2 * Routines for ldap packet dissection
4 * $Id: packet-ldap.c,v 1.47 2002/09/09 23:41:12 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
27 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
28 * It's also missing extensible search filters.
30 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
33 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
34 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
38 * nazard@dragoninc.on.ca
50 #ifdef NEED_SNPRINTF_H
51 # include "snprintf.h"
54 #include <epan/packet.h>
56 #include "packet-ldap.h"
59 #include <epan/conversation.h>
61 static int proto_ldap = -1;
62 static int hf_ldap_length = -1;
63 static int hf_ldap_message_id = -1;
64 static int hf_ldap_message_type = -1;
65 static int hf_ldap_message_length = -1;
67 static int hf_ldap_message_result = -1;
68 static int hf_ldap_message_result_matcheddn = -1;
69 static int hf_ldap_message_result_errormsg = -1;
70 static int hf_ldap_message_result_referral = -1;
72 static int hf_ldap_message_bind_version = -1;
73 static int hf_ldap_message_bind_dn = -1;
74 static int hf_ldap_message_bind_auth = -1;
75 static int hf_ldap_message_bind_auth_password = -1;
76 static int hf_ldap_message_bind_auth_mechanism = -1;
77 static int hf_ldap_message_bind_auth_credentials = -1;
78 static int hf_ldap_message_bind_server_credentials = -1;
80 static int hf_ldap_message_search_base = -1;
81 static int hf_ldap_message_search_scope = -1;
82 static int hf_ldap_message_search_deref = -1;
83 static int hf_ldap_message_search_sizeLimit = -1;
84 static int hf_ldap_message_search_timeLimit = -1;
85 static int hf_ldap_message_search_typesOnly = -1;
86 static int hf_ldap_message_search_filter = -1;
88 static int hf_ldap_message_dn = -1;
89 static int hf_ldap_message_attribute = -1;
90 static int hf_ldap_message_value = -1;
92 static int hf_ldap_message_modrdn_name = -1;
93 static int hf_ldap_message_modrdn_delete = -1;
94 static int hf_ldap_message_modrdn_superior = -1;
96 static int hf_ldap_message_compare = -1;
98 static int hf_ldap_message_modify_add = -1;
99 static int hf_ldap_message_modify_replace = -1;
100 static int hf_ldap_message_modify_delete = -1;
102 static int hf_ldap_message_abandon_msgid = -1;
104 static gint ett_ldap = -1;
105 static gint ett_ldap_message = -1;
106 static gint ett_ldap_gssapi_token = -1;
107 static gint ett_ldap_referrals = -1;
108 static gint ett_ldap_attribute = -1;
110 /* desegmentation of LDAP */
111 static gboolean ldap_desegment = TRUE;
113 #define TCP_PORT_LDAP 389
114 #define UDP_PORT_CLDAP 389
116 static dissector_handle_t gssapi_handle;
119 * Data structure attached to a conversation, giving authentication
120 * information from a bind request.
121 * We keep a linked list of them, so that we can free up all the
122 * authentication mechanism strings.
124 typedef struct ldap_auth_info_t {
125 guint auth_type; /* authentication type */
126 char *auth_mech; /* authentication mechanism */
127 struct ldap_auth_info_t *next;
130 static GMemChunk *ldap_auth_info_chunk = NULL;
132 static guint ldap_auth_info_chunk_count = 200;
134 static ldap_auth_info_t *auth_info_items;
136 static value_string msgTypes [] = {
137 {LDAP_REQ_BIND, "Bind Request"},
138 {LDAP_REQ_UNBIND, "Unbind Request"},
139 {LDAP_REQ_SEARCH, "Search Request"},
140 {LDAP_REQ_MODIFY, "Modify Request"},
141 {LDAP_REQ_ADD, "Add Request"},
142 {LDAP_REQ_DELETE, "Delete Request"},
143 {LDAP_REQ_MODRDN, "Modify RDN Request"},
144 {LDAP_REQ_COMPARE, "Compare Request"},
145 {LDAP_REQ_ABANDON, "Abandon Request"},
146 {LDAP_REQ_EXTENDED, "Extended Request"},
148 {LDAP_RES_BIND, "Bind Result"},
149 {LDAP_RES_SEARCH_ENTRY, "Search Entry"},
150 {LDAP_RES_SEARCH_RESULT, "Search Result"},
151 {LDAP_RES_SEARCH_REF, "Search Result Reference"},
152 {LDAP_RES_MODIFY, "Modify Result"},
153 {LDAP_RES_ADD, "Add Result"},
154 {LDAP_RES_DELETE, "Delete Result"},
155 {LDAP_RES_MODRDN, "Modify RDN Result"},
156 {LDAP_RES_COMPARE, "Compare Result"},
157 {LDAP_REQ_EXTENDED, "Extended Response"},
161 static int read_length(ASN1_SCK *a, proto_tree *tree, int hf_id, guint *len)
164 gboolean def = FALSE;
165 int start = a->offset;
168 ret = asn1_length_decode(a, &def, &length);
169 if (ret != ASN1_ERR_NOERROR) {
171 proto_tree_add_text(tree, a->tvb, start, 0,
172 "%s: ERROR: Couldn't parse length: %s",
173 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
182 proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, length);
184 return ASN1_ERR_NOERROR;
187 static int read_sequence(ASN1_SCK *a, guint *len)
194 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
195 if (ret != ASN1_ERR_NOERROR)
197 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
198 return ASN1_ERR_WRONG_TYPE;
203 return ASN1_ERR_NOERROR;
206 static int read_set(ASN1_SCK *a, guint *len)
213 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
214 if (ret != ASN1_ERR_NOERROR)
216 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SET)
217 return ASN1_ERR_WRONG_TYPE;
222 return ASN1_ERR_NOERROR;
225 static int read_integer_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
226 proto_item **new_item, guint *i, int start, guint length)
229 proto_item *temp_item = NULL;
232 ret = asn1_uint32_value_decode(a, length, &integer);
233 if (ret != ASN1_ERR_NOERROR) {
235 proto_tree_add_text(tree, a->tvb, start, 0,
236 "%s: ERROR: Couldn't parse value: %s",
237 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
246 temp_item = proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, integer);
249 *new_item = temp_item;
251 return ASN1_ERR_NOERROR;
254 static int read_integer(ASN1_SCK *a, proto_tree *tree, int hf_id,
255 proto_item **new_item, guint *i, guint expected_tag)
260 int start = a->offset;
263 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
264 if (ret == ASN1_ERR_NOERROR) {
265 if (cls != ASN1_UNI || con != ASN1_PRI || tag != expected_tag)
266 ret = ASN1_ERR_WRONG_TYPE;
268 if (ret != ASN1_ERR_NOERROR) {
270 proto_tree_add_text(tree, a->tvb, start, 0,
271 "%s: ERROR: Couldn't parse header: %s",
272 (hf_id != -1) ? proto_registrar_get_name(hf_id) : "LDAP message",
273 asn1_err_to_str(ret));
278 return read_integer_value(a, tree, hf_id, new_item, i, start, length);
281 static int read_boolean_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
282 proto_item **new_item, guint *i, int start, guint length)
285 proto_item *temp_item = NULL;
288 ret = asn1_uint32_value_decode(a, length, &integer);
289 if (ret != ASN1_ERR_NOERROR) {
291 proto_tree_add_text(tree, a->tvb, start, 0,
292 "%s: ERROR: Couldn't parse value: %s",
293 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
302 temp_item = proto_tree_add_boolean(tree, hf_id, a->tvb, start, a->offset-start, integer);
304 *new_item = temp_item;
306 return ASN1_ERR_NOERROR;
309 static int read_boolean(ASN1_SCK *a, proto_tree *tree, int hf_id,
310 proto_item **new_item, guint *i)
315 int start = a->offset;
318 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
319 if (ret == ASN1_ERR_NOERROR) {
320 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_BOL)
321 ret = ASN1_ERR_WRONG_TYPE;
323 if (ret != ASN1_ERR_NOERROR) {
325 proto_tree_add_text(tree, a->tvb, start, 0,
326 "%s: ERROR: Couldn't parse header: %s",
327 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
332 return read_boolean_value(a, tree, hf_id, new_item, i, start, length);
335 static int read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
336 proto_item **new_item, char **s, int start, guint length)
339 proto_item *temp_item = NULL;
344 ret = asn1_string_value_decode(a, length, &string);
345 if (ret != ASN1_ERR_NOERROR) {
347 proto_tree_add_text(tree, a->tvb, start, 0,
348 "%s: ERROR: Couldn't parse value: %s",
349 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
353 string = g_realloc(string, length + 1);
354 string[length] = '\0';
360 temp_item = proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset - start, string);
362 *new_item = temp_item;
369 return ASN1_ERR_NOERROR;
372 static int read_string(ASN1_SCK *a, proto_tree *tree, int hf_id,
373 proto_item **new_item, char **s, guint expected_cls, guint expected_tag)
378 int start = a->offset;
381 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
382 if (ret == ASN1_ERR_NOERROR) {
383 if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
384 ret = ASN1_ERR_WRONG_TYPE;
386 if (ret != ASN1_ERR_NOERROR) {
388 proto_tree_add_text(tree, a->tvb, start, 0,
389 "%s: ERROR: Couldn't parse header: %s",
390 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
395 return read_string_value(a, tree, hf_id, new_item, s, start, length);
398 static int read_bytestring_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
399 proto_item **new_item, char **s, int start, guint length)
402 proto_item *temp_item = NULL;
407 ret = asn1_string_value_decode(a, length, &string);
408 if (ret != ASN1_ERR_NOERROR) {
410 proto_tree_add_text(tree, a->tvb, start, 0,
411 "%s: ERROR: Couldn't parse value: %s",
412 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
416 string = g_realloc(string, length + 1);
417 string[length] = '\0';
423 temp_item = proto_tree_add_bytes(tree, hf_id, a->tvb, start, a->offset - start, string);
425 *new_item = temp_item;
432 return ASN1_ERR_NOERROR;
435 static int read_bytestring(ASN1_SCK *a, proto_tree *tree, int hf_id,
436 proto_item **new_item, char **s, guint expected_cls, guint expected_tag)
441 int start = a->offset;
444 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
445 if (ret == ASN1_ERR_NOERROR) {
446 if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
447 ret = ASN1_ERR_WRONG_TYPE;
449 if (ret != ASN1_ERR_NOERROR) {
451 proto_tree_add_text(tree, a->tvb, start, 0,
452 "%s: ERROR: Couldn't parse header: %s",
453 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
458 return read_bytestring_value(a, tree, hf_id, new_item, s, start, length);
461 static int parse_filter_strings(ASN1_SCK *a, char **filter, guint *filter_length, const guchar *operation)
466 guint string2_length;
471 ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
472 if (ret != ASN1_ERR_NOERROR)
474 ret = asn1_octet_string_decode(a, &string2, &string2_length, &string_bytes);
475 if (ret != ASN1_ERR_NOERROR)
477 *filter_length += 2 + strlen(operation) + string_length + string2_length;
478 *filter = g_realloc(*filter, *filter_length);
479 filterp = *filter + strlen(*filter);
481 if (string_length != 0) {
482 memcpy(filterp, string, string_length);
483 filterp += string_length;
485 strcpy(filterp, operation);
486 filterp += strlen(operation);
487 if (string2_length != 0) {
488 memcpy(filterp, string2, string2_length);
489 filterp += string2_length;
495 return ASN1_ERR_NOERROR;
498 /* Richard Dawe: To parse substring filters, I added this function. */
499 static int parse_filter_substrings(ASN1_SCK *a, char **filter, guint *filter_length)
510 /* For ASN.1 parsing of octet strings */
516 ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
517 if (ret != ASN1_ERR_NOERROR)
520 ret = asn1_sequence_decode(a, &seq_len, &header_bytes);
521 if (ret != ASN1_ERR_NOERROR)
524 *filter_length += 2 + 1 + string_length;
525 *filter = g_realloc(*filter, *filter_length);
527 filterp = *filter + strlen(*filter);
529 if (string_length != 0) {
530 memcpy(filterp, string, string_length);
531 filterp += string_length;
537 /* Now decode seq_len's worth of octet strings. */
539 end = a->offset + seq_len;
541 while (a->offset < end) {
542 /* Octet strings here are context-specific, which
543 * asn1_octet_string_decode() barfs on. Emulate it, but don't barf. */
544 ret = asn1_header_decode (a, &cls, &con, &tag, &def, &string_length);
545 if (ret != ASN1_ERR_NOERROR)
548 /* XXX - check the tag? */
549 if (cls != ASN1_CTX || con != ASN1_PRI) {
550 /* XXX - handle the constructed encoding? */
551 return ASN1_ERR_WRONG_TYPE;
554 return ASN1_ERR_LENGTH_NOT_DEFINITE;
556 ret = asn1_string_value_decode(a, (int) string_length, &string);
557 if (ret != ASN1_ERR_NOERROR)
560 /* If we have an 'any' component with a string value, we need to append
561 * an extra asterisk before final component. */
562 if ((tag == 1) && (string_length != 0))
565 if ( (tag == 1) || ((tag == 2) && any_valued) )
567 *filter_length += string_length;
568 *filter = g_realloc(*filter, *filter_length);
570 filterp = *filter + strlen(*filter);
571 if ( (tag == 1) || ((tag == 2) && any_valued) )
575 if (string_length != 0) {
576 memcpy(filterp, string, string_length);
577 filterp += string_length;
586 *filter = g_realloc(*filter, *filter_length);
587 filterp = *filter + strlen(*filter);
591 /* NB: Allocated byte for this earlier */
595 return ASN1_ERR_NOERROR;
598 /* Returns -1 if we're at the end, returns an ASN1_ERR value otherwise. */
599 static int parse_filter(ASN1_SCK *a, char **filter, guint *filter_length,
607 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
608 if (ret != ASN1_ERR_NOERROR)
613 *end = a->offset + length;
615 *filter = g_malloc0(*filter_length);
618 if (cls == ASN1_CTX) /* XXX - handle other types as errors? */
622 case LDAP_FILTER_AND:
627 return ASN1_ERR_WRONG_TYPE;
628 add_end = a->offset + length;
630 *filter = g_realloc(*filter, *filter_length);
631 strcat(*filter, "(&");
632 while ((ret = parse_filter(a, filter, filter_length, &add_end))
637 strcat(*filter, ")");
645 return ASN1_ERR_WRONG_TYPE;
646 or_end = a->offset + length;
648 *filter = g_realloc(*filter, *filter_length);
649 strcat(*filter, "(|");
650 while ((ret = parse_filter(a, filter, filter_length, &or_end))
655 strcat(*filter, ")");
658 case LDAP_FILTER_NOT:
663 return ASN1_ERR_WRONG_TYPE;
664 not_end = a->offset + length;
666 *filter = g_realloc(*filter, *filter_length);
667 strcat(*filter, "(!");
668 ret = parse_filter(a, filter, filter_length, ¬_end);
669 if (ret != -1 && ret != ASN1_ERR_NOERROR)
671 strcat(*filter, ")");
674 case LDAP_FILTER_EQUALITY:
676 return ASN1_ERR_WRONG_TYPE;
677 ret = parse_filter_strings(a, filter, filter_length, "=");
678 if (ret != ASN1_ERR_NOERROR)
683 return ASN1_ERR_WRONG_TYPE;
684 ret = parse_filter_strings(a, filter, filter_length, ">=");
685 if (ret != ASN1_ERR_NOERROR)
690 return ASN1_ERR_WRONG_TYPE;
691 ret = parse_filter_strings(a, filter, filter_length, "<=");
692 if (ret != -1 && ret != ASN1_ERR_NOERROR)
695 case LDAP_FILTER_APPROX:
697 return ASN1_ERR_WRONG_TYPE;
698 ret = parse_filter_strings(a, filter, filter_length, "~=");
699 if (ret != ASN1_ERR_NOERROR)
702 case LDAP_FILTER_PRESENT:
708 return ASN1_ERR_WRONG_TYPE;
709 ret = asn1_string_value_decode(a, length, &string);
710 if (ret != ASN1_ERR_NOERROR)
712 *filter_length += 4 + length;
713 *filter = g_realloc(*filter, *filter_length);
714 filterp = *filter + strlen(*filter);
717 memcpy(filterp, string, length);
727 case LDAP_FILTER_SUBSTRINGS:
729 return ASN1_ERR_WRONG_TYPE;
730 /* Richard Dawe: Handle substrings */
731 ret = parse_filter_substrings(a, filter, filter_length);
732 if (ret != ASN1_ERR_NOERROR)
736 return ASN1_ERR_WRONG_TYPE;
740 if (a->offset == *end)
746 static gboolean read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
748 int start = a->offset;
750 guint filter_length = 0;
754 while ((ret = parse_filter(a, &filter, &filter_length, &end))
760 proto_tree_add_text(tree, a->tvb, start, 0,
761 "%s: ERROR: Can't parse filter: %s",
762 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
764 proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset-start, filter);
769 return (ret == -1) ? TRUE : FALSE;
772 /********************************************************************************************/
774 static void dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
776 guint resultCode = 0;
779 if (read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, ASN1_ENUM) != ASN1_ERR_NOERROR)
781 if (read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
783 if (read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
786 if (resultCode == 10) /* Referral */
788 int start = a->offset;
792 proto_tree *referralTree;
794 ret = read_sequence(a, &length);
795 if (ret != ASN1_ERR_NOERROR) {
797 proto_tree_add_text(tree, a->tvb, start, 0,
798 "ERROR: Couldn't parse referral URL sequence header: %s",
799 asn1_err_to_str(ret));
803 ti = proto_tree_add_text(tree, a->tvb, start, length, "Referral URLs");
804 referralTree = proto_item_add_subtree(ti, ett_ldap_referrals);
806 end = a->offset + length;
807 while (a->offset < end) {
808 if (read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
814 static void dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree,
815 tvbuff_t *tvb, packet_info *pinfo)
823 conversation_t *conversation;
824 ldap_auth_info_t *auth_info;
827 gint available_length, reported_length;
830 proto_tree *gtree = NULL;
832 if (read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
834 if (read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
838 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
839 if (ret == ASN1_ERR_NOERROR) {
840 if (cls != ASN1_CTX) {
841 /* RFCs 1777 and 2251 say these are context-specific types */
842 ret = ASN1_ERR_WRONG_TYPE;
845 if (ret != ASN1_ERR_NOERROR) {
846 proto_tree_add_text(tree, a->tvb, start, 0,
847 "%s: ERROR: Couldn't parse header: %s",
848 proto_registrar_get_name(hf_ldap_message_bind_auth),
849 asn1_err_to_str(ret));
852 proto_tree_add_uint(tree, hf_ldap_message_bind_auth, a->tvb, start,
853 a->offset - start, tag);
854 end = a->offset + length;
857 case LDAP_AUTH_SIMPLE:
858 if (read_string_value(a, tree, hf_ldap_message_bind_auth_password, NULL,
859 NULL, start, length) != ASN1_ERR_NOERROR)
863 /* For Kerberos V4, dissect it as a ticket. */
867 if (read_string(a, tree, hf_ldap_message_bind_auth_mechanism, NULL,
868 &mechanism, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
872 * We need to remember the authentication type and mechanism for this
875 * XXX - actually, we might need to remember more than one
876 * type and mechanism, if you can unbind and rebind with a
877 * different type and/or mechanism.
879 conversation = find_conversation(&pinfo->src, &pinfo->dst,
880 pinfo->ptype, pinfo->srcport,
882 if (conversation == NULL) {
883 /* We don't yet have a conversation, so create one. */
884 conversation = conversation_new(&pinfo->src, &pinfo->dst,
885 pinfo->ptype, pinfo->srcport,
890 * Do we already have a type and mechanism?
892 auth_info = conversation_get_proto_data(conversation, proto_ldap);
893 if (auth_info == NULL) {
894 /* No. Attach that information to the conversation, and add
895 it to the list of information structures. */
896 auth_info = g_mem_chunk_alloc(ldap_auth_info_chunk);
897 auth_info->auth_type = tag;
898 auth_info->auth_mech = mechanism;
899 conversation_add_proto_data(conversation, proto_ldap, auth_info);
900 auth_info->next = auth_info_items;
901 auth_info_items = auth_info;
906 * If the mechanism in this request is an empty string (which is
907 * returned as a null pointer), use the saved mechanism instead.
908 * Otherwise, if the saved mechanism is an empty string (null),
909 * save this mechanism.
911 if (mechanism == NULL)
912 mechanism = auth_info->auth_mech;
914 if (auth_info->auth_mech == NULL)
915 auth_info->auth_mech = mechanism;
919 if (a->offset < end) {
920 if (mechanism != NULL && strcmp(mechanism, "GSS-SPNEGO") == 0) {
922 * This is a GSS-API token.
923 * Find out how big it is by parsing the ASN.1 header for the
924 * OCTET STREAM that contains it.
926 token_offset = a->offset;
927 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
928 if (ret != ASN1_ERR_NOERROR) {
929 proto_tree_add_text(tree, a->tvb, token_offset, 0,
930 "%s: ERROR: Couldn't parse header: %s",
931 proto_registrar_get_name(hf_ldap_message_bind_auth_credentials),
932 asn1_err_to_str(ret));
936 gitem = proto_tree_add_text(tree, tvb, token_offset,
937 (a->offset + length) - token_offset, "GSS-API Token");
938 gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
940 available_length = tvb_length_remaining(tvb, token_offset);
941 reported_length = tvb_reported_length_remaining(tvb, token_offset);
942 g_assert(available_length >= 0);
943 g_assert(reported_length >= 0);
944 if (available_length > reported_length)
945 available_length = reported_length;
946 if ((guint)available_length > length)
947 available_length = length;
948 if ((guint)reported_length > length)
949 reported_length = length;
950 new_tvb = tvb_new_subset(tvb, a->offset, available_length, reported_length);
951 call_dissector(gssapi_handle, new_tvb, pinfo, gtree);
954 if (read_bytestring(a, tree, hf_ldap_message_bind_auth_credentials,
955 NULL, NULL, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
963 static void dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree,
964 int start, guint length, tvbuff_t *tvb, packet_info *pinfo)
971 conversation_t *conversation;
972 ldap_auth_info_t *auth_info;
974 gint available_length, reported_length;
977 proto_tree *gtree = NULL;
979 end = start + length;
980 dissect_ldap_result(a, tree);
981 if (a->offset < end) {
982 conversation = find_conversation(&pinfo->src, &pinfo->dst,
983 pinfo->ptype, pinfo->srcport,
985 if (conversation != NULL) {
986 auth_info = conversation_get_proto_data(conversation, proto_ldap);
987 if (auth_info != NULL) {
988 switch (auth_info->auth_type) {
990 /* For Kerberos V4, dissect it as a ticket. */
991 /* XXX - what about LDAP_AUTH_SIMPLE? */
994 if (auth_info->auth_mech != NULL &&
995 strcmp(auth_info->auth_mech, "GSS-SPNEGO") == 0) {
997 * This is a GSS-API token.
998 * Find out how big it is by parsing the ASN.1 header for the
999 * OCTET STREAM that contains it.
1001 token_offset = a->offset;
1002 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &cred_length);
1003 if (ret != ASN1_ERR_NOERROR) {
1004 proto_tree_add_text(tree, a->tvb, token_offset, 0,
1005 "%s: ERROR: Couldn't parse header: %s",
1006 proto_registrar_get_name(hf_ldap_message_bind_auth_credentials),
1007 asn1_err_to_str(ret));
1011 gitem = proto_tree_add_text(tree, tvb, token_offset,
1012 (a->offset + cred_length) - token_offset, "GSS-API Token");
1013 gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
1015 available_length = tvb_length_remaining(tvb, token_offset);
1016 reported_length = tvb_reported_length_remaining(tvb, token_offset);
1017 g_assert(available_length >= 0);
1018 g_assert(reported_length >= 0);
1019 if (available_length > reported_length)
1020 available_length = reported_length;
1021 if ((guint)available_length > cred_length)
1022 available_length = cred_length;
1023 if ((guint)reported_length > cred_length)
1024 reported_length = cred_length;
1025 new_tvb = tvb_new_subset(tvb, a->offset, available_length, reported_length);
1026 call_dissector(gssapi_handle, new_tvb, pinfo, gtree);
1027 a->offset += cred_length;
1029 if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
1030 NULL, NULL, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1036 if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
1037 NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
1042 if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
1043 NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
1047 if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
1048 NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
1054 static void dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
1060 if (read_string(a, tree, hf_ldap_message_search_base, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1062 if (read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
1064 if (read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
1066 if (read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
1068 if (read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
1070 if (read_boolean(a, tree, hf_ldap_message_search_typesOnly, 0, 0) != ASN1_ERR_NOERROR)
1072 if (!read_filter(a, tree, hf_ldap_message_search_filter))
1074 ret = read_sequence(a, &seq_length);
1075 if (ret != ASN1_ERR_NOERROR) {
1077 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1078 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
1079 asn1_err_to_str(ret));
1083 end = a->offset + seq_length;
1084 while (a->offset < end) {
1085 if (read_string(a, tree, hf_ldap_message_attribute, 0, 0, ASN1_UNI,
1086 ASN1_OTS) != ASN1_ERR_NOERROR)
1091 static void dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
1094 int end_of_sequence;
1097 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1099 ret = read_sequence(a, &seq_length);
1100 if (ret != ASN1_ERR_NOERROR) {
1102 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1103 "ERROR: Couldn't parse search entry response sequence header: %s",
1104 asn1_err_to_str(ret));
1109 end_of_sequence = a->offset + seq_length;
1110 while (a->offset < end_of_sequence)
1113 proto_tree *attr_tree;
1117 ret = read_sequence(a, 0);
1118 if (ret != ASN1_ERR_NOERROR) {
1120 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1121 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
1122 asn1_err_to_str(ret));
1126 if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1128 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
1130 ret = read_set(a, &set_length);
1131 if (ret != ASN1_ERR_NOERROR) {
1133 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
1134 "ERROR: Couldn't parse LDAP value set header: %s",
1135 asn1_err_to_str(ret));
1139 end_of_set = a->offset + set_length;
1140 while (a->offset < end_of_set) {
1141 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
1142 ASN1_OTS) != ASN1_ERR_NOERROR)
1148 static void dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
1151 int end_of_sequence;
1154 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1157 ret = read_sequence(a, &seq_length);
1158 if (ret != ASN1_ERR_NOERROR) {
1160 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1161 "ERROR: Couldn't parse add request sequence header: %s",
1162 asn1_err_to_str(ret));
1167 end_of_sequence = a->offset + seq_length;
1168 while (a->offset < end_of_sequence)
1171 proto_tree *attr_tree;
1175 ret = read_sequence(a, 0);
1176 if (ret != ASN1_ERR_NOERROR) {
1178 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1179 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
1180 asn1_err_to_str(ret));
1184 if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI,
1185 ASN1_OTS) != ASN1_ERR_NOERROR)
1187 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
1189 ret = read_set(a, &set_length);
1190 if (ret != ASN1_ERR_NOERROR) {
1192 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
1193 "ERROR: Couldn't parse LDAP value set header: %s",
1194 asn1_err_to_str(ret));
1198 end_of_set = a->offset + set_length;
1199 while (a->offset < end_of_set) {
1200 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1206 static void dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree,
1207 int start, guint length)
1209 read_string_value(a, tree, hf_ldap_message_dn, NULL, NULL, start, length);
1212 static void dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree,
1215 int start = a->offset;
1217 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1219 if (read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1221 if (read_boolean(a, tree, hf_ldap_message_modrdn_delete, 0, 0) != ASN1_ERR_NOERROR)
1224 if (a->offset < (int) (start + length)) {
1225 /* LDAP V3 Modify DN operation, with newSuperior */
1226 if (read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1231 static void dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
1235 char *string1 = NULL;
1236 char *string2 = NULL;
1241 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1243 ret = read_sequence(a, 0);
1244 if (ret != ASN1_ERR_NOERROR) {
1246 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1247 "ERROR: Couldn't parse compare request sequence header: %s",
1248 asn1_err_to_str(ret));
1254 ret = read_string(a, 0, -1, 0, &string1, ASN1_UNI, ASN1_OTS);
1255 if (ret != ASN1_ERR_NOERROR) {
1257 proto_tree_add_text(tree, a->tvb, start, 0,
1258 "ERROR: Couldn't parse compare type: %s", asn1_err_to_str(ret));
1262 ret = read_string(a, 0, -1, 0, &string2, ASN1_UNI, ASN1_OTS);
1263 if (ret != ASN1_ERR_NOERROR) {
1265 proto_tree_add_text(tree, a->tvb, start, 0,
1266 "ERROR: Couldn't parse compare value: %s", asn1_err_to_str(ret));
1271 s1 = (string1 == NULL) ? "(null)" : string1;
1272 s2 = (string2 == NULL) ? "(null)" : string2;
1273 length = 2 + strlen(s1) + strlen(s2);
1274 compare = g_malloc0(length);
1275 snprintf(compare, length, "%s=%s", s1, s2);
1276 proto_tree_add_string(tree, hf_ldap_message_compare, a->tvb, start,
1277 a->offset-start, compare);
1286 static void dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
1289 int end_of_sequence;
1292 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1294 ret = read_sequence(a, &seq_length);
1295 if (ret != ASN1_ERR_NOERROR) {
1297 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1298 "ERROR: Couldn't parse modify request sequence header: %s",
1299 asn1_err_to_str(ret));
1303 end_of_sequence = a->offset + seq_length;
1304 while (a->offset < end_of_sequence)
1307 proto_tree *attr_tree;
1312 ret = read_sequence(a, 0);
1313 if (ret != ASN1_ERR_NOERROR) {
1315 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1316 "ERROR: Couldn't parse modify request item sequence header: %s",
1317 asn1_err_to_str(ret));
1321 ret = read_integer(a, 0, -1, 0, &operation, ASN1_ENUM);
1322 if (ret != ASN1_ERR_NOERROR) {
1324 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1325 "ERROR: Couldn't parse modify operation: %s",
1326 asn1_err_to_str(ret));
1330 ret = read_sequence(a, 0);
1331 if (ret != ASN1_ERR_NOERROR) {
1333 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1334 "ERROR: Couldn't parse modify request operation sequence header: %s",
1335 asn1_err_to_str(ret));
1343 if (read_string(a, tree, hf_ldap_message_modify_add, &ti, 0, ASN1_UNI,
1344 ASN1_OTS) != ASN1_ERR_NOERROR)
1348 case LDAP_MOD_REPLACE:
1349 if (read_string(a, tree, hf_ldap_message_modify_replace, &ti, 0,
1350 ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1354 case LDAP_MOD_DELETE:
1355 if (read_string(a, tree, hf_ldap_message_modify_delete, &ti, 0,
1356 ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1361 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1362 "Unknown LDAP modify operation (%u)", operation);
1365 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
1367 ret = read_set(a, &set_length);
1368 if (ret != ASN1_ERR_NOERROR) {
1370 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
1371 "ERROR: Couldn't parse LDAP value set header: %s",
1372 asn1_err_to_str(ret));
1376 end_of_set = a->offset + set_length;
1377 while (a->offset < end_of_set) {
1378 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
1379 ASN1_OTS) != ASN1_ERR_NOERROR)
1385 static void dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree,
1386 int start, guint length)
1388 read_integer_value(a, tree, hf_ldap_message_abandon_msgid, NULL, NULL,
1393 dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1395 proto_tree *ldap_tree = NULL, *ti, *msg_tree = NULL;
1396 guint messageLength;
1399 guint protocolOpCls, protocolOpCon, protocolOpTag;
1404 gboolean first_time = TRUE;
1407 asn1_open(&a, tvb, 0);
1409 while (tvb_reported_length_remaining(tvb, a.offset) > 0)
1411 int message_id_start;
1412 int message_id_length;
1416 * XXX - should handle the initial sequence specifier split across
1417 * segment boundaries.
1419 message_start = a.offset;
1420 ret = read_sequence(&a, &messageLength);
1421 if (ret != ASN1_ERR_NOERROR)
1425 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1426 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
1427 if (check_col(pinfo->cinfo, COL_INFO))
1429 col_add_fstr(pinfo->cinfo, COL_INFO,
1430 "Invalid LDAP message (Can't parse sequence header: %s)",
1431 asn1_err_to_str(ret));
1436 ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start, -1,
1438 ldap_tree = proto_item_add_subtree(ti, ett_ldap);
1439 proto_tree_add_text(ldap_tree, tvb, message_start, -1,
1440 "Invalid LDAP message (Can't parse sequence header: %s)",
1441 asn1_err_to_str(ret));
1447 * Desegmentation check.
1449 if (ldap_desegment) {
1450 if (pinfo->can_desegment
1451 && messageLength > (guint)tvb_length_remaining(tvb, a.offset)) {
1453 * This frame doesn't have all of the data for this message,
1454 * but we can do reassembly on it.
1456 * Tell the TCP dissector where the data for this message
1457 * starts in the data it handed us, and how many more bytes
1458 * we need, and return.
1460 pinfo->desegment_offset = message_start;
1461 pinfo->desegment_len = messageLength -
1462 tvb_length_remaining(tvb, a.offset);
1466 next_offset = a.offset + messageLength;
1470 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1471 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
1472 if (check_col(pinfo->cinfo, COL_INFO))
1473 col_clear(pinfo->cinfo, COL_INFO);
1478 ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start,
1479 next_offset - message_start, FALSE);
1480 ldap_tree = proto_item_add_subtree(ti, ett_ldap);
1483 message_id_start = a.offset;
1484 ret = read_integer(&a, 0, hf_ldap_message_id, 0, &messageId, ASN1_INT);
1485 if (ret != ASN1_ERR_NOERROR)
1487 if (first_time && check_col(pinfo->cinfo, COL_INFO))
1488 col_add_fstr(pinfo->cinfo, COL_INFO, "Invalid LDAP packet (Can't parse Message ID: %s)",
1489 asn1_err_to_str(ret));
1491 proto_tree_add_text(ldap_tree, tvb, message_id_start, 1,
1492 "Invalid LDAP packet (Can't parse Message ID: %s)",
1493 asn1_err_to_str(ret));
1496 message_id_length = a.offset - message_id_start;
1499 asn1_id_decode(&a, &protocolOpCls, &protocolOpCon, &protocolOpTag);
1500 if (protocolOpCls != ASN1_APL)
1501 typestr = "Bad message type (not Application)";
1503 typestr = val_to_str(protocolOpTag, msgTypes, "Unknown message type (%u)");
1507 if (check_col(pinfo->cinfo, COL_INFO))
1508 col_add_fstr(pinfo->cinfo, COL_INFO, "MsgId=%u MsgType=%s",
1509 messageId, typestr);
1515 proto_tree_add_uint_hidden(ldap_tree, hf_ldap_message_id, tvb, message_id_start, message_id_length, messageId);
1516 proto_tree_add_uint_hidden(ldap_tree, hf_ldap_message_type, tvb,
1517 start, a.offset - start, protocolOpTag);
1518 ti = proto_tree_add_text(ldap_tree, tvb, message_id_start, messageLength, "Message: Id=%u %s", messageId, typestr);
1519 msg_tree = proto_item_add_subtree(ti, ett_ldap_message);
1522 if (read_length(&a, msg_tree, hf_ldap_message_length, &opLen) != ASN1_ERR_NOERROR)
1525 if (protocolOpCls != ASN1_APL)
1529 proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
1535 switch (protocolOpTag)
1538 dissect_ldap_request_bind(&a, msg_tree, tvb, pinfo);
1540 case LDAP_REQ_UNBIND:
1541 /* Nothing to dissect */
1543 case LDAP_REQ_SEARCH:
1545 dissect_ldap_request_search(&a, msg_tree);
1547 case LDAP_REQ_MODIFY:
1549 dissect_ldap_request_modify(&a, msg_tree);
1553 dissect_ldap_request_add(&a, msg_tree);
1555 case LDAP_REQ_DELETE:
1557 dissect_ldap_request_delete(&a, msg_tree, start, opLen);
1559 case LDAP_REQ_MODRDN:
1561 dissect_ldap_request_modifyrdn(&a, msg_tree, opLen);
1563 case LDAP_REQ_COMPARE:
1565 dissect_ldap_request_compare(&a, msg_tree);
1567 case LDAP_REQ_ABANDON:
1569 dissect_ldap_request_abandon(&a, msg_tree, start, opLen);
1572 dissect_ldap_response_bind(&a, msg_tree, start, opLen, tvb, pinfo);
1574 case LDAP_RES_SEARCH_ENTRY:
1576 dissect_ldap_response_search_entry(&a, msg_tree);
1578 case LDAP_RES_SEARCH_RESULT:
1579 case LDAP_RES_MODIFY:
1581 case LDAP_RES_DELETE:
1582 case LDAP_RES_MODRDN:
1583 case LDAP_RES_COMPARE:
1585 dissect_ldap_result(&a, msg_tree);
1590 proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
1591 "Unknown LDAP operation (%u)", protocolOpTag);
1598 * XXX - what if "a.offset" is past the offset of the next top-level
1599 * sequence? Show that as an error?
1601 a.offset = next_offset;
1608 ldap_auth_info_t *auth_info;
1610 /* Free up saved authentication mechanism strings */
1611 for (auth_info = auth_info_items; auth_info != NULL;
1612 auth_info = auth_info->next) {
1613 if (auth_info->auth_mech != NULL)
1614 g_free(auth_info->auth_mech);
1617 if (ldap_auth_info_chunk != NULL)
1618 g_mem_chunk_destroy(ldap_auth_info_chunk);
1620 ldap_auth_info_chunk = g_mem_chunk_new("ldap_auth_info_chunk",
1621 sizeof(ldap_auth_info_t),
1622 ldap_auth_info_chunk_count * sizeof(ldap_auth_info_t),
1627 proto_register_ldap(void)
1629 static value_string result_codes[] = {
1631 {1, "Operations error"},
1632 {2, "Protocol error"},
1633 {3, "Time limit exceeded"},
1634 {4, "Size limit exceeded"},
1635 {5, "Compare false"},
1636 {6, "Compare true"},
1637 {7, "Authentication method not supported"},
1638 {8, "Strong authentication required"},
1640 {11, "Administrative limit exceeded"},
1641 {12, "Unavailable critical extension"},
1642 {13, "Confidentiality required"},
1643 {14, "SASL bind in progress"},
1644 {16, "No such attribute"},
1645 {17, "Undefined attribute type"},
1646 {18, "Inappropriate matching"},
1647 {19, "Constraint violation"},
1648 {20, "Attribute or value exists"},
1649 {21, "Invalid attribute syntax"},
1650 {32, "No such object"},
1651 {33, "Alias problem"},
1652 {34, "Invalid DN syntax"},
1653 {36, "Alias derefetencing problem"},
1654 {48, "Inappropriate authentication"},
1655 {49, "Invalid credentials"},
1656 {50, "Insufficient access rights"},
1658 {52, "Unavailable"},
1659 {53, "Unwilling to perform"},
1660 {54, "Loop detected"},
1661 {64, "Naming violation"},
1662 {65, "Objectclass violation"},
1663 {66, "Not allowed on non-leaf"},
1664 {67, "Not allowed on RDN"},
1665 {68, "Entry already exists"},
1666 {69, "Objectclass modification prohibited"},
1667 {71, "Affects multiple DSAs"},
1672 static value_string auth_types[] = {
1673 {LDAP_AUTH_SIMPLE, "Simple"},
1674 {LDAP_AUTH_KRBV4LDAP, "Kerberos V4 to the LDAP server"},
1675 {LDAP_AUTH_KRBV4DSA, "Kerberos V4 to the DSA"},
1676 {LDAP_AUTH_SASL, "SASL"},
1680 static value_string search_scope[] = {
1687 static value_string search_dereference[] = {
1689 {0x01, "Searching"},
1690 {0x02, "Base Object"},
1695 static hf_register_info hf[] = {
1697 { "Length", "ldap.length",
1698 FT_UINT32, BASE_DEC, NULL, 0x0,
1699 "LDAP Length", HFILL }},
1701 { &hf_ldap_message_id,
1702 { "Message Id", "ldap.message_id",
1703 FT_UINT32, BASE_DEC, NULL, 0x0,
1704 "LDAP Message Id", HFILL }},
1705 { &hf_ldap_message_type,
1706 { "Message Type", "ldap.message_type",
1707 FT_UINT8, BASE_HEX, &msgTypes, 0x0,
1708 "LDAP Message Type", HFILL }},
1709 { &hf_ldap_message_length,
1710 { "Message Length", "ldap.message_length",
1711 FT_UINT32, BASE_DEC, NULL, 0x0,
1712 "LDAP Message Length", HFILL }},
1714 { &hf_ldap_message_result,
1715 { "Result Code", "ldap.result.code",
1716 FT_UINT8, BASE_HEX, result_codes, 0x0,
1717 "LDAP Result Code", HFILL }},
1718 { &hf_ldap_message_result_matcheddn,
1719 { "Matched DN", "ldap.result.matcheddn",
1720 FT_STRING, BASE_NONE, NULL, 0x0,
1721 "LDAP Result Matched DN", HFILL }},
1722 { &hf_ldap_message_result_errormsg,
1723 { "Error Message", "ldap.result.errormsg",
1724 FT_STRING, BASE_NONE, NULL, 0x0,
1725 "LDAP Result Error Message", HFILL }},
1726 { &hf_ldap_message_result_referral,
1727 { "Referral", "ldap.result.referral",
1728 FT_STRING, BASE_NONE, NULL, 0x0,
1729 "LDAP Result Referral URL", HFILL }},
1731 { &hf_ldap_message_bind_version,
1732 { "Version", "ldap.bind.version",
1733 FT_UINT32, BASE_DEC, NULL, 0x0,
1734 "LDAP Bind Version", HFILL }},
1735 { &hf_ldap_message_bind_dn,
1736 { "DN", "ldap.bind.dn",
1737 FT_STRING, BASE_NONE, NULL, 0x0,
1738 "LDAP Bind Distinguished Name", HFILL }},
1739 { &hf_ldap_message_bind_auth,
1740 { "Auth Type", "ldap.bind.auth_type",
1741 FT_UINT8, BASE_HEX, auth_types, 0x0,
1742 "LDAP Bind Auth Type", HFILL }},
1743 { &hf_ldap_message_bind_auth_password,
1744 { "Password", "ldap.bind.password",
1745 FT_STRING, BASE_NONE, NULL, 0x0,
1746 "LDAP Bind Password", HFILL }},
1747 { &hf_ldap_message_bind_auth_mechanism,
1748 { "Mechanism", "ldap.bind.mechanism",
1749 FT_STRING, BASE_NONE, NULL, 0x0,
1750 "LDAP Bind Mechanism", HFILL }},
1751 { &hf_ldap_message_bind_auth_credentials,
1752 { "Credentials", "ldap.bind.credentials",
1753 FT_BYTES, BASE_NONE, NULL, 0x0,
1754 "LDAP Bind Credentials", HFILL }},
1755 { &hf_ldap_message_bind_server_credentials,
1756 { "Server Credentials", "ldap.bind.server_credentials",
1757 FT_BYTES, BASE_NONE, NULL, 0x0,
1758 "LDAP Bind Server Credentials", HFILL }},
1760 { &hf_ldap_message_search_base,
1761 { "Base DN", "ldap.search.basedn",
1762 FT_STRING, BASE_NONE, NULL, 0x0,
1763 "LDAP Search Base Distinguished Name", HFILL }},
1764 { &hf_ldap_message_search_scope,
1765 { "Scope", "ldap.search.scope",
1766 FT_UINT8, BASE_HEX, search_scope, 0x0,
1767 "LDAP Search Scope", HFILL }},
1768 { &hf_ldap_message_search_deref,
1769 { "Dereference", "ldap.search.dereference",
1770 FT_UINT8, BASE_HEX, search_dereference, 0x0,
1771 "LDAP Search Dereference", HFILL }},
1772 { &hf_ldap_message_search_sizeLimit,
1773 { "Size Limit", "ldap.search.sizelimit",
1774 FT_UINT32, BASE_DEC, NULL, 0x0,
1775 "LDAP Search Size Limit", HFILL }},
1776 { &hf_ldap_message_search_timeLimit,
1777 { "Time Limit", "ldap.search.timelimit",
1778 FT_UINT32, BASE_DEC, NULL, 0x0,
1779 "LDAP Search Time Limit", HFILL }},
1780 { &hf_ldap_message_search_typesOnly,
1781 { "Attributes Only", "ldap.search.typesonly",
1782 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1783 "LDAP Search Attributes Only", HFILL }},
1784 { &hf_ldap_message_search_filter,
1785 { "Filter", "ldap.search.filter",
1786 FT_STRING, BASE_NONE, NULL, 0x0,
1787 "LDAP Search Filter", HFILL }},
1788 { &hf_ldap_message_dn,
1789 { "Distinguished Name", "ldap.dn",
1790 FT_STRING, BASE_NONE, NULL, 0x0,
1791 "LDAP Distinguished Name", HFILL }},
1792 { &hf_ldap_message_attribute,
1793 { "Attribute", "ldap.attribute",
1794 FT_STRING, BASE_NONE, NULL, 0x0,
1795 "LDAP Attribute", HFILL }},
1797 * XXX - not all LDAP values are text strings; we'd need a file
1798 * describing which values (by name) are text strings and which are
1801 * Some values that are, at least in Microsoft's schema, binary
1805 * nTSecurityDescriptor
1808 { &hf_ldap_message_value,
1809 { "Value", "ldap.value",
1810 FT_STRING, BASE_NONE, NULL, 0x0,
1811 "LDAP Value", HFILL }},
1813 { &hf_ldap_message_modrdn_name,
1814 { "New Name", "ldap.modrdn.name",
1815 FT_STRING, BASE_NONE, NULL, 0x0,
1816 "LDAP New Name", HFILL }},
1817 { &hf_ldap_message_modrdn_delete,
1818 { "Delete Values", "ldap.modrdn.delete",
1819 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1820 "LDAP Modify RDN - Delete original values", HFILL }},
1821 { &hf_ldap_message_modrdn_superior,
1822 { "New Location", "ldap.modrdn.superior",
1823 FT_STRING, BASE_NONE, NULL, 0x0,
1824 "LDAP Modify RDN - New Location", HFILL }},
1826 { &hf_ldap_message_compare,
1827 { "Test", "ldap.compare.test",
1828 FT_STRING, BASE_NONE, NULL, 0x0,
1829 "LDAP Compare Test", HFILL }},
1831 { &hf_ldap_message_modify_add,
1832 { "Add", "ldap.modify.add",
1833 FT_STRING, BASE_NONE, NULL, 0x0,
1834 "LDAP Add", HFILL }},
1835 { &hf_ldap_message_modify_replace,
1836 { "Replace", "ldap.modify.replace",
1837 FT_STRING, BASE_NONE, NULL, 0x0,
1838 "LDAP Replace", HFILL }},
1839 { &hf_ldap_message_modify_delete,
1840 { "Delete", "ldap.modify.delete",
1841 FT_STRING, BASE_NONE, NULL, 0x0,
1842 "LDAP Delete", HFILL }},
1844 { &hf_ldap_message_abandon_msgid,
1845 { "Abandon Msg Id", "ldap.abandon.msgid",
1846 FT_UINT32, BASE_DEC, NULL, 0x0,
1847 "LDAP Abandon Msg Id", HFILL }},
1850 static gint *ett[] = {
1853 &ett_ldap_gssapi_token,
1854 &ett_ldap_referrals,
1857 module_t *ldap_module;
1859 proto_ldap = proto_register_protocol("Lightweight Directory Access Protocol",
1861 proto_register_field_array(proto_ldap, hf, array_length(hf));
1862 proto_register_subtree_array(ett, array_length(ett));
1864 ldap_module = prefs_register_protocol(proto_ldap, NULL);
1865 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
1866 "Desegment all LDAP messages spanning multiple TCP segments",
1867 "Whether the LDAP dissector should desegment all messages spanning multiple TCP segments",
1870 register_init_routine(ldap_reinit);
1874 proto_reg_handoff_ldap(void)
1876 dissector_handle_t ldap_handle;
1878 ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);
1879 dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);
1880 dissector_add("udp.port", UDP_PORT_CLDAP, ldap_handle);
1882 gssapi_handle = find_dissector("gssapi");
git.samba.org / obnox / wireshark / wip.git / blob