization (version 2) Control", "2.16.840.1.113730.3.4.18");
5803 oid_add_from_string("Chaining loop detection", "2.16.840.1.113730.3.4.19");
5804 oid_add_from_string("iPlanet Replication Modrdn Extra Mods Control", "2.16.840.1.113730.3.4.999");
5805
5806
5807 dissector_add_string("ldap.name", "netlogon", create_dissector_handle(dissect_NetLogon_PDU, proto_cldap));
5808 dissector_add_string("ldap.name", "objectGUID", create_dissector_handle(dissect_ldap_guid, proto_ldap));
5809 dissector_add_string("ldap.name", "supportedControl", create_dissector_handle(dissect_ldap_oid, proto_ldap));
5810 dissector_add_string("ldap.name", "supportedCapabilities", create_dissector_handle(dissect_ldap_oid, proto_ldap));
5811 dissector_add_string("ldap.name", "objectSid", create_dissector_handle(dissect_ldap_sid, proto_ldap));
5812 dissector_add_string("ldap.name", "nTSecurityDescriptor", create_dissector_handle(dissect_ldap_nt_sec_desc, proto_ldap));
5813
5814 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "LDAP_PAGED_RESULT_OID_STRING");
5815 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "LDAP_SERVER_SORT_OID");
5816 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "LDAP_SERVER_RESP_SORT_OID");
5817 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "LDAP_SERVER_DIRSYNC_OID");
5818 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
5819 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
5820 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
5821 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
5822 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
5823 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
5824 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
5825
5826
5827 dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle);
5828
5829 dissector_add_uint("acdr.tls_application_port", 636, ldap_handle);
5830 dissector_add_uint("acdr.tls_application", TLS_APP_LDAP, ldap_handle);
5831 }
5832
5833 static void
5834 prefs_register_ldap(void)
5835 {
5836 if(ssl_port != global_ldaps_tcp_port) {
5837 if(ssl_port)
5838 ssl_dissector_delete(ssl_port, ldap_handle);
5839
5840 /* Set our port number for future use */
5841 ssl_port = global_ldaps_tcp_port;
5842
5843 if(ssl_port)
5844 ssl_dissector_add(ssl_port, ldap_handle);
5845 }
5846
5847 }
5848
5849 /*
5850 * Editor modelines - https://www.wireshark.org/tools/modelines.html
5851 *
5852 * Local Variables:
5853 * c-basic-offset: 2
5854 * tab-width: 8
5855 * indent-tabs-mode: nil
5856 * End:
5857 *
5858 * vi: set shiftwidth=2 tabstop=8 expandtab:
5859 * :indentSize=2:tabSize=8:noTabs=true:
5860 */
Metzes wireshark repo