1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
4 /* ../../tools/asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../../epan/dissectors Lightweight-Directory-Access-Protocol-V3.asn */
6 /* Input file: packet-ldap-template.c */
8 #line 1 "../../asn1/ldap/packet-ldap-template.c"
10 * Routines for ldap packet dissection
12 * See RFC 1777 (LDAP v2), RFC 4511 (LDAP v3), and RFC 2222 (SASL).
16 * Wireshark - Network traffic analyzer
17 * By Gerald Combs <gerald@wireshark.org>
18 * Copyright 1998 Gerald Combs
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version 2
23 * of the License, or (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
36 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
37 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
38 * It's also missing extensible search filters.
40 * There should probably be a lot more error checking, I simply assume that if we have a full packet, it will be a complete
43 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
44 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
48 * nazard@dragoninc.on.ca
52 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
53 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
57 * ronald.henderson@cognicaseusa.com
61 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
62 * using information from the SNIA 2003 conference paper :
63 * Active Directory Domain Controller Location Service
69 * 17-DEC-2004 - added basic decoding for LDAP Controls
70 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
72 * Stefan Metzmacher <metze@samba.org>
74 * 15-NOV-2005 - Changed to use the asn2wrs compiler
75 * Anders Broman <anders.broman@ericsson.com>
79 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
80 * Updated cldap_netlogon_flags to include Windows 2008 flags
81 * Expanded the ntver ldap option with bit field
83 * Gary Reynolds <gazzadownunder@yahoo.co.uk>
87 * 09-DEC-2009 - Added support for RFC4533
88 * Content Synchronization Operation (aka syncrepl)
89 * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511)
90 * Mathieu Parent <math.parent@gmail.com>
100 #include <epan/packet.h>
101 #include <epan/exceptions.h>
102 #include <epan/conversation.h>
103 #include <epan/prefs.h>
104 #include <epan/tap.h>
105 #include <epan/wmem/wmem.h>
106 #include <epan/oids.h>
107 #include <epan/strutil.h>
108 #include <epan/show_exception.h>
109 #include <epan/dissectors/packet-frame.h>
110 #include <epan/dissectors/packet-tcp.h>
111 #include <epan/dissectors/packet-windows-common.h>
112 #include <epan/dissectors/packet-dcerpc.h>
113 #include <epan/asn1.h>
114 #include <epan/expert.h>
115 #include <epan/uat.h>
117 #include "packet-ldap.h"
118 #include "packet-ntlmssp.h"
119 #include "packet-ssl.h"
120 #include "packet-smb-common.h"
122 #include "packet-ber.h"
123 #include "packet-per.h"
124 #include "packet-dns.h"
126 #define PNAME "Lightweight Directory Access Protocol"
127 #define PSNAME "LDAP"
128 #define PFNAME "ldap"
130 void proto_register_ldap(void);
131 void proto_reg_handoff_ldap(void);
133 /* Initialize the protocol and registered fields */
134 static int ldap_tap = -1;
135 static int proto_ldap = -1;
136 static int proto_cldap = -1;
138 static int hf_ldap_sasl_buffer_length = -1;
139 static int hf_ldap_response_in = -1;
140 static int hf_ldap_response_to = -1;
141 static int hf_ldap_time = -1;
142 static int hf_ldap_guid = -1;
144 static int hf_mscldap_ntver_flags = -1;
145 static int hf_mscldap_ntver_flags_v1 = -1;
146 static int hf_mscldap_ntver_flags_v5 = -1;
147 static int hf_mscldap_ntver_flags_v5ex = -1;
148 static int hf_mscldap_ntver_flags_v5ep = -1;
149 static int hf_mscldap_ntver_flags_vcs = -1;
150 static int hf_mscldap_ntver_flags_vnt4 = -1;
151 static int hf_mscldap_ntver_flags_vpdc = -1;
152 static int hf_mscldap_ntver_flags_vip = -1;
153 static int hf_mscldap_ntver_flags_vl = -1;
154 static int hf_mscldap_ntver_flags_vgc = -1;
156 static int hf_mscldap_netlogon_ipaddress_family = -1;
157 static int hf_mscldap_netlogon_ipaddress_port = -1;
158 static int hf_mscldap_netlogon_ipaddress = -1;
159 static int hf_mscldap_netlogon_ipaddress_ipv4 = -1;
160 static int hf_mscldap_netlogon_opcode = -1;
161 static int hf_mscldap_netlogon_flags = -1;
162 static int hf_mscldap_netlogon_flags_pdc = -1;
163 static int hf_mscldap_netlogon_flags_gc = -1;
164 static int hf_mscldap_netlogon_flags_ldap = -1;
165 static int hf_mscldap_netlogon_flags_ds = -1;
166 static int hf_mscldap_netlogon_flags_kdc = -1;
167 static int hf_mscldap_netlogon_flags_timeserv = -1;
168 static int hf_mscldap_netlogon_flags_closest = -1;
169 static int hf_mscldap_netlogon_flags_writable = -1;
170 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
171 static int hf_mscldap_netlogon_flags_ndnc = -1;
172 static int hf_mscldap_netlogon_flags_fnc = -1;
173 static int hf_mscldap_netlogon_flags_dnc = -1;
174 static int hf_mscldap_netlogon_flags_dns = -1;
175 static int hf_mscldap_netlogon_flags_wdc = -1;
176 static int hf_mscldap_netlogon_flags_rodc = -1;
177 static int hf_mscldap_domain_guid = -1;
178 static int hf_mscldap_forest = -1;
179 static int hf_mscldap_domain = -1;
180 static int hf_mscldap_hostname = -1;
181 static int hf_mscldap_nb_domain = -1;
182 static int hf_mscldap_nb_hostname = -1;
183 static int hf_mscldap_username = -1;
184 static int hf_mscldap_sitename = -1;
185 static int hf_mscldap_clientsitename = -1;
186 static int hf_mscldap_netlogon_lm_token = -1;
187 static int hf_mscldap_netlogon_nt_token = -1;
188 static int hf_ldap_sid = -1;
189 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
190 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
191 static int hf_ldap_AccessMask_ADS_LIST = -1;
192 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
193 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
194 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
195 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
196 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
197 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
198 static int hf_ldap_LDAPMessage_PDU = -1;
201 /*--- Included file: packet-ldap-hf.c ---*/
202 #line 1 "../../asn1/ldap/packet-ldap-hf.c"
203 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
204 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
205 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
206 static int hf_ldap_DirSyncControlValue_PDU = -1; /* DirSyncControlValue */
207 static int hf_ldap_PasswdModifyRequestValue_PDU = -1; /* PasswdModifyRequestValue */
208 static int hf_ldap_CancelRequestValue_PDU = -1; /* CancelRequestValue */
209 static int hf_ldap_SyncRequestValue_PDU = -1; /* SyncRequestValue */
210 static int hf_ldap_SyncStateValue_PDU = -1; /* SyncStateValue */
211 static int hf_ldap_SyncDoneValue_PDU = -1; /* SyncDoneValue */
212 static int hf_ldap_SyncInfoValue_PDU = -1; /* SyncInfoValue */
213 static int hf_ldap_PasswordPolicyResponseValue_PDU = -1; /* PasswordPolicyResponseValue */
214 static int hf_ldap_messageID = -1; /* MessageID */
215 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
216 static int hf_ldap_controls = -1; /* Controls */
217 static int hf_ldap_bindRequest = -1; /* BindRequest */
218 static int hf_ldap_bindResponse = -1; /* BindResponse */
219 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
220 static int hf_ldap_searchRequest = -1; /* SearchRequest */
221 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
222 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
223 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
224 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
225 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
226 static int hf_ldap_addRequest = -1; /* AddRequest */
227 static int hf_ldap_addResponse = -1; /* AddResponse */
228 static int hf_ldap_delRequest = -1; /* DelRequest */
229 static int hf_ldap_delResponse = -1; /* DelResponse */
230 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
231 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
232 static int hf_ldap_compareRequest = -1; /* CompareRequest */
233 static int hf_ldap_compareResponse = -1; /* CompareResponse */
234 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
235 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
236 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
237 static int hf_ldap_intermediateResponse = -1; /* IntermediateResponse */
238 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
239 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
240 static int hf_ldap_assertionValue = -1; /* AssertionValue */
241 static int hf_ldap_type = -1; /* AttributeDescription */
242 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
243 static int hf_ldap_vals_item = -1; /* AttributeValue */
244 static int hf_ldap_resultCode = -1; /* T_resultCode */
245 static int hf_ldap_matchedDN = -1; /* LDAPDN */
246 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
247 static int hf_ldap_referral = -1; /* Referral */
248 static int hf_ldap_Referral_item = -1; /* LDAPURL */
249 static int hf_ldap_Controls_item = -1; /* Control */
250 static int hf_ldap_controlType = -1; /* ControlType */
251 static int hf_ldap_criticality = -1; /* BOOLEAN */
252 static int hf_ldap_controlValue = -1; /* T_controlValue */
253 static int hf_ldap_version = -1; /* INTEGER_1_127 */
254 static int hf_ldap_name = -1; /* LDAPDN */
255 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
256 static int hf_ldap_simple = -1; /* Simple */
257 static int hf_ldap_sasl = -1; /* SaslCredentials */
258 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
259 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
260 static int hf_ldap_mechanism = -1; /* Mechanism */
261 static int hf_ldap_credentials = -1; /* Credentials */
262 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
263 static int hf_ldap_bindResponse_matchedDN = -1; /* T_bindResponse_matchedDN */
264 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
265 static int hf_ldap_baseObject = -1; /* LDAPDN */
266 static int hf_ldap_scope = -1; /* T_scope */
267 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
268 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
269 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
270 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
271 static int hf_ldap_filter = -1; /* T_filter */
272 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
273 static int hf_ldap_and = -1; /* T_and */
274 static int hf_ldap_and_item = -1; /* T_and_item */
275 static int hf_ldap_or = -1; /* T_or */
276 static int hf_ldap_or_item = -1; /* T_or_item */
277 static int hf_ldap_not = -1; /* T_not */
278 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
279 static int hf_ldap_substrings = -1; /* SubstringFilter */
280 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
281 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
282 static int hf_ldap_present = -1; /* T_present */
283 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
284 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
285 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
286 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
287 static int hf_ldap_initial = -1; /* LDAPString */
288 static int hf_ldap_any = -1; /* LDAPString */
289 static int hf_ldap_final = -1; /* LDAPString */
290 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
291 static int hf_ldap_matchValue = -1; /* AssertionValue */
292 static int hf_ldap_dnAttributes = -1; /* T_dnAttributes */
293 static int hf_ldap_objectName = -1; /* LDAPDN */
294 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
295 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
296 static int hf_ldap__untag_item = -1; /* LDAPURL */
297 static int hf_ldap_object = -1; /* LDAPDN */
298 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
299 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
300 static int hf_ldap_operation = -1; /* T_operation */
301 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
302 static int hf_ldap_entry = -1; /* LDAPDN */
303 static int hf_ldap_attributes = -1; /* AttributeList */
304 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
305 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
306 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
307 static int hf_ldap_newSuperior = -1; /* LDAPDN */
308 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
309 static int hf_ldap_requestName = -1; /* LDAPOID */
310 static int hf_ldap_requestValue = -1; /* T_requestValue */
311 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
312 static int hf_ldap_responseName = -1; /* ResponseName */
313 static int hf_ldap_response = -1; /* OCTET_STRING */
314 static int hf_ldap_intermediateResponse_responseValue = -1; /* T_intermediateResponse_responseValue */
315 static int hf_ldap_size = -1; /* INTEGER */
316 static int hf_ldap_cookie = -1; /* OCTET_STRING */
317 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
318 static int hf_ldap_attributeType = -1; /* AttributeDescription */
319 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
320 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
321 static int hf_ldap_sortResult = -1; /* T_sortResult */
322 static int hf_ldap_flags = -1; /* DirSyncFlags */
323 static int hf_ldap_maxBytes = -1; /* INTEGER */
324 static int hf_ldap_userIdentity = -1; /* OCTET_STRING */
325 static int hf_ldap_oldPasswd = -1; /* OCTET_STRING */
326 static int hf_ldap_newPasswd = -1; /* OCTET_STRING */
327 static int hf_ldap_cancelID = -1; /* MessageID */
328 static int hf_ldap_mode = -1; /* T_mode */
329 static int hf_ldap_reloadHint = -1; /* BOOLEAN */
330 static int hf_ldap_state = -1; /* T_state */
331 static int hf_ldap_entryUUID = -1; /* SyncUUID */
332 static int hf_ldap_refreshDeletes = -1; /* BOOLEAN */
333 static int hf_ldap_newcookie = -1; /* OCTET_STRING */
334 static int hf_ldap_refreshDelete = -1; /* T_refreshDelete */
335 static int hf_ldap_refreshDone = -1; /* BOOLEAN */
336 static int hf_ldap_refreshPresent = -1; /* T_refreshPresent */
337 static int hf_ldap_syncIdSet = -1; /* T_syncIdSet */
338 static int hf_ldap_syncUUIDs = -1; /* SET_OF_SyncUUID */
339 static int hf_ldap_syncUUIDs_item = -1; /* SyncUUID */
340 static int hf_ldap_warning = -1; /* T_warning */
341 static int hf_ldap_timeBeforeExpiration = -1; /* INTEGER_0_maxInt */
342 static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
343 static int hf_ldap_error = -1; /* T_error */
345 /*--- End of included file: packet-ldap-hf.c ---*/
346 #line 193 "../../asn1/ldap/packet-ldap-template.c"
348 /* Initialize the subtree pointers */
349 static gint ett_ldap = -1;
350 static gint ett_ldap_msg = -1;
351 static gint ett_ldap_sasl_blob = -1;
352 static gint ett_ldap_payload = -1;
353 static gint ett_mscldap_netlogon_flags = -1;
354 static gint ett_mscldap_ntver_flags = -1;
355 static gint ett_mscldap_ipdetails = -1;
356 static gint ett_ldap_DirSyncFlagsSubEntry = -1;
359 /*--- Included file: packet-ldap-ett.c ---*/
360 #line 1 "../../asn1/ldap/packet-ldap-ett.c"
361 static gint ett_ldap_LDAPMessage = -1;
362 static gint ett_ldap_ProtocolOp = -1;
363 static gint ett_ldap_AttributeDescriptionList = -1;
364 static gint ett_ldap_AttributeValueAssertion = -1;
365 static gint ett_ldap_Attribute = -1;
366 static gint ett_ldap_SET_OF_AttributeValue = -1;
367 static gint ett_ldap_LDAPResult = -1;
368 static gint ett_ldap_Referral = -1;
369 static gint ett_ldap_Controls = -1;
370 static gint ett_ldap_Control = -1;
371 static gint ett_ldap_BindRequest_U = -1;
372 static gint ett_ldap_AuthenticationChoice = -1;
373 static gint ett_ldap_SaslCredentials = -1;
374 static gint ett_ldap_BindResponse_U = -1;
375 static gint ett_ldap_SearchRequest_U = -1;
376 static gint ett_ldap_Filter = -1;
377 static gint ett_ldap_T_and = -1;
378 static gint ett_ldap_T_or = -1;
379 static gint ett_ldap_SubstringFilter = -1;
380 static gint ett_ldap_T_substringFilter_substrings = -1;
381 static gint ett_ldap_T_substringFilter_substrings_item = -1;
382 static gint ett_ldap_MatchingRuleAssertion = -1;
383 static gint ett_ldap_SearchResultEntry_U = -1;
384 static gint ett_ldap_PartialAttributeList = -1;
385 static gint ett_ldap_PartialAttributeList_item = -1;
386 static gint ett_ldap_SEQUENCE_OF_LDAPURL = -1;
387 static gint ett_ldap_ModifyRequest_U = -1;
388 static gint ett_ldap_ModifyRequest_modification = -1;
389 static gint ett_ldap_T_modifyRequest_modification_item = -1;
390 static gint ett_ldap_AttributeTypeAndValues = -1;
391 static gint ett_ldap_AddRequest_U = -1;
392 static gint ett_ldap_AttributeList = -1;
393 static gint ett_ldap_AttributeList_item = -1;
394 static gint ett_ldap_ModifyDNRequest_U = -1;
395 static gint ett_ldap_CompareRequest_U = -1;
396 static gint ett_ldap_ExtendedRequest_U = -1;
397 static gint ett_ldap_ExtendedResponse_U = -1;
398 static gint ett_ldap_IntermediateResponse_U = -1;
399 static gint ett_ldap_SearchControlValue = -1;
400 static gint ett_ldap_SortKeyList = -1;
401 static gint ett_ldap_SortKeyList_item = -1;
402 static gint ett_ldap_SortResult = -1;
403 static gint ett_ldap_DirSyncControlValue = -1;
404 static gint ett_ldap_PasswdModifyRequestValue = -1;
405 static gint ett_ldap_CancelRequestValue = -1;
406 static gint ett_ldap_SyncRequestValue = -1;
407 static gint ett_ldap_SyncStateValue = -1;
408 static gint ett_ldap_SyncDoneValue = -1;
409 static gint ett_ldap_SyncInfoValue = -1;
410 static gint ett_ldap_T_refreshDelete = -1;
411 static gint ett_ldap_T_refreshPresent = -1;
412 static gint ett_ldap_T_syncIdSet = -1;
413 static gint ett_ldap_SET_OF_SyncUUID = -1;
414 static gint ett_ldap_PasswordPolicyResponseValue = -1;
415 static gint ett_ldap_T_warning = -1;
417 /*--- End of included file: packet-ldap-ett.c ---*/
418 #line 205 "../../asn1/ldap/packet-ldap-template.c"
420 static expert_field ei_ldap_exceeded_filter_length = EI_INIT;
421 static expert_field ei_ldap_too_many_filter_elements = EI_INIT;
423 static dissector_table_t ldap_name_dissector_table=NULL;
424 static const char *object_identifier_id = NULL; /* LDAP OID */
426 static gboolean do_protocolop = FALSE;
427 static gchar *attr_type = NULL;
428 static gboolean is_binary_attr_type = FALSE;
429 static gboolean ldap_found_in_frame = FALSE;
431 #define TCP_PORT_LDAP 389
432 #define TCP_PORT_LDAPS 636
433 #define UDP_PORT_CLDAP 389
434 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
436 /* desegmentation of LDAP */
437 static gboolean ldap_desegment = TRUE;
438 static guint global_ldap_tcp_port = TCP_PORT_LDAP;
439 static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
440 static guint tcp_port = 0;
441 static guint ssl_port = 0;
443 static dissector_handle_t gssapi_handle;
444 static dissector_handle_t gssapi_wrap_handle;
445 static dissector_handle_t ntlmssp_handle;
446 static dissector_handle_t spnego_handle;
447 static dissector_handle_t ssl_handle;
448 static dissector_handle_t ldap_handle ;
450 static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
453 /* different types of rpc calls ontop of ms cldap */
454 #define MSCLDAP_RPC_NETLOGON 1
456 /* Message type Choice values */
457 static const value_string ldap_ProtocolOp_choice_vals[] = {
458 { 0, "bindRequest" },
459 { 1, "bindResponse" },
460 { 2, "unbindRequest" },
461 { 3, "searchRequest" },
462 { 4, "searchResEntry" },
463 { 5, "searchResDone" },
464 { 6, "searchResRef" },
465 { 7, "modifyRequest" },
466 { 8, "modifyResponse" },
468 { 10, "addResponse" },
469 { 11, "delRequest" },
470 { 12, "delResponse" },
471 { 13, "modDNRequest" },
472 { 14, "modDNResponse" },
473 { 15, "compareRequest" },
474 { 16, "compareResponse" },
475 { 17, "abandonRequest" },
476 { 18, "extendedReq" },
477 { 19, "extendedResp" },
478 { 20, "intermediateResponse" },
482 #define LOGON_PRIMARY_QUERY 7
483 #define LOGON_PRIMARY_RESPONSE 12
484 #define LOGON_SAM_LOGON_REQUEST 18
485 #define LOGON_SAM_LOGON_RESPONSE 19
486 #define LOGON_SAM_PAUSE_RESPONSE 20
487 #define LOGON_SAM_USER_UNKNOWN 21
488 #define LOGON_SAM_LOGON_RESPONSE_EX 23
489 #define LOGON_SAM_PAUSE_RESPONSE_EX 24
490 #define LOGON_SAM_USER_UNKNOWN_EX 25
492 static const value_string netlogon_opcode_vals[] = {
493 { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" },
494 { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" },
495 { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" },
496 { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" },
497 { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" },
498 { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" },
499 { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" },
500 { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" },
505 * Data structure attached to a conversation, giving authentication
506 * information from a bind request.
507 * We keep a linked list of them, so that we can free up all the
508 * authentication mechanism strings.
510 typedef struct ldap_conv_info_t {
511 struct ldap_conv_info_t *next;
512 guint auth_type; /* authentication type */
513 char *auth_mech; /* authentication mechanism */
514 guint32 first_auth_frame; /* first frame that would use a security layer */
515 GHashTable *unmatched;
519 gboolean start_tls_pending;
520 guint32 start_tls_frame;
522 static ldap_conv_info_t *ldap_info_items;
525 ldap_info_hash_matched(gconstpointer k)
527 const ldap_call_response_t *key = (const ldap_call_response_t *)k;
529 return key->messageId;
533 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
535 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
536 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
538 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
541 /* a response may span multiple frames
542 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
547 return key1->messageId==key2->messageId;
551 ldap_info_hash_unmatched(gconstpointer k)
553 const ldap_call_response_t *key = (const ldap_call_response_t*)k;
555 return key->messageId;
559 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
561 const ldap_call_response_t *key1 = (const ldap_call_response_t*)k1;
562 const ldap_call_response_t *key2 = (const ldap_call_response_t*)k2;
564 return key1->messageId==key2->messageId;
568 /* These are the NtVer flags
569 http://msdn.microsoft.com/en-us/library/cc201035.aspx
572 static const true_false_string tfs_ntver_v1 = {
573 "Client requested version 1 netlogon response",
574 "Version 1 netlogon response not requested"
577 static const true_false_string tfs_ntver_v5 = {
578 "Client requested version 5 netlogon response",
579 "Version 5 netlogon response not requested"
581 static const true_false_string tfs_ntver_v5ex = {
582 "Client requested version 5 extended netlogon response",
583 "Version 5 extended response not requested"
585 static const true_false_string tfs_ntver_v5ep = {
586 "Client has requested IP address of the server",
587 "IP address of server not requested"
589 static const true_false_string tfs_ntver_vcs = {
590 "Client has asked for the closest site information",
591 "Closest site information not requested"
593 static const true_false_string tfs_ntver_vnt4 = {
594 "Client is requesting server to avoid NT4 emulation",
595 "Only full AD DS requested"
597 static const true_false_string tfs_ntver_vpdc = {
598 "Client has requested the Primary Domain Controller",
599 "Primary Domain Controller not requested"
601 static const true_false_string tfs_ntver_vip = {
602 "Client has requested IP details (obsolete)",
603 "IP details not requested (obsolete)"
605 static const true_false_string tfs_ntver_vl = {
606 "Client indicated that it is the local machine",
607 "Client is not the local machine"
608 };static const true_false_string tfs_ntver_vgc = {
609 "Client has requested a Global Catalog server",
610 "Global Catalog not requested"
613 /* Stuff for generation/handling of fields for custom AttributeValues */
614 typedef struct _attribute_type_t {
615 gchar* attribute_type;
616 gchar* attribute_desc;
619 static attribute_type_t* attribute_types = NULL;
620 static guint num_attribute_types = 0;
622 static GHashTable* attribute_types_hash = NULL;
625 attribute_types_update_cb(void *r, const char **err)
627 attribute_type_t *rec = (attribute_type_t *)r;
630 if (rec->attribute_type == NULL) {
631 *err = g_strdup("Attribute type can't be empty");
635 g_strstrip(rec->attribute_type);
636 if (rec->attribute_type[0] == 0) {
637 *err = g_strdup("Attribute type can't be empty");
641 /* Check for invalid characters (to avoid asserting out when
642 * registering the field).
644 c = proto_check_field_name(rec->attribute_type);
646 *err = g_strdup_printf("Attribute type can't contain '%c'", c);
654 attribute_types_copy_cb(void* n, const void* o, size_t siz _U_)
656 attribute_type_t* new_rec = (attribute_type_t*)n;
657 const attribute_type_t* old_rec = (const attribute_type_t*)o;
659 new_rec->attribute_type = g_strdup(old_rec->attribute_type);
660 new_rec->attribute_desc = g_strdup(old_rec->attribute_desc);
666 attribute_types_free_cb(void*r)
668 attribute_type_t* rec = (attribute_type_t*)r;
670 if (rec->attribute_type) g_free(rec->attribute_type);
671 if (rec->attribute_desc) g_free(rec->attribute_desc);
674 UAT_CSTRING_CB_DEF(attribute_types, attribute_type, attribute_type_t)
675 UAT_CSTRING_CB_DEF(attribute_types, attribute_desc, attribute_type_t)
681 get_hf_for_header(char* attribute_type)
685 if (attribute_types_hash) {
686 hf_id = (gint*) g_hash_table_lookup(attribute_types_hash, attribute_type);
698 attribute_types_initialize_cb(void)
700 static hf_register_info* hf;
703 gchar* attribute_type;
705 if (attribute_types_hash) {
706 guint hf_size = g_hash_table_size (attribute_types_hash);
707 /* Unregister all fields */
708 for (i = 0; i < hf_size; i++) {
709 proto_unregister_field (proto_ldap, *(hf[i].p_id));
712 g_free ((char *) hf[i].hfinfo.name);
713 g_free ((char *) hf[i].hfinfo.abbrev);
714 g_free ((char *) hf[i].hfinfo.blurb);
716 g_hash_table_destroy (attribute_types_hash);
718 attribute_types_hash = NULL;
721 if (num_attribute_types) {
722 attribute_types_hash = g_hash_table_new(g_str_hash, g_str_equal);
723 hf = g_new0(hf_register_info,num_attribute_types);
725 for (i = 0; i < num_attribute_types; i++) {
726 hf_id = g_new(gint,1);
728 attribute_type = g_strdup(attribute_types[i].attribute_type);
731 hf[i].hfinfo.name = attribute_type;
732 hf[i].hfinfo.abbrev = g_strdup_printf("ldap.AttributeValue.%s", attribute_type);
733 hf[i].hfinfo.type = FT_STRING;
734 hf[i].hfinfo.display = BASE_NONE;
735 hf[i].hfinfo.strings = NULL;
736 hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc);
737 hf[i].hfinfo.same_name_prev_id = -1;
738 hf[i].hfinfo.same_name_next = NULL;
740 g_hash_table_insert(attribute_types_hash, attribute_type, hf_id);
743 proto_register_field_array(proto_ldap, hf, num_attribute_types);
747 /* MS-ADTS specification, section 7.3.1.1, NETLOGON_NT_VERSION Options Bits */
748 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
752 proto_tree *tree=NULL;
754 header_field_info *hfi;
755 gboolean one_bit_set = FALSE;
757 fields[0] = hf_mscldap_ntver_flags_v1;
758 fields[1] = hf_mscldap_ntver_flags_v5;
759 fields[2] = hf_mscldap_ntver_flags_v5ex;
760 fields[3] = hf_mscldap_ntver_flags_v5ep;
761 fields[4] = hf_mscldap_ntver_flags_vcs;
762 fields[5] = hf_mscldap_ntver_flags_vnt4;
763 fields[6] = hf_mscldap_ntver_flags_vpdc;
764 fields[7] = hf_mscldap_ntver_flags_vip;
765 fields[8] = hf_mscldap_ntver_flags_vl;
766 fields[9] = hf_mscldap_ntver_flags_vgc;
770 flags=tvb_get_letohl(tvb, offset);
771 item=proto_tree_add_item(parent_tree, hf_mscldap_ntver_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
773 tree = proto_item_add_subtree(item, ett_mscldap_ntver_flags);
776 proto_item_append_text(item, " (");
778 for(field = fields; *field; field++) {
779 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
780 hfi = proto_registrar_get_nth(*field);
782 if(flags & hfi->bitmask) {
785 proto_item_append_text(item, ", ");
789 proto_item_append_text(item, "%s", hfi->name);
794 proto_item_append_text(item, ")");
801 /* This string contains the last LDAPString that was decoded */
802 static const char *attributedesc_string=NULL;
804 /* This string contains the last AssertionValue that was decoded */
805 static char *ldapvalue_string=NULL;
807 /* if the octet string contain all printable ASCII characters, then
808 * display it as a string, othervise just display it in hex.
811 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
814 gboolean pc, ind, is_ascii;
820 offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
821 offset=get_ber_length(tvb, offset, &len, &ind);
823 len=tvb_length_remaining(tvb,offset);
832 * Some special/wellknown attributes in common LDAP (read AD)
833 * are neither ascii strings nor blobs of hex data.
834 * Special case these attributes and decode them more nicely.
836 * Add more special cases as required to prettify further
837 * (there cant be that many ones that are truly interesting)
839 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
843 /* this octet string contains an NT SID */
844 sid_tvb=tvb_new_subset(tvb, offset, len, len);
845 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
846 ldapvalue_string=tmpstr;
849 } else if ( (len==16) /* GUIDs are always 16 bytes */
850 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
851 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
854 /* This octet string contained a GUID */
855 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
857 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
858 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
859 uuid.Data1, uuid.Data2, uuid.Data3,
860 uuid.Data4[0], uuid.Data4[1],
861 uuid.Data4[2], uuid.Data4[3],
862 uuid.Data4[4], uuid.Data4[5],
863 uuid.Data4[6], uuid.Data4[7]);
866 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
870 /* get flag value to populate ldapvalue_string */
871 flags=tvb_get_letohl(tvb, offset);
873 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
874 g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
876 /* populate bitmask subtree */
877 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
885 * It was not one of our "wellknown" attributes so make the best
886 * we can and just try to see if it is an ascii string or if it
889 * XXX - should we support reading RFC 2252-style schemas
890 * for LDAP, and using that to determine how to display
891 * attribute values and assertion values?
893 * -- I dont think there are full schemas available that describe the
894 * interesting cases i.e. AD -- ronnie
896 str=tvb_get_ptr(tvb, offset, len);
899 if(!g_ascii_isprint(str[i])){
905 /* convert the string into a printable string */
907 ldapvalue_string=wmem_strndup(wmem_packet_scope(), str, len);
909 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 3*len);
911 g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
912 ldapvalue_string[3*i+2]=':';
914 ldapvalue_string[3*len-1]=0;
917 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
925 /* This string contains the last Filter item that was decoded */
926 static const char *Filter_string=NULL;
927 static const char *and_filter_string=NULL;
928 static const char *or_filter_string=NULL;
929 static const char *substring_value=NULL;
930 static const char *substring_item_init=NULL;
931 static const char *substring_item_any=NULL;
932 static const char *substring_item_final=NULL;
933 static const char *matching_rule_string=NULL;
934 static gboolean matching_rule_dnattr=FALSE;
936 #define MAX_FILTER_LEN 4096
937 static gint Filter_length;
939 #define MAX_FILTER_ELEMENTS 200
940 static gint Filter_elements;
942 /* Global variables */
943 static gint MessageID =-1;
944 static gint ProtocolOp = -1;
945 static gint result = 0;
946 static proto_item *ldm_tree = NULL; /* item to add text to */
948 static void ldap_do_protocolop(packet_info *pinfo)
954 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
956 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
959 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
961 do_protocolop = FALSE;
966 static ldap_call_response_t *
967 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag, ldap_conv_info_t *ldap_info)
969 ldap_call_response_t lcr, *lcrp=NULL;
971 /* first see if we have already matched this */
973 lcr.messageId=messageId;
974 switch(protocolOpTag){
976 case LDAP_REQ_SEARCH:
977 case LDAP_REQ_MODIFY:
979 case LDAP_REQ_DELETE:
980 case LDAP_REQ_MODRDN:
981 case LDAP_REQ_COMPARE:
982 case LDAP_REQ_EXTENDED:
984 lcr.req_frame=pinfo->fd->num;
988 case LDAP_RES_SEARCH_ENTRY:
989 case LDAP_RES_SEARCH_REF:
990 case LDAP_RES_SEARCH_RESULT:
991 case LDAP_RES_MODIFY:
993 case LDAP_RES_DELETE:
994 case LDAP_RES_MODRDN:
995 case LDAP_RES_COMPARE:
996 case LDAP_RES_EXTENDED:
997 case LDAP_RES_INTERMEDIATE:
998 lcr.is_request=FALSE;
1000 lcr.rep_frame=pinfo->fd->num;
1005 lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->matched, &lcr);
1009 lcrp->is_request=lcr.is_request;
1013 /* we haven't found a match - try and match it up */
1015 switch(protocolOpTag){
1017 case LDAP_REQ_SEARCH:
1018 case LDAP_REQ_MODIFY:
1020 case LDAP_REQ_DELETE:
1021 case LDAP_REQ_MODRDN:
1022 case LDAP_REQ_COMPARE:
1023 case LDAP_REQ_EXTENDED:
1025 /* this a a request - add it to the unmatched list */
1027 /* check that we dont already have one of those in the
1028 unmatched list and if so remove it */
1030 lcr.messageId=messageId;
1031 lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->unmatched, &lcr);
1033 g_hash_table_remove(ldap_info->unmatched, lcrp);
1035 /* if we cant reuse the old one, grab a new chunk */
1037 lcrp=wmem_new0(wmem_file_scope(), ldap_call_response_t);
1039 lcrp->messageId=messageId;
1040 lcrp->req_frame=pinfo->fd->num;
1041 lcrp->req_time=pinfo->fd->abs_ts;
1043 lcrp->protocolOpTag=protocolOpTag;
1044 lcrp->is_request=TRUE;
1045 g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
1049 case LDAP_RES_SEARCH_ENTRY:
1050 case LDAP_RES_SEARCH_REF:
1051 case LDAP_RES_SEARCH_RESULT:
1052 case LDAP_RES_MODIFY:
1054 case LDAP_RES_DELETE:
1055 case LDAP_RES_MODRDN:
1056 case LDAP_RES_COMPARE:
1057 case LDAP_RES_EXTENDED:
1058 case LDAP_RES_INTERMEDIATE:
1060 /* this is a result - it should be in our unmatched list */
1062 lcr.messageId=messageId;
1063 lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->unmatched, &lcr);
1067 if(!lcrp->rep_frame){
1068 g_hash_table_remove(ldap_info->unmatched, lcrp);
1069 lcrp->rep_frame=pinfo->fd->num;
1070 lcrp->is_request=FALSE;
1071 g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
1079 /* we have found a match */
1084 if(lcrp->is_request){
1085 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
1086 PROTO_ITEM_SET_GENERATED(it);
1089 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
1090 PROTO_ITEM_SET_GENERATED(it);
1091 nstime_delta(&ns, &pinfo->fd->abs_ts, &lcrp->req_time);
1092 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
1093 PROTO_ITEM_SET_GENERATED(it);
1101 /*--- Included file: packet-ldap-fn.c ---*/
1102 #line 1 "../../asn1/ldap/packet-ldap-fn.c"
1103 /*--- Cyclic dependencies ---*/
1105 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
1106 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
1107 /* Filter -> Filter/not -> Filter */
1108 static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
1114 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1115 #line 100 "../../asn1/ldap/ldap.cnf"
1117 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1131 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1132 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1141 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1142 #line 323 "../../asn1/ldap/ldap.cnf"
1143 tvbuff_t *parameter_tvb = NULL;
1144 const char *ldapstring = NULL;
1145 gchar *sc = NULL; /* semi-colon pointer */
1147 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1151 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
1153 ldap_do_protocolop(actx->pinfo);
1156 ldapstring = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
1158 if(hf_index == hf_ldap_baseObject) {
1159 /* this is search - put it on the scanline */
1160 if(!ldapstring || !*ldapstring)
1161 ldapstring = "<ROOT>";
1163 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
1166 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1169 if(!parameter_tvb) {
1171 proto_item_append_text(actx->created_item, " (%s)", ldapstring);
1174 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
1175 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
1178 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
1180 } else if ((hf_index == hf_ldap_objectName) ||
1181 (hf_index == hf_ldap_name) ||
1182 (hf_index == hf_ldap_entry) ||
1183 (hf_index == hf_ldap_object) ||
1184 (hf_index == hf_ldap_delRequest) ) {
1186 if(!ldapstring || !*ldapstring)
1187 ldapstring = "<ROOT>";
1189 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
1192 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1193 } else if (hf_index == hf_ldap_attributeDesc){
1194 /* remember the attribute description */
1195 attributedesc_string=ldapstring;
1196 } else if (hf_index == hf_ldap_initial){
1197 /* remember the substring item */
1198 substring_item_init=ldapstring;
1199 } else if (hf_index == hf_ldap_any){
1200 /* remember the substring item */
1201 substring_item_any=ldapstring;
1202 } else if (hf_index == hf_ldap_final){
1203 /* remember the substring item */
1204 substring_item_final=ldapstring;
1205 } else if (hf_index == hf_ldap_matchingRule){
1206 /* remember the matching rule */
1207 matching_rule_string=ldapstring;
1208 } else if (hf_index == hf_ldap_present){
1209 /* remember the present name */
1210 Filter_string=ldapstring;
1211 } else if (hf_index == hf_ldap_type) {
1212 /* remember attribute type name */
1213 attr_type = wmem_strdup(wmem_packet_scope(), ldapstring);
1215 /* append it to the parent entry */
1216 proto_item_append_text(tree, " %s", attr_type);
1218 /* remove the ";binary" component if present */
1219 if((sc = strchr(attr_type, ';')) != NULL) {
1220 if(!strcmp(sc, ";binary")) {
1221 *sc = '\0'; /* terminate the string */
1222 is_binary_attr_type = TRUE;
1225 is_binary_attr_type = FALSE;
1240 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1241 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1249 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1250 #line 170 "../../asn1/ldap/ldap.cnf"
1251 ldap_conv_info_t *ldap_info;
1253 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1257 ldap_info = (ldap_conv_info_t *)actx->private_data;
1258 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
1268 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1269 #line 178 "../../asn1/ldap/ldap.cnf"
1271 ldap_conv_info_t *ldap_info;
1272 tvbuff_t *parameter_tvb;
1273 char *mechanism = NULL;
1274 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1277 ldap_info = (ldap_conv_info_t *)actx->private_data;
1278 ldap_info->auth_type = LDAP_AUTH_SASL;
1284 * We need to remember the authentication type and mechanism for this
1287 * XXX - actually, we might need to remember more than one
1288 * type and mechanism, if you can unbind and rebind with a
1289 * different type and/or mechanism.
1291 if(!actx->pinfo->fd->flags.visited) {
1292 mechanism = tvb_get_string_enc(NULL, parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
1293 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
1295 * If the mechanism in this request is an empty string (which is
1296 * returned as a null pointer), use the saved mechanism instead.
1297 * Otherwise, if the saved mechanism is an empty string (null),
1298 * save this mechanism.
1300 if (mechanism != NULL) {
1301 g_free(ldap_info->auth_mech);
1302 ldap_info->auth_mech = mechanism;
1313 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1314 #line 212 "../../asn1/ldap/ldap.cnf"
1316 tvbuff_t *parameter_tvb;
1317 ldap_conv_info_t *ldap_info;
1322 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1329 ldap_info = (ldap_conv_info_t *)actx->private_data;
1330 get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
1332 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
1333 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
1335 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
1336 * We need to check the first byte to check whether the blob
1337 * contains SPNEGO or GSSAPI.
1338 * All SPNEGO PDUs are of class CONSTRUCTED while
1339 * GSS PDUs are class APPLICATION
1341 if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
1342 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1344 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
1345 if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
1347 * This is a raw GSS-API token.
1349 if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
1350 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1353 /* Restore private data */
1354 actx->private_data = ldap_info;
1363 static const ber_sequence_t SaslCredentials_sequence[] = {
1364 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism },
1365 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials },
1366 { NULL, 0, 0, 0, NULL }
1370 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1371 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1372 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1380 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1381 #line 705 "../../asn1/ldap/ldap.cnf"
1382 /* make sure the protocol op comes first */
1383 ldap_do_protocolop(actx->pinfo);
1385 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1386 offset+=tvb_length_remaining(tvb, offset);
1396 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1397 #line 712 "../../asn1/ldap/ldap.cnf"
1398 /* make sure the protocol op comes first */
1399 ldap_do_protocolop(actx->pinfo);
1401 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1402 offset+=tvb_length_remaining(tvb, offset);
1410 static const value_string ldap_AuthenticationChoice_vals[] = {
1413 { 10, "ntlmsspNegotiate" },
1414 { 11, "ntlmsspAuth" },
1418 static const ber_choice_t AuthenticationChoice_choice[] = {
1419 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple },
1420 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials },
1421 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate },
1422 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth },
1423 { 0, NULL, 0, 0, 0, NULL }
1427 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1428 #line 495 "../../asn1/ldap/ldap.cnf"
1431 const gchar *valstr;
1433 offset = dissect_ber_choice(actx, tree, tvb, offset,
1434 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1438 ldap_do_protocolop(actx->pinfo);
1440 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1441 auth = AuthenticationChoice_choice[branch].value;
1443 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1445 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1446 if ((auth != 10) && (auth != 11))
1447 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1450 proto_item_append_text(ldm_tree, " %s", valstr);
1459 static const ber_sequence_t BindRequest_U_sequence[] = {
1460 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 },
1461 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
1462 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice },
1463 { NULL, 0, 0, 0, NULL }
1467 dissect_ldap_BindRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1468 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1469 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U);
1477 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1478 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1479 hf_index, BER_CLASS_APP, 0, TRUE, dissect_ldap_BindRequest_U);
1485 static const value_string ldap_BindResponse_resultCode_vals[] = {
1487 { 1, "operationsError" },
1488 { 2, "protocolError" },
1489 { 3, "timeLimitExceeded" },
1490 { 4, "sizeLimitExceeded" },
1491 { 5, "compareFalse" },
1492 { 6, "compareTrue" },
1493 { 7, "authMethodNotSupported" },
1494 { 8, "strongAuthRequired" },
1496 { 11, "adminLimitExceeded" },
1497 { 12, "unavailableCriticalExtension" },
1498 { 13, "confidentialityRequired" },
1499 { 14, "saslBindInProgress" },
1500 { 16, "noSuchAttribute" },
1501 { 17, "undefinedAttributeType" },
1502 { 18, "inappropriateMatching" },
1503 { 19, "constraintViolation" },
1504 { 20, "attributeOrValueExists" },
1505 { 21, "invalidAttributeSyntax" },
1506 { 32, "noSuchObject" },
1507 { 33, "aliasProblem" },
1508 { 34, "invalidDNSyntax" },
1509 { 36, "aliasDereferencingProblem" },
1510 { 48, "inappropriateAuthentication" },
1511 { 49, "invalidCredentials" },
1512 { 50, "insufficientAccessRights" },
1514 { 52, "unavailable" },
1515 { 53, "unwillingToPerform" },
1516 { 54, "loopDetect" },
1517 { 64, "namingViolation" },
1518 { 65, "objectClassViolation" },
1519 { 66, "notAllowedOnNonLeaf" },
1520 { 67, "notAllowedOnRDN" },
1521 { 68, "entryAlreadyExists" },
1522 { 69, "objectClassModsProhibited" },
1523 { 71, "affectsMultipleDSAs" },
1525 { 118, "canceled" },
1526 { 119, "noSuchOperation" },
1528 { 121, "cannotCancel" },
1534 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1535 #line 443 "../../asn1/ldap/ldap.cnf"
1537 const gchar *valstr;
1539 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1543 ldap_do_protocolop(actx->pinfo);
1545 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1547 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1550 proto_item_append_text(ldm_tree, " %s", valstr);
1561 dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1562 #line 719 "../../asn1/ldap/ldap.cnf"
1563 tvbuff_t *new_tvb=NULL;
1565 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1568 && (tvb_length(new_tvb)>=7)
1569 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1571 /* make sure the protocol op comes first */
1572 ldap_do_protocolop(actx->pinfo);
1574 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
1586 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1587 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1595 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1596 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1599 #line 53 "../../asn1/ldap/ldap.cnf"
1600 PROTO_ITEM_SET_URL(actx->created_item);
1607 static const ber_sequence_t Referral_sequence_of[1] = {
1608 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
1612 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1613 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1614 Referral_sequence_of, hf_index, ett_ldap_Referral);
1622 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1623 #line 253 "../../asn1/ldap/ldap.cnf"
1625 tvbuff_t *parameter_tvb = NULL;
1626 ldap_conv_info_t *ldap_info;
1628 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1633 ldap_info = (ldap_conv_info_t *)actx->private_data;
1634 switch (ldap_info->auth_type) {
1636 /* For Kerberos V4, dissect it as a ticket. */
1637 /* XXX - what about LDAP_AUTH_SIMPLE? */
1639 case LDAP_AUTH_SASL:
1641 * All frames after this are assumed to use a security layer.
1643 * XXX - won't work if there's another reply, with the security
1644 * layer, starting in the same TCP segment that ends this
1645 * reply, but as LDAP is a request/response protocol, and
1646 * as the client probably can't start using authentication until
1647 * it gets the bind reply and the server won't send a reply until
1648 * it gets a request, that probably won't happen.
1650 * XXX - that assumption is invalid; it's not clear where the
1651 * hell you find out whether there's any security layer. In
1652 * one capture, we have two GSS-SPNEGO negotiations, both of
1653 * which select MS KRB5, and the only differences in the tokens
1654 * is in the RC4-HMAC ciphertext. The various
1655 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1656 * that the RFC 2222 spoo with the bitmask and maximum
1657 * output message size stuff is done - but where does that
1658 * stuff show up? Is it in the ciphertext, which means it's
1659 * presumably encrypted?
1661 * Grrr. We have to do a gross heuristic, checking whether the
1662 * putative LDAP message begins with 0x00 or not, making the
1663 * assumption that we won't have more than 2^24 bytes of
1664 * encapsulated stuff.
1666 ldap_info->first_auth_frame = actx->pinfo->fd->num + 1;
1667 if (ldap_info->auth_mech != NULL &&
1668 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1669 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
1670 * which might not be wrapped in GSS-SPNEGO but be a raw
1673 if ( (tvb_length(parameter_tvb)>=7)
1674 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
1675 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
1679 * This is a GSS-API token.
1681 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1682 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1683 } else if (ldap_info->auth_mech != NULL &&
1684 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1686 * This is a GSS-API token.
1688 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1689 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1693 actx->private_data = ldap_info;
1701 static const ber_sequence_t BindResponse_U_sequence[] = {
1702 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode },
1703 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN },
1704 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
1705 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
1706 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds },
1707 { NULL, 0, 0, 0, NULL }
1711 dissect_ldap_BindResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1712 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1713 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U);
1721 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1722 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1723 hf_index, BER_CLASS_APP, 1, TRUE, dissect_ldap_BindResponse_U);
1731 dissect_ldap_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1732 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1740 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1741 #line 517 "../../asn1/ldap/ldap.cnf"
1743 implicit_tag = TRUE; /* correct problem with asn2wrs */
1745 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1746 hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL);
1749 ldap_do_protocolop(actx->pinfo);
1761 static const value_string ldap_T_scope_vals[] = {
1762 { 0, "baseObject" },
1763 { 1, "singleLevel" },
1764 { 2, "wholeSubtree" },
1770 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1771 #line 411 "../../asn1/ldap/ldap.cnf"
1773 guint32 scope = 0xffff;
1774 const gchar *valstr;
1776 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1780 ldap_do_protocolop(actx->pinfo);
1782 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1784 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1787 proto_item_append_text(ldm_tree, " %s", valstr);
1795 static const value_string ldap_T_derefAliases_vals[] = {
1796 { 0, "neverDerefAliases" },
1797 { 1, "derefInSearching" },
1798 { 2, "derefFindingBaseObj" },
1799 { 3, "derefAlways" },
1805 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1806 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1815 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1816 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1825 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1826 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1834 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1835 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1837 #line 563 "../../asn1/ldap/ldap.cnf"
1838 if(and_filter_string){
1839 and_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(&%s%s)",and_filter_string,Filter_string);
1841 and_filter_string=Filter_string;
1849 static const ber_sequence_t T_and_set_of[1] = {
1850 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item },
1854 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1855 #line 570 "../../asn1/ldap/ldap.cnf"
1856 proto_tree *tr=NULL;
1857 proto_item *it=NULL;
1858 const char *old_and_filter_string=and_filter_string;
1860 and_filter_string=NULL;
1862 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "and: ");
1863 tr=proto_item_add_subtree(it, ett_ldap_T_and);
1867 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1868 T_and_set_of, hf_index, ett_ldap_T_and);
1871 if(and_filter_string) {
1872 proto_item_append_text(it, "%s", and_filter_string);
1873 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%s",and_filter_string);
1875 and_filter_string=old_and_filter_string;
1885 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1886 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1888 #line 590 "../../asn1/ldap/ldap.cnf"
1889 if(or_filter_string){
1890 or_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(|%s%s)",or_filter_string,Filter_string);
1892 or_filter_string=Filter_string;
1901 static const ber_sequence_t T_or_set_of[1] = {
1902 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item },
1906 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1907 #line 598 "../../asn1/ldap/ldap.cnf"
1908 proto_tree *tr=NULL;
1909 proto_item *it=NULL;
1910 const char *old_or_filter_string=or_filter_string;
1912 or_filter_string=NULL;
1914 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "or: ");
1915 tr=proto_item_add_subtree(it, ett_ldap_T_or);
1918 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1919 T_or_set_of, hf_index, ett_ldap_T_or);
1921 if(or_filter_string) {
1922 proto_item_append_text(it, "%s", or_filter_string);
1923 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%s",or_filter_string);
1925 or_filter_string=old_or_filter_string;
1935 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1936 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1938 #line 619 "../../asn1/ldap/ldap.cnf"
1939 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(!%s)",string_or_null(Filter_string));
1948 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1949 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1956 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1957 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1958 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue },
1959 { NULL, 0, 0, 0, NULL }
1963 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1964 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1965 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1973 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1974 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1976 #line 540 "../../asn1/ldap/ldap.cnf"
1977 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
1978 string_or_null(attributedesc_string),
1979 string_or_null(ldapvalue_string));
1987 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
1994 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
1995 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1996 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1997 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1998 { 0, NULL, 0, 0, 0, NULL }
2002 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2003 offset = dissect_ber_choice(actx, tree, tvb, offset,
2004 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
2007 #line 645 "../../asn1/ldap/ldap.cnf"
2008 if (substring_item_final) {
2009 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s",
2010 (substring_value?substring_value:"*"),
2011 substring_item_final);
2012 } else if (substring_item_any) {
2013 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s*",
2014 (substring_value?substring_value:"*"),
2015 substring_item_any);
2016 } else if (substring_item_init) {
2017 substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s*",
2018 substring_item_init);
2026 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
2027 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item },
2031 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2032 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2033 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
2039 static const ber_sequence_t SubstringFilter_sequence[] = {
2040 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2041 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings },
2042 { NULL, 0, 0, 0, NULL }
2046 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2047 #line 659 "../../asn1/ldap/ldap.cnf"
2048 proto_tree *tr=NULL;
2049 proto_item *it=NULL;
2050 const char *old_substring_value=substring_value;
2053 substring_value=NULL;
2054 substring_item_init=NULL;
2055 substring_item_any=NULL;
2056 substring_item_final=NULL;
2058 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "substring: ");
2059 tr=proto_item_add_subtree(it, ett_ldap_SubstringFilter);
2062 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2063 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
2065 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
2066 string_or_null(attr_type),
2067 string_or_null(substring_value));
2068 proto_item_append_text(it, "%s", Filter_string);
2069 substring_value=old_substring_value;
2079 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2080 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2082 #line 546 "../../asn1/ldap/ldap.cnf"
2083 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s>=%s)",
2084 string_or_null(attributedesc_string),
2085 string_or_null(ldapvalue_string));
2095 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2096 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2098 #line 552 "../../asn1/ldap/ldap.cnf"
2099 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s<=%s)",
2100 string_or_null(attributedesc_string),
2101 string_or_null(ldapvalue_string));
2111 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2112 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
2114 #line 616 "../../asn1/ldap/ldap.cnf"
2115 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=*)",string_or_null(Filter_string));
2124 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2125 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2127 #line 558 "../../asn1/ldap/ldap.cnf"
2128 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s~=%s)",
2129 string_or_null(attributedesc_string),
2130 string_or_null(ldapvalue_string));
2139 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2140 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2148 dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2149 #line 622 "../../asn1/ldap/ldap.cnf"
2152 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
2155 matching_rule_dnattr = val;
2164 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
2165 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
2166 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
2167 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue },
2168 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes },
2169 { NULL, 0, 0, 0, NULL }
2173 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2174 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2175 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
2183 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2184 #line 631 "../../asn1/ldap/ldap.cnf"
2186 matching_rule_string=NULL;
2187 ldapvalue_string=NULL;
2188 matching_rule_dnattr=FALSE;
2191 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2193 #line 637 "../../asn1/ldap/ldap.cnf"
2194 Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s:%s%s%s=%s)",
2195 (attr_type?attr_type:""),
2196 (matching_rule_dnattr?"dn:":""),
2197 (matching_rule_string?matching_rule_string:""),
2198 (matching_rule_string?":":""),
2199 string_or_null(ldapvalue_string));
2206 static const value_string ldap_Filter_vals[] = {
2210 { 3, "equalityMatch" },
2211 { 4, "substrings" },
2212 { 5, "greaterOrEqual" },
2213 { 6, "lessOrEqual" },
2215 { 8, "approxMatch" },
2216 { 9, "extensibleMatch" },
2220 static const ber_choice_t Filter_choice[] = {
2221 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and },
2222 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or },
2223 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not },
2224 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch },
2225 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter },
2226 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual },
2227 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual },
2228 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present },
2229 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch },
2230 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch },
2231 { 0, NULL, 0, 0, 0, NULL }
2235 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2236 #line 681 "../../asn1/ldap/ldap.cnf"
2237 proto_tree *tr=NULL;
2238 proto_item *it=NULL;
2239 attributedesc_string=NULL;
2241 if (Filter_length++ > MAX_FILTER_LEN) {
2242 expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
2243 THROW(ReportedBoundsError);
2246 if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
2247 expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
2248 THROW(ReportedBoundsError);
2252 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
2253 tr=proto_item_add_subtree(it, ett_ldap_Filter);
2256 offset = dissect_ber_choice(actx, tree, tvb, offset,
2257 Filter_choice, hf_index, ett_ldap_Filter,
2261 proto_item_append_text(it, "%s", string_or_null(Filter_string));
2271 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2272 #line 529 "../../asn1/ldap/ldap.cnf"
2274 Filter_elements = 0;
2278 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
2280 #line 534 "../../asn1/ldap/ldap.cnf"
2282 and_filter_string=NULL;
2283 Filter_elements = 0;
2291 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2292 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2296 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2297 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2298 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2304 static const ber_sequence_t SearchRequest_U_sequence[] = {
2305 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2306 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope },
2307 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases },
2308 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2309 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2310 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2311 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter },
2312 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList },
2313 { NULL, 0, 0, 0, NULL }
2317 dissect_ldap_SearchRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2318 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2319 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U);
2327 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2328 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2329 hf_index, BER_CLASS_APP, 3, TRUE, dissect_ldap_SearchRequest_U);
2337 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2338 #line 459 "../../asn1/ldap/ldap.cnf"
2340 tvbuff_t *next_tvb = NULL;
2343 int old_offset = offset;
2346 /* attr_type, should be set before calling this function */
2348 /* extract the value of the octetstring */
2349 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
2351 /* first check if we have a custom attribute type configured */
2352 if ((hf_id = get_hf_for_header (attr_type)) != NULL)
2353 proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
2355 /* if we have an attribute type that isn't binary see if there is a better dissector */
2356 else if(!attr_type || !next_tvb || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, NULL)) {
2357 offset = old_offset;
2359 /* do the default thing */
2360 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2364 len = tvb_length_remaining(next_tvb, 0);
2366 for(i = 0; i < len; i++)
2367 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
2371 string = tvb_get_string_enc(wmem_packet_scope(), next_tvb, 0, tvb_length_remaining(next_tvb, 0), ENC_ASCII|ENC_NA);
2372 proto_item_set_text(actx->created_item, "AttributeValue: %s", string);
2382 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2383 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },
2387 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2388 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
2389 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2395 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2396 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2397 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2398 { NULL, 0, 0, 0, NULL }
2402 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2403 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2404 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2410 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2411 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item },
2415 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2416 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2417 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2423 static const ber_sequence_t SearchResultEntry_U_sequence[] = {
2424 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2425 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList },
2426 { NULL, 0, 0, 0, NULL }
2430 dissect_ldap_SearchResultEntry_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2431 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2432 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U);
2440 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2441 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2442 hf_index, BER_CLASS_APP, 4, TRUE, dissect_ldap_SearchResultEntry_U);
2448 static const value_string ldap_T_resultCode_vals[] = {
2450 { 1, "operationsError" },
2451 { 2, "protocolError" },
2452 { 3, "timeLimitExceeded" },
2453 { 4, "sizeLimitExceeded" },
2454 { 5, "compareFalse" },
2455 { 6, "compareTrue" },
2456 { 7, "authMethodNotSupported" },
2457 { 8, "strongAuthRequired" },
2459 { 11, "adminLimitExceeded" },
2460 { 12, "unavailableCriticalExtension" },
2461 { 13, "confidentialityRequired" },
2462 { 14, "saslBindInProgress" },
2463 { 16, "noSuchAttribute" },
2464 { 17, "undefinedAttributeType" },
2465 { 18, "inappropriateMatching" },
2466 { 19, "constraintViolation" },
2467 { 20, "attributeOrValueExists" },
2468 { 21, "invalidAttributeSyntax" },
2469 { 32, "noSuchObject" },
2470 { 33, "aliasProblem" },
2471 { 34, "invalidDNSyntax" },
2472 { 36, "aliasDereferencingProblem" },
2473 { 48, "inappropriateAuthentication" },
2474 { 49, "invalidCredentials" },
2475 { 50, "insufficientAccessRights" },
2477 { 52, "unavailable" },
2478 { 53, "unwillingToPerform" },
2479 { 54, "loopDetect" },
2480 { 64, "namingViolation" },
2481 { 65, "objectClassViolation" },
2482 { 66, "notAllowedOnNonLeaf" },
2483 { 67, "notAllowedOnRDN" },
2484 { 68, "entryAlreadyExists" },
2485 { 69, "objectClassModsProhibited" },
2486 { 71, "affectsMultipleDSAs" },
2488 { 118, "canceled" },
2489 { 119, "noSuchOperation" },
2491 { 121, "cannotCancel" },
2497 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2498 #line 427 "../../asn1/ldap/ldap.cnf"
2500 const gchar *valstr;
2502 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2506 ldap_do_protocolop(actx->pinfo);
2508 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2510 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
2513 proto_item_append_text(ldm_tree, " %s", valstr);
2522 static const ber_sequence_t LDAPResult_sequence[] = {
2523 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode },
2524 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2525 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2526 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2527 { NULL, 0, 0, 0, NULL }
2531 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2532 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2533 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2541 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2542 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2543 hf_index, BER_CLASS_APP, 5, TRUE, dissect_ldap_LDAPResult);
2549 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = {
2550 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
2554 dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2555 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2556 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL);
2564 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2565 #line 822 "../../asn1/ldap/ldap.cnf"
2567 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2568 hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
2571 ldap_do_protocolop(actx->pinfo);
2580 static const value_string ldap_T_operation_vals[] = {
2589 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2590 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2597 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2598 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2599 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2600 { NULL, 0, 0, 0, NULL }
2604 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2605 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2606 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2612 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2613 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation },
2614 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues },
2615 { NULL, 0, 0, 0, NULL }
2619 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2620 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2621 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2627 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2628 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item },
2632 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2633 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2634 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2640 static const ber_sequence_t ModifyRequest_U_sequence[] = {
2641 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2642 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification },
2643 { NULL, 0, 0, 0, NULL }
2647 dissect_ldap_ModifyRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2648 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2649 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U);
2657 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2658 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2659 hf_index, BER_CLASS_APP, 6, TRUE, dissect_ldap_ModifyRequest_U);
2667 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2668 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2669 hf_index, BER_CLASS_APP, 7, TRUE, dissect_ldap_LDAPResult);
2675 static const ber_sequence_t AttributeList_item_sequence[] = {
2676 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2677 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2678 { NULL, 0, 0, 0, NULL }
2682 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2683 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2684 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2690 static const ber_sequence_t AttributeList_sequence_of[1] = {
2691 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item },
2695 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2696 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2697 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2703 static const ber_sequence_t AddRequest_U_sequence[] = {
2704 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2705 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList },
2706 { NULL, 0, 0, 0, NULL }
2710 dissect_ldap_AddRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2711 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2712 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U);
2720 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2721 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2722 hf_index, BER_CLASS_APP, 8, TRUE, dissect_ldap_AddRequest_U);
2730 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2731 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2732 hf_index, BER_CLASS_APP, 9, TRUE, dissect_ldap_LDAPResult);
2740 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2741 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2742 hf_index, BER_CLASS_APP, 10, TRUE, dissect_ldap_LDAPDN);
2750 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2751 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2752 hf_index, BER_CLASS_APP, 11, TRUE, dissect_ldap_LDAPResult);
2760 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2761 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2767 static const ber_sequence_t ModifyDNRequest_U_sequence[] = {
2768 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2769 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN },
2770 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2771 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN },
2772 { NULL, 0, 0, 0, NULL }
2776 dissect_ldap_ModifyDNRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2777 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2778 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U);
2786 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2787 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2788 hf_index, BER_CLASS_APP, 12, TRUE, dissect_ldap_ModifyDNRequest_U);
2796 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2797 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2798 hf_index, BER_CLASS_APP, 13, TRUE, dissect_ldap_LDAPResult);
2804 static const ber_sequence_t CompareRequest_U_sequence[] = {
2805 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2806 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion },
2807 { NULL, 0, 0, 0, NULL }
2811 dissect_ldap_CompareRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2812 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2813 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U);
2821 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2822 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2823 hf_index, BER_CLASS_APP, 14, TRUE, dissect_ldap_CompareRequest_U);
2831 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2832 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2833 hf_index, BER_CLASS_APP, 15, TRUE, dissect_ldap_LDAPResult);
2841 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2842 #line 829 "../../asn1/ldap/ldap.cnf"
2844 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2845 hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
2848 ldap_do_protocolop(actx->pinfo);
2858 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2859 #line 56 "../../asn1/ldap/ldap.cnf"
2861 tvbuff_t *parameter_tvb;
2865 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2868 #line 63 "../../asn1/ldap/ldap.cnf"
2870 object_identifier_id = NULL;
2875 object_identifier_id = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
2876 name = oid_resolved_from_string(object_identifier_id);
2879 proto_item_append_text(actx->created_item, " (%s)", name);
2881 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
2882 ldap_do_protocolop(actx->pinfo);
2883 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
2887 if(((hf_index == hf_ldap_responseName) || (hf_index == hf_ldap_requestName)) &&
2888 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
2890 /* we have agreed start_tls */
2891 ldap_conv_info_t *ldap_info = NULL;
2893 ldap_info = (ldap_conv_info_t *)actx->private_data;
2896 if(hf_index == hf_ldap_responseName)
2897 /* TLS in the next frame */
2898 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
2900 /* remember we have asked to start_tls */
2901 ldap_info->start_tls_pending = TRUE;
2912 dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2913 #line 754 "../../asn1/ldap/ldap.cnf"
2915 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2916 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
2918 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2929 static const ber_sequence_t ExtendedRequest_U_sequence[] = {
2930 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID },
2931 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue },
2932 { NULL, 0, 0, 0, NULL }
2936 dissect_ldap_ExtendedRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2937 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2938 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U);
2946 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2947 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2948 hf_index, BER_CLASS_APP, 23, TRUE, dissect_ldap_ExtendedRequest_U);
2954 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2956 { 1, "operationsError" },
2957 { 2, "protocolError" },
2958 { 3, "timeLimitExceeded" },
2959 { 4, "sizeLimitExceeded" },
2960 { 5, "compareFalse" },
2961 { 6, "compareTrue" },
2962 { 7, "authMethodNotSupported" },
2963 { 8, "strongAuthRequired" },
2965 { 11, "adminLimitExceeded" },
2966 { 12, "unavailableCriticalExtension" },
2967 { 13, "confidentialityRequired" },
2968 { 14, "saslBindInProgress" },
2969 { 16, "noSuchAttribute" },
2970 { 17, "undefinedAttributeType" },
2971 { 18, "inappropriateMatching" },
2972 { 19, "constraintViolation" },
2973 { 20, "attributeOrValueExists" },
2974 { 21, "invalidAttributeSyntax" },
2975 { 32, "noSuchObject" },
2976 { 33, "aliasProblem" },
2977 { 34, "invalidDNSyntax" },
2978 { 36, "aliasDereferencingProblem" },
2979 { 48, "inappropriateAuthentication" },
2980 { 49, "invalidCredentials" },
2981 { 50, "insufficientAccessRights" },
2983 { 52, "unavailable" },
2984 { 53, "unwillingToPerform" },
2985 { 54, "loopDetect" },
2986 { 64, "namingViolation" },
2987 { 65, "objectClassViolation" },
2988 { 66, "notAllowedOnNonLeaf" },
2989 { 67, "notAllowedOnRDN" },
2990 { 68, "entryAlreadyExists" },
2991 { 69, "objectClassModsProhibited" },
2992 { 71, "affectsMultipleDSAs" },
2994 { 118, "canceled" },
2995 { 119, "noSuchOperation" },
2997 { 121, "cannotCancel" },
3003 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3004 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3013 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3014 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3022 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3023 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3030 static const ber_sequence_t ExtendedResponse_U_sequence[] = {
3031 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode },
3032 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
3033 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
3034 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
3035 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
3036 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3037 { NULL, 0, 0, 0, NULL }
3041 dissect_ldap_ExtendedResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3042 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3043 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U);
3051 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3052 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3053 hf_index, BER_CLASS_APP, 24, TRUE, dissect_ldap_ExtendedResponse_U);
3061 dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3062 #line 762 "../../asn1/ldap/ldap.cnf"
3067 #line 766 "../../asn1/ldap/ldap.cnf"
3068 if(ldm_tree && object_identifier_id) {
3069 proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
3070 name = oid_resolved_from_string(object_identifier_id);
3072 proto_item_append_text(ldm_tree, " (%s)", name);
3074 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3075 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
3077 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3088 static const ber_sequence_t IntermediateResponse_U_sequence[] = {
3089 { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
3090 { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue },
3091 { NULL, 0, 0, 0, NULL }
3095 dissect_ldap_IntermediateResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3096 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3097 IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U);
3105 dissect_ldap_IntermediateResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3106 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
3107 hf_index, BER_CLASS_APP, 25, TRUE, dissect_ldap_IntermediateResponse_U);
3113 static const value_string ldap_ProtocolOp_vals[] = {
3114 { 0, "bindRequest" },
3115 { 1, "bindResponse" },
3116 { 2, "unbindRequest" },
3117 { 3, "searchRequest" },
3118 { 4, "searchResEntry" },
3119 { 5, "searchResDone" },
3120 { 19, "searchResRef" },
3121 { 6, "modifyRequest" },
3122 { 7, "modifyResponse" },
3123 { 8, "addRequest" },
3124 { 9, "addResponse" },
3125 { 10, "delRequest" },
3126 { 11, "delResponse" },
3127 { 12, "modDNRequest" },
3128 { 13, "modDNResponse" },
3129 { 14, "compareRequest" },
3130 { 15, "compareResponse" },
3131 { 16, "abandonRequest" },
3132 { 23, "extendedReq" },
3133 { 24, "extendedResp" },
3134 { 25, "intermediateResponse" },
3138 static const ber_choice_t ProtocolOp_choice[] = {
3139 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest },
3140 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse },
3141 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest },
3142 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest },
3143 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry },
3144 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone },
3145 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference },
3146 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest },
3147 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse },
3148 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest },
3149 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse },
3150 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest },
3151 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse },
3152 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest },
3153 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse },
3154 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest },
3155 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse },
3156 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest },
3157 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest },
3158 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse },
3159 { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse },
3160 { 0, NULL, 0, 0, 0, NULL }
3164 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3165 #line 108 "../../asn1/ldap/ldap.cnf"
3167 ldap_call_response_t *lcrp;
3168 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
3169 do_protocolop = TRUE;
3172 offset = dissect_ber_choice(actx, tree, tvb, offset,
3173 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
3176 #line 114 "../../asn1/ldap/ldap.cnf"
3178 if (ProtocolOp == -1) {
3182 /* ProtocolOp is the index, not the tag so convert it to the tag value */
3183 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
3185 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info);
3187 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
3190 /* XXX: the count will not work if the results span multiple TCP packets */
3192 if(ldap_info && tree) { /* only count once - on tree pass */
3193 switch(ProtocolOp) {
3195 case LDAP_RES_SEARCH_ENTRY:
3196 ldap_info->num_results++;
3198 proto_item_append_text(tree, " [%d result%s]",
3199 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3203 case LDAP_RES_SEARCH_RESULT:
3205 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
3206 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3208 proto_item_append_text(tree, " [%d result%s]",
3209 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3211 ldap_info->num_results = 0;
3218 if(ldap_info && (ProtocolOp == LDAP_RES_EXTENDED)) {
3219 /* this is an extend result */
3221 if(ldap_info->start_tls_pending && !ldap_info->start_tls_frame) {
3222 /* XXX: some directories do not correctly return the responseName in the extendedResponse so we don't know start_tls has been negotiated */
3224 col_append_str(actx->pinfo->cinfo, COL_INFO, "[LDAP_START_TLS_OID responseName missing] ");
3225 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
3228 ldap_info->start_tls_pending = FALSE;
3239 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3240 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3248 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3249 #line 735 "../../asn1/ldap/ldap.cnf"
3255 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3256 /* remove the OCTET STRING encoding */
3257 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
3258 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
3260 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
3264 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3276 static const ber_sequence_t Control_sequence[] = {
3277 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType },
3278 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3279 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue },
3280 { NULL, 0, 0, 0, NULL }
3284 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3285 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3286 Control_sequence, hf_index, ett_ldap_Control);
3292 static const ber_sequence_t Controls_sequence_of[1] = {
3293 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control },
3297 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3298 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3299 Controls_sequence_of, hf_index, ett_ldap_Controls);
3305 static const ber_sequence_t LDAPMessage_sequence[] = {
3306 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3307 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp },
3308 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls },
3309 { NULL, 0, 0, 0, NULL }
3313 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3314 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3315 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
3325 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3326 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3333 static const ber_sequence_t SearchControlValue_sequence[] = {
3334 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3335 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3336 { NULL, 0, 0, 0, NULL }
3340 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3341 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3342 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
3348 static const ber_sequence_t SortKeyList_item_sequence[] = {
3349 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
3350 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
3351 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN },
3352 { NULL, 0, 0, 0, NULL }
3356 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3357 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3358 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
3364 static const ber_sequence_t SortKeyList_sequence_of[1] = {
3365 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item },
3369 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3370 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3371 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
3377 static const value_string ldap_T_sortResult_vals[] = {
3379 { 1, "operationsError" },
3380 { 3, "timeLimitExceeded" },
3381 { 8, "strongAuthRequired" },
3382 { 11, "adminLimitExceeded" },
3383 { 16, "noSuchAttribute" },
3384 { 18, "inappropriateMatching" },
3385 { 50, "insufficientAccessRights" },
3387 { 53, "unwillingToPerform" },
3394 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3395 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3402 static const ber_sequence_t SortResult_sequence[] = {
3403 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult },
3404 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
3405 { NULL, 0, 0, 0, NULL }
3409 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3410 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3411 SortResult_sequence, hf_index, ett_ldap_SortResult);
3419 dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3420 #line 779 "../../asn1/ldap/ldap.cnf"
3426 header_field_info *hfinfo;
3428 int otheroffset = offset;
3430 dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
3431 otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
3433 gint32 remaining=tvb_length_remaining(tvb, offset);
3434 len=remaining>0 ? remaining : 0;
3437 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
3439 hfinfo = proto_registrar_get_nth(hf_index);
3442 proto_tree *subtree = NULL;
3443 proto_item *item = NULL;
3444 item = proto_tree_add_text(tree, tvb, otheroffset+1, len, "%s: 0x%08x", hfinfo->name, val);
3445 subtree = proto_item_add_subtree(item, ett_ldap_DirSyncFlagsSubEntry);
3448 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Object_Security");
3451 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Ancestor_First");
3454 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Public_Data_Only");
3456 if (val & 0x80000000) {
3457 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Incremental_Value");
3460 proto_tree_add_text(tree, tvb, otheroffset+len, len, "%s: 0", hfinfo->name);
3469 static const ber_sequence_t DirSyncControlValue_sequence[] = {
3470 { &hf_ldap_flags , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_DirSyncFlags },
3471 { &hf_ldap_maxBytes , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3472 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3473 { NULL, 0, 0, 0, NULL }
3477 dissect_ldap_DirSyncControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3478 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3479 DirSyncControlValue_sequence, hf_index, ett_ldap_DirSyncControlValue);
3485 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = {
3486 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3487 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3488 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3489 { NULL, 0, 0, 0, NULL }
3493 dissect_ldap_PasswdModifyRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3494 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3495 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue);
3501 static const ber_sequence_t CancelRequestValue_sequence[] = {
3502 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3503 { NULL, 0, 0, 0, NULL }
3507 dissect_ldap_CancelRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3508 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3509 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue);
3515 static const value_string ldap_T_mode_vals[] = {
3516 { 1, "refreshOnly" },
3517 { 3, "refreshAndPersist" },
3523 dissect_ldap_T_mode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3524 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3531 static const ber_sequence_t SyncRequestValue_sequence[] = {
3532 { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode },
3533 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3534 { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3535 { NULL, 0, 0, 0, NULL }
3539 dissect_ldap_SyncRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3540 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3541 SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue);
3547 static const value_string ldap_T_state_vals[] = {
3557 dissect_ldap_T_state(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3558 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3567 dissect_ldap_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3568 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3575 static const ber_sequence_t SyncStateValue_sequence[] = {
3576 { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state },
3577 { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3578 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3579 { NULL, 0, 0, 0, NULL }
3583 dissect_ldap_SyncStateValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3584 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3585 SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue);
3591 static const ber_sequence_t SyncDoneValue_sequence[] = {
3592 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3593 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3594 { NULL, 0, 0, 0, NULL }
3598 dissect_ldap_SyncDoneValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3599 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3600 SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue);
3606 static const ber_sequence_t T_refreshDelete_sequence[] = {
3607 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3608 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3609 { NULL, 0, 0, 0, NULL }
3613 dissect_ldap_T_refreshDelete(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3614 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3615 T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete);
3621 static const ber_sequence_t T_refreshPresent_sequence[] = {
3622 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3623 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3624 { NULL, 0, 0, 0, NULL }
3628 dissect_ldap_T_refreshPresent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3629 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3630 T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent);
3636 static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = {
3637 { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3641 dissect_ldap_SET_OF_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3642 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
3643 SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID);
3649 static const ber_sequence_t T_syncIdSet_sequence[] = {
3650 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3651 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3652 { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID },
3653 { NULL, 0, 0, 0, NULL }
3657 dissect_ldap_T_syncIdSet(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3658 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3659 T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet);
3665 static const value_string ldap_SyncInfoValue_vals[] = {
3667 { 1, "refreshDelete" },
3668 { 2, "refreshPresent" },
3673 static const ber_choice_t SyncInfoValue_choice[] = {
3674 { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3675 { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete },
3676 { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent },
3677 { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet },
3678 { 0, NULL, 0, 0, 0, NULL }
3682 dissect_ldap_SyncInfoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3683 offset = dissect_ber_choice(actx, tree, tvb, offset,
3684 SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue,
3691 static const value_string ldap_T_warning_vals[] = {
3692 { 0, "timeBeforeExpiration" },
3693 { 1, "graceAuthNsRemaining" },
3697 static const ber_choice_t T_warning_choice[] = {
3698 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3699 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3700 { 0, NULL, 0, 0, 0, NULL }
3704 dissect_ldap_T_warning(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3705 offset = dissect_ber_choice(actx, tree, tvb, offset,
3706 T_warning_choice, hf_index, ett_ldap_T_warning,
3713 static const value_string ldap_T_error_vals[] = {
3714 { 0, "passwordExpired" },
3715 { 1, "accountLocked" },
3716 { 2, "changeAfterReset" },
3717 { 3, "passwordModNotAllowed" },
3718 { 4, "mustSupplyOldPassword" },
3719 { 5, "insufficientPasswordQuality" },
3720 { 6, "passwordTooShort" },
3721 { 7, "passwordTooYoung" },
3722 { 8, "passwordInHistory" },
3728 dissect_ldap_T_error(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3729 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3736 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = {
3737 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning },
3738 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error },
3739 { NULL, 0, 0, 0, NULL }
3743 dissect_ldap_PasswordPolicyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3744 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3745 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue);
3752 static void dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3753 asn1_ctx_t asn1_ctx;
3754 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3755 dissect_ldap_SearchControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU);
3757 static void dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3758 asn1_ctx_t asn1_ctx;
3759 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3760 dissect_ldap_SortKeyList(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU);
3762 static void dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3763 asn1_ctx_t asn1_ctx;
3764 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3765 dissect_ldap_SortResult(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortResult_PDU);
3767 static void dissect_DirSyncControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3768 asn1_ctx_t asn1_ctx;
3769 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3770 dissect_ldap_DirSyncControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_DirSyncControlValue_PDU);
3772 static void dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3773 asn1_ctx_t asn1_ctx;
3774 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3775 dissect_ldap_PasswdModifyRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU);
3777 static void dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3778 asn1_ctx_t asn1_ctx;
3779 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3780 dissect_ldap_CancelRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU);
3782 static void dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3783 asn1_ctx_t asn1_ctx;
3784 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3785 dissect_ldap_SyncRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU);
3787 static void dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3788 asn1_ctx_t asn1_ctx;
3789 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3790 dissect_ldap_SyncStateValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU);
3792 static void dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3793 asn1_ctx_t asn1_ctx;
3794 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3795 dissect_ldap_SyncDoneValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU);
3797 static void dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3798 asn1_ctx_t asn1_ctx;
3799 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3800 dissect_ldap_SyncInfoValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU);
3802 static void dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3803 asn1_ctx_t asn1_ctx;
3804 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3805 dissect_ldap_PasswordPolicyResponseValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU);
3809 /*--- End of included file: packet-ldap-fn.c ---*/
3810 #line 887 "../../asn1/ldap/packet-ldap-template.c"
3811 static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) {
3814 asn1_ctx_t asn1_ctx;
3815 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3817 asn1_ctx.private_data = ldap_info;
3818 offset = dissect_ldap_LDAPMessage(FALSE, tvb, offset, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU);
3823 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3824 proto_tree *tree, ldap_conv_info_t *ldap_info,
3825 gboolean is_mscldap)
3828 guint length_remaining;
3830 int messageOffset = 0;
3831 guint headerLength = 0;
3833 tvbuff_t *msg_tvb = NULL;
3835 gboolean pc, ind = 0;
3838 attributedesc_string=NULL;
3843 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3845 if (length_remaining < 6) return;
3848 * OK, try to read the "Sequence Of" header; this gets the total
3849 * length of the LDAP message.
3851 messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag);
3852 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
3855 if((msg_len<4) || (msg_len>10000000)) return;
3857 if ( (ber_class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
3859 * Add the length of the "Sequence Of" header to the message
3862 headerLength = messageOffset - offset;
3863 msg_len += headerLength;
3864 if (msg_len < headerLength) {
3866 * The message length was probably so large that the total length
3869 * Report this as an error.
3871 show_reported_bounds_error(tvb, pinfo, tree);
3876 * We couldn't parse the header; just make it the amount of data
3877 * remaining in the tvbuff, so we'll give up on this segment
3878 * after attempting to parse the message - there's nothing more
3879 * we can do. "dissect_ldap_message()" will display the error.
3881 msg_len = length_remaining;
3885 * Construct a tvbuff containing the amount of the payload we have
3886 * available. Make its reported length the amount of data in the
3889 * XXX - if reassembly isn't enabled. the subdissector will throw a
3890 * BoundsError exception, rather than a ReportedBoundsError exception.
3891 * We really want a tvbuff where the length is "length", the reported
3892 * length is "plen", and the "if the snapshot length were infinite"
3893 * length is the minimum of the reported length of the tvbuff handed
3894 * to us and "plen", with a new type of exception thrown if the offset
3895 * is within the reported length but beyond that third length, with
3896 * that exception getting the "Unreassembled Packet" error.
3898 length = length_remaining;
3899 if (length > msg_len) length = msg_len;
3900 msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
3903 * Now dissect the LDAP message.
3905 ldap_info->is_mscldap = is_mscldap;
3906 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree, ldap_info);
3910 /* If this was a sasl blob there might be another PDU following in the
3913 if(tvb_length_remaining(tvb, offset)>=6){
3914 tvb = tvb_new_subset_remaining(tvb, offset);
3923 ldap_frame_end(void)
3925 ldap_found_in_frame = FALSE;
3927 ldapvalue_string = NULL;
3929 attributedesc_string = NULL;
3930 Filter_string = NULL;
3931 and_filter_string = NULL;
3932 object_identifier_id = NULL;
3933 or_filter_string = NULL;
3935 substring_item_any = NULL;
3936 substring_item_final = NULL;
3937 substring_item_init = NULL;
3938 substring_value = NULL;
3942 Filter_elements = 0;
3944 do_protocolop = FALSE;
3947 /* seems to be ok, but reset just in case */
3948 matching_rule_string = NULL;
3952 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3955 conversation_t *conversation;
3956 gboolean doing_sasl_security = FALSE;
3957 guint length_remaining;
3958 ldap_conv_info_t *ldap_info = NULL;
3959 proto_item *ldap_item = NULL;
3960 proto_tree *ldap_tree = NULL;
3964 conversation = find_or_create_conversation(pinfo);
3967 * Do we already have a type and mechanism?
3969 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
3970 if (ldap_info == NULL) {
3971 /* No. Attach that information to the conversation, and add
3972 * it to the list of information structures.
3974 ldap_info = g_new0(ldap_conv_info_t,1);
3975 ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
3976 ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3978 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3980 ldap_info->next = ldap_info_items;
3981 ldap_info_items = ldap_info;
3985 switch (ldap_info->auth_type) {
3986 case LDAP_AUTH_SASL:
3988 * It's SASL; are we using a security layer?
3990 if (ldap_info->first_auth_frame != 0 &&
3991 pinfo->fd->num >= ldap_info->first_auth_frame) {
3992 doing_sasl_security = TRUE; /* yes */
3996 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3998 /* It might still be a packet containing a SASL security layer
3999 * but it's just that we never saw the BIND packet.
4000 * check if it looks like it could be a SASL blob here
4001 * and in that case just assume it is GSS-SPNEGO
4003 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
4004 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
4005 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
4006 ldap_info->auth_type=LDAP_AUTH_SASL;
4007 ldap_info->first_auth_frame=pinfo->fd->num;
4008 ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
4009 doing_sasl_security=TRUE;
4013 * This is the first PDU, set the Protocol column and clear the
4016 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
4018 if(ldap_found_in_frame) {
4019 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
4020 col_append_str(pinfo->cinfo, COL_INFO, " | ");
4021 col_set_fence(pinfo->cinfo, COL_INFO);
4023 col_clear(pinfo->cinfo, COL_INFO);
4024 register_frame_end_routine (pinfo, ldap_frame_end);
4025 ldap_found_in_frame = TRUE;
4028 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA);
4029 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
4032 * Might we be doing a SASL security layer and, if so, *are* we doing
4035 * Just because we've seen a bind reply for SASL, that doesn't mean
4036 * that we're using a SASL security layer; I've seen captures in
4037 * which some SASL negotiations lead to a security layer being used
4038 * and other negotiations don't, and it's not obvious what's different
4039 * in the two negotiations. Therefore, we assume that if the first
4040 * byte is 0, it's a length for a SASL security layer (that way, we
4041 * never reassemble more than 16 megabytes, protecting us from
4042 * chewing up *too* much memory), and otherwise that it's an LDAP
4043 * message (actually, if it's an LDAP message it should begin with 0x30,
4044 * but we want to parse garbage as LDAP messages rather than really
4048 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
4049 proto_item *sasl_item = NULL;
4050 proto_tree *sasl_tree = NULL;
4052 guint sasl_len, sasl_msg_len, length;
4054 * Yes. The frame begins with a 4-byte big-endian length.
4055 * And we know we have at least 6 bytes
4059 * Get the SASL length, which is the length of data in the buffer
4060 * following the length (i.e., it's 4 less than the total length).
4062 * XXX - do we need to reassemble buffers? For now, we
4063 * assume that each LDAP message is entirely contained within
4066 sasl_len = tvb_get_ntohl(tvb, offset);
4067 sasl_msg_len = sasl_len + 4;
4068 if (sasl_msg_len < 4) {
4070 * The message length was probably so large that the total length
4073 * Report this as an error.
4075 show_reported_bounds_error(tvb, pinfo, tree);
4080 * Construct a tvbuff containing the amount of the payload we have
4081 * available. Make its reported length the amount of data in the PDU.
4083 * XXX - if reassembly isn't enabled. the subdissector will throw a
4084 * BoundsError exception, rather than a ReportedBoundsError exception.
4085 * We really want a tvbuff where the length is "length", the reported
4086 * length is "plen", and the "if the snapshot length were infinite"
4087 * length is the minimum of the reported length of the tvbuff handed
4088 * to us and "plen", with a new type of exception thrown if the offset
4089 * is within the reported length but beyond that third length, with
4090 * that exception getting the "Unreassembled Packet" error.
4092 length = length_remaining;
4093 if (length > sasl_msg_len) length = sasl_msg_len;
4094 sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
4097 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
4100 sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL Buffer");
4101 sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
4104 if (ldap_info->auth_mech != NULL &&
4105 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
4106 /* auth_mech may have been set from the bind */
4107 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
4108 tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
4113 * This is GSS-API (using SPNEGO, but we should be done with
4114 * the negotiation by now).
4116 * Dissect the GSS_Wrap() token; it'll return the length of
4117 * the token, from which we compute the offset in the tvbuff at
4118 * which the plaintext data, i.e. the LDAP message, begins.
4120 tmp_length = tvb_length_remaining(sasl_tvb, 4);
4121 if ((guint)tmp_length > sasl_len)
4122 tmp_length = sasl_len;
4123 gssapi_tvb = tvb_new_subset(sasl_tvb, 4, tmp_length, sasl_len);
4125 /* Attempt decryption of the GSSAPI wrapped data if possible */
4126 pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
4127 pinfo->gssapi_wrap_tvb=NULL;
4128 pinfo->gssapi_encrypted_tvb=NULL;
4129 pinfo->gssapi_decrypted_tvb=NULL;
4130 ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
4131 /* if we could unwrap, do a tvb shuffle */
4132 if(pinfo->gssapi_decrypted_tvb){
4133 decr_tvb=pinfo->gssapi_decrypted_tvb;
4136 pinfo->decrypt_gssapi_tvb=0;
4137 pinfo->gssapi_wrap_tvb=NULL;
4138 pinfo->gssapi_encrypted_tvb=NULL;
4139 pinfo->gssapi_decrypted_tvb=NULL;
4142 * if len is 0 it probably mean that we got a PDU that is not
4143 * aligned to the start of the segment.
4150 * if we don't have unwrapped data,
4151 * see if the wrapping involved encryption of the
4152 * data; if not, just use the plaintext data.
4155 if(!pinfo->gssapi_data_encrypted){
4156 plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
4161 proto_item *enc_item = NULL;
4162 proto_tree *enc_tree = NULL;
4165 * The LDAP message was encrypted in the packet, and has
4166 * been decrypted; dissect the decrypted LDAP message.
4168 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
4171 enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
4172 "GSS-API Encrypted payload (%d byte%s)",
4174 plurality(sasl_len - ver_len, "", "s"));
4175 enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
4177 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
4178 } else if (plain_tvb) {
4179 proto_item *plain_item = NULL;
4180 proto_tree *plain_tree = NULL;
4183 * The LDAP message wasn't encrypted in the packet;
4184 * dissect the plain LDAP message.
4186 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
4189 plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
4190 "GSS-API payload (%d byte%s)",
4192 plurality(sasl_len - ver_len, "", "s"));
4193 plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
4196 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
4199 * The LDAP message was encrypted in the packet, and was
4200 * not decrypted; just show it as encrypted data.
4202 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
4204 plurality(sasl_len - ver_len, "", "s"));
4207 proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
4208 "GSS-API Encrypted payload (%d byte%s)",
4210 plurality(sasl_len - ver_len, "", "s"));
4215 /* plain LDAP, so dissect the payload */
4216 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
4221 * prepend_dot is no longer used, but is being left in place in order to
4222 * maintain ABI compatibility.
4224 int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int max_len, gboolean prepend_dot _U_)
4229 /* The name data MUST start at offset 0 of the tvb */
4230 compr_len = expand_dns_name(tvb, offset, max_len, 0, &name);
4231 g_strlcpy(str, name, max_len);
4232 return offset + compr_len;
4236 /* These are the cldap DC flags
4237 http://msdn.microsoft.com/en-us/library/cc201036.aspx
4239 static const true_false_string tfs_ads_pdc = {
4243 static const true_false_string tfs_ads_gc = {
4244 "This is a GLOBAL CATALOGUE of forest",
4245 "This is NOT a global catalog of forest"
4247 static const true_false_string tfs_ads_ldap = {
4248 "This is an LDAP server",
4249 "This is NOT an ldap server"
4251 static const true_false_string tfs_ads_ds = {
4252 "This dc supports DS",
4253 "This dc does NOT support ds"
4255 static const true_false_string tfs_ads_kdc = {
4256 "This is a KDC (kerberos)",
4257 "This is NOT a kdc (kerberos)"
4259 static const true_false_string tfs_ads_timeserv = {
4260 "This dc is running TIME SERVICES (ntp)",
4261 "This dc is NOT running time services (ntp)"
4263 static const true_false_string tfs_ads_closest = {
4264 "This server is in the same site as the client",
4265 "This server is NOT in the same site as the client"
4267 static const true_false_string tfs_ads_writable = {
4268 "This dc is WRITABLE",
4269 "This dc is NOT writable"
4271 static const true_false_string tfs_ads_good_timeserv = {
4272 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
4273 "This dc does NOT have a good time service (i.e. no hardware clock)"
4275 static const true_false_string tfs_ads_ndnc = {
4276 "Domain is NON-DOMAIN NC serviced by ldap server",
4277 "Domain is NOT non-domain nc serviced by ldap server"
4279 static const true_false_string tfs_ads_rodc = {
4280 "Domain controller is a Windows 2008 RODC",
4281 "Domain controller is not a Windows 2008 RODC"
4283 static const true_false_string tfs_ads_wdc = {
4284 "Domain controller is a Windows 2008 writable NC",
4285 "Domain controller is not a Windows 2008 writable NC"
4287 static const true_false_string tfs_ads_dns = {
4288 "Server name is in DNS format (Windows 2008)",
4289 "Server name is not in DNS format (Windows 2008)"
4291 static const true_false_string tfs_ads_dnc = {
4292 "The NC is the default NC (Windows 2008)",
4293 "The NC is not the default NC (Windows 2008)"
4295 static const true_false_string tfs_ads_fnc = {
4296 "The NC is the default forest NC(Windows 2008)",
4297 "The NC is not the default forest NC (Windows 2008)"
4299 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
4303 proto_tree *tree=NULL;
4305 header_field_info *hfi;
4306 gboolean one_bit_set = FALSE;
4308 fields[0] = hf_mscldap_netlogon_flags_fnc;
4309 fields[1] = hf_mscldap_netlogon_flags_dnc;
4310 fields[2] = hf_mscldap_netlogon_flags_dns;
4311 fields[3] = hf_mscldap_netlogon_flags_wdc;
4312 fields[4] = hf_mscldap_netlogon_flags_rodc;
4313 fields[5] = hf_mscldap_netlogon_flags_ndnc;
4314 fields[6] = hf_mscldap_netlogon_flags_good_timeserv;
4315 fields[7] = hf_mscldap_netlogon_flags_writable;
4316 fields[8] = hf_mscldap_netlogon_flags_closest;
4317 fields[9] = hf_mscldap_netlogon_flags_timeserv;
4318 fields[10] = hf_mscldap_netlogon_flags_kdc;
4319 fields[11] = hf_mscldap_netlogon_flags_ds;
4320 fields[12] = hf_mscldap_netlogon_flags_ldap;
4321 fields[13] = hf_mscldap_netlogon_flags_gc;
4322 fields[14] = hf_mscldap_netlogon_flags_pdc;
4325 flags=tvb_get_letohl(tvb, offset);
4326 item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4328 tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags);
4331 proto_item_append_text(item, " (");
4333 for(field = fields; *field; field++) {
4334 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
4335 hfi = proto_registrar_get_nth(*field);
4337 if(flags & hfi->bitmask) {
4340 proto_item_append_text(item, ", ");
4344 proto_item_append_text(item, "%s", hfi->name);
4349 proto_item_append_text(item, ")");
4356 static void dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4358 int old_offset, offset=0;
4371 /* Get the length of the buffer */
4372 len=tvb_length_remaining(tvb,offset);
4374 /* check the len if it is to small return */
4375 if (len < 10) return;
4378 proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4379 itype = tvb_get_letohs(tvb, offset);
4382 /* get the version number from the end of the buffer, as the
4383 length is variable and the version determines what fields
4384 need to be decoded */
4386 version = tvb_get_letohl(tvb,len-8);
4390 case LOGON_SAM_LOGON_RESPONSE:
4391 bc = tvb_length_remaining(tvb, offset);
4392 /* logon server name */
4393 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4394 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb,offset, fn_len, fn);
4398 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4399 proto_tree_add_string(tree, hf_mscldap_username, tvb,offset, fn_len, fn);
4403 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4404 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb,offset, fn_len, fn);
4407 /* include the extra version 5 fields */
4408 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){
4411 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4414 /* domain guid part 2
4415 there is another 16 byte guid but this is alway zero, so we will skip it */
4420 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4421 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4425 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4426 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4430 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4431 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4434 proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, tvb_get_ntohl(tvb,offset));
4438 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4444 case LOGON_SAM_LOGON_RESPONSE_EX:
4445 /* MS-ADTS 7.3.1.9 */
4446 offset += 2; /* Skip over "Sbz" field (MUST be set to 0) */
4449 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4452 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, ENC_LITTLE_ENDIAN);
4457 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4458 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4462 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4463 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4467 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4468 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4470 /* NetBIOS Domain */
4472 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4473 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
4475 /* NetBIOS Hostname */
4477 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4478 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
4482 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4483 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
4487 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4488 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
4492 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4493 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
4495 /* include the extra fields for version 5 with IP s */
4496 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){
4497 /* The ip address is returned as a sockaddr_in structure
4499 * This section may need to be updated if the base Windows APIs
4500 * are changed to support ipv6, which currently is not the case.
4502 * The desector assumes the length is based on ipv4 and
4503 * ignores the length
4506 /* skip the length of the sockaddr_in */
4510 /* add IP address and desect the sockaddr_in structure */
4512 old_offset = offset + 4;
4513 item = proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, tvb_get_ipv4(tvb,old_offset));
4516 proto_tree *subtree;
4518 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails);
4520 /* get sockaddr family */
4521 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4524 /* get sockaddr port */
4525 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4528 /* get IP address */
4529 proto_tree_add_ipv4(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, tvb_get_ipv4(tvb,offset));
4532 /* skip the 8 bytes of zeros in the sockaddr structure */
4542 /* complete the decode with the version and token details */
4546 /* NETLOGON_NT_VERISON Options (MS-ADTS 7.3.1.1) */
4547 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
4550 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4554 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4561 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4563 /* sasl encapsulated ldap is 4 bytes plus the length in size */
4564 return tvb_get_ntohl(tvb, offset)+4;
4568 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4570 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4571 return tvb_length(tvb);
4575 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4581 /* normal ldap is tag+len bytes plus the length
4582 * offset is where the tag is
4583 * offset+1 is where length starts
4585 data_offset=get_ber_length(tvb, offset+1, &len, &ind);
4586 return len+data_offset-offset;
4590 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
4592 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4593 return tvb_length(tvb);
4597 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4600 const char *oidname;
4602 /* tvb here contains an ascii string that is really an oid */
4603 /* XXX we should convert the string oid into a real oid so we can use
4604 * proto_tree_add_oid() instead.
4607 oid=tvb_get_string_enc(wmem_packet_scope(), tvb, 0, tvb_length(tvb), ENC_UTF_8|ENC_NA);
4612 oidname=oid_resolved_from_string(oid);
4615 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s (%s)",oid,oidname);
4617 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s",oid);
4621 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
4622 static const true_false_string ldap_AccessMask_ADS_CREATE_CHILD_tfs = {
4623 "ADS CREATE CHILD is SET",
4624 "Ads create child is NOT set",
4627 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
4628 static const true_false_string ldap_AccessMask_ADS_DELETE_CHILD_tfs = {
4629 "ADS DELETE CHILD is SET",
4630 "Ads delete child is NOT set",
4632 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
4633 static const true_false_string ldap_AccessMask_ADS_LIST_tfs = {
4635 "Ads list is NOT set",
4637 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
4638 static const true_false_string ldap_AccessMask_ADS_SELF_WRITE_tfs = {
4639 "ADS SELF WRITE is SET",
4640 "Ads self write is NOT set",
4642 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
4643 static const true_false_string ldap_AccessMask_ADS_READ_PROP_tfs = {
4644 "ADS READ PROP is SET",
4645 "Ads read prop is NOT set",
4647 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
4648 static const true_false_string ldap_AccessMask_ADS_WRITE_PROP_tfs = {
4649 "ADS WRITE PROP is SET",
4650 "Ads write prop is NOT set",
4652 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
4653 static const true_false_string ldap_AccessMask_ADS_DELETE_TREE_tfs = {
4654 "ADS DELETE TREE is SET",
4655 "Ads delete tree is NOT set",
4657 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
4658 static const true_false_string ldap_AccessMask_ADS_LIST_OBJECT_tfs = {
4659 "ADS LIST OBJECT is SET",
4660 "Ads list object is NOT set",
4662 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
4663 static const true_false_string ldap_AccessMask_ADS_CONTROL_ACCESS_tfs = {
4664 "ADS CONTROL ACCESS is SET",
4665 "Ads control access is NOT set",
4669 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
4671 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CONTROL_ACCESS, tvb, offset, 4, access);
4673 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST_OBJECT, tvb, offset, 4, access);
4675 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_TREE, tvb, offset, 4, access);
4677 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_WRITE_PROP, tvb, offset, 4, access);
4679 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_READ_PROP, tvb, offset, 4, access);
4681 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_SELF_WRITE, tvb, offset, 4, access);
4683 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST, tvb, offset, 4, access);
4685 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_CHILD, tvb, offset, 4, access);
4687 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CREATE_CHILD, tvb, offset, 4, access);
4689 struct access_mask_info ldap_access_mask_info = {
4690 "LDAP", /* Name of specific rights */
4691 ldap_specific_rights, /* Dissection function */
4692 NULL, /* Generic mapping table */
4693 NULL /* Standard mapping table */
4697 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4699 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_length(tvb), &ldap_access_mask_info);
4703 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4707 /* this octet string contains an NT SID */
4708 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
4709 ldapvalue_string=tmpstr;
4713 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4715 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4718 /* This octet string contained a GUID */
4719 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
4721 ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
4722 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
4723 uuid.Data1, uuid.Data2, uuid.Data3,
4724 uuid.Data4[0], uuid.Data4[1],
4725 uuid.Data4[2], uuid.Data4[3],
4726 uuid.Data4[4], uuid.Data4[5],
4727 uuid.Data4[6], uuid.Data4[7]);
4731 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
4736 conversation_t *conversation;
4737 ldap_conv_info_t *ldap_info = NULL;
4740 * Do we have a conversation for this connection?
4742 conversation = find_conversation(pinfo->fd->num,
4743 &pinfo->src, &pinfo->dst,
4744 pinfo->ptype, pinfo->srcport,
4745 pinfo->destport, 0);
4747 ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
4752 /* This is a bit tricky. We have to find out whether SASL is used
4753 * so that we know how big a header we are supposed to pass
4754 * to tcp_dissect_pdus()
4755 * We must also cope with the case when a client connects to LDAP
4756 * and performs a few unauthenticated searches of LDAP before
4757 * it performs the bind on the same tcp connection.
4759 /* check for a SASL header, i.e. assume it is SASL if
4760 * 1, first four bytes (SASL length) is an integer
4761 * with a value that must be <LDAP_SASL_MAX_BUF and >2
4762 * (>2 to fight false positives, 0x00000000 is a common
4763 * "random" tcp payload)
4764 * (SASL ldap PDUs might be >64k in size, which is why
4765 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
4767 * 2, we must have a conversation and the auth type must
4770 sasl_len=tvb_get_ntohl(tvb, 0);
4773 goto this_was_not_sasl;
4776 if( sasl_len>LDAP_SASL_MAX_BUF ){
4777 goto this_was_not_sasl;
4780 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
4781 goto this_was_not_sasl;
4784 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4785 return tvb_length(tvb);
4788 /* check if it is a normal BER encoded LDAP packet
4789 * i.e. first byte is 0x30 followed by a length that is
4791 * (no ldap PDUs are ever >64kb? )
4793 if(tvb_get_guint8(tvb, 0)!=0x30){
4794 goto this_was_not_normal_ldap;
4797 /* check that length makes sense */
4798 get_ber_length(tvb, 1, &ldap_len, &ind);
4800 /* dont check ind since indefinite length is never used for ldap (famous last words)*/
4802 goto this_was_not_normal_ldap;
4806 * The minimun size of a LDAP pdu is 7 bytes
4808 * dumpasn1 -hh ldap-unbind-min.dat
4810 * <30 05 02 01 09 42 00>
4815 * 5 0: [APPLICATION 2]
4816 * : Error: Object has zero length.
4819 * dumpasn1 -hh ldap-unbind-windows.dat
4821 * <30 84 00 00 00 05 02 01 09 42 00>
4826 * 9 0: [APPLICATION 2]
4827 * : Error: Object has zero length.
4830 * 6 bytes would also be ok to get the full length of
4831 * the pdu, but as the smallest pdu can be 7 bytes
4834 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data);
4838 this_was_not_normal_ldap:
4840 /* perhaps it was SSL? */
4842 ldap_info->start_tls_frame &&
4843 ( pinfo->fd->num >= ldap_info->start_tls_frame)) {
4845 /* we have started TLS and so this may be an SSL layer */
4846 guint32 old_start_tls_frame;
4848 /* temporarily dissect this port as SSL */
4849 dissector_delete_uint("tcp.port", tcp_port, ldap_handle);
4850 ssl_dissector_add(tcp_port, "ldap", TRUE);
4852 old_start_tls_frame = ldap_info->start_tls_frame;
4853 ldap_info->start_tls_frame = 0; /* make sure we don't call SSL again */
4854 pinfo->can_desegment++; /* ignore this LDAP layer so SSL can use the TCP resegment */
4856 call_dissector(ssl_handle, tvb, pinfo, tree);
4858 ldap_info->start_tls_frame = old_start_tls_frame;
4859 ssl_dissector_delete(tcp_port, "ldap", TRUE);
4861 /* restore ldap as the dissector for this port */
4862 dissector_add_uint("tcp.port", tcp_port, ldap_handle);
4865 return tvb_length(tvb);
4867 /* Ok it might be a strange case of SASL still
4868 * It has been seen with Exchange setup to MS AD
4869 * when Exchange pretend that there is SASL but in fact data are still
4871 if ((sasl_len + 4) == (guint32)tvb_length_remaining(tvb, 0))
4872 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
4874 return tvb_length(tvb);
4878 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4880 dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
4888 ldap_conv_info_t *ldap_info;
4890 /* Free up state attached to the ldap_info structures */
4891 for (ldap_info = ldap_info_items; ldap_info != NULL; ) {
4892 ldap_conv_info_t *next;
4894 g_free(ldap_info->auth_mech);
4895 g_hash_table_destroy(ldap_info->matched);
4896 g_hash_table_destroy(ldap_info->unmatched);
4898 next = ldap_info->next;
4903 ldap_info_items = NULL;
4907 register_ldap_name_dissector_handle(const char *attr_type_p, dissector_handle_t dissector)
4909 dissector_add_string("ldap.name", attr_type_p, dissector);
4913 register_ldap_name_dissector(const char *attr_type_p, dissector_t dissector, int proto)
4915 dissector_handle_t dissector_handle;
4917 dissector_handle=create_dissector_handle(dissector, proto);
4918 register_ldap_name_dissector_handle(attr_type_p, dissector_handle);
4922 /*--- proto_register_ldap -------------------------------------------*/
4923 void proto_register_ldap(void) {
4925 /* List of fields */
4927 static hf_register_info hf[] = {
4929 { &hf_ldap_sasl_buffer_length,
4930 { "SASL Buffer Length", "ldap.sasl_buffer_length",
4931 FT_UINT32, BASE_DEC, NULL, 0x0,
4933 { &hf_ldap_response_in,
4934 { "Response In", "ldap.response_in",
4935 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4936 "The response to this LDAP request is in this frame", HFILL }},
4937 { &hf_ldap_response_to,
4938 { "Response To", "ldap.response_to",
4939 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4940 "This is a response to the LDAP request in this frame", HFILL }},
4942 { "Time", "ldap.time",
4943 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
4944 "The time between the Call and the Reply", HFILL }},
4946 { &hf_mscldap_netlogon_opcode,
4947 { "Operation code", "mscldap.netlogon.opcode",
4948 FT_UINT16, BASE_DEC, VALS(netlogon_opcode_vals), 0x0,
4949 "LDAP ping operation code", HFILL }},
4951 { &hf_mscldap_netlogon_ipaddress_family,
4952 { "Family", "mscldap.netlogon.ipaddress.family",
4953 FT_UINT16, BASE_DEC, NULL, 0x0,
4956 { &hf_mscldap_netlogon_ipaddress_ipv4,
4957 { "IPv4", "mscldap.netlogon.ipaddress.ipv4",
4958 FT_IPv4, BASE_NONE, NULL, 0x0,
4959 "IP Address", HFILL }},
4961 { &hf_mscldap_netlogon_ipaddress_port,
4962 { "Port", "mscldap.netlogon.ipaddress.port",
4963 FT_UINT16, BASE_DEC, NULL, 0x0,
4966 { &hf_mscldap_netlogon_ipaddress,
4967 { "IP Address","mscldap.netlogon.ipaddress",
4968 FT_IPv4, BASE_NONE, NULL, 0x0,
4969 "Domain Controller IP Address", HFILL }},
4971 { &hf_mscldap_netlogon_lm_token,
4972 { "LM Token", "mscldap.netlogon.lm_token",
4973 FT_UINT16, BASE_HEX, NULL, 0x0,
4974 "MUST be set to 0xFFFF", HFILL }},
4976 { &hf_mscldap_netlogon_nt_token,
4977 { "NT Token", "mscldap.netlogon.nt_token",
4978 FT_UINT16, BASE_HEX, NULL, 0x0,
4979 "MUST be set to 0xFFFF", HFILL }},
4981 { &hf_mscldap_netlogon_flags,
4982 { "Flags", "mscldap.netlogon.flags",
4983 FT_UINT32, BASE_HEX, NULL, 0x0,
4984 "Netlogon flags describing the DC properties", HFILL }},
4986 { &hf_mscldap_ntver_flags,
4987 { "Version Flags", "mscldap.ntver.flags",
4988 FT_UINT32, BASE_HEX, NULL, 0x0,
4989 "NETLOGON_NT_VERSION Options Bits", HFILL }},
4991 { &hf_mscldap_domain_guid,
4992 { "Domain GUID", "mscldap.domain.guid",
4993 FT_GUID, BASE_NONE, NULL, 0x0,
4994 "Value of the NC's GUID attribute", HFILL }},
4996 { &hf_mscldap_forest,
4997 { "Forest", "mscldap.forest",
4998 FT_STRING, BASE_NONE, NULL, 0x0,
4999 "DNS name of the forest", HFILL }},
5001 { &hf_mscldap_domain,
5002 { "Domain", "mscldap.domain",
5003 FT_STRING, BASE_NONE, NULL, 0x0,
5004 "DNS name of the NC", HFILL }},
5006 { &hf_mscldap_hostname,
5007 { "Hostname", "mscldap.hostname",
5008 FT_STRING, BASE_NONE, NULL, 0x0,
5009 "DNS name of server", HFILL }},
5011 { &hf_mscldap_nb_domain,
5012 { "NetBIOS Domain", "mscldap.nb_domain",
5013 FT_STRING, BASE_NONE, NULL, 0x0,
5014 "NetBIOS name of the NC", HFILL }},
5016 { &hf_mscldap_nb_hostname,
5017 { "NetBIOS Hostname", "mscldap.nb_hostname",
5018 FT_STRING, BASE_NONE, NULL, 0x0,
5019 "NetBIOS name of the server", HFILL }},
5021 { &hf_mscldap_username,
5022 { "Username", "mscldap.username",
5023 FT_STRING, BASE_NONE, NULL, 0x0,
5024 "User specified in client's request", HFILL }},
5026 { &hf_mscldap_sitename,
5027 { "Server Site", "mscldap.sitename",
5028 FT_STRING, BASE_NONE, NULL, 0x0,
5029 "Site name of the server", HFILL }},
5031 { &hf_mscldap_clientsitename,
5032 { "Client Site", "mscldap.clientsitename",
5033 FT_STRING, BASE_NONE, NULL, 0x0,
5034 "Site name of the client", HFILL }},
5037 { "Sid", "ldap.sid",
5038 FT_STRING, BASE_NONE, NULL, 0x0,
5041 { &hf_mscldap_ntver_flags_v1,
5042 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32,
5043 TFS(&tfs_ntver_v1), 0x00000001, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5045 { &hf_mscldap_ntver_flags_v5,
5046 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32,
5047 TFS(&tfs_ntver_v5), 0x00000002, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5049 { &hf_mscldap_ntver_flags_v5ex,
5050 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32,
5051 TFS(&tfs_ntver_v5ex), 0x00000004, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5053 { &hf_mscldap_ntver_flags_v5ep,
5054 { "V5EP", "mscldap.ntver.searchflags.v5ep", FT_BOOLEAN, 32,
5055 TFS(&tfs_ntver_v5ep), 0x00000008, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5057 { &hf_mscldap_ntver_flags_vcs,
5058 { "VCS", "mscldap.ntver.searchflags.vcs", FT_BOOLEAN, 32,
5059 TFS(&tfs_ntver_vcs), 0x00000010, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5061 { &hf_mscldap_ntver_flags_vnt4,
5062 { "VNT4", "mscldap.ntver.searchflags.vnt4", FT_BOOLEAN, 32,
5063 TFS(&tfs_ntver_vnt4), 0x01000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5065 { &hf_mscldap_ntver_flags_vpdc,
5066 { "VPDC", "mscldap.ntver.searchflags.vpdc", FT_BOOLEAN, 32,
5067 TFS(&tfs_ntver_vpdc), 0x10000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5069 { &hf_mscldap_ntver_flags_vip,
5070 { "VIP", "mscldap.ntver.searchflags.vip", FT_BOOLEAN, 32,
5071 TFS(&tfs_ntver_vip), 0x20000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5073 { &hf_mscldap_ntver_flags_vl,
5074 { "VL", "mscldap.ntver.searchflags.vl", FT_BOOLEAN, 32,
5075 TFS(&tfs_ntver_vl), 0x40000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5077 { &hf_mscldap_ntver_flags_vgc,
5078 { "VGC", "mscldap.ntver.searchflags.vgc", FT_BOOLEAN, 32,
5079 TFS(&tfs_ntver_vgc), 0x80000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
5082 { &hf_mscldap_netlogon_flags_pdc,
5083 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
5084 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
5086 { &hf_mscldap_netlogon_flags_gc,
5087 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
5088 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
5090 { &hf_mscldap_netlogon_flags_ldap,
5091 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
5092 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
5094 { &hf_mscldap_netlogon_flags_ds,
5095 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
5096 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
5098 { &hf_mscldap_netlogon_flags_kdc,
5099 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
5100 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
5102 { &hf_mscldap_netlogon_flags_timeserv,
5103 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
5104 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
5106 { &hf_mscldap_netlogon_flags_closest,
5107 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
5108 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }},
5110 { &hf_mscldap_netlogon_flags_writable,
5111 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
5112 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }},
5114 { &hf_mscldap_netlogon_flags_good_timeserv,
5115 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
5116 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
5118 { &hf_mscldap_netlogon_flags_ndnc,
5119 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
5120 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
5122 { &hf_mscldap_netlogon_flags_rodc,
5123 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32,
5124 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
5126 { &hf_mscldap_netlogon_flags_wdc,
5127 { "WDC", "mscldap.netlogon.flags.writabledc.", FT_BOOLEAN, 32,
5128 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
5130 { &hf_mscldap_netlogon_flags_dns,
5131 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32,
5132 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }},
5134 { &hf_mscldap_netlogon_flags_dnc,
5135 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32,
5136 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }},
5138 { &hf_mscldap_netlogon_flags_fnc,
5139 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32,
5140 TFS(&tfs_ads_fnc), 0x80000000, "Is the the NC the default forest root(Windows 2008)?", HFILL }},
5143 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
5144 NULL, 0, NULL, HFILL }},
5146 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
5147 { "Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CREATE_CHILD_tfs), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }},
5149 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
5150 { "Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_CHILD_tfs), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }},
5152 { &hf_ldap_AccessMask_ADS_LIST,
5153 { "List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_tfs), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }},
5155 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
5156 { "Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_SELF_WRITE_tfs), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }},
5158 { &hf_ldap_AccessMask_ADS_READ_PROP,
5159 { "Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_READ_PROP_tfs), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }},
5161 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
5162 { "Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_WRITE_PROP_tfs), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }},
5164 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
5165 { "Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_TREE_tfs), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }},
5167 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
5168 { "List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_OBJECT_tfs), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }},
5170 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
5171 { "Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CONTROL_ACCESS_tfs), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }},
5173 { &hf_ldap_LDAPMessage_PDU,
5174 { "LDAPMessage", "ldap.LDAPMessage_element", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
5177 /*--- Included file: packet-ldap-hfarr.c ---*/
5178 #line 1 "../../asn1/ldap/packet-ldap-hfarr.c"
5179 { &hf_ldap_SearchControlValue_PDU,
5180 { "SearchControlValue", "ldap.SearchControlValue_element",
5181 FT_NONE, BASE_NONE, NULL, 0,
5183 { &hf_ldap_SortKeyList_PDU,
5184 { "SortKeyList", "ldap.SortKeyList",
5185 FT_UINT32, BASE_DEC, NULL, 0,
5187 { &hf_ldap_SortResult_PDU,
5188 { "SortResult", "ldap.SortResult_element",
5189 FT_NONE, BASE_NONE, NULL, 0,
5191 { &hf_ldap_DirSyncControlValue_PDU,
5192 { "DirSyncControlValue", "ldap.DirSyncControlValue_element",
5193 FT_NONE, BASE_NONE, NULL, 0,
5195 { &hf_ldap_PasswdModifyRequestValue_PDU,
5196 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue_element",
5197 FT_NONE, BASE_NONE, NULL, 0,
5199 { &hf_ldap_CancelRequestValue_PDU,
5200 { "CancelRequestValue", "ldap.CancelRequestValue_element",
5201 FT_NONE, BASE_NONE, NULL, 0,
5203 { &hf_ldap_SyncRequestValue_PDU,
5204 { "SyncRequestValue", "ldap.SyncRequestValue_element",
5205 FT_NONE, BASE_NONE, NULL, 0,
5207 { &hf_ldap_SyncStateValue_PDU,
5208 { "SyncStateValue", "ldap.SyncStateValue_element",
5209 FT_NONE, BASE_NONE, NULL, 0,
5211 { &hf_ldap_SyncDoneValue_PDU,
5212 { "SyncDoneValue", "ldap.SyncDoneValue_element",
5213 FT_NONE, BASE_NONE, NULL, 0,
5215 { &hf_ldap_SyncInfoValue_PDU,
5216 { "SyncInfoValue", "ldap.SyncInfoValue",
5217 FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0,
5219 { &hf_ldap_PasswordPolicyResponseValue_PDU,
5220 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue_element",
5221 FT_NONE, BASE_NONE, NULL, 0,
5223 { &hf_ldap_messageID,
5224 { "messageID", "ldap.messageID",
5225 FT_UINT32, BASE_DEC, NULL, 0,
5227 { &hf_ldap_protocolOp,
5228 { "protocolOp", "ldap.protocolOp",
5229 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
5231 { &hf_ldap_controls,
5232 { "controls", "ldap.controls",
5233 FT_UINT32, BASE_DEC, NULL, 0,
5235 { &hf_ldap_bindRequest,
5236 { "bindRequest", "ldap.bindRequest_element",
5237 FT_NONE, BASE_NONE, NULL, 0,
5239 { &hf_ldap_bindResponse,
5240 { "bindResponse", "ldap.bindResponse_element",
5241 FT_NONE, BASE_NONE, NULL, 0,
5243 { &hf_ldap_unbindRequest,
5244 { "unbindRequest", "ldap.unbindRequest_element",
5245 FT_NONE, BASE_NONE, NULL, 0,
5247 { &hf_ldap_searchRequest,
5248 { "searchRequest", "ldap.searchRequest_element",
5249 FT_NONE, BASE_NONE, NULL, 0,
5251 { &hf_ldap_searchResEntry,
5252 { "searchResEntry", "ldap.searchResEntry_element",
5253 FT_NONE, BASE_NONE, NULL, 0,
5254 "SearchResultEntry", HFILL }},
5255 { &hf_ldap_searchResDone,
5256 { "searchResDone", "ldap.searchResDone_element",
5257 FT_NONE, BASE_NONE, NULL, 0,
5258 "SearchResultDone", HFILL }},
5259 { &hf_ldap_searchResRef,
5260 { "searchResRef", "ldap.searchResRef",
5261 FT_UINT32, BASE_DEC, NULL, 0,
5262 "SearchResultReference", HFILL }},
5263 { &hf_ldap_modifyRequest,
5264 { "modifyRequest", "ldap.modifyRequest_element",
5265 FT_NONE, BASE_NONE, NULL, 0,
5267 { &hf_ldap_modifyResponse,
5268 { "modifyResponse", "ldap.modifyResponse_element",
5269 FT_NONE, BASE_NONE, NULL, 0,
5271 { &hf_ldap_addRequest,
5272 { "addRequest", "ldap.addRequest_element",
5273 FT_NONE, BASE_NONE, NULL, 0,
5275 { &hf_ldap_addResponse,
5276 { "addResponse", "ldap.addResponse_element",
5277 FT_NONE, BASE_NONE, NULL, 0,
5279 { &hf_ldap_delRequest,
5280 { "delRequest", "ldap.delRequest",
5281 FT_STRING, BASE_NONE, NULL, 0,
5283 { &hf_ldap_delResponse,
5284 { "delResponse", "ldap.delResponse_element",
5285 FT_NONE, BASE_NONE, NULL, 0,
5287 { &hf_ldap_modDNRequest,
5288 { "modDNRequest", "ldap.modDNRequest_element",
5289 FT_NONE, BASE_NONE, NULL, 0,
5290 "ModifyDNRequest", HFILL }},
5291 { &hf_ldap_modDNResponse,
5292 { "modDNResponse", "ldap.modDNResponse_element",
5293 FT_NONE, BASE_NONE, NULL, 0,
5294 "ModifyDNResponse", HFILL }},
5295 { &hf_ldap_compareRequest,
5296 { "compareRequest", "ldap.compareRequest_element",
5297 FT_NONE, BASE_NONE, NULL, 0,
5299 { &hf_ldap_compareResponse,
5300 { "compareResponse", "ldap.compareResponse_element",
5301 FT_NONE, BASE_NONE, NULL, 0,
5303 { &hf_ldap_abandonRequest,
5304 { "abandonRequest", "ldap.abandonRequest",
5305 FT_UINT32, BASE_DEC, NULL, 0,
5307 { &hf_ldap_extendedReq,
5308 { "extendedReq", "ldap.extendedReq_element",
5309 FT_NONE, BASE_NONE, NULL, 0,
5310 "ExtendedRequest", HFILL }},
5311 { &hf_ldap_extendedResp,
5312 { "extendedResp", "ldap.extendedResp_element",
5313 FT_NONE, BASE_NONE, NULL, 0,
5314 "ExtendedResponse", HFILL }},
5315 { &hf_ldap_intermediateResponse,
5316 { "intermediateResponse", "ldap.intermediateResponse_element",
5317 FT_NONE, BASE_NONE, NULL, 0,
5319 { &hf_ldap_AttributeDescriptionList_item,
5320 { "AttributeDescription", "ldap.AttributeDescription",
5321 FT_STRING, BASE_NONE, NULL, 0,
5323 { &hf_ldap_attributeDesc,
5324 { "attributeDesc", "ldap.attributeDesc",
5325 FT_STRING, BASE_NONE, NULL, 0,
5326 "AttributeDescription", HFILL }},
5327 { &hf_ldap_assertionValue,
5328 { "assertionValue", "ldap.assertionValue",
5329 FT_STRING, BASE_NONE, NULL, 0,
5332 { "type", "ldap.type",
5333 FT_STRING, BASE_NONE, NULL, 0,
5334 "AttributeDescription", HFILL }},
5336 { "vals", "ldap.vals",
5337 FT_UINT32, BASE_DEC, NULL, 0,
5338 "SET_OF_AttributeValue", HFILL }},
5339 { &hf_ldap_vals_item,
5340 { "AttributeValue", "ldap.AttributeValue",
5341 FT_BYTES, BASE_NONE, NULL, 0,
5343 { &hf_ldap_resultCode,
5344 { "resultCode", "ldap.resultCode",
5345 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
5347 { &hf_ldap_matchedDN,
5348 { "matchedDN", "ldap.matchedDN",
5349 FT_STRING, BASE_NONE, NULL, 0,
5351 { &hf_ldap_errorMessage,
5352 { "errorMessage", "ldap.errorMessage",
5353 FT_STRING, BASE_NONE, NULL, 0,
5355 { &hf_ldap_referral,
5356 { "referral", "ldap.referral",
5357 FT_UINT32, BASE_DEC, NULL, 0,
5359 { &hf_ldap_Referral_item,
5360 { "LDAPURL", "ldap.LDAPURL",
5361 FT_STRING, BASE_NONE, NULL, 0,
5363 { &hf_ldap_Controls_item,
5364 { "Control", "ldap.Control_element",
5365 FT_NONE, BASE_NONE, NULL, 0,
5367 { &hf_ldap_controlType,
5368 { "controlType", "ldap.controlType",
5369 FT_STRING, BASE_NONE, NULL, 0,
5371 { &hf_ldap_criticality,
5372 { "criticality", "ldap.criticality",
5373 FT_BOOLEAN, BASE_NONE, NULL, 0,
5374 "BOOLEAN", HFILL }},
5375 { &hf_ldap_controlValue,
5376 { "controlValue", "ldap.controlValue",
5377 FT_BYTES, BASE_NONE, NULL, 0,
5380 { "version", "ldap.version",
5381 FT_UINT32, BASE_DEC, NULL, 0,
5382 "INTEGER_1_127", HFILL }},
5384 { "name", "ldap.name",
5385 FT_STRING, BASE_NONE, NULL, 0,
5387 { &hf_ldap_authentication,
5388 { "authentication", "ldap.authentication",
5389 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
5390 "AuthenticationChoice", HFILL }},
5392 { "simple", "ldap.simple",
5393 FT_BYTES, BASE_NONE, NULL, 0,
5396 { "sasl", "ldap.sasl_element",
5397 FT_NONE, BASE_NONE, NULL, 0,
5398 "SaslCredentials", HFILL }},
5399 { &hf_ldap_ntlmsspNegotiate,
5400 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
5401 FT_BYTES, BASE_NONE, NULL, 0,
5403 { &hf_ldap_ntlmsspAuth,
5404 { "ntlmsspAuth", "ldap.ntlmsspAuth",
5405 FT_BYTES, BASE_NONE, NULL, 0,
5407 { &hf_ldap_mechanism,
5408 { "mechanism", "ldap.mechanism",
5409 FT_STRING, BASE_NONE, NULL, 0,
5411 { &hf_ldap_credentials,
5412 { "credentials", "ldap.credentials",
5413 FT_BYTES, BASE_NONE, NULL, 0,
5415 { &hf_ldap_bindResponse_resultCode,
5416 { "resultCode", "ldap.resultCode",
5417 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
5418 "BindResponse_resultCode", HFILL }},
5419 { &hf_ldap_bindResponse_matchedDN,
5420 { "matchedDN", "ldap.matchedDN",
5421 FT_STRING, BASE_NONE, NULL, 0,
5422 "T_bindResponse_matchedDN", HFILL }},
5423 { &hf_ldap_serverSaslCreds,
5424 { "serverSaslCreds", "ldap.serverSaslCreds",
5425 FT_BYTES, BASE_NONE, NULL, 0,
5427 { &hf_ldap_baseObject,
5428 { "baseObject", "ldap.baseObject",
5429 FT_STRING, BASE_NONE, NULL, 0,
5432 { "scope", "ldap.scope",
5433 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
5435 { &hf_ldap_derefAliases,
5436 { "derefAliases", "ldap.derefAliases",
5437 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
5439 { &hf_ldap_sizeLimit,
5440 { "sizeLimit", "ldap.sizeLimit",
5441 FT_UINT32, BASE_DEC, NULL, 0,
5442 "INTEGER_0_maxInt", HFILL }},
5443 { &hf_ldap_timeLimit,
5444 { "timeLimit", "ldap.timeLimit",
5445 FT_UINT32, BASE_DEC, NULL, 0,
5446 "INTEGER_0_maxInt", HFILL }},
5447 { &hf_ldap_typesOnly,
5448 { "typesOnly", "ldap.typesOnly",
5449 FT_BOOLEAN, BASE_NONE, NULL, 0,
5450 "BOOLEAN", HFILL }},
5452 { "filter", "ldap.filter",
5453 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5455 { &hf_ldap_searchRequest_attributes,
5456 { "attributes", "ldap.attributes",
5457 FT_UINT32, BASE_DEC, NULL, 0,
5458 "AttributeDescriptionList", HFILL }},
5460 { "and", "ldap.and",
5461 FT_UINT32, BASE_DEC, NULL, 0,
5463 { &hf_ldap_and_item,
5464 { "and item", "ldap.and_item",
5465 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5469 FT_UINT32, BASE_DEC, NULL, 0,
5472 { "or item", "ldap.or_item",
5473 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5476 { "not", "ldap.not",
5477 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5479 { &hf_ldap_equalityMatch,
5480 { "equalityMatch", "ldap.equalityMatch_element",
5481 FT_NONE, BASE_NONE, NULL, 0,
5483 { &hf_ldap_substrings,
5484 { "substrings", "ldap.substrings_element",
5485 FT_NONE, BASE_NONE, NULL, 0,
5486 "SubstringFilter", HFILL }},
5487 { &hf_ldap_greaterOrEqual,
5488 { "greaterOrEqual", "ldap.greaterOrEqual_element",
5489 FT_NONE, BASE_NONE, NULL, 0,
5491 { &hf_ldap_lessOrEqual,
5492 { "lessOrEqual", "ldap.lessOrEqual_element",
5493 FT_NONE, BASE_NONE, NULL, 0,
5496 { "present", "ldap.present",
5497 FT_STRING, BASE_NONE, NULL, 0,
5499 { &hf_ldap_approxMatch,
5500 { "approxMatch", "ldap.approxMatch_element",
5501 FT_NONE, BASE_NONE, NULL, 0,
5503 { &hf_ldap_extensibleMatch,
5504 { "extensibleMatch", "ldap.extensibleMatch_element",
5505 FT_NONE, BASE_NONE, NULL, 0,
5507 { &hf_ldap_substringFilter_substrings,
5508 { "substrings", "ldap.substrings",
5509 FT_UINT32, BASE_DEC, NULL, 0,
5510 "T_substringFilter_substrings", HFILL }},
5511 { &hf_ldap_substringFilter_substrings_item,
5512 { "substrings item", "ldap.substrings_item",
5513 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
5514 "T_substringFilter_substrings_item", HFILL }},
5516 { "initial", "ldap.initial",
5517 FT_STRING, BASE_NONE, NULL, 0,
5518 "LDAPString", HFILL }},
5520 { "any", "ldap.any",
5521 FT_STRING, BASE_NONE, NULL, 0,
5522 "LDAPString", HFILL }},
5524 { "final", "ldap.final",
5525 FT_STRING, BASE_NONE, NULL, 0,
5526 "LDAPString", HFILL }},
5527 { &hf_ldap_matchingRule,
5528 { "matchingRule", "ldap.matchingRule",
5529 FT_STRING, BASE_NONE, NULL, 0,
5530 "MatchingRuleId", HFILL }},
5531 { &hf_ldap_matchValue,
5532 { "matchValue", "ldap.matchValue",
5533 FT_STRING, BASE_NONE, NULL, 0,
5534 "AssertionValue", HFILL }},
5535 { &hf_ldap_dnAttributes,
5536 { "dnAttributes", "ldap.dnAttributes",
5537 FT_BOOLEAN, BASE_NONE, NULL, 0,
5539 { &hf_ldap_objectName,
5540 { "objectName", "ldap.objectName",
5541 FT_STRING, BASE_NONE, NULL, 0,
5543 { &hf_ldap_searchResultEntry_attributes,
5544 { "attributes", "ldap.attributes",
5545 FT_UINT32, BASE_DEC, NULL, 0,
5546 "PartialAttributeList", HFILL }},
5547 { &hf_ldap_PartialAttributeList_item,
5548 { "PartialAttributeList item", "ldap.PartialAttributeList_item_element",
5549 FT_NONE, BASE_NONE, NULL, 0,
5551 { &hf_ldap__untag_item,
5552 { "LDAPURL", "ldap.LDAPURL",
5553 FT_STRING, BASE_NONE, NULL, 0,
5556 { "object", "ldap.object",
5557 FT_STRING, BASE_NONE, NULL, 0,
5559 { &hf_ldap_modifyRequest_modification,
5560 { "modification", "ldap.modification",
5561 FT_UINT32, BASE_DEC, NULL, 0,
5562 "ModifyRequest_modification", HFILL }},
5563 { &hf_ldap_modifyRequest_modification_item,
5564 { "modification item", "ldap.modification_item_element",
5565 FT_NONE, BASE_NONE, NULL, 0,
5566 "T_modifyRequest_modification_item", HFILL }},
5567 { &hf_ldap_operation,
5568 { "operation", "ldap.operation",
5569 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
5571 { &hf_ldap_modification,
5572 { "modification", "ldap.modification_element",
5573 FT_NONE, BASE_NONE, NULL, 0,
5574 "AttributeTypeAndValues", HFILL }},
5576 { "entry", "ldap.entry",
5577 FT_STRING, BASE_NONE, NULL, 0,
5579 { &hf_ldap_attributes,
5580 { "attributes", "ldap.attributes",
5581 FT_UINT32, BASE_DEC, NULL, 0,
5582 "AttributeList", HFILL }},
5583 { &hf_ldap_AttributeList_item,
5584 { "AttributeList item", "ldap.AttributeList_item_element",
5585 FT_NONE, BASE_NONE, NULL, 0,
5588 { "newrdn", "ldap.newrdn",
5589 FT_STRING, BASE_NONE, NULL, 0,
5590 "RelativeLDAPDN", HFILL }},
5591 { &hf_ldap_deleteoldrdn,
5592 { "deleteoldrdn", "ldap.deleteoldrdn",
5593 FT_BOOLEAN, BASE_NONE, NULL, 0,
5594 "BOOLEAN", HFILL }},
5595 { &hf_ldap_newSuperior,
5596 { "newSuperior", "ldap.newSuperior",
5597 FT_STRING, BASE_NONE, NULL, 0,
5600 { "ava", "ldap.ava_element",
5601 FT_NONE, BASE_NONE, NULL, 0,
5602 "AttributeValueAssertion", HFILL }},
5603 { &hf_ldap_requestName,
5604 { "requestName", "ldap.requestName",
5605 FT_STRING, BASE_NONE, NULL, 0,
5606 "LDAPOID", HFILL }},
5607 { &hf_ldap_requestValue,
5608 { "requestValue", "ldap.requestValue",
5609 FT_BYTES, BASE_NONE, NULL, 0,
5611 { &hf_ldap_extendedResponse_resultCode,
5612 { "resultCode", "ldap.resultCode",
5613 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
5614 "ExtendedResponse_resultCode", HFILL }},
5615 { &hf_ldap_responseName,
5616 { "responseName", "ldap.responseName",
5617 FT_STRING, BASE_NONE, NULL, 0,
5619 { &hf_ldap_response,
5620 { "response", "ldap.response",
5621 FT_BYTES, BASE_NONE, NULL, 0,
5622 "OCTET_STRING", HFILL }},
5623 { &hf_ldap_intermediateResponse_responseValue,
5624 { "responseValue", "ldap.responseValue",
5625 FT_BYTES, BASE_NONE, NULL, 0,
5626 "T_intermediateResponse_responseValue", HFILL }},
5628 { "size", "ldap.size",
5629 FT_INT32, BASE_DEC, NULL, 0,
5630 "INTEGER", HFILL }},
5632 { "cookie", "ldap.cookie",
5633 FT_BYTES, BASE_NONE, NULL, 0,
5634 "OCTET_STRING", HFILL }},
5635 { &hf_ldap_SortKeyList_item,
5636 { "SortKeyList item", "ldap.SortKeyList_item_element",
5637 FT_NONE, BASE_NONE, NULL, 0,
5639 { &hf_ldap_attributeType,
5640 { "attributeType", "ldap.attributeType",
5641 FT_STRING, BASE_NONE, NULL, 0,
5642 "AttributeDescription", HFILL }},
5643 { &hf_ldap_orderingRule,
5644 { "orderingRule", "ldap.orderingRule",
5645 FT_STRING, BASE_NONE, NULL, 0,
5646 "MatchingRuleId", HFILL }},
5647 { &hf_ldap_reverseOrder,
5648 { "reverseOrder", "ldap.reverseOrder",
5649 FT_BOOLEAN, BASE_NONE, NULL, 0,
5650 "BOOLEAN", HFILL }},
5651 { &hf_ldap_sortResult,
5652 { "sortResult", "ldap.sortResult",
5653 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
5656 { "flags", "ldap.flags",
5657 FT_INT32, BASE_DEC, NULL, 0,
5658 "DirSyncFlags", HFILL }},
5659 { &hf_ldap_maxBytes,
5660 { "maxBytes", "ldap.maxBytes",
5661 FT_INT32, BASE_DEC, NULL, 0,
5662 "INTEGER", HFILL }},
5663 { &hf_ldap_userIdentity,
5664 { "userIdentity", "ldap.userIdentity",
5665 FT_BYTES, BASE_NONE, NULL, 0,
5666 "OCTET_STRING", HFILL }},
5667 { &hf_ldap_oldPasswd,
5668 { "oldPasswd", "ldap.oldPasswd",
5669 FT_BYTES, BASE_NONE, NULL, 0,
5670 "OCTET_STRING", HFILL }},
5671 { &hf_ldap_newPasswd,
5672 { "newPasswd", "ldap.newPasswd",
5673 FT_BYTES, BASE_NONE, NULL, 0,
5674 "OCTET_STRING", HFILL }},
5675 { &hf_ldap_cancelID,
5676 { "cancelID", "ldap.cancelID",
5677 FT_UINT32, BASE_DEC, NULL, 0,
5678 "MessageID", HFILL }},
5680 { "mode", "ldap.mode",
5681 FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0,
5683 { &hf_ldap_reloadHint,
5684 { "reloadHint", "ldap.reloadHint",
5685 FT_BOOLEAN, BASE_NONE, NULL, 0,
5686 "BOOLEAN", HFILL }},
5688 { "state", "ldap.state",
5689 FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0,
5691 { &hf_ldap_entryUUID,
5692 { "entryUUID", "ldap.entryUUID",
5693 FT_BYTES, BASE_NONE, NULL, 0,
5694 "SyncUUID", HFILL }},
5695 { &hf_ldap_refreshDeletes,
5696 { "refreshDeletes", "ldap.refreshDeletes",
5697 FT_BOOLEAN, BASE_NONE, NULL, 0,
5698 "BOOLEAN", HFILL }},
5699 { &hf_ldap_newcookie,
5700 { "newcookie", "ldap.newcookie",
5701 FT_BYTES, BASE_NONE, NULL, 0,
5702 "OCTET_STRING", HFILL }},
5703 { &hf_ldap_refreshDelete,
5704 { "refreshDelete", "ldap.refreshDelete_element",
5705 FT_NONE, BASE_NONE, NULL, 0,
5707 { &hf_ldap_refreshDone,
5708 { "refreshDone", "ldap.refreshDone",
5709 FT_BOOLEAN, BASE_NONE, NULL, 0,
5710 "BOOLEAN", HFILL }},
5711 { &hf_ldap_refreshPresent,
5712 { "refreshPresent", "ldap.refreshPresent_element",
5713 FT_NONE, BASE_NONE, NULL, 0,
5715 { &hf_ldap_syncIdSet,
5716 { "syncIdSet", "ldap.syncIdSet_element",
5717 FT_NONE, BASE_NONE, NULL, 0,
5719 { &hf_ldap_syncUUIDs,
5720 { "syncUUIDs", "ldap.syncUUIDs",
5721 FT_UINT32, BASE_DEC, NULL, 0,
5722 "SET_OF_SyncUUID", HFILL }},
5723 { &hf_ldap_syncUUIDs_item,
5724 { "SyncUUID", "ldap.SyncUUID",
5725 FT_BYTES, BASE_NONE, NULL, 0,
5728 { "warning", "ldap.warning",
5729 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0,
5731 { &hf_ldap_timeBeforeExpiration,
5732 { "timeBeforeExpiration", "ldap.timeBeforeExpiration",
5733 FT_UINT32, BASE_DEC, NULL, 0,
5734 "INTEGER_0_maxInt", HFILL }},
5735 { &hf_ldap_graceAuthNsRemaining,
5736 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining",
5737 FT_UINT32, BASE_DEC, NULL, 0,
5738 "INTEGER_0_maxInt", HFILL }},
5740 { "error", "ldap.error",
5741 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0,
5744 /*--- End of included file: packet-ldap-hfarr.c ---*/
5745 #line 2253 "../../asn1/ldap/packet-ldap-template.c"
5748 /* List of subtrees */
5749 static gint *ett[] = {
5752 &ett_ldap_sasl_blob,
5754 &ett_mscldap_netlogon_flags,
5755 &ett_mscldap_ntver_flags,
5756 &ett_mscldap_ipdetails,
5757 &ett_ldap_DirSyncFlagsSubEntry,
5760 /*--- Included file: packet-ldap-ettarr.c ---*/
5761 #line 1 "../../asn1/ldap/packet-ldap-ettarr.c"
5762 &ett_ldap_LDAPMessage,
5763 &ett_ldap_ProtocolOp,
5764 &ett_ldap_AttributeDescriptionList,
5765 &ett_ldap_AttributeValueAssertion,
5766 &ett_ldap_Attribute,
5767 &ett_ldap_SET_OF_AttributeValue,
5768 &ett_ldap_LDAPResult,
5772 &ett_ldap_BindRequest_U,
5773 &ett_ldap_AuthenticationChoice,
5774 &ett_ldap_SaslCredentials,
5775 &ett_ldap_BindResponse_U,
5776 &ett_ldap_SearchRequest_U,
5780 &ett_ldap_SubstringFilter,
5781 &ett_ldap_T_substringFilter_substrings,
5782 &ett_ldap_T_substringFilter_substrings_item,
5783 &ett_ldap_MatchingRuleAssertion,
5784 &ett_ldap_SearchResultEntry_U,
5785 &ett_ldap_PartialAttributeList,
5786 &ett_ldap_PartialAttributeList_item,
5787 &ett_ldap_SEQUENCE_OF_LDAPURL,
5788 &ett_ldap_ModifyRequest_U,
5789 &ett_ldap_ModifyRequest_modification,
5790 &ett_ldap_T_modifyRequest_modification_item,
5791 &ett_ldap_AttributeTypeAndValues,
5792 &ett_ldap_AddRequest_U,
5793 &ett_ldap_AttributeList,
5794 &ett_ldap_AttributeList_item,
5795 &ett_ldap_ModifyDNRequest_U,
5796 &ett_ldap_CompareRequest_U,
5797 &ett_ldap_ExtendedRequest_U,
5798 &ett_ldap_ExtendedResponse_U,
5799 &ett_ldap_IntermediateResponse_U,
5800 &ett_ldap_SearchControlValue,
5801 &ett_ldap_SortKeyList,
5802 &ett_ldap_SortKeyList_item,
5803 &ett_ldap_SortResult,
5804 &ett_ldap_DirSyncControlValue,
5805 &ett_ldap_PasswdModifyRequestValue,
5806 &ett_ldap_CancelRequestValue,
5807 &ett_ldap_SyncRequestValue,
5808 &ett_ldap_SyncStateValue,
5809 &ett_ldap_SyncDoneValue,
5810 &ett_ldap_SyncInfoValue,
5811 &ett_ldap_T_refreshDelete,
5812 &ett_ldap_T_refreshPresent,
5813 &ett_ldap_T_syncIdSet,
5814 &ett_ldap_SET_OF_SyncUUID,
5815 &ett_ldap_PasswordPolicyResponseValue,
5816 &ett_ldap_T_warning,
5818 /*--- End of included file: packet-ldap-ettarr.c ---*/
5819 #line 2267 "../../asn1/ldap/packet-ldap-template.c"
5821 /* UAT for header fields */
5822 static uat_field_t custom_attribute_types_uat_fields[] = {
5823 UAT_FLD_CSTRING(attribute_types, attribute_type, "Attribute type", "Attribute type"),
5824 UAT_FLD_CSTRING(attribute_types, attribute_desc, "Description", "Description of the value matching type"),
5828 static ei_register_info ei[] = {
5829 { &ei_ldap_exceeded_filter_length, { "ldap.exceeded_filter_length", PI_UNDECODED, PI_ERROR, "Filter length exceeds number. Giving up", EXPFILL }},
5830 { &ei_ldap_too_many_filter_elements, { "ldap.too_many_filter_elements", PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", EXPFILL }},
5833 expert_module_t* expert_ldap;
5834 module_t *ldap_module;
5835 uat_t *attributes_uat;
5837 /* Register protocol */
5838 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
5839 /* Register fields and subtrees */
5840 proto_register_field_array(proto_ldap, hf, array_length(hf));
5841 proto_register_subtree_array(ett, array_length(ett));
5842 expert_ldap = expert_register_protocol(proto_ldap);
5843 expert_register_field_array(expert_ldap, ei, array_length(ei));
5845 new_register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
5847 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
5848 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
5849 "Reassemble LDAP messages spanning multiple TCP segments",
5850 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
5851 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5854 prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
5855 "Set the port for LDAP operations",
5856 10, &global_ldap_tcp_port);
5858 prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port",
5859 "Set the port for LDAP operations over SSL",
5860 10, &global_ldaps_tcp_port);
5862 attributes_uat = uat_new("Custom LDAP AttributeValue types",
5863 sizeof(attribute_type_t),
5864 "custom_ldap_attribute_types",
5866 (void**) &attribute_types,
5867 &num_attribute_types,
5868 /* specifies named fields, so affects dissection
5869 and the set of named fields */
5870 UAT_AFFECTS_DISSECTION|UAT_AFFECTS_FIELDS,
5872 attribute_types_copy_cb,
5873 attribute_types_update_cb,
5874 attribute_types_free_cb,
5875 attribute_types_initialize_cb,
5876 custom_attribute_types_uat_fields);
5878 prefs_register_uat_preference(ldap_module, "custom_ldap_attribute_types",
5879 "Custom AttributeValue types",
5880 "A table to define custom LDAP attribute type values for which fields can be setup and used for filtering/data extraction etc.",
5883 prefs_register_obsolete_preference(ldap_module, "max_pdu");
5885 proto_cldap = proto_register_protocol(
5886 "Connectionless Lightweight Directory Access Protocol",
5889 register_init_routine(ldap_reinit);
5890 ldap_tap=register_tap("ldap");
5892 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", FT_STRING, BASE_NONE);
5897 /*--- proto_reg_handoff_ldap ---------------------------------------*/
5899 proto_reg_handoff_ldap(void)
5901 dissector_handle_t cldap_handle;
5902 ldap_handle = find_dissector("ldap");
5904 dissector_add_uint("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
5906 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
5907 dissector_add_uint("udp.port", UDP_PORT_CLDAP, cldap_handle);
5909 gssapi_handle = find_dissector("gssapi");
5910 gssapi_wrap_handle = find_dissector("gssapi_verf");
5911 spnego_handle = find_dissector("spnego");
5913 ntlmssp_handle = find_dissector("ntlmssp");
5915 ssl_handle = find_dissector("ssl");
5917 prefs_register_ldap();
5919 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
5920 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
5921 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
5922 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
5923 oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
5924 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
5925 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
5926 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
5927 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
5928 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
5929 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
5930 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
5931 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
5932 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
5933 oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
5934 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
5935 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
5936 oid_add_from_string("None","1.2.840.113556.1.4.970");
5937 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
5938 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
5939 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
5940 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
5941 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
5942 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
5943 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
5944 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
5945 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
5946 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
5947 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
5948 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
5949 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
5950 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
5951 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
5952 oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
5953 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
5954 oid_add_from_string("LDAP_CONTROL_VLVREQUEST VLV","2.16.840.1.113730.3.4.9");
5955 oid_add_from_string("LDAP_CONTROL_VLVRESPONSE VLV","2.16.840.1.113730.3.4.10");
5956 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852");
5957 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802");
5958 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907");
5959 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948");
5961 register_ldap_name_dissector("netlogon", dissect_NetLogon_PDU, proto_cldap);
5962 register_ldap_name_dissector("objectGUID", dissect_ldap_guid, proto_ldap);
5963 register_ldap_name_dissector("supportedControl", dissect_ldap_oid, proto_ldap);
5964 register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap);
5965 register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap);
5966 register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap);
5969 /*--- Included file: packet-ldap-dis-tab.c ---*/
5970 #line 1 "../../asn1/ldap/packet-ldap-dis-tab.c"
5971 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
5972 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
5973 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
5974 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "dirsync");
5975 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
5976 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
5977 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
5978 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
5979 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
5980 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
5981 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
5984 /*--- End of included file: packet-ldap-dis-tab.c ---*/
5985 #line 2416 "../../asn1/ldap/packet-ldap-template.c"
5991 prefs_register_ldap(void)
5994 if(tcp_port != global_ldap_tcp_port) {
5996 dissector_delete_uint("tcp.port", tcp_port, ldap_handle);
5998 /* Set our port number for future use */
5999 tcp_port = global_ldap_tcp_port;
6002 dissector_add_uint("tcp.port", tcp_port, ldap_handle);
6006 if(ssl_port != global_ldaps_tcp_port) {
6008 ssl_dissector_delete(ssl_port, "ldap", TRUE);
6010 /* Set our port number for future use */
6011 ssl_port = global_ldaps_tcp_port;
6014 ssl_dissector_add(ssl_port, "ldap", TRUE);