/* Do not modify this file. Changes will be overwritten. */
/* Generated automatically by the ASN.1 to Wireshark dissector compiler */
/* packet-ldap.c */
-/* ../../tools/asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../../epan/dissectors Lightweight-Directory-Access-Protocol-V3.asn */
+/* asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . -O ../.. Lightweight-Directory-Access-Protocol-V3.asn */
/* Input file: packet-ldap-template.c */
-#line 1 "../../asn1/ldap/packet-ldap-template.c"
+#line 1 "./asn1/ldap/packet-ldap-template.c"
/* packet-ldap-template.c
* Routines for ldap packet dissection
*
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * SPDX-License-Identifier: GPL-2.0-or-later
*/
/*
/*
* 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
- * Updated cldap_netlogon_flags to include Windows 2008 flags
- * Expanded the ntver ldap option with bit field
+ * Updated cldap_netlogon_flags to include Windows 2008 flags
+ * Expanded the ntver ldap option with bit field
*
* Gary Reynolds <gazzadownunder@yahoo.co.uk>
*/
#include <epan/conversation.h>
#include <epan/prefs.h>
#include <epan/tap.h>
+#include <epan/srt_table.h>
#include <epan/oids.h>
#include <epan/strutil.h>
#include <epan/show_exception.h>
#include <epan/asn1.h>
#include <epan/expert.h>
#include <epan/uat.h>
+#include <wsutil/str_util.h>
#include "packet-frame.h"
#include "packet-tcp.h"
#include "packet-windows-common.h"
#include "packet-ldap.h"
#include "packet-ntlmssp.h"
-#include "packet-ssl.h"
-#include "packet-ssl-utils.h"
+#include "packet-tls.h"
+#include "packet-tls-utils.h"
#include "packet-smb-common.h"
+#include "packet-gssapi.h"
#include "packet-ber.h"
#include "packet-per.h"
/*--- Included file: packet-ldap-hf.c ---*/
-#line 1 "../../asn1/ldap/packet-ldap-hf.c"
+#line 1 "./asn1/ldap/packet-ldap-hf.c"
static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
static int hf_ldap_SortResult_PDU = -1; /* SortResult */
static int hf_ldap_error = -1; /* T_error */
/*--- End of included file: packet-ldap-hf.c ---*/
-#line 192 "../../asn1/ldap/packet-ldap-template.c"
+#line 183 "./asn1/ldap/packet-ldap-template.c"
/* Initialize the subtree pointers */
static gint ett_ldap = -1;
/*--- Included file: packet-ldap-ett.c ---*/
-#line 1 "../../asn1/ldap/packet-ldap-ett.c"
+#line 1 "./asn1/ldap/packet-ldap-ett.c"
static gint ett_ldap_LDAPMessage = -1;
static gint ett_ldap_ProtocolOp = -1;
static gint ett_ldap_AttributeDescriptionList = -1;
static gint ett_ldap_T_warning = -1;
/*--- End of included file: packet-ldap-ett.c ---*/
-#line 204 "../../asn1/ldap/packet-ldap-template.c"
+#line 195 "./asn1/ldap/packet-ldap-template.c"
static expert_field ei_ldap_exceeded_filter_length = EI_INIT;
static expert_field ei_ldap_too_many_filter_elements = EI_INIT;
static gboolean is_binary_attr_type = FALSE;
static gboolean ldap_found_in_frame = FALSE;
-#define TCP_PORT_LDAP 389
-#define TCP_PORT_LDAPS 636
-#define UDP_PORT_CLDAP 389
-#define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
+#define TCP_PORT_RANGE_LDAP "389,3268" /* 3268 is Windows 2000 Global Catalog */
+#define TCP_PORT_LDAPS 636
+#define UDP_PORT_CLDAP 389
/* desegmentation of LDAP */
static gboolean ldap_desegment = TRUE;
-static guint global_ldap_tcp_port = TCP_PORT_LDAP;
static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
-static guint tcp_port = 0;
static guint ssl_port = 0;
static dissector_handle_t gssapi_handle;
static dissector_handle_t gssapi_wrap_handle;
static dissector_handle_t ntlmssp_handle;
static dissector_handle_t spnego_handle;
-static dissector_handle_t ssl_handle;
+static dissector_handle_t tls_handle;
static dissector_handle_t ldap_handle ;
static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
/* different types of rpc calls ontop of ms cldap */
-#define MSCLDAP_RPC_NETLOGON 1
+#define MSCLDAP_RPC_NETLOGON 1
/* Message type Choice values */
static const value_string ldap_ProtocolOp_choice_vals[] = {
{ 0, NULL }
};
+/* Procedure names (used in Service Response Time */
+const value_string ldap_procedure_names[] = {
+ { 0, "Bind" },
+ { 3, "Search" },
+ { 6, "Modify" },
+ { 8, "Add" },
+ { 10, "Delete" },
+ { 12, "Modrdn" },
+ { 14, "Compare" },
+ { 23, "Extended" },
+ { 0, NULL }
+};
+
#define LOGON_PRIMARY_QUERY 7
#define LOGON_PRIMARY_RESPONSE 12
#define LOGON_SAM_LOGON_REQUEST 18
#define LOGON_SAM_USER_UNKNOWN_EX 25
static const value_string netlogon_opcode_vals[] = {
- { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" },
- { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" },
- { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" },
- { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" },
- { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" },
- { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" },
- { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" },
- { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" },
- { 0, NULL }
+ { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" },
+ { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" },
+ { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" },
+ { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" },
+ { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" },
+ { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" },
+ { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" },
+ { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" },
+ { 0, NULL }
};
+#define LDAP_NUM_PROCEDURES 24
+
+static void
+ldapstat_init(struct register_srt* srt _U_, GArray* srt_array)
+{
+ srt_stat_table *ldap_srt_table;
+ guint32 i;
+
+ ldap_srt_table = init_srt_table("LDAP Commands", NULL, srt_array, LDAP_NUM_PROCEDURES, NULL, "ldap.protocolOp", NULL);
+ for (i = 0; i < LDAP_NUM_PROCEDURES; i++)
+ {
+ init_srt_table_row(ldap_srt_table, i, val_to_str_const(i, ldap_procedure_names, "<unknown>"));
+ }
+}
+
+static int
+ldapstat_packet(void *pldap, packet_info *pinfo, epan_dissect_t *edt _U_, const void *psi)
+{
+ guint i = 0;
+ srt_stat_table *ldap_srt_table;
+ const ldap_call_response_t *ldap=(const ldap_call_response_t *)psi;
+ srt_data_t *data = (srt_data_t *)pldap;
+
+ /* we are only interested in reply packets */
+ if(ldap->is_request){
+ return 0;
+ }
+ /* if we havnt seen the request, just ignore it */
+ if(!ldap->req_frame){
+ return 0;
+ }
+
+ /* only use the commands we know how to handle */
+ switch(ldap->protocolOpTag){
+ case LDAP_REQ_BIND:
+ case LDAP_REQ_SEARCH:
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_DELETE:
+ case LDAP_REQ_MODRDN:
+ case LDAP_REQ_COMPARE:
+ case LDAP_REQ_EXTENDED:
+ break;
+ default:
+ return 0;
+ }
+
+ ldap_srt_table = g_array_index(data->srt_array, srt_stat_table*, i);
+
+ add_srt_table_data(ldap_srt_table, ldap->protocolOpTag, &ldap->req_time, pinfo);
+ return 1;
+}
+
/*
* Data structure attached to a conversation, giving authentication
* information from a bind request.
- * We keep a linked list of them, so that we can free up all the
- * authentication mechanism strings.
*/
typedef struct ldap_conv_info_t {
- struct ldap_conv_info_t *next;
- guint auth_type; /* authentication type */
- char *auth_mech; /* authentication mechanism */
- guint32 first_auth_frame; /* first frame that would use a security layer */
- GHashTable *unmatched;
- GHashTable *matched;
+ guint auth_type; /* authentication type */
+ char *auth_mech; /* authentication mechanism */
+ guint32 first_auth_frame; /* first frame that would use a security layer */
+ wmem_map_t *unmatched;
+ wmem_map_t *matched;
gboolean is_mscldap;
guint32 num_results;
gboolean start_tls_pending;
guint32 start_tls_frame;
} ldap_conv_info_t;
-static ldap_conv_info_t *ldap_info_items;
static guint
ldap_info_hash_matched(gconstpointer k)
/* These are the NtVer flags
- http://msdn.microsoft.com/en-us/library/cc201035.aspx
+ http://msdn.microsoft.com/en-us/library/cc201035.aspx
*/
static const true_false_string tfs_ntver_v1 = {
- "Client requested version 1 netlogon response",
- "Version 1 netlogon response not requested"
+ "Client requested version 1 netlogon response",
+ "Version 1 netlogon response not requested"
};
static const true_false_string tfs_ntver_v5 = {
- "Client requested version 5 netlogon response",
- "Version 5 netlogon response not requested"
+ "Client requested version 5 netlogon response",
+ "Version 5 netlogon response not requested"
};
static const true_false_string tfs_ntver_v5ex = {
- "Client requested version 5 extended netlogon response",
- "Version 5 extended response not requested"
+ "Client requested version 5 extended netlogon response",
+ "Version 5 extended response not requested"
};
static const true_false_string tfs_ntver_v5ep = {
- "Client has requested IP address of the server",
- "IP address of server not requested"
+ "Client has requested IP address of the server",
+ "IP address of server not requested"
};
static const true_false_string tfs_ntver_vcs = {
- "Client has asked for the closest site information",
- "Closest site information not requested"
+ "Client has asked for the closest site information",
+ "Closest site information not requested"
};
static const true_false_string tfs_ntver_vnt4 = {
- "Client is requesting server to avoid NT4 emulation",
- "Only full AD DS requested"
+ "Client is requesting server to avoid NT4 emulation",
+ "Only full AD DS requested"
};
static const true_false_string tfs_ntver_vpdc = {
- "Client has requested the Primary Domain Controller",
- "Primary Domain Controller not requested"
+ "Client has requested the Primary Domain Controller",
+ "Primary Domain Controller not requested"
};
static const true_false_string tfs_ntver_vip = {
- "Client has requested IP details (obsolete)",
- "IP details not requested (obsolete)"
+ "Client has requested IP details (obsolete)",
+ "IP details not requested (obsolete)"
};
static const true_false_string tfs_ntver_vl = {
- "Client indicated that it is the local machine",
- "Client is not the local machine"
+ "Client indicated that it is the local machine",
+ "Client is not the local machine"
};static const true_false_string tfs_ntver_vgc = {
- "Client has requested a Global Catalog server",
- "Global Catalog not requested"
+ "Client has requested a Global Catalog server",
+ "Global Catalog not requested"
};
/* Stuff for generation/handling of fields for custom AttributeValues */
gchar* attribute_desc;
} attribute_type_t;
-static attribute_type_t* attribute_types = NULL;
-static guint num_attribute_types = 0;
+static attribute_type_t* attribute_types;
+static guint num_attribute_types;
-static GHashTable* attribute_types_hash = NULL;
+static GHashTable* attribute_types_hash;
+static hf_register_info* dynamic_hf;
+static guint dynamic_hf_size;
-static void
+static gboolean
attribute_types_update_cb(void *r, char **err)
{
attribute_type_t *rec = (attribute_type_t *)r;
if (rec->attribute_type == NULL) {
*err = g_strdup("Attribute type can't be empty");
- return;
+ return FALSE;
}
g_strstrip(rec->attribute_type);
if (rec->attribute_type[0] == 0) {
*err = g_strdup("Attribute type can't be empty");
- return;
+ return FALSE;
}
/* Check for invalid characters (to avoid asserting out when
c = proto_check_field_name(rec->attribute_type);
if (c) {
*err = g_strdup_printf("Attribute type can't contain '%c'", c);
- return;
+ return FALSE;
}
*err = NULL;
+ return TRUE;
}
static void *
{
attribute_type_t* rec = (attribute_type_t*)r;
- if (rec->attribute_type) g_free(rec->attribute_type);
- if (rec->attribute_desc) g_free(rec->attribute_desc);
+ g_free(rec->attribute_type);
+ g_free(rec->attribute_desc);
}
UAT_CSTRING_CB_DEF(attribute_types, attribute_type, attribute_type_t)
*
*/
static void
-attribute_types_initialize_cb(void)
+deregister_attribute_types(void)
{
- static hf_register_info* hf;
- gint* hf_id;
- guint i;
- gchar* attribute_type;
-
- if (attribute_types_hash && hf) {
- guint hf_size = g_hash_table_size (attribute_types_hash);
- /* Unregister all fields */
- for (i = 0; i < hf_size; i++) {
- proto_unregister_field (proto_ldap, *(hf[i].p_id));
- g_free (hf[i].p_id);
+ if (dynamic_hf) {
+ /* Deregister all fields */
+ for (guint i = 0; i < dynamic_hf_size; i++) {
+ proto_deregister_field (proto_ldap, *(dynamic_hf[i].p_id));
+ g_free (dynamic_hf[i].p_id);
}
+
+ proto_add_deregistered_data (dynamic_hf);
+ dynamic_hf = NULL;
+ dynamic_hf_size = 0;
+ }
+
+ if (attribute_types_hash) {
g_hash_table_destroy (attribute_types_hash);
- proto_add_deregistered_data (hf);
attribute_types_hash = NULL;
}
+}
+
+static void
+attribute_types_post_update_cb(void)
+{
+ gint* hf_id;
+ gchar* attribute_type;
+
+ deregister_attribute_types();
if (num_attribute_types) {
attribute_types_hash = g_hash_table_new(g_str_hash, g_str_equal);
- hf = g_new0(hf_register_info,num_attribute_types);
+ dynamic_hf = g_new0(hf_register_info,num_attribute_types);
+ dynamic_hf_size = num_attribute_types;
- for (i = 0; i < num_attribute_types; i++) {
+ for (guint i = 0; i < dynamic_hf_size; i++) {
hf_id = g_new(gint,1);
*hf_id = -1;
attribute_type = g_strdup(attribute_types[i].attribute_type);
- hf[i].p_id = hf_id;
- hf[i].hfinfo.name = attribute_type;
- hf[i].hfinfo.abbrev = g_strdup_printf("ldap.AttributeValue.%s", attribute_type);
- hf[i].hfinfo.type = FT_STRING;
- hf[i].hfinfo.display = BASE_NONE;
- hf[i].hfinfo.strings = NULL;
- hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc);
- hf[i].hfinfo.same_name_prev_id = -1;
- hf[i].hfinfo.same_name_next = NULL;
+ dynamic_hf[i].p_id = hf_id;
+ dynamic_hf[i].hfinfo.name = attribute_type;
+ dynamic_hf[i].hfinfo.abbrev = g_strdup_printf("ldap.AttributeValue.%s", attribute_type);
+ dynamic_hf[i].hfinfo.type = FT_STRING;
+ dynamic_hf[i].hfinfo.display = BASE_NONE;
+ dynamic_hf[i].hfinfo.strings = NULL;
+ dynamic_hf[i].hfinfo.bitmask = 0;
+ dynamic_hf[i].hfinfo.blurb = g_strdup(attribute_types[i].attribute_desc);
+ HFILL_INIT(dynamic_hf[i]);
g_hash_table_insert(attribute_types_hash, attribute_type, hf_id);
}
- proto_register_field_array(proto_ldap, hf, num_attribute_types);
+ proto_register_field_array(proto_ldap, dynamic_hf, dynamic_hf_size);
}
}
+static void
+attribute_types_reset_cb(void)
+{
+ deregister_attribute_types();
+}
+
/* MS-ADTS specification, section 7.3.1.1, NETLOGON_NT_VERSION Options Bits */
static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
- guint32 flags;
- proto_item *item;
- proto_tree *tree=NULL;
- guint *field;
- header_field_info *hfi;
- gboolean one_bit_set = FALSE;
- guint fields[11];
- fields[0] = hf_mscldap_ntver_flags_v1;
- fields[1] = hf_mscldap_ntver_flags_v5;
- fields[2] = hf_mscldap_ntver_flags_v5ex;
- fields[3] = hf_mscldap_ntver_flags_v5ep;
- fields[4] = hf_mscldap_ntver_flags_vcs;
- fields[5] = hf_mscldap_ntver_flags_vnt4;
- fields[6] = hf_mscldap_ntver_flags_vpdc;
- fields[7] = hf_mscldap_ntver_flags_vip;
- fields[8] = hf_mscldap_ntver_flags_vl;
- fields[9] = hf_mscldap_ntver_flags_vgc;
- fields[10] = 0;
-
-
- flags=tvb_get_letohl(tvb, offset);
- item=proto_tree_add_item(parent_tree, hf_mscldap_ntver_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
- if(parent_tree){
- tree = proto_item_add_subtree(item, ett_mscldap_ntver_flags);
- }
-
- proto_item_append_text(item, " (");
-
- for(field = fields; *field; field++) {
- proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
- hfi = proto_registrar_get_nth(*field);
-
- if(flags & hfi->bitmask) {
-
- if(one_bit_set)
- proto_item_append_text(item, ", ");
- else
- one_bit_set = TRUE;
-
- proto_item_append_text(item, "%s", hfi->name);
-
- }
- }
-
- proto_item_append_text(item, ")");
+ static const int * flags[] = {
+ &hf_mscldap_ntver_flags_v1,
+ &hf_mscldap_ntver_flags_v5,
+ &hf_mscldap_ntver_flags_v5ex,
+ &hf_mscldap_ntver_flags_v5ep,
+ &hf_mscldap_ntver_flags_vcs,
+ &hf_mscldap_ntver_flags_vnt4,
+ &hf_mscldap_ntver_flags_vpdc,
+ &hf_mscldap_ntver_flags_vip,
+ &hf_mscldap_ntver_flags_vl,
+ &hf_mscldap_ntver_flags_vgc,
+ NULL
+ };
+ proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_ntver_flags,
+ ett_mscldap_ntver_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
offset += 4;
return offset;
static int
dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
{
- gint8 ber_class;
- gboolean pc, ind, is_ascii;
- gint32 tag;
- guint32 len, i;
- const guchar *str;
-
- if(!implicit_tag){
- offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
- offset=get_ber_length(tvb, offset, &len, &ind);
- } else {
- len=tvb_reported_length_remaining(tvb,offset);
- }
-
- if(len==0){
- return offset;
- }
-
-
- /*
- * Some special/wellknown attributes in common LDAP (read AD)
- * are neither ascii strings nor blobs of hex data.
- * Special case these attributes and decode them more nicely.
- *
- * Add more special cases as required to prettify further
- * (there can't be that many ones that are truly interesting)
- */
- if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
- tvbuff_t *sid_tvb;
- char *tmpstr;
-
- /* this octet string contains an NT SID */
- sid_tvb=tvb_new_subset_length(tvb, offset, len);
- dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
- ldapvalue_string=tmpstr;
-
- goto finished;
- } else if ( (len==16) /* GUIDs are always 16 bytes */
- && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
- guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
- e_uuid_t uuid;
-
- /* This octet string contained a GUID */
- dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
-
- ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
- g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- uuid.Data1, uuid.Data2, uuid.Data3,
- uuid.Data4[0], uuid.Data4[1],
- uuid.Data4[2], uuid.Data4[3],
- uuid.Data4[4], uuid.Data4[5],
- uuid.Data4[6], uuid.Data4[7]);
-
- goto finished;
- } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
- guint32 flags;
-
- len = 0;
- /* get flag value to populate ldapvalue_string */
- flags=tvb_get_letohl(tvb, offset);
-
- ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
- g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
-
- /* populate bitmask subtree */
- offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
-
- goto finished;
-
-
- }
-
- /*
- * It was not one of our "wellknown" attributes so make the best
- * we can and just try to see if it is an ascii string or if it
- * is a binary blob.
- *
- * XXX - should we support reading RFC 2252-style schemas
- * for LDAP, and using that to determine how to display
- * attribute values and assertion values?
- *
- * -- I don't think there are full schemas available that describe the
- * interesting cases i.e. AD -- ronnie
- */
- str=tvb_get_ptr(tvb, offset, len);
- is_ascii=TRUE;
- for(i=0;i<len;i++){
- if(!g_ascii_isprint(str[i])){
- is_ascii=FALSE;
- break;
- }
- }
-
- /* convert the string into a printable string */
- if(is_ascii){
- ldapvalue_string=wmem_strndup(wmem_packet_scope(), str, len);
- } else {
- ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 3*len);
- for(i=0;i<len;i++){
- g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
- ldapvalue_string[3*i+2]=':';
- }
- ldapvalue_string[3*len-1]=0;
- }
-
- proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
+ gint8 ber_class;
+ gboolean pc, ind, is_ascii;
+ gint32 tag;
+ guint32 len;
+
+ if(!implicit_tag){
+ offset=get_ber_identifier(tvb, offset, &ber_class, &pc, &tag);
+ offset=get_ber_length(tvb, offset, &len, &ind);
+ } else {
+ len=tvb_reported_length_remaining(tvb,offset);
+ }
+
+ if(len==0){
+ return offset;
+ }
+
+
+ /*
+ * Some special/wellknown attributes in common LDAP (read AD)
+ * are neither ascii strings nor blobs of hex data.
+ * Special case these attributes and decode them more nicely.
+ *
+ * Add more special cases as required to prettify further
+ * (there can't be that many ones that are truly interesting)
+ */
+ if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
+ tvbuff_t *sid_tvb;
+ char *tmpstr;
+
+ /* this octet string contains an NT SID */
+ sid_tvb=tvb_new_subset_length(tvb, offset, len);
+ dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
+ ldapvalue_string=tmpstr;
+
+ goto finished;
+ } else if ( (len==16) /* GUIDs are always 16 bytes */
+ && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
+ guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
+ e_guid_t uuid;
+
+ /* This octet string contained a GUID */
+ dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
+
+ ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
+ g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+ uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
+ uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
+ uuid.data4[6], uuid.data4[7]);
+
+ goto finished;
+ } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
+ guint32 flags;
+
+ len = 0;
+ /* get flag value to populate ldapvalue_string */
+ flags=tvb_get_letohl(tvb, offset);
+
+ ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
+ g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
+
+ /* populate bitmask subtree */
+ offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
+
+ goto finished;
+
+
+ }
+
+ /*
+ * It was not one of our "wellknown" attributes so make the best
+ * we can and just try to see if it is an ascii string or if it
+ * is a binary blob.
+ *
+ * XXX - should we support reading RFC 2252-style schemas
+ * for LDAP, and using that to determine how to display
+ * attribute values and assertion values?
+ *
+ * -- I don't think there are full schemas available that describe the
+ * interesting cases i.e. AD -- ronnie
+ */
+ is_ascii=tvb_ascii_isprint(tvb, offset, len);
+
+ /* convert the string into a printable string */
+ if(is_ascii){
+ ldapvalue_string= tvb_get_string_enc(wmem_packet_scope(), tvb, offset, len, ENC_ASCII);
+ } else {
+ ldapvalue_string= tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset, len, ':');
+ }
+
+ proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
finished:
- offset+=len;
- return offset;
+ offset+=len;
+ return offset;
}
/* This string contains the last Filter item that was decoded */
{
const gchar* valstr;
- if (do_protocolop) {
+ if (do_protocolop) {
valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
case LDAP_REQ_COMPARE:
case LDAP_REQ_EXTENDED:
lcr.is_request=TRUE;
- lcr.req_frame=pinfo->fd->num;
+ lcr.req_frame=pinfo->num;
lcr.rep_frame=0;
break;
case LDAP_RES_BIND:
case LDAP_RES_INTERMEDIATE:
lcr.is_request=FALSE;
lcr.req_frame=0;
- lcr.rep_frame=pinfo->fd->num;
+ lcr.rep_frame=pinfo->num;
break;
default:
return NULL;
}
- lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->matched, &lcr);
+ lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->matched, &lcr);
if(lcrp){
} else {
- /* we haven't found a match - try and match it up */
+ /* we haven't found a match - try and match it up */
switch(protocolOpTag){
case LDAP_REQ_BIND:
case LDAP_REQ_COMPARE:
case LDAP_REQ_EXTENDED:
- /* this a a request - add it to the unmatched list */
+ /* this a a request - add it to the unmatched list */
/* check that we don't already have one of those in the
unmatched list and if so remove it */
lcr.messageId=messageId;
- lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->unmatched, &lcr);
+ lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr);
if(lcrp){
- g_hash_table_remove(ldap_info->unmatched, lcrp);
+ wmem_map_remove(ldap_info->unmatched, lcrp);
}
/* if we can't reuse the old one, grab a new chunk */
if(!lcrp){
lcrp=wmem_new0(wmem_file_scope(), ldap_call_response_t);
}
lcrp->messageId=messageId;
- lcrp->req_frame=pinfo->fd->num;
- lcrp->req_time=pinfo->fd->abs_ts;
+ lcrp->req_frame=pinfo->num;
+ lcrp->req_time=pinfo->abs_ts;
lcrp->rep_frame=0;
lcrp->protocolOpTag=protocolOpTag;
lcrp->is_request=TRUE;
- g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
+ wmem_map_insert(ldap_info->unmatched, lcrp, lcrp);
return NULL;
break;
case LDAP_RES_BIND:
case LDAP_RES_EXTENDED:
case LDAP_RES_INTERMEDIATE:
- /* this is a result - it should be in our unmatched list */
+ /* this is a result - it should be in our unmatched list */
lcr.messageId=messageId;
- lcrp=(ldap_call_response_t *)g_hash_table_lookup(ldap_info->unmatched, &lcr);
+ lcrp=(ldap_call_response_t *)wmem_map_lookup(ldap_info->unmatched, &lcr);
if(lcrp){
if(!lcrp->rep_frame){
- g_hash_table_remove(ldap_info->unmatched, lcrp);
- lcrp->rep_frame=pinfo->fd->num;
+ wmem_map_remove(ldap_info->unmatched, lcrp);
+ lcrp->rep_frame=pinfo->num;
lcrp->is_request=FALSE;
- g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
+ wmem_map_insert(ldap_info->matched, lcrp, lcrp);
}
}
break;
- }
+ }
- }
+ }
/* we have found a match */
if(lcrp){
nstime_t ns;
it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
PROTO_ITEM_SET_GENERATED(it);
- nstime_delta(&ns, &pinfo->fd->abs_ts, &lcrp->req_time);
+ nstime_delta(&ns, &pinfo->abs_ts, &lcrp->req_time);
it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
PROTO_ITEM_SET_GENERATED(it);
}
/*--- Included file: packet-ldap-fn.c ---*/
-#line 1 "../../asn1/ldap/packet-ldap-fn.c"
+#line 1 "./asn1/ldap/packet-ldap-fn.c"
/*--- Cyclic dependencies ---*/
/* Filter -> Filter/and -> Filter/and/_item -> Filter */
static int
dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 90 "../../asn1/ldap/ldap.cnf"
+#line 91 "./asn1/ldap/ldap.cnf"
- offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+ offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&MessageID);
static int
dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 300 "../../asn1/ldap/ldap.cnf"
- tvbuff_t *parameter_tvb = NULL;
- const char *ldapstring = NULL;
- gchar *sc = NULL; /* semi-colon pointer */
+#line 301 "./asn1/ldap/ldap.cnf"
+ tvbuff_t *parameter_tvb = NULL;
+ const char *ldapstring = NULL;
+ gchar *sc = NULL; /* semi-colon pointer */
- offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+ offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
¶meter_tvb);
if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
- ldap_do_protocolop(actx->pinfo);
-
- if(parameter_tvb)
- ldapstring = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
-
- if(hf_index == hf_ldap_baseObject) {
- /* this is search - put it on the scanline */
- if(!ldapstring || !*ldapstring)
- ldapstring = "<ROOT>";
-
- col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
-
- if(ldm_tree)
- proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
+ ldap_do_protocolop(actx->pinfo);
+ if(parameter_tvb)
+ ldapstring = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
- if(!parameter_tvb) {
+ if(hf_index == hf_ldap_baseObject) {
+ /* this is search - put it on the scanline */
+ if(!ldapstring || !*ldapstring)
+ ldapstring = "<ROOT>";
- proto_item_append_text(actx->created_item, " (%s)", ldapstring);
- }
+ col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
- } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
- col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
+ if(ldm_tree)
+ proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
- if(ldm_tree)
- proto_item_append_text(ldm_tree, " (%s)", ldapstring);
- } else if ((hf_index == hf_ldap_objectName) ||
- (hf_index == hf_ldap_name) ||
- (hf_index == hf_ldap_entry) ||
- (hf_index == hf_ldap_object) ||
- (hf_index == hf_ldap_delRequest) ) {
+ if(!parameter_tvb) {
- if(!ldapstring || !*ldapstring)
- ldapstring = "<ROOT>";
+ proto_item_append_text(actx->created_item, " (%s)", ldapstring);
+ }
- col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
+ } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
+ col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
if(ldm_tree)
- proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
- } else if (hf_index == hf_ldap_attributeDesc){
- /* remember the attribute description */
- attributedesc_string=ldapstring;
- } else if (hf_index == hf_ldap_initial){
- /* remember the substring item */
- substring_item_init=ldapstring;
- } else if (hf_index == hf_ldap_any){
- /* remember the substring item */
- substring_item_any=ldapstring;
- } else if (hf_index == hf_ldap_final){
- /* remember the substring item */
- substring_item_final=ldapstring;
- } else if (hf_index == hf_ldap_matchingRule){
- /* remember the matching rule */
- matching_rule_string=ldapstring;
- } else if (hf_index == hf_ldap_present){
- /* remember the present name */
- Filter_string=ldapstring;
- } else if (hf_index == hf_ldap_type) {
- /* remember attribute type name */
- attr_type = wmem_strdup(wmem_packet_scope(), ldapstring);
-
- /* append it to the parent entry */
- proto_item_append_text(tree, " %s", attr_type);
-
- /* remove the ";binary" component if present */
- if((sc = strchr(attr_type, ';')) != NULL) {
- if(!strcmp(sc, ";binary")) {
- *sc = '\0'; /* terminate the string */
- is_binary_attr_type = TRUE;
- }
- } else {
- is_binary_attr_type = FALSE;
- }
-
- }
+ proto_item_append_text(ldm_tree, " (%s)", ldapstring);
+
+ } else if ((hf_index == hf_ldap_objectName) ||
+ (hf_index == hf_ldap_name) ||
+ (hf_index == hf_ldap_entry) ||
+ (hf_index == hf_ldap_object) ||
+ (hf_index == hf_ldap_delRequest) ) {
+
+ if(!ldapstring || !*ldapstring)
+ ldapstring = "<ROOT>";
+
+ col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
+
+ if(ldm_tree)
+ proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
+ } else if (hf_index == hf_ldap_attributeDesc){
+ /* remember the attribute description */
+ attributedesc_string=ldapstring;
+ } else if (hf_index == hf_ldap_initial){
+ /* remember the substring item */
+ substring_item_init=ldapstring;
+ } else if (hf_index == hf_ldap_any){
+ /* remember the substring item */
+ substring_item_any=ldapstring;
+ } else if (hf_index == hf_ldap_final){
+ /* remember the substring item */
+ substring_item_final=ldapstring;
+ } else if (hf_index == hf_ldap_matchingRule){
+ /* remember the matching rule */
+ matching_rule_string=ldapstring;
+ } else if (hf_index == hf_ldap_present){
+ /* remember the present name */
+ Filter_string=ldapstring;
+ } else if (hf_index == hf_ldap_type) {
+ /* remember attribute type name */
+ attr_type = wmem_strdup(wmem_packet_scope(), ldapstring);
+
+ /* append it to the parent entry */
+ proto_item_append_text(tree, " %s", attr_type);
+
+ /* remove the ";binary" component if present */
+ if((sc = strchr(attr_type, ';')) != NULL) {
+ if(!strcmp(sc, ";binary")) {
+ *sc = '\0'; /* terminate the string */
+ is_binary_attr_type = TRUE;
+ }
+ } else {
+ is_binary_attr_type = FALSE;
+ }
+ }
}
static int
dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 147 "../../asn1/ldap/ldap.cnf"
+#line 148 "./asn1/ldap/ldap.cnf"
ldap_conv_info_t *ldap_info;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
NULL);
- ldap_info = (ldap_conv_info_t *)actx->private_data;
- ldap_info->auth_type = LDAP_AUTH_SIMPLE;
+ ldap_info = (ldap_conv_info_t *)actx->private_data;
+ ldap_info->auth_type = LDAP_AUTH_SIMPLE;
static int
dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 155 "../../asn1/ldap/ldap.cnf"
+#line 156 "./asn1/ldap/ldap.cnf"
ldap_conv_info_t *ldap_info;
-tvbuff_t *parameter_tvb;
+tvbuff_t *parameter_tvb;
char *mechanism = NULL;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
¶meter_tvb);
- ldap_info = (ldap_conv_info_t *)actx->private_data;
- ldap_info->auth_type = LDAP_AUTH_SASL;
+ ldap_info = (ldap_conv_info_t *)actx->private_data;
+ ldap_info->auth_type = LDAP_AUTH_SASL;
- if (!parameter_tvb)
- return offset;
+ if (!parameter_tvb)
+ return offset;
+ /*
+ * We need to remember the authentication type and mechanism for this
+ * conversation.
+ *
+ * XXX - actually, we might need to remember more than one
+ * type and mechanism, if you can unbind and rebind with a
+ * different type and/or mechanism.
+ */
+ if(!actx->pinfo->fd->flags.visited) {
+ mechanism = tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
+ ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
/*
- * We need to remember the authentication type and mechanism for this
- * conversation.
- *
- * XXX - actually, we might need to remember more than one
- * type and mechanism, if you can unbind and rebind with a
- * different type and/or mechanism.
- */
- if(!actx->pinfo->fd->flags.visited) {
- mechanism = tvb_get_string_enc(NULL, parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
- ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
- /*
- * If the mechanism in this request is an empty string (which is
- * returned as a null pointer), use the saved mechanism instead.
- * Otherwise, if the saved mechanism is an empty string (null),
- * save this mechanism.
- */
- if (mechanism != NULL) {
- g_free(ldap_info->auth_mech);
- ldap_info->auth_mech = mechanism;
- }
+ * If the mechanism in this request is an empty string (which is
+ * returned as a null pointer), use the saved mechanism instead.
+ * Otherwise, if the saved mechanism is an empty string (null),
+ * save this mechanism.
+ */
+ if (mechanism != NULL) {
+ wmem_free(wmem_file_scope(), ldap_info->auth_mech);
+ ldap_info->auth_mech = mechanism;
}
+ }
return offset;
static int
dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 189 "../../asn1/ldap/ldap.cnf"
+#line 190 "./asn1/ldap/ldap.cnf"
-tvbuff_t *parameter_tvb;
+tvbuff_t *parameter_tvb;
ldap_conv_info_t *ldap_info;
gint8 ber_class;
gboolean pc;
¶meter_tvb);
- if (!parameter_tvb)
- return offset;
+ if (!parameter_tvb)
+ return offset;
- ldap_info = (ldap_conv_info_t *)actx->private_data;
- get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
+ ldap_info = (ldap_conv_info_t *)actx->private_data;
+ get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
- /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
- if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
- /*
- * This is a GSS-API token ancapsulated within GSS-SPNEGO.
- * We need to check the first byte to check whether the blob
- * contains SPNEGO or GSSAPI.
- * All SPNEGO PDUs are of class CONSTRUCTED while
- * GSS PDUs are class APPLICATION
- */
- if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
- call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
- }
- /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
- if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
- /*
- * This is a raw GSS-API token.
- */
- if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
- call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
- }
- }
- /* Restore private data */
- actx->private_data = ldap_info;
+ /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
+ if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
+ /*
+ * This is a GSS-API token ancapsulated within GSS-SPNEGO.
+ * We need to check the first byte to check whether the blob
+ * contains SPNEGO or GSSAPI.
+ * All SPNEGO PDUs are of class CONSTRUCTED while
+ * GSS PDUs are class APPLICATION
+ */
+ if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
+ call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
+ }
+ /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
+ if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
+ /*
+ * This is a raw GSS-API token.
+ */
+ if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) {
+ call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
+ }
+ }
+ /* Restore private data */
+ actx->private_data = ldap_info;
static int
dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 689 "../../asn1/ldap/ldap.cnf"
- /* make sure the protocol op comes first */
- ldap_do_protocolop(actx->pinfo);
+#line 682 "./asn1/ldap/ldap.cnf"
+ /* make sure the protocol op comes first */
+ ldap_do_protocolop(actx->pinfo);
- call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
- offset+=tvb_length_remaining(tvb, offset);
+ call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
+ offset+=tvb_reported_length_remaining(tvb, offset);
static int
dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 696 "../../asn1/ldap/ldap.cnf"
- /* make sure the protocol op comes first */
- ldap_do_protocolop(actx->pinfo);
+#line 689 "./asn1/ldap/ldap.cnf"
+ /* make sure the protocol op comes first */
+ ldap_do_protocolop(actx->pinfo);
- call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
- offset+=tvb_length_remaining(tvb, offset);
+ call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
+ offset+=tvb_reported_length_remaining(tvb, offset);
static int
dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 486 "../../asn1/ldap/ldap.cnf"
+#line 479 "./asn1/ldap/ldap.cnf"
gint branch = -1;
gint auth = -1;
const gchar *valstr;
- offset = dissect_ber_choice(actx, tree, tvb, offset,
+ offset = dissect_ber_choice(actx, tree, tvb, offset,
AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
&branch);
static int
dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 420 "../../asn1/ldap/ldap.cnf"
+#line 420 "./asn1/ldap/ldap.cnf"
const gchar *valstr;
- offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+ offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&result);
static int
dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 703 "../../asn1/ldap/ldap.cnf"
- tvbuff_t *new_tvb=NULL;
+#line 696 "./asn1/ldap/ldap.cnf"
+ tvbuff_t *new_tvb=NULL;
- offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
+ offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
- if( new_tvb
- && (tvb_length(new_tvb)>=7)
- && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
+ if( new_tvb
+ && (tvb_reported_length(new_tvb)>=7)
+ && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
- /* make sure the protocol op comes first */
- ldap_do_protocolop(actx->pinfo);
+ /* make sure the protocol op comes first */
+ ldap_do_protocolop(actx->pinfo);
- call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
- }
- return offset;
+ call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
+ }
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
NULL);
-#line 53 "../../asn1/ldap/ldap.cnf"
- PROTO_ITEM_SET_URL(actx->created_item);
+#line 54 "./asn1/ldap/ldap.cnf"
+ PROTO_ITEM_SET_URL(actx->created_item);
return offset;
static int
dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 230 "../../asn1/ldap/ldap.cnf"
+#line 231 "./asn1/ldap/ldap.cnf"
-tvbuff_t *parameter_tvb = NULL;
+tvbuff_t *parameter_tvb = NULL;
ldap_conv_info_t *ldap_info;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
¶meter_tvb);
- if (!parameter_tvb)
- return offset;
- ldap_info = (ldap_conv_info_t *)actx->private_data;
- switch (ldap_info->auth_type) {
+ if (!parameter_tvb)
+ return offset;
+ ldap_info = (ldap_conv_info_t *)actx->private_data;
+ switch (ldap_info->auth_type) {
- /* For Kerberos V4, dissect it as a ticket. */
- /* XXX - what about LDAP_AUTH_SIMPLE? */
+ /* For Kerberos V4, dissect it as a ticket. */
+ /* XXX - what about LDAP_AUTH_SIMPLE? */
- case LDAP_AUTH_SASL:
+ case LDAP_AUTH_SASL:
+ /*
+ * All frames after this are assumed to use a security layer.
+ *
+ * XXX - won't work if there's another reply, with the security
+ * layer, starting in the same TCP segment that ends this
+ * reply, but as LDAP is a request/response protocol, and
+ * as the client probably can't start using authentication until
+ * it gets the bind reply and the server won't send a reply until
+ * it gets a request, that probably won't happen.
+ *
+ * XXX - that assumption is invalid; it's not clear where the
+ * hell you find out whether there's any security layer. In
+ * one capture, we have two GSS-SPNEGO negotiations, both of
+ * which select MS KRB5, and the only differences in the tokens
+ * is in the RC4-HMAC ciphertext. The various
+ * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
+ * that the RFC 2222 spoo with the bitmask and maximum
+ * output message size stuff is done - but where does that
+ * stuff show up? Is it in the ciphertext, which means it's
+ * presumably encrypted?
+ *
+ * Grrr. We have to do a gross heuristic, checking whether the
+ * putative LDAP message begins with 0x00 or not, making the
+ * assumption that we won't have more than 2^24 bytes of
+ * encapsulated stuff.
+ */
+ ldap_info->first_auth_frame = actx->pinfo->num + 1;
+ if (ldap_info->auth_mech != NULL &&
+ strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
+ /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
+ * which might not be wrapped in GSS-SPNEGO but be a raw
+ * NTLMSSP blob
+ */
+ if ( (tvb_reported_length(parameter_tvb)>=7)
+ && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
+ call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
+ break;
+ }
/*
- * All frames after this are assumed to use a security layer.
- *
- * XXX - won't work if there's another reply, with the security
- * layer, starting in the same TCP segment that ends this
- * reply, but as LDAP is a request/response protocol, and
- * as the client probably can't start using authentication until
- * it gets the bind reply and the server won't send a reply until
- * it gets a request, that probably won't happen.
- *
- * XXX - that assumption is invalid; it's not clear where the
- * hell you find out whether there's any security layer. In
- * one capture, we have two GSS-SPNEGO negotiations, both of
- * which select MS KRB5, and the only differences in the tokens
- * is in the RC4-HMAC ciphertext. The various
- * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
- * that the RFC 2222 spoo with the bitmask and maximum
- * output message size stuff is done - but where does that
- * stuff show up? Is it in the ciphertext, which means it's
- * presumably encrypted?
- *
- * Grrr. We have to do a gross heuristic, checking whether the
- * putative LDAP message begins with 0x00 or not, making the
- * assumption that we won't have more than 2^24 bytes of
- * encapsulated stuff.
+ * This is a GSS-API token.
*/
- ldap_info->first_auth_frame = actx->pinfo->fd->num + 1;
- if (ldap_info->auth_mech != NULL &&
- strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
- /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
- * which might not be wrapped in GSS-SPNEGO but be a raw
- * NTLMSSP blob
- */
- if ( (tvb_length(parameter_tvb)>=7)
- && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
- call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
- break;
- }
- /*
- * This is a GSS-API token.
- */
- if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
- call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
- } else if (ldap_info->auth_mech != NULL &&
- strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
- /*
- * This is a GSS-API token.
- */
- if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
+ if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
+ call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
+ } else if (ldap_info->auth_mech != NULL &&
+ strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
+ /*
+ * This is a GSS-API token.
+ */
+ if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
- }
- break;
- }
- actx->private_data = ldap_info;
+ }
+ break;
+ }
+ actx->private_data = ldap_info;
static int
dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 508 "../../asn1/ldap/ldap.cnf"
+#line 501 "./asn1/ldap/ldap.cnf"
- implicit_tag = TRUE; /* correct problem with asn2wrs */
+ implicit_tag = TRUE; /* correct problem with asn2wrs */
- offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
+ offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL);
- ldap_do_protocolop(actx->pinfo);
+ ldap_do_protocolop(actx->pinfo);
static int
dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 388 "../../asn1/ldap/ldap.cnf"
+#line 388 "./asn1/ldap/ldap.cnf"
guint32 scope = 0xffff;
const gchar *valstr;
- offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+ offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&scope);
dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 554 "../../asn1/ldap/ldap.cnf"
- if(and_filter_string){
- and_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(&%s%s)",and_filter_string,Filter_string);
- } else {
- and_filter_string=Filter_string;
- }
+#line 547 "./asn1/ldap/ldap.cnf"
+ if(and_filter_string){
+ and_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(&%s%s)",and_filter_string,Filter_string);
+ } else {
+ and_filter_string=Filter_string;
+ }
return offset;
static int
dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 561 "../../asn1/ldap/ldap.cnf"
- proto_tree *tr=NULL;
- proto_item *it=NULL;
- const char *old_and_filter_string=and_filter_string;
+#line 554 "./asn1/ldap/ldap.cnf"
+ proto_tree *tr=NULL;
+ proto_item *it=NULL;
+ const char *old_and_filter_string=and_filter_string;
- and_filter_string=NULL;
+ and_filter_string=NULL;
- tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
- tree = tr;
+ tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
+ tree = tr;
offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
T_and_set_of, hf_index, ett_ldap_T_and);
- if(and_filter_string) {
- proto_item_append_text(it, "%s", and_filter_string);
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%s",and_filter_string);
- }
- and_filter_string=old_and_filter_string;
+ if(and_filter_string) {
+ proto_item_append_text(it, "%s", and_filter_string);
+ Filter_string=wmem_strdup(wmem_packet_scope(), and_filter_string);
+ }
+ and_filter_string=old_and_filter_string;
dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 579 "../../asn1/ldap/ldap.cnf"
- if(or_filter_string){
- or_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(|%s%s)",or_filter_string,Filter_string);
- } else {
- or_filter_string=Filter_string;
- }
+#line 572 "./asn1/ldap/ldap.cnf"
+ if(or_filter_string){
+ or_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(|%s%s)",or_filter_string,Filter_string);
+ } else {
+ or_filter_string=Filter_string;
+ }
static int
dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 587 "../../asn1/ldap/ldap.cnf"
- proto_tree *tr;
- proto_item *it;
- const char *old_or_filter_string=or_filter_string;
+#line 580 "./asn1/ldap/ldap.cnf"
+ proto_tree *tr;
+ proto_item *it;
+ const char *old_or_filter_string=or_filter_string;
- or_filter_string=NULL;
- tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
- tree = tr;
+ or_filter_string=NULL;
+ tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
+ tree = tr;
offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
T_or_set_of, hf_index, ett_ldap_T_or);
- if(or_filter_string) {
- proto_item_append_text(it, "%s", or_filter_string);
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "%s",or_filter_string);
- }
- or_filter_string=old_or_filter_string;
+ if(or_filter_string) {
+ proto_item_append_text(it, "%s", or_filter_string);
+ Filter_string=wmem_strdup(wmem_packet_scope(), or_filter_string);
+ }
+ or_filter_string=old_or_filter_string;
dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 606 "../../asn1/ldap/ldap.cnf"
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(!%s)",string_or_null(Filter_string));
+#line 599 "./asn1/ldap/ldap.cnf"
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(!%s)",string_or_null(Filter_string));
return offset;
dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 531 "../../asn1/ldap/ldap.cnf"
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
- string_or_null(attributedesc_string),
- string_or_null(ldapvalue_string));
+#line 524 "./asn1/ldap/ldap.cnf"
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
+ string_or_null(attributedesc_string),
+ string_or_null(ldapvalue_string));
T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
NULL);
-#line 632 "../../asn1/ldap/ldap.cnf"
- if (substring_item_final) {
- substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s",
- (substring_value?substring_value:"*"),
- substring_item_final);
- } else if (substring_item_any) {
- substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s*",
- (substring_value?substring_value:"*"),
- substring_item_any);
- } else if (substring_item_init) {
- substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s*",
- substring_item_init);
- }
+#line 625 "./asn1/ldap/ldap.cnf"
+ if (substring_item_final) {
+ substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s",
+ (substring_value?substring_value:"*"),
+ substring_item_final);
+ } else if (substring_item_any) {
+ substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s*",
+ (substring_value?substring_value:"*"),
+ substring_item_any);
+ } else if (substring_item_init) {
+ substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s*",
+ substring_item_init);
+ }
return offset;
static int
dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 646 "../../asn1/ldap/ldap.cnf"
- proto_tree *tr;
- proto_item *it;
- const char *old_substring_value=substring_value;
+#line 639 "./asn1/ldap/ldap.cnf"
+ proto_tree *tr;
+ proto_item *it;
+ const char *old_substring_value=substring_value;
- attr_type=NULL;
- substring_value=NULL;
- substring_item_init=NULL;
- substring_item_any=NULL;
- substring_item_final=NULL;
+ attr_type=NULL;
+ substring_value=NULL;
+ substring_item_init=NULL;
+ substring_item_any=NULL;
+ substring_item_final=NULL;
- tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
- tree = tr;
+ tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
+ tree = tr;
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
- string_or_null(attr_type),
- string_or_null(substring_value));
- proto_item_append_text(it, "%s", Filter_string);
- substring_value=old_substring_value;
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
+ string_or_null(attr_type),
+ string_or_null(substring_value));
+ proto_item_append_text(it, "%s", Filter_string);
+ substring_value=old_substring_value;
dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 537 "../../asn1/ldap/ldap.cnf"
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s>=%s)",
- string_or_null(attributedesc_string),
- string_or_null(ldapvalue_string));
+#line 530 "./asn1/ldap/ldap.cnf"
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s>=%s)",
+ string_or_null(attributedesc_string),
+ string_or_null(ldapvalue_string));
dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 543 "../../asn1/ldap/ldap.cnf"
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s<=%s)",
- string_or_null(attributedesc_string),
- string_or_null(ldapvalue_string));
+#line 536 "./asn1/ldap/ldap.cnf"
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s<=%s)",
+ string_or_null(attributedesc_string),
+ string_or_null(ldapvalue_string));
dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 603 "../../asn1/ldap/ldap.cnf"
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=*)",string_or_null(Filter_string));
+#line 596 "./asn1/ldap/ldap.cnf"
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=*)",string_or_null(Filter_string));
return offset;
dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 549 "../../asn1/ldap/ldap.cnf"
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s~=%s)",
- string_or_null(attributedesc_string),
- string_or_null(ldapvalue_string));
+#line 542 "./asn1/ldap/ldap.cnf"
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s~=%s)",
+ string_or_null(attributedesc_string),
+ string_or_null(ldapvalue_string));
return offset;
static int
dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 609 "../../asn1/ldap/ldap.cnf"
- gboolean val;
+#line 602 "./asn1/ldap/ldap.cnf"
+ gboolean val;
-offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
+ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
- matching_rule_dnattr = val;
+ matching_rule_dnattr = val;
static int
dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 618 "../../asn1/ldap/ldap.cnf"
- attr_type=NULL;
- matching_rule_string=NULL;
- ldapvalue_string=NULL;
- matching_rule_dnattr=FALSE;
+#line 611 "./asn1/ldap/ldap.cnf"
+ attr_type=NULL;
+ matching_rule_string=NULL;
+ ldapvalue_string=NULL;
+ matching_rule_dnattr=FALSE;
offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 624 "../../asn1/ldap/ldap.cnf"
- Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s:%s%s%s=%s)",
- (attr_type?attr_type:""),
- (matching_rule_dnattr?"dn:":""),
- (matching_rule_string?matching_rule_string:""),
- (matching_rule_string?":":""),
- string_or_null(ldapvalue_string));
+#line 617 "./asn1/ldap/ldap.cnf"
+ Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s:%s%s%s=%s)",
+ (attr_type?attr_type:""),
+ (matching_rule_dnattr?"dn:":""),
+ (matching_rule_string?matching_rule_string:""),
+ (matching_rule_string?":":""),
+ string_or_null(ldapvalue_string));
return offset;
static int
dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 667 "../../asn1/ldap/ldap.cnf"
- proto_tree *tr;
- proto_item *it;
- attributedesc_string=NULL;
+#line 660 "./asn1/ldap/ldap.cnf"
+ proto_tree *tr;
+ proto_item *it;
+ attributedesc_string=NULL;
- if (Filter_length++ > MAX_FILTER_LEN) {
- expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
- THROW(ReportedBoundsError);
- }
+ if (Filter_length++ > MAX_FILTER_LEN) {
+ expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
+ THROW(ReportedBoundsError);
+ }
- if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
- expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
- THROW(ReportedBoundsError);
- }
+ if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
+ expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
+ THROW(ReportedBoundsError);
+ }
- tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
- tree = tr;
+ tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
+ tree = tr;
offset = dissect_ber_choice(actx, tree, tvb, offset,
Filter_choice, hf_index, ett_ldap_Filter,
NULL);
- if(Filter_string)
- proto_item_append_text(it, "%s", string_or_null(Filter_string));
+ if(Filter_string)
+ proto_item_append_text(it, "%s", string_or_null(Filter_string));
static int
dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 520 "../../asn1/ldap/ldap.cnf"
- Filter_string=NULL;
- Filter_elements = 0;
- Filter_length = 0;
+#line 513 "./asn1/ldap/ldap.cnf"
+ Filter_string=NULL;
+ Filter_elements = 0;
+ Filter_length = 0;
offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
-#line 525 "../../asn1/ldap/ldap.cnf"
- Filter_string=NULL;
- and_filter_string=NULL;
- Filter_elements = 0;
- Filter_length = 0;
+#line 518 "./asn1/ldap/ldap.cnf"
+ Filter_string=NULL;
+ and_filter_string=NULL;
+ Filter_elements = 0;
+ Filter_length = 0;
return offset;
static int
dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 450 "../../asn1/ldap/ldap.cnf"
+#line 450 "./asn1/ldap/ldap.cnf"
- tvbuff_t *next_tvb = NULL;
- gchar *string;
- guint32 i, len;
- int old_offset = offset;
- gint *hf_id;
+ tvbuff_t *next_tvb = NULL;
+ gchar *string;
+ int old_offset = offset;
+ gint *hf_id;
/* attr_type, should be set before calling this function */
/* first check if we have a custom attribute type configured */
if ((hf_id = get_hf_for_header (attr_type)) != NULL)
- proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
+ proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
/* if we have an attribute type that isn't binary see if there is a better dissector */
- else if(!attr_type || !next_tvb || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, NULL)) {
+ else if(!attr_type || !next_tvb || !dissector_try_string_new(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, FALSE, NULL)) {
offset = old_offset;
/* do the default thing */
- offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+ offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
NULL);
- len = tvb_length_remaining(next_tvb, 0);
-
- for(i = 0; i < len; i++)
- if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
- break;
-
- if(i == len) {
- string = tvb_get_string_enc(wmem_packet_scope(), next_tvb, 0, tvb_length_remaining(next_tvb, 0), ENC_ASCII|ENC_NA);
+ if(tvb_ascii_isprint(next_tvb, 0, tvb_reported_length(next_tvb))) {
+ string = tvb_get_string_enc(wmem_packet_scope(), next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_ASCII|ENC_NA);
proto_item_set_text(actx->created_item, "AttributeValue: %s", string);
}
}
static int
dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 404 "../../asn1/ldap/ldap.cnf"
+#line 404 "./asn1/ldap/ldap.cnf"
const gchar *valstr;
- offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+ offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&result);
static int
dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 805 "../../asn1/ldap/ldap.cnf"
+#line 788 "./asn1/ldap/ldap.cnf"
- offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
+ offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
- ldap_do_protocolop(actx->pinfo);
+ ldap_do_protocolop(actx->pinfo);
{ 0, "add" },
{ 1, "delete" },
{ 2, "replace" },
+ { 3, "increment" },
{ 0, NULL }
};
static int
dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 812 "../../asn1/ldap/ldap.cnf"
+#line 795 "./asn1/ldap/ldap.cnf"
- offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
+ offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
- ldap_do_protocolop(actx->pinfo);
+ ldap_do_protocolop(actx->pinfo);
static int
dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 56 "../../asn1/ldap/ldap.cnf"
+#line 57 "./asn1/ldap/ldap.cnf"
- tvbuff_t *parameter_tvb;
- const gchar *name;
- ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
+ tvbuff_t *parameter_tvb;
+ const gchar *name;
+ ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
¶meter_tvb);
-#line 64 "../../asn1/ldap/ldap.cnf"
+#line 65 "./asn1/ldap/ldap.cnf"
- object_identifier_id = NULL;
+ object_identifier_id = NULL;
- if (!parameter_tvb)
- return offset;
+ if (!parameter_tvb)
+ return offset;
- object_identifier_id = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
- name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
+ object_identifier_id = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
+ name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
- if(name){
- proto_item_append_text(actx->created_item, " (%s)", name);
+ if(name){
+ proto_item_append_text(actx->created_item, " (%s)", name);
- if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
- ldap_do_protocolop(actx->pinfo);
- col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
- }
- }
+ if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
+ ldap_do_protocolop(actx->pinfo);
+ col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
+ }
+ }
- /* Has the client requested the Start TLS operation? */
- if (ldap_info && hf_index == hf_ldap_requestName &&
- !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
- /* remember we have asked to start_tls */
- ldap_info->start_tls_pending = TRUE;
- }
+ /* Has the client requested the Start TLS operation? */
+ if (ldap_info && hf_index == hf_ldap_requestName &&
+ !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
+ /* remember we have asked to start_tls */
+ ldap_info->start_tls_pending = TRUE;
+ }
return offset;
static int
dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 738 "../../asn1/ldap/ldap.cnf"
+#line 730 "./asn1/ldap/ldap.cnf"
- if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
- offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
- } else {
- offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+ if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
+ offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+ } else {
+ offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
NULL);
- }
+ }
static int
dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 435 "../../asn1/ldap/ldap.cnf"
+#line 435 "./asn1/ldap/ldap.cnf"
guint32 resultCode;
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
if (ldap_info && ldap_info->start_tls_pending &&
hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) {
/* The conversation will continue using SSL */
- ssl_starttls_ack(find_dissector("ssl"), actx->pinfo, ldap_handle);
+ ssl_starttls_ack(find_dissector("tls"), actx->pinfo, ldap_handle);
ldap_info->start_tls_pending = FALSE;
}
static int
dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 746 "../../asn1/ldap/ldap.cnf"
-
- const gchar *name;
-
-
-#line 750 "../../asn1/ldap/ldap.cnf"
- if(ldm_tree && object_identifier_id) {
- proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
- name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
- if(name)
- proto_item_append_text(ldm_tree, " (%s)", name);
- }
- if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
- offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
- } else {
- offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+#line 738 "./asn1/ldap/ldap.cnf"
+
+ const gchar *name;
+
+
+#line 742 "./asn1/ldap/ldap.cnf"
+ if(ldm_tree && object_identifier_id) {
+ proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
+ name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
+ if(name)
+ proto_item_append_text(ldm_tree, " (%s)", name);
+ }
+ if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
+ offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+ } else {
+ offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
NULL);
- }
+ }
static int
dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 98 "../../asn1/ldap/ldap.cnf"
+#line 99 "./asn1/ldap/ldap.cnf"
ldap_call_response_t *lcrp;
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
&ProtocolOp);
-#line 104 "../../asn1/ldap/ldap.cnf"
+#line 105 "./asn1/ldap/ldap.cnf"
if (ProtocolOp == -1) {
return offset;
/* XXX: the count will not work if the results span multiple TCP packets */
- if(ldap_info && tree) { /* only count once - on tree pass */
+ if(ldap_info) { /* only count once */
switch(ProtocolOp) {
case LDAP_RES_SEARCH_ENTRY:
- ldap_info->num_results++;
+ if (!actx->pinfo->fd->flags.visited)
+ ldap_info->num_results++;
- proto_item_append_text(tree, " [%d result%s]",
- ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
+ proto_item_append_text(tree, " [%d result%s]",
+ ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
- break;
+ break;
case LDAP_RES_SEARCH_RESULT:
- col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
- ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
+ col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
+ ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
- proto_item_append_text(tree, " [%d result%s]",
- ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
+ proto_item_append_text(tree, " [%d result%s]",
+ ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
- ldap_info->num_results = 0;
- break;
- default:
- break;
+ break;
+ default:
+ break;
}
}
static int
dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 719 "../../asn1/ldap/ldap.cnf"
- gint8 ber_class;
- gboolean pc, ind;
- gint32 tag;
- guint32 len;
-
- if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
- /* remove the OCTET STRING encoding */
- offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
- offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
-
- call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
-
- offset += len;
- } else {
- offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+#line 711 "./asn1/ldap/ldap.cnf"
+ gint8 ber_class;
+ gboolean pc, ind;
+ gint32 tag;
+ guint32 len;
+
+ if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
+ /* remove the OCTET STRING encoding */
+ offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
+ offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
+
+ call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
+
+ offset += len;
+ } else {
+ offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
NULL);
- }
+ }
static int
dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 763 "../../asn1/ldap/ldap.cnf"
- gint8 ber_class;
- gboolean pc;
- gint32 tag;
- guint32 len;
- gint32 val;
- header_field_info *hfinfo;
-
- int otheroffset = offset;
- if(!implicit_tag){
- dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
- otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
- } else {
- gint32 remaining=tvb_length_remaining(tvb, offset);
- len=remaining>0 ? remaining : 0;
- }
-
- offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
+#line 755 "./asn1/ldap/ldap.cnf"
+ gint8 ber_class;
+ gboolean pc;
+ gint32 tag;
+ guint32 len;
+ gint32 val;
+
+ int otheroffset = offset;
+ if(!implicit_tag){
+ dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
+ otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
+ } else {
+ gint32 remaining=tvb_reported_length_remaining(tvb, offset);
+ len=remaining>0 ? remaining : 0;
+ }
- hfinfo = proto_registrar_get_nth(hf_index);
+ offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
- if (val >0) {
- proto_tree *subtree;
- subtree = proto_tree_add_subtree_format(tree, tvb, otheroffset+1, len,
- ett_ldap_DirSyncFlagsSubEntry, NULL, "%s: 0x%08x", hfinfo->name, val);
+ if (val >0) {
+ const int *flags[] = {
+ &hf_ldap_object_security_flag,
+ &hf_ldap_ancestor_first_flag,
+ &hf_ldap_public_data_only_flag,
+ &hf_ldap_incremental_value_flag,
+ NULL
+ };
- if (val & 0x1) {
- proto_tree_add_boolean(subtree, hf_ldap_object_security_flag, tvb, otheroffset+1, len, TRUE);
- }
- if (val & 0x800) {
- proto_tree_add_boolean(subtree, hf_ldap_ancestor_first_flag, tvb, otheroffset+1, len, TRUE);
- }
- if (val & 0x2000) {
- proto_tree_add_boolean(subtree, hf_ldap_public_data_only_flag, tvb, otheroffset+1, len, TRUE);
- }
- if (val & 0x80000000) {
- proto_tree_add_boolean(subtree, hf_ldap_incremental_value_flag, tvb, otheroffset+1, len, TRUE);
- }
- } else {
- proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
- }
+ proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index,
+ ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND);
+ } else {
+ proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
+ }
/*--- End of included file: packet-ldap-fn.c ---*/
-#line 882 "../../asn1/ldap/packet-ldap-template.c"
+#line 906 "./asn1/ldap/packet-ldap-template.c"
static int dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info) {
int offset = 0;
static void
dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
- proto_tree *tree, ldap_conv_info_t *ldap_info,
- gboolean is_mscldap)
+ proto_tree *tree, ldap_conv_info_t *ldap_info,
+ gboolean is_mscldap)
{
int offset = 0;
guint length_remaining;
one_more_pdu:
- length_remaining = tvb_ensure_length_remaining(tvb, offset);
+ length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
if (length_remaining < 6) return;
* OK, try to read the "Sequence Of" header; this gets the total
* length of the LDAP message.
*/
- messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag);
- messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
+ messageOffset = get_ber_identifier(tvb, offset, &ber_class, &pc, &ber_tag);
+ messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
/* sanity check */
if((msg_len<4) || (msg_len>10000000)) return;
if ( (ber_class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
- /*
- * Add the length of the "Sequence Of" header to the message
- * length.
- */
- headerLength = messageOffset - offset;
- msg_len += headerLength;
+ /*
+ * Add the length of the "Sequence Of" header to the message
+ * length.
+ */
+ headerLength = messageOffset - offset;
+ msg_len += headerLength;
if (msg_len < headerLength) {
- /*
- * The message length was probably so large that the total length
- * overflowed.
- *
- * Report this as an error.
- */
- show_reported_bounds_error(tvb, pinfo, tree);
- return;
+ /*
+ * The message length was probably so large that the total length
+ * overflowed.
+ *
+ * Report this as an error.
+ */
+ show_reported_bounds_error(tvb, pinfo, tree);
+ return;
}
} else {
- /*
- * We couldn't parse the header; just make it the amount of data
- * remaining in the tvbuff, so we'll give up on this segment
- * after attempting to parse the message - there's nothing more
- * we can do. "dissect_ldap_message()" will display the error.
- */
- msg_len = length_remaining;
+ /*
+ * We couldn't parse the header; just make it the amount of data
+ * remaining in the tvbuff, so we'll give up on this segment
+ * after attempting to parse the message - there's nothing more
+ * we can do. "dissect_ldap_message()" will display the error.
+ */
+ msg_len = length_remaining;
}
/*
*/
length = length_remaining;
if (length > msg_len) length = msg_len;
- msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
+ msg_tvb = tvb_new_subset_length_caplen(tvb, offset, length, msg_len);
/*
* Now dissect the LDAP message.
*/
if(tvb_reported_length_remaining(tvb, offset)>=6){
tvb = tvb_new_subset_remaining(tvb, offset);
- offset = 0;
+ offset = 0;
goto one_more_pdu;
}
static void
ldap_frame_end(void)
{
- ldap_found_in_frame = FALSE;
- attr_type = NULL;
- ldapvalue_string = NULL;
+ ldap_found_in_frame = FALSE;
+ attr_type = NULL;
+ ldapvalue_string = NULL;
/* ? */
- attributedesc_string = NULL;
- Filter_string = NULL;
- and_filter_string = NULL;
- object_identifier_id = NULL;
- or_filter_string = NULL;
+ attributedesc_string = NULL;
+ Filter_string = NULL;
+ and_filter_string = NULL;
+ object_identifier_id = NULL;
+ or_filter_string = NULL;
- substring_item_any = NULL;
- substring_item_final = NULL;
- substring_item_init = NULL;
- substring_value = NULL;
+ substring_item_any = NULL;
+ substring_item_final = NULL;
+ substring_item_init = NULL;
+ substring_value = NULL;
- ldm_tree = NULL;
+ ldm_tree = NULL;
- Filter_elements = 0;
- Filter_length = 0;
- do_protocolop = FALSE;
- result = 0;
+ Filter_elements = 0;
+ Filter_length = 0;
+ do_protocolop = FALSE;
+ result = 0;
/* seems to be ok, but reset just in case */
- matching_rule_string = NULL;
+ matching_rule_string = NULL;
}
static void
- dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
+ dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
{
- int offset = 0;
- conversation_t *conversation;
- gboolean doing_sasl_security = FALSE;
- guint length_remaining;
- ldap_conv_info_t *ldap_info = NULL;
- proto_item *ldap_item = NULL;
- proto_tree *ldap_tree = NULL;
-
- ldm_tree = NULL;
-
- conversation = find_or_create_conversation(pinfo);
-
- /*
- * Do we already have a type and mechanism?
- */
- ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
- if (ldap_info == NULL) {
- /* No. Attach that information to the conversation, and add
- * it to the list of information structures.
- */
- ldap_info = g_new0(ldap_conv_info_t,1);
- ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
- ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
-
- conversation_add_proto_data(conversation, proto_ldap, ldap_info);
-
- ldap_info->next = ldap_info_items;
- ldap_info_items = ldap_info;
-
- }
-
- switch (ldap_info->auth_type) {
- case LDAP_AUTH_SASL:
- /*
- * It's SASL; are we using a security layer?
- */
- if (ldap_info->first_auth_frame != 0 &&
- pinfo->fd->num >= ldap_info->first_auth_frame) {
- doing_sasl_security = TRUE; /* yes */
- }
- }
-
- length_remaining = tvb_ensure_length_remaining(tvb, offset);
-
- /* It might still be a packet containing a SASL security layer
- * but it's just that we never saw the BIND packet.
- * check if it looks like it could be a SASL blob here
- * and in that case just assume it is GSS-SPNEGO
- */
- if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
- &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
- &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
- ldap_info->auth_type=LDAP_AUTH_SASL;
- ldap_info->first_auth_frame=pinfo->fd->num;
- ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
- doing_sasl_security=TRUE;
- }
-
- /*
- * This is the first PDU, set the Protocol column and clear the
- * Info column.
- */
- col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
-
- if(ldap_found_in_frame) {
- /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
- col_append_str(pinfo->cinfo, COL_INFO, " | ");
- col_set_fence(pinfo->cinfo, COL_INFO);
- } else {
- col_clear(pinfo->cinfo, COL_INFO);
- register_frame_end_routine (pinfo, ldap_frame_end);
- ldap_found_in_frame = TRUE;
- }
-
- ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA);
- ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
-
- /*
- * Might we be doing a SASL security layer and, if so, *are* we doing
- * one?
- *
- * Just because we've seen a bind reply for SASL, that doesn't mean
- * that we're using a SASL security layer; I've seen captures in
- * which some SASL negotiations lead to a security layer being used
- * and other negotiations don't, and it's not obvious what's different
- * in the two negotiations. Therefore, we assume that if the first
- * byte is 0, it's a length for a SASL security layer (that way, we
- * never reassemble more than 16 megabytes, protecting us from
- * chewing up *too* much memory), and otherwise that it's an LDAP
- * message (actually, if it's an LDAP message it should begin with 0x30,
- * but we want to parse garbage as LDAP messages rather than really
- * huge lengths).
- */
-
- if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
- proto_tree *sasl_tree;
- tvbuff_t *sasl_tvb;
- guint sasl_len, sasl_msg_len, length;
- /*
- * Yes. The frame begins with a 4-byte big-endian length.
- * And we know we have at least 6 bytes
- */
-
- /*
- * Get the SASL length, which is the length of data in the buffer
- * following the length (i.e., it's 4 less than the total length).
- *
- * XXX - do we need to reassemble buffers? For now, we
- * assume that each LDAP message is entirely contained within
- * a buffer.
- */
- sasl_len = tvb_get_ntohl(tvb, offset);
- sasl_msg_len = sasl_len + 4;
- if (sasl_msg_len < 4) {
- /*
- * The message length was probably so large that the total length
- * overflowed.
- *
- * Report this as an error.
- */
- show_reported_bounds_error(tvb, pinfo, tree);
- return;
- }
-
- /*
- * Construct a tvbuff containing the amount of the payload we have
- * available. Make its reported length the amount of data in the PDU.
- *
- * XXX - if reassembly isn't enabled. the subdissector will throw a
- * BoundsError exception, rather than a ReportedBoundsError exception.
- * We really want a tvbuff where the length is "length", the reported
- * length is "plen", and the "if the snapshot length were infinite"
- * length is the minimum of the reported length of the tvbuff handed
- * to us and "plen", with a new type of exception thrown if the offset
- * is within the reported length but beyond that third length, with
- * that exception getting the "Unreassembled Packet" error.
- */
- length = length_remaining;
- if (length > sasl_msg_len) length = sasl_msg_len;
- sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
-
- proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
- sasl_len);
-
- sasl_tree = proto_tree_add_subtree(ldap_tree, sasl_tvb, 0, sasl_msg_len, ett_ldap_sasl_blob, NULL, "SASL Buffer");
-
- if (ldap_info->auth_mech != NULL &&
- ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
- /* auth_mech may have been set from the bind */
- (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
- tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
- int ver_len;
- int tmp_length;
-
- /*
- * This is GSS-API (using SPNEGO, but we should be done with
- * the negotiation by now).
- *
- * Dissect the GSS_Wrap() token; it'll return the length of
- * the token, from which we compute the offset in the tvbuff at
- * which the plaintext data, i.e. the LDAP message, begins.
- */
- tmp_length = tvb_reported_length_remaining(sasl_tvb, 4);
- if ((guint)tmp_length > sasl_len)
- tmp_length = sasl_len;
- gssapi_tvb = tvb_new_subset(sasl_tvb, 4, tmp_length, sasl_len);
-
- /* Attempt decryption of the GSSAPI wrapped data if possible */
- pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
- pinfo->gssapi_wrap_tvb=NULL;
- pinfo->gssapi_encrypted_tvb=NULL;
- pinfo->gssapi_decrypted_tvb=NULL;
- ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
- /* if we could unwrap, do a tvb shuffle */
- if(pinfo->gssapi_decrypted_tvb){
- decr_tvb=pinfo->gssapi_decrypted_tvb;
- } else if (pinfo->gssapi_wrap_tvb) {
- plain_tvb=pinfo->gssapi_wrap_tvb;
- }
- /* tidy up */
- pinfo->decrypt_gssapi_tvb=0;
- pinfo->gssapi_wrap_tvb=NULL;
- pinfo->gssapi_encrypted_tvb=NULL;
- pinfo->gssapi_decrypted_tvb=NULL;
-
- /*
- * if len is 0 it probably mean that we got a PDU that is not
- * aligned to the start of the segment.
- */
- if(ver_len==0){
- return;
- }
-
- /*
- * if we don't have unwrapped data,
- * see if the wrapping involved encryption of the
- * data; if not, just use the plaintext data.
- */
- if (!decr_tvb && !plain_tvb) {
- if(!pinfo->gssapi_data_encrypted){
- plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
- }
- }
-
- if (decr_tvb) {
- proto_tree *enc_tree = NULL;
-
- /*
- * The LDAP message was encrypted in the packet, and has
- * been decrypted; dissect the decrypted LDAP message.
- */
- col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
-
- if (sasl_tree) {
- enc_tree = proto_tree_add_subtree_format(sasl_tree, gssapi_tvb, ver_len, -1,
- ett_ldap_payload, NULL, "GSS-API Encrypted payload (%d byte%s)",
- sasl_len - ver_len,
- plurality(sasl_len - ver_len, "", "s"));
- }
- dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
- } else if (plain_tvb) {
- proto_tree *plain_tree = NULL;
-
- /*
- * The LDAP message wasn't encrypted in the packet;
- * dissect the plain LDAP message.
- */
- col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
-
- if (sasl_tree) {
- plain_tree = proto_tree_add_subtree_format(sasl_tree, gssapi_tvb, ver_len, -1,
- ett_ldap_payload, NULL, "GSS-API payload (%d byte%s)",
- sasl_len - ver_len,
- plurality(sasl_len - ver_len, "", "s"));
- }
-
- dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
- } else {
- /*
- * The LDAP message was encrypted in the packet, and was
- * not decrypted; just show it as encrypted data.
- */
- col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
- sasl_len - ver_len,
- plurality(sasl_len - ver_len, "", "s"));
-
- proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
- }
- }
- } else {
- /* plain LDAP, so dissect the payload */
- dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
- }
+ int offset = 0;
+ conversation_t *conversation;
+ gboolean doing_sasl_security = FALSE;
+ guint length_remaining;
+ ldap_conv_info_t *ldap_info = NULL;
+ proto_item *ldap_item = NULL;
+ proto_tree *ldap_tree = NULL;
+
+ ldm_tree = NULL;
+
+ conversation = find_or_create_conversation(pinfo);
+
+ /*
+ * Do we already have a type and mechanism?
+ */
+ ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
+ if (ldap_info == NULL) {
+ /* No. Attach that information to the conversation, and add
+ * it to the list of information structures.
+ */
+ ldap_info = wmem_new0(wmem_file_scope(), ldap_conv_info_t);
+ ldap_info->matched=wmem_map_new(wmem_file_scope(), ldap_info_hash_matched, ldap_info_equal_matched);
+ ldap_info->unmatched=wmem_map_new(wmem_file_scope(), ldap_info_hash_unmatched, ldap_info_equal_unmatched);
+
+ conversation_add_proto_data(conversation, proto_ldap, ldap_info);
+ }
+
+ switch (ldap_info->auth_type) {
+ case LDAP_AUTH_SASL:
+ /*
+ * It's SASL; are we using a security layer?
+ */
+ if (ldap_info->first_auth_frame != 0 &&
+ pinfo->num >= ldap_info->first_auth_frame) {
+ doing_sasl_security = TRUE; /* yes */
+ }
+ }
+
+ length_remaining = tvb_ensure_captured_length_remaining(tvb, offset);
+
+ /* It might still be a packet containing a SASL security layer
+ * but it's just that we never saw the BIND packet.
+ * check if it looks like it could be a SASL blob here
+ * and in that case just assume it is GSS-SPNEGO
+ */
+ if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
+ &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
+ &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
+ ldap_info->auth_type=LDAP_AUTH_SASL;
+ ldap_info->first_auth_frame=pinfo->num;
+ ldap_info->auth_mech=wmem_strdup(wmem_file_scope(), "GSS-SPNEGO");
+ doing_sasl_security=TRUE;
+ }
+
+ /*
+ * This is the first PDU, set the Protocol column and clear the
+ * Info column.
+ */
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
+
+ if(ldap_found_in_frame) {
+ /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
+ col_append_str(pinfo->cinfo, COL_INFO, " | ");
+ col_set_fence(pinfo->cinfo, COL_INFO);
+ } else {
+ col_clear(pinfo->cinfo, COL_INFO);
+ register_frame_end_routine (pinfo, ldap_frame_end);
+ ldap_found_in_frame = TRUE;
+ }
+
+ ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, ENC_NA);
+ ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
+
+ /*
+ * Might we be doing a SASL security layer and, if so, *are* we doing
+ * one?
+ *
+ * Just because we've seen a bind reply for SASL, that doesn't mean
+ * that we're using a SASL security layer; I've seen captures in
+ * which some SASL negotiations lead to a security layer being used
+ * and other negotiations don't, and it's not obvious what's different
+ * in the two negotiations. Therefore, we assume that if the first
+ * byte is 0, it's a length for a SASL security layer (that way, we
+ * never reassemble more than 16 megabytes, protecting us from
+ * chewing up *too* much memory), and otherwise that it's an LDAP
+ * message (actually, if it's an LDAP message it should begin with 0x30,
+ * but we want to parse garbage as LDAP messages rather than really
+ * huge lengths).
+ */
+
+ if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
+ proto_tree *sasl_tree;
+ tvbuff_t *sasl_tvb;
+ guint sasl_len, sasl_msg_len, length;
+ /*
+ * Yes. The frame begins with a 4-byte big-endian length.
+ * And we know we have at least 6 bytes
+ */
+
+ /*
+ * Get the SASL length, which is the length of data in the buffer
+ * following the length (i.e., it's 4 less than the total length).
+ *
+ * XXX - do we need to reassemble buffers? For now, we
+ * assume that each LDAP message is entirely contained within
+ * a buffer.
+ */
+ sasl_len = tvb_get_ntohl(tvb, offset);
+ sasl_msg_len = sasl_len + 4;
+ if (sasl_msg_len < 4) {
+ /*
+ * The message length was probably so large that the total length
+ * overflowed.
+ *
+ * Report this as an error.
+ */
+ show_reported_bounds_error(tvb, pinfo, tree);
+ return;
+ }
+
+ /*
+ * Construct a tvbuff containing the amount of the payload we have
+ * available. Make its reported length the amount of data in the PDU.
+ *
+ * XXX - if reassembly isn't enabled. the subdissector will throw a
+ * BoundsError exception, rather than a ReportedBoundsError exception.
+ * We really want a tvbuff where the length is "length", the reported
+ * length is "plen", and the "if the snapshot length were infinite"
+ * length is the minimum of the reported length of the tvbuff handed
+ * to us and "plen", with a new type of exception thrown if the offset
+ * is within the reported length but beyond that third length, with
+ * that exception getting the "Unreassembled Packet" error.
+ */
+ length = length_remaining;
+ if (length > sasl_msg_len) length = sasl_msg_len;
+ sasl_tvb = tvb_new_subset_length_caplen(tvb, offset, length, sasl_msg_len);
+
+ proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, sasl_len);
+
+ sasl_tree = proto_tree_add_subtree(ldap_tree, sasl_tvb, 0, sasl_msg_len, ett_ldap_sasl_blob, NULL, "SASL Buffer");
+
+ if (ldap_info->auth_mech != NULL &&
+ ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
+ /* auth_mech may have been set from the bind */
+ (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
+ tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
+ int ver_len;
+ int tmp_length;
+ gssapi_encrypt_info_t gssapi_encrypt;
+
+ /*
+ * This is GSS-API (using SPNEGO, but we should be done with
+ * the negotiation by now).
+ *
+ * Dissect the GSS_Wrap() token; it'll return the length of
+ * the token, from which we compute the offset in the tvbuff at
+ * which the plaintext data, i.e. the LDAP message, begins.
+ */
+ tmp_length = tvb_reported_length_remaining(sasl_tvb, 4);
+ if ((guint)tmp_length > sasl_len)
+ tmp_length = sasl_len;
+ gssapi_tvb = tvb_new_subset_length_caplen(sasl_tvb, 4, tmp_length, sasl_len);
+
+ /* Attempt decryption of the GSSAPI wrapped data if possible */
+ gssapi_encrypt.gssapi_data_encrypted = FALSE;
+ gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
+ gssapi_encrypt.gssapi_wrap_tvb=NULL;
+ gssapi_encrypt.gssapi_encrypted_tvb=NULL;
+ gssapi_encrypt.gssapi_decrypted_tvb=NULL;
+ ver_len = call_dissector_with_data(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree, &gssapi_encrypt);
+ /* if we could unwrap, do a tvb shuffle */
+ if(gssapi_encrypt.gssapi_decrypted_tvb){
+ decr_tvb=gssapi_encrypt.gssapi_decrypted_tvb;
+ } else if (gssapi_encrypt.gssapi_wrap_tvb) {
+ plain_tvb=gssapi_encrypt.gssapi_wrap_tvb;
+ }
+
+ /*
+ * if len is 0 it probably mean that we got a PDU that is not
+ * aligned to the start of the segment.
+ */
+ if(ver_len==0){
+ return;
+ }
+
+ /*
+ * if we don't have unwrapped data,
+ * see if the wrapping involved encryption of the
+ * data; if not, just use the plaintext data.
+ */
+ if (!decr_tvb && !plain_tvb) {
+ if(!gssapi_encrypt.gssapi_data_encrypted){
+ plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
+ }
+ }
+
+ if (decr_tvb) {
+ proto_tree *enc_tree = NULL;
+ guint decr_len = tvb_reported_length(decr_tvb);
+
+ /*
+ * The LDAP message was encrypted in the packet, and has
+ * been decrypted; dissect the decrypted LDAP message.
+ */
+ col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
+
+ if (sasl_tree) {
+ enc_tree = proto_tree_add_subtree_format(sasl_tree, decr_tvb, 0, -1,
+ ett_ldap_payload, NULL, "GSS-API Encrypted payload (%d byte%s)",
+ decr_len, plurality(decr_len, "", "s"));
+ }
+ dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
+ } else if (plain_tvb) {
+ proto_tree *plain_tree = NULL;
+ guint plain_len = tvb_reported_length(plain_tvb);
+
+ /*
+ * The LDAP message wasn't encrypted in the packet;
+ * dissect the plain LDAP message.
+ */
+ col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
+
+ if (sasl_tree) {
+ plain_tree = proto_tree_add_subtree_format(sasl_tree, plain_tvb, 0, -1,
+ ett_ldap_payload, NULL, "GSS-API payload (%d byte%s)",
+ plain_len, plurality(plain_len, "", "s"));
+ }
+
+ dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
+ } else {
+ /*
+ * The LDAP message was encrypted in the packet, and was
+ * not decrypted; just show it as encrypted data.
+ */
+ col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+
+ proto_tree_add_item(sasl_tree, hf_ldap_gssapi_encrypted_payload, gssapi_tvb, ver_len, -1, ENC_NA);
+ }
+ }
+ } else {
+ /* plain LDAP, so dissect the payload */
+ dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
+ }
}
/*
{
int compr_len;
const guchar *name;
+ guint name_len;
/* The name data MUST start at offset 0 of the tvb */
- compr_len = expand_dns_name(tvb, offset, max_len, 0, &name);
+ compr_len = get_dns_name(tvb, offset, max_len, 0, &name, &name_len);
g_strlcpy(str, name, max_len);
return offset + compr_len;
}
http://msdn.microsoft.com/en-us/library/cc201036.aspx
*/
static const true_false_string tfs_ads_pdc = {
- "This is a PDC",
- "This is NOT a pdc"
+ "This is a PDC",
+ "This is NOT a pdc"
};
static const true_false_string tfs_ads_gc = {
- "This is a GLOBAL CATALOGUE of forest",
- "This is NOT a global catalog of forest"
+ "This is a GLOBAL CATALOGUE of forest",
+ "This is NOT a global catalog of forest"
};
static const true_false_string tfs_ads_ldap = {
- "This is an LDAP server",
- "This is NOT an ldap server"
+ "This is an LDAP server",
+ "This is NOT an ldap server"
};
static const true_false_string tfs_ads_ds = {
- "This dc supports DS",
- "This dc does NOT support ds"
+ "This dc supports DS",
+ "This dc does NOT support ds"
};
static const true_false_string tfs_ads_kdc = {
- "This is a KDC (kerberos)",
- "This is NOT a kdc (kerberos)"
+ "This is a KDC (kerberos)",
+ "This is NOT a kdc (kerberos)"
};
static const true_false_string tfs_ads_timeserv = {
- "This dc is running TIME SERVICES (ntp)",
- "This dc is NOT running time services (ntp)"
+ "This dc is running TIME SERVICES (ntp)",
+ "This dc is NOT running time services (ntp)"
};
static const true_false_string tfs_ads_closest = {
- "This server is in the same site as the client",
- "This server is NOT in the same site as the client"
+ "This server is in the same site as the client",
+ "This server is NOT in the same site as the client"
};
static const true_false_string tfs_ads_writable = {
- "This dc is WRITABLE",
- "This dc is NOT writable"
+ "This dc is WRITABLE",
+ "This dc is NOT writable"
};
static const true_false_string tfs_ads_good_timeserv = {
- "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
- "This dc does NOT have a good time service (i.e. no hardware clock)"
+ "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
+ "This dc does NOT have a good time service (i.e. no hardware clock)"
};
static const true_false_string tfs_ads_ndnc = {
- "Domain is NON-DOMAIN NC serviced by ldap server",
- "Domain is NOT non-domain nc serviced by ldap server"
+ "Domain is NON-DOMAIN NC serviced by ldap server",
+ "Domain is NOT non-domain nc serviced by ldap server"
};
static const true_false_string tfs_ads_rodc = {
- "Domain controller is a Windows 2008 RODC",
- "Domain controller is not a Windows 2008 RODC"
+ "Domain controller is a Windows 2008 RODC",
+ "Domain controller is not a Windows 2008 RODC"
};
static const true_false_string tfs_ads_wdc = {
- "Domain controller is a Windows 2008 writable NC",
- "Domain controller is not a Windows 2008 writable NC"
+ "Domain controller is a Windows 2008 writable NC",
+ "Domain controller is not a Windows 2008 writable NC"
};
static const true_false_string tfs_ads_dns = {
- "Server name is in DNS format (Windows 2008)",
- "Server name is not in DNS format (Windows 2008)"
+ "Server name is in DNS format (Windows 2008)",
+ "Server name is not in DNS format (Windows 2008)"
};
static const true_false_string tfs_ads_dnc = {
- "The NC is the default NC (Windows 2008)",
- "The NC is not the default NC (Windows 2008)"
+ "The NC is the default NC (Windows 2008)",
+ "The NC is not the default NC (Windows 2008)"
};
static const true_false_string tfs_ads_fnc = {
- "The NC is the default forest NC(Windows 2008)",
- "The NC is not the default forest NC (Windows 2008)"
+ "The NC is the default forest NC(Windows 2008)",
+ "The NC is not the default forest NC (Windows 2008)"
};
static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
{
- guint32 flags;
- proto_item *item;
- proto_tree *tree;
- guint *field;
- header_field_info *hfi;
- gboolean one_bit_set = FALSE;
- guint fields[16];
- fields[0] = hf_mscldap_netlogon_flags_fnc;
- fields[1] = hf_mscldap_netlogon_flags_dnc;
- fields[2] = hf_mscldap_netlogon_flags_dns;
- fields[3] = hf_mscldap_netlogon_flags_wdc;
- fields[4] = hf_mscldap_netlogon_flags_rodc;
- fields[5] = hf_mscldap_netlogon_flags_ndnc;
- fields[6] = hf_mscldap_netlogon_flags_good_timeserv;
- fields[7] = hf_mscldap_netlogon_flags_writable;
- fields[8] = hf_mscldap_netlogon_flags_closest;
- fields[9] = hf_mscldap_netlogon_flags_timeserv;
- fields[10] = hf_mscldap_netlogon_flags_kdc;
- fields[11] = hf_mscldap_netlogon_flags_ds;
- fields[12] = hf_mscldap_netlogon_flags_ldap;
- fields[13] = hf_mscldap_netlogon_flags_gc;
- fields[14] = hf_mscldap_netlogon_flags_pdc;
- fields[15] = 0;
-
- flags=tvb_get_letohl(tvb, offset);
- item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
- tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags);
-
- proto_item_append_text(item, " (");
-
- for(field = fields; *field; field++) {
- proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
- hfi = proto_registrar_get_nth(*field);
-
- if(flags & hfi->bitmask) {
-
- if(one_bit_set)
- proto_item_append_text(item, ", ");
- else
- one_bit_set = TRUE;
-
- proto_item_append_text(item, "%s", hfi->name);
-
- }
- }
-
- proto_item_append_text(item, ")");
+ static const int * flags[] = {
+ &hf_mscldap_netlogon_flags_fnc,
+ &hf_mscldap_netlogon_flags_dnc,
+ &hf_mscldap_netlogon_flags_dns,
+ &hf_mscldap_netlogon_flags_wdc,
+ &hf_mscldap_netlogon_flags_rodc,
+ &hf_mscldap_netlogon_flags_ndnc,
+ &hf_mscldap_netlogon_flags_good_timeserv,
+ &hf_mscldap_netlogon_flags_writable,
+ &hf_mscldap_netlogon_flags_closest,
+ &hf_mscldap_netlogon_flags_timeserv,
+ &hf_mscldap_netlogon_flags_kdc,
+ &hf_mscldap_netlogon_flags_ds,
+ &hf_mscldap_netlogon_flags_ldap,
+ &hf_mscldap_netlogon_flags_gc,
+ &hf_mscldap_netlogon_flags_pdc,
+ NULL
+ };
+ proto_tree_add_bitmask_with_flags(parent_tree, tvb, offset, hf_mscldap_netlogon_flags,
+ ett_mscldap_netlogon_flags, flags, ENC_LITTLE_ENDIAN, BMT_NO_FALSE);
offset += 4;
return offset;
}
-static void dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
+static int dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
{
int old_offset, offset=0;
char str[256];
len=tvb_reported_length_remaining(tvb,offset);
/* check the len if it is to small return */
- if (len < 10) return;
+ if (len < 10)
+ return tvb_captured_length(tvb);
/* Type */
proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN);
proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
/* DC IP Address */
- proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, tvb_get_ntohl(tvb,offset));
+ proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, ENC_BIG_ENDIAN);
offset += 4;
/* Flags */
/* add IP address and desect the sockaddr_in structure */
old_offset = offset + 4;
- item = proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, tvb_get_ipv4(tvb,old_offset));
+ item = proto_tree_add_item(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, ENC_BIG_ENDIAN);
if (tree){
proto_tree *subtree;
offset +=2;
/* get IP address */
- proto_tree_add_ipv4(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, tvb_get_ipv4(tvb,offset));
+ proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, ENC_BIG_ENDIAN);
offset +=4;
/* skip the 8 bytes of zeros in the sockaddr structure */
/* NT Token */
proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
- offset += 2;
+ return tvb_captured_length(tvb);
}
get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
int offset, void *data _U_)
{
- /* sasl encapsulated ldap is 4 bytes plus the length in size */
- return tvb_get_ntohl(tvb, offset)+4;
+ /* sasl encapsulated ldap is 4 bytes plus the length in size */
+ return tvb_get_ntohl(tvb, offset)+4;
}
static int
dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
- dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
- return tvb_captured_length(tvb);
+ dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
+ return tvb_captured_length(tvb);
}
static guint
get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb,
int offset, void *data _U_)
{
- guint32 len;
- gboolean ind;
- int data_offset;
+ guint32 len;
+ gboolean ind;
+ int data_offset;
- /* normal ldap is tag+len bytes plus the length
- * offset is where the tag is
- * offset+1 is where length starts
- */
- data_offset=get_ber_length(tvb, offset+1, &len, &ind);
- return len+data_offset-offset;
+ /* normal ldap is tag+len bytes plus the length
+ * offset is where the tag is
+ * offset+1 is where length starts
+ */
+ data_offset=get_ber_length(tvb, offset+1, &len, &ind);
+ return len+data_offset-offset;
}
static int
dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
- dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
- return tvb_captured_length(tvb);
+ dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
+ return tvb_captured_length(tvb);
}
-static void
-dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
+static int
+dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
{
- char *oid;
- const char *oidname;
+ char *oid;
+ const char *oidname;
- /* tvb here contains an ascii string that is really an oid */
-/* XXX we should convert the string oid into a real oid so we can use
- * proto_tree_add_oid() instead.
- */
+ /* tvb here contains an ascii string that is really an oid */
+ /* XXX we should convert the string oid into a real oid so we can use
+ * proto_tree_add_oid() instead.
+ */
- oid=tvb_get_string_enc(wmem_packet_scope(), tvb, 0, tvb_reported_length(tvb), ENC_UTF_8|ENC_NA);
- if(!oid){
- return;
- }
+ oid=tvb_get_string_enc(wmem_packet_scope(), tvb, 0, tvb_reported_length(tvb), ENC_UTF_8|ENC_NA);
+ if(!oid){
+ return tvb_captured_length(tvb);
+ }
- oidname=oid_resolved_from_string(wmem_packet_scope(), oid);
+ oidname=oid_resolved_from_string(wmem_packet_scope(), oid);
- if(oidname){
- proto_tree_add_string_format_value(tree, hf_ldap_oid, tvb, 0, tvb_reported_length(tvb), oid, "%s (%s)",oid,oidname);
- } else {
- proto_tree_add_string(tree, hf_ldap_oid, tvb, 0, tvb_captured_length(tvb), oid);
- }
+ if(oidname){
+ proto_tree_add_string_format_value(tree, hf_ldap_oid, tvb, 0, tvb_reported_length(tvb), oid, "%s (%s)",oid,oidname);
+ } else {
+ proto_tree_add_string(tree, hf_ldap_oid, tvb, 0, tvb_captured_length(tvb), oid);
+ }
+ return tvb_captured_length(tvb);
}
-#define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
-#define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
-#define LDAP_ACCESSMASK_ADS_LIST 0x00000004
-#define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
-#define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
-#define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
-#define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
-#define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
-#define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
+#define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
+#define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
+#define LDAP_ACCESSMASK_ADS_LIST 0x00000004
+#define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
+#define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
+#define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
+#define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
+#define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
+#define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
static void
ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
{
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CONTROL_ACCESS, tvb, offset, 4, access);
-
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST_OBJECT, tvb, offset, 4, access);
-
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_TREE, tvb, offset, 4, access);
-
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_WRITE_PROP, tvb, offset, 4, access);
-
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_READ_PROP, tvb, offset, 4, access);
-
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_SELF_WRITE, tvb, offset, 4, access);
-
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST, tvb, offset, 4, access);
-
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_CHILD, tvb, offset, 4, access);
+ static const int * access_flags[] = {
+ &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
+ &hf_ldap_AccessMask_ADS_LIST_OBJECT,
+ &hf_ldap_AccessMask_ADS_DELETE_TREE,
+ &hf_ldap_AccessMask_ADS_WRITE_PROP,
+ &hf_ldap_AccessMask_ADS_READ_PROP,
+ &hf_ldap_AccessMask_ADS_SELF_WRITE,
+ &hf_ldap_AccessMask_ADS_LIST,
+ &hf_ldap_AccessMask_ADS_DELETE_CHILD,
+ &hf_ldap_AccessMask_ADS_CREATE_CHILD,
+ NULL
+ };
- proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CREATE_CHILD, tvb, offset, 4, access);
+ proto_tree_add_bitmask_list_value(tree, tvb, offset, 4, access_flags, access);
}
struct access_mask_info ldap_access_mask_info = {
- "LDAP", /* Name of specific rights */
- ldap_specific_rights, /* Dissection function */
- NULL, /* Generic mapping table */
- NULL /* Standard mapping table */
+ "LDAP", /* Name of specific rights */
+ ldap_specific_rights, /* Dissection function */
+ NULL, /* Generic mapping table */
+ NULL /* Standard mapping table */
};
-static void
-dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static int
+dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
- dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_reported_length(tvb), &ldap_access_mask_info);
+ dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_reported_length(tvb), &ldap_access_mask_info);
+ return tvb_captured_length(tvb);
}
-static void
-dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
+static int
+dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void* data _U_)
{
- char *tmpstr;
+ char *tmpstr;
- /* this octet string contains an NT SID */
- dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
- ldapvalue_string=tmpstr;
+ /* this octet string contains an NT SID */
+ dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
+ ldapvalue_string=tmpstr;
+ return tvb_captured_length(tvb);
}
-static void
-dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+static int
+dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
- guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
- e_uuid_t uuid;
+ guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
+ e_guid_t uuid;
- /* This octet string contained a GUID */
- dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
+ /* This octet string contained a GUID */
+ dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
- ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
- g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
- uuid.Data1, uuid.Data2, uuid.Data3,
- uuid.Data4[0], uuid.Data4[1],
- uuid.Data4[2], uuid.Data4[3],
- uuid.Data4[4], uuid.Data4[5],
- uuid.Data4[6], uuid.Data4[7]);
+ ldapvalue_string=(char*)wmem_alloc(wmem_packet_scope(), 1024);
+ g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+ uuid.data1, uuid.data2, uuid.data3, uuid.data4[0], uuid.data4[1],
+ uuid.data4[2], uuid.data4[3], uuid.data4[4], uuid.data4[5],
+ uuid.data4[6], uuid.data4[7]);
+ return tvb_captured_length(tvb);
}
static int
dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
{
- guint32 sasl_len;
- guint32 ldap_len;
- gboolean ind;
- conversation_t *conversation;
- ldap_conv_info_t *ldap_info = NULL;
-
- /*
- * Do we have a conversation for this connection?
- */
- conversation = find_conversation(pinfo->fd->num,
- &pinfo->src, &pinfo->dst,
- pinfo->ptype, pinfo->srcport,
- pinfo->destport, 0);
- if(conversation){
- ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
- }
-
- ldm_tree = NULL;
-
- /* This is a bit tricky. We have to find out whether SASL is used
- * so that we know how big a header we are supposed to pass
- * to tcp_dissect_pdus()
- * We must also cope with the case when a client connects to LDAP
- * and performs a few unauthenticated searches of LDAP before
- * it performs the bind on the same tcp connection.
- */
- /* check for a SASL header, i.e. assume it is SASL if
- * 1, first four bytes (SASL length) is an integer
- * with a value that must be <LDAP_SASL_MAX_BUF and >2
- * (>2 to fight false positives, 0x00000000 is a common
- * "random" tcp payload)
- * (SASL ldap PDUs might be >64k in size, which is why
- * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
- *
- * 2, we must have a conversation and the auth type must
- * be LDAP_AUTH_SASL
- */
- sasl_len=tvb_get_ntohl(tvb, 0);
-
- if( sasl_len<2 ){
- goto this_was_not_sasl;
- }
-
- if( sasl_len>LDAP_SASL_MAX_BUF ){
- goto this_was_not_sasl;
- }
-
- if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
- goto this_was_not_sasl;
- }
-
- tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
- return tvb_captured_length(tvb);
+ guint32 sasl_len;
+ guint32 ldap_len;
+ gboolean ind;
+ conversation_t *conversation;
+ ldap_conv_info_t *ldap_info = NULL;
+
+ /*
+ * Do we have a conversation for this connection?
+ */
+ conversation = find_conversation_pinfo(pinfo, 0);
+ if(conversation){
+ ldap_info = (ldap_conv_info_t *)conversation_get_proto_data(conversation, proto_ldap);
+ }
-this_was_not_sasl:
- /* check if it is a normal BER encoded LDAP packet
- * i.e. first byte is 0x30 followed by a length that is
- * <64k
- * (no ldap PDUs are ever >64kb? )
- */
- if(tvb_get_guint8(tvb, 0)!=0x30){
- goto this_was_not_normal_ldap;
- }
-
- /* check that length makes sense */
- get_ber_length(tvb, 1, &ldap_len, &ind);
-
- /* don't check ind since indefinite length is never used for ldap (famous last words)*/
- if(ldap_len<2){
- goto this_was_not_normal_ldap;
- }
-
- /*
- * The minimun size of a LDAP pdu is 7 bytes
- *
- * dumpasn1 -hh ldap-unbind-min.dat
- *
- * <30 05 02 01 09 42 00>
- * 0 5: SEQUENCE {
- * <02 01 09>
- * 2 1: INTEGER 9
- * <42 00>
- * 5 0: [APPLICATION 2]
- * : Error: Object has zero length.
- * : }
- *
- * dumpasn1 -hh ldap-unbind-windows.dat
- *
- * <30 84 00 00 00 05 02 01 09 42 00>
- * 0 5: SEQUENCE {
- * <02 01 09>
- * 6 1: INTEGER 9
- * <42 00>
- * 9 0: [APPLICATION 2]
- * : Error: Object has zero length.
- * : }
- *
- * 6 bytes would also be ok to get the full length of
- * the pdu, but as the smallest pdu can be 7 bytes
- * we can use 7.
- */
- tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data);
-
- goto end;
+ ldm_tree = NULL;
-this_was_not_normal_ldap:
+ /* This is a bit tricky. We have to find out whether SASL is used
+ * so that we know how big a header we are supposed to pass
+ * to tcp_dissect_pdus()
+ * We must also cope with the case when a client connects to LDAP
+ * and performs a few unauthenticated searches of LDAP before
+ * it performs the bind on the same tcp connection.
+ */
+ /* check for a SASL header, i.e. assume it is SASL if
+ * 1, first four bytes (SASL length) is an integer
+ * with a value that must be <LDAP_SASL_MAX_BUF and >2
+ * (>2 to fight false positives, 0x00000000 is a common
+ * "random" tcp payload)
+ * (SASL ldap PDUs might be >64k in size, which is why
+ * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
+ *
+ * 2, we must have a conversation and the auth type must
+ * be LDAP_AUTH_SASL
+ */
+ sasl_len=tvb_get_ntohl(tvb, 0);
- /* Ok it might be a strange case of SASL still
- * It has been seen with Exchange setup to MS AD
- * when Exchange pretend that there is SASL but in fact data are still
- * in clear*/
- if ((sasl_len + 4) == (guint32)tvb_reported_length_remaining(tvb, 0))
- tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
- end:
- return tvb_captured_length(tvb);
-}
+ if( sasl_len<2 ){
+ goto this_was_not_sasl;
+ }
-static void
-dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
-{
- dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
- return;
-}
+ if( sasl_len>LDAP_SASL_MAX_BUF ){
+ goto this_was_not_sasl;
+ }
+ if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
+ goto this_was_not_sasl;
+ }
-static void
-ldap_reinit(void)
-{
- ldap_conv_info_t *ldap_info;
+ tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
+ return tvb_captured_length(tvb);
- /* Free up state attached to the ldap_info structures */
- for (ldap_info = ldap_info_items; ldap_info != NULL; ) {
- ldap_conv_info_t *next;
+this_was_not_sasl:
+ /* check if it is a normal BER encoded LDAP packet
+ * i.e. first byte is 0x30 followed by a length that is
+ * <64k
+ * (no ldap PDUs are ever >64kb? )
+ */
+ if(tvb_get_guint8(tvb, 0)!=0x30){
+ goto this_was_not_normal_ldap;
+ }
- g_free(ldap_info->auth_mech);
- g_hash_table_destroy(ldap_info->matched);
- g_hash_table_destroy(ldap_info->unmatched);
+ /* check that length makes sense */
+ get_ber_length(tvb, 1, &ldap_len, &ind);
- next = ldap_info->next;
- g_free(ldap_info);
- ldap_info = next;
+ /* don't check ind since indefinite length is never used for ldap (famous last words)*/
+ if(ldap_len<2){
+ goto this_was_not_normal_ldap;
}
- ldap_info_items = NULL;
-}
+ /*
+ * The minimun size of a LDAP pdu is 7 bytes
+ *
+ * dumpasn1 -hh ldap-unbind-min.dat
+ *
+ * <30 05 02 01 09 42 00>
+ * 0 5: SEQUENCE {
+ * <02 01 09>
+ * 2 1: INTEGER 9
+ * <42 00>
+ * 5 0: [APPLICATION 2]
+ * : Error: Object has zero length.
+ * : }
+ *
+ * dumpasn1 -hh ldap-unbind-windows.dat
+ *
+ * <30 84 00 00 00 05 02 01 09 42 00>
+ * 0 5: SEQUENCE {
+ * <02 01 09>
+ * 6 1: INTEGER 9
+ * <42 00>
+ * 9 0: [APPLICATION 2]
+ * : Error: Object has zero length.
+ * : }
+ *
+ * 6 bytes would also be ok to get the full length of
+ * the pdu, but as the smallest pdu can be 7 bytes
+ * we can use 7.
+ */
+ tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu, data);
-void
-register_ldap_name_dissector_handle(const char *attr_type_p, dissector_handle_t dissector)
-{
- dissector_add_string("ldap.name", attr_type_p, dissector);
-}
+ goto end;
-void
-register_ldap_name_dissector(const char *attr_type_p, dissector_t dissector, int proto)
-{
- dissector_handle_t dissector_handle;
+this_was_not_normal_ldap:
- dissector_handle=create_dissector_handle(dissector, proto);
- register_ldap_name_dissector_handle(attr_type_p, dissector_handle);
+ /* Ok it might be a strange case of SASL still
+ * It has been seen with Exchange setup to MS AD
+ * when Exchange pretend that there is SASL but in fact data are still
+ * in clear*/
+ if ((sasl_len + 4) == (guint32)tvb_reported_length_remaining(tvb, 0))
+ tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu, data);
+ end:
+ return tvb_captured_length(tvb);
}
-void
-new_register_ldap_name_dissector(const char *attr_type_p, new_dissector_t dissector, int proto)
+static int
+dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
- dissector_handle_t dissector_handle;
-
- dissector_handle=new_create_dissector_handle(dissector, proto);
- register_ldap_name_dissector_handle(attr_type_p, dissector_handle);
+ dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
+ return tvb_captured_length(tvb);
}
TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
{ &hf_mscldap_netlogon_flags_wdc,
- { "WDC", "mscldap.netlogon.flags.writabledc.", FT_BOOLEAN, 32,
+ { "WDC", "mscldap.netlogon.flags.writabledc", FT_BOOLEAN, 32,
TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
{ &hf_mscldap_netlogon_flags_dns,
/*--- Included file: packet-ldap-hfarr.c ---*/
-#line 1 "../../asn1/ldap/packet-ldap-hfarr.c"
+#line 1 "./asn1/ldap/packet-ldap-hfarr.c"
{ &hf_ldap_SearchControlValue_PDU,
{ "SearchControlValue", "ldap.SearchControlValue_element",
FT_NONE, BASE_NONE, NULL, 0,
"AuthenticationChoice", HFILL }},
{ &hf_ldap_simple,
{ "simple", "ldap.simple",
- FT_BYTES, BASE_NONE, NULL, 0,
+ FT_STRING, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_ldap_sasl,
{ "sasl", "ldap.sasl_element",
NULL, HFILL }},
/*--- End of included file: packet-ldap-hfarr.c ---*/
-#line 2206 "../../asn1/ldap/packet-ldap-template.c"
+#line 2147 "./asn1/ldap/packet-ldap-template.c"
};
/* List of subtrees */
&ett_mscldap_netlogon_flags,
&ett_mscldap_ntver_flags,
&ett_mscldap_ipdetails,
- &ett_ldap_DirSyncFlagsSubEntry,
+ &ett_ldap_DirSyncFlagsSubEntry,
/*--- Included file: packet-ldap-ettarr.c ---*/
-#line 1 "../../asn1/ldap/packet-ldap-ettarr.c"
+#line 1 "./asn1/ldap/packet-ldap-ettarr.c"
&ett_ldap_LDAPMessage,
&ett_ldap_ProtocolOp,
&ett_ldap_AttributeDescriptionList,
&ett_ldap_T_warning,
/*--- End of included file: packet-ldap-ettarr.c ---*/
-#line 2220 "../../asn1/ldap/packet-ldap-template.c"
+#line 2161 "./asn1/ldap/packet-ldap-template.c"
};
/* UAT for header fields */
static uat_field_t custom_attribute_types_uat_fields[] = {
expert_ldap = expert_register_protocol(proto_ldap);
expert_register_field_array(expert_ldap, ei, array_length(ei));
- new_register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
+ ldap_handle = register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
" To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
&ldap_desegment);
- prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
- "Set the port for LDAP operations",
- 10, &global_ldap_tcp_port);
-
- prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port",
- "Set the port for LDAP operations over SSL",
- 10, &global_ldaps_tcp_port);
+ prefs_register_uint_preference(ldap_module, "tls.port", "LDAPS TCP Port",
+ "Set the port for LDAP operations over TLS",
+ 10, &global_ldaps_tcp_port);
+ prefs_register_obsolete_preference(ldap_module, "ssl.port");
/* UAT */
attributes_uat = uat_new("Custom LDAP AttributeValue types",
sizeof(attribute_type_t),
attribute_types_copy_cb,
attribute_types_update_cb,
attribute_types_free_cb,
- attribute_types_initialize_cb,
+ attribute_types_post_update_cb,
+ attribute_types_reset_cb,
custom_attribute_types_uat_fields);
prefs_register_uat_preference(ldap_module, "custom_ldap_attribute_types",
prefs_register_obsolete_preference(ldap_module, "max_pdu");
proto_cldap = proto_register_protocol(
- "Connectionless Lightweight Directory Access Protocol",
- "CLDAP", "cldap");
+ "Connectionless Lightweight Directory Access Protocol",
+ "CLDAP", "cldap");
- register_init_routine(ldap_reinit);
ldap_tap=register_tap("ldap");
- ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", FT_STRING, BASE_NONE);
+ ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", proto_cldap, FT_STRING, BASE_NONE);
+ register_srt_table(proto_ldap, NULL, 1, ldapstat_packet, ldapstat_init, NULL);
}
void
proto_reg_handoff_ldap(void)
{
- dissector_handle_t cldap_handle;
- ldap_handle = find_dissector("ldap");
+ dissector_handle_t cldap_handle;
- dissector_add_uint("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
+ cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
+ dissector_add_uint_with_preference("udp.port", UDP_PORT_CLDAP, cldap_handle);
- cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
- dissector_add_uint("udp.port", UDP_PORT_CLDAP, cldap_handle);
+ gssapi_handle = find_dissector_add_dependency("gssapi", proto_ldap);
+ gssapi_wrap_handle = find_dissector_add_dependency("gssapi_verf", proto_ldap);
+ spnego_handle = find_dissector_add_dependency("spnego", proto_ldap);
- gssapi_handle = find_dissector("gssapi");
- gssapi_wrap_handle = find_dissector("gssapi_verf");
- spnego_handle = find_dissector("spnego");
+ ntlmssp_handle = find_dissector_add_dependency("ntlmssp", proto_ldap);
- ntlmssp_handle = find_dissector("ntlmssp");
+ tls_handle = find_dissector_add_dependency("tls", proto_ldap);
- ssl_handle = find_dissector("ssl");
+ prefs_register_ldap();
- prefs_register_ldap();
+ oid_add_from_string("ISO assigned OIDs, USA", "1.2.840");
/* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
- oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
- oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
- oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
- oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
- oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
- oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
- oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
- oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
- oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
- oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
- oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
- oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
- oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
- oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
- oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
- oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
- oid_add_from_string("None","1.2.840.113556.1.4.970");
- oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
- oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
- oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
- oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
- oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
- oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
- oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
- oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
- oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
- oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
- oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
- oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
- oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
- oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
- oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
- oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
- oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
- oid_add_from_string("LDAP_CONTROL_VLVREQUEST VLV","2.16.840.1.113730.3.4.9");
- oid_add_from_string("LDAP_CONTROL_VLVRESPONSE VLV","2.16.840.1.113730.3.4.10");
- oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852");
- oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802");
- oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907");
- oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948");
-
- register_ldap_name_dissector("netlogon", dissect_NetLogon_PDU, proto_cldap);
- register_ldap_name_dissector("objectGUID", dissect_ldap_guid, proto_ldap);
- register_ldap_name_dissector("supportedControl", dissect_ldap_oid, proto_ldap);
- register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap);
- register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap);
- register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap);
+ oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
+ oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
+ oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
+ oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
+ oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
+ oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
+ oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
+ oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
+ oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
+ oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
+ oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
+ oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
+ oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
+ oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
+ oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
+ oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
+ oid_add_from_string("None","1.2.840.113556.1.4.970");
+ oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
+ oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
+ oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
+ oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
+ oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
+ oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
+ oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
+ oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
+ oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
+ oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
+ oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
+ oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
+ oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
+ oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
+ oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
+ oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
+ oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
+
+ oid_add_from_string("inetOrgPerson", "2.16.840.1.113730.3.2.2");
+ /* RFC2798 */
+ oid_add_from_string("US company arc", "2.16.840.1");
+
+ /* http://www.alvestrand.no/objectid/2.16.840.1.113730.3.4.html */
+ oid_add_from_string("Manage DSA IT LDAPv3 control", "2.16.840.1.113730.3.4.2");
+ oid_add_from_string("Persistent Search LDAPv3 control", "2.16.840.1.113730.3.4.3");
+ oid_add_from_string("Netscape Password Expired LDAPv3 control", "2.16.840.1.113730.3.4.4");
+ oid_add_from_string("Netscape Password Expiring LDAPv3 control", "2.16.840.1.113730.3.4.5");
+ oid_add_from_string("Netscape NT Synchronization Client LDAPv3 control", "2.16.840.1.113730.3.4.6");
+ oid_add_from_string("Entry Change Notification LDAPv3 control", "2.16.840.1.113730.3.4.7");
+ oid_add_from_string("Transaction ID Request Control", "2.16.840.1.113730.3.4.8");
+ oid_add_from_string("VLV Request LDAPv3 control", "2.16.840.1.113730.3.4.9");
+ oid_add_from_string("VLV Response LDAPv3 control", "2.16.840.1.113730.3.4.10");
+ oid_add_from_string("Transaction ID Response Control", "2.16.840.1.113730.3.4.11");
+ oid_add_from_string("Proxied Authorization (version 1) control", "2.16.840.1.113730.3.4.12");
+ oid_add_from_string("iPlanet Directory Server Replication Update Information Control", "2.16.840.1.113730.3.4.13");
+ oid_add_from_string("iPlanet Directory Server search on specific backend control", "2.16.840.1.113730.3.4.14");
+ oid_add_from_string("Authentication Response Control", "2.16.840.1.113730.3.4.15");
+ oid_add_from_string("Authentication Request Control", "2.16.840.1.113730.3.4.16");
+ oid_add_from_string("Real Attributes Only Request Control", "2.16.840.1.113730.3.4.17");
+ oid_add_from_string("Proxied Authorization (version 2) Control", "2.16.840.1.113730.3.4.18");
+ oid_add_from_string("Chaining loop detection", "2.16.840.1.113730.3.4.19");
+ oid_add_from_string("iPlanet Replication Modrdn Extra Mods Control", "2.16.840.1.113730.3.4.999");
+
+
+ oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID", "1.2.840.113556.1.4.1852");
+ oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID", "1.2.840.113556.1.4.802");
+ oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID", "1.2.840.113556.1.4.1907");
+ oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID", "1.2.840.113556.1.4.1948");
+
+
+ dissector_add_string("ldap.name", "netlogon", create_dissector_handle(dissect_NetLogon_PDU, proto_cldap));
+ dissector_add_string("ldap.name", "objectGUID", create_dissector_handle(dissect_ldap_guid, proto_ldap));
+ dissector_add_string("ldap.name", "supportedControl", create_dissector_handle(dissect_ldap_oid, proto_ldap));
+ dissector_add_string("ldap.name", "supportedCapabilities", create_dissector_handle(dissect_ldap_oid, proto_ldap));
+ dissector_add_string("ldap.name", "objectSid", create_dissector_handle(dissect_ldap_sid, proto_ldap));
+ dissector_add_string("ldap.name", "nTSecurityDescriptor", create_dissector_handle(dissect_ldap_nt_sec_desc, proto_ldap));
/*--- Included file: packet-ldap-dis-tab.c ---*/
-#line 1 "../../asn1/ldap/packet-ldap-dis-tab.c"
- new_register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
- new_register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
- new_register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
- new_register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "dirsync");
- new_register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
- new_register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
- new_register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
- new_register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
- new_register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
- new_register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
- new_register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
+#line 1 "./asn1/ldap/packet-ldap-dis-tab.c"
+ register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
+ register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
+ register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
+ register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "dirsync");
+ register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
+ register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
+ register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
+ register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
+ register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
+ register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
+ register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
/*--- End of included file: packet-ldap-dis-tab.c ---*/
-#line 2369 "../../asn1/ldap/packet-ldap-template.c"
-
+#line 2333 "./asn1/ldap/packet-ldap-template.c"
+ dissector_add_uint_range_with_preference("tcp.port", TCP_PORT_RANGE_LDAP, ldap_handle);
}
static void
prefs_register_ldap(void)
{
-
- if(tcp_port != global_ldap_tcp_port) {
- if(tcp_port)
- dissector_delete_uint("tcp.port", tcp_port, ldap_handle);
-
- /* Set our port number for future use */
- tcp_port = global_ldap_tcp_port;
-
- if(tcp_port)
- dissector_add_uint("tcp.port", tcp_port, ldap_handle);
-
- }
-
if(ssl_port != global_ldaps_tcp_port) {
if(ssl_port)
- ssl_dissector_delete(ssl_port, "ldap", TRUE);
+ ssl_dissector_delete(ssl_port, ldap_handle);
/* Set our port number for future use */
ssl_port = global_ldaps_tcp_port;
if(ssl_port)
- ssl_dissector_add(ssl_port, "ldap", TRUE);
+ ssl_dissector_add(ssl_port, ldap_handle);
}
}
+
+/*
+ * Editor modelines - http://www.wireshark.org/tools/modelines.html
+ *
+ * Local Variables:
+ * c-basic-offset: 2
+ * tab-width: 8
+ * indent-tabs-mode: nil
+ * End:
+ *
+ * vi: set shiftwidth=2 tabstop=8 expandtab:
+ * :indentSize=2:tabSize=8:noTabs=true:
+ */