1 /* Do not modify this file. */
2 /* It is created automatically by the ASN.1 to Wireshark dissector compiler */
4 /* ../../tools/asn2wrs.py -b -e -p ldap -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn */
6 /* Input file: packet-ldap-template.c */
8 #line 1 "packet-ldap-template.c"
10 * Routines for ldap packet dissection
12 * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
16 * Wireshark - Network traffic analyzer
17 * By Gerald Combs <gerald@wireshark.org>
18 * Copyright 1998 Gerald Combs
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version 2
23 * of the License, or (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
37 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
38 * It's also missing extensible search filters.
40 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
43 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
44 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
48 * nazard@dragoninc.on.ca
52 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
53 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
57 * ronald.henderson@cognicaseusa.com
61 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
62 * using information from the SNIA 2003 conference paper :
63 * Active Directory Domain Controller Location Service
69 * 17-DEC-2004 - added basic decoding for LDAP Controls
70 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
72 * Stefan Metzmacher <metze@samba.org>
74 * 15-NOV-2005 - Changed to use the asn2wrs compiler
75 * Anders Broman <anders.broman@ericsson.com>
88 #include <epan/packet.h>
89 #include <epan/conversation.h>
90 #include <epan/prefs.h>
92 #include <epan/emem.h>
93 #include <epan/oid_resolv.h>
94 #include <epan/strutil.h>
95 #include <epan/dissectors/packet-tcp.h>
96 #include <epan/dissectors/packet-windows-common.h>
97 #include <epan/dissectors/packet-dcerpc.h>
99 #include "packet-frame.h"
100 #include "packet-ldap.h"
101 #include "packet-ntlmssp.h"
103 #include "packet-ber.h"
104 #include "packet-per.h"
106 #define PNAME "Lightweight-Directory-Access-Protocol"
107 #define PSNAME "LDAP"
108 #define PFNAME "ldap"
110 /* Initialize the protocol and registered fields */
111 static int ldap_tap = -1;
112 static int proto_ldap = -1;
113 static int proto_cldap = -1;
115 static int hf_ldap_sasl_buffer_length = -1;
116 static int hf_ldap_response_in = -1;
117 static int hf_ldap_response_to = -1;
118 static int hf_ldap_time = -1;
119 static int hf_ldap_guid = -1;
121 static int hf_mscldap_netlogon_type = -1;
122 static int hf_mscldap_netlogon_flags = -1;
123 static int hf_mscldap_netlogon_flags_pdc = -1;
124 static int hf_mscldap_netlogon_flags_gc = -1;
125 static int hf_mscldap_netlogon_flags_ldap = -1;
126 static int hf_mscldap_netlogon_flags_ds = -1;
127 static int hf_mscldap_netlogon_flags_kdc = -1;
128 static int hf_mscldap_netlogon_flags_timeserv = -1;
129 static int hf_mscldap_netlogon_flags_closest = -1;
130 static int hf_mscldap_netlogon_flags_writable = -1;
131 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
132 static int hf_mscldap_netlogon_flags_ndnc = -1;
133 static int hf_mscldap_domain_guid = -1;
134 static int hf_mscldap_forest = -1;
135 static int hf_mscldap_domain = -1;
136 static int hf_mscldap_hostname = -1;
137 static int hf_mscldap_nb_domain = -1;
138 static int hf_mscldap_nb_hostname = -1;
139 static int hf_mscldap_username = -1;
140 static int hf_mscldap_sitename = -1;
141 static int hf_mscldap_clientsitename = -1;
142 static int hf_mscldap_netlogon_version = -1;
143 static int hf_mscldap_netlogon_lm_token = -1;
144 static int hf_mscldap_netlogon_nt_token = -1;
145 static int hf_ldap_sid = -1;
146 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
147 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
148 static int hf_ldap_AccessMask_ADS_LIST = -1;
149 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
150 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
151 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
152 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
153 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
154 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
157 /*--- Included file: packet-ldap-hf.c ---*/
158 #line 1 "packet-ldap-hf.c"
159 static int hf_ldap_LDAPMessage_PDU = -1; /* LDAPMessage */
160 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
161 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
162 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
163 static int hf_ldap_ReplControlValue_PDU = -1; /* ReplControlValue */
164 static int hf_ldap_messageID = -1; /* MessageID */
165 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
166 static int hf_ldap_controls = -1; /* Controls */
167 static int hf_ldap_bindRequest = -1; /* BindRequest */
168 static int hf_ldap_bindResponse = -1; /* BindResponse */
169 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
170 static int hf_ldap_searchRequest = -1; /* SearchRequest */
171 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
172 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
173 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
174 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
175 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
176 static int hf_ldap_addRequest = -1; /* AddRequest */
177 static int hf_ldap_addResponse = -1; /* AddResponse */
178 static int hf_ldap_delRequest = -1; /* DelRequest */
179 static int hf_ldap_delResponse = -1; /* DelResponse */
180 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
181 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
182 static int hf_ldap_compareRequest = -1; /* CompareRequest */
183 static int hf_ldap_compareResponse = -1; /* CompareResponse */
184 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
185 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
186 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
187 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
188 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
189 static int hf_ldap_assertionValue = -1; /* AssertionValue */
190 static int hf_ldap_type = -1; /* AttributeDescription */
191 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
192 static int hf_ldap_vals_item = -1; /* AttributeValue */
193 static int hf_ldap_resultCode = -1; /* T_resultCode */
194 static int hf_ldap_matchedDN = -1; /* LDAPDN */
195 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
196 static int hf_ldap_referral = -1; /* Referral */
197 static int hf_ldap_Referral_item = -1; /* LDAPURL */
198 static int hf_ldap_Controls_item = -1; /* Control */
199 static int hf_ldap_controlType = -1; /* ControlType */
200 static int hf_ldap_criticality = -1; /* BOOLEAN */
201 static int hf_ldap_controlValue = -1; /* T_controlValue */
202 static int hf_ldap_version = -1; /* INTEGER_1_127 */
203 static int hf_ldap_name = -1; /* LDAPDN */
204 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
205 static int hf_ldap_simple = -1; /* Simple */
206 static int hf_ldap_sasl = -1; /* SaslCredentials */
207 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
208 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
209 static int hf_ldap_mechanism = -1; /* Mechanism */
210 static int hf_ldap_credentials = -1; /* Credentials */
211 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
212 static int hf_ldap_matchedDN1 = -1; /* T_matchedDN */
213 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
214 static int hf_ldap_baseObject = -1; /* LDAPDN */
215 static int hf_ldap_scope = -1; /* T_scope */
216 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
217 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
218 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
219 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
220 static int hf_ldap_filter = -1; /* T_filter */
221 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
222 static int hf_ldap_and = -1; /* T_and */
223 static int hf_ldap_and_item = -1; /* T_and_item */
224 static int hf_ldap_or = -1; /* T_or */
225 static int hf_ldap_or_item = -1; /* T_or_item */
226 static int hf_ldap_not = -1; /* T_not */
227 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
228 static int hf_ldap_substrings = -1; /* SubstringFilter */
229 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
230 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
231 static int hf_ldap_present = -1; /* T_present */
232 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
233 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
234 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
235 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
236 static int hf_ldap_initial = -1; /* LDAPString */
237 static int hf_ldap_any = -1; /* LDAPString */
238 static int hf_ldap_final = -1; /* LDAPString */
239 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
240 static int hf_ldap_matchValue = -1; /* AssertionValue */
241 static int hf_ldap_dnAttributes = -1; /* BOOLEAN */
242 static int hf_ldap_objectName = -1; /* LDAPDN */
243 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
244 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
245 static int hf_ldap_SearchResultReference_item = -1; /* LDAPURL */
246 static int hf_ldap_object = -1; /* LDAPDN */
247 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
248 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
249 static int hf_ldap_operation = -1; /* T_operation */
250 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
251 static int hf_ldap_entry = -1; /* LDAPDN */
252 static int hf_ldap_attributes = -1; /* AttributeList */
253 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
254 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
255 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
256 static int hf_ldap_newSuperior = -1; /* LDAPDN */
257 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
258 static int hf_ldap_requestName = -1; /* LDAPOID */
259 static int hf_ldap_requestValue = -1; /* OCTET_STRING */
260 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
261 static int hf_ldap_responseName = -1; /* ResponseName */
262 static int hf_ldap_response = -1; /* OCTET_STRING */
263 static int hf_ldap_size = -1; /* INTEGER */
264 static int hf_ldap_cookie = -1; /* OCTET_STRING */
265 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
266 static int hf_ldap_attributeType = -1; /* AttributeDescription */
267 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
268 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
269 static int hf_ldap_sortResult = -1; /* T_sortResult */
270 static int hf_ldap_parentsFirst = -1; /* INTEGER */
271 static int hf_ldap_maxReturnLength = -1; /* INTEGER */
273 /*--- End of included file: packet-ldap-hf.c ---*/
274 #line 149 "packet-ldap-template.c"
276 /* Initialize the subtree pointers */
277 static gint ett_ldap = -1;
278 static gint ett_ldap_msg = -1;
279 static gint ett_ldap_sasl_blob = -1;
280 static guint ett_ldap_payload = -1;
281 static gint ett_mscldap_netlogon_flags = -1;
284 /*--- Included file: packet-ldap-ett.c ---*/
285 #line 1 "packet-ldap-ett.c"
286 static gint ett_ldap_LDAPMessage = -1;
287 static gint ett_ldap_ProtocolOp = -1;
288 static gint ett_ldap_AttributeDescriptionList = -1;
289 static gint ett_ldap_AttributeValueAssertion = -1;
290 static gint ett_ldap_Attribute = -1;
291 static gint ett_ldap_SET_OF_AttributeValue = -1;
292 static gint ett_ldap_LDAPResult = -1;
293 static gint ett_ldap_Referral = -1;
294 static gint ett_ldap_Controls = -1;
295 static gint ett_ldap_Control = -1;
296 static gint ett_ldap_BindRequest = -1;
297 static gint ett_ldap_AuthenticationChoice = -1;
298 static gint ett_ldap_SaslCredentials = -1;
299 static gint ett_ldap_BindResponse = -1;
300 static gint ett_ldap_SearchRequest = -1;
301 static gint ett_ldap_Filter = -1;
302 static gint ett_ldap_T_and = -1;
303 static gint ett_ldap_T_or = -1;
304 static gint ett_ldap_SubstringFilter = -1;
305 static gint ett_ldap_T_substringFilter_substrings = -1;
306 static gint ett_ldap_T_substringFilter_substrings_item = -1;
307 static gint ett_ldap_MatchingRuleAssertion = -1;
308 static gint ett_ldap_SearchResultEntry = -1;
309 static gint ett_ldap_PartialAttributeList = -1;
310 static gint ett_ldap_PartialAttributeList_item = -1;
311 static gint ett_ldap_SearchResultReference = -1;
312 static gint ett_ldap_ModifyRequest = -1;
313 static gint ett_ldap_ModifyRequest_modification = -1;
314 static gint ett_ldap_T_modifyRequest_modification_item = -1;
315 static gint ett_ldap_AttributeTypeAndValues = -1;
316 static gint ett_ldap_AddRequest = -1;
317 static gint ett_ldap_AttributeList = -1;
318 static gint ett_ldap_AttributeList_item = -1;
319 static gint ett_ldap_ModifyDNRequest = -1;
320 static gint ett_ldap_CompareRequest = -1;
321 static gint ett_ldap_ExtendedRequest = -1;
322 static gint ett_ldap_ExtendedResponse = -1;
323 static gint ett_ldap_SearchControlValue = -1;
324 static gint ett_ldap_SortKeyList = -1;
325 static gint ett_ldap_SortKeyList_item = -1;
326 static gint ett_ldap_SortResult = -1;
327 static gint ett_ldap_ReplControlValue = -1;
329 /*--- End of included file: packet-ldap-ett.c ---*/
330 #line 158 "packet-ldap-template.c"
332 static dissector_table_t ldap_name_dissector_table=NULL;
333 static const char *object_identifier_id = NULL; /* LDAP OID */
335 /* desegmentation of LDAP */
336 static gboolean ldap_desegment = TRUE;
337 static guint ldap_tcp_port = 389;
339 static gboolean do_protocolop = FALSE;
340 static gchar *attr_type = NULL;
341 static gboolean is_binary_attr_type = FALSE;
343 #define TCP_PORT_LDAP 389
344 #define UDP_PORT_CLDAP 389
345 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
347 static dissector_handle_t gssapi_handle;
348 static dissector_handle_t gssapi_wrap_handle;
349 static dissector_handle_t ntlmssp_handle = NULL;
352 /* different types of rpc calls ontop of ms cldap */
353 #define MSCLDAP_RPC_NETLOGON 1
355 /* Message type Choice values */
356 static const value_string ldap_ProtocolOp_choice_vals[] = {
357 { 0, "bindRequest" },
358 { 1, "bindResponse" },
359 { 2, "unbindRequest" },
360 { 3, "searchRequest" },
361 { 4, "searchResEntry" },
362 { 5, "searchResDone" },
363 { 6, "searchResRef" },
364 { 7, "modifyRequest" },
365 { 8, "modifyResponse" },
367 { 10, "addResponse" },
368 { 11, "delRequest" },
369 { 12, "delResponse" },
370 { 13, "modDNRequest" },
371 { 14, "modDNResponse" },
372 { 15, "compareRequest" },
373 { 16, "compareResponse" },
374 { 17, "abandonRequest" },
375 { 18, "extendedReq" },
376 { 19, "extendedResp" },
380 * Data structure attached to a conversation, giving authentication
381 * information from a bind request.
382 * We keep a linked list of them, so that we can free up all the
383 * authentication mechanism strings.
385 typedef struct ldap_conv_info_t {
386 struct ldap_conv_info_t *next;
387 guint auth_type; /* authentication type */
388 char *auth_mech; /* authentication mechanism */
389 guint32 first_auth_frame; /* first frame that would use a security layer */
390 GHashTable *unmatched;
395 static ldap_conv_info_t *ldap_info_items;
398 ldap_info_hash_matched(gconstpointer k)
400 const ldap_call_response_t *key = k;
402 return key->messageId;
406 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
408 const ldap_call_response_t *key1 = k1;
409 const ldap_call_response_t *key2 = k2;
411 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
414 /* a response may span multiple frames
415 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
420 return key1->messageId==key2->messageId;
424 ldap_info_hash_unmatched(gconstpointer k)
426 const ldap_call_response_t *key = k;
428 return key->messageId;
432 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
434 const ldap_call_response_t *key1 = k1;
435 const ldap_call_response_t *key2 = k2;
437 return key1->messageId==key2->messageId;
440 /* This string contains the last LDAPString that was decoded */
441 static char *attributedesc_string=NULL;
443 /* This string contains the last AssertionValue that was decoded */
444 static char *ldapvalue_string=NULL;
446 /* if the octet string contain all printable ASCII characters, then
447 * display it as a string, othervise just display it in hex.
450 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index)
453 gboolean pc, ind, is_ascii;
459 offset=get_ber_identifier(tvb, offset, &class, &pc, &tag);
460 offset=get_ber_length(NULL, tvb, offset, &len, &ind);
462 len=tvb_length_remaining(tvb,offset);
471 * Some special/wellknown attributes in common LDAP (read AD)
472 * are neither ascii strings nor blobs of hex data.
473 * Special case these attributes and decode them more nicely.
475 * Add more special cases as required to prettify further
476 * (there cant be that many ones that are truly interesting)
478 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
482 /* this octet string contains an NT SID */
483 sid_tvb=tvb_new_subset(tvb, offset, len, len);
484 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
485 ldapvalue_string=tmpstr;
488 } else if ( (len==16) /* GUIDs are always 16 bytes */
489 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
490 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
493 /* This octet string contained a GUID */
494 dissect_dcerpc_uuid_t(tvb, offset, pinfo, tree, drep, hf_ldap_guid, &uuid);
496 ldapvalue_string=ep_alloc(1024);
497 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
498 uuid.Data1, uuid.Data2, uuid.Data3,
499 uuid.Data4[0], uuid.Data4[1],
500 uuid.Data4[2], uuid.Data4[3],
501 uuid.Data4[4], uuid.Data4[5],
502 uuid.Data4[6], uuid.Data4[7]);
508 * It was not one of our "wellknown" attributes so make the best
509 * we can and just try to see if it is an ascii string or if it
512 * XXX - should we support reading RFC 2252-style schemas
513 * for LDAP, and using that to determine how to display
514 * attribute values and assertion values?
516 * -- I dont think there are full schemas available that describe the
517 * interesting cases i.e. AD -- ronnie
519 str=tvb_get_ptr(tvb, offset, len);
522 if(!isascii(str[i]) || !isprint(str[i])){
528 /* convert the string into a printable string */
530 ldapvalue_string=ep_alloc(len+1);
531 memcpy(ldapvalue_string,str,len);
532 ldapvalue_string[i]=0;
534 ldapvalue_string=ep_alloc(3*len);
536 g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
537 ldapvalue_string[3*i+2]=':';
539 ldapvalue_string[3*len-1]=0;
542 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
550 /* This string contains the last Filter item that was decoded */
551 static char *Filter_string=NULL;
552 static char *and_filter_string=NULL;
553 static char *or_filter_string=NULL;
554 static char *substring_value=NULL;
555 static char *substring_item_init=NULL;
556 static char *substring_item_any=NULL;
557 static char *substring_item_final=NULL;
558 static char *matching_rule_string=NULL;
559 static gboolean matching_rule_dnattr=FALSE;
561 /* Global variables */
562 char *mechanism = NULL;
563 static gint MessageID =-1;
564 static gint ProtocolOp = -1;
565 static gint result = 0;
566 static proto_item *ldm_tree = NULL; /* item to add text to */
568 static void ldap_do_protocolop(packet_info *pinfo)
574 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
576 if(check_col(pinfo->cinfo, COL_INFO))
577 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
580 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
582 do_protocolop = FALSE;
587 static ldap_call_response_t *
588 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag)
590 ldap_call_response_t lcr, *lcrp=NULL;
591 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)pinfo->private_data;
593 /* first see if we have already matched this */
595 lcr.messageId=messageId;
596 switch(protocolOpTag){
598 case LDAP_REQ_SEARCH:
599 case LDAP_REQ_MODIFY:
601 case LDAP_REQ_DELETE:
602 case LDAP_REQ_MODRDN:
603 case LDAP_REQ_COMPARE:
605 lcr.req_frame=pinfo->fd->num;
609 case LDAP_RES_SEARCH_ENTRY:
610 case LDAP_RES_SEARCH_REF:
611 case LDAP_RES_SEARCH_RESULT:
612 case LDAP_RES_MODIFY:
614 case LDAP_RES_DELETE:
615 case LDAP_RES_MODRDN:
616 case LDAP_RES_COMPARE:
617 lcr.is_request=FALSE;
619 lcr.rep_frame=pinfo->fd->num;
622 lcrp=g_hash_table_lookup(ldap_info->matched, &lcr);
626 lcrp->is_request=lcr.is_request;
630 /* we haven't found a match - try and match it up */
632 switch(protocolOpTag){
634 case LDAP_REQ_SEARCH:
635 case LDAP_REQ_MODIFY:
637 case LDAP_REQ_DELETE:
638 case LDAP_REQ_MODRDN:
639 case LDAP_REQ_COMPARE:
641 /* this a a request - add it to the unmatched list */
643 /* check that we dont already have one of those in the
644 unmatched list and if so remove it */
646 lcr.messageId=messageId;
647 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
649 g_hash_table_remove(ldap_info->unmatched, lcrp);
651 /* if we cant reuse the old one, grab a new chunk */
653 lcrp=se_alloc(sizeof(ldap_call_response_t));
655 lcrp->messageId=messageId;
656 lcrp->req_frame=pinfo->fd->num;
657 lcrp->req_time=pinfo->fd->abs_ts;
659 lcrp->protocolOpTag=protocolOpTag;
660 lcrp->is_request=TRUE;
661 g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
665 case LDAP_RES_SEARCH_ENTRY:
666 case LDAP_RES_SEARCH_REF:
667 case LDAP_RES_SEARCH_RESULT:
668 case LDAP_RES_MODIFY:
670 case LDAP_RES_DELETE:
671 case LDAP_RES_MODRDN:
672 case LDAP_RES_COMPARE:
674 /* this is a result - it should be in our unmatched list */
676 lcr.messageId=messageId;
677 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
681 if(!lcrp->rep_frame){
682 g_hash_table_remove(ldap_info->unmatched, lcrp);
683 lcrp->rep_frame=pinfo->fd->num;
684 lcrp->is_request=FALSE;
685 g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
693 /* we have found a match */
698 if(lcrp->is_request){
699 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
700 PROTO_ITEM_SET_GENERATED(it);
703 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
704 PROTO_ITEM_SET_GENERATED(it);
705 nstime_delta(&ns, &pinfo->fd->abs_ts, &lcrp->req_time);
706 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
707 PROTO_ITEM_SET_GENERATED(it);
715 /*--- Included file: packet-ldap-fn.c ---*/
716 #line 1 "packet-ldap-fn.c"
717 /*--- Cyclic dependencies ---*/
719 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
720 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
721 /* Filter -> Filter/not -> Filter */
722 static int dissect_ldap_Filter(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
726 /*--- Fields for imported types ---*/
732 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
735 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
745 static int dissect_messageID(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
746 return dissect_ldap_MessageID(FALSE, tvb, offset, pinfo, tree, hf_ldap_messageID);
752 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
753 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
758 static int dissect_version(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
759 return dissect_ldap_INTEGER_1_127(FALSE, tvb, offset, pinfo, tree, hf_ldap_version);
765 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
767 tvbuff_t *parameter_tvb = NULL;
769 gchar *sc = NULL; /* semi-colon pointer */
771 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
775 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
777 ldap_do_protocolop(pinfo);
780 ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0));
782 ldapstring = "<ROOT>";
784 if(hf_index == hf_ldap_baseObject) {
785 /* this is search - put it on the scanline */
786 if(check_col(pinfo->cinfo, COL_INFO))
787 col_append_fstr(pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
790 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
795 proto_item_append_text(ber_last_created_item, " (%s)", ldapstring);
798 } else if ((hf_index == hf_ldap_errorMessage) && result) { /* only show message if not success */
799 if(check_col(pinfo->cinfo, COL_INFO))
800 col_append_fstr(pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
803 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
804 } else if (hf_index == hf_ldap_objectName) {
805 if(check_col(pinfo->cinfo, COL_INFO))
806 col_append_fstr(pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
809 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
810 } else if (hf_index == hf_ldap_attributeDesc){
811 /* remember the attribute description */
812 attributedesc_string=ldapstring;
813 } else if (hf_index == hf_ldap_initial){
814 /* remember the substring item */
815 substring_item_init=ldapstring;
816 } else if (hf_index == hf_ldap_any){
817 /* remember the substring item */
818 substring_item_any=ldapstring;
819 } else if (hf_index == hf_ldap_final){
820 /* remember the substring item */
821 substring_item_final=ldapstring;
822 } else if (hf_index == hf_ldap_matchingRule){
823 /* remember the matching rule */
824 matching_rule_string=ldapstring;
825 } else if (hf_index == hf_ldap_present){
826 /* remember the present name */
827 Filter_string=ldapstring;
828 } else if (hf_index == hf_ldap_type) {
829 /* remember attribute type name */
830 attr_type = ep_strdup(ldapstring);
832 /* append it to the parent entry */
833 proto_item_append_text(tree, " %s", attr_type);
835 /* remove the ";binary" component if present */
836 if((sc = strchr(attr_type, ';')) != NULL) {
837 if(!strcmp(sc, ";binary")) {
838 *sc = '\0'; /* terminate the string */
839 is_binary_attr_type = TRUE;
842 is_binary_attr_type = FALSE;
853 static int dissect_initial_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
854 return dissect_ldap_LDAPString(TRUE, tvb, offset, pinfo, tree, hf_ldap_initial);
856 static int dissect_any_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
857 return dissect_ldap_LDAPString(TRUE, tvb, offset, pinfo, tree, hf_ldap_any);
859 static int dissect_final_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
860 return dissect_ldap_LDAPString(TRUE, tvb, offset, pinfo, tree, hf_ldap_final);
866 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
867 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
871 static int dissect_matchedDN(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
872 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_matchedDN);
874 static int dissect_name(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
875 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_name);
877 static int dissect_baseObject(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
878 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_baseObject);
880 static int dissect_objectName(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
881 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_objectName);
883 static int dissect_object(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
884 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_object);
886 static int dissect_entry(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
887 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_entry);
889 static int dissect_newSuperior_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
890 return dissect_ldap_LDAPDN(TRUE, tvb, offset, pinfo, tree, hf_ldap_newSuperior);
896 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
898 ldap_conv_info_t *ldap_info;
900 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
904 ldap_info = pinfo->private_data;
905 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
907 pinfo->private_data = ldap_info;
913 static int dissect_simple_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
914 return dissect_ldap_Simple(TRUE, tvb, offset, pinfo, tree, hf_ldap_simple);
920 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
923 ldap_conv_info_t *ldap_info;
924 tvbuff_t *parameter_tvb;
925 char *mechanism = NULL;
926 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
929 ldap_info = pinfo->private_data;
930 ldap_info->auth_type = LDAP_AUTH_SASL;
936 * We need to remember the authentication type and mechanism for this
939 * XXX - actually, we might need to remember more than one
940 * type and mechanism, if you can unbind and rebind with a
941 * different type and/or mechanism.
943 mechanism = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
944 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
946 * If the mechanism in this request is an empty string (which is
947 * returned as a null pointer), use the saved mechanism instead.
948 * Otherwise, if the saved mechanism is an empty string (null),
949 * save this mechanism.
951 if (mechanism == NULL)
952 mechanism = ldap_info->auth_mech;
954 if (ldap_info->auth_mech == NULL) {
955 g_free(ldap_info->auth_mech);
957 ldap_info->auth_mech = mechanism;
959 pinfo->private_data = ldap_info;
965 static int dissect_mechanism(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
966 return dissect_ldap_Mechanism(FALSE, tvb, offset, pinfo, tree, hf_ldap_mechanism);
972 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
975 tvbuff_t *parameter_tvb;
976 ldap_conv_info_t *ldap_info;
978 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
984 ldap_info = pinfo->private_data;
985 if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
987 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
990 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
991 } else if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
993 * This is a raw GSS-API token.
996 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
998 pinfo->private_data = ldap_info;
1004 static int dissect_credentials(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1005 return dissect_ldap_Credentials(FALSE, tvb, offset, pinfo, tree, hf_ldap_credentials);
1009 static const ber_sequence_t SaslCredentials_sequence[] = {
1010 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_mechanism },
1011 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_credentials },
1016 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1017 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1018 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1022 static int dissect_sasl_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1023 return dissect_ldap_SaslCredentials(TRUE, tvb, offset, pinfo, tree, hf_ldap_sasl);
1029 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1030 #line 624 "ldap.cnf"
1031 /* make sure the protocol op comes first */
1032 ldap_do_protocolop(pinfo);
1034 call_dissector(ntlmssp_handle, tvb, pinfo, tree);
1035 offset+=tvb_length_remaining(tvb, offset);
1041 static int dissect_ntlmsspNegotiate_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1042 return dissect_ldap_T_ntlmsspNegotiate(TRUE, tvb, offset, pinfo, tree, hf_ldap_ntlmsspNegotiate);
1048 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1049 #line 631 "ldap.cnf"
1050 /* make sure the protocol op comes first */
1051 ldap_do_protocolop(pinfo);
1053 call_dissector(ntlmssp_handle, tvb, pinfo, tree);
1054 offset+=tvb_length_remaining(tvb, offset);
1060 static int dissect_ntlmsspAuth_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1061 return dissect_ldap_T_ntlmsspAuth(TRUE, tvb, offset, pinfo, tree, hf_ldap_ntlmsspAuth);
1065 static const value_string ldap_AuthenticationChoice_vals[] = {
1068 { 10, "ntlmsspNegotiate" },
1069 { 11, "ntlmsspAuth" },
1073 static const ber_choice_t AuthenticationChoice_choice[] = {
1074 { 0, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_simple_impl },
1075 { 3, BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_sasl_impl },
1076 { 10, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ntlmsspNegotiate_impl },
1077 { 11, BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ntlmsspAuth_impl },
1078 { 0, 0, 0, 0, NULL }
1082 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1083 #line 437 "ldap.cnf"
1086 const gchar *valstr;
1088 offset = dissect_ber_choice(pinfo, tree, tvb, offset,
1089 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1093 ldap_do_protocolop(pinfo);
1095 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1096 auth = AuthenticationChoice_choice[branch].value;
1098 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1100 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1101 if (check_col(pinfo->cinfo, COL_INFO) && (auth != 10) && (auth != 11))
1102 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
1105 proto_item_append_text(ldm_tree, " %s", valstr);
1112 static int dissect_authentication(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1113 return dissect_ldap_AuthenticationChoice(FALSE, tvb, offset, pinfo, tree, hf_ldap_authentication);
1117 static const ber_sequence_t BindRequest_sequence[] = {
1118 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_version },
1119 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_name },
1120 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_authentication },
1125 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1126 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1127 BindRequest_sequence, hf_index, ett_ldap_BindRequest);
1131 static int dissect_bindRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1132 return dissect_ldap_BindRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_bindRequest);
1136 static const value_string ldap_BindResponse_resultCode_vals[] = {
1138 { 1, "operationsError" },
1139 { 2, "protocolError" },
1140 { 3, "timeLimitExceeded" },
1141 { 4, "sizeLimitExceeded" },
1142 { 5, "compareFalse" },
1143 { 6, "compareTrue" },
1144 { 7, "authMethodNotSupported" },
1145 { 8, "strongAuthRequired" },
1147 { 11, "adminLimitExceeded" },
1148 { 12, "unavailableCriticalExtension" },
1149 { 13, "confidentialityRequired" },
1150 { 14, "saslBindInProgress" },
1151 { 16, "noSuchAttribute" },
1152 { 17, "undefinedAttributeType" },
1153 { 18, "inappropriateMatching" },
1154 { 19, "constraintViolation" },
1155 { 20, "attributeOrValueExists" },
1156 { 21, "invalidAttributeSyntax" },
1157 { 32, "noSuchObject" },
1158 { 33, "aliasProblem" },
1159 { 34, "invalidDNSyntax" },
1160 { 36, "aliasDereferencingProblem" },
1161 { 48, "inappropriateAuthentication" },
1162 { 49, "invalidCredentials" },
1163 { 50, "insufficientAccessRights" },
1165 { 52, "unavailable" },
1166 { 53, "unwillingToPerform" },
1167 { 54, "loopDetect" },
1168 { 64, "namingViolation" },
1169 { 65, "objectClassViolation" },
1170 { 66, "notAllowedOnNonLeaf" },
1171 { 67, "notAllowedOnRDN" },
1172 { 68, "entryAlreadyExists" },
1173 { 69, "objectClassModsProhibited" },
1174 { 71, "affectsMultipleDSAs" },
1181 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1182 #line 379 "ldap.cnf"
1184 const gchar *valstr;
1186 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1190 ldap_do_protocolop(pinfo);
1194 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1196 if (check_col(pinfo->cinfo, COL_INFO))
1197 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
1200 proto_item_append_text(ldm_tree, " %s", valstr);
1209 static int dissect_bindResponse_resultCode(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1210 return dissect_ldap_BindResponse_resultCode(FALSE, tvb, offset, pinfo, tree, hf_ldap_bindResponse_resultCode);
1216 dissect_ldap_T_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1217 #line 638 "ldap.cnf"
1218 tvbuff_t *new_tvb=NULL;
1220 offset = dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1223 && (tvb_length(new_tvb)>=7)
1224 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1226 /* make sure the protocol op comes first */
1227 ldap_do_protocolop(pinfo);
1229 call_dissector(ntlmssp_handle, new_tvb, pinfo, tree);
1237 static int dissect_matchedDN1(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1238 return dissect_ldap_T_matchedDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_matchedDN1);
1244 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1245 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1249 static int dissect_errorMessage(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1250 return dissect_ldap_ErrorMessage(FALSE, tvb, offset, pinfo, tree, hf_ldap_errorMessage);
1256 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1257 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1261 PROTO_ITEM_SET_URL(get_ber_last_created_item());
1266 static int dissect_Referral_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1267 return dissect_ldap_LDAPURL(FALSE, tvb, offset, pinfo, tree, hf_ldap_Referral_item);
1269 static int dissect_SearchResultReference_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1270 return dissect_ldap_LDAPURL(FALSE, tvb, offset, pinfo, tree, hf_ldap_SearchResultReference_item);
1274 static const ber_sequence_t Referral_sequence_of[1] = {
1275 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_Referral_item },
1279 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1280 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
1281 Referral_sequence_of, hf_index, ett_ldap_Referral);
1285 static int dissect_referral_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1286 return dissect_ldap_Referral(TRUE, tvb, offset, pinfo, tree, hf_ldap_referral);
1292 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1293 #line 194 "ldap.cnf"
1295 tvbuff_t *parameter_tvb;
1296 ldap_conv_info_t *ldap_info;
1298 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1303 ldap_info = pinfo->private_data;
1304 switch (ldap_info->auth_type) {
1306 /* For Kerberos V4, dissect it as a ticket. */
1307 /* XXX - what about LDAP_AUTH_SIMPLE? */
1309 case LDAP_AUTH_SASL:
1311 * All frames after this are assumed to use a security layer.
1313 * XXX - won't work if there's another reply, with the security
1314 * layer, starting in the same TCP segment that ends this
1315 * reply, but as LDAP is a request/response protocol, and
1316 * as the client probably can't start using authentication until
1317 * it gets the bind reply and the server won't send a reply until
1318 * it gets a request, that probably won't happen.
1320 * XXX - that assumption is invalid; it's not clear where the
1321 * hell you find out whether there's any security layer. In
1322 * one capture, we have two GSS-SPNEGO negotiations, both of
1323 * which select MS KRB5, and the only differences in the tokens
1324 * is in the RC4-HMAC ciphertext. The various
1325 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1326 * that the RFC 2222 spoo with the bitmask and maximum
1327 * output message size stuff is done - but where does that
1328 * stuff show up? Is it in the ciphertext, which means it's
1329 * presumably encrypted?
1331 * Grrr. We have to do a gross heuristic, checking whether the
1332 * putative LDAP message begins with 0x00 or not, making the
1333 * assumption that we won't have more than 2^24 bytes of
1334 * encapsulated stuff.
1336 ldap_info->first_auth_frame = pinfo->fd->num + 1;
1337 if (ldap_info->auth_mech != NULL &&
1338 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1340 * This is a GSS-API token.
1342 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
1343 } else if (ldap_info->auth_mech != NULL &&
1344 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1346 * This is a GSS-API token.
1348 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
1352 pinfo->private_data = ldap_info;
1358 static int dissect_serverSaslCreds_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1359 return dissect_ldap_ServerSaslCreds(TRUE, tvb, offset, pinfo, tree, hf_ldap_serverSaslCreds);
1363 static const ber_sequence_t BindResponse_sequence[] = {
1364 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_bindResponse_resultCode },
1365 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_matchedDN1 },
1366 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_errorMessage },
1367 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_referral_impl },
1368 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_serverSaslCreds_impl },
1373 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1374 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1375 BindResponse_sequence, hf_index, ett_ldap_BindResponse);
1379 static int dissect_bindResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1380 return dissect_ldap_BindResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_bindResponse);
1386 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1387 #line 459 "ldap.cnf"
1389 implicit_tag = TRUE; /* correct problem with asn2wrs */
1391 offset = dissect_ber_null(implicit_tag, pinfo, tree, tvb, offset, hf_index);
1394 ldap_do_protocolop(pinfo);
1404 static int dissect_unbindRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1405 return dissect_ldap_UnbindRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_unbindRequest);
1409 static const value_string ldap_T_scope_vals[] = {
1410 { 0, "baseObject" },
1411 { 1, "singleLevel" },
1412 { 2, "wholeSubtree" },
1418 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1419 #line 338 "ldap.cnf"
1422 const gchar *valstr;
1424 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1428 ldap_do_protocolop(pinfo);
1430 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1432 if (check_col(pinfo->cinfo, COL_INFO))
1433 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
1436 proto_item_append_text(ldm_tree, " %s", valstr);
1442 static int dissect_scope(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1443 return dissect_ldap_T_scope(FALSE, tvb, offset, pinfo, tree, hf_ldap_scope);
1447 static const value_string ldap_T_derefAliases_vals[] = {
1448 { 0, "neverDerefAliases" },
1449 { 1, "derefInSearching" },
1450 { 2, "derefFindingBaseObj" },
1451 { 3, "derefAlways" },
1457 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1458 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1463 static int dissect_derefAliases(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1464 return dissect_ldap_T_derefAliases(FALSE, tvb, offset, pinfo, tree, hf_ldap_derefAliases);
1470 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1471 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1476 static int dissect_sizeLimit(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1477 return dissect_ldap_INTEGER_0_maxInt(FALSE, tvb, offset, pinfo, tree, hf_ldap_sizeLimit);
1479 static int dissect_timeLimit(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1480 return dissect_ldap_INTEGER_0_maxInt(FALSE, tvb, offset, pinfo, tree, hf_ldap_timeLimit);
1486 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1487 #line 552 "ldap.cnf"
1490 offset = dissect_ber_boolean_value(implicit_tag, pinfo, tree, tvb, offset, hf_index, &val);
1492 if (hf_index == hf_ldap_dnAttributes) {
1493 matching_rule_dnattr = val;
1500 static int dissect_criticality(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1501 return dissect_ldap_BOOLEAN(FALSE, tvb, offset, pinfo, tree, hf_ldap_criticality);
1503 static int dissect_typesOnly(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1504 return dissect_ldap_BOOLEAN(FALSE, tvb, offset, pinfo, tree, hf_ldap_typesOnly);
1506 static int dissect_dnAttributes_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1507 return dissect_ldap_BOOLEAN(TRUE, tvb, offset, pinfo, tree, hf_ldap_dnAttributes);
1509 static int dissect_deleteoldrdn(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1510 return dissect_ldap_BOOLEAN(FALSE, tvb, offset, pinfo, tree, hf_ldap_deleteoldrdn);
1512 static int dissect_reverseOrder_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1513 return dissect_ldap_BOOLEAN(TRUE, tvb, offset, pinfo, tree, hf_ldap_reverseOrder);
1519 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1520 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1522 #line 493 "ldap.cnf"
1523 if(and_filter_string){
1524 and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string);
1526 and_filter_string=Filter_string;
1532 static int dissect_and_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1533 return dissect_ldap_T_and_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_and_item);
1537 static const ber_sequence_t T_and_set_of[1] = {
1538 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_and_item },
1542 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1543 #line 500 "ldap.cnf"
1544 const ber_sequence_t and_set_of[1] = { { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_and_item },
1546 proto_tree *tr=NULL;
1547 proto_item *it=NULL;
1548 char *old_and_filter_string=and_filter_string;
1550 and_filter_string=NULL;
1552 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "and: ");
1553 tr=proto_item_add_subtree(it, ett_ldap_T_and);
1555 offset = dissect_ber_set_of(implicit_tag, pinfo, tr, tvb, offset,
1556 and_set_of, -1, ett_ldap_T_and);
1558 proto_item_append_text(it, "%s", and_filter_string);
1559 Filter_string=ep_strdup_printf("%s",and_filter_string);
1560 and_filter_string=old_and_filter_string;
1566 static int dissect_and_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1567 return dissect_ldap_T_and(TRUE, tvb, offset, pinfo, tree, hf_ldap_and);
1573 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1574 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1576 #line 519 "ldap.cnf"
1577 if(or_filter_string){
1578 or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string);
1580 or_filter_string=Filter_string;
1587 static int dissect_or_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1588 return dissect_ldap_T_or_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_or_item);
1592 static const ber_sequence_t T_or_set_of[1] = {
1593 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_or_item },
1597 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1598 #line 527 "ldap.cnf"
1599 const ber_sequence_t or_set_of[1] = { { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_or_item },
1601 proto_tree *tr=NULL;
1602 proto_item *it=NULL;
1603 char *old_or_filter_string=or_filter_string;
1605 or_filter_string=NULL;
1607 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "or: ");
1608 tr=proto_item_add_subtree(it, ett_ldap_T_or);
1610 offset = dissect_ber_set_of(implicit_tag, pinfo, tr, tvb, offset,
1611 or_set_of, -1, ett_ldap_T_or);
1613 proto_item_append_text(it, "%s", or_filter_string);
1614 Filter_string=ep_strdup_printf("%s",or_filter_string);
1615 or_filter_string=old_or_filter_string;
1621 static int dissect_or_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1622 return dissect_ldap_T_or(TRUE, tvb, offset, pinfo, tree, hf_ldap_or);
1628 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1629 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1631 #line 549 "ldap.cnf"
1632 Filter_string=ep_strdup_printf("(!%s)",Filter_string);
1637 static int dissect_not_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1638 return dissect_ldap_T_not(TRUE, tvb, offset, pinfo, tree, hf_ldap_not);
1644 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1645 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1649 static int dissect_AttributeDescriptionList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1650 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_AttributeDescriptionList_item);
1652 static int dissect_attributeDesc(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1653 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_attributeDesc);
1655 static int dissect_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1656 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_type);
1658 static int dissect_type_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1659 return dissect_ldap_AttributeDescription(TRUE, tvb, offset, pinfo, tree, hf_ldap_type);
1661 static int dissect_attributeType(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1662 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_attributeType);
1664 static int dissect_attributeType_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1665 return dissect_ldap_AttributeDescription(TRUE, tvb, offset, pinfo, tree, hf_ldap_attributeType);
1668 static int dissect_assertionValue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1669 return dissect_ldap_AssertionValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_assertionValue);
1671 static int dissect_matchValue_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1672 return dissect_ldap_AssertionValue(TRUE, tvb, offset, pinfo, tree, hf_ldap_matchValue);
1676 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1677 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_attributeDesc },
1678 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_assertionValue },
1683 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1684 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1685 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1689 static int dissect_ava(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1690 return dissect_ldap_AttributeValueAssertion(FALSE, tvb, offset, pinfo, tree, hf_ldap_ava);
1696 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1697 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1699 #line 478 "ldap.cnf"
1700 Filter_string=ep_strdup_printf("(%s=%s)",attributedesc_string,ldapvalue_string);
1706 static int dissect_equalityMatch_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1707 return dissect_ldap_T_equalityMatch(TRUE, tvb, offset, pinfo, tree, hf_ldap_equalityMatch);
1711 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
1718 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
1719 { 0, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_initial_impl },
1720 { 1, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_any_impl },
1721 { 2, BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_final_impl },
1722 { 0, 0, 0, 0, NULL }
1726 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1727 offset = dissect_ber_choice(pinfo, tree, tvb, offset,
1728 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
1731 #line 575 "ldap.cnf"
1732 if (substring_item_final) {
1733 substring_value=ep_strdup_printf("%s%s",
1734 (substring_value?substring_value:"*"),
1735 substring_item_final);
1736 } else if (substring_item_any) {
1737 substring_value=ep_strdup_printf("%s%s*",
1738 (substring_value?substring_value:"*"),
1739 substring_item_any);
1740 } else if (substring_item_init) {
1741 substring_value=ep_strdup_printf("%s*",
1742 substring_item_init);
1748 static int dissect_substringFilter_substrings_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1749 return dissect_ldap_T_substringFilter_substrings_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_substringFilter_substrings_item);
1753 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
1754 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_substringFilter_substrings_item },
1758 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1759 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
1760 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
1764 static int dissect_substringFilter_substrings(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1765 return dissect_ldap_T_substringFilter_substrings(FALSE, tvb, offset, pinfo, tree, hf_ldap_substringFilter_substrings);
1769 static const ber_sequence_t SubstringFilter_sequence[] = {
1770 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
1771 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_substringFilter_substrings },
1776 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1777 #line 589 "ldap.cnf"
1778 proto_tree *tr=NULL;
1779 proto_item *it=NULL;
1780 char *old_substring_value=substring_value;
1782 substring_value=NULL;
1783 substring_item_init=NULL;
1784 substring_item_any=NULL;
1785 substring_item_final=NULL;
1787 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "substring: ");
1788 tr=proto_item_add_subtree(it, ett_ldap_SubstringFilter);
1790 offset = dissect_ber_sequence(implicit_tag, pinfo, tr, tvb, offset,
1791 SubstringFilter_sequence, hf_index,
1792 ett_ldap_SubstringFilter);
1794 Filter_string=ep_strdup_printf("(%s=%s)",attr_type,substring_value);
1795 proto_item_append_text(it, "%s", Filter_string);
1796 substring_value=old_substring_value;
1802 static int dissect_substrings_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1803 return dissect_ldap_SubstringFilter(TRUE, tvb, offset, pinfo, tree, hf_ldap_substrings);
1809 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1810 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1812 #line 482 "ldap.cnf"
1813 Filter_string=ep_strdup_printf("(%s>=%s)",attributedesc_string,ldapvalue_string);
1819 static int dissect_greaterOrEqual_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1820 return dissect_ldap_T_greaterOrEqual(TRUE, tvb, offset, pinfo, tree, hf_ldap_greaterOrEqual);
1826 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1827 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1829 #line 486 "ldap.cnf"
1830 Filter_string=ep_strdup_printf("(%s<=%s)",attributedesc_string,ldapvalue_string);
1836 static int dissect_lessOrEqual_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1837 return dissect_ldap_T_lessOrEqual(TRUE, tvb, offset, pinfo, tree, hf_ldap_lessOrEqual);
1843 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1844 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1846 #line 546 "ldap.cnf"
1847 Filter_string=ep_strdup_printf("(%s=*)",Filter_string);
1852 static int dissect_present_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1853 return dissect_ldap_T_present(TRUE, tvb, offset, pinfo, tree, hf_ldap_present);
1859 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1860 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1862 #line 490 "ldap.cnf"
1863 Filter_string=ep_strdup_printf("(%s~=%s)",attributedesc_string,ldapvalue_string);
1868 static int dissect_approxMatch_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1869 return dissect_ldap_T_approxMatch(TRUE, tvb, offset, pinfo, tree, hf_ldap_approxMatch);
1875 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1876 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1880 static int dissect_matchingRule_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1881 return dissect_ldap_MatchingRuleId(TRUE, tvb, offset, pinfo, tree, hf_ldap_matchingRule);
1883 static int dissect_orderingRule_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1884 return dissect_ldap_MatchingRuleId(TRUE, tvb, offset, pinfo, tree, hf_ldap_orderingRule);
1888 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
1889 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_matchingRule_impl },
1890 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_type_impl },
1891 { BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_matchValue_impl },
1892 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_dnAttributes_impl },
1897 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1898 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1899 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
1907 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1908 #line 561 "ldap.cnf"
1910 matching_rule_string=NULL;
1911 ldapvalue_string=NULL;
1912 matching_rule_dnattr=FALSE;
1915 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1917 #line 567 "ldap.cnf"
1918 Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)",
1919 (attr_type?attr_type:""),
1920 (matching_rule_dnattr?"dn:":""),
1921 (matching_rule_string?matching_rule_string:""),
1922 (matching_rule_string?":":""),
1928 static int dissect_extensibleMatch_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1929 return dissect_ldap_T_extensibleMatch(TRUE, tvb, offset, pinfo, tree, hf_ldap_extensibleMatch);
1933 static const value_string ldap_Filter_vals[] = {
1937 { 3, "equalityMatch" },
1938 { 4, "substrings" },
1939 { 5, "greaterOrEqual" },
1940 { 6, "lessOrEqual" },
1942 { 8, "approxMatch" },
1943 { 9, "extensibleMatch" },
1947 static const ber_choice_t Filter_choice[] = {
1948 { 0, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_and_impl },
1949 { 1, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_or_impl },
1950 { 2, BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_not_impl },
1951 { 3, BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_equalityMatch_impl },
1952 { 4, BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_substrings_impl },
1953 { 5, BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_greaterOrEqual_impl },
1954 { 6, BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_lessOrEqual_impl },
1955 { 7, BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_present_impl },
1956 { 8, BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_approxMatch_impl },
1957 { 9, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_extensibleMatch_impl },
1958 { 0, 0, 0, 0, NULL }
1962 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1963 #line 610 "ldap.cnf"
1964 proto_tree *tr=NULL;
1965 proto_item *it=NULL;
1968 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
1969 tr=proto_item_add_subtree(it, ett_ldap_Filter);
1971 offset = dissect_ber_choice(pinfo, tr, tvb, offset,
1972 Filter_choice, -1, ett_ldap_Filter,
1975 proto_item_append_text(it, "%s", Filter_string);
1985 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1986 #line 471 "ldap.cnf"
1990 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1992 #line 474 "ldap.cnf"
1994 and_filter_string=NULL;
1999 static int dissect_filter(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2000 return dissect_ldap_T_filter(FALSE, tvb, offset, pinfo, tree, hf_ldap_filter);
2004 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2005 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_AttributeDescriptionList_item },
2009 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2010 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2011 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2015 static int dissect_searchRequest_attributes(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2016 return dissect_ldap_AttributeDescriptionList(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchRequest_attributes);
2020 static const ber_sequence_t SearchRequest_sequence[] = {
2021 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_baseObject },
2022 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_scope },
2023 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_derefAliases },
2024 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_sizeLimit },
2025 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_timeLimit },
2026 { BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_typesOnly },
2027 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_filter },
2028 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_searchRequest_attributes },
2033 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2034 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2035 SearchRequest_sequence, hf_index, ett_ldap_SearchRequest);
2039 static int dissect_searchRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2040 return dissect_ldap_SearchRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchRequest);
2046 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2047 #line 400 "ldap.cnf"
2053 int old_offset = offset;
2055 /* extract the value of the octetstring */
2056 offset = dissect_ber_octet_string(FALSE, pinfo, NULL, tvb, offset, hf_index, &next_tvb);
2058 /* if we have an attribute type that isn't binary see if there is a better dissector */
2059 if(!attr_type || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, pinfo, tree)) {
2060 offset = old_offset;
2062 /* do the default thing */
2063 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2069 len = tvb_length_remaining(next_tvb, 0);
2071 for(i = 0; i < len; i++)
2072 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
2076 string = tvb_get_string(next_tvb, 0, tvb_length_remaining(next_tvb, 0));
2078 pi = get_ber_last_created_item();
2080 proto_item_set_text(pi, "%s", string);
2088 static int dissect_vals_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2089 return dissect_ldap_AttributeValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_vals_item);
2093 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2094 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_vals_item },
2098 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2099 offset = dissect_ber_set_of(implicit_tag, pinfo, tree, tvb, offset,
2100 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2104 static int dissect_vals(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2105 return dissect_ldap_SET_OF_AttributeValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_vals);
2109 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2110 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
2111 { BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_vals },
2116 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2117 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2118 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2122 static int dissect_PartialAttributeList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2123 return dissect_ldap_PartialAttributeList_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_PartialAttributeList_item);
2127 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2128 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_PartialAttributeList_item },
2132 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2133 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2134 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2138 static int dissect_searchResultEntry_attributes(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2139 return dissect_ldap_PartialAttributeList(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResultEntry_attributes);
2143 static const ber_sequence_t SearchResultEntry_sequence[] = {
2144 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_objectName },
2145 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_searchResultEntry_attributes },
2150 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2151 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2152 SearchResultEntry_sequence, hf_index, ett_ldap_SearchResultEntry);
2156 static int dissect_searchResEntry(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2157 return dissect_ldap_SearchResultEntry(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResEntry);
2161 static const value_string ldap_T_resultCode_vals[] = {
2163 { 1, "operationsError" },
2164 { 2, "protocolError" },
2165 { 3, "timeLimitExceeded" },
2166 { 4, "sizeLimitExceeded" },
2167 { 5, "compareFalse" },
2168 { 6, "compareTrue" },
2169 { 7, "authMethodNotSupported" },
2170 { 8, "strongAuthRequired" },
2172 { 11, "adminLimitExceeded" },
2173 { 12, "unavailableCriticalExtension" },
2174 { 13, "confidentialityRequired" },
2175 { 14, "saslBindInProgress" },
2176 { 16, "noSuchAttribute" },
2177 { 17, "undefinedAttributeType" },
2178 { 18, "inappropriateMatching" },
2179 { 19, "constraintViolation" },
2180 { 20, "attributeOrValueExists" },
2181 { 21, "invalidAttributeSyntax" },
2182 { 32, "noSuchObject" },
2183 { 33, "aliasProblem" },
2184 { 34, "invalidDNSyntax" },
2185 { 36, "aliasDereferencingProblem" },
2186 { 48, "inappropriateAuthentication" },
2187 { 49, "invalidCredentials" },
2188 { 50, "insufficientAccessRights" },
2190 { 52, "unavailable" },
2191 { 53, "unwillingToPerform" },
2192 { 54, "loopDetect" },
2193 { 64, "namingViolation" },
2194 { 65, "objectClassViolation" },
2195 { 66, "notAllowedOnNonLeaf" },
2196 { 67, "notAllowedOnRDN" },
2197 { 68, "entryAlreadyExists" },
2198 { 69, "objectClassModsProhibited" },
2199 { 71, "affectsMultipleDSAs" },
2206 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2207 #line 357 "ldap.cnf"
2209 const gchar *valstr;
2211 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2215 ldap_do_protocolop(pinfo);
2219 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2221 if (check_col(pinfo->cinfo, COL_INFO))
2222 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
2225 proto_item_append_text(ldm_tree, " %s", valstr);
2233 static int dissect_resultCode(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2234 return dissect_ldap_T_resultCode(FALSE, tvb, offset, pinfo, tree, hf_ldap_resultCode);
2238 static const ber_sequence_t LDAPResult_sequence[] = {
2239 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_resultCode },
2240 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_matchedDN },
2241 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_errorMessage },
2242 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_referral_impl },
2247 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2248 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2249 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2257 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2258 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2262 static int dissect_searchResDone(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2263 return dissect_ldap_SearchResultDone(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResDone);
2267 static const ber_sequence_t SearchResultReference_sequence_of[1] = {
2268 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_SearchResultReference_item },
2272 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2273 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2274 SearchResultReference_sequence_of, hf_index, ett_ldap_SearchResultReference);
2278 static int dissect_searchResRef(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2279 return dissect_ldap_SearchResultReference(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResRef);
2283 static const value_string ldap_T_operation_vals[] = {
2292 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2293 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2298 static int dissect_operation(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2299 return dissect_ldap_T_operation(FALSE, tvb, offset, pinfo, tree, hf_ldap_operation);
2303 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2304 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
2305 { BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_vals },
2310 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2311 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2312 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2316 static int dissect_modification(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2317 return dissect_ldap_AttributeTypeAndValues(FALSE, tvb, offset, pinfo, tree, hf_ldap_modification);
2321 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2322 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_operation },
2323 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_modification },
2328 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2329 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2330 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2334 static int dissect_modifyRequest_modification_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2335 return dissect_ldap_T_modifyRequest_modification_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyRequest_modification_item);
2339 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2340 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_modifyRequest_modification_item },
2344 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2345 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2346 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2350 static int dissect_modifyRequest_modification(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2351 return dissect_ldap_ModifyRequest_modification(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyRequest_modification);
2355 static const ber_sequence_t ModifyRequest_sequence[] = {
2356 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_object },
2357 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_modifyRequest_modification },
2362 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2363 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2364 ModifyRequest_sequence, hf_index, ett_ldap_ModifyRequest);
2368 static int dissect_modifyRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2369 return dissect_ldap_ModifyRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyRequest);
2375 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2376 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2380 static int dissect_modifyResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2381 return dissect_ldap_ModifyResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyResponse);
2385 static const ber_sequence_t AttributeList_item_sequence[] = {
2386 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
2387 { BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_vals },
2392 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2393 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2394 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2398 static int dissect_AttributeList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2399 return dissect_ldap_AttributeList_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_AttributeList_item);
2403 static const ber_sequence_t AttributeList_sequence_of[1] = {
2404 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_AttributeList_item },
2408 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2409 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2410 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2414 static int dissect_attributes(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2415 return dissect_ldap_AttributeList(FALSE, tvb, offset, pinfo, tree, hf_ldap_attributes);
2419 static const ber_sequence_t AddRequest_sequence[] = {
2420 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_entry },
2421 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_attributes },
2426 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2427 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2428 AddRequest_sequence, hf_index, ett_ldap_AddRequest);
2432 static int dissect_addRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2433 return dissect_ldap_AddRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_addRequest);
2439 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2440 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2444 static int dissect_addResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2445 return dissect_ldap_AddResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_addResponse);
2451 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2452 offset = dissect_ldap_LDAPDN(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2456 static int dissect_delRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2457 return dissect_ldap_DelRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_delRequest);
2463 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2464 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2468 static int dissect_delResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2469 return dissect_ldap_DelResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_delResponse);
2475 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2476 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2480 static int dissect_newrdn(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2481 return dissect_ldap_RelativeLDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_newrdn);
2485 static const ber_sequence_t ModifyDNRequest_sequence[] = {
2486 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_entry },
2487 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_newrdn },
2488 { BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_deleteoldrdn },
2489 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_newSuperior_impl },
2494 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2495 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2496 ModifyDNRequest_sequence, hf_index, ett_ldap_ModifyDNRequest);
2500 static int dissect_modDNRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2501 return dissect_ldap_ModifyDNRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_modDNRequest);
2507 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2508 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2512 static int dissect_modDNResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2513 return dissect_ldap_ModifyDNResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_modDNResponse);
2517 static const ber_sequence_t CompareRequest_sequence[] = {
2518 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_entry },
2519 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ava },
2524 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2525 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2526 CompareRequest_sequence, hf_index, ett_ldap_CompareRequest);
2530 static int dissect_compareRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2531 return dissect_ldap_CompareRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_compareRequest);
2537 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2538 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2542 static int dissect_compareResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2543 return dissect_ldap_CompareResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_compareResponse);
2549 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2550 offset = dissect_ldap_MessageID(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2554 static int dissect_abandonRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2555 return dissect_ldap_AbandonRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_abandonRequest);
2561 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2564 tvbuff_t *parameter_tvb;
2566 proto_item *item = NULL;
2569 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2574 object_identifier_id = NULL;
2579 object_identifier_id = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
2580 name = get_oid_str_name(object_identifier_id);
2583 item = get_ber_last_created_item();
2585 proto_item_append_text(item, " (%s)", name);
2586 proto_item_append_text(tree, " %s", name);
2593 static int dissect_requestName_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2594 return dissect_ldap_LDAPOID(TRUE, tvb, offset, pinfo, tree, hf_ldap_requestName);
2600 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2601 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2606 static int dissect_requestValue_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2607 return dissect_ldap_OCTET_STRING(TRUE, tvb, offset, pinfo, tree, hf_ldap_requestValue);
2609 static int dissect_response_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2610 return dissect_ldap_OCTET_STRING(TRUE, tvb, offset, pinfo, tree, hf_ldap_response);
2612 static int dissect_cookie(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2613 return dissect_ldap_OCTET_STRING(FALSE, tvb, offset, pinfo, tree, hf_ldap_cookie);
2617 static const ber_sequence_t ExtendedRequest_sequence[] = {
2618 { BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_requestName_impl },
2619 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_requestValue_impl },
2624 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2625 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2626 ExtendedRequest_sequence, hf_index, ett_ldap_ExtendedRequest);
2630 static int dissect_extendedReq(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2631 return dissect_ldap_ExtendedRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_extendedReq);
2635 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2637 { 1, "operationsError" },
2638 { 2, "protocolError" },
2639 { 3, "timeLimitExceeded" },
2640 { 4, "sizeLimitExceeded" },
2641 { 5, "compareFalse" },
2642 { 6, "compareTrue" },
2643 { 7, "authMethodNotSupported" },
2644 { 8, "strongAuthRequired" },
2646 { 11, "adminLimitExceeded" },
2647 { 12, "unavailableCriticalExtension" },
2648 { 13, "confidentialityRequired" },
2649 { 14, "saslBindInProgress" },
2650 { 16, "noSuchAttribute" },
2651 { 17, "undefinedAttributeType" },
2652 { 18, "inappropriateMatching" },
2653 { 19, "constraintViolation" },
2654 { 20, "attributeOrValueExists" },
2655 { 21, "invalidAttributeSyntax" },
2656 { 32, "noSuchObject" },
2657 { 33, "aliasProblem" },
2658 { 34, "invalidDNSyntax" },
2659 { 36, "aliasDereferencingProblem" },
2660 { 48, "inappropriateAuthentication" },
2661 { 49, "invalidCredentials" },
2662 { 50, "insufficientAccessRights" },
2664 { 52, "unavailable" },
2665 { 53, "unwillingToPerform" },
2666 { 54, "loopDetect" },
2667 { 64, "namingViolation" },
2668 { 65, "objectClassViolation" },
2669 { 66, "notAllowedOnNonLeaf" },
2670 { 67, "notAllowedOnRDN" },
2671 { 68, "entryAlreadyExists" },
2672 { 69, "objectClassModsProhibited" },
2673 { 71, "affectsMultipleDSAs" },
2680 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2681 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2686 static int dissect_extendedResponse_resultCode(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2687 return dissect_ldap_ExtendedResponse_resultCode(FALSE, tvb, offset, pinfo, tree, hf_ldap_extendedResponse_resultCode);
2693 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2694 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2698 static int dissect_responseName_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2699 return dissect_ldap_ResponseName(TRUE, tvb, offset, pinfo, tree, hf_ldap_responseName);
2703 static const ber_sequence_t ExtendedResponse_sequence[] = {
2704 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_extendedResponse_resultCode },
2705 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_matchedDN },
2706 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_errorMessage },
2707 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_referral_impl },
2708 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_responseName_impl },
2709 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_response_impl },
2714 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2715 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2716 ExtendedResponse_sequence, hf_index, ett_ldap_ExtendedResponse);
2720 static int dissect_extendedResp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2721 return dissect_ldap_ExtendedResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_extendedResp);
2725 static const value_string ldap_ProtocolOp_vals[] = {
2726 { 0, "bindRequest" },
2727 { 1, "bindResponse" },
2728 { 2, "unbindRequest" },
2729 { 3, "searchRequest" },
2730 { 4, "searchResEntry" },
2731 { 5, "searchResDone" },
2732 { 19, "searchResRef" },
2733 { 6, "modifyRequest" },
2734 { 7, "modifyResponse" },
2735 { 8, "addRequest" },
2736 { 9, "addResponse" },
2737 { 10, "delRequest" },
2738 { 11, "delResponse" },
2739 { 12, "modDNRequest" },
2740 { 13, "modDNResponse" },
2741 { 14, "compareRequest" },
2742 { 15, "compareResponse" },
2743 { 16, "abandonRequest" },
2744 { 23, "extendedReq" },
2745 { 24, "extendedResp" },
2749 static const ber_choice_t ProtocolOp_choice[] = {
2750 { 0, BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_bindRequest },
2751 { 1, BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_bindResponse },
2752 { 2, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_unbindRequest },
2753 { 3, BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_searchRequest },
2754 { 4, BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_searchResEntry },
2755 { 5, BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_searchResDone },
2756 { 19, BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_searchResRef },
2757 { 6, BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_modifyRequest },
2758 { 7, BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_modifyResponse },
2759 { 8, BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_addRequest },
2760 { 9, BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_addResponse },
2761 { 10, BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_delRequest },
2762 { 11, BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_delResponse },
2763 { 12, BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_modDNRequest },
2764 { 13, BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_modDNResponse },
2765 { 14, BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_compareRequest },
2766 { 15, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_compareResponse },
2767 { 16, BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_abandonRequest },
2768 { 23, BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_extendedReq },
2769 { 24, BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_extendedResp },
2770 { 0, 0, 0, 0, NULL }
2774 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2777 ldap_call_response_t *lcrp;
2778 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)pinfo->private_data;
2779 do_protocolop = TRUE;
2782 offset = dissect_ber_choice(pinfo, tree, tvb, offset,
2783 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
2788 lcrp=ldap_match_call_response(tvb, pinfo, tree, MessageID, ProtocolOp);
2790 tap_queue_packet(ldap_tap, pinfo, lcrp);
2793 /* XXX: the count will not work if the results span multiple TCP packets */
2795 if(ldap_info && tree) { /* only count once - on tree pass */
2796 switch(ProtocolOp) {
2798 case LDAP_RES_SEARCH_ENTRY:
2799 ldap_info->num_results++;
2801 proto_item_append_text(tree, " [%d result%s]",
2802 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2806 case LDAP_RES_SEARCH_RESULT:
2808 if (check_col(pinfo->cinfo, COL_INFO))
2809 col_append_fstr(pinfo->cinfo, COL_INFO, " [%d result%s]",
2810 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2812 proto_item_append_text(tree, " [%d result%s]",
2813 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2815 ldap_info->num_results = 0;
2825 static int dissect_protocolOp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2826 return dissect_ldap_ProtocolOp(FALSE, tvb, offset, pinfo, tree, hf_ldap_protocolOp);
2832 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2833 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2837 static int dissect_controlType(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2838 return dissect_ldap_ControlType(FALSE, tvb, offset, pinfo, tree, hf_ldap_controlType);
2844 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2845 #line 654 "ldap.cnf"
2851 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2852 /* remove the OCTET STRING encoding */
2853 offset=dissect_ber_identifier(pinfo, NULL, tvb, offset, &class, &pc, &tag);
2854 offset=dissect_ber_length(pinfo, NULL, tvb, offset, &len, &ind);
2856 call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
2860 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2869 static int dissect_controlValue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2870 return dissect_ldap_T_controlValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_controlValue);
2874 static const ber_sequence_t Control_sequence[] = {
2875 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_controlType },
2876 { BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_criticality },
2877 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_controlValue },
2882 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2883 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2884 Control_sequence, hf_index, ett_ldap_Control);
2888 static int dissect_Controls_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2889 return dissect_ldap_Control(FALSE, tvb, offset, pinfo, tree, hf_ldap_Controls_item);
2893 static const ber_sequence_t Controls_sequence_of[1] = {
2894 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_Controls_item },
2898 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2899 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2900 Controls_sequence_of, hf_index, ett_ldap_Controls);
2904 static int dissect_controls_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2905 return dissect_ldap_Controls(TRUE, tvb, offset, pinfo, tree, hf_ldap_controls);
2909 static const ber_sequence_t LDAPMessage_sequence[] = {
2910 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_messageID },
2911 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_protocolOp },
2912 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_controls_impl },
2917 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2918 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2919 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
2929 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2930 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2935 static int dissect_size(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2936 return dissect_ldap_INTEGER(FALSE, tvb, offset, pinfo, tree, hf_ldap_size);
2938 static int dissect_parentsFirst(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2939 return dissect_ldap_INTEGER(FALSE, tvb, offset, pinfo, tree, hf_ldap_parentsFirst);
2941 static int dissect_maxReturnLength(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2942 return dissect_ldap_INTEGER(FALSE, tvb, offset, pinfo, tree, hf_ldap_maxReturnLength);
2946 static const ber_sequence_t SearchControlValue_sequence[] = {
2947 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_size },
2948 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_cookie },
2953 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2954 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2955 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
2961 static const ber_sequence_t SortKeyList_item_sequence[] = {
2962 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_attributeType },
2963 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_orderingRule_impl },
2964 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_reverseOrder_impl },
2969 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2970 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2971 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
2975 static int dissect_SortKeyList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2976 return dissect_ldap_SortKeyList_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_SortKeyList_item);
2980 static const ber_sequence_t SortKeyList_sequence_of[1] = {
2981 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_SortKeyList_item },
2985 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2986 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2987 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
2993 static const value_string ldap_T_sortResult_vals[] = {
2995 { 1, "operationsError" },
2996 { 3, "timeLimitExceeded" },
2997 { 8, "strongAuthRequired" },
2998 { 11, "adminLimitExceeded" },
2999 { 16, "noSuchAttribute" },
3000 { 18, "inappropriateMatching" },
3001 { 50, "insufficientAccessRights" },
3003 { 53, "unwillingToPerform" },
3010 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
3011 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
3016 static int dissect_sortResult(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
3017 return dissect_ldap_T_sortResult(FALSE, tvb, offset, pinfo, tree, hf_ldap_sortResult);
3021 static const ber_sequence_t SortResult_sequence[] = {
3022 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_sortResult },
3023 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_attributeType_impl },
3028 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
3029 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
3030 SortResult_sequence, hf_index, ett_ldap_SortResult);
3036 static const ber_sequence_t ReplControlValue_sequence[] = {
3037 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_parentsFirst },
3038 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_maxReturnLength },
3039 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_cookie },
3044 dissect_ldap_ReplControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
3045 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
3046 ReplControlValue_sequence, hf_index, ett_ldap_ReplControlValue);
3053 static void dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3054 dissect_ldap_LDAPMessage(FALSE, tvb, 0, pinfo, tree, hf_ldap_LDAPMessage_PDU);
3056 static void dissect_SearchControlValue_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3057 dissect_ldap_SearchControlValue(FALSE, tvb, 0, pinfo, tree, hf_ldap_SearchControlValue_PDU);
3059 static void dissect_SortKeyList_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3060 dissect_ldap_SortKeyList(FALSE, tvb, 0, pinfo, tree, hf_ldap_SortKeyList_PDU);
3062 static void dissect_SortResult_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3063 dissect_ldap_SortResult(FALSE, tvb, 0, pinfo, tree, hf_ldap_SortResult_PDU);
3065 static void dissect_ReplControlValue_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3066 dissect_ldap_ReplControlValue(FALSE, tvb, 0, pinfo, tree, hf_ldap_ReplControlValue_PDU);
3070 /*--- End of included file: packet-ldap-fn.c ---*/
3071 #line 542 "packet-ldap-template.c"
3074 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3075 proto_tree *tree, ldap_conv_info_t *ldap_info,
3076 gboolean rest_is_pad, gboolean is_mscldap)
3079 guint length_remaining;
3081 int messageOffset = 0;
3082 guint headerLength = 0;
3084 tvbuff_t *msg_tvb = NULL;
3086 gboolean pc, ind = 0;
3089 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3091 if (rest_is_pad && length_remaining < 6) return;
3094 * OK, try to read the "Sequence Of" header; this gets the total
3095 * length of the LDAP message.
3097 messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
3098 messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind);
3100 if (ber_tag == BER_UNI_TAG_SEQUENCE) {
3102 * Add the length of the "Sequence Of" header to the message
3105 headerLength = messageOffset - offset;
3106 msg_len += headerLength;
3107 if (msg_len < headerLength) {
3109 * The message length was probably so large that the total length
3112 * Report this as an error.
3114 show_reported_bounds_error(tvb, pinfo, tree);
3119 * We couldn't parse the header; just make it the amount of data
3120 * remaining in the tvbuff, so we'll give up on this segment
3121 * after attempting to parse the message - there's nothing more
3122 * we can do. "dissect_ldap_message()" will display the error.
3124 msg_len = length_remaining;
3128 * Construct a tvbuff containing the amount of the payload we have
3129 * available. Make its reported length the amount of data in the
3132 * XXX - if reassembly isn't enabled. the subdissector will throw a
3133 * BoundsError exception, rather than a ReportedBoundsError exception.
3134 * We really want a tvbuff where the length is "length", the reported
3135 * length is "plen", and the "if the snapshot length were infinite"
3136 * length is the minimum of the reported length of the tvbuff handed
3137 * to us and "plen", with a new type of exception thrown if the offset
3138 * is within the reported length but beyond that third length, with
3139 * that exception getting the "Unreassembled Packet" error.
3141 length = length_remaining;
3142 if (length > msg_len) length = msg_len;
3143 msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
3146 * Now dissect the LDAP message.
3149 ldap_info->is_mscldap = is_mscldap;
3150 pinfo->private_data = ldap_info;
3151 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree);
3159 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3162 conversation_t *conversation;
3163 gboolean doing_sasl_security = FALSE;
3164 guint length_remaining;
3165 ldap_conv_info_t *ldap_info = NULL;
3166 proto_item *ldap_item = NULL;
3167 proto_tree *ldap_tree = NULL;
3172 * Do we have a conversation for this connection?
3174 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3175 pinfo->ptype, pinfo->srcport,
3176 pinfo->destport, 0);
3177 if (conversation == NULL) {
3178 /* We don't yet have a conversation, so create one. */
3179 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3180 pinfo->ptype, pinfo->srcport,
3181 pinfo->destport, 0);
3186 * Do we already have a type and mechanism?
3188 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
3189 if (ldap_info == NULL) {
3190 /* No. Attach that information to the conversation, and add
3191 * it to the list of information structures.
3193 ldap_info = se_alloc(sizeof(ldap_conv_info_t));
3194 ldap_info->auth_type = 0;
3195 ldap_info->auth_mech = 0;
3196 ldap_info->first_auth_frame = 0;
3197 ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
3198 ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3199 ldap_info->num_results = 0;
3201 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3203 ldap_info->next = ldap_info_items;
3204 ldap_info_items = ldap_info;
3208 switch (ldap_info->auth_type) {
3209 case LDAP_AUTH_SASL:
3211 * It's SASL; are we using a security layer?
3213 if (ldap_info->first_auth_frame != 0 &&
3214 pinfo->fd->num >= ldap_info->first_auth_frame) {
3215 doing_sasl_security = TRUE; /* yes */
3219 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3221 /* It might still be a packet containing a SASL security layer
3222 * but its just that we never saw the BIND packet.
3223 * check if it looks like it could be a SASL blob here
3224 * and in that case just assume it is GSS-SPNEGO
3226 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
3227 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
3228 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
3229 ldap_info->auth_type=LDAP_AUTH_SASL;
3230 ldap_info->first_auth_frame=pinfo->fd->num;
3231 ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
3232 doing_sasl_security=TRUE;
3236 * This is the first PDU, set the Protocol column and clear the
3239 if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
3240 if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
3242 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, FALSE);
3243 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
3246 * Might we be doing a SASL security layer and, if so, *are* we doing
3249 * Just because we've seen a bind reply for SASL, that doesn't mean
3250 * that we're using a SASL security layer; I've seen captures in
3251 * which some SASL negotiations lead to a security layer being used
3252 * and other negotiations don't, and it's not obvious what's different
3253 * in the two negotiations. Therefore, we assume that if the first
3254 * byte is 0, it's a length for a SASL security layer (that way, we
3255 * never reassemble more than 16 megabytes, protecting us from
3256 * chewing up *too* much memory), and otherwise that it's an LDAP
3257 * message (actually, if it's an LDAP message it should begin with 0x30,
3258 * but we want to parse garbage as LDAP messages rather than really
3262 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
3263 proto_item *sasl_item = NULL;
3264 proto_tree *sasl_tree = NULL;
3266 guint sasl_len, sasl_msg_len, length;
3268 * Yes. The frame begins with a 4-byte big-endian length.
3269 * And we know we have at least 6 bytes
3273 * Get the SASL length, which is the length of data in the buffer
3274 * following the length (i.e., it's 4 less than the total length).
3276 * XXX - do we need to reassemble buffers? For now, we
3277 * assume that each LDAP message is entirely contained within
3280 sasl_len = tvb_get_ntohl(tvb, offset);
3281 sasl_msg_len = sasl_len + 4;
3282 if (sasl_msg_len < 4) {
3284 * The message length was probably so large that the total length
3287 * Report this as an error.
3289 show_reported_bounds_error(tvb, pinfo, tree);
3294 * Construct a tvbuff containing the amount of the payload we have
3295 * available. Make its reported length the amount of data in the PDU.
3297 * XXX - if reassembly isn't enabled. the subdissector will throw a
3298 * BoundsError exception, rather than a ReportedBoundsError exception.
3299 * We really want a tvbuff where the length is "length", the reported
3300 * length is "plen", and the "if the snapshot length were infinite"
3301 * length is the minimum of the reported length of the tvbuff handed
3302 * to us and "plen", with a new type of exception thrown if the offset
3303 * is within the reported length but beyond that third length, with
3304 * that exception getting the "Unreassembled Packet" error.
3306 length = length_remaining;
3307 if (length > sasl_msg_len) length = sasl_msg_len;
3308 sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
3311 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
3314 sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL buffer");
3315 sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
3318 if (ldap_info->auth_mech != NULL &&
3319 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
3320 tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
3325 * This is GSS-API (using SPNEGO, but we should be done with
3326 * the negotiation by now).
3328 * Dissect the GSS_Wrap() token; it'll return the length of
3329 * the token, from which we compute the offset in the tvbuff at
3330 * which the plaintext data, i.e. the LDAP message, begins.
3332 length = tvb_length_remaining(sasl_tvb, 4);
3333 if ((guint)length > sasl_len)
3335 gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
3337 /* Attempt decryption of the GSSAPI wrapped data if possible */
3338 pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
3339 pinfo->gssapi_wrap_tvb=NULL;
3340 pinfo->gssapi_encrypted_tvb=NULL;
3341 pinfo->gssapi_decrypted_tvb=NULL;
3342 ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
3343 /* if we could unwrap, do a tvb shuffle */
3344 if(pinfo->gssapi_decrypted_tvb){
3345 decr_tvb=pinfo->gssapi_decrypted_tvb;
3348 pinfo->decrypt_gssapi_tvb=0;
3349 pinfo->gssapi_wrap_tvb=NULL;
3350 pinfo->gssapi_encrypted_tvb=NULL;
3351 pinfo->gssapi_decrypted_tvb=NULL;
3354 * if len is 0 it probably mean that we got a PDU that is not
3355 * aligned to the start of the segment.
3362 * if we don't have unwrapped data,
3363 * see if the wrapping involved encryption of the
3364 * data; if not, just use the plaintext data.
3367 if(!pinfo->gssapi_data_encrypted){
3368 plain_tvb = tvb_new_subset(gssapi_tvb, ver_len, -1, -1);
3373 proto_item *enc_item = NULL;
3374 proto_tree *enc_tree = NULL;
3377 * The LDAP message was encrypted in the packet, and has
3378 * been decrypted; dissect the decrypted LDAP message.
3381 enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3382 "GSS-API Encrypted payload (%d byte%s)",
3384 plurality(sasl_len - ver_len, "", "s"));
3385 enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
3387 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap);
3388 } else if (plain_tvb) {
3389 proto_item *plain_item = NULL;
3390 proto_tree *plain_tree = NULL;
3393 * The LDAP message wasn't encrypted in the packet;
3394 * dissect the plain LDAP message.
3397 plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3398 "GSS-API payload (%d byte%s)",
3400 plurality(sasl_len - ver_len, "", "s"));
3401 plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
3404 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap);
3407 * The LDAP message was encrypted in the packet, and was
3408 * not decrypted; just show it as encrypted data.
3410 if (check_col(pinfo->cinfo, COL_INFO)) {
3411 col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)",
3413 plurality(sasl_len - ver_len, "", "s"));
3416 proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3417 "GSS-API Encrypted payload (%d byte%s)",
3419 plurality(sasl_len - ver_len, "", "s"));
3423 offset += sasl_msg_len;
3425 /* plain LDAP, so dissect the payload */
3426 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap);
3430 static int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot)
3434 len=tvb_get_guint8(tvb, offset);
3439 /* add potential field separation dot */
3452 /* ops its a mscldap compressed string */
3454 new_offset=tvb_get_guint8(tvb, offset);
3455 if (new_offset == offset - 1)
3456 THROW(ReportedBoundsError);
3459 dissect_mscldap_string(tvb, new_offset, str, maxlen, FALSE);
3473 return offset; /* will mess up offset in caller, is unlikely */
3475 tvb_memcpy(tvb, str, offset, len);
3482 len=tvb_get_guint8(tvb, offset);
3489 /* These flag bits were found to be defined in the samba sources.
3490 * I hope they are correct (but have serious doubts about the CLOSEST
3491 * bit being used or being meaningful).
3493 static const true_false_string tfs_ads_pdc = {
3497 static const true_false_string tfs_ads_gc = {
3498 "This is a GLOBAL CATALOGUE of forest",
3499 "This is NOT a global catalog of forest"
3501 static const true_false_string tfs_ads_ldap = {
3502 "This is an LDAP server",
3503 "This is NOT an ldap server"
3505 static const true_false_string tfs_ads_ds = {
3506 "This dc supports DS",
3507 "This dc does NOT support ds"
3509 static const true_false_string tfs_ads_kdc = {
3510 "This is a KDC (kerberos)",
3511 "This is NOT a kdc (kerberos)"
3513 static const true_false_string tfs_ads_timeserv = {
3514 "This dc is running TIME SERVICES (ntp)",
3515 "This dc is NOT running time services (ntp)"
3517 static const true_false_string tfs_ads_closest = {
3518 "This is the CLOSEST dc (unreliable?)",
3519 "This is NOT the closest dc"
3521 static const true_false_string tfs_ads_writable = {
3522 "This dc is WRITABLE",
3523 "This dc is NOT writable"
3525 static const true_false_string tfs_ads_good_timeserv = {
3526 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
3527 "This dc does NOT have a good time service (i.e. no hardware clock)"
3529 static const true_false_string tfs_ads_ndnc = {
3530 "Domain is NON-DOMAIN NC serviced by ldap server",
3531 "Domain is NOT non-domain nc serviced by ldap server"
3533 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
3537 proto_tree *tree=NULL;
3538 guint fields[] = { hf_mscldap_netlogon_flags_ndnc,
3539 hf_mscldap_netlogon_flags_good_timeserv,
3540 hf_mscldap_netlogon_flags_writable,
3541 hf_mscldap_netlogon_flags_closest,
3542 hf_mscldap_netlogon_flags_timeserv,
3543 hf_mscldap_netlogon_flags_kdc,
3544 hf_mscldap_netlogon_flags_ds,
3545 hf_mscldap_netlogon_flags_ldap,
3546 hf_mscldap_netlogon_flags_gc,
3547 hf_mscldap_netlogon_flags_pdc,
3550 header_field_info *hfi;
3551 gboolean one_bit_set = FALSE;
3553 flags=tvb_get_letohl(tvb, offset);
3554 item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE);
3556 tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags);
3559 proto_item_append_text(item, " (");
3561 for(field = fields; *field; field++) {
3562 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
3563 hfi = proto_registrar_get_nth(*field);
3565 if(flags & hfi->bitmask) {
3568 proto_item_append_text(item, ", ");
3572 proto_item_append_text(item, hfi->name);
3577 proto_item_append_text(item, ")");
3584 static void dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3586 int old_offset, offset=0;
3594 /*XXX someone that knows what the type means should add that knowledge here*/
3595 proto_tree_add_item(tree, hf_mscldap_netlogon_type, tvb, offset, 4, TRUE);
3599 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
3602 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
3607 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3608 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
3612 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3613 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
3617 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3618 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
3620 /* NetBios Domain */
3622 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3623 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
3625 /* NetBios Hostname */
3627 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3628 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
3632 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3633 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
3637 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3638 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
3642 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3643 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
3646 proto_tree_add_item(tree, hf_mscldap_netlogon_version, tvb, offset, 4, TRUE);
3650 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, TRUE);
3654 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, TRUE);
3661 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
3663 /* sasl encapsulated ldap is 4 bytes plus the length in size */
3664 return tvb_get_ntohl(tvb, offset)+4;
3668 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3670 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
3675 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
3681 /* normal ldap is tag+len bytes plus the length
3682 * offset is where the tag is
3683 * offset+1 is where length starts
3685 data_offset=get_ber_length(NULL, tvb, offset+1, &len, &ind);
3686 return len+data_offset-offset;
3690 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3692 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
3697 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3700 const char *oidname;
3702 /* tvb here contains an ascii string that is really an oid */
3703 /* XXX we should convert the string oid into a real oid so we can use
3704 * proto_tree_add_oid() instead.
3707 oid=tvb_get_ephemeral_string(tvb, 0, tvb_length(tvb));
3712 oidname=get_oid_str_name(oid);
3715 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s (%s)",oid,oidname);
3717 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s",oid);
3721 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
3722 static const true_false_string ldap_AccessMask_ADS_CREATE_CHILD_tfs = {
3723 "ADS CREATE CHILD is SET",
3724 "Ads create child is NOT set",
3727 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
3728 static const true_false_string ldap_AccessMask_ADS_DELETE_CHILD_tfs = {
3729 "ADS DELETE CHILD is SET",
3730 "Ads delete child is NOT set",
3732 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
3733 static const true_false_string ldap_AccessMask_ADS_LIST_tfs = {
3735 "Ads list is NOT set",
3737 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
3738 static const true_false_string ldap_AccessMask_ADS_SELF_WRITE_tfs = {
3739 "ADS SELF WRITE is SET",
3740 "Ads self write is NOT set",
3742 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
3743 static const true_false_string ldap_AccessMask_ADS_READ_PROP_tfs = {
3744 "ADS READ PROP is SET",
3745 "Ads read prop is NOT set",
3747 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
3748 static const true_false_string ldap_AccessMask_ADS_WRITE_PROP_tfs = {
3749 "ADS WRITE PROP is SET",
3750 "Ads write prop is NOT set",
3752 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
3753 static const true_false_string ldap_AccessMask_ADS_DELETE_TREE_tfs = {
3754 "ADS DELETE TREE is SET",
3755 "Ads delete tree is NOT set",
3757 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
3758 static const true_false_string ldap_AccessMask_ADS_LIST_OBJECT_tfs = {
3759 "ADS LIST OBJECT is SET",
3760 "Ads list object is NOT set",
3762 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
3763 static const true_false_string ldap_AccessMask_ADS_CONTROL_ACCESS_tfs = {
3764 "ADS CONTROL ACCESS is SET",
3765 "Ads control access is NOT set",
3769 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
3771 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CONTROL_ACCESS, tvb, offset, 4, access);
3773 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST_OBJECT, tvb, offset, 4, access);
3775 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_TREE, tvb, offset, 4, access);
3777 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_WRITE_PROP, tvb, offset, 4, access);
3779 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_READ_PROP, tvb, offset, 4, access);
3781 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_SELF_WRITE, tvb, offset, 4, access);
3783 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST, tvb, offset, 4, access);
3785 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_CHILD, tvb, offset, 4, access);
3787 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CREATE_CHILD, tvb, offset, 4, access);
3789 struct access_mask_info ldap_access_mask_info = {
3790 "LDAP", /* Name of specific rights */
3791 ldap_specific_rights, /* Dissection function */
3792 NULL, /* Generic mapping table */
3793 NULL /* Standard mapping table */
3797 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3799 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_length(tvb), &ldap_access_mask_info);
3803 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3807 /* this octet string contains an NT SID */
3808 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
3809 ldapvalue_string=tmpstr;
3813 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3815 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
3818 /* This octet string contained a GUID */
3819 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
3821 ldapvalue_string=ep_alloc(1024);
3822 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
3823 uuid.Data1, uuid.Data2, uuid.Data3,
3824 uuid.Data4[0], uuid.Data4[1],
3825 uuid.Data4[2], uuid.Data4[3],
3826 uuid.Data4[4], uuid.Data4[5],
3827 uuid.Data4[6], uuid.Data4[7]);
3831 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3841 /* This is a bit tricky. We have to find out whether SASL is used
3842 * so that we know how big a header we are supposed to pass
3843 * to tcp_dissect_pdus()
3845 /* check for a SASL header, i.e. assume it is SASL if
3846 * 1, first four bytes (SASL length) is an integer
3847 * with a value that must be <64k and >2
3848 * (>2 to fight false positives, 0x00000000 is a common
3849 * "random" tcp payload)
3850 * (no SASL ldap PDUs are ever going to be >64k in size?)
3852 * Following the SASL header is a GSSAPI blob so the next byte
3853 * is always 0x60. (only true for MS SASL LDAP, there are other
3854 * blobs that may follow in real-world)
3856 * 2, Then one byte with the value 0x60 indicating the GSSAPI blob
3858 * 3, Then X bytes describing the BER encoded lengtyh of the blob.
3859 * This length should point to the same end-of-pdu as 1,
3861 * 4, finally a byte 0x06 indicating that the next object is an OID
3863 sasl_len=tvb_get_ntohl(tvb, 0);
3866 goto this_was_not_sasl;
3869 if(tvb_get_guint8(tvb, 4)!=0x60){
3870 goto this_was_not_sasl;
3873 offset=get_ber_length(NULL, tvb, 5, &gss_len, &ind);
3874 if(sasl_len!=(gss_len+offset-4)){
3875 goto this_was_not_sasl;
3878 if(tvb_get_guint8(tvb, offset)!=0x06){
3879 goto this_was_not_sasl;
3882 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu);
3886 /* check if it is a normal BER encoded LDAP packet
3887 * i.e. first byte is 0x30 followed by a length that is
3889 * (no ldap PDUs are ever >64kb? )
3891 if(tvb_get_guint8(tvb, 0)!=0x30){
3892 goto this_was_not_normal_ldap;
3895 /* check that length makes sense */
3896 offset=get_ber_length(NULL, tvb, 1, &ldap_len, &ind);
3898 /* dont check ind since indefinite length is never used for ldap (famous last words)*/
3900 goto this_was_not_normal_ldap;
3903 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu);
3906 this_was_not_normal_ldap:
3912 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
3914 dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
3922 ldap_conv_info_t *ldap_info;
3924 /* Free up state attached to the ldap_info structures */
3925 for (ldap_info = ldap_info_items; ldap_info != NULL; ldap_info = ldap_info->next) {
3926 if (ldap_info->auth_mech != NULL) {
3927 g_free(ldap_info->auth_mech);
3928 ldap_info->auth_mech=NULL;
3930 g_hash_table_destroy(ldap_info->matched);
3931 ldap_info->matched=NULL;
3932 g_hash_table_destroy(ldap_info->unmatched);
3933 ldap_info->unmatched=NULL;
3936 ldap_info_items = NULL;
3941 register_ldap_name_dissector_handle(const char *attr_type, dissector_handle_t dissector)
3943 dissector_add_string("ldap.name", attr_type, dissector);
3947 register_ldap_name_dissector(const char *attr_type, dissector_t dissector, int proto)
3949 dissector_handle_t dissector_handle;
3951 dissector_handle=create_dissector_handle(dissector, proto);
3952 register_ldap_name_dissector_handle(attr_type, dissector_handle);
3956 /*--- proto_register_ldap -------------------------------------------*/
3957 void proto_register_ldap(void) {
3959 /* List of fields */
3961 static hf_register_info hf[] = {
3963 { &hf_ldap_sasl_buffer_length,
3964 { "SASL Buffer Length", "ldap.sasl_buffer_length",
3965 FT_UINT32, BASE_DEC, NULL, 0x0,
3966 "SASL Buffer Length", HFILL }},
3967 { &hf_ldap_response_in,
3968 { "Response In", "ldap.response_in",
3969 FT_FRAMENUM, BASE_DEC, NULL, 0x0,
3970 "The response to this LDAP request is in this frame", HFILL }},
3971 { &hf_ldap_response_to,
3972 { "Response To", "ldap.response_to",
3973 FT_FRAMENUM, BASE_DEC, NULL, 0x0,
3974 "This is a response to the LDAP request in this frame", HFILL }},
3976 { "Time", "ldap.time",
3977 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
3978 "The time between the Call and the Reply", HFILL }},
3980 { &hf_mscldap_netlogon_type,
3981 { "Type", "mscldap.netlogon.type",
3982 FT_UINT32, BASE_DEC, NULL, 0x0,
3983 "Type of <please tell Wireshark developers what this type is>", HFILL }},
3985 { &hf_mscldap_netlogon_version,
3986 { "Version", "mscldap.netlogon.version",
3987 FT_UINT32, BASE_DEC, NULL, 0x0,
3988 "Version of <please tell Wireshark developers what this type is>", HFILL }},
3990 { &hf_mscldap_netlogon_lm_token,
3991 { "LM Token", "mscldap.netlogon.lm_token",
3992 FT_UINT16, BASE_HEX, NULL, 0x0,
3993 "LM Token", HFILL }},
3995 { &hf_mscldap_netlogon_nt_token,
3996 { "NT Token", "mscldap.netlogon.nt_token",
3997 FT_UINT16, BASE_HEX, NULL, 0x0,
3998 "NT Token", HFILL }},
4000 { &hf_mscldap_netlogon_flags,
4001 { "Flags", "mscldap.netlogon.flags",
4002 FT_UINT32, BASE_HEX, NULL, 0x0,
4003 "Netlogon flags describing the DC properties", HFILL }},
4005 { &hf_mscldap_domain_guid,
4006 { "Domain GUID", "mscldap.domain.guid",
4007 FT_BYTES, BASE_HEX, NULL, 0x0,
4008 "Domain GUID", HFILL }},
4010 { &hf_mscldap_forest,
4011 { "Forest", "mscldap.forest",
4012 FT_STRING, BASE_NONE, NULL, 0x0,
4015 { &hf_mscldap_domain,
4016 { "Domain", "mscldap.domain",
4017 FT_STRING, BASE_NONE, NULL, 0x0,
4018 "Domainname", HFILL }},
4020 { &hf_mscldap_hostname,
4021 { "Hostname", "mscldap.hostname",
4022 FT_STRING, BASE_NONE, NULL, 0x0,
4023 "Hostname", HFILL }},
4025 { &hf_mscldap_nb_domain,
4026 { "NetBios Domain", "mscldap.nb_domain",
4027 FT_STRING, BASE_NONE, NULL, 0x0,
4028 "NetBios Domainname", HFILL }},
4030 { &hf_mscldap_nb_hostname,
4031 { "NetBios Hostname", "mscldap.nb_hostname",
4032 FT_STRING, BASE_NONE, NULL, 0x0,
4033 "NetBios Hostname", HFILL }},
4035 { &hf_mscldap_username,
4036 { "User", "mscldap.username",
4037 FT_STRING, BASE_NONE, NULL, 0x0,
4038 "User name", HFILL }},
4040 { &hf_mscldap_sitename,
4041 { "Site", "mscldap.sitename",
4042 FT_STRING, BASE_NONE, NULL, 0x0,
4043 "Site name", HFILL }},
4045 { &hf_mscldap_clientsitename,
4046 { "Client Site", "mscldap.clientsitename",
4047 FT_STRING, BASE_NONE, NULL, 0x0,
4048 "Client Site name", HFILL }},
4051 { "Sid", "ldap.sid",
4052 FT_STRING, BASE_NONE, NULL, 0x0,
4055 { &hf_mscldap_netlogon_flags_pdc,
4056 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
4057 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
4059 { &hf_mscldap_netlogon_flags_gc,
4060 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
4061 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
4063 { &hf_mscldap_netlogon_flags_ldap,
4064 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
4065 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
4067 { &hf_mscldap_netlogon_flags_ds,
4068 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
4069 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
4071 { &hf_mscldap_netlogon_flags_kdc,
4072 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
4073 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
4075 { &hf_mscldap_netlogon_flags_timeserv,
4076 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
4077 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
4079 { &hf_mscldap_netlogon_flags_closest,
4080 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
4081 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc? (is this used at all?)", HFILL }},
4083 { &hf_mscldap_netlogon_flags_writable,
4084 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
4085 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable? (i.e. can it update the AD?)", HFILL }},
4087 { &hf_mscldap_netlogon_flags_good_timeserv,
4088 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
4089 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
4091 { &hf_mscldap_netlogon_flags_ndnc,
4092 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
4093 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
4096 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
4097 NULL, 0, "GUID", HFILL }},
4099 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
4100 { "Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CREATE_CHILD_tfs), LDAP_ACCESSMASK_ADS_CREATE_CHILD, "", HFILL }},
4102 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
4103 { "Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_CHILD_tfs), LDAP_ACCESSMASK_ADS_DELETE_CHILD, "", HFILL }},
4105 { &hf_ldap_AccessMask_ADS_LIST,
4106 { "List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_tfs), LDAP_ACCESSMASK_ADS_LIST, "", HFILL }},
4108 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
4109 { "Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_SELF_WRITE_tfs), LDAP_ACCESSMASK_ADS_SELF_WRITE, "", HFILL }},
4111 { &hf_ldap_AccessMask_ADS_READ_PROP,
4112 { "Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_READ_PROP_tfs), LDAP_ACCESSMASK_ADS_READ_PROP, "", HFILL }},
4114 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
4115 { "Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_WRITE_PROP_tfs), LDAP_ACCESSMASK_ADS_WRITE_PROP, "", HFILL }},
4117 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
4118 { "Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_TREE_tfs), LDAP_ACCESSMASK_ADS_DELETE_TREE, "", HFILL }},
4120 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
4121 { "List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_OBJECT_tfs), LDAP_ACCESSMASK_ADS_LIST_OBJECT, "", HFILL }},
4123 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
4124 { "Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CONTROL_ACCESS_tfs), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, "", HFILL }},
4127 /*--- Included file: packet-ldap-hfarr.c ---*/
4128 #line 1 "packet-ldap-hfarr.c"
4129 { &hf_ldap_LDAPMessage_PDU,
4130 { "LDAPMessage", "ldap.LDAPMessage",
4131 FT_NONE, BASE_NONE, NULL, 0,
4132 "ldap.LDAPMessage", HFILL }},
4133 { &hf_ldap_SearchControlValue_PDU,
4134 { "SearchControlValue", "ldap.SearchControlValue",
4135 FT_NONE, BASE_NONE, NULL, 0,
4136 "ldap.SearchControlValue", HFILL }},
4137 { &hf_ldap_SortKeyList_PDU,
4138 { "SortKeyList", "ldap.SortKeyList",
4139 FT_UINT32, BASE_DEC, NULL, 0,
4140 "ldap.SortKeyList", HFILL }},
4141 { &hf_ldap_SortResult_PDU,
4142 { "SortResult", "ldap.SortResult",
4143 FT_NONE, BASE_NONE, NULL, 0,
4144 "ldap.SortResult", HFILL }},
4145 { &hf_ldap_ReplControlValue_PDU,
4146 { "ReplControlValue", "ldap.ReplControlValue",
4147 FT_NONE, BASE_NONE, NULL, 0,
4148 "ldap.ReplControlValue", HFILL }},
4149 { &hf_ldap_messageID,
4150 { "messageID", "ldap.messageID",
4151 FT_UINT32, BASE_DEC, NULL, 0,
4152 "ldap.MessageID", HFILL }},
4153 { &hf_ldap_protocolOp,
4154 { "protocolOp", "ldap.protocolOp",
4155 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
4156 "ldap.ProtocolOp", HFILL }},
4157 { &hf_ldap_controls,
4158 { "controls", "ldap.controls",
4159 FT_UINT32, BASE_DEC, NULL, 0,
4160 "ldap.Controls", HFILL }},
4161 { &hf_ldap_bindRequest,
4162 { "bindRequest", "ldap.bindRequest",
4163 FT_NONE, BASE_NONE, NULL, 0,
4164 "ldap.BindRequest", HFILL }},
4165 { &hf_ldap_bindResponse,
4166 { "bindResponse", "ldap.bindResponse",
4167 FT_NONE, BASE_NONE, NULL, 0,
4168 "ldap.BindResponse", HFILL }},
4169 { &hf_ldap_unbindRequest,
4170 { "unbindRequest", "ldap.unbindRequest",
4171 FT_NONE, BASE_NONE, NULL, 0,
4172 "ldap.UnbindRequest", HFILL }},
4173 { &hf_ldap_searchRequest,
4174 { "searchRequest", "ldap.searchRequest",
4175 FT_NONE, BASE_NONE, NULL, 0,
4176 "ldap.SearchRequest", HFILL }},
4177 { &hf_ldap_searchResEntry,
4178 { "searchResEntry", "ldap.searchResEntry",
4179 FT_NONE, BASE_NONE, NULL, 0,
4180 "ldap.SearchResultEntry", HFILL }},
4181 { &hf_ldap_searchResDone,
4182 { "searchResDone", "ldap.searchResDone",
4183 FT_NONE, BASE_NONE, NULL, 0,
4184 "ldap.SearchResultDone", HFILL }},
4185 { &hf_ldap_searchResRef,
4186 { "searchResRef", "ldap.searchResRef",
4187 FT_UINT32, BASE_DEC, NULL, 0,
4188 "ldap.SearchResultReference", HFILL }},
4189 { &hf_ldap_modifyRequest,
4190 { "modifyRequest", "ldap.modifyRequest",
4191 FT_NONE, BASE_NONE, NULL, 0,
4192 "ldap.ModifyRequest", HFILL }},
4193 { &hf_ldap_modifyResponse,
4194 { "modifyResponse", "ldap.modifyResponse",
4195 FT_NONE, BASE_NONE, NULL, 0,
4196 "ldap.ModifyResponse", HFILL }},
4197 { &hf_ldap_addRequest,
4198 { "addRequest", "ldap.addRequest",
4199 FT_NONE, BASE_NONE, NULL, 0,
4200 "ldap.AddRequest", HFILL }},
4201 { &hf_ldap_addResponse,
4202 { "addResponse", "ldap.addResponse",
4203 FT_NONE, BASE_NONE, NULL, 0,
4204 "ldap.AddResponse", HFILL }},
4205 { &hf_ldap_delRequest,
4206 { "delRequest", "ldap.delRequest",
4207 FT_STRING, BASE_NONE, NULL, 0,
4208 "ldap.DelRequest", HFILL }},
4209 { &hf_ldap_delResponse,
4210 { "delResponse", "ldap.delResponse",
4211 FT_NONE, BASE_NONE, NULL, 0,
4212 "ldap.DelResponse", HFILL }},
4213 { &hf_ldap_modDNRequest,
4214 { "modDNRequest", "ldap.modDNRequest",
4215 FT_NONE, BASE_NONE, NULL, 0,
4216 "ldap.ModifyDNRequest", HFILL }},
4217 { &hf_ldap_modDNResponse,
4218 { "modDNResponse", "ldap.modDNResponse",
4219 FT_NONE, BASE_NONE, NULL, 0,
4220 "ldap.ModifyDNResponse", HFILL }},
4221 { &hf_ldap_compareRequest,
4222 { "compareRequest", "ldap.compareRequest",
4223 FT_NONE, BASE_NONE, NULL, 0,
4224 "ldap.CompareRequest", HFILL }},
4225 { &hf_ldap_compareResponse,
4226 { "compareResponse", "ldap.compareResponse",
4227 FT_NONE, BASE_NONE, NULL, 0,
4228 "ldap.CompareResponse", HFILL }},
4229 { &hf_ldap_abandonRequest,
4230 { "abandonRequest", "ldap.abandonRequest",
4231 FT_UINT32, BASE_DEC, NULL, 0,
4232 "ldap.AbandonRequest", HFILL }},
4233 { &hf_ldap_extendedReq,
4234 { "extendedReq", "ldap.extendedReq",
4235 FT_NONE, BASE_NONE, NULL, 0,
4236 "ldap.ExtendedRequest", HFILL }},
4237 { &hf_ldap_extendedResp,
4238 { "extendedResp", "ldap.extendedResp",
4239 FT_NONE, BASE_NONE, NULL, 0,
4240 "ldap.ExtendedResponse", HFILL }},
4241 { &hf_ldap_AttributeDescriptionList_item,
4242 { "Item", "ldap.AttributeDescriptionList_item",
4243 FT_STRING, BASE_NONE, NULL, 0,
4244 "ldap.AttributeDescription", HFILL }},
4245 { &hf_ldap_attributeDesc,
4246 { "attributeDesc", "ldap.attributeDesc",
4247 FT_STRING, BASE_NONE, NULL, 0,
4248 "ldap.AttributeDescription", HFILL }},
4249 { &hf_ldap_assertionValue,
4250 { "assertionValue", "ldap.assertionValue",
4251 FT_STRING, BASE_NONE, NULL, 0,
4252 "ldap.AssertionValue", HFILL }},
4254 { "type", "ldap.type",
4255 FT_STRING, BASE_NONE, NULL, 0,
4256 "ldap.AttributeDescription", HFILL }},
4258 { "vals", "ldap.vals",
4259 FT_UINT32, BASE_DEC, NULL, 0,
4260 "ldap.SET_OF_AttributeValue", HFILL }},
4261 { &hf_ldap_vals_item,
4262 { "Item", "ldap.vals_item",
4263 FT_BYTES, BASE_HEX, NULL, 0,
4264 "ldap.AttributeValue", HFILL }},
4265 { &hf_ldap_resultCode,
4266 { "resultCode", "ldap.resultCode",
4267 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
4268 "ldap.T_resultCode", HFILL }},
4269 { &hf_ldap_matchedDN,
4270 { "matchedDN", "ldap.matchedDN",
4271 FT_STRING, BASE_NONE, NULL, 0,
4272 "ldap.LDAPDN", HFILL }},
4273 { &hf_ldap_errorMessage,
4274 { "errorMessage", "ldap.errorMessage",
4275 FT_STRING, BASE_NONE, NULL, 0,
4276 "ldap.ErrorMessage", HFILL }},
4277 { &hf_ldap_referral,
4278 { "referral", "ldap.referral",
4279 FT_UINT32, BASE_DEC, NULL, 0,
4280 "ldap.Referral", HFILL }},
4281 { &hf_ldap_Referral_item,
4282 { "Item", "ldap.Referral_item",
4283 FT_STRING, BASE_NONE, NULL, 0,
4284 "ldap.LDAPURL", HFILL }},
4285 { &hf_ldap_Controls_item,
4286 { "Item", "ldap.Controls_item",
4287 FT_NONE, BASE_NONE, NULL, 0,
4288 "ldap.Control", HFILL }},
4289 { &hf_ldap_controlType,
4290 { "controlType", "ldap.controlType",
4291 FT_STRING, BASE_NONE, NULL, 0,
4292 "ldap.ControlType", HFILL }},
4293 { &hf_ldap_criticality,
4294 { "criticality", "ldap.criticality",
4295 FT_BOOLEAN, 8, NULL, 0,
4296 "ldap.BOOLEAN", HFILL }},
4297 { &hf_ldap_controlValue,
4298 { "controlValue", "ldap.controlValue",
4299 FT_BYTES, BASE_HEX, NULL, 0,
4300 "ldap.T_controlValue", HFILL }},
4302 { "version", "ldap.version",
4303 FT_UINT32, BASE_DEC, NULL, 0,
4304 "ldap.INTEGER_1_127", HFILL }},
4306 { "name", "ldap.name",
4307 FT_STRING, BASE_NONE, NULL, 0,
4308 "ldap.LDAPDN", HFILL }},
4309 { &hf_ldap_authentication,
4310 { "authentication", "ldap.authentication",
4311 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
4312 "ldap.AuthenticationChoice", HFILL }},
4314 { "simple", "ldap.simple",
4315 FT_BYTES, BASE_HEX, NULL, 0,
4316 "ldap.Simple", HFILL }},
4318 { "sasl", "ldap.sasl",
4319 FT_NONE, BASE_NONE, NULL, 0,
4320 "ldap.SaslCredentials", HFILL }},
4321 { &hf_ldap_ntlmsspNegotiate,
4322 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
4323 FT_BYTES, BASE_HEX, NULL, 0,
4324 "ldap.T_ntlmsspNegotiate", HFILL }},
4325 { &hf_ldap_ntlmsspAuth,
4326 { "ntlmsspAuth", "ldap.ntlmsspAuth",
4327 FT_BYTES, BASE_HEX, NULL, 0,
4328 "ldap.T_ntlmsspAuth", HFILL }},
4329 { &hf_ldap_mechanism,
4330 { "mechanism", "ldap.mechanism",
4331 FT_STRING, BASE_NONE, NULL, 0,
4332 "ldap.Mechanism", HFILL }},
4333 { &hf_ldap_credentials,
4334 { "credentials", "ldap.credentials",
4335 FT_BYTES, BASE_HEX, NULL, 0,
4336 "ldap.Credentials", HFILL }},
4337 { &hf_ldap_bindResponse_resultCode,
4338 { "resultCode", "ldap.resultCode",
4339 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
4340 "ldap.BindResponse_resultCode", HFILL }},
4341 { &hf_ldap_matchedDN1,
4342 { "matchedDN", "ldap.matchedDN",
4343 FT_STRING, BASE_NONE, NULL, 0,
4344 "ldap.T_matchedDN", HFILL }},
4345 { &hf_ldap_serverSaslCreds,
4346 { "serverSaslCreds", "ldap.serverSaslCreds",
4347 FT_BYTES, BASE_HEX, NULL, 0,
4348 "ldap.ServerSaslCreds", HFILL }},
4349 { &hf_ldap_baseObject,
4350 { "baseObject", "ldap.baseObject",
4351 FT_STRING, BASE_NONE, NULL, 0,
4352 "ldap.LDAPDN", HFILL }},
4354 { "scope", "ldap.scope",
4355 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
4356 "ldap.T_scope", HFILL }},
4357 { &hf_ldap_derefAliases,
4358 { "derefAliases", "ldap.derefAliases",
4359 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
4360 "ldap.T_derefAliases", HFILL }},
4361 { &hf_ldap_sizeLimit,
4362 { "sizeLimit", "ldap.sizeLimit",
4363 FT_UINT32, BASE_DEC, NULL, 0,
4364 "ldap.INTEGER_0_maxInt", HFILL }},
4365 { &hf_ldap_timeLimit,
4366 { "timeLimit", "ldap.timeLimit",
4367 FT_UINT32, BASE_DEC, NULL, 0,
4368 "ldap.INTEGER_0_maxInt", HFILL }},
4369 { &hf_ldap_typesOnly,
4370 { "typesOnly", "ldap.typesOnly",
4371 FT_BOOLEAN, 8, NULL, 0,
4372 "ldap.BOOLEAN", HFILL }},
4374 { "filter", "ldap.filter",
4375 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4376 "ldap.T_filter", HFILL }},
4377 { &hf_ldap_searchRequest_attributes,
4378 { "attributes", "ldap.attributes",
4379 FT_UINT32, BASE_DEC, NULL, 0,
4380 "ldap.AttributeDescriptionList", HFILL }},
4382 { "and", "ldap.and",
4383 FT_UINT32, BASE_DEC, NULL, 0,
4384 "ldap.T_and", HFILL }},
4385 { &hf_ldap_and_item,
4386 { "Item", "ldap.and_item",
4387 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4388 "ldap.T_and_item", HFILL }},
4391 FT_UINT32, BASE_DEC, NULL, 0,
4392 "ldap.T_or", HFILL }},
4394 { "Item", "ldap.or_item",
4395 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4396 "ldap.T_or_item", HFILL }},
4398 { "not", "ldap.not",
4399 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4400 "ldap.T_not", HFILL }},
4401 { &hf_ldap_equalityMatch,
4402 { "equalityMatch", "ldap.equalityMatch",
4403 FT_NONE, BASE_NONE, NULL, 0,
4404 "ldap.T_equalityMatch", HFILL }},
4405 { &hf_ldap_substrings,
4406 { "substrings", "ldap.substrings",
4407 FT_NONE, BASE_NONE, NULL, 0,
4408 "ldap.SubstringFilter", HFILL }},
4409 { &hf_ldap_greaterOrEqual,
4410 { "greaterOrEqual", "ldap.greaterOrEqual",
4411 FT_NONE, BASE_NONE, NULL, 0,
4412 "ldap.T_greaterOrEqual", HFILL }},
4413 { &hf_ldap_lessOrEqual,
4414 { "lessOrEqual", "ldap.lessOrEqual",
4415 FT_NONE, BASE_NONE, NULL, 0,
4416 "ldap.T_lessOrEqual", HFILL }},
4418 { "present", "ldap.present",
4419 FT_STRING, BASE_NONE, NULL, 0,
4420 "ldap.T_present", HFILL }},
4421 { &hf_ldap_approxMatch,
4422 { "approxMatch", "ldap.approxMatch",
4423 FT_NONE, BASE_NONE, NULL, 0,
4424 "ldap.T_approxMatch", HFILL }},
4425 { &hf_ldap_extensibleMatch,
4426 { "extensibleMatch", "ldap.extensibleMatch",
4427 FT_NONE, BASE_NONE, NULL, 0,
4428 "ldap.T_extensibleMatch", HFILL }},
4429 { &hf_ldap_substringFilter_substrings,
4430 { "substrings", "ldap.substrings",
4431 FT_UINT32, BASE_DEC, NULL, 0,
4432 "ldap.T_substringFilter_substrings", HFILL }},
4433 { &hf_ldap_substringFilter_substrings_item,
4434 { "Item", "ldap.substrings_item",
4435 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
4436 "ldap.T_substringFilter_substrings_item", HFILL }},
4438 { "initial", "ldap.initial",
4439 FT_STRING, BASE_NONE, NULL, 0,
4440 "ldap.LDAPString", HFILL }},
4442 { "any", "ldap.any",
4443 FT_STRING, BASE_NONE, NULL, 0,
4444 "ldap.LDAPString", HFILL }},
4446 { "final", "ldap.final",
4447 FT_STRING, BASE_NONE, NULL, 0,
4448 "ldap.LDAPString", HFILL }},
4449 { &hf_ldap_matchingRule,
4450 { "matchingRule", "ldap.matchingRule",
4451 FT_STRING, BASE_NONE, NULL, 0,
4452 "ldap.MatchingRuleId", HFILL }},
4453 { &hf_ldap_matchValue,
4454 { "matchValue", "ldap.matchValue",
4455 FT_STRING, BASE_NONE, NULL, 0,
4456 "ldap.AssertionValue", HFILL }},
4457 { &hf_ldap_dnAttributes,
4458 { "dnAttributes", "ldap.dnAttributes",
4459 FT_BOOLEAN, 8, NULL, 0,
4460 "ldap.BOOLEAN", HFILL }},
4461 { &hf_ldap_objectName,
4462 { "objectName", "ldap.objectName",
4463 FT_STRING, BASE_NONE, NULL, 0,
4464 "ldap.LDAPDN", HFILL }},
4465 { &hf_ldap_searchResultEntry_attributes,
4466 { "attributes", "ldap.attributes",
4467 FT_UINT32, BASE_DEC, NULL, 0,
4468 "ldap.PartialAttributeList", HFILL }},
4469 { &hf_ldap_PartialAttributeList_item,
4470 { "Item", "ldap.PartialAttributeList_item",
4471 FT_NONE, BASE_NONE, NULL, 0,
4472 "ldap.PartialAttributeList_item", HFILL }},
4473 { &hf_ldap_SearchResultReference_item,
4474 { "Item", "ldap.SearchResultReference_item",
4475 FT_STRING, BASE_NONE, NULL, 0,
4476 "ldap.LDAPURL", HFILL }},
4478 { "object", "ldap.object",
4479 FT_STRING, BASE_NONE, NULL, 0,
4480 "ldap.LDAPDN", HFILL }},
4481 { &hf_ldap_modifyRequest_modification,
4482 { "modification", "ldap.modification",
4483 FT_UINT32, BASE_DEC, NULL, 0,
4484 "ldap.ModifyRequest_modification", HFILL }},
4485 { &hf_ldap_modifyRequest_modification_item,
4486 { "Item", "ldap.modification_item",
4487 FT_NONE, BASE_NONE, NULL, 0,
4488 "ldap.T_modifyRequest_modification_item", HFILL }},
4489 { &hf_ldap_operation,
4490 { "operation", "ldap.operation",
4491 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
4492 "ldap.T_operation", HFILL }},
4493 { &hf_ldap_modification,
4494 { "modification", "ldap.modification",
4495 FT_NONE, BASE_NONE, NULL, 0,
4496 "ldap.AttributeTypeAndValues", HFILL }},
4498 { "entry", "ldap.entry",
4499 FT_STRING, BASE_NONE, NULL, 0,
4500 "ldap.LDAPDN", HFILL }},
4501 { &hf_ldap_attributes,
4502 { "attributes", "ldap.attributes",
4503 FT_UINT32, BASE_DEC, NULL, 0,
4504 "ldap.AttributeList", HFILL }},
4505 { &hf_ldap_AttributeList_item,
4506 { "Item", "ldap.AttributeList_item",
4507 FT_NONE, BASE_NONE, NULL, 0,
4508 "ldap.AttributeList_item", HFILL }},
4510 { "newrdn", "ldap.newrdn",
4511 FT_STRING, BASE_NONE, NULL, 0,
4512 "ldap.RelativeLDAPDN", HFILL }},
4513 { &hf_ldap_deleteoldrdn,
4514 { "deleteoldrdn", "ldap.deleteoldrdn",
4515 FT_BOOLEAN, 8, NULL, 0,
4516 "ldap.BOOLEAN", HFILL }},
4517 { &hf_ldap_newSuperior,
4518 { "newSuperior", "ldap.newSuperior",
4519 FT_STRING, BASE_NONE, NULL, 0,
4520 "ldap.LDAPDN", HFILL }},
4522 { "ava", "ldap.ava",
4523 FT_NONE, BASE_NONE, NULL, 0,
4524 "ldap.AttributeValueAssertion", HFILL }},
4525 { &hf_ldap_requestName,
4526 { "requestName", "ldap.requestName",
4527 FT_STRING, BASE_NONE, NULL, 0,
4528 "ldap.LDAPOID", HFILL }},
4529 { &hf_ldap_requestValue,
4530 { "requestValue", "ldap.requestValue",
4531 FT_BYTES, BASE_HEX, NULL, 0,
4532 "ldap.OCTET_STRING", HFILL }},
4533 { &hf_ldap_extendedResponse_resultCode,
4534 { "resultCode", "ldap.resultCode",
4535 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
4536 "ldap.ExtendedResponse_resultCode", HFILL }},
4537 { &hf_ldap_responseName,
4538 { "responseName", "ldap.responseName",
4539 FT_STRING, BASE_NONE, NULL, 0,
4540 "ldap.ResponseName", HFILL }},
4541 { &hf_ldap_response,
4542 { "response", "ldap.response",
4543 FT_BYTES, BASE_HEX, NULL, 0,
4544 "ldap.OCTET_STRING", HFILL }},
4546 { "size", "ldap.size",
4547 FT_INT32, BASE_DEC, NULL, 0,
4548 "ldap.INTEGER", HFILL }},
4550 { "cookie", "ldap.cookie",
4551 FT_BYTES, BASE_HEX, NULL, 0,
4552 "ldap.OCTET_STRING", HFILL }},
4553 { &hf_ldap_SortKeyList_item,
4554 { "Item", "ldap.SortKeyList_item",
4555 FT_NONE, BASE_NONE, NULL, 0,
4556 "ldap.SortKeyList_item", HFILL }},
4557 { &hf_ldap_attributeType,
4558 { "attributeType", "ldap.attributeType",
4559 FT_STRING, BASE_NONE, NULL, 0,
4560 "ldap.AttributeDescription", HFILL }},
4561 { &hf_ldap_orderingRule,
4562 { "orderingRule", "ldap.orderingRule",
4563 FT_STRING, BASE_NONE, NULL, 0,
4564 "ldap.MatchingRuleId", HFILL }},
4565 { &hf_ldap_reverseOrder,
4566 { "reverseOrder", "ldap.reverseOrder",
4567 FT_BOOLEAN, 8, NULL, 0,
4568 "ldap.BOOLEAN", HFILL }},
4569 { &hf_ldap_sortResult,
4570 { "sortResult", "ldap.sortResult",
4571 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
4572 "ldap.T_sortResult", HFILL }},
4573 { &hf_ldap_parentsFirst,
4574 { "parentsFirst", "ldap.parentsFirst",
4575 FT_INT32, BASE_DEC, NULL, 0,
4576 "ldap.INTEGER", HFILL }},
4577 { &hf_ldap_maxReturnLength,
4578 { "maxReturnLength", "ldap.maxReturnLength",
4579 FT_INT32, BASE_DEC, NULL, 0,
4580 "ldap.INTEGER", HFILL }},
4582 /*--- End of included file: packet-ldap-hfarr.c ---*/
4583 #line 1597 "packet-ldap-template.c"
4586 /* List of subtrees */
4587 static gint *ett[] = {
4590 &ett_ldap_sasl_blob,
4592 &ett_mscldap_netlogon_flags,
4595 /*--- Included file: packet-ldap-ettarr.c ---*/
4596 #line 1 "packet-ldap-ettarr.c"
4597 &ett_ldap_LDAPMessage,
4598 &ett_ldap_ProtocolOp,
4599 &ett_ldap_AttributeDescriptionList,
4600 &ett_ldap_AttributeValueAssertion,
4601 &ett_ldap_Attribute,
4602 &ett_ldap_SET_OF_AttributeValue,
4603 &ett_ldap_LDAPResult,
4607 &ett_ldap_BindRequest,
4608 &ett_ldap_AuthenticationChoice,
4609 &ett_ldap_SaslCredentials,
4610 &ett_ldap_BindResponse,
4611 &ett_ldap_SearchRequest,
4615 &ett_ldap_SubstringFilter,
4616 &ett_ldap_T_substringFilter_substrings,
4617 &ett_ldap_T_substringFilter_substrings_item,
4618 &ett_ldap_MatchingRuleAssertion,
4619 &ett_ldap_SearchResultEntry,
4620 &ett_ldap_PartialAttributeList,
4621 &ett_ldap_PartialAttributeList_item,
4622 &ett_ldap_SearchResultReference,
4623 &ett_ldap_ModifyRequest,
4624 &ett_ldap_ModifyRequest_modification,
4625 &ett_ldap_T_modifyRequest_modification_item,
4626 &ett_ldap_AttributeTypeAndValues,
4627 &ett_ldap_AddRequest,
4628 &ett_ldap_AttributeList,
4629 &ett_ldap_AttributeList_item,
4630 &ett_ldap_ModifyDNRequest,
4631 &ett_ldap_CompareRequest,
4632 &ett_ldap_ExtendedRequest,
4633 &ett_ldap_ExtendedResponse,
4634 &ett_ldap_SearchControlValue,
4635 &ett_ldap_SortKeyList,
4636 &ett_ldap_SortKeyList_item,
4637 &ett_ldap_SortResult,
4638 &ett_ldap_ReplControlValue,
4640 /*--- End of included file: packet-ldap-ettarr.c ---*/
4641 #line 1608 "packet-ldap-template.c"
4644 module_t *ldap_module;
4646 /* Register protocol */
4647 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
4648 /* Register fields and subtrees */
4649 proto_register_field_array(proto_ldap, hf, array_length(hf));
4650 proto_register_subtree_array(ett, array_length(ett));
4653 register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
4655 ldap_module = prefs_register_protocol(proto_ldap, NULL);
4656 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
4657 "Reassemble LDAP messages spanning multiple TCP segments",
4658 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
4659 "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
4662 prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
4663 "Set the port for LDAP operations",
4664 10, &ldap_tcp_port);
4666 prefs_register_obsolete_preference(ldap_module, "max_pdu");
4668 proto_cldap = proto_register_protocol(
4669 "Connectionless Lightweight Directory Access Protocol",
4672 register_init_routine(ldap_reinit);
4673 ldap_tap=register_tap("ldap");
4675 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", FT_STRING, BASE_NONE);
4680 /*--- proto_reg_handoff_ldap ---------------------------------------*/
4682 proto_reg_handoff_ldap(void)
4684 dissector_handle_t ldap_handle, cldap_handle;
4685 ldap_handle = create_dissector_handle(dissect_ldap_tcp, proto_ldap);
4687 dissector_add("tcp.port", ldap_tcp_port, ldap_handle);
4688 dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
4690 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
4691 dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);
4693 gssapi_handle = find_dissector("gssapi");
4694 gssapi_wrap_handle = find_dissector("gssapi_verf");
4696 ntlmssp_handle = find_dissector("ntlmssp");
4698 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
4699 add_oid_str_name("1.2.840.113556.1.4.319","LDAP_PAGED_RESULT_OID_STRING");
4700 add_oid_str_name("1.2.840.113556.1.4.417","LDAP_SERVER_SHOW_DELETED_OID");
4701 add_oid_str_name("1.2.840.113556.1.4.473","LDAP_SERVER_SORT_OID");
4702 add_oid_str_name("1.2.840.113556.1.4.474","LDAP_CONTROL_SORT_RESP_OID");
4703 add_oid_str_name("1.2.840.113556.1.4.521","LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID");
4704 add_oid_str_name("1.2.840.113556.1.4.528","LDAP_SERVER_NOTIFICATION_OID");
4705 add_oid_str_name("1.2.840.113556.1.4.529","LDAP_SERVER_EXTENDED_DN_OID");
4706 add_oid_str_name("1.2.840.113556.1.4.619","LDAP_SERVER_LAZY_COMMIT_OID");
4707 add_oid_str_name("1.2.840.113556.1.4.800","LDAP_CAP_ACTIVE_DIRECTORY_OID");
4708 add_oid_str_name("1.2.840.113556.1.4.801","LDAP_SERVER_SD_FLAGS_OID");
4709 add_oid_str_name("1.2.840.113556.1.4.804","LDAP_OID_COMPARATOR_OR");
4710 add_oid_str_name("1.2.840.113556.1.4.805","LDAP_SERVER_TREE_DELETE_OID");
4711 add_oid_str_name("1.2.840.113556.1.4.841","LDAP_SERVER_DIRSYNC_OID");
4712 add_oid_str_name("1.2.840.113556.1.4.970 ","None");
4713 add_oid_str_name("1.2.840.113556.1.4.1338","LDAP_SERVER_VERIFY_NAME_OID");
4714 add_oid_str_name("1.2.840.113556.1.4.1339","LDAP_SERVER_DOMAIN_SCOPE_OID");
4715 add_oid_str_name("1.2.840.113556.1.4.1340","LDAP_SERVER_SEARCH_OPTIONS_OID");
4716 add_oid_str_name("1.2.840.113556.1.4.1413","LDAP_SERVER_PERMISSIVE_MODIFY_OID");
4717 add_oid_str_name("1.2.840.113556.1.4.1504","LDAP_SERVER_ASQ_OID");
4718 add_oid_str_name("1.2.840.113556.1.4.1670","LDAP_CAP_ACTIVE_DIRECTORY_V51_OID");
4719 add_oid_str_name("1.2.840.113556.1.4.1781","LDAP_SERVER_FAST_BIND_OID");
4720 add_oid_str_name("1.2.840.113556.1.4.1791","LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID");
4721 add_oid_str_name("1.2.840.113556.1.4.1851","LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID");
4722 add_oid_str_name("1.3.6.1.4.1.1466.101.119.1","None");
4723 add_oid_str_name("1.3.6.1.4.1.1466.20037","LDAP_START_TLS_OID");
4724 add_oid_str_name("2.16.840.1.113730.3.4.9","LDAP_CONTROL_VLVREQUEST VLV");
4725 add_oid_str_name("2.16.840.1.113730.3.4.10","LDAP_CONTROL_VLVRESPONSE VLV");
4727 register_ldap_name_dissector("netlogon", dissect_NetLogon_PDU, proto_cldap);
4728 register_ldap_name_dissector("objectGUID", dissect_ldap_guid, proto_ldap);
4729 register_ldap_name_dissector("supportedControl", dissect_ldap_oid, proto_ldap);
4730 register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap);
4731 register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap);
4732 register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap);
4735 /*--- Included file: packet-ldap-dis-tab.c ---*/
4736 #line 1 "packet-ldap-dis-tab.c"
4737 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
4738 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
4739 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
4740 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_ReplControlValue_PDU, proto_ldap, "replControlValue");
4743 /*--- End of included file: packet-ldap-dis-tab.c ---*/
4744 #line 1701 "packet-ldap-template.c"