1 /* Do not modify this file. */
2 /* It is created automatically by the ASN.1 to Wireshark dissector compiler */
4 /* ../../tools/asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . Lightweight-Directory-Access-Protocol-V3.asn */
6 /* Input file: packet-ldap-template.c */
8 #line 1 "packet-ldap-template.c"
10 * Routines for ldap packet dissection
12 * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
16 * Wireshark - Network traffic analyzer
17 * By Gerald Combs <gerald@wireshark.org>
18 * Copyright 1998 Gerald Combs
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version 2
23 * of the License, or (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
37 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
38 * It's also missing extensible search filters.
40 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
43 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
44 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
48 * nazard@dragoninc.on.ca
52 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
53 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
57 * ronald.henderson@cognicaseusa.com
61 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
62 * using information from the SNIA 2003 conference paper :
63 * Active Directory Domain Controller Location Service
69 * 17-DEC-2004 - added basic decoding for LDAP Controls
70 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
72 * Stefan Metzmacher <metze@samba.org>
74 * 15-NOV-2005 - Changed to use the asn2wrs compiler
75 * Anders Broman <anders.broman@ericsson.com>
79 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
80 * Updated cldap_netlogon_flags to include Windows 2008 flags
81 * Expanded the ntver ldap option with bit field
83 * Gary Reynolds <gazzadownunder@yahoo.co.uk>
96 #include <epan/packet.h>
97 #include <epan/conversation.h>
98 #include <epan/prefs.h>
100 #include <epan/emem.h>
101 #include <epan/oids.h>
102 #include <epan/strutil.h>
103 #include <epan/dissectors/packet-frame.h>
104 #include <epan/dissectors/packet-tcp.h>
105 #include <epan/dissectors/packet-windows-common.h>
106 #include <epan/dissectors/packet-dcerpc.h>
107 #include <epan/asn1.h>
109 #include "packet-ldap.h"
110 #include "packet-ntlmssp.h"
111 #include "packet-ssl.h"
112 #include "packet-smb-common.h"
114 #include "packet-ber.h"
115 #include "packet-per.h"
117 #define PNAME "Lightweight Directory Access Protocol"
118 #define PSNAME "LDAP"
119 #define PFNAME "ldap"
121 /* Initialize the protocol and registered fields */
122 static int ldap_tap = -1;
123 static int proto_ldap = -1;
124 static int proto_cldap = -1;
126 static int hf_ldap_sasl_buffer_length = -1;
127 static int hf_ldap_response_in = -1;
128 static int hf_ldap_response_to = -1;
129 static int hf_ldap_time = -1;
130 static int hf_ldap_guid = -1;
132 static int hf_mscldap_ntver_flags = -1;
133 static int hf_mscldap_ntver_flags_v1 = -1;
134 static int hf_mscldap_ntver_flags_v5 = -1;
135 static int hf_mscldap_ntver_flags_v5ex = -1;
136 static int hf_mscldap_ntver_flags_v5ip = -1;
137 static int hf_mscldap_ntver_flags_v5cs = -1;
138 static int hf_mscldap_ntver_flags_nt4 = -1;
139 static int hf_mscldap_ntver_flags_pdc = -1;
140 static int hf_mscldap_ntver_flags_local = -1;
141 static int hf_mscldap_ntver_flags_ip = -1;
142 static int hf_mscldap_ntver_flags_gc = -1;
143 static int hf_mscldap_netlogon_ipaddress_family = -1;
144 static int hf_mscldap_netlogon_ipaddress_port = -1;
145 static int hf_mscldap_netlogon_ipaddress = -1;
146 static int hf_mscldap_netlogon_ipaddress_ipv4 = -1;
147 static int hf_mscldap_netlogon_type = -1;
148 static int hf_mscldap_netlogon_length = -1;
149 static int hf_mscldap_netlogon_flags = -1;
150 static int hf_mscldap_netlogon_flags_pdc = -1;
151 static int hf_mscldap_netlogon_flags_gc = -1;
152 static int hf_mscldap_netlogon_flags_ldap = -1;
153 static int hf_mscldap_netlogon_flags_ds = -1;
154 static int hf_mscldap_netlogon_flags_kdc = -1;
155 static int hf_mscldap_netlogon_flags_timeserv = -1;
156 static int hf_mscldap_netlogon_flags_closest = -1;
157 static int hf_mscldap_netlogon_flags_writable = -1;
158 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
159 static int hf_mscldap_netlogon_flags_ndnc = -1;
160 static int hf_mscldap_netlogon_flags_fnc = -1;
161 static int hf_mscldap_netlogon_flags_dnc = -1;
162 static int hf_mscldap_netlogon_flags_dns = -1;
163 static int hf_mscldap_netlogon_flags_wdc = -1;
164 static int hf_mscldap_netlogon_flags_rodc = -1;
165 static int hf_mscldap_domain_guid = -1;
166 static int hf_mscldap_forest = -1;
167 static int hf_mscldap_domain = -1;
168 static int hf_mscldap_hostname = -1;
169 static int hf_mscldap_nb_domain = -1;
170 static int hf_mscldap_nb_hostname = -1;
171 static int hf_mscldap_username = -1;
172 static int hf_mscldap_sitename = -1;
173 static int hf_mscldap_clientsitename = -1;
174 static int hf_mscldap_netlogon_version = -1;
175 static int hf_mscldap_netlogon_lm_token = -1;
176 static int hf_mscldap_netlogon_nt_token = -1;
177 static int hf_ldap_sid = -1;
178 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
179 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
180 static int hf_ldap_AccessMask_ADS_LIST = -1;
181 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
182 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
183 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
184 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
185 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
186 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
189 /*--- Included file: packet-ldap-hf.c ---*/
190 #line 1 "packet-ldap-hf.c"
191 static int hf_ldap_LDAPMessage_PDU = -1; /* LDAPMessage */
192 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
193 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
194 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
195 static int hf_ldap_ReplControlValue_PDU = -1; /* ReplControlValue */
196 static int hf_ldap_PasswdModifyRequestValue_PDU = -1; /* PasswdModifyRequestValue */
197 static int hf_ldap_CancelRequestValue_PDU = -1; /* CancelRequestValue */
198 static int hf_ldap_PasswordPolicyResponseValue_PDU = -1; /* PasswordPolicyResponseValue */
199 static int hf_ldap_messageID = -1; /* MessageID */
200 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
201 static int hf_ldap_controls = -1; /* Controls */
202 static int hf_ldap_bindRequest = -1; /* BindRequest */
203 static int hf_ldap_bindResponse = -1; /* BindResponse */
204 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
205 static int hf_ldap_searchRequest = -1; /* SearchRequest */
206 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
207 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
208 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
209 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
210 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
211 static int hf_ldap_addRequest = -1; /* AddRequest */
212 static int hf_ldap_addResponse = -1; /* AddResponse */
213 static int hf_ldap_delRequest = -1; /* DelRequest */
214 static int hf_ldap_delResponse = -1; /* DelResponse */
215 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
216 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
217 static int hf_ldap_compareRequest = -1; /* CompareRequest */
218 static int hf_ldap_compareResponse = -1; /* CompareResponse */
219 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
220 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
221 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
222 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
223 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
224 static int hf_ldap_assertionValue = -1; /* AssertionValue */
225 static int hf_ldap_type = -1; /* AttributeDescription */
226 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
227 static int hf_ldap_vals_item = -1; /* AttributeValue */
228 static int hf_ldap_resultCode = -1; /* T_resultCode */
229 static int hf_ldap_matchedDN = -1; /* LDAPDN */
230 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
231 static int hf_ldap_referral = -1; /* Referral */
232 static int hf_ldap_Referral_item = -1; /* LDAPURL */
233 static int hf_ldap_Controls_item = -1; /* Control */
234 static int hf_ldap_controlType = -1; /* ControlType */
235 static int hf_ldap_criticality = -1; /* BOOLEAN */
236 static int hf_ldap_controlValue = -1; /* T_controlValue */
237 static int hf_ldap_version = -1; /* INTEGER_1_127 */
238 static int hf_ldap_name = -1; /* LDAPDN */
239 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
240 static int hf_ldap_simple = -1; /* Simple */
241 static int hf_ldap_sasl = -1; /* SaslCredentials */
242 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
243 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
244 static int hf_ldap_mechanism = -1; /* Mechanism */
245 static int hf_ldap_credentials = -1; /* Credentials */
246 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
247 static int hf_ldap_bindResponse_matchedDN = -1; /* T_bindResponse_matchedDN */
248 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
249 static int hf_ldap_baseObject = -1; /* LDAPDN */
250 static int hf_ldap_scope = -1; /* T_scope */
251 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
252 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
253 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
254 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
255 static int hf_ldap_filter = -1; /* T_filter */
256 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
257 static int hf_ldap_and = -1; /* T_and */
258 static int hf_ldap_and_item = -1; /* T_and_item */
259 static int hf_ldap_or = -1; /* T_or */
260 static int hf_ldap_or_item = -1; /* T_or_item */
261 static int hf_ldap_not = -1; /* T_not */
262 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
263 static int hf_ldap_substrings = -1; /* SubstringFilter */
264 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
265 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
266 static int hf_ldap_present = -1; /* T_present */
267 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
268 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
269 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
270 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
271 static int hf_ldap_initial = -1; /* LDAPString */
272 static int hf_ldap_any = -1; /* LDAPString */
273 static int hf_ldap_final = -1; /* LDAPString */
274 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
275 static int hf_ldap_matchValue = -1; /* AssertionValue */
276 static int hf_ldap_dnAttributes = -1; /* T_dnAttributes */
277 static int hf_ldap_objectName = -1; /* LDAPDN */
278 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
279 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
280 static int hf_ldap__untag_item = -1; /* LDAPURL */
281 static int hf_ldap_object = -1; /* LDAPDN */
282 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
283 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
284 static int hf_ldap_operation = -1; /* T_operation */
285 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
286 static int hf_ldap_entry = -1; /* LDAPDN */
287 static int hf_ldap_attributes = -1; /* AttributeList */
288 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
289 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
290 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
291 static int hf_ldap_newSuperior = -1; /* LDAPDN */
292 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
293 static int hf_ldap_requestName = -1; /* LDAPOID */
294 static int hf_ldap_requestValue = -1; /* T_requestValue */
295 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
296 static int hf_ldap_responseName = -1; /* ResponseName */
297 static int hf_ldap_response = -1; /* OCTET_STRING */
298 static int hf_ldap_size = -1; /* INTEGER */
299 static int hf_ldap_cookie = -1; /* OCTET_STRING */
300 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
301 static int hf_ldap_attributeType = -1; /* AttributeDescription */
302 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
303 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
304 static int hf_ldap_sortResult = -1; /* T_sortResult */
305 static int hf_ldap_parentsFirst = -1; /* INTEGER */
306 static int hf_ldap_maxReturnLength = -1; /* INTEGER */
307 static int hf_ldap_userIdentity = -1; /* OCTET_STRING */
308 static int hf_ldap_oldPasswd = -1; /* OCTET_STRING */
309 static int hf_ldap_newPasswd = -1; /* OCTET_STRING */
310 static int hf_ldap_genPasswd = -1; /* OCTET_STRING */
311 static int hf_ldap_cancelID = -1; /* MessageID */
312 static int hf_ldap_warning = -1; /* T_warning */
313 static int hf_ldap_timeBeforeExpiration = -1; /* INTEGER_0_maxInt */
314 static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
315 static int hf_ldap_error = -1; /* T_error */
317 /*--- End of included file: packet-ldap-hf.c ---*/
318 #line 182 "packet-ldap-template.c"
320 /* Initialize the subtree pointers */
321 static gint ett_ldap = -1;
322 static gint ett_ldap_msg = -1;
323 static gint ett_ldap_sasl_blob = -1;
324 static guint ett_ldap_payload = -1;
325 static gint ett_mscldap_netlogon_flags = -1;
326 static gint ett_mscldap_ntver_flags = -1;
327 static gint ett_mscldap_ipdetails = -1;
330 /*--- Included file: packet-ldap-ett.c ---*/
331 #line 1 "packet-ldap-ett.c"
332 static gint ett_ldap_LDAPMessage = -1;
333 static gint ett_ldap_ProtocolOp = -1;
334 static gint ett_ldap_AttributeDescriptionList = -1;
335 static gint ett_ldap_AttributeValueAssertion = -1;
336 static gint ett_ldap_Attribute = -1;
337 static gint ett_ldap_SET_OF_AttributeValue = -1;
338 static gint ett_ldap_LDAPResult = -1;
339 static gint ett_ldap_Referral = -1;
340 static gint ett_ldap_Controls = -1;
341 static gint ett_ldap_Control = -1;
342 static gint ett_ldap_BindRequest_U = -1;
343 static gint ett_ldap_AuthenticationChoice = -1;
344 static gint ett_ldap_SaslCredentials = -1;
345 static gint ett_ldap_BindResponse_U = -1;
346 static gint ett_ldap_SearchRequest_U = -1;
347 static gint ett_ldap_Filter = -1;
348 static gint ett_ldap_T_and = -1;
349 static gint ett_ldap_T_or = -1;
350 static gint ett_ldap_SubstringFilter = -1;
351 static gint ett_ldap_T_substringFilter_substrings = -1;
352 static gint ett_ldap_T_substringFilter_substrings_item = -1;
353 static gint ett_ldap_MatchingRuleAssertion = -1;
354 static gint ett_ldap_SearchResultEntry_U = -1;
355 static gint ett_ldap_PartialAttributeList = -1;
356 static gint ett_ldap_PartialAttributeList_item = -1;
357 static gint ett_ldap_SEQUENCE_OF_LDAPURL = -1;
358 static gint ett_ldap_ModifyRequest_U = -1;
359 static gint ett_ldap_ModifyRequest_modification = -1;
360 static gint ett_ldap_T_modifyRequest_modification_item = -1;
361 static gint ett_ldap_AttributeTypeAndValues = -1;
362 static gint ett_ldap_AddRequest_U = -1;
363 static gint ett_ldap_AttributeList = -1;
364 static gint ett_ldap_AttributeList_item = -1;
365 static gint ett_ldap_ModifyDNRequest_U = -1;
366 static gint ett_ldap_CompareRequest_U = -1;
367 static gint ett_ldap_ExtendedRequest_U = -1;
368 static gint ett_ldap_ExtendedResponse_U = -1;
369 static gint ett_ldap_SearchControlValue = -1;
370 static gint ett_ldap_SortKeyList = -1;
371 static gint ett_ldap_SortKeyList_item = -1;
372 static gint ett_ldap_SortResult = -1;
373 static gint ett_ldap_ReplControlValue = -1;
374 static gint ett_ldap_PasswdModifyRequestValue = -1;
375 static gint ett_ldap_PasswdModifyResponseValue = -1;
376 static gint ett_ldap_CancelRequestValue = -1;
377 static gint ett_ldap_PasswordPolicyResponseValue = -1;
378 static gint ett_ldap_T_warning = -1;
380 /*--- End of included file: packet-ldap-ett.c ---*/
381 #line 193 "packet-ldap-template.c"
383 static dissector_table_t ldap_name_dissector_table=NULL;
384 static const char *object_identifier_id = NULL; /* LDAP OID */
386 static gboolean do_protocolop = FALSE;
387 static gchar *attr_type = NULL;
388 static gboolean is_binary_attr_type = FALSE;
389 static gboolean ldap_found_in_frame = FALSE;
391 #define TCP_PORT_LDAP 389
392 #define TCP_PORT_LDAPS 636
393 #define UDP_PORT_CLDAP 389
394 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
396 /* desegmentation of LDAP */
397 static gboolean ldap_desegment = TRUE;
398 static guint global_ldap_tcp_port = TCP_PORT_LDAP;
399 static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
400 static guint tcp_port = 0;
401 static guint ssl_port = 0;
403 static dissector_handle_t gssapi_handle;
404 static dissector_handle_t gssapi_wrap_handle;
405 static dissector_handle_t ntlmssp_handle;
406 static dissector_handle_t spnego_handle;
407 static dissector_handle_t ssl_handle;
408 static dissector_handle_t ldap_handle ;
410 void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
413 /* different types of rpc calls ontop of ms cldap */
414 #define MSCLDAP_RPC_NETLOGON 1
416 /* Message type Choice values */
417 static const value_string ldap_ProtocolOp_choice_vals[] = {
418 { 0, "bindRequest" },
419 { 1, "bindResponse" },
420 { 2, "unbindRequest" },
421 { 3, "searchRequest" },
422 { 4, "searchResEntry" },
423 { 5, "searchResDone" },
424 { 6, "searchResRef" },
425 { 7, "modifyRequest" },
426 { 8, "modifyResponse" },
428 { 10, "addResponse" },
429 { 11, "delRequest" },
430 { 12, "delResponse" },
431 { 13, "modDNRequest" },
432 { 14, "modDNResponse" },
433 { 15, "compareRequest" },
434 { 16, "compareResponse" },
435 { 17, "abandonRequest" },
436 { 18, "extendedReq" },
437 { 19, "extendedResp" },
441 * Data structure attached to a conversation, giving authentication
442 * information from a bind request.
443 * We keep a linked list of them, so that we can free up all the
444 * authentication mechanism strings.
446 typedef struct ldap_conv_info_t {
447 struct ldap_conv_info_t *next;
448 guint auth_type; /* authentication type */
449 char *auth_mech; /* authentication mechanism */
450 guint32 first_auth_frame; /* first frame that would use a security layer */
451 GHashTable *unmatched;
455 gboolean start_tls_pending;
456 guint32 start_tls_frame;
458 static ldap_conv_info_t *ldap_info_items;
461 ldap_info_hash_matched(gconstpointer k)
463 const ldap_call_response_t *key = k;
465 return key->messageId;
469 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
471 const ldap_call_response_t *key1 = k1;
472 const ldap_call_response_t *key2 = k2;
474 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
477 /* a response may span multiple frames
478 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
483 return key1->messageId==key2->messageId;
487 ldap_info_hash_unmatched(gconstpointer k)
489 const ldap_call_response_t *key = k;
491 return key->messageId;
495 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
497 const ldap_call_response_t *key1 = k1;
498 const ldap_call_response_t *key2 = k2;
500 return key1->messageId==key2->messageId;
504 /* These are the NtVer flags
505 http://msdn.microsoft.com/en-us/library/cc201035.aspx
508 static const true_false_string tfs_ntver_v1 = {
509 "Client requested V1 netlogon response",
510 "V1 netlogon response not requested"
513 static const true_false_string tfs_ntver_v5 = {
514 "Client requested V5 netlogon response",
515 "V5 netlogon response not requested"
517 static const true_false_string tfs_ntver_v5ex = {
518 "Client requested V5 extended netlogon response",
519 "V5 extended response not requested"
521 static const true_false_string tfs_ntver_v5ip = {
522 "Client has requested IP information of the DC",
523 "IP information not requested"
525 static const true_false_string tfs_ntver_v5cs = {
526 "Client has asked for the closest site information",
527 "Closest site information not requested"
529 static const true_false_string tfs_ntver_nt4 = {
530 "Client has set Neutralize NT4 emulation",
531 "Only full AD DS requested"
533 static const true_false_string tfs_ntver_pdc = {
534 "Client has requested the PDC server",
535 "PDC server not requested"
537 static const true_false_string tfs_ntver_local = {
538 "Client indicated that it is the local machine",
539 "Client is not local"
541 static const true_false_string tfs_ntver_ip = {
542 "Client has requested IP details (obsolete)",
543 "IP details not requested"
544 };static const true_false_string tfs_ntver_gc = {
545 "Client has requested a Global Catalog server",
546 "Global Catalog not requested"
550 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
554 proto_tree *tree=NULL;
556 hf_mscldap_ntver_flags_v1,
557 hf_mscldap_ntver_flags_v5,
558 hf_mscldap_ntver_flags_v5ex,
559 hf_mscldap_ntver_flags_v5ip,
560 hf_mscldap_ntver_flags_v5cs,
561 hf_mscldap_ntver_flags_nt4,
562 hf_mscldap_ntver_flags_pdc,
563 hf_mscldap_ntver_flags_ip,
564 hf_mscldap_ntver_flags_local,
565 hf_mscldap_ntver_flags_gc,
569 header_field_info *hfi;
570 gboolean one_bit_set = FALSE;
572 flags=tvb_get_letohl(tvb, offset);
573 item=proto_tree_add_item(parent_tree, hf_mscldap_ntver_flags, tvb, offset, 4, TRUE);
575 tree = proto_item_add_subtree(item, ett_mscldap_ntver_flags);
578 proto_item_append_text(item, " (");
580 for(field = fields; *field; field++) {
581 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
582 hfi = proto_registrar_get_nth(*field);
584 if(flags & hfi->bitmask) {
587 proto_item_append_text(item, ", ");
591 proto_item_append_text(item, "%s", hfi->name);
596 proto_item_append_text(item, ")");
603 /* This string contains the last LDAPString that was decoded */
604 static char *attributedesc_string=NULL;
606 /* This string contains the last AssertionValue that was decoded */
607 static char *ldapvalue_string=NULL;
609 /* if the octet string contain all printable ASCII characters, then
610 * display it as a string, othervise just display it in hex.
613 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
616 gboolean pc, ind, is_ascii;
622 offset=get_ber_identifier(tvb, offset, &class, &pc, &tag);
623 offset=get_ber_length(tvb, offset, &len, &ind);
625 len=tvb_length_remaining(tvb,offset);
634 * Some special/wellknown attributes in common LDAP (read AD)
635 * are neither ascii strings nor blobs of hex data.
636 * Special case these attributes and decode them more nicely.
638 * Add more special cases as required to prettify further
639 * (there cant be that many ones that are truly interesting)
641 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
645 /* this octet string contains an NT SID */
646 sid_tvb=tvb_new_subset(tvb, offset, len, len);
647 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
648 ldapvalue_string=tmpstr;
651 } else if ( (len==16) /* GUIDs are always 16 bytes */
652 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
653 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
656 /* This octet string contained a GUID */
657 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
659 ldapvalue_string=ep_alloc(1024);
660 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
661 uuid.Data1, uuid.Data2, uuid.Data3,
662 uuid.Data4[0], uuid.Data4[1],
663 uuid.Data4[2], uuid.Data4[3],
664 uuid.Data4[4], uuid.Data4[5],
665 uuid.Data4[6], uuid.Data4[7]);
668 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
672 /* get flag value to populate ldapvalue_string */
673 flags=tvb_get_letohl(tvb, offset);
675 ldapvalue_string=ep_alloc(1024);
676 g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
678 /* populate bitmask subtree */
679 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
687 * It was not one of our "wellknown" attributes so make the best
688 * we can and just try to see if it is an ascii string or if it
691 * XXX - should we support reading RFC 2252-style schemas
692 * for LDAP, and using that to determine how to display
693 * attribute values and assertion values?
695 * -- I dont think there are full schemas available that describe the
696 * interesting cases i.e. AD -- ronnie
698 str=tvb_get_ptr(tvb, offset, len);
701 if(!isascii(str[i]) || !isprint(str[i])){
707 /* convert the string into a printable string */
709 ldapvalue_string=ep_alloc(len+1);
710 memcpy(ldapvalue_string,str,len);
711 ldapvalue_string[i]=0;
713 ldapvalue_string=ep_alloc(3*len);
715 g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
716 ldapvalue_string[3*i+2]=':';
718 ldapvalue_string[3*len-1]=0;
721 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
729 /* This string contains the last Filter item that was decoded */
730 static char *Filter_string=NULL;
731 static char *and_filter_string=NULL;
732 static char *or_filter_string=NULL;
733 static char *substring_value=NULL;
734 static char *substring_item_init=NULL;
735 static char *substring_item_any=NULL;
736 static char *substring_item_final=NULL;
737 static char *matching_rule_string=NULL;
738 static gboolean matching_rule_dnattr=FALSE;
740 /* Global variables */
741 char *mechanism = NULL;
742 static gint MessageID =-1;
743 static gint ProtocolOp = -1;
744 static gint result = 0;
745 static proto_item *ldm_tree = NULL; /* item to add text to */
747 static void ldap_do_protocolop(packet_info *pinfo)
753 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
755 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
758 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
760 do_protocolop = FALSE;
765 static ldap_call_response_t *
766 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag)
768 ldap_call_response_t lcr, *lcrp=NULL;
769 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)pinfo->private_data;
771 /* first see if we have already matched this */
773 lcr.messageId=messageId;
774 switch(protocolOpTag){
776 case LDAP_REQ_SEARCH:
777 case LDAP_REQ_MODIFY:
779 case LDAP_REQ_DELETE:
780 case LDAP_REQ_MODRDN:
781 case LDAP_REQ_COMPARE:
782 case LDAP_REQ_EXTENDED:
784 lcr.req_frame=pinfo->fd->num;
788 case LDAP_RES_SEARCH_ENTRY:
789 case LDAP_RES_SEARCH_REF:
790 case LDAP_RES_SEARCH_RESULT:
791 case LDAP_RES_MODIFY:
793 case LDAP_RES_DELETE:
794 case LDAP_RES_MODRDN:
795 case LDAP_RES_COMPARE:
796 case LDAP_RES_EXTENDED:
797 lcr.is_request=FALSE;
799 lcr.rep_frame=pinfo->fd->num;
802 lcrp=g_hash_table_lookup(ldap_info->matched, &lcr);
806 lcrp->is_request=lcr.is_request;
810 /* we haven't found a match - try and match it up */
812 switch(protocolOpTag){
814 case LDAP_REQ_SEARCH:
815 case LDAP_REQ_MODIFY:
817 case LDAP_REQ_DELETE:
818 case LDAP_REQ_MODRDN:
819 case LDAP_REQ_COMPARE:
820 case LDAP_REQ_EXTENDED:
822 /* this a a request - add it to the unmatched list */
824 /* check that we dont already have one of those in the
825 unmatched list and if so remove it */
827 lcr.messageId=messageId;
828 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
830 g_hash_table_remove(ldap_info->unmatched, lcrp);
832 /* if we cant reuse the old one, grab a new chunk */
834 lcrp=se_alloc(sizeof(ldap_call_response_t));
836 lcrp->messageId=messageId;
837 lcrp->req_frame=pinfo->fd->num;
838 lcrp->req_time=pinfo->fd->abs_ts;
840 lcrp->protocolOpTag=protocolOpTag;
841 lcrp->is_request=TRUE;
842 g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
846 case LDAP_RES_SEARCH_ENTRY:
847 case LDAP_RES_SEARCH_REF:
848 case LDAP_RES_SEARCH_RESULT:
849 case LDAP_RES_MODIFY:
851 case LDAP_RES_DELETE:
852 case LDAP_RES_MODRDN:
853 case LDAP_RES_COMPARE:
854 case LDAP_RES_EXTENDED:
856 /* this is a result - it should be in our unmatched list */
858 lcr.messageId=messageId;
859 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
863 if(!lcrp->rep_frame){
864 g_hash_table_remove(ldap_info->unmatched, lcrp);
865 lcrp->rep_frame=pinfo->fd->num;
866 lcrp->is_request=FALSE;
867 g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
875 /* we have found a match */
880 if(lcrp->is_request){
881 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
882 PROTO_ITEM_SET_GENERATED(it);
885 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
886 PROTO_ITEM_SET_GENERATED(it);
887 nstime_delta(&ns, &pinfo->fd->abs_ts, &lcrp->req_time);
888 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
889 PROTO_ITEM_SET_GENERATED(it);
897 /*--- Included file: packet-ldap-fn.c ---*/
898 #line 1 "packet-ldap-fn.c"
899 /*--- Cyclic dependencies ---*/
901 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
902 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
903 /* Filter -> Filter/not -> Filter */
904 static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
910 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
913 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
927 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
928 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
937 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
939 tvbuff_t *parameter_tvb = NULL;
940 char *ldapstring = NULL;
941 gchar *sc = NULL; /* semi-colon pointer */
943 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
947 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
949 ldap_do_protocolop(actx->pinfo);
952 ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0));
954 if(hf_index == hf_ldap_baseObject) {
955 /* this is search - put it on the scanline */
956 if(!ldapstring || !*ldapstring)
957 ldapstring = "<ROOT>";
959 if(check_col(actx->pinfo->cinfo, COL_INFO))
960 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
963 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
968 proto_item_append_text(actx->created_item, " (%s)", ldapstring);
971 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
972 if(check_col(actx->pinfo->cinfo, COL_INFO))
973 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
976 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
978 } else if ((hf_index == hf_ldap_objectName) ||
979 (hf_index == hf_ldap_name) ||
980 (hf_index == hf_ldap_entry) ||
981 (hf_index == hf_ldap_object) ||
982 (hf_index == hf_ldap_delRequest) ) {
984 if(!ldapstring || !*ldapstring)
985 ldapstring = "<ROOT>";
987 if(check_col(actx->pinfo->cinfo, COL_INFO))
988 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
991 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
992 } else if (hf_index == hf_ldap_attributeDesc){
993 /* remember the attribute description */
994 attributedesc_string=ldapstring;
995 } else if (hf_index == hf_ldap_initial){
996 /* remember the substring item */
997 substring_item_init=ldapstring;
998 } else if (hf_index == hf_ldap_any){
999 /* remember the substring item */
1000 substring_item_any=ldapstring;
1001 } else if (hf_index == hf_ldap_final){
1002 /* remember the substring item */
1003 substring_item_final=ldapstring;
1004 } else if (hf_index == hf_ldap_matchingRule){
1005 /* remember the matching rule */
1006 matching_rule_string=ldapstring;
1007 } else if (hf_index == hf_ldap_present){
1008 /* remember the present name */
1009 Filter_string=ldapstring;
1010 } else if (hf_index == hf_ldap_type) {
1011 /* remember attribute type name */
1012 attr_type = ep_strdup(ldapstring);
1014 /* append it to the parent entry */
1015 proto_item_append_text(tree, " %s", attr_type);
1017 /* remove the ";binary" component if present */
1018 if((sc = strchr(attr_type, ';')) != NULL) {
1019 if(!strcmp(sc, ";binary")) {
1020 *sc = '\0'; /* terminate the string */
1021 is_binary_attr_type = TRUE;
1024 is_binary_attr_type = FALSE;
1039 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1040 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1048 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1049 #line 165 "ldap.cnf"
1050 ldap_conv_info_t *ldap_info;
1052 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1056 ldap_info = actx->pinfo->private_data;
1057 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
1059 actx->pinfo->private_data = ldap_info;
1069 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1070 #line 175 "ldap.cnf"
1072 ldap_conv_info_t *ldap_info;
1073 tvbuff_t *parameter_tvb;
1074 char *mechanism = NULL;
1075 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1078 ldap_info = actx->pinfo->private_data;
1079 ldap_info->auth_type = LDAP_AUTH_SASL;
1085 * We need to remember the authentication type and mechanism for this
1088 * XXX - actually, we might need to remember more than one
1089 * type and mechanism, if you can unbind and rebind with a
1090 * different type and/or mechanism.
1092 if(!actx->pinfo->fd->flags.visited) {
1093 mechanism = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
1094 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
1096 * If the mechanism in this request is an empty string (which is
1097 * returned as a null pointer), use the saved mechanism instead.
1098 * Otherwise, if the saved mechanism is an empty string (null),
1099 * save this mechanism.
1101 if (mechanism == NULL) {
1102 mechanism = ldap_info->auth_mech;
1104 g_free(ldap_info->auth_mech);
1105 ldap_info->auth_mech = mechanism;
1107 actx->pinfo->private_data = ldap_info;
1117 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1118 #line 212 "ldap.cnf"
1120 tvbuff_t *parameter_tvb;
1121 ldap_conv_info_t *ldap_info;
1126 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1133 ldap_info = actx->pinfo->private_data;
1134 get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag);
1136 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/
1137 if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) {
1139 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
1140 * We need to check the first byte to check whether the blob
1141 * contains SPNEGO or GSSAPI.
1142 * All SPNEGO PDUs are of class CONSTRUCTED while
1143 * GSS PDUs are class APPLICATION
1145 if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
1146 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1148 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/
1149 if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) {
1151 * This is a raw GSS-API token.
1153 if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
1154 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1157 actx->pinfo->private_data = ldap_info;
1166 static const ber_sequence_t SaslCredentials_sequence[] = {
1167 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism },
1168 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials },
1169 { NULL, 0, 0, 0, NULL }
1173 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1174 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1175 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1183 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1184 #line 691 "ldap.cnf"
1185 /* make sure the protocol op comes first */
1186 ldap_do_protocolop(actx->pinfo);
1188 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1189 offset+=tvb_length_remaining(tvb, offset);
1199 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1200 #line 698 "ldap.cnf"
1201 /* make sure the protocol op comes first */
1202 ldap_do_protocolop(actx->pinfo);
1204 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1205 offset+=tvb_length_remaining(tvb, offset);
1213 static const value_string ldap_AuthenticationChoice_vals[] = {
1216 { 10, "ntlmsspNegotiate" },
1217 { 11, "ntlmsspAuth" },
1221 static const ber_choice_t AuthenticationChoice_choice[] = {
1222 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple },
1223 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials },
1224 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate },
1225 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth },
1226 { 0, NULL, 0, 0, 0, NULL }
1230 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1231 #line 497 "ldap.cnf"
1234 const gchar *valstr;
1236 offset = dissect_ber_choice(actx, tree, tvb, offset,
1237 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1241 ldap_do_protocolop(actx->pinfo);
1243 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1244 auth = AuthenticationChoice_choice[branch].value;
1246 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1248 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1249 if (check_col(actx->pinfo->cinfo, COL_INFO) && (auth != 10) && (auth != 11))
1250 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1253 proto_item_append_text(ldm_tree, " %s", valstr);
1262 static const ber_sequence_t BindRequest_U_sequence[] = {
1263 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 },
1264 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
1265 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice },
1266 { NULL, 0, 0, 0, NULL }
1270 dissect_ldap_BindRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1271 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1272 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U);
1280 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1281 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1282 hf_index, BER_CLASS_APP, 0, TRUE, dissect_ldap_BindRequest_U);
1288 static const value_string ldap_BindResponse_resultCode_vals[] = {
1290 { 1, "operationsError" },
1291 { 2, "protocolError" },
1292 { 3, "timeLimitExceeded" },
1293 { 4, "sizeLimitExceeded" },
1294 { 5, "compareFalse" },
1295 { 6, "compareTrue" },
1296 { 7, "authMethodNotSupported" },
1297 { 8, "strongAuthRequired" },
1299 { 11, "adminLimitExceeded" },
1300 { 12, "unavailableCriticalExtension" },
1301 { 13, "confidentialityRequired" },
1302 { 14, "saslBindInProgress" },
1303 { 16, "noSuchAttribute" },
1304 { 17, "undefinedAttributeType" },
1305 { 18, "inappropriateMatching" },
1306 { 19, "constraintViolation" },
1307 { 20, "attributeOrValueExists" },
1308 { 21, "invalidAttributeSyntax" },
1309 { 32, "noSuchObject" },
1310 { 33, "aliasProblem" },
1311 { 34, "invalidDNSyntax" },
1312 { 36, "aliasDereferencingProblem" },
1313 { 48, "inappropriateAuthentication" },
1314 { 49, "invalidCredentials" },
1315 { 50, "insufficientAccessRights" },
1317 { 52, "unavailable" },
1318 { 53, "unwillingToPerform" },
1319 { 54, "loopDetect" },
1320 { 64, "namingViolation" },
1321 { 65, "objectClassViolation" },
1322 { 66, "notAllowedOnNonLeaf" },
1323 { 67, "notAllowedOnRDN" },
1324 { 68, "entryAlreadyExists" },
1325 { 69, "objectClassModsProhibited" },
1326 { 71, "affectsMultipleDSAs" },
1328 { 118, "canceled" },
1329 { 119, "noSuchOperation" },
1331 { 121, "cannotCancel" },
1337 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1338 #line 447 "ldap.cnf"
1340 const gchar *valstr;
1342 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1346 ldap_do_protocolop(actx->pinfo);
1348 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1350 if (check_col(actx->pinfo->cinfo, COL_INFO))
1351 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1354 proto_item_append_text(ldm_tree, " %s", valstr);
1365 dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1366 #line 705 "ldap.cnf"
1367 tvbuff_t *new_tvb=NULL;
1369 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1372 && (tvb_length(new_tvb)>=7)
1373 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1375 /* make sure the protocol op comes first */
1376 ldap_do_protocolop(actx->pinfo);
1378 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
1390 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1391 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1399 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1400 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1404 PROTO_ITEM_SET_URL(actx->created_item);
1411 static const ber_sequence_t Referral_sequence_of[1] = {
1412 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
1416 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1417 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1418 Referral_sequence_of, hf_index, ett_ldap_Referral);
1426 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1427 #line 252 "ldap.cnf"
1429 tvbuff_t *parameter_tvb;
1430 ldap_conv_info_t *ldap_info;
1432 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1437 ldap_info = actx->pinfo->private_data;
1438 switch (ldap_info->auth_type) {
1440 /* For Kerberos V4, dissect it as a ticket. */
1441 /* XXX - what about LDAP_AUTH_SIMPLE? */
1443 case LDAP_AUTH_SASL:
1445 * All frames after this are assumed to use a security layer.
1447 * XXX - won't work if there's another reply, with the security
1448 * layer, starting in the same TCP segment that ends this
1449 * reply, but as LDAP is a request/response protocol, and
1450 * as the client probably can't start using authentication until
1451 * it gets the bind reply and the server won't send a reply until
1452 * it gets a request, that probably won't happen.
1454 * XXX - that assumption is invalid; it's not clear where the
1455 * hell you find out whether there's any security layer. In
1456 * one capture, we have two GSS-SPNEGO negotiations, both of
1457 * which select MS KRB5, and the only differences in the tokens
1458 * is in the RC4-HMAC ciphertext. The various
1459 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1460 * that the RFC 2222 spoo with the bitmask and maximum
1461 * output message size stuff is done - but where does that
1462 * stuff show up? Is it in the ciphertext, which means it's
1463 * presumably encrypted?
1465 * Grrr. We have to do a gross heuristic, checking whether the
1466 * putative LDAP message begins with 0x00 or not, making the
1467 * assumption that we won't have more than 2^24 bytes of
1468 * encapsulated stuff.
1470 ldap_info->first_auth_frame = actx->pinfo->fd->num + 1;
1471 if (ldap_info->auth_mech != NULL &&
1472 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1473 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
1474 * which might not be wrapped in GSS-SPNEGO but be a raw
1477 if ( (tvb_length(parameter_tvb)>=7)
1478 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
1479 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
1483 * This is a GSS-API token.
1485 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1486 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1487 } else if (ldap_info->auth_mech != NULL &&
1488 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1490 * This is a GSS-API token.
1492 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1493 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1497 actx->pinfo->private_data = ldap_info;
1505 static const ber_sequence_t BindResponse_U_sequence[] = {
1506 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode },
1507 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN },
1508 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
1509 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
1510 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds },
1511 { NULL, 0, 0, 0, NULL }
1515 dissect_ldap_BindResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1516 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1517 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U);
1525 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1526 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1527 hf_index, BER_CLASS_APP, 1, TRUE, dissect_ldap_BindResponse_U);
1535 dissect_ldap_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1536 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1544 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1545 #line 519 "ldap.cnf"
1547 implicit_tag = TRUE; /* correct problem with asn2wrs */
1549 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1550 hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL);
1553 ldap_do_protocolop(actx->pinfo);
1565 static const value_string ldap_T_scope_vals[] = {
1566 { 0, "baseObject" },
1567 { 1, "singleLevel" },
1568 { 2, "wholeSubtree" },
1574 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1575 #line 413 "ldap.cnf"
1578 const gchar *valstr;
1580 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1584 ldap_do_protocolop(actx->pinfo);
1586 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1588 if (check_col(actx->pinfo->cinfo, COL_INFO))
1589 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1592 proto_item_append_text(ldm_tree, " %s", valstr);
1600 static const value_string ldap_T_derefAliases_vals[] = {
1601 { 0, "neverDerefAliases" },
1602 { 1, "derefInSearching" },
1603 { 2, "derefFindingBaseObj" },
1604 { 3, "derefAlways" },
1610 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1611 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1620 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1621 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1630 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1631 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1639 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1640 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1642 #line 561 "ldap.cnf"
1643 if(and_filter_string){
1644 and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string);
1646 and_filter_string=Filter_string;
1654 static const ber_sequence_t T_and_set_of[1] = {
1655 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item },
1659 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1660 #line 568 "ldap.cnf"
1661 proto_tree *tr=NULL;
1662 proto_item *it=NULL;
1663 char *old_and_filter_string=and_filter_string;
1665 and_filter_string=NULL;
1667 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "and: ");
1668 tr=proto_item_add_subtree(it, ett_ldap_T_and);
1672 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1673 T_and_set_of, hf_index, ett_ldap_T_and);
1676 if(and_filter_string) {
1677 proto_item_append_text(it, "%s", and_filter_string);
1678 Filter_string=ep_strdup_printf("%s",and_filter_string);
1680 and_filter_string=old_and_filter_string;
1690 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1691 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1693 #line 588 "ldap.cnf"
1694 if(or_filter_string){
1695 or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string);
1697 or_filter_string=Filter_string;
1706 static const ber_sequence_t T_or_set_of[1] = {
1707 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item },
1711 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1712 #line 596 "ldap.cnf"
1713 proto_tree *tr=NULL;
1714 proto_item *it=NULL;
1715 char *old_or_filter_string=or_filter_string;
1717 or_filter_string=NULL;
1719 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "or: ");
1720 tr=proto_item_add_subtree(it, ett_ldap_T_or);
1723 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1724 T_or_set_of, hf_index, ett_ldap_T_or);
1726 if(or_filter_string) {
1727 proto_item_append_text(it, "%s", or_filter_string);
1728 Filter_string=ep_strdup_printf("%s",or_filter_string);
1730 or_filter_string=old_or_filter_string;
1740 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1741 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1743 #line 617 "ldap.cnf"
1744 Filter_string=ep_strdup_printf("(!%s)",string_or_null(Filter_string));
1753 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1754 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1761 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1762 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1763 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue },
1764 { NULL, 0, 0, 0, NULL }
1768 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1769 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1770 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1778 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1779 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1781 #line 538 "ldap.cnf"
1782 Filter_string=ep_strdup_printf("(%s=%s)",
1783 string_or_null(attributedesc_string),
1784 string_or_null(ldapvalue_string));
1792 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
1799 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
1800 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1801 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1802 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1803 { 0, NULL, 0, 0, 0, NULL }
1807 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1808 offset = dissect_ber_choice(actx, tree, tvb, offset,
1809 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
1812 #line 643 "ldap.cnf"
1813 if (substring_item_final) {
1814 substring_value=ep_strdup_printf("%s%s",
1815 (substring_value?substring_value:"*"),
1816 substring_item_final);
1817 } else if (substring_item_any) {
1818 substring_value=ep_strdup_printf("%s%s*",
1819 (substring_value?substring_value:"*"),
1820 substring_item_any);
1821 } else if (substring_item_init) {
1822 substring_value=ep_strdup_printf("%s*",
1823 substring_item_init);
1831 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
1832 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item },
1836 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1837 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1838 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
1844 static const ber_sequence_t SubstringFilter_sequence[] = {
1845 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1846 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings },
1847 { NULL, 0, 0, 0, NULL }
1851 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1852 #line 657 "ldap.cnf"
1853 proto_tree *tr=NULL;
1854 proto_item *it=NULL;
1855 char *old_substring_value=substring_value;
1857 substring_value=NULL;
1858 substring_item_init=NULL;
1859 substring_item_any=NULL;
1860 substring_item_final=NULL;
1862 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "substring: ");
1863 tr=proto_item_add_subtree(it, ett_ldap_SubstringFilter);
1866 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1867 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
1869 Filter_string=ep_strdup_printf("(%s=%s)",
1870 string_or_null(attr_type),
1871 string_or_null(substring_value));
1872 proto_item_append_text(it, "%s", Filter_string);
1873 substring_value=old_substring_value;
1883 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1884 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1886 #line 544 "ldap.cnf"
1887 Filter_string=ep_strdup_printf("(%s>=%s)",
1888 string_or_null(attributedesc_string),
1889 string_or_null(ldapvalue_string));
1899 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1900 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1902 #line 550 "ldap.cnf"
1903 Filter_string=ep_strdup_printf("(%s<=%s)",
1904 string_or_null(attributedesc_string),
1905 string_or_null(ldapvalue_string));
1915 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1916 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
1918 #line 614 "ldap.cnf"
1919 Filter_string=ep_strdup_printf("(%s=*)",string_or_null(Filter_string));
1928 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1929 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1931 #line 556 "ldap.cnf"
1932 Filter_string=ep_strdup_printf("(%s~=%s)",
1933 string_or_null(attributedesc_string),
1934 string_or_null(ldapvalue_string));
1943 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1944 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1952 dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1953 #line 620 "ldap.cnf"
1956 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
1959 matching_rule_dnattr = val;
1968 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
1969 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
1970 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
1971 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue },
1972 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes },
1973 { NULL, 0, 0, 0, NULL }
1977 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1978 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1979 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
1987 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1988 #line 629 "ldap.cnf"
1990 matching_rule_string=NULL;
1991 ldapvalue_string=NULL;
1992 matching_rule_dnattr=FALSE;
1995 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1997 #line 635 "ldap.cnf"
1998 Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)",
1999 (attr_type?attr_type:""),
2000 (matching_rule_dnattr?"dn:":""),
2001 (matching_rule_string?matching_rule_string:""),
2002 (matching_rule_string?":":""),
2003 string_or_null(ldapvalue_string));
2010 static const value_string ldap_Filter_vals[] = {
2014 { 3, "equalityMatch" },
2015 { 4, "substrings" },
2016 { 5, "greaterOrEqual" },
2017 { 6, "lessOrEqual" },
2019 { 8, "approxMatch" },
2020 { 9, "extensibleMatch" },
2024 static const ber_choice_t Filter_choice[] = {
2025 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and },
2026 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or },
2027 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not },
2028 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch },
2029 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter },
2030 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual },
2031 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual },
2032 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present },
2033 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch },
2034 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch },
2035 { 0, NULL, 0, 0, 0, NULL }
2039 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2040 #line 678 "ldap.cnf"
2041 proto_tree *tr=NULL;
2042 proto_item *it=NULL;
2045 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
2046 tr=proto_item_add_subtree(it, ett_ldap_Filter);
2049 offset = dissect_ber_choice(actx, tree, tvb, offset,
2050 Filter_choice, hf_index, ett_ldap_Filter,
2054 proto_item_append_text(it, "%s", string_or_null(Filter_string));
2064 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2065 #line 531 "ldap.cnf"
2069 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
2071 #line 534 "ldap.cnf"
2073 and_filter_string=NULL;
2080 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2081 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2085 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2086 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2087 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2093 static const ber_sequence_t SearchRequest_U_sequence[] = {
2094 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2095 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope },
2096 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases },
2097 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2098 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2099 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2100 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter },
2101 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList },
2102 { NULL, 0, 0, 0, NULL }
2106 dissect_ldap_SearchRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2107 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2108 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U);
2116 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2117 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2118 hf_index, BER_CLASS_APP, 3, TRUE, dissect_ldap_SearchRequest_U);
2126 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2127 #line 464 "ldap.cnf"
2132 int old_offset = offset;
2134 /* extract the value of the octetstring */
2135 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
2137 /* if we have an attribute type that isn't binary see if there is a better dissector */
2138 if(!attr_type || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree)) {
2139 offset = old_offset;
2141 /* do the default thing */
2142 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2148 len = tvb_length_remaining(next_tvb, 0);
2150 for(i = 0; i < len; i++)
2151 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
2155 string = tvb_get_ephemeral_string(next_tvb, 0, tvb_length_remaining(next_tvb, 0));
2158 proto_item_set_text(actx->created_item, "%s", string);
2168 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2169 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },
2173 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2174 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
2175 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2181 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2182 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2183 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2184 { NULL, 0, 0, 0, NULL }
2188 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2189 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2190 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2196 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2197 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item },
2201 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2202 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2203 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2209 static const ber_sequence_t SearchResultEntry_U_sequence[] = {
2210 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2211 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList },
2212 { NULL, 0, 0, 0, NULL }
2216 dissect_ldap_SearchResultEntry_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2217 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2218 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U);
2226 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2227 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2228 hf_index, BER_CLASS_APP, 4, TRUE, dissect_ldap_SearchResultEntry_U);
2234 static const value_string ldap_T_resultCode_vals[] = {
2236 { 1, "operationsError" },
2237 { 2, "protocolError" },
2238 { 3, "timeLimitExceeded" },
2239 { 4, "sizeLimitExceeded" },
2240 { 5, "compareFalse" },
2241 { 6, "compareTrue" },
2242 { 7, "authMethodNotSupported" },
2243 { 8, "strongAuthRequired" },
2245 { 11, "adminLimitExceeded" },
2246 { 12, "unavailableCriticalExtension" },
2247 { 13, "confidentialityRequired" },
2248 { 14, "saslBindInProgress" },
2249 { 16, "noSuchAttribute" },
2250 { 17, "undefinedAttributeType" },
2251 { 18, "inappropriateMatching" },
2252 { 19, "constraintViolation" },
2253 { 20, "attributeOrValueExists" },
2254 { 21, "invalidAttributeSyntax" },
2255 { 32, "noSuchObject" },
2256 { 33, "aliasProblem" },
2257 { 34, "invalidDNSyntax" },
2258 { 36, "aliasDereferencingProblem" },
2259 { 48, "inappropriateAuthentication" },
2260 { 49, "invalidCredentials" },
2261 { 50, "insufficientAccessRights" },
2263 { 52, "unavailable" },
2264 { 53, "unwillingToPerform" },
2265 { 54, "loopDetect" },
2266 { 64, "namingViolation" },
2267 { 65, "objectClassViolation" },
2268 { 66, "notAllowedOnNonLeaf" },
2269 { 67, "notAllowedOnRDN" },
2270 { 68, "entryAlreadyExists" },
2271 { 69, "objectClassModsProhibited" },
2272 { 71, "affectsMultipleDSAs" },
2274 { 118, "canceled" },
2275 { 119, "noSuchOperation" },
2277 { 121, "cannotCancel" },
2283 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2284 #line 430 "ldap.cnf"
2286 const gchar *valstr;
2288 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2292 ldap_do_protocolop(actx->pinfo);
2294 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2296 if (check_col(actx->pinfo->cinfo, COL_INFO))
2297 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
2300 proto_item_append_text(ldm_tree, " %s", valstr);
2309 static const ber_sequence_t LDAPResult_sequence[] = {
2310 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode },
2311 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2312 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2313 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2314 { NULL, 0, 0, 0, NULL }
2318 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2319 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2320 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2328 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2329 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2330 hf_index, BER_CLASS_APP, 5, TRUE, dissect_ldap_LDAPResult);
2336 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = {
2337 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
2341 dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2342 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2343 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL);
2351 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2352 #line 748 "ldap.cnf"
2354 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2355 hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
2358 ldap_do_protocolop(actx->pinfo);
2367 static const value_string ldap_T_operation_vals[] = {
2376 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2377 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2384 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2385 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2386 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2387 { NULL, 0, 0, 0, NULL }
2391 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2392 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2393 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2399 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2400 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation },
2401 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues },
2402 { NULL, 0, 0, 0, NULL }
2406 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2407 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2408 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2414 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2415 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item },
2419 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2420 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2421 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2427 static const ber_sequence_t ModifyRequest_U_sequence[] = {
2428 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2429 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification },
2430 { NULL, 0, 0, 0, NULL }
2434 dissect_ldap_ModifyRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2435 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2436 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U);
2444 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2445 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2446 hf_index, BER_CLASS_APP, 6, TRUE, dissect_ldap_ModifyRequest_U);
2454 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2455 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2456 hf_index, BER_CLASS_APP, 7, TRUE, dissect_ldap_LDAPResult);
2462 static const ber_sequence_t AttributeList_item_sequence[] = {
2463 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2464 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2465 { NULL, 0, 0, 0, NULL }
2469 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2470 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2471 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2477 static const ber_sequence_t AttributeList_sequence_of[1] = {
2478 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item },
2482 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2483 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2484 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2490 static const ber_sequence_t AddRequest_U_sequence[] = {
2491 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2492 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList },
2493 { NULL, 0, 0, 0, NULL }
2497 dissect_ldap_AddRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2498 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2499 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U);
2507 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2508 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2509 hf_index, BER_CLASS_APP, 8, TRUE, dissect_ldap_AddRequest_U);
2517 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2518 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2519 hf_index, BER_CLASS_APP, 9, TRUE, dissect_ldap_LDAPResult);
2527 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2528 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2529 hf_index, BER_CLASS_APP, 10, TRUE, dissect_ldap_LDAPDN);
2537 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2538 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2539 hf_index, BER_CLASS_APP, 11, TRUE, dissect_ldap_LDAPResult);
2547 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2548 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2554 static const ber_sequence_t ModifyDNRequest_U_sequence[] = {
2555 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2556 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN },
2557 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2558 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN },
2559 { NULL, 0, 0, 0, NULL }
2563 dissect_ldap_ModifyDNRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2564 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2565 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U);
2573 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2574 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2575 hf_index, BER_CLASS_APP, 12, TRUE, dissect_ldap_ModifyDNRequest_U);
2583 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2584 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2585 hf_index, BER_CLASS_APP, 13, TRUE, dissect_ldap_LDAPResult);
2591 static const ber_sequence_t CompareRequest_U_sequence[] = {
2592 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2593 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion },
2594 { NULL, 0, 0, 0, NULL }
2598 dissect_ldap_CompareRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2599 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2600 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U);
2608 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2609 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2610 hf_index, BER_CLASS_APP, 14, TRUE, dissect_ldap_CompareRequest_U);
2618 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2619 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2620 hf_index, BER_CLASS_APP, 15, TRUE, dissect_ldap_LDAPResult);
2628 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2629 #line 755 "ldap.cnf"
2631 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2632 hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
2635 ldap_do_protocolop(actx->pinfo);
2646 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2649 tvbuff_t *parameter_tvb;
2653 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2658 object_identifier_id = NULL;
2663 object_identifier_id = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
2664 name = oid_resolved_from_string(object_identifier_id);
2667 proto_item_append_text(actx->created_item, " (%s)", name);
2669 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
2670 ldap_do_protocolop(actx->pinfo);
2672 if(check_col(actx->pinfo->cinfo, COL_INFO))
2673 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
2677 if(((hf_index == hf_ldap_responseName) || (hf_index == hf_ldap_requestName)) &&
2678 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
2680 /* we have agreed start_tls */
2681 ldap_conv_info_t *ldap_info = NULL;
2683 ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
2686 if(hf_index == hf_ldap_responseName)
2687 /* TLS in the next frame */
2688 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
2690 /* remember we have asked to start_tls */
2691 ldap_info->start_tls_pending = TRUE;
2702 dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2703 #line 740 "ldap.cnf"
2705 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2706 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
2708 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2719 static const ber_sequence_t ExtendedRequest_U_sequence[] = {
2720 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID },
2721 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue },
2722 { NULL, 0, 0, 0, NULL }
2726 dissect_ldap_ExtendedRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2727 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2728 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U);
2736 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2737 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2738 hf_index, BER_CLASS_APP, 23, TRUE, dissect_ldap_ExtendedRequest_U);
2744 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2746 { 1, "operationsError" },
2747 { 2, "protocolError" },
2748 { 3, "timeLimitExceeded" },
2749 { 4, "sizeLimitExceeded" },
2750 { 5, "compareFalse" },
2751 { 6, "compareTrue" },
2752 { 7, "authMethodNotSupported" },
2753 { 8, "strongAuthRequired" },
2755 { 11, "adminLimitExceeded" },
2756 { 12, "unavailableCriticalExtension" },
2757 { 13, "confidentialityRequired" },
2758 { 14, "saslBindInProgress" },
2759 { 16, "noSuchAttribute" },
2760 { 17, "undefinedAttributeType" },
2761 { 18, "inappropriateMatching" },
2762 { 19, "constraintViolation" },
2763 { 20, "attributeOrValueExists" },
2764 { 21, "invalidAttributeSyntax" },
2765 { 32, "noSuchObject" },
2766 { 33, "aliasProblem" },
2767 { 34, "invalidDNSyntax" },
2768 { 36, "aliasDereferencingProblem" },
2769 { 48, "inappropriateAuthentication" },
2770 { 49, "invalidCredentials" },
2771 { 50, "insufficientAccessRights" },
2773 { 52, "unavailable" },
2774 { 53, "unwillingToPerform" },
2775 { 54, "loopDetect" },
2776 { 64, "namingViolation" },
2777 { 65, "objectClassViolation" },
2778 { 66, "notAllowedOnNonLeaf" },
2779 { 67, "notAllowedOnRDN" },
2780 { 68, "entryAlreadyExists" },
2781 { 69, "objectClassModsProhibited" },
2782 { 71, "affectsMultipleDSAs" },
2784 { 118, "canceled" },
2785 { 119, "noSuchOperation" },
2787 { 121, "cannotCancel" },
2793 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2794 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2803 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2804 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
2812 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2813 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2820 static const ber_sequence_t ExtendedResponse_U_sequence[] = {
2821 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode },
2822 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2823 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2824 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2825 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
2826 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
2827 { NULL, 0, 0, 0, NULL }
2831 dissect_ldap_ExtendedResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2832 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2833 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U);
2841 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2842 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2843 hf_index, BER_CLASS_APP, 24, TRUE, dissect_ldap_ExtendedResponse_U);
2849 static const value_string ldap_ProtocolOp_vals[] = {
2850 { 0, "bindRequest" },
2851 { 1, "bindResponse" },
2852 { 2, "unbindRequest" },
2853 { 3, "searchRequest" },
2854 { 4, "searchResEntry" },
2855 { 5, "searchResDone" },
2856 { 19, "searchResRef" },
2857 { 6, "modifyRequest" },
2858 { 7, "modifyResponse" },
2859 { 8, "addRequest" },
2860 { 9, "addResponse" },
2861 { 10, "delRequest" },
2862 { 11, "delResponse" },
2863 { 12, "modDNRequest" },
2864 { 13, "modDNResponse" },
2865 { 14, "compareRequest" },
2866 { 15, "compareResponse" },
2867 { 16, "abandonRequest" },
2868 { 23, "extendedReq" },
2869 { 24, "extendedResp" },
2873 static const ber_choice_t ProtocolOp_choice[] = {
2874 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest },
2875 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse },
2876 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest },
2877 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest },
2878 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry },
2879 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone },
2880 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference },
2881 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest },
2882 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse },
2883 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest },
2884 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse },
2885 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest },
2886 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse },
2887 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest },
2888 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse },
2889 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest },
2890 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse },
2891 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest },
2892 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest },
2893 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse },
2894 { 0, NULL, 0, 0, 0, NULL }
2898 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2899 #line 102 "ldap.cnf"
2901 ldap_call_response_t *lcrp;
2902 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
2903 do_protocolop = TRUE;
2906 offset = dissect_ber_choice(actx, tree, tvb, offset,
2907 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
2910 #line 108 "ldap.cnf"
2912 if (ProtocolOp == -1) {
2916 /* ProtocolOp is the index, not the tag so convert it to the tag value */
2917 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
2919 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp);
2921 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
2924 /* XXX: the count will not work if the results span multiple TCP packets */
2926 if(ldap_info && tree) { /* only count once - on tree pass */
2927 switch(ProtocolOp) {
2929 case LDAP_RES_SEARCH_ENTRY:
2930 ldap_info->num_results++;
2932 proto_item_append_text(tree, " [%d result%s]",
2933 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2937 case LDAP_RES_SEARCH_RESULT:
2939 if (check_col(actx->pinfo->cinfo, COL_INFO))
2940 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
2941 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2943 proto_item_append_text(tree, " [%d result%s]",
2944 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
2946 ldap_info->num_results = 0;
2953 if(ldap_info && (ProtocolOp == LDAP_RES_EXTENDED)) {
2954 /* this is an extend result */
2956 if(ldap_info->start_tls_pending && !ldap_info->start_tls_frame) {
2957 /* XXX: some directories do not correctly return the responseName in the extendedResponse so we don't know start_tls has been negotiated */
2959 col_append_str(actx->pinfo->cinfo, COL_INFO, "[LDAP_START_TLS_OID responseName missing] ");
2960 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
2963 ldap_info->start_tls_pending = FALSE;
2973 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2974 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
2982 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2983 #line 721 "ldap.cnf"
2989 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2990 /* remove the OCTET STRING encoding */
2991 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &class, &pc, &tag);
2992 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
2994 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
2998 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3010 static const ber_sequence_t Control_sequence[] = {
3011 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType },
3012 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3013 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue },
3014 { NULL, 0, 0, 0, NULL }
3018 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3019 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3020 Control_sequence, hf_index, ett_ldap_Control);
3026 static const ber_sequence_t Controls_sequence_of[1] = {
3027 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control },
3031 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3032 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3033 Controls_sequence_of, hf_index, ett_ldap_Controls);
3039 static const ber_sequence_t LDAPMessage_sequence[] = {
3040 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3041 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp },
3042 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls },
3043 { NULL, 0, 0, 0, NULL }
3047 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3048 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3049 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
3059 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3060 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3067 static const ber_sequence_t SearchControlValue_sequence[] = {
3068 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3069 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3070 { NULL, 0, 0, 0, NULL }
3074 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3075 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3076 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
3082 static const ber_sequence_t SortKeyList_item_sequence[] = {
3083 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
3084 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
3085 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN },
3086 { NULL, 0, 0, 0, NULL }
3090 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3091 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3092 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
3098 static const ber_sequence_t SortKeyList_sequence_of[1] = {
3099 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item },
3103 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3104 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3105 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
3111 static const value_string ldap_T_sortResult_vals[] = {
3113 { 1, "operationsError" },
3114 { 3, "timeLimitExceeded" },
3115 { 8, "strongAuthRequired" },
3116 { 11, "adminLimitExceeded" },
3117 { 16, "noSuchAttribute" },
3118 { 18, "inappropriateMatching" },
3119 { 50, "insufficientAccessRights" },
3121 { 53, "unwillingToPerform" },
3128 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3129 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3136 static const ber_sequence_t SortResult_sequence[] = {
3137 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult },
3138 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
3139 { NULL, 0, 0, 0, NULL }
3143 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3144 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3145 SortResult_sequence, hf_index, ett_ldap_SortResult);
3151 static const ber_sequence_t ReplControlValue_sequence[] = {
3152 { &hf_ldap_parentsFirst , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3153 { &hf_ldap_maxReturnLength, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3154 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3155 { NULL, 0, 0, 0, NULL }
3159 dissect_ldap_ReplControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3160 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3161 ReplControlValue_sequence, hf_index, ett_ldap_ReplControlValue);
3167 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = {
3168 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3169 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3170 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3171 { NULL, 0, 0, 0, NULL }
3175 dissect_ldap_PasswdModifyRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3176 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3177 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue);
3183 static const ber_sequence_t PasswdModifyResponseValue_sequence[] = {
3184 { &hf_ldap_genPasswd , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3185 { NULL, 0, 0, 0, NULL }
3189 dissect_ldap_PasswdModifyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3190 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3191 PasswdModifyResponseValue_sequence, hf_index, ett_ldap_PasswdModifyResponseValue);
3197 static const ber_sequence_t CancelRequestValue_sequence[] = {
3198 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3199 { NULL, 0, 0, 0, NULL }
3203 dissect_ldap_CancelRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3204 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3205 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue);
3211 static const value_string ldap_T_warning_vals[] = {
3212 { 0, "timeBeforeExpiration" },
3213 { 1, "graceAuthNsRemaining" },
3217 static const ber_choice_t T_warning_choice[] = {
3218 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3219 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3220 { 0, NULL, 0, 0, 0, NULL }
3224 dissect_ldap_T_warning(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3225 offset = dissect_ber_choice(actx, tree, tvb, offset,
3226 T_warning_choice, hf_index, ett_ldap_T_warning,
3233 static const value_string ldap_T_error_vals[] = {
3234 { 0, "passwordExpired" },
3235 { 1, "accountLocked" },
3236 { 2, "changeAfterReset" },
3237 { 3, "passwordModNotAllowed" },
3238 { 4, "mustSupplyOldPassword" },
3239 { 5, "insufficientPasswordQuality" },
3240 { 6, "passwordTooShort" },
3241 { 7, "passwordTooYoung" },
3242 { 8, "passwordInHistory" },
3248 dissect_ldap_T_error(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3249 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3256 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = {
3257 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning },
3258 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error },
3259 { NULL, 0, 0, 0, NULL }
3263 dissect_ldap_PasswordPolicyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3264 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3265 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue);
3272 static void dissect_LDAPMessage_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3273 asn1_ctx_t asn1_ctx;
3274 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3275 dissect_ldap_LDAPMessage(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU);
3277 static void dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3278 asn1_ctx_t asn1_ctx;
3279 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3280 dissect_ldap_SearchControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU);
3282 static void dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3283 asn1_ctx_t asn1_ctx;
3284 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3285 dissect_ldap_SortKeyList(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU);
3287 static void dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3288 asn1_ctx_t asn1_ctx;
3289 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3290 dissect_ldap_SortResult(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortResult_PDU);
3292 static void dissect_ReplControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3293 asn1_ctx_t asn1_ctx;
3294 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3295 dissect_ldap_ReplControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_ReplControlValue_PDU);
3297 static void dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3298 asn1_ctx_t asn1_ctx;
3299 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3300 dissect_ldap_PasswdModifyRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU);
3302 static void dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3303 asn1_ctx_t asn1_ctx;
3304 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3305 dissect_ldap_CancelRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU);
3307 static void dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3308 asn1_ctx_t asn1_ctx;
3309 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3310 dissect_ldap_PasswordPolicyResponseValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU);
3314 /*--- End of included file: packet-ldap-fn.c ---*/
3315 #line 708 "packet-ldap-template.c"
3318 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3319 proto_tree *tree, ldap_conv_info_t *ldap_info,
3320 gboolean is_mscldap)
3323 guint length_remaining;
3325 int messageOffset = 0;
3326 guint headerLength = 0;
3328 tvbuff_t *msg_tvb = NULL;
3330 gboolean pc, ind = 0;
3336 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3338 if (length_remaining < 6) return;
3341 * OK, try to read the "Sequence Of" header; this gets the total
3342 * length of the LDAP message.
3344 messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
3345 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
3348 if((msg_len<4) || (msg_len>10000000)) return;
3350 if ( (class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
3352 * Add the length of the "Sequence Of" header to the message
3355 headerLength = messageOffset - offset;
3356 msg_len += headerLength;
3357 if (msg_len < headerLength) {
3359 * The message length was probably so large that the total length
3362 * Report this as an error.
3364 show_reported_bounds_error(tvb, pinfo, tree);
3369 * We couldn't parse the header; just make it the amount of data
3370 * remaining in the tvbuff, so we'll give up on this segment
3371 * after attempting to parse the message - there's nothing more
3372 * we can do. "dissect_ldap_message()" will display the error.
3374 msg_len = length_remaining;
3378 * Construct a tvbuff containing the amount of the payload we have
3379 * available. Make its reported length the amount of data in the
3382 * XXX - if reassembly isn't enabled. the subdissector will throw a
3383 * BoundsError exception, rather than a ReportedBoundsError exception.
3384 * We really want a tvbuff where the length is "length", the reported
3385 * length is "plen", and the "if the snapshot length were infinite"
3386 * length is the minimum of the reported length of the tvbuff handed
3387 * to us and "plen", with a new type of exception thrown if the offset
3388 * is within the reported length but beyond that third length, with
3389 * that exception getting the "Unreassembled Packet" error.
3391 length = length_remaining;
3392 if (length > msg_len) length = msg_len;
3393 msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
3396 * Now dissect the LDAP message.
3398 ldap_info->is_mscldap = is_mscldap;
3399 pinfo->private_data = ldap_info;
3400 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree);
3404 /* If this was a sasl blob there might be another PDU following in the
3407 if(tvb_length_remaining(tvb, offset)>=6){
3408 tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), -1);
3417 ldap_frame_end(void)
3419 ldap_found_in_frame = FALSE;
3423 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3426 conversation_t *conversation;
3427 gboolean doing_sasl_security = FALSE;
3428 guint length_remaining;
3429 ldap_conv_info_t *ldap_info = NULL;
3430 proto_item *ldap_item = NULL;
3431 proto_tree *ldap_tree = NULL;
3436 * Do we have a conversation for this connection?
3438 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3439 pinfo->ptype, pinfo->srcport,
3440 pinfo->destport, 0);
3441 if (conversation == NULL) {
3442 /* We don't yet have a conversation, so create one. */
3443 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3444 pinfo->ptype, pinfo->srcport,
3445 pinfo->destport, 0);
3450 * Do we already have a type and mechanism?
3452 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
3453 if (ldap_info == NULL) {
3454 /* No. Attach that information to the conversation, and add
3455 * it to the list of information structures.
3457 ldap_info = g_malloc(sizeof(ldap_conv_info_t));
3458 ldap_info->auth_type = 0;
3459 ldap_info->auth_mech = 0;
3460 ldap_info->first_auth_frame = 0;
3461 ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
3462 ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3463 ldap_info->num_results = 0;
3464 ldap_info->start_tls_frame = 0;
3465 ldap_info->start_tls_pending = FALSE;
3467 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3469 ldap_info->next = ldap_info_items;
3470 ldap_info_items = ldap_info;
3474 switch (ldap_info->auth_type) {
3475 case LDAP_AUTH_SASL:
3477 * It's SASL; are we using a security layer?
3479 if (ldap_info->first_auth_frame != 0 &&
3480 pinfo->fd->num >= ldap_info->first_auth_frame) {
3481 doing_sasl_security = TRUE; /* yes */
3485 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3487 /* It might still be a packet containing a SASL security layer
3488 * but its just that we never saw the BIND packet.
3489 * check if it looks like it could be a SASL blob here
3490 * and in that case just assume it is GSS-SPNEGO
3492 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
3493 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
3494 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
3495 ldap_info->auth_type=LDAP_AUTH_SASL;
3496 ldap_info->first_auth_frame=pinfo->fd->num;
3497 ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
3498 doing_sasl_security=TRUE;
3502 * This is the first PDU, set the Protocol column and clear the
3505 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
3507 if(ldap_found_in_frame) {
3508 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
3509 col_append_str(pinfo->cinfo, COL_INFO, " | ");
3510 col_set_fence(pinfo->cinfo, COL_INFO);
3512 col_clear(pinfo->cinfo, COL_INFO);
3513 register_frame_end_routine (ldap_frame_end);
3514 ldap_found_in_frame = TRUE;
3517 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, FALSE);
3518 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
3521 * Might we be doing a SASL security layer and, if so, *are* we doing
3524 * Just because we've seen a bind reply for SASL, that doesn't mean
3525 * that we're using a SASL security layer; I've seen captures in
3526 * which some SASL negotiations lead to a security layer being used
3527 * and other negotiations don't, and it's not obvious what's different
3528 * in the two negotiations. Therefore, we assume that if the first
3529 * byte is 0, it's a length for a SASL security layer (that way, we
3530 * never reassemble more than 16 megabytes, protecting us from
3531 * chewing up *too* much memory), and otherwise that it's an LDAP
3532 * message (actually, if it's an LDAP message it should begin with 0x30,
3533 * but we want to parse garbage as LDAP messages rather than really
3537 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
3538 proto_item *sasl_item = NULL;
3539 proto_tree *sasl_tree = NULL;
3541 guint sasl_len, sasl_msg_len, length;
3543 * Yes. The frame begins with a 4-byte big-endian length.
3544 * And we know we have at least 6 bytes
3548 * Get the SASL length, which is the length of data in the buffer
3549 * following the length (i.e., it's 4 less than the total length).
3551 * XXX - do we need to reassemble buffers? For now, we
3552 * assume that each LDAP message is entirely contained within
3555 sasl_len = tvb_get_ntohl(tvb, offset);
3556 sasl_msg_len = sasl_len + 4;
3557 if (sasl_msg_len < 4) {
3559 * The message length was probably so large that the total length
3562 * Report this as an error.
3564 show_reported_bounds_error(tvb, pinfo, tree);
3569 * Construct a tvbuff containing the amount of the payload we have
3570 * available. Make its reported length the amount of data in the PDU.
3572 * XXX - if reassembly isn't enabled. the subdissector will throw a
3573 * BoundsError exception, rather than a ReportedBoundsError exception.
3574 * We really want a tvbuff where the length is "length", the reported
3575 * length is "plen", and the "if the snapshot length were infinite"
3576 * length is the minimum of the reported length of the tvbuff handed
3577 * to us and "plen", with a new type of exception thrown if the offset
3578 * is within the reported length but beyond that third length, with
3579 * that exception getting the "Unreassembled Packet" error.
3581 length = length_remaining;
3582 if (length > sasl_msg_len) length = sasl_msg_len;
3583 sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
3586 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
3589 sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL Buffer");
3590 sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
3593 if (ldap_info->auth_mech != NULL &&
3594 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
3595 /* auth_mech may have been set from the bind */
3596 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
3597 tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
3602 * This is GSS-API (using SPNEGO, but we should be done with
3603 * the negotiation by now).
3605 * Dissect the GSS_Wrap() token; it'll return the length of
3606 * the token, from which we compute the offset in the tvbuff at
3607 * which the plaintext data, i.e. the LDAP message, begins.
3609 length = tvb_length_remaining(sasl_tvb, 4);
3610 if ((guint)length > sasl_len)
3612 gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
3614 /* Attempt decryption of the GSSAPI wrapped data if possible */
3615 pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
3616 pinfo->gssapi_wrap_tvb=NULL;
3617 pinfo->gssapi_encrypted_tvb=NULL;
3618 pinfo->gssapi_decrypted_tvb=NULL;
3619 ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
3620 /* if we could unwrap, do a tvb shuffle */
3621 if(pinfo->gssapi_decrypted_tvb){
3622 decr_tvb=pinfo->gssapi_decrypted_tvb;
3625 pinfo->decrypt_gssapi_tvb=0;
3626 pinfo->gssapi_wrap_tvb=NULL;
3627 pinfo->gssapi_encrypted_tvb=NULL;
3628 pinfo->gssapi_decrypted_tvb=NULL;
3631 * if len is 0 it probably mean that we got a PDU that is not
3632 * aligned to the start of the segment.
3639 * if we don't have unwrapped data,
3640 * see if the wrapping involved encryption of the
3641 * data; if not, just use the plaintext data.
3644 if(!pinfo->gssapi_data_encrypted){
3645 plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
3650 proto_item *enc_item = NULL;
3651 proto_tree *enc_tree = NULL;
3654 * The LDAP message was encrypted in the packet, and has
3655 * been decrypted; dissect the decrypted LDAP message.
3657 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
3660 enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3661 "GSS-API Encrypted payload (%d byte%s)",
3663 plurality(sasl_len - ver_len, "", "s"));
3664 enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
3666 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
3667 } else if (plain_tvb) {
3668 proto_item *plain_item = NULL;
3669 proto_tree *plain_tree = NULL;
3672 * The LDAP message wasn't encrypted in the packet;
3673 * dissect the plain LDAP message.
3675 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
3678 plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3679 "GSS-API payload (%d byte%s)",
3681 plurality(sasl_len - ver_len, "", "s"));
3682 plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
3685 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
3688 * The LDAP message was encrypted in the packet, and was
3689 * not decrypted; just show it as encrypted data.
3691 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
3693 plurality(sasl_len - ver_len, "", "s"));
3696 proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3697 "GSS-API Encrypted payload (%d byte%s)",
3699 plurality(sasl_len - ver_len, "", "s"));
3703 offset += sasl_msg_len;
3705 /* plain LDAP, so dissect the payload */
3706 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
3710 static int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot)
3714 len=tvb_get_guint8(tvb, offset);
3719 /* add potential field separation dot */
3732 /* ops its a mscldap compressed string */
3734 new_offset=tvb_get_guint8(tvb, offset);
3735 if (new_offset == offset - 1)
3736 THROW(ReportedBoundsError);
3739 dissect_mscldap_string(tvb, new_offset, str, maxlen, FALSE);
3753 return offset; /* will mess up offset in caller, is unlikely */
3755 tvb_memcpy(tvb, str, offset, len);
3762 len=tvb_get_guint8(tvb, offset);
3770 /* These are the cldap DC flags
3771 http://msdn.microsoft.com/en-us/library/cc201036.aspx
3773 static const true_false_string tfs_ads_pdc = {
3777 static const true_false_string tfs_ads_gc = {
3778 "This is a GLOBAL CATALOGUE of forest",
3779 "This is NOT a global catalog of forest"
3781 static const true_false_string tfs_ads_ldap = {
3782 "This is an LDAP server",
3783 "This is NOT an ldap server"
3785 static const true_false_string tfs_ads_ds = {
3786 "This dc supports DS",
3787 "This dc does NOT support ds"
3789 static const true_false_string tfs_ads_kdc = {
3790 "This is a KDC (kerberos)",
3791 "This is NOT a kdc (kerberos)"
3793 static const true_false_string tfs_ads_timeserv = {
3794 "This dc is running TIME SERVICES (ntp)",
3795 "This dc is NOT running time services (ntp)"
3797 static const true_false_string tfs_ads_closest = {
3798 "This is the CLOSEST dc",
3799 "This is NOT the closest dc"
3801 static const true_false_string tfs_ads_writable = {
3802 "This dc is WRITABLE",
3803 "This dc is NOT writable"
3805 static const true_false_string tfs_ads_good_timeserv = {
3806 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
3807 "This dc does NOT have a good time service (i.e. no hardware clock)"
3809 static const true_false_string tfs_ads_ndnc = {
3810 "Domain is NON-DOMAIN NC serviced by ldap server",
3811 "Domain is NOT non-domain nc serviced by ldap server"
3813 static const true_false_string tfs_ads_rodc = {
3814 "Domain controller is a Windows 2008 RODC",
3815 "Domain controller is not a Windows 2008 RODC"
3817 static const true_false_string tfs_ads_wdc = {
3818 "Domain controller is a Windows 2008 writable NC",
3819 "Domain controller is not a Windows 2008 writable NC"
3821 static const true_false_string tfs_ads_dns = {
3822 "Server name is in DNS format (Windows 2008)",
3823 "Server name is not in DNS format (Windows 2008)"
3825 static const true_false_string tfs_ads_dnc = {
3826 "The NC is the default NC (Windows 2008)",
3827 "The NC is not the default NC (Windows 2008)"
3829 static const true_false_string tfs_ads_fnc = {
3830 "The NC is the default forest NC(Windows 2008)",
3831 "The NC is not the default forest NC (Windows 2008)"
3833 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
3837 proto_tree *tree=NULL;
3839 hf_mscldap_netlogon_flags_fnc,
3840 hf_mscldap_netlogon_flags_dnc,
3841 hf_mscldap_netlogon_flags_dns,
3842 hf_mscldap_netlogon_flags_wdc,
3843 hf_mscldap_netlogon_flags_rodc,
3844 hf_mscldap_netlogon_flags_ndnc,
3845 hf_mscldap_netlogon_flags_good_timeserv,
3846 hf_mscldap_netlogon_flags_writable,
3847 hf_mscldap_netlogon_flags_closest,
3848 hf_mscldap_netlogon_flags_timeserv,
3849 hf_mscldap_netlogon_flags_kdc,
3850 hf_mscldap_netlogon_flags_ds,
3851 hf_mscldap_netlogon_flags_ldap,
3852 hf_mscldap_netlogon_flags_gc,
3853 hf_mscldap_netlogon_flags_pdc,
3856 header_field_info *hfi;
3857 gboolean one_bit_set = FALSE;
3859 flags=tvb_get_letohl(tvb, offset);
3860 item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE);
3862 tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags);
3865 proto_item_append_text(item, " (");
3867 for(field = fields; *field; field++) {
3868 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
3869 hfi = proto_registrar_get_nth(*field);
3871 if(flags & hfi->bitmask) {
3874 proto_item_append_text(item, ", ");
3878 proto_item_append_text(item, "%s", hfi->name);
3883 proto_item_append_text(item, ")");
3890 static void dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
3892 int old_offset, offset=0;
3905 /* Get the length of the buffer */
3906 len=tvb_length_remaining(tvb,offset);
3908 /* check the len if it is to small return */
3909 if (len < 10) return;
3912 itype = tvb_get_letohs(tvb, offset);
3914 /* get the version number from the end of the buffer, as the
3915 length is variable and the version determines what fields
3916 need to be decoded */
3918 version = tvb_get_letohl(tvb,len-8);
3922 case LOGON_SAM_LOGON_RESPONSE:
3924 proto_tree_add_uint_format(tree, hf_mscldap_netlogon_type, tvb,offset, 2, itype,"Type: LOGON_SAM_LOGON_RESPONSE (19)" );
3927 /* logon server name */
3928 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
3929 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb,offset, fn_len, fn);
3933 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
3934 proto_tree_add_string(tree, hf_mscldap_username, tvb,offset, fn_len, fn);
3938 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
3939 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb,offset, fn_len, fn);
3942 /* include the extra version 5 fields */
3943 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){
3946 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
3949 /* domain guid part 2
3950 there is another 16 byte guid but this is alway zero, so we will skip it */
3955 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3956 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
3960 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3961 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
3965 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3966 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
3969 proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, tvb_get_ntohl(tvb,offset));
3973 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
3979 case LOGON_SAM_LOGON_RESPONSE_EX:
3982 proto_tree_add_uint_format(tree, hf_mscldap_netlogon_type, tvb, offset, 2, itype,"Type: LOGON_SAM_LOGON_RESPONSE_EX (23)" );
3987 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
3990 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
3995 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
3996 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4000 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4001 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4005 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4006 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4008 /* NetBios Domain */
4010 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4011 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
4013 /* NetBios Hostname */
4015 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4016 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
4020 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4021 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
4025 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4026 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
4030 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4031 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
4033 /* include the extra fields for version 5 with IP s */
4034 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){
4037 /* The ip address is returned as a sockaddr_in structure
4039 * This section may need to be updated if the base Windows APIs
4040 * are changed to support ipv6, which currently is not the case.
4042 * The desector assumes the length is based on ipv4 and
4043 * ignores the length
4046 /* skip the length of the sockaddr_in */
4050 /* add IP address and desect the sockaddr_in structure */
4052 old_offset = offset + 4;
4053 item = proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, tvb_get_ipv4(tvb,old_offset));
4056 proto_tree *subtree;
4058 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails);
4060 /* get sockaddr family */
4061 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, TRUE);
4064 /* get sockaddr port */
4065 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, TRUE);
4068 /* get IP address */
4069 proto_tree_add_ipv4(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, tvb_get_ipv4(tvb,offset));
4072 /* skip the 8 bytes of zeros in the sockaddr structure */
4081 proto_tree_add_uint_format(tree, hf_mscldap_netlogon_type, tvb, offset, 2, itype,"Type: Unknown type (%d)", itype );
4086 /* complete the decode with the version and token details */
4091 proto_tree_add_item(tree, hf_mscldap_netlogon_version, tvb, offset, 4, TRUE);
4095 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, TRUE);
4099 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, TRUE);
4106 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4108 /* sasl encapsulated ldap is 4 bytes plus the length in size */
4109 return tvb_get_ntohl(tvb, offset)+4;
4113 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4115 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4120 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4126 /* normal ldap is tag+len bytes plus the length
4127 * offset is where the tag is
4128 * offset+1 is where length starts
4130 data_offset=get_ber_length(tvb, offset+1, &len, &ind);
4131 return len+data_offset-offset;
4135 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4137 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4142 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4145 const char *oidname;
4147 /* tvb here contains an ascii string that is really an oid */
4148 /* XXX we should convert the string oid into a real oid so we can use
4149 * proto_tree_add_oid() instead.
4152 oid=tvb_get_ephemeral_string(tvb, 0, tvb_length(tvb));
4157 oidname=oid_resolved_from_string(oid);
4160 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s (%s)",oid,oidname);
4162 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s",oid);
4166 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
4167 static const true_false_string ldap_AccessMask_ADS_CREATE_CHILD_tfs = {
4168 "ADS CREATE CHILD is SET",
4169 "Ads create child is NOT set",
4172 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
4173 static const true_false_string ldap_AccessMask_ADS_DELETE_CHILD_tfs = {
4174 "ADS DELETE CHILD is SET",
4175 "Ads delete child is NOT set",
4177 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
4178 static const true_false_string ldap_AccessMask_ADS_LIST_tfs = {
4180 "Ads list is NOT set",
4182 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
4183 static const true_false_string ldap_AccessMask_ADS_SELF_WRITE_tfs = {
4184 "ADS SELF WRITE is SET",
4185 "Ads self write is NOT set",
4187 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
4188 static const true_false_string ldap_AccessMask_ADS_READ_PROP_tfs = {
4189 "ADS READ PROP is SET",
4190 "Ads read prop is NOT set",
4192 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
4193 static const true_false_string ldap_AccessMask_ADS_WRITE_PROP_tfs = {
4194 "ADS WRITE PROP is SET",
4195 "Ads write prop is NOT set",
4197 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
4198 static const true_false_string ldap_AccessMask_ADS_DELETE_TREE_tfs = {
4199 "ADS DELETE TREE is SET",
4200 "Ads delete tree is NOT set",
4202 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
4203 static const true_false_string ldap_AccessMask_ADS_LIST_OBJECT_tfs = {
4204 "ADS LIST OBJECT is SET",
4205 "Ads list object is NOT set",
4207 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
4208 static const true_false_string ldap_AccessMask_ADS_CONTROL_ACCESS_tfs = {
4209 "ADS CONTROL ACCESS is SET",
4210 "Ads control access is NOT set",
4214 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
4216 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CONTROL_ACCESS, tvb, offset, 4, access);
4218 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST_OBJECT, tvb, offset, 4, access);
4220 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_TREE, tvb, offset, 4, access);
4222 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_WRITE_PROP, tvb, offset, 4, access);
4224 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_READ_PROP, tvb, offset, 4, access);
4226 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_SELF_WRITE, tvb, offset, 4, access);
4228 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST, tvb, offset, 4, access);
4230 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_CHILD, tvb, offset, 4, access);
4232 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CREATE_CHILD, tvb, offset, 4, access);
4234 struct access_mask_info ldap_access_mask_info = {
4235 "LDAP", /* Name of specific rights */
4236 ldap_specific_rights, /* Dissection function */
4237 NULL, /* Generic mapping table */
4238 NULL /* Standard mapping table */
4242 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4244 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_length(tvb), &ldap_access_mask_info);
4248 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4252 /* this octet string contains an NT SID */
4253 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
4254 ldapvalue_string=tmpstr;
4258 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4260 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4263 /* This octet string contained a GUID */
4264 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
4266 ldapvalue_string=ep_alloc(1024);
4267 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
4268 uuid.Data1, uuid.Data2, uuid.Data3,
4269 uuid.Data4[0], uuid.Data4[1],
4270 uuid.Data4[2], uuid.Data4[3],
4271 uuid.Data4[4], uuid.Data4[5],
4272 uuid.Data4[6], uuid.Data4[7]);
4276 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4282 conversation_t *conversation;
4283 ldap_conv_info_t *ldap_info = NULL;
4286 * Do we have a conversation for this connection?
4288 conversation = find_conversation(pinfo->fd->num,
4289 &pinfo->src, &pinfo->dst,
4290 pinfo->ptype, pinfo->srcport,
4291 pinfo->destport, 0);
4293 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
4298 /* This is a bit tricky. We have to find out whether SASL is used
4299 * so that we know how big a header we are supposed to pass
4300 * to tcp_dissect_pdus()
4301 * We must also cope with the case when a client connects to LDAP
4302 * and performs a few unauthenticated searches of LDAP before
4303 * it performs the bind on the same tcp connection.
4305 /* check for a SASL header, i.e. assume it is SASL if
4306 * 1, first four bytes (SASL length) is an integer
4307 * with a value that must be <LDAP_SASL_MAX_BUF and >2
4308 * (>2 to fight false positives, 0x00000000 is a common
4309 * "random" tcp payload)
4310 * (SASL ldap PDUs might be >64k in size, which is why
4311 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
4313 * 2, we must have a conversation and the auth type must
4316 sasl_len=tvb_get_ntohl(tvb, 0);
4319 goto this_was_not_sasl;
4322 if( sasl_len>LDAP_SASL_MAX_BUF ){
4323 goto this_was_not_sasl;
4326 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
4327 goto this_was_not_sasl;
4330 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu);
4334 /* check if it is a normal BER encoded LDAP packet
4335 * i.e. first byte is 0x30 followed by a length that is
4337 * (no ldap PDUs are ever >64kb? )
4339 if(tvb_get_guint8(tvb, 0)!=0x30){
4340 goto this_was_not_normal_ldap;
4343 /* check that length makes sense */
4344 offset=get_ber_length(tvb, 1, &ldap_len, &ind);
4346 /* dont check ind since indefinite length is never used for ldap (famous last words)*/
4348 goto this_was_not_normal_ldap;
4351 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu);
4355 this_was_not_normal_ldap:
4357 /* perhaps it was SSL? */
4359 ldap_info->start_tls_frame &&
4360 ( pinfo->fd->num >= ldap_info->start_tls_frame)) {
4362 /* we have started TLS and so this may be an SSL layer */
4363 guint32 old_start_tls_frame;
4365 /* temporarily dissect this port as SSL */
4366 dissector_delete("tcp.port", tcp_port, ldap_handle);
4367 ssl_dissector_add(tcp_port, "ldap", TRUE);
4369 old_start_tls_frame = ldap_info->start_tls_frame;
4370 ldap_info->start_tls_frame = 0; /* make sure we don't call SSL again */
4371 pinfo->can_desegment++; /* ignore this LDAP layer so SSL can use the TCP resegment */
4373 offset = call_dissector(ssl_handle, tvb, pinfo, tree);
4375 ldap_info->start_tls_frame = old_start_tls_frame;
4376 ssl_dissector_delete(tcp_port, "ldap", TRUE);
4378 /* restore ldap as the dissector for this port */
4379 dissector_add("tcp.port", tcp_port, ldap_handle);
4389 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4391 dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
4399 ldap_conv_info_t *ldap_info;
4401 /* Free up state attached to the ldap_info structures */
4402 for (ldap_info = ldap_info_items; ldap_info != NULL; ) {
4403 ldap_conv_info_t *next;
4405 g_free(ldap_info->auth_mech);
4406 g_hash_table_destroy(ldap_info->matched);
4407 g_hash_table_destroy(ldap_info->unmatched);
4409 next = ldap_info->next;
4414 ldap_info_items = NULL;
4418 register_ldap_name_dissector_handle(const char *attr_type, dissector_handle_t dissector)
4420 dissector_add_string("ldap.name", attr_type, dissector);
4424 register_ldap_name_dissector(const char *attr_type, dissector_t dissector, int proto)
4426 dissector_handle_t dissector_handle;
4428 dissector_handle=create_dissector_handle(dissector, proto);
4429 register_ldap_name_dissector_handle(attr_type, dissector_handle);
4433 /*--- proto_register_ldap -------------------------------------------*/
4434 void proto_register_ldap(void) {
4436 /* List of fields */
4438 static hf_register_info hf[] = {
4440 { &hf_ldap_sasl_buffer_length,
4441 { "SASL Buffer Length", "ldap.sasl_buffer_length",
4442 FT_UINT32, BASE_DEC, NULL, 0x0,
4444 { &hf_ldap_response_in,
4445 { "Response In", "ldap.response_in",
4446 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4447 "The response to this LDAP request is in this frame", HFILL }},
4448 { &hf_ldap_response_to,
4449 { "Response To", "ldap.response_to",
4450 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4451 "This is a response to the LDAP request in this frame", HFILL }},
4453 { "Time", "ldap.time",
4454 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
4455 "The time between the Call and the Reply", HFILL }},
4457 { &hf_mscldap_netlogon_type,
4458 { "Type", "mscldap.netlogon.type",
4459 FT_UINT16, BASE_DEC, NULL, 0x0,
4460 "NetLogon Response type", HFILL }},
4462 { &hf_mscldap_netlogon_version,
4463 { "Version", "mscldap.netlogon.version",
4464 FT_UINT32, BASE_DEC, NULL, 0x0,
4467 { &hf_mscldap_netlogon_ipaddress_family,
4468 { "Family", "mscldap.netlogon.ipaddress.family",
4469 FT_UINT16, BASE_DEC, NULL, 0x0,
4472 { &hf_mscldap_netlogon_ipaddress_ipv4,
4473 { "IPv4", "mscldap.netlogon.ipaddress.ipv4",
4474 FT_IPv4, BASE_NONE, NULL, 0x0,
4475 "IP Address", HFILL }},
4477 { &hf_mscldap_netlogon_ipaddress_port,
4478 { "Port", "mscldap.netlogon.ipaddress.port",
4479 FT_UINT16, BASE_DEC, NULL, 0x0,
4482 { &hf_mscldap_netlogon_ipaddress,
4483 { "IP Address","mscldap.netlogon.ipaddress",
4484 FT_IPv4, BASE_NONE, NULL, 0x0,
4485 "Domain Controller IP Address", HFILL }},
4487 { &hf_mscldap_netlogon_lm_token,
4488 { "LM Token", "mscldap.netlogon.lm_token",
4489 FT_UINT16, BASE_HEX, NULL, 0x0,
4492 { &hf_mscldap_netlogon_nt_token,
4493 { "NT Token", "mscldap.netlogon.nt_token",
4494 FT_UINT16, BASE_HEX, NULL, 0x0,
4497 { &hf_mscldap_netlogon_flags,
4498 { "Flags", "mscldap.netlogon.flags",
4499 FT_UINT32, BASE_HEX, NULL, 0x0,
4500 "Netlogon flags describing the DC properties", HFILL }},
4502 { &hf_mscldap_ntver_flags,
4503 { "Search Flags", "mscldap.ntver.searchflags",
4504 FT_UINT32, BASE_HEX, NULL, 0x0,
4505 "cldap Netlogon request flags", HFILL }},
4507 { &hf_mscldap_domain_guid,
4508 { "Domain GUID", "mscldap.domain.guid",
4509 FT_BYTES, BASE_NONE, NULL, 0x0,
4512 { &hf_mscldap_forest,
4513 { "Forest", "mscldap.forest",
4514 FT_STRING, BASE_NONE, NULL, 0x0,
4517 { &hf_mscldap_domain,
4518 { "Domain", "mscldap.domain",
4519 FT_STRING, BASE_NONE, NULL, 0x0,
4520 "Domainname", HFILL }},
4522 { &hf_mscldap_hostname,
4523 { "Hostname", "mscldap.hostname",
4524 FT_STRING, BASE_NONE, NULL, 0x0,
4527 { &hf_mscldap_nb_domain,
4528 { "NetBios Domain", "mscldap.nb_domain",
4529 FT_STRING, BASE_NONE, NULL, 0x0,
4530 "NetBios Domainname", HFILL }},
4532 { &hf_mscldap_nb_hostname,
4533 { "NetBios Hostname", "mscldap.nb_hostname",
4534 FT_STRING, BASE_NONE, NULL, 0x0,
4537 { &hf_mscldap_username,
4538 { "Username", "mscldap.username",
4539 FT_STRING, BASE_NONE, NULL, 0x0,
4540 "User name", HFILL }},
4542 { &hf_mscldap_sitename,
4543 { "Site", "mscldap.sitename",
4544 FT_STRING, BASE_NONE, NULL, 0x0,
4545 "Site name", HFILL }},
4547 { &hf_mscldap_clientsitename,
4548 { "Client Site", "mscldap.clientsitename",
4549 FT_STRING, BASE_NONE, NULL, 0x0,
4550 "Client Site name", HFILL }},
4553 { "Sid", "ldap.sid",
4554 FT_STRING, BASE_NONE, NULL, 0x0,
4557 { &hf_mscldap_ntver_flags_v5cs,
4558 { "V5CS", "mscldap.ntver.searchflags.v5cs", FT_BOOLEAN, 32,
4559 TFS(&tfs_ntver_v5cs), 0x00000010, NULL, HFILL }},
4561 { &hf_mscldap_ntver_flags_v5ip,
4562 { "V5IP", "mscldap.ntver.searchflags.v5ip", FT_BOOLEAN, 32,
4563 TFS(&tfs_ntver_v5ip), 0x00000008, NULL, HFILL }},
4565 { &hf_mscldap_ntver_flags_v5ex,
4566 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32,
4567 TFS(&tfs_ntver_v5ex), 0x00000004, NULL, HFILL }},
4569 { &hf_mscldap_ntver_flags_v5,
4570 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32,
4571 TFS(&tfs_ntver_v5), 0x00000002, NULL, HFILL }},
4573 { &hf_mscldap_ntver_flags_v1,
4574 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32,
4575 TFS(&tfs_ntver_v1), 0x00000001, NULL, HFILL }},
4577 { &hf_mscldap_ntver_flags_gc,
4578 { "GC", "mscldap.ntver.searchflags.gc", FT_BOOLEAN, 32,
4579 TFS(&tfs_ntver_gc), 0x80000000, NULL, HFILL }},
4581 { &hf_mscldap_ntver_flags_local,
4582 { "Local", "mscldap.ntver.searchflags.local", FT_BOOLEAN, 32,
4583 TFS(&tfs_ntver_local), 0x40000000, NULL, HFILL }},
4585 { &hf_mscldap_ntver_flags_ip,
4586 { "IP", "mscldap.ntver.searchflags.ip", FT_BOOLEAN, 32,
4587 TFS(&tfs_ntver_ip), 0x20000000, NULL, HFILL }},
4589 { &hf_mscldap_ntver_flags_pdc,
4590 { "PDC", "mscldap.ntver.searchflags.pdc", FT_BOOLEAN, 32,
4591 TFS(&tfs_ntver_pdc), 0x10000000, NULL, HFILL }},
4593 { &hf_mscldap_ntver_flags_nt4,
4594 { "NT4", "mscldap.ntver.searchflags.nt4", FT_BOOLEAN, 32,
4595 TFS(&tfs_ntver_nt4), 0x01000000, NULL, HFILL }},
4597 { &hf_mscldap_netlogon_flags_pdc,
4598 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
4599 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
4601 { &hf_mscldap_netlogon_flags_gc,
4602 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
4603 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
4605 { &hf_mscldap_netlogon_flags_ldap,
4606 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
4607 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
4609 { &hf_mscldap_netlogon_flags_ds,
4610 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
4611 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
4613 { &hf_mscldap_netlogon_flags_kdc,
4614 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
4615 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
4617 { &hf_mscldap_netlogon_flags_timeserv,
4618 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
4619 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
4621 { &hf_mscldap_netlogon_flags_closest,
4622 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
4623 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }},
4625 { &hf_mscldap_netlogon_flags_writable,
4626 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
4627 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }},
4629 { &hf_mscldap_netlogon_flags_good_timeserv,
4630 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
4631 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
4633 { &hf_mscldap_netlogon_flags_ndnc,
4634 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
4635 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
4637 { &hf_mscldap_netlogon_flags_rodc,
4638 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32,
4639 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
4641 { &hf_mscldap_netlogon_flags_wdc,
4642 { "WDC", "mscldap.netlogon.flags.writabledc.", FT_BOOLEAN, 32,
4643 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
4645 { &hf_mscldap_netlogon_flags_dns,
4646 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32,
4647 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }},
4649 { &hf_mscldap_netlogon_flags_dnc,
4650 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32,
4651 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }},
4653 { &hf_mscldap_netlogon_flags_fnc,
4654 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32,
4655 TFS(&tfs_ads_fnc), 0x80000000, "Is the the NC the default forest root(Windows 2008)?", HFILL }},
4658 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
4659 NULL, 0, NULL, HFILL }},
4661 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
4662 { "Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CREATE_CHILD_tfs), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }},
4664 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
4665 { "Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_CHILD_tfs), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }},
4667 { &hf_ldap_AccessMask_ADS_LIST,
4668 { "List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_tfs), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }},
4670 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
4671 { "Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_SELF_WRITE_tfs), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }},
4673 { &hf_ldap_AccessMask_ADS_READ_PROP,
4674 { "Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_READ_PROP_tfs), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }},
4676 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
4677 { "Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_WRITE_PROP_tfs), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }},
4679 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
4680 { "Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_TREE_tfs), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }},
4682 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
4683 { "List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_OBJECT_tfs), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }},
4685 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
4686 { "Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CONTROL_ACCESS_tfs), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }},
4689 /*--- Included file: packet-ldap-hfarr.c ---*/
4690 #line 1 "packet-ldap-hfarr.c"
4691 { &hf_ldap_LDAPMessage_PDU,
4692 { "LDAPMessage", "ldap.LDAPMessage",
4693 FT_NONE, BASE_NONE, NULL, 0,
4694 "ldap.LDAPMessage", HFILL }},
4695 { &hf_ldap_SearchControlValue_PDU,
4696 { "SearchControlValue", "ldap.SearchControlValue",
4697 FT_NONE, BASE_NONE, NULL, 0,
4698 "ldap.SearchControlValue", HFILL }},
4699 { &hf_ldap_SortKeyList_PDU,
4700 { "SortKeyList", "ldap.SortKeyList",
4701 FT_UINT32, BASE_DEC, NULL, 0,
4702 "ldap.SortKeyList", HFILL }},
4703 { &hf_ldap_SortResult_PDU,
4704 { "SortResult", "ldap.SortResult",
4705 FT_NONE, BASE_NONE, NULL, 0,
4706 "ldap.SortResult", HFILL }},
4707 { &hf_ldap_ReplControlValue_PDU,
4708 { "ReplControlValue", "ldap.ReplControlValue",
4709 FT_NONE, BASE_NONE, NULL, 0,
4710 "ldap.ReplControlValue", HFILL }},
4711 { &hf_ldap_PasswdModifyRequestValue_PDU,
4712 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue",
4713 FT_NONE, BASE_NONE, NULL, 0,
4714 "ldap.PasswdModifyRequestValue", HFILL }},
4715 { &hf_ldap_CancelRequestValue_PDU,
4716 { "CancelRequestValue", "ldap.CancelRequestValue",
4717 FT_NONE, BASE_NONE, NULL, 0,
4718 "ldap.CancelRequestValue", HFILL }},
4719 { &hf_ldap_PasswordPolicyResponseValue_PDU,
4720 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue",
4721 FT_NONE, BASE_NONE, NULL, 0,
4722 "ldap.PasswordPolicyResponseValue", HFILL }},
4723 { &hf_ldap_messageID,
4724 { "messageID", "ldap.messageID",
4725 FT_UINT32, BASE_DEC, NULL, 0,
4726 "ldap.MessageID", HFILL }},
4727 { &hf_ldap_protocolOp,
4728 { "protocolOp", "ldap.protocolOp",
4729 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
4730 "ldap.ProtocolOp", HFILL }},
4731 { &hf_ldap_controls,
4732 { "controls", "ldap.controls",
4733 FT_UINT32, BASE_DEC, NULL, 0,
4734 "ldap.Controls", HFILL }},
4735 { &hf_ldap_bindRequest,
4736 { "bindRequest", "ldap.bindRequest",
4737 FT_NONE, BASE_NONE, NULL, 0,
4738 "ldap.BindRequest", HFILL }},
4739 { &hf_ldap_bindResponse,
4740 { "bindResponse", "ldap.bindResponse",
4741 FT_NONE, BASE_NONE, NULL, 0,
4742 "ldap.BindResponse", HFILL }},
4743 { &hf_ldap_unbindRequest,
4744 { "unbindRequest", "ldap.unbindRequest",
4745 FT_NONE, BASE_NONE, NULL, 0,
4746 "ldap.UnbindRequest", HFILL }},
4747 { &hf_ldap_searchRequest,
4748 { "searchRequest", "ldap.searchRequest",
4749 FT_NONE, BASE_NONE, NULL, 0,
4750 "ldap.SearchRequest", HFILL }},
4751 { &hf_ldap_searchResEntry,
4752 { "searchResEntry", "ldap.searchResEntry",
4753 FT_NONE, BASE_NONE, NULL, 0,
4754 "ldap.SearchResultEntry", HFILL }},
4755 { &hf_ldap_searchResDone,
4756 { "searchResDone", "ldap.searchResDone",
4757 FT_NONE, BASE_NONE, NULL, 0,
4758 "ldap.SearchResultDone", HFILL }},
4759 { &hf_ldap_searchResRef,
4760 { "searchResRef", "ldap.searchResRef",
4761 FT_UINT32, BASE_DEC, NULL, 0,
4762 "ldap.SearchResultReference", HFILL }},
4763 { &hf_ldap_modifyRequest,
4764 { "modifyRequest", "ldap.modifyRequest",
4765 FT_NONE, BASE_NONE, NULL, 0,
4766 "ldap.ModifyRequest", HFILL }},
4767 { &hf_ldap_modifyResponse,
4768 { "modifyResponse", "ldap.modifyResponse",
4769 FT_NONE, BASE_NONE, NULL, 0,
4770 "ldap.ModifyResponse", HFILL }},
4771 { &hf_ldap_addRequest,
4772 { "addRequest", "ldap.addRequest",
4773 FT_NONE, BASE_NONE, NULL, 0,
4774 "ldap.AddRequest", HFILL }},
4775 { &hf_ldap_addResponse,
4776 { "addResponse", "ldap.addResponse",
4777 FT_NONE, BASE_NONE, NULL, 0,
4778 "ldap.AddResponse", HFILL }},
4779 { &hf_ldap_delRequest,
4780 { "delRequest", "ldap.delRequest",
4781 FT_STRING, BASE_NONE, NULL, 0,
4782 "ldap.DelRequest", HFILL }},
4783 { &hf_ldap_delResponse,
4784 { "delResponse", "ldap.delResponse",
4785 FT_NONE, BASE_NONE, NULL, 0,
4786 "ldap.DelResponse", HFILL }},
4787 { &hf_ldap_modDNRequest,
4788 { "modDNRequest", "ldap.modDNRequest",
4789 FT_NONE, BASE_NONE, NULL, 0,
4790 "ldap.ModifyDNRequest", HFILL }},
4791 { &hf_ldap_modDNResponse,
4792 { "modDNResponse", "ldap.modDNResponse",
4793 FT_NONE, BASE_NONE, NULL, 0,
4794 "ldap.ModifyDNResponse", HFILL }},
4795 { &hf_ldap_compareRequest,
4796 { "compareRequest", "ldap.compareRequest",
4797 FT_NONE, BASE_NONE, NULL, 0,
4798 "ldap.CompareRequest", HFILL }},
4799 { &hf_ldap_compareResponse,
4800 { "compareResponse", "ldap.compareResponse",
4801 FT_NONE, BASE_NONE, NULL, 0,
4802 "ldap.CompareResponse", HFILL }},
4803 { &hf_ldap_abandonRequest,
4804 { "abandonRequest", "ldap.abandonRequest",
4805 FT_UINT32, BASE_DEC, NULL, 0,
4806 "ldap.AbandonRequest", HFILL }},
4807 { &hf_ldap_extendedReq,
4808 { "extendedReq", "ldap.extendedReq",
4809 FT_NONE, BASE_NONE, NULL, 0,
4810 "ldap.ExtendedRequest", HFILL }},
4811 { &hf_ldap_extendedResp,
4812 { "extendedResp", "ldap.extendedResp",
4813 FT_NONE, BASE_NONE, NULL, 0,
4814 "ldap.ExtendedResponse", HFILL }},
4815 { &hf_ldap_AttributeDescriptionList_item,
4816 { "AttributeDescription", "ldap.AttributeDescription",
4817 FT_STRING, BASE_NONE, NULL, 0,
4818 "ldap.AttributeDescription", HFILL }},
4819 { &hf_ldap_attributeDesc,
4820 { "attributeDesc", "ldap.attributeDesc",
4821 FT_STRING, BASE_NONE, NULL, 0,
4822 "ldap.AttributeDescription", HFILL }},
4823 { &hf_ldap_assertionValue,
4824 { "assertionValue", "ldap.assertionValue",
4825 FT_STRING, BASE_NONE, NULL, 0,
4826 "ldap.AssertionValue", HFILL }},
4828 { "type", "ldap.type",
4829 FT_STRING, BASE_NONE, NULL, 0,
4830 "ldap.AttributeDescription", HFILL }},
4832 { "vals", "ldap.vals",
4833 FT_UINT32, BASE_DEC, NULL, 0,
4834 "ldap.SET_OF_AttributeValue", HFILL }},
4835 { &hf_ldap_vals_item,
4836 { "AttributeValue", "ldap.AttributeValue",
4837 FT_BYTES, BASE_NONE, NULL, 0,
4838 "ldap.AttributeValue", HFILL }},
4839 { &hf_ldap_resultCode,
4840 { "resultCode", "ldap.resultCode",
4841 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
4842 "ldap.T_resultCode", HFILL }},
4843 { &hf_ldap_matchedDN,
4844 { "matchedDN", "ldap.matchedDN",
4845 FT_STRING, BASE_NONE, NULL, 0,
4846 "ldap.LDAPDN", HFILL }},
4847 { &hf_ldap_errorMessage,
4848 { "errorMessage", "ldap.errorMessage",
4849 FT_STRING, BASE_NONE, NULL, 0,
4850 "ldap.ErrorMessage", HFILL }},
4851 { &hf_ldap_referral,
4852 { "referral", "ldap.referral",
4853 FT_UINT32, BASE_DEC, NULL, 0,
4854 "ldap.Referral", HFILL }},
4855 { &hf_ldap_Referral_item,
4856 { "LDAPURL", "ldap.LDAPURL",
4857 FT_STRING, BASE_NONE, NULL, 0,
4858 "ldap.LDAPURL", HFILL }},
4859 { &hf_ldap_Controls_item,
4860 { "Control", "ldap.Control",
4861 FT_NONE, BASE_NONE, NULL, 0,
4862 "ldap.Control", HFILL }},
4863 { &hf_ldap_controlType,
4864 { "controlType", "ldap.controlType",
4865 FT_STRING, BASE_NONE, NULL, 0,
4866 "ldap.ControlType", HFILL }},
4867 { &hf_ldap_criticality,
4868 { "criticality", "ldap.criticality",
4869 FT_BOOLEAN, BASE_NONE, NULL, 0,
4870 "ldap.BOOLEAN", HFILL }},
4871 { &hf_ldap_controlValue,
4872 { "controlValue", "ldap.controlValue",
4873 FT_BYTES, BASE_NONE, NULL, 0,
4874 "ldap.T_controlValue", HFILL }},
4876 { "version", "ldap.version",
4877 FT_UINT32, BASE_DEC, NULL, 0,
4878 "ldap.INTEGER_1_127", HFILL }},
4880 { "name", "ldap.name",
4881 FT_STRING, BASE_NONE, NULL, 0,
4882 "ldap.LDAPDN", HFILL }},
4883 { &hf_ldap_authentication,
4884 { "authentication", "ldap.authentication",
4885 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
4886 "ldap.AuthenticationChoice", HFILL }},
4888 { "simple", "ldap.simple",
4889 FT_BYTES, BASE_NONE, NULL, 0,
4890 "ldap.Simple", HFILL }},
4892 { "sasl", "ldap.sasl",
4893 FT_NONE, BASE_NONE, NULL, 0,
4894 "ldap.SaslCredentials", HFILL }},
4895 { &hf_ldap_ntlmsspNegotiate,
4896 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
4897 FT_BYTES, BASE_NONE, NULL, 0,
4898 "ldap.T_ntlmsspNegotiate", HFILL }},
4899 { &hf_ldap_ntlmsspAuth,
4900 { "ntlmsspAuth", "ldap.ntlmsspAuth",
4901 FT_BYTES, BASE_NONE, NULL, 0,
4902 "ldap.T_ntlmsspAuth", HFILL }},
4903 { &hf_ldap_mechanism,
4904 { "mechanism", "ldap.mechanism",
4905 FT_STRING, BASE_NONE, NULL, 0,
4906 "ldap.Mechanism", HFILL }},
4907 { &hf_ldap_credentials,
4908 { "credentials", "ldap.credentials",
4909 FT_BYTES, BASE_NONE, NULL, 0,
4910 "ldap.Credentials", HFILL }},
4911 { &hf_ldap_bindResponse_resultCode,
4912 { "resultCode", "ldap.resultCode",
4913 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
4914 "ldap.BindResponse_resultCode", HFILL }},
4915 { &hf_ldap_bindResponse_matchedDN,
4916 { "matchedDN", "ldap.matchedDN",
4917 FT_STRING, BASE_NONE, NULL, 0,
4918 "ldap.T_bindResponse_matchedDN", HFILL }},
4919 { &hf_ldap_serverSaslCreds,
4920 { "serverSaslCreds", "ldap.serverSaslCreds",
4921 FT_BYTES, BASE_NONE, NULL, 0,
4922 "ldap.ServerSaslCreds", HFILL }},
4923 { &hf_ldap_baseObject,
4924 { "baseObject", "ldap.baseObject",
4925 FT_STRING, BASE_NONE, NULL, 0,
4926 "ldap.LDAPDN", HFILL }},
4928 { "scope", "ldap.scope",
4929 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
4930 "ldap.T_scope", HFILL }},
4931 { &hf_ldap_derefAliases,
4932 { "derefAliases", "ldap.derefAliases",
4933 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
4934 "ldap.T_derefAliases", HFILL }},
4935 { &hf_ldap_sizeLimit,
4936 { "sizeLimit", "ldap.sizeLimit",
4937 FT_UINT32, BASE_DEC, NULL, 0,
4938 "ldap.INTEGER_0_maxInt", HFILL }},
4939 { &hf_ldap_timeLimit,
4940 { "timeLimit", "ldap.timeLimit",
4941 FT_UINT32, BASE_DEC, NULL, 0,
4942 "ldap.INTEGER_0_maxInt", HFILL }},
4943 { &hf_ldap_typesOnly,
4944 { "typesOnly", "ldap.typesOnly",
4945 FT_BOOLEAN, BASE_NONE, NULL, 0,
4946 "ldap.BOOLEAN", HFILL }},
4948 { "filter", "ldap.filter",
4949 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4950 "ldap.T_filter", HFILL }},
4951 { &hf_ldap_searchRequest_attributes,
4952 { "attributes", "ldap.attributes",
4953 FT_UINT32, BASE_DEC, NULL, 0,
4954 "ldap.AttributeDescriptionList", HFILL }},
4956 { "and", "ldap.and",
4957 FT_UINT32, BASE_DEC, NULL, 0,
4958 "ldap.T_and", HFILL }},
4959 { &hf_ldap_and_item,
4960 { "and item", "ldap.and_item",
4961 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4962 "ldap.T_and_item", HFILL }},
4965 FT_UINT32, BASE_DEC, NULL, 0,
4966 "ldap.T_or", HFILL }},
4968 { "or item", "ldap.or_item",
4969 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4970 "ldap.T_or_item", HFILL }},
4972 { "not", "ldap.not",
4973 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
4974 "ldap.T_not", HFILL }},
4975 { &hf_ldap_equalityMatch,
4976 { "equalityMatch", "ldap.equalityMatch",
4977 FT_NONE, BASE_NONE, NULL, 0,
4978 "ldap.T_equalityMatch", HFILL }},
4979 { &hf_ldap_substrings,
4980 { "substrings", "ldap.substrings",
4981 FT_NONE, BASE_NONE, NULL, 0,
4982 "ldap.SubstringFilter", HFILL }},
4983 { &hf_ldap_greaterOrEqual,
4984 { "greaterOrEqual", "ldap.greaterOrEqual",
4985 FT_NONE, BASE_NONE, NULL, 0,
4986 "ldap.T_greaterOrEqual", HFILL }},
4987 { &hf_ldap_lessOrEqual,
4988 { "lessOrEqual", "ldap.lessOrEqual",
4989 FT_NONE, BASE_NONE, NULL, 0,
4990 "ldap.T_lessOrEqual", HFILL }},
4992 { "present", "ldap.present",
4993 FT_STRING, BASE_NONE, NULL, 0,
4994 "ldap.T_present", HFILL }},
4995 { &hf_ldap_approxMatch,
4996 { "approxMatch", "ldap.approxMatch",
4997 FT_NONE, BASE_NONE, NULL, 0,
4998 "ldap.T_approxMatch", HFILL }},
4999 { &hf_ldap_extensibleMatch,
5000 { "extensibleMatch", "ldap.extensibleMatch",
5001 FT_NONE, BASE_NONE, NULL, 0,
5002 "ldap.T_extensibleMatch", HFILL }},
5003 { &hf_ldap_substringFilter_substrings,
5004 { "substrings", "ldap.substrings",
5005 FT_UINT32, BASE_DEC, NULL, 0,
5006 "ldap.T_substringFilter_substrings", HFILL }},
5007 { &hf_ldap_substringFilter_substrings_item,
5008 { "substrings item", "ldap.substrings_item",
5009 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
5010 "ldap.T_substringFilter_substrings_item", HFILL }},
5012 { "initial", "ldap.initial",
5013 FT_STRING, BASE_NONE, NULL, 0,
5014 "ldap.LDAPString", HFILL }},
5016 { "any", "ldap.any",
5017 FT_STRING, BASE_NONE, NULL, 0,
5018 "ldap.LDAPString", HFILL }},
5020 { "final", "ldap.final",
5021 FT_STRING, BASE_NONE, NULL, 0,
5022 "ldap.LDAPString", HFILL }},
5023 { &hf_ldap_matchingRule,
5024 { "matchingRule", "ldap.matchingRule",
5025 FT_STRING, BASE_NONE, NULL, 0,
5026 "ldap.MatchingRuleId", HFILL }},
5027 { &hf_ldap_matchValue,
5028 { "matchValue", "ldap.matchValue",
5029 FT_STRING, BASE_NONE, NULL, 0,
5030 "ldap.AssertionValue", HFILL }},
5031 { &hf_ldap_dnAttributes,
5032 { "dnAttributes", "ldap.dnAttributes",
5033 FT_BOOLEAN, BASE_NONE, NULL, 0,
5034 "ldap.T_dnAttributes", HFILL }},
5035 { &hf_ldap_objectName,
5036 { "objectName", "ldap.objectName",
5037 FT_STRING, BASE_NONE, NULL, 0,
5038 "ldap.LDAPDN", HFILL }},
5039 { &hf_ldap_searchResultEntry_attributes,
5040 { "attributes", "ldap.attributes",
5041 FT_UINT32, BASE_DEC, NULL, 0,
5042 "ldap.PartialAttributeList", HFILL }},
5043 { &hf_ldap_PartialAttributeList_item,
5044 { "PartialAttributeList item", "ldap.PartialAttributeList_item",
5045 FT_NONE, BASE_NONE, NULL, 0,
5046 "ldap.PartialAttributeList_item", HFILL }},
5047 { &hf_ldap__untag_item,
5048 { "LDAPURL", "ldap.LDAPURL",
5049 FT_STRING, BASE_NONE, NULL, 0,
5050 "ldap.LDAPURL", HFILL }},
5052 { "object", "ldap.object",
5053 FT_STRING, BASE_NONE, NULL, 0,
5054 "ldap.LDAPDN", HFILL }},
5055 { &hf_ldap_modifyRequest_modification,
5056 { "modification", "ldap.modification",
5057 FT_UINT32, BASE_DEC, NULL, 0,
5058 "ldap.ModifyRequest_modification", HFILL }},
5059 { &hf_ldap_modifyRequest_modification_item,
5060 { "modification item", "ldap.modification_item",
5061 FT_NONE, BASE_NONE, NULL, 0,
5062 "ldap.T_modifyRequest_modification_item", HFILL }},
5063 { &hf_ldap_operation,
5064 { "operation", "ldap.operation",
5065 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
5066 "ldap.T_operation", HFILL }},
5067 { &hf_ldap_modification,
5068 { "modification", "ldap.modification",
5069 FT_NONE, BASE_NONE, NULL, 0,
5070 "ldap.AttributeTypeAndValues", HFILL }},
5072 { "entry", "ldap.entry",
5073 FT_STRING, BASE_NONE, NULL, 0,
5074 "ldap.LDAPDN", HFILL }},
5075 { &hf_ldap_attributes,
5076 { "attributes", "ldap.attributes",
5077 FT_UINT32, BASE_DEC, NULL, 0,
5078 "ldap.AttributeList", HFILL }},
5079 { &hf_ldap_AttributeList_item,
5080 { "AttributeList item", "ldap.AttributeList_item",
5081 FT_NONE, BASE_NONE, NULL, 0,
5082 "ldap.AttributeList_item", HFILL }},
5084 { "newrdn", "ldap.newrdn",
5085 FT_STRING, BASE_NONE, NULL, 0,
5086 "ldap.RelativeLDAPDN", HFILL }},
5087 { &hf_ldap_deleteoldrdn,
5088 { "deleteoldrdn", "ldap.deleteoldrdn",
5089 FT_BOOLEAN, BASE_NONE, NULL, 0,
5090 "ldap.BOOLEAN", HFILL }},
5091 { &hf_ldap_newSuperior,
5092 { "newSuperior", "ldap.newSuperior",
5093 FT_STRING, BASE_NONE, NULL, 0,
5094 "ldap.LDAPDN", HFILL }},
5096 { "ava", "ldap.ava",
5097 FT_NONE, BASE_NONE, NULL, 0,
5098 "ldap.AttributeValueAssertion", HFILL }},
5099 { &hf_ldap_requestName,
5100 { "requestName", "ldap.requestName",
5101 FT_STRING, BASE_NONE, NULL, 0,
5102 "ldap.LDAPOID", HFILL }},
5103 { &hf_ldap_requestValue,
5104 { "requestValue", "ldap.requestValue",
5105 FT_BYTES, BASE_NONE, NULL, 0,
5106 "ldap.T_requestValue", HFILL }},
5107 { &hf_ldap_extendedResponse_resultCode,
5108 { "resultCode", "ldap.resultCode",
5109 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
5110 "ldap.ExtendedResponse_resultCode", HFILL }},
5111 { &hf_ldap_responseName,
5112 { "responseName", "ldap.responseName",
5113 FT_STRING, BASE_NONE, NULL, 0,
5114 "ldap.ResponseName", HFILL }},
5115 { &hf_ldap_response,
5116 { "response", "ldap.response",
5117 FT_BYTES, BASE_NONE, NULL, 0,
5118 "ldap.OCTET_STRING", HFILL }},
5120 { "size", "ldap.size",
5121 FT_INT32, BASE_DEC, NULL, 0,
5122 "ldap.INTEGER", HFILL }},
5124 { "cookie", "ldap.cookie",
5125 FT_BYTES, BASE_NONE, NULL, 0,
5126 "ldap.OCTET_STRING", HFILL }},
5127 { &hf_ldap_SortKeyList_item,
5128 { "SortKeyList item", "ldap.SortKeyList_item",
5129 FT_NONE, BASE_NONE, NULL, 0,
5130 "ldap.SortKeyList_item", HFILL }},
5131 { &hf_ldap_attributeType,
5132 { "attributeType", "ldap.attributeType",
5133 FT_STRING, BASE_NONE, NULL, 0,
5134 "ldap.AttributeDescription", HFILL }},
5135 { &hf_ldap_orderingRule,
5136 { "orderingRule", "ldap.orderingRule",
5137 FT_STRING, BASE_NONE, NULL, 0,
5138 "ldap.MatchingRuleId", HFILL }},
5139 { &hf_ldap_reverseOrder,
5140 { "reverseOrder", "ldap.reverseOrder",
5141 FT_BOOLEAN, BASE_NONE, NULL, 0,
5142 "ldap.BOOLEAN", HFILL }},
5143 { &hf_ldap_sortResult,
5144 { "sortResult", "ldap.sortResult",
5145 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
5146 "ldap.T_sortResult", HFILL }},
5147 { &hf_ldap_parentsFirst,
5148 { "parentsFirst", "ldap.parentsFirst",
5149 FT_INT32, BASE_DEC, NULL, 0,
5150 "ldap.INTEGER", HFILL }},
5151 { &hf_ldap_maxReturnLength,
5152 { "maxReturnLength", "ldap.maxReturnLength",
5153 FT_INT32, BASE_DEC, NULL, 0,
5154 "ldap.INTEGER", HFILL }},
5155 { &hf_ldap_userIdentity,
5156 { "userIdentity", "ldap.userIdentity",
5157 FT_BYTES, BASE_NONE, NULL, 0,
5158 "ldap.OCTET_STRING", HFILL }},
5159 { &hf_ldap_oldPasswd,
5160 { "oldPasswd", "ldap.oldPasswd",
5161 FT_BYTES, BASE_NONE, NULL, 0,
5162 "ldap.OCTET_STRING", HFILL }},
5163 { &hf_ldap_newPasswd,
5164 { "newPasswd", "ldap.newPasswd",
5165 FT_BYTES, BASE_NONE, NULL, 0,
5166 "ldap.OCTET_STRING", HFILL }},
5167 { &hf_ldap_genPasswd,
5168 { "genPasswd", "ldap.genPasswd",
5169 FT_BYTES, BASE_NONE, NULL, 0,
5170 "ldap.OCTET_STRING", HFILL }},
5171 { &hf_ldap_cancelID,
5172 { "cancelID", "ldap.cancelID",
5173 FT_UINT32, BASE_DEC, NULL, 0,
5174 "ldap.MessageID", HFILL }},
5176 { "warning", "ldap.warning",
5177 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0,
5178 "ldap.T_warning", HFILL }},
5179 { &hf_ldap_timeBeforeExpiration,
5180 { "timeBeforeExpiration", "ldap.timeBeforeExpiration",
5181 FT_UINT32, BASE_DEC, NULL, 0,
5182 "ldap.INTEGER_0_maxInt", HFILL }},
5183 { &hf_ldap_graceAuthNsRemaining,
5184 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining",
5185 FT_UINT32, BASE_DEC, NULL, 0,
5186 "ldap.INTEGER_0_maxInt", HFILL }},
5188 { "error", "ldap.error",
5189 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0,
5190 "ldap.T_error", HFILL }},
5192 /*--- End of included file: packet-ldap-hfarr.c ---*/
5193 #line 2081 "packet-ldap-template.c"
5196 /* List of subtrees */
5197 static gint *ett[] = {
5200 &ett_ldap_sasl_blob,
5202 &ett_mscldap_netlogon_flags,
5203 &ett_mscldap_ntver_flags,
5204 &ett_mscldap_ipdetails,
5207 /*--- Included file: packet-ldap-ettarr.c ---*/
5208 #line 1 "packet-ldap-ettarr.c"
5209 &ett_ldap_LDAPMessage,
5210 &ett_ldap_ProtocolOp,
5211 &ett_ldap_AttributeDescriptionList,
5212 &ett_ldap_AttributeValueAssertion,
5213 &ett_ldap_Attribute,
5214 &ett_ldap_SET_OF_AttributeValue,
5215 &ett_ldap_LDAPResult,
5219 &ett_ldap_BindRequest_U,
5220 &ett_ldap_AuthenticationChoice,
5221 &ett_ldap_SaslCredentials,
5222 &ett_ldap_BindResponse_U,
5223 &ett_ldap_SearchRequest_U,
5227 &ett_ldap_SubstringFilter,
5228 &ett_ldap_T_substringFilter_substrings,
5229 &ett_ldap_T_substringFilter_substrings_item,
5230 &ett_ldap_MatchingRuleAssertion,
5231 &ett_ldap_SearchResultEntry_U,
5232 &ett_ldap_PartialAttributeList,
5233 &ett_ldap_PartialAttributeList_item,
5234 &ett_ldap_SEQUENCE_OF_LDAPURL,
5235 &ett_ldap_ModifyRequest_U,
5236 &ett_ldap_ModifyRequest_modification,
5237 &ett_ldap_T_modifyRequest_modification_item,
5238 &ett_ldap_AttributeTypeAndValues,
5239 &ett_ldap_AddRequest_U,
5240 &ett_ldap_AttributeList,
5241 &ett_ldap_AttributeList_item,
5242 &ett_ldap_ModifyDNRequest_U,
5243 &ett_ldap_CompareRequest_U,
5244 &ett_ldap_ExtendedRequest_U,
5245 &ett_ldap_ExtendedResponse_U,
5246 &ett_ldap_SearchControlValue,
5247 &ett_ldap_SortKeyList,
5248 &ett_ldap_SortKeyList_item,
5249 &ett_ldap_SortResult,
5250 &ett_ldap_ReplControlValue,
5251 &ett_ldap_PasswdModifyRequestValue,
5252 &ett_ldap_PasswdModifyResponseValue,
5253 &ett_ldap_CancelRequestValue,
5254 &ett_ldap_PasswordPolicyResponseValue,
5255 &ett_ldap_T_warning,
5257 /*--- End of included file: packet-ldap-ettarr.c ---*/
5258 #line 2094 "packet-ldap-template.c"
5261 module_t *ldap_module;
5263 /* Register protocol */
5264 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
5265 /* Register fields and subtrees */
5266 proto_register_field_array(proto_ldap, hf, array_length(hf));
5267 proto_register_subtree_array(ett, array_length(ett));
5270 register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
5272 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
5273 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
5274 "Reassemble LDAP messages spanning multiple TCP segments",
5275 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
5276 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5279 prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
5280 "Set the port for LDAP operations",
5281 10, &global_ldap_tcp_port);
5283 prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port",
5284 "Set the port for LDAP operations over SSL",
5285 10, &global_ldaps_tcp_port);
5287 prefs_register_obsolete_preference(ldap_module, "max_pdu");
5289 proto_cldap = proto_register_protocol(
5290 "Connectionless Lightweight Directory Access Protocol",
5293 register_init_routine(ldap_reinit);
5294 ldap_tap=register_tap("ldap");
5296 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", FT_STRING, BASE_NONE);
5301 /*--- proto_reg_handoff_ldap ---------------------------------------*/
5303 proto_reg_handoff_ldap(void)
5305 dissector_handle_t cldap_handle;
5306 ldap_handle = find_dissector("ldap");
5308 dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
5310 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
5311 dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);
5313 gssapi_handle = find_dissector("gssapi");
5314 gssapi_wrap_handle = find_dissector("gssapi_verf");
5315 spnego_handle = find_dissector("spnego");
5317 ntlmssp_handle = find_dissector("ntlmssp");
5319 ssl_handle = find_dissector("ssl");
5321 prefs_register_ldap();
5323 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
5324 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
5325 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
5326 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
5327 oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
5328 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
5329 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
5330 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
5331 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
5332 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
5333 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
5334 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
5335 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
5336 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
5337 oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
5338 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
5339 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
5340 oid_add_from_string("None","1.2.840.113556.1.4.970");
5341 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
5342 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
5343 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
5344 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
5345 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
5346 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
5347 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
5348 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
5349 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
5350 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
5351 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
5352 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
5353 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
5354 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
5355 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
5356 oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
5357 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
5358 oid_add_from_string("LDAP_CONTROL_VLVREQUEST VLV","2.16.840.1.113730.3.4.9");
5359 oid_add_from_string("LDAP_CONTROL_VLVRESPONSE VLV","2.16.840.1.113730.3.4.10");
5360 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852");
5361 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802");
5362 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907");
5363 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948");
5365 register_ldap_name_dissector("netlogon", dissect_NetLogon_PDU, proto_cldap);
5366 register_ldap_name_dissector("objectGUID", dissect_ldap_guid, proto_ldap);
5367 register_ldap_name_dissector("supportedControl", dissect_ldap_oid, proto_ldap);
5368 register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap);
5369 register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap);
5370 register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap);
5373 /*--- Included file: packet-ldap-dis-tab.c ---*/
5374 #line 1 "packet-ldap-dis-tab.c"
5375 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
5376 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
5377 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
5378 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_ReplControlValue_PDU, proto_ldap, "replControlValue");
5379 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
5380 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
5381 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
5384 /*--- End of included file: packet-ldap-dis-tab.c ---*/
5385 #line 2208 "packet-ldap-template.c"
5390 void prefs_register_ldap(void) {
5392 if(tcp_port != global_ldap_tcp_port) {
5394 dissector_delete("tcp.port", tcp_port, ldap_handle);
5396 /* Set our port number for future use */
5397 tcp_port = global_ldap_tcp_port;
5400 dissector_add("tcp.port", tcp_port, ldap_handle);
5404 if(ssl_port != global_ldaps_tcp_port) {
5406 ssl_dissector_delete(ssl_port, "ldap", TRUE);
5408 /* Set our port number for future use */
5409 ssl_port = global_ldaps_tcp_port;
5412 ssl_dissector_add(ssl_port, "ldap", TRUE);