2 # LDAP conformation file
3 # Copyright 2005 Anders Broman
7 PasswdModifyResponseValue
13 BindResponse/_untag/resultCode BindResponse_resultCode
14 ExtendedResponse/_untag/resultCode ExtendedResponse_resultCode
15 ModifyRequest/_untag/modification ModifyRequest_modification
18 BindResponse/_untag/resultCode bindResponse_resultCode
19 ExtendedResponse/_untag/resultCode extendedResponse_resultCode
20 SearchRequest/_untag/attributes searchRequest_attributes
21 SearchResultEntry/_untag/attributes searchResultEntry_attributes
22 ModifyRequest/_untag/modification modifyRequest_modification
23 SubstringFilter/substrings substringFilter_substrings
24 BindResponse/_untag/matchedDN bindResponse_matchedDN
25 IntermediateResponse/_untag/responseValue intermediateResponse_responseValue
28 LDAPString TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
29 LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
30 LDAPOID TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
31 Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
32 AssertionValue TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
33 DirSyncFlags TYPE = FT_UINT32 DISPLAY = BASE_HEX STRINGS = NULL
36 SearchControlValue B "1.2.840.113556.1.4.319" "pagedResultsControl"
37 SortKeyList B "1.2.840.113556.1.4.473" "sortKeyList"
38 SortResult B "1.2.840.113556.1.4.474" "sortResult"
39 DirSyncControlValue B "1.2.840.113556.1.4.841" "dirsync"
41 PasswdModifyRequestValue B "1.3.6.1.4.1.4203.1.11.1" "passwdModifyOID"
43 CancelRequestValue B "1.3.6.1.1.8" "cancelRequestOID"
45 SyncRequestValue B "1.3.6.1.4.1.4203.1.9.1.1" "syncRequestOID"
46 SyncStateValue B "1.3.6.1.4.1.4203.1.9.1.2" "syncStateOID"
47 SyncDoneValue B "1.3.6.1.4.1.4203.1.9.1.3" "syncDoneOID"
48 SyncInfoValue B "1.3.6.1.4.1.4203.1.9.1.4" "syncInfoOID"
49 # Draft RFC - Password Policy for LDAP Directories
50 PasswordPolicyResponseValue B "1.3.6.1.4.1.42.2.27.8.5.1" "passwordPolicy"
53 PROTO_ITEM_SET_URL(actx->created_item);
57 tvbuff_t *parameter_tvb;
59 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
61 #.FN_PARS LDAPOID VAL_PTR = ¶meter_tvb
65 object_identifier_id = NULL;
70 object_identifier_id = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
71 name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
74 proto_item_append_text(actx->created_item, " (%s)", name);
76 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
77 ldap_do_protocolop(actx->pinfo);
78 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
82 /* Has the client requested the Start TLS operation? */
83 if (ldap_info && hf_index == hf_ldap_requestName &&
84 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
85 /* remember we have asked to start_tls */
86 ldap_info->start_tls_pending = TRUE;
89 #.FN_BODY MessageID VAL_PTR = &MessageID
95 #.FN_PARS ProtocolOp VAL_PTR = &ProtocolOp
99 ldap_call_response_t *lcrp;
100 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
101 do_protocolop = TRUE;
105 if (ProtocolOp == -1) {
109 /* ProtocolOp is the index, not the tag so convert it to the tag value */
110 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
112 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info);
114 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
117 /* XXX: the count will not work if the results span multiple TCP packets */
119 if(ldap_info && tree) { /* only count once - on tree pass */
122 case LDAP_RES_SEARCH_ENTRY:
123 ldap_info->num_results++;
125 proto_item_append_text(tree, " [%d result%s]",
126 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
130 case LDAP_RES_SEARCH_RESULT:
132 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
133 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
135 proto_item_append_text(tree, " [%d result%s]",
136 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
138 ldap_info->num_results = 0;
147 ldap_conv_info_t *ldap_info;
151 ldap_info = (ldap_conv_info_t *)actx->private_data;
152 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
154 #.FN_BODY Mechanism VAL_PTR = ¶meter_tvb
156 ldap_conv_info_t *ldap_info;
157 tvbuff_t *parameter_tvb;
158 char *mechanism = NULL;
160 ldap_info = (ldap_conv_info_t *)actx->private_data;
161 ldap_info->auth_type = LDAP_AUTH_SASL;
167 * We need to remember the authentication type and mechanism for this
170 * XXX - actually, we might need to remember more than one
171 * type and mechanism, if you can unbind and rebind with a
172 * different type and/or mechanism.
174 if(!actx->pinfo->fd->flags.visited) {
175 mechanism = tvb_get_string_enc(NULL, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
176 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
178 * If the mechanism in this request is an empty string (which is
179 * returned as a null pointer), use the saved mechanism instead.
180 * Otherwise, if the saved mechanism is an empty string (null),
181 * save this mechanism.
183 if (mechanism != NULL) {
184 g_free(ldap_info->auth_mech);
185 ldap_info->auth_mech = mechanism;
188 #.FN_BODY Credentials VAL_PTR = ¶meter_tvb
190 tvbuff_t *parameter_tvb;
191 ldap_conv_info_t *ldap_info;
201 ldap_info = (ldap_conv_info_t *)actx->private_data;
202 get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
204 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
205 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
207 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
208 * We need to check the first byte to check whether the blob
209 * contains SPNEGO or GSSAPI.
210 * All SPNEGO PDUs are of class CONSTRUCTED while
211 * GSS PDUs are class APPLICATION
213 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
214 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
216 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
217 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
219 * This is a raw GSS-API token.
221 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) {
222 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
225 /* Restore private data */
226 actx->private_data = ldap_info;
229 #.FN_BODY ServerSaslCreds VAL_PTR = ¶meter_tvb
231 tvbuff_t *parameter_tvb = NULL;
232 ldap_conv_info_t *ldap_info;
237 ldap_info = (ldap_conv_info_t *)actx->private_data;
238 switch (ldap_info->auth_type) {
240 /* For Kerberos V4, dissect it as a ticket. */
241 /* XXX - what about LDAP_AUTH_SIMPLE? */
245 * All frames after this are assumed to use a security layer.
247 * XXX - won't work if there's another reply, with the security
248 * layer, starting in the same TCP segment that ends this
249 * reply, but as LDAP is a request/response protocol, and
250 * as the client probably can't start using authentication until
251 * it gets the bind reply and the server won't send a reply until
252 * it gets a request, that probably won't happen.
254 * XXX - that assumption is invalid; it's not clear where the
255 * hell you find out whether there's any security layer. In
256 * one capture, we have two GSS-SPNEGO negotiations, both of
257 * which select MS KRB5, and the only differences in the tokens
258 * is in the RC4-HMAC ciphertext. The various
259 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
260 * that the RFC 2222 spoo with the bitmask and maximum
261 * output message size stuff is done - but where does that
262 * stuff show up? Is it in the ciphertext, which means it's
263 * presumably encrypted?
265 * Grrr. We have to do a gross heuristic, checking whether the
266 * putative LDAP message begins with 0x00 or not, making the
267 * assumption that we won't have more than 2^24 bytes of
268 * encapsulated stuff.
270 ldap_info->first_auth_frame = actx->pinfo->fd->num + 1;
271 if (ldap_info->auth_mech != NULL &&
272 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
273 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
274 * which might not be wrapped in GSS-SPNEGO but be a raw
277 if ( (tvb_reported_length(parameter_tvb)>=7)
278 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
279 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
283 * This is a GSS-API token.
285 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
286 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
287 } else if (ldap_info->auth_mech != NULL &&
288 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
290 * This is a GSS-API token.
292 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
293 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
297 actx->private_data = ldap_info;
299 #.FN_BODY LDAPString VAL_PTR = ¶meter_tvb
300 tvbuff_t *parameter_tvb = NULL;
301 const char *ldapstring = NULL;
302 gchar *sc = NULL; /* semi-colon pointer */
306 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
308 ldap_do_protocolop(actx->pinfo);
311 ldapstring = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
313 if(hf_index == hf_ldap_baseObject) {
314 /* this is search - put it on the scanline */
315 if(!ldapstring || !*ldapstring)
316 ldapstring = "<ROOT>";
318 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring);
321 proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
326 proto_item_append_text(actx->created_item, " (%%s)", ldapstring);
329 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
330 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%%s) ", ldapstring);
333 proto_item_append_text(ldm_tree, " (%%s)", ldapstring);
335 } else if ((hf_index == hf_ldap_objectName) ||
336 (hf_index == hf_ldap_name) ||
337 (hf_index == hf_ldap_entry) ||
338 (hf_index == hf_ldap_object) ||
339 (hf_index == hf_ldap_delRequest) ) {
341 if(!ldapstring || !*ldapstring)
342 ldapstring = "<ROOT>";
344 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring);
347 proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
348 } else if (hf_index == hf_ldap_attributeDesc){
349 /* remember the attribute description */
350 attributedesc_string=ldapstring;
351 } else if (hf_index == hf_ldap_initial){
352 /* remember the substring item */
353 substring_item_init=ldapstring;
354 } else if (hf_index == hf_ldap_any){
355 /* remember the substring item */
356 substring_item_any=ldapstring;
357 } else if (hf_index == hf_ldap_final){
358 /* remember the substring item */
359 substring_item_final=ldapstring;
360 } else if (hf_index == hf_ldap_matchingRule){
361 /* remember the matching rule */
362 matching_rule_string=ldapstring;
363 } else if (hf_index == hf_ldap_present){
364 /* remember the present name */
365 Filter_string=ldapstring;
366 } else if (hf_index == hf_ldap_type) {
367 /* remember attribute type name */
368 attr_type = wmem_strdup(wmem_packet_scope(), ldapstring);
370 /* append it to the parent entry */
371 proto_item_append_text(tree, " %%s", attr_type);
373 /* remove the ";binary" component if present */
374 if((sc = strchr(attr_type, ';')) != NULL) {
375 if(!strcmp(sc, ";binary")) {
376 *sc = '\0'; /* terminate the string */
377 is_binary_attr_type = TRUE;
380 is_binary_attr_type = FALSE;
387 #.FN_BODY SearchRequest/_untag/scope VAL_PTR = &scope
389 guint32 scope = 0xffff;
394 ldap_do_protocolop(actx->pinfo);
396 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%%u)");
398 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
401 proto_item_append_text(ldm_tree, " %%s", valstr);
403 #.FN_BODY LDAPResult/resultCode VAL_PTR = &result
409 ldap_do_protocolop(actx->pinfo);
411 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)");
413 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
416 proto_item_append_text(ldm_tree, " %%s", valstr);
419 #.FN_BODY BindResponse/_untag/resultCode VAL_PTR = &result
425 ldap_do_protocolop(actx->pinfo);
427 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)");
429 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
432 proto_item_append_text(ldm_tree, " %%s", valstr);
434 #.FN_BODY ExtendedResponse/_untag/resultCode
436 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
438 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
440 /* If Start TLS request was sent and resultCode is success... */
441 if (ldap_info && ldap_info->start_tls_pending &&
442 hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) {
443 /* The conversation will continue using SSL */
444 ssl_starttls_ack(find_dissector("ssl"), actx->pinfo, ldap_handle);
445 ldap_info->start_tls_pending = FALSE;
449 #.FN_BODY AttributeValue
451 tvbuff_t *next_tvb = NULL;
454 int old_offset = offset;
457 /* attr_type, should be set before calling this function */
459 /* extract the value of the octetstring */
460 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
462 /* first check if we have a custom attribute type configured */
463 if ((hf_id = get_hf_for_header (attr_type)) != NULL)
464 proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
466 /* if we have an attribute type that isn't binary see if there is a better dissector */
467 else if(!attr_type || !next_tvb || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, NULL)) {
470 /* do the default thing */
473 len = tvb_reported_length_remaining(next_tvb, 0);
475 for(i = 0; i < len; i++)
476 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
480 string = tvb_get_string_enc(wmem_packet_scope(), next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_ASCII|ENC_NA);
481 proto_item_set_text(actx->created_item, "AttributeValue: %%s", string);
485 #.FN_BODY AuthenticationChoice VAL_PTR = &branch
492 ldap_do_protocolop(actx->pinfo);
494 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
495 auth = AuthenticationChoice_choice[branch].value;
497 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%%u)");
499 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
500 if ((auth != 10) && (auth != 11))
501 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
504 proto_item_append_text(ldm_tree, " %%s", valstr);
507 #.FN_BODY UnbindRequest
509 implicit_tag = TRUE; /* correct problem with asn2wrs */
513 ldap_do_protocolop(actx->pinfo);
519 #.FN_HDR SearchRequest/_untag/filter
524 #.FN_FTR SearchRequest/_untag/filter
526 and_filter_string=NULL;
530 #.FN_FTR Filter/equalityMatch
531 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
532 string_or_null(attributedesc_string),
533 string_or_null(ldapvalue_string));
536 #.FN_FTR Filter/greaterOrEqual
537 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s>=%s)",
538 string_or_null(attributedesc_string),
539 string_or_null(ldapvalue_string));
542 #.FN_FTR Filter/lessOrEqual
543 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s<=%s)",
544 string_or_null(attributedesc_string),
545 string_or_null(ldapvalue_string));
548 #.FN_FTR Filter/approxMatch
549 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s~=%s)",
550 string_or_null(attributedesc_string),
551 string_or_null(ldapvalue_string));
553 #.FN_FTR Filter/and/_item
554 if(and_filter_string){
555 and_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(&%s%s)",and_filter_string,Filter_string);
557 and_filter_string=Filter_string;
563 const char *old_and_filter_string=and_filter_string;
565 and_filter_string=NULL;
567 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
572 if(and_filter_string) {
573 proto_item_append_text(it, "%%s", and_filter_string);
574 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%%s",and_filter_string);
576 and_filter_string=old_and_filter_string;
578 #.FN_FTR Filter/or/_item
579 if(or_filter_string){
580 or_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(|%s%s)",or_filter_string,Filter_string);
582 or_filter_string=Filter_string;
589 const char *old_or_filter_string=or_filter_string;
591 or_filter_string=NULL;
592 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
596 if(or_filter_string) {
597 proto_item_append_text(it, "%%s", or_filter_string);
598 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%%s",or_filter_string);
600 or_filter_string=old_or_filter_string;
602 #.FN_FTR Filter/present
603 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=*)",string_or_null(Filter_string));
606 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(!%s)",string_or_null(Filter_string));
608 #.FN_BODY MatchingRuleAssertion/dnAttributes
611 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
614 matching_rule_dnattr = val;
617 #.FN_HDR Filter/extensibleMatch
619 matching_rule_string=NULL;
620 ldapvalue_string=NULL;
621 matching_rule_dnattr=FALSE;
623 #.FN_FTR Filter/extensibleMatch
624 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s:%s%s%s=%s)",
625 (attr_type?attr_type:""),
626 (matching_rule_dnattr?"dn:":""),
627 (matching_rule_string?matching_rule_string:""),
628 (matching_rule_string?":":""),
629 string_or_null(ldapvalue_string));
631 #.FN_FTR SubstringFilter/substrings/_item
632 if (substring_item_final) {
633 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s",
634 (substring_value?substring_value:"*"),
635 substring_item_final);
636 } else if (substring_item_any) {
637 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s*",
638 (substring_value?substring_value:"*"),
640 } else if (substring_item_init) {
641 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s*",
642 substring_item_init);
645 #.FN_BODY SubstringFilter
648 const char *old_substring_value=substring_value;
651 substring_value=NULL;
652 substring_item_init=NULL;
653 substring_item_any=NULL;
654 substring_item_final=NULL;
656 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
660 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%%s=%%s)",
661 string_or_null(attr_type),
662 string_or_null(substring_value));
663 proto_item_append_text(it, "%%s", Filter_string);
664 substring_value=old_substring_value;
669 attributedesc_string=NULL;
671 if (Filter_length++ > MAX_FILTER_LEN) {
672 expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %%u. Giving up.", MAX_FILTER_LEN);
673 THROW(ReportedBoundsError);
676 if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
677 expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %%u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
678 THROW(ReportedBoundsError);
681 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
686 proto_item_append_text(it, "%%s", string_or_null(Filter_string));
688 #.FN_BODY AuthenticationChoice/ntlmsspNegotiate
689 /* make sure the protocol op comes first */
690 ldap_do_protocolop(actx->pinfo);
692 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
693 offset+=tvb_reported_length_remaining(tvb, offset);
695 #.FN_BODY AuthenticationChoice/ntlmsspAuth
696 /* make sure the protocol op comes first */
697 ldap_do_protocolop(actx->pinfo);
699 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
700 offset+=tvb_reported_length_remaining(tvb, offset);
702 #.FN_BODY BindResponse/_untag/matchedDN
703 tvbuff_t *new_tvb=NULL;
705 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
708 && (tvb_reported_length(new_tvb)>=7)
709 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
711 /* make sure the protocol op comes first */
712 ldap_do_protocolop(actx->pinfo);
714 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
718 #.FN_BODY Control/controlValue
724 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
725 /* remove the OCTET STRING encoding */
726 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
727 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
729 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
737 #.FN_BODY ExtendedRequest/_untag/requestValue
739 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
740 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
745 #.FN_HDR IntermediateResponse/_untag/responseValue
749 #.FN_BODY IntermediateResponse/_untag/responseValue
750 if(ldm_tree && object_identifier_id) {
751 proto_item_set_text(ldm_tree, "%%s %%s", "IntermediateResponse", object_identifier_id);
752 name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
754 proto_item_append_text(ldm_tree, " (%%s)", name);
756 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
757 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
762 #.FN_BODY DirSyncFlags
768 header_field_info *hfinfo;
770 int otheroffset = offset;
772 dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
773 otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
775 gint32 remaining=tvb_reported_length_remaining(tvb, offset);
776 len=remaining>0 ? remaining : 0;
779 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
781 hfinfo = proto_registrar_get_nth(hf_index);
785 subtree = proto_tree_add_subtree_format(tree, tvb, otheroffset+1, len,
786 ett_ldap_DirSyncFlagsSubEntry, NULL, "%s: 0x%08x", hfinfo->name, val);
789 proto_tree_add_boolean(subtree, hf_ldap_object_security_flag, tvb, otheroffset+1, len, TRUE);
792 proto_tree_add_boolean(subtree, hf_ldap_ancestor_first_flag, tvb, otheroffset+1, len, TRUE);
795 proto_tree_add_boolean(subtree, hf_ldap_public_data_only_flag, tvb, otheroffset+1, len, TRUE);
797 if (val & 0x80000000) {
798 proto_tree_add_boolean(subtree, hf_ldap_incremental_value_flag, tvb, otheroffset+1, len, TRUE);
801 proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
804 #.FN_BODY SearchResultReference
808 ldap_do_protocolop(actx->pinfo);
811 #.FN_BODY AbandonRequest
815 ldap_do_protocolop(actx->pinfo);