1 /* Do not modify this file. */
2 /* It is created automatically by the ASN.1 to Wireshark dissector compiler */
4 /* ../../tools/asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . Lightweight-Directory-Access-Protocol-V3.asn */
6 /* Input file: packet-ldap-template.c */
8 #line 1 "../../asn1/ldap/packet-ldap-template.c"
10 * Routines for ldap packet dissection
12 * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
16 * Wireshark - Network traffic analyzer
17 * By Gerald Combs <gerald@wireshark.org>
18 * Copyright 1998 Gerald Combs
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version 2
23 * of the License, or (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
37 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
38 * It's also missing extensible search filters.
40 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
43 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
44 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
48 * nazard@dragoninc.on.ca
52 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
53 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
57 * ronald.henderson@cognicaseusa.com
61 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
62 * using information from the SNIA 2003 conference paper :
63 * Active Directory Domain Controller Location Service
69 * 17-DEC-2004 - added basic decoding for LDAP Controls
70 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
72 * Stefan Metzmacher <metze@samba.org>
74 * 15-NOV-2005 - Changed to use the asn2wrs compiler
75 * Anders Broman <anders.broman@ericsson.com>
79 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
80 * Updated cldap_netlogon_flags to include Windows 2008 flags
81 * Expanded the ntver ldap option with bit field
83 * Gary Reynolds <gazzadownunder@yahoo.co.uk>
87 * 09-DEC-2009 - Added support for RFC4533
88 * Content Synchronization Operation (aka syncrepl)
89 * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511)
90 * Mathieu Parent <math.parent@gmail.com>
102 #include <epan/packet.h>
103 #include <epan/conversation.h>
104 #include <epan/prefs.h>
105 #include <epan/tap.h>
106 #include <epan/emem.h>
107 #include <epan/oids.h>
108 #include <epan/strutil.h>
109 #include <epan/dissectors/packet-frame.h>
110 #include <epan/dissectors/packet-tcp.h>
111 #include <epan/dissectors/packet-windows-common.h>
112 #include <epan/dissectors/packet-dcerpc.h>
113 #include <epan/asn1.h>
114 #include <epan/expert.h>
116 #include "packet-ldap.h"
117 #include "packet-ntlmssp.h"
118 #include "packet-ssl.h"
119 #include "packet-smb-common.h"
121 #include "packet-ber.h"
122 #include "packet-per.h"
123 #include "packet-dns.h"
125 #define PNAME "Lightweight Directory Access Protocol"
126 #define PSNAME "LDAP"
127 #define PFNAME "ldap"
129 /* Initialize the protocol and registered fields */
130 static int ldap_tap = -1;
131 static int proto_ldap = -1;
132 static int proto_cldap = -1;
134 static int hf_ldap_sasl_buffer_length = -1;
135 static int hf_ldap_response_in = -1;
136 static int hf_ldap_response_to = -1;
137 static int hf_ldap_time = -1;
138 static int hf_ldap_guid = -1;
140 static int hf_mscldap_ntver_flags = -1;
141 static int hf_mscldap_ntver_flags_v1 = -1;
142 static int hf_mscldap_ntver_flags_v5 = -1;
143 static int hf_mscldap_ntver_flags_v5ex = -1;
144 static int hf_mscldap_ntver_flags_v5ep = -1;
145 static int hf_mscldap_ntver_flags_vcs = -1;
146 static int hf_mscldap_ntver_flags_vnt4 = -1;
147 static int hf_mscldap_ntver_flags_vpdc = -1;
148 static int hf_mscldap_ntver_flags_vip = -1;
149 static int hf_mscldap_ntver_flags_vl = -1;
150 static int hf_mscldap_ntver_flags_vgc = -1;
152 static int hf_mscldap_netlogon_ipaddress_family = -1;
153 static int hf_mscldap_netlogon_ipaddress_port = -1;
154 static int hf_mscldap_netlogon_ipaddress = -1;
155 static int hf_mscldap_netlogon_ipaddress_ipv4 = -1;
156 static int hf_mscldap_netlogon_opcode = -1;
157 static int hf_mscldap_netlogon_flags = -1;
158 static int hf_mscldap_netlogon_flags_pdc = -1;
159 static int hf_mscldap_netlogon_flags_gc = -1;
160 static int hf_mscldap_netlogon_flags_ldap = -1;
161 static int hf_mscldap_netlogon_flags_ds = -1;
162 static int hf_mscldap_netlogon_flags_kdc = -1;
163 static int hf_mscldap_netlogon_flags_timeserv = -1;
164 static int hf_mscldap_netlogon_flags_closest = -1;
165 static int hf_mscldap_netlogon_flags_writable = -1;
166 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
167 static int hf_mscldap_netlogon_flags_ndnc = -1;
168 static int hf_mscldap_netlogon_flags_fnc = -1;
169 static int hf_mscldap_netlogon_flags_dnc = -1;
170 static int hf_mscldap_netlogon_flags_dns = -1;
171 static int hf_mscldap_netlogon_flags_wdc = -1;
172 static int hf_mscldap_netlogon_flags_rodc = -1;
173 static int hf_mscldap_domain_guid = -1;
174 static int hf_mscldap_forest = -1;
175 static int hf_mscldap_domain = -1;
176 static int hf_mscldap_hostname = -1;
177 static int hf_mscldap_nb_domain = -1;
178 static int hf_mscldap_nb_hostname = -1;
179 static int hf_mscldap_username = -1;
180 static int hf_mscldap_sitename = -1;
181 static int hf_mscldap_clientsitename = -1;
182 static int hf_mscldap_netlogon_lm_token = -1;
183 static int hf_mscldap_netlogon_nt_token = -1;
184 static int hf_ldap_sid = -1;
185 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
186 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
187 static int hf_ldap_AccessMask_ADS_LIST = -1;
188 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
189 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
190 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
191 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
192 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
193 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
196 /*--- Included file: packet-ldap-hf.c ---*/
197 #line 1 "../../asn1/ldap/packet-ldap-hf.c"
198 static int hf_ldap_LDAPMessage_PDU = -1; /* LDAPMessage */
199 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
200 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
201 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
202 static int hf_ldap_DirSyncControlValue_PDU = -1; /* DirSyncControlValue */
203 static int hf_ldap_PasswdModifyRequestValue_PDU = -1; /* PasswdModifyRequestValue */
204 static int hf_ldap_CancelRequestValue_PDU = -1; /* CancelRequestValue */
205 static int hf_ldap_SyncRequestValue_PDU = -1; /* SyncRequestValue */
206 static int hf_ldap_SyncStateValue_PDU = -1; /* SyncStateValue */
207 static int hf_ldap_SyncDoneValue_PDU = -1; /* SyncDoneValue */
208 static int hf_ldap_SyncInfoValue_PDU = -1; /* SyncInfoValue */
209 static int hf_ldap_PasswordPolicyResponseValue_PDU = -1; /* PasswordPolicyResponseValue */
210 static int hf_ldap_messageID = -1; /* MessageID */
211 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
212 static int hf_ldap_controls = -1; /* Controls */
213 static int hf_ldap_bindRequest = -1; /* BindRequest */
214 static int hf_ldap_bindResponse = -1; /* BindResponse */
215 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
216 static int hf_ldap_searchRequest = -1; /* SearchRequest */
217 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
218 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
219 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
220 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
221 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
222 static int hf_ldap_addRequest = -1; /* AddRequest */
223 static int hf_ldap_addResponse = -1; /* AddResponse */
224 static int hf_ldap_delRequest = -1; /* DelRequest */
225 static int hf_ldap_delResponse = -1; /* DelResponse */
226 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
227 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
228 static int hf_ldap_compareRequest = -1; /* CompareRequest */
229 static int hf_ldap_compareResponse = -1; /* CompareResponse */
230 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
231 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
232 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
233 static int hf_ldap_intermediateResponse = -1; /* IntermediateResponse */
234 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
235 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
236 static int hf_ldap_assertionValue = -1; /* AssertionValue */
237 static int hf_ldap_type = -1; /* AttributeDescription */
238 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
239 static int hf_ldap_vals_item = -1; /* AttributeValue */
240 static int hf_ldap_resultCode = -1; /* T_resultCode */
241 static int hf_ldap_matchedDN = -1; /* LDAPDN */
242 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
243 static int hf_ldap_referral = -1; /* Referral */
244 static int hf_ldap_Referral_item = -1; /* LDAPURL */
245 static int hf_ldap_Controls_item = -1; /* Control */
246 static int hf_ldap_controlType = -1; /* ControlType */
247 static int hf_ldap_criticality = -1; /* BOOLEAN */
248 static int hf_ldap_controlValue = -1; /* T_controlValue */
249 static int hf_ldap_version = -1; /* INTEGER_1_127 */
250 static int hf_ldap_name = -1; /* LDAPDN */
251 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
252 static int hf_ldap_simple = -1; /* Simple */
253 static int hf_ldap_sasl = -1; /* SaslCredentials */
254 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
255 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
256 static int hf_ldap_mechanism = -1; /* Mechanism */
257 static int hf_ldap_credentials = -1; /* Credentials */
258 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
259 static int hf_ldap_bindResponse_matchedDN = -1; /* T_bindResponse_matchedDN */
260 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
261 static int hf_ldap_baseObject = -1; /* LDAPDN */
262 static int hf_ldap_scope = -1; /* T_scope */
263 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
264 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
265 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
266 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
267 static int hf_ldap_filter = -1; /* T_filter */
268 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
269 static int hf_ldap_and = -1; /* T_and */
270 static int hf_ldap_and_item = -1; /* T_and_item */
271 static int hf_ldap_or = -1; /* T_or */
272 static int hf_ldap_or_item = -1; /* T_or_item */
273 static int hf_ldap_not = -1; /* T_not */
274 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
275 static int hf_ldap_substrings = -1; /* SubstringFilter */
276 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
277 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
278 static int hf_ldap_present = -1; /* T_present */
279 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
280 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
281 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
282 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
283 static int hf_ldap_initial = -1; /* LDAPString */
284 static int hf_ldap_any = -1; /* LDAPString */
285 static int hf_ldap_final = -1; /* LDAPString */
286 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
287 static int hf_ldap_matchValue = -1; /* AssertionValue */
288 static int hf_ldap_dnAttributes = -1; /* T_dnAttributes */
289 static int hf_ldap_objectName = -1; /* LDAPDN */
290 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
291 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
292 static int hf_ldap__untag_item = -1; /* LDAPURL */
293 static int hf_ldap_object = -1; /* LDAPDN */
294 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
295 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
296 static int hf_ldap_operation = -1; /* T_operation */
297 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
298 static int hf_ldap_entry = -1; /* LDAPDN */
299 static int hf_ldap_attributes = -1; /* AttributeList */
300 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
301 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
302 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
303 static int hf_ldap_newSuperior = -1; /* LDAPDN */
304 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
305 static int hf_ldap_requestName = -1; /* LDAPOID */
306 static int hf_ldap_requestValue = -1; /* T_requestValue */
307 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
308 static int hf_ldap_responseName = -1; /* ResponseName */
309 static int hf_ldap_response = -1; /* OCTET_STRING */
310 static int hf_ldap_intermediateResponse_responseValue = -1; /* T_intermediateResponse_responseValue */
311 static int hf_ldap_size = -1; /* INTEGER */
312 static int hf_ldap_cookie = -1; /* OCTET_STRING */
313 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
314 static int hf_ldap_attributeType = -1; /* AttributeDescription */
315 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
316 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
317 static int hf_ldap_sortResult = -1; /* T_sortResult */
318 static int hf_ldap_value = -1; /* INTEGER */
319 static int hf_ldap_flags = -1; /* DirSyncFlags */
320 static int hf_ldap_maxBytes = -1; /* INTEGER */
321 static int hf_ldap_userIdentity = -1; /* OCTET_STRING */
322 static int hf_ldap_oldPasswd = -1; /* OCTET_STRING */
323 static int hf_ldap_newPasswd = -1; /* OCTET_STRING */
324 static int hf_ldap_genPasswd = -1; /* OCTET_STRING */
325 static int hf_ldap_cancelID = -1; /* MessageID */
326 static int hf_ldap_mode = -1; /* T_mode */
327 static int hf_ldap_reloadHint = -1; /* BOOLEAN */
328 static int hf_ldap_state = -1; /* T_state */
329 static int hf_ldap_entryUUID = -1; /* SyncUUID */
330 static int hf_ldap_refreshDeletes = -1; /* BOOLEAN */
331 static int hf_ldap_newcookie = -1; /* OCTET_STRING */
332 static int hf_ldap_refreshDelete = -1; /* T_refreshDelete */
333 static int hf_ldap_refreshDone = -1; /* BOOLEAN */
334 static int hf_ldap_refreshPresent = -1; /* T_refreshPresent */
335 static int hf_ldap_syncIdSet = -1; /* T_syncIdSet */
336 static int hf_ldap_syncUUIDs = -1; /* SET_OF_SyncUUID */
337 static int hf_ldap_syncUUIDs_item = -1; /* SyncUUID */
338 static int hf_ldap_warning = -1; /* T_warning */
339 static int hf_ldap_timeBeforeExpiration = -1; /* INTEGER_0_maxInt */
340 static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
341 static int hf_ldap_error = -1; /* T_error */
343 /*--- End of included file: packet-ldap-hf.c ---*/
344 #line 188 "../../asn1/ldap/packet-ldap-template.c"
346 /* Initialize the subtree pointers */
347 static gint ett_ldap = -1;
348 static gint ett_ldap_msg = -1;
349 static gint ett_ldap_sasl_blob = -1;
350 static gint ett_ldap_payload = -1;
351 static gint ett_mscldap_netlogon_flags = -1;
352 static gint ett_mscldap_ntver_flags = -1;
353 static gint ett_mscldap_ipdetails = -1;
356 /*--- Included file: packet-ldap-ett.c ---*/
357 #line 1 "../../asn1/ldap/packet-ldap-ett.c"
358 static gint ett_ldap_LDAPMessage = -1;
359 static gint ett_ldap_ProtocolOp = -1;
360 static gint ett_ldap_AttributeDescriptionList = -1;
361 static gint ett_ldap_AttributeValueAssertion = -1;
362 static gint ett_ldap_Attribute = -1;
363 static gint ett_ldap_SET_OF_AttributeValue = -1;
364 static gint ett_ldap_LDAPResult = -1;
365 static gint ett_ldap_Referral = -1;
366 static gint ett_ldap_Controls = -1;
367 static gint ett_ldap_Control = -1;
368 static gint ett_ldap_BindRequest_U = -1;
369 static gint ett_ldap_AuthenticationChoice = -1;
370 static gint ett_ldap_SaslCredentials = -1;
371 static gint ett_ldap_BindResponse_U = -1;
372 static gint ett_ldap_SearchRequest_U = -1;
373 static gint ett_ldap_Filter = -1;
374 static gint ett_ldap_T_and = -1;
375 static gint ett_ldap_T_or = -1;
376 static gint ett_ldap_SubstringFilter = -1;
377 static gint ett_ldap_T_substringFilter_substrings = -1;
378 static gint ett_ldap_T_substringFilter_substrings_item = -1;
379 static gint ett_ldap_MatchingRuleAssertion = -1;
380 static gint ett_ldap_SearchResultEntry_U = -1;
381 static gint ett_ldap_PartialAttributeList = -1;
382 static gint ett_ldap_PartialAttributeList_item = -1;
383 static gint ett_ldap_SEQUENCE_OF_LDAPURL = -1;
384 static gint ett_ldap_ModifyRequest_U = -1;
385 static gint ett_ldap_ModifyRequest_modification = -1;
386 static gint ett_ldap_T_modifyRequest_modification_item = -1;
387 static gint ett_ldap_AttributeTypeAndValues = -1;
388 static gint ett_ldap_AddRequest_U = -1;
389 static gint ett_ldap_AttributeList = -1;
390 static gint ett_ldap_AttributeList_item = -1;
391 static gint ett_ldap_ModifyDNRequest_U = -1;
392 static gint ett_ldap_CompareRequest_U = -1;
393 static gint ett_ldap_ExtendedRequest_U = -1;
394 static gint ett_ldap_ExtendedResponse_U = -1;
395 static gint ett_ldap_IntermediateResponse_U = -1;
396 static gint ett_ldap_SearchControlValue = -1;
397 static gint ett_ldap_SortKeyList = -1;
398 static gint ett_ldap_SortKeyList_item = -1;
399 static gint ett_ldap_SortResult = -1;
400 static gint ett_ldap_DirSyncFlagsSubEntry = -1;
401 static gint ett_ldap_DirSyncControlValue = -1;
402 static gint ett_ldap_PasswdModifyRequestValue = -1;
403 static gint ett_ldap_PasswdModifyResponseValue = -1;
404 static gint ett_ldap_CancelRequestValue = -1;
405 static gint ett_ldap_SyncRequestValue = -1;
406 static gint ett_ldap_SyncStateValue = -1;
407 static gint ett_ldap_SyncDoneValue = -1;
408 static gint ett_ldap_SyncInfoValue = -1;
409 static gint ett_ldap_T_refreshDelete = -1;
410 static gint ett_ldap_T_refreshPresent = -1;
411 static gint ett_ldap_T_syncIdSet = -1;
412 static gint ett_ldap_SET_OF_SyncUUID = -1;
413 static gint ett_ldap_PasswordPolicyResponseValue = -1;
414 static gint ett_ldap_T_warning = -1;
416 /*--- End of included file: packet-ldap-ett.c ---*/
417 #line 199 "../../asn1/ldap/packet-ldap-template.c"
419 static dissector_table_t ldap_name_dissector_table=NULL;
420 static const char *object_identifier_id = NULL; /* LDAP OID */
422 static gboolean do_protocolop = FALSE;
423 static gchar *attr_type = NULL;
424 static gboolean is_binary_attr_type = FALSE;
425 static gboolean ldap_found_in_frame = FALSE;
427 #define TCP_PORT_LDAP 389
428 #define TCP_PORT_LDAPS 636
429 #define UDP_PORT_CLDAP 389
430 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
432 /* desegmentation of LDAP */
433 static gboolean ldap_desegment = TRUE;
434 static guint global_ldap_tcp_port = TCP_PORT_LDAP;
435 static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
436 static guint tcp_port = 0;
437 static guint ssl_port = 0;
439 static dissector_handle_t gssapi_handle;
440 static dissector_handle_t gssapi_wrap_handle;
441 static dissector_handle_t ntlmssp_handle;
442 static dissector_handle_t spnego_handle;
443 static dissector_handle_t ssl_handle;
444 static dissector_handle_t ldap_handle ;
446 static void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
449 /* different types of rpc calls ontop of ms cldap */
450 #define MSCLDAP_RPC_NETLOGON 1
452 /* Message type Choice values */
453 static const value_string ldap_ProtocolOp_choice_vals[] = {
454 { 0, "bindRequest" },
455 { 1, "bindResponse" },
456 { 2, "unbindRequest" },
457 { 3, "searchRequest" },
458 { 4, "searchResEntry" },
459 { 5, "searchResDone" },
460 { 6, "searchResRef" },
461 { 7, "modifyRequest" },
462 { 8, "modifyResponse" },
464 { 10, "addResponse" },
465 { 11, "delRequest" },
466 { 12, "delResponse" },
467 { 13, "modDNRequest" },
468 { 14, "modDNResponse" },
469 { 15, "compareRequest" },
470 { 16, "compareResponse" },
471 { 17, "abandonRequest" },
472 { 18, "extendedReq" },
473 { 19, "extendedResp" },
474 { 20, "intermediateResponse" },
478 #define LOGON_PRIMARY_QUERY 7
479 #define LOGON_PRIMARY_RESPONSE 12
480 #define LOGON_SAM_LOGON_REQUEST 18
481 #define LOGON_SAM_LOGON_RESPONSE 19
482 #define LOGON_SAM_PAUSE_RESPONSE 20
483 #define LOGON_SAM_USER_UNKNOWN 21
484 #define LOGON_SAM_LOGON_RESPONSE_EX 23
485 #define LOGON_SAM_PAUSE_RESPONSE_EX 24
486 #define LOGON_SAM_USER_UNKNOWN_EX 25
488 static const value_string netlogon_opcode_vals[] = {
489 { LOGON_PRIMARY_QUERY, "LOGON_PRIMARY_QUERY" },
490 { LOGON_PRIMARY_RESPONSE, "LOGON_PRIMARY_RESPONSE" },
491 { LOGON_SAM_LOGON_REQUEST, "LOGON_SAM_LOGON_REQUEST" },
492 { LOGON_SAM_LOGON_RESPONSE, "LOGON_SAM_LOGON_RESPONSE" },
493 { LOGON_SAM_PAUSE_RESPONSE, "LOGON_SAM_PAUSE_RESPONSE" },
494 { LOGON_SAM_LOGON_RESPONSE_EX, "LOGON_SAM_LOGON_RESPONSE_EX" },
495 { LOGON_SAM_PAUSE_RESPONSE_EX, "LOGON_SAM_PAUSE_RESPONSE_EX" },
496 { LOGON_SAM_USER_UNKNOWN_EX, "LOGON_SAM_USER_UNKNOWN_EX" },
501 * Data structure attached to a conversation, giving authentication
502 * information from a bind request.
503 * We keep a linked list of them, so that we can free up all the
504 * authentication mechanism strings.
506 typedef struct ldap_conv_info_t {
507 struct ldap_conv_info_t *next;
508 guint auth_type; /* authentication type */
509 char *auth_mech; /* authentication mechanism */
510 guint32 first_auth_frame; /* first frame that would use a security layer */
511 GHashTable *unmatched;
515 gboolean start_tls_pending;
516 guint32 start_tls_frame;
518 static ldap_conv_info_t *ldap_info_items;
521 ldap_info_hash_matched(gconstpointer k)
523 const ldap_call_response_t *key = k;
525 return key->messageId;
529 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
531 const ldap_call_response_t *key1 = k1;
532 const ldap_call_response_t *key2 = k2;
534 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
537 /* a response may span multiple frames
538 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
543 return key1->messageId==key2->messageId;
547 ldap_info_hash_unmatched(gconstpointer k)
549 const ldap_call_response_t *key = k;
551 return key->messageId;
555 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
557 const ldap_call_response_t *key1 = k1;
558 const ldap_call_response_t *key2 = k2;
560 return key1->messageId==key2->messageId;
564 /* These are the NtVer flags
565 http://msdn.microsoft.com/en-us/library/cc201035.aspx
568 static const true_false_string tfs_ntver_v1 = {
569 "Client requested version 1 netlogon response",
570 "Version 1 netlogon response not requested"
573 static const true_false_string tfs_ntver_v5 = {
574 "Client requested version 5 netlogon response",
575 "Version 5 netlogon response not requested"
577 static const true_false_string tfs_ntver_v5ex = {
578 "Client requested version 5 extended netlogon response",
579 "Version 5 extended response not requested"
581 static const true_false_string tfs_ntver_v5ep = {
582 "Client has requested IP address of the server",
583 "IP address of server not requested"
585 static const true_false_string tfs_ntver_vcs = {
586 "Client has asked for the closest site information",
587 "Closest site information not requested"
589 static const true_false_string tfs_ntver_vnt4 = {
590 "Client is requesting server to avoid NT4 emulation",
591 "Only full AD DS requested"
593 static const true_false_string tfs_ntver_vpdc = {
594 "Client has requested the Primary Domain Controller",
595 "Primary Domain Controller not requested"
597 static const true_false_string tfs_ntver_vip = {
598 "Client has requested IP details (obsolete)",
599 "IP details not requested (obsolete)"
601 static const true_false_string tfs_ntver_vl = {
602 "Client indicated that it is the local machine",
603 "Client is not the local machine"
604 };static const true_false_string tfs_ntver_vgc = {
605 "Client has requested a Global Catalog server",
606 "Global Catalog not requested"
610 /* MS-ADTS specification, section 7.3.1.1, NETLOGON_NT_VERSION Options Bits */
611 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
615 proto_tree *tree=NULL;
617 hf_mscldap_ntver_flags_v1,
618 hf_mscldap_ntver_flags_v5,
619 hf_mscldap_ntver_flags_v5ex,
620 hf_mscldap_ntver_flags_v5ep,
621 hf_mscldap_ntver_flags_vcs,
622 hf_mscldap_ntver_flags_vnt4,
623 hf_mscldap_ntver_flags_vpdc,
624 hf_mscldap_ntver_flags_vip,
625 hf_mscldap_ntver_flags_vl,
626 hf_mscldap_ntver_flags_vgc,
630 header_field_info *hfi;
631 gboolean one_bit_set = FALSE;
633 flags=tvb_get_letohl(tvb, offset);
634 item=proto_tree_add_item(parent_tree, hf_mscldap_ntver_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
636 tree = proto_item_add_subtree(item, ett_mscldap_ntver_flags);
639 proto_item_append_text(item, " (");
641 for(field = fields; *field; field++) {
642 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
643 hfi = proto_registrar_get_nth(*field);
645 if(flags & hfi->bitmask) {
648 proto_item_append_text(item, ", ");
652 proto_item_append_text(item, "%s", hfi->name);
657 proto_item_append_text(item, ")");
664 /* This string contains the last LDAPString that was decoded */
665 static const char *attributedesc_string=NULL;
667 /* This string contains the last AssertionValue that was decoded */
668 static char *ldapvalue_string=NULL;
670 /* if the octet string contain all printable ASCII characters, then
671 * display it as a string, othervise just display it in hex.
674 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
677 gboolean pc, ind, is_ascii;
683 offset=get_ber_identifier(tvb, offset, &class, &pc, &tag);
684 offset=get_ber_length(tvb, offset, &len, &ind);
686 len=tvb_length_remaining(tvb,offset);
695 * Some special/wellknown attributes in common LDAP (read AD)
696 * are neither ascii strings nor blobs of hex data.
697 * Special case these attributes and decode them more nicely.
699 * Add more special cases as required to prettify further
700 * (there cant be that many ones that are truly interesting)
702 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
706 /* this octet string contains an NT SID */
707 sid_tvb=tvb_new_subset(tvb, offset, len, len);
708 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
709 ldapvalue_string=tmpstr;
712 } else if ( (len==16) /* GUIDs are always 16 bytes */
713 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
714 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
717 /* This octet string contained a GUID */
718 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
720 ldapvalue_string=ep_alloc(1024);
721 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
722 uuid.Data1, uuid.Data2, uuid.Data3,
723 uuid.Data4[0], uuid.Data4[1],
724 uuid.Data4[2], uuid.Data4[3],
725 uuid.Data4[4], uuid.Data4[5],
726 uuid.Data4[6], uuid.Data4[7]);
729 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
733 /* get flag value to populate ldapvalue_string */
734 flags=tvb_get_letohl(tvb, offset);
736 ldapvalue_string=ep_alloc(1024);
737 g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
739 /* populate bitmask subtree */
740 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
748 * It was not one of our "wellknown" attributes so make the best
749 * we can and just try to see if it is an ascii string or if it
752 * XXX - should we support reading RFC 2252-style schemas
753 * for LDAP, and using that to determine how to display
754 * attribute values and assertion values?
756 * -- I dont think there are full schemas available that describe the
757 * interesting cases i.e. AD -- ronnie
759 str=tvb_get_ptr(tvb, offset, len);
762 if(!isascii(str[i]) || !isprint(str[i])){
768 /* convert the string into a printable string */
770 ldapvalue_string=ep_strndup(str, len);
772 ldapvalue_string=ep_alloc(3*len);
774 g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
775 ldapvalue_string[3*i+2]=':';
777 ldapvalue_string[3*len-1]=0;
780 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
788 /* This string contains the last Filter item that was decoded */
789 static const char *Filter_string=NULL;
790 static const char *and_filter_string=NULL;
791 static const char *or_filter_string=NULL;
792 static const char *substring_value=NULL;
793 static const char *substring_item_init=NULL;
794 static const char *substring_item_any=NULL;
795 static const char *substring_item_final=NULL;
796 static const char *matching_rule_string=NULL;
797 static gboolean matching_rule_dnattr=FALSE;
799 #define MAX_FILTER_LEN 4096
800 static gint Filter_length;
802 #define MAX_FILTER_ELEMENTS 200
803 static gint Filter_elements;
805 /* Global variables */
806 char *mechanism = NULL;
807 static gint MessageID =-1;
808 static gint ProtocolOp = -1;
809 static gint result = 0;
810 static proto_item *ldm_tree = NULL; /* item to add text to */
812 static void ldap_do_protocolop(packet_info *pinfo)
818 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
820 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
823 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
825 do_protocolop = FALSE;
830 static ldap_call_response_t *
831 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag)
833 ldap_call_response_t lcr, *lcrp=NULL;
834 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)pinfo->private_data;
836 /* first see if we have already matched this */
838 lcr.messageId=messageId;
839 switch(protocolOpTag){
841 case LDAP_REQ_SEARCH:
842 case LDAP_REQ_MODIFY:
844 case LDAP_REQ_DELETE:
845 case LDAP_REQ_MODRDN:
846 case LDAP_REQ_COMPARE:
847 case LDAP_REQ_EXTENDED:
849 lcr.req_frame=pinfo->fd->num;
853 case LDAP_RES_SEARCH_ENTRY:
854 case LDAP_RES_SEARCH_REF:
855 case LDAP_RES_SEARCH_RESULT:
856 case LDAP_RES_MODIFY:
858 case LDAP_RES_DELETE:
859 case LDAP_RES_MODRDN:
860 case LDAP_RES_COMPARE:
861 case LDAP_RES_EXTENDED:
862 case LDAP_RES_INTERMEDIATE:
863 lcr.is_request=FALSE;
865 lcr.rep_frame=pinfo->fd->num;
868 lcrp=g_hash_table_lookup(ldap_info->matched, &lcr);
872 lcrp->is_request=lcr.is_request;
876 /* we haven't found a match - try and match it up */
878 switch(protocolOpTag){
880 case LDAP_REQ_SEARCH:
881 case LDAP_REQ_MODIFY:
883 case LDAP_REQ_DELETE:
884 case LDAP_REQ_MODRDN:
885 case LDAP_REQ_COMPARE:
886 case LDAP_REQ_EXTENDED:
888 /* this a a request - add it to the unmatched list */
890 /* check that we dont already have one of those in the
891 unmatched list and if so remove it */
893 lcr.messageId=messageId;
894 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
896 g_hash_table_remove(ldap_info->unmatched, lcrp);
898 /* if we cant reuse the old one, grab a new chunk */
900 lcrp=se_alloc(sizeof(ldap_call_response_t));
902 lcrp->messageId=messageId;
903 lcrp->req_frame=pinfo->fd->num;
904 lcrp->req_time=pinfo->fd->abs_ts;
906 lcrp->protocolOpTag=protocolOpTag;
907 lcrp->is_request=TRUE;
908 g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
912 case LDAP_RES_SEARCH_ENTRY:
913 case LDAP_RES_SEARCH_REF:
914 case LDAP_RES_SEARCH_RESULT:
915 case LDAP_RES_MODIFY:
917 case LDAP_RES_DELETE:
918 case LDAP_RES_MODRDN:
919 case LDAP_RES_COMPARE:
920 case LDAP_RES_EXTENDED:
921 case LDAP_RES_INTERMEDIATE:
923 /* this is a result - it should be in our unmatched list */
925 lcr.messageId=messageId;
926 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
930 if(!lcrp->rep_frame){
931 g_hash_table_remove(ldap_info->unmatched, lcrp);
932 lcrp->rep_frame=pinfo->fd->num;
933 lcrp->is_request=FALSE;
934 g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
942 /* we have found a match */
947 if(lcrp->is_request){
948 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
949 PROTO_ITEM_SET_GENERATED(it);
952 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
953 PROTO_ITEM_SET_GENERATED(it);
954 nstime_delta(&ns, &pinfo->fd->abs_ts, &lcrp->req_time);
955 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
956 PROTO_ITEM_SET_GENERATED(it);
964 /*--- Included file: packet-ldap-fn.c ---*/
965 #line 1 "../../asn1/ldap/packet-ldap-fn.c"
966 /*--- Cyclic dependencies ---*/
968 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
969 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
970 /* Filter -> Filter/not -> Filter */
971 static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
977 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
978 #line 98 "../../asn1/ldap/ldap.cnf"
980 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
994 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
995 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1004 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1005 #line 324 "../../asn1/ldap/ldap.cnf"
1006 tvbuff_t *parameter_tvb = NULL;
1007 const char *ldapstring = NULL;
1008 gchar *sc = NULL; /* semi-colon pointer */
1010 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1014 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
1016 ldap_do_protocolop(actx->pinfo);
1019 ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0));
1021 if(hf_index == hf_ldap_baseObject) {
1022 /* this is search - put it on the scanline */
1023 if(!ldapstring || !*ldapstring)
1024 ldapstring = "<ROOT>";
1026 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
1029 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1032 if(!parameter_tvb) {
1034 proto_item_append_text(actx->created_item, " (%s)", ldapstring);
1037 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
1038 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
1041 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
1043 } else if ((hf_index == hf_ldap_objectName) ||
1044 (hf_index == hf_ldap_name) ||
1045 (hf_index == hf_ldap_entry) ||
1046 (hf_index == hf_ldap_object) ||
1047 (hf_index == hf_ldap_delRequest) ) {
1049 if(!ldapstring || !*ldapstring)
1050 ldapstring = "<ROOT>";
1052 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
1055 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1056 } else if (hf_index == hf_ldap_attributeDesc){
1057 /* remember the attribute description */
1058 attributedesc_string=ldapstring;
1059 } else if (hf_index == hf_ldap_initial){
1060 /* remember the substring item */
1061 substring_item_init=ldapstring;
1062 } else if (hf_index == hf_ldap_any){
1063 /* remember the substring item */
1064 substring_item_any=ldapstring;
1065 } else if (hf_index == hf_ldap_final){
1066 /* remember the substring item */
1067 substring_item_final=ldapstring;
1068 } else if (hf_index == hf_ldap_matchingRule){
1069 /* remember the matching rule */
1070 matching_rule_string=ldapstring;
1071 } else if (hf_index == hf_ldap_present){
1072 /* remember the present name */
1073 Filter_string=ldapstring;
1074 } else if (hf_index == hf_ldap_type) {
1075 /* remember attribute type name */
1076 attr_type = ep_strdup(ldapstring);
1078 /* append it to the parent entry */
1079 proto_item_append_text(tree, " %s", attr_type);
1081 /* remove the ";binary" component if present */
1082 if((sc = strchr(attr_type, ';')) != NULL) {
1083 if(!strcmp(sc, ";binary")) {
1084 *sc = '\0'; /* terminate the string */
1085 is_binary_attr_type = TRUE;
1088 is_binary_attr_type = FALSE;
1103 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1104 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1112 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1113 #line 167 "../../asn1/ldap/ldap.cnf"
1114 ldap_conv_info_t *ldap_info;
1116 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1120 ldap_info = actx->pinfo->private_data;
1121 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
1123 actx->pinfo->private_data = ldap_info;
1133 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1134 #line 177 "../../asn1/ldap/ldap.cnf"
1136 ldap_conv_info_t *ldap_info;
1137 tvbuff_t *parameter_tvb;
1138 char *mechanism = NULL;
1139 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1142 ldap_info = actx->pinfo->private_data;
1143 ldap_info->auth_type = LDAP_AUTH_SASL;
1149 * We need to remember the authentication type and mechanism for this
1152 * XXX - actually, we might need to remember more than one
1153 * type and mechanism, if you can unbind and rebind with a
1154 * different type and/or mechanism.
1156 if(!actx->pinfo->fd->flags.visited) {
1157 mechanism = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
1158 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
1160 * If the mechanism in this request is an empty string (which is
1161 * returned as a null pointer), use the saved mechanism instead.
1162 * Otherwise, if the saved mechanism is an empty string (null),
1163 * save this mechanism.
1165 if (mechanism == NULL) {
1166 mechanism = ldap_info->auth_mech;
1168 g_free(ldap_info->auth_mech);
1169 ldap_info->auth_mech = mechanism;
1171 actx->pinfo->private_data = ldap_info;
1181 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1182 #line 214 "../../asn1/ldap/ldap.cnf"
1184 tvbuff_t *parameter_tvb;
1185 ldap_conv_info_t *ldap_info;
1190 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1197 ldap_info = actx->pinfo->private_data;
1198 get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag);
1200 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/
1201 if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) {
1203 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
1204 * We need to check the first byte to check whether the blob
1205 * contains SPNEGO or GSSAPI.
1206 * All SPNEGO PDUs are of class CONSTRUCTED while
1207 * GSS PDUs are class APPLICATION
1209 if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
1210 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1212 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/
1213 if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) {
1215 * This is a raw GSS-API token.
1217 if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
1218 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1221 actx->pinfo->private_data = ldap_info;
1230 static const ber_sequence_t SaslCredentials_sequence[] = {
1231 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism },
1232 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials },
1233 { NULL, 0, 0, 0, NULL }
1237 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1238 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1239 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1247 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1248 #line 705 "../../asn1/ldap/ldap.cnf"
1249 /* make sure the protocol op comes first */
1250 ldap_do_protocolop(actx->pinfo);
1252 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1253 offset+=tvb_length_remaining(tvb, offset);
1263 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1264 #line 712 "../../asn1/ldap/ldap.cnf"
1265 /* make sure the protocol op comes first */
1266 ldap_do_protocolop(actx->pinfo);
1268 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1269 offset+=tvb_length_remaining(tvb, offset);
1277 static const value_string ldap_AuthenticationChoice_vals[] = {
1280 { 10, "ntlmsspNegotiate" },
1281 { 11, "ntlmsspAuth" },
1285 static const ber_choice_t AuthenticationChoice_choice[] = {
1286 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple },
1287 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials },
1288 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate },
1289 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth },
1290 { 0, NULL, 0, 0, 0, NULL }
1294 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1295 #line 495 "../../asn1/ldap/ldap.cnf"
1298 const gchar *valstr;
1300 offset = dissect_ber_choice(actx, tree, tvb, offset,
1301 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1305 ldap_do_protocolop(actx->pinfo);
1307 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1308 auth = AuthenticationChoice_choice[branch].value;
1310 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1312 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1313 if ((auth != 10) && (auth != 11))
1314 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1317 proto_item_append_text(ldm_tree, " %s", valstr);
1326 static const ber_sequence_t BindRequest_U_sequence[] = {
1327 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 },
1328 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
1329 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice },
1330 { NULL, 0, 0, 0, NULL }
1334 dissect_ldap_BindRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1335 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1336 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U);
1344 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1345 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1346 hf_index, BER_CLASS_APP, 0, TRUE, dissect_ldap_BindRequest_U);
1352 static const value_string ldap_BindResponse_resultCode_vals[] = {
1354 { 1, "operationsError" },
1355 { 2, "protocolError" },
1356 { 3, "timeLimitExceeded" },
1357 { 4, "sizeLimitExceeded" },
1358 { 5, "compareFalse" },
1359 { 6, "compareTrue" },
1360 { 7, "authMethodNotSupported" },
1361 { 8, "strongAuthRequired" },
1363 { 11, "adminLimitExceeded" },
1364 { 12, "unavailableCriticalExtension" },
1365 { 13, "confidentialityRequired" },
1366 { 14, "saslBindInProgress" },
1367 { 16, "noSuchAttribute" },
1368 { 17, "undefinedAttributeType" },
1369 { 18, "inappropriateMatching" },
1370 { 19, "constraintViolation" },
1371 { 20, "attributeOrValueExists" },
1372 { 21, "invalidAttributeSyntax" },
1373 { 32, "noSuchObject" },
1374 { 33, "aliasProblem" },
1375 { 34, "invalidDNSyntax" },
1376 { 36, "aliasDereferencingProblem" },
1377 { 48, "inappropriateAuthentication" },
1378 { 49, "invalidCredentials" },
1379 { 50, "insufficientAccessRights" },
1381 { 52, "unavailable" },
1382 { 53, "unwillingToPerform" },
1383 { 54, "loopDetect" },
1384 { 64, "namingViolation" },
1385 { 65, "objectClassViolation" },
1386 { 66, "notAllowedOnNonLeaf" },
1387 { 67, "notAllowedOnRDN" },
1388 { 68, "entryAlreadyExists" },
1389 { 69, "objectClassModsProhibited" },
1390 { 71, "affectsMultipleDSAs" },
1392 { 118, "canceled" },
1393 { 119, "noSuchOperation" },
1395 { 121, "cannotCancel" },
1401 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1402 #line 444 "../../asn1/ldap/ldap.cnf"
1404 const gchar *valstr;
1406 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1410 ldap_do_protocolop(actx->pinfo);
1412 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1414 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1417 proto_item_append_text(ldm_tree, " %s", valstr);
1428 dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1429 #line 719 "../../asn1/ldap/ldap.cnf"
1430 tvbuff_t *new_tvb=NULL;
1432 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1435 && (tvb_length(new_tvb)>=7)
1436 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1438 /* make sure the protocol op comes first */
1439 ldap_do_protocolop(actx->pinfo);
1441 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
1453 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1454 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1462 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1463 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1466 #line 51 "../../asn1/ldap/ldap.cnf"
1467 PROTO_ITEM_SET_URL(actx->created_item);
1474 static const ber_sequence_t Referral_sequence_of[1] = {
1475 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
1479 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1480 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1481 Referral_sequence_of, hf_index, ett_ldap_Referral);
1489 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1490 #line 254 "../../asn1/ldap/ldap.cnf"
1492 tvbuff_t *parameter_tvb = NULL;
1493 ldap_conv_info_t *ldap_info;
1495 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1500 ldap_info = actx->pinfo->private_data;
1501 switch (ldap_info->auth_type) {
1503 /* For Kerberos V4, dissect it as a ticket. */
1504 /* XXX - what about LDAP_AUTH_SIMPLE? */
1506 case LDAP_AUTH_SASL:
1508 * All frames after this are assumed to use a security layer.
1510 * XXX - won't work if there's another reply, with the security
1511 * layer, starting in the same TCP segment that ends this
1512 * reply, but as LDAP is a request/response protocol, and
1513 * as the client probably can't start using authentication until
1514 * it gets the bind reply and the server won't send a reply until
1515 * it gets a request, that probably won't happen.
1517 * XXX - that assumption is invalid; it's not clear where the
1518 * hell you find out whether there's any security layer. In
1519 * one capture, we have two GSS-SPNEGO negotiations, both of
1520 * which select MS KRB5, and the only differences in the tokens
1521 * is in the RC4-HMAC ciphertext. The various
1522 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1523 * that the RFC 2222 spoo with the bitmask and maximum
1524 * output message size stuff is done - but where does that
1525 * stuff show up? Is it in the ciphertext, which means it's
1526 * presumably encrypted?
1528 * Grrr. We have to do a gross heuristic, checking whether the
1529 * putative LDAP message begins with 0x00 or not, making the
1530 * assumption that we won't have more than 2^24 bytes of
1531 * encapsulated stuff.
1533 ldap_info->first_auth_frame = actx->pinfo->fd->num + 1;
1534 if (ldap_info->auth_mech != NULL &&
1535 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1536 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
1537 * which might not be wrapped in GSS-SPNEGO but be a raw
1540 if ( (tvb_length(parameter_tvb)>=7)
1541 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
1542 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
1546 * This is a GSS-API token.
1548 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1549 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1550 } else if (ldap_info->auth_mech != NULL &&
1551 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1553 * This is a GSS-API token.
1555 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1556 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1560 actx->pinfo->private_data = ldap_info;
1568 static const ber_sequence_t BindResponse_U_sequence[] = {
1569 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode },
1570 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN },
1571 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
1572 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
1573 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds },
1574 { NULL, 0, 0, 0, NULL }
1578 dissect_ldap_BindResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1579 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1580 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U);
1588 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1589 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1590 hf_index, BER_CLASS_APP, 1, TRUE, dissect_ldap_BindResponse_U);
1598 dissect_ldap_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1599 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1607 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1608 #line 517 "../../asn1/ldap/ldap.cnf"
1610 implicit_tag = TRUE; /* correct problem with asn2wrs */
1612 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1613 hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL);
1616 ldap_do_protocolop(actx->pinfo);
1628 static const value_string ldap_T_scope_vals[] = {
1629 { 0, "baseObject" },
1630 { 1, "singleLevel" },
1631 { 2, "wholeSubtree" },
1637 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1638 #line 412 "../../asn1/ldap/ldap.cnf"
1640 guint32 scope = 0xffff;
1641 const gchar *valstr;
1643 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1647 ldap_do_protocolop(actx->pinfo);
1649 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1651 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1654 proto_item_append_text(ldm_tree, " %s", valstr);
1662 static const value_string ldap_T_derefAliases_vals[] = {
1663 { 0, "neverDerefAliases" },
1664 { 1, "derefInSearching" },
1665 { 2, "derefFindingBaseObj" },
1666 { 3, "derefAlways" },
1672 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1673 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1682 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1683 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1692 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1693 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1701 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1702 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1704 #line 563 "../../asn1/ldap/ldap.cnf"
1705 if(and_filter_string){
1706 and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string);
1708 and_filter_string=Filter_string;
1716 static const ber_sequence_t T_and_set_of[1] = {
1717 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item },
1721 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1722 #line 570 "../../asn1/ldap/ldap.cnf"
1723 proto_tree *tr=NULL;
1724 proto_item *it=NULL;
1725 const char *old_and_filter_string=and_filter_string;
1727 and_filter_string=NULL;
1729 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "and: ");
1730 tr=proto_item_add_subtree(it, ett_ldap_T_and);
1734 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1735 T_and_set_of, hf_index, ett_ldap_T_and);
1738 if(and_filter_string) {
1739 proto_item_append_text(it, "%s", and_filter_string);
1740 Filter_string=ep_strdup_printf("%s",and_filter_string);
1742 and_filter_string=old_and_filter_string;
1752 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1753 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1755 #line 590 "../../asn1/ldap/ldap.cnf"
1756 if(or_filter_string){
1757 or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string);
1759 or_filter_string=Filter_string;
1768 static const ber_sequence_t T_or_set_of[1] = {
1769 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item },
1773 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1774 #line 598 "../../asn1/ldap/ldap.cnf"
1775 proto_tree *tr=NULL;
1776 proto_item *it=NULL;
1777 const char *old_or_filter_string=or_filter_string;
1779 or_filter_string=NULL;
1781 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "or: ");
1782 tr=proto_item_add_subtree(it, ett_ldap_T_or);
1785 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1786 T_or_set_of, hf_index, ett_ldap_T_or);
1788 if(or_filter_string) {
1789 proto_item_append_text(it, "%s", or_filter_string);
1790 Filter_string=ep_strdup_printf("%s",or_filter_string);
1792 or_filter_string=old_or_filter_string;
1802 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1803 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1805 #line 619 "../../asn1/ldap/ldap.cnf"
1806 Filter_string=ep_strdup_printf("(!%s)",string_or_null(Filter_string));
1815 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1816 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1823 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1824 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1825 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue },
1826 { NULL, 0, 0, 0, NULL }
1830 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1831 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1832 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1840 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1841 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1843 #line 540 "../../asn1/ldap/ldap.cnf"
1844 Filter_string=ep_strdup_printf("(%s=%s)",
1845 string_or_null(attributedesc_string),
1846 string_or_null(ldapvalue_string));
1854 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
1861 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
1862 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1863 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1864 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1865 { 0, NULL, 0, 0, 0, NULL }
1869 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1870 offset = dissect_ber_choice(actx, tree, tvb, offset,
1871 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
1874 #line 645 "../../asn1/ldap/ldap.cnf"
1875 if (substring_item_final) {
1876 substring_value=ep_strdup_printf("%s%s",
1877 (substring_value?substring_value:"*"),
1878 substring_item_final);
1879 } else if (substring_item_any) {
1880 substring_value=ep_strdup_printf("%s%s*",
1881 (substring_value?substring_value:"*"),
1882 substring_item_any);
1883 } else if (substring_item_init) {
1884 substring_value=ep_strdup_printf("%s*",
1885 substring_item_init);
1893 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
1894 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item },
1898 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1899 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1900 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
1906 static const ber_sequence_t SubstringFilter_sequence[] = {
1907 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1908 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings },
1909 { NULL, 0, 0, 0, NULL }
1913 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1914 #line 659 "../../asn1/ldap/ldap.cnf"
1915 proto_tree *tr=NULL;
1916 proto_item *it=NULL;
1917 const char *old_substring_value=substring_value;
1920 substring_value=NULL;
1921 substring_item_init=NULL;
1922 substring_item_any=NULL;
1923 substring_item_final=NULL;
1925 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "substring: ");
1926 tr=proto_item_add_subtree(it, ett_ldap_SubstringFilter);
1929 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1930 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
1932 Filter_string=ep_strdup_printf("(%s=%s)",
1933 string_or_null(attr_type),
1934 string_or_null(substring_value));
1935 proto_item_append_text(it, "%s", Filter_string);
1936 substring_value=old_substring_value;
1946 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1947 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1949 #line 546 "../../asn1/ldap/ldap.cnf"
1950 Filter_string=ep_strdup_printf("(%s>=%s)",
1951 string_or_null(attributedesc_string),
1952 string_or_null(ldapvalue_string));
1962 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1963 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1965 #line 552 "../../asn1/ldap/ldap.cnf"
1966 Filter_string=ep_strdup_printf("(%s<=%s)",
1967 string_or_null(attributedesc_string),
1968 string_or_null(ldapvalue_string));
1978 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1979 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
1981 #line 616 "../../asn1/ldap/ldap.cnf"
1982 Filter_string=ep_strdup_printf("(%s=*)",string_or_null(Filter_string));
1991 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1992 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1994 #line 558 "../../asn1/ldap/ldap.cnf"
1995 Filter_string=ep_strdup_printf("(%s~=%s)",
1996 string_or_null(attributedesc_string),
1997 string_or_null(ldapvalue_string));
2006 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2007 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2015 dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2016 #line 622 "../../asn1/ldap/ldap.cnf"
2019 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
2022 matching_rule_dnattr = val;
2031 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
2032 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
2033 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
2034 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue },
2035 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes },
2036 { NULL, 0, 0, 0, NULL }
2040 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2041 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2042 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
2050 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2051 #line 631 "../../asn1/ldap/ldap.cnf"
2053 matching_rule_string=NULL;
2054 ldapvalue_string=NULL;
2055 matching_rule_dnattr=FALSE;
2058 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2060 #line 637 "../../asn1/ldap/ldap.cnf"
2061 Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)",
2062 (attr_type?attr_type:""),
2063 (matching_rule_dnattr?"dn:":""),
2064 (matching_rule_string?matching_rule_string:""),
2065 (matching_rule_string?":":""),
2066 string_or_null(ldapvalue_string));
2073 static const value_string ldap_Filter_vals[] = {
2077 { 3, "equalityMatch" },
2078 { 4, "substrings" },
2079 { 5, "greaterOrEqual" },
2080 { 6, "lessOrEqual" },
2082 { 8, "approxMatch" },
2083 { 9, "extensibleMatch" },
2087 static const ber_choice_t Filter_choice[] = {
2088 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and },
2089 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or },
2090 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not },
2091 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch },
2092 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter },
2093 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual },
2094 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual },
2095 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present },
2096 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch },
2097 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch },
2098 { 0, NULL, 0, 0, 0, NULL }
2102 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2103 #line 681 "../../asn1/ldap/ldap.cnf"
2104 proto_tree *tr=NULL;
2105 proto_item *it=NULL;
2106 attributedesc_string=NULL;
2108 if (Filter_length++ > MAX_FILTER_LEN) {
2109 expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %u. Giving up.", MAX_FILTER_LEN);
2110 THROW(ReportedBoundsError);
2113 if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
2114 expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
2115 THROW(ReportedBoundsError);
2119 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
2120 tr=proto_item_add_subtree(it, ett_ldap_Filter);
2123 offset = dissect_ber_choice(actx, tree, tvb, offset,
2124 Filter_choice, hf_index, ett_ldap_Filter,
2128 proto_item_append_text(it, "%s", string_or_null(Filter_string));
2138 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2139 #line 529 "../../asn1/ldap/ldap.cnf"
2141 Filter_elements = 0;
2145 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
2147 #line 534 "../../asn1/ldap/ldap.cnf"
2149 and_filter_string=NULL;
2150 Filter_elements = 0;
2158 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2159 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2163 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2164 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2165 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2171 static const ber_sequence_t SearchRequest_U_sequence[] = {
2172 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2173 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope },
2174 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases },
2175 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2176 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2177 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2178 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter },
2179 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList },
2180 { NULL, 0, 0, 0, NULL }
2184 dissect_ldap_SearchRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2185 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2186 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U);
2194 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2195 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2196 hf_index, BER_CLASS_APP, 3, TRUE, dissect_ldap_SearchRequest_U);
2204 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2205 #line 460 "../../asn1/ldap/ldap.cnf"
2207 tvbuff_t *next_tvb = NULL;
2210 int old_offset = offset;
2212 /* attr_type, should be set before calling this function */
2214 /* extract the value of the octetstring */
2215 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
2217 /* if we have an attribute type that isn't binary see if there is a better dissector */
2218 if(!attr_type || !next_tvb || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree)) {
2219 offset = old_offset;
2221 /* do the default thing */
2222 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2228 len = tvb_length_remaining(next_tvb, 0);
2230 for(i = 0; i < len; i++)
2231 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
2235 string = tvb_get_ephemeral_string(next_tvb, 0, tvb_length_remaining(next_tvb, 0));
2238 proto_item_set_text(actx->created_item, "%s", string);
2248 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2249 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },
2253 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2254 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
2255 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2261 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2262 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2263 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2264 { NULL, 0, 0, 0, NULL }
2268 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2269 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2270 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2276 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2277 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item },
2281 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2282 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2283 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2289 static const ber_sequence_t SearchResultEntry_U_sequence[] = {
2290 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2291 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList },
2292 { NULL, 0, 0, 0, NULL }
2296 dissect_ldap_SearchResultEntry_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2297 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2298 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U);
2306 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2307 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2308 hf_index, BER_CLASS_APP, 4, TRUE, dissect_ldap_SearchResultEntry_U);
2314 static const value_string ldap_T_resultCode_vals[] = {
2316 { 1, "operationsError" },
2317 { 2, "protocolError" },
2318 { 3, "timeLimitExceeded" },
2319 { 4, "sizeLimitExceeded" },
2320 { 5, "compareFalse" },
2321 { 6, "compareTrue" },
2322 { 7, "authMethodNotSupported" },
2323 { 8, "strongAuthRequired" },
2325 { 11, "adminLimitExceeded" },
2326 { 12, "unavailableCriticalExtension" },
2327 { 13, "confidentialityRequired" },
2328 { 14, "saslBindInProgress" },
2329 { 16, "noSuchAttribute" },
2330 { 17, "undefinedAttributeType" },
2331 { 18, "inappropriateMatching" },
2332 { 19, "constraintViolation" },
2333 { 20, "attributeOrValueExists" },
2334 { 21, "invalidAttributeSyntax" },
2335 { 32, "noSuchObject" },
2336 { 33, "aliasProblem" },
2337 { 34, "invalidDNSyntax" },
2338 { 36, "aliasDereferencingProblem" },
2339 { 48, "inappropriateAuthentication" },
2340 { 49, "invalidCredentials" },
2341 { 50, "insufficientAccessRights" },
2343 { 52, "unavailable" },
2344 { 53, "unwillingToPerform" },
2345 { 54, "loopDetect" },
2346 { 64, "namingViolation" },
2347 { 65, "objectClassViolation" },
2348 { 66, "notAllowedOnNonLeaf" },
2349 { 67, "notAllowedOnRDN" },
2350 { 68, "entryAlreadyExists" },
2351 { 69, "objectClassModsProhibited" },
2352 { 71, "affectsMultipleDSAs" },
2354 { 118, "canceled" },
2355 { 119, "noSuchOperation" },
2357 { 121, "cannotCancel" },
2363 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2364 #line 428 "../../asn1/ldap/ldap.cnf"
2366 const gchar *valstr;
2368 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2372 ldap_do_protocolop(actx->pinfo);
2374 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2376 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
2379 proto_item_append_text(ldm_tree, " %s", valstr);
2388 static const ber_sequence_t LDAPResult_sequence[] = {
2389 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode },
2390 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2391 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2392 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2393 { NULL, 0, 0, 0, NULL }
2397 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2398 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2399 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2407 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2408 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2409 hf_index, BER_CLASS_APP, 5, TRUE, dissect_ldap_LDAPResult);
2415 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = {
2416 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
2420 dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2421 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2422 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL);
2430 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2431 #line 822 "../../asn1/ldap/ldap.cnf"
2433 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2434 hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
2437 ldap_do_protocolop(actx->pinfo);
2446 static const value_string ldap_T_operation_vals[] = {
2455 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2456 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2463 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2464 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2465 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2466 { NULL, 0, 0, 0, NULL }
2470 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2471 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2472 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2478 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2479 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation },
2480 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues },
2481 { NULL, 0, 0, 0, NULL }
2485 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2486 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2487 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2493 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2494 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item },
2498 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2499 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2500 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2506 static const ber_sequence_t ModifyRequest_U_sequence[] = {
2507 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2508 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification },
2509 { NULL, 0, 0, 0, NULL }
2513 dissect_ldap_ModifyRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2514 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2515 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U);
2523 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2524 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2525 hf_index, BER_CLASS_APP, 6, TRUE, dissect_ldap_ModifyRequest_U);
2533 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2534 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2535 hf_index, BER_CLASS_APP, 7, TRUE, dissect_ldap_LDAPResult);
2541 static const ber_sequence_t AttributeList_item_sequence[] = {
2542 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2543 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2544 { NULL, 0, 0, 0, NULL }
2548 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2549 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2550 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2556 static const ber_sequence_t AttributeList_sequence_of[1] = {
2557 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item },
2561 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2562 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2563 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2569 static const ber_sequence_t AddRequest_U_sequence[] = {
2570 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2571 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList },
2572 { NULL, 0, 0, 0, NULL }
2576 dissect_ldap_AddRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2577 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2578 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U);
2586 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2587 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2588 hf_index, BER_CLASS_APP, 8, TRUE, dissect_ldap_AddRequest_U);
2596 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2597 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2598 hf_index, BER_CLASS_APP, 9, TRUE, dissect_ldap_LDAPResult);
2606 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2607 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2608 hf_index, BER_CLASS_APP, 10, TRUE, dissect_ldap_LDAPDN);
2616 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2617 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2618 hf_index, BER_CLASS_APP, 11, TRUE, dissect_ldap_LDAPResult);
2626 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2627 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2633 static const ber_sequence_t ModifyDNRequest_U_sequence[] = {
2634 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2635 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN },
2636 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2637 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN },
2638 { NULL, 0, 0, 0, NULL }
2642 dissect_ldap_ModifyDNRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2643 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2644 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U);
2652 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2653 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2654 hf_index, BER_CLASS_APP, 12, TRUE, dissect_ldap_ModifyDNRequest_U);
2662 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2663 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2664 hf_index, BER_CLASS_APP, 13, TRUE, dissect_ldap_LDAPResult);
2670 static const ber_sequence_t CompareRequest_U_sequence[] = {
2671 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2672 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion },
2673 { NULL, 0, 0, 0, NULL }
2677 dissect_ldap_CompareRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2678 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2679 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U);
2687 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2688 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2689 hf_index, BER_CLASS_APP, 14, TRUE, dissect_ldap_CompareRequest_U);
2697 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2698 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2699 hf_index, BER_CLASS_APP, 15, TRUE, dissect_ldap_LDAPResult);
2707 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2708 #line 829 "../../asn1/ldap/ldap.cnf"
2710 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2711 hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
2714 ldap_do_protocolop(actx->pinfo);
2724 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2725 #line 54 "../../asn1/ldap/ldap.cnf"
2727 tvbuff_t *parameter_tvb;
2731 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2734 #line 61 "../../asn1/ldap/ldap.cnf"
2736 object_identifier_id = NULL;
2741 object_identifier_id = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
2742 name = oid_resolved_from_string(object_identifier_id);
2745 proto_item_append_text(actx->created_item, " (%s)", name);
2747 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
2748 ldap_do_protocolop(actx->pinfo);
2749 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
2753 if(((hf_index == hf_ldap_responseName) || (hf_index == hf_ldap_requestName)) &&
2754 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
2756 /* we have agreed start_tls */
2757 ldap_conv_info_t *ldap_info = NULL;
2759 ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
2762 if(hf_index == hf_ldap_responseName)
2763 /* TLS in the next frame */
2764 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
2766 /* remember we have asked to start_tls */
2767 ldap_info->start_tls_pending = TRUE;
2778 dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2779 #line 754 "../../asn1/ldap/ldap.cnf"
2781 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2782 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
2784 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2795 static const ber_sequence_t ExtendedRequest_U_sequence[] = {
2796 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID },
2797 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue },
2798 { NULL, 0, 0, 0, NULL }
2802 dissect_ldap_ExtendedRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2803 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2804 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U);
2812 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2813 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2814 hf_index, BER_CLASS_APP, 23, TRUE, dissect_ldap_ExtendedRequest_U);
2820 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2822 { 1, "operationsError" },
2823 { 2, "protocolError" },
2824 { 3, "timeLimitExceeded" },
2825 { 4, "sizeLimitExceeded" },
2826 { 5, "compareFalse" },
2827 { 6, "compareTrue" },
2828 { 7, "authMethodNotSupported" },
2829 { 8, "strongAuthRequired" },
2831 { 11, "adminLimitExceeded" },
2832 { 12, "unavailableCriticalExtension" },
2833 { 13, "confidentialityRequired" },
2834 { 14, "saslBindInProgress" },
2835 { 16, "noSuchAttribute" },
2836 { 17, "undefinedAttributeType" },
2837 { 18, "inappropriateMatching" },
2838 { 19, "constraintViolation" },
2839 { 20, "attributeOrValueExists" },
2840 { 21, "invalidAttributeSyntax" },
2841 { 32, "noSuchObject" },
2842 { 33, "aliasProblem" },
2843 { 34, "invalidDNSyntax" },
2844 { 36, "aliasDereferencingProblem" },
2845 { 48, "inappropriateAuthentication" },
2846 { 49, "invalidCredentials" },
2847 { 50, "insufficientAccessRights" },
2849 { 52, "unavailable" },
2850 { 53, "unwillingToPerform" },
2851 { 54, "loopDetect" },
2852 { 64, "namingViolation" },
2853 { 65, "objectClassViolation" },
2854 { 66, "notAllowedOnNonLeaf" },
2855 { 67, "notAllowedOnRDN" },
2856 { 68, "entryAlreadyExists" },
2857 { 69, "objectClassModsProhibited" },
2858 { 71, "affectsMultipleDSAs" },
2860 { 118, "canceled" },
2861 { 119, "noSuchOperation" },
2863 { 121, "cannotCancel" },
2869 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2870 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2879 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2880 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
2888 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2889 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2896 static const ber_sequence_t ExtendedResponse_U_sequence[] = {
2897 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode },
2898 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2899 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2900 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2901 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
2902 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
2903 { NULL, 0, 0, 0, NULL }
2907 dissect_ldap_ExtendedResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2908 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2909 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U);
2917 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2918 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2919 hf_index, BER_CLASS_APP, 24, TRUE, dissect_ldap_ExtendedResponse_U);
2927 dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2928 #line 762 "../../asn1/ldap/ldap.cnf"
2933 #line 766 "../../asn1/ldap/ldap.cnf"
2934 if(ldm_tree && object_identifier_id) {
2935 proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
2936 name = oid_resolved_from_string(object_identifier_id);
2938 proto_item_append_text(ldm_tree, " (%s)", name);
2940 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2941 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
2943 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2954 static const ber_sequence_t IntermediateResponse_U_sequence[] = {
2955 { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
2956 { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue },
2957 { NULL, 0, 0, 0, NULL }
2961 dissect_ldap_IntermediateResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2962 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2963 IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U);
2971 dissect_ldap_IntermediateResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2972 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2973 hf_index, BER_CLASS_APP, 25, TRUE, dissect_ldap_IntermediateResponse_U);
2979 static const value_string ldap_ProtocolOp_vals[] = {
2980 { 0, "bindRequest" },
2981 { 1, "bindResponse" },
2982 { 2, "unbindRequest" },
2983 { 3, "searchRequest" },
2984 { 4, "searchResEntry" },
2985 { 5, "searchResDone" },
2986 { 19, "searchResRef" },
2987 { 6, "modifyRequest" },
2988 { 7, "modifyResponse" },
2989 { 8, "addRequest" },
2990 { 9, "addResponse" },
2991 { 10, "delRequest" },
2992 { 11, "delResponse" },
2993 { 12, "modDNRequest" },
2994 { 13, "modDNResponse" },
2995 { 14, "compareRequest" },
2996 { 15, "compareResponse" },
2997 { 16, "abandonRequest" },
2998 { 23, "extendedReq" },
2999 { 24, "extendedResp" },
3000 { 25, "intermediateResponse" },
3004 static const ber_choice_t ProtocolOp_choice[] = {
3005 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest },
3006 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse },
3007 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest },
3008 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest },
3009 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry },
3010 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone },
3011 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference },
3012 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest },
3013 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse },
3014 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest },
3015 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse },
3016 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest },
3017 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse },
3018 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest },
3019 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse },
3020 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest },
3021 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse },
3022 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest },
3023 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest },
3024 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse },
3025 { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse },
3026 { 0, NULL, 0, 0, 0, NULL }
3030 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3031 #line 106 "../../asn1/ldap/ldap.cnf"
3033 ldap_call_response_t *lcrp;
3034 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
3035 do_protocolop = TRUE;
3038 offset = dissect_ber_choice(actx, tree, tvb, offset,
3039 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
3042 #line 112 "../../asn1/ldap/ldap.cnf"
3044 if (ProtocolOp == -1) {
3048 /* ProtocolOp is the index, not the tag so convert it to the tag value */
3049 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
3051 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp);
3053 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
3056 /* XXX: the count will not work if the results span multiple TCP packets */
3058 if(ldap_info && tree) { /* only count once - on tree pass */
3059 switch(ProtocolOp) {
3061 case LDAP_RES_SEARCH_ENTRY:
3062 ldap_info->num_results++;
3064 proto_item_append_text(tree, " [%d result%s]",
3065 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3069 case LDAP_RES_SEARCH_RESULT:
3071 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
3072 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3074 proto_item_append_text(tree, " [%d result%s]",
3075 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3077 ldap_info->num_results = 0;
3084 if(ldap_info && (ProtocolOp == LDAP_RES_EXTENDED)) {
3085 /* this is an extend result */
3087 if(ldap_info->start_tls_pending && !ldap_info->start_tls_frame) {
3088 /* XXX: some directories do not correctly return the responseName in the extendedResponse so we don't know start_tls has been negotiated */
3090 col_append_str(actx->pinfo->cinfo, COL_INFO, "[LDAP_START_TLS_OID responseName missing] ");
3091 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
3094 ldap_info->start_tls_pending = FALSE;
3104 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3105 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3113 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3114 #line 735 "../../asn1/ldap/ldap.cnf"
3120 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3121 /* remove the OCTET STRING encoding */
3122 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &class, &pc, &tag);
3123 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
3125 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
3129 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3141 static const ber_sequence_t Control_sequence[] = {
3142 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType },
3143 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3144 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue },
3145 { NULL, 0, 0, 0, NULL }
3149 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3150 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3151 Control_sequence, hf_index, ett_ldap_Control);
3157 static const ber_sequence_t Controls_sequence_of[1] = {
3158 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control },
3162 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3163 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3164 Controls_sequence_of, hf_index, ett_ldap_Controls);
3170 static const ber_sequence_t LDAPMessage_sequence[] = {
3171 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3172 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp },
3173 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls },
3174 { NULL, 0, 0, 0, NULL }
3178 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3179 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3180 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
3190 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3191 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3198 static const ber_sequence_t SearchControlValue_sequence[] = {
3199 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3200 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3201 { NULL, 0, 0, 0, NULL }
3205 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3206 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3207 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
3213 static const ber_sequence_t SortKeyList_item_sequence[] = {
3214 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
3215 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
3216 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN },
3217 { NULL, 0, 0, 0, NULL }
3221 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3222 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3223 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
3229 static const ber_sequence_t SortKeyList_sequence_of[1] = {
3230 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item },
3234 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3235 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3236 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
3242 static const value_string ldap_T_sortResult_vals[] = {
3244 { 1, "operationsError" },
3245 { 3, "timeLimitExceeded" },
3246 { 8, "strongAuthRequired" },
3247 { 11, "adminLimitExceeded" },
3248 { 16, "noSuchAttribute" },
3249 { 18, "inappropriateMatching" },
3250 { 50, "insufficientAccessRights" },
3252 { 53, "unwillingToPerform" },
3259 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3260 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3267 static const ber_sequence_t SortResult_sequence[] = {
3268 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult },
3269 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
3270 { NULL, 0, 0, 0, NULL }
3274 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3275 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3276 SortResult_sequence, hf_index, ett_ldap_SortResult);
3282 static const ber_sequence_t DirSyncFlagsSubEntry_sequence[] = {
3283 { &hf_ldap_value , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER },
3284 { NULL, 0, 0, 0, NULL }
3288 dissect_ldap_DirSyncFlagsSubEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3289 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3290 DirSyncFlagsSubEntry_sequence, hf_index, ett_ldap_DirSyncFlagsSubEntry);
3298 dissect_ldap_DirSyncFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3299 #line 779 "../../asn1/ldap/ldap.cnf"
3305 header_field_info *hfinfo;
3307 int otheroffset = offset;
3309 otheroffset=dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &class, &pc, &tag);
3310 otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
3312 gint32 remaining=tvb_length_remaining(tvb, offset);
3313 len=remaining>0 ? remaining : 0;
3316 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
3318 hfinfo = proto_registrar_get_nth(hf_index);
3321 proto_tree *subtree = NULL;
3322 proto_item *item = NULL;
3323 item = proto_tree_add_text(tree, tvb, otheroffset+1, len, "%s: 0x%08x", hfinfo->name, val);
3324 subtree = proto_item_add_subtree(item, ett_ldap_DirSyncFlagsSubEntry);
3327 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Object_Security");
3330 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Ancestor_First");
3333 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Public_Data_Only");
3335 if (val & 0x80000000) {
3336 proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Incremental_Value");
3339 proto_tree_add_text(tree, tvb, otheroffset+len, len, "%s: 0", hfinfo->name);
3348 static const ber_sequence_t DirSyncControlValue_sequence[] = {
3349 { &hf_ldap_flags , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_DirSyncFlags },
3350 { &hf_ldap_maxBytes , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3351 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3352 { NULL, 0, 0, 0, NULL }
3356 dissect_ldap_DirSyncControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3357 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3358 DirSyncControlValue_sequence, hf_index, ett_ldap_DirSyncControlValue);
3364 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = {
3365 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3366 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3367 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3368 { NULL, 0, 0, 0, NULL }
3372 dissect_ldap_PasswdModifyRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3373 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3374 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue);
3380 static const ber_sequence_t PasswdModifyResponseValue_sequence[] = {
3381 { &hf_ldap_genPasswd , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3382 { NULL, 0, 0, 0, NULL }
3386 dissect_ldap_PasswdModifyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3387 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3388 PasswdModifyResponseValue_sequence, hf_index, ett_ldap_PasswdModifyResponseValue);
3394 static const ber_sequence_t CancelRequestValue_sequence[] = {
3395 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3396 { NULL, 0, 0, 0, NULL }
3400 dissect_ldap_CancelRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3401 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3402 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue);
3408 static const value_string ldap_T_mode_vals[] = {
3409 { 1, "refreshOnly" },
3410 { 3, "refreshAndPersist" },
3416 dissect_ldap_T_mode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3417 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3424 static const ber_sequence_t SyncRequestValue_sequence[] = {
3425 { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode },
3426 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3427 { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3428 { NULL, 0, 0, 0, NULL }
3432 dissect_ldap_SyncRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3433 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3434 SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue);
3440 static const value_string ldap_T_state_vals[] = {
3450 dissect_ldap_T_state(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3451 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3460 dissect_ldap_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3461 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3468 static const ber_sequence_t SyncStateValue_sequence[] = {
3469 { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state },
3470 { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3471 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3472 { NULL, 0, 0, 0, NULL }
3476 dissect_ldap_SyncStateValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3477 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3478 SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue);
3484 static const ber_sequence_t SyncDoneValue_sequence[] = {
3485 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3486 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3487 { NULL, 0, 0, 0, NULL }
3491 dissect_ldap_SyncDoneValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3492 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3493 SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue);
3499 static const ber_sequence_t T_refreshDelete_sequence[] = {
3500 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3501 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3502 { NULL, 0, 0, 0, NULL }
3506 dissect_ldap_T_refreshDelete(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3507 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3508 T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete);
3514 static const ber_sequence_t T_refreshPresent_sequence[] = {
3515 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3516 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3517 { NULL, 0, 0, 0, NULL }
3521 dissect_ldap_T_refreshPresent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3522 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3523 T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent);
3529 static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = {
3530 { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3534 dissect_ldap_SET_OF_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3535 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
3536 SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID);
3542 static const ber_sequence_t T_syncIdSet_sequence[] = {
3543 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3544 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3545 { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID },
3546 { NULL, 0, 0, 0, NULL }
3550 dissect_ldap_T_syncIdSet(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3551 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3552 T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet);
3558 static const value_string ldap_SyncInfoValue_vals[] = {
3560 { 1, "refreshDelete" },
3561 { 2, "refreshPresent" },
3566 static const ber_choice_t SyncInfoValue_choice[] = {
3567 { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3568 { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete },
3569 { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent },
3570 { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet },
3571 { 0, NULL, 0, 0, 0, NULL }
3575 dissect_ldap_SyncInfoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3576 offset = dissect_ber_choice(actx, tree, tvb, offset,
3577 SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue,
3584 static const value_string ldap_T_warning_vals[] = {
3585 { 0, "timeBeforeExpiration" },
3586 { 1, "graceAuthNsRemaining" },
3590 static const ber_choice_t T_warning_choice[] = {
3591 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3592 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3593 { 0, NULL, 0, 0, 0, NULL }
3597 dissect_ldap_T_warning(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3598 offset = dissect_ber_choice(actx, tree, tvb, offset,
3599 T_warning_choice, hf_index, ett_ldap_T_warning,
3606 static const value_string ldap_T_error_vals[] = {
3607 { 0, "passwordExpired" },
3608 { 1, "accountLocked" },
3609 { 2, "changeAfterReset" },
3610 { 3, "passwordModNotAllowed" },
3611 { 4, "mustSupplyOldPassword" },
3612 { 5, "insufficientPasswordQuality" },
3613 { 6, "passwordTooShort" },
3614 { 7, "passwordTooYoung" },
3615 { 8, "passwordInHistory" },
3621 dissect_ldap_T_error(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3622 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3629 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = {
3630 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning },
3631 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error },
3632 { NULL, 0, 0, 0, NULL }
3636 dissect_ldap_PasswordPolicyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3637 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3638 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue);
3645 static void dissect_LDAPMessage_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3646 asn1_ctx_t asn1_ctx;
3647 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3648 dissect_ldap_LDAPMessage(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU);
3650 static void dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3651 asn1_ctx_t asn1_ctx;
3652 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3653 dissect_ldap_SearchControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU);
3655 static void dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3656 asn1_ctx_t asn1_ctx;
3657 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3658 dissect_ldap_SortKeyList(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU);
3660 static void dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3661 asn1_ctx_t asn1_ctx;
3662 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3663 dissect_ldap_SortResult(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortResult_PDU);
3665 static void dissect_DirSyncControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3666 asn1_ctx_t asn1_ctx;
3667 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3668 dissect_ldap_DirSyncControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_DirSyncControlValue_PDU);
3670 static void dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3671 asn1_ctx_t asn1_ctx;
3672 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3673 dissect_ldap_PasswdModifyRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU);
3675 static void dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3676 asn1_ctx_t asn1_ctx;
3677 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3678 dissect_ldap_CancelRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU);
3680 static void dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3681 asn1_ctx_t asn1_ctx;
3682 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3683 dissect_ldap_SyncRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU);
3685 static void dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3686 asn1_ctx_t asn1_ctx;
3687 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3688 dissect_ldap_SyncStateValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU);
3690 static void dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3691 asn1_ctx_t asn1_ctx;
3692 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3693 dissect_ldap_SyncDoneValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU);
3695 static void dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3696 asn1_ctx_t asn1_ctx;
3697 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3698 dissect_ldap_SyncInfoValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU);
3700 static void dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3701 asn1_ctx_t asn1_ctx;
3702 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3703 dissect_ldap_PasswordPolicyResponseValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU);
3707 /*--- End of included file: packet-ldap-fn.c ---*/
3708 #line 745 "../../asn1/ldap/packet-ldap-template.c"
3711 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3712 proto_tree *tree, ldap_conv_info_t *ldap_info,
3713 gboolean is_mscldap)
3716 guint length_remaining;
3718 int messageOffset = 0;
3719 guint headerLength = 0;
3721 tvbuff_t *msg_tvb = NULL;
3723 gboolean pc, ind = 0;
3726 attributedesc_string=NULL;
3731 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3733 if (length_remaining < 6) return;
3736 * OK, try to read the "Sequence Of" header; this gets the total
3737 * length of the LDAP message.
3739 messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
3740 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
3743 if((msg_len<4) || (msg_len>10000000)) return;
3745 if ( (class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
3747 * Add the length of the "Sequence Of" header to the message
3750 headerLength = messageOffset - offset;
3751 msg_len += headerLength;
3752 if (msg_len < headerLength) {
3754 * The message length was probably so large that the total length
3757 * Report this as an error.
3759 show_reported_bounds_error(tvb, pinfo, tree);
3764 * We couldn't parse the header; just make it the amount of data
3765 * remaining in the tvbuff, so we'll give up on this segment
3766 * after attempting to parse the message - there's nothing more
3767 * we can do. "dissect_ldap_message()" will display the error.
3769 msg_len = length_remaining;
3773 * Construct a tvbuff containing the amount of the payload we have
3774 * available. Make its reported length the amount of data in the
3777 * XXX - if reassembly isn't enabled. the subdissector will throw a
3778 * BoundsError exception, rather than a ReportedBoundsError exception.
3779 * We really want a tvbuff where the length is "length", the reported
3780 * length is "plen", and the "if the snapshot length were infinite"
3781 * length is the minimum of the reported length of the tvbuff handed
3782 * to us and "plen", with a new type of exception thrown if the offset
3783 * is within the reported length but beyond that third length, with
3784 * that exception getting the "Unreassembled Packet" error.
3786 length = length_remaining;
3787 if (length > msg_len) length = msg_len;
3788 msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
3791 * Now dissect the LDAP message.
3793 ldap_info->is_mscldap = is_mscldap;
3794 pinfo->private_data = ldap_info;
3795 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree);
3799 /* If this was a sasl blob there might be another PDU following in the
3802 if(tvb_length_remaining(tvb, offset)>=6){
3803 tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), -1);
3812 ldap_frame_end(void)
3814 ldap_found_in_frame = FALSE;
3818 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3821 conversation_t *conversation;
3822 gboolean doing_sasl_security = FALSE;
3823 guint length_remaining;
3824 ldap_conv_info_t *ldap_info = NULL;
3825 proto_item *ldap_item = NULL;
3826 proto_tree *ldap_tree = NULL;
3830 conversation = find_or_create_conversation(pinfo);
3833 * Do we already have a type and mechanism?
3835 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
3836 if (ldap_info == NULL) {
3837 /* No. Attach that information to the conversation, and add
3838 * it to the list of information structures.
3840 ldap_info = g_malloc0(sizeof(ldap_conv_info_t));
3841 ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
3842 ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3844 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3846 ldap_info->next = ldap_info_items;
3847 ldap_info_items = ldap_info;
3851 switch (ldap_info->auth_type) {
3852 case LDAP_AUTH_SASL:
3854 * It's SASL; are we using a security layer?
3856 if (ldap_info->first_auth_frame != 0 &&
3857 pinfo->fd->num >= ldap_info->first_auth_frame) {
3858 doing_sasl_security = TRUE; /* yes */
3862 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3864 /* It might still be a packet containing a SASL security layer
3865 * but its just that we never saw the BIND packet.
3866 * check if it looks like it could be a SASL blob here
3867 * and in that case just assume it is GSS-SPNEGO
3869 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
3870 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
3871 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
3872 ldap_info->auth_type=LDAP_AUTH_SASL;
3873 ldap_info->first_auth_frame=pinfo->fd->num;
3874 ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
3875 doing_sasl_security=TRUE;
3879 * This is the first PDU, set the Protocol column and clear the
3882 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
3884 if(ldap_found_in_frame) {
3885 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
3886 col_append_str(pinfo->cinfo, COL_INFO, " | ");
3887 col_set_fence(pinfo->cinfo, COL_INFO);
3889 col_clear(pinfo->cinfo, COL_INFO);
3890 register_frame_end_routine (ldap_frame_end);
3891 ldap_found_in_frame = TRUE;
3894 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, FALSE);
3895 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
3898 * Might we be doing a SASL security layer and, if so, *are* we doing
3901 * Just because we've seen a bind reply for SASL, that doesn't mean
3902 * that we're using a SASL security layer; I've seen captures in
3903 * which some SASL negotiations lead to a security layer being used
3904 * and other negotiations don't, and it's not obvious what's different
3905 * in the two negotiations. Therefore, we assume that if the first
3906 * byte is 0, it's a length for a SASL security layer (that way, we
3907 * never reassemble more than 16 megabytes, protecting us from
3908 * chewing up *too* much memory), and otherwise that it's an LDAP
3909 * message (actually, if it's an LDAP message it should begin with 0x30,
3910 * but we want to parse garbage as LDAP messages rather than really
3914 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
3915 proto_item *sasl_item = NULL;
3916 proto_tree *sasl_tree = NULL;
3918 guint sasl_len, sasl_msg_len, length;
3920 * Yes. The frame begins with a 4-byte big-endian length.
3921 * And we know we have at least 6 bytes
3925 * Get the SASL length, which is the length of data in the buffer
3926 * following the length (i.e., it's 4 less than the total length).
3928 * XXX - do we need to reassemble buffers? For now, we
3929 * assume that each LDAP message is entirely contained within
3932 sasl_len = tvb_get_ntohl(tvb, offset);
3933 sasl_msg_len = sasl_len + 4;
3934 if (sasl_msg_len < 4) {
3936 * The message length was probably so large that the total length
3939 * Report this as an error.
3941 show_reported_bounds_error(tvb, pinfo, tree);
3946 * Construct a tvbuff containing the amount of the payload we have
3947 * available. Make its reported length the amount of data in the PDU.
3949 * XXX - if reassembly isn't enabled. the subdissector will throw a
3950 * BoundsError exception, rather than a ReportedBoundsError exception.
3951 * We really want a tvbuff where the length is "length", the reported
3952 * length is "plen", and the "if the snapshot length were infinite"
3953 * length is the minimum of the reported length of the tvbuff handed
3954 * to us and "plen", with a new type of exception thrown if the offset
3955 * is within the reported length but beyond that third length, with
3956 * that exception getting the "Unreassembled Packet" error.
3958 length = length_remaining;
3959 if (length > sasl_msg_len) length = sasl_msg_len;
3960 sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
3963 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
3966 sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL Buffer");
3967 sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
3970 if (ldap_info->auth_mech != NULL &&
3971 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
3972 /* auth_mech may have been set from the bind */
3973 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
3974 tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
3979 * This is GSS-API (using SPNEGO, but we should be done with
3980 * the negotiation by now).
3982 * Dissect the GSS_Wrap() token; it'll return the length of
3983 * the token, from which we compute the offset in the tvbuff at
3984 * which the plaintext data, i.e. the LDAP message, begins.
3986 length = tvb_length_remaining(sasl_tvb, 4);
3987 if ((guint)length > sasl_len)
3989 gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
3991 /* Attempt decryption of the GSSAPI wrapped data if possible */
3992 pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
3993 pinfo->gssapi_wrap_tvb=NULL;
3994 pinfo->gssapi_encrypted_tvb=NULL;
3995 pinfo->gssapi_decrypted_tvb=NULL;
3996 ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
3997 /* if we could unwrap, do a tvb shuffle */
3998 if(pinfo->gssapi_decrypted_tvb){
3999 decr_tvb=pinfo->gssapi_decrypted_tvb;
4002 pinfo->decrypt_gssapi_tvb=0;
4003 pinfo->gssapi_wrap_tvb=NULL;
4004 pinfo->gssapi_encrypted_tvb=NULL;
4005 pinfo->gssapi_decrypted_tvb=NULL;
4008 * if len is 0 it probably mean that we got a PDU that is not
4009 * aligned to the start of the segment.
4016 * if we don't have unwrapped data,
4017 * see if the wrapping involved encryption of the
4018 * data; if not, just use the plaintext data.
4021 if(!pinfo->gssapi_data_encrypted){
4022 plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
4027 proto_item *enc_item = NULL;
4028 proto_tree *enc_tree = NULL;
4031 * The LDAP message was encrypted in the packet, and has
4032 * been decrypted; dissect the decrypted LDAP message.
4034 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
4037 enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
4038 "GSS-API Encrypted payload (%d byte%s)",
4040 plurality(sasl_len - ver_len, "", "s"));
4041 enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
4043 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
4044 } else if (plain_tvb) {
4045 proto_item *plain_item = NULL;
4046 proto_tree *plain_tree = NULL;
4049 * The LDAP message wasn't encrypted in the packet;
4050 * dissect the plain LDAP message.
4052 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
4055 plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
4056 "GSS-API payload (%d byte%s)",
4058 plurality(sasl_len - ver_len, "", "s"));
4059 plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
4062 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
4065 * The LDAP message was encrypted in the packet, and was
4066 * not decrypted; just show it as encrypted data.
4068 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
4070 plurality(sasl_len - ver_len, "", "s"));
4073 proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
4074 "GSS-API Encrypted payload (%d byte%s)",
4076 plurality(sasl_len - ver_len, "", "s"));
4080 offset += sasl_msg_len;
4082 /* plain LDAP, so dissect the payload */
4083 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
4088 * prepend_dot is no longer used, but is being left in place in order to
4089 * maintain ABI compatibility.
4091 int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int max_len, gboolean prepend_dot _U_)
4096 /* The name data MUST start at offset 0 of the tvb */
4097 compr_len = expand_dns_name(tvb, offset, max_len, 0, &name);
4098 g_strlcpy(str, name, max_len);
4099 return offset + compr_len;
4103 /* These are the cldap DC flags
4104 http://msdn.microsoft.com/en-us/library/cc201036.aspx
4106 static const true_false_string tfs_ads_pdc = {
4110 static const true_false_string tfs_ads_gc = {
4111 "This is a GLOBAL CATALOGUE of forest",
4112 "This is NOT a global catalog of forest"
4114 static const true_false_string tfs_ads_ldap = {
4115 "This is an LDAP server",
4116 "This is NOT an ldap server"
4118 static const true_false_string tfs_ads_ds = {
4119 "This dc supports DS",
4120 "This dc does NOT support ds"
4122 static const true_false_string tfs_ads_kdc = {
4123 "This is a KDC (kerberos)",
4124 "This is NOT a kdc (kerberos)"
4126 static const true_false_string tfs_ads_timeserv = {
4127 "This dc is running TIME SERVICES (ntp)",
4128 "This dc is NOT running time services (ntp)"
4130 static const true_false_string tfs_ads_closest = {
4131 "This server is in the same site as the client",
4132 "This server is NOT in the same site as the client"
4134 static const true_false_string tfs_ads_writable = {
4135 "This dc is WRITABLE",
4136 "This dc is NOT writable"
4138 static const true_false_string tfs_ads_good_timeserv = {
4139 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
4140 "This dc does NOT have a good time service (i.e. no hardware clock)"
4142 static const true_false_string tfs_ads_ndnc = {
4143 "Domain is NON-DOMAIN NC serviced by ldap server",
4144 "Domain is NOT non-domain nc serviced by ldap server"
4146 static const true_false_string tfs_ads_rodc = {
4147 "Domain controller is a Windows 2008 RODC",
4148 "Domain controller is not a Windows 2008 RODC"
4150 static const true_false_string tfs_ads_wdc = {
4151 "Domain controller is a Windows 2008 writable NC",
4152 "Domain controller is not a Windows 2008 writable NC"
4154 static const true_false_string tfs_ads_dns = {
4155 "Server name is in DNS format (Windows 2008)",
4156 "Server name is not in DNS format (Windows 2008)"
4158 static const true_false_string tfs_ads_dnc = {
4159 "The NC is the default NC (Windows 2008)",
4160 "The NC is not the default NC (Windows 2008)"
4162 static const true_false_string tfs_ads_fnc = {
4163 "The NC is the default forest NC(Windows 2008)",
4164 "The NC is not the default forest NC (Windows 2008)"
4166 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
4170 proto_tree *tree=NULL;
4172 hf_mscldap_netlogon_flags_fnc,
4173 hf_mscldap_netlogon_flags_dnc,
4174 hf_mscldap_netlogon_flags_dns,
4175 hf_mscldap_netlogon_flags_wdc,
4176 hf_mscldap_netlogon_flags_rodc,
4177 hf_mscldap_netlogon_flags_ndnc,
4178 hf_mscldap_netlogon_flags_good_timeserv,
4179 hf_mscldap_netlogon_flags_writable,
4180 hf_mscldap_netlogon_flags_closest,
4181 hf_mscldap_netlogon_flags_timeserv,
4182 hf_mscldap_netlogon_flags_kdc,
4183 hf_mscldap_netlogon_flags_ds,
4184 hf_mscldap_netlogon_flags_ldap,
4185 hf_mscldap_netlogon_flags_gc,
4186 hf_mscldap_netlogon_flags_pdc,
4189 header_field_info *hfi;
4190 gboolean one_bit_set = FALSE;
4192 flags=tvb_get_letohl(tvb, offset);
4193 item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4195 tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags);
4198 proto_item_append_text(item, " (");
4200 for(field = fields; *field; field++) {
4201 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
4202 hfi = proto_registrar_get_nth(*field);
4204 if(flags & hfi->bitmask) {
4207 proto_item_append_text(item, ", ");
4211 proto_item_append_text(item, "%s", hfi->name);
4216 proto_item_append_text(item, ")");
4223 static void dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4225 int old_offset, offset=0;
4238 /* Get the length of the buffer */
4239 len=tvb_length_remaining(tvb,offset);
4241 /* check the len if it is to small return */
4242 if (len < 10) return;
4245 proto_tree_add_item(tree, hf_mscldap_netlogon_opcode, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4246 itype = tvb_get_letohs(tvb, offset);
4249 /* get the version number from the end of the buffer, as the
4250 length is variable and the version determines what fields
4251 need to be decoded */
4253 version = tvb_get_letohl(tvb,len-8);
4257 case LOGON_SAM_LOGON_RESPONSE:
4258 /* logon server name */
4259 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4260 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb,offset, fn_len, fn);
4264 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4265 proto_tree_add_string(tree, hf_mscldap_username, tvb,offset, fn_len, fn);
4269 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4270 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb,offset, fn_len, fn);
4273 /* include the extra version 5 fields */
4274 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){
4277 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
4280 /* domain guid part 2
4281 there is another 16 byte guid but this is alway zero, so we will skip it */
4286 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4287 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4291 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4292 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4296 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4297 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4300 proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, tvb_get_ntohl(tvb,offset));
4304 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4310 case LOGON_SAM_LOGON_RESPONSE_EX:
4311 /* MS-ADTS 7.3.1.9 */
4312 offset += 2; /* Skip over "Sbz" field (MUST be set to 0) */
4315 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4318 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
4323 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4324 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4328 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4329 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4333 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4334 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4336 /* NetBIOS Domain */
4338 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4339 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
4341 /* NetBIOS Hostname */
4343 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4344 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
4348 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4349 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
4353 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4354 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
4358 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4359 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
4361 /* include the extra fields for version 5 with IP s */
4362 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){
4363 /* The ip address is returned as a sockaddr_in structure
4365 * This section may need to be updated if the base Windows APIs
4366 * are changed to support ipv6, which currently is not the case.
4368 * The desector assumes the length is based on ipv4 and
4369 * ignores the length
4372 /* skip the length of the sockaddr_in */
4376 /* add IP address and desect the sockaddr_in structure */
4378 old_offset = offset + 4;
4379 item = proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, tvb_get_ipv4(tvb,old_offset));
4382 proto_tree *subtree;
4384 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails);
4386 /* get sockaddr family */
4387 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4390 /* get sockaddr port */
4391 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4394 /* get IP address */
4395 proto_tree_add_ipv4(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, tvb_get_ipv4(tvb,offset));
4398 /* skip the 8 bytes of zeros in the sockaddr structure */
4408 /* complete the decode with the version and token details */
4412 /* NETLOGON_NT_VERISON Options (MS-ADTS 7.3.1.1) */
4413 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
4416 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4420 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4427 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4429 /* sasl encapsulated ldap is 4 bytes plus the length in size */
4430 return tvb_get_ntohl(tvb, offset)+4;
4434 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4436 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4441 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4447 /* normal ldap is tag+len bytes plus the length
4448 * offset is where the tag is
4449 * offset+1 is where length starts
4451 data_offset=get_ber_length(tvb, offset+1, &len, &ind);
4452 return len+data_offset-offset;
4456 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4458 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4463 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4466 const char *oidname;
4468 /* tvb here contains an ascii string that is really an oid */
4469 /* XXX we should convert the string oid into a real oid so we can use
4470 * proto_tree_add_oid() instead.
4473 oid=tvb_get_ephemeral_string(tvb, 0, tvb_length(tvb));
4478 oidname=oid_resolved_from_string(oid);
4481 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s (%s)",oid,oidname);
4483 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s",oid);
4487 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
4488 static const true_false_string ldap_AccessMask_ADS_CREATE_CHILD_tfs = {
4489 "ADS CREATE CHILD is SET",
4490 "Ads create child is NOT set",
4493 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
4494 static const true_false_string ldap_AccessMask_ADS_DELETE_CHILD_tfs = {
4495 "ADS DELETE CHILD is SET",
4496 "Ads delete child is NOT set",
4498 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
4499 static const true_false_string ldap_AccessMask_ADS_LIST_tfs = {
4501 "Ads list is NOT set",
4503 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
4504 static const true_false_string ldap_AccessMask_ADS_SELF_WRITE_tfs = {
4505 "ADS SELF WRITE is SET",
4506 "Ads self write is NOT set",
4508 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
4509 static const true_false_string ldap_AccessMask_ADS_READ_PROP_tfs = {
4510 "ADS READ PROP is SET",
4511 "Ads read prop is NOT set",
4513 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
4514 static const true_false_string ldap_AccessMask_ADS_WRITE_PROP_tfs = {
4515 "ADS WRITE PROP is SET",
4516 "Ads write prop is NOT set",
4518 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
4519 static const true_false_string ldap_AccessMask_ADS_DELETE_TREE_tfs = {
4520 "ADS DELETE TREE is SET",
4521 "Ads delete tree is NOT set",
4523 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
4524 static const true_false_string ldap_AccessMask_ADS_LIST_OBJECT_tfs = {
4525 "ADS LIST OBJECT is SET",
4526 "Ads list object is NOT set",
4528 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
4529 static const true_false_string ldap_AccessMask_ADS_CONTROL_ACCESS_tfs = {
4530 "ADS CONTROL ACCESS is SET",
4531 "Ads control access is NOT set",
4535 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
4537 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CONTROL_ACCESS, tvb, offset, 4, access);
4539 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST_OBJECT, tvb, offset, 4, access);
4541 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_TREE, tvb, offset, 4, access);
4543 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_WRITE_PROP, tvb, offset, 4, access);
4545 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_READ_PROP, tvb, offset, 4, access);
4547 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_SELF_WRITE, tvb, offset, 4, access);
4549 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST, tvb, offset, 4, access);
4551 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_CHILD, tvb, offset, 4, access);
4553 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CREATE_CHILD, tvb, offset, 4, access);
4555 struct access_mask_info ldap_access_mask_info = {
4556 "LDAP", /* Name of specific rights */
4557 ldap_specific_rights, /* Dissection function */
4558 NULL, /* Generic mapping table */
4559 NULL /* Standard mapping table */
4563 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4565 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_length(tvb), &ldap_access_mask_info);
4569 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4573 /* this octet string contains an NT SID */
4574 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
4575 ldapvalue_string=tmpstr;
4579 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4581 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4584 /* This octet string contained a GUID */
4585 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
4587 ldapvalue_string=ep_alloc(1024);
4588 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
4589 uuid.Data1, uuid.Data2, uuid.Data3,
4590 uuid.Data4[0], uuid.Data4[1],
4591 uuid.Data4[2], uuid.Data4[3],
4592 uuid.Data4[4], uuid.Data4[5],
4593 uuid.Data4[6], uuid.Data4[7]);
4597 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4603 conversation_t *conversation;
4604 ldap_conv_info_t *ldap_info = NULL;
4607 * Do we have a conversation for this connection?
4609 conversation = find_conversation(pinfo->fd->num,
4610 &pinfo->src, &pinfo->dst,
4611 pinfo->ptype, pinfo->srcport,
4612 pinfo->destport, 0);
4614 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
4619 /* This is a bit tricky. We have to find out whether SASL is used
4620 * so that we know how big a header we are supposed to pass
4621 * to tcp_dissect_pdus()
4622 * We must also cope with the case when a client connects to LDAP
4623 * and performs a few unauthenticated searches of LDAP before
4624 * it performs the bind on the same tcp connection.
4626 /* check for a SASL header, i.e. assume it is SASL if
4627 * 1, first four bytes (SASL length) is an integer
4628 * with a value that must be <LDAP_SASL_MAX_BUF and >2
4629 * (>2 to fight false positives, 0x00000000 is a common
4630 * "random" tcp payload)
4631 * (SASL ldap PDUs might be >64k in size, which is why
4632 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
4634 * 2, we must have a conversation and the auth type must
4637 sasl_len=tvb_get_ntohl(tvb, 0);
4640 goto this_was_not_sasl;
4643 if( sasl_len>LDAP_SASL_MAX_BUF ){
4644 goto this_was_not_sasl;
4647 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
4648 goto this_was_not_sasl;
4651 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu);
4655 /* check if it is a normal BER encoded LDAP packet
4656 * i.e. first byte is 0x30 followed by a length that is
4658 * (no ldap PDUs are ever >64kb? )
4660 if(tvb_get_guint8(tvb, 0)!=0x30){
4661 goto this_was_not_normal_ldap;
4664 /* check that length makes sense */
4665 offset=get_ber_length(tvb, 1, &ldap_len, &ind);
4667 /* dont check ind since indefinite length is never used for ldap (famous last words)*/
4669 goto this_was_not_normal_ldap;
4673 * The minimun size of a LDAP pdu is 7 bytes
4675 * dumpasn1 -hh ldap-unbind-min.dat
4677 * <30 05 02 01 09 42 00>
4682 * 5 0: [APPLICATION 2]
4683 * : Error: Object has zero length.
4686 * dumpasn1 -hh ldap-unbind-windows.dat
4688 * <30 84 00 00 00 05 02 01 09 42 00>
4693 * 9 0: [APPLICATION 2]
4694 * : Error: Object has zero length.
4697 * 6 bytes would also be ok to get the full length of
4698 * the pdu, but as the smallest pdu can be 7 bytes
4701 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 7, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu);
4705 this_was_not_normal_ldap:
4707 /* perhaps it was SSL? */
4709 ldap_info->start_tls_frame &&
4710 ( pinfo->fd->num >= ldap_info->start_tls_frame)) {
4712 /* we have started TLS and so this may be an SSL layer */
4713 guint32 old_start_tls_frame;
4715 /* temporarily dissect this port as SSL */
4716 dissector_delete_uint("tcp.port", tcp_port, ldap_handle);
4717 ssl_dissector_add(tcp_port, "ldap", TRUE);
4719 old_start_tls_frame = ldap_info->start_tls_frame;
4720 ldap_info->start_tls_frame = 0; /* make sure we don't call SSL again */
4721 pinfo->can_desegment++; /* ignore this LDAP layer so SSL can use the TCP resegment */
4723 offset = call_dissector(ssl_handle, tvb, pinfo, tree);
4725 ldap_info->start_tls_frame = old_start_tls_frame;
4726 ssl_dissector_delete(tcp_port, "ldap", TRUE);
4728 /* restore ldap as the dissector for this port */
4729 dissector_add_uint("tcp.port", tcp_port, ldap_handle);
4739 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4741 dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
4749 ldap_conv_info_t *ldap_info;
4751 /* Free up state attached to the ldap_info structures */
4752 for (ldap_info = ldap_info_items; ldap_info != NULL; ) {
4753 ldap_conv_info_t *next;
4755 g_free(ldap_info->auth_mech);
4756 g_hash_table_destroy(ldap_info->matched);
4757 g_hash_table_destroy(ldap_info->unmatched);
4759 next = ldap_info->next;
4764 ldap_info_items = NULL;
4768 register_ldap_name_dissector_handle(const char *attr_type, dissector_handle_t dissector)
4770 dissector_add_string("ldap.name", attr_type, dissector);
4774 register_ldap_name_dissector(const char *attr_type, dissector_t dissector, int proto)
4776 dissector_handle_t dissector_handle;
4778 dissector_handle=create_dissector_handle(dissector, proto);
4779 register_ldap_name_dissector_handle(attr_type, dissector_handle);
4783 /*--- proto_register_ldap -------------------------------------------*/
4784 void proto_register_ldap(void) {
4786 /* List of fields */
4788 static hf_register_info hf[] = {
4790 { &hf_ldap_sasl_buffer_length,
4791 { "SASL Buffer Length", "ldap.sasl_buffer_length",
4792 FT_UINT32, BASE_DEC, NULL, 0x0,
4794 { &hf_ldap_response_in,
4795 { "Response In", "ldap.response_in",
4796 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4797 "The response to this LDAP request is in this frame", HFILL }},
4798 { &hf_ldap_response_to,
4799 { "Response To", "ldap.response_to",
4800 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4801 "This is a response to the LDAP request in this frame", HFILL }},
4803 { "Time", "ldap.time",
4804 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
4805 "The time between the Call and the Reply", HFILL }},
4807 { &hf_mscldap_netlogon_opcode,
4808 { "Operation code", "mscldap.netlogon.opcode",
4809 FT_UINT16, BASE_DEC, VALS(netlogon_opcode_vals), 0x0,
4810 "LDAP ping operation code", HFILL }},
4812 { &hf_mscldap_netlogon_ipaddress_family,
4813 { "Family", "mscldap.netlogon.ipaddress.family",
4814 FT_UINT16, BASE_DEC, NULL, 0x0,
4817 { &hf_mscldap_netlogon_ipaddress_ipv4,
4818 { "IPv4", "mscldap.netlogon.ipaddress.ipv4",
4819 FT_IPv4, BASE_NONE, NULL, 0x0,
4820 "IP Address", HFILL }},
4822 { &hf_mscldap_netlogon_ipaddress_port,
4823 { "Port", "mscldap.netlogon.ipaddress.port",
4824 FT_UINT16, BASE_DEC, NULL, 0x0,
4827 { &hf_mscldap_netlogon_ipaddress,
4828 { "IP Address","mscldap.netlogon.ipaddress",
4829 FT_IPv4, BASE_NONE, NULL, 0x0,
4830 "Domain Controller IP Address", HFILL }},
4832 { &hf_mscldap_netlogon_lm_token,
4833 { "LM Token", "mscldap.netlogon.lm_token",
4834 FT_UINT16, BASE_HEX, NULL, 0x0,
4835 "MUST be set to 0xFFFF", HFILL }},
4837 { &hf_mscldap_netlogon_nt_token,
4838 { "NT Token", "mscldap.netlogon.nt_token",
4839 FT_UINT16, BASE_HEX, NULL, 0x0,
4840 "MUST be set to 0xFFFF", HFILL }},
4842 { &hf_mscldap_netlogon_flags,
4843 { "Flags", "mscldap.netlogon.flags",
4844 FT_UINT32, BASE_HEX, NULL, 0x0,
4845 "Netlogon flags describing the DC properties", HFILL }},
4847 { &hf_mscldap_ntver_flags,
4848 { "Version Flags", "mscldap.ntver.flags",
4849 FT_UINT32, BASE_HEX, NULL, 0x0,
4850 "NETLOGON_NT_VERSION Options Bits", HFILL }},
4852 { &hf_mscldap_domain_guid,
4853 { "Domain GUID", "mscldap.domain.guid",
4854 FT_GUID, BASE_NONE, NULL, 0x0,
4855 "Value of the NC's GUID attribute", HFILL }},
4857 { &hf_mscldap_forest,
4858 { "Forest", "mscldap.forest",
4859 FT_STRING, BASE_NONE, NULL, 0x0,
4860 "DNS name of the forest", HFILL }},
4862 { &hf_mscldap_domain,
4863 { "Domain", "mscldap.domain",
4864 FT_STRING, BASE_NONE, NULL, 0x0,
4865 "DNS name of the NC", HFILL }},
4867 { &hf_mscldap_hostname,
4868 { "Hostname", "mscldap.hostname",
4869 FT_STRING, BASE_NONE, NULL, 0x0,
4870 "DNS name of server", HFILL }},
4872 { &hf_mscldap_nb_domain,
4873 { "NetBIOS Domain", "mscldap.nb_domain",
4874 FT_STRING, BASE_NONE, NULL, 0x0,
4875 "NetBIOS name of the NC", HFILL }},
4877 { &hf_mscldap_nb_hostname,
4878 { "NetBIOS Hostname", "mscldap.nb_hostname",
4879 FT_STRING, BASE_NONE, NULL, 0x0,
4880 "NetBIOS name of the server", HFILL }},
4882 { &hf_mscldap_username,
4883 { "Username", "mscldap.username",
4884 FT_STRING, BASE_NONE, NULL, 0x0,
4885 "User specified in client's request", HFILL }},
4887 { &hf_mscldap_sitename,
4888 { "Server Site", "mscldap.sitename",
4889 FT_STRING, BASE_NONE, NULL, 0x0,
4890 "Site name of the server", HFILL }},
4892 { &hf_mscldap_clientsitename,
4893 { "Client Site", "mscldap.clientsitename",
4894 FT_STRING, BASE_NONE, NULL, 0x0,
4895 "Site name of the client", HFILL }},
4898 { "Sid", "ldap.sid",
4899 FT_STRING, BASE_NONE, NULL, 0x0,
4902 { &hf_mscldap_ntver_flags_v1,
4903 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32,
4904 TFS(&tfs_ntver_v1), 0x00000001, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4906 { &hf_mscldap_ntver_flags_v5,
4907 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32,
4908 TFS(&tfs_ntver_v5), 0x00000002, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4910 { &hf_mscldap_ntver_flags_v5ex,
4911 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32,
4912 TFS(&tfs_ntver_v5ex), 0x00000004, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4914 { &hf_mscldap_ntver_flags_v5ep,
4915 { "V5EP", "mscldap.ntver.searchflags.v5ep", FT_BOOLEAN, 32,
4916 TFS(&tfs_ntver_v5ep), 0x00000008, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4918 { &hf_mscldap_ntver_flags_vcs,
4919 { "VCS", "mscldap.ntver.searchflags.vcs", FT_BOOLEAN, 32,
4920 TFS(&tfs_ntver_vcs), 0x00000010, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4922 { &hf_mscldap_ntver_flags_vnt4,
4923 { "VNT4", "mscldap.ntver.searchflags.vnt4", FT_BOOLEAN, 32,
4924 TFS(&tfs_ntver_vnt4), 0x01000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4926 { &hf_mscldap_ntver_flags_vpdc,
4927 { "VPDC", "mscldap.ntver.searchflags.vpdc", FT_BOOLEAN, 32,
4928 TFS(&tfs_ntver_vpdc), 0x10000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4930 { &hf_mscldap_ntver_flags_vip,
4931 { "VIP", "mscldap.ntver.searchflags.vip", FT_BOOLEAN, 32,
4932 TFS(&tfs_ntver_vip), 0x20000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4934 { &hf_mscldap_ntver_flags_vl,
4935 { "VL", "mscldap.ntver.searchflags.vl", FT_BOOLEAN, 32,
4936 TFS(&tfs_ntver_vl), 0x40000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4938 { &hf_mscldap_ntver_flags_vgc,
4939 { "VGC", "mscldap.ntver.searchflags.vgc", FT_BOOLEAN, 32,
4940 TFS(&tfs_ntver_vgc), 0x80000000, "See section 7.3.1.1 of MS-ADTS specification", HFILL }},
4943 { &hf_mscldap_netlogon_flags_pdc,
4944 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
4945 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
4947 { &hf_mscldap_netlogon_flags_gc,
4948 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
4949 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
4951 { &hf_mscldap_netlogon_flags_ldap,
4952 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
4953 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
4955 { &hf_mscldap_netlogon_flags_ds,
4956 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
4957 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
4959 { &hf_mscldap_netlogon_flags_kdc,
4960 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
4961 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
4963 { &hf_mscldap_netlogon_flags_timeserv,
4964 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
4965 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
4967 { &hf_mscldap_netlogon_flags_closest,
4968 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
4969 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }},
4971 { &hf_mscldap_netlogon_flags_writable,
4972 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
4973 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }},
4975 { &hf_mscldap_netlogon_flags_good_timeserv,
4976 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
4977 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
4979 { &hf_mscldap_netlogon_flags_ndnc,
4980 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
4981 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
4983 { &hf_mscldap_netlogon_flags_rodc,
4984 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32,
4985 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
4987 { &hf_mscldap_netlogon_flags_wdc,
4988 { "WDC", "mscldap.netlogon.flags.writabledc.", FT_BOOLEAN, 32,
4989 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
4991 { &hf_mscldap_netlogon_flags_dns,
4992 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32,
4993 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }},
4995 { &hf_mscldap_netlogon_flags_dnc,
4996 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32,
4997 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }},
4999 { &hf_mscldap_netlogon_flags_fnc,
5000 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32,
5001 TFS(&tfs_ads_fnc), 0x80000000, "Is the the NC the default forest root(Windows 2008)?", HFILL }},
5004 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
5005 NULL, 0, NULL, HFILL }},
5007 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
5008 { "Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CREATE_CHILD_tfs), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }},
5010 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
5011 { "Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_CHILD_tfs), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }},
5013 { &hf_ldap_AccessMask_ADS_LIST,
5014 { "List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_tfs), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }},
5016 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
5017 { "Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_SELF_WRITE_tfs), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }},
5019 { &hf_ldap_AccessMask_ADS_READ_PROP,
5020 { "Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_READ_PROP_tfs), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }},
5022 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
5023 { "Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_WRITE_PROP_tfs), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }},
5025 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
5026 { "Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_TREE_tfs), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }},
5028 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
5029 { "List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_OBJECT_tfs), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }},
5031 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
5032 { "Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CONTROL_ACCESS_tfs), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }},
5035 /*--- Included file: packet-ldap-hfarr.c ---*/
5036 #line 1 "../../asn1/ldap/packet-ldap-hfarr.c"
5037 { &hf_ldap_LDAPMessage_PDU,
5038 { "LDAPMessage", "ldap.LDAPMessage",
5039 FT_NONE, BASE_NONE, NULL, 0,
5041 { &hf_ldap_SearchControlValue_PDU,
5042 { "SearchControlValue", "ldap.SearchControlValue",
5043 FT_NONE, BASE_NONE, NULL, 0,
5045 { &hf_ldap_SortKeyList_PDU,
5046 { "SortKeyList", "ldap.SortKeyList",
5047 FT_UINT32, BASE_DEC, NULL, 0,
5049 { &hf_ldap_SortResult_PDU,
5050 { "SortResult", "ldap.SortResult",
5051 FT_NONE, BASE_NONE, NULL, 0,
5053 { &hf_ldap_DirSyncControlValue_PDU,
5054 { "DirSyncControlValue", "ldap.DirSyncControlValue",
5055 FT_NONE, BASE_NONE, NULL, 0,
5057 { &hf_ldap_PasswdModifyRequestValue_PDU,
5058 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue",
5059 FT_NONE, BASE_NONE, NULL, 0,
5061 { &hf_ldap_CancelRequestValue_PDU,
5062 { "CancelRequestValue", "ldap.CancelRequestValue",
5063 FT_NONE, BASE_NONE, NULL, 0,
5065 { &hf_ldap_SyncRequestValue_PDU,
5066 { "SyncRequestValue", "ldap.SyncRequestValue",
5067 FT_NONE, BASE_NONE, NULL, 0,
5069 { &hf_ldap_SyncStateValue_PDU,
5070 { "SyncStateValue", "ldap.SyncStateValue",
5071 FT_NONE, BASE_NONE, NULL, 0,
5073 { &hf_ldap_SyncDoneValue_PDU,
5074 { "SyncDoneValue", "ldap.SyncDoneValue",
5075 FT_NONE, BASE_NONE, NULL, 0,
5077 { &hf_ldap_SyncInfoValue_PDU,
5078 { "SyncInfoValue", "ldap.SyncInfoValue",
5079 FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0,
5081 { &hf_ldap_PasswordPolicyResponseValue_PDU,
5082 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue",
5083 FT_NONE, BASE_NONE, NULL, 0,
5085 { &hf_ldap_messageID,
5086 { "messageID", "ldap.messageID",
5087 FT_UINT32, BASE_DEC, NULL, 0,
5089 { &hf_ldap_protocolOp,
5090 { "protocolOp", "ldap.protocolOp",
5091 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
5093 { &hf_ldap_controls,
5094 { "controls", "ldap.controls",
5095 FT_UINT32, BASE_DEC, NULL, 0,
5097 { &hf_ldap_bindRequest,
5098 { "bindRequest", "ldap.bindRequest",
5099 FT_NONE, BASE_NONE, NULL, 0,
5101 { &hf_ldap_bindResponse,
5102 { "bindResponse", "ldap.bindResponse",
5103 FT_NONE, BASE_NONE, NULL, 0,
5105 { &hf_ldap_unbindRequest,
5106 { "unbindRequest", "ldap.unbindRequest",
5107 FT_NONE, BASE_NONE, NULL, 0,
5109 { &hf_ldap_searchRequest,
5110 { "searchRequest", "ldap.searchRequest",
5111 FT_NONE, BASE_NONE, NULL, 0,
5113 { &hf_ldap_searchResEntry,
5114 { "searchResEntry", "ldap.searchResEntry",
5115 FT_NONE, BASE_NONE, NULL, 0,
5116 "SearchResultEntry", HFILL }},
5117 { &hf_ldap_searchResDone,
5118 { "searchResDone", "ldap.searchResDone",
5119 FT_NONE, BASE_NONE, NULL, 0,
5120 "SearchResultDone", HFILL }},
5121 { &hf_ldap_searchResRef,
5122 { "searchResRef", "ldap.searchResRef",
5123 FT_UINT32, BASE_DEC, NULL, 0,
5124 "SearchResultReference", HFILL }},
5125 { &hf_ldap_modifyRequest,
5126 { "modifyRequest", "ldap.modifyRequest",
5127 FT_NONE, BASE_NONE, NULL, 0,
5129 { &hf_ldap_modifyResponse,
5130 { "modifyResponse", "ldap.modifyResponse",
5131 FT_NONE, BASE_NONE, NULL, 0,
5133 { &hf_ldap_addRequest,
5134 { "addRequest", "ldap.addRequest",
5135 FT_NONE, BASE_NONE, NULL, 0,
5137 { &hf_ldap_addResponse,
5138 { "addResponse", "ldap.addResponse",
5139 FT_NONE, BASE_NONE, NULL, 0,
5141 { &hf_ldap_delRequest,
5142 { "delRequest", "ldap.delRequest",
5143 FT_STRING, BASE_NONE, NULL, 0,
5145 { &hf_ldap_delResponse,
5146 { "delResponse", "ldap.delResponse",
5147 FT_NONE, BASE_NONE, NULL, 0,
5149 { &hf_ldap_modDNRequest,
5150 { "modDNRequest", "ldap.modDNRequest",
5151 FT_NONE, BASE_NONE, NULL, 0,
5152 "ModifyDNRequest", HFILL }},
5153 { &hf_ldap_modDNResponse,
5154 { "modDNResponse", "ldap.modDNResponse",
5155 FT_NONE, BASE_NONE, NULL, 0,
5156 "ModifyDNResponse", HFILL }},
5157 { &hf_ldap_compareRequest,
5158 { "compareRequest", "ldap.compareRequest",
5159 FT_NONE, BASE_NONE, NULL, 0,
5161 { &hf_ldap_compareResponse,
5162 { "compareResponse", "ldap.compareResponse",
5163 FT_NONE, BASE_NONE, NULL, 0,
5165 { &hf_ldap_abandonRequest,
5166 { "abandonRequest", "ldap.abandonRequest",
5167 FT_UINT32, BASE_DEC, NULL, 0,
5169 { &hf_ldap_extendedReq,
5170 { "extendedReq", "ldap.extendedReq",
5171 FT_NONE, BASE_NONE, NULL, 0,
5172 "ExtendedRequest", HFILL }},
5173 { &hf_ldap_extendedResp,
5174 { "extendedResp", "ldap.extendedResp",
5175 FT_NONE, BASE_NONE, NULL, 0,
5176 "ExtendedResponse", HFILL }},
5177 { &hf_ldap_intermediateResponse,
5178 { "intermediateResponse", "ldap.intermediateResponse",
5179 FT_NONE, BASE_NONE, NULL, 0,
5181 { &hf_ldap_AttributeDescriptionList_item,
5182 { "AttributeDescription", "ldap.AttributeDescription",
5183 FT_STRING, BASE_NONE, NULL, 0,
5185 { &hf_ldap_attributeDesc,
5186 { "attributeDesc", "ldap.attributeDesc",
5187 FT_STRING, BASE_NONE, NULL, 0,
5188 "AttributeDescription", HFILL }},
5189 { &hf_ldap_assertionValue,
5190 { "assertionValue", "ldap.assertionValue",
5191 FT_STRING, BASE_NONE, NULL, 0,
5194 { "type", "ldap.type",
5195 FT_STRING, BASE_NONE, NULL, 0,
5196 "AttributeDescription", HFILL }},
5198 { "vals", "ldap.vals",
5199 FT_UINT32, BASE_DEC, NULL, 0,
5200 "SET_OF_AttributeValue", HFILL }},
5201 { &hf_ldap_vals_item,
5202 { "AttributeValue", "ldap.AttributeValue",
5203 FT_BYTES, BASE_NONE, NULL, 0,
5205 { &hf_ldap_resultCode,
5206 { "resultCode", "ldap.resultCode",
5207 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
5209 { &hf_ldap_matchedDN,
5210 { "matchedDN", "ldap.matchedDN",
5211 FT_STRING, BASE_NONE, NULL, 0,
5213 { &hf_ldap_errorMessage,
5214 { "errorMessage", "ldap.errorMessage",
5215 FT_STRING, BASE_NONE, NULL, 0,
5217 { &hf_ldap_referral,
5218 { "referral", "ldap.referral",
5219 FT_UINT32, BASE_DEC, NULL, 0,
5221 { &hf_ldap_Referral_item,
5222 { "LDAPURL", "ldap.LDAPURL",
5223 FT_STRING, BASE_NONE, NULL, 0,
5225 { &hf_ldap_Controls_item,
5226 { "Control", "ldap.Control",
5227 FT_NONE, BASE_NONE, NULL, 0,
5229 { &hf_ldap_controlType,
5230 { "controlType", "ldap.controlType",
5231 FT_STRING, BASE_NONE, NULL, 0,
5233 { &hf_ldap_criticality,
5234 { "criticality", "ldap.criticality",
5235 FT_BOOLEAN, BASE_NONE, NULL, 0,
5236 "BOOLEAN", HFILL }},
5237 { &hf_ldap_controlValue,
5238 { "controlValue", "ldap.controlValue",
5239 FT_BYTES, BASE_NONE, NULL, 0,
5242 { "version", "ldap.version",
5243 FT_UINT32, BASE_DEC, NULL, 0,
5244 "INTEGER_1_127", HFILL }},
5246 { "name", "ldap.name",
5247 FT_STRING, BASE_NONE, NULL, 0,
5249 { &hf_ldap_authentication,
5250 { "authentication", "ldap.authentication",
5251 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
5252 "AuthenticationChoice", HFILL }},
5254 { "simple", "ldap.simple",
5255 FT_BYTES, BASE_NONE, NULL, 0,
5258 { "sasl", "ldap.sasl",
5259 FT_NONE, BASE_NONE, NULL, 0,
5260 "SaslCredentials", HFILL }},
5261 { &hf_ldap_ntlmsspNegotiate,
5262 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
5263 FT_BYTES, BASE_NONE, NULL, 0,
5265 { &hf_ldap_ntlmsspAuth,
5266 { "ntlmsspAuth", "ldap.ntlmsspAuth",
5267 FT_BYTES, BASE_NONE, NULL, 0,
5269 { &hf_ldap_mechanism,
5270 { "mechanism", "ldap.mechanism",
5271 FT_STRING, BASE_NONE, NULL, 0,
5273 { &hf_ldap_credentials,
5274 { "credentials", "ldap.credentials",
5275 FT_BYTES, BASE_NONE, NULL, 0,
5277 { &hf_ldap_bindResponse_resultCode,
5278 { "resultCode", "ldap.resultCode",
5279 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
5280 "BindResponse_resultCode", HFILL }},
5281 { &hf_ldap_bindResponse_matchedDN,
5282 { "matchedDN", "ldap.matchedDN",
5283 FT_STRING, BASE_NONE, NULL, 0,
5284 "T_bindResponse_matchedDN", HFILL }},
5285 { &hf_ldap_serverSaslCreds,
5286 { "serverSaslCreds", "ldap.serverSaslCreds",
5287 FT_BYTES, BASE_NONE, NULL, 0,
5289 { &hf_ldap_baseObject,
5290 { "baseObject", "ldap.baseObject",
5291 FT_STRING, BASE_NONE, NULL, 0,
5294 { "scope", "ldap.scope",
5295 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
5297 { &hf_ldap_derefAliases,
5298 { "derefAliases", "ldap.derefAliases",
5299 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
5301 { &hf_ldap_sizeLimit,
5302 { "sizeLimit", "ldap.sizeLimit",
5303 FT_UINT32, BASE_DEC, NULL, 0,
5304 "INTEGER_0_maxInt", HFILL }},
5305 { &hf_ldap_timeLimit,
5306 { "timeLimit", "ldap.timeLimit",
5307 FT_UINT32, BASE_DEC, NULL, 0,
5308 "INTEGER_0_maxInt", HFILL }},
5309 { &hf_ldap_typesOnly,
5310 { "typesOnly", "ldap.typesOnly",
5311 FT_BOOLEAN, BASE_NONE, NULL, 0,
5312 "BOOLEAN", HFILL }},
5314 { "filter", "ldap.filter",
5315 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5317 { &hf_ldap_searchRequest_attributes,
5318 { "attributes", "ldap.attributes",
5319 FT_UINT32, BASE_DEC, NULL, 0,
5320 "AttributeDescriptionList", HFILL }},
5322 { "and", "ldap.and",
5323 FT_UINT32, BASE_DEC, NULL, 0,
5325 { &hf_ldap_and_item,
5326 { "and item", "ldap.and_item",
5327 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5331 FT_UINT32, BASE_DEC, NULL, 0,
5334 { "or item", "ldap.or_item",
5335 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5338 { "not", "ldap.not",
5339 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5341 { &hf_ldap_equalityMatch,
5342 { "equalityMatch", "ldap.equalityMatch",
5343 FT_NONE, BASE_NONE, NULL, 0,
5345 { &hf_ldap_substrings,
5346 { "substrings", "ldap.substrings",
5347 FT_NONE, BASE_NONE, NULL, 0,
5348 "SubstringFilter", HFILL }},
5349 { &hf_ldap_greaterOrEqual,
5350 { "greaterOrEqual", "ldap.greaterOrEqual",
5351 FT_NONE, BASE_NONE, NULL, 0,
5353 { &hf_ldap_lessOrEqual,
5354 { "lessOrEqual", "ldap.lessOrEqual",
5355 FT_NONE, BASE_NONE, NULL, 0,
5358 { "present", "ldap.present",
5359 FT_STRING, BASE_NONE, NULL, 0,
5361 { &hf_ldap_approxMatch,
5362 { "approxMatch", "ldap.approxMatch",
5363 FT_NONE, BASE_NONE, NULL, 0,
5365 { &hf_ldap_extensibleMatch,
5366 { "extensibleMatch", "ldap.extensibleMatch",
5367 FT_NONE, BASE_NONE, NULL, 0,
5369 { &hf_ldap_substringFilter_substrings,
5370 { "substrings", "ldap.substrings",
5371 FT_UINT32, BASE_DEC, NULL, 0,
5372 "T_substringFilter_substrings", HFILL }},
5373 { &hf_ldap_substringFilter_substrings_item,
5374 { "substrings item", "ldap.substrings_item",
5375 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
5376 "T_substringFilter_substrings_item", HFILL }},
5378 { "initial", "ldap.initial",
5379 FT_STRING, BASE_NONE, NULL, 0,
5380 "LDAPString", HFILL }},
5382 { "any", "ldap.any",
5383 FT_STRING, BASE_NONE, NULL, 0,
5384 "LDAPString", HFILL }},
5386 { "final", "ldap.final",
5387 FT_STRING, BASE_NONE, NULL, 0,
5388 "LDAPString", HFILL }},
5389 { &hf_ldap_matchingRule,
5390 { "matchingRule", "ldap.matchingRule",
5391 FT_STRING, BASE_NONE, NULL, 0,
5392 "MatchingRuleId", HFILL }},
5393 { &hf_ldap_matchValue,
5394 { "matchValue", "ldap.matchValue",
5395 FT_STRING, BASE_NONE, NULL, 0,
5396 "AssertionValue", HFILL }},
5397 { &hf_ldap_dnAttributes,
5398 { "dnAttributes", "ldap.dnAttributes",
5399 FT_BOOLEAN, BASE_NONE, NULL, 0,
5401 { &hf_ldap_objectName,
5402 { "objectName", "ldap.objectName",
5403 FT_STRING, BASE_NONE, NULL, 0,
5405 { &hf_ldap_searchResultEntry_attributes,
5406 { "attributes", "ldap.attributes",
5407 FT_UINT32, BASE_DEC, NULL, 0,
5408 "PartialAttributeList", HFILL }},
5409 { &hf_ldap_PartialAttributeList_item,
5410 { "PartialAttributeList item", "ldap.PartialAttributeList_item",
5411 FT_NONE, BASE_NONE, NULL, 0,
5413 { &hf_ldap__untag_item,
5414 { "LDAPURL", "ldap.LDAPURL",
5415 FT_STRING, BASE_NONE, NULL, 0,
5418 { "object", "ldap.object",
5419 FT_STRING, BASE_NONE, NULL, 0,
5421 { &hf_ldap_modifyRequest_modification,
5422 { "modification", "ldap.modification",
5423 FT_UINT32, BASE_DEC, NULL, 0,
5424 "ModifyRequest_modification", HFILL }},
5425 { &hf_ldap_modifyRequest_modification_item,
5426 { "modification item", "ldap.modification_item",
5427 FT_NONE, BASE_NONE, NULL, 0,
5428 "T_modifyRequest_modification_item", HFILL }},
5429 { &hf_ldap_operation,
5430 { "operation", "ldap.operation",
5431 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
5433 { &hf_ldap_modification,
5434 { "modification", "ldap.modification",
5435 FT_NONE, BASE_NONE, NULL, 0,
5436 "AttributeTypeAndValues", HFILL }},
5438 { "entry", "ldap.entry",
5439 FT_STRING, BASE_NONE, NULL, 0,
5441 { &hf_ldap_attributes,
5442 { "attributes", "ldap.attributes",
5443 FT_UINT32, BASE_DEC, NULL, 0,
5444 "AttributeList", HFILL }},
5445 { &hf_ldap_AttributeList_item,
5446 { "AttributeList item", "ldap.AttributeList_item",
5447 FT_NONE, BASE_NONE, NULL, 0,
5450 { "newrdn", "ldap.newrdn",
5451 FT_STRING, BASE_NONE, NULL, 0,
5452 "RelativeLDAPDN", HFILL }},
5453 { &hf_ldap_deleteoldrdn,
5454 { "deleteoldrdn", "ldap.deleteoldrdn",
5455 FT_BOOLEAN, BASE_NONE, NULL, 0,
5456 "BOOLEAN", HFILL }},
5457 { &hf_ldap_newSuperior,
5458 { "newSuperior", "ldap.newSuperior",
5459 FT_STRING, BASE_NONE, NULL, 0,
5462 { "ava", "ldap.ava",
5463 FT_NONE, BASE_NONE, NULL, 0,
5464 "AttributeValueAssertion", HFILL }},
5465 { &hf_ldap_requestName,
5466 { "requestName", "ldap.requestName",
5467 FT_STRING, BASE_NONE, NULL, 0,
5468 "LDAPOID", HFILL }},
5469 { &hf_ldap_requestValue,
5470 { "requestValue", "ldap.requestValue",
5471 FT_BYTES, BASE_NONE, NULL, 0,
5473 { &hf_ldap_extendedResponse_resultCode,
5474 { "resultCode", "ldap.resultCode",
5475 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
5476 "ExtendedResponse_resultCode", HFILL }},
5477 { &hf_ldap_responseName,
5478 { "responseName", "ldap.responseName",
5479 FT_STRING, BASE_NONE, NULL, 0,
5481 { &hf_ldap_response,
5482 { "response", "ldap.response",
5483 FT_BYTES, BASE_NONE, NULL, 0,
5484 "OCTET_STRING", HFILL }},
5485 { &hf_ldap_intermediateResponse_responseValue,
5486 { "responseValue", "ldap.responseValue",
5487 FT_BYTES, BASE_NONE, NULL, 0,
5488 "T_intermediateResponse_responseValue", HFILL }},
5490 { "size", "ldap.size",
5491 FT_INT32, BASE_DEC, NULL, 0,
5492 "INTEGER", HFILL }},
5494 { "cookie", "ldap.cookie",
5495 FT_BYTES, BASE_NONE, NULL, 0,
5496 "OCTET_STRING", HFILL }},
5497 { &hf_ldap_SortKeyList_item,
5498 { "SortKeyList item", "ldap.SortKeyList_item",
5499 FT_NONE, BASE_NONE, NULL, 0,
5501 { &hf_ldap_attributeType,
5502 { "attributeType", "ldap.attributeType",
5503 FT_STRING, BASE_NONE, NULL, 0,
5504 "AttributeDescription", HFILL }},
5505 { &hf_ldap_orderingRule,
5506 { "orderingRule", "ldap.orderingRule",
5507 FT_STRING, BASE_NONE, NULL, 0,
5508 "MatchingRuleId", HFILL }},
5509 { &hf_ldap_reverseOrder,
5510 { "reverseOrder", "ldap.reverseOrder",
5511 FT_BOOLEAN, BASE_NONE, NULL, 0,
5512 "BOOLEAN", HFILL }},
5513 { &hf_ldap_sortResult,
5514 { "sortResult", "ldap.sortResult",
5515 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
5518 { "value", "ldap.value",
5519 FT_INT32, BASE_DEC, NULL, 0,
5520 "INTEGER", HFILL }},
5522 { "flags", "ldap.flags",
5523 FT_INT32, BASE_DEC, NULL, 0,
5524 "DirSyncFlags", HFILL }},
5525 { &hf_ldap_maxBytes,
5526 { "maxBytes", "ldap.maxBytes",
5527 FT_INT32, BASE_DEC, NULL, 0,
5528 "INTEGER", HFILL }},
5529 { &hf_ldap_userIdentity,
5530 { "userIdentity", "ldap.userIdentity",
5531 FT_BYTES, BASE_NONE, NULL, 0,
5532 "OCTET_STRING", HFILL }},
5533 { &hf_ldap_oldPasswd,
5534 { "oldPasswd", "ldap.oldPasswd",
5535 FT_BYTES, BASE_NONE, NULL, 0,
5536 "OCTET_STRING", HFILL }},
5537 { &hf_ldap_newPasswd,
5538 { "newPasswd", "ldap.newPasswd",
5539 FT_BYTES, BASE_NONE, NULL, 0,
5540 "OCTET_STRING", HFILL }},
5541 { &hf_ldap_genPasswd,
5542 { "genPasswd", "ldap.genPasswd",
5543 FT_BYTES, BASE_NONE, NULL, 0,
5544 "OCTET_STRING", HFILL }},
5545 { &hf_ldap_cancelID,
5546 { "cancelID", "ldap.cancelID",
5547 FT_UINT32, BASE_DEC, NULL, 0,
5548 "MessageID", HFILL }},
5550 { "mode", "ldap.mode",
5551 FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0,
5553 { &hf_ldap_reloadHint,
5554 { "reloadHint", "ldap.reloadHint",
5555 FT_BOOLEAN, BASE_NONE, NULL, 0,
5556 "BOOLEAN", HFILL }},
5558 { "state", "ldap.state",
5559 FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0,
5561 { &hf_ldap_entryUUID,
5562 { "entryUUID", "ldap.entryUUID",
5563 FT_BYTES, BASE_NONE, NULL, 0,
5564 "SyncUUID", HFILL }},
5565 { &hf_ldap_refreshDeletes,
5566 { "refreshDeletes", "ldap.refreshDeletes",
5567 FT_BOOLEAN, BASE_NONE, NULL, 0,
5568 "BOOLEAN", HFILL }},
5569 { &hf_ldap_newcookie,
5570 { "newcookie", "ldap.newcookie",
5571 FT_BYTES, BASE_NONE, NULL, 0,
5572 "OCTET_STRING", HFILL }},
5573 { &hf_ldap_refreshDelete,
5574 { "refreshDelete", "ldap.refreshDelete",
5575 FT_NONE, BASE_NONE, NULL, 0,
5577 { &hf_ldap_refreshDone,
5578 { "refreshDone", "ldap.refreshDone",
5579 FT_BOOLEAN, BASE_NONE, NULL, 0,
5580 "BOOLEAN", HFILL }},
5581 { &hf_ldap_refreshPresent,
5582 { "refreshPresent", "ldap.refreshPresent",
5583 FT_NONE, BASE_NONE, NULL, 0,
5585 { &hf_ldap_syncIdSet,
5586 { "syncIdSet", "ldap.syncIdSet",
5587 FT_NONE, BASE_NONE, NULL, 0,
5589 { &hf_ldap_syncUUIDs,
5590 { "syncUUIDs", "ldap.syncUUIDs",
5591 FT_UINT32, BASE_DEC, NULL, 0,
5592 "SET_OF_SyncUUID", HFILL }},
5593 { &hf_ldap_syncUUIDs_item,
5594 { "SyncUUID", "ldap.SyncUUID",
5595 FT_BYTES, BASE_NONE, NULL, 0,
5598 { "warning", "ldap.warning",
5599 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0,
5601 { &hf_ldap_timeBeforeExpiration,
5602 { "timeBeforeExpiration", "ldap.timeBeforeExpiration",
5603 FT_UINT32, BASE_DEC, NULL, 0,
5604 "INTEGER_0_maxInt", HFILL }},
5605 { &hf_ldap_graceAuthNsRemaining,
5606 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining",
5607 FT_UINT32, BASE_DEC, NULL, 0,
5608 "INTEGER_0_maxInt", HFILL }},
5610 { "error", "ldap.error",
5611 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0,
5614 /*--- End of included file: packet-ldap-hfarr.c ---*/
5615 #line 2071 "../../asn1/ldap/packet-ldap-template.c"
5618 /* List of subtrees */
5619 static gint *ett[] = {
5622 &ett_ldap_sasl_blob,
5624 &ett_mscldap_netlogon_flags,
5625 &ett_mscldap_ntver_flags,
5626 &ett_mscldap_ipdetails,
5629 /*--- Included file: packet-ldap-ettarr.c ---*/
5630 #line 1 "../../asn1/ldap/packet-ldap-ettarr.c"
5631 &ett_ldap_LDAPMessage,
5632 &ett_ldap_ProtocolOp,
5633 &ett_ldap_AttributeDescriptionList,
5634 &ett_ldap_AttributeValueAssertion,
5635 &ett_ldap_Attribute,
5636 &ett_ldap_SET_OF_AttributeValue,
5637 &ett_ldap_LDAPResult,
5641 &ett_ldap_BindRequest_U,
5642 &ett_ldap_AuthenticationChoice,
5643 &ett_ldap_SaslCredentials,
5644 &ett_ldap_BindResponse_U,
5645 &ett_ldap_SearchRequest_U,
5649 &ett_ldap_SubstringFilter,
5650 &ett_ldap_T_substringFilter_substrings,
5651 &ett_ldap_T_substringFilter_substrings_item,
5652 &ett_ldap_MatchingRuleAssertion,
5653 &ett_ldap_SearchResultEntry_U,
5654 &ett_ldap_PartialAttributeList,
5655 &ett_ldap_PartialAttributeList_item,
5656 &ett_ldap_SEQUENCE_OF_LDAPURL,
5657 &ett_ldap_ModifyRequest_U,
5658 &ett_ldap_ModifyRequest_modification,
5659 &ett_ldap_T_modifyRequest_modification_item,
5660 &ett_ldap_AttributeTypeAndValues,
5661 &ett_ldap_AddRequest_U,
5662 &ett_ldap_AttributeList,
5663 &ett_ldap_AttributeList_item,
5664 &ett_ldap_ModifyDNRequest_U,
5665 &ett_ldap_CompareRequest_U,
5666 &ett_ldap_ExtendedRequest_U,
5667 &ett_ldap_ExtendedResponse_U,
5668 &ett_ldap_IntermediateResponse_U,
5669 &ett_ldap_SearchControlValue,
5670 &ett_ldap_SortKeyList,
5671 &ett_ldap_SortKeyList_item,
5672 &ett_ldap_SortResult,
5673 &ett_ldap_DirSyncFlagsSubEntry,
5674 &ett_ldap_DirSyncControlValue,
5675 &ett_ldap_PasswdModifyRequestValue,
5676 &ett_ldap_PasswdModifyResponseValue,
5677 &ett_ldap_CancelRequestValue,
5678 &ett_ldap_SyncRequestValue,
5679 &ett_ldap_SyncStateValue,
5680 &ett_ldap_SyncDoneValue,
5681 &ett_ldap_SyncInfoValue,
5682 &ett_ldap_T_refreshDelete,
5683 &ett_ldap_T_refreshPresent,
5684 &ett_ldap_T_syncIdSet,
5685 &ett_ldap_SET_OF_SyncUUID,
5686 &ett_ldap_PasswordPolicyResponseValue,
5687 &ett_ldap_T_warning,
5689 /*--- End of included file: packet-ldap-ettarr.c ---*/
5690 #line 2084 "../../asn1/ldap/packet-ldap-template.c"
5693 module_t *ldap_module;
5695 /* Register protocol */
5696 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
5697 /* Register fields and subtrees */
5698 proto_register_field_array(proto_ldap, hf, array_length(hf));
5699 proto_register_subtree_array(ett, array_length(ett));
5702 register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
5704 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
5705 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
5706 "Reassemble LDAP messages spanning multiple TCP segments",
5707 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
5708 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5711 prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
5712 "Set the port for LDAP operations",
5713 10, &global_ldap_tcp_port);
5715 prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port",
5716 "Set the port for LDAP operations over SSL",
5717 10, &global_ldaps_tcp_port);
5719 prefs_register_obsolete_preference(ldap_module, "max_pdu");
5721 proto_cldap = proto_register_protocol(
5722 "Connectionless Lightweight Directory Access Protocol",
5725 register_init_routine(ldap_reinit);
5726 ldap_tap=register_tap("ldap");
5728 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", FT_STRING, BASE_NONE);
5733 /*--- proto_reg_handoff_ldap ---------------------------------------*/
5735 proto_reg_handoff_ldap(void)
5737 dissector_handle_t cldap_handle;
5738 ldap_handle = find_dissector("ldap");
5740 dissector_add_uint("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
5742 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
5743 dissector_add_uint("udp.port", UDP_PORT_CLDAP, cldap_handle);
5745 gssapi_handle = find_dissector("gssapi");
5746 gssapi_wrap_handle = find_dissector("gssapi_verf");
5747 spnego_handle = find_dissector("spnego");
5749 ntlmssp_handle = find_dissector("ntlmssp");
5751 ssl_handle = find_dissector("ssl");
5753 prefs_register_ldap();
5755 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
5756 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
5757 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
5758 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
5759 oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
5760 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
5761 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
5762 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
5763 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
5764 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
5765 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
5766 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
5767 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
5768 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
5769 oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
5770 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
5771 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
5772 oid_add_from_string("None","1.2.840.113556.1.4.970");
5773 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
5774 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
5775 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
5776 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
5777 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
5778 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
5779 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
5780 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
5781 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
5782 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
5783 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
5784 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
5785 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
5786 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
5787 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
5788 oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
5789 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
5790 oid_add_from_string("LDAP_CONTROL_VLVREQUEST VLV","2.16.840.1.113730.3.4.9");
5791 oid_add_from_string("LDAP_CONTROL_VLVRESPONSE VLV","2.16.840.1.113730.3.4.10");
5792 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852");
5793 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802");
5794 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907");
5795 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948");
5797 register_ldap_name_dissector("netlogon", dissect_NetLogon_PDU, proto_cldap);
5798 register_ldap_name_dissector("objectGUID", dissect_ldap_guid, proto_ldap);
5799 register_ldap_name_dissector("supportedControl", dissect_ldap_oid, proto_ldap);
5800 register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap);
5801 register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap);
5802 register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap);
5805 /*--- Included file: packet-ldap-dis-tab.c ---*/
5806 #line 1 "../../asn1/ldap/packet-ldap-dis-tab.c"
5807 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
5808 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
5809 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
5810 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_DirSyncControlValue_PDU, proto_ldap, "dirsync");
5811 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
5812 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
5813 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
5814 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
5815 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
5816 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
5817 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
5820 /*--- End of included file: packet-ldap-dis-tab.c ---*/
5821 #line 2198 "../../asn1/ldap/packet-ldap-template.c"
5827 prefs_register_ldap(void)
5830 if(tcp_port != global_ldap_tcp_port) {
5832 dissector_delete_uint("tcp.port", tcp_port, ldap_handle);
5834 /* Set our port number for future use */
5835 tcp_port = global_ldap_tcp_port;
5838 dissector_add_uint("tcp.port", tcp_port, ldap_handle);
5842 if(ssl_port != global_ldaps_tcp_port) {
5844 ssl_dissector_delete(ssl_port, "ldap", TRUE);
5846 /* Set our port number for future use */
5847 ssl_port = global_ldaps_tcp_port;
5850 ssl_dissector_add(ssl_port, "ldap", TRUE);