static int hf_mscldap_netlogon_nt_token = -1;
static gint ett_ldap = -1;
-static gint ett_ldap_gssapi_token = -1;
+static gint ett_ldap_msg = -1;
+static gint ett_ldap_payload = -1;
+static gint ett_ldap_sasl_blob = -1;
static gint ett_ldap_referrals = -1;
static gint ett_ldap_attribute = -1;
static gint ett_ldap_controls = -1;
int token_offset;
gint available_length, reported_length;
tvbuff_t *new_tvb;
- proto_item *gitem;
- proto_tree *gtree = NULL;
if (read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
return;
asn1_err_to_str(ret));
return;
}
- if (tree) {
- gitem = proto_tree_add_text(tree, tvb, token_offset,
- (a->offset + length) - token_offset, "GSS-API Token");
- gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
- }
available_length = tvb_length_remaining(tvb, token_offset);
reported_length = tvb_reported_length_remaining(tvb, token_offset);
g_assert(available_length >= 0);
if ((guint)reported_length > length)
reported_length = length;
new_tvb = tvb_new_subset(tvb, a->offset, available_length, reported_length);
- call_dissector(gssapi_handle, new_tvb, pinfo, gtree);
+ call_dissector(gssapi_handle, new_tvb, pinfo, tree);
a->offset += length;
} else if (mechanism != NULL && strcmp(mechanism, "GSSAPI") == 0) {
/*
asn1_err_to_str(ret));
return;
}
- if (tree) {
- gitem = proto_tree_add_text(tree, tvb, token_offset,
- (a->offset + length) - token_offset, "GSS-API Token");
- gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
- }
if(length==0){
/* for GSSAPI the third pdu will sometimes be "empty" */
return;
if ((guint)reported_length > length)
reported_length = length;
new_tvb = tvb_new_subset(tvb, a->offset, available_length, reported_length);
- call_dissector(gssapi_handle, new_tvb, pinfo, gtree);
+ call_dissector(gssapi_handle, new_tvb, pinfo, tree);
a->offset += length;
} else {
if (read_bytestring(a, tree, hf_ldap_message_bind_auth_credentials,
int token_offset;
gint available_length, reported_length;
tvbuff_t *new_tvb;
- proto_item *gitem;
- proto_tree *gtree = NULL;
end = start + length;
dissect_ldap_result(a, tree, pinfo);
asn1_err_to_str(ret));
return;
}
- if (tree) {
- gitem = proto_tree_add_text(tree, tvb, token_offset,
- (a->offset + cred_length) - token_offset, "GSS-API Token");
- gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
- }
available_length = tvb_length_remaining(tvb, token_offset);
reported_length = tvb_reported_length_remaining(tvb, token_offset);
g_assert(available_length >= 0);
if ((guint)reported_length > cred_length)
reported_length = cred_length;
new_tvb = tvb_new_subset(tvb, a->offset, available_length, reported_length);
- call_dissector(gssapi_handle, new_tvb, pinfo, gtree);
+ call_dissector(gssapi_handle, new_tvb, pinfo, tree);
a->offset += cred_length;
} else if (ldap_info->auth_mech != NULL &&
strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
asn1_err_to_str(ret));
return;
}
- if (tree) {
- gitem = proto_tree_add_text(tree, tvb, token_offset,
- (a->offset + cred_length) - token_offset, "GSS-API Token");
- gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
- }
available_length = tvb_length_remaining(tvb, token_offset);
reported_length = tvb_reported_length_remaining(tvb, token_offset);
g_assert(available_length >= 0);
if ((guint)reported_length > cred_length)
reported_length = cred_length;
new_tvb = tvb_new_subset(tvb, a->offset, available_length, reported_length);
- call_dissector(gssapi_handle, new_tvb, pinfo, gtree);
+ call_dissector(gssapi_handle, new_tvb, pinfo, tree);
a->offset += cred_length;
} else {
if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
proto_tree *ctrls_tree = NULL;
int start = a->offset;
int end;
+ guint ctrls_length;
ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
if (ret != ASN1_ERR_NOERROR) {
return;
}
- ctrls_item = proto_tree_add_text(tree, a->tvb, start, length, "LDAP Controls");
+ ctrls_length = (a->offset - start) + length;
+ ctrls_item = proto_tree_add_text(tree, a->tvb, start, ctrls_length, "LDAP Controls");
ctrls_tree = proto_item_add_subtree(ctrls_item, ett_ldap_controls);
end = a->offset + length;
guint seq_length;
int seq_start = a->offset;
int seq_end;
+ guint ctrl_length;
ret = read_sequence(a, &seq_length);
if (ret != ASN1_ERR_NOERROR) {
return;
}
- ctrl_item = proto_tree_add_text(ctrls_tree, a->tvb, seq_start, seq_length, "LDAP Control");
+ ctrl_length = (a->offset - seq_start) + seq_length;
+ ctrl_item = proto_tree_add_text(ctrls_tree, a->tvb, seq_start, ctrl_length, "LDAP Control");
ctrl_tree = proto_item_add_subtree(ctrl_item, ett_ldap_control);
seq_end = a->offset + seq_length;
asn1_close(&a, &next_offset); /* XXX - use the new value of next_offset? */
}
-
static void
-dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
+dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, ldap_conv_info_t *ldap_info,
+ gboolean rest_is_pad, gboolean is_mscldap)
{
int offset = 0;
gboolean first_time = TRUE;
- conversation_t *conversation;
- gboolean doing_sasl_security = FALSE;
guint length_remaining;
- guint32 sasl_length;
- guint32 message_data_len;
- proto_item *ti = NULL;
- proto_tree *ldap_tree = NULL;
ASN1_SCK a;
int ret;
- guint messageLength;
+ guint msg_len;
int messageOffset;
guint headerLength;
guint length;
- gint available_length, reported_length;
- int len;
- proto_item *gitem = NULL;
- proto_tree *gtree = NULL;
- tvbuff_t *next_tvb;
- ldap_conv_info_t *ldap_info=NULL;
- int tmp_offset;
+ tvbuff_t *msg_tvb = NULL;
+ proto_item *msg_item = NULL;
+ proto_tree *msg_tree = NULL;
+
+ while (tvb_reported_length_remaining(tvb, offset) > 0) {
+ /*
+ * This will throw an exception if we don't have any data left.
+ * That's what we want. (See "tcp_dissect_pdus()", which is
+ * similar)
+ */
+ length_remaining = tvb_ensure_length_remaining(tvb, offset);
+
+ if (rest_is_pad && length_remaining < 6) return;
+
+ /*
+ * The frame begins
+ * with a "Sequence Of" header.
+ * Can we do reassembly?
+ */
+ if (ldap_desegment && pinfo->can_desegment) {
+ /*
+ * Yes - is the "Sequence Of" header split across segment
+ * boundaries? We require at least 6 bytes for the header
+ * which allows for a 4 byte length (ASN.1 BER).
+ */
+ if (length_remaining < 6) {
+ /* stop if the caller says that we are given all data and the rest is padding
+ * this is for the SASL GSSAPI case when the data is only signed and not sealed
+ */
+ pinfo->desegment_offset = offset;
+ pinfo->desegment_len = 6 - length_remaining;
+ return;
+ }
+ }
+
+ /*
+ * OK, try to read the "Sequence Of" header; this gets the total
+ * length of the LDAP message.
+ */
+ asn1_open(&a, tvb, offset);
+ ret = read_sequence(&a, &msg_len);
+ asn1_close(&a, &messageOffset);
+
+ if (ret == ASN1_ERR_NOERROR) {
+ /*
+ * Add the length of the "Sequence Of" header to the message
+ * length.
+ */
+ headerLength = messageOffset - offset;
+ msg_len += headerLength;
+ if (msg_len < headerLength) {
+ /*
+ * The message length was probably so large that the total length
+ * overflowed.
+ *
+ * Report this as an error.
+ */
+ show_reported_bounds_error(tvb, pinfo, tree);
+ return;
+ }
+ } else {
+ /*
+ * We couldn't parse the header; just make it the amount of data
+ * remaining in the tvbuff, so we'll give up on this segment
+ * after attempting to parse the message - there's nothing more
+ * we can do. "dissect_ldap_message()" will display the error.
+ */
+ msg_len = length_remaining;
+ }
+
+ /*
+ * Is the message split across segment boundaries?
+ */
+ if (length_remaining < msg_len) {
+ /* provide a hint to TCP where the next PDU starts */
+ pinfo->want_pdu_tracking=2;
+ pinfo->bytes_until_next_pdu= msg_len - length_remaining;
+ /*
+ * Can we do reassembly?
+ */
+ if (ldap_desegment && pinfo->can_desegment) {
+ /*
+ * Yes. Tell the TCP dissector where the data for this message
+ * starts in the data it handed us, and how many more bytes
+ * we need, and return.
+ */
+ pinfo->desegment_offset = offset;
+ pinfo->desegment_len = msg_len - length_remaining;
+ return;
+ }
+ }
+
+ /*
+ * Construct a tvbuff containing the amount of the payload we have
+ * available. Make its reported length the amount of data in the
+ * LDAP message.
+ *
+ * XXX - if reassembly isn't enabled. the subdissector will throw a
+ * BoundsError exception, rather than a ReportedBoundsError exception.
+ * We really want a tvbuff where the length is "length", the reported
+ * length is "plen", and the "if the snapshot length were infinite"
+ * length is the minimum of the reported length of the tvbuff handed
+ * to us and "plen", with a new type of exception thrown if the offset
+ * is within the reported length but beyond that third length, with
+ * that exception getting the "Unreassembled Packet" error.
+ */
+ length = length_remaining;
+ if (length > msg_len) length = msg_len;
+ msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
+
+ /*
+ * Now dissect the LDAP message.
+ */
+ if (tree) {
+ msg_item = proto_tree_add_text(tree, msg_tvb, 0, msg_len, "LDAP Message");
+ msg_tree = proto_item_add_subtree(msg_item, ett_ldap_msg);
+ }
+
+ dissect_ldap_message(msg_tvb, 0, pinfo, msg_tree, msg_item, first_time, ldap_info, is_mscldap);
+
+ offset += msg_len;
+
+ first_time = FALSE;
+ }
+}
+static void
+dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
+{
+ int offset = 0;
+ conversation_t *conversation;
+ gboolean doing_sasl_security = FALSE;
+ guint length_remaining;
+ ldap_conv_info_t *ldap_info = NULL;
+ proto_item *ldap_item = NULL;
+ proto_tree *ldap_tree = NULL;
+
/*
* Do we have a conversation for this connection?
*/
if (conversation == NULL) {
/* We don't yet have a conversation, so create one. */
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
- pinfo->ptype, pinfo->srcport,
+ pinfo->ptype, pinfo->srcport,
pinfo->destport, 0);
}
+
/*
* Do we already have a type and mechanism?
*/
ldap_info = conversation_get_proto_data(conversation, proto_ldap);
if (ldap_info == NULL) {
/* No. Attach that information to the conversation, and add
- it to the list of information structures. */
+ * it to the list of information structures.
+ */
ldap_info = g_mem_chunk_alloc(ldap_conv_info_chunk);
ldap_info->auth_type = 0;
ldap_info->auth_mech = 0;
switch (ldap_info->auth_type) {
case LDAP_AUTH_SASL:
- /*
- * It's SASL; are we using a security layer?
- */
- if (ldap_info->first_auth_frame != 0 &&
- pinfo->fd->num >= ldap_info->first_auth_frame)
- doing_sasl_security = TRUE; /* yes */
+ /*
+ * It's SASL; are we using a security layer?
+ */
+ if (ldap_info->first_auth_frame != 0 &&
+ pinfo->fd->num >= ldap_info->first_auth_frame) {
+ doing_sasl_security = TRUE; /* yes */
+ }
}
-
-
-
while (tvb_reported_length_remaining(tvb, offset) > 0) {
+
/*
* This will throw an exception if we don't have any data left.
* That's what we want. (See "tcp_dissect_pdus()", which is
*/
length_remaining = tvb_ensure_length_remaining(tvb, offset);
+ /*
+ * Try to find out if we have a plain LDAP buffer
+ * with a "Sequence Of" header or a SASL buffer with
+ * Can we do reassembly?
+ */
+ if (ldap_desegment && pinfo->can_desegment) {
+ /*
+ * Yes - is the "Sequence Of" header split across segment
+ * boundaries? We require at least 6 bytes for the header
+ * which allows for a 4 byte length (ASN.1 BER).
+ * For the SASL case we need at least 4 bytes, so this is
+ * no problem here because we check for 6 bytes ans sasl buffers
+ * with less than 2 bytes should not exist...
+ */
+ if (length_remaining < 6) {
+ pinfo->desegment_offset = offset;
+ pinfo->desegment_len = 6 - length_remaining;
+ return;
+ }
+ }
+
+ /* It might still be a packet containing a SASL security layer
+ * but its just that we never saw the BIND packet.
+ * check if it looks like it could be a SASL blob here
+ * and in that case just assume it is GSS-SPNEGO
+ */
+ if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
+ &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
+ &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
+ ldap_info->auth_type=LDAP_AUTH_SASL;
+ ldap_info->first_auth_frame=pinfo->fd->num;
+ ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
+ doing_sasl_security=TRUE;
+ }
+
+ /*
+ * This is the first PDU, set the Protocol column and clear the
+ * Info column.
+ */
+ if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
+ if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
+
+ ldap_item = proto_tree_add_item(tree, proto_ldap, tvb, 0, -1, FALSE);
+ ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
+
/*
* Might we be doing a SASL security layer and, if so, *are* we doing
* one?
* but we want to parse garbage as LDAP messages rather than really
* huge lengths).
*/
+
if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
+ proto_item *sasl_item = NULL;
+ proto_tree *sasl_tree = NULL;
+ tvbuff_t *sasl_tvb;
+ guint sasl_len, sasl_msg_len, length;
/*
* Yes. The frame begins with a 4-byte big-endian length.
- * Can we do reassembly?
+ * And we know we have at least 6 bytes
*/
- if (ldap_desegment && pinfo->can_desegment) {
- /*
- * Yes - is the SASL length split across segment boundaries?
- */
- if (length_remaining < 4) {
- /*
- * Yes. Tell the TCP dissector where the data for this message
- * starts in the data it handed us, and how many more bytes we
- * need, and return.
- */
- pinfo->desegment_offset = offset;
- pinfo->desegment_len = 4 - length_remaining;
- return;
- }
- }
/*
* Get the SASL length, which is the length of data in the buffer
* assume that each LDAP message is entirely contained within
* a buffer.
*/
- sasl_length = tvb_get_ntohl(tvb, offset);
- message_data_len = sasl_length + 4;
- if (message_data_len < 4) {
+ sasl_len = tvb_get_ntohl(tvb, offset);
+ sasl_msg_len = sasl_len + 4;
+ if (sasl_msg_len < 4) {
/*
* The message length was probably so large that the total length
* overflowed.
/*
* Is the buffer split across segment boundaries?
*/
- if (length_remaining < message_data_len) {
+ if (length_remaining < sasl_msg_len) {
/* provide a hint to TCP where the next PDU starts */
- pinfo->want_pdu_tracking=2;
- pinfo->bytes_until_next_pdu=message_data_len-length_remaining;
+ pinfo->want_pdu_tracking = 2;
+ pinfo->bytes_until_next_pdu= sasl_msg_len - length_remaining;
/*
* Can we do reassembly?
*/
* need, and return.
*/
pinfo->desegment_offset = offset;
- pinfo->desegment_len = message_data_len - length_remaining;
+ pinfo->desegment_len = sasl_msg_len - length_remaining;
return;
}
}
* that exception getting the "Unreassembled Packet" error.
*/
length = length_remaining;
- if (length > message_data_len)
- length = message_data_len;
- next_tvb = tvb_new_subset(tvb, offset, length, message_data_len);
-
- /*
- * If this is the first PDU, set the Protocol column and clear the
- * Info column.
- */
- if (first_time)
- {
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
- if (check_col(pinfo->cinfo, COL_INFO))
- col_clear(pinfo->cinfo, COL_INFO);
- }
+ if (length > sasl_msg_len) length = sasl_msg_len;
+ sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
- if (tree)
- {
- ti = proto_tree_add_item(tree, proto_ldap, next_tvb, 0, -1, FALSE);
- ldap_tree = proto_item_add_subtree(ti, ett_ldap);
+ if (ldap_tree) {
+ proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
+ sasl_len);
- proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, tvb, 0, 4,
- sasl_length);
+ sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL buffer");
+ sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
}
if (ldap_info->auth_mech != NULL &&
strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
- int header_len;
+ tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
+ int ver_len;
/*
* This is GSS-API (using SPNEGO, but we should be done with
* the negotiation by now).
* the token, from which we compute the offset in the tvbuff at
* which the plaintext data, i.e. the LDAP message, begins.
*/
- available_length = tvb_length_remaining(tvb, 4);
- reported_length = tvb_reported_length_remaining(tvb, 4);
- g_assert(available_length >= 0);
- g_assert(reported_length >= 0);
- if (available_length > reported_length)
- available_length = reported_length;
-
- next_tvb = tvb_new_subset(tvb, 4, available_length, reported_length);
- if (tree)
- {
- gitem = proto_tree_add_text(ldap_tree, next_tvb, 0, -1, "GSS-API Token");
- gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
- }
+ gssapi_tvb = tvb_new_subset(sasl_tvb, 4, sasl_len, sasl_len);
/* Attempt decryption of the GSSAPI wrapped data if possible */
pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
pinfo->gssapi_wrap_tvb=NULL;
pinfo->gssapi_encrypted_tvb=NULL;
pinfo->gssapi_decrypted_tvb=NULL;
- len = call_dissector(gssapi_wrap_handle, next_tvb, pinfo, gtree);
- header_len=4+len;
- /* if we could decrypt, do a tvb shuffle */
+ ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
+ /* if we could unwrap, do a tvb shuffle */
if(pinfo->gssapi_decrypted_tvb){
- tvb=pinfo->gssapi_decrypted_tvb;
- header_len=0;
+ decr_tvb=pinfo->gssapi_decrypted_tvb;
}
/* tidy up */
pinfo->decrypt_gssapi_tvb=0;
* if len is 0 it probably mean that we got a PDU that is not
* aligned to the start of the segment.
*/
- if(len==0){
+ if(ver_len==0){
return;
}
- if (gitem != NULL)
- proto_item_set_len(gitem, len);
+ /*
+ * if we don't have unwrapped data,
+ * see if the data we already have is maybe
+ * plain LDAP
+ */
+ if (!decr_tvb) {
+ ASN1_SCK a;
+ int ret;
+ guint messageLength;
+ int messageOffset;
+ /*
+ * OK, try to read the "Sequence Of" header;
+ * if it gives no error create the dcer_tvb
+ */
+ asn1_open(&a, gssapi_tvb, ver_len);
+ ret = read_sequence(&a, &messageLength);
+ asn1_close(&a, &messageOffset);
+ if (ret == ASN1_ERR_NOERROR) {
+ plain_tvb = tvb_new_subset(gssapi_tvb, ver_len, -1, -1);
+ }
+ }
- /*
- * check if it's LDAP or an encrypted blob (or a decrypted blob)
- */
-
- asn1_open(&a, tvb, header_len);
- ret = check_optional_tag(&a, ASN1_UNI, ASN1_CON, ASN1_SEQ);
- asn1_close(&a, &tmp_offset);
- if (ret == ASN1_ERR_NOERROR) {
+ if (decr_tvb) {
+ proto_item *enc_item = NULL;
+ proto_tree *enc_tree = NULL;
/*
- * Now dissect the LDAP message.
+ * Now dissect the decrypted LDAP message.
*/
- dissect_ldap_message(tvb, header_len, pinfo, ldap_tree, ti, first_time, ldap_info, is_mscldap);
- } else {
- if (first_time && check_col(pinfo->cinfo, COL_INFO)) {
- col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)",
- sasl_length - len,
- plurality(sasl_length - len, "", "s"));
+ if (sasl_tree) {
+ enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+ "GSS-API Encrypted payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
+ }
+ dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap);
+ } else if (plain_tvb) {
+ proto_item *plain_item = NULL;
+ proto_tree *plain_tree = NULL;
+ /*
+ * Now dissect the plain LDAP message.
+ */
+ if (sasl_tree) {
+ plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+ "GSS-API payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
}
- proto_tree_add_text(ldap_tree, tvb, header_len, -1,
+ dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap);
+ } else {
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ }
+ if (sasl_tree) {
+ proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
"GSS-API Encrypted payload (%d byte%s)",
- sasl_length - len,
- plurality(sasl_length - len, "", "s"));
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ }
}
- } else {
- /*
- * We don't know how to handle other authentication mechanisms
- * yet, so just put in an entry for the SASL buffer.
- */
- proto_tree_add_text(ldap_tree, tvb, 4, -1, "SASL buffer");
}
- offset += message_data_len;
+ offset += sasl_msg_len;
} else {
- /*
- * No, we're not doing a SASL security layer. The frame begins
- * with a "Sequence Of" header.
- * Can we do reassembly?
- */
- if (ldap_desegment && pinfo->can_desegment) {
- /*
- * Yes - is the "Sequence Of" header split across segment
- * boundaries? We require at least 6 bytes for the header
- * which allows for a 4 byte length (ASN.1 BER).
- */
- if (length_remaining < 6) {
- pinfo->desegment_offset = offset;
- pinfo->desegment_len = 6 - length_remaining;
- return;
- }
- }
-
- /* It might still be a packet containing a SASL security layer
- * but its just that we never saw the BIND packet.
- * check if it looks like it could be a SASL blob here
- * and in that case just assume it is GSS-SPNEGO
- */
- if( (tvb_bytes_exist(tvb, offset, 5))
- &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
- &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
- ldap_info->auth_type=LDAP_AUTH_SASL;
- ldap_info->first_auth_frame=pinfo->fd->num;
- ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
- doing_sasl_security=TRUE;
- continue;
- }
-
-
- /*
- * OK, try to read the "Sequence Of" header; this gets the total
- * length of the LDAP message.
- */
- asn1_open(&a, tvb, offset);
- ret = read_sequence(&a, &messageLength);
- asn1_close(&a, &messageOffset);
-
- if (ret == ASN1_ERR_NOERROR) {
- /*
- * Add the length of the "Sequence Of" header to the message
- * length.
- */
- headerLength = messageOffset - offset;
- messageLength += headerLength;
- if (messageLength < headerLength) {
- /*
- * The message length was probably so large that the total length
- * overflowed.
- *
- * Report this as an error.
- */
- show_reported_bounds_error(tvb, pinfo, tree);
- return;
- }
- } else {
- /*
- * We couldn't parse the header; just make it the amount of data
- * remaining in the tvbuff, so we'll give up on this segment
- * after attempting to parse the message - there's nothing more
- * we can do. "dissect_ldap_message()" will display the error.
- */
- messageLength = length_remaining;
- }
-
- /*
- * Is the message split across segment boundaries?
- */
- if (length_remaining < messageLength) {
- /* provide a hint to TCP where the next PDU starts */
- pinfo->want_pdu_tracking=2;
- pinfo->bytes_until_next_pdu=messageLength-length_remaining;
- /*
- * Can we do reassembly?
- */
- if (ldap_desegment && pinfo->can_desegment) {
- /*
- * Yes. Tell the TCP dissector where the data for this message
- * starts in the data it handed us, and how many more bytes
- * we need, and return.
- */
- pinfo->desegment_offset = offset;
- pinfo->desegment_len = messageLength - length_remaining;
- return;
- }
- }
-
- /*
- * If this is the first PDU, set the Protocol column and clear the
- * Info column.
- */
- if (first_time) {
- if (check_col(pinfo->cinfo, COL_PROTOCOL))
- col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
- if (check_col(pinfo->cinfo, COL_INFO))
- col_clear(pinfo->cinfo, COL_INFO);
- }
-
- /*
- * Construct a tvbuff containing the amount of the payload we have
- * available. Make its reported length the amount of data in the
- * LDAP message.
- *
- * XXX - if reassembly isn't enabled. the subdissector will throw a
- * BoundsError exception, rather than a ReportedBoundsError exception.
- * We really want a tvbuff where the length is "length", the reported
- * length is "plen", and the "if the snapshot length were infinite"
- * length is the minimum of the reported length of the tvbuff handed
- * to us and "plen", with a new type of exception thrown if the offset
- * is within the reported length but beyond that third length, with
- * that exception getting the "Unreassembled Packet" error.
- */
- length = length_remaining;
- if (length > messageLength)
- length = messageLength;
- next_tvb = tvb_new_subset(tvb, offset, length, messageLength);
-
- /*
- * Now dissect the LDAP message.
- */
- if (tree) {
- ti = proto_tree_add_item(tree, proto_ldap, next_tvb, 0, -1, FALSE);
- ldap_tree = proto_item_add_subtree(ti, ett_ldap);
- } else
- ldap_tree = NULL;
- dissect_ldap_message(next_tvb, 0, pinfo, ldap_tree, ti, first_time, ldap_info, is_mscldap);
-
- offset += messageLength;
+ /* plain LDAP, so dissect the payload */
+ dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap);
+ /* dissect_ldap_payload() has it's own loop so go out here */
+ break;
}
-
- first_time = FALSE;
}
}
-
static void
dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
static gint *ett[] = {
&ett_ldap,
- &ett_ldap_gssapi_token,
+ &ett_ldap_msg,
+ &ett_ldap_payload,
+ &ett_ldap_sasl_blob,
&ett_ldap_referrals,
&ett_ldap_attribute,
&ett_ldap_controls,