From 3487cd6d59181fa5946877f9617d41f0a056e8fc Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Wed, 16 Nov 2005 22:53:33 +0000 Subject: [PATCH] from Graeme Lunt 4 new asn based protocols X501 DISP DAP DSP svn path=/trunk/; revision=16518 --- asn1/dap/Makefile | 23 + asn1/dap/dap-exp.cnf | 72 ++ asn1/dap/dap.asn | 1289 ++++++++++++++++++++++++++++++ asn1/dap/dap.cnf | 277 +++++++ asn1/dap/packet-dap-template.c | 342 ++++++++ asn1/dap/packet-dap-template.h | 31 + asn1/disp/Makefile | 17 + asn1/disp/disp.asn | 404 ++++++++++ asn1/disp/disp.cnf | 113 +++ asn1/disp/packet-disp-template.c | 275 +++++++ asn1/disp/packet-disp-template.h | 30 + asn1/dsp/Makefile | 17 + asn1/dsp/dsp-exp.cnf | 14 + asn1/dsp/dsp.asn | 480 +++++++++++ asn1/dsp/dsp.cnf | 40 + asn1/dsp/packet-dsp-template.c | 345 ++++++++ asn1/dsp/packet-dsp-template.h | 31 + asn1/x501/Makefile | 19 + asn1/x501/packet-x501-template.c | 92 +++ asn1/x501/packet-x501-template.h | 31 + asn1/x501/x501-exp.cnf | 10 + asn1/x501/x501.asn | 207 +++++ asn1/x501/x501.cnf | 19 + 23 files changed, 4178 insertions(+) create mode 100755 asn1/dap/Makefile create mode 100755 asn1/dap/dap-exp.cnf create mode 100755 asn1/dap/dap.asn create mode 100755 asn1/dap/dap.cnf create mode 100755 asn1/dap/packet-dap-template.c create mode 100755 asn1/dap/packet-dap-template.h create mode 100755 asn1/disp/Makefile create mode 100755 asn1/disp/disp.asn create mode 100755 asn1/disp/disp.cnf create mode 100755 asn1/disp/packet-disp-template.c create mode 100755 asn1/disp/packet-disp-template.h create mode 100755 asn1/dsp/Makefile create mode 100755 asn1/dsp/dsp-exp.cnf create mode 100755 asn1/dsp/dsp.asn create mode 100755 asn1/dsp/dsp.cnf create mode 100755 asn1/dsp/packet-dsp-template.c create mode 100755 asn1/dsp/packet-dsp-template.h create mode 100755 asn1/x501/Makefile create mode 100755 asn1/x501/packet-x501-template.c create mode 100755 asn1/x501/packet-x501-template.h create mode 100755 asn1/x501/x501-exp.cnf create mode 100755 asn1/x501/x501.asn create mode 100755 asn1/x501/x501.cnf diff --git a/asn1/dap/Makefile b/asn1/dap/Makefile new file mode 100755 index 0000000000..d86f9c8f40 --- /dev/null +++ b/asn1/dap/Makefile @@ -0,0 +1,23 @@ +# $Id: Makefile 13071 2005-01-16 10:19:21Z guy $ + +DISSECTOR_FILES=packet-dap.c packet-dap.h + +all: generate_dissector + +generate_dissector: $(DISSECTOR_FILES) + +ASN_EXPORTS= ../x509if/x509if-exp.cnf \ + ../x509af/x509af-exp.cnf \ + ../dsp/dsp-exp.cnf \ + ../ros/ros-exp.cnf \ + ../acse/acse-exp.cnf + +$(DISSECTOR_FILES): ../../tools/asn2eth.py dap.asn packet-dap-template.c packet-dap-template.h dap.cnf $(ASN_EXPORTS) + python ../../tools/asn2eth.py -X -b -e -p dap -c dap.cnf -s packet-dap-template dap.asn + +clean: + rm -f parsetab.py $(DISSECTOR_FILES) + +copy_files: generate_dissector + cp $(DISSECTOR_FILES) ../../epan/dissectors + diff --git a/asn1/dap/dap-exp.cnf b/asn1/dap/dap-exp.cnf new file mode 100755 index 0000000000..aa8d99abe2 --- /dev/null +++ b/asn1/dap/dap-exp.cnf @@ -0,0 +1,72 @@ +#.IMPORT_TAG +CommonResults BER_CLASS_UNI BER_UNI_TAG_SET +ContextSelection BER_CLASS_ANY/*choice*/ -1/*choice*/ +SecurityParameters BER_CLASS_UNI BER_UNI_TAG_SET +DirectoryBindArgument BER_CLASS_UNI BER_UNI_TAG_SET +DirectoryBindError BER_CLASS_ANY/*choice*/ -1/*choice*/ +ReadArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +ReadResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +CompareArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +CompareResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +AbandonArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +AbandonResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +ListArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +ListResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +SearchArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +SearchResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +AddEntryArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +AddEntryResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +RemoveEntryArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +RemoveEntryResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +ModifyEntryArgument BER_CLASS_ANY/*choice*/ -1/*choice*/ +ModifyEntryResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +EntryModification BER_CLASS_ANY/*choice*/ -1/*choice*/ +ModifyDNArgument BER_CLASS_UNI BER_UNI_TAG_SET +ModifyDNResult BER_CLASS_ANY/*choice*/ -1/*choice*/ +Abandoned BER_CLASS_ANY/*choice*/ -1/*choice*/ +AbandonFailedError BER_CLASS_ANY/*choice*/ -1/*choice*/ +AttributeError BER_CLASS_ANY/*choice*/ -1/*choice*/ +NameError BER_CLASS_ANY/*choice*/ -1/*choice*/ +Referral BER_CLASS_ANY/*choice*/ -1/*choice*/ +SecurityError BER_CLASS_ANY/*choice*/ -1/*choice*/ +ServiceError BER_CLASS_ANY/*choice*/ -1/*choice*/ +UpdateError BER_CLASS_ANY/*choice*/ -1/*choice*/ +OperationalBindingID BER_CLASS_UNI BER_UNI_TAG_SEQUENCE +#.END + +#.TYPE_ATTR +CommonResults TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +ContextSelection TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ContextSelection_vals) BITMASK = 0 +SecurityParameters TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +DirectoryBindArgument TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +DirectoryBindError TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_DirectoryBindError_vals) BITMASK = 0 +ReadArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ReadArgument_vals) BITMASK = 0 +ReadResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ReadResult_vals) BITMASK = 0 +CompareArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_CompareArgument_vals) BITMASK = 0 +CompareResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_CompareResult_vals) BITMASK = 0 +AbandonArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_AbandonArgument_vals) BITMASK = 0 +AbandonResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_AbandonResult_vals) BITMASK = 0 +ListArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ListArgument_vals) BITMASK = 0 +ListResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ListResult_vals) BITMASK = 0 +SearchArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_SearchArgument_vals) BITMASK = 0 +SearchResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_SearchResult_vals) BITMASK = 0 +AddEntryArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_AddEntryArgument_vals) BITMASK = 0 +AddEntryResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_AddEntryResult_vals) BITMASK = 0 +RemoveEntryArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_RemoveEntryArgument_vals) BITMASK = 0 +RemoveEntryResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_RemoveEntryResult_vals) BITMASK = 0 +ModifyEntryArgument TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ModifyEntryArgument_vals) BITMASK = 0 +ModifyEntryResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ModifyEntryResult_vals) BITMASK = 0 +EntryModification TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_EntryModification_vals) BITMASK = 0 +ModifyDNArgument TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +ModifyDNResult TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ModifyDNResult_vals) BITMASK = 0 +Abandoned TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_Abandoned_vals) BITMASK = 0 +AbandonFailedError TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_AbandonFailedError_vals) BITMASK = 0 +AttributeError TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_AttributeError_vals) BITMASK = 0 +NameError TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_NameError_vals) BITMASK = 0 +Referral TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_Referral_vals) BITMASK = 0 +SecurityError TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_SecurityError_vals) BITMASK = 0 +ServiceError TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_ServiceError_vals) BITMASK = 0 +UpdateError TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dap_UpdateError_vals) BITMASK = 0 +OperationalBindingID TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +#.END + diff --git a/asn1/dap/dap.asn b/asn1/dap/dap.asn new file mode 100755 index 0000000000..dd165f9eb3 --- /dev/null +++ b/asn1/dap/dap.asn @@ -0,0 +1,1289 @@ +-- Module DirectoryAbstractService (X.511:02/2001) +DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 4} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 + attributeCertificateDefinitions, authenticationFramework, basicAccessControl, + dap, directoryShadowAbstractService, distributedOperations, + enhancedSecurity, id-at, informationFramework, selectedAttributeTypes, + serviceAdministration, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + Attribute, ATTRIBUTE, AttributeType, AttributeTypeAssertion, AttributeValue, + AttributeValueAssertion, CONTEXT, ContextAssertion, DistinguishedName, RDNSequence, + MATCHING-RULE, -- Name,-- OBJECT-CLASS, RelativeDistinguishedName, + SupportedAttributes, SupportedContexts + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + RelaxationPolicy + FROM ServiceAdministration {joint-iso-itu-t ds(5) module(1) + serviceAdministration(33) 4} + AttributeTypeAndValue + FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) + basicAccessControl(24) 4} + OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{} + FROM EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28) + 4} + -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 + AccessPoint, ContinuationReference, Exclusions, OperationProgress, + ReferenceType + FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) + distributedOperations(3) 4} + -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 + id-errcode-abandoned, id-errcode-abandonFailed, id-errcode-attributeError, + id-errcode-nameError, id-errcode-referral, id-errcode-securityError, + id-errcode-serviceError, id-errcode-updateError, id-opcode-abandon, + id-opcode-addEntry, id-opcode-compare, id-opcode-list, id-opcode-modifyDN, + id-opcode-modifyEntry, id-opcode-read, id-opcode-removeEntry, + id-opcode-search + FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 4} + -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 +-- DirectoryString{} +-- FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) +-- selectedAttributeTypes(5) 4} + ub-domainLocalID + FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4} + -- from ITU-T Rec. X.509 | ISO/IEC 9594-8 + AlgorithmIdentifier, CertificationPath, ENCRYPTED{}, SIGNATURE{}, SIGNED{} + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4} + AttributeCertificationPath + FROM AttributeCertificateDefinitions {joint-iso-itu-t ds(5) module(1) + attributeCertificateDefinitions(32) 4} + -- from ITU-T Rec. X.525 | ISO/IEC 9594-9 +-- AgreementID +-- FROM DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1) +-- directoryShadowAbstractService(15) 4} + -- from ITU-T Rec. X.880 | ISO/IEC 13712-1 + Code, ERROR, OPERATION + FROM Remote-Operations-Information-Objects {joint-iso-itu-t + remote-operations(4) informationObjects(5) version1(0)} + emptyUnbind + FROM Remote-Operations-Useful-Definitions {joint-iso-itu-t + remote-operations(4) useful-definitions(7) version1(0)} + InvokeId + FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t + remote-operations(4) generic-ROS-PDUs(6) version1(0)} + -- from RFC 2025 +-- SPKM-ERROR, SPKM-REP-TI, SPKM-REQ +-- FROM SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1) +-- security(5) mechanisms(5) spkm(1) spkmGssTokens(10)}; + EXTERNAL + FROM ACSE-1 {joint-iso-itu-t association-control(2) modules(0) acse1(1) version1(1)}; + +-- Common data types +--CommonArguments ::= SET { +-- serviceControls [30] ServiceControls DEFAULT {}, +-- securityParameters [29] SecurityParameters OPTIONAL, +-- requestor [28] DistinguishedName OPTIONAL, +-- operationProgress +-- [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, +-- aliasedRDNs [26] INTEGER OPTIONAL, +-- criticalExtensions [25] BIT STRING OPTIONAL, +-- referenceType [24] ReferenceType OPTIONAL, +-- entryOnly [23] BOOLEAN DEFAULT TRUE, +-- nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, +-- operationContexts [20] ContextSelection OPTIONAL, +-- familyGrouping [19] FamilyGrouping DEFAULT entryOnly +--} + +FamilyGrouping ::= ENUMERATED { + entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)} + +CommonResults ::= SET { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +--CommonResultsSeq ::= SEQUENCE { +-- securityParameters [30] SecurityParameters OPTIONAL, +-- performer [29] DistinguishedName OPTIONAL, +-- aliasDereferenced [28] BOOLEAN DEFAULT FALSE, +-- notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL +--} + +ServiceControls ::= SET { + options [0] ServiceControlOptions DEFAULT {}, + priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium, + timeLimit [2] INTEGER OPTIONAL, + sizeLimit [3] INTEGER OPTIONAL, + scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL, + attributeSizeLimit [5] INTEGER OPTIONAL, + manageDSAITPlaneRef + [6] SEQUENCE {dsaName Name, + agreementID AgreementID} OPTIONAL, + serviceType [7] OBJECT IDENTIFIER OPTIONAL, + userClass [8] INTEGER OPTIONAL +} + +ServiceControlOptions ::= BIT STRING { + preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3), + dontDereferenceAliases(4), subentries(5), copyShallDo(6), + partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9), + noSubtypeSelection(10), countFamily(11)} + +EntryInformationSelection ::= SET { + attributes + CHOICE {allUserAttributes [0] NULL, + select [1] SET OF AttributeType + -- empty set implies no attributes are requested + } --DEFAULT allUserAttributes:NULL--, + infoTypes + [2] INTEGER {attributeTypesOnly(0), attributeTypesAndValues(1)} + DEFAULT attributeTypesAndValues, + extraAttributes + CHOICE {allOperationalAttributes [3] NULL, + select [4] SET --SIZE (1..MAX)-- OF AttributeType + } OPTIONAL, + contextSelection ContextSelection OPTIONAL, + returnContexts BOOLEAN DEFAULT FALSE, + familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly} +} + +ContextSelection ::= CHOICE { + allContexts NULL, + selectedContexts SET --SIZE (1..MAX)-- OF TypeAndContextAssertion +} + +TypeAndContextAssertion ::= SEQUENCE { + type AttributeType, + contextAssertions + CHOICE {preference SEQUENCE OF ContextAssertion, + all SET OF ContextAssertion} +} + +FamilyReturn ::= SEQUENCE { + memberSelect + ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2), + compoundEntry(3)}, + familySelect SEQUENCE --SIZE (1..MAX)-- OF --OBJECT-CLASS.&id-- OBJECT IDENTIFIER OPTIONAL +} + + +EntryInformation ::= SEQUENCE { + name Name, + fromEntry BOOLEAN DEFAULT TRUE, + information + SET --SIZE (1..MAX)-- OF CHOICE { + attributeType AttributeType, + attribute Attribute} OPTIONAL, + incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems + partialName [4] BOOLEAN DEFAULT FALSE, -- not in 1988 or 1993 edition systems + derivedEntry + [5] BOOLEAN DEFAULT FALSE -- not in pre-2001 edition systems -- +} + +--family-information ATTRIBUTE ::= { +-- WITH SYNTAX FamilyEntries +-- USAGE directoryOperation +-- ID id-at-family-information +--} + +FamilyEntries ::= SEQUENCE { + family-class --OBJECT-CLASS.&id-- OBJECT IDENTIFIER, -- structural object class value + familyEntries SEQUENCE OF FamilyEntry +} + +FamilyEntry ::= SEQUENCE { + rdn RelativeDistinguishedName, + information + SEQUENCE OF CHOICE {attributeType AttributeType, + attribute Attribute}, + family-info SEQUENCE --SIZE (1..MAX)-- OF FamilyEntries OPTIONAL +} + +Filter ::= CHOICE { + item [0] FilterItem, + and [1] SetOfFilter, + or [2] SetOfFilter, + not [3] Filter +} + +SetOfFilter ::= SET OF Filter + + +FilterItem ::= CHOICE { + equality [0] AttributeValueAssertion, + substrings + [1] SEQUENCE {type --ATTRIBUTE.&id({SupportedAttributes})-- OBJECT IDENTIFIER, + strings + SEQUENCE OF + CHOICE {initial + [0] -- ATTRIBUTE.&Type -- ANY +-- ({SupportedAttributes} +-- {@substrings.type})--, + any + [1] -- ATTRIBUTE.&Type -- ANY +-- ({SupportedAttributes} +-- {@substrings.type})--, + final + [2] --ATTRIBUTE.&Type -- ANY +-- ({SupportedAttributes} +-- {@substrings.type})--, + control Attribute}}, -- Used to specify interpretation of following items + greaterOrEqual [2] AttributeValueAssertion, + lessOrEqual [3] AttributeValueAssertion, + present [4] AttributeType, + approximateMatch [5] AttributeValueAssertion, + extensibleMatch [6] MatchingRuleAssertion, + contextPresent [7] AttributeTypeAssertion +} + +MatchingRuleAssertion ::= SEQUENCE { + matchingRule [1] SET --SIZE (1..MAX)-- OF --MATCHING-RULE.&id-- OBJECT IDENTIFIER, + type [2] AttributeType OPTIONAL, + matchValue + [3] --MATCHING-RULE.&AssertionType-- ANY +-- (CONSTRAINED BY { + -- matchValue shall be a value of type specified by the &AssertionType field of + -- one of the MATCHING-RULE information objects identified by matchingRule }) --, + dnAttributes [4] BOOLEAN DEFAULT FALSE +} + +PagedResultsRequest ::= CHOICE { + newRequest + SEQUENCE {pageSize INTEGER, + sortKeys SEQUENCE --SIZE (1..MAX)-- OF SortKey OPTIONAL, + reverse [1] BOOLEAN DEFAULT FALSE, + unmerged [2] BOOLEAN DEFAULT FALSE}, + queryReference OCTET STRING +} + +SortKey ::= SEQUENCE { + type AttributeType, + orderingRule --MATCHING-RULE.&id-- OBJECT IDENTIFIER OPTIONAL +} + +SecurityParameters ::= SET { + certification-path [0] CertificationPath OPTIONAL, + name [1] DistinguishedName OPTIONAL, + time [2] Time OPTIONAL, + random [3] BIT STRING OPTIONAL, + target [4] ProtectionRequest OPTIONAL, + response [5] BIT STRING OPTIONAL, + operationCode [6] Code OPTIONAL, + attributeCertificationPath [7] AttributeCertificationPath OPTIONAL, + errorProtection [8] ErrorProtectionRequest OPTIONAL, + errorCode [9] Code OPTIONAL +} + +ProtectionRequest ::= INTEGER { + none(0), signed(1), encrypted(2), signed-encrypted(3)} + +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} + +ErrorProtectionRequest ::= INTEGER { + none(0), signed(1), encrypted(2), signed-encrypted(3)} + +-- Bind and unbind operations +--directoryBind OPERATION ::= { +-- ARGUMENT DirectoryBindArgument +-- RESULT DirectoryBindResult +-- ERRORS {directoryBindError} +--} + +DirectoryBindArgument ::= SET { + credentials [0] Credentials OPTIONAL, + versions [1] Versions DEFAULT {v1} +} + +Credentials ::= CHOICE { + simple [0] SimpleCredentials, + strong [1] StrongCredentials, + externalProcedure [2] EXTERNAL, + spkm [3] SpkmCredentials +} + +SimpleCredentials ::= SEQUENCE { + name [0] DistinguishedName, + validity + [1] SET {time1 [0] CHOICE {utc UTCTime, + gt GeneralizedTime} OPTIONAL, + time2 [1] CHOICE {utc UTCTime, + gt GeneralizedTime} OPTIONAL, + random1 [2] BIT STRING OPTIONAL, + random2 [3] BIT STRING OPTIONAL} OPTIONAL, + password + [2] CHOICE {unprotected OCTET STRING, +-- protected SIGNATURE{OCTET STRING}} OPTIONAL + protected SEQUENCE { + protectedPassword OCTET STRING, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING }} OPTIONAL +} + +StrongCredentials ::= SET { + certification-path [0] CertificationPath OPTIONAL, + bind-token [1] --Token-- ANY, + name [2] DistinguishedName OPTIONAL, + attributeCertificationPath [3] AttributeCertificationPath OPTIONAL +} + +SpkmCredentials ::= CHOICE {req [0] -- SPKM-REQ -- ANY, + rep [1] -- SPKM-REP-TI-- ANY +} + +--Token ::= +-- SIGNED +-- {SEQUENCE {algorithm [0] AlgorithmIdentifier, +-- name [1] DistinguishedName, +-- time [2] UTCTime, +-- random [3] BIT STRING, +-- response [4] BIT STRING OPTIONAL, +-- bindIntAlgorithm +-- [5] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL, +-- bindIntKeyInfo [6] BindKeyInfo OPTIONAL, +-- bindConfAlgorithm +-- [7] SEQUENCE SIZE (1..MAX) OF AlgorithmIdentifier OPTIONAL, +-- bindConfKeyInfo +-- [8] BindKeyInfo- -,- - +-- OPTIONAL - - dirqop [9] OBJECT IDENTIFIER OPTIONAL- - +-- }} + +Versions ::= BIT STRING {v1(0), v2(1)} + +DirectoryBindResult ::= DirectoryBindArgument + +DirectoryBindErrorData --ERROR-- ::= --{ +-- PARAMETER OPTIONALLY-PROTECTED +-- {--SET {versions [0] Versions DEFAULT {v1}, + error + CHOICE {serviceError [1] ServiceProblem, + securityError [2] SecurityProblem}} --} +--} + +-- expand OPTIONALLY-PROTECTED macro +DirectoryBindError ::= CHOICE { + unsignedDirectoryBindError DirectoryBindErrorData, + signedDirectoryBindError SEQUENCE { + directoryBindError DirectoryBindErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +--BindKeyInfo ::= ENCRYPTED{- - BIT STRING - - + +--directoryUnbind OPERATION ::= emptyUnbind + +-- Operations, arguments, and results +--read OPERATION ::= { +-- ARGUMENT ReadArgument +-- RESULT ReadResult +-- ERRORS +-- {attributeError | nameError | serviceError | referral | abandoned | +-- securityError} +-- CODE id-opcode-read +--} + +ReadArgumentData ::= +-- OPTIONALLY-PROTECTED +-- {-- SET {object [0] Name, + selection [1] EntryInformationSelection DEFAULT {}, + modifyRightsRequest [2] BOOLEAN DEFAULT FALSE, +-- COMPONENTS OF CommonArguments + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +}--} + +Name ::= CHOICE { + rdnSequence RDNSequence +} + + +-- OPTIONALLY-PROTECTED macro expansion +ReadArgument ::= CHOICE { + unsignedReadArgument ReadArgumentData, + signedReadArgument SEQUENCE { + readArgument ReadArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ReadResultData ::= +-- OPTIONALLY-PROTECTED +-- {--SET {entry [0] EntryInformation, + modifyRights [1] ModifyRights OPTIONAL, +-- COMPONENTS OF CommonResults + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +}--} + +-- OPTIONALLY-PROTECTED macro expansion +ReadResult ::= CHOICE { + unsignedReadResult ReadResultData, + signedReadResult SEQUENCE { + readResult ReadResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +ModifyRights ::= + SET OF + SEQUENCE {item + CHOICE {entry [0] NULL, + attribute [1] AttributeType, + value [2] AttributeValueAssertion}, + permission + [3] BIT STRING {add(0), remove(1), rename(2), move(3)} + } + +--compare OPERATION ::= { +-- ARGUMENT CompareArgument +-- RESULT CompareResult +-- ERRORS +-- {attributeError | nameError | serviceError | referral | abandoned | +-- securityError} +-- CODE id-opcode-compare +--} + +CompareArgumentData ::= +-- OPTIONALLY-PROTECTED +-- {--SET {object [0] Name, + purported [1] AttributeValueAssertion, +-- COMPONENTS OF CommonArguments}} + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +-- OPTIONALLY-PROTECTED macro expansion +CompareArgument ::= CHOICE { + unsignedCompareArgument CompareArgumentData, + signedCompareArgument SEQUENCE { + compareArgument CompareArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +CompareResultData ::= +-- OPTIONALLY-PROTECTED +-- {--SET {name Name OPTIONAL, + matched [0] BOOLEAN, + fromEntry [1] BOOLEAN DEFAULT TRUE, + matchedSubtype [2] AttributeType OPTIONAL, +-- COMPONENTS OF CommonResults}} + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +-- OPTIONALLY-PROTECTED macro expansion +CompareResult ::= CHOICE { + unsignedCompareResult CompareResultData, + signedCompareResult SEQUENCE { + compareResult CompareResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +--abandon OPERATION ::= { +-- ARGUMENT AbandonArgument +-- RESULT AbandonResult +-- ERRORS {abandonFailed} +-- CODE id-opcode-abandon +--} + +AbandonArgumentData ::= +-- OPTIONALLY-PROTECTED-SEQ{--SEQUENCE {invokeID [0] InvokeId}--} + +-- OPTIONALLY-PROTECTED-SEQ macro expansion +AbandonArgument ::= CHOICE { + unsignedAbandonArgument AbandonArgumentData, + signedAbandonArgument [0] SEQUENCE { + abandonArgument AbandonArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +AbandonResultData ::= SEQUENCE { + invokeID InvokeId, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +AbandonResult ::= CHOICE { + null NULL, + information +-- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {invokeID InvokeId, +-- COMPONENTS OF CommonResultsSeq +-- }} + CHOICE { + unsignedAbandonResult AbandonResultData, + signedAbandonResult [0] SEQUENCE { + abandonResult AbandonResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } + } +} + +--list OPERATION ::= { +-- ARGUMENT ListArgument +-- RESULT ListResult +-- ERRORS {nameError | serviceError | referral | abandoned | securityError} +-- CODE id-opcode-list +--} + +ListArgumentData ::= +-- OPTIONALLY-PROTECTED +-- {--SET {object [0] Name, + pagedResults [1] PagedResultsRequest OPTIONAL, + listFamily [2] BOOLEAN DEFAULT FALSE, +-- COMPONENTS OF CommonArguments}} + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +-- expand OPTIONALLY-PROTECTED macro +ListArgument ::= CHOICE { + unsignedListArgument ListArgumentData, + signedListArgument SEQUENCE { + listArgument ListArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +ListResultData ::= +-- OPTIONALLY-PROTECTED +-- {--CHOICE {listInfo + SET {name Name OPTIONAL, + subordinates + [1] SET OF + SEQUENCE {rdn RelativeDistinguishedName, + aliasEntry [0] BOOLEAN DEFAULT FALSE, + fromEntry [1] BOOLEAN DEFAULT TRUE + }, + partialOutcomeQualifier + [2] PartialOutcomeQualifier OPTIONAL, +-- COMPONENTS OF CommonResults}, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL + }, + uncorrelatedListInfo [0] SET OF ListResult}--} + +-- expand OPTIONALLY-PROTECTED macro +ListResult ::= CHOICE { + unsignedListResult ListResultData, + signedListResult SEQUENCE { + listResult ListResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +PartialOutcomeQualifier ::= SET { + limitProblem [0] LimitProblem OPTIONAL, + unexplored + [1] SET --SIZE (1..MAX)-- OF ContinuationReference OPTIONAL, + unavailableCriticalExtensions [2] BOOLEAN DEFAULT FALSE, + unknownErrors + [3] SET --SIZE (1..MAX)-- OF --ABSTRACT-SYNTAX.&Type-- OBJECT IDENTIFIER OPTIONAL, + queryReference [4] OCTET STRING OPTIONAL, + overspecFilter [5] Filter OPTIONAL, + notification + [6] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL, + entryCount + CHOICE {bestEstimate [7] INTEGER, + lowEstimate [8] INTEGER} OPTIONAL +} + +LimitProblem ::= INTEGER { + timeLimitExceeded(0), sizeLimitExceeded(1), administrativeLimitExceeded(2) +} + +--search OPERATION ::= { +-- ARGUMENT SearchArgument +-- RESULT SearchResult +-- ERRORS +-- {attributeError | nameError | serviceError | referral | abandoned | +-- securityError} +-- CODE id-opcode-search +--} + +SearchArgumentData ::= +-- OPTIONALLY-PROTECTED +-- {--SET {baseObject [0] Name, + subset + [1] INTEGER {baseObject(0), oneLevel(1), wholeSubtree(2)} + DEFAULT baseObject, + filter [2] Filter --DEFAULT and:{}--, + searchAliases [3] BOOLEAN DEFAULT TRUE, + selection [4] EntryInformationSelection DEFAULT {}, + pagedResults [5] PagedResultsRequest OPTIONAL, + matchedValuesOnly [6] BOOLEAN DEFAULT FALSE, + extendedFilter [7] Filter OPTIONAL, + checkOverspecified [8] BOOLEAN DEFAULT FALSE, + relaxation [9] RelaxationPolicy OPTIONAL, + extendedArea [10] INTEGER OPTIONAL, + hierarchySelections [11] HierarchySelections DEFAULT {self}, + searchControlOptions + [12] SearchControlOptions DEFAULT {searchAliases}, + joinArguments + [13] SEQUENCE SIZE (1..MAX) OF JoinArgument OPTIONAL, + joinType + [14] ENUMERATED {innerJoin(0), leftOuterJoin(1), fullOuterJoin(2)} + DEFAULT leftOuterJoin, +-- COMPONENTS OF CommonArguments}} + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +-- expand OPTIONALLY-PROTECTED macro +SearchArgument ::= CHOICE { + unsignedSearchArgument SearchArgumentData, + signedSearchArgument SEQUENCE { + searchArgument SearchArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +HierarchySelections ::= BIT STRING { + self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5), + siblings(6), siblingChildren(7), siblingSubtree(8), all(9)} + +SearchControlOptions ::= BIT STRING { + searchAliases(0), matchedValuesOnly(1), checkOverspecified(2), + performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6), + matchOnResidualName(7), entryCount(8), useSubset(9), + separateFamilyMembers(10), searchFamily(11)} + +JoinArgument ::= SEQUENCE { + joinBaseObject [0] Name, + domainLocalID [1] DomainLocalID OPTIONAL, + joinSubset + [2] ENUMERATED {baseObject(0), oneLevel(1), wholeSubtree(2)} + DEFAULT baseObject, + joinFilter [3] Filter OPTIONAL, + joinAttributes [4] SEQUENCE --SIZE (1..MAX)-- OF JoinAttPair OPTIONAL, + joinSelection [5] EntryInformationSelection +} + +DomainLocalID ::= DirectoryString --{ub-domainLocalID}-- + +JoinAttPair ::= SEQUENCE { + baseAtt AttributeType, + joinAtt AttributeType, + joinContext SEQUENCE --SIZE (1..MAX)-- OF JoinContextType OPTIONAL +} + +JoinContextType ::= --CONTEXT.&id({SupportedContexts})-- OBJECT IDENTIFIER + +SearchResultData ::= +-- OPTIONALLY-PROTECTED +-- {--CHOICE {searchInfo + SET {name Name OPTIONAL, + entries [0] SET OF EntryInformation, + partialOutcomeQualifier + [2] PartialOutcomeQualifier OPTIONAL, + altMatching [3] BOOLEAN DEFAULT FALSE, +-- COMPONENTS OF CommonResults}, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL}, + uncorrelatedSearchInfo [0] SET OF SearchResult}--} + +-- expand OPTIONALLY-PROTECTED macro +SearchResult ::= CHOICE { + unsignedSearchResult SearchResultData, + signedSearchResult SEQUENCE { + searchResult SearchResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +--addEntry OPERATION ::= { +-- ARGUMENT AddEntryArgument +-- RESULT AddEntryResult +-- ERRORS +-- {attributeError | nameError | serviceError | referral | securityError | +-- updateError} +-- CODE id-opcode-addEntry +--} + +AddEntryArgumentData ::= +-- OPTIONALLY-PROTECTED +-- {--SET {object [0] Name, + entry [1] SET OF Attribute, + targetSystem [2] AccessPoint OPTIONAL, +-- COMPONENTS OF CommonArguments}} + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +-- expand OPTIONALLY-PROTECTED macro +AddEntryArgument ::= CHOICE { + unsignedAddEntryArgument AddEntryArgumentData, + signedAddEntryArgument SEQUENCE { + addEntryArgument AddEntryArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +AddEntryResultData ::= SEQUENCE { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +AddEntryResult ::= CHOICE { + null NULL, + information +-- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} + CHOICE { + unsignedAddEntryResult AddEntryResultData, + signedAddEntryResult [0] SEQUENCE { + addEntryResult AddEntryResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } + } +} + +--removeEntry OPERATION ::= { +-- ARGUMENT RemoveEntryArgument +-- RESULT RemoveEntryResult +-- ERRORS {nameError | serviceError | referral | securityError | updateError} +-- CODE id-opcode-removeEntry +--} + +RemoveEntryArgumentData ::= +-- OPTIONALLY-PROTECTED{--SET {object [0] Name, +-- COMPONENTS OF CommonArguments}} + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +-- OPTIONALLY-PROTECTED macro expansion +RemoveEntryArgument ::= CHOICE { + unsignedRemoveEntryArgument RemoveEntryArgumentData, + signedRemoveEntryArgument SEQUENCE { + removeEntryArgument RemoveEntryArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +RemoveEntryResultData ::= SEQUENCE { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +RemoveEntryResult ::= CHOICE { + null NULL, + information +-- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} + CHOICE { + unsignedRemoveEntryResult RemoveEntryResultData, + signedRemoveEntryResult [0] SEQUENCE { + removeEntryResult RemoveEntryResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } + } +} + +--modifyEntry OPERATION ::= { +-- ARGUMENT ModifyEntryArgument +-- RESULT ModifyEntryResult +-- ERRORS +-- {attributeError | nameError | serviceError | referral | securityError | +-- updateError} +-- CODE id-opcode-modifyEntry +--} + +ModifyEntryArgumentData ::= +-- OPTIONALLY-PROTECTED +-- {--SET {object [0] Name, + changes [1] SEQUENCE OF EntryModification, + selection [2] EntryInformationSelection OPTIONAL, +-- COMPONENTS OF CommonArguments}} + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +-- OPTIONALLY-PROTECTED macro expansion +ModifyEntryArgument ::= CHOICE { + unsignedModifyEntryArgument ModifyEntryArgumentData, + signedModifyEntryArgument SEQUENCE { + modifyEntryArgument ModifyEntryArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +ModifyEntryResultData ::= SEQUENCE { + entry [0] EntryInformation OPTIONAL, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +ModifyEntryResult ::= CHOICE { + null NULL, + information +-- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} + CHOICE { + unsignedModifyEntryResult ModifyEntryResultData, + signedModifyEntryResult [0] SEQUENCE { + modifyEntryResult ModifyEntryResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } + } +} + +EntryModification ::= CHOICE { + addAttribute [0] Attribute, + removeAttribute [1] AttributeType, + addValues [2] Attribute, + removeValues [3] Attribute, + alterValues [4] AttributeTypeAndValue, + resetValue [5] AttributeType +} + +--modifyDN OPERATION ::= { +-- ARGUMENT ModifyDNArgument +-- RESULT ModifyDNResult +-- ERRORS {nameError | serviceError | referral | securityError | updateError} +-- CODE id-opcode-modifyDN +--} + +ModifyDNArgument ::= +-- OPTIONALLY-PROTECTED +-- {--SET {object [0] DistinguishedName, + newRDN [1] RelativeDistinguishedName, + deleteOldRDN [2] BOOLEAN DEFAULT FALSE, + newSuperior [3] DistinguishedName OPTIONAL, +-- COMPONENTS OF CommonArguments}} + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress + [27] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaster [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +ModifyDNResultData ::= SEQUENCE { + newRDN RelativeDistinguishedName, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + + +ModifyDNResult ::= CHOICE { + null NULL, + information +-- OPTIONALLY-PROTECTED-SEQ{SEQUENCE {COMPONENTS OF CommonResultsSeq}} + CHOICE { + unsignedModifyDNResult ModifyDNResultData, + signedModifyDNResult [0] SEQUENCE { + modifyDNResult ModifyDNResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } + } +} + + +-- Errors and parameters + +AbandonedData ::= SET { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +--abandoned ERROR ::= { - - not literally an "error" +-- PARAMETER OPTIONALLY-PROTECTED {SET {COMPONENTS OF CommonResults}} +-- CODE id-errcode-abandoned +--} + +Abandoned ::= CHOICE { + unsignedAbandoned AbandonedData, + signedAbandoned SEQUENCE { + abandoned AbandonedData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +AbandonFailedErrorData ::= SET { + problem [0] AbandonProblem, + operation [1] InvokeId, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + + +--abandonFailed ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED +-- {SET {problem [0] AbandonProblem, +-- operation [1] InvokeId, +-- COMPONENTS OF CommonResults}} +-- CODE id-errcode-abandonFailed +--} + +AbandonFailedError ::= CHOICE { + unsignedAbandonFailedError AbandonFailedErrorData, + signedAbandonFailedError SEQUENCE { + abandonFailedError AbandonFailedErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +AbandonProblem ::= INTEGER {noSuchOperation(1), tooLate(2), cannotAbandon(3)} + +AttributeErrorData ::= SET { + object [0] Name, + problems + [1] SET OF + SEQUENCE {problem [0] AttributeProblem, + type [1] AttributeType, + value [2] AttributeValue OPTIONAL}, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + + +--attributeError ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED +-- {SET {object [0] Name, +-- problems +-- [1] SET OF +-- SEQUENCE {problem [0] AttributeProblem, +-- type [1] AttributeType, +-- value [2] AttributeValue OPTIONAL}, +-- COMPONENTS OF CommonResults}} +-- CODE id-errcode-attributeError +--} + +AttributeError ::= CHOICE { + unsignedAttributeError AttributeErrorData, + signedAttributeError SEQUENCE { + attributeError AttributeErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +AttributeProblem ::= INTEGER { + noSuchAttributeOrValue(1), invalidAttributeSyntax(2), + undefinedAttributeType(3), inappropriateMatching(4), constraintViolation(5), + attributeOrValueAlreadyExists(6), contextViolation(7)} + + +NameErrorData ::= SET { + problem [0] NameProblem, + matched [1] Name, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +--nameError ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED +-- {SET {problem [0] NameProblem, +-- matched [1] Name, +-- COMPONENTS OF CommonResults}} +-- CODE id-errcode-nameError +--} + +NameError ::= CHOICE { + unsignedNameError NameErrorData, + signedNameError SEQUENCE { + nameError NameErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +NameProblem ::= INTEGER { + noSuchObject(1), aliasProblem(2), invalidAttributeSyntax(3), + aliasDereferencingProblem(4), contextProblem(5)} + +ReferralData ::= SET { + candidate [0] ContinuationReference, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL + +} + +--referral ERROR ::= { - - not literally an "error" +-- PARAMETER OPTIONALLY-PROTECTED +-- {SET {candidate [0] ContinuationReference, +-- COMPONENTS OF CommonResults}} +-- CODE id-errcode-referral +--} + +Referral ::= CHOICE { + unsignedReferral ReferralData, + signedReferral SEQUENCE { + referral ReferralData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +SecurityErrorData ::= SET { + problem [0] SecurityProblem, + spkmInfo [1] -- SPKM-ERROR -- ANY, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +--securityError ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED +-- {SET {problem [0] SecurityProblem, +-- spkmInfo [1] SPKM-ERROR, +-- COMPONENTS OF CommonResults}} +-- CODE id-errcode-securityError +--} + +SecurityError ::= CHOICE { + unsignedSecurityError SecurityErrorData, + signedSecurityError SEQUENCE { + securityError SecurityErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +SecurityProblem ::= INTEGER { + inappropriateAuthentication(1), invalidCredentials(2), + insufficientAccessRights(3), invalidSignature(4), protectionRequired(5), + noInformation(6), blockedCredentials(7), invalidQOPMatch(8), spkmError(9) +} + +ServiceErrorData ::= SET { + problem [0] ServiceProblem, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + + +--serviceError ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED +-- {SET {problem [0] ServiceProblem, +-- COMPONENTS OF CommonResults}} +-- CODE id-errcode-serviceError +--} + +ServiceError ::= CHOICE { + unsignedServiceError ServiceErrorData, + signedServiceError SEQUENCE { + serviceError ServiceErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +ServiceProblem ::= INTEGER { + busy(1), unavailable(2), unwillingToPerform(3), chainingRequired(4), + unableToProceed(5), invalidReference(6), timeLimitExceeded(7), + administrativeLimitExceeded(8), loopDetected(9), + unavailableCriticalExtension(10), outOfScope(11), ditError(12), + invalidQueryReference(13), requestedServiceNotAvailable(14), + relaxationNotSupported(15), unsupportedMatchingUse(16)} + +UpdateErrorData ::= SET { + problem [0] UpdateProblem, + attributeInfo + [1] SET --SIZE (1..MAX)-- OF + CHOICE {attributeType AttributeType, + attribute Attribute} OPTIONAL, + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +--updateError ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED +-- {SET {problem [0] UpdateProblem, +-- attributeInfo +-- [1] SET SIZE (1..MAX) OF +-- CHOICE {attributeType AttributeType, +-- attribute Attribute} OPTIONAL, +-- COMPONENTS OF CommonResults}} +-- CODE id-errcode-updateError +--} + +UpdateError ::= CHOICE { + unsignedUpdateError UpdateErrorData, + signedUpdateError SEQUENCE { + updateError UpdateErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +UpdateProblem ::= INTEGER { + namingViolation(1), objectClassViolation(2), notAllowedOnNonLeaf(3), + notAllowedOnRDN(4), entryAlreadyExists(5), affectsMultipleDSAs(6), + objectClassModificationProhibited(7), noSuchSuperior(8), notAncestor(9), + parentNotAncestor(10), hierarchyRuleViolation(11), familyRuleViolation(12) +} + +-- attribute types +--id-at-family-information OBJECT IDENTIFIER ::= {id-at 64} + +AgreementID ::= OperationalBindingID + +OperationalBindingID ::= SEQUENCE { + identifier INTEGER, + version INTEGER +} + + +-- local definition as one in x509sat is wrong! */ +DirectoryString ::= CHOICE { + teletexString TeletexString, + printableString PrintableString, + universalString UniversalString, + bmpString BMPString, + uTF8String UTF8String +} + + +END -- DirectoryAbstractService + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/asn1/dap/dap.cnf b/asn1/dap/dap.cnf new file mode 100755 index 0000000000..1a7fee85bb --- /dev/null +++ b/asn1/dap/dap.cnf @@ -0,0 +1,277 @@ +#.MODULE_IMPORT +InformationFramework x509if +ServiceAdministration x509if + +AuthenticationFramework x509af +AttributeCertificateDefinitions x509af + +BasicAccessControl crmf + +Remote-Operations-Generic-ROS-PDUs ros +Remote-Operations-Information-Objects ros + +ACSE-1 acse +DistributedOperations dsp + +#.INCLUDE ../x509if/x509if-exp.cnf +#.INCLUDE ../x509af/x509af-exp.cnf +#.INCLUDE ../pkixcrmf/crmf-exp.cnf +#.INCLUDE ../dsp/dsp-exp.cnf +#.INCLUDE ../ros/ros-exp.cnf +#.INCLUDE ../acse/acse-exp.cnf + +#.EXPORTS +CommonResults +Referral +SecurityParameters +EntryModification +ContextSelection +OperationalBindingID +DirectoryBindArgument +DirectoryBindError +ReadArgument +ReadResult +ListArgument +ListResult +SearchArgument +SearchResult +AddEntryArgument +AddEntryResult +CompareArgument +CompareResult +RemoveEntryArgument +RemoveEntryResult +ModifyEntryArgument +ModifyEntryResult +ModifyDNArgument +ModifyDNResult +AbandonArgument +AbandonResult +AttributeError +NameError +ServiceError +Abandoned +SecurityError +AbandonFailedError +UpdateError + + +#.TYPE_RENAME +FamilyEntry/information FamilyInformation +AbandonResult/information AbandonInformation +AddEntryResult/information AddEntryInformation +RemoveEntryResult/information RemoveEntryInformation +ModifyEntryResult/information ModifyEntryInformation +ModifyDNResult/information ModifyDNInformation + +EntryInformation/information/_item EntryInformationItem + +#.FIELD_RENAME + +ModifyRights/_item/item/attribute attribute-type + +ModifyRights/_item/item/entry item-entry +AddEntryArgumentData/entry add-entry + +EntryInformation/information entry-information +FamilyEntry/information family-information +AbandonResult/information abandon-information +AddEntryResult/information add-entry-information +RemoveEntryResult/information remove-entry-information +ModifyEntryResult/information modify-entry-information +ModifyDNResult/information modify-dn-information + +EntryInformation/information/_item entry-information-item + +Filter/item filter-item + +NameErrorData/matched matched-name + +SecurityParameters/name distinguished-name +SimpleCredentials/name distinguished-name +StrongCredentials/name distinguished-name + +ModifyDNArgument/object distinguished-name + +AbandonFailedErrorData/problem abandon-failed-problem +ServiceErrorData/problem service-error-problem +AttributeErrorData/problems/_item/problem attribute-error-problem +NameErrorData/problem name-error-problem +SecurityErrorData/problem security-error-problem +UpdateErrorData/problem update-error-problem + +DirectoryBindErrorData/error/securityError securityProblem +SecurityError/signedSecurityError/securityError securityErrorData + +DirectoryBindErrorData/error/serviceError serviceProblem + +FilterItem/substrings/type sunstringType + +ModifyRights/_item/item/value value-assertion + +#.FN_BODY T_initial + proto_item *it; + it = proto_tree_add_item(tree, hf_index, tvb, offset, -1, FALSE); + proto_item_append_text(it," XXX: Not yet implemented!"); + +#.FN_BODY T_any + /* XXX: not yet implemented */ + +#.FN_BODY T_final + /* XXX: not yet implemented */ + +#.FN_BODY T_matchValue + /* XXX: not yet implemented */ + +#.FN_BODY T_bind_token + /* XXX: not yet implemented */ + +#.FN_BODY T_req + /* XXX: not yet implemented */ + +#.FN_BODY T_rep + /* XXX: not yet implemented */ + +#.FN_BODY T_spkmInfo + /* XXX: not yet implemented */ + +#.FN_BODY DirectoryBindArgument + + guint32 len; + + /* check and see if this is an empty set */ + dissect_ber_length(pinfo, tree, tvb, offset+1, &len, NULL); + + if(len == 0) { + /* its an empty set - i.e anonymous (assuming version is DEFAULTed) */ + proto_tree_add_text(tree, tvb, offset, -1,"Anonymous"); + + if(check_col(pinfo->cinfo, COL_INFO)) + col_append_fstr(pinfo->cinfo, COL_INFO, " anonymous"); + + } + /* do the default thing */ + + %(DEFAULT_BODY)s + +#.FN_BODY SimpleCredentials + + %(DEFAULT_BODY)s + + if(check_col(pinfo->cinfo, COL_INFO)) + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", x509if_get_last_dn()); + +#.FN_PARS INTEGER + VAL_PTR = &value + +#.FN_BODY INTEGER + guint32 value; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + if(hf_index == hf_dap_identifier) { + col_append_fstr(pinfo->cinfo, COL_INFO, " id=%%d", value); + } else if (hf_index == hf_dap_version) { + col_append_fstr(pinfo->cinfo, COL_INFO, ",%%d", value); + } + } + +#.FN_PARS OCTET_STRING + VAL_PTR=&out_tvb + +#.FN_BODY OCTET_STRING + tvbuff_t *out_tvb; + int i; + int len; + proto_item *oct_item; + + %(DEFAULT_BODY)s + + len = tvb_length(out_tvb); + /* now see if we can add a string representation */ + for(i=0; icinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(problem, dap_SecurityProblem_vals, "SecurityProblem(%%d)")); + } + +#.FN_PARS ServiceProblem + VAL_PTR = &problem + +#.FN_BODY ServiceProblem + guint32 problem; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(problem, dap_ServiceProblem_vals, "ServiceProblem(%%d)")); + } + +#.FN_PARS UpdateProblem + VAL_PTR = &problem + +#.FN_BODY UpdateProblem + guint32 problem; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(problem, dap_UpdateProblem_vals, "UpdateProblem(%%d)")); + } + +#.FN_PARS LimitProblem + VAL_PTR = &problem + +#.FN_BODY LimitProblem + guint32 problem; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(problem, dap_LimitProblem_vals, "LimitProblem(%%d)")); + } + +#.FN_PARS T_subset + VAL_PTR = &subset + +#.FN_BODY T_subset + guint32 subset; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(subset, dap_T_subset_vals, "Subset(%%d)")); + } + + +#.FN_BODY Name + const char *dn; + + %(DEFAULT_BODY)s + + if(check_col(pinfo->cinfo, COL_INFO)) { + dn = x509if_get_last_dn(); + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", (dn && *dn) ? dn : "(root)"); + } + diff --git a/asn1/dap/packet-dap-template.c b/asn1/dap/packet-dap-template.c new file mode 100755 index 0000000000..4c8b06fb57 --- /dev/null +++ b/asn1/dap/packet-dap-template.c @@ -0,0 +1,342 @@ +/* packet-dap.c + * Routines for X.511 (X.500 Directory Asbtract Service) and X.519 DAP packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-dap-template.c 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include +#include + +#include +#include + +#include "packet-ber.h" +#include "packet-acse.h" +#include "packet-ros.h" + +#include "packet-x509if.h" +#include "packet-x509af.h" +#include "packet-x509sat.h" +#include "packet-crmf.h" + +#include "packet-dsp.h" +#include "packet-dap.h" + + +/* we don't have a separate dissector for X519 - + most of DAP is defined in X511 */ +#define PNAME "X.519 Directory Access Protocol" +#define PSNAME "DAP" +#define PFNAME "dap" + +static guint global_dap_tcp_port = 102; +static guint tcp_port = 0; +static dissector_handle_t tpkt_handle = NULL; +void prefs_register_dap(void); /* forwad declaration for use in preferences registration */ + + +/* Initialize the protocol and registered fields */ +int proto_dap = -1; + +static struct SESSION_DATA_STRUCTURE* session = NULL; + +#include "packet-dap-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_dap = -1; +#include "packet-dap-ett.c" + +#include "packet-dap-fn.c" + +/* +* Dissect DAP PDUs inside a ROS PDUs +*/ +static void +dissect_dap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + int offset = 0; + int old_offset; + proto_item *item=NULL; + proto_tree *tree=NULL; + int (*dap_dissector)(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) = NULL; + char *dap_op_name; + + /* do we have operation information from the ROS dissector? */ + if( !pinfo->private_data ){ + if(parent_tree){ + proto_tree_add_text(parent_tree, tvb, offset, -1, + "Internal error: can't get operation information from ROS dissector."); + } + return ; + } else { + session = ( (struct SESSION_DATA_STRUCTURE*)(pinfo->private_data) ); + } + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, proto_dap, tvb, 0, -1, FALSE); + tree = proto_item_add_subtree(item, ett_dap); + } + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DAP"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + switch(session->ros_op & ROS_OP_MASK) { + case (ROS_OP_BIND | ROS_OP_ARGUMENT): /* BindInvoke */ + dap_dissector = dissect_dap_DirectoryBindArgument; + dap_op_name = "Bind-Argument"; + break; + case (ROS_OP_BIND | ROS_OP_RESULT): /* BindResult */ + dap_dissector = dissect_dap_DirectoryBindResult; + dap_op_name = "Bind-Result"; + break; + case (ROS_OP_BIND | ROS_OP_ERROR): /* BindError */ + dap_dissector = dissect_dap_DirectoryBindError; + dap_op_name = "Bind-Error"; + break; + case (ROS_OP_INVOKE | ROS_OP_ARGUMENT): /* Invoke Argument */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* read */ + dap_dissector = dissect_dap_ReadArgument; + dap_op_name = "Read-Argument"; + break; + case 2: /* compare */ + dap_dissector = dissect_dap_CompareArgument; + dap_op_name = "Compare-Argument"; + break; + case 3: /* abandon */ + dap_dissector = dissect_dap_AbandonArgument; + dap_op_name = "Abandon-Argument"; + break; + case 4: /* list */ + dap_dissector = dissect_dap_ListArgument; + dap_op_name = "List-Argument"; + break; + case 5: /* search */ + dap_dissector = dissect_dap_SearchArgument; + dap_op_name = "Search-Argument"; + break; + case 6: /* addEntry */ + dap_dissector = dissect_dap_AddEntryArgument; + dap_op_name = "Add-Entry-Argument"; + break; + case 7: /* removeEntry */ + dap_dissector = dissect_dap_RemoveEntryArgument; + dap_op_name = "Remove-Entry-Argument"; + break; + case 8: /* modifyEntry */ + dap_dissector = dissect_dap_ModifyEntryArgument; + dap_op_name = "Modify-Entry-Argument"; + break; + case 9: /* modifyDN */ + dap_dissector = dissect_dap_ModifyDNArgument; + dap_op_name = "Modify-DN-Argument"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DAP opcode (%d)", + session->ros_op & ROS_OP_OPCODE_MASK); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_RESULT): /* Return Result */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* read */ + dap_dissector = dissect_dap_ReadResult; + dap_op_name = "Read-Result"; + break; + case 2: /* compare */ + dap_dissector = dissect_dap_CompareResult; + dap_op_name = "Compare-Result"; + break; + case 3: /* abandon */ + dap_dissector = dissect_dap_AbandonResult; + dap_op_name = "Abandon-Result"; + break; + case 4: /* list */ + dap_dissector = dissect_dap_ListResult; + dap_op_name = "List-Result"; + break; + case 5: /* search */ + dap_dissector = dissect_dap_SearchResult; + dap_op_name = "Search-Result"; + break; + case 6: /* addEntry */ + dap_dissector = dissect_dap_AddEntryResult; + dap_op_name = "Add-Entry-Result"; + break; + case 7: /* removeEntry */ + dap_dissector = dissect_dap_RemoveEntryResult; + dap_op_name = "Remove-Entry-Result"; + break; + case 8: /* modifyEntry */ + dap_dissector = dissect_dap_ModifyEntryResult; + dap_op_name = "Modify-Entry-Result"; + break; + case 9: /* modifyDN */ + dap_dissector = dissect_dap_ModifyDNResult; + dap_op_name = "Modify-DN-Result"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DAP opcode"); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_ERROR): /* Return Error */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* attributeError */ + dap_dissector = dissect_dap_AttributeError; + dap_op_name = "Attribute-Error"; + break; + case 2: /* nameError */ + dap_dissector = dissect_dap_NameError; + dap_op_name = "Name-Error"; + break; + case 3: /* serviceError */ + dap_dissector = dissect_dap_ServiceError; + dap_op_name = "Service-Error"; + break; + case 4: /* referral */ + dap_dissector = dissect_dap_Referral; + dap_op_name = "Referral"; + break; + case 5: /* abandoned */ + dap_dissector = dissect_dap_Abandoned; + dap_op_name = "Abandoned"; + break; + case 6: /* securityError */ + dap_dissector = dissect_dap_SecurityError; + dap_op_name = "Security-Error"; + break; + case 7: /* abandonFailed */ + dap_dissector = dissect_dap_AbandonFailedError; + dap_op_name = "Abandon-Failed-Error"; + break; + case 8: /* updateError */ + dap_dissector = dissect_dap_UpdateError; + dap_op_name = "Update-Error"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DAP errcode"); + break; + } + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DAP PDU"); + return; + } + + if(dap_dissector) { + if (check_col(pinfo->cinfo, COL_INFO)) + col_add_str(pinfo->cinfo, COL_INFO, dap_op_name); + + while (tvb_reported_length_remaining(tvb, offset) > 0){ + old_offset=offset; + offset=(*dap_dissector)(FALSE, tvb, offset, pinfo , tree, -1); + if(offset == old_offset){ + proto_tree_add_text(tree, tvb, offset, -1,"Internal error, zero-byte DAP PDU"); + offset = tvb_length(tvb); + break; + } + } + } +} + + +/*--- proto_register_dap -------------------------------------------*/ +void proto_register_dap(void) { + + /* List of fields */ + static hf_register_info hf[] = + { +#include "packet-dap-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_dap, +#include "packet-dap-ettarr.c" + }; + module_t *dap_module; + + /* Register protocol */ + proto_dap = proto_register_protocol(PNAME, PSNAME, PFNAME); + register_dissector("dap", dissect_dap, proto_dap); + + /* Register fields and subtrees */ + proto_register_field_array(proto_dap, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* Register our configuration options for DAP, particularly our port */ + + dap_module = prefs_register_protocol(proto_dap, prefs_register_dap); + + prefs_register_uint_preference(dap_module, "tcp.port", "DAP TCP Port", + "Set the port for DAP operations (if other" + " than the default of 102)", + 10, &global_dap_tcp_port); + +} + + +/*--- proto_reg_handoff_dap --- */ +void proto_reg_handoff_dap(void) { + dissector_handle_t handle = NULL; + + /* #include "packet-dap-dis-tab.c" */ + + /* APPLICATION CONTEXT */ + + register_ber_oid_name("2.5.3.1", "id-ac-directory-access"); + + /* ABSTRACT SYNTAXES */ + + /* Register DAP with ROS (with no use of RTSE) */ + if((handle = find_dissector("dap"))) { + register_ros_oid_dissector_handle("2.5.9.1", handle, 0, "id-as-directory-access", FALSE); + } + + /* remember the tpkt handler for change in preferences */ + tpkt_handle = find_dissector("tpkt"); + +} + + +void prefs_register_dap(void) { + + /* de-register the old port */ + /* port 102 is registered by TPKT - don't undo this! */ + if((tcp_port != 102) && tpkt_handle) + dissector_delete("tcp.port", tcp_port, tpkt_handle); + + /* Set our port number for future use */ + tcp_port = global_dap_tcp_port; + + if((tcp_port > 0) && (tcp_port != 102) && tpkt_handle) + dissector_add("tcp.port", global_dap_tcp_port, tpkt_handle); + +} diff --git a/asn1/dap/packet-dap-template.h b/asn1/dap/packet-dap-template.h new file mode 100755 index 0000000000..b2c34f63e5 --- /dev/null +++ b/asn1/dap/packet-dap-template.h @@ -0,0 +1,31 @@ +/* packet-dap.h + * Routines for X.511 (X.500 Directory Access Protocol) packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-dap-template.h 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef PACKET_DAP_H +#define PACKET_DAP_H + +#include "packet-dap-exp.h" + +#endif /* PACKET_DAP_H */ diff --git a/asn1/disp/Makefile b/asn1/disp/Makefile new file mode 100755 index 0000000000..81ce62641f --- /dev/null +++ b/asn1/disp/Makefile @@ -0,0 +1,17 @@ +# $Id: Makefile 13071 2005-01-16 10:19:21Z guy $ + +DISSECTOR_FILES=packet-disp.c packet-disp.h + +all: generate_dissector + +generate_dissector: $(DISSECTOR_FILES) + +$(DISSECTOR_FILES): ../../tools/asn2eth.py disp.asn packet-disp-template.c packet-disp-template.h disp.cnf + python ../../tools/asn2eth.py -X -b -e -p disp -c disp.cnf -s packet-disp-template disp.asn + +clean: + rm -f parsetab.py $(DISSECTOR_FILES) *~ + +copy_files: generate_dissector + cp $(DISSECTOR_FILES) ../../epan/dissectors + diff --git a/asn1/disp/disp.asn b/asn1/disp/disp.asn new file mode 100755 index 0000000000..fc6adb709b --- /dev/null +++ b/asn1/disp/disp.asn @@ -0,0 +1,404 @@ +-- Module DirectoryShadowAbstractService (X.525:02/2001) +DirectoryShadowAbstractService {joint-iso-itu-t ds(5) module(1) + directoryShadowAbstractService(15) 4} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the directory service. +IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 + directoryAbstractService, directoryOperationalBindingTypes, + informationFramework, disp, distributedOperations, + dsaOperationalAttributeTypes, enhancedSecurity, opBindingManagement + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + Attribute, AttributeType, CONTEXT, DistinguishedName, + RelativeDistinguishedName, SubtreeSpecification + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + OPERATIONAL-BINDING, OperationalBindingID + FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) + opBindingManagement(18) 4} + DSEType, SupplierAndConsumers + FROM DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1) + dsaOperationalAttributeTypes(22) 4} + OPTIONALLY-PROTECTED{}, OPTIONALLY-PROTECTED-SEQ{} + FROM EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28) + 4} + -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 + CommonResultsSeq, ContextSelection, directoryBind, directoryUnbind, DirectoryBindArgument, DirectoryBindError, + EntryModification, SecurityParameters + FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 4} + -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 + AccessPoint + FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) + distributedOperations(3) 4} + -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 + id-op-binding-shadow + FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1) + directoryOperationalBindingTypes(25) 4} + id-errcode-shadowError, id-opcode-coordinateShadowUpdate, + id-opcode-requestShadowUpdate, id-opcode-updateShadow, + reliableShadowSupplierInitiatedAC, reliableShadowConsumerInitiatedAC, + shadowConsumerInitiatedAC, shadowSupplierInitiatedAC + FROM DirectoryInformationShadowProtocol {joint-iso-itu-t ds(5) module(1) + disp(16) 4} + EXTERNAL + FROM ACSE-1 {joint-iso-itu-t association-control(2) modules(0) acse1(1) version1(1)} + AlgorithmIdentifier, CertificationPath, ENCRYPTED{}, SIGNATURE{}, SIGNED{} + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4} + -- from ITU-T Rec. X.880 | ISO/IEC 13712-1 + ERROR, OPERATION + FROM Remote-Operations-Information-Objects {joint-iso-itu-t + remote-operations(4) informationObjects(5) version1(0)}; + + +-- bind and unbind operations +dSAShadowBind OPERATION ::= directoryBind +DSAShadowBindArgument ::= DirectoryBindArgument +DSAShadowBindResult ::= DirectoryBindArgument +DSAShadowBindError ::= DirectoryBindError + +dSAShadowUnbind OPERATION ::= directoryUnbind + +-- shadow operational binding +--shadowOperationalBinding OPERATIONAL-BINDING ::= { +-- AGREEMENT ShadowingAgreementInfo +-- APPLICATION CONTEXTS +-- {{shadowSupplierInitiatedAC +-- APPLIES TO {All-operations-supplier-initiated}} | +-- {shadowConsumerInitiatedAC +-- APPLIES TO {All-operations-consumer-initiated}} | +-- {reliableShadowSupplierInitiatedAC +-- APPLIES TO {All-operations-supplier-initiated}} | +-- {reliableShadowConsumerInitiatedAC +-- APPLIES TO {All-operations-consumer-initiated}}} +-- ASYMMETRIC ROLE-A +-- { - - shadow supplier roleESTABLISHMENT-INITIATOR TRUE +-- ESTABLISHMENT-PARAMETER NULL +-- MODIFICATION-INITIATOR TRUE +-- TERMINATION-INITIATOR TRUE} +-- ROLE-B +-- { - - shadow consumer roleESTABLISHMENT-INITIATOR TRUE +-- ESTABLISHMENT-PARAMETER NULL +-- MODIFICATION-INITIATOR TRUE +-- MODIFICATION-PARAMETER ModificationParameter +-- TERMINATION-INITIATOR TRUE} +-- ID id-op-binding-shadow +--} + +-- types +ModificationParameter ::= SEQUENCE { + secondaryShadows SET OF SupplierAndConsumers +} + +AgreementID ::= OperationalBindingID + +ShadowingAgreementInfo ::= SEQUENCE { + shadowSubject UnitOfReplication, + updateMode UpdateMode -- DEFAULT supplierInitiated:onChange:TRUE--, + master AccessPoint OPTIONAL, + secondaryShadows [2] BOOLEAN DEFAULT FALSE +} + +UnitOfReplication ::= SEQUENCE { + area AreaSpecification, + attributes AttributeSelection, + knowledge Knowledge OPTIONAL, + subordinates BOOLEAN DEFAULT FALSE, + contextSelection ContextSelection OPTIONAL, + supplyContexts + [0] CHOICE {allContexts NULL, + selectedContexts SET --SIZE (1..MAX)-- OF --CONTEXT.&id-- OBJECT IDENTIFIER } OPTIONAL +} + +AreaSpecification ::= SEQUENCE { + contextPrefix DistinguishedName, + replicationArea SubtreeSpecification +} + +Knowledge ::= SEQUENCE { + knowledgeType ENUMERATED {master(0), shadow(1), both(2)}, + extendedKnowledge BOOLEAN DEFAULT FALSE +} + +AttributeSelection ::= SET OF ClassAttributeSelection + +ClassAttributeSelection ::= SEQUENCE { + class OBJECT IDENTIFIER OPTIONAL, + classAttributes ClassAttributes -- DEFAULT allAttributes:NULL +} + +ClassAttributes ::= CHOICE { + allAttributes NULL, + include [0] AttributeTypes, + exclude [1] AttributeTypes +} + +AttributeTypes ::= SET OF AttributeType + +UpdateMode ::= CHOICE { + supplierInitiated [0] SupplierUpdateMode, + consumerInitiated [1] ConsumerUpdateMode +} + +SupplierUpdateMode ::= CHOICE { + onChange BOOLEAN, + scheduled SchedulingParameters +} + +ConsumerUpdateMode ::= SchedulingParameters + +SchedulingParameters ::= SEQUENCE { + periodic PeriodicStrategy OPTIONAL, -- shall be present if othertimes is set to FALSE + othertimes BOOLEAN DEFAULT FALSE +} + +PeriodicStrategy ::= SEQUENCE { + beginTime Time OPTIONAL, + windowSize INTEGER, + updateInterval INTEGER +} + +Time ::= GeneralizedTime + +-- as per 34.2 b) and c) of CCITT Rec. X.208 and ISO/IEC 8824 +-- shadow operations, arguments, and results +--All-operations-consumer-initiated OPERATION ::= +-- {requestShadowUpdate | updateShadow} + +--All-operations-supplier-initiated OPERATION ::= +-- {coordinateShadowUpdate | updateShadow} + +--coordinateShadowUpdate OPERATION ::= { +-- ARGUMENT CoordinateShadowUpdateArgument +-- RESULT CoordinateShadowUpdateResult +-- ERRORS {shadowError} +-- CODE id-opcode-coordinateShadowUpdate +--} + +CoordinateShadowUpdateArgumentData ::= +-- OPTIONALLY-PROTECTED +-- {[0] -- SEQUENCE {agreementID AgreementID, + lastUpdate Time OPTIONAL, + updateStrategy + CHOICE {standard + ENUMERATED {noChanges(0), incremental(1), + total(2)}, + other EXTERNAL}, + securityParameters SecurityParameters OPTIONAL} --} + +-- expand OPTIONALLY-PROTECTED macro +CoordinateShadowUpdateArgument ::= CHOICE { + unsignedCoordinateShadowUpdateArgument [0] CoordinateShadowUpdateArgumentData, + signedCoordinateShadowUpdateArgument SEQUENCE { + coordinateShadowUpdateArgument [0] CoordinateShadowUpdateArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +CoordinateShadowUpdateResult ::= CHOICE { + null NULL, + information Information +-- OPTIONALLY-PROTECTED{ [0] SEQUENCE {agreementID AgreementID, +-- lastUpdate Time OPTIONAL, +-- COMPONENTS OF CommonResultsSeq +-- }} +} + +InformationData ::= SEQUENCE { + agreementID AgreementID, + lastUpdate Time OPTIONAL, +-- COMPONENTS OF CommonResultsSeq + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL + } + +-- expand OPTIONALLY-PROTECTED macro +Information ::= CHOICE { + unsignedInformation [0] InformationData, + signedInformation SEQUENCE { + information [0] InformationData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +--requestShadowUpdate OPERATION ::= { +-- ARGUMENT RequestShadowUpdateArgument +-- RESULT RequestShadowUpdateResult +-- ERRORS {shadowError} +-- CODE id-opcode-requestShadowUpdate +--} + +RequestShadowUpdateArgumentData ::= +-- OPTIONALLY-PROTECTED +-- { [0] -- SEQUENCE {agreementID AgreementID, + lastUpdate Time OPTIONAL, + requestedStrategy + CHOICE {standard ENUMERATED {incremental(1), total(2)}, + other EXTERNAL}, + securityParameters SecurityParameters OPTIONAL} --} + +-- expand OPTIONALLY-PROTECTED macro +RequestShadowUpdateArgument ::= CHOICE { + unsignedRequestShadowUpdateArgument [0] RequestShadowUpdateArgumentData, + signedRequestShadowUpdateArgument SEQUENCE { + requestShadowUpdateArgument [0] RequestShadowUpdateArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +RequestShadowUpdateResult ::= CHOICE { + null NULL, + information Information +-- OPTIONALLY-PROTECTED{[0] SEQUENCE {agreementID AgreementID, +-- lastUpdate Time OPTIONAL, +-- COMPONENTS OF CommonResultsSeq +-- }} +} + +--updateShadow OPERATION ::= { +-- ARGUMENT UpdateShadowArgument +-- RESULT UpdateShadowResult +-- ERRORS {shadowError} +-- CODE id-opcode-updateShadow +--} + +UpdateShadowArgumentData ::= +-- OPTIONALLY-PROTECTED +-- { [0] -- SEQUENCE {agreementID AgreementID, + updateTime Time, + updateWindow UpdateWindow OPTIONAL, + updatedInfo RefreshInformation, + securityParameters SecurityParameters OPTIONAL} --} + +-- expand OPTIONALLY-PROTECTED macro +UpdateShadowArgument ::= CHOICE { + unsignedUpdateShadowArgument [0] UpdateShadowArgumentData, + signedUpdateShadowArgument SEQUENCE { + updateShadowArgument [0] UpdateShadowArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +UpdateShadowResult ::= CHOICE { + null NULL, + information Information +-- OPTIONALLY-PROTECTED{ [0] SEQUENCE {agreementID AgreementID, +-- lastUpdate Time OPTIONAL, +-- COMPONENTS OF CommonResultsSeq +-- }} +} + +UpdateWindow ::= SEQUENCE {start Time, + stop Time +} + +RefreshInformation ::= CHOICE { + noRefresh NULL, + total [0] TotalRefresh, + incremental [1] IncrementalRefresh, + otherStrategy EXTERNAL +} + +TotalRefresh ::= SEQUENCE { + sDSE SDSEContent OPTIONAL, + subtree SET --SIZE (1..MAX)-- OF Subtree OPTIONAL +} + +SDSEContent ::= SEQUENCE { + sDSEType SDSEType, + subComplete [0] BOOLEAN DEFAULT FALSE, + attComplete [1] BOOLEAN OPTIONAL, + attributes SET OF Attribute, + attValIncomplete SET OF AttributeType DEFAULT {} +} + +SDSEType ::= DSEType + +Subtree ::= SEQUENCE { + rdn RelativeDistinguishedName, +-- COMPONENTS OF TotalRefresh + sDSE SDSEContent OPTIONAL, + subtree SET --SIZE (1..MAX)-- OF Subtree OPTIONAL +} + +IncrementalRefresh ::= SEQUENCE OF IncrementalStepRefresh + +IncrementalStepRefresh ::= SEQUENCE { + sDSEChanges + CHOICE {add [0] SDSEContent, + remove NULL, + modify [1] ContentChange} OPTIONAL, + subordinateUpdates SEQUENCE --SIZE (1..MAX)-- OF SubordinateChanges OPTIONAL +} + +ContentChange ::= SEQUENCE { + rename + CHOICE {newRDN RelativeDistinguishedName, + newDN DistinguishedName} OPTIONAL, + attributeChanges + CHOICE {replace [0] SET --SIZE (1..MAX)-- OF Attribute, + changes [1] SEQUENCE --SIZE (1..MAX)-- OF EntryModification + } OPTIONAL, + sDSEType SDSEType, + subComplete [2] BOOLEAN DEFAULT FALSE, + attComplete [3] BOOLEAN OPTIONAL, + attValIncomplete SET OF AttributeType DEFAULT {} +} + +SubordinateChanges ::= SEQUENCE { + subordinate RelativeDistinguishedName, + changes IncrementalStepRefresh +} + +-- errors and parameters +ShadowErrorData ::= -- ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED-SEQ +-- { --SEQUENCE {problem ShadowProblem, + lastUpdate Time OPTIONAL, + updateWindow UpdateWindow OPTIONAL, +-- COMPONENTS OF CommonResultsSeq}} + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +-- CODE id-errcode-shadowError +} + +-- OPTIONALLY-PROTECTED-SEQ macro expansion +ShadowError ::= CHOICE { + unsignedShadowError ShadowErrorData, + signedShadowError [0] SEQUENCE { + shadowError ShadowErrorData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +ShadowProblem ::= INTEGER { + invalidAgreementID(1), inactiveAgreement(2), invalidInformationReceived(3), + unsupportedStrategy(4), missedPrevious(5), fullUpdateRequired(6), + unwillingToPerform(7), unsuitableTiming(8), updateAlreadyReceived(9), + invalidSequencing(10), insufficientResources(11)} + +END -- DirectoryShadowAbstractService + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/asn1/disp/disp.cnf b/asn1/disp/disp.cnf new file mode 100755 index 0000000000..a6436bc1bd --- /dev/null +++ b/asn1/disp/disp.cnf @@ -0,0 +1,113 @@ +#.TYPE_ATTR +Time TYPE = FT_STRING DISPLAY = BASE_NONE STRING = NULL BITMASK = 0 + +#.MODULE_IMPORT +InformationFramework x509if +AuthenticationFramework x509af +ACSE-1 acse +DirectoryAbstractService dap +DistributedOperations dsp +DSAOperationalAttributeTypes x501 +OperationalBindingManagement dap + +#.INCLUDE ../x501/x501-exp.cnf +#.INCLUDE ../x509if/x509if-exp.cnf +#.INCLUDE ../x509af/x509af-exp.cnf +#.INCLUDE ../dap/dap-exp.cnf +#.INCLUDE ../dsp/dsp-exp.cnf +#.INCLUDE ../acse/acse-exp.cnf + +#.TYPE_RENAME +CoordinateShadowUpdateArgumentData/updateStrategy/standard StandardUpdate + +#.FIELD_RENAME +UnitOfReplication/attributes replication-attributes +SubordinateChanges/changes subordinate-changes +ModificationParameter/secondaryShadows modifiedSecondaryShadows +CoordinateShadowUpdateArgumentData/updateStrategy/standard standardUpdate +Information/signedInformation/information information-data + +#.FN_PARS T_standard + VAL_PTR = &update + +#.FN_BODY T_standard + guint32 update; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(update, disp_T_standard_vals, "standard(%%d")); + } + +#.FN_PARS RefreshInformation + VAL_PTR = &update + +#.FN_BODY RefreshInformation + guint32 update; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(update, disp_RefreshInformation_vals, "unknown(%%d)")); + } + +#.FN_PARS StandardUpdate + VAL_PTR = &update + +#.FN_BODY StandardUpdate + guint32 update; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(update, disp_StandardUpdate_vals, "unknown(%%d)")); + } + +#.FN_PARS CoordinateShadowUpdateResult + VAL_PTR = &update + +#.FN_BODY CoordinateShadowUpdateResult + guint32 update; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(update, disp_CoordinateShadowUpdateResult_vals, "unknown(%%d)")); + } + +#.FN_PARS RequestShadowUpdateResult + VAL_PTR = &update + +#.FN_BODY RequestShadowUpdateResult + guint32 update; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(update, disp_RequestShadowUpdateResult_vals, "unknown(%%d)")); + } + +#.FN_PARS UpdateShadowResult + VAL_PTR = &update + +#.FN_BODY UpdateShadowResult + guint32 update; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(update, disp_UpdateShadowResult_vals, "unknown(%%d)")); + } + +#.FN_PARS ShadowProblem + VAL_PTR = &problem + +#.FN_BODY ShadowProblem + guint32 problem; + + %(DEFAULT_BODY)s + + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_fstr(pinfo->cinfo, COL_INFO, " %%s", val_to_str(problem, disp_ShadowProblem_vals, "ShadowProblem(%%d)")); + } + diff --git a/asn1/disp/packet-disp-template.c b/asn1/disp/packet-disp-template.c new file mode 100755 index 0000000000..1f64729c46 --- /dev/null +++ b/asn1/disp/packet-disp-template.c @@ -0,0 +1,275 @@ +/* packet-disp.c + * Routines for X.525 (X.500 Directory Shadow Asbtract Service) and X.519 DISP packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-disp-template.c 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include +#include + +#include +#include + +#include "packet-ber.h" +#include "packet-acse.h" +#include "packet-ros.h" +#include "packet-rtse.h" + +#include "packet-x509if.h" +#include "packet-x509af.h" +#include "packet-x509sat.h" +#include "packet-crmf.h" + +#include "packet-x501.h" +#include "packet-dap.h" +#include "packet-dsp.h" +#include "packet-disp.h" +#include "packet-acse.h" + + +/* we don't have a separate dissector for X519 - + and most of DISP is defined in X525 */ +#define PNAME "X.519 Directory Information Shadowing Protocol" +#define PSNAME "DISP" +#define PFNAME "disp" + +static guint global_disp_tcp_port = 102; +static guint tcp_port = 0; +static dissector_handle_t tpkt_handle = NULL; +void prefs_register_disp(void); /* forwad declaration for use in preferences registration */ + + +/* Initialize the protocol and registered fields */ +int proto_disp = -1; + +static struct SESSION_DATA_STRUCTURE* session = NULL; + +#include "packet-disp-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_disp = -1; +#include "packet-disp-ett.c" + +#include "packet-disp-fn.c" + +/* +* Dissect DISP PDUs inside a ROS PDUs +*/ +static void +dissect_disp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + int offset = 0; + int old_offset; + proto_item *item=NULL; + proto_tree *tree=NULL; + int (*disp_dissector)(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) = NULL; + char *disp_op_name; + + /* do we have operation information from the ROS dissector? */ + if( !pinfo->private_data ){ + if(parent_tree){ + proto_tree_add_text(parent_tree, tvb, offset, -1, + "Internal error: can't get operation information from ROS dissector."); + } + return ; + } else { + session = ( (struct SESSION_DATA_STRUCTURE*)(pinfo->private_data) ); + } + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, proto_disp, tvb, 0, -1, FALSE); + tree = proto_item_add_subtree(item, ett_disp); + } + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DISP"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + switch(session->ros_op & ROS_OP_MASK) { + case (ROS_OP_BIND | ROS_OP_ARGUMENT): /* BindInvoke */ + disp_dissector = dissect_disp_DSAShadowBindArgument; + disp_op_name = "Shadow-Bind-Argument"; + break; + case (ROS_OP_BIND | ROS_OP_RESULT): /* BindResult */ + disp_dissector = dissect_disp_DSAShadowBindResult; + disp_op_name = "Shadow-Bind-Result"; + break; + case (ROS_OP_BIND | ROS_OP_ERROR): /* BindError */ + disp_dissector = dissect_disp_DSAShadowBindError; + disp_op_name = "Shadow-Bind-Error"; + break; + case (ROS_OP_INVOKE | ROS_OP_ARGUMENT): /* Invoke Argument */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* requestShadowUpdate */ + disp_dissector = dissect_disp_RequestShadowUpdateArgument; + disp_op_name = "Request-Shadow-Update-Argument"; + break; + case 2: /* updateShadow*/ + disp_dissector = dissect_disp_UpdateShadowArgument; + disp_op_name = "Update-Shadow-Argument"; + break; + case 3: /* coordinateShadowUpdate */ + disp_dissector = dissect_disp_CoordinateShadowUpdateArgument; + disp_op_name = "Coordinate-Shadow-Update-Argument"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DISP opcode (%d)", + session->ros_op & ROS_OP_OPCODE_MASK); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_RESULT): /* Return Result */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* requestShadowUpdate */ + disp_dissector = dissect_disp_RequestShadowUpdateResult; + disp_op_name = "Request-Shadow-Result"; + break; + case 2: /* updateShadow */ + disp_dissector = dissect_disp_UpdateShadowResult; + disp_op_name = "Update-Shadow-Result"; + break; + case 3: /* coordinateShadowUpdate */ + disp_dissector = dissect_disp_CoordinateShadowUpdateResult; + disp_op_name = "Coordinate-Shadow-Update-Result"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DISP opcode"); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_ERROR): /* Return Error */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* shadowError */ + disp_dissector = dissect_disp_ShadowError; + disp_op_name = "Shadow-Error"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DISP errcode"); + break; + } + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DISP PDU"); + return; + } + + if(disp_dissector) { + if (check_col(pinfo->cinfo, COL_INFO)) + col_add_str(pinfo->cinfo, COL_INFO, disp_op_name); + + while (tvb_reported_length_remaining(tvb, offset) > 0){ + old_offset=offset; + offset=(*disp_dissector)(FALSE, tvb, offset, pinfo , tree, -1); + if(offset == old_offset){ + proto_tree_add_text(tree, tvb, offset, -1,"Internal error, zero-byte DISP PDU"); + offset = tvb_length(tvb); + break; + } + } + } +} + + +/*--- proto_register_disp -------------------------------------------*/ +void proto_register_disp(void) { + + /* List of fields */ + static hf_register_info hf[] = + { +#include "packet-disp-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_disp, +#include "packet-disp-ettarr.c" + }; + module_t *disp_module; + + /* Register protocol */ + proto_disp = proto_register_protocol(PNAME, PSNAME, PFNAME); + register_dissector("disp", dissect_disp, proto_disp); + + /* Register fields and subtrees */ + proto_register_field_array(proto_disp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* Register our configuration options for DISP, particularly our port */ + + disp_module = prefs_register_protocol(proto_disp, prefs_register_disp); + + prefs_register_uint_preference(disp_module, "tcp.port", "DISP TCP Port", + "Set the port for DISP operations (if other" + " than the default of 102)", + 10, &global_disp_tcp_port); + +} + + +/*--- proto_reg_handoff_disp --- */ +void proto_reg_handoff_disp(void) { + dissector_handle_t handle = NULL; + + /* #include "packet-disp-dis-tab.c" */ + + /* APPLICATION CONTEXT */ + + register_ber_oid_name("2.5.3.4", "id-ac-shadow-consumer-initiated"); + register_ber_oid_name("2.5.3.5", "id-ac-shadow-supplier-initiated"); + register_ber_oid_name("2.5.3.6", "id-ac-reliable-shadow-consumer-initiated"); + register_ber_oid_name("2.5.3.7", "id-ac-reliable-shadow-supplier-initiated"); + + /* ABSTRACT SYNTAXES */ + + if((handle = find_dissector("disp"))) { + + register_ros_oid_dissector_handle("2.5.9.3", handle, 0, "id-as-directory-shadow", FALSE); + + register_rtse_oid_dissector_handle("2.5.9.5", handle, 0, "id-as-directory-reliable-shadow", FALSE); + register_rtse_oid_dissector_handle("2.5.9.6", handle, 0, "id-as-directory-reliable-binding", FALSE); + } + + tpkt_handle = find_dissector("tpkt"); + +} + + +void prefs_register_disp(void) { + + /* de-register the old port */ + /* port 102 is registered by TPKT - don't undo this! */ + if((tcp_port != 102) && tpkt_handle) + dissector_delete("tcp.port", tcp_port, tpkt_handle); + + /* Set our port number for future use */ + tcp_port = global_disp_tcp_port; + + if((tcp_port > 0) && (tcp_port != 102) && tpkt_handle) + dissector_add("tcp.port", global_disp_tcp_port, tpkt_handle); + +} diff --git a/asn1/disp/packet-disp-template.h b/asn1/disp/packet-disp-template.h new file mode 100755 index 0000000000..a12c17de33 --- /dev/null +++ b/asn1/disp/packet-disp-template.h @@ -0,0 +1,30 @@ +/* packet-disp.h + * Routines for X.525 (X.400 Message Transfer) packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-disp-template.h 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef PACKET_DISP_H +#define PACKET_DISP_H + + +#endif /* PACKET_DISP_H */ diff --git a/asn1/dsp/Makefile b/asn1/dsp/Makefile new file mode 100755 index 0000000000..339a64b1cd --- /dev/null +++ b/asn1/dsp/Makefile @@ -0,0 +1,17 @@ +# $Id: Makefile 13071 2005-01-16 10:19:21Z guy $ + +DISSECTOR_FILES=packet-dsp.c packet-dsp.h + +all: generate_dissector + +generate_dissector: $(DISSECTOR_FILES) + +$(DISSECTOR_FILES): ../../tools/asn2eth.py dsp.asn packet-dsp-template.c packet-dsp-template.h dsp.cnf ../x411/x411-exp.cnf + python ../../tools/asn2eth.py -X -b -e -p dsp -c dsp.cnf -s packet-dsp-template dsp.asn + +clean: + rm -f parsetab.py $(DISSECTOR_FILES) *~ + +copy_files: generate_dissector + cp $(DISSECTOR_FILES) ../../epan/dissectors + diff --git a/asn1/dsp/dsp-exp.cnf b/asn1/dsp/dsp-exp.cnf new file mode 100755 index 0000000000..a6ddea438a --- /dev/null +++ b/asn1/dsp/dsp-exp.cnf @@ -0,0 +1,14 @@ +#.IMPORT_TAG +OperationProgress BER_CLASS_UNI BER_UNI_TAG_SET +ReferenceType BER_CLASS_UNI BER_UNI_TAG_ENUMERATED +AccessPoint BER_CLASS_UNI BER_UNI_TAG_SET +ContinuationReference BER_CLASS_UNI BER_UNI_TAG_SET +#.END + +#.TYPE_ATTR +OperationProgress TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +ReferenceType TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(dsp_ReferenceType_vals) BITMASK = 0 +AccessPoint TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +ContinuationReference TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +#.END + diff --git a/asn1/dsp/dsp.asn b/asn1/dsp/dsp.asn new file mode 100755 index 0000000000..3f72c1514c --- /dev/null +++ b/asn1/dsp/dsp.asn @@ -0,0 +1,480 @@ +-- Module DistributedOperations (X.518:02/2001) +DistributedOperations {joint-iso-itu-t ds(5) module(1) distributedOperations(3) + 4} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 + basicAccessControl, dap, directoryAbstractService, enhancedSecurity, + informationFramework, selectedAttributeTypes, serviceAdministration + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + DistinguishedName, Name, RDNSequence, Attribute + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + MRMapping, SearchRuleId + FROM ServiceAdministration {joint-iso-itu-t ds(5) module(1) + serviceAdministration(33) 4} +-- AuthenticationLevel +-- FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) +-- basicAccessControl(24) 4} + OPTIONALLY-PROTECTED{} + FROM EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28) + 4} + -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 + abandon, addEntry, CommonResults, compare, directoryBind, directoryUnbind, + list, modifyDN, modifyEntry, read, referral, removeEntry, search, + SecurityParameters, + AbandonArgument, AbandonResult, AddEntryArgument, AddEntryResult, + CompareArgument, CompareResult, ListArgument, ListResult, + ModifyDNArgument, ModifyDNResult, ModifyEntryArgument, ModifyEntryResult, + ReadArgument, ReadResult, RemoveEntryArgument, RemoveEntryResult, + SearchArgument, SearchResult, + DirectoryBindArgument, DirectoryBindResult, DirectoryBindError + FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 4} + -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 + id-errcode-dsaReferral + FROM DirectoryAccessProtocol {joint-iso-itu-t ds(5) module(1) dap(11) 4} + -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 + PresentationAddress, ProtocolInformation, UniqueIdentifier + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + -- from ITU-T Rec. X.880 | ISO/IEC 13712-1 + ERROR, OPERATION + FROM Remote-Operations-Information-Objects {joint-iso-itu-t + remote-operations(4) informationObjects(5) version1(0)}--; + EXTERNAL + FROM ACSE-1 {joint-iso-itu-t association-control(2) modules(0) acse1(1) version1(1)} + AlgorithmIdentifier + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4}; + + + +-- parameterized type for deriving chained operations +--chained{OPERATION:operation} OPERATION ::= { +-- ARGUMENT OPTIONALLY-PROTECTED +-- {SET {chainedArgument ChainingArguments, +-- argument [0] operation.&ArgumentType}} +-- RESULT OPTIONALLY-PROTECTED +-- {SET {chainedResult ChainingResults, +-- result [0] operation.&ResultType}} +-- ERRORS +-- {operation.&Errors EXCEPT referral | dsaReferral} +-- CODE operation.&operationCode +--} + +-- bind and unbind operations +--dSABind OPERATION ::= directoryBind +DSASystemBindArgument ::= DirectoryBindArgument +DSASystemBindResult ::= DirectoryBindArgument +DSASystemBindError ::= DirectoryBindError + + +--dSAUnbind OPERATION ::= directoryUnbind + +-- chained operations +--chainedRead OPERATION ::= chained{read} + +-- expand chained{} macro +ChainedReadArgumentData ::= SET { + chainedArgument ChainingArguments, + readArgument [0] ReadArgument +} + +ChainedReadArgument ::= CHOICE { + unsignedChainedReadArgument ChainedReadArgumentData, + signedChainedReadArgument SEQUENCE { + chainedReadArgument ChainedReadArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedReadResultData ::= SET { + chainedResults ChainingResults, + readResult [0] ReadResult +} + +ChainedReadResult ::= CHOICE { + unsignedChainedReadResult ChainedReadResultData, + signedChainedReadResult SEQUENCE { + chainedReadResult ChainedReadResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +--chainedCompare OPERATION ::= chained{compare} + +-- expand chained{} macro +ChainedCompareArgumentData ::= SET { + chainedArgument ChainingArguments, + compareArgument [0] CompareArgument +} + +ChainedCompareArgument ::= CHOICE { + unsignedChainedCompareArgument ChainedCompareArgumentData, + signedChainedCompareArgument SEQUENCE { + chainedCompareArgument ChainedCompareArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedCompareResultData ::= SET { + chainedResults ChainingResults, + compareResult [0] CompareResult +} + +ChainedCompareResult ::= CHOICE { + unsignedChainedCompareResult ChainedCompareResultData, + signedChainedCompareResult SEQUENCE { + chainedCompareResult ChainedCompareResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +--chainedAbandon OPERATION ::= abandon + +ChainedAbandonArgument ::= AbandonArgument +ChainedAbandonResult ::= AbandonResult + +--chainedList OPERATION ::= chained{list} + +-- expand chained{} macro +ChainedListArgumentData ::= SET { + chainedArgument ChainingArguments, + listArgument [0] ListArgument +} + +ChainedListArgument ::= CHOICE { + unsignedChainedListArgument ChainedListArgumentData, + signedChainedListArgument SEQUENCE { + chainedListArgument ChainedListArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedListResultData ::= SET { + chainedResults ChainingResults, + listResult [0] ListResult +} + +ChainedListResult ::= CHOICE { + unsignedChainedListResult ChainedListResultData, + signedChainedListResult SEQUENCE { + chainedListResult ChainedListResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +--chainedSearch OPERATION ::= chained{search} + +-- expand chained{} macro +ChainedSearchArgumentData ::= SET { + chainedArgument ChainingArguments, + searchArgument [0] SearchArgument +} + +ChainedSearchArgument ::= CHOICE { + unsignedChainedSearchArgument ChainedSearchArgumentData, + signedChainedSearchArgument SEQUENCE { + chainedSearchArgument ChainedSearchArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedSearchResultData ::= SET { + chainedResults ChainingResults, + searchResult [0] SearchResult +} + +ChainedSearchResult ::= CHOICE { + unsignedChainedSearchResult ChainedSearchResultData, + signedChainedSearchResult SEQUENCE { + chainedSearchResult ChainedSearchResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +--chainedAddEntry OPERATION ::= chained{addEntry} + +-- expand chained{} macro +ChainedAddEntryArgumentData ::= SET { + chainedArgument ChainingArguments, + addEntryArgument [0] AddEntryArgument +} + +ChainedAddEntryArgument ::= CHOICE { + unsignedChainedAddEntryArgument ChainedAddEntryArgumentData, + signedChainedAddEntryArgument SEQUENCE { + chainedAddEntryArgument ChainedAddEntryArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedAddEntryResultData ::= SET { + chainedResults ChainingResults, + addEntryResult [0] AddEntryResult +} + +ChainedAddEntryResult ::= CHOICE { + unsignedChainedAddEntryResult ChainedAddEntryResultData, + signedChainedAddEntryResult SEQUENCE { + chainedAddEntryResult ChainedAddEntryResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +--chainedRemoveEntry OPERATION ::= chained{removeEntry} + +-- expand chained{} macro + +ChainedRemoveEntryArgumentData ::= SET { + chainedArgument ChainingArguments, + removeEntryArgument [0] RemoveEntryArgument +} + +ChainedRemoveEntryArgument ::= CHOICE { + unsignedChainedRemoveEntryArgument ChainedRemoveEntryArgumentData, + signedChainedRemoveEntryArgument SEQUENCE { + chainedRemoveEntryArgument ChainedRemoveEntryArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedRemoveEntryResultData ::= SET { + chainedResults ChainingResults, + removeEntryResult [0] RemoveEntryResult +} + +ChainedRemoveEntryResult ::= CHOICE { + unsignedChainedRemoveEntryResult ChainedRemoveEntryResultData, + signedChainedRemoveEntryResult SEQUENCE { + chainedRemoveEntryResult ChainedRemoveEntryResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +--chainedModifyEntry OPERATION ::= chained{modifyEntry} + +-- expand chained{} macro + +ChainedModifyEntryArgumentData ::= SET { + chainedArgument ChainingArguments, + modifyEntryArgument [0] ModifyEntryArgument +} + +ChainedModifyEntryArgument ::= CHOICE { + unsignedChainedModifyEntryArgument ChainedModifyEntryArgumentData, + signedChainedModifyEntryArgument SEQUENCE { + chainedModifyEntryArgument ChainedModifyEntryArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedModifyEntryResultData ::= SET { + chainedResults ChainingResults, + modifyEntryResult [0] ModifyEntryResult +} + +ChainedModifyEntryResult ::= CHOICE { + unsignedChainedModifyEntryResult ChainedModifyEntryResultData, + signedChainedModifyEntryResult SEQUENCE { + chainedModifyEntryResult ChainedModifyEntryResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +--chainedModifyDN OPERATION ::= chained{modifyDN} + +-- expand chained{} macro + +ChainedModifyDNArgumentData ::= SET { + chainedArgument ChainingArguments, + modifyDNArgument [0] ModifyDNArgument +} + +ChainedModifyDNArgument ::= CHOICE { + unsignedChainedModifyDNArgument ChainedModifyDNArgumentData, + signedChainedModifyDNArgument SEQUENCE { + chainedModifyDNArgument ChainedModifyDNArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ChainedModifyDNResultData ::= SET { + chainedResults ChainingResults, + modifyDNResult [0] ModifyDNResult +} + +ChainedModifyDNResult ::= CHOICE { + unsignedChainedModifyDNResult ChainedModifyDNResultData, + signedChainedModifyDNResult SEQUENCE { + chainedModifyDNResult ChainedModifyDNResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +-- errors and parameters +DSAReferralData -- ERROR-- ::= -- { +-- PARAMETER OPTIONALLY-PROTECTED +-- {--SET {reference [0] ContinuationReference, + contextPrefix [1] DistinguishedName OPTIONAL, +-- COMPONENTS OF CommonResults}} + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE --SIZE (1..MAX)-- OF Attribute OPTIONAL +-- CODE id-errcode-dsaReferral +} + +-- expand OPTIONALLY-PROTECTED macro +DSAReferral ::= CHOICE { + unsignedDSAReferral DSAReferralData, + signedDSAReferral SEQUENCE { + dsaReferral DSAReferralData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + + +-- common arguments and results +ChainingArguments ::= SET { + originator [0] DistinguishedName OPTIONAL, + targetObject [1] DistinguishedName OPTIONAL, + operationProgress + [2] OperationProgress DEFAULT {nameResolutionPhase notStarted}, + traceInformation [3] TraceInformation, + aliasDereferenced [4] BOOLEAN DEFAULT FALSE, + aliasedRDNs [5] INTEGER OPTIONAL, + -- only present in 1988 systems + returnCrossRefs [6] BOOLEAN DEFAULT FALSE, + referenceType [7] ReferenceType DEFAULT superior, + info [8] DomainInfo OPTIONAL, + timeLimit [9] Time OPTIONAL, + securityParameters [10] SecurityParameters DEFAULT {}, + entryOnly [11] BOOLEAN DEFAULT FALSE, + uniqueIdentifier [12] UniqueIdentifier OPTIONAL, + authenticationLevel [13] AuthenticationLevel OPTIONAL, + exclusions [14] Exclusions OPTIONAL, + excludeShadows [15] BOOLEAN DEFAULT FALSE, + nameResolveOnMaster [16] BOOLEAN DEFAULT FALSE, + operationIdentifier [17] INTEGER OPTIONAL, + searchRuleId [18] SearchRuleId OPTIONAL, + chainedRelaxation [19] MRMapping OPTIONAL, + relatedEntry [20] INTEGER OPTIONAL +} + +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} + +DomainInfo ::= --ABSTRACT-SYNTAX.&Type-- OBJECT IDENTIFIER + +ChainingResults ::= SET { + info [0] DomainInfo OPTIONAL, + crossReferences [1] SEQUENCE --SIZE (1..MAX)-- OF CrossReference OPTIONAL, + securityParameters [2] SecurityParameters DEFAULT {}, + alreadySearched [3] Exclusions OPTIONAL +} + +CrossReference ::= SET { + contextPrefix [0] DistinguishedName, + accessPoint [1] AccessPointInformation +} + +OperationProgress ::= SET { + nameResolutionPhase + [0] ENUMERATED {notStarted(1), proceeding(2), completed(3)}, + nextRDNToBeResolved [1] INTEGER OPTIONAL +} + +TraceInformation ::= SEQUENCE OF TraceItem + +TraceItem ::= SET { + dsa [0] Name, + targetObject [1] Name OPTIONAL, + operationProgress [2] OperationProgress +} + +ReferenceType ::= ENUMERATED { + superior(1), subordinate(2), cross(3), nonSpecificSubordinate(4), + supplier(5), master(6), immediateSuperior(7), self(8)} + +AccessPoint ::= SET { + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL +} + +MasterOrShadowAccessPoint ::= SET { +-- COMPONENTS OF AccessPoint, + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + category [3] ENUMERATED {master(0), shadow(1)} DEFAULT master, + chainingRequired [5] BOOLEAN DEFAULT FALSE +} + +MasterAndShadowAccessPoints ::= SET --SIZE (1..MAX)-- OF MasterOrShadowAccessPoint + +AccessPointInformation ::= SET { +-- COMPONENTS OF MasterOrShadowAccessPoint, + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + category [3] ENUMERATED {master(0), shadow(1)} DEFAULT master, + chainingRequired [5] BOOLEAN DEFAULT FALSE, + additionalPoints [4] MasterAndShadowAccessPoints OPTIONAL +} + +Exclusions ::= SET --SIZE (1..MAX)-- OF RDNSequence + +ContinuationReference ::= SET { + targetObject [0] Name, + aliasedRDNs [1] INTEGER OPTIONAL, -- only present in 1988 systems + operationProgress [2] OperationProgress, + rdnsResolved [3] INTEGER OPTIONAL, + referenceType [4] ReferenceType, + accessPoints [5] SET OF AccessPointInformation, + entryOnly [6] BOOLEAN DEFAULT FALSE, + exclusions [7] Exclusions OPTIONAL, + returnToDUA [8] BOOLEAN DEFAULT FALSE, + nameResolveOnMaster [9] BOOLEAN DEFAULT FALSE +} + +AuthenticationLevel ::= CHOICE { + basicLevels SEQUENCE { + level ENUMERATED { none(0), simple(1), strong (2) }, + localQualifier INTEGER OPTIONAL, + signed BOOLEAN DEFAULT FALSE + }, + other EXTERNAL +} + +END -- DistributedOperations + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/asn1/dsp/dsp.cnf b/asn1/dsp/dsp.cnf new file mode 100755 index 0000000000..085b07ba59 --- /dev/null +++ b/asn1/dsp/dsp.cnf @@ -0,0 +1,40 @@ +#.MODULE_IMPORT +DirectoryAbstractService dap +DirectoryAccessProtocol dap +ACSE-1 acse +InformationFramework x509if +ServiceAdministration x509if +AuthenticationFramework x509af + +SelectedAttributeTypes x509sat + +#.INCLUDE ../dap/dap-exp.cnf +#.INCLUDE ../x509if/x509if-exp.cnf +#.INCLUDE ../x509af/x509af-exp.cnf +#.INCLUDE ../x509sat/x509sat-exp.cnf +#.INCLUDE ../acse/acse-exp.cnf + +#.EXPORTS +OperationProgress +ReferenceType +ContinuationReference +AccessPoint + +#.TYPE_RENAME + +MasterOrShadowAccessPoint/category APCategory + +#.FIELD_RENAME +MasterOrShadowAccessPoint/category access-point-category + +ChainingArguments/targetObject targetObjectDN + +#.PDU +AccessPoint +MasterAndShadowAccessPoints + +#.REGISTER +AccessPoint B "2.5.12.1" "id-doa-myAccessPoint" +AccessPoint B "2.5.12.2" "id-doa-superiorKnowledge" +MasterAndShadowAccessPoints B "2.5.12.3" "id-doa-specificKnowledge" +MasterAndShadowAccessPoints B "2.5.12.4" "id-doa-nonSpecificKnowledge" diff --git a/asn1/dsp/packet-dsp-template.c b/asn1/dsp/packet-dsp-template.c new file mode 100755 index 0000000000..de1d933140 --- /dev/null +++ b/asn1/dsp/packet-dsp-template.c @@ -0,0 +1,345 @@ +/* packet-dsp.c + * Routines for X.518 (X.500 Distributed Operations) packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-dsp-template.c 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include +#include + +#include +#include + +#include "packet-ber.h" +#include "packet-acse.h" +#include "packet-ros.h" + +#include "packet-x509if.h" +#include "packet-x509af.h" +#include "packet-x509sat.h" + +#include "packet-dap.h" +#include "packet-dsp.h" + + +#define PNAME "X.519 Directory System Protocol" +#define PSNAME "DSP" +#define PFNAME "dsp" + +static guint global_dsp_tcp_port = 102; +static guint tcp_port = 0; +static dissector_handle_t tpkt_handle = NULL; +void prefs_register_dsp(void); /* forwad declaration for use in preferences registration */ + + +/* Initialize the protocol and registered fields */ +int proto_dsp = -1; + +static struct SESSION_DATA_STRUCTURE* session = NULL; + +#include "packet-dsp-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_dsp = -1; +#include "packet-dsp-ett.c" + +#include "packet-dsp-fn.c" + +/* +* Dissect X518 PDUs inside a ROS PDUs +*/ +static void +dissect_dsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) +{ + int offset = 0; + int old_offset; + proto_item *item=NULL; + proto_tree *tree=NULL; + int (*dsp_dissector)(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) = NULL; + char *dsp_op_name; + + /* do we have operation information from the ROS dissector? */ + if( !pinfo->private_data ){ + if(parent_tree){ + proto_tree_add_text(parent_tree, tvb, offset, -1, + "Internal error: can't get operation information from ROS dissector."); + } + return ; + } else { + session = ( (struct SESSION_DATA_STRUCTURE*)(pinfo->private_data) ); + } + + if(parent_tree){ + item = proto_tree_add_item(parent_tree, proto_dsp, tvb, 0, -1, FALSE); + tree = proto_item_add_subtree(item, ett_dsp); + } + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DAP"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_clear(pinfo->cinfo, COL_INFO); + + switch(session->ros_op & ROS_OP_MASK) { + case (ROS_OP_BIND | ROS_OP_ARGUMENT): /* BindInvoke */ + dsp_dissector = dissect_dsp_DSASystemBindArgument; + dsp_op_name = "System-Bind-Argument"; + break; + case (ROS_OP_BIND | ROS_OP_RESULT): /* BindResult */ + dsp_dissector = dissect_dsp_DSASystemBindResult; + dsp_op_name = "System-Bind-Result"; + break; + case (ROS_OP_BIND | ROS_OP_ERROR): /* BindError */ + dsp_dissector = dissect_dsp_DSASystemBindError; + dsp_op_name = "System-Bind-Error"; + break; + case (ROS_OP_INVOKE | ROS_OP_ARGUMENT): /* Invoke Argument */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* read */ + dsp_dissector = dissect_dsp_ChainedReadArgument; + dsp_op_name = "Chained-Read-Argument"; + break; + case 2: /* compare */ + dsp_dissector = dissect_dsp_ChainedCompareArgument; + dsp_op_name = "Chained-Compare-Argument"; + break; + case 3: /* abandon */ + dsp_dissector = dissect_dsp_ChainedAbandonArgument; + dsp_op_name = "Chained-Abandon-Argument"; + break; + case 4: /* list */ + dsp_dissector = dissect_dsp_ChainedListArgument; + dsp_op_name = "Chained-List-Argument"; + break; + case 5: /* search */ + dsp_dissector = dissect_dsp_ChainedSearchArgument; + dsp_op_name = "Chained-Search-Argument"; + break; + case 6: /* addEntry */ + dsp_dissector = dissect_dsp_ChainedAddEntryArgument; + dsp_op_name = "Chained-Add-Entry-Argument"; + break; + case 7: /* removeEntry */ + dsp_dissector = dissect_dsp_ChainedRemoveEntryArgument; + dsp_op_name = "Chained-Remove-Entry-Argument"; + break; + case 8: /* modifyEntry */ + dsp_dissector = dissect_dsp_ChainedModifyEntryArgument; + dsp_op_name = "ChainedModify-Entry-Argument"; + break; + case 9: /* modifyDN */ + dsp_dissector = dissect_dsp_ChainedModifyDNArgument; + dsp_op_name = "ChainedModify-DN-Argument"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DSP opcode (%d)", + session->ros_op & ROS_OP_OPCODE_MASK); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_RESULT): /* Return Result */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* read */ + dsp_dissector = dissect_dsp_ChainedReadResult; + dsp_op_name = "Chained-Read-Result"; + break; + case 2: /* compare */ + dsp_dissector = dissect_dsp_ChainedCompareResult; + dsp_op_name = "Chained-Compare-Result"; + break; + case 3: /* abandon */ + dsp_dissector = dissect_dsp_ChainedAbandonResult; + dsp_op_name = "Chained-Abandon-Result"; + break; + case 4: /* list */ + dsp_dissector = dissect_dsp_ChainedListResult; + dsp_op_name = "Chained-List-Result"; + break; + case 5: /* search */ + dsp_dissector = dissect_dsp_ChainedSearchResult; + dsp_op_name = "Chained-Search-Result"; + break; + case 6: /* addEntry */ + dsp_dissector = dissect_dsp_ChainedAddEntryResult; + dsp_op_name = "Chained-Add-Entry-Result"; + break; + case 7: /* removeEntry */ + dsp_dissector = dissect_dsp_ChainedRemoveEntryResult; + dsp_op_name = "Chained-Remove-Entry-Result"; + break; + case 8: /* modifyEntry */ + dsp_dissector = dissect_dsp_ChainedModifyEntryResult; + dsp_op_name = "Chained-Modify-Entry-Result"; + break; + case 9: /* modifyDN */ + dsp_dissector = dissect_dsp_ChainedModifyDNResult; + dsp_op_name = "ChainedModify-DN-Result"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DSP opcode"); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_ERROR): /* Return Error */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 1: /* attributeError */ + dsp_dissector = dissect_dap_AttributeError; + dsp_op_name = "Attribute-Error"; + break; + case 2: /* nameError */ + dsp_dissector = dissect_dap_NameError; + dsp_op_name = "Name-Error"; + break; + case 3: /* serviceError */ + dsp_dissector = dissect_dap_ServiceError; + dsp_op_name = "Service-Error"; + break; + case 4: /* referral */ + dsp_dissector = dissect_dap_Referral; + dsp_op_name = "Referral"; + break; + case 5: /* abandoned */ + dsp_dissector = dissect_dap_Abandoned; + dsp_op_name = "Abandoned"; + break; + case 6: /* securityError */ + dsp_dissector = dissect_dap_SecurityError; + dsp_op_name = "Security-Error"; + break; + case 7: /* abandonFailed */ + dsp_dissector = dissect_dap_AbandonFailedError; + dsp_op_name = "Abandon-Failed-Error"; + break; + case 8: /* updateError */ + dsp_dissector = dissect_dap_UpdateError; + dsp_op_name = "Update-Error"; + break; + case 9: /* DSAReferral */ + dsp_dissector = dissect_dsp_DSAReferral; + dsp_op_name = "DSA-Referral"; + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DSP errcode"); + break; + } + break; + default: + proto_tree_add_text(tree, tvb, offset, -1,"Unsupported DSP PDU"); + return; + } + + if(dsp_dissector) { + if (check_col(pinfo->cinfo, COL_INFO)) + col_add_str(pinfo->cinfo, COL_INFO, dsp_op_name); + + while (tvb_reported_length_remaining(tvb, offset) > 0){ + old_offset=offset; + offset=(*dsp_dissector)(FALSE, tvb, offset, pinfo , tree, -1); + if(offset == old_offset){ + proto_tree_add_text(tree, tvb, offset, -1,"Internal error, zero-byte DSP PDU"); + offset = tvb_length(tvb); + break; + } + } + } +} + + +/*--- proto_register_dsp -------------------------------------------*/ +void proto_register_dsp(void) { + + /* List of fields */ + static hf_register_info hf[] = + { +#include "packet-dsp-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_dsp, +#include "packet-dsp-ettarr.c" + }; + module_t *dsp_module; + + /* Register protocol */ + proto_dsp = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* initially disable the protocol */ + proto_set_decoding(proto_dsp, FALSE); + + register_dissector("dsp", dissect_dsp, proto_dsp); + + /* Register fields and subtrees */ + proto_register_field_array(proto_dsp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* Register our configuration options for DSP, particularly our port */ + + dsp_module = prefs_register_protocol(proto_dsp, prefs_register_dsp); + + prefs_register_uint_preference(dsp_module, "tcp.port", "DSP TCP Port", + "Set the port for DSP operations (if other" + " than the default of 102)", + 10, &global_dsp_tcp_port); + + +} + + +/*--- proto_reg_handoff_dsp --- */ +void proto_reg_handoff_dsp(void) { + dissector_handle_t handle = NULL; + +#include "packet-dsp-dis-tab.c" + + /* APPLICATION CONTEXT */ + + register_ber_oid_name("2.5.3.2", "id-ac-directory-system"); + + /* ABSTRACT SYNTAXES */ + + /* Register DSP with ROS (with no use of RTSE) */ + if((handle = find_dissector("dsp"))) { + register_ros_oid_dissector_handle("2.5.9.2", handle, 0, "id-as-directory-system", FALSE); + } + + +} + +void prefs_register_dsp(void) { + + /* de-register the old port */ + /* port 102 is registered by TPKT - don't undo this! */ + if((tcp_port != 102) && tpkt_handle) + dissector_delete("tcp.port", tcp_port, tpkt_handle); + + /* Set our port number for future use */ + tcp_port = global_dsp_tcp_port; + + if((tcp_port > 0) && (tcp_port != 102) && tpkt_handle) + dissector_add("tcp.port", global_dsp_tcp_port, tpkt_handle); + +} diff --git a/asn1/dsp/packet-dsp-template.h b/asn1/dsp/packet-dsp-template.h new file mode 100755 index 0000000000..5cd42558fb --- /dev/null +++ b/asn1/dsp/packet-dsp-template.h @@ -0,0 +1,31 @@ +/* packet-dsp.h + * Routines for X.511 (X.500 Directory Access Protocol) packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-dsp-template.h 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef PACKET_DSP_H +#define PACKET_DSP_H + +#include "packet-dsp-exp.h" + +#endif /* PACKET_DSP_H */ diff --git a/asn1/x501/Makefile b/asn1/x501/Makefile new file mode 100755 index 0000000000..076897f247 --- /dev/null +++ b/asn1/x501/Makefile @@ -0,0 +1,19 @@ +# $Id: Makefile 13071 2005-01-16 10:19:21Z guy $ + +DISSECTOR_FILES=packet-x501.c packet-x501.h + +all: generate_dissector + +generate_dissector: $(DISSECTOR_FILES) + +ASN_EXPORTS= + +$(DISSECTOR_FILES): ../../tools/asn2eth.py x501.asn packet-x501-template.c packet-x501-template.h x501.cnf $(ASN_EXPORTS) + python ../../tools/asn2eth.py -X -b -e -p x501 -c x501.cnf -s packet-x501-template x501.asn + +clean: + rm -f parsetab.py $(DISSECTOR_FILES) *~ + +copy_files: generate_dissector + cp $(DISSECTOR_FILES) ../../epan/dissectors + diff --git a/asn1/x501/packet-x501-template.c b/asn1/x501/packet-x501-template.c new file mode 100755 index 0000000000..6510cc8bd4 --- /dev/null +++ b/asn1/x501/packet-x501-template.c @@ -0,0 +1,92 @@ +/* packet-x501.c + * Routines for X.501 (DSA Operational Attributes) packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-x501-template.c 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include + +#include +#include + +#include "packet-ber.h" + +#include "packet-x509sat.h" +#include "packet-x509if.h" +#include "packet-dap.h" +#include "packet-dsp.h" + + +#include "packet-x501.h" + +#define PNAME "X.501 Operational Attributes" +#define PSNAME "X501" +#define PFNAME "x501" + +/* Initialize the protocol and registered fields */ +int proto_x501 = -1; + +#include "packet-x501-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_x501 = -1; +#include "packet-x501-ett.c" + +#include "packet-x501-fn.c" + +/*--- proto_register_x501 -------------------------------------------*/ +void proto_register_x501(void) { + + /* List of fields */ + static hf_register_info hf[] = + { +#include "packet-x501-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_x501, +#include "packet-x501-ettarr.c" + }; + + /* Register protocol */ + proto_x501 = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_x501, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +} + + +/*--- proto_reg_handoff_x501 --- */ +void proto_reg_handoff_x501(void) { + +#include "packet-x501-dis-tab.c" + +} diff --git a/asn1/x501/packet-x501-template.h b/asn1/x501/packet-x501-template.h new file mode 100755 index 0000000000..673828fe94 --- /dev/null +++ b/asn1/x501/packet-x501-template.h @@ -0,0 +1,31 @@ +/* packet-x501.h + * Routines for X.501 (DSA Operational Attributes) packet dissection + * Graeme Lunt 2005 + * + * $Id: packet-x501-template.h 14773 2005-06-26 10:59:15Z etxrab $ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef PACKET_X501_H +#define PACKET_X501_H + +#include "packet-x501-exp.h" + +#endif /* PACKET_X501_H */ diff --git a/asn1/x501/x501-exp.cnf b/asn1/x501/x501-exp.cnf new file mode 100755 index 0000000000..13540a392f --- /dev/null +++ b/asn1/x501/x501-exp.cnf @@ -0,0 +1,10 @@ +#.IMPORT_TAG +DSEType BER_CLASS_UNI BER_UNI_TAG_BITSTRING +SupplierAndConsumers BER_CLASS_UNI BER_UNI_TAG_SET +#.END + +#.TYPE_ATTR +DSEType TYPE = FT_BYTES DISPLAY = BASE_HEX STRINGS = NULL BITMASK = 0 +SupplierAndConsumers TYPE = FT_NONE DISPLAY = BASE_NONE STRINGS = NULL BITMASK = 0 +#.END + diff --git a/asn1/x501/x501.asn b/asn1/x501/x501.asn new file mode 100755 index 0000000000..32a1fc0366 --- /dev/null +++ b/asn1/x501/x501.asn @@ -0,0 +1,207 @@ +-- Module DSAOperationalAttributeTypes (X.501:02/2001) +DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1) + dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 + distributedOperations, id-doa, id-kmr, informationFramework, + opBindingManagement, selectedAttributeTypes, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + ATTRIBUTE, MATCHING-RULE, Name + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} + OperationalBindingID + FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) + opBindingManagement(18) 4} + -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 + AccessPoint, MasterAndShadowAccessPoints + FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) + distributedOperations(3) 4} + -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 + bitStringMatch + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + PresentationAddress, ProtocolInformation + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4}; + + +-- data types +DSEType ::= BIT STRING { + root(0), -- root DSE + glue(1), -- represents knowledge of a name only + cp(2), -- context prefix + entry(3), -- object entry + alias(4), -- alias entry + subr(5), -- subordinate reference + nssr(6), -- non-specific subordinate reference + supr(7), -- superior reference + xr(8), -- cross reference + admPoint(9), -- administrative point + subentry(10), -- subentry + shadow(11), -- shadow copy + immSupr(13), -- immediate superior reference + rhob(14), -- rhob information + sa(15), -- subordinate reference to alias entry + dsSubentry(16), -- DSA Specific subentry + familyMember(17)} -- family member + +SupplierOrConsumer ::= SET { +-- COMPONENTS OF AccessPoint, - - supplier or consumer + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + agreementID [3] OperationalBindingID +} + +SupplierInformation ::= SET { +-- COMPONENTS OF SupplierOrConsumer, - - supplier + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + agreementID [3] OperationalBindingID, + supplier-is-master [4] BOOLEAN DEFAULT TRUE, + non-supplying-master [5] AccessPoint OPTIONAL +} + +ConsumerInformation ::= SupplierOrConsumer -- consumer + +SupplierAndConsumers ::= SET { +-- COMPONENTS OF AccessPoint, - - supplier + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + consumers [3] SET OF AccessPoint +} + +-- attribute types +--dseType ATTRIBUTE ::= { +-- WITH SYNTAX DSEType +-- EQUALITY MATCHING RULE bitStringMatch +-- SINGLE VALUE TRUE +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-dseType +--} + +--myAccessPoint ATTRIBUTE ::= { +-- WITH SYNTAX AccessPoint +-- EQUALITY MATCHING RULE accessPointMatch +-- SINGLE VALUE TRUE +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-myAccessPoint +--} + +--superiorKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX AccessPoint +-- EQUALITY MATCHING RULE accessPointMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-superiorKnowledge +--} + +--specificKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX MasterAndShadowAccessPoints +-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch +-- SINGLE VALUE TRUE +-- NO USER MODIFICATION TRUE +-- USAGE distributedOperation +-- ID id-doa-specificKnowledge +--} + +--nonSpecificKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX MasterAndShadowAccessPoints +-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch +-- NO USER MODIFICATION TRUE +-- USAGE distributedOperation +-- ID id-doa-nonSpecificKnowledge +--} + +--supplierKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX SupplierInformation +-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-supplierKnowledge +--} + +--consumerKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX ConsumerInformation +-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-consumerKnowledge +--} + +--secondaryShadows ATTRIBUTE ::= { +-- WITH SYNTAX SupplierAndConsumers +-- EQUALITY MATCHING RULE supplierAndConsumersMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-secondaryShadows +--} + +-- matching rules +--accessPointMatch MATCHING-RULE ::= { +-- SYNTAX Name +-- ID id-kmr-accessPointMatch +--} + +--masterAndShadowAccessPointsMatch MATCHING-RULE ::= { +-- SYNTAX SET OF Name +-- ID id-kmr-masterShadowMatch +--} + +--supplierOrConsumerInformationMatch MATCHING-RULE ::= { +-- SYNTAX +-- SET {ae-title [0] Name, +-- agreement-identifier [2] INTEGER} +-- ID id-kmr-supplierConsumerMatch +--} + +--supplierAndConsumersMatch MATCHING-RULE ::= { +-- SYNTAX Name +-- ID id-kmr-supplierConsumersMatch +--} + +-- object identifier assignments +-- dsa operational attributes +--id-doa-dseType OBJECT IDENTIFIER ::= +-- {id-doa 0} + +--id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1} + +--id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2} + +--id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3} + +--id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4} + +--id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5} + +--id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6} + +--id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7} + +-- knowledge matching rules +--id-kmr-accessPointMatch OBJECT IDENTIFIER ::= +-- {id-kmr 0} + +--id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1} + +--id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2} + +--id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3} + +END -- DSAOperationalAttributeTypes + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/asn1/x501/x501.cnf b/asn1/x501/x501.cnf new file mode 100755 index 0000000000..0c37bfebe6 --- /dev/null +++ b/asn1/x501/x501.cnf @@ -0,0 +1,19 @@ +#.MODULE_IMPORT +SelectedAttributeTypes x509sat +DistributedOperations dsp +OperationalBindingManagement dap +InformationFramework x509if + +#.INCLUDE ../x509sat/x509sat-exp.cnf +#.INCLUDE ../dap/dap-exp.cnf +#.INCLUDE ../dsp/dsp-exp.cnf + +#.EXPORTS +DSEType +SupplierAndConsumers + +#.REGISTER +DSEType B "2.5.12.0" "id-doa-dseType" +SupplierInformation B "2.5.12.5" "id-doa-supplierKnowledge" +ConsumerInformation B "2.5.12.6" "id-doa-consumerKnowledge" +SupplierAndConsumers B "2.5.12.7" "id-doa-secondaryShadows" -- 2.34.1