2 * Routines for ldap packet dissection
4 * $Id: packet-ldap.c,v 1.40 2002/03/03 01:26:01 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
27 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
28 * It's also missing extensible search filters.
30 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
33 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
34 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
38 * nazard@dragoninc.on.ca
47 #ifdef HAVE_SYS_TYPES_H
48 # include <sys/types.h>
51 #ifdef HAVE_NETINET_IN_H
52 # include <netinet/in.h>
58 #ifdef NEED_SNPRINTF_H
59 # include "snprintf.h"
62 #include <epan/packet.h>
64 #include "packet-ldap.h"
68 static int proto_ldap = -1;
69 static int hf_ldap_length = -1;
70 static int hf_ldap_message_id = -1;
71 static int hf_ldap_message_type = -1;
72 static int hf_ldap_message_length = -1;
74 static int hf_ldap_message_result = -1;
75 static int hf_ldap_message_result_matcheddn = -1;
76 static int hf_ldap_message_result_errormsg = -1;
77 static int hf_ldap_message_result_referral = -1;
79 static int hf_ldap_message_bind_version = -1;
80 static int hf_ldap_message_bind_dn = -1;
81 static int hf_ldap_message_bind_auth = -1;
82 static int hf_ldap_message_bind_auth_password = -1;
84 static int hf_ldap_message_search_base = -1;
85 static int hf_ldap_message_search_scope = -1;
86 static int hf_ldap_message_search_deref = -1;
87 static int hf_ldap_message_search_sizeLimit = -1;
88 static int hf_ldap_message_search_timeLimit = -1;
89 static int hf_ldap_message_search_typesOnly = -1;
90 static int hf_ldap_message_search_filter = -1;
92 static int hf_ldap_message_dn = -1;
93 static int hf_ldap_message_attribute = -1;
94 static int hf_ldap_message_value = -1;
96 static int hf_ldap_message_modrdn_name = -1;
97 static int hf_ldap_message_modrdn_delete = -1;
98 static int hf_ldap_message_modrdn_superior = -1;
100 static int hf_ldap_message_compare = -1;
102 static int hf_ldap_message_modify_add = -1;
103 static int hf_ldap_message_modify_replace = -1;
104 static int hf_ldap_message_modify_delete = -1;
106 static int hf_ldap_message_abandon_msgid = -1;
108 static gint ett_ldap = -1;
109 static gint ett_ldap_message = -1;
110 static gint ett_ldap_referrals = -1;
111 static gint ett_ldap_attribute = -1;
113 /* desegmentation of LDAP */
114 static gboolean ldap_desegment = TRUE;
116 #define TCP_PORT_LDAP 389
118 static value_string msgTypes [] = {
119 {LDAP_REQ_BIND, "Bind Request"},
120 {LDAP_REQ_UNBIND, "Unbind Request"},
121 {LDAP_REQ_SEARCH, "Search Request"},
122 {LDAP_REQ_MODIFY, "Modify Request"},
123 {LDAP_REQ_ADD, "Add Request"},
124 {LDAP_REQ_DELETE, "Delete Request"},
125 {LDAP_REQ_MODRDN, "Modify RDN Request"},
126 {LDAP_REQ_COMPARE, "Compare Request"},
127 {LDAP_REQ_ABANDON, "Abandon Request"},
128 {LDAP_REQ_EXTENDED, "Extended Request"},
130 {LDAP_RES_BIND, "Bind Result"},
131 {LDAP_RES_SEARCH_ENTRY, "Search Entry"},
132 {LDAP_RES_SEARCH_RESULT, "Search Result"},
133 {LDAP_RES_SEARCH_REF, "Search Result Reference"},
134 {LDAP_RES_MODIFY, "Modify Result"},
135 {LDAP_RES_ADD, "Add Result"},
136 {LDAP_RES_DELETE, "Delete Result"},
137 {LDAP_RES_MODRDN, "Modify RDN Result"},
138 {LDAP_RES_COMPARE, "Compare Result"},
139 {LDAP_REQ_EXTENDED, "Extended Response"},
143 static int read_length(ASN1_SCK *a, proto_tree *tree, int hf_id, guint *len)
146 gboolean def = FALSE;
147 int start = a->offset;
150 ret = asn1_length_decode(a, &def, &length);
151 if (ret != ASN1_ERR_NOERROR) {
153 proto_tree_add_text(tree, a->tvb, start, 0,
154 "%s: ERROR: Couldn't parse length: %s",
155 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
164 proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, length);
166 return ASN1_ERR_NOERROR;
169 static int read_sequence(ASN1_SCK *a, guint *len)
176 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
177 if (ret != ASN1_ERR_NOERROR)
179 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
180 return ASN1_ERR_WRONG_TYPE;
185 return ASN1_ERR_NOERROR;
188 static int read_set(ASN1_SCK *a, guint *len)
195 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
196 if (ret != ASN1_ERR_NOERROR)
198 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SET)
199 return ASN1_ERR_WRONG_TYPE;
204 return ASN1_ERR_NOERROR;
207 static int read_integer_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
208 proto_item **new_item, guint *i, int start, guint length)
211 proto_item *temp_item = NULL;
214 ret = asn1_uint32_value_decode(a, length, &integer);
215 if (ret != ASN1_ERR_NOERROR) {
217 proto_tree_add_text(tree, a->tvb, start, 0,
218 "%s: ERROR: Couldn't parse value: %s",
219 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
228 temp_item = proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, integer);
231 *new_item = temp_item;
233 return ASN1_ERR_NOERROR;
236 static int read_integer(ASN1_SCK *a, proto_tree *tree, int hf_id,
237 proto_item **new_item, guint *i, guint expected_tag)
242 int start = a->offset;
245 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
246 if (ret == ASN1_ERR_NOERROR) {
247 if (cls != ASN1_UNI || con != ASN1_PRI || tag != expected_tag)
248 ret = ASN1_ERR_WRONG_TYPE;
250 if (ret != ASN1_ERR_NOERROR) {
252 proto_tree_add_text(tree, a->tvb, start, 0,
253 "%s: ERROR: Couldn't parse header: %s",
254 (hf_id != -1) ? proto_registrar_get_name(hf_id) : "LDAP message",
255 asn1_err_to_str(ret));
260 return read_integer_value(a, tree, hf_id, new_item, i, start, length);
263 static int read_boolean_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
264 proto_item **new_item, guint *i, int start, guint length)
267 proto_item *temp_item = NULL;
270 ret = asn1_uint32_value_decode(a, length, &integer);
271 if (ret != ASN1_ERR_NOERROR) {
273 proto_tree_add_text(tree, a->tvb, start, 0,
274 "%s: ERROR: Couldn't parse value: %s",
275 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
284 temp_item = proto_tree_add_boolean(tree, hf_id, a->tvb, start, a->offset-start, integer);
286 *new_item = temp_item;
288 return ASN1_ERR_NOERROR;
291 static int read_boolean(ASN1_SCK *a, proto_tree *tree, int hf_id,
292 proto_item **new_item, guint *i)
297 int start = a->offset;
300 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
301 if (ret == ASN1_ERR_NOERROR) {
302 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_BOL)
303 ret = ASN1_ERR_WRONG_TYPE;
305 if (ret != ASN1_ERR_NOERROR) {
307 proto_tree_add_text(tree, a->tvb, start, 0,
308 "%s: ERROR: Couldn't parse header: %s",
309 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
314 return read_boolean_value(a, tree, hf_id, new_item, i, start, length);
317 static int read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
318 proto_item **new_item, char **s, int start, guint length)
321 proto_item *temp_item = NULL;
326 ret = asn1_string_value_decode(a, length, &string);
327 if (ret != ASN1_ERR_NOERROR) {
329 proto_tree_add_text(tree, a->tvb, start, 0,
330 "%s: ERROR: Couldn't parse value: %s",
331 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
335 string = g_realloc(string, length + 1);
336 string[length] = '\0';
342 temp_item = proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset - start, string);
344 *new_item = temp_item;
351 return ASN1_ERR_NOERROR;
354 static int read_string(ASN1_SCK *a, proto_tree *tree, int hf_id,
355 proto_item **new_item, char **s, guint expected_cls, guint expected_tag)
360 int start = a->offset;
363 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
364 if (ret == ASN1_ERR_NOERROR) {
365 if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
366 ret = ASN1_ERR_WRONG_TYPE;
368 if (ret != ASN1_ERR_NOERROR) {
370 proto_tree_add_text(tree, a->tvb, start, 0,
371 "%s: ERROR: Couldn't parse header: %s",
372 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
377 return read_string_value(a, tree, hf_id, new_item, s, start, length);
380 static int parse_filter_strings(ASN1_SCK *a, char **filter, guint *filter_length, const guchar *operation)
385 guint string2_length;
390 ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
391 if (ret != ASN1_ERR_NOERROR)
393 ret = asn1_octet_string_decode(a, &string2, &string2_length, &string_bytes);
394 if (ret != ASN1_ERR_NOERROR)
396 *filter_length += 2 + strlen(operation) + string_length + string2_length;
397 *filter = g_realloc(*filter, *filter_length);
398 filterp = *filter + strlen(*filter);
400 if (string_length != 0) {
401 memcpy(filterp, string, string_length);
402 filterp += string_length;
404 strcpy(filterp, operation);
405 filterp += strlen(operation);
406 if (string2_length != 0) {
407 memcpy(filterp, string2, string2_length);
408 filterp += string2_length;
414 return ASN1_ERR_NOERROR;
417 /* Richard Dawe: To parse substring filters, I added this function. */
418 static int parse_filter_substrings(ASN1_SCK *a, char **filter, guint *filter_length)
429 /* For ASN.1 parsing of octet strings */
435 ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
436 if (ret != ASN1_ERR_NOERROR)
439 ret = asn1_sequence_decode(a, &seq_len, &header_bytes);
440 if (ret != ASN1_ERR_NOERROR)
443 *filter_length += 2 + 1 + string_length;
444 *filter = g_realloc(*filter, *filter_length);
446 filterp = *filter + strlen(*filter);
448 if (string_length != 0) {
449 memcpy(filterp, string, string_length);
450 filterp += string_length;
456 /* Now decode seq_len's worth of octet strings. */
458 end = a->offset + seq_len;
460 while (a->offset < end) {
461 /* Octet strings here are context-specific, which
462 * asn1_octet_string_decode() barfs on. Emulate it, but don't barf. */
463 ret = asn1_header_decode (a, &cls, &con, &tag, &def, &string_length);
464 if (ret != ASN1_ERR_NOERROR)
467 /* XXX - check the tag? */
468 if (cls != ASN1_CTX || con != ASN1_PRI) {
469 /* XXX - handle the constructed encoding? */
470 return ASN1_ERR_WRONG_TYPE;
473 return ASN1_ERR_LENGTH_NOT_DEFINITE;
475 ret = asn1_string_value_decode(a, (int) string_length, &string);
476 if (ret != ASN1_ERR_NOERROR)
479 /* If we have an 'any' component with a string value, we need to append
480 * an extra asterisk before final component. */
481 if ((tag == 1) && (string_length != 0))
484 if ( (tag == 1) || ((tag == 2) && any_valued) )
486 *filter_length += string_length;
487 *filter = g_realloc(*filter, *filter_length);
489 filterp = *filter + strlen(*filter);
490 if ( (tag == 1) || ((tag == 2) && any_valued) )
494 if (string_length != 0) {
495 memcpy(filterp, string, string_length);
496 filterp += string_length;
505 *filter = g_realloc(*filter, *filter_length);
506 filterp = *filter + strlen(*filter);
510 /* NB: Allocated byte for this earlier */
514 return ASN1_ERR_NOERROR;
517 /* Returns -1 if we're at the end, returns an ASN1_ERR value otherwise. */
518 static int parse_filter(ASN1_SCK *a, char **filter, guint *filter_length,
526 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
527 if (ret != ASN1_ERR_NOERROR)
532 *end = a->offset + length;
534 *filter = g_malloc0(*filter_length);
537 if (cls == ASN1_CTX) /* XXX - handle other types as errors? */
541 case LDAP_FILTER_AND:
546 return ASN1_ERR_WRONG_TYPE;
547 add_end = a->offset + length;
549 *filter = g_realloc(*filter, *filter_length);
550 strcat(*filter, "(&");
551 while ((ret = parse_filter(a, filter, filter_length, &add_end))
556 strcat(*filter, ")");
564 return ASN1_ERR_WRONG_TYPE;
565 or_end = a->offset + length;
567 *filter = g_realloc(*filter, *filter_length);
568 strcat(*filter, "(|");
569 while ((ret = parse_filter(a, filter, filter_length, &or_end))
574 strcat(*filter, ")");
577 case LDAP_FILTER_NOT:
582 return ASN1_ERR_WRONG_TYPE;
583 not_end = a->offset + length;
585 *filter = g_realloc(*filter, *filter_length);
586 strcat(*filter, "(!");
587 ret = parse_filter(a, filter, filter_length, ¬_end);
588 if (ret != -1 && ret != ASN1_ERR_NOERROR)
590 strcat(*filter, ")");
593 case LDAP_FILTER_EQUALITY:
595 return ASN1_ERR_WRONG_TYPE;
596 ret = parse_filter_strings(a, filter, filter_length, "=");
597 if (ret != ASN1_ERR_NOERROR)
602 return ASN1_ERR_WRONG_TYPE;
603 ret = parse_filter_strings(a, filter, filter_length, ">=");
604 if (ret != ASN1_ERR_NOERROR)
609 return ASN1_ERR_WRONG_TYPE;
610 ret = parse_filter_strings(a, filter, filter_length, "<=");
611 if (ret != -1 && ret != ASN1_ERR_NOERROR)
614 case LDAP_FILTER_APPROX:
616 return ASN1_ERR_WRONG_TYPE;
617 ret = parse_filter_strings(a, filter, filter_length, "~=");
618 if (ret != ASN1_ERR_NOERROR)
621 case LDAP_FILTER_PRESENT:
627 return ASN1_ERR_WRONG_TYPE;
628 ret = asn1_string_value_decode(a, length, &string);
629 if (ret != ASN1_ERR_NOERROR)
631 *filter_length += 4 + length;
632 *filter = g_realloc(*filter, *filter_length);
633 filterp = *filter + strlen(*filter);
636 memcpy(filterp, string, length);
646 case LDAP_FILTER_SUBSTRINGS:
648 return ASN1_ERR_WRONG_TYPE;
649 /* Richard Dawe: Handle substrings */
650 ret = parse_filter_substrings(a, filter, filter_length);
651 if (ret != ASN1_ERR_NOERROR)
655 return ASN1_ERR_WRONG_TYPE;
659 if (a->offset == *end)
665 static gboolean read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
667 int start = a->offset;
669 guint filter_length = 0;
673 while ((ret = parse_filter(a, &filter, &filter_length, &end))
679 proto_tree_add_text(tree, a->tvb, start, 0,
680 "%s: ERROR: Can't parse filter: %s",
681 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
683 proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset-start, filter);
688 return (ret == -1) ? TRUE : FALSE;
691 /********************************************************************************************/
693 static void dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
695 guint resultCode = 0;
698 if (read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, ASN1_ENUM) != ASN1_ERR_NOERROR)
700 if (read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
702 if (read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
705 if (resultCode == 10) /* Referral */
707 int start = a->offset;
711 proto_tree *referralTree;
713 ret = read_sequence(a, &length);
714 if (ret != ASN1_ERR_NOERROR) {
716 proto_tree_add_text(tree, a->tvb, start, 0,
717 "ERROR: Couldn't parse referral URL sequence header: %s",
718 asn1_err_to_str(ret));
722 ti = proto_tree_add_text(tree, a->tvb, start, length, "Referral URLs");
723 referralTree = proto_item_add_subtree(ti, ett_ldap_referrals);
725 end = a->offset + length;
726 while (a->offset < end) {
727 if (read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
733 static void dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree)
740 if (read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
742 if (read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
746 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
747 if (ret == ASN1_ERR_NOERROR) {
748 if (cls != ASN1_CTX) {
749 /* RFCs 1777 and 2251 say these are context-specific types */
750 ret = ASN1_ERR_WRONG_TYPE;
753 if (ret != ASN1_ERR_NOERROR) {
754 proto_tree_add_text(tree, a->tvb, start, 0,
755 "%s: ERROR: Couldn't parse header: %s",
756 proto_registrar_get_name(hf_ldap_message_bind_auth),
757 asn1_err_to_str(ret));
760 proto_tree_add_uint(tree, hf_ldap_message_bind_auth, a->tvb, start,
761 a->offset - start, tag);
764 case LDAP_AUTH_SIMPLE:
765 if (read_string_value(a, tree, hf_ldap_message_bind_auth_password, NULL,
766 NULL, start, length) != ASN1_ERR_NOERROR)
770 /* For Kerberos V4, dissect it as a ticket. */
771 /* For SASL, dissect it as SaslCredentials. */
775 static void dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree)
777 /* FIXME: handle SASL data */
778 dissect_ldap_result(a, tree);
781 static void dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
787 if (read_string(a, tree, hf_ldap_message_search_base, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
789 if (read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
791 if (read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
793 if (read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
795 if (read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
797 if (read_boolean(a, tree, hf_ldap_message_search_typesOnly, 0, 0) != ASN1_ERR_NOERROR)
799 if (!read_filter(a, tree, hf_ldap_message_search_filter))
801 ret = read_sequence(a, &seq_length);
802 if (ret != ASN1_ERR_NOERROR) {
804 proto_tree_add_text(tree, a->tvb, a->offset, 0,
805 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
806 asn1_err_to_str(ret));
810 end = a->offset + seq_length;
811 while (a->offset < end) {
812 if (read_string(a, tree, hf_ldap_message_attribute, 0, 0, ASN1_UNI,
813 ASN1_OTS) != ASN1_ERR_NOERROR)
818 static void dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
824 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
826 ret = read_sequence(a, &seq_length);
827 if (ret != ASN1_ERR_NOERROR) {
829 proto_tree_add_text(tree, a->tvb, a->offset, 0,
830 "ERROR: Couldn't parse search entry response sequence header: %s",
831 asn1_err_to_str(ret));
836 end_of_sequence = a->offset + seq_length;
837 while (a->offset < end_of_sequence)
840 proto_tree *attr_tree;
844 ret = read_sequence(a, 0);
845 if (ret != ASN1_ERR_NOERROR) {
847 proto_tree_add_text(tree, a->tvb, a->offset, 0,
848 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
849 asn1_err_to_str(ret));
853 if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
855 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
857 ret = read_set(a, &set_length);
858 if (ret != ASN1_ERR_NOERROR) {
860 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
861 "ERROR: Couldn't parse LDAP value set header: %s",
862 asn1_err_to_str(ret));
866 end_of_set = a->offset + set_length;
867 while (a->offset < end_of_set) {
868 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
869 ASN1_OTS) != ASN1_ERR_NOERROR)
875 static void dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
881 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
884 ret = read_sequence(a, &seq_length);
885 if (ret != ASN1_ERR_NOERROR) {
887 proto_tree_add_text(tree, a->tvb, a->offset, 0,
888 "ERROR: Couldn't parse add request sequence header: %s",
889 asn1_err_to_str(ret));
894 end_of_sequence = a->offset + seq_length;
895 while (a->offset < end_of_sequence)
898 proto_tree *attr_tree;
902 ret = read_sequence(a, 0);
903 if (ret != ASN1_ERR_NOERROR) {
905 proto_tree_add_text(tree, a->tvb, a->offset, 0,
906 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
907 asn1_err_to_str(ret));
911 if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI,
912 ASN1_OTS) != ASN1_ERR_NOERROR)
914 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
916 ret = read_set(a, &set_length);
917 if (ret != ASN1_ERR_NOERROR) {
919 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
920 "ERROR: Couldn't parse LDAP value set header: %s",
921 asn1_err_to_str(ret));
925 end_of_set = a->offset + set_length;
926 while (a->offset < end_of_set) {
927 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
933 static void dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree,
934 int start, guint length)
936 read_string_value(a, tree, hf_ldap_message_dn, NULL, NULL, start, length);
939 static void dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree,
942 int start = a->offset;
945 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
947 if (read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
949 if (read_boolean(a, tree, hf_ldap_message_modrdn_delete, 0, 0) != ASN1_ERR_NOERROR)
952 if (a->offset < (int) (start + length)) {
953 /* LDAP V3 Modify DN operation, with newSuperior */
954 if (read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
959 static void dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
968 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
970 ret = read_sequence(a, 0);
971 if (ret != ASN1_ERR_NOERROR) {
973 proto_tree_add_text(tree, a->tvb, a->offset, 0,
974 "ERROR: Couldn't parse compare request sequence header: %s",
975 asn1_err_to_str(ret));
981 ret = read_string(a, 0, -1, 0, &string1, ASN1_UNI, ASN1_OTS);
982 if (ret != ASN1_ERR_NOERROR) {
984 proto_tree_add_text(tree, a->tvb, start, 0,
985 "ERROR: Couldn't parse compare type: %s", asn1_err_to_str(ret));
989 ret = read_string(a, 0, -1, 0, &string2, ASN1_UNI, ASN1_OTS);
990 if (ret != ASN1_ERR_NOERROR) {
992 proto_tree_add_text(tree, a->tvb, start, 0,
993 "ERROR: Couldn't parse compare value: %s", asn1_err_to_str(ret));
998 length = 2 + strlen(string1) + strlen(string2);
999 compare = g_malloc0(length);
1000 snprintf(compare, length, "%s=%s", string1, string2);
1001 proto_tree_add_string(tree, hf_ldap_message_compare, a->tvb, start,
1002 a->offset-start, compare);
1011 static void dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
1014 int end_of_sequence;
1017 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1019 ret = read_sequence(a, &seq_length);
1020 if (ret != ASN1_ERR_NOERROR) {
1022 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1023 "ERROR: Couldn't parse modify request sequence header: %s",
1024 asn1_err_to_str(ret));
1028 end_of_sequence = a->offset + seq_length;
1029 while (a->offset < end_of_sequence)
1032 proto_tree *attr_tree;
1037 ret = read_sequence(a, 0);
1038 if (ret != ASN1_ERR_NOERROR) {
1040 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1041 "ERROR: Couldn't parse modify request item sequence header: %s",
1042 asn1_err_to_str(ret));
1046 ret = read_integer(a, 0, -1, 0, &operation, ASN1_ENUM);
1047 if (ret != ASN1_ERR_NOERROR) {
1049 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1050 "ERROR: Couldn't parse modify operation: %s",
1051 asn1_err_to_str(ret));
1055 ret = read_sequence(a, 0);
1056 if (ret != ASN1_ERR_NOERROR) {
1058 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1059 "ERROR: Couldn't parse modify request operation sequence header: %s",
1060 asn1_err_to_str(ret));
1068 if (read_string(a, tree, hf_ldap_message_modify_add, &ti, 0, ASN1_UNI,
1069 ASN1_OTS) != ASN1_ERR_NOERROR)
1073 case LDAP_MOD_REPLACE:
1074 if (read_string(a, tree, hf_ldap_message_modify_replace, &ti, 0,
1075 ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1079 case LDAP_MOD_DELETE:
1080 if (read_string(a, tree, hf_ldap_message_modify_delete, &ti, 0,
1081 ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1086 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1087 "Unknown LDAP modify operation (%u)", operation);
1090 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
1092 ret = read_set(a, &set_length);
1093 if (ret != ASN1_ERR_NOERROR) {
1095 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
1096 "ERROR: Couldn't parse LDAP value set header: %s",
1097 asn1_err_to_str(ret));
1101 end_of_set = a->offset + set_length;
1102 while (a->offset < end_of_set) {
1103 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
1104 ASN1_OTS) != ASN1_ERR_NOERROR)
1110 static void dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree,
1111 int start, guint length)
1113 read_integer_value(a, tree, hf_ldap_message_abandon_msgid, NULL, NULL,
1118 dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1120 proto_tree *ldap_tree = 0, *ti, *msg_tree;
1121 guint messageLength;
1124 guint protocolOpCls, protocolOpCon, protocolOpTag;
1129 gboolean first_time = TRUE;
1132 asn1_open(&a, tvb, 0);
1134 while (tvb_reported_length_remaining(tvb, a.offset) > 0)
1136 int message_id_start;
1137 int message_id_length;
1141 * XXX - should handle the initial sequence specifier split across
1142 * segment boundaries.
1144 message_start = a.offset;
1145 ret = read_sequence(&a, &messageLength);
1146 if (ret != ASN1_ERR_NOERROR)
1150 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1151 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
1152 if (check_col(pinfo->cinfo, COL_INFO))
1154 col_add_fstr(pinfo->cinfo, COL_INFO,
1155 "Invalid LDAP message (Can't parse sequence header: %s)",
1156 asn1_err_to_str(ret));
1161 ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start, -1,
1163 ldap_tree = proto_item_add_subtree(ti, ett_ldap);
1164 proto_tree_add_text(ldap_tree, tvb, message_start, -1,
1165 "Invalid LDAP message (Can't parse sequence header: %s)",
1166 asn1_err_to_str(ret));
1172 * Desegmentation check.
1174 if (ldap_desegment) {
1175 if (pinfo->can_desegment
1176 && messageLength > (guint)tvb_length_remaining(tvb, a.offset)) {
1178 * This frame doesn't have all of the data for this message,
1179 * but we can do reassembly on it.
1181 * Tell the TCP dissector where the data for this message
1182 * starts in the data it handed us, and how many more bytes
1183 * we need, and return.
1185 pinfo->desegment_offset = message_start;
1186 pinfo->desegment_len = messageLength -
1187 tvb_length_remaining(tvb, a.offset);
1191 next_offset = a.offset + messageLength;
1195 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1196 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
1197 if (check_col(pinfo->cinfo, COL_INFO))
1198 col_clear(pinfo->cinfo, COL_INFO);
1203 ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start,
1204 next_offset - message_start, FALSE);
1205 ldap_tree = proto_item_add_subtree(ti, ett_ldap);
1208 message_id_start = a.offset;
1209 ret = read_integer(&a, 0, hf_ldap_message_id, 0, &messageId, ASN1_INT);
1210 if (ret != ASN1_ERR_NOERROR)
1212 if (first_time && check_col(pinfo->cinfo, COL_INFO))
1213 col_add_fstr(pinfo->cinfo, COL_INFO, "Invalid LDAP packet (Can't parse Message ID: %s)",
1214 asn1_err_to_str(ret));
1216 proto_tree_add_text(ldap_tree, tvb, message_id_start, 1,
1217 "Invalid LDAP packet (Can't parse Message ID: %s)",
1218 asn1_err_to_str(ret));
1221 message_id_length = a.offset - message_id_start;
1224 asn1_id_decode(&a, &protocolOpCls, &protocolOpCon, &protocolOpTag);
1225 if (protocolOpCls != ASN1_APL)
1226 typestr = "Bad message type (not Application)";
1228 typestr = val_to_str(protocolOpTag, msgTypes, "Unknown message type (%u)");
1232 if (check_col(pinfo->cinfo, COL_INFO))
1233 col_add_fstr(pinfo->cinfo, COL_INFO, "MsgId=%u MsgType=%s",
1234 messageId, typestr);
1240 proto_tree_add_uint_hidden(ldap_tree, hf_ldap_message_id, tvb, message_id_start, message_id_length, messageId);
1241 proto_tree_add_uint_hidden(ldap_tree, hf_ldap_message_type, tvb,
1242 start, a.offset - start, protocolOpTag);
1243 ti = proto_tree_add_text(ldap_tree, tvb, message_id_start, messageLength, "Message: Id=%u %s", messageId, typestr);
1244 msg_tree = proto_item_add_subtree(ti, ett_ldap_message);
1246 if (read_length(&a, msg_tree, hf_ldap_message_length, &opLen) != ASN1_ERR_NOERROR)
1249 if (protocolOpCls != ASN1_APL)
1251 proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
1256 switch (protocolOpTag)
1259 dissect_ldap_request_bind(&a, msg_tree);
1261 case LDAP_REQ_UNBIND:
1262 /* Nothing to dissect */
1264 case LDAP_REQ_SEARCH:
1265 dissect_ldap_request_search(&a, msg_tree);
1267 case LDAP_REQ_MODIFY:
1268 dissect_ldap_request_modify(&a, msg_tree);
1271 dissect_ldap_request_add(&a, msg_tree);
1273 case LDAP_REQ_DELETE:
1274 dissect_ldap_request_delete(&a, msg_tree, start, opLen);
1276 case LDAP_REQ_MODRDN:
1277 dissect_ldap_request_modifyrdn(&a, msg_tree, opLen);
1279 case LDAP_REQ_COMPARE:
1280 dissect_ldap_request_compare(&a, msg_tree);
1282 case LDAP_REQ_ABANDON:
1283 dissect_ldap_request_abandon(&a, msg_tree, start, opLen);
1286 dissect_ldap_response_bind(&a, msg_tree);
1288 case LDAP_RES_SEARCH_ENTRY:
1289 dissect_ldap_response_search_entry(&a, msg_tree);
1291 case LDAP_RES_SEARCH_RESULT:
1292 case LDAP_RES_MODIFY:
1294 case LDAP_RES_DELETE:
1295 case LDAP_RES_MODRDN:
1296 case LDAP_RES_COMPARE:
1297 dissect_ldap_result(&a, msg_tree);
1300 proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
1301 "Unknown LDAP operation (%u)", protocolOpTag);
1308 * XXX - what if "a.offset" is past the offset of the next top-level
1309 * sequence? Show that as an error?
1311 a.offset = next_offset;
1316 proto_register_ldap(void)
1318 static value_string result_codes[] = {
1320 {1, "Operations error"},
1321 {2, "Protocol error"},
1322 {3, "Time limit exceeded"},
1323 {4, "Size limit exceeded"},
1324 {5, "Compare false"},
1325 {6, "Compare true"},
1326 {7, "Authentication method not supported"},
1327 {8, "Strong authentication required"},
1329 {11, "Administrative limit exceeded"},
1330 {12, "Unavailable critical extension"},
1331 {13, "Confidentiality required"},
1332 {14, "SASL bind in progress"},
1333 {16, "No such attribute"},
1334 {17, "Undefined attribute type"},
1335 {18, "Inappropriate matching"},
1336 {19, "Constraint violation"},
1337 {20, "Attribute or value exists"},
1338 {21, "Invalid attribute syntax"},
1339 {32, "No such object"},
1340 {33, "Alias problem"},
1341 {34, "Invalid DN syntax"},
1342 {36, "Alias derefetencing problem"},
1343 {48, "Inappropriate authentication"},
1344 {49, "Invalid credentials"},
1345 {50, "Insufficient access rights"},
1347 {52, "Unavailable"},
1348 {53, "Unwilling to perform"},
1349 {54, "Loop detected"},
1350 {64, "Naming violation"},
1351 {65, "Objectclass violation"},
1352 {66, "Not allowed on non-leaf"},
1353 {67, "Not allowed on RDN"},
1354 {68, "Entry already exists"},
1355 {69, "Objectclass modification prohibited"},
1356 {71, "Affects multiple DSAs"},
1361 static value_string auth_types[] = {
1362 {LDAP_AUTH_SIMPLE, "Simple"},
1363 {LDAP_AUTH_KRBV4LDAP, "Kerberos V4 to the LDAP server"},
1364 {LDAP_AUTH_KRBV4DSA, "Kerberos V4 to the DSA"},
1365 {LDAP_AUTH_SASL, "SASL"},
1369 static value_string search_scope[] = {
1376 static value_string search_dereference[] = {
1378 {0x01, "Searching"},
1379 {0x02, "Base Object"},
1384 static hf_register_info hf[] = {
1386 { "Length", "ldap.length",
1387 FT_UINT32, BASE_DEC, NULL, 0x0,
1388 "LDAP Length", HFILL }},
1390 { &hf_ldap_message_id,
1391 { "Message Id", "ldap.message_id",
1392 FT_UINT32, BASE_DEC, NULL, 0x0,
1393 "LDAP Message Id", HFILL }},
1394 { &hf_ldap_message_type,
1395 { "Message Type", "ldap.message_type",
1396 FT_UINT8, BASE_HEX, &msgTypes, 0x0,
1397 "LDAP Message Type", HFILL }},
1398 { &hf_ldap_message_length,
1399 { "Message Length", "ldap.message_length",
1400 FT_UINT32, BASE_DEC, NULL, 0x0,
1401 "LDAP Message Length", HFILL }},
1403 { &hf_ldap_message_result,
1404 { "Result Code", "ldap.result.code",
1405 FT_UINT8, BASE_HEX, result_codes, 0x0,
1406 "LDAP Result Code", HFILL }},
1407 { &hf_ldap_message_result_matcheddn,
1408 { "Matched DN", "ldap.result.matcheddn",
1409 FT_STRING, BASE_NONE, NULL, 0x0,
1410 "LDAP Result Matched DN", HFILL }},
1411 { &hf_ldap_message_result_errormsg,
1412 { "Error Message", "ldap.result.errormsg",
1413 FT_STRING, BASE_NONE, NULL, 0x0,
1414 "LDAP Result Error Message", HFILL }},
1415 { &hf_ldap_message_result_referral,
1416 { "Referral", "ldap.result.referral",
1417 FT_STRING, BASE_NONE, NULL, 0x0,
1418 "LDAP Result Referral URL", HFILL }},
1420 { &hf_ldap_message_bind_version,
1421 { "Version", "ldap.bind.version",
1422 FT_UINT32, BASE_DEC, NULL, 0x0,
1423 "LDAP Bind Version", HFILL }},
1424 { &hf_ldap_message_bind_dn,
1425 { "DN", "ldap.bind.dn",
1426 FT_STRING, BASE_NONE, NULL, 0x0,
1427 "LDAP Bind Distinguished Name", HFILL }},
1428 { &hf_ldap_message_bind_auth,
1429 { "Auth Type", "ldap.bind.auth_type",
1430 FT_UINT8, BASE_HEX, auth_types, 0x0,
1431 "LDAP Bind Auth Type", HFILL }},
1432 { &hf_ldap_message_bind_auth_password,
1433 { "Password", "ldap.bind.password",
1434 FT_STRING, BASE_NONE, NULL, 0x0,
1435 "LDAP Bind Password", HFILL }},
1437 { &hf_ldap_message_search_base,
1438 { "Base DN", "ldap.search.basedn",
1439 FT_STRING, BASE_NONE, NULL, 0x0,
1440 "LDAP Search Base Distinguished Name", HFILL }},
1441 { &hf_ldap_message_search_scope,
1442 { "Scope", "ldap.search.scope",
1443 FT_UINT8, BASE_HEX, search_scope, 0x0,
1444 "LDAP Search Scope", HFILL }},
1445 { &hf_ldap_message_search_deref,
1446 { "Dereference", "ldap.search.dereference",
1447 FT_UINT8, BASE_HEX, search_dereference, 0x0,
1448 "LDAP Search Dereference", HFILL }},
1449 { &hf_ldap_message_search_sizeLimit,
1450 { "Size Limit", "ldap.search.sizelimit",
1451 FT_UINT32, BASE_DEC, NULL, 0x0,
1452 "LDAP Search Size Limit", HFILL }},
1453 { &hf_ldap_message_search_timeLimit,
1454 { "Time Limit", "ldap.search.timelimit",
1455 FT_UINT32, BASE_DEC, NULL, 0x0,
1456 "LDAP Search Time Limit", HFILL }},
1457 { &hf_ldap_message_search_typesOnly,
1458 { "Attributes Only", "ldap.search.typesonly",
1459 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1460 "LDAP Search Attributes Only", HFILL }},
1461 { &hf_ldap_message_search_filter,
1462 { "Filter", "ldap.search.filter",
1463 FT_STRING, BASE_NONE, NULL, 0x0,
1464 "LDAP Search Filter", HFILL }},
1465 { &hf_ldap_message_dn,
1466 { "Distinguished Name", "ldap.dn",
1467 FT_STRING, BASE_NONE, NULL, 0x0,
1468 "LDAP Distinguished Name", HFILL }},
1469 { &hf_ldap_message_attribute,
1470 { "Attribute", "ldap.attribute",
1471 FT_STRING, BASE_NONE, NULL, 0x0,
1472 "LDAP Attribute", HFILL }},
1473 { &hf_ldap_message_value,
1474 { "Value", "ldap.value",
1475 FT_STRING, BASE_NONE, NULL, 0x0,
1476 "LDAP Value", HFILL }},
1478 { &hf_ldap_message_modrdn_name,
1479 { "New Name", "ldap.modrdn.name",
1480 FT_STRING, BASE_NONE, NULL, 0x0,
1481 "LDAP New Name", HFILL }},
1482 { &hf_ldap_message_modrdn_delete,
1483 { "Delete Values", "ldap.modrdn.delete",
1484 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1485 "LDAP Modify RDN - Delete original values", HFILL }},
1486 { &hf_ldap_message_modrdn_superior,
1487 { "New Location", "ldap.modrdn.superior",
1488 FT_STRING, BASE_NONE, NULL, 0x0,
1489 "LDAP Modify RDN - New Location", HFILL }},
1491 { &hf_ldap_message_compare,
1492 { "Test", "ldap.compare.test",
1493 FT_STRING, BASE_NONE, NULL, 0x0,
1494 "LDAP Compare Test", HFILL }},
1496 { &hf_ldap_message_modify_add,
1497 { "Add", "ldap.modify.add",
1498 FT_STRING, BASE_NONE, NULL, 0x0,
1499 "LDAP Add", HFILL }},
1500 { &hf_ldap_message_modify_replace,
1501 { "Replace", "ldap.modify.replace",
1502 FT_STRING, BASE_NONE, NULL, 0x0,
1503 "LDAP Replace", HFILL }},
1504 { &hf_ldap_message_modify_delete,
1505 { "Delete", "ldap.modify.delete",
1506 FT_STRING, BASE_NONE, NULL, 0x0,
1507 "LDAP Delete", HFILL }},
1509 { &hf_ldap_message_abandon_msgid,
1510 { "Abandon Msg Id", "ldap.abandon.msgid",
1511 FT_UINT32, BASE_DEC, NULL, 0x0,
1512 "LDAP Abandon Msg Id", HFILL }},
1515 static gint *ett[] = {
1518 &ett_ldap_referrals,
1521 module_t *ldap_module;
1523 proto_ldap = proto_register_protocol("Lightweight Directory Access Protocol",
1525 proto_register_field_array(proto_ldap, hf, array_length(hf));
1526 proto_register_subtree_array(ett, array_length(ett));
1528 ldap_module = prefs_register_protocol(proto_ldap, NULL);
1529 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
1530 "Desegment all LDAP messages spanning multiple TCP segments",
1531 "Whether the LDAP dissector should desegment all messages spanning multiple TCP segments",
1536 proto_reg_handoff_ldap(void)
1538 dissector_handle_t ldap_handle;
1540 ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);
1541 dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);