1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
4 /* asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../.. Lightweight-Directory-Access-Protocol-V3.asn */
6 /* Input file: packet-ldap-template.c */
8 #line 1 "./asn1/ldap/packet-ldap-template.c"
9 /* packet-ldap-template.c
10 * Routines for ldap packet dissection
12 * See RFC 1777 (LDtAP v2), RFC 4511 (LDAP v3), and RFC 2222 (SASL).
14 * Wireshark - Network traffic analyzer
15 * By Gerald Combs <gerald@wireshark.org>
16 * Copyright 1998 Gerald Combs
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version 2
21 * of the License, or (at your option) any later version.
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with this program; if not, write to the Free Software
30 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
35 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
36 * It's also missing extensible search filters.
38 * There should probably be a lot more error checking, I simply assume that if we have a full packet, it will be a complete
41 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
42 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
46 * nazard@dragoninc.on.ca
50 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
51 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
55 * ronald.henderson@cognicaseusa.com
59 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
60 * using information from the SNIA 2003 conference paper :
61 * Active Directory Domain Controller Location Service
67 * 17-DEC-2004 - added basic decoding for LDAP Controls
68 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
70 * Stefan Metzmacher <metze@samba.org>
72 * 15-NOV-2005 - Changed to use the asn2wrs compiler
73 * Anders Broman <anders.broman@ericsson.com>
77 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
78 * Updated cldap_netlogon_flags to include Windows 2008 flags
79 * Expanded the ntver ldap option with bit field
81 * Gary Reynolds <gazzadownunder@yahoo.co.uk>
85 * 09-DEC-2009 - Added support for RFC4533
86 * Content Synchronization Operation (aka syncrepl)
87 * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511)
88 * Mathieu Parent <math.parent@gmail.com>
93 #include <epan/packet.h>
94 #include <epan/exceptions.h>
95 #include <epan/conversation.h>
96 #include <epan/prefs.h>
98 #include <epan/srt_table.h>
99 #include <epan/oids.h>
100 #include <epan/strutil.h>
101 #include <epan/show_exception.h>
102 #include <epan/asn1.h>
103 #include <epan/expert.h>
104 #include <epan/uat.h>
105 #include <wsutil/str_util.h>
106 #include "packet-frame.h"
107 #include "packet-tcp.h"
108 #include "packet-windows-common.h"
109 #include "packet-dcerpc.h"
111 #include "packet-ldap.h"
112 #include "packet-ntlmssp.h"
113 #include "packet-ssl.h"
114 #include "packet-ssl-utils.h"
115 #include "packet-smb-common.h"
116 #include "packet-gssapi.h"
118 #include "packet-ber.h"
119 #include "packet-per.h"
120 #include "packet-dns.h"
122 #define PNAME "Lightweight Directory Access Protocol"
123 #define PSNAME "LDAP"
124 #define PFNAME "ldap"
126 void proto_register_ldap(void);
127 void proto_reg_handoff_ldap(void);
129 /* Initialize the protocol and registered fields */
130 static int ldap_tap = -1;
131 static int proto_ldap = -1;
132 static int proto_cldap = -1;
134 static int hf_ldap_sasl_buffer_length = -1;
135 static int hf_ldap_response_in = -1;
136 static int hf_ldap_response_to = -1;
137 static int hf_ldap_time = -1;
138 static int hf_ldap_guid = -1;
140 static int hf_mscldap_ntver_flags = -1;
141 static int hf_mscldap_ntver_flags_v1 = -1;
142 static int hf_mscldap_ntver_flags_v5 = -1;
143 static int hf_mscldap_ntver_flags_v5ex = -1;
144 static int hf_mscldap_ntver_flags_v5ep = -1;
145 static int hf_mscldap_ntver_flags_vcs = -1;
146 static int hf_mscldap_ntver_flags_vnt4 = -1;
147 static int hf_mscldap_ntver_flags_vpdc = -1;
148 static int hf_mscldap_ntver_flags_vip = -1;
149 static int hf_mscldap_ntver_flags_vl = -1;
150 static int hf_mscldap_ntver_flags_vgc = -1;
152 static int hf_mscldap_netlogon_ipaddress_family = -1;
153 static int hf_mscldap_netlogon_ipaddress_port = -1;
154 static int hf_mscldap_netlogon_ipaddress = -1;
155 static int hf_mscldap_netlogon_ipaddress_ipv4 = -1;
156 static int hf_mscldap_netlogon_opcode = -1;
157 static int hf_mscldap_netlogon_flags = -1;
158 static int hf_mscldap_netlogon_flags_pdc = -1;
159 static int hf_mscldap_netlogon_flags_gc = -1;
160 static int hf_mscldap_netlogon_flags_ldap = -1;
161 static int hf_mscldap_netlogon_flags_ds = -1;
162 static int hf_mscldap_netlogon_flags_kdc = -1;
163 static int hf_mscldap_netlogon_flags_timeserv = -1;
164 static int hf_mscldap_netlogon_flags_closest = -1;
165 static int hf_mscldap_netlogon_flags_writable = -1;
166 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
167 static int hf_mscldap_netlogon_flags_ndnc = -1;
168 static int hf_mscldap_netlogon_flags_fnc = -1;
169 static int hf_mscldap_netlogon_flags_dnc = -1;
170 static int hf_mscldap_netlogon_flags_dns = -1;
171 static int hf_mscldap_netlogon_flags_wdc = -1;
172 static int hf_mscldap_netlogon_flags_rodc = -1;
173 static int hf_mscldap_domain_guid = -1;
174 static int hf_mscldap_forest = -1;
175 static int hf_mscldap_domain = -1;
176 static int hf_mscldap_hostname = -1;
177 static int hf_mscldap_nb_domain = -1;
178 static int hf_mscldap_nb_hostname = -1;
179 static int hf_mscldap_username = -1;
180 static int hf_mscldap_sitename = -1;
181 static int hf_mscldap_clientsitename = -1;
182 static int hf_mscldap_netlogon_lm_token = -1;
183 static int hf_mscldap_netlogon_nt_token = -1;
184 static int hf_ldap_sid = -1;
185 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
186 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
187 static int hf_ldap_AccessMask_ADS_LIST = -1;
188 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
189 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
190 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
191 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
192 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
193 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
194 static int hf_ldap_LDAPMessage_PDU = -1;
195 static int hf_ldap_object_security_flag = -1;
196 static int hf_ldap_ancestor_first_flag = -1;
197 static int hf_ldap_public_data_only_flag = -1;
198 static int hf_ldap_incremental_value_flag = -1;
199 static int hf_ldap_oid = -1;
200 static int hf_ldap_gssapi_encrypted_payload = -1;
203 /*--- Included file: packet-ldap-hf.c ---*/
204 #line 1 "./asn1/ldap/packet-ldap-hf.c"
205 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
206 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
207 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
208 static int hf_ldap_DirSyncControlValue_PDU = -1; /* DirSyncControlValue */
209 static int hf_ldap_PasswdModifyRequestValue_PDU = -1; /* PasswdModifyRequestValue */
210 static int hf_ldap_CancelRequestValue_PDU = -1; /* CancelRequestValue */
211 static int hf_ldap_SyncRequestValue_PDU = -1; /* SyncRequestValue */
212 static int hf_ldap_SyncStateValue_PDU = -1; /* SyncStateValue */
213 static int hf_ldap_SyncDoneValue_PDU = -1; /* SyncDoneValue */
214 static int hf_ldap_SyncInfoValue_PDU = -1; /* SyncInfoValue */
215 static int hf_ldap_PasswordPolicyResponseValue_PDU = -1; /* PasswordPolicyResponseValue */
216 static int hf_ldap_messageID = -1; /* MessageID */
217 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
218 static int hf_ldap_controls = -1; /* Controls */
219 static int hf_ldap_bindRequest = -1; /* BindRequest */
220 static int hf_ldap_bindResponse = -1; /* BindResponse */
221 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
222 static int hf_ldap_searchRequest = -1; /* SearchRequest */
223 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
224 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
225 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
226 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
227 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
228 static int hf_ldap_addRequest = -1; /* AddRequest */
229 static int hf_ldap_addResponse = -1; /* AddResponse */
230 static int hf_ldap_delRequest = -1; /* DelRequest */
231 static int hf_ldap_delResponse = -1; /* DelResponse */
232 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
233 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
234 static int hf_ldap_compareRequest = -1; /* CompareRequest */
235 static int hf_ldap_compareResponse = -1; /* CompareResponse */
236 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
237 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
238 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
239 static int hf_ldap_intermediateResponse = -1; /* IntermediateResponse */
240 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
241 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
242 static int hf_ldap_assertionValue = -1; /* AssertionValue */
243 static int hf_ldap_type = -1; /* AttributeDescription */
244 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
245 static int hf_ldap_vals_item = -1; /* AttributeValue */
246 static int hf_ldap_resultCode = -1; /* T_resultCode */
247 static int hf_ldap_matchedDN = -1; /* LDAPDN */
248 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
249 static int hf_ldap_referral = -1; /* Referral */
250 static int hf_ldap_Referral_item = -1; /* LDAPURL */
251 static int hf_ldap_Controls_item = -1; /* Control */
252 static int hf_ldap_controlType = -1; /* ControlType */
253 static int hf_ldap_criticality = -1; /* BOOLEAN */
254 static int hf_ldap_controlValue = -1; /* T_controlValue */
255 static int hf_ldap_version = -1; /* INTEGER_1_127 */
256 static int hf_ldap_name = -1; /* LDAPDN */
257 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
258 static int hf_ldap_simple = -1; /* Simple */
259 static int hf_ldap_sasl = -1; /* SaslCredentials */
260 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
261 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
262 static int hf_ldap_mechanism = -1; /* Mechanism */
263 static int hf_ldap_credentials = -1; /* Credentials */
264 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
265 static int hf_ldap_bindResponse_matchedDN = -1; /* T_bindResponse_matchedDN */
266 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
267 static int hf_ldap_baseObject = -1; /* LDAPDN */
268 static int hf_ldap_scope = -1; /* T_scope */
269 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
270 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
271 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
272 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
273 static int hf_ldap_filter = -1; /* T_filter */
274 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
275 static int hf_ldap_and = -1; /* T_and */
276 static int hf_ldap_and_item = -1; /* T_and_item */
277 static int hf_ldap_or = -1; /* T_or */
278 static int hf_ldap_or_item = -1; /* T_or_item */
279 static int hf_ldap_not = -1; /* T_not */
280 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
281 static int hf_ldap_substrings = -1; /* SubstringFilter */
282 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
283 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
284 static int hf_ldap_present = -1; /* T_present */
285 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
286 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
287 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
288 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
289 static int hf_ldap_initial = -1; /* LDAPString */
290 static int hf_ldap_any = -1; /* LDAPString */
291 static int hf_ldap_final = -1; /* LDAPString */
292 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
293 static int hf_ldap_matchValue = -1; /* AssertionValue */
294 static int hf_ldap_dnAttributes = -1; /* T_dnAttributes */
295 static int hf_ldap_objectName = -1; /* LDAPDN */
296 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
297 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
298 static int hf_ldap__untag_item = -1; /* LDAPURL */
299 static int hf_ldap_object = -1; /* LDAPDN */
300 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
301 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
302 static int hf_ldap_operation = -1; /* T_operation */
303 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
304 static int hf_ldap_entry = -1; /* LDAPDN */
305 static int hf_ldap_attributes = -1; /* AttributeList */
306 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
307 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
308 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
309 static int hf_ldap_newSuperior = -1; /* LDAPDN */
310 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
311 static int hf_ldap_requestName = -1; /* LDAPOID */
312 static int hf_ldap_requestValue = -1; /* T_requestValue */
313 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
314 static int hf_ldap_responseName = -1; /* ResponseName */
315 static int hf_ldap_response = -1; /* OCTET_STRING */
316 static int hf_ldap_intermediateResponse_responseValue = -1; /* T_intermediateResponse_responseValue */
317 static int hf_ldap_size = -1; /* INTEGER */
318 static int hf_ldap_cookie = -1; /* OCTET_STRING */
319 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
320 static int hf_ldap_attributeType = -1; /* AttributeDescription */
321 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
322 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
323 static int hf_ldap_sortResult = -1; /* T_sortResult */
324 static int hf_ldap_flags = -1; /* DirSyncFlags */
325 static int hf_ldap_maxBytes = -1; /* INTEGER */
326 static int hf_ldap_userIdentity = -1; /* OCTET_STRING */
327 static int hf_ldap_oldPasswd = -1; /* OCTET_STRING */
328 static int hf_ldap_newPasswd = -1; /* OCTET_STRING */
329 static int hf_ldap_cancelID = -1; /* MessageID */
330 static int hf_ldap_mode = -1; /* T_mode */
331 static int hf_ldap_reloadHint = -1; /* BOOLEAN */
332 static int hf_ldap_state = -1; /* T_state */
333 static int hf_ldap_entryUUID = -1; /* SyncUUID */
334 static int hf_ldap_refreshDeletes = -1; /* BOOLEAN */
335 static int hf_ldap_newcookie = -1; /* OCTET_STRING */
336 static int hf_ldap_refreshDelete = -1; /* T_refreshDelete */
337 static int hf_ldap_refreshDone = -1; /* BOOLEAN */
338 static int hf_ldap_refreshPresent = -1; /* T_refreshPresent */
339 static int hf_ldap_syncIdSet = -1; /* T_syncIdSet */
340 static int hf_ldap_syncUUIDs = -1; /* SET_OF_SyncUUID */
341 static int hf_ldap_syncUUIDs_item = -1; /* SyncUUID */
342 static int hf_ldap_warning = -1; /* T_warning */
343 static int hf_ldap_timeBeforeExpiration = -1; /* INTEGER_0_maxInt */
344 static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
345 static int hf_ldap_error = -1; /* T_error */
347 /*--- End of included file: packet-ldap-hf.c ---*/
348 #line 195 "./asn1/ldap/packet-ldap-template.c"
350 /* Initialize the subtree pointers */
351 static gint ett_ldap = -1;
352 static gint ett_ldap_msg = -1;
353 static gint ett_ldap_sasl_blob = -1;
354 static gint ett_ldap_payload = -1;
355 static gint ett_mscldap_netlogon_flags = -1;
356 static gint ett_mscldap_ntver_flags = -1;
357 static gint ett_mscldap_ipdetails = -1;
358 static gint ett_ldap_DirSyncFlagsSubEntry = -1;
361 /*--- Included file: packet-ldap-ett.c ---*/
362 #line 1 "./asn1/ldap/packet-ldap-ett.c"
363 static gint ett_ldap_LDAPMessage = -1;
364 static gint ett_ldap_ProtocolOp = -1;
365 static gint ett_ldap_AttributeDescriptionList = -1;
366 static gint ett_ldap_AttributeValueAssertion = -1;
367 static gint ett_ldap_Attribute = -1;
368 static gint ett_ldap_SET_OF_AttributeValue = -1;
369 static gint ett_ldap_LDAPResult = -1;
370 static gint ett_ldap_Referral = -1;
371 static gint ett_ldap_Controls = -1;
372 static gint ett_ldap_Control = -1;
373 static gint ett_ldap_BindRequest_U = -1;
374 static gint ett_ldap_AuthenticationChoice = -1;
375 static gint ett_ldap_SaslCredentials = -1;
376 static gint ett_ldap_BindResponse_U = -1;
377 static gint ett_ldap_SearchRequest_U = -1;
378 static gint ett_ldap_Filter = -1;
379 static gint ett_ldap_T_and = -1;
380 static gint ett_ldap_T_or = -1;
381 static gint ett_ldap_SubstringFilter = -1;
382 static gint ett_ldap_T_substringFilter_substrings = -1;
383 static gint ett_ldap_T_substringFilter_substrings_item = -1;
384 static gint ett_ldap_MatchingRuleAssertion = -1;
385 static gint ett_ldap_SearchResultEntry_U = -1;
386 static gint ett_ldap_PartialAttributeList = -1;
387 static gint ett_ldap_PartialAttributeList_item = -1;
388 static gint ett_ldap_SEQUENCE_OF_LDAPURL = -1;
389 static gint ett_ldap_ModifyRequest_U = -1;
390 static gint ett_ldap_ModifyRequest_modification = -1;
391 static gint ett_ldap_T_modifyRequest_modification_item = -1;
392 static gint ett_ldap_AttributeTypeAndValues = -1;
393 static gint ett_ldap_AddRequest_U = -1;
394 static gint ett_ldap_AttributeList = -1;
395 static gint ett_ldap_AttributeList_item = -1;
396 static gint ett_ldap_ModifyDNRequest_U = -1;
397 static gint ett_ldap_CompareRequest_U = -1;
398 static gint ett_ldap_ExtendedRequest_U = -1;
399 static gint ett_ldap_ExtendedResponse_U = -1;
400 static gint ett_ldap_IntermediateResponse_U = -1;
401 static gint ett_ldap_SearchControlValue = -1;
402 static gint ett_ldap_SortKeyList = -1;
403 static gint ett_ldap_SortKeyList_item = -1;
404 static gint ett_ldap_SortResult = -1;
405 static gint ett_ldap_DirSyncControlValue = -1;
406 static gint ett_ldap_PasswdModifyRequestValue = -1;
407 static gint ett_ldap_CancelRequestValue = -1;
408 static gint ett_ldap_SyncRequestValue = -1;
409 static gint ett_ldap_SyncStateValue = -1;
410 static gint ett_ldap_SyncDoneValue = -1;
411 static gint ett_ldap_SyncInfoValue = -1;
412 static gint ett_ldap_T_refreshDelete = -1;
413 static gint ett_ldap_T_refreshPresent = -1;
414 static gint ett_ldap_T_syncIdSet = -1;
415 static gint ett_ldap_SET_OF_SyncUUID = -1;
416 static gint ett_ldap_PasswordPolicyResponseValue = -1;
417 static gint ett_ldap_T_warning = -1;
419 /*--- End of included file: packet-ldap-ett.c ---*/
420 #line 207 "./asn1/ldap/packet-ldap-template.c"
422 static expert_field ei_ldap_exceeded_filter_length = EI_INIT;
423 static expert_field ei_ldap_too_many_filter_elements = EI_INIT;
425 static dissector_table_t ldap_name_dissector_table=NULL;
426 static const char *object_identifier_id = NULL; /* LDAP OID */
428 static gboolean do_protocolop = FALSE;
429 static gchar *attr_type = NULL;
430 static gboolean is_binary_attr_type = FALSE;
431 static gboolean ldap_found_in_frame = FALSE;
433 #define TCP_PORT_LDAP 389
434 #define TCP_PORT_LDAPS 636
435 #define UDP_PORT_CLDAP 389
436 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
438 /* desegmentation of LDAP */
439 static gboolean ldap_desegment = TRUE;
440 static guint global_ldap_tcp_port = TCP_PORT_LDAP;
441 static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
442 static guint tcp_port = 0;
443 static guint ssl_port = 0;
445 static dissector_handle_t gssapi_handle;
446 static dissector_handle_t gssapi_wrap_handle;
447 static dissector_handle_t ntlmssp_handle;
448 static dissector_handle_t spnego_handle;
449 static dissector_handle_t ssl_handle;
450 static dissector_handle_t ldap_handle ;
452 static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
455 /* different types of rpc calls ontop of ms cldap */
456 #define MSCLDAP_RPC_NETLOGON 1
458 /* Message type Choice values */
459 static const value_string ldap_ProtocolOp_choice_vals[] = {
460 { 0, "bindRequest" },
461 { 1, "bindResponse" },
462 { 2, "unbindRequest" },
463 { 3, "searchRequest" },
464 { 4, "searchResEntry" },
465 { 5, "searchResDone" },
466 { 6, "searchResRef" },
467 { 7, "modifyRequest" },
468 { 8, "modifyResponse" },
470 { 10, "addResponse" },
471 { 11, "delRequest" },
472 { 12, "delResponse" },
473 { 13, "modDNRequest" },
474 { 14, "modDNResponse" },
475 { 15, "compareRequest" },
476 { 16, "compareResponse" },
477 { 17, "abandonRequest" },
478 { 18, "extendedReq" },
479 { 19, "extendedResp" },
480 { 20, "intermediateResponse" },
484 /* Procedure names (used in Service Response Time */
485 const value_string ldap_procedure_names[] = {
497 #define LOGON_PRIMARY_QUERY 7
498 #define LOGON_PRIMARY_RESPONSE 12
499 #define LOGON_SAM_LOGON_REQUEST 18
500 #define LOGON_SAM_LOGON_RESPONSE 19
501 #define LOGON_SAM_PAUSE_RESPONSE 20
502 #define LOGON_SAM_USER_UNKNOWN 21
503 #define LOGON_SAM_LOGON_RESPONSE_EX 23
504 #define LOGON_SAM_PAUSE_RESPONSE_EX 24
505 #define LOGON_SAM_USER_UNKNOWN_EX 25
507 static const value_string netlogon_opcode_vals[] = {
508 { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" },
509 { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" },
510 { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" },
511 { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" },
512 { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" },
513 { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" },
514 { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" },
515 { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" },
519 #define LDAP_NUM_PROCEDURES 24
522 ldapstat_init(struct register_srt* srt _U_, GArray* srt_array, srt_gui_init_cb gui_callback, void* gui_data)
524 srt_stat_table *ldap_srt_table;
527 ldap_srt_table = init_srt_table("LDAP Commands", NULL, srt_array, LDAP_NUM_PROCEDURES, NULL, "ldap.protocolOp", gui_callback, gui_data, NULL);
528 for (i = 0; i < LDAP_NUM_PROCEDURES; i++)
530 init_srt_table_row(ldap_srt_table, i, val_to_str_const(i, ldap_procedure_names, "<unknown>"));
535 ldapstat_packet(void *pldap, packet_info *pinfo, epan_dissect_t *edt _U_, const void *psi)
538 srt_stat_table *ldap_srt_table;
539 const ldap_call_response_t *ldap=(const ldap_call_response_t *)psi;
540 srt_data_t *data = (srt_data_t *)pldap;
542 /* we are only interested in reply packets */
543 if(ldap->is_request){
546 /* if we havnt seen the request, just ignore it */
547 if(!ldap->req_frame){
551 /* only use the commands we know how to handle */
552 switch(ldap->protocolOpTag){
554 case LDAP_REQ_SEARCH:
555 case LDAP_REQ_MODIFY:
557 case LDAP_REQ_DELETE:
558 case LDAP_REQ_MODRDN:
559 case LDAP_REQ_COMPARE:
560 case LDAP_REQ_EXTENDED:
566 ldap_srt_table = g_array_index(data->srt_array, srt_stat_table*, i);
568 add_srt_table_data(ldap_srt_table, ldap->protocolOpTag, &ldap->req_time, pinfo);
573 * Data structure attached to a conversation, giving authentication
574 * information from a bind request.
575 * We keep a linked list of them, so that we can free up all the
576 * authentication mechanism strings.
578 typedef struct ldap_conv_info_t {
579 struct ldap_conv_info_t *next;
580 guint auth_type; /* authentication type */
581 char *auth_mech; /* authentication mechanism */
582 guint32 first_auth_frame; /* first frame that would use a security layer */
583 GHashTable *unmatched;
587 gboolean start_tls_pending;
588 guint32 start_tls_frame;
590 static ldap_conv_info_t *ldap_info_items;
593 ldap_info_hash_matched(gconstpointer k)
595 const ldap_call_response_t *key = (const ldap_call_response_t *)k;
597 return key->messageId;
601 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
603 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
604 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
606 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
609 /* a response may span multiple frames
610 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
615 return key1->messageId==key2->messageId;
619 ldap_info_hash_unmatched(gconstpointer k)
621 const ldap_call_response_t *key = (const ldap_call_response_t*)k;
623 return key->messageId;
627 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
629 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
630 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
632 return key1->messageId==key2->messageId;
636 /* These are the NtVer flags
637 http://msdn.microsoft.com/en-us/library/cc201035.aspx
640 static const true_false_string tfs_ntver_v1 = {
641 "Client requested version 1 netlogon response",
642 "Version 1 netlogon response not requested"
645 static const true_false_string tfs_ntver_v5 = {
646 "Client requested version 5 netlogon response",
647 "Version 5 netlogon response not requested"
649 static const true_false_string tfs_ntver_v5ex = {
650 "Client requested version 5 extended netlogon response",
651 "Version 5 extended response not requested"
653 static const true_false_string tfs_ntver_v5ep = {
654 "Client has requested IP address of the server",
655 "IP address of server not requested"
657 static const true_false_string tfs_ntver_vcs = {
658 "Client has asked for the closest site information",
659 "Closest site information not requested"
661 static const true_false_string tfs_ntver_vnt4 = {
662 "Client is requesting server to avoid NT4 emulation",
663 "Only full AD DS requested"
665 static const true_false_string tfs_ntver_vpdc = {
666 "Client has requested the Primary Domain Controller",
667 "Primary Domain Controller not requested"
669 static const true_false_string tfs_ntver_vip = {
670 "Client has requested IP details (obsolete)",
671 "IP details not requested (obsolete)"
673 static const true_false_string tfs_ntver_vl = {
674 "Client indicated that it is the local machine",
675 "Client is not the local machine"
676 };static const true_false_string tfs_ntver_vgc = {
677 "Client has requested a Global Catalog server",
678 "Global Catalog not requested"
681 /* Stuff for generation/handling of fields for custom AttributeValues */
682 typedef struct _attribute_type_t {
683 gchar* attribute_type;
684 gchar* attribute_desc;
687 static attribute_type_t* attribute_types = NULL;
688 static guint num_attribute_types = 0;
690 static GHashTable* attribute_types_hash = NULL;
693 attribute_types_update_cb(void *r, char **err)
695 attribute_type_t *rec = (attribute_type_t *)r;
698 if (rec->attribute_type == NULL) {
699 *err = g_strdup("Attribute type can't be empty");
703 g_strstrip(rec->attribute_type);
704 if (rec->attribute_type[0] == 0) {
705 *err = g_strdup("Attribute type can't be empty");
709 /* Check for invalid characters (to avoid asserting out when
710 * registering the field).
712 c = proto_check_field_name(rec->attribute_type);
714 *err = g_strdup_printf("Attribute type can't contain '%c'", c);
723 attribute_types_copy_cb(void* n, const void* o, size_t siz _U_)
725 attribute_type_t* new_rec = (attribute_type_t*)n;
726 const attribute_type_t* old_rec = (const attribute_type_t*)o;
728 new_rec->attribute_type = g_strdup(old_rec->attribute_type);
729 new_rec->attribute_desc = g_strdup(old_rec->attribute_desc);
735 attribute_types_free_cb(void*r)
737 attribute_type_t* rec = (attribute_type_t*)r;
739 if (rec->attribute_type) g_free(rec->attribute_type);
740 if (rec->attribute_desc) g_free(rec->attribute_desc);
743 UAT_CSTRING_CB_DEF(attribute_types, attribute_type, attribute_type_t)
744 UAT_CSTRING_CB_DEF(attribute_types, attribute_desc, attribute_type_t)
750 get_hf_for_header(char* attribute_type)
754 if (attribute_types_hash) {
755 hf_id = (gint*) g_hash_table_lookup(attribute_types_hash, attribute_type);
767 attribute_types_initialize_cb(void)
769 static hf_register_info* hf;
772 gchar* attribute_type;
774 if (attribute_types_hash && hf) {
775 guint hf_size = g_hash_table_size (attribute_types_hash);
776 /* Deregister all fields */
777 for (i = 0; i < hf_size; i++) {
778 proto_deregister_field (proto_ldap, *(hf[i].p_id));
781 g_hash_table_destroy (attribute_types_hash);
782 proto_add_deregistered_data (hf);
783 attribute_types_hash = NULL;
786 if (num_attribute_types) {
787 attribute_types_hash = g_hash_table_new(g_str_hash, g_str_equal);
788 hf = g_new0(hf_register_info,num_attribute_types);
790 for (i = 0; i < num_attribute_types; i++) {
791 hf_id = g_new(gint,1);
793 attribute_type = g_strdup(attribute_types[i].attribute_type);
796 hf[i].hfinfo.name = attribute_type;
797 hf[i].hfinfo.abbrev = g_strdup_printf("ldap.AttributeValue.%s", attribute_type);
798 hf[i].hfinfo.type = FT_STRING;
799 hf[i].hfinfo.display = BASE_NONE;
800 hf[i].hfinfo.strings = NULL;
801 hf[i].hfinfo.bitmask = 0;
802 hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc);
805 g_hash_table_insert(attribute_types_hash, attribute_type, hf_id);
808 proto_register_field_array(proto_ldap, hf, num_attribute_types);
812 /* MS-ADTS specification, section 7.3.1.1, NETLOGON_NT_VERSION Options Bits */
813 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
815 static const int * flags[] = {
816 &hf_mscldap_ntver_flags_v1,
817 &hf_mscldap_ntver_flags_v5,
818 &hf_mscldap_ntver_flags_v5ex,
819 &hf_mscldap_ntver_flags_v5ep,
820 &hf_mscldap_ntver_flags_vcs,
821 &hf_mscldap_ntver_flags_vnt4,
822 &hf_mscldap_ntver_flags_vpdc,
823 &hf_mscldap_ntver_flags_vip,
824 &hf_mscldap_ntver_flags_vl,
825 &hf_mscldap_ntver_flags_vgc,
829 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_ntver_flags,
830 ett_mscldap_ntver_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
836 /* This string contains the last LDAPString that was decoded */
837 static const char *attributedesc_string=NULL;
839 /* This string contains the last AssertionValue that was decoded */
840 static char *ldapvalue_string=NULL;
842 /* if the octet string contain all printable ASCII characters, then
843 * display it as a string, othervise just display it in hex.
846 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
849 gboolean pc, ind, is_ascii;
855 offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
856 offset=get_ber_length(tvb, offset, &len, &ind);
858 len=tvb_reported_length_remaining(tvb,offset);
867 * Some special/wellknown attributes in common LDAP (read AD)
868 * are neither ascii strings nor blobs of hex data.
869 * Special case these attributes and decode them more nicely.
871 * Add more special cases as required to prettify further
872 * (there can't be that many ones that are truly interesting)
874 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
878 /* this octet string contains an NT SID */
879 sid_tvb=tvb_new_subset_length(tvb, offset, len);
880 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
881 ldapvalue_string=tmpstr;
884 } else if ( (len==16) /* GUIDs are always 16 bytes */
885 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
886 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
889 /* This octet string contained a GUID */
890 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
892 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
893 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
894 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
895 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
896 uuid.data4[6], uuid.data4[7]);
899 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
903 /* get flag value to populate ldapvalue_string */
904 flags=tvb_get_letohl(tvb, offset);
906 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
907 g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
909 /* populate bitmask subtree */
910 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
918 * It was not one of our "wellknown" attributes so make the best
919 * we can and just try to see if it is an ascii string or if it
922 * XXX - should we support reading RFC 2252-style schemas
923 * for LDAP, and using that to determine how to display
924 * attribute values and assertion values?
926 * -- I don't think there are full schemas available that describe the
927 * interesting cases i.e. AD -- ronnie
929 str=tvb_get_ptr(tvb, offset, len);
932 if(!g_ascii_isprint(str[i])){
938 /* convert the string into a printable string */
940 ldapvalue_string=wmem_strndup(wmem_packet_scope(), str, len);
942 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 3*len);
944 g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
945 ldapvalue_string[3*i+2]=':';
947 ldapvalue_string[3*len-1]=0;
950 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
958 /* This string contains the last Filter item that was decoded */
959 static const char *Filter_string=NULL;
960 static const char *and_filter_string=NULL;
961 static const char *or_filter_string=NULL;
962 static const char *substring_value=NULL;
963 static const char *substring_item_init=NULL;
964 static const char *substring_item_any=NULL;
965 static const char *substring_item_final=NULL;
966 static const char *matching_rule_string=NULL;
967 static gboolean matching_rule_dnattr=FALSE;
969 #define MAX_FILTER_LEN 4096
970 static gint Filter_length;
972 #define MAX_FILTER_ELEMENTS 200
973 static gint Filter_elements;
975 /* Global variables */
976 static gint MessageID =-1;
977 static gint ProtocolOp = -1;
978 static gint result = 0;
979 static proto_item *ldm_tree = NULL; /* item to add text to */
981 static void ldap_do_protocolop(packet_info *pinfo)
987 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
989 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
992 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
994 do_protocolop = FALSE;
999 static ldap_call_response_t *
1000 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag, ldap_conv_info_t *ldap_info)
1002 ldap_call_response_t lcr, *lcrp=NULL;
1004 /* first see if we have already matched this */
1006 lcr.messageId=messageId;
1007 switch(protocolOpTag){
1009 case LDAP_REQ_SEARCH:
1010 case LDAP_REQ_MODIFY:
1012 case LDAP_REQ_DELETE:
1013 case LDAP_REQ_MODRDN:
1014 case LDAP_REQ_COMPARE:
1015 case LDAP_REQ_EXTENDED:
1016 lcr.is_request=TRUE;
1017 lcr.req_frame=pinfo->num;
1021 case LDAP_RES_SEARCH_ENTRY:
1022 case LDAP_RES_SEARCH_REF:
1023 case LDAP_RES_SEARCH_RESULT:
1024 case LDAP_RES_MODIFY:
1026 case LDAP_RES_DELETE:
1027 case LDAP_RES_MODRDN:
1028 case LDAP_RES_COMPARE:
1029 case LDAP_RES_EXTENDED:
1030 case LDAP_RES_INTERMEDIATE:
1031 lcr.is_request=FALSE;
1033 lcr.rep_frame=pinfo->num;
1038 lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->matched, &lcr);
1042 lcrp->is_request=lcr.is_request;
1046 /* we haven't found a match - try and match it up */
1048 switch(protocolOpTag){
1050 case LDAP_REQ_SEARCH:
1051 case LDAP_REQ_MODIFY:
1053 case LDAP_REQ_DELETE:
1054 case LDAP_REQ_MODRDN:
1055 case LDAP_REQ_COMPARE:
1056 case LDAP_REQ_EXTENDED:
1058 /* this a a request - add it to the unmatched list */
1060 /* check that we don't already have one of those in the
1061 unmatched list and if so remove it */
1063 lcr.messageId=messageId;
1064 lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->unmatched, &lcr);
1066 g_hash_table_remove(ldap_info->unmatched, lcrp);
1068 /* if we can't reuse the old one, grab a new chunk */
1070 lcrp=wmem_new0(wmem_file_scope(), ldap_call_response_t);
1072 lcrp->messageId=messageId;
1073 lcrp->req_frame=pinfo->num;
1074 lcrp->req_time=pinfo->abs_ts;
1076 lcrp->protocolOpTag=protocolOpTag;
1077 lcrp->is_request=TRUE;
1078 g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
1082 case LDAP_RES_SEARCH_ENTRY:
1083 case LDAP_RES_SEARCH_REF:
1084 case LDAP_RES_SEARCH_RESULT:
1085 case LDAP_RES_MODIFY:
1087 case LDAP_RES_DELETE:
1088 case LDAP_RES_MODRDN:
1089 case LDAP_RES_COMPARE:
1090 case LDAP_RES_EXTENDED:
1091 case LDAP_RES_INTERMEDIATE:
1093 /* this is a result - it should be in our unmatched list */
1095 lcr.messageId=messageId;
1096 lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->unmatched, &lcr);
1100 if(!lcrp->rep_frame){
1101 g_hash_table_remove(ldap_info->unmatched, lcrp);
1102 lcrp->rep_frame=pinfo->num;
1103 lcrp->is_request=FALSE;
1104 g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
1112 /* we have found a match */
1117 if(lcrp->is_request){
1118 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
1119 PROTO_ITEM_SET_GENERATED(it);
1122 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
1123 PROTO_ITEM_SET_GENERATED(it);
1124 nstime_delta(&ns, &pinfo->abs_ts, &lcrp->req_time);
1125 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
1126 PROTO_ITEM_SET_GENERATED(it);
1134 /*--- Included file: packet-ldap-fn.c ---*/
1135 #line 1 "./asn1/ldap/packet-ldap-fn.c"
1136 /*--- Cyclic dependencies ---*/
1138 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
1139 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
1140 /* Filter -> Filter/not -> Filter */
1141 static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
1147 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1148 #line 91 "./asn1/ldap/ldap.cnf"
1150 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1164 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1165 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1174 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1175 #line 301 "./asn1/ldap/ldap.cnf"
1176 tvbuff_t *parameter_tvb = NULL;
1177 const char *ldapstring = NULL;
1178 gchar *sc = NULL; /* semi-colon pointer */
1180 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1184 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
1186 ldap_do_protocolop(actx->pinfo);
1189 ldapstring = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
1191 if(hf_index == hf_ldap_baseObject) {
1192 /* this is search - put it on the scanline */
1193 if(!ldapstring || !*ldapstring)
1194 ldapstring = "<ROOT>";
1196 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
1199 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1202 if(!parameter_tvb) {
1204 proto_item_append_text(actx->created_item, " (%s)", ldapstring);
1207 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
1208 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
1211 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
1213 } else if ((hf_index == hf_ldap_objectName) ||
1214 (hf_index == hf_ldap_name) ||
1215 (hf_index == hf_ldap_entry) ||
1216 (hf_index == hf_ldap_object) ||
1217 (hf_index == hf_ldap_delRequest) ) {
1219 if(!ldapstring || !*ldapstring)
1220 ldapstring = "<ROOT>";
1222 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
1225 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1226 } else if (hf_index == hf_ldap_attributeDesc){
1227 /* remember the attribute description */
1228 attributedesc_string=ldapstring;
1229 } else if (hf_index == hf_ldap_initial){
1230 /* remember the substring item */
1231 substring_item_init=ldapstring;
1232 } else if (hf_index == hf_ldap_any){
1233 /* remember the substring item */
1234 substring_item_any=ldapstring;
1235 } else if (hf_index == hf_ldap_final){
1236 /* remember the substring item */
1237 substring_item_final=ldapstring;
1238 } else if (hf_index == hf_ldap_matchingRule){
1239 /* remember the matching rule */
1240 matching_rule_string=ldapstring;
1241 } else if (hf_index == hf_ldap_present){
1242 /* remember the present name */
1243 Filter_string=ldapstring;
1244 } else if (hf_index == hf_ldap_type) {
1245 /* remember attribute type name */
1246 attr_type = wmem_strdup(wmem_packet_scope(), ldapstring);
1248 /* append it to the parent entry */
1249 proto_item_append_text(tree, " %s", attr_type);
1251 /* remove the ";binary" component if present */
1252 if((sc = strchr(attr_type, ';')) != NULL) {
1253 if(!strcmp(sc, ";binary")) {
1254 *sc = '\0'; /* terminate the string */
1255 is_binary_attr_type = TRUE;
1258 is_binary_attr_type = FALSE;
1273 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1274 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1282 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1283 #line 148 "./asn1/ldap/ldap.cnf"
1284 ldap_conv_info_t *ldap_info;
1286 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1290 ldap_info = (ldap_conv_info_t *)actx->private_data;
1291 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
1301 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1302 #line 156 "./asn1/ldap/ldap.cnf"
1304 ldap_conv_info_t *ldap_info;
1305 tvbuff_t *parameter_tvb;
1306 char *mechanism = NULL;
1307 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1310 ldap_info = (ldap_conv_info_t *)actx->private_data;
1311 ldap_info->auth_type = LDAP_AUTH_SASL;
1317 * We need to remember the authentication type and mechanism for this
1320 * XXX - actually, we might need to remember more than one
1321 * type and mechanism, if you can unbind and rebind with a
1322 * different type and/or mechanism.
1324 if(!actx->pinfo->fd->flags.visited) {
1325 mechanism = tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
1326 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
1328 * If the mechanism in this request is an empty string (which is
1329 * returned as a null pointer), use the saved mechanism instead.
1330 * Otherwise, if the saved mechanism is an empty string (null),
1331 * save this mechanism.
1333 if (mechanism != NULL) {
1334 wmem_free(wmem_file_scope(), ldap_info->auth_mech);
1335 ldap_info->auth_mech = mechanism;
1346 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1347 #line 190 "./asn1/ldap/ldap.cnf"
1349 tvbuff_t *parameter_tvb;
1350 ldap_conv_info_t *ldap_info;
1355 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1362 ldap_info = (ldap_conv_info_t *)actx->private_data;
1363 get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
1365 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
1366 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
1368 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
1369 * We need to check the first byte to check whether the blob
1370 * contains SPNEGO or GSSAPI.
1371 * All SPNEGO PDUs are of class CONSTRUCTED while
1372 * GSS PDUs are class APPLICATION
1374 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1375 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1377 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
1378 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
1380 * This is a raw GSS-API token.
1382 if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) {
1383 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1386 /* Restore private data */
1387 actx->private_data = ldap_info;
1396 static const ber_sequence_t SaslCredentials_sequence[] = {
1397 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism },
1398 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials },
1399 { NULL, 0, 0, 0, NULL }
1403 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1404 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1405 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1413 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1414 #line 690 "./asn1/ldap/ldap.cnf"
1415 /* make sure the protocol op comes first */
1416 ldap_do_protocolop(actx->pinfo);
1418 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1419 offset+=tvb_reported_length_remaining(tvb, offset);
1429 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1430 #line 697 "./asn1/ldap/ldap.cnf"
1431 /* make sure the protocol op comes first */
1432 ldap_do_protocolop(actx->pinfo);
1434 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1435 offset+=tvb_reported_length_remaining(tvb, offset);
1443 static const value_string ldap_AuthenticationChoice_vals[] = {
1446 { 10, "ntlmsspNegotiate" },
1447 { 11, "ntlmsspAuth" },
1451 static const ber_choice_t AuthenticationChoice_choice[] = {
1452 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple },
1453 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials },
1454 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate },
1455 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth },
1456 { 0, NULL, 0, 0, 0, NULL }
1460 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1461 #line 487 "./asn1/ldap/ldap.cnf"
1464 const gchar *valstr;
1466 offset = dissect_ber_choice(actx, tree, tvb, offset,
1467 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1471 ldap_do_protocolop(actx->pinfo);
1473 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1474 auth = AuthenticationChoice_choice[branch].value;
1476 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1478 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1479 if ((auth != 10) && (auth != 11))
1480 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1483 proto_item_append_text(ldm_tree, " %s", valstr);
1492 static const ber_sequence_t BindRequest_U_sequence[] = {
1493 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 },
1494 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
1495 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice },
1496 { NULL, 0, 0, 0, NULL }
1500 dissect_ldap_BindRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1501 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1502 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U);
1510 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1511 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1512 hf_index, BER_CLASS_APP, 0, TRUE, dissect_ldap_BindRequest_U);
1518 static const value_string ldap_BindResponse_resultCode_vals[] = {
1520 { 1, "operationsError" },
1521 { 2, "protocolError" },
1522 { 3, "timeLimitExceeded" },
1523 { 4, "sizeLimitExceeded" },
1524 { 5, "compareFalse" },
1525 { 6, "compareTrue" },
1526 { 7, "authMethodNotSupported" },
1527 { 8, "strongAuthRequired" },
1529 { 11, "adminLimitExceeded" },
1530 { 12, "unavailableCriticalExtension" },
1531 { 13, "confidentialityRequired" },
1532 { 14, "saslBindInProgress" },
1533 { 16, "noSuchAttribute" },
1534 { 17, "undefinedAttributeType" },
1535 { 18, "inappropriateMatching" },
1536 { 19, "constraintViolation" },
1537 { 20, "attributeOrValueExists" },
1538 { 21, "invalidAttributeSyntax" },
1539 { 32, "noSuchObject" },
1540 { 33, "aliasProblem" },
1541 { 34, "invalidDNSyntax" },
1542 { 36, "aliasDereferencingProblem" },
1543 { 48, "inappropriateAuthentication" },
1544 { 49, "invalidCredentials" },
1545 { 50, "insufficientAccessRights" },
1547 { 52, "unavailable" },
1548 { 53, "unwillingToPerform" },
1549 { 54, "loopDetect" },
1550 { 64, "namingViolation" },
1551 { 65, "objectClassViolation" },
1552 { 66, "notAllowedOnNonLeaf" },
1553 { 67, "notAllowedOnRDN" },
1554 { 68, "entryAlreadyExists" },
1555 { 69, "objectClassModsProhibited" },
1556 { 71, "affectsMultipleDSAs" },
1558 { 118, "canceled" },
1559 { 119, "noSuchOperation" },
1561 { 121, "cannotCancel" },
1567 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1568 #line 421 "./asn1/ldap/ldap.cnf"
1570 const gchar *valstr;
1572 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1576 ldap_do_protocolop(actx->pinfo);
1578 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1580 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1583 proto_item_append_text(ldm_tree, " %s", valstr);
1593 dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1594 #line 704 "./asn1/ldap/ldap.cnf"
1595 tvbuff_t *new_tvb=NULL;
1597 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1600 && (tvb_reported_length(new_tvb)>=7)
1601 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1603 /* make sure the protocol op comes first */
1604 ldap_do_protocolop(actx->pinfo);
1606 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
1618 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1619 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1627 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1628 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1631 #line 54 "./asn1/ldap/ldap.cnf"
1632 PROTO_ITEM_SET_URL(actx->created_item);
1639 static const ber_sequence_t Referral_sequence_of[1] = {
1640 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
1644 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1645 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1646 Referral_sequence_of, hf_index, ett_ldap_Referral);
1654 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1655 #line 231 "./asn1/ldap/ldap.cnf"
1657 tvbuff_t *parameter_tvb = NULL;
1658 ldap_conv_info_t *ldap_info;
1660 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1665 ldap_info = (ldap_conv_info_t *)actx->private_data;
1666 switch (ldap_info->auth_type) {
1668 /* For Kerberos V4, dissect it as a ticket. */
1669 /* XXX - what about LDAP_AUTH_SIMPLE? */
1671 case LDAP_AUTH_SASL:
1673 * All frames after this are assumed to use a security layer.
1675 * XXX - won't work if there's another reply, with the security
1676 * layer, starting in the same TCP segment that ends this
1677 * reply, but as LDAP is a request/response protocol, and
1678 * as the client probably can't start using authentication until
1679 * it gets the bind reply and the server won't send a reply until
1680 * it gets a request, that probably won't happen.
1682 * XXX - that assumption is invalid; it's not clear where the
1683 * hell you find out whether there's any security layer. In
1684 * one capture, we have two GSS-SPNEGO negotiations, both of
1685 * which select MS KRB5, and the only differences in the tokens
1686 * is in the RC4-HMAC ciphertext. The various
1687 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1688 * that the RFC 2222 spoo with the bitmask and maximum
1689 * output message size stuff is done - but where does that
1690 * stuff show up? Is it in the ciphertext, which means it's
1691 * presumably encrypted?
1693 * Grrr. We have to do a gross heuristic, checking whether the
1694 * putative LDAP message begins with 0x00 or not, making the
1695 * assumption that we won't have more than 2^24 bytes of
1696 * encapsulated stuff.
1698 ldap_info->first_auth_frame = actx->pinfo->num + 1;
1699 if (ldap_info->auth_mech != NULL &&
1700 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1701 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
1702 * which might not be wrapped in GSS-SPNEGO but be a raw
1705 if ( (tvb_reported_length(parameter_tvb)>=7)
1706 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
1707 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
1711 * This is a GSS-API token.
1713 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1714 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1715 } else if (ldap_info->auth_mech != NULL &&
1716 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1718 * This is a GSS-API token.
1720 if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
1721 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1725 actx->private_data = ldap_info;
1733 static const ber_sequence_t BindResponse_U_sequence[] = {
1734 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode },
1735 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN },
1736 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
1737 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
1738 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds },
1739 { NULL, 0, 0, 0, NULL }
1743 dissect_ldap_BindResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1744 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1745 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U);
1753 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1754 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1755 hf_index, BER_CLASS_APP, 1, TRUE, dissect_ldap_BindResponse_U);
1763 dissect_ldap_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1764 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1772 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1773 #line 509 "./asn1/ldap/ldap.cnf"
1775 implicit_tag = TRUE; /* correct problem with asn2wrs */
1777 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1778 hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL);
1781 ldap_do_protocolop(actx->pinfo);
1793 static const value_string ldap_T_scope_vals[] = {
1794 { 0, "baseObject" },
1795 { 1, "singleLevel" },
1796 { 2, "wholeSubtree" },
1802 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1803 #line 389 "./asn1/ldap/ldap.cnf"
1805 guint32 scope = 0xffff;
1806 const gchar *valstr;
1808 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1812 ldap_do_protocolop(actx->pinfo);
1814 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1816 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1819 proto_item_append_text(ldm_tree, " %s", valstr);
1827 static const value_string ldap_T_derefAliases_vals[] = {
1828 { 0, "neverDerefAliases" },
1829 { 1, "derefInSearching" },
1830 { 2, "derefFindingBaseObj" },
1831 { 3, "derefAlways" },
1837 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1838 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1847 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1848 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1857 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1858 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1866 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1867 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1869 #line 555 "./asn1/ldap/ldap.cnf"
1870 if(and_filter_string){
1871 and_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(&%s%s)",and_filter_string,Filter_string);
1873 and_filter_string=Filter_string;
1881 static const ber_sequence_t T_and_set_of[1] = {
1882 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item },
1886 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1887 #line 562 "./asn1/ldap/ldap.cnf"
1888 proto_tree *tr=NULL;
1889 proto_item *it=NULL;
1890 const char *old_and_filter_string=and_filter_string;
1892 and_filter_string=NULL;
1894 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
1897 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1898 T_and_set_of, hf_index, ett_ldap_T_and);
1901 if(and_filter_string) {
1902 proto_item_append_text(it, "%s", and_filter_string);
1903 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%s",and_filter_string);
1905 and_filter_string=old_and_filter_string;
1915 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1916 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1918 #line 580 "./asn1/ldap/ldap.cnf"
1919 if(or_filter_string){
1920 or_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(|%s%s)",or_filter_string,Filter_string);
1922 or_filter_string=Filter_string;
1931 static const ber_sequence_t T_or_set_of[1] = {
1932 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item },
1936 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1937 #line 588 "./asn1/ldap/ldap.cnf"
1940 const char *old_or_filter_string=or_filter_string;
1942 or_filter_string=NULL;
1943 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
1946 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1947 T_or_set_of, hf_index, ett_ldap_T_or);
1949 if(or_filter_string) {
1950 proto_item_append_text(it, "%s", or_filter_string);
1951 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%s",or_filter_string);
1953 or_filter_string=old_or_filter_string;
1963 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1964 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1966 #line 607 "./asn1/ldap/ldap.cnf"
1967 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(!%s)",string_or_null(Filter_string));
1976 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1977 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1984 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1985 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1986 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue },
1987 { NULL, 0, 0, 0, NULL }
1991 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1992 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1993 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
2001 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2002 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2004 #line 532 "./asn1/ldap/ldap.cnf"
2005 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
2006 string_or_null(attributedesc_string),
2007 string_or_null(ldapvalue_string));
2015 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
2022 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
2023 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
2024 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
2025 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
2026 { 0, NULL, 0, 0, 0, NULL }
2030 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2031 offset = dissect_ber_choice(actx, tree, tvb, offset,
2032 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
2035 #line 633 "./asn1/ldap/ldap.cnf"
2036 if (substring_item_final) {
2037 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s",
2038 (substring_value?substring_value:"*"),
2039 substring_item_final);
2040 } else if (substring_item_any) {
2041 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s*",
2042 (substring_value?substring_value:"*"),
2043 substring_item_any);
2044 } else if (substring_item_init) {
2045 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s*",
2046 substring_item_init);
2054 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
2055 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item },
2059 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2060 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2061 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
2067 static const ber_sequence_t SubstringFilter_sequence[] = {
2068 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2069 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings },
2070 { NULL, 0, 0, 0, NULL }
2074 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2075 #line 647 "./asn1/ldap/ldap.cnf"
2078 const char *old_substring_value=substring_value;
2081 substring_value=NULL;
2082 substring_item_init=NULL;
2083 substring_item_any=NULL;
2084 substring_item_final=NULL;
2086 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
2089 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2090 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
2092 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
2093 string_or_null(attr_type),
2094 string_or_null(substring_value));
2095 proto_item_append_text(it, "%s", Filter_string);
2096 substring_value=old_substring_value;
2106 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2107 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2109 #line 538 "./asn1/ldap/ldap.cnf"
2110 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s>=%s)",
2111 string_or_null(attributedesc_string),
2112 string_or_null(ldapvalue_string));
2122 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2123 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2125 #line 544 "./asn1/ldap/ldap.cnf"
2126 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s<=%s)",
2127 string_or_null(attributedesc_string),
2128 string_or_null(ldapvalue_string));
2138 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2139 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
2141 #line 604 "./asn1/ldap/ldap.cnf"
2142 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=*)",string_or_null(Filter_string));
2151 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2152 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2154 #line 550 "./asn1/ldap/ldap.cnf"
2155 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s~=%s)",
2156 string_or_null(attributedesc_string),
2157 string_or_null(ldapvalue_string));
2166 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2167 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2175 dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2176 #line 610 "./asn1/ldap/ldap.cnf"
2179 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
2182 matching_rule_dnattr = val;
2191 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
2192 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
2193 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
2194 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue },
2195 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes },
2196 { NULL, 0, 0, 0, NULL }
2200 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2201 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2202 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
2210 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2211 #line 619 "./asn1/ldap/ldap.cnf"
2213 matching_rule_string=NULL;
2214 ldapvalue_string=NULL;
2215 matching_rule_dnattr=FALSE;
2218 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2220 #line 625 "./asn1/ldap/ldap.cnf"
2221 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s:%s%s%s=%s)",
2222 (attr_type?attr_type:""),
2223 (matching_rule_dnattr?"dn:":""),
2224 (matching_rule_string?matching_rule_string:""),
2225 (matching_rule_string?":":""),
2226 string_or_null(ldapvalue_string));
2233 static const value_string ldap_Filter_vals[] = {
2237 { 3, "equalityMatch" },
2238 { 4, "substrings" },
2239 { 5, "greaterOrEqual" },
2240 { 6, "lessOrEqual" },
2242 { 8, "approxMatch" },
2243 { 9, "extensibleMatch" },
2247 static const ber_choice_t Filter_choice[] = {
2248 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and },
2249 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or },
2250 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not },
2251 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch },
2252 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter },
2253 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual },
2254 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual },
2255 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present },
2256 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch },
2257 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch },
2258 { 0, NULL, 0, 0, 0, NULL }
2262 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2263 #line 668 "./asn1/ldap/ldap.cnf"
2266 attributedesc_string=NULL;
2268 if (Filter_length++ > MAX_FILTER_LEN) {
2269 expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
2270 THROW(ReportedBoundsError);
2273 if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
2274 expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
2275 THROW(ReportedBoundsError);
2278 tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
2281 offset = dissect_ber_choice(actx, tree, tvb, offset,
2282 Filter_choice, hf_index, ett_ldap_Filter,
2286 proto_item_append_text(it, "%s", string_or_null(Filter_string));
2296 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2297 #line 521 "./asn1/ldap/ldap.cnf"
2299 Filter_elements = 0;
2303 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
2305 #line 526 "./asn1/ldap/ldap.cnf"
2307 and_filter_string=NULL;
2308 Filter_elements = 0;
2316 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2317 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2321 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2322 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2323 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2329 static const ber_sequence_t SearchRequest_U_sequence[] = {
2330 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2331 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope },
2332 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases },
2333 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2334 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2335 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2336 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter },
2337 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList },
2338 { NULL, 0, 0, 0, NULL }
2342 dissect_ldap_SearchRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2343 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2344 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U);
2352 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2353 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2354 hf_index, BER_CLASS_APP, 3, TRUE, dissect_ldap_SearchRequest_U);
2362 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2363 #line 451 "./asn1/ldap/ldap.cnf"
2365 tvbuff_t *next_tvb = NULL;
2368 int old_offset = offset;
2371 /* attr_type, should be set before calling this function */
2373 /* extract the value of the octetstring */
2374 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
2376 /* first check if we have a custom attribute type configured */
2377 if ((hf_id = get_hf_for_header (attr_type)) != NULL)
2378 proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
2380 /* if we have an attribute type that isn't binary see if there is a better dissector */
2381 else if(!attr_type || !next_tvb || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, NULL)) {
2382 offset = old_offset;
2384 /* do the default thing */
2385 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2389 len = tvb_reported_length_remaining(next_tvb, 0);
2391 for(i = 0; i < len; i++)
2392 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
2396 string = tvb_get_string_enc(wmem_packet_scope(), next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_ASCII|ENC_NA);
2397 proto_item_set_text(actx->created_item, "AttributeValue: %s", string);
2407 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2408 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },
2412 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2413 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
2414 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2420 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2421 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2422 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2423 { NULL, 0, 0, 0, NULL }
2427 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2428 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2429 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2435 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2436 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item },
2440 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2441 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2442 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2448 static const ber_sequence_t SearchResultEntry_U_sequence[] = {
2449 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2450 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList },
2451 { NULL, 0, 0, 0, NULL }
2455 dissect_ldap_SearchResultEntry_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2456 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2457 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U);
2465 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2466 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2467 hf_index, BER_CLASS_APP, 4, TRUE, dissect_ldap_SearchResultEntry_U);
2473 static const value_string ldap_T_resultCode_vals[] = {
2475 { 1, "operationsError" },
2476 { 2, "protocolError" },
2477 { 3, "timeLimitExceeded" },
2478 { 4, "sizeLimitExceeded" },
2479 { 5, "compareFalse" },
2480 { 6, "compareTrue" },
2481 { 7, "authMethodNotSupported" },
2482 { 8, "strongAuthRequired" },
2484 { 11, "adminLimitExceeded" },
2485 { 12, "unavailableCriticalExtension" },
2486 { 13, "confidentialityRequired" },
2487 { 14, "saslBindInProgress" },
2488 { 16, "noSuchAttribute" },
2489 { 17, "undefinedAttributeType" },
2490 { 18, "inappropriateMatching" },
2491 { 19, "constraintViolation" },
2492 { 20, "attributeOrValueExists" },
2493 { 21, "invalidAttributeSyntax" },
2494 { 32, "noSuchObject" },
2495 { 33, "aliasProblem" },
2496 { 34, "invalidDNSyntax" },
2497 { 36, "aliasDereferencingProblem" },
2498 { 48, "inappropriateAuthentication" },
2499 { 49, "invalidCredentials" },
2500 { 50, "insufficientAccessRights" },
2502 { 52, "unavailable" },
2503 { 53, "unwillingToPerform" },
2504 { 54, "loopDetect" },
2505 { 64, "namingViolation" },
2506 { 65, "objectClassViolation" },
2507 { 66, "notAllowedOnNonLeaf" },
2508 { 67, "notAllowedOnRDN" },
2509 { 68, "entryAlreadyExists" },
2510 { 69, "objectClassModsProhibited" },
2511 { 71, "affectsMultipleDSAs" },
2513 { 118, "canceled" },
2514 { 119, "noSuchOperation" },
2516 { 121, "cannotCancel" },
2522 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2523 #line 405 "./asn1/ldap/ldap.cnf"
2525 const gchar *valstr;
2527 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2531 ldap_do_protocolop(actx->pinfo);
2533 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2535 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
2538 proto_item_append_text(ldm_tree, " %s", valstr);
2547 static const ber_sequence_t LDAPResult_sequence[] = {
2548 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode },
2549 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2550 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2551 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2552 { NULL, 0, 0, 0, NULL }
2556 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2557 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2558 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2566 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2567 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2568 hf_index, BER_CLASS_APP, 5, TRUE, dissect_ldap_LDAPResult);
2574 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = {
2575 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
2579 dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2580 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2581 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL);
2589 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2590 #line 797 "./asn1/ldap/ldap.cnf"
2592 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2593 hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
2596 ldap_do_protocolop(actx->pinfo);
2605 static const value_string ldap_T_operation_vals[] = {
2614 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2615 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2622 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2623 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2624 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2625 { NULL, 0, 0, 0, NULL }
2629 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2630 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2631 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2637 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2638 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation },
2639 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues },
2640 { NULL, 0, 0, 0, NULL }
2644 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2645 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2646 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2652 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2653 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item },
2657 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2658 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2659 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2665 static const ber_sequence_t ModifyRequest_U_sequence[] = {
2666 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2667 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification },
2668 { NULL, 0, 0, 0, NULL }
2672 dissect_ldap_ModifyRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2673 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2674 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U);
2682 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2683 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2684 hf_index, BER_CLASS_APP, 6, TRUE, dissect_ldap_ModifyRequest_U);
2692 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2693 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2694 hf_index, BER_CLASS_APP, 7, TRUE, dissect_ldap_LDAPResult);
2700 static const ber_sequence_t AttributeList_item_sequence[] = {
2701 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2702 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2703 { NULL, 0, 0, 0, NULL }
2707 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2708 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2709 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2715 static const ber_sequence_t AttributeList_sequence_of[1] = {
2716 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item },
2720 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2721 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2722 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2728 static const ber_sequence_t AddRequest_U_sequence[] = {
2729 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2730 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList },
2731 { NULL, 0, 0, 0, NULL }
2735 dissect_ldap_AddRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2736 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2737 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U);
2745 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2746 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2747 hf_index, BER_CLASS_APP, 8, TRUE, dissect_ldap_AddRequest_U);
2755 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2756 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2757 hf_index, BER_CLASS_APP, 9, TRUE, dissect_ldap_LDAPResult);
2765 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2766 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2767 hf_index, BER_CLASS_APP, 10, TRUE, dissect_ldap_LDAPDN);
2775 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2776 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2777 hf_index, BER_CLASS_APP, 11, TRUE, dissect_ldap_LDAPResult);
2785 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2786 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2792 static const ber_sequence_t ModifyDNRequest_U_sequence[] = {
2793 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2794 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN },
2795 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2796 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN },
2797 { NULL, 0, 0, 0, NULL }
2801 dissect_ldap_ModifyDNRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2802 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2803 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U);
2811 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2812 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2813 hf_index, BER_CLASS_APP, 12, TRUE, dissect_ldap_ModifyDNRequest_U);
2821 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2822 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2823 hf_index, BER_CLASS_APP, 13, TRUE, dissect_ldap_LDAPResult);
2829 static const ber_sequence_t CompareRequest_U_sequence[] = {
2830 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2831 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion },
2832 { NULL, 0, 0, 0, NULL }
2836 dissect_ldap_CompareRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2837 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2838 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U);
2846 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2847 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2848 hf_index, BER_CLASS_APP, 14, TRUE, dissect_ldap_CompareRequest_U);
2856 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2857 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2858 hf_index, BER_CLASS_APP, 15, TRUE, dissect_ldap_LDAPResult);
2866 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2867 #line 804 "./asn1/ldap/ldap.cnf"
2869 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2870 hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
2873 ldap_do_protocolop(actx->pinfo);
2883 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2884 #line 57 "./asn1/ldap/ldap.cnf"
2886 tvbuff_t *parameter_tvb;
2888 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
2891 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2894 #line 65 "./asn1/ldap/ldap.cnf"
2896 object_identifier_id = NULL;
2901 object_identifier_id = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
2902 name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
2905 proto_item_append_text(actx->created_item, " (%s)", name);
2907 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
2908 ldap_do_protocolop(actx->pinfo);
2909 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
2913 /* Has the client requested the Start TLS operation? */
2914 if (ldap_info && hf_index == hf_ldap_requestName &&
2915 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
2916 /* remember we have asked to start_tls */
2917 ldap_info->start_tls_pending = TRUE;
2927 dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2928 #line 739 "./asn1/ldap/ldap.cnf"
2930 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2931 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
2933 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2944 static const ber_sequence_t ExtendedRequest_U_sequence[] = {
2945 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID },
2946 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue },
2947 { NULL, 0, 0, 0, NULL }
2951 dissect_ldap_ExtendedRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2952 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2953 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U);
2961 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2962 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2963 hf_index, BER_CLASS_APP, 23, TRUE, dissect_ldap_ExtendedRequest_U);
2969 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2971 { 1, "operationsError" },
2972 { 2, "protocolError" },
2973 { 3, "timeLimitExceeded" },
2974 { 4, "sizeLimitExceeded" },
2975 { 5, "compareFalse" },
2976 { 6, "compareTrue" },
2977 { 7, "authMethodNotSupported" },
2978 { 8, "strongAuthRequired" },
2980 { 11, "adminLimitExceeded" },
2981 { 12, "unavailableCriticalExtension" },
2982 { 13, "confidentialityRequired" },
2983 { 14, "saslBindInProgress" },
2984 { 16, "noSuchAttribute" },
2985 { 17, "undefinedAttributeType" },
2986 { 18, "inappropriateMatching" },
2987 { 19, "constraintViolation" },
2988 { 20, "attributeOrValueExists" },
2989 { 21, "invalidAttributeSyntax" },
2990 { 32, "noSuchObject" },
2991 { 33, "aliasProblem" },
2992 { 34, "invalidDNSyntax" },
2993 { 36, "aliasDereferencingProblem" },
2994 { 48, "inappropriateAuthentication" },
2995 { 49, "invalidCredentials" },
2996 { 50, "insufficientAccessRights" },
2998 { 52, "unavailable" },
2999 { 53, "unwillingToPerform" },
3000 { 54, "loopDetect" },
3001 { 64, "namingViolation" },
3002 { 65, "objectClassViolation" },
3003 { 66, "notAllowedOnNonLeaf" },
3004 { 67, "notAllowedOnRDN" },
3005 { 68, "entryAlreadyExists" },
3006 { 69, "objectClassModsProhibited" },
3007 { 71, "affectsMultipleDSAs" },
3009 { 118, "canceled" },
3010 { 119, "noSuchOperation" },
3012 { 121, "cannotCancel" },
3018 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3019 #line 436 "./asn1/ldap/ldap.cnf"
3021 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
3023 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3025 /* If Start TLS request was sent and resultCode is success... */
3026 if (ldap_info && ldap_info->start_tls_pending &&
3027 hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) {
3028 /* The conversation will continue using SSL */
3029 ssl_starttls_ack(find_dissector("ssl"), actx->pinfo, ldap_handle);
3030 ldap_info->start_tls_pending = FALSE;
3042 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3043 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3051 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3052 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3059 static const ber_sequence_t ExtendedResponse_U_sequence[] = {
3060 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode },
3061 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
3062 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
3063 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
3064 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
3065 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3066 { NULL, 0, 0, 0, NULL }
3070 dissect_ldap_ExtendedResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3071 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3072 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U);
3080 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3081 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3082 hf_index, BER_CLASS_APP, 24, TRUE, dissect_ldap_ExtendedResponse_U);
3090 dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3091 #line 747 "./asn1/ldap/ldap.cnf"
3096 #line 751 "./asn1/ldap/ldap.cnf"
3097 if(ldm_tree && object_identifier_id) {
3098 proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
3099 name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
3101 proto_item_append_text(ldm_tree, " (%s)", name);
3103 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3104 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
3106 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3117 static const ber_sequence_t IntermediateResponse_U_sequence[] = {
3118 { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
3119 { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue },
3120 { NULL, 0, 0, 0, NULL }
3124 dissect_ldap_IntermediateResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3125 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3126 IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U);
3134 dissect_ldap_IntermediateResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3135 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3136 hf_index, BER_CLASS_APP, 25, TRUE, dissect_ldap_IntermediateResponse_U);
3142 static const value_string ldap_ProtocolOp_vals[] = {
3143 { 0, "bindRequest" },
3144 { 1, "bindResponse" },
3145 { 2, "unbindRequest" },
3146 { 3, "searchRequest" },
3147 { 4, "searchResEntry" },
3148 { 5, "searchResDone" },
3149 { 19, "searchResRef" },
3150 { 6, "modifyRequest" },
3151 { 7, "modifyResponse" },
3152 { 8, "addRequest" },
3153 { 9, "addResponse" },
3154 { 10, "delRequest" },
3155 { 11, "delResponse" },
3156 { 12, "modDNRequest" },
3157 { 13, "modDNResponse" },
3158 { 14, "compareRequest" },
3159 { 15, "compareResponse" },
3160 { 16, "abandonRequest" },
3161 { 23, "extendedReq" },
3162 { 24, "extendedResp" },
3163 { 25, "intermediateResponse" },
3167 static const ber_choice_t ProtocolOp_choice[] = {
3168 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest },
3169 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse },
3170 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest },
3171 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest },
3172 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry },
3173 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone },
3174 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference },
3175 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest },
3176 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse },
3177 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest },
3178 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse },
3179 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest },
3180 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse },
3181 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest },
3182 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse },
3183 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest },
3184 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse },
3185 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest },
3186 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest },
3187 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse },
3188 { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse },
3189 { 0, NULL, 0, 0, 0, NULL }
3193 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3194 #line 99 "./asn1/ldap/ldap.cnf"
3196 ldap_call_response_t *lcrp;
3197 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
3198 do_protocolop = TRUE;
3201 offset = dissect_ber_choice(actx, tree, tvb, offset,
3202 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
3205 #line 105 "./asn1/ldap/ldap.cnf"
3207 if (ProtocolOp == -1) {
3211 /* ProtocolOp is the index, not the tag so convert it to the tag value */
3212 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
3214 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info);
3216 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
3219 /* XXX: the count will not work if the results span multiple TCP packets */
3221 if(ldap_info) { /* only count once */
3222 switch(ProtocolOp) {
3224 case LDAP_RES_SEARCH_ENTRY:
3225 if (!actx->pinfo->fd->flags.visited)
3226 ldap_info->num_results++;
3228 proto_item_append_text(tree, " [%d result%s]",
3229 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3233 case LDAP_RES_SEARCH_RESULT:
3235 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
3236 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3238 proto_item_append_text(tree, " [%d result%s]",
3239 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3255 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3256 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3264 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3265 #line 720 "./asn1/ldap/ldap.cnf"
3271 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3272 /* remove the OCTET STRING encoding */
3273 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
3274 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
3276 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
3280 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3292 static const ber_sequence_t Control_sequence[] = {
3293 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType },
3294 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3295 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue },
3296 { NULL, 0, 0, 0, NULL }
3300 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3301 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3302 Control_sequence, hf_index, ett_ldap_Control);
3308 static const ber_sequence_t Controls_sequence_of[1] = {
3309 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control },
3313 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3314 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3315 Controls_sequence_of, hf_index, ett_ldap_Controls);
3321 static const ber_sequence_t LDAPMessage_sequence[] = {
3322 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3323 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp },
3324 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls },
3325 { NULL, 0, 0, 0, NULL }
3329 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3330 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3331 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
3341 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3342 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3349 static const ber_sequence_t SearchControlValue_sequence[] = {
3350 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3351 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3352 { NULL, 0, 0, 0, NULL }
3356 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3357 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3358 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
3364 static const ber_sequence_t SortKeyList_item_sequence[] = {
3365 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
3366 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
3367 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN },
3368 { NULL, 0, 0, 0, NULL }
3372 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3373 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3374 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
3380 static const ber_sequence_t SortKeyList_sequence_of[1] = {
3381 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item },
3385 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3386 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3387 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
3393 static const value_string ldap_T_sortResult_vals[] = {
3395 { 1, "operationsError" },
3396 { 3, "timeLimitExceeded" },
3397 { 8, "strongAuthRequired" },
3398 { 11, "adminLimitExceeded" },
3399 { 16, "noSuchAttribute" },
3400 { 18, "inappropriateMatching" },
3401 { 50, "insufficientAccessRights" },
3403 { 53, "unwillingToPerform" },
3410 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3411 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3418 static const ber_sequence_t SortResult_sequence[] = {
3419 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult },
3420 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
3421 { NULL, 0, 0, 0, NULL }
3425 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3426 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3427 SortResult_sequence, hf_index, ett_ldap_SortResult);
3435 dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3436 #line 764 "./asn1/ldap/ldap.cnf"
3443 int otheroffset = offset;
3445 dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
3446 otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
3448 gint32 remaining=tvb_reported_length_remaining(tvb, offset);
3449 len=remaining>0 ? remaining : 0;
3452 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
3455 const int *flags[] = {
3456 &hf_ldap_object_security_flag,
3457 &hf_ldap_ancestor_first_flag,
3458 &hf_ldap_public_data_only_flag,
3459 &hf_ldap_incremental_value_flag,
3463 proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index,
3464 ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND);
3466 proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
3475 static const ber_sequence_t DirSyncControlValue_sequence[] = {
3476 { &hf_ldap_flags , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_DirSyncFlags },
3477 { &hf_ldap_maxBytes , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3478 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3479 { NULL, 0, 0, 0, NULL }
3483 dissect_ldap_DirSyncControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3484 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3485 DirSyncControlValue_sequence, hf_index, ett_ldap_DirSyncControlValue);
3491 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = {
3492 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3493 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3494 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3495 { NULL, 0, 0, 0, NULL }
3499 dissect_ldap_PasswdModifyRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3500 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3501 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue);
3507 static const ber_sequence_t CancelRequestValue_sequence[] = {
3508 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3509 { NULL, 0, 0, 0, NULL }
3513 dissect_ldap_CancelRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3514 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3515 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue);
3521 static const value_string ldap_T_mode_vals[] = {
3522 { 1, "refreshOnly" },
3523 { 3, "refreshAndPersist" },
3529 dissect_ldap_T_mode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3530 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3537 static const ber_sequence_t SyncRequestValue_sequence[] = {
3538 { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode },
3539 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3540 { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3541 { NULL, 0, 0, 0, NULL }
3545 dissect_ldap_SyncRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3546 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3547 SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue);
3553 static const value_string ldap_T_state_vals[] = {
3563 dissect_ldap_T_state(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3564 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3573 dissect_ldap_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3574 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3581 static const ber_sequence_t SyncStateValue_sequence[] = {
3582 { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state },
3583 { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3584 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3585 { NULL, 0, 0, 0, NULL }
3589 dissect_ldap_SyncStateValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3590 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3591 SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue);
3597 static const ber_sequence_t SyncDoneValue_sequence[] = {
3598 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3599 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3600 { NULL, 0, 0, 0, NULL }
3604 dissect_ldap_SyncDoneValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3605 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3606 SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue);
3612 static const ber_sequence_t T_refreshDelete_sequence[] = {
3613 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3614 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3615 { NULL, 0, 0, 0, NULL }
3619 dissect_ldap_T_refreshDelete(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3620 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3621 T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete);
3627 static const ber_sequence_t T_refreshPresent_sequence[] = {
3628 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3629 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3630 { NULL, 0, 0, 0, NULL }
3634 dissect_ldap_T_refreshPresent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3635 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3636 T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent);
3642 static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = {
3643 { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3647 dissect_ldap_SET_OF_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3648 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
3649 SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID);
3655 static const ber_sequence_t T_syncIdSet_sequence[] = {
3656 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3657 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3658 { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID },
3659 { NULL, 0, 0, 0, NULL }
3663 dissect_ldap_T_syncIdSet(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3664 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3665 T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet);
3671 static const value_string ldap_SyncInfoValue_vals[] = {
3673 { 1, "refreshDelete" },
3674 { 2, "refreshPresent" },
3679 static const ber_choice_t SyncInfoValue_choice[] = {
3680 { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3681 { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete },
3682 { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent },
3683 { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet },
3684 { 0, NULL, 0, 0, 0, NULL }
3688 dissect_ldap_SyncInfoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3689 offset = dissect_ber_choice(actx, tree, tvb, offset,
3690 SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue,
3697 static const value_string ldap_T_warning_vals[] = {
3698 { 0, "timeBeforeExpiration" },
3699 { 1, "graceAuthNsRemaining" },
3703 static const ber_choice_t T_warning_choice[] = {
3704 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3705 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3706 { 0, NULL, 0, 0, 0, NULL }
3710 dissect_ldap_T_warning(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3711 offset = dissect_ber_choice(actx, tree, tvb, offset,
3712 T_warning_choice, hf_index, ett_ldap_T_warning,
3719 static const value_string ldap_T_error_vals[] = {
3720 { 0, "passwordExpired" },
3721 { 1, "accountLocked" },
3722 { 2, "changeAfterReset" },
3723 { 3, "passwordModNotAllowed" },
3724 { 4, "mustSupplyOldPassword" },
3725 { 5, "insufficientPasswordQuality" },
3726 { 6, "passwordTooShort" },
3727 { 7, "passwordTooYoung" },
3728 { 8, "passwordInHistory" },
3734 dissect_ldap_T_error(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3735 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3742 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = {
3743 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning },
3744 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error },
3745 { NULL, 0, 0, 0, NULL }
3749 dissect_ldap_PasswordPolicyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3750 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3751 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue);
3758 static int dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3760 asn1_ctx_t asn1_ctx;
3761 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3762 offset = dissect_ldap_SearchControlValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU);
3765 static int dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3767 asn1_ctx_t asn1_ctx;
3768 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3769 offset = dissect_ldap_SortKeyList(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU);
3772 static int dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3774 asn1_ctx_t asn1_ctx;
3775 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3776 offset = dissect_ldap_SortResult(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SortResult_PDU);
3779 static int dissect_DirSyncControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3781 asn1_ctx_t asn1_ctx;
3782 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3783 offset = dissect_ldap_DirSyncControlValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_DirSyncControlValue_PDU);
3786 static int dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3788 asn1_ctx_t asn1_ctx;
3789 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3790 offset = dissect_ldap_PasswdModifyRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU);
3793 static int dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3795 asn1_ctx_t asn1_ctx;
3796 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3797 offset = dissect_ldap_CancelRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU);
3800 static int dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3802 asn1_ctx_t asn1_ctx;
3803 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3804 offset = dissect_ldap_SyncRequestValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU);
3807 static int dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3809 asn1_ctx_t asn1_ctx;
3810 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3811 offset = dissect_ldap_SyncStateValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU);
3814 static int dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3816 asn1_ctx_t asn1_ctx;
3817 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3818 offset = dissect_ldap_SyncDoneValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU);
3821 static int dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3823 asn1_ctx_t asn1_ctx;
3824 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3825 offset = dissect_ldap_SyncInfoValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU);
3828 static int dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
3830 asn1_ctx_t asn1_ctx;
3831 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3832 offset = dissect_ldap_PasswordPolicyResponseValue(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU);
3837 /*--- End of included file: packet-ldap-fn.c ---*/
3838 #line 920 "./asn1/ldap/packet-ldap-template.c"
3839 static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) {
3842 asn1_ctx_t asn1_ctx;
3843 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3845 asn1_ctx.private_data = ldap_info;
3846 offset = dissect_ldap_LDAPMessage(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU);
3851 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3852 proto_tree *tree, ldap_conv_info_t *ldap_info,
3853 gboolean is_mscldap)
3856 guint length_remaining;
3858 int messageOffset = 0;
3859 guint headerLength = 0;
3861 tvbuff_t *msg_tvb = NULL;
3863 gboolean pc, ind = 0;
3866 attributedesc_string=NULL;
3871 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
3873 if (length_remaining < 6) return;
3876 * OK, try to read the "Sequence Of" header; this gets the total
3877 * length of the LDAP message.
3879 messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag);
3880 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
3883 if((msg_len<4) || (msg_len>10000000)) return;
3885 if ( (ber_class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
3887 * Add the length of the "Sequence Of" header to the message
3890 headerLength = messageOffset - offset;
3891 msg_len += headerLength;
3892 if (msg_len < headerLength) {
3894 * The message length was probably so large that the total length
3897 * Report this as an error.
3899 show_reported_bounds_error(tvb, pinfo, tree);
3904 * We couldn't parse the header; just make it the amount of data
3905 * remaining in the tvbuff, so we'll give up on this segment
3906 * after attempting to parse the message - there's nothing more
3907 * we can do. "dissect_ldap_message()" will display the error.
3909 msg_len = length_remaining;
3913 * Construct a tvbuff containing the amount of the payload we have
3914 * available. Make its reported length the amount of data in the
3917 * XXX - if reassembly isn't enabled. the subdissector will throw a
3918 * BoundsError exception, rather than a ReportedBoundsError exception.
3919 * We really want a tvbuff where the length is "length", the reported
3920 * length is "plen", and the "if the snapshot length were infinite"
3921 * length is the minimum of the reported length of the tvbuff handed
3922 * to us and "plen", with a new type of exception thrown if the offset
3923 * is within the reported length but beyond that third length, with
3924 * that exception getting the "Unreassembled Packet" error.
3926 length = length_remaining;
3927 if (length > msg_len) length = msg_len;
3928 msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
3931 * Now dissect the LDAP message.
3933 ldap_info->is_mscldap = is_mscldap;
3934 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree, ldap_info);
3938 /* If this was a sasl blob there might be another PDU following in the
3941 if(tvb_reported_length_remaining(tvb, offset)>=6){
3942 tvb = tvb_new_subset_remaining(tvb, offset);
3951 ldap_frame_end(void)
3953 ldap_found_in_frame = FALSE;
3955 ldapvalue_string = NULL;
3957 attributedesc_string = NULL;
3958 Filter_string = NULL;
3959 and_filter_string = NULL;
3960 object_identifier_id = NULL;
3961 or_filter_string = NULL;
3963 substring_item_any = NULL;
3964 substring_item_final = NULL;
3965 substring_item_init = NULL;
3966 substring_value = NULL;
3970 Filter_elements = 0;
3972 do_protocolop = FALSE;
3975 /* seems to be ok, but reset just in case */
3976 matching_rule_string = NULL;
3980 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3983 conversation_t *conversation;
3984 gboolean doing_sasl_security = FALSE;
3985 guint length_remaining;
3986 ldap_conv_info_t *ldap_info = NULL;
3987 proto_item *ldap_item = NULL;
3988 proto_tree *ldap_tree = NULL;
3992 conversation = find_or_create_conversation(pinfo);
3995 * Do we already have a type and mechanism?
3997 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
3998 if (ldap_info == NULL) {
3999 /* No. Attach that information to the conversation, and add
4000 * it to the list of information structures.
4002 ldap_info = g_new0(ldap_conv_info_t,1);
4003 ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
4004 ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
4006 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
4008 ldap_info->next = ldap_info_items;
4009 ldap_info_items = ldap_info;
4013 switch (ldap_info->auth_type) {
4014 case LDAP_AUTH_SASL:
4016 * It's SASL; are we using a security layer?
4018 if (ldap_info->first_auth_frame != 0 &&
4019 pinfo->num >= ldap_info->first_auth_frame) {
4020 doing_sasl_security = TRUE; /* yes */
4024 length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
4026 /* It might still be a packet containing a SASL security layer
4027 * but it's just that we never saw the BIND packet.
4028 * check if it looks like it could be a SASL blob here
4029 * and in that case just assume it is GSS-SPNEGO
4031 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
4032 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
4033 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
4034 ldap_info->auth_type=LDAP_AUTH_SASL;
4035 ldap_info->first_auth_frame=pinfo->num;
4036 ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
4037 doing_sasl_security=TRUE;
4041 * This is the first PDU, set the Protocol column and clear the
4044 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
4046 if(ldap_found_in_frame) {
4047 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
4048 col_append_str(pinfo->cinfo, COL_INFO, " | ");
4049 col_set_fence(pinfo->cinfo, COL_INFO);
4051 col_clear(pinfo->cinfo, COL_INFO);
4052 register_frame_end_routine (pinfo, ldap_frame_end);
4053 ldap_found_in_frame = TRUE;
4056 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA);
4057 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
4060 * Might we be doing a SASL security layer and, if so, *are* we doing
4063 * Just because we've seen a bind reply for SASL, that doesn't mean
4064 * that we're using a SASL security layer; I've seen captures in
4065 * which some SASL negotiations lead to a security layer being used
4066 * and other negotiations don't, and it's not obvious what's different
4067 * in the two negotiations. Therefore, we assume that if the first
4068 * byte is 0, it's a length for a SASL security layer (that way, we
4069 * never reassemble more than 16 megabytes, protecting us from
4070 * chewing up *too* much memory), and otherwise that it's an LDAP
4071 * message (actually, if it's an LDAP message it should begin with 0x30,
4072 * but we want to parse garbage as LDAP messages rather than really
4076 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
4077 proto_tree *sasl_tree;
4079 guint sasl_len, sasl_msg_len, length;
4081 * Yes. The frame begins with a 4-byte big-endian length.
4082 * And we know we have at least 6 bytes
4086 * Get the SASL length, which is the length of data in the buffer
4087 * following the length (i.e., it's 4 less than the total length).
4089 * XXX - do we need to reassemble buffers? For now, we
4090 * assume that each LDAP message is entirely contained within
4093 sasl_len = tvb_get_ntohl(tvb, offset);
4094 sasl_msg_len = sasl_len + 4;
4095 if (sasl_msg_len < 4) {
4097 * The message length was probably so large that the total length
4100 * Report this as an error.
4102 show_reported_bounds_error(tvb, pinfo, tree);
4107 * Construct a tvbuff containing the amount of the payload we have
4108 * available. Make its reported length the amount of data in the PDU.
4110 * XXX - if reassembly isn't enabled. the subdissector will throw a
4111 * BoundsError exception, rather than a ReportedBoundsError exception.
4112 * We really want a tvbuff where the length is "length", the reported
4113 * length is "plen", and the "if the snapshot length were infinite"
4114 * length is the minimum of the reported length of the tvbuff handed
4115 * to us and "plen", with a new type of exception thrown if the offset
4116 * is within the reported length but beyond that third length, with
4117 * that exception getting the "Unreassembled Packet" error.
4119 length = length_remaining;
4120 if (length > sasl_msg_len) length = sasl_msg_len;
4121 sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
4123 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, sasl_len);
4125 sasl_tree = proto_tree_add_subtree(ldap_tree, sasl_tvb, 0, sasl_msg_len, ett_ldap_sasl_blob, NULL, "SASL Buffer");
4127 if (ldap_info->auth_mech != NULL &&
4128 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
4129 /* auth_mech may have been set from the bind */
4130 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
4131 tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
4134 gssapi_encrypt_info_t gssapi_encrypt;
4137 * This is GSS-API (using SPNEGO, but we should be done with
4138 * the negotiation by now).
4140 * Dissect the GSS_Wrap() token; it'll return the length of
4141 * the token, from which we compute the offset in the tvbuff at
4142 * which the plaintext data, i.e. the LDAP message, begins.
4144 tmp_length = tvb_reported_length_remaining(sasl_tvb, 4);
4145 if ((guint)tmp_length > sasl_len)
4146 tmp_length = sasl_len;
4147 gssapi_tvb = tvb_new_subset(sasl_tvb, 4, tmp_length, sasl_len);
4149 /* Attempt decryption of the GSSAPI wrapped data if possible */
4150 gssapi_encrypt.gssapi_data_encrypted = FALSE;
4151 gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
4152 gssapi_encrypt.gssapi_wrap_tvb=NULL;
4153 gssapi_encrypt.gssapi_encrypted_tvb=NULL;
4154 gssapi_encrypt.gssapi_decrypted_tvb=NULL;
4155 ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree, &gssapi_encrypt);
4156 /* if we could unwrap, do a tvb shuffle */
4157 if(gssapi_encrypt.gssapi_decrypted_tvb){
4158 decr_tvb=gssapi_encrypt.gssapi_decrypted_tvb;
4159 } else if (gssapi_encrypt.gssapi_wrap_tvb) {
4160 plain_tvb=gssapi_encrypt.gssapi_wrap_tvb;
4164 * if len is 0 it probably mean that we got a PDU that is not
4165 * aligned to the start of the segment.
4172 * if we don't have unwrapped data,
4173 * see if the wrapping involved encryption of the
4174 * data; if not, just use the plaintext data.
4176 if (!decr_tvb && !plain_tvb) {
4177 if(!gssapi_encrypt.gssapi_data_encrypted){
4178 plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
4183 proto_tree *enc_tree = NULL;
4184 guint decr_len = tvb_reported_length(decr_tvb);
4187 * The LDAP message was encrypted in the packet, and has
4188 * been decrypted; dissect the decrypted LDAP message.
4190 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
4193 enc_tree = proto_tree_add_subtree_format(sasl_tree, decr_tvb, 0, -1,
4194 ett_ldap_payload, NULL, "GSS-API Encrypted payload (%d byte%s)",
4195 decr_len, plurality(decr_len, "", "s"));
4197 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
4198 } else if (plain_tvb) {
4199 proto_tree *plain_tree = NULL;
4200 guint plain_len = tvb_reported_length(plain_tvb);
4203 * The LDAP message wasn't encrypted in the packet;
4204 * dissect the plain LDAP message.
4206 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
4209 plain_tree = proto_tree_add_subtree_format(sasl_tree, plain_tvb, 0, -1,
4210 ett_ldap_payload, NULL, "GSS-API payload (%d byte%s)",
4211 plain_len, plurality(plain_len, "", "s"));
4214 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
4217 * The LDAP message was encrypted in the packet, and was
4218 * not decrypted; just show it as encrypted data.
4220 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
4222 plurality(sasl_len - ver_len, "", "s"));
4224 proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
4228 /* plain LDAP, so dissect the payload */
4229 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
4234 * prepend_dot is no longer used, but is being left in place in order to
4235 * maintain ABI compatibility.
4237 int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int max_len, gboolean prepend_dot _U_)
4242 /* The name data MUST start at offset 0 of the tvb */
4243 compr_len = expand_dns_name(tvb, offset, max_len, 0, &name);
4244 g_strlcpy(str, name, max_len);
4245 return offset + compr_len;
4249 /* These are the cldap DC flags
4250 http://msdn.microsoft.com/en-us/library/cc201036.aspx
4252 static const true_false_string tfs_ads_pdc = {
4256 static const true_false_string tfs_ads_gc = {
4257 "This is a GLOBAL CATALOGUE of forest",
4258 "This is NOT a global catalog of forest"
4260 static const true_false_string tfs_ads_ldap = {
4261 "This is an LDAP server",
4262 "This is NOT an ldap server"
4264 static const true_false_string tfs_ads_ds = {
4265 "This dc supports DS",
4266 "This dc does NOT support ds"
4268 static const true_false_string tfs_ads_kdc = {
4269 "This is a KDC (kerberos)",
4270 "This is NOT a kdc (kerberos)"
4272 static const true_false_string tfs_ads_timeserv = {
4273 "This dc is running TIME SERVICES (ntp)",
4274 "This dc is NOT running time services (ntp)"
4276 static const true_false_string tfs_ads_closest = {
4277 "This server is in the same site as the client",
4278 "This server is NOT in the same site as the client"
4280 static const true_false_string tfs_ads_writable = {
4281 "This dc is WRITABLE",
4282 "This dc is NOT writable"
4284 static const true_false_string tfs_ads_good_timeserv = {
4285 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
4286 "This dc does NOT have a good time service (i.e. no hardware clock)"
4288 static const true_false_string tfs_ads_ndnc = {
4289 "Domain is NON-DOMAIN NC serviced by ldap server",
4290 "Domain is NOT non-domain nc serviced by ldap server"
4292 static const true_false_string tfs_ads_rodc = {
4293 "Domain controller is a Windows 2008 RODC",
4294 "Domain controller is not a Windows 2008 RODC"
4296 static const true_false_string tfs_ads_wdc = {
4297 "Domain controller is a Windows 2008 writable NC",
4298 "Domain controller is not a Windows 2008 writable NC"
4300 static const true_false_string tfs_ads_dns = {
4301 "Server name is in DNS format (Windows 2008)",
4302 "Server name is not in DNS format (Windows 2008)"
4304 static const true_false_string tfs_ads_dnc = {
4305 "The NC is the default NC (Windows 2008)",
4306 "The NC is not the default NC (Windows 2008)"
4308 static const true_false_string tfs_ads_fnc = {
4309 "The NC is the default forest NC(Windows 2008)",
4310 "The NC is not the default forest NC (Windows 2008)"
4312 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
4314 static const int * flags[] = {
4315 &hf_mscldap_netlogon_flags_fnc,
4316 &hf_mscldap_netlogon_flags_dnc,
4317 &hf_mscldap_netlogon_flags_dns,
4318 &hf_mscldap_netlogon_flags_wdc,
4319 &hf_mscldap_netlogon_flags_rodc,
4320 &hf_mscldap_netlogon_flags_ndnc,
4321 &hf_mscldap_netlogon_flags_good_timeserv,
4322 &hf_mscldap_netlogon_flags_writable,
4323 &hf_mscldap_netlogon_flags_closest,
4324 &hf_mscldap_netlogon_flags_timeserv,
4325 &hf_mscldap_netlogon_flags_kdc,
4326 &hf_mscldap_netlogon_flags_ds,
4327 &hf_mscldap_netlogon_flags_ldap,
4328 &hf_mscldap_netlogon_flags_gc,
4329 &hf_mscldap_netlogon_flags_pdc,
4333 proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_netlogon_flags,
4334 ett_mscldap_netlogon_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
4340 static int dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4342 int old_offset, offset=0;
4355 /* Get the length of the buffer */
4356 len=tvb_reported_length_remaining(tvb,offset);
4358 /* check the len if it is to small return */
4360 return tvb_captured_length(tvb);
4363 proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4364 itype = tvb_get_letohs(tvb, offset);
4369 case LOGON_SAM_LOGON_RESPONSE:
4370 bc = tvb_reported_length_remaining(tvb, offset);
4371 /* logon server name */
4372 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4373 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb,offset, fn_len, fn);
4377 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4378 proto_tree_add_string(tree, hf_mscldap_username, tvb,offset, fn_len, fn);
4382 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4383 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb,offset, fn_len, fn);
4386 /* get the version number from the end of the buffer, as the
4387 length is variable and the version determines what fields
4388 need to be decoded */
4389 version = tvb_get_letohl(tvb,len-8);
4391 /* include the extra version 5 fields */
4392 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){
4395 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4398 /* domain guid part 2
4399 there is another 16 byte guid but this is alway zero, so we will skip it */
4404 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4405 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4409 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4410 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4414 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4415 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4418 proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, tvb_get_ntohl(tvb,offset));
4422 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4428 case LOGON_SAM_LOGON_RESPONSE_EX:
4429 /* MS-ADTS 7.3.1.9 */
4430 offset += 2; /* Skip over "Sbz" field (MUST be set to 0) */
4433 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4436 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4441 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4442 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4446 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4447 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4451 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4452 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4454 /* NetBIOS Domain */
4456 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4457 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
4459 /* NetBIOS Hostname */
4461 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4462 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
4466 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4467 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
4471 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4472 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
4476 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4477 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
4479 /* get the version number from the end of the buffer, as the
4480 length is variable and the version determines what fields
4481 need to be decoded */
4482 version = tvb_get_letohl(tvb,len-8);
4484 /* include the extra fields for version 5 with IP s */
4485 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){
4486 /* The ip address is returned as a sockaddr_in structure
4488 * This section may need to be updated if the base Windows APIs
4489 * are changed to support ipv6, which currently is not the case.
4491 * The desector assumes the length is based on ipv4 and
4492 * ignores the length
4495 /* skip the length of the sockaddr_in */
4499 /* add IP address and desect the sockaddr_in structure */
4501 old_offset = offset + 4;
4502 item = proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, tvb_get_ipv4(tvb,old_offset));
4505 proto_tree *subtree;
4507 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails);
4509 /* get sockaddr family */
4510 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4513 /* get sockaddr port */
4514 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4517 /* get IP address */
4518 proto_tree_add_ipv4(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, tvb_get_ipv4(tvb,offset));
4521 /* skip the 8 bytes of zeros in the sockaddr structure */
4531 /* complete the decode with the version and token details */
4535 /* NETLOGON_NT_VERISON Options (MS-ADTS 7.3.1.1) */
4536 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
4539 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4543 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4546 return tvb_captured_length(tvb);
4551 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
4552 int offset, void *data _U_)
4554 /* sasl encapsulated ldap is 4 bytes plus the length in size */
4555 return tvb_get_ntohl(tvb, offset)+4;
4559 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4561 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4562 return tvb_captured_length(tvb);
4566 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
4567 int offset, void *data _U_)
4573 /* normal ldap is tag+len bytes plus the length
4574 * offset is where the tag is
4575 * offset+1 is where length starts
4577 data_offset=get_ber_length(tvb, offset+1, &len, &ind);
4578 return len+data_offset-offset;
4582 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4584 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4585 return tvb_captured_length(tvb);
4589 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4592 const char *oidname;
4594 /* tvb here contains an ascii string that is really an oid */
4595 /* XXX we should convert the string oid into a real oid so we can use
4596 * proto_tree_add_oid() instead.
4599 oid=tvb_get_string_enc(wmem_packet_scope(), tvb, 0, tvb_reported_length(tvb), ENC_UTF_8|ENC_NA);
4601 return tvb_captured_length(tvb);
4604 oidname=oid_resolved_from_string(wmem_packet_scope(), oid);
4607 proto_tree_add_string_format_value(tree, hf_ldap_oid, tvb, 0, tvb_reported_length(tvb), oid, "%s (%s)",oid,oidname);
4609 proto_tree_add_string(tree, hf_ldap_oid, tvb, 0, tvb_captured_length(tvb), oid);
4611 return tvb_captured_length(tvb);
4614 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
4615 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
4616 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
4617 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
4618 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
4619 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
4620 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
4621 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
4622 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
4625 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
4627 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CONTROL_ACCESS, tvb, offset, 4, access);
4629 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST_OBJECT, tvb, offset, 4, access);
4631 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_TREE, tvb, offset, 4, access);
4633 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_WRITE_PROP, tvb, offset, 4, access);
4635 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_READ_PROP, tvb, offset, 4, access);
4637 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_SELF_WRITE, tvb, offset, 4, access);
4639 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST, tvb, offset, 4, access);
4641 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_CHILD, tvb, offset, 4, access);
4643 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CREATE_CHILD, tvb, offset, 4, access);
4645 struct access_mask_info ldap_access_mask_info = {
4646 "LDAP", /* Name of specific rights */
4647 ldap_specific_rights, /* Dissection function */
4648 NULL, /* Generic mapping table */
4649 NULL /* Standard mapping table */
4653 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4655 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_reported_length(tvb), &ldap_access_mask_info);
4656 return tvb_captured_length(tvb);
4660 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
4664 /* this octet string contains an NT SID */
4665 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
4666 ldapvalue_string=tmpstr;
4667 return tvb_captured_length(tvb);
4671 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4673 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4676 /* This octet string contained a GUID */
4677 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
4679 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
4680 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
4681 uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
4682 uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
4683 uuid.data4[6], uuid.data4[7]);
4684 return tvb_captured_length(tvb);
4688 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
4693 conversation_t *conversation;
4694 ldap_conv_info_t *ldap_info = NULL;
4697 * Do we have a conversation for this connection?
4699 conversation = find_conversation(pinfo->num, &pinfo->src, &pinfo->dst,
4700 pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
4702 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
4707 /* This is a bit tricky. We have to find out whether SASL is used
4708 * so that we know how big a header we are supposed to pass
4709 * to tcp_dissect_pdus()
4710 * We must also cope with the case when a client connects to LDAP
4711 * and performs a few unauthenticated searches of LDAP before
4712 * it performs the bind on the same tcp connection.
4714 /* check for a SASL header, i.e. assume it is SASL if
4715 * 1, first four bytes (SASL length) is an integer
4716 * with a value that must be <LDAP_SASL_MAX_BUF and >2
4717 * (>2 to fight false positives, 0x00000000 is a common
4718 * "random" tcp payload)
4719 * (SASL ldap PDUs might be >64k in size, which is why
4720 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
4722 * 2, we must have a conversation and the auth type must
4725 sasl_len=tvb_get_ntohl(tvb, 0);
4728 goto this_was_not_sasl;
4731 if( sasl_len>LDAP_SASL_MAX_BUF ){
4732 goto this_was_not_sasl;
4735 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
4736 goto this_was_not_sasl;
4739 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4740 return tvb_captured_length(tvb);
4743 /* check if it is a normal BER encoded LDAP packet
4744 * i.e. first byte is 0x30 followed by a length that is
4746 * (no ldap PDUs are ever >64kb? )
4748 if(tvb_get_guint8(tvb, 0)!=0x30){
4749 goto this_was_not_normal_ldap;
4752 /* check that length makes sense */
4753 get_ber_length(tvb, 1, &ldap_len, &ind);
4755 /* don't check ind since indefinite length is never used for ldap (famous last words)*/
4757 goto this_was_not_normal_ldap;
4761 * The minimun size of a LDAP pdu is 7 bytes
4763 * dumpasn1 -hh ldap-unbind-min.dat
4765 * <30 05 02 01 09 42 00>
4770 * 5 0: [APPLICATION 2]
4771 * : Error: Object has zero length.
4774 * dumpasn1 -hh ldap-unbind-windows.dat
4776 * <30 84 00 00 00 05 02 01 09 42 00>
4781 * 9 0: [APPLICATION 2]
4782 * : Error: Object has zero length.
4785 * 6 bytes would also be ok to get the full length of
4786 * the pdu, but as the smallest pdu can be 7 bytes
4789 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data);
4793 this_was_not_normal_ldap:
4795 /* Ok it might be a strange case of SASL still
4796 * It has been seen with Exchange setup to MS AD
4797 * when Exchange pretend that there is SASL but in fact data are still
4799 if ((sasl_len + 4) == (guint32)tvb_reported_length_remaining(tvb, 0))
4800 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4802 return tvb_captured_length(tvb);
4806 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4808 dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
4809 return tvb_captured_length(tvb);
4816 ldap_conv_info_t *ldap_info;
4818 /* Free up state attached to the ldap_info structures */
4819 for (ldap_info = ldap_info_items; ldap_info != NULL; ) {
4820 ldap_conv_info_t *next;
4822 g_hash_table_destroy(ldap_info->matched);
4823 g_hash_table_destroy(ldap_info->unmatched);
4825 next = ldap_info->next;
4830 ldap_info_items = NULL;
4833 /*--- proto_register_ldap -------------------------------------------*/
4834 void proto_register_ldap(void) {
4836 /* List of fields */
4838 static hf_register_info hf[] = {
4840 { &hf_ldap_sasl_buffer_length,
4841 { "SASL Buffer Length", "ldap.sasl_buffer_length",
4842 FT_UINT32, BASE_DEC, NULL, 0x0,
4844 { &hf_ldap_response_in,
4845 { "Response In", "ldap.response_in",
4846 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4847 "The response to this LDAP request is in this frame", HFILL }},
4848 { &hf_ldap_response_to,
4849 { "Response To", "ldap.response_to",
4850 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4851 "This is a response to the LDAP request in this frame", HFILL }},
4853 { "Time", "ldap.time",
4854 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
4855 "The time between the Call and the Reply", HFILL }},
4857 { &hf_mscldap_netlogon_opcode,
4858 { "Operation code", "mscldap.netlogon.opcode",
4859 FT_UINT16, BASE_DEC, VALS(netlogon_opcode_vals), 0x0,
4860 "LDAP ping operation code", HFILL }},
4862 { &hf_mscldap_netlogon_ipaddress_family,
4863 { "Family", "mscldap.netlogon.ipaddress.family",
4864 FT_UINT16, BASE_DEC, NULL, 0x0,
4867 { &hf_mscldap_netlogon_ipaddress_ipv4,
4868 { "IPv4", "mscldap.netlogon.ipaddress.ipv4",
4869 FT_IPv4, BASE_NONE, NULL, 0x0,
4870 "IP Address", HFILL }},
4872 { &hf_mscldap_netlogon_ipaddress_port,
4873 { "Port", "mscldap.netlogon.ipaddress.port",
4874 FT_UINT16, BASE_DEC, NULL, 0x0,
4877 { &hf_mscldap_netlogon_ipaddress,
4878 { "IP Address","mscldap.netlogon.ipaddress",
4879 FT_IPv4, BASE_NONE, NULL, 0x0,
4880 "Domain Controller IP Address", HFILL }},
4882 { &hf_mscldap_netlogon_lm_token,
4883 { "LM Token", "mscldap.netlogon.lm_token",
4884 FT_UINT16, BASE_HEX, NULL, 0x0,
4885 "MUST be set to 0xFFFF", HFILL }},
4887 { &hf_mscldap_netlogon_nt_token,
4888 { "NT Token", "mscldap.netlogon.nt_token",
4889 FT_UINT16, BASE_HEX, NULL, 0x0,
4890 "MUST be set to 0xFFFF", HFILL }},
4892 { &hf_mscldap_netlogon_flags,
4893 { "Flags", "mscldap.netlogon.flags",
4894 FT_UINT32, BASE_HEX, NULL, 0x0,
4895 "Netlogon flags describing the DC properties", HFILL }},
4897 { &hf_mscldap_ntver_flags,
4898 { "Version Flags", "mscldap.ntver.flags",
4899 FT_UINT32, BASE_HEX, NULL, 0x0,
4900 "NETLOGON_NT_VERSION Options Bits", HFILL }},
4902 { &hf_mscldap_domain_guid,
4903 { "Domain GUID", "mscldap.domain.guid",
4904 FT_GUID, BASE_NONE, NULL, 0x0,
4905 "Value of the NC's GUID attribute", HFILL }},
4907 { &hf_mscldap_forest,
4908 { "Forest", "mscldap.forest",
4909 FT_STRING, BASE_NONE, NULL, 0x0,
4910 "DNS name of the forest", HFILL }},
4912 { &hf_mscldap_domain,
4913 { "Domain", "mscldap.domain",
4914 FT_STRING, BASE_NONE, NULL, 0x0,
4915 "DNS name of the NC", HFILL }},
4917 { &hf_mscldap_hostname,
4918 { "Hostname", "mscldap.hostname",
4919 FT_STRING, BASE_NONE, NULL, 0x0,
4920 "DNS name of server", HFILL }},
4922 { &hf_mscldap_nb_domain,
4923 { "NetBIOS Domain", "mscldap.nb_domain",
4924 FT_STRING, BASE_NONE, NULL, 0x0,
4925 "NetBIOS name of the NC", HFILL }},
4927 { &hf_mscldap_nb_hostname,
4928 { "NetBIOS Hostname", "mscldap.nb_hostname",
4929 FT_STRING, BASE_NONE, NULL, 0x0,
4930 "NetBIOS name of the server", HFILL }},
4932 { &hf_mscldap_username,
4933 { "Username", "mscldap.username",
4934 FT_STRING, BASE_NONE, NULL, 0x0,
4935 "User specified in client's request", HFILL }},
4937 { &hf_mscldap_sitename,
4938 { "Server Site", "mscldap.sitename",
4939 FT_STRING, BASE_NONE, NULL, 0x0,
4940 "Site name of the server", HFILL }},
4942 { &hf_mscldap_clientsitename,
4943 { "Client Site", "mscldap.clientsitename",
4944 FT_STRING, BASE_NONE, NULL, 0x0,
4945 "Site name of the client", HFILL }},
4948 { "Sid", "ldap.sid",
4949 FT_STRING, BASE_NONE, NULL, 0x0,
4952 { &hf_mscldap_ntver_flags_v1,
4953 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32,
4954 TFS(&tfs_ntver_v1), 0x00000001, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4956 { &hf_mscldap_ntver_flags_v5,
4957 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32,
4958 TFS(&tfs_ntver_v5), 0x00000002, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4960 { &hf_mscldap_ntver_flags_v5ex,
4961 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32,
4962 TFS(&tfs_ntver_v5ex), 0x00000004, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4964 { &hf_mscldap_ntver_flags_v5ep,
4965 { "V5EP", "mscldap.ntver.searchflags.v5ep", FT_BOOLEAN, 32,
4966 TFS(&tfs_ntver_v5ep), 0x00000008, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4968 { &hf_mscldap_ntver_flags_vcs,
4969 { "VCS", "mscldap.ntver.searchflags.vcs", FT_BOOLEAN, 32,
4970 TFS(&tfs_ntver_vcs), 0x00000010, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4972 { &hf_mscldap_ntver_flags_vnt4,
4973 { "VNT4", "mscldap.ntver.searchflags.vnt4", FT_BOOLEAN, 32,
4974 TFS(&tfs_ntver_vnt4), 0x01000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4976 { &hf_mscldap_ntver_flags_vpdc,
4977 { "VPDC", "mscldap.ntver.searchflags.vpdc", FT_BOOLEAN, 32,
4978 TFS(&tfs_ntver_vpdc), 0x10000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4980 { &hf_mscldap_ntver_flags_vip,
4981 { "VIP", "mscldap.ntver.searchflags.vip", FT_BOOLEAN, 32,
4982 TFS(&tfs_ntver_vip), 0x20000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4984 { &hf_mscldap_ntver_flags_vl,
4985 { "VL", "mscldap.ntver.searchflags.vl", FT_BOOLEAN, 32,
4986 TFS(&tfs_ntver_vl), 0x40000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4988 { &hf_mscldap_ntver_flags_vgc,
4989 { "VGC", "mscldap.ntver.searchflags.vgc", FT_BOOLEAN, 32,
4990 TFS(&tfs_ntver_vgc), 0x80000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4993 { &hf_mscldap_netlogon_flags_pdc,
4994 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
4995 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
4997 { &hf_mscldap_netlogon_flags_gc,
4998 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
4999 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
5001 { &hf_mscldap_netlogon_flags_ldap,
5002 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
5003 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
5005 { &hf_mscldap_netlogon_flags_ds,
5006 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
5007 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
5009 { &hf_mscldap_netlogon_flags_kdc,
5010 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
5011 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
5013 { &hf_mscldap_netlogon_flags_timeserv,
5014 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
5015 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
5017 { &hf_mscldap_netlogon_flags_closest,
5018 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
5019 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }},
5021 { &hf_mscldap_netlogon_flags_writable,
5022 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
5023 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }},
5025 { &hf_mscldap_netlogon_flags_good_timeserv,
5026 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
5027 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
5029 { &hf_mscldap_netlogon_flags_ndnc,
5030 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
5031 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
5033 { &hf_mscldap_netlogon_flags_rodc,
5034 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32,
5035 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
5037 { &hf_mscldap_netlogon_flags_wdc,
5038 { "WDC", "mscldap.netlogon.flags.writabledc.", FT_BOOLEAN, 32,
5039 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
5041 { &hf_mscldap_netlogon_flags_dns,
5042 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32,
5043 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }},
5045 { &hf_mscldap_netlogon_flags_dnc,
5046 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32,
5047 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }},
5049 { &hf_mscldap_netlogon_flags_fnc,
5050 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32,
5051 TFS(&tfs_ads_fnc), 0x80000000, "Is the the NC the default forest root(Windows 2008)?", HFILL }},
5054 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
5055 NULL, 0, NULL, HFILL }},
5057 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
5058 { "Ads Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }},
5060 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
5061 { "Ads Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }},
5063 { &hf_ldap_AccessMask_ADS_LIST,
5064 { "Ads List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }},
5066 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
5067 { "Ads Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }},
5069 { &hf_ldap_AccessMask_ADS_READ_PROP,
5070 { "Ads Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }},
5072 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
5073 { "Ads Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }},
5075 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
5076 { "Ads Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }},
5078 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
5079 { "Ads List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }},
5081 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
5082 { "Ads Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&tfs_set_notset), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }},
5084 { &hf_ldap_LDAPMessage_PDU,
5085 { "LDAPMessage", "ldap.LDAPMessage_element", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
5087 { &hf_ldap_object_security_flag,
5088 { "Flag Object_Security", "ldap.object_security_flag", FT_BOOLEAN, 32, NULL, 0x00000001, NULL, HFILL }},
5090 { &hf_ldap_ancestor_first_flag,
5091 { "Flag Ancestor_First", "ldap.ancestor_first_flag", FT_BOOLEAN, 32, NULL, 0x00000800, NULL, HFILL }},
5093 { &hf_ldap_public_data_only_flag,
5094 { "Flag Public_Data_Only", "ldap.public_data_only_flag", FT_BOOLEAN, 32, NULL, 0x00002000, NULL, HFILL }},
5096 { &hf_ldap_incremental_value_flag,
5097 { "Flag Incremental_Value", "ldap.incremental_value_flag", FT_BOOLEAN, 32, NULL, 0x80000000, NULL, HFILL }},
5100 { "OID", "ldap.oid", FT_STRING, BASE_NONE,
5101 NULL, 0, NULL, HFILL }},
5103 { &hf_ldap_gssapi_encrypted_payload,
5104 { "GSS-API Encrypted payload", "ldap.gssapi_encrypted_payload", FT_BYTES, BASE_NONE,
5105 NULL, 0, NULL, HFILL }},
5108 /*--- Included file: packet-ldap-hfarr.c ---*/
5109 #line 1 "./asn1/ldap/packet-ldap-hfarr.c"
5110 { &hf_ldap_SearchControlValue_PDU,
5111 { "SearchControlValue", "ldap.SearchControlValue_element",
5112 FT_NONE, BASE_NONE, NULL, 0,
5114 { &hf_ldap_SortKeyList_PDU,
5115 { "SortKeyList", "ldap.SortKeyList",
5116 FT_UINT32, BASE_DEC, NULL, 0,
5118 { &hf_ldap_SortResult_PDU,
5119 { "SortResult", "ldap.SortResult_element",
5120 FT_NONE, BASE_NONE, NULL, 0,
5122 { &hf_ldap_DirSyncControlValue_PDU,
5123 { "DirSyncControlValue", "ldap.DirSyncControlValue_element",
5124 FT_NONE, BASE_NONE, NULL, 0,
5126 { &hf_ldap_PasswdModifyRequestValue_PDU,
5127 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue_element",
5128 FT_NONE, BASE_NONE, NULL, 0,
5130 { &hf_ldap_CancelRequestValue_PDU,
5131 { "CancelRequestValue", "ldap.CancelRequestValue_element",
5132 FT_NONE, BASE_NONE, NULL, 0,
5134 { &hf_ldap_SyncRequestValue_PDU,
5135 { "SyncRequestValue", "ldap.SyncRequestValue_element",
5136 FT_NONE, BASE_NONE, NULL, 0,
5138 { &hf_ldap_SyncStateValue_PDU,
5139 { "SyncStateValue", "ldap.SyncStateValue_element",
5140 FT_NONE, BASE_NONE, NULL, 0,
5142 { &hf_ldap_SyncDoneValue_PDU,
5143 { "SyncDoneValue", "ldap.SyncDoneValue_element",
5144 FT_NONE, BASE_NONE, NULL, 0,
5146 { &hf_ldap_SyncInfoValue_PDU,
5147 { "SyncInfoValue", "ldap.SyncInfoValue",
5148 FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0,
5150 { &hf_ldap_PasswordPolicyResponseValue_PDU,
5151 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue_element",
5152 FT_NONE, BASE_NONE, NULL, 0,
5154 { &hf_ldap_messageID,
5155 { "messageID", "ldap.messageID",
5156 FT_UINT32, BASE_DEC, NULL, 0,
5158 { &hf_ldap_protocolOp,
5159 { "protocolOp", "ldap.protocolOp",
5160 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
5162 { &hf_ldap_controls,
5163 { "controls", "ldap.controls",
5164 FT_UINT32, BASE_DEC, NULL, 0,
5166 { &hf_ldap_bindRequest,
5167 { "bindRequest", "ldap.bindRequest_element",
5168 FT_NONE, BASE_NONE, NULL, 0,
5170 { &hf_ldap_bindResponse,
5171 { "bindResponse", "ldap.bindResponse_element",
5172 FT_NONE, BASE_NONE, NULL, 0,
5174 { &hf_ldap_unbindRequest,
5175 { "unbindRequest", "ldap.unbindRequest_element",
5176 FT_NONE, BASE_NONE, NULL, 0,
5178 { &hf_ldap_searchRequest,
5179 { "searchRequest", "ldap.searchRequest_element",
5180 FT_NONE, BASE_NONE, NULL, 0,
5182 { &hf_ldap_searchResEntry,
5183 { "searchResEntry", "ldap.searchResEntry_element",
5184 FT_NONE, BASE_NONE, NULL, 0,
5185 "SearchResultEntry", HFILL }},
5186 { &hf_ldap_searchResDone,
5187 { "searchResDone", "ldap.searchResDone_element",
5188 FT_NONE, BASE_NONE, NULL, 0,
5189 "SearchResultDone", HFILL }},
5190 { &hf_ldap_searchResRef,
5191 { "searchResRef", "ldap.searchResRef",
5192 FT_UINT32, BASE_DEC, NULL, 0,
5193 "SearchResultReference", HFILL }},
5194 { &hf_ldap_modifyRequest,
5195 { "modifyRequest", "ldap.modifyRequest_element",
5196 FT_NONE, BASE_NONE, NULL, 0,
5198 { &hf_ldap_modifyResponse,
5199 { "modifyResponse", "ldap.modifyResponse_element",
5200 FT_NONE, BASE_NONE, NULL, 0,
5202 { &hf_ldap_addRequest,
5203 { "addRequest", "ldap.addRequest_element",
5204 FT_NONE, BASE_NONE, NULL, 0,
5206 { &hf_ldap_addResponse,
5207 { "addResponse", "ldap.addResponse_element",
5208 FT_NONE, BASE_NONE, NULL, 0,
5210 { &hf_ldap_delRequest,
5211 { "delRequest", "ldap.delRequest",
5212 FT_STRING, BASE_NONE, NULL, 0,
5214 { &hf_ldap_delResponse,
5215 { "delResponse", "ldap.delResponse_element",
5216 FT_NONE, BASE_NONE, NULL, 0,
5218 { &hf_ldap_modDNRequest,
5219 { "modDNRequest", "ldap.modDNRequest_element",
5220 FT_NONE, BASE_NONE, NULL, 0,
5221 "ModifyDNRequest", HFILL }},
5222 { &hf_ldap_modDNResponse,
5223 { "modDNResponse", "ldap.modDNResponse_element",
5224 FT_NONE, BASE_NONE, NULL, 0,
5225 "ModifyDNResponse", HFILL }},
5226 { &hf_ldap_compareRequest,
5227 { "compareRequest", "ldap.compareRequest_element",
5228 FT_NONE, BASE_NONE, NULL, 0,
5230 { &hf_ldap_compareResponse,
5231 { "compareResponse", "ldap.compareResponse_element",
5232 FT_NONE, BASE_NONE, NULL, 0,
5234 { &hf_ldap_abandonRequest,
5235 { "abandonRequest", "ldap.abandonRequest",
5236 FT_UINT32, BASE_DEC, NULL, 0,
5238 { &hf_ldap_extendedReq,
5239 { "extendedReq", "ldap.extendedReq_element",
5240 FT_NONE, BASE_NONE, NULL, 0,
5241 "ExtendedRequest", HFILL }},
5242 { &hf_ldap_extendedResp,
5243 { "extendedResp", "ldap.extendedResp_element",
5244 FT_NONE, BASE_NONE, NULL, 0,
5245 "ExtendedResponse", HFILL }},
5246 { &hf_ldap_intermediateResponse,
5247 { "intermediateResponse", "ldap.intermediateResponse_element",
5248 FT_NONE, BASE_NONE, NULL, 0,
5250 { &hf_ldap_AttributeDescriptionList_item,
5251 { "AttributeDescription", "ldap.AttributeDescription",
5252 FT_STRING, BASE_NONE, NULL, 0,
5254 { &hf_ldap_attributeDesc,
5255 { "attributeDesc", "ldap.attributeDesc",
5256 FT_STRING, BASE_NONE, NULL, 0,
5257 "AttributeDescription", HFILL }},
5258 { &hf_ldap_assertionValue,
5259 { "assertionValue", "ldap.assertionValue",
5260 FT_STRING, BASE_NONE, NULL, 0,
5263 { "type", "ldap.type",
5264 FT_STRING, BASE_NONE, NULL, 0,
5265 "AttributeDescription", HFILL }},
5267 { "vals", "ldap.vals",
5268 FT_UINT32, BASE_DEC, NULL, 0,
5269 "SET_OF_AttributeValue", HFILL }},
5270 { &hf_ldap_vals_item,
5271 { "AttributeValue", "ldap.AttributeValue",
5272 FT_BYTES, BASE_NONE, NULL, 0,
5274 { &hf_ldap_resultCode,
5275 { "resultCode", "ldap.resultCode",
5276 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
5278 { &hf_ldap_matchedDN,
5279 { "matchedDN", "ldap.matchedDN",
5280 FT_STRING, BASE_NONE, NULL, 0,
5282 { &hf_ldap_errorMessage,
5283 { "errorMessage", "ldap.errorMessage",
5284 FT_STRING, BASE_NONE, NULL, 0,
5286 { &hf_ldap_referral,
5287 { "referral", "ldap.referral",
5288 FT_UINT32, BASE_DEC, NULL, 0,
5290 { &hf_ldap_Referral_item,
5291 { "LDAPURL", "ldap.LDAPURL",
5292 FT_STRING, BASE_NONE, NULL, 0,
5294 { &hf_ldap_Controls_item,
5295 { "Control", "ldap.Control_element",
5296 FT_NONE, BASE_NONE, NULL, 0,
5298 { &hf_ldap_controlType,
5299 { "controlType", "ldap.controlType",
5300 FT_STRING, BASE_NONE, NULL, 0,
5302 { &hf_ldap_criticality,
5303 { "criticality", "ldap.criticality",
5304 FT_BOOLEAN, BASE_NONE, NULL, 0,
5305 "BOOLEAN", HFILL }},
5306 { &hf_ldap_controlValue,
5307 { "controlValue", "ldap.controlValue",
5308 FT_BYTES, BASE_NONE, NULL, 0,
5311 { "version", "ldap.version",
5312 FT_UINT32, BASE_DEC, NULL, 0,
5313 "INTEGER_1_127", HFILL }},
5315 { "name", "ldap.name",
5316 FT_STRING, BASE_NONE, NULL, 0,
5318 { &hf_ldap_authentication,
5319 { "authentication", "ldap.authentication",
5320 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
5321 "AuthenticationChoice", HFILL }},
5323 { "simple", "ldap.simple",
5324 FT_STRING, BASE_NONE, NULL, 0,
5327 { "sasl", "ldap.sasl_element",
5328 FT_NONE, BASE_NONE, NULL, 0,
5329 "SaslCredentials", HFILL }},
5330 { &hf_ldap_ntlmsspNegotiate,
5331 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
5332 FT_BYTES, BASE_NONE, NULL, 0,
5334 { &hf_ldap_ntlmsspAuth,
5335 { "ntlmsspAuth", "ldap.ntlmsspAuth",
5336 FT_BYTES, BASE_NONE, NULL, 0,
5338 { &hf_ldap_mechanism,
5339 { "mechanism", "ldap.mechanism",
5340 FT_STRING, BASE_NONE, NULL, 0,
5342 { &hf_ldap_credentials,
5343 { "credentials", "ldap.credentials",
5344 FT_BYTES, BASE_NONE, NULL, 0,
5346 { &hf_ldap_bindResponse_resultCode,
5347 { "resultCode", "ldap.resultCode",
5348 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
5349 "BindResponse_resultCode", HFILL }},
5350 { &hf_ldap_bindResponse_matchedDN,
5351 { "matchedDN", "ldap.matchedDN",
5352 FT_STRING, BASE_NONE, NULL, 0,
5353 "T_bindResponse_matchedDN", HFILL }},
5354 { &hf_ldap_serverSaslCreds,
5355 { "serverSaslCreds", "ldap.serverSaslCreds",
5356 FT_BYTES, BASE_NONE, NULL, 0,
5358 { &hf_ldap_baseObject,
5359 { "baseObject", "ldap.baseObject",
5360 FT_STRING, BASE_NONE, NULL, 0,
5363 { "scope", "ldap.scope",
5364 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
5366 { &hf_ldap_derefAliases,
5367 { "derefAliases", "ldap.derefAliases",
5368 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
5370 { &hf_ldap_sizeLimit,
5371 { "sizeLimit", "ldap.sizeLimit",
5372 FT_UINT32, BASE_DEC, NULL, 0,
5373 "INTEGER_0_maxInt", HFILL }},
5374 { &hf_ldap_timeLimit,
5375 { "timeLimit", "ldap.timeLimit",
5376 FT_UINT32, BASE_DEC, NULL, 0,
5377 "INTEGER_0_maxInt", HFILL }},
5378 { &hf_ldap_typesOnly,
5379 { "typesOnly", "ldap.typesOnly",
5380 FT_BOOLEAN, BASE_NONE, NULL, 0,
5381 "BOOLEAN", HFILL }},
5383 { "filter", "ldap.filter",
5384 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5386 { &hf_ldap_searchRequest_attributes,
5387 { "attributes", "ldap.attributes",
5388 FT_UINT32, BASE_DEC, NULL, 0,
5389 "AttributeDescriptionList", HFILL }},
5391 { "and", "ldap.and",
5392 FT_UINT32, BASE_DEC, NULL, 0,
5394 { &hf_ldap_and_item,
5395 { "and item", "ldap.and_item",
5396 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5400 FT_UINT32, BASE_DEC, NULL, 0,
5403 { "or item", "ldap.or_item",
5404 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5407 { "not", "ldap.not",
5408 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5410 { &hf_ldap_equalityMatch,
5411 { "equalityMatch", "ldap.equalityMatch_element",
5412 FT_NONE, BASE_NONE, NULL, 0,
5414 { &hf_ldap_substrings,
5415 { "substrings", "ldap.substrings_element",
5416 FT_NONE, BASE_NONE, NULL, 0,
5417 "SubstringFilter", HFILL }},
5418 { &hf_ldap_greaterOrEqual,
5419 { "greaterOrEqual", "ldap.greaterOrEqual_element",
5420 FT_NONE, BASE_NONE, NULL, 0,
5422 { &hf_ldap_lessOrEqual,
5423 { "lessOrEqual", "ldap.lessOrEqual_element",
5424 FT_NONE, BASE_NONE, NULL, 0,
5427 { "present", "ldap.present",
5428 FT_STRING, BASE_NONE, NULL, 0,
5430 { &hf_ldap_approxMatch,
5431 { "approxMatch", "ldap.approxMatch_element",
5432 FT_NONE, BASE_NONE, NULL, 0,
5434 { &hf_ldap_extensibleMatch,
5435 { "extensibleMatch", "ldap.extensibleMatch_element",
5436 FT_NONE, BASE_NONE, NULL, 0,
5438 { &hf_ldap_substringFilter_substrings,
5439 { "substrings", "ldap.substrings",
5440 FT_UINT32, BASE_DEC, NULL, 0,
5441 "T_substringFilter_substrings", HFILL }},
5442 { &hf_ldap_substringFilter_substrings_item,
5443 { "substrings item", "ldap.substrings_item",
5444 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
5445 "T_substringFilter_substrings_item", HFILL }},
5447 { "initial", "ldap.initial",
5448 FT_STRING, BASE_NONE, NULL, 0,
5449 "LDAPString", HFILL }},
5451 { "any", "ldap.any",
5452 FT_STRING, BASE_NONE, NULL, 0,
5453 "LDAPString", HFILL }},
5455 { "final", "ldap.final",
5456 FT_STRING, BASE_NONE, NULL, 0,
5457 "LDAPString", HFILL }},
5458 { &hf_ldap_matchingRule,
5459 { "matchingRule", "ldap.matchingRule",
5460 FT_STRING, BASE_NONE, NULL, 0,
5461 "MatchingRuleId", HFILL }},
5462 { &hf_ldap_matchValue,
5463 { "matchValue", "ldap.matchValue",
5464 FT_STRING, BASE_NONE, NULL, 0,
5465 "AssertionValue", HFILL }},
5466 { &hf_ldap_dnAttributes,
5467 { "dnAttributes", "ldap.dnAttributes",
5468 FT_BOOLEAN, BASE_NONE, NULL, 0,
5470 { &hf_ldap_objectName,
5471 { "objectName", "ldap.objectName",
5472 FT_STRING, BASE_NONE, NULL, 0,
5474 { &hf_ldap_searchResultEntry_attributes,
5475 { "attributes", "ldap.attributes",
5476 FT_UINT32, BASE_DEC, NULL, 0,
5477 "PartialAttributeList", HFILL }},
5478 { &hf_ldap_PartialAttributeList_item,
5479 { "PartialAttributeList item", "ldap.PartialAttributeList_item_element",
5480 FT_NONE, BASE_NONE, NULL, 0,
5482 { &hf_ldap__untag_item,
5483 { "LDAPURL", "ldap.LDAPURL",
5484 FT_STRING, BASE_NONE, NULL, 0,
5487 { "object", "ldap.object",
5488 FT_STRING, BASE_NONE, NULL, 0,
5490 { &hf_ldap_modifyRequest_modification,
5491 { "modification", "ldap.modification",
5492 FT_UINT32, BASE_DEC, NULL, 0,
5493 "ModifyRequest_modification", HFILL }},
5494 { &hf_ldap_modifyRequest_modification_item,
5495 { "modification item", "ldap.modification_item_element",
5496 FT_NONE, BASE_NONE, NULL, 0,
5497 "T_modifyRequest_modification_item", HFILL }},
5498 { &hf_ldap_operation,
5499 { "operation", "ldap.operation",
5500 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
5502 { &hf_ldap_modification,
5503 { "modification", "ldap.modification_element",
5504 FT_NONE, BASE_NONE, NULL, 0,
5505 "AttributeTypeAndValues", HFILL }},
5507 { "entry", "ldap.entry",
5508 FT_STRING, BASE_NONE, NULL, 0,
5510 { &hf_ldap_attributes,
5511 { "attributes", "ldap.attributes",
5512 FT_UINT32, BASE_DEC, NULL, 0,
5513 "AttributeList", HFILL }},
5514 { &hf_ldap_AttributeList_item,
5515 { "AttributeList item", "ldap.AttributeList_item_element",
5516 FT_NONE, BASE_NONE, NULL, 0,
5519 { "newrdn", "ldap.newrdn",
5520 FT_STRING, BASE_NONE, NULL, 0,
5521 "RelativeLDAPDN", HFILL }},
5522 { &hf_ldap_deleteoldrdn,
5523 { "deleteoldrdn", "ldap.deleteoldrdn",
5524 FT_BOOLEAN, BASE_NONE, NULL, 0,
5525 "BOOLEAN", HFILL }},
5526 { &hf_ldap_newSuperior,
5527 { "newSuperior", "ldap.newSuperior",
5528 FT_STRING, BASE_NONE, NULL, 0,
5531 { "ava", "ldap.ava_element",
5532 FT_NONE, BASE_NONE, NULL, 0,
5533 "AttributeValueAssertion", HFILL }},
5534 { &hf_ldap_requestName,
5535 { "requestName", "ldap.requestName",
5536 FT_STRING, BASE_NONE, NULL, 0,
5537 "LDAPOID", HFILL }},
5538 { &hf_ldap_requestValue,
5539 { "requestValue", "ldap.requestValue",
5540 FT_BYTES, BASE_NONE, NULL, 0,
5542 { &hf_ldap_extendedResponse_resultCode,
5543 { "resultCode", "ldap.resultCode",
5544 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
5545 "ExtendedResponse_resultCode", HFILL }},
5546 { &hf_ldap_responseName,
5547 { "responseName", "ldap.responseName",
5548 FT_STRING, BASE_NONE, NULL, 0,
5550 { &hf_ldap_response,
5551 { "response", "ldap.response",
5552 FT_BYTES, BASE_NONE, NULL, 0,
5553 "OCTET_STRING", HFILL }},
5554 { &hf_ldap_intermediateResponse_responseValue,
5555 { "responseValue", "ldap.responseValue",
5556 FT_BYTES, BASE_NONE, NULL, 0,
5557 "T_intermediateResponse_responseValue", HFILL }},
5559 { "size", "ldap.size",
5560 FT_INT32, BASE_DEC, NULL, 0,
5561 "INTEGER", HFILL }},
5563 { "cookie", "ldap.cookie",
5564 FT_BYTES, BASE_NONE, NULL, 0,
5565 "OCTET_STRING", HFILL }},
5566 { &hf_ldap_SortKeyList_item,
5567 { "SortKeyList item", "ldap.SortKeyList_item_element",
5568 FT_NONE, BASE_NONE, NULL, 0,
5570 { &hf_ldap_attributeType,
5571 { "attributeType", "ldap.attributeType",
5572 FT_STRING, BASE_NONE, NULL, 0,
5573 "AttributeDescription", HFILL }},
5574 { &hf_ldap_orderingRule,
5575 { "orderingRule", "ldap.orderingRule",
5576 FT_STRING, BASE_NONE, NULL, 0,
5577 "MatchingRuleId", HFILL }},
5578 { &hf_ldap_reverseOrder,
5579 { "reverseOrder", "ldap.reverseOrder",
5580 FT_BOOLEAN, BASE_NONE, NULL, 0,
5581 "BOOLEAN", HFILL }},
5582 { &hf_ldap_sortResult,
5583 { "sortResult", "ldap.sortResult",
5584 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
5587 { "flags", "ldap.flags",
5588 FT_UINT32, BASE_HEX, NULL, 0,
5589 "DirSyncFlags", HFILL }},
5590 { &hf_ldap_maxBytes,
5591 { "maxBytes", "ldap.maxBytes",
5592 FT_INT32, BASE_DEC, NULL, 0,
5593 "INTEGER", HFILL }},
5594 { &hf_ldap_userIdentity,
5595 { "userIdentity", "ldap.userIdentity",
5596 FT_BYTES, BASE_NONE, NULL, 0,
5597 "OCTET_STRING", HFILL }},
5598 { &hf_ldap_oldPasswd,
5599 { "oldPasswd", "ldap.oldPasswd",
5600 FT_BYTES, BASE_NONE, NULL, 0,
5601 "OCTET_STRING", HFILL }},
5602 { &hf_ldap_newPasswd,
5603 { "newPasswd", "ldap.newPasswd",
5604 FT_BYTES, BASE_NONE, NULL, 0,
5605 "OCTET_STRING", HFILL }},
5606 { &hf_ldap_cancelID,
5607 { "cancelID", "ldap.cancelID",
5608 FT_UINT32, BASE_DEC, NULL, 0,
5609 "MessageID", HFILL }},
5611 { "mode", "ldap.mode",
5612 FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0,
5614 { &hf_ldap_reloadHint,
5615 { "reloadHint", "ldap.reloadHint",
5616 FT_BOOLEAN, BASE_NONE, NULL, 0,
5617 "BOOLEAN", HFILL }},
5619 { "state", "ldap.state",
5620 FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0,
5622 { &hf_ldap_entryUUID,
5623 { "entryUUID", "ldap.entryUUID",
5624 FT_BYTES, BASE_NONE, NULL, 0,
5625 "SyncUUID", HFILL }},
5626 { &hf_ldap_refreshDeletes,
5627 { "refreshDeletes", "ldap.refreshDeletes",
5628 FT_BOOLEAN, BASE_NONE, NULL, 0,
5629 "BOOLEAN", HFILL }},
5630 { &hf_ldap_newcookie,
5631 { "newcookie", "ldap.newcookie",
5632 FT_BYTES, BASE_NONE, NULL, 0,
5633 "OCTET_STRING", HFILL }},
5634 { &hf_ldap_refreshDelete,
5635 { "refreshDelete", "ldap.refreshDelete_element",
5636 FT_NONE, BASE_NONE, NULL, 0,
5638 { &hf_ldap_refreshDone,
5639 { "refreshDone", "ldap.refreshDone",
5640 FT_BOOLEAN, BASE_NONE, NULL, 0,
5641 "BOOLEAN", HFILL }},
5642 { &hf_ldap_refreshPresent,
5643 { "refreshPresent", "ldap.refreshPresent_element",
5644 FT_NONE, BASE_NONE, NULL, 0,
5646 { &hf_ldap_syncIdSet,
5647 { "syncIdSet", "ldap.syncIdSet_element",
5648 FT_NONE, BASE_NONE, NULL, 0,
5650 { &hf_ldap_syncUUIDs,
5651 { "syncUUIDs", "ldap.syncUUIDs",
5652 FT_UINT32, BASE_DEC, NULL, 0,
5653 "SET_OF_SyncUUID", HFILL }},
5654 { &hf_ldap_syncUUIDs_item,
5655 { "SyncUUID", "ldap.SyncUUID",
5656 FT_BYTES, BASE_NONE, NULL, 0,
5659 { "warning", "ldap.warning",
5660 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0,
5662 { &hf_ldap_timeBeforeExpiration,
5663 { "timeBeforeExpiration", "ldap.timeBeforeExpiration",
5664 FT_UINT32, BASE_DEC, NULL, 0,
5665 "INTEGER_0_maxInt", HFILL }},
5666 { &hf_ldap_graceAuthNsRemaining,
5667 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining",
5668 FT_UINT32, BASE_DEC, NULL, 0,
5669 "INTEGER_0_maxInt", HFILL }},
5671 { "error", "ldap.error",
5672 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0,
5675 /*--- End of included file: packet-ldap-hfarr.c ---*/
5676 #line 2189 "./asn1/ldap/packet-ldap-template.c"
5679 /* List of subtrees */
5680 static gint *ett[] = {
5683 &ett_ldap_sasl_blob,
5685 &ett_mscldap_netlogon_flags,
5686 &ett_mscldap_ntver_flags,
5687 &ett_mscldap_ipdetails,
5688 &ett_ldap_DirSyncFlagsSubEntry,
5691 /*--- Included file: packet-ldap-ettarr.c ---*/
5692 #line 1 "./asn1/ldap/packet-ldap-ettarr.c"
5693 &ett_ldap_LDAPMessage,
5694 &ett_ldap_ProtocolOp,
5695 &ett_ldap_AttributeDescriptionList,
5696 &ett_ldap_AttributeValueAssertion,
5697 &ett_ldap_Attribute,
5698 &ett_ldap_SET_OF_AttributeValue,
5699 &ett_ldap_LDAPResult,
5703 &ett_ldap_BindRequest_U,
5704 &ett_ldap_AuthenticationChoice,
5705 &ett_ldap_SaslCredentials,
5706 &ett_ldap_BindResponse_U,
5707 &ett_ldap_SearchRequest_U,
5711 &ett_ldap_SubstringFilter,
5712 &ett_ldap_T_substringFilter_substrings,
5713 &ett_ldap_T_substringFilter_substrings_item,
5714 &ett_ldap_MatchingRuleAssertion,
5715 &ett_ldap_SearchResultEntry_U,
5716 &ett_ldap_PartialAttributeList,
5717 &ett_ldap_PartialAttributeList_item,
5718 &ett_ldap_SEQUENCE_OF_LDAPURL,
5719 &ett_ldap_ModifyRequest_U,
5720 &ett_ldap_ModifyRequest_modification,
5721 &ett_ldap_T_modifyRequest_modification_item,
5722 &ett_ldap_AttributeTypeAndValues,
5723 &ett_ldap_AddRequest_U,
5724 &ett_ldap_AttributeList,
5725 &ett_ldap_AttributeList_item,
5726 &ett_ldap_ModifyDNRequest_U,
5727 &ett_ldap_CompareRequest_U,
5728 &ett_ldap_ExtendedRequest_U,
5729 &ett_ldap_ExtendedResponse_U,
5730 &ett_ldap_IntermediateResponse_U,
5731 &ett_ldap_SearchControlValue,
5732 &ett_ldap_SortKeyList,
5733 &ett_ldap_SortKeyList_item,
5734 &ett_ldap_SortResult,
5735 &ett_ldap_DirSyncControlValue,
5736 &ett_ldap_PasswdModifyRequestValue,
5737 &ett_ldap_CancelRequestValue,
5738 &ett_ldap_SyncRequestValue,
5739 &ett_ldap_SyncStateValue,
5740 &ett_ldap_SyncDoneValue,
5741 &ett_ldap_SyncInfoValue,
5742 &ett_ldap_T_refreshDelete,
5743 &ett_ldap_T_refreshPresent,
5744 &ett_ldap_T_syncIdSet,
5745 &ett_ldap_SET_OF_SyncUUID,
5746 &ett_ldap_PasswordPolicyResponseValue,
5747 &ett_ldap_T_warning,
5749 /*--- End of included file: packet-ldap-ettarr.c ---*/
5750 #line 2203 "./asn1/ldap/packet-ldap-template.c"
5752 /* UAT for header fields */
5753 static uat_field_t custom_attribute_types_uat_fields[] = {
5754 UAT_FLD_CSTRING(attribute_types, attribute_type, "Attribute type", "Attribute type"),
5755 UAT_FLD_CSTRING(attribute_types, attribute_desc, "Description", "Description of the value matching type"),
5759 static ei_register_info ei[] = {
5760 { &ei_ldap_exceeded_filter_length, { "ldap.exceeded_filter_length", PI_UNDECODED, PI_ERROR, "Filter length exceeds number. Giving up", EXPFILL }},
5761 { &ei_ldap_too_many_filter_elements, { "ldap.too_many_filter_elements", PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", EXPFILL }},
5764 expert_module_t* expert_ldap;
5765 module_t *ldap_module;
5766 uat_t *attributes_uat;
5768 /* Register protocol */
5769 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
5770 /* Register fields and subtrees */
5771 proto_register_field_array(proto_ldap, hf, array_length(hf));
5772 proto_register_subtree_array(ett, array_length(ett));
5773 expert_ldap = expert_register_protocol(proto_ldap);
5774 expert_register_field_array(expert_ldap, ei, array_length(ei));
5776 register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
5778 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
5779 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
5780 "Reassemble LDAP messages spanning multiple TCP segments",
5781 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
5782 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5785 prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
5786 "Set the port for LDAP operations",
5787 10, &global_ldap_tcp_port);
5789 prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port",
5790 "Set the port for LDAP operations over SSL",
5791 10, &global_ldaps_tcp_port);
5793 attributes_uat = uat_new("Custom LDAP AttributeValue types",
5794 sizeof(attribute_type_t),
5795 "custom_ldap_attribute_types",
5798 &num_attribute_types,
5799 /* specifies named fields, so affects dissection
5800 and the set of named fields */
5801 UAT_AFFECTS_DISSECTION|UAT_AFFECTS_FIELDS,
5803 attribute_types_copy_cb,
5804 attribute_types_update_cb,
5805 attribute_types_free_cb,
5806 attribute_types_initialize_cb,
5807 custom_attribute_types_uat_fields);
5809 prefs_register_uat_preference(ldap_module, "custom_ldap_attribute_types",
5810 "Custom AttributeValue types",
5811 "A table to define custom LDAP attribute type values for which fields can be setup and used for filtering/data extraction etc.",
5814 prefs_register_obsolete_preference(ldap_module, "max_pdu");
5816 proto_cldap = proto_register_protocol(
5817 "Connectionless Lightweight Directory Access Protocol",
5820 register_cleanup_routine(ldap_cleanup);
5821 ldap_tap=register_tap("ldap");
5823 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", proto_cldap, FT_STRING, BASE_NONE, DISSECTOR_TABLE_ALLOW_DUPLICATE);
5825 register_srt_table(proto_ldap, NULL, 1, ldapstat_packet, ldapstat_init, NULL);
5829 /*--- proto_reg_handoff_ldap ---------------------------------------*/
5831 proto_reg_handoff_ldap(void)
5833 dissector_handle_t cldap_handle;
5834 ldap_handle = find_dissector("ldap");
5836 dissector_add_uint("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
5838 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
5839 dissector_add_uint("udp.port", UDP_PORT_CLDAP, cldap_handle);
5841 gssapi_handle = find_dissector_add_dependency("gssapi", proto_ldap);
5842 gssapi_wrap_handle = find_dissector_add_dependency("gssapi_verf", proto_ldap);
5843 spnego_handle = find_dissector_add_dependency("spnego", proto_ldap);
5845 ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_ldap);
5847 ssl_handle = find_dissector_add_dependency("ssl", proto_ldap);
5849 prefs_register_ldap();
5851 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
5852 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
5853 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
5854 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
5855 oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
5856 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
5857 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
5858 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
5859 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
5860 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
5861 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
5862 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
5863 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
5864 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
5865 oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
5866 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
5867 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
5868 oid_add_from_string("None","1.2.840.113556.1.4.970");
5869 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
5870 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
5871 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
5872 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
5873 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
5874 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
5875 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
5876 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
5877 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
5878 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
5879 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
5880 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
5881 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
5882 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
5883 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
5884 oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
5885 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
5886 oid_add_from_string("LDAP_CONTROL_VLVREQUEST VLV","2.16.840.1.113730.3.4.9");
5887 oid_add_from_string("LDAP_CONTROL_VLVRESPONSE VLV","2.16.840.1.113730.3.4.10");
5888 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852");
5889 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802");
5890 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907");
5891 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948");
5894 oid_add_from_string("inetOrgPerson","2.16.840.1.113730.3.2.2");
5896 dissector_add_string("ldap.name", "netlogon", create_dissector_handle(dissect_NetLogon_PDU, proto_cldap));
5897 dissector_add_string("ldap.name", "objectGUID", create_dissector_handle(dissect_ldap_guid, proto_ldap));
5898 dissector_add_string("ldap.name", "supportedControl", create_dissector_handle(dissect_ldap_oid, proto_ldap));
5899 dissector_add_string("ldap.name", "supportedCapabilities", create_dissector_handle(dissect_ldap_oid, proto_ldap));
5900 dissector_add_string("ldap.name", "objectSid", create_dissector_handle(dissect_ldap_sid, proto_ldap));
5901 dissector_add_string("ldap.name", "nTSecurityDescriptor", create_dissector_handle(dissect_ldap_nt_sec_desc, proto_ldap));
5904 /*--- Included file: packet-ldap-dis-tab.c ---*/
5905 #line 1 "./asn1/ldap/packet-ldap-dis-tab.c"
5906 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
5907 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
5908 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
5909 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "dirsync");
5910 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
5911 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
5912 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
5913 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
5914 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
5915 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
5916 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
5919 /*--- End of included file: packet-ldap-dis-tab.c ---*/
5920 #line 2356 "./asn1/ldap/packet-ldap-template.c"
5926 prefs_register_ldap(void)
5929 if(tcp_port != global_ldap_tcp_port) {
5931 dissector_delete_uint("tcp.port", tcp_port, ldap_handle);
5933 /* Set our port number for future use */
5934 tcp_port = global_ldap_tcp_port;
5937 dissector_add_uint("tcp.port", tcp_port, ldap_handle);
5941 if(ssl_port != global_ldaps_tcp_port) {
5943 ssl_dissector_delete(ssl_port, ldap_handle);
5945 /* Set our port number for future use */
5946 ssl_port = global_ldaps_tcp_port;
5949 ssl_dissector_add(ssl_port, ldap_handle);
5955 * Editor modelines - http://www.wireshark.org/tools/modelines.html
5960 * indent-tabs-mode: nil
5963 * vi: set shiftwidth=2 tabstop=8 expandtab:
5964 * :indentSize=2:tabSize=8:noTabs=true: