1 /* Do not modify this file. */
2 /* It is created automatically by the ASN.1 to Wireshark dissector compiler */
4 /* ../../tools/asn2wrs.py -b -e -p ldap -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn */
6 /* Input file: packet-ldap-template.c */
8 #line 1 "packet-ldap-template.c"
10 * Routines for ldap packet dissection
12 * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
16 * Wireshark - Network traffic analyzer
17 * By Gerald Combs <gerald@wireshark.org>
18 * Copyright 1998 Gerald Combs
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version 2
23 * of the License, or (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
37 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
38 * It's also missing extensible search filters.
40 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
43 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
44 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
48 * nazard@dragoninc.on.ca
52 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
53 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
57 * ronald.henderson@cognicaseusa.com
61 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
62 * using information from the SNIA 2003 conference paper :
63 * Active Directory Domain Controller Location Service
69 * 17-DEC-2004 - added basic decoding for LDAP Controls
70 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
72 * Stefan Metzmacher <metze@samba.org>
74 * 15-NOV-2005 - Changed to use the asn2wrs compiler
75 * Anders Broman <anders.broman@ericsson.com>
88 #include <epan/packet.h>
89 #include <epan/conversation.h>
90 #include <epan/prefs.h>
92 #include <epan/emem.h>
93 #include <epan/oid_resolv.h>
94 #include <epan/strutil.h>
95 #include <epan/dissectors/packet-tcp.h>
96 #include <epan/dissectors/packet-windows-common.h>
97 #include <epan/dissectors/packet-dcerpc.h>
99 #include "packet-frame.h"
100 #include "packet-ldap.h"
101 #include "packet-ntlmssp.h"
103 #include "packet-ber.h"
104 #include "packet-per.h"
106 #define PNAME "Lightweight-Directory-Access-Protocol"
107 #define PSNAME "LDAP"
108 #define PFNAME "ldap"
110 /* Initialize the protocol and registered fields */
111 static int ldap_tap = -1;
112 static int proto_ldap = -1;
113 static int proto_cldap = -1;
115 static int hf_ldap_sasl_buffer_length = -1;
116 static int hf_ldap_response_in = -1;
117 static int hf_ldap_response_to = -1;
118 static int hf_ldap_time = -1;
119 static int hf_ldap_guid = -1;
121 static int hf_mscldap_netlogon_type = -1;
122 static int hf_mscldap_netlogon_flags = -1;
123 static int hf_mscldap_netlogon_flags_pdc = -1;
124 static int hf_mscldap_netlogon_flags_gc = -1;
125 static int hf_mscldap_netlogon_flags_ldap = -1;
126 static int hf_mscldap_netlogon_flags_ds = -1;
127 static int hf_mscldap_netlogon_flags_kdc = -1;
128 static int hf_mscldap_netlogon_flags_timeserv = -1;
129 static int hf_mscldap_netlogon_flags_closest = -1;
130 static int hf_mscldap_netlogon_flags_writable = -1;
131 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
132 static int hf_mscldap_netlogon_flags_ndnc = -1;
133 static int hf_mscldap_domain_guid = -1;
134 static int hf_mscldap_forest = -1;
135 static int hf_mscldap_domain = -1;
136 static int hf_mscldap_hostname = -1;
137 static int hf_mscldap_nb_domain = -1;
138 static int hf_mscldap_nb_hostname = -1;
139 static int hf_mscldap_username = -1;
140 static int hf_mscldap_sitename = -1;
141 static int hf_mscldap_clientsitename = -1;
142 static int hf_mscldap_netlogon_version = -1;
143 static int hf_mscldap_netlogon_lm_token = -1;
144 static int hf_mscldap_netlogon_nt_token = -1;
145 static int hf_ldap_sid = -1;
146 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
147 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
148 static int hf_ldap_AccessMask_ADS_LIST = -1;
149 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
150 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
151 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
152 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
153 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
154 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
157 /*--- Included file: packet-ldap-hf.c ---*/
158 #line 1 "packet-ldap-hf.c"
159 static int hf_ldap_LDAPMessage_PDU = -1; /* LDAPMessage */
160 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
161 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
162 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
163 static int hf_ldap_ReplControlValue_PDU = -1; /* ReplControlValue */
164 static int hf_ldap_messageID = -1; /* MessageID */
165 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
166 static int hf_ldap_controls = -1; /* Controls */
167 static int hf_ldap_bindRequest = -1; /* BindRequest */
168 static int hf_ldap_bindResponse = -1; /* BindResponse */
169 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
170 static int hf_ldap_searchRequest = -1; /* SearchRequest */
171 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
172 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
173 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
174 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
175 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
176 static int hf_ldap_addRequest = -1; /* AddRequest */
177 static int hf_ldap_addResponse = -1; /* AddResponse */
178 static int hf_ldap_delRequest = -1; /* DelRequest */
179 static int hf_ldap_delResponse = -1; /* DelResponse */
180 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
181 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
182 static int hf_ldap_compareRequest = -1; /* CompareRequest */
183 static int hf_ldap_compareResponse = -1; /* CompareResponse */
184 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
185 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
186 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
187 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
188 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
189 static int hf_ldap_assertionValue = -1; /* AssertionValue */
190 static int hf_ldap_type = -1; /* AttributeDescription */
191 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
192 static int hf_ldap_vals_item = -1; /* AttributeValue */
193 static int hf_ldap_resultCode = -1; /* T_resultCode */
194 static int hf_ldap_matchedDN = -1; /* LDAPDN */
195 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
196 static int hf_ldap_referral = -1; /* Referral */
197 static int hf_ldap_Referral_item = -1; /* LDAPURL */
198 static int hf_ldap_Controls_item = -1; /* Control */
199 static int hf_ldap_controlType = -1; /* ControlType */
200 static int hf_ldap_criticality = -1; /* BOOLEAN */
201 static int hf_ldap_controlValue = -1; /* T_controlValue */
202 static int hf_ldap_version = -1; /* INTEGER_1_127 */
203 static int hf_ldap_name = -1; /* LDAPDN */
204 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
205 static int hf_ldap_simple = -1; /* Simple */
206 static int hf_ldap_sasl = -1; /* SaslCredentials */
207 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
208 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
209 static int hf_ldap_mechanism = -1; /* Mechanism */
210 static int hf_ldap_credentials = -1; /* Credentials */
211 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
212 static int hf_ldap_matchedDN1 = -1; /* T_matchedDN */
213 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
214 static int hf_ldap_baseObject = -1; /* LDAPDN */
215 static int hf_ldap_scope = -1; /* T_scope */
216 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
217 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
218 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
219 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
220 static int hf_ldap_filter = -1; /* T_filter */
221 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
222 static int hf_ldap_and = -1; /* T_and */
223 static int hf_ldap_and_item = -1; /* T_and_item */
224 static int hf_ldap_or = -1; /* T_or */
225 static int hf_ldap_or_item = -1; /* T_or_item */
226 static int hf_ldap_not = -1; /* T_not */
227 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
228 static int hf_ldap_substrings = -1; /* SubstringFilter */
229 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
230 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
231 static int hf_ldap_present = -1; /* T_present */
232 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
233 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
234 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
235 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
236 static int hf_ldap_initial = -1; /* LDAPString */
237 static int hf_ldap_any = -1; /* LDAPString */
238 static int hf_ldap_final = -1; /* LDAPString */
239 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
240 static int hf_ldap_matchValue = -1; /* AssertionValue */
241 static int hf_ldap_dnAttributes = -1; /* BOOLEAN */
242 static int hf_ldap_objectName = -1; /* LDAPDN */
243 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
244 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
245 static int hf_ldap_SearchResultReference_item = -1; /* LDAPURL */
246 static int hf_ldap_object = -1; /* LDAPDN */
247 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
248 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
249 static int hf_ldap_operation = -1; /* T_operation */
250 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
251 static int hf_ldap_entry = -1; /* LDAPDN */
252 static int hf_ldap_attributes = -1; /* AttributeList */
253 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
254 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
255 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
256 static int hf_ldap_newSuperior = -1; /* LDAPDN */
257 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
258 static int hf_ldap_requestName = -1; /* LDAPOID */
259 static int hf_ldap_requestValue = -1; /* OCTET_STRING */
260 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
261 static int hf_ldap_responseName = -1; /* ResponseName */
262 static int hf_ldap_response = -1; /* OCTET_STRING */
263 static int hf_ldap_size = -1; /* INTEGER */
264 static int hf_ldap_cookie = -1; /* OCTET_STRING */
265 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
266 static int hf_ldap_attributeType = -1; /* AttributeDescription */
267 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
268 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
269 static int hf_ldap_sortResult = -1; /* T_sortResult */
270 static int hf_ldap_parentsFirst = -1; /* INTEGER */
271 static int hf_ldap_maxReturnLength = -1; /* INTEGER */
273 /*--- End of included file: packet-ldap-hf.c ---*/
274 #line 149 "packet-ldap-template.c"
276 /* Initialize the subtree pointers */
277 static gint ett_ldap = -1;
278 static gint ett_ldap_msg = -1;
279 static gint ett_ldap_sasl_blob = -1;
280 static guint ett_ldap_payload = -1;
281 static gint ett_mscldap_netlogon_flags = -1;
284 /*--- Included file: packet-ldap-ett.c ---*/
285 #line 1 "packet-ldap-ett.c"
286 static gint ett_ldap_LDAPMessage = -1;
287 static gint ett_ldap_ProtocolOp = -1;
288 static gint ett_ldap_AttributeDescriptionList = -1;
289 static gint ett_ldap_AttributeValueAssertion = -1;
290 static gint ett_ldap_Attribute = -1;
291 static gint ett_ldap_SET_OF_AttributeValue = -1;
292 static gint ett_ldap_LDAPResult = -1;
293 static gint ett_ldap_Referral = -1;
294 static gint ett_ldap_Controls = -1;
295 static gint ett_ldap_Control = -1;
296 static gint ett_ldap_BindRequest = -1;
297 static gint ett_ldap_AuthenticationChoice = -1;
298 static gint ett_ldap_SaslCredentials = -1;
299 static gint ett_ldap_BindResponse = -1;
300 static gint ett_ldap_SearchRequest = -1;
301 static gint ett_ldap_Filter = -1;
302 static gint ett_ldap_T_and = -1;
303 static gint ett_ldap_T_or = -1;
304 static gint ett_ldap_SubstringFilter = -1;
305 static gint ett_ldap_T_substringFilter_substrings = -1;
306 static gint ett_ldap_T_substringFilter_substrings_item = -1;
307 static gint ett_ldap_MatchingRuleAssertion = -1;
308 static gint ett_ldap_SearchResultEntry = -1;
309 static gint ett_ldap_PartialAttributeList = -1;
310 static gint ett_ldap_PartialAttributeList_item = -1;
311 static gint ett_ldap_SearchResultReference = -1;
312 static gint ett_ldap_ModifyRequest = -1;
313 static gint ett_ldap_ModifyRequest_modification = -1;
314 static gint ett_ldap_T_modifyRequest_modification_item = -1;
315 static gint ett_ldap_AttributeTypeAndValues = -1;
316 static gint ett_ldap_AddRequest = -1;
317 static gint ett_ldap_AttributeList = -1;
318 static gint ett_ldap_AttributeList_item = -1;
319 static gint ett_ldap_ModifyDNRequest = -1;
320 static gint ett_ldap_CompareRequest = -1;
321 static gint ett_ldap_ExtendedRequest = -1;
322 static gint ett_ldap_ExtendedResponse = -1;
323 static gint ett_ldap_SearchControlValue = -1;
324 static gint ett_ldap_SortKeyList = -1;
325 static gint ett_ldap_SortKeyList_item = -1;
326 static gint ett_ldap_SortResult = -1;
327 static gint ett_ldap_ReplControlValue = -1;
329 /*--- End of included file: packet-ldap-ett.c ---*/
330 #line 158 "packet-ldap-template.c"
332 static dissector_table_t ldap_name_dissector_table=NULL;
333 static const char *object_identifier_id = NULL; /* LDAP OID */
335 /* desegmentation of LDAP */
336 static gboolean ldap_desegment = TRUE;
337 static guint ldap_tcp_port = 389;
339 static gboolean do_protocolop = FALSE;
340 static gchar *attr_type = NULL;
341 static gboolean is_binary_attr_type = FALSE;
343 #define TCP_PORT_LDAP 389
344 #define UDP_PORT_CLDAP 389
345 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
347 static dissector_handle_t gssapi_handle;
348 static dissector_handle_t gssapi_wrap_handle;
349 static dissector_handle_t ntlmssp_handle = NULL;
352 /* different types of rpc calls ontop of ms cldap */
353 #define MSCLDAP_RPC_NETLOGON 1
355 /* Message type Choice values */
356 static const value_string ldap_ProtocolOp_choice_vals[] = {
357 { 0, "bindRequest" },
358 { 1, "bindResponse" },
359 { 2, "unbindRequest" },
360 { 3, "searchRequest" },
361 { 4, "searchResEntry" },
362 { 5, "searchResDone" },
363 { 6, "searchResRef" },
364 { 7, "modifyRequest" },
365 { 8, "modifyResponse" },
367 { 10, "addResponse" },
368 { 11, "delRequest" },
369 { 12, "delResponse" },
370 { 13, "modDNRequest" },
371 { 14, "modDNResponse" },
372 { 15, "compareRequest" },
373 { 16, "compareResponse" },
374 { 17, "abandonRequest" },
375 { 18, "extendedReq" },
376 { 19, "extendedResp" },
380 * Data structure attached to a conversation, giving authentication
381 * information from a bind request.
382 * We keep a linked list of them, so that we can free up all the
383 * authentication mechanism strings.
385 typedef struct ldap_conv_info_t {
386 struct ldap_conv_info_t *next;
387 guint auth_type; /* authentication type */
388 char *auth_mech; /* authentication mechanism */
389 guint32 first_auth_frame; /* first frame that would use a security layer */
390 GHashTable *unmatched;
395 static ldap_conv_info_t *ldap_info_items;
398 ldap_info_hash_matched(gconstpointer k)
400 const ldap_call_response_t *key = k;
402 return key->messageId;
406 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
408 const ldap_call_response_t *key1 = k1;
409 const ldap_call_response_t *key2 = k2;
411 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
414 /* a response may span multiple frames
415 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
420 return key1->messageId==key2->messageId;
424 ldap_info_hash_unmatched(gconstpointer k)
426 const ldap_call_response_t *key = k;
428 return key->messageId;
432 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
434 const ldap_call_response_t *key1 = k1;
435 const ldap_call_response_t *key2 = k2;
437 return key1->messageId==key2->messageId;
440 /* This string contains the last LDAPString that was decoded */
441 static char *attributedesc_string=NULL;
443 /* This string contains the last AssertionValue that was decoded */
444 static char *ldapvalue_string=NULL;
446 /* if the octet string contain all printable ASCII characters, then
447 * display it as a string, othervise just display it in hex.
450 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index)
453 gboolean pc, ind, is_ascii;
459 offset=get_ber_identifier(tvb, offset, &class, &pc, &tag);
460 offset=get_ber_length(NULL, tvb, offset, &len, &ind);
462 len=tvb_length_remaining(tvb,offset);
471 * Some special/wellknown attributes in common LDAP (read AD)
472 * are neither ascii strings nor blobs of hex data.
473 * Special case these attributes and decode them more nicely.
475 * Add more special cases as required to prettify further
476 * (there cant be that many ones that are truly interesting)
478 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
482 /* this octet string contains an NT SID */
483 sid_tvb=tvb_new_subset(tvb, offset, len, len);
484 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
485 ldapvalue_string=tmpstr;
488 } else if ( (len==16) /* GUIDs are always 16 bytes */
489 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
490 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
493 /* This octet string contained a GUID */
494 dissect_dcerpc_uuid_t(tvb, offset, pinfo, tree, drep, hf_ldap_guid, &uuid);
496 ldapvalue_string=ep_alloc(1024);
497 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
498 uuid.Data1, uuid.Data2, uuid.Data3,
499 uuid.Data4[0], uuid.Data4[1],
500 uuid.Data4[2], uuid.Data4[3],
501 uuid.Data4[4], uuid.Data4[5],
502 uuid.Data4[6], uuid.Data4[7]);
508 * It was not one of our "wellknown" attributes so make the best
509 * we can and just try to see if it is an ascii string or if it
512 * XXX - should we support reading RFC 2252-style schemas
513 * for LDAP, and using that to determine how to display
514 * attribute values and assertion values?
516 * -- I dont think there are full schemas available that describe the
517 * interesting cases i.e. AD -- ronnie
519 str=tvb_get_ptr(tvb, offset, len);
522 if(!isascii(str[i]) || !isprint(str[i])){
528 /* convert the string into a printable string */
530 ldapvalue_string=ep_alloc(len+1);
531 memcpy(ldapvalue_string,str,len);
532 ldapvalue_string[i]=0;
534 ldapvalue_string=ep_alloc(3*len);
536 g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
537 ldapvalue_string[3*i+2]=':';
539 ldapvalue_string[3*len-1]=0;
542 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
550 /* This string contains the last Filter item that was decoded */
551 static char *Filter_string=NULL;
552 static char *and_filter_string=NULL;
553 static char *or_filter_string=NULL;
554 static char *substring_value=NULL;
555 static char *substring_item_init=NULL;
556 static char *substring_item_any=NULL;
557 static char *substring_item_final=NULL;
558 static char *matching_rule_string=NULL;
559 static gboolean matching_rule_dnattr=FALSE;
561 /* Global variables */
562 char *mechanism = NULL;
563 static gint MessageID =-1;
564 static gint ProtocolOp = -1;
565 static gint result = 0;
566 static proto_item *ldm_tree = NULL; /* item to add text to */
568 static void ldap_do_protocolop(packet_info *pinfo)
574 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
576 if(check_col(pinfo->cinfo, COL_INFO))
577 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
580 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
582 do_protocolop = FALSE;
587 static ldap_call_response_t *
588 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag)
590 ldap_call_response_t lcr, *lcrp=NULL;
591 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)pinfo->private_data;
593 /* first see if we have already matched this */
595 lcr.messageId=messageId;
596 switch(protocolOpTag){
598 case LDAP_REQ_SEARCH:
599 case LDAP_REQ_MODIFY:
601 case LDAP_REQ_DELETE:
602 case LDAP_REQ_MODRDN:
603 case LDAP_REQ_COMPARE:
605 lcr.req_frame=pinfo->fd->num;
609 case LDAP_RES_SEARCH_ENTRY:
610 case LDAP_RES_SEARCH_REF:
611 case LDAP_RES_SEARCH_RESULT:
612 case LDAP_RES_MODIFY:
614 case LDAP_RES_DELETE:
615 case LDAP_RES_MODRDN:
616 case LDAP_RES_COMPARE:
617 lcr.is_request=FALSE;
619 lcr.rep_frame=pinfo->fd->num;
622 lcrp=g_hash_table_lookup(ldap_info->matched, &lcr);
626 lcrp->is_request=lcr.is_request;
630 /* we haven't found a match - try and match it up */
632 switch(protocolOpTag){
634 case LDAP_REQ_SEARCH:
635 case LDAP_REQ_MODIFY:
637 case LDAP_REQ_DELETE:
638 case LDAP_REQ_MODRDN:
639 case LDAP_REQ_COMPARE:
641 /* this a a request - add it to the unmatched list */
643 /* check that we dont already have one of those in the
644 unmatched list and if so remove it */
646 lcr.messageId=messageId;
647 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
649 g_hash_table_remove(ldap_info->unmatched, lcrp);
651 /* if we cant reuse the old one, grab a new chunk */
653 lcrp=se_alloc(sizeof(ldap_call_response_t));
655 lcrp->messageId=messageId;
656 lcrp->req_frame=pinfo->fd->num;
657 lcrp->req_time=pinfo->fd->abs_ts;
659 lcrp->protocolOpTag=protocolOpTag;
660 lcrp->is_request=TRUE;
661 g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
665 case LDAP_RES_SEARCH_ENTRY:
666 case LDAP_RES_SEARCH_REF:
667 case LDAP_RES_SEARCH_RESULT:
668 case LDAP_RES_MODIFY:
670 case LDAP_RES_DELETE:
671 case LDAP_RES_MODRDN:
672 case LDAP_RES_COMPARE:
674 /* this is a result - it should be in our unmatched list */
676 lcr.messageId=messageId;
677 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
681 if(!lcrp->rep_frame){
682 g_hash_table_remove(ldap_info->unmatched, lcrp);
683 lcrp->rep_frame=pinfo->fd->num;
684 lcrp->is_request=FALSE;
685 g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
693 /* we have found a match */
698 if(lcrp->is_request){
699 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
700 PROTO_ITEM_SET_GENERATED(it);
703 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
704 PROTO_ITEM_SET_GENERATED(it);
705 nstime_delta(&ns, &pinfo->fd->abs_ts, &lcrp->req_time);
706 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
707 PROTO_ITEM_SET_GENERATED(it);
715 /*--- Included file: packet-ldap-fn.c ---*/
716 #line 1 "packet-ldap-fn.c"
717 /*--- Cyclic dependencies ---*/
719 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
720 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
721 /* Filter -> Filter/not -> Filter */
722 static int dissect_ldap_Filter(gboolean implicit_tag, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, int hf_index);
726 /*--- Fields for imported types ---*/
732 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
735 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
745 static int dissect_messageID(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
746 return dissect_ldap_MessageID(FALSE, tvb, offset, pinfo, tree, hf_ldap_messageID);
752 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
753 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
758 static int dissect_version(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
759 return dissect_ldap_INTEGER_1_127(FALSE, tvb, offset, pinfo, tree, hf_ldap_version);
765 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
767 tvbuff_t *parameter_tvb = NULL;
769 gchar *sc = NULL; /* semi-colon pointer */
771 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
775 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
777 ldap_do_protocolop(pinfo);
780 ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0));
782 ldapstring = "<ROOT>";
784 if(hf_index == hf_ldap_baseObject) {
785 /* this is search - put it on the scanline */
786 if(check_col(pinfo->cinfo, COL_INFO))
787 col_append_fstr(pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
790 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
795 proto_item_append_text(ber_last_created_item, " (%s)", ldapstring);
798 } else if ((hf_index == hf_ldap_errorMessage) && result) { /* only show message if not success */
799 if(check_col(pinfo->cinfo, COL_INFO))
800 col_append_fstr(pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
803 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
804 } else if (hf_index == hf_ldap_objectName) {
805 if(check_col(pinfo->cinfo, COL_INFO))
806 col_append_fstr(pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
809 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
810 } else if (hf_index == hf_ldap_attributeDesc){
811 /* remember the attribute description */
812 attributedesc_string=ldapstring;
813 } else if (hf_index == hf_ldap_initial){
814 /* remember the substring item */
815 substring_item_init=ldapstring;
816 } else if (hf_index == hf_ldap_any){
817 /* remember the substring item */
818 substring_item_any=ldapstring;
819 } else if (hf_index == hf_ldap_final){
820 /* remember the substring item */
821 substring_item_final=ldapstring;
822 } else if (hf_index == hf_ldap_matchingRule){
823 /* remember the matching rule */
824 matching_rule_string=ldapstring;
825 } else if (hf_index == hf_ldap_present){
826 /* remember the present name */
827 Filter_string=ldapstring;
828 } else if (hf_index == hf_ldap_type) {
829 /* remember attribute type name */
830 attr_type = ep_strdup(ldapstring);
832 /* append it to the parent entry */
833 proto_item_append_text(tree, " %s", attr_type);
835 /* remove the ";binary" component if present */
836 if((sc = strchr(attr_type, ';')) != NULL) {
837 if(!strcmp(sc, ";binary")) {
838 *sc = '\0'; /* terminate the string */
839 is_binary_attr_type = TRUE;
842 is_binary_attr_type = FALSE;
853 static int dissect_initial_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
854 return dissect_ldap_LDAPString(TRUE, tvb, offset, pinfo, tree, hf_ldap_initial);
856 static int dissect_any_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
857 return dissect_ldap_LDAPString(TRUE, tvb, offset, pinfo, tree, hf_ldap_any);
859 static int dissect_final_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
860 return dissect_ldap_LDAPString(TRUE, tvb, offset, pinfo, tree, hf_ldap_final);
866 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
867 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
871 static int dissect_matchedDN(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
872 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_matchedDN);
874 static int dissect_name(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
875 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_name);
877 static int dissect_baseObject(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
878 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_baseObject);
880 static int dissect_objectName(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
881 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_objectName);
883 static int dissect_object(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
884 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_object);
886 static int dissect_entry(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
887 return dissect_ldap_LDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_entry);
889 static int dissect_newSuperior_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
890 return dissect_ldap_LDAPDN(TRUE, tvb, offset, pinfo, tree, hf_ldap_newSuperior);
896 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
898 ldap_conv_info_t *ldap_info;
900 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
904 ldap_info = pinfo->private_data;
905 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
907 pinfo->private_data = ldap_info;
913 static int dissect_simple_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
914 return dissect_ldap_Simple(TRUE, tvb, offset, pinfo, tree, hf_ldap_simple);
920 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
923 ldap_conv_info_t *ldap_info;
924 tvbuff_t *parameter_tvb;
925 char *mechanism = NULL;
926 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
929 ldap_info = pinfo->private_data;
930 ldap_info->auth_type = LDAP_AUTH_SASL;
936 * We need to remember the authentication type and mechanism for this
939 * XXX - actually, we might need to remember more than one
940 * type and mechanism, if you can unbind and rebind with a
941 * different type and/or mechanism.
943 mechanism = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
944 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
946 * If the mechanism in this request is an empty string (which is
947 * returned as a null pointer), use the saved mechanism instead.
948 * Otherwise, if the saved mechanism is an empty string (null),
949 * save this mechanism.
951 if (mechanism == NULL)
952 mechanism = ldap_info->auth_mech;
954 if (ldap_info->auth_mech == NULL) {
955 g_free(ldap_info->auth_mech);
957 ldap_info->auth_mech = mechanism;
959 pinfo->private_data = ldap_info;
965 static int dissect_mechanism(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
966 return dissect_ldap_Mechanism(FALSE, tvb, offset, pinfo, tree, hf_ldap_mechanism);
972 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
975 tvbuff_t *parameter_tvb;
976 ldap_conv_info_t *ldap_info;
978 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
984 ldap_info = pinfo->private_data;
985 if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
987 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
990 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
991 } else if (ldap_info->auth_mech != NULL && strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
993 * This is a raw GSS-API token.
996 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
998 pinfo->private_data = ldap_info;
1004 static int dissect_credentials(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1005 return dissect_ldap_Credentials(FALSE, tvb, offset, pinfo, tree, hf_ldap_credentials);
1009 static const ber_sequence_t SaslCredentials_sequence[] = {
1010 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_mechanism },
1011 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_credentials },
1016 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1017 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1018 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1022 static int dissect_sasl_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1023 return dissect_ldap_SaslCredentials(TRUE, tvb, offset, pinfo, tree, hf_ldap_sasl);
1029 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1030 #line 624 "ldap.cnf"
1031 /* make sure the protocol op comes first */
1032 ldap_do_protocolop(pinfo);
1034 call_dissector(ntlmssp_handle, tvb, pinfo, tree);
1035 offset+=tvb_length_remaining(tvb, offset);
1041 static int dissect_ntlmsspNegotiate_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1042 return dissect_ldap_T_ntlmsspNegotiate(TRUE, tvb, offset, pinfo, tree, hf_ldap_ntlmsspNegotiate);
1048 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1049 #line 631 "ldap.cnf"
1050 /* make sure the protocol op comes first */
1051 ldap_do_protocolop(pinfo);
1053 call_dissector(ntlmssp_handle, tvb, pinfo, tree);
1054 offset+=tvb_length_remaining(tvb, offset);
1060 static int dissect_ntlmsspAuth_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1061 return dissect_ldap_T_ntlmsspAuth(TRUE, tvb, offset, pinfo, tree, hf_ldap_ntlmsspAuth);
1065 static const value_string ldap_AuthenticationChoice_vals[] = {
1068 { 10, "ntlmsspNegotiate" },
1069 { 11, "ntlmsspAuth" },
1073 static const ber_choice_t AuthenticationChoice_choice[] = {
1074 { 0, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_simple_impl },
1075 { 3, BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_sasl_impl },
1076 { 10, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ntlmsspNegotiate_impl },
1077 { 11, BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ntlmsspAuth_impl },
1078 { 0, 0, 0, 0, NULL }
1082 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1083 #line 437 "ldap.cnf"
1086 const gchar *valstr;
1088 offset = dissect_ber_choice(pinfo, tree, tvb, offset,
1089 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1093 ldap_do_protocolop(pinfo);
1095 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1096 auth = AuthenticationChoice_choice[branch].value;
1098 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1100 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1101 if (check_col(pinfo->cinfo, COL_INFO) && (auth != 10) && (auth != 11))
1102 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
1105 proto_item_append_text(ldm_tree, " %s", valstr);
1112 static int dissect_authentication(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1113 return dissect_ldap_AuthenticationChoice(FALSE, tvb, offset, pinfo, tree, hf_ldap_authentication);
1117 static const ber_sequence_t BindRequest_sequence[] = {
1118 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_version },
1119 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_name },
1120 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_authentication },
1125 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1126 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1127 BindRequest_sequence, hf_index, ett_ldap_BindRequest);
1131 static int dissect_bindRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1132 return dissect_ldap_BindRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_bindRequest);
1136 static const value_string ldap_BindResponse_resultCode_vals[] = {
1138 { 1, "operationsError" },
1139 { 2, "protocolError" },
1140 { 3, "timeLimitExceeded" },
1141 { 4, "sizeLimitExceeded" },
1142 { 5, "compareFalse" },
1143 { 6, "compareTrue" },
1144 { 7, "authMethodNotSupported" },
1145 { 8, "strongAuthRequired" },
1147 { 11, "adminLimitExceeded" },
1148 { 12, "unavailableCriticalExtension" },
1149 { 13, "confidentialityRequired" },
1150 { 14, "saslBindInProgress" },
1151 { 16, "noSuchAttribute" },
1152 { 17, "undefinedAttributeType" },
1153 { 18, "inappropriateMatching" },
1154 { 19, "constraintViolation" },
1155 { 20, "attributeOrValueExists" },
1156 { 21, "invalidAttributeSyntax" },
1157 { 32, "noSuchObject" },
1158 { 33, "aliasProblem" },
1159 { 34, "invalidDNSyntax" },
1160 { 36, "aliasDereferencingProblem" },
1161 { 48, "inappropriateAuthentication" },
1162 { 49, "invalidCredentials" },
1163 { 50, "insufficientAccessRights" },
1165 { 52, "unavailable" },
1166 { 53, "unwillingToPerform" },
1167 { 54, "loopDetect" },
1168 { 64, "namingViolation" },
1169 { 65, "objectClassViolation" },
1170 { 66, "notAllowedOnNonLeaf" },
1171 { 67, "notAllowedOnRDN" },
1172 { 68, "entryAlreadyExists" },
1173 { 69, "objectClassModsProhibited" },
1174 { 71, "affectsMultipleDSAs" },
1181 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1182 #line 379 "ldap.cnf"
1184 const gchar *valstr;
1186 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1190 ldap_do_protocolop(pinfo);
1194 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1196 if (check_col(pinfo->cinfo, COL_INFO))
1197 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
1200 proto_item_append_text(ldm_tree, " %s", valstr);
1209 static int dissect_bindResponse_resultCode(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1210 return dissect_ldap_BindResponse_resultCode(FALSE, tvb, offset, pinfo, tree, hf_ldap_bindResponse_resultCode);
1216 dissect_ldap_T_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1217 #line 638 "ldap.cnf"
1218 tvbuff_t *new_tvb=NULL;
1220 offset = dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1223 && (tvb_length(new_tvb)>=7)
1224 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1226 /* make sure the protocol op comes first */
1227 ldap_do_protocolop(pinfo);
1229 call_dissector(ntlmssp_handle, new_tvb, pinfo, tree);
1237 static int dissect_matchedDN1(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1238 return dissect_ldap_T_matchedDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_matchedDN1);
1244 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1245 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1249 static int dissect_errorMessage(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1250 return dissect_ldap_ErrorMessage(FALSE, tvb, offset, pinfo, tree, hf_ldap_errorMessage);
1256 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1257 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1261 PROTO_ITEM_SET_URL(get_ber_last_created_item());
1266 static int dissect_Referral_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1267 return dissect_ldap_LDAPURL(FALSE, tvb, offset, pinfo, tree, hf_ldap_Referral_item);
1269 static int dissect_SearchResultReference_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1270 return dissect_ldap_LDAPURL(FALSE, tvb, offset, pinfo, tree, hf_ldap_SearchResultReference_item);
1274 static const ber_sequence_t Referral_sequence_of[1] = {
1275 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_Referral_item },
1279 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1280 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
1281 Referral_sequence_of, hf_index, ett_ldap_Referral);
1285 static int dissect_referral_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1286 return dissect_ldap_Referral(TRUE, tvb, offset, pinfo, tree, hf_ldap_referral);
1292 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1293 #line 194 "ldap.cnf"
1295 tvbuff_t *parameter_tvb;
1296 ldap_conv_info_t *ldap_info;
1298 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1303 ldap_info = pinfo->private_data;
1304 switch (ldap_info->auth_type) {
1306 /* For Kerberos V4, dissect it as a ticket. */
1307 /* XXX - what about LDAP_AUTH_SIMPLE? */
1309 case LDAP_AUTH_SASL:
1311 * All frames after this are assumed to use a security layer.
1313 * XXX - won't work if there's another reply, with the security
1314 * layer, starting in the same TCP segment that ends this
1315 * reply, but as LDAP is a request/response protocol, and
1316 * as the client probably can't start using authentication until
1317 * it gets the bind reply and the server won't send a reply until
1318 * it gets a request, that probably won't happen.
1320 * XXX - that assumption is invalid; it's not clear where the
1321 * hell you find out whether there's any security layer. In
1322 * one capture, we have two GSS-SPNEGO negotiations, both of
1323 * which select MS KRB5, and the only differences in the tokens
1324 * is in the RC4-HMAC ciphertext. The various
1325 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1326 * that the RFC 2222 spoo with the bitmask and maximum
1327 * output message size stuff is done - but where does that
1328 * stuff show up? Is it in the ciphertext, which means it's
1329 * presumably encrypted?
1331 * Grrr. We have to do a gross heuristic, checking whether the
1332 * putative LDAP message begins with 0x00 or not, making the
1333 * assumption that we won't have more than 2^24 bytes of
1334 * encapsulated stuff.
1336 ldap_info->first_auth_frame = pinfo->fd->num + 1;
1337 if (ldap_info->auth_mech != NULL &&
1338 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1340 * This is a GSS-API token.
1342 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
1343 } else if (ldap_info->auth_mech != NULL &&
1344 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1346 * This is a GSS-API token.
1348 call_dissector(gssapi_handle, parameter_tvb, pinfo, tree);
1352 pinfo->private_data = ldap_info;
1358 static int dissect_serverSaslCreds_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1359 return dissect_ldap_ServerSaslCreds(TRUE, tvb, offset, pinfo, tree, hf_ldap_serverSaslCreds);
1363 static const ber_sequence_t BindResponse_sequence[] = {
1364 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_bindResponse_resultCode },
1365 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_matchedDN1 },
1366 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_errorMessage },
1367 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_referral_impl },
1368 { BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_serverSaslCreds_impl },
1373 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1374 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1375 BindResponse_sequence, hf_index, ett_ldap_BindResponse);
1379 static int dissect_bindResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1380 return dissect_ldap_BindResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_bindResponse);
1386 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1387 #line 459 "ldap.cnf"
1389 implicit_tag = TRUE; /* correct problem with asn2wrs */
1391 offset = dissect_ber_null(implicit_tag, pinfo, tree, tvb, offset, hf_index);
1394 ldap_do_protocolop(pinfo);
1404 static int dissect_unbindRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1405 return dissect_ldap_UnbindRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_unbindRequest);
1409 static const value_string ldap_T_scope_vals[] = {
1410 { 0, "baseObject" },
1411 { 1, "singleLevel" },
1412 { 2, "wholeSubtree" },
1418 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1419 #line 338 "ldap.cnf"
1422 const gchar *valstr;
1424 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1428 ldap_do_protocolop(pinfo);
1430 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1432 if (check_col(pinfo->cinfo, COL_INFO))
1433 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
1436 proto_item_append_text(ldm_tree, " %s", valstr);
1442 static int dissect_scope(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1443 return dissect_ldap_T_scope(FALSE, tvb, offset, pinfo, tree, hf_ldap_scope);
1447 static const value_string ldap_T_derefAliases_vals[] = {
1448 { 0, "neverDerefAliases" },
1449 { 1, "derefInSearching" },
1450 { 2, "derefFindingBaseObj" },
1451 { 3, "derefAlways" },
1457 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1458 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1463 static int dissect_derefAliases(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1464 return dissect_ldap_T_derefAliases(FALSE, tvb, offset, pinfo, tree, hf_ldap_derefAliases);
1470 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1471 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
1476 static int dissect_sizeLimit(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1477 return dissect_ldap_INTEGER_0_maxInt(FALSE, tvb, offset, pinfo, tree, hf_ldap_sizeLimit);
1479 static int dissect_timeLimit(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1480 return dissect_ldap_INTEGER_0_maxInt(FALSE, tvb, offset, pinfo, tree, hf_ldap_timeLimit);
1486 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1487 #line 552 "ldap.cnf"
1490 offset = dissect_ber_boolean_value(implicit_tag, pinfo, tree, tvb, offset, hf_index, &val);
1492 if (hf_index == hf_ldap_dnAttributes) {
1493 matching_rule_dnattr = val;
1500 static int dissect_criticality(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1501 return dissect_ldap_BOOLEAN(FALSE, tvb, offset, pinfo, tree, hf_ldap_criticality);
1503 static int dissect_typesOnly(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1504 return dissect_ldap_BOOLEAN(FALSE, tvb, offset, pinfo, tree, hf_ldap_typesOnly);
1506 static int dissect_dnAttributes_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1507 return dissect_ldap_BOOLEAN(TRUE, tvb, offset, pinfo, tree, hf_ldap_dnAttributes);
1509 static int dissect_deleteoldrdn(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1510 return dissect_ldap_BOOLEAN(FALSE, tvb, offset, pinfo, tree, hf_ldap_deleteoldrdn);
1512 static int dissect_reverseOrder_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1513 return dissect_ldap_BOOLEAN(TRUE, tvb, offset, pinfo, tree, hf_ldap_reverseOrder);
1519 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1520 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1522 #line 493 "ldap.cnf"
1523 if(and_filter_string){
1524 and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string);
1526 and_filter_string=Filter_string;
1532 static int dissect_and_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1533 return dissect_ldap_T_and_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_and_item);
1537 static const ber_sequence_t T_and_set_of[1] = {
1538 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_and_item },
1542 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1543 #line 500 "ldap.cnf"
1544 const ber_sequence_t and_set_of[1] = { { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_and_item },
1546 proto_tree *tr=NULL;
1547 proto_item *it=NULL;
1548 char *old_and_filter_string=and_filter_string;
1550 and_filter_string=NULL;
1552 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "and: ");
1553 tr=proto_item_add_subtree(it, ett_ldap_T_and);
1555 offset = dissect_ber_set_of(implicit_tag, pinfo, tr, tvb, offset,
1556 and_set_of, -1, ett_ldap_T_and);
1558 proto_item_append_text(it, "%s", and_filter_string);
1559 Filter_string=ep_strdup_printf("%s",and_filter_string);
1560 and_filter_string=old_and_filter_string;
1566 static int dissect_and_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1567 return dissect_ldap_T_and(TRUE, tvb, offset, pinfo, tree, hf_ldap_and);
1573 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1574 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1576 #line 519 "ldap.cnf"
1577 if(or_filter_string){
1578 or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string);
1580 or_filter_string=Filter_string;
1587 static int dissect_or_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1588 return dissect_ldap_T_or_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_or_item);
1592 static const ber_sequence_t T_or_set_of[1] = {
1593 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_or_item },
1597 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1598 #line 527 "ldap.cnf"
1599 const ber_sequence_t or_set_of[1] = { { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_or_item },
1601 proto_tree *tr=NULL;
1602 proto_item *it=NULL;
1603 char *old_or_filter_string=or_filter_string;
1605 or_filter_string=NULL;
1607 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "or: ");
1608 tr=proto_item_add_subtree(it, ett_ldap_T_or);
1610 offset = dissect_ber_set_of(implicit_tag, pinfo, tr, tvb, offset,
1611 or_set_of, -1, ett_ldap_T_or);
1613 proto_item_append_text(it, "%s", or_filter_string);
1614 Filter_string=ep_strdup_printf("%s",or_filter_string);
1615 or_filter_string=old_or_filter_string;
1621 static int dissect_or_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1622 return dissect_ldap_T_or(TRUE, tvb, offset, pinfo, tree, hf_ldap_or);
1628 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1629 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1631 #line 549 "ldap.cnf"
1632 Filter_string=ep_strdup_printf("(!%s)",Filter_string);
1637 static int dissect_not_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1638 return dissect_ldap_T_not(TRUE, tvb, offset, pinfo, tree, hf_ldap_not);
1644 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1645 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1649 static int dissect_AttributeDescriptionList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1650 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_AttributeDescriptionList_item);
1652 static int dissect_attributeDesc(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1653 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_attributeDesc);
1655 static int dissect_type(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1656 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_type);
1658 static int dissect_type_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1659 return dissect_ldap_AttributeDescription(TRUE, tvb, offset, pinfo, tree, hf_ldap_type);
1661 static int dissect_attributeType(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1662 return dissect_ldap_AttributeDescription(FALSE, tvb, offset, pinfo, tree, hf_ldap_attributeType);
1664 static int dissect_attributeType_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1665 return dissect_ldap_AttributeDescription(TRUE, tvb, offset, pinfo, tree, hf_ldap_attributeType);
1668 static int dissect_assertionValue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1669 return dissect_ldap_AssertionValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_assertionValue);
1671 static int dissect_matchValue_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1672 return dissect_ldap_AssertionValue(TRUE, tvb, offset, pinfo, tree, hf_ldap_matchValue);
1676 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1677 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_attributeDesc },
1678 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_assertionValue },
1683 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1684 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1685 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1689 static int dissect_ava(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1690 return dissect_ldap_AttributeValueAssertion(FALSE, tvb, offset, pinfo, tree, hf_ldap_ava);
1696 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1697 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1699 #line 478 "ldap.cnf"
1700 Filter_string=ep_strdup_printf("(%s=%s)",attributedesc_string,ldapvalue_string);
1706 static int dissect_equalityMatch_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1707 return dissect_ldap_T_equalityMatch(TRUE, tvb, offset, pinfo, tree, hf_ldap_equalityMatch);
1711 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
1718 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
1719 { 0, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_initial_impl },
1720 { 1, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_any_impl },
1721 { 2, BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_final_impl },
1722 { 0, 0, 0, 0, NULL }
1726 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1727 offset = dissect_ber_choice(pinfo, tree, tvb, offset,
1728 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
1731 #line 575 "ldap.cnf"
1732 if (substring_item_final) {
1733 substring_value=ep_strdup_printf("%s%s",
1734 (substring_value?substring_value:"*"),
1735 substring_item_final);
1736 } else if (substring_item_any) {
1737 substring_value=ep_strdup_printf("%s%s*",
1738 (substring_value?substring_value:"*"),
1739 substring_item_any);
1740 } else if (substring_item_init) {
1741 substring_value=ep_strdup_printf("%s*",
1742 substring_item_init);
1748 static int dissect_substringFilter_substrings_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1749 return dissect_ldap_T_substringFilter_substrings_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_substringFilter_substrings_item);
1753 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
1754 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_substringFilter_substrings_item },
1758 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1759 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
1760 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
1764 static int dissect_substringFilter_substrings(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1765 return dissect_ldap_T_substringFilter_substrings(FALSE, tvb, offset, pinfo, tree, hf_ldap_substringFilter_substrings);
1769 static const ber_sequence_t SubstringFilter_sequence[] = {
1770 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
1771 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_substringFilter_substrings },
1776 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1777 #line 589 "ldap.cnf"
1778 proto_tree *tr=NULL;
1779 proto_item *it=NULL;
1780 char *old_substring_value=substring_value;
1782 substring_value=NULL;
1783 substring_item_init=NULL;
1784 substring_item_any=NULL;
1785 substring_item_final=NULL;
1787 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "substring: ");
1788 tr=proto_item_add_subtree(it, ett_ldap_SubstringFilter);
1790 offset = dissect_ber_sequence(implicit_tag, pinfo, tr, tvb, offset,
1791 SubstringFilter_sequence, hf_index,
1792 ett_ldap_SubstringFilter);
1794 Filter_string=ep_strdup_printf("(%s=%s)",attr_type,substring_value);
1795 proto_item_append_text(it, "%s", Filter_string);
1796 substring_value=old_substring_value;
1802 static int dissect_substrings_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1803 return dissect_ldap_SubstringFilter(TRUE, tvb, offset, pinfo, tree, hf_ldap_substrings);
1809 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1810 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1812 #line 482 "ldap.cnf"
1813 Filter_string=ep_strdup_printf("(%s>=%s)",attributedesc_string,ldapvalue_string);
1819 static int dissect_greaterOrEqual_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1820 return dissect_ldap_T_greaterOrEqual(TRUE, tvb, offset, pinfo, tree, hf_ldap_greaterOrEqual);
1826 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1827 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1829 #line 486 "ldap.cnf"
1830 Filter_string=ep_strdup_printf("(%s<=%s)",attributedesc_string,ldapvalue_string);
1836 static int dissect_lessOrEqual_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1837 return dissect_ldap_T_lessOrEqual(TRUE, tvb, offset, pinfo, tree, hf_ldap_lessOrEqual);
1843 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1844 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1846 #line 546 "ldap.cnf"
1847 Filter_string=ep_strdup_printf("(%s=*)",Filter_string);
1852 static int dissect_present_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1853 return dissect_ldap_T_present(TRUE, tvb, offset, pinfo, tree, hf_ldap_present);
1859 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1860 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1862 #line 490 "ldap.cnf"
1863 Filter_string=ep_strdup_printf("(%s~=%s)",attributedesc_string,ldapvalue_string);
1868 static int dissect_approxMatch_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1869 return dissect_ldap_T_approxMatch(TRUE, tvb, offset, pinfo, tree, hf_ldap_approxMatch);
1875 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1876 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1880 static int dissect_matchingRule_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1881 return dissect_ldap_MatchingRuleId(TRUE, tvb, offset, pinfo, tree, hf_ldap_matchingRule);
1883 static int dissect_orderingRule_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1884 return dissect_ldap_MatchingRuleId(TRUE, tvb, offset, pinfo, tree, hf_ldap_orderingRule);
1888 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
1889 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_matchingRule_impl },
1890 { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_type_impl },
1891 { BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_matchValue_impl },
1892 { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_dnAttributes_impl },
1897 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1898 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
1899 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
1907 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1908 #line 561 "ldap.cnf"
1910 matching_rule_string=NULL;
1911 ldapvalue_string=NULL;
1912 matching_rule_dnattr=FALSE;
1915 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1917 #line 567 "ldap.cnf"
1918 Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)",
1919 (attr_type?attr_type:""),
1920 (matching_rule_dnattr?"dn:":""),
1921 (matching_rule_string?matching_rule_string:""),
1922 (matching_rule_string?":":""),
1928 static int dissect_extensibleMatch_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
1929 return dissect_ldap_T_extensibleMatch(TRUE, tvb, offset, pinfo, tree, hf_ldap_extensibleMatch);
1933 static const value_string ldap_Filter_vals[] = {
1937 { 3, "equalityMatch" },
1938 { 4, "substrings" },
1939 { 5, "greaterOrEqual" },
1940 { 6, "lessOrEqual" },
1942 { 8, "approxMatch" },
1943 { 9, "extensibleMatch" },
1947 static const ber_choice_t Filter_choice[] = {
1948 { 0, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_and_impl },
1949 { 1, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_or_impl },
1950 { 2, BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_not_impl },
1951 { 3, BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_equalityMatch_impl },
1952 { 4, BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_substrings_impl },
1953 { 5, BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_greaterOrEqual_impl },
1954 { 6, BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_lessOrEqual_impl },
1955 { 7, BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_present_impl },
1956 { 8, BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_approxMatch_impl },
1957 { 9, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_extensibleMatch_impl },
1958 { 0, 0, 0, 0, NULL }
1962 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1963 #line 610 "ldap.cnf"
1964 proto_tree *tr=NULL;
1965 proto_item *it=NULL;
1968 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
1969 tr=proto_item_add_subtree(it, ett_ldap_Filter);
1971 offset = dissect_ber_choice(pinfo, tr, tvb, offset,
1972 Filter_choice, -1, ett_ldap_Filter,
1975 proto_item_append_text(it, "%s", Filter_string);
1985 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
1986 #line 471 "ldap.cnf"
1990 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, pinfo, tree, hf_index);
1992 #line 474 "ldap.cnf"
1994 and_filter_string=NULL;
1999 static int dissect_filter(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2000 return dissect_ldap_T_filter(FALSE, tvb, offset, pinfo, tree, hf_ldap_filter);
2004 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2005 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_AttributeDescriptionList_item },
2009 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2010 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2011 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2015 static int dissect_searchRequest_attributes(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2016 return dissect_ldap_AttributeDescriptionList(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchRequest_attributes);
2020 static const ber_sequence_t SearchRequest_sequence[] = {
2021 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_baseObject },
2022 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_scope },
2023 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_derefAliases },
2024 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_sizeLimit },
2025 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_timeLimit },
2026 { BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_typesOnly },
2027 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_filter },
2028 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_searchRequest_attributes },
2033 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2034 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2035 SearchRequest_sequence, hf_index, ett_ldap_SearchRequest);
2039 static int dissect_searchRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2040 return dissect_ldap_SearchRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchRequest);
2046 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2047 #line 400 "ldap.cnf"
2053 int old_offset = offset;
2055 /* extract the value of the octetstring */
2056 offset = dissect_ber_octet_string(FALSE, pinfo, NULL, tvb, offset, hf_index, &next_tvb);
2058 /* if we have an attribute type that isn't binary see if there is a better dissector */
2059 if(!attr_type || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, pinfo, tree)) {
2060 offset = old_offset;
2062 /* do the default thing */
2063 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2069 len = tvb_length_remaining(next_tvb, 0);
2071 for(i = 0; i < len; i++)
2072 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
2076 string = tvb_get_string(next_tvb, 0, tvb_length_remaining(next_tvb, 0));
2078 pi = get_ber_last_created_item();
2080 proto_item_set_text(pi, "%s", string);
2088 static int dissect_vals_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2089 return dissect_ldap_AttributeValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_vals_item);
2093 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2094 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_vals_item },
2098 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2099 offset = dissect_ber_set_of(implicit_tag, pinfo, tree, tvb, offset,
2100 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2104 static int dissect_vals(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2105 return dissect_ldap_SET_OF_AttributeValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_vals);
2109 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2110 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
2111 { BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_vals },
2116 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2117 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2118 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2122 static int dissect_PartialAttributeList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2123 return dissect_ldap_PartialAttributeList_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_PartialAttributeList_item);
2127 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2128 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_PartialAttributeList_item },
2132 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2133 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2134 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2138 static int dissect_searchResultEntry_attributes(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2139 return dissect_ldap_PartialAttributeList(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResultEntry_attributes);
2143 static const ber_sequence_t SearchResultEntry_sequence[] = {
2144 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_objectName },
2145 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_searchResultEntry_attributes },
2150 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2151 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2152 SearchResultEntry_sequence, hf_index, ett_ldap_SearchResultEntry);
2156 static int dissect_searchResEntry(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2157 return dissect_ldap_SearchResultEntry(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResEntry);
2161 static const value_string ldap_T_resultCode_vals[] = {
2163 { 1, "operationsError" },
2164 { 2, "protocolError" },
2165 { 3, "timeLimitExceeded" },
2166 { 4, "sizeLimitExceeded" },
2167 { 5, "compareFalse" },
2168 { 6, "compareTrue" },
2169 { 7, "authMethodNotSupported" },
2170 { 8, "strongAuthRequired" },
2172 { 11, "adminLimitExceeded" },
2173 { 12, "unavailableCriticalExtension" },
2174 { 13, "confidentialityRequired" },
2175 { 14, "saslBindInProgress" },
2176 { 16, "noSuchAttribute" },
2177 { 17, "undefinedAttributeType" },
2178 { 18, "inappropriateMatching" },
2179 { 19, "constraintViolation" },
2180 { 20, "attributeOrValueExists" },
2181 { 21, "invalidAttributeSyntax" },
2182 { 32, "noSuchObject" },
2183 { 33, "aliasProblem" },
2184 { 34, "invalidDNSyntax" },
2185 { 36, "aliasDereferencingProblem" },
2186 { 48, "inappropriateAuthentication" },
2187 { 49, "invalidCredentials" },
2188 { 50, "insufficientAccessRights" },
2190 { 52, "unavailable" },
2191 { 53, "unwillingToPerform" },
2192 { 54, "loopDetect" },
2193 { 64, "namingViolation" },
2194 { 65, "objectClassViolation" },
2195 { 66, "notAllowedOnNonLeaf" },
2196 { 67, "notAllowedOnRDN" },
2197 { 68, "entryAlreadyExists" },
2198 { 69, "objectClassModsProhibited" },
2199 { 71, "affectsMultipleDSAs" },
2206 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2207 #line 357 "ldap.cnf"
2209 const gchar *valstr;
2211 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2215 ldap_do_protocolop(pinfo);
2219 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2221 if (check_col(pinfo->cinfo, COL_INFO))
2222 col_append_fstr(pinfo->cinfo, COL_INFO, "%s ", valstr);
2225 proto_item_append_text(ldm_tree, " %s", valstr);
2233 static int dissect_resultCode(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2234 return dissect_ldap_T_resultCode(FALSE, tvb, offset, pinfo, tree, hf_ldap_resultCode);
2238 static const ber_sequence_t LDAPResult_sequence[] = {
2239 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_resultCode },
2240 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_matchedDN },
2241 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_errorMessage },
2242 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_referral_impl },
2247 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2248 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2249 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2257 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2258 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2262 static int dissect_searchResDone(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2263 return dissect_ldap_SearchResultDone(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResDone);
2267 static const ber_sequence_t SearchResultReference_sequence_of[1] = {
2268 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_SearchResultReference_item },
2272 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2273 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2274 SearchResultReference_sequence_of, hf_index, ett_ldap_SearchResultReference);
2278 static int dissect_searchResRef(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2279 return dissect_ldap_SearchResultReference(FALSE, tvb, offset, pinfo, tree, hf_ldap_searchResRef);
2283 static const value_string ldap_T_operation_vals[] = {
2292 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2293 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2298 static int dissect_operation(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2299 return dissect_ldap_T_operation(FALSE, tvb, offset, pinfo, tree, hf_ldap_operation);
2303 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2304 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
2305 { BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_vals },
2310 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2311 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2312 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2316 static int dissect_modification(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2317 return dissect_ldap_AttributeTypeAndValues(FALSE, tvb, offset, pinfo, tree, hf_ldap_modification);
2321 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2322 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_operation },
2323 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_modification },
2328 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2329 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2330 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2334 static int dissect_modifyRequest_modification_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2335 return dissect_ldap_T_modifyRequest_modification_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyRequest_modification_item);
2339 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2340 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_modifyRequest_modification_item },
2344 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2345 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2346 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2350 static int dissect_modifyRequest_modification(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2351 return dissect_ldap_ModifyRequest_modification(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyRequest_modification);
2355 static const ber_sequence_t ModifyRequest_sequence[] = {
2356 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_object },
2357 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_modifyRequest_modification },
2362 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2363 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2364 ModifyRequest_sequence, hf_index, ett_ldap_ModifyRequest);
2368 static int dissect_modifyRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2369 return dissect_ldap_ModifyRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyRequest);
2375 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2376 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2380 static int dissect_modifyResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2381 return dissect_ldap_ModifyResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_modifyResponse);
2385 static const ber_sequence_t AttributeList_item_sequence[] = {
2386 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_type },
2387 { BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_vals },
2392 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2393 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2394 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2398 static int dissect_AttributeList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2399 return dissect_ldap_AttributeList_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_AttributeList_item);
2403 static const ber_sequence_t AttributeList_sequence_of[1] = {
2404 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_AttributeList_item },
2408 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2409 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2410 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2414 static int dissect_attributes(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2415 return dissect_ldap_AttributeList(FALSE, tvb, offset, pinfo, tree, hf_ldap_attributes);
2419 static const ber_sequence_t AddRequest_sequence[] = {
2420 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_entry },
2421 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_attributes },
2426 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2427 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2428 AddRequest_sequence, hf_index, ett_ldap_AddRequest);
2432 static int dissect_addRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2433 return dissect_ldap_AddRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_addRequest);
2439 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2440 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2444 static int dissect_addResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2445 return dissect_ldap_AddResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_addResponse);
2451 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2452 offset = dissect_ldap_LDAPDN(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2456 static int dissect_delRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2457 return dissect_ldap_DelRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_delRequest);
2463 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2464 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2468 static int dissect_delResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2469 return dissect_ldap_DelResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_delResponse);
2475 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2476 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2480 static int dissect_newrdn(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2481 return dissect_ldap_RelativeLDAPDN(FALSE, tvb, offset, pinfo, tree, hf_ldap_newrdn);
2485 static const ber_sequence_t ModifyDNRequest_sequence[] = {
2486 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_entry },
2487 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_newrdn },
2488 { BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_deleteoldrdn },
2489 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_newSuperior_impl },
2494 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2495 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2496 ModifyDNRequest_sequence, hf_index, ett_ldap_ModifyDNRequest);
2500 static int dissect_modDNRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2501 return dissect_ldap_ModifyDNRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_modDNRequest);
2507 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2508 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2512 static int dissect_modDNResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2513 return dissect_ldap_ModifyDNResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_modDNResponse);
2517 static const ber_sequence_t CompareRequest_sequence[] = {
2518 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_entry },
2519 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ava },
2524 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2525 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2526 CompareRequest_sequence, hf_index, ett_ldap_CompareRequest);
2530 static int dissect_compareRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2531 return dissect_ldap_CompareRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_compareRequest);
2537 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2538 offset = dissect_ldap_LDAPResult(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2542 static int dissect_compareResponse(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2543 return dissect_ldap_CompareResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_compareResponse);
2549 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2550 offset = dissect_ldap_MessageID(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2554 static int dissect_abandonRequest(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2555 return dissect_ldap_AbandonRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_abandonRequest);
2561 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2564 tvbuff_t *parameter_tvb;
2566 proto_item *item = NULL;
2569 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2574 object_identifier_id = NULL;
2579 object_identifier_id = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
2580 name = get_oid_str_name(object_identifier_id);
2583 item = get_ber_last_created_item();
2585 proto_item_append_text(item, " (%s)", name);
2586 proto_item_append_text(tree, " %s", name);
2593 static int dissect_requestName_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2594 return dissect_ldap_LDAPOID(TRUE, tvb, offset, pinfo, tree, hf_ldap_requestName);
2600 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2601 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2606 static int dissect_requestValue_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2607 return dissect_ldap_OCTET_STRING(TRUE, tvb, offset, pinfo, tree, hf_ldap_requestValue);
2609 static int dissect_response_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2610 return dissect_ldap_OCTET_STRING(TRUE, tvb, offset, pinfo, tree, hf_ldap_response);
2612 static int dissect_cookie(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2613 return dissect_ldap_OCTET_STRING(FALSE, tvb, offset, pinfo, tree, hf_ldap_cookie);
2617 static const ber_sequence_t ExtendedRequest_sequence[] = {
2618 { BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_requestName_impl },
2619 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_requestValue_impl },
2624 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2625 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2626 ExtendedRequest_sequence, hf_index, ett_ldap_ExtendedRequest);
2630 static int dissect_extendedReq(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2631 return dissect_ldap_ExtendedRequest(FALSE, tvb, offset, pinfo, tree, hf_ldap_extendedReq);
2635 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2637 { 1, "operationsError" },
2638 { 2, "protocolError" },
2639 { 3, "timeLimitExceeded" },
2640 { 4, "sizeLimitExceeded" },
2641 { 5, "compareFalse" },
2642 { 6, "compareTrue" },
2643 { 7, "authMethodNotSupported" },
2644 { 8, "strongAuthRequired" },
2646 { 11, "adminLimitExceeded" },
2647 { 12, "unavailableCriticalExtension" },
2648 { 13, "confidentialityRequired" },
2649 { 14, "saslBindInProgress" },
2650 { 16, "noSuchAttribute" },
2651 { 17, "undefinedAttributeType" },
2652 { 18, "inappropriateMatching" },
2653 { 19, "constraintViolation" },
2654 { 20, "attributeOrValueExists" },
2655 { 21, "invalidAttributeSyntax" },
2656 { 32, "noSuchObject" },
2657 { 33, "aliasProblem" },
2658 { 34, "invalidDNSyntax" },
2659 { 36, "aliasDereferencingProblem" },
2660 { 48, "inappropriateAuthentication" },
2661 { 49, "invalidCredentials" },
2662 { 50, "insufficientAccessRights" },
2664 { 52, "unavailable" },
2665 { 53, "unwillingToPerform" },
2666 { 54, "loopDetect" },
2667 { 64, "namingViolation" },
2668 { 65, "objectClassViolation" },
2669 { 66, "notAllowedOnNonLeaf" },
2670 { 67, "notAllowedOnRDN" },
2671 { 68, "entryAlreadyExists" },
2672 { 69, "objectClassModsProhibited" },
2673 { 71, "affectsMultipleDSAs" },
2680 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2681 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2686 static int dissect_extendedResponse_resultCode(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2687 return dissect_ldap_ExtendedResponse_resultCode(FALSE, tvb, offset, pinfo, tree, hf_ldap_extendedResponse_resultCode);
2693 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2694 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2698 static int dissect_responseName_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2699 return dissect_ldap_ResponseName(TRUE, tvb, offset, pinfo, tree, hf_ldap_responseName);
2703 static const ber_sequence_t ExtendedResponse_sequence[] = {
2704 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_extendedResponse_resultCode },
2705 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_matchedDN },
2706 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_errorMessage },
2707 { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_referral_impl },
2708 { BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_responseName_impl },
2709 { BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_response_impl },
2714 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2715 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2716 ExtendedResponse_sequence, hf_index, ett_ldap_ExtendedResponse);
2720 static int dissect_extendedResp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2721 return dissect_ldap_ExtendedResponse(FALSE, tvb, offset, pinfo, tree, hf_ldap_extendedResp);
2725 static const value_string ldap_ProtocolOp_vals[] = {
2726 { 0, "bindRequest" },
2727 { 1, "bindResponse" },
2728 { 2, "unbindRequest" },
2729 { 3, "searchRequest" },
2730 { 4, "searchResEntry" },
2731 { 5, "searchResDone" },
2732 { 19, "searchResRef" },
2733 { 6, "modifyRequest" },
2734 { 7, "modifyResponse" },
2735 { 8, "addRequest" },
2736 { 9, "addResponse" },
2737 { 10, "delRequest" },
2738 { 11, "delResponse" },
2739 { 12, "modDNRequest" },
2740 { 13, "modDNResponse" },
2741 { 14, "compareRequest" },
2742 { 15, "compareResponse" },
2743 { 16, "abandonRequest" },
2744 { 23, "extendedReq" },
2745 { 24, "extendedResp" },
2749 static const ber_choice_t ProtocolOp_choice[] = {
2750 { 0, BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_bindRequest },
2751 { 1, BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_bindResponse },
2752 { 2, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_unbindRequest },
2753 { 3, BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_searchRequest },
2754 { 4, BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_searchResEntry },
2755 { 5, BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_searchResDone },
2756 { 19, BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_searchResRef },
2757 { 6, BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_modifyRequest },
2758 { 7, BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_modifyResponse },
2759 { 8, BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_addRequest },
2760 { 9, BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_addResponse },
2761 { 10, BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_delRequest },
2762 { 11, BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_delResponse },
2763 { 12, BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_modDNRequest },
2764 { 13, BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_modDNResponse },
2765 { 14, BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_compareRequest },
2766 { 15, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_compareResponse },
2767 { 16, BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_abandonRequest },
2768 { 23, BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_extendedReq },
2769 { 24, BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_extendedResp },
2770 { 0, 0, 0, 0, NULL }
2774 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2777 ldap_call_response_t *lcrp;
2778 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)pinfo->private_data;
2779 do_protocolop = TRUE;
2782 offset = dissect_ber_choice(pinfo, tree, tvb, offset,
2783 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
2788 lcrp=ldap_match_call_response(tvb, pinfo, tree, MessageID, ProtocolOp);
2790 tap_queue_packet(ldap_tap, pinfo, lcrp);
2793 /* XXX: the count will not work if the results span multiple TCP packets */
2795 if(ldap_info && tree) { /* only count once - on tree pass */
2796 switch(ProtocolOp) {
2798 case LDAP_RES_SEARCH_ENTRY:
2799 ldap_info->num_results++;
2801 proto_item_append_text(tree, " [%d result%s]",
2802 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2806 case LDAP_RES_SEARCH_RESULT:
2808 if (check_col(pinfo->cinfo, COL_INFO))
2809 col_append_fstr(pinfo->cinfo, COL_INFO, " [%d result%s]",
2810 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2812 proto_item_append_text(tree, " [%d result%s]",
2813 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2815 ldap_info->num_results = 0;
2825 static int dissect_protocolOp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2826 return dissect_ldap_ProtocolOp(FALSE, tvb, offset, pinfo, tree, hf_ldap_protocolOp);
2832 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2833 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, pinfo, tree, hf_index);
2837 static int dissect_controlType(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2838 return dissect_ldap_ControlType(FALSE, tvb, offset, pinfo, tree, hf_ldap_controlType);
2844 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2845 #line 654 "ldap.cnf"
2851 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2852 /* remove the OCTET STRING encoding */
2853 offset=dissect_ber_identifier(pinfo, NULL, tvb, offset, &class, &pc, &tag);
2854 offset=dissect_ber_length(pinfo, NULL, tvb, offset, &len, &ind);
2856 call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
2860 offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2869 static int dissect_controlValue(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2870 return dissect_ldap_T_controlValue(FALSE, tvb, offset, pinfo, tree, hf_ldap_controlValue);
2874 static const ber_sequence_t Control_sequence[] = {
2875 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_controlType },
2876 { BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_criticality },
2877 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_controlValue },
2882 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2883 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2884 Control_sequence, hf_index, ett_ldap_Control);
2888 static int dissect_Controls_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2889 return dissect_ldap_Control(FALSE, tvb, offset, pinfo, tree, hf_ldap_Controls_item);
2893 static const ber_sequence_t Controls_sequence_of[1] = {
2894 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_Controls_item },
2898 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2899 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2900 Controls_sequence_of, hf_index, ett_ldap_Controls);
2904 static int dissect_controls_impl(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2905 return dissect_ldap_Controls(TRUE, tvb, offset, pinfo, tree, hf_ldap_controls);
2909 static const ber_sequence_t LDAPMessage_sequence[] = {
2910 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_messageID },
2911 { BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_protocolOp },
2912 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_controls_impl },
2917 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2918 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2919 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
2929 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2930 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
2935 static int dissect_size(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2936 return dissect_ldap_INTEGER(FALSE, tvb, offset, pinfo, tree, hf_ldap_size);
2938 static int dissect_parentsFirst(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2939 return dissect_ldap_INTEGER(FALSE, tvb, offset, pinfo, tree, hf_ldap_parentsFirst);
2941 static int dissect_maxReturnLength(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2942 return dissect_ldap_INTEGER(FALSE, tvb, offset, pinfo, tree, hf_ldap_maxReturnLength);
2946 static const ber_sequence_t SearchControlValue_sequence[] = {
2947 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_size },
2948 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_cookie },
2953 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2954 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2955 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
2961 static const ber_sequence_t SortKeyList_item_sequence[] = {
2962 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_attributeType },
2963 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_orderingRule_impl },
2964 { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_reverseOrder_impl },
2969 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2970 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
2971 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
2975 static int dissect_SortKeyList_item(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
2976 return dissect_ldap_SortKeyList_item(FALSE, tvb, offset, pinfo, tree, hf_ldap_SortKeyList_item);
2980 static const ber_sequence_t SortKeyList_sequence_of[1] = {
2981 { BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_SortKeyList_item },
2985 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
2986 offset = dissect_ber_sequence_of(implicit_tag, pinfo, tree, tvb, offset,
2987 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
2993 static const value_string ldap_T_sortResult_vals[] = {
2995 { 1, "operationsError" },
2996 { 3, "timeLimitExceeded" },
2997 { 8, "strongAuthRequired" },
2998 { 11, "adminLimitExceeded" },
2999 { 16, "noSuchAttribute" },
3000 { 18, "inappropriateMatching" },
3001 { 50, "insufficientAccessRights" },
3003 { 53, "unwillingToPerform" },
3010 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
3011 offset = dissect_ber_integer(implicit_tag, pinfo, tree, tvb, offset, hf_index,
3016 static int dissect_sortResult(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) {
3017 return dissect_ldap_T_sortResult(FALSE, tvb, offset, pinfo, tree, hf_ldap_sortResult);
3021 static const ber_sequence_t SortResult_sequence[] = {
3022 { BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_sortResult },
3023 { BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_attributeType_impl },
3028 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
3029 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
3030 SortResult_sequence, hf_index, ett_ldap_SortResult);
3036 static const ber_sequence_t ReplControlValue_sequence[] = {
3037 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_parentsFirst },
3038 { BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_maxReturnLength },
3039 { BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_cookie },
3044 dissect_ldap_ReplControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) {
3045 offset = dissect_ber_sequence(implicit_tag, pinfo, tree, tvb, offset,
3046 ReplControlValue_sequence, hf_index, ett_ldap_ReplControlValue);
3053 static void dissect_LDAPMessage_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3054 dissect_ldap_LDAPMessage(FALSE, tvb, 0, pinfo, tree, hf_ldap_LDAPMessage_PDU);
3056 static void dissect_SearchControlValue_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3057 dissect_ldap_SearchControlValue(FALSE, tvb, 0, pinfo, tree, hf_ldap_SearchControlValue_PDU);
3059 static void dissect_SortKeyList_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3060 dissect_ldap_SortKeyList(FALSE, tvb, 0, pinfo, tree, hf_ldap_SortKeyList_PDU);
3062 static void dissect_SortResult_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3063 dissect_ldap_SortResult(FALSE, tvb, 0, pinfo, tree, hf_ldap_SortResult_PDU);
3065 static void dissect_ReplControlValue_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
3066 dissect_ldap_ReplControlValue(FALSE, tvb, 0, pinfo, tree, hf_ldap_ReplControlValue_PDU);
3070 /*--- End of included file: packet-ldap-fn.c ---*/
3071 #line 542 "packet-ldap-template.c"
3074 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3075 proto_tree *tree, ldap_conv_info_t *ldap_info,
3076 gboolean rest_is_pad, gboolean is_mscldap)
3079 guint length_remaining;
3081 int messageOffset = 0;
3082 guint headerLength = 0;
3084 tvbuff_t *msg_tvb = NULL;
3086 gboolean pc, ind = 0;
3089 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3091 if (rest_is_pad && length_remaining < 6) return;
3094 * OK, try to read the "Sequence Of" header; this gets the total
3095 * length of the LDAP message.
3097 messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
3098 messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind);
3100 if (ber_tag == BER_UNI_TAG_SEQUENCE) {
3102 * Add the length of the "Sequence Of" header to the message
3105 headerLength = messageOffset - offset;
3106 msg_len += headerLength;
3107 if (msg_len < headerLength) {
3109 * The message length was probably so large that the total length
3112 * Report this as an error.
3114 show_reported_bounds_error(tvb, pinfo, tree);
3119 * We couldn't parse the header; just make it the amount of data
3120 * remaining in the tvbuff, so we'll give up on this segment
3121 * after attempting to parse the message - there's nothing more
3122 * we can do. "dissect_ldap_message()" will display the error.
3124 msg_len = length_remaining;
3128 * Construct a tvbuff containing the amount of the payload we have
3129 * available. Make its reported length the amount of data in the
3132 * XXX - if reassembly isn't enabled. the subdissector will throw a
3133 * BoundsError exception, rather than a ReportedBoundsError exception.
3134 * We really want a tvbuff where the length is "length", the reported
3135 * length is "plen", and the "if the snapshot length were infinite"
3136 * length is the minimum of the reported length of the tvbuff handed
3137 * to us and "plen", with a new type of exception thrown if the offset
3138 * is within the reported length but beyond that third length, with
3139 * that exception getting the "Unreassembled Packet" error.
3141 length = length_remaining;
3142 if (length > msg_len) length = msg_len;
3143 msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
3146 * Now dissect the LDAP message.
3149 ldap_info->is_mscldap = is_mscldap;
3150 pinfo->private_data = ldap_info;
3151 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree);
3159 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3162 conversation_t *conversation;
3163 gboolean doing_sasl_security = FALSE;
3164 guint length_remaining;
3165 ldap_conv_info_t *ldap_info = NULL;
3166 proto_item *ldap_item = NULL;
3167 proto_tree *ldap_tree = NULL;
3172 * Do we have a conversation for this connection?
3174 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3175 pinfo->ptype, pinfo->srcport,
3176 pinfo->destport, 0);
3177 if (conversation == NULL) {
3178 /* We don't yet have a conversation, so create one. */
3179 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3180 pinfo->ptype, pinfo->srcport,
3181 pinfo->destport, 0);
3186 * Do we already have a type and mechanism?
3188 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
3189 if (ldap_info == NULL) {
3190 /* No. Attach that information to the conversation, and add
3191 * it to the list of information structures.
3193 ldap_info = se_alloc(sizeof(ldap_conv_info_t));
3194 ldap_info->auth_type = 0;
3195 ldap_info->auth_mech = 0;
3196 ldap_info->first_auth_frame = 0;
3197 ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
3198 ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3199 ldap_info->num_results = 0;
3201 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3203 ldap_info->next = ldap_info_items;
3204 ldap_info_items = ldap_info;
3208 switch (ldap_info->auth_type) {
3209 case LDAP_AUTH_SASL:
3211 * It's SASL; are we using a security layer?
3213 if (ldap_info->first_auth_frame != 0 &&
3214 pinfo->fd->num >= ldap_info->first_auth_frame) {
3215 doing_sasl_security = TRUE; /* yes */
3219 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3221 /* It might still be a packet containing a SASL security layer
3222 * but its just that we never saw the BIND packet.
3223 * check if it looks like it could be a SASL blob here
3224 * and in that case just assume it is GSS-SPNEGO
3226 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
3227 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
3228 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
3229 ldap_info->auth_type=LDAP_AUTH_SASL;
3230 ldap_info->first_auth_frame=pinfo->fd->num;
3231 ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
3232 doing_sasl_security=TRUE;
3236 * This is the first PDU, set the Protocol column and clear the
3239 if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
3240 if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
3242 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, FALSE);
3243 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
3246 * Might we be doing a SASL security layer and, if so, *are* we doing
3249 * Just because we've seen a bind reply for SASL, that doesn't mean
3250 * that we're using a SASL security layer; I've seen captures in
3251 * which some SASL negotiations lead to a security layer being used
3252 * and other negotiations don't, and it's not obvious what's different
3253 * in the two negotiations. Therefore, we assume that if the first
3254 * byte is 0, it's a length for a SASL security layer (that way, we
3255 * never reassemble more than 16 megabytes, protecting us from
3256 * chewing up *too* much memory), and otherwise that it's an LDAP
3257 * message (actually, if it's an LDAP message it should begin with 0x30,
3258 * but we want to parse garbage as LDAP messages rather than really
3262 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
3263 proto_item *sasl_item = NULL;
3264 proto_tree *sasl_tree = NULL;
3266 guint sasl_len, sasl_msg_len, length;
3268 * Yes. The frame begins with a 4-byte big-endian length.
3269 * And we know we have at least 6 bytes
3273 * Get the SASL length, which is the length of data in the buffer
3274 * following the length (i.e., it's 4 less than the total length).
3276 * XXX - do we need to reassemble buffers? For now, we
3277 * assume that each LDAP message is entirely contained within
3280 sasl_len = tvb_get_ntohl(tvb, offset);
3281 sasl_msg_len = sasl_len + 4;
3282 if (sasl_msg_len < 4) {
3284 * The message length was probably so large that the total length
3287 * Report this as an error.
3289 show_reported_bounds_error(tvb, pinfo, tree);
3294 * Construct a tvbuff containing the amount of the payload we have
3295 * available. Make its reported length the amount of data in the PDU.
3297 * XXX - if reassembly isn't enabled. the subdissector will throw a
3298 * BoundsError exception, rather than a ReportedBoundsError exception.
3299 * We really want a tvbuff where the length is "length", the reported
3300 * length is "plen", and the "if the snapshot length were infinite"
3301 * length is the minimum of the reported length of the tvbuff handed
3302 * to us and "plen", with a new type of exception thrown if the offset
3303 * is within the reported length but beyond that third length, with
3304 * that exception getting the "Unreassembled Packet" error.
3306 length = length_remaining;
3307 if (length > sasl_msg_len) length = sasl_msg_len;
3308 sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
3311 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
3314 sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL buffer");
3315 sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
3318 if (ldap_info->auth_mech != NULL &&
3319 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
3320 tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
3325 * This is GSS-API (using SPNEGO, but we should be done with
3326 * the negotiation by now).
3328 * Dissect the GSS_Wrap() token; it'll return the length of
3329 * the token, from which we compute the offset in the tvbuff at
3330 * which the plaintext data, i.e. the LDAP message, begins.
3332 length = tvb_length_remaining(sasl_tvb, 4);
3333 if ((guint)length > sasl_len)
3335 gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
3337 /* Attempt decryption of the GSSAPI wrapped data if possible */
3338 pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
3339 pinfo->gssapi_wrap_tvb=NULL;
3340 pinfo->gssapi_encrypted_tvb=NULL;
3341 pinfo->gssapi_decrypted_tvb=NULL;
3342 ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
3343 /* if we could unwrap, do a tvb shuffle */
3344 if(pinfo->gssapi_decrypted_tvb){
3345 decr_tvb=pinfo->gssapi_decrypted_tvb;
git.samba.org / obnox / wireshark / wip.git / blob