1 /* Do not modify this file. */
2 /* It is created automatically by the ASN.1 to Wireshark dissector compiler */
4 /* ../../tools/asn2wrs.py -b -p ldap -c ./ldap.cnf -s ./packet-ldap-template -D . Lightweight-Directory-Access-Protocol-V3.asn */
6 /* Input file: packet-ldap-template.c */
8 #line 1 "packet-ldap-template.c"
10 * Routines for ldap packet dissection
12 * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
16 * Wireshark - Network traffic analyzer
17 * By Gerald Combs <gerald@wireshark.org>
18 * Copyright 1998 Gerald Combs
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version 2
23 * of the License, or (at your option) any later version.
25 * This program is distributed in the hope that it will be useful,
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28 * GNU General Public License for more details.
30 * You should have received a copy of the GNU General Public License
31 * along with this program; if not, write to the Free Software
32 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
37 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
38 * It's also missing extensible search filters.
40 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
43 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
44 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
48 * nazard@dragoninc.on.ca
52 * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
53 * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
57 * ronald.henderson@cognicaseusa.com
61 * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
62 * using information from the SNIA 2003 conference paper :
63 * Active Directory Domain Controller Location Service
69 * 17-DEC-2004 - added basic decoding for LDAP Controls
70 * 20-DEC-2004 - added handling for GSS-API encrypted blobs
72 * Stefan Metzmacher <metze@samba.org>
74 * 15-NOV-2005 - Changed to use the asn2wrs compiler
75 * Anders Broman <anders.broman@ericsson.com>
79 * 3-AUG-2008 - Extended the cldap support to include all netlogon data types.
80 * Updated cldap_netlogon_flags to include Windows 2008 flags
81 * Expanded the ntver ldap option with bit field
83 * Gary Reynolds <gazzadownunder@yahoo.co.uk>
87 * 09-DEC-2009 - Added support for RFC4533
88 * Content Synchronization Operation (aka syncrepl)
89 * 11-DEC-2009 - Added support for IntermediateResponse (LDAP v3 from RFC 4511)
90 * Mathieu Parent <math.parent@gmail.com>
103 #include <epan/packet.h>
104 #include <epan/conversation.h>
105 #include <epan/prefs.h>
106 #include <epan/tap.h>
107 #include <epan/emem.h>
108 #include <epan/oids.h>
109 #include <epan/strutil.h>
110 #include <epan/dissectors/packet-frame.h>
111 #include <epan/dissectors/packet-tcp.h>
112 #include <epan/dissectors/packet-windows-common.h>
113 #include <epan/dissectors/packet-dcerpc.h>
114 #include <epan/asn1.h>
116 #include "packet-ldap.h"
117 #include "packet-ntlmssp.h"
118 #include "packet-ssl.h"
119 #include "packet-smb-common.h"
121 #include "packet-ber.h"
122 #include "packet-per.h"
124 #define PNAME "Lightweight Directory Access Protocol"
125 #define PSNAME "LDAP"
126 #define PFNAME "ldap"
128 /* Initialize the protocol and registered fields */
129 static int ldap_tap = -1;
130 static int proto_ldap = -1;
131 static int proto_cldap = -1;
133 static int hf_ldap_sasl_buffer_length = -1;
134 static int hf_ldap_response_in = -1;
135 static int hf_ldap_response_to = -1;
136 static int hf_ldap_time = -1;
137 static int hf_ldap_guid = -1;
139 static int hf_mscldap_ntver_flags = -1;
140 static int hf_mscldap_ntver_flags_v1 = -1;
141 static int hf_mscldap_ntver_flags_v5 = -1;
142 static int hf_mscldap_ntver_flags_v5ex = -1;
143 static int hf_mscldap_ntver_flags_v5ip = -1;
144 static int hf_mscldap_ntver_flags_v5cs = -1;
145 static int hf_mscldap_ntver_flags_nt4 = -1;
146 static int hf_mscldap_ntver_flags_pdc = -1;
147 static int hf_mscldap_ntver_flags_local = -1;
148 static int hf_mscldap_ntver_flags_ip = -1;
149 static int hf_mscldap_ntver_flags_gc = -1;
150 static int hf_mscldap_netlogon_ipaddress_family = -1;
151 static int hf_mscldap_netlogon_ipaddress_port = -1;
152 static int hf_mscldap_netlogon_ipaddress = -1;
153 static int hf_mscldap_netlogon_ipaddress_ipv4 = -1;
154 static int hf_mscldap_netlogon_type = -1;
155 static int hf_mscldap_netlogon_flags = -1;
156 static int hf_mscldap_netlogon_flags_pdc = -1;
157 static int hf_mscldap_netlogon_flags_gc = -1;
158 static int hf_mscldap_netlogon_flags_ldap = -1;
159 static int hf_mscldap_netlogon_flags_ds = -1;
160 static int hf_mscldap_netlogon_flags_kdc = -1;
161 static int hf_mscldap_netlogon_flags_timeserv = -1;
162 static int hf_mscldap_netlogon_flags_closest = -1;
163 static int hf_mscldap_netlogon_flags_writable = -1;
164 static int hf_mscldap_netlogon_flags_good_timeserv = -1;
165 static int hf_mscldap_netlogon_flags_ndnc = -1;
166 static int hf_mscldap_netlogon_flags_fnc = -1;
167 static int hf_mscldap_netlogon_flags_dnc = -1;
168 static int hf_mscldap_netlogon_flags_dns = -1;
169 static int hf_mscldap_netlogon_flags_wdc = -1;
170 static int hf_mscldap_netlogon_flags_rodc = -1;
171 static int hf_mscldap_domain_guid = -1;
172 static int hf_mscldap_forest = -1;
173 static int hf_mscldap_domain = -1;
174 static int hf_mscldap_hostname = -1;
175 static int hf_mscldap_nb_domain = -1;
176 static int hf_mscldap_nb_hostname = -1;
177 static int hf_mscldap_username = -1;
178 static int hf_mscldap_sitename = -1;
179 static int hf_mscldap_clientsitename = -1;
180 static int hf_mscldap_netlogon_version = -1;
181 static int hf_mscldap_netlogon_lm_token = -1;
182 static int hf_mscldap_netlogon_nt_token = -1;
183 static int hf_ldap_sid = -1;
184 static int hf_ldap_AccessMask_ADS_CREATE_CHILD = -1;
185 static int hf_ldap_AccessMask_ADS_DELETE_CHILD = -1;
186 static int hf_ldap_AccessMask_ADS_LIST = -1;
187 static int hf_ldap_AccessMask_ADS_SELF_WRITE = -1;
188 static int hf_ldap_AccessMask_ADS_READ_PROP = -1;
189 static int hf_ldap_AccessMask_ADS_WRITE_PROP = -1;
190 static int hf_ldap_AccessMask_ADS_DELETE_TREE = -1;
191 static int hf_ldap_AccessMask_ADS_LIST_OBJECT = -1;
192 static int hf_ldap_AccessMask_ADS_CONTROL_ACCESS = -1;
195 /*--- Included file: packet-ldap-hf.c ---*/
196 #line 1 "packet-ldap-hf.c"
197 static int hf_ldap_LDAPMessage_PDU = -1; /* LDAPMessage */
198 static int hf_ldap_SearchControlValue_PDU = -1; /* SearchControlValue */
199 static int hf_ldap_SortKeyList_PDU = -1; /* SortKeyList */
200 static int hf_ldap_SortResult_PDU = -1; /* SortResult */
201 static int hf_ldap_ReplControlValue_PDU = -1; /* ReplControlValue */
202 static int hf_ldap_PasswdModifyRequestValue_PDU = -1; /* PasswdModifyRequestValue */
203 static int hf_ldap_CancelRequestValue_PDU = -1; /* CancelRequestValue */
204 static int hf_ldap_SyncRequestValue_PDU = -1; /* SyncRequestValue */
205 static int hf_ldap_SyncStateValue_PDU = -1; /* SyncStateValue */
206 static int hf_ldap_SyncDoneValue_PDU = -1; /* SyncDoneValue */
207 static int hf_ldap_SyncInfoValue_PDU = -1; /* SyncInfoValue */
208 static int hf_ldap_PasswordPolicyResponseValue_PDU = -1; /* PasswordPolicyResponseValue */
209 static int hf_ldap_messageID = -1; /* MessageID */
210 static int hf_ldap_protocolOp = -1; /* ProtocolOp */
211 static int hf_ldap_controls = -1; /* Controls */
212 static int hf_ldap_bindRequest = -1; /* BindRequest */
213 static int hf_ldap_bindResponse = -1; /* BindResponse */
214 static int hf_ldap_unbindRequest = -1; /* UnbindRequest */
215 static int hf_ldap_searchRequest = -1; /* SearchRequest */
216 static int hf_ldap_searchResEntry = -1; /* SearchResultEntry */
217 static int hf_ldap_searchResDone = -1; /* SearchResultDone */
218 static int hf_ldap_searchResRef = -1; /* SearchResultReference */
219 static int hf_ldap_modifyRequest = -1; /* ModifyRequest */
220 static int hf_ldap_modifyResponse = -1; /* ModifyResponse */
221 static int hf_ldap_addRequest = -1; /* AddRequest */
222 static int hf_ldap_addResponse = -1; /* AddResponse */
223 static int hf_ldap_delRequest = -1; /* DelRequest */
224 static int hf_ldap_delResponse = -1; /* DelResponse */
225 static int hf_ldap_modDNRequest = -1; /* ModifyDNRequest */
226 static int hf_ldap_modDNResponse = -1; /* ModifyDNResponse */
227 static int hf_ldap_compareRequest = -1; /* CompareRequest */
228 static int hf_ldap_compareResponse = -1; /* CompareResponse */
229 static int hf_ldap_abandonRequest = -1; /* AbandonRequest */
230 static int hf_ldap_extendedReq = -1; /* ExtendedRequest */
231 static int hf_ldap_extendedResp = -1; /* ExtendedResponse */
232 static int hf_ldap_intermediateResponse = -1; /* IntermediateResponse */
233 static int hf_ldap_AttributeDescriptionList_item = -1; /* AttributeDescription */
234 static int hf_ldap_attributeDesc = -1; /* AttributeDescription */
235 static int hf_ldap_assertionValue = -1; /* AssertionValue */
236 static int hf_ldap_type = -1; /* AttributeDescription */
237 static int hf_ldap_vals = -1; /* SET_OF_AttributeValue */
238 static int hf_ldap_vals_item = -1; /* AttributeValue */
239 static int hf_ldap_resultCode = -1; /* T_resultCode */
240 static int hf_ldap_matchedDN = -1; /* LDAPDN */
241 static int hf_ldap_errorMessage = -1; /* ErrorMessage */
242 static int hf_ldap_referral = -1; /* Referral */
243 static int hf_ldap_Referral_item = -1; /* LDAPURL */
244 static int hf_ldap_Controls_item = -1; /* Control */
245 static int hf_ldap_controlType = -1; /* ControlType */
246 static int hf_ldap_criticality = -1; /* BOOLEAN */
247 static int hf_ldap_controlValue = -1; /* T_controlValue */
248 static int hf_ldap_version = -1; /* INTEGER_1_127 */
249 static int hf_ldap_name = -1; /* LDAPDN */
250 static int hf_ldap_authentication = -1; /* AuthenticationChoice */
251 static int hf_ldap_simple = -1; /* Simple */
252 static int hf_ldap_sasl = -1; /* SaslCredentials */
253 static int hf_ldap_ntlmsspNegotiate = -1; /* T_ntlmsspNegotiate */
254 static int hf_ldap_ntlmsspAuth = -1; /* T_ntlmsspAuth */
255 static int hf_ldap_mechanism = -1; /* Mechanism */
256 static int hf_ldap_credentials = -1; /* Credentials */
257 static int hf_ldap_bindResponse_resultCode = -1; /* BindResponse_resultCode */
258 static int hf_ldap_bindResponse_matchedDN = -1; /* T_bindResponse_matchedDN */
259 static int hf_ldap_serverSaslCreds = -1; /* ServerSaslCreds */
260 static int hf_ldap_baseObject = -1; /* LDAPDN */
261 static int hf_ldap_scope = -1; /* T_scope */
262 static int hf_ldap_derefAliases = -1; /* T_derefAliases */
263 static int hf_ldap_sizeLimit = -1; /* INTEGER_0_maxInt */
264 static int hf_ldap_timeLimit = -1; /* INTEGER_0_maxInt */
265 static int hf_ldap_typesOnly = -1; /* BOOLEAN */
266 static int hf_ldap_filter = -1; /* T_filter */
267 static int hf_ldap_searchRequest_attributes = -1; /* AttributeDescriptionList */
268 static int hf_ldap_and = -1; /* T_and */
269 static int hf_ldap_and_item = -1; /* T_and_item */
270 static int hf_ldap_or = -1; /* T_or */
271 static int hf_ldap_or_item = -1; /* T_or_item */
272 static int hf_ldap_not = -1; /* T_not */
273 static int hf_ldap_equalityMatch = -1; /* T_equalityMatch */
274 static int hf_ldap_substrings = -1; /* SubstringFilter */
275 static int hf_ldap_greaterOrEqual = -1; /* T_greaterOrEqual */
276 static int hf_ldap_lessOrEqual = -1; /* T_lessOrEqual */
277 static int hf_ldap_present = -1; /* T_present */
278 static int hf_ldap_approxMatch = -1; /* T_approxMatch */
279 static int hf_ldap_extensibleMatch = -1; /* T_extensibleMatch */
280 static int hf_ldap_substringFilter_substrings = -1; /* T_substringFilter_substrings */
281 static int hf_ldap_substringFilter_substrings_item = -1; /* T_substringFilter_substrings_item */
282 static int hf_ldap_initial = -1; /* LDAPString */
283 static int hf_ldap_any = -1; /* LDAPString */
284 static int hf_ldap_final = -1; /* LDAPString */
285 static int hf_ldap_matchingRule = -1; /* MatchingRuleId */
286 static int hf_ldap_matchValue = -1; /* AssertionValue */
287 static int hf_ldap_dnAttributes = -1; /* T_dnAttributes */
288 static int hf_ldap_objectName = -1; /* LDAPDN */
289 static int hf_ldap_searchResultEntry_attributes = -1; /* PartialAttributeList */
290 static int hf_ldap_PartialAttributeList_item = -1; /* PartialAttributeList_item */
291 static int hf_ldap__untag_item = -1; /* LDAPURL */
292 static int hf_ldap_object = -1; /* LDAPDN */
293 static int hf_ldap_modifyRequest_modification = -1; /* ModifyRequest_modification */
294 static int hf_ldap_modifyRequest_modification_item = -1; /* T_modifyRequest_modification_item */
295 static int hf_ldap_operation = -1; /* T_operation */
296 static int hf_ldap_modification = -1; /* AttributeTypeAndValues */
297 static int hf_ldap_entry = -1; /* LDAPDN */
298 static int hf_ldap_attributes = -1; /* AttributeList */
299 static int hf_ldap_AttributeList_item = -1; /* AttributeList_item */
300 static int hf_ldap_newrdn = -1; /* RelativeLDAPDN */
301 static int hf_ldap_deleteoldrdn = -1; /* BOOLEAN */
302 static int hf_ldap_newSuperior = -1; /* LDAPDN */
303 static int hf_ldap_ava = -1; /* AttributeValueAssertion */
304 static int hf_ldap_requestName = -1; /* LDAPOID */
305 static int hf_ldap_requestValue = -1; /* T_requestValue */
306 static int hf_ldap_extendedResponse_resultCode = -1; /* ExtendedResponse_resultCode */
307 static int hf_ldap_responseName = -1; /* ResponseName */
308 static int hf_ldap_response = -1; /* OCTET_STRING */
309 static int hf_ldap_intermediateResponse_responseValue = -1; /* T_intermediateResponse_responseValue */
310 static int hf_ldap_size = -1; /* INTEGER */
311 static int hf_ldap_cookie = -1; /* OCTET_STRING */
312 static int hf_ldap_SortKeyList_item = -1; /* SortKeyList_item */
313 static int hf_ldap_attributeType = -1; /* AttributeDescription */
314 static int hf_ldap_orderingRule = -1; /* MatchingRuleId */
315 static int hf_ldap_reverseOrder = -1; /* BOOLEAN */
316 static int hf_ldap_sortResult = -1; /* T_sortResult */
317 static int hf_ldap_parentsFirst = -1; /* INTEGER */
318 static int hf_ldap_maxReturnLength = -1; /* INTEGER */
319 static int hf_ldap_userIdentity = -1; /* OCTET_STRING */
320 static int hf_ldap_oldPasswd = -1; /* OCTET_STRING */
321 static int hf_ldap_newPasswd = -1; /* OCTET_STRING */
322 static int hf_ldap_genPasswd = -1; /* OCTET_STRING */
323 static int hf_ldap_cancelID = -1; /* MessageID */
324 static int hf_ldap_mode = -1; /* T_mode */
325 static int hf_ldap_reloadHint = -1; /* BOOLEAN */
326 static int hf_ldap_state = -1; /* T_state */
327 static int hf_ldap_entryUUID = -1; /* SyncUUID */
328 static int hf_ldap_refreshDeletes = -1; /* BOOLEAN */
329 static int hf_ldap_newcookie = -1; /* OCTET_STRING */
330 static int hf_ldap_refreshDelete = -1; /* T_refreshDelete */
331 static int hf_ldap_refreshDone = -1; /* BOOLEAN */
332 static int hf_ldap_refreshPresent = -1; /* T_refreshPresent */
333 static int hf_ldap_syncIdSet = -1; /* T_syncIdSet */
334 static int hf_ldap_syncUUIDs = -1; /* SET_OF_SyncUUID */
335 static int hf_ldap_syncUUIDs_item = -1; /* SyncUUID */
336 static int hf_ldap_warning = -1; /* T_warning */
337 static int hf_ldap_timeBeforeExpiration = -1; /* INTEGER_0_maxInt */
338 static int hf_ldap_graceAuthNsRemaining = -1; /* INTEGER_0_maxInt */
339 static int hf_ldap_error = -1; /* T_error */
341 /*--- End of included file: packet-ldap-hf.c ---*/
342 #line 187 "packet-ldap-template.c"
344 /* Initialize the subtree pointers */
345 static gint ett_ldap = -1;
346 static gint ett_ldap_msg = -1;
347 static gint ett_ldap_sasl_blob = -1;
348 static guint ett_ldap_payload = -1;
349 static gint ett_mscldap_netlogon_flags = -1;
350 static gint ett_mscldap_ntver_flags = -1;
351 static gint ett_mscldap_ipdetails = -1;
354 /*--- Included file: packet-ldap-ett.c ---*/
355 #line 1 "packet-ldap-ett.c"
356 static gint ett_ldap_LDAPMessage = -1;
357 static gint ett_ldap_ProtocolOp = -1;
358 static gint ett_ldap_AttributeDescriptionList = -1;
359 static gint ett_ldap_AttributeValueAssertion = -1;
360 static gint ett_ldap_Attribute = -1;
361 static gint ett_ldap_SET_OF_AttributeValue = -1;
362 static gint ett_ldap_LDAPResult = -1;
363 static gint ett_ldap_Referral = -1;
364 static gint ett_ldap_Controls = -1;
365 static gint ett_ldap_Control = -1;
366 static gint ett_ldap_BindRequest_U = -1;
367 static gint ett_ldap_AuthenticationChoice = -1;
368 static gint ett_ldap_SaslCredentials = -1;
369 static gint ett_ldap_BindResponse_U = -1;
370 static gint ett_ldap_SearchRequest_U = -1;
371 static gint ett_ldap_Filter = -1;
372 static gint ett_ldap_T_and = -1;
373 static gint ett_ldap_T_or = -1;
374 static gint ett_ldap_SubstringFilter = -1;
375 static gint ett_ldap_T_substringFilter_substrings = -1;
376 static gint ett_ldap_T_substringFilter_substrings_item = -1;
377 static gint ett_ldap_MatchingRuleAssertion = -1;
378 static gint ett_ldap_SearchResultEntry_U = -1;
379 static gint ett_ldap_PartialAttributeList = -1;
380 static gint ett_ldap_PartialAttributeList_item = -1;
381 static gint ett_ldap_SEQUENCE_OF_LDAPURL = -1;
382 static gint ett_ldap_ModifyRequest_U = -1;
383 static gint ett_ldap_ModifyRequest_modification = -1;
384 static gint ett_ldap_T_modifyRequest_modification_item = -1;
385 static gint ett_ldap_AttributeTypeAndValues = -1;
386 static gint ett_ldap_AddRequest_U = -1;
387 static gint ett_ldap_AttributeList = -1;
388 static gint ett_ldap_AttributeList_item = -1;
389 static gint ett_ldap_ModifyDNRequest_U = -1;
390 static gint ett_ldap_CompareRequest_U = -1;
391 static gint ett_ldap_ExtendedRequest_U = -1;
392 static gint ett_ldap_ExtendedResponse_U = -1;
393 static gint ett_ldap_IntermediateResponse_U = -1;
394 static gint ett_ldap_SearchControlValue = -1;
395 static gint ett_ldap_SortKeyList = -1;
396 static gint ett_ldap_SortKeyList_item = -1;
397 static gint ett_ldap_SortResult = -1;
398 static gint ett_ldap_ReplControlValue = -1;
399 static gint ett_ldap_PasswdModifyRequestValue = -1;
400 static gint ett_ldap_PasswdModifyResponseValue = -1;
401 static gint ett_ldap_CancelRequestValue = -1;
402 static gint ett_ldap_SyncRequestValue = -1;
403 static gint ett_ldap_SyncStateValue = -1;
404 static gint ett_ldap_SyncDoneValue = -1;
405 static gint ett_ldap_SyncInfoValue = -1;
406 static gint ett_ldap_T_refreshDelete = -1;
407 static gint ett_ldap_T_refreshPresent = -1;
408 static gint ett_ldap_T_syncIdSet = -1;
409 static gint ett_ldap_SET_OF_SyncUUID = -1;
410 static gint ett_ldap_PasswordPolicyResponseValue = -1;
411 static gint ett_ldap_T_warning = -1;
413 /*--- End of included file: packet-ldap-ett.c ---*/
414 #line 198 "packet-ldap-template.c"
416 static dissector_table_t ldap_name_dissector_table=NULL;
417 static const char *object_identifier_id = NULL; /* LDAP OID */
419 static gboolean do_protocolop = FALSE;
420 static gchar *attr_type = NULL;
421 static gboolean is_binary_attr_type = FALSE;
422 static gboolean ldap_found_in_frame = FALSE;
424 #define TCP_PORT_LDAP 389
425 #define TCP_PORT_LDAPS 636
426 #define UDP_PORT_CLDAP 389
427 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
429 /* desegmentation of LDAP */
430 static gboolean ldap_desegment = TRUE;
431 static guint global_ldap_tcp_port = TCP_PORT_LDAP;
432 static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
433 static guint tcp_port = 0;
434 static guint ssl_port = 0;
436 static dissector_handle_t gssapi_handle;
437 static dissector_handle_t gssapi_wrap_handle;
438 static dissector_handle_t ntlmssp_handle;
439 static dissector_handle_t spnego_handle;
440 static dissector_handle_t ssl_handle;
441 static dissector_handle_t ldap_handle ;
443 void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
446 /* different types of rpc calls ontop of ms cldap */
447 #define MSCLDAP_RPC_NETLOGON 1
449 /* Message type Choice values */
450 static const value_string ldap_ProtocolOp_choice_vals[] = {
451 { 0, "bindRequest" },
452 { 1, "bindResponse" },
453 { 2, "unbindRequest" },
454 { 3, "searchRequest" },
455 { 4, "searchResEntry" },
456 { 5, "searchResDone" },
457 { 6, "searchResRef" },
458 { 7, "modifyRequest" },
459 { 8, "modifyResponse" },
461 { 10, "addResponse" },
462 { 11, "delRequest" },
463 { 12, "delResponse" },
464 { 13, "modDNRequest" },
465 { 14, "modDNResponse" },
466 { 15, "compareRequest" },
467 { 16, "compareResponse" },
468 { 17, "abandonRequest" },
469 { 18, "extendedReq" },
470 { 19, "extendedResp" },
471 { 20, "intermediateResponse" },
475 * Data structure attached to a conversation, giving authentication
476 * information from a bind request.
477 * We keep a linked list of them, so that we can free up all the
478 * authentication mechanism strings.
480 typedef struct ldap_conv_info_t {
481 struct ldap_conv_info_t *next;
482 guint auth_type; /* authentication type */
483 char *auth_mech; /* authentication mechanism */
484 guint32 first_auth_frame; /* first frame that would use a security layer */
485 GHashTable *unmatched;
489 gboolean start_tls_pending;
490 guint32 start_tls_frame;
492 static ldap_conv_info_t *ldap_info_items;
495 ldap_info_hash_matched(gconstpointer k)
497 const ldap_call_response_t *key = k;
499 return key->messageId;
503 ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
505 const ldap_call_response_t *key1 = k1;
506 const ldap_call_response_t *key2 = k2;
508 if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
511 /* a response may span multiple frames
512 if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
517 return key1->messageId==key2->messageId;
521 ldap_info_hash_unmatched(gconstpointer k)
523 const ldap_call_response_t *key = k;
525 return key->messageId;
529 ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
531 const ldap_call_response_t *key1 = k1;
532 const ldap_call_response_t *key2 = k2;
534 return key1->messageId==key2->messageId;
538 /* These are the NtVer flags
539 http://msdn.microsoft.com/en-us/library/cc201035.aspx
542 static const true_false_string tfs_ntver_v1 = {
543 "Client requested V1 netlogon response",
544 "V1 netlogon response not requested"
547 static const true_false_string tfs_ntver_v5 = {
548 "Client requested V5 netlogon response",
549 "V5 netlogon response not requested"
551 static const true_false_string tfs_ntver_v5ex = {
552 "Client requested V5 extended netlogon response",
553 "V5 extended response not requested"
555 static const true_false_string tfs_ntver_v5ip = {
556 "Client has requested IP information of the DC",
557 "IP information not requested"
559 static const true_false_string tfs_ntver_v5cs = {
560 "Client has asked for the closest site information",
561 "Closest site information not requested"
563 static const true_false_string tfs_ntver_nt4 = {
564 "Client has set Neutralize NT4 emulation",
565 "Only full AD DS requested"
567 static const true_false_string tfs_ntver_pdc = {
568 "Client has requested the PDC server",
569 "PDC server not requested"
571 static const true_false_string tfs_ntver_local = {
572 "Client indicated that it is the local machine",
573 "Client is not local"
575 static const true_false_string tfs_ntver_ip = {
576 "Client has requested IP details (obsolete)",
577 "IP details not requested"
578 };static const true_false_string tfs_ntver_gc = {
579 "Client has requested a Global Catalog server",
580 "Global Catalog not requested"
584 static int dissect_mscldap_ntver_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
588 proto_tree *tree=NULL;
590 hf_mscldap_ntver_flags_v1,
591 hf_mscldap_ntver_flags_v5,
592 hf_mscldap_ntver_flags_v5ex,
593 hf_mscldap_ntver_flags_v5ip,
594 hf_mscldap_ntver_flags_v5cs,
595 hf_mscldap_ntver_flags_nt4,
596 hf_mscldap_ntver_flags_pdc,
597 hf_mscldap_ntver_flags_ip,
598 hf_mscldap_ntver_flags_local,
599 hf_mscldap_ntver_flags_gc,
603 header_field_info *hfi;
604 gboolean one_bit_set = FALSE;
606 flags=tvb_get_letohl(tvb, offset);
607 item=proto_tree_add_item(parent_tree, hf_mscldap_ntver_flags, tvb, offset, 4, TRUE);
609 tree = proto_item_add_subtree(item, ett_mscldap_ntver_flags);
612 proto_item_append_text(item, " (");
614 for(field = fields; *field; field++) {
615 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
616 hfi = proto_registrar_get_nth(*field);
618 if(flags & hfi->bitmask) {
621 proto_item_append_text(item, ", ");
625 proto_item_append_text(item, "%s", hfi->name);
630 proto_item_append_text(item, ")");
637 /* This string contains the last LDAPString that was decoded */
638 static char *attributedesc_string=NULL;
640 /* This string contains the last AssertionValue that was decoded */
641 static char *ldapvalue_string=NULL;
643 /* if the octet string contain all printable ASCII characters, then
644 * display it as a string, othervise just display it in hex.
647 dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_, proto_tree *tree, int hf_index)
650 gboolean pc, ind, is_ascii;
656 offset=get_ber_identifier(tvb, offset, &class, &pc, &tag);
657 offset=get_ber_length(tvb, offset, &len, &ind);
659 len=tvb_length_remaining(tvb,offset);
668 * Some special/wellknown attributes in common LDAP (read AD)
669 * are neither ascii strings nor blobs of hex data.
670 * Special case these attributes and decode them more nicely.
672 * Add more special cases as required to prettify further
673 * (there cant be that many ones that are truly interesting)
675 if(attributedesc_string && !strncmp("DomainSid", attributedesc_string, 9)){
679 /* this octet string contains an NT SID */
680 sid_tvb=tvb_new_subset(tvb, offset, len, len);
681 dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
682 ldapvalue_string=tmpstr;
685 } else if ( (len==16) /* GUIDs are always 16 bytes */
686 && (attributedesc_string && !strncmp("DomainGuid", attributedesc_string, 10))) {
687 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
690 /* This octet string contained a GUID */
691 dissect_dcerpc_uuid_t(tvb, offset, actx->pinfo, tree, drep, hf_ldap_guid, &uuid);
693 ldapvalue_string=ep_alloc(1024);
694 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
695 uuid.Data1, uuid.Data2, uuid.Data3,
696 uuid.Data4[0], uuid.Data4[1],
697 uuid.Data4[2], uuid.Data4[3],
698 uuid.Data4[4], uuid.Data4[5],
699 uuid.Data4[6], uuid.Data4[7]);
702 } else if (attributedesc_string && !strncmp("NtVer", attributedesc_string, 5)){
706 /* get flag value to populate ldapvalue_string */
707 flags=tvb_get_letohl(tvb, offset);
709 ldapvalue_string=ep_alloc(1024);
710 g_snprintf(ldapvalue_string, 1023, "0x%08x",flags);
712 /* populate bitmask subtree */
713 offset = dissect_mscldap_ntver_flags(tree, tvb, offset);
721 * It was not one of our "wellknown" attributes so make the best
722 * we can and just try to see if it is an ascii string or if it
725 * XXX - should we support reading RFC 2252-style schemas
726 * for LDAP, and using that to determine how to display
727 * attribute values and assertion values?
729 * -- I dont think there are full schemas available that describe the
730 * interesting cases i.e. AD -- ronnie
732 str=tvb_get_ptr(tvb, offset, len);
735 if(!isascii(str[i]) || !isprint(str[i])){
741 /* convert the string into a printable string */
743 ldapvalue_string=ep_strndup(str, len);
745 ldapvalue_string=ep_alloc(3*len);
747 g_snprintf(ldapvalue_string+i*3,3,"%02x",str[i]&0xff);
748 ldapvalue_string[3*i+2]=':';
750 ldapvalue_string[3*len-1]=0;
753 proto_tree_add_string(tree, hf_index, tvb, offset, len, ldapvalue_string);
761 /* This string contains the last Filter item that was decoded */
762 static char *Filter_string=NULL;
763 static char *and_filter_string=NULL;
764 static char *or_filter_string=NULL;
765 static char *substring_value=NULL;
766 static char *substring_item_init=NULL;
767 static char *substring_item_any=NULL;
768 static char *substring_item_final=NULL;
769 static char *matching_rule_string=NULL;
770 static gboolean matching_rule_dnattr=FALSE;
772 /* Global variables */
773 char *mechanism = NULL;
774 static gint MessageID =-1;
775 static gint ProtocolOp = -1;
776 static gint result = 0;
777 static proto_item *ldm_tree = NULL; /* item to add text to */
779 static void ldap_do_protocolop(packet_info *pinfo)
785 valstr = val_to_str(ProtocolOp, ldap_ProtocolOp_choice_vals, "Unknown (%%u)");
787 col_append_fstr(pinfo->cinfo, COL_INFO, "%s(%u) ", valstr, MessageID);
790 proto_item_append_text(ldm_tree, " %s(%d)", valstr, MessageID);
792 do_protocolop = FALSE;
797 static ldap_call_response_t *
798 ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint messageId, guint protocolOpTag)
800 ldap_call_response_t lcr, *lcrp=NULL;
801 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)pinfo->private_data;
803 /* first see if we have already matched this */
805 lcr.messageId=messageId;
806 switch(protocolOpTag){
808 case LDAP_REQ_SEARCH:
809 case LDAP_REQ_MODIFY:
811 case LDAP_REQ_DELETE:
812 case LDAP_REQ_MODRDN:
813 case LDAP_REQ_COMPARE:
814 case LDAP_REQ_EXTENDED:
816 lcr.req_frame=pinfo->fd->num;
820 case LDAP_RES_SEARCH_ENTRY:
821 case LDAP_RES_SEARCH_REF:
822 case LDAP_RES_SEARCH_RESULT:
823 case LDAP_RES_MODIFY:
825 case LDAP_RES_DELETE:
826 case LDAP_RES_MODRDN:
827 case LDAP_RES_COMPARE:
828 case LDAP_RES_EXTENDED:
829 case LDAP_RES_INTERMEDIATE:
830 lcr.is_request=FALSE;
832 lcr.rep_frame=pinfo->fd->num;
835 lcrp=g_hash_table_lookup(ldap_info->matched, &lcr);
839 lcrp->is_request=lcr.is_request;
843 /* we haven't found a match - try and match it up */
845 switch(protocolOpTag){
847 case LDAP_REQ_SEARCH:
848 case LDAP_REQ_MODIFY:
850 case LDAP_REQ_DELETE:
851 case LDAP_REQ_MODRDN:
852 case LDAP_REQ_COMPARE:
853 case LDAP_REQ_EXTENDED:
855 /* this a a request - add it to the unmatched list */
857 /* check that we dont already have one of those in the
858 unmatched list and if so remove it */
860 lcr.messageId=messageId;
861 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
863 g_hash_table_remove(ldap_info->unmatched, lcrp);
865 /* if we cant reuse the old one, grab a new chunk */
867 lcrp=se_alloc(sizeof(ldap_call_response_t));
869 lcrp->messageId=messageId;
870 lcrp->req_frame=pinfo->fd->num;
871 lcrp->req_time=pinfo->fd->abs_ts;
873 lcrp->protocolOpTag=protocolOpTag;
874 lcrp->is_request=TRUE;
875 g_hash_table_insert(ldap_info->unmatched, lcrp, lcrp);
879 case LDAP_RES_SEARCH_ENTRY:
880 case LDAP_RES_SEARCH_REF:
881 case LDAP_RES_SEARCH_RESULT:
882 case LDAP_RES_MODIFY:
884 case LDAP_RES_DELETE:
885 case LDAP_RES_MODRDN:
886 case LDAP_RES_COMPARE:
887 case LDAP_RES_EXTENDED:
888 case LDAP_RES_INTERMEDIATE:
890 /* this is a result - it should be in our unmatched list */
892 lcr.messageId=messageId;
893 lcrp=g_hash_table_lookup(ldap_info->unmatched, &lcr);
897 if(!lcrp->rep_frame){
898 g_hash_table_remove(ldap_info->unmatched, lcrp);
899 lcrp->rep_frame=pinfo->fd->num;
900 lcrp->is_request=FALSE;
901 g_hash_table_insert(ldap_info->matched, lcrp, lcrp);
909 /* we have found a match */
914 if(lcrp->is_request){
915 it=proto_tree_add_uint(tree, hf_ldap_response_in, tvb, 0, 0, lcrp->rep_frame);
916 PROTO_ITEM_SET_GENERATED(it);
919 it=proto_tree_add_uint(tree, hf_ldap_response_to, tvb, 0, 0, lcrp->req_frame);
920 PROTO_ITEM_SET_GENERATED(it);
921 nstime_delta(&ns, &pinfo->fd->abs_ts, &lcrp->req_time);
922 it=proto_tree_add_time(tree, hf_ldap_time, tvb, 0, 0, &ns);
923 PROTO_ITEM_SET_GENERATED(it);
931 /*--- Included file: packet-ldap-fn.c ---*/
932 #line 1 "packet-ldap-fn.c"
933 /*--- Cyclic dependencies ---*/
935 /* Filter -> Filter/and -> Filter/and/_item -> Filter */
936 /* Filter -> Filter/or -> Filter/or/_item -> Filter */
937 /* Filter -> Filter/not -> Filter */
938 static int dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
944 dissect_ldap_MessageID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
947 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
961 dissect_ldap_INTEGER_1_127(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
962 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
971 dissect_ldap_LDAPString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
973 tvbuff_t *parameter_tvb = NULL;
974 char *ldapstring = NULL;
975 gchar *sc = NULL; /* semi-colon pointer */
977 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
981 if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
983 ldap_do_protocolop(actx->pinfo);
986 ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0));
988 if(hf_index == hf_ldap_baseObject) {
989 /* this is search - put it on the scanline */
990 if(!ldapstring || !*ldapstring)
991 ldapstring = "<ROOT>";
993 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
996 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1001 proto_item_append_text(actx->created_item, " (%s)", ldapstring);
1004 } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
1005 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%s) ", ldapstring);
1008 proto_item_append_text(ldm_tree, " (%s)", ldapstring);
1010 } else if ((hf_index == hf_ldap_objectName) ||
1011 (hf_index == hf_ldap_name) ||
1012 (hf_index == hf_ldap_entry) ||
1013 (hf_index == hf_ldap_object) ||
1014 (hf_index == hf_ldap_delRequest) ) {
1016 if(!ldapstring || !*ldapstring)
1017 ldapstring = "<ROOT>";
1019 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%s\" ", ldapstring);
1022 proto_item_append_text(ldm_tree, " \"%s\"", ldapstring);
1023 } else if (hf_index == hf_ldap_attributeDesc){
1024 /* remember the attribute description */
1025 attributedesc_string=ldapstring;
1026 } else if (hf_index == hf_ldap_initial){
1027 /* remember the substring item */
1028 substring_item_init=ldapstring;
1029 } else if (hf_index == hf_ldap_any){
1030 /* remember the substring item */
1031 substring_item_any=ldapstring;
1032 } else if (hf_index == hf_ldap_final){
1033 /* remember the substring item */
1034 substring_item_final=ldapstring;
1035 } else if (hf_index == hf_ldap_matchingRule){
1036 /* remember the matching rule */
1037 matching_rule_string=ldapstring;
1038 } else if (hf_index == hf_ldap_present){
1039 /* remember the present name */
1040 Filter_string=ldapstring;
1041 } else if (hf_index == hf_ldap_type) {
1042 /* remember attribute type name */
1043 attr_type = ep_strdup(ldapstring);
1045 /* append it to the parent entry */
1046 proto_item_append_text(tree, " %s", attr_type);
1048 /* remove the ";binary" component if present */
1049 if((sc = strchr(attr_type, ';')) != NULL) {
1050 if(!strcmp(sc, ";binary")) {
1051 *sc = '\0'; /* terminate the string */
1052 is_binary_attr_type = TRUE;
1055 is_binary_attr_type = FALSE;
1070 dissect_ldap_LDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1071 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1079 dissect_ldap_Simple(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1080 #line 167 "ldap.cnf"
1081 ldap_conv_info_t *ldap_info;
1083 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1087 ldap_info = actx->pinfo->private_data;
1088 ldap_info->auth_type = LDAP_AUTH_SIMPLE;
1090 actx->pinfo->private_data = ldap_info;
1100 dissect_ldap_Mechanism(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1101 #line 177 "ldap.cnf"
1103 ldap_conv_info_t *ldap_info;
1104 tvbuff_t *parameter_tvb;
1105 char *mechanism = NULL;
1106 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1109 ldap_info = actx->pinfo->private_data;
1110 ldap_info->auth_type = LDAP_AUTH_SASL;
1116 * We need to remember the authentication type and mechanism for this
1119 * XXX - actually, we might need to remember more than one
1120 * type and mechanism, if you can unbind and rebind with a
1121 * different type and/or mechanism.
1123 if(!actx->pinfo->fd->flags.visited) {
1124 mechanism = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
1125 ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
1127 * If the mechanism in this request is an empty string (which is
1128 * returned as a null pointer), use the saved mechanism instead.
1129 * Otherwise, if the saved mechanism is an empty string (null),
1130 * save this mechanism.
1132 if (mechanism == NULL) {
1133 mechanism = ldap_info->auth_mech;
1135 g_free(ldap_info->auth_mech);
1136 ldap_info->auth_mech = mechanism;
1138 actx->pinfo->private_data = ldap_info;
1148 dissect_ldap_Credentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1149 #line 214 "ldap.cnf"
1151 tvbuff_t *parameter_tvb;
1152 ldap_conv_info_t *ldap_info;
1157 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1164 ldap_info = actx->pinfo->private_data;
1165 get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag);
1167 /*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/
1168 if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) {
1170 * This is a GSS-API token ancapsulated within GSS-SPNEGO.
1171 * We need to check the first byte to check whether the blob
1172 * contains SPNEGO or GSSAPI.
1173 * All SPNEGO PDUs are of class CONSTRUCTED while
1174 * GSS PDUs are class APPLICATION
1176 if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
1177 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1179 /*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/
1180 if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) {
1182 * This is a raw GSS-API token.
1184 if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
1185 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1188 actx->pinfo->private_data = ldap_info;
1197 static const ber_sequence_t SaslCredentials_sequence[] = {
1198 { &hf_ldap_mechanism , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_Mechanism },
1199 { &hf_ldap_credentials , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_Credentials },
1200 { NULL, 0, 0, 0, NULL }
1204 dissect_ldap_SaslCredentials(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1205 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1206 SaslCredentials_sequence, hf_index, ett_ldap_SaslCredentials);
1214 dissect_ldap_T_ntlmsspNegotiate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1215 #line 687 "ldap.cnf"
1216 /* make sure the protocol op comes first */
1217 ldap_do_protocolop(actx->pinfo);
1219 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1220 offset+=tvb_length_remaining(tvb, offset);
1230 dissect_ldap_T_ntlmsspAuth(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1231 #line 694 "ldap.cnf"
1232 /* make sure the protocol op comes first */
1233 ldap_do_protocolop(actx->pinfo);
1235 call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
1236 offset+=tvb_length_remaining(tvb, offset);
1244 static const value_string ldap_AuthenticationChoice_vals[] = {
1247 { 10, "ntlmsspNegotiate" },
1248 { 11, "ntlmsspAuth" },
1252 static const ber_choice_t AuthenticationChoice_choice[] = {
1253 { 0, &hf_ldap_simple , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_Simple },
1254 { 3, &hf_ldap_sasl , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_SaslCredentials },
1255 { 10, &hf_ldap_ntlmsspNegotiate, BER_CLASS_CON, 10, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspNegotiate },
1256 { 11, &hf_ldap_ntlmsspAuth , BER_CLASS_CON, 11, BER_FLAGS_IMPLTAG, dissect_ldap_T_ntlmsspAuth },
1257 { 0, NULL, 0, 0, 0, NULL }
1261 dissect_ldap_AuthenticationChoice(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1262 #line 493 "ldap.cnf"
1265 const gchar *valstr;
1267 offset = dissect_ber_choice(actx, tree, tvb, offset,
1268 AuthenticationChoice_choice, hf_index, ett_ldap_AuthenticationChoice,
1272 ldap_do_protocolop(actx->pinfo);
1274 if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
1275 auth = AuthenticationChoice_choice[branch].value;
1277 valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%u)");
1279 /* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
1280 if ((auth != 10) && (auth != 11))
1281 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1284 proto_item_append_text(ldm_tree, " %s", valstr);
1293 static const ber_sequence_t BindRequest_U_sequence[] = {
1294 { &hf_ldap_version , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_1_127 },
1295 { &hf_ldap_name , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
1296 { &hf_ldap_authentication , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_AuthenticationChoice },
1297 { NULL, 0, 0, 0, NULL }
1301 dissect_ldap_BindRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1302 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1303 BindRequest_U_sequence, hf_index, ett_ldap_BindRequest_U);
1311 dissect_ldap_BindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1312 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1313 hf_index, BER_CLASS_APP, 0, TRUE, dissect_ldap_BindRequest_U);
1319 static const value_string ldap_BindResponse_resultCode_vals[] = {
1321 { 1, "operationsError" },
1322 { 2, "protocolError" },
1323 { 3, "timeLimitExceeded" },
1324 { 4, "sizeLimitExceeded" },
1325 { 5, "compareFalse" },
1326 { 6, "compareTrue" },
1327 { 7, "authMethodNotSupported" },
1328 { 8, "strongAuthRequired" },
1330 { 11, "adminLimitExceeded" },
1331 { 12, "unavailableCriticalExtension" },
1332 { 13, "confidentialityRequired" },
1333 { 14, "saslBindInProgress" },
1334 { 16, "noSuchAttribute" },
1335 { 17, "undefinedAttributeType" },
1336 { 18, "inappropriateMatching" },
1337 { 19, "constraintViolation" },
1338 { 20, "attributeOrValueExists" },
1339 { 21, "invalidAttributeSyntax" },
1340 { 32, "noSuchObject" },
1341 { 33, "aliasProblem" },
1342 { 34, "invalidDNSyntax" },
1343 { 36, "aliasDereferencingProblem" },
1344 { 48, "inappropriateAuthentication" },
1345 { 49, "invalidCredentials" },
1346 { 50, "insufficientAccessRights" },
1348 { 52, "unavailable" },
1349 { 53, "unwillingToPerform" },
1350 { 54, "loopDetect" },
1351 { 64, "namingViolation" },
1352 { 65, "objectClassViolation" },
1353 { 66, "notAllowedOnNonLeaf" },
1354 { 67, "notAllowedOnRDN" },
1355 { 68, "entryAlreadyExists" },
1356 { 69, "objectClassModsProhibited" },
1357 { 71, "affectsMultipleDSAs" },
1359 { 118, "canceled" },
1360 { 119, "noSuchOperation" },
1362 { 121, "cannotCancel" },
1368 dissect_ldap_BindResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1369 #line 444 "ldap.cnf"
1371 const gchar *valstr;
1373 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1377 ldap_do_protocolop(actx->pinfo);
1379 valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%u)");
1381 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1384 proto_item_append_text(ldm_tree, " %s", valstr);
1395 dissect_ldap_T_bindResponse_matchedDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1396 #line 701 "ldap.cnf"
1397 tvbuff_t *new_tvb=NULL;
1399 offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
1402 && (tvb_length(new_tvb)>=7)
1403 && (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
1405 /* make sure the protocol op comes first */
1406 ldap_do_protocolop(actx->pinfo);
1408 call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
1420 dissect_ldap_ErrorMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1421 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1429 dissect_ldap_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1430 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1434 PROTO_ITEM_SET_URL(actx->created_item);
1441 static const ber_sequence_t Referral_sequence_of[1] = {
1442 { &hf_ldap_Referral_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
1446 dissect_ldap_Referral(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1447 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1448 Referral_sequence_of, hf_index, ett_ldap_Referral);
1456 dissect_ldap_ServerSaslCreds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1457 #line 254 "ldap.cnf"
1459 tvbuff_t *parameter_tvb;
1460 ldap_conv_info_t *ldap_info;
1462 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
1467 ldap_info = actx->pinfo->private_data;
1468 switch (ldap_info->auth_type) {
1470 /* For Kerberos V4, dissect it as a ticket. */
1471 /* XXX - what about LDAP_AUTH_SIMPLE? */
1473 case LDAP_AUTH_SASL:
1475 * All frames after this are assumed to use a security layer.
1477 * XXX - won't work if there's another reply, with the security
1478 * layer, starting in the same TCP segment that ends this
1479 * reply, but as LDAP is a request/response protocol, and
1480 * as the client probably can't start using authentication until
1481 * it gets the bind reply and the server won't send a reply until
1482 * it gets a request, that probably won't happen.
1484 * XXX - that assumption is invalid; it's not clear where the
1485 * hell you find out whether there's any security layer. In
1486 * one capture, we have two GSS-SPNEGO negotiations, both of
1487 * which select MS KRB5, and the only differences in the tokens
1488 * is in the RC4-HMAC ciphertext. The various
1489 * draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
1490 * that the RFC 2222 spoo with the bitmask and maximum
1491 * output message size stuff is done - but where does that
1492 * stuff show up? Is it in the ciphertext, which means it's
1493 * presumably encrypted?
1495 * Grrr. We have to do a gross heuristic, checking whether the
1496 * putative LDAP message begins with 0x00 or not, making the
1497 * assumption that we won't have more than 2^24 bytes of
1498 * encapsulated stuff.
1500 ldap_info->first_auth_frame = actx->pinfo->fd->num + 1;
1501 if (ldap_info->auth_mech != NULL &&
1502 strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
1503 /* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
1504 * which might not be wrapped in GSS-SPNEGO but be a raw
1507 if ( (tvb_length(parameter_tvb)>=7)
1508 && (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
1509 call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
1513 * This is a GSS-API token.
1515 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1516 call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
1517 } else if (ldap_info->auth_mech != NULL &&
1518 strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
1520 * This is a GSS-API token.
1522 if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
1523 call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
1527 actx->pinfo->private_data = ldap_info;
1535 static const ber_sequence_t BindResponse_U_sequence[] = {
1536 { &hf_ldap_bindResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse_resultCode },
1537 { &hf_ldap_bindResponse_matchedDN, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_T_bindResponse_matchedDN },
1538 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
1539 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
1540 { &hf_ldap_serverSaslCreds, BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ServerSaslCreds },
1541 { NULL, 0, 0, 0, NULL }
1545 dissect_ldap_BindResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1546 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1547 BindResponse_U_sequence, hf_index, ett_ldap_BindResponse_U);
1555 dissect_ldap_BindResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1556 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1557 hf_index, BER_CLASS_APP, 1, TRUE, dissect_ldap_BindResponse_U);
1565 dissect_ldap_NULL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1566 offset = dissect_ber_null(implicit_tag, actx, tree, tvb, offset, hf_index);
1574 dissect_ldap_UnbindRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1575 #line 515 "ldap.cnf"
1577 implicit_tag = TRUE; /* correct problem with asn2wrs */
1579 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
1580 hf_index, BER_CLASS_APP, 2, TRUE, dissect_ldap_NULL);
1583 ldap_do_protocolop(actx->pinfo);
1595 static const value_string ldap_T_scope_vals[] = {
1596 { 0, "baseObject" },
1597 { 1, "singleLevel" },
1598 { 2, "wholeSubtree" },
1604 dissect_ldap_T_scope(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1605 #line 412 "ldap.cnf"
1608 const gchar *valstr;
1610 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1614 ldap_do_protocolop(actx->pinfo);
1616 valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%u)");
1618 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
1621 proto_item_append_text(ldm_tree, " %s", valstr);
1629 static const value_string ldap_T_derefAliases_vals[] = {
1630 { 0, "neverDerefAliases" },
1631 { 1, "derefInSearching" },
1632 { 2, "derefFindingBaseObj" },
1633 { 3, "derefAlways" },
1639 dissect_ldap_T_derefAliases(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1640 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1649 dissect_ldap_INTEGER_0_maxInt(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1650 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
1659 dissect_ldap_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1660 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
1668 dissect_ldap_T_and_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1669 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1671 #line 557 "ldap.cnf"
1672 if(and_filter_string){
1673 and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string);
1675 and_filter_string=Filter_string;
1683 static const ber_sequence_t T_and_set_of[1] = {
1684 { &hf_ldap_and_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_and_item },
1688 dissect_ldap_T_and(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1689 #line 564 "ldap.cnf"
1690 proto_tree *tr=NULL;
1691 proto_item *it=NULL;
1692 char *old_and_filter_string=and_filter_string;
1694 and_filter_string=NULL;
1696 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "and: ");
1697 tr=proto_item_add_subtree(it, ett_ldap_T_and);
1701 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1702 T_and_set_of, hf_index, ett_ldap_T_and);
1705 if(and_filter_string) {
1706 proto_item_append_text(it, "%s", and_filter_string);
1707 Filter_string=ep_strdup_printf("%s",and_filter_string);
1709 and_filter_string=old_and_filter_string;
1719 dissect_ldap_T_or_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1720 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1722 #line 584 "ldap.cnf"
1723 if(or_filter_string){
1724 or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string);
1726 or_filter_string=Filter_string;
1735 static const ber_sequence_t T_or_set_of[1] = {
1736 { &hf_ldap_or_item , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_or_item },
1740 dissect_ldap_T_or(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1741 #line 592 "ldap.cnf"
1742 proto_tree *tr=NULL;
1743 proto_item *it=NULL;
1744 char *old_or_filter_string=or_filter_string;
1746 or_filter_string=NULL;
1748 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "or: ");
1749 tr=proto_item_add_subtree(it, ett_ldap_T_or);
1752 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
1753 T_or_set_of, hf_index, ett_ldap_T_or);
1755 if(or_filter_string) {
1756 proto_item_append_text(it, "%s", or_filter_string);
1757 Filter_string=ep_strdup_printf("%s",or_filter_string);
1759 or_filter_string=old_or_filter_string;
1769 dissect_ldap_T_not(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1770 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
1772 #line 613 "ldap.cnf"
1773 Filter_string=ep_strdup_printf("(!%s)",string_or_null(Filter_string));
1782 dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1783 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1790 static const ber_sequence_t AttributeValueAssertion_sequence[] = {
1791 { &hf_ldap_attributeDesc , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1792 { &hf_ldap_assertionValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AssertionValue },
1793 { NULL, 0, 0, 0, NULL }
1797 dissect_ldap_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1798 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1799 AttributeValueAssertion_sequence, hf_index, ett_ldap_AttributeValueAssertion);
1807 dissect_ldap_T_equalityMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1808 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1810 #line 534 "ldap.cnf"
1811 Filter_string=ep_strdup_printf("(%s=%s)",
1812 string_or_null(attributedesc_string),
1813 string_or_null(ldapvalue_string));
1821 static const value_string ldap_T_substringFilter_substrings_item_vals[] = {
1828 static const ber_choice_t T_substringFilter_substrings_item_choice[] = {
1829 { 0, &hf_ldap_initial , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1830 { 1, &hf_ldap_any , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1831 { 2, &hf_ldap_final , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPString },
1832 { 0, NULL, 0, 0, 0, NULL }
1836 dissect_ldap_T_substringFilter_substrings_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1837 offset = dissect_ber_choice(actx, tree, tvb, offset,
1838 T_substringFilter_substrings_item_choice, hf_index, ett_ldap_T_substringFilter_substrings_item,
1841 #line 639 "ldap.cnf"
1842 if (substring_item_final) {
1843 substring_value=ep_strdup_printf("%s%s",
1844 (substring_value?substring_value:"*"),
1845 substring_item_final);
1846 } else if (substring_item_any) {
1847 substring_value=ep_strdup_printf("%s%s*",
1848 (substring_value?substring_value:"*"),
1849 substring_item_any);
1850 } else if (substring_item_init) {
1851 substring_value=ep_strdup_printf("%s*",
1852 substring_item_init);
1860 static const ber_sequence_t T_substringFilter_substrings_sequence_of[1] = {
1861 { &hf_ldap_substringFilter_substrings_item, BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_substringFilter_substrings_item },
1865 dissect_ldap_T_substringFilter_substrings(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1866 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
1867 T_substringFilter_substrings_sequence_of, hf_index, ett_ldap_T_substringFilter_substrings);
1873 static const ber_sequence_t SubstringFilter_sequence[] = {
1874 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
1875 { &hf_ldap_substringFilter_substrings, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_substringFilter_substrings },
1876 { NULL, 0, 0, 0, NULL }
1880 dissect_ldap_SubstringFilter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1881 #line 653 "ldap.cnf"
1882 proto_tree *tr=NULL;
1883 proto_item *it=NULL;
1884 char *old_substring_value=substring_value;
1886 substring_value=NULL;
1887 substring_item_init=NULL;
1888 substring_item_any=NULL;
1889 substring_item_final=NULL;
1891 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "substring: ");
1892 tr=proto_item_add_subtree(it, ett_ldap_SubstringFilter);
1895 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
1896 SubstringFilter_sequence, hf_index, ett_ldap_SubstringFilter);
1898 Filter_string=ep_strdup_printf("(%s=%s)",
1899 string_or_null(attr_type),
1900 string_or_null(substring_value));
1901 proto_item_append_text(it, "%s", Filter_string);
1902 substring_value=old_substring_value;
1912 dissect_ldap_T_greaterOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1913 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1915 #line 540 "ldap.cnf"
1916 Filter_string=ep_strdup_printf("(%s>=%s)",
1917 string_or_null(attributedesc_string),
1918 string_or_null(ldapvalue_string));
1928 dissect_ldap_T_lessOrEqual(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1929 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1931 #line 546 "ldap.cnf"
1932 Filter_string=ep_strdup_printf("(%s<=%s)",
1933 string_or_null(attributedesc_string),
1934 string_or_null(ldapvalue_string));
1944 dissect_ldap_T_present(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1945 offset = dissect_ldap_AttributeDescription(implicit_tag, tvb, offset, actx, tree, hf_index);
1947 #line 610 "ldap.cnf"
1948 Filter_string=ep_strdup_printf("(%s=*)",string_or_null(Filter_string));
1957 dissect_ldap_T_approxMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1958 offset = dissect_ldap_AttributeValueAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
1960 #line 552 "ldap.cnf"
1961 Filter_string=ep_strdup_printf("(%s~=%s)",
1962 string_or_null(attributedesc_string),
1963 string_or_null(ldapvalue_string));
1972 dissect_ldap_MatchingRuleId(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1973 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
1981 dissect_ldap_T_dnAttributes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
1982 #line 616 "ldap.cnf"
1985 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
1988 matching_rule_dnattr = val;
1997 static const ber_sequence_t MatchingRuleAssertion_sequence[] = {
1998 { &hf_ldap_matchingRule , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
1999 { &hf_ldap_type , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
2000 { &hf_ldap_matchValue , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_AssertionValue },
2001 { &hf_ldap_dnAttributes , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_dnAttributes },
2002 { NULL, 0, 0, 0, NULL }
2006 dissect_ldap_MatchingRuleAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2007 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2008 MatchingRuleAssertion_sequence, hf_index, ett_ldap_MatchingRuleAssertion);
2016 dissect_ldap_T_extensibleMatch(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2017 #line 625 "ldap.cnf"
2019 matching_rule_string=NULL;
2020 ldapvalue_string=NULL;
2021 matching_rule_dnattr=FALSE;
2024 offset = dissect_ldap_MatchingRuleAssertion(implicit_tag, tvb, offset, actx, tree, hf_index);
2026 #line 631 "ldap.cnf"
2027 Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)",
2028 (attr_type?attr_type:""),
2029 (matching_rule_dnattr?"dn:":""),
2030 (matching_rule_string?matching_rule_string:""),
2031 (matching_rule_string?":":""),
2032 string_or_null(ldapvalue_string));
2039 static const value_string ldap_Filter_vals[] = {
2043 { 3, "equalityMatch" },
2044 { 4, "substrings" },
2045 { 5, "greaterOrEqual" },
2046 { 6, "lessOrEqual" },
2048 { 8, "approxMatch" },
2049 { 9, "extensibleMatch" },
2053 static const ber_choice_t Filter_choice[] = {
2054 { 0, &hf_ldap_and , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_T_and },
2055 { 1, &hf_ldap_or , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_or },
2056 { 2, &hf_ldap_not , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_not },
2057 { 3, &hf_ldap_equalityMatch , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_equalityMatch },
2058 { 4, &hf_ldap_substrings , BER_CLASS_CON, 4, BER_FLAGS_IMPLTAG, dissect_ldap_SubstringFilter },
2059 { 5, &hf_ldap_greaterOrEqual , BER_CLASS_CON, 5, BER_FLAGS_IMPLTAG, dissect_ldap_T_greaterOrEqual },
2060 { 6, &hf_ldap_lessOrEqual , BER_CLASS_CON, 6, BER_FLAGS_IMPLTAG, dissect_ldap_T_lessOrEqual },
2061 { 7, &hf_ldap_present , BER_CLASS_CON, 7, BER_FLAGS_IMPLTAG, dissect_ldap_T_present },
2062 { 8, &hf_ldap_approxMatch , BER_CLASS_CON, 8, BER_FLAGS_IMPLTAG, dissect_ldap_T_approxMatch },
2063 { 9, &hf_ldap_extensibleMatch, BER_CLASS_CON, 9, BER_FLAGS_IMPLTAG, dissect_ldap_T_extensibleMatch },
2064 { 0, NULL, 0, 0, 0, NULL }
2068 dissect_ldap_Filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2069 #line 674 "ldap.cnf"
2070 proto_tree *tr=NULL;
2071 proto_item *it=NULL;
2074 it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
2075 tr=proto_item_add_subtree(it, ett_ldap_Filter);
2078 offset = dissect_ber_choice(actx, tree, tvb, offset,
2079 Filter_choice, hf_index, ett_ldap_Filter,
2083 proto_item_append_text(it, "%s", string_or_null(Filter_string));
2093 dissect_ldap_T_filter(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2094 #line 527 "ldap.cnf"
2098 offset = dissect_ldap_Filter(implicit_tag, tvb, offset, actx, tree, hf_index);
2100 #line 530 "ldap.cnf"
2102 and_filter_string=NULL;
2109 static const ber_sequence_t AttributeDescriptionList_sequence_of[1] = {
2110 { &hf_ldap_AttributeDescriptionList_item, BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2114 dissect_ldap_AttributeDescriptionList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2115 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2116 AttributeDescriptionList_sequence_of, hf_index, ett_ldap_AttributeDescriptionList);
2122 static const ber_sequence_t SearchRequest_U_sequence[] = {
2123 { &hf_ldap_baseObject , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2124 { &hf_ldap_scope , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_scope },
2125 { &hf_ldap_derefAliases , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_derefAliases },
2126 { &hf_ldap_sizeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2127 { &hf_ldap_timeLimit , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER_0_maxInt },
2128 { &hf_ldap_typesOnly , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2129 { &hf_ldap_filter , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_T_filter },
2130 { &hf_ldap_searchRequest_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescriptionList },
2131 { NULL, 0, 0, 0, NULL }
2135 dissect_ldap_SearchRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2136 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2137 SearchRequest_U_sequence, hf_index, ett_ldap_SearchRequest_U);
2145 dissect_ldap_SearchRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2146 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2147 hf_index, BER_CLASS_APP, 3, TRUE, dissect_ldap_SearchRequest_U);
2155 dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2156 #line 460 "ldap.cnf"
2161 int old_offset = offset;
2163 /* extract the value of the octetstring */
2164 offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
2166 /* if we have an attribute type that isn't binary see if there is a better dissector */
2167 if(!attr_type || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree)) {
2168 offset = old_offset;
2170 /* do the default thing */
2171 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2177 len = tvb_length_remaining(next_tvb, 0);
2179 for(i = 0; i < len; i++)
2180 if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
2184 string = tvb_get_ephemeral_string(next_tvb, 0, tvb_length_remaining(next_tvb, 0));
2187 proto_item_set_text(actx->created_item, "%s", string);
2197 static const ber_sequence_t SET_OF_AttributeValue_set_of[1] = {
2198 { &hf_ldap_vals_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValue },
2202 dissect_ldap_SET_OF_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2203 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
2204 SET_OF_AttributeValue_set_of, hf_index, ett_ldap_SET_OF_AttributeValue);
2210 static const ber_sequence_t PartialAttributeList_item_sequence[] = {
2211 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2212 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2213 { NULL, 0, 0, 0, NULL }
2217 dissect_ldap_PartialAttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2218 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2219 PartialAttributeList_item_sequence, hf_index, ett_ldap_PartialAttributeList_item);
2225 static const ber_sequence_t PartialAttributeList_sequence_of[1] = {
2226 { &hf_ldap_PartialAttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList_item },
2230 dissect_ldap_PartialAttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2231 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2232 PartialAttributeList_sequence_of, hf_index, ett_ldap_PartialAttributeList);
2238 static const ber_sequence_t SearchResultEntry_U_sequence[] = {
2239 { &hf_ldap_objectName , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2240 { &hf_ldap_searchResultEntry_attributes, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_PartialAttributeList },
2241 { NULL, 0, 0, 0, NULL }
2245 dissect_ldap_SearchResultEntry_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2246 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2247 SearchResultEntry_U_sequence, hf_index, ett_ldap_SearchResultEntry_U);
2255 dissect_ldap_SearchResultEntry(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2256 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2257 hf_index, BER_CLASS_APP, 4, TRUE, dissect_ldap_SearchResultEntry_U);
2263 static const value_string ldap_T_resultCode_vals[] = {
2265 { 1, "operationsError" },
2266 { 2, "protocolError" },
2267 { 3, "timeLimitExceeded" },
2268 { 4, "sizeLimitExceeded" },
2269 { 5, "compareFalse" },
2270 { 6, "compareTrue" },
2271 { 7, "authMethodNotSupported" },
2272 { 8, "strongAuthRequired" },
2274 { 11, "adminLimitExceeded" },
2275 { 12, "unavailableCriticalExtension" },
2276 { 13, "confidentialityRequired" },
2277 { 14, "saslBindInProgress" },
2278 { 16, "noSuchAttribute" },
2279 { 17, "undefinedAttributeType" },
2280 { 18, "inappropriateMatching" },
2281 { 19, "constraintViolation" },
2282 { 20, "attributeOrValueExists" },
2283 { 21, "invalidAttributeSyntax" },
2284 { 32, "noSuchObject" },
2285 { 33, "aliasProblem" },
2286 { 34, "invalidDNSyntax" },
2287 { 36, "aliasDereferencingProblem" },
2288 { 48, "inappropriateAuthentication" },
2289 { 49, "invalidCredentials" },
2290 { 50, "insufficientAccessRights" },
2292 { 52, "unavailable" },
2293 { 53, "unwillingToPerform" },
2294 { 54, "loopDetect" },
2295 { 64, "namingViolation" },
2296 { 65, "objectClassViolation" },
2297 { 66, "notAllowedOnNonLeaf" },
2298 { 67, "notAllowedOnRDN" },
2299 { 68, "entryAlreadyExists" },
2300 { 69, "objectClassModsProhibited" },
2301 { 71, "affectsMultipleDSAs" },
2303 { 118, "canceled" },
2304 { 119, "noSuchOperation" },
2306 { 121, "cannotCancel" },
2312 dissect_ldap_T_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2313 #line 428 "ldap.cnf"
2315 const gchar *valstr;
2317 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2321 ldap_do_protocolop(actx->pinfo);
2323 valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%u)");
2325 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", valstr);
2328 proto_item_append_text(ldm_tree, " %s", valstr);
2337 static const ber_sequence_t LDAPResult_sequence[] = {
2338 { &hf_ldap_resultCode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_resultCode },
2339 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2340 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2341 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2342 { NULL, 0, 0, 0, NULL }
2346 dissect_ldap_LDAPResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2347 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2348 LDAPResult_sequence, hf_index, ett_ldap_LDAPResult);
2356 dissect_ldap_SearchResultDone(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2357 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2358 hf_index, BER_CLASS_APP, 5, TRUE, dissect_ldap_LDAPResult);
2364 static const ber_sequence_t SEQUENCE_OF_LDAPURL_sequence_of[1] = {
2365 { &hf_ldap__untag_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPURL },
2369 dissect_ldap_SEQUENCE_OF_LDAPURL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2370 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2371 SEQUENCE_OF_LDAPURL_sequence_of, hf_index, ett_ldap_SEQUENCE_OF_LDAPURL);
2379 dissect_ldap_SearchResultReference(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2380 #line 761 "ldap.cnf"
2382 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2383 hf_index, BER_CLASS_APP, 19, TRUE, dissect_ldap_SEQUENCE_OF_LDAPURL);
2386 ldap_do_protocolop(actx->pinfo);
2395 static const value_string ldap_T_operation_vals[] = {
2404 dissect_ldap_T_operation(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2405 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2412 static const ber_sequence_t AttributeTypeAndValues_sequence[] = {
2413 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2414 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2415 { NULL, 0, 0, 0, NULL }
2419 dissect_ldap_AttributeTypeAndValues(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2420 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2421 AttributeTypeAndValues_sequence, hf_index, ett_ldap_AttributeTypeAndValues);
2427 static const ber_sequence_t T_modifyRequest_modification_item_sequence[] = {
2428 { &hf_ldap_operation , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_operation },
2429 { &hf_ldap_modification , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeTypeAndValues },
2430 { NULL, 0, 0, 0, NULL }
2434 dissect_ldap_T_modifyRequest_modification_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2435 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2436 T_modifyRequest_modification_item_sequence, hf_index, ett_ldap_T_modifyRequest_modification_item);
2442 static const ber_sequence_t ModifyRequest_modification_sequence_of[1] = {
2443 { &hf_ldap_modifyRequest_modification_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_T_modifyRequest_modification_item },
2447 dissect_ldap_ModifyRequest_modification(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2448 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2449 ModifyRequest_modification_sequence_of, hf_index, ett_ldap_ModifyRequest_modification);
2455 static const ber_sequence_t ModifyRequest_U_sequence[] = {
2456 { &hf_ldap_object , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2457 { &hf_ldap_modifyRequest_modification, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest_modification },
2458 { NULL, 0, 0, 0, NULL }
2462 dissect_ldap_ModifyRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2463 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2464 ModifyRequest_U_sequence, hf_index, ett_ldap_ModifyRequest_U);
2472 dissect_ldap_ModifyRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2473 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2474 hf_index, BER_CLASS_APP, 6, TRUE, dissect_ldap_ModifyRequest_U);
2482 dissect_ldap_ModifyResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2483 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2484 hf_index, BER_CLASS_APP, 7, TRUE, dissect_ldap_LDAPResult);
2490 static const ber_sequence_t AttributeList_item_sequence[] = {
2491 { &hf_ldap_type , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
2492 { &hf_ldap_vals , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_AttributeValue },
2493 { NULL, 0, 0, 0, NULL }
2497 dissect_ldap_AttributeList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2498 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2499 AttributeList_item_sequence, hf_index, ett_ldap_AttributeList_item);
2505 static const ber_sequence_t AttributeList_sequence_of[1] = {
2506 { &hf_ldap_AttributeList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList_item },
2510 dissect_ldap_AttributeList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2511 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
2512 AttributeList_sequence_of, hf_index, ett_ldap_AttributeList);
2518 static const ber_sequence_t AddRequest_U_sequence[] = {
2519 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2520 { &hf_ldap_attributes , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeList },
2521 { NULL, 0, 0, 0, NULL }
2525 dissect_ldap_AddRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2526 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2527 AddRequest_U_sequence, hf_index, ett_ldap_AddRequest_U);
2535 dissect_ldap_AddRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2536 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2537 hf_index, BER_CLASS_APP, 8, TRUE, dissect_ldap_AddRequest_U);
2545 dissect_ldap_AddResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2546 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2547 hf_index, BER_CLASS_APP, 9, TRUE, dissect_ldap_LDAPResult);
2555 dissect_ldap_DelRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2556 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2557 hf_index, BER_CLASS_APP, 10, TRUE, dissect_ldap_LDAPDN);
2565 dissect_ldap_DelResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2566 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2567 hf_index, BER_CLASS_APP, 11, TRUE, dissect_ldap_LDAPResult);
2575 dissect_ldap_RelativeLDAPDN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2576 offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, actx, tree, hf_index);
2582 static const ber_sequence_t ModifyDNRequest_U_sequence[] = {
2583 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2584 { &hf_ldap_newrdn , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_RelativeLDAPDN },
2585 { &hf_ldap_deleteoldrdn , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
2586 { &hf_ldap_newSuperior , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_LDAPDN },
2587 { NULL, 0, 0, 0, NULL }
2591 dissect_ldap_ModifyDNRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2592 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2593 ModifyDNRequest_U_sequence, hf_index, ett_ldap_ModifyDNRequest_U);
2601 dissect_ldap_ModifyDNRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2602 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2603 hf_index, BER_CLASS_APP, 12, TRUE, dissect_ldap_ModifyDNRequest_U);
2611 dissect_ldap_ModifyDNResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2612 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2613 hf_index, BER_CLASS_APP, 13, TRUE, dissect_ldap_LDAPResult);
2619 static const ber_sequence_t CompareRequest_U_sequence[] = {
2620 { &hf_ldap_entry , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2621 { &hf_ldap_ava , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeValueAssertion },
2622 { NULL, 0, 0, 0, NULL }
2626 dissect_ldap_CompareRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2627 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2628 CompareRequest_U_sequence, hf_index, ett_ldap_CompareRequest_U);
2636 dissect_ldap_CompareRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2637 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2638 hf_index, BER_CLASS_APP, 14, TRUE, dissect_ldap_CompareRequest_U);
2646 dissect_ldap_CompareResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2647 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2648 hf_index, BER_CLASS_APP, 15, TRUE, dissect_ldap_LDAPResult);
2656 dissect_ldap_AbandonRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2657 #line 768 "ldap.cnf"
2659 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2660 hf_index, BER_CLASS_APP, 16, TRUE, dissect_ldap_MessageID);
2663 ldap_do_protocolop(actx->pinfo);
2674 dissect_ldap_LDAPOID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2677 tvbuff_t *parameter_tvb;
2681 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2686 object_identifier_id = NULL;
2691 object_identifier_id = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
2692 name = oid_resolved_from_string(object_identifier_id);
2695 proto_item_append_text(actx->created_item, " (%s)", name);
2697 if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
2698 ldap_do_protocolop(actx->pinfo);
2699 col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
2703 if(((hf_index == hf_ldap_responseName) || (hf_index == hf_ldap_requestName)) &&
2704 !strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
2706 /* we have agreed start_tls */
2707 ldap_conv_info_t *ldap_info = NULL;
2709 ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
2712 if(hf_index == hf_ldap_responseName)
2713 /* TLS in the next frame */
2714 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
2716 /* remember we have asked to start_tls */
2717 ldap_info->start_tls_pending = TRUE;
2728 dissect_ldap_T_requestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2729 #line 736 "ldap.cnf"
2731 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2732 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
2734 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2745 static const ber_sequence_t ExtendedRequest_U_sequence[] = {
2746 { &hf_ldap_requestName , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_LDAPOID },
2747 { &hf_ldap_requestValue , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_requestValue },
2748 { NULL, 0, 0, 0, NULL }
2752 dissect_ldap_ExtendedRequest_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2753 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2754 ExtendedRequest_U_sequence, hf_index, ett_ldap_ExtendedRequest_U);
2762 dissect_ldap_ExtendedRequest(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2763 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2764 hf_index, BER_CLASS_APP, 23, TRUE, dissect_ldap_ExtendedRequest_U);
2770 static const value_string ldap_ExtendedResponse_resultCode_vals[] = {
2772 { 1, "operationsError" },
2773 { 2, "protocolError" },
2774 { 3, "timeLimitExceeded" },
2775 { 4, "sizeLimitExceeded" },
2776 { 5, "compareFalse" },
2777 { 6, "compareTrue" },
2778 { 7, "authMethodNotSupported" },
2779 { 8, "strongAuthRequired" },
2781 { 11, "adminLimitExceeded" },
2782 { 12, "unavailableCriticalExtension" },
2783 { 13, "confidentialityRequired" },
2784 { 14, "saslBindInProgress" },
2785 { 16, "noSuchAttribute" },
2786 { 17, "undefinedAttributeType" },
2787 { 18, "inappropriateMatching" },
2788 { 19, "constraintViolation" },
2789 { 20, "attributeOrValueExists" },
2790 { 21, "invalidAttributeSyntax" },
2791 { 32, "noSuchObject" },
2792 { 33, "aliasProblem" },
2793 { 34, "invalidDNSyntax" },
2794 { 36, "aliasDereferencingProblem" },
2795 { 48, "inappropriateAuthentication" },
2796 { 49, "invalidCredentials" },
2797 { 50, "insufficientAccessRights" },
2799 { 52, "unavailable" },
2800 { 53, "unwillingToPerform" },
2801 { 54, "loopDetect" },
2802 { 64, "namingViolation" },
2803 { 65, "objectClassViolation" },
2804 { 66, "notAllowedOnNonLeaf" },
2805 { 67, "notAllowedOnRDN" },
2806 { 68, "entryAlreadyExists" },
2807 { 69, "objectClassModsProhibited" },
2808 { 71, "affectsMultipleDSAs" },
2810 { 118, "canceled" },
2811 { 119, "noSuchOperation" },
2813 { 121, "cannotCancel" },
2819 dissect_ldap_ExtendedResponse_resultCode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2820 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
2829 dissect_ldap_ResponseName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2830 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
2838 dissect_ldap_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2839 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2846 static const ber_sequence_t ExtendedResponse_U_sequence[] = {
2847 { &hf_ldap_extendedResponse_resultCode, BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse_resultCode },
2848 { &hf_ldap_matchedDN , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_LDAPDN },
2849 { &hf_ldap_errorMessage , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ErrorMessage },
2850 { &hf_ldap_referral , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Referral },
2851 { &hf_ldap_responseName , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
2852 { &hf_ldap_response , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
2853 { NULL, 0, 0, 0, NULL }
2857 dissect_ldap_ExtendedResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2858 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2859 ExtendedResponse_U_sequence, hf_index, ett_ldap_ExtendedResponse_U);
2867 dissect_ldap_ExtendedResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2868 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2869 hf_index, BER_CLASS_APP, 24, TRUE, dissect_ldap_ExtendedResponse_U);
2877 dissect_ldap_T_intermediateResponse_responseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2878 #line 744 "ldap.cnf"
2883 #line 748 "ldap.cnf"
2884 if(ldm_tree && object_identifier_id) {
2885 proto_item_set_text(ldm_tree, "%s %s", "IntermediateResponse", object_identifier_id);
2886 name = oid_resolved_from_string(object_identifier_id);
2888 proto_item_append_text(ldm_tree, " (%s)", name);
2890 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
2891 offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
2893 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
2904 static const ber_sequence_t IntermediateResponse_U_sequence[] = {
2905 { &hf_ldap_responseName , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_ResponseName },
2906 { &hf_ldap_intermediateResponse_responseValue, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_intermediateResponse_responseValue },
2907 { NULL, 0, 0, 0, NULL }
2911 dissect_ldap_IntermediateResponse_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2912 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
2913 IntermediateResponse_U_sequence, hf_index, ett_ldap_IntermediateResponse_U);
2921 dissect_ldap_IntermediateResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2922 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
2923 hf_index, BER_CLASS_APP, 25, TRUE, dissect_ldap_IntermediateResponse_U);
2929 static const value_string ldap_ProtocolOp_vals[] = {
2930 { 0, "bindRequest" },
2931 { 1, "bindResponse" },
2932 { 2, "unbindRequest" },
2933 { 3, "searchRequest" },
2934 { 4, "searchResEntry" },
2935 { 5, "searchResDone" },
2936 { 19, "searchResRef" },
2937 { 6, "modifyRequest" },
2938 { 7, "modifyResponse" },
2939 { 8, "addRequest" },
2940 { 9, "addResponse" },
2941 { 10, "delRequest" },
2942 { 11, "delResponse" },
2943 { 12, "modDNRequest" },
2944 { 13, "modDNResponse" },
2945 { 14, "compareRequest" },
2946 { 15, "compareResponse" },
2947 { 16, "abandonRequest" },
2948 { 23, "extendedReq" },
2949 { 24, "extendedResp" },
2950 { 25, "intermediateResponse" },
2954 static const ber_choice_t ProtocolOp_choice[] = {
2955 { 0, &hf_ldap_bindRequest , BER_CLASS_APP, 0, BER_FLAGS_NOOWNTAG, dissect_ldap_BindRequest },
2956 { 1, &hf_ldap_bindResponse , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_ldap_BindResponse },
2957 { 2, &hf_ldap_unbindRequest , BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_ldap_UnbindRequest },
2958 { 3, &hf_ldap_searchRequest , BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchRequest },
2959 { 4, &hf_ldap_searchResEntry , BER_CLASS_APP, 4, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultEntry },
2960 { 5, &hf_ldap_searchResDone , BER_CLASS_APP, 5, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultDone },
2961 { 19, &hf_ldap_searchResRef , BER_CLASS_APP, 19, BER_FLAGS_NOOWNTAG, dissect_ldap_SearchResultReference },
2962 { 6, &hf_ldap_modifyRequest , BER_CLASS_APP, 6, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyRequest },
2963 { 7, &hf_ldap_modifyResponse , BER_CLASS_APP, 7, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyResponse },
2964 { 8, &hf_ldap_addRequest , BER_CLASS_APP, 8, BER_FLAGS_NOOWNTAG, dissect_ldap_AddRequest },
2965 { 9, &hf_ldap_addResponse , BER_CLASS_APP, 9, BER_FLAGS_NOOWNTAG, dissect_ldap_AddResponse },
2966 { 10, &hf_ldap_delRequest , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_ldap_DelRequest },
2967 { 11, &hf_ldap_delResponse , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_ldap_DelResponse },
2968 { 12, &hf_ldap_modDNRequest , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNRequest },
2969 { 13, &hf_ldap_modDNResponse , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_ldap_ModifyDNResponse },
2970 { 14, &hf_ldap_compareRequest , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareRequest },
2971 { 15, &hf_ldap_compareResponse, BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_ldap_CompareResponse },
2972 { 16, &hf_ldap_abandonRequest , BER_CLASS_APP, 16, BER_FLAGS_NOOWNTAG, dissect_ldap_AbandonRequest },
2973 { 23, &hf_ldap_extendedReq , BER_CLASS_APP, 23, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedRequest },
2974 { 24, &hf_ldap_extendedResp , BER_CLASS_APP, 24, BER_FLAGS_NOOWNTAG, dissect_ldap_ExtendedResponse },
2975 { 25, &hf_ldap_intermediateResponse, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_ldap_IntermediateResponse },
2976 { 0, NULL, 0, 0, 0, NULL }
2980 dissect_ldap_ProtocolOp(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
2981 #line 106 "ldap.cnf"
2983 ldap_call_response_t *lcrp;
2984 ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
2985 do_protocolop = TRUE;
2988 offset = dissect_ber_choice(actx, tree, tvb, offset,
2989 ProtocolOp_choice, hf_index, ett_ldap_ProtocolOp,
2992 #line 112 "ldap.cnf"
2994 if (ProtocolOp == -1) {
2998 /* ProtocolOp is the index, not the tag so convert it to the tag value */
2999 ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
3001 lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp);
3003 tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
3006 /* XXX: the count will not work if the results span multiple TCP packets */
3008 if(ldap_info && tree) { /* only count once - on tree pass */
3009 switch(ProtocolOp) {
3011 case LDAP_RES_SEARCH_ENTRY:
3012 ldap_info->num_results++;
3014 proto_item_append_text(tree, " [%d result%s]",
3015 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3019 case LDAP_RES_SEARCH_RESULT:
3021 col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
3022 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3024 proto_item_append_text(tree, " [%d result%s]",
3025 ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
3027 ldap_info->num_results = 0;
3034 if(ldap_info && (ProtocolOp == LDAP_RES_EXTENDED)) {
3035 /* this is an extend result */
3037 if(ldap_info->start_tls_pending && !ldap_info->start_tls_frame) {
3038 /* XXX: some directories do not correctly return the responseName in the extendedResponse so we don't know start_tls has been negotiated */
3040 col_append_str(actx->pinfo->cinfo, COL_INFO, "[LDAP_START_TLS_OID responseName missing] ");
3041 ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
3044 ldap_info->start_tls_pending = FALSE;
3054 dissect_ldap_ControlType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3055 offset = dissect_ldap_LDAPOID(implicit_tag, tvb, offset, actx, tree, hf_index);
3063 dissect_ldap_T_controlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3064 #line 717 "ldap.cnf"
3070 if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
3071 /* remove the OCTET STRING encoding */
3072 offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &class, &pc, &tag);
3073 offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
3075 call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
3079 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3091 static const ber_sequence_t Control_sequence[] = {
3092 { &hf_ldap_controlType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_ControlType },
3093 { &hf_ldap_criticality , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3094 { &hf_ldap_controlValue , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_T_controlValue },
3095 { NULL, 0, 0, 0, NULL }
3099 dissect_ldap_Control(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3100 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3101 Control_sequence, hf_index, ett_ldap_Control);
3107 static const ber_sequence_t Controls_sequence_of[1] = {
3108 { &hf_ldap_Controls_item , BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_Control },
3112 dissect_ldap_Controls(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3113 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3114 Controls_sequence_of, hf_index, ett_ldap_Controls);
3120 static const ber_sequence_t LDAPMessage_sequence[] = {
3121 { &hf_ldap_messageID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3122 { &hf_ldap_protocolOp , BER_CLASS_ANY/*choice*/, -1/*choice*/, BER_FLAGS_NOOWNTAG|BER_FLAGS_NOTCHKTAG, dissect_ldap_ProtocolOp },
3123 { &hf_ldap_controls , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_Controls },
3124 { NULL, 0, 0, 0, NULL }
3128 dissect_ldap_LDAPMessage(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3129 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3130 LDAPMessage_sequence, hf_index, ett_ldap_LDAPMessage);
3140 dissect_ldap_INTEGER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3141 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3148 static const ber_sequence_t SearchControlValue_sequence[] = {
3149 { &hf_ldap_size , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3150 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3151 { NULL, 0, 0, 0, NULL }
3155 dissect_ldap_SearchControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3156 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3157 SearchControlValue_sequence, hf_index, ett_ldap_SearchControlValue);
3163 static const ber_sequence_t SortKeyList_item_sequence[] = {
3164 { &hf_ldap_attributeType , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_AttributeDescription },
3165 { &hf_ldap_orderingRule , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_MatchingRuleId },
3166 { &hf_ldap_reverseOrder , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_BOOLEAN },
3167 { NULL, 0, 0, 0, NULL }
3171 dissect_ldap_SortKeyList_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3172 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3173 SortKeyList_item_sequence, hf_index, ett_ldap_SortKeyList_item);
3179 static const ber_sequence_t SortKeyList_sequence_of[1] = {
3180 { &hf_ldap_SortKeyList_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_ldap_SortKeyList_item },
3184 dissect_ldap_SortKeyList(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3185 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
3186 SortKeyList_sequence_of, hf_index, ett_ldap_SortKeyList);
3192 static const value_string ldap_T_sortResult_vals[] = {
3194 { 1, "operationsError" },
3195 { 3, "timeLimitExceeded" },
3196 { 8, "strongAuthRequired" },
3197 { 11, "adminLimitExceeded" },
3198 { 16, "noSuchAttribute" },
3199 { 18, "inappropriateMatching" },
3200 { 50, "insufficientAccessRights" },
3202 { 53, "unwillingToPerform" },
3209 dissect_ldap_T_sortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3210 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3217 static const ber_sequence_t SortResult_sequence[] = {
3218 { &hf_ldap_sortResult , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_sortResult },
3219 { &hf_ldap_attributeType , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_AttributeDescription },
3220 { NULL, 0, 0, 0, NULL }
3224 dissect_ldap_SortResult(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3225 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3226 SortResult_sequence, hf_index, ett_ldap_SortResult);
3232 static const ber_sequence_t ReplControlValue_sequence[] = {
3233 { &hf_ldap_parentsFirst , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3234 { &hf_ldap_maxReturnLength, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_INTEGER },
3235 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3236 { NULL, 0, 0, 0, NULL }
3240 dissect_ldap_ReplControlValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3241 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3242 ReplControlValue_sequence, hf_index, ett_ldap_ReplControlValue);
3248 static const ber_sequence_t PasswdModifyRequestValue_sequence[] = {
3249 { &hf_ldap_userIdentity , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3250 { &hf_ldap_oldPasswd , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3251 { &hf_ldap_newPasswd , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3252 { NULL, 0, 0, 0, NULL }
3256 dissect_ldap_PasswdModifyRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3257 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3258 PasswdModifyRequestValue_sequence, hf_index, ett_ldap_PasswdModifyRequestValue);
3264 static const ber_sequence_t PasswdModifyResponseValue_sequence[] = {
3265 { &hf_ldap_genPasswd , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3266 { NULL, 0, 0, 0, NULL }
3270 dissect_ldap_PasswdModifyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3271 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3272 PasswdModifyResponseValue_sequence, hf_index, ett_ldap_PasswdModifyResponseValue);
3278 static const ber_sequence_t CancelRequestValue_sequence[] = {
3279 { &hf_ldap_cancelID , BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_ldap_MessageID },
3280 { NULL, 0, 0, 0, NULL }
3284 dissect_ldap_CancelRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3285 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3286 CancelRequestValue_sequence, hf_index, ett_ldap_CancelRequestValue);
3292 static const value_string ldap_T_mode_vals[] = {
3293 { 1, "refreshOnly" },
3294 { 3, "refreshAndPersist" },
3300 dissect_ldap_T_mode(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3301 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3308 static const ber_sequence_t SyncRequestValue_sequence[] = {
3309 { &hf_ldap_mode , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_mode },
3310 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3311 { &hf_ldap_reloadHint , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3312 { NULL, 0, 0, 0, NULL }
3316 dissect_ldap_SyncRequestValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3317 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3318 SyncRequestValue_sequence, hf_index, ett_ldap_SyncRequestValue);
3324 static const value_string ldap_T_state_vals[] = {
3334 dissect_ldap_T_state(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3335 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3344 dissect_ldap_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3345 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
3352 static const ber_sequence_t SyncStateValue_sequence[] = {
3353 { &hf_ldap_state , BER_CLASS_UNI, BER_UNI_TAG_ENUMERATED, BER_FLAGS_NOOWNTAG, dissect_ldap_T_state },
3354 { &hf_ldap_entryUUID , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3355 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3356 { NULL, 0, 0, 0, NULL }
3360 dissect_ldap_SyncStateValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3361 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3362 SyncStateValue_sequence, hf_index, ett_ldap_SyncStateValue);
3368 static const ber_sequence_t SyncDoneValue_sequence[] = {
3369 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3370 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3371 { NULL, 0, 0, 0, NULL }
3375 dissect_ldap_SyncDoneValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3376 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3377 SyncDoneValue_sequence, hf_index, ett_ldap_SyncDoneValue);
3383 static const ber_sequence_t T_refreshDelete_sequence[] = {
3384 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3385 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3386 { NULL, 0, 0, 0, NULL }
3390 dissect_ldap_T_refreshDelete(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3391 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3392 T_refreshDelete_sequence, hf_index, ett_ldap_T_refreshDelete);
3398 static const ber_sequence_t T_refreshPresent_sequence[] = {
3399 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3400 { &hf_ldap_refreshDone , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3401 { NULL, 0, 0, 0, NULL }
3405 dissect_ldap_T_refreshPresent(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3406 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3407 T_refreshPresent_sequence, hf_index, ett_ldap_T_refreshPresent);
3413 static const ber_sequence_t SET_OF_SyncUUID_set_of[1] = {
3414 { &hf_ldap_syncUUIDs_item , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_NOOWNTAG, dissect_ldap_SyncUUID },
3418 dissect_ldap_SET_OF_SyncUUID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3419 offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset,
3420 SET_OF_SyncUUID_set_of, hf_index, ett_ldap_SET_OF_SyncUUID);
3426 static const ber_sequence_t T_syncIdSet_sequence[] = {
3427 { &hf_ldap_cookie , BER_CLASS_UNI, BER_UNI_TAG_OCTETSTRING, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_OCTET_STRING },
3428 { &hf_ldap_refreshDeletes , BER_CLASS_UNI, BER_UNI_TAG_BOOLEAN, BER_FLAGS_OPTIONAL|BER_FLAGS_NOOWNTAG, dissect_ldap_BOOLEAN },
3429 { &hf_ldap_syncUUIDs , BER_CLASS_UNI, BER_UNI_TAG_SET, BER_FLAGS_NOOWNTAG, dissect_ldap_SET_OF_SyncUUID },
3430 { NULL, 0, 0, 0, NULL }
3434 dissect_ldap_T_syncIdSet(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3435 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3436 T_syncIdSet_sequence, hf_index, ett_ldap_T_syncIdSet);
3442 static const value_string ldap_SyncInfoValue_vals[] = {
3444 { 1, "refreshDelete" },
3445 { 2, "refreshPresent" },
3450 static const ber_choice_t SyncInfoValue_choice[] = {
3451 { 0, &hf_ldap_newcookie , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_OCTET_STRING },
3452 { 1, &hf_ldap_refreshDelete , BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshDelete },
3453 { 2, &hf_ldap_refreshPresent , BER_CLASS_CON, 2, BER_FLAGS_IMPLTAG, dissect_ldap_T_refreshPresent },
3454 { 3, &hf_ldap_syncIdSet , BER_CLASS_CON, 3, BER_FLAGS_IMPLTAG, dissect_ldap_T_syncIdSet },
3455 { 0, NULL, 0, 0, 0, NULL }
3459 dissect_ldap_SyncInfoValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3460 offset = dissect_ber_choice(actx, tree, tvb, offset,
3461 SyncInfoValue_choice, hf_index, ett_ldap_SyncInfoValue,
3468 static const value_string ldap_T_warning_vals[] = {
3469 { 0, "timeBeforeExpiration" },
3470 { 1, "graceAuthNsRemaining" },
3474 static const ber_choice_t T_warning_choice[] = {
3475 { 0, &hf_ldap_timeBeforeExpiration, BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3476 { 1, &hf_ldap_graceAuthNsRemaining, BER_CLASS_CON, 1, BER_FLAGS_IMPLTAG, dissect_ldap_INTEGER_0_maxInt },
3477 { 0, NULL, 0, 0, 0, NULL }
3481 dissect_ldap_T_warning(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3482 offset = dissect_ber_choice(actx, tree, tvb, offset,
3483 T_warning_choice, hf_index, ett_ldap_T_warning,
3490 static const value_string ldap_T_error_vals[] = {
3491 { 0, "passwordExpired" },
3492 { 1, "accountLocked" },
3493 { 2, "changeAfterReset" },
3494 { 3, "passwordModNotAllowed" },
3495 { 4, "mustSupplyOldPassword" },
3496 { 5, "insufficientPasswordQuality" },
3497 { 6, "passwordTooShort" },
3498 { 7, "passwordTooYoung" },
3499 { 8, "passwordInHistory" },
3505 dissect_ldap_T_error(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3506 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
3513 static const ber_sequence_t PasswordPolicyResponseValue_sequence[] = {
3514 { &hf_ldap_warning , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_warning },
3515 { &hf_ldap_error , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL|BER_FLAGS_IMPLTAG, dissect_ldap_T_error },
3516 { NULL, 0, 0, 0, NULL }
3520 dissect_ldap_PasswordPolicyResponseValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
3521 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
3522 PasswordPolicyResponseValue_sequence, hf_index, ett_ldap_PasswordPolicyResponseValue);
3529 static void dissect_LDAPMessage_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3530 asn1_ctx_t asn1_ctx;
3531 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3532 dissect_ldap_LDAPMessage(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_LDAPMessage_PDU);
3534 static void dissect_SearchControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3535 asn1_ctx_t asn1_ctx;
3536 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3537 dissect_ldap_SearchControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SearchControlValue_PDU);
3539 static void dissect_SortKeyList_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3540 asn1_ctx_t asn1_ctx;
3541 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3542 dissect_ldap_SortKeyList(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortKeyList_PDU);
3544 static void dissect_SortResult_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3545 asn1_ctx_t asn1_ctx;
3546 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3547 dissect_ldap_SortResult(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SortResult_PDU);
3549 static void dissect_ReplControlValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3550 asn1_ctx_t asn1_ctx;
3551 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3552 dissect_ldap_ReplControlValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_ReplControlValue_PDU);
3554 static void dissect_PasswdModifyRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3555 asn1_ctx_t asn1_ctx;
3556 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3557 dissect_ldap_PasswdModifyRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswdModifyRequestValue_PDU);
3559 static void dissect_CancelRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3560 asn1_ctx_t asn1_ctx;
3561 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3562 dissect_ldap_CancelRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_CancelRequestValue_PDU);
3564 static void dissect_SyncRequestValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3565 asn1_ctx_t asn1_ctx;
3566 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3567 dissect_ldap_SyncRequestValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncRequestValue_PDU);
3569 static void dissect_SyncStateValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3570 asn1_ctx_t asn1_ctx;
3571 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3572 dissect_ldap_SyncStateValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncStateValue_PDU);
3574 static void dissect_SyncDoneValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3575 asn1_ctx_t asn1_ctx;
3576 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3577 dissect_ldap_SyncDoneValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncDoneValue_PDU);
3579 static void dissect_SyncInfoValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3580 asn1_ctx_t asn1_ctx;
3581 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3582 dissect_ldap_SyncInfoValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_SyncInfoValue_PDU);
3584 static void dissect_PasswordPolicyResponseValue_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_) {
3585 asn1_ctx_t asn1_ctx;
3586 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
3587 dissect_ldap_PasswordPolicyResponseValue(FALSE, tvb, 0, &asn1_ctx, tree, hf_ldap_PasswordPolicyResponseValue_PDU);
3591 /*--- End of included file: packet-ldap-fn.c ---*/
3592 #line 714 "packet-ldap-template.c"
3595 dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
3596 proto_tree *tree, ldap_conv_info_t *ldap_info,
3597 gboolean is_mscldap)
3600 guint length_remaining;
3602 int messageOffset = 0;
3603 guint headerLength = 0;
3605 tvbuff_t *msg_tvb = NULL;
3607 gboolean pc, ind = 0;
3613 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3615 if (length_remaining < 6) return;
3618 * OK, try to read the "Sequence Of" header; this gets the total
3619 * length of the LDAP message.
3621 messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
3622 messageOffset = get_ber_length(tvb, messageOffset, &msg_len, &ind);
3625 if((msg_len<4) || (msg_len>10000000)) return;
3627 if ( (class==BER_CLASS_UNI) && (ber_tag==BER_UNI_TAG_SEQUENCE) ) {
3629 * Add the length of the "Sequence Of" header to the message
3632 headerLength = messageOffset - offset;
3633 msg_len += headerLength;
3634 if (msg_len < headerLength) {
3636 * The message length was probably so large that the total length
3639 * Report this as an error.
3641 show_reported_bounds_error(tvb, pinfo, tree);
3646 * We couldn't parse the header; just make it the amount of data
3647 * remaining in the tvbuff, so we'll give up on this segment
3648 * after attempting to parse the message - there's nothing more
3649 * we can do. "dissect_ldap_message()" will display the error.
3651 msg_len = length_remaining;
3655 * Construct a tvbuff containing the amount of the payload we have
3656 * available. Make its reported length the amount of data in the
3659 * XXX - if reassembly isn't enabled. the subdissector will throw a
3660 * BoundsError exception, rather than a ReportedBoundsError exception.
3661 * We really want a tvbuff where the length is "length", the reported
3662 * length is "plen", and the "if the snapshot length were infinite"
3663 * length is the minimum of the reported length of the tvbuff handed
3664 * to us and "plen", with a new type of exception thrown if the offset
3665 * is within the reported length but beyond that third length, with
3666 * that exception getting the "Unreassembled Packet" error.
3668 length = length_remaining;
3669 if (length > msg_len) length = msg_len;
3670 msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
3673 * Now dissect the LDAP message.
3675 ldap_info->is_mscldap = is_mscldap;
3676 pinfo->private_data = ldap_info;
3677 dissect_LDAPMessage_PDU(msg_tvb, pinfo, tree);
3681 /* If this was a sasl blob there might be another PDU following in the
3684 if(tvb_length_remaining(tvb, offset)>=6){
3685 tvb = tvb_new_subset(tvb, offset, tvb_length_remaining(tvb, offset), -1);
3694 ldap_frame_end(void)
3696 ldap_found_in_frame = FALSE;
3700 dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
3703 conversation_t *conversation;
3704 gboolean doing_sasl_security = FALSE;
3705 guint length_remaining;
3706 ldap_conv_info_t *ldap_info = NULL;
3707 proto_item *ldap_item = NULL;
3708 proto_tree *ldap_tree = NULL;
3713 * Do we have a conversation for this connection?
3715 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3716 pinfo->ptype, pinfo->srcport,
3717 pinfo->destport, 0);
3718 if (conversation == NULL) {
3719 /* We don't yet have a conversation, so create one. */
3720 conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
3721 pinfo->ptype, pinfo->srcport,
3722 pinfo->destport, 0);
3727 * Do we already have a type and mechanism?
3729 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
3730 if (ldap_info == NULL) {
3731 /* No. Attach that information to the conversation, and add
3732 * it to the list of information structures.
3734 ldap_info = g_malloc(sizeof(ldap_conv_info_t));
3735 ldap_info->auth_type = 0;
3736 ldap_info->auth_mech = 0;
3737 ldap_info->first_auth_frame = 0;
3738 ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
3739 ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
3740 ldap_info->num_results = 0;
3741 ldap_info->start_tls_frame = 0;
3742 ldap_info->start_tls_pending = FALSE;
3744 conversation_add_proto_data(conversation, proto_ldap, ldap_info);
3746 ldap_info->next = ldap_info_items;
3747 ldap_info_items = ldap_info;
3751 switch (ldap_info->auth_type) {
3752 case LDAP_AUTH_SASL:
3754 * It's SASL; are we using a security layer?
3756 if (ldap_info->first_auth_frame != 0 &&
3757 pinfo->fd->num >= ldap_info->first_auth_frame) {
3758 doing_sasl_security = TRUE; /* yes */
3762 length_remaining = tvb_ensure_length_remaining(tvb, offset);
3764 /* It might still be a packet containing a SASL security layer
3765 * but its just that we never saw the BIND packet.
3766 * check if it looks like it could be a SASL blob here
3767 * and in that case just assume it is GSS-SPNEGO
3769 if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
3770 &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
3771 &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
3772 ldap_info->auth_type=LDAP_AUTH_SASL;
3773 ldap_info->first_auth_frame=pinfo->fd->num;
3774 ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
3775 doing_sasl_security=TRUE;
3779 * This is the first PDU, set the Protocol column and clear the
3782 col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
3784 if(ldap_found_in_frame) {
3785 /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
3786 col_append_str(pinfo->cinfo, COL_INFO, " | ");
3787 col_set_fence(pinfo->cinfo, COL_INFO);
3789 col_clear(pinfo->cinfo, COL_INFO);
3790 register_frame_end_routine (ldap_frame_end);
3791 ldap_found_in_frame = TRUE;
3794 ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, FALSE);
3795 ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
3798 * Might we be doing a SASL security layer and, if so, *are* we doing
3801 * Just because we've seen a bind reply for SASL, that doesn't mean
3802 * that we're using a SASL security layer; I've seen captures in
3803 * which some SASL negotiations lead to a security layer being used
3804 * and other negotiations don't, and it's not obvious what's different
3805 * in the two negotiations. Therefore, we assume that if the first
3806 * byte is 0, it's a length for a SASL security layer (that way, we
3807 * never reassemble more than 16 megabytes, protecting us from
3808 * chewing up *too* much memory), and otherwise that it's an LDAP
3809 * message (actually, if it's an LDAP message it should begin with 0x30,
3810 * but we want to parse garbage as LDAP messages rather than really
3814 if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
3815 proto_item *sasl_item = NULL;
3816 proto_tree *sasl_tree = NULL;
3818 guint sasl_len, sasl_msg_len, length;
3820 * Yes. The frame begins with a 4-byte big-endian length.
3821 * And we know we have at least 6 bytes
3825 * Get the SASL length, which is the length of data in the buffer
3826 * following the length (i.e., it's 4 less than the total length).
3828 * XXX - do we need to reassemble buffers? For now, we
3829 * assume that each LDAP message is entirely contained within
3832 sasl_len = tvb_get_ntohl(tvb, offset);
3833 sasl_msg_len = sasl_len + 4;
3834 if (sasl_msg_len < 4) {
3836 * The message length was probably so large that the total length
3839 * Report this as an error.
3841 show_reported_bounds_error(tvb, pinfo, tree);
3846 * Construct a tvbuff containing the amount of the payload we have
3847 * available. Make its reported length the amount of data in the PDU.
3849 * XXX - if reassembly isn't enabled. the subdissector will throw a
3850 * BoundsError exception, rather than a ReportedBoundsError exception.
3851 * We really want a tvbuff where the length is "length", the reported
3852 * length is "plen", and the "if the snapshot length were infinite"
3853 * length is the minimum of the reported length of the tvbuff handed
3854 * to us and "plen", with a new type of exception thrown if the offset
3855 * is within the reported length but beyond that third length, with
3856 * that exception getting the "Unreassembled Packet" error.
3858 length = length_remaining;
3859 if (length > sasl_msg_len) length = sasl_msg_len;
3860 sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
3863 proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
3866 sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL Buffer");
3867 sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
3870 if (ldap_info->auth_mech != NULL &&
3871 ((strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) ||
3872 /* auth_mech may have been set from the bind */
3873 (strcmp(ldap_info->auth_mech, "GSSAPI") == 0))) {
3874 tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
3879 * This is GSS-API (using SPNEGO, but we should be done with
3880 * the negotiation by now).
3882 * Dissect the GSS_Wrap() token; it'll return the length of
3883 * the token, from which we compute the offset in the tvbuff at
3884 * which the plaintext data, i.e. the LDAP message, begins.
3886 length = tvb_length_remaining(sasl_tvb, 4);
3887 if ((guint)length > sasl_len)
3889 gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
3891 /* Attempt decryption of the GSSAPI wrapped data if possible */
3892 pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
3893 pinfo->gssapi_wrap_tvb=NULL;
3894 pinfo->gssapi_encrypted_tvb=NULL;
3895 pinfo->gssapi_decrypted_tvb=NULL;
3896 ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
3897 /* if we could unwrap, do a tvb shuffle */
3898 if(pinfo->gssapi_decrypted_tvb){
3899 decr_tvb=pinfo->gssapi_decrypted_tvb;
3902 pinfo->decrypt_gssapi_tvb=0;
3903 pinfo->gssapi_wrap_tvb=NULL;
3904 pinfo->gssapi_encrypted_tvb=NULL;
3905 pinfo->gssapi_decrypted_tvb=NULL;
3908 * if len is 0 it probably mean that we got a PDU that is not
3909 * aligned to the start of the segment.
3916 * if we don't have unwrapped data,
3917 * see if the wrapping involved encryption of the
3918 * data; if not, just use the plaintext data.
3921 if(!pinfo->gssapi_data_encrypted){
3922 plain_tvb = tvb_new_subset_remaining(gssapi_tvb, ver_len);
3927 proto_item *enc_item = NULL;
3928 proto_tree *enc_tree = NULL;
3931 * The LDAP message was encrypted in the packet, and has
3932 * been decrypted; dissect the decrypted LDAP message.
3934 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy (decrypted): ");
3937 enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3938 "GSS-API Encrypted payload (%d byte%s)",
3940 plurality(sasl_len - ver_len, "", "s"));
3941 enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
3943 dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, is_mscldap);
3944 } else if (plain_tvb) {
3945 proto_item *plain_item = NULL;
3946 proto_tree *plain_tree = NULL;
3949 * The LDAP message wasn't encrypted in the packet;
3950 * dissect the plain LDAP message.
3952 col_set_str(pinfo->cinfo, COL_INFO, "SASL GSS-API Integrity: ");
3955 plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3956 "GSS-API payload (%d byte%s)",
3958 plurality(sasl_len - ver_len, "", "s"));
3959 plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
3962 dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, is_mscldap);
3965 * The LDAP message was encrypted in the packet, and was
3966 * not decrypted; just show it as encrypted data.
3968 col_add_fstr(pinfo->cinfo, COL_INFO, "SASL GSS-API Privacy: payload (%d byte%s)",
3970 plurality(sasl_len - ver_len, "", "s"));
3973 proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
3974 "GSS-API Encrypted payload (%d byte%s)",
3976 plurality(sasl_len - ver_len, "", "s"));
3980 offset += sasl_msg_len;
3982 /* plain LDAP, so dissect the payload */
3983 dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, is_mscldap);
3987 static int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot)
3991 len=tvb_get_guint8(tvb, offset);
3996 /* add potential field separation dot */
4009 /* ops its a mscldap compressed string */
4011 new_offset=tvb_get_guint8(tvb, offset);
4012 if (new_offset == offset - 1)
4013 THROW(ReportedBoundsError);
4016 dissect_mscldap_string(tvb, new_offset, str, maxlen, FALSE);
4030 return offset; /* will mess up offset in caller, is unlikely */
4032 tvb_memcpy(tvb, str, offset, len);
4039 len=tvb_get_guint8(tvb, offset);
4047 /* These are the cldap DC flags
4048 http://msdn.microsoft.com/en-us/library/cc201036.aspx
4050 static const true_false_string tfs_ads_pdc = {
4054 static const true_false_string tfs_ads_gc = {
4055 "This is a GLOBAL CATALOGUE of forest",
4056 "This is NOT a global catalog of forest"
4058 static const true_false_string tfs_ads_ldap = {
4059 "This is an LDAP server",
4060 "This is NOT an ldap server"
4062 static const true_false_string tfs_ads_ds = {
4063 "This dc supports DS",
4064 "This dc does NOT support ds"
4066 static const true_false_string tfs_ads_kdc = {
4067 "This is a KDC (kerberos)",
4068 "This is NOT a kdc (kerberos)"
4070 static const true_false_string tfs_ads_timeserv = {
4071 "This dc is running TIME SERVICES (ntp)",
4072 "This dc is NOT running time services (ntp)"
4074 static const true_false_string tfs_ads_closest = {
4075 "This is the CLOSEST dc",
4076 "This is NOT the closest dc"
4078 static const true_false_string tfs_ads_writable = {
4079 "This dc is WRITABLE",
4080 "This dc is NOT writable"
4082 static const true_false_string tfs_ads_good_timeserv = {
4083 "This dc has a GOOD TIME SERVICE (i.e. hardware clock)",
4084 "This dc does NOT have a good time service (i.e. no hardware clock)"
4086 static const true_false_string tfs_ads_ndnc = {
4087 "Domain is NON-DOMAIN NC serviced by ldap server",
4088 "Domain is NOT non-domain nc serviced by ldap server"
4090 static const true_false_string tfs_ads_rodc = {
4091 "Domain controller is a Windows 2008 RODC",
4092 "Domain controller is not a Windows 2008 RODC"
4094 static const true_false_string tfs_ads_wdc = {
4095 "Domain controller is a Windows 2008 writable NC",
4096 "Domain controller is not a Windows 2008 writable NC"
4098 static const true_false_string tfs_ads_dns = {
4099 "Server name is in DNS format (Windows 2008)",
4100 "Server name is not in DNS format (Windows 2008)"
4102 static const true_false_string tfs_ads_dnc = {
4103 "The NC is the default NC (Windows 2008)",
4104 "The NC is not the default NC (Windows 2008)"
4106 static const true_false_string tfs_ads_fnc = {
4107 "The NC is the default forest NC(Windows 2008)",
4108 "The NC is not the default forest NC (Windows 2008)"
4110 static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset)
4114 proto_tree *tree=NULL;
4116 hf_mscldap_netlogon_flags_fnc,
4117 hf_mscldap_netlogon_flags_dnc,
4118 hf_mscldap_netlogon_flags_dns,
4119 hf_mscldap_netlogon_flags_wdc,
4120 hf_mscldap_netlogon_flags_rodc,
4121 hf_mscldap_netlogon_flags_ndnc,
4122 hf_mscldap_netlogon_flags_good_timeserv,
4123 hf_mscldap_netlogon_flags_writable,
4124 hf_mscldap_netlogon_flags_closest,
4125 hf_mscldap_netlogon_flags_timeserv,
4126 hf_mscldap_netlogon_flags_kdc,
4127 hf_mscldap_netlogon_flags_ds,
4128 hf_mscldap_netlogon_flags_ldap,
4129 hf_mscldap_netlogon_flags_gc,
4130 hf_mscldap_netlogon_flags_pdc,
4133 header_field_info *hfi;
4134 gboolean one_bit_set = FALSE;
4136 flags=tvb_get_letohl(tvb, offset);
4137 item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE);
4139 tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags);
4142 proto_item_append_text(item, " (");
4144 for(field = fields; *field; field++) {
4145 proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags);
4146 hfi = proto_registrar_get_nth(*field);
4148 if(flags & hfi->bitmask) {
4151 proto_item_append_text(item, ", ");
4155 proto_item_append_text(item, "%s", hfi->name);
4160 proto_item_append_text(item, ")");
4167 static void dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4169 int old_offset, offset=0;
4182 /* Get the length of the buffer */
4183 len=tvb_length_remaining(tvb,offset);
4185 /* check the len if it is to small return */
4186 if (len < 10) return;
4189 itype = tvb_get_letohs(tvb, offset);
4191 /* get the version number from the end of the buffer, as the
4192 length is variable and the version determines what fields
4193 need to be decoded */
4195 version = tvb_get_letohl(tvb,len-8);
4199 case LOGON_SAM_LOGON_RESPONSE:
4201 proto_tree_add_uint_format(tree, hf_mscldap_netlogon_type, tvb,offset, 2, itype,"Type: LOGON_SAM_LOGON_RESPONSE (19)" );
4204 /* logon server name */
4205 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4206 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb,offset, fn_len, fn);
4210 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4211 proto_tree_add_string(tree, hf_mscldap_username, tvb,offset, fn_len, fn);
4215 fn = get_unicode_or_ascii_string(tvb,&offset,TRUE,&fn_len,FALSE,FALSE,&bc);
4216 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb,offset, fn_len, fn);
4219 /* include the extra version 5 fields */
4220 if ((version & NETLOGON_NT_VERSION_5) == NETLOGON_NT_VERSION_5){
4223 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
4226 /* domain guid part 2
4227 there is another 16 byte guid but this is alway zero, so we will skip it */
4232 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4233 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4237 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4238 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4242 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4243 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4246 proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, offset, 4, tvb_get_ntohl(tvb,offset));
4250 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4256 case LOGON_SAM_LOGON_RESPONSE_EX:
4259 proto_tree_add_uint_format(tree, hf_mscldap_netlogon_type, tvb, offset, 2, itype,"Type: LOGON_SAM_LOGON_RESPONSE_EX (23)" );
4264 offset = dissect_mscldap_netlogon_flags(tree, tvb, offset);
4267 proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE);
4272 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4273 proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str);
4277 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4278 proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str);
4282 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4283 proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str);
4285 /* NetBios Domain */
4287 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4288 proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str);
4290 /* NetBios Hostname */
4292 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4293 proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str);
4297 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4298 proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str);
4302 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4303 proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str);
4307 offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE);
4308 proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str);
4310 /* include the extra fields for version 5 with IP s */
4311 if ((version & NETLOGON_NT_VERSION_5EX_WITH_IP) == NETLOGON_NT_VERSION_5EX_WITH_IP){
4314 /* The ip address is returned as a sockaddr_in structure
4316 * This section may need to be updated if the base Windows APIs
4317 * are changed to support ipv6, which currently is not the case.
4319 * The desector assumes the length is based on ipv4 and
4320 * ignores the length
4323 /* skip the length of the sockaddr_in */
4327 /* add IP address and desect the sockaddr_in structure */
4329 old_offset = offset + 4;
4330 item = proto_tree_add_ipv4(tree, hf_mscldap_netlogon_ipaddress, tvb, old_offset, 4, tvb_get_ipv4(tvb,old_offset));
4333 proto_tree *subtree;
4335 subtree = proto_item_add_subtree(item, ett_mscldap_ipdetails);
4337 /* get sockaddr family */
4338 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_family, tvb, offset, 2, TRUE);
4341 /* get sockaddr port */
4342 proto_tree_add_item(subtree, hf_mscldap_netlogon_ipaddress_port, tvb, offset, 2, TRUE);
4345 /* get IP address */
4346 proto_tree_add_ipv4(subtree, hf_mscldap_netlogon_ipaddress_ipv4, tvb, offset, 4, tvb_get_ipv4(tvb,offset));
4349 /* skip the 8 bytes of zeros in the sockaddr structure */
4358 proto_tree_add_uint_format(tree, hf_mscldap_netlogon_type, tvb, offset, 2, itype,"Type: Unknown type (%d)", itype );
4363 /* complete the decode with the version and token details */
4368 proto_tree_add_item(tree, hf_mscldap_netlogon_version, tvb, offset, 4, TRUE);
4372 proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, TRUE);
4376 proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, TRUE);
4383 get_sasl_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4385 /* sasl encapsulated ldap is 4 bytes plus the length in size */
4386 return tvb_get_ntohl(tvb, offset)+4;
4390 dissect_sasl_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4392 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4397 get_normal_ldap_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
4403 /* normal ldap is tag+len bytes plus the length
4404 * offset is where the tag is
4405 * offset+1 is where length starts
4407 data_offset=get_ber_length(tvb, offset+1, &len, &ind);
4408 return len+data_offset-offset;
4412 dissect_normal_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4414 dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
4419 dissect_ldap_oid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4422 const char *oidname;
4424 /* tvb here contains an ascii string that is really an oid */
4425 /* XXX we should convert the string oid into a real oid so we can use
4426 * proto_tree_add_oid() instead.
4429 oid=tvb_get_ephemeral_string(tvb, 0, tvb_length(tvb));
4434 oidname=oid_resolved_from_string(oid);
4437 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s (%s)",oid,oidname);
4439 proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), "OID: %s",oid);
4443 #define LDAP_ACCESSMASK_ADS_CREATE_CHILD 0x00000001
4444 static const true_false_string ldap_AccessMask_ADS_CREATE_CHILD_tfs = {
4445 "ADS CREATE CHILD is SET",
4446 "Ads create child is NOT set",
4449 #define LDAP_ACCESSMASK_ADS_DELETE_CHILD 0x00000002
4450 static const true_false_string ldap_AccessMask_ADS_DELETE_CHILD_tfs = {
4451 "ADS DELETE CHILD is SET",
4452 "Ads delete child is NOT set",
4454 #define LDAP_ACCESSMASK_ADS_LIST 0x00000004
4455 static const true_false_string ldap_AccessMask_ADS_LIST_tfs = {
4457 "Ads list is NOT set",
4459 #define LDAP_ACCESSMASK_ADS_SELF_WRITE 0x00000008
4460 static const true_false_string ldap_AccessMask_ADS_SELF_WRITE_tfs = {
4461 "ADS SELF WRITE is SET",
4462 "Ads self write is NOT set",
4464 #define LDAP_ACCESSMASK_ADS_READ_PROP 0x00000010
4465 static const true_false_string ldap_AccessMask_ADS_READ_PROP_tfs = {
4466 "ADS READ PROP is SET",
4467 "Ads read prop is NOT set",
4469 #define LDAP_ACCESSMASK_ADS_WRITE_PROP 0x00000020
4470 static const true_false_string ldap_AccessMask_ADS_WRITE_PROP_tfs = {
4471 "ADS WRITE PROP is SET",
4472 "Ads write prop is NOT set",
4474 #define LDAP_ACCESSMASK_ADS_DELETE_TREE 0x00000040
4475 static const true_false_string ldap_AccessMask_ADS_DELETE_TREE_tfs = {
4476 "ADS DELETE TREE is SET",
4477 "Ads delete tree is NOT set",
4479 #define LDAP_ACCESSMASK_ADS_LIST_OBJECT 0x00000080
4480 static const true_false_string ldap_AccessMask_ADS_LIST_OBJECT_tfs = {
4481 "ADS LIST OBJECT is SET",
4482 "Ads list object is NOT set",
4484 #define LDAP_ACCESSMASK_ADS_CONTROL_ACCESS 0x00000100
4485 static const true_false_string ldap_AccessMask_ADS_CONTROL_ACCESS_tfs = {
4486 "ADS CONTROL ACCESS is SET",
4487 "Ads control access is NOT set",
4491 ldap_specific_rights(tvbuff_t *tvb, gint offset, proto_tree *tree, guint32 access)
4493 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CONTROL_ACCESS, tvb, offset, 4, access);
4495 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST_OBJECT, tvb, offset, 4, access);
4497 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_TREE, tvb, offset, 4, access);
4499 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_WRITE_PROP, tvb, offset, 4, access);
4501 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_READ_PROP, tvb, offset, 4, access);
4503 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_SELF_WRITE, tvb, offset, 4, access);
4505 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_LIST, tvb, offset, 4, access);
4507 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_DELETE_CHILD, tvb, offset, 4, access);
4509 proto_tree_add_boolean(tree, hf_ldap_AccessMask_ADS_CREATE_CHILD, tvb, offset, 4, access);
4511 struct access_mask_info ldap_access_mask_info = {
4512 "LDAP", /* Name of specific rights */
4513 ldap_specific_rights, /* Dissection function */
4514 NULL, /* Generic mapping table */
4515 NULL /* Standard mapping table */
4519 dissect_ldap_nt_sec_desc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4521 dissect_nt_sec_desc(tvb, 0, pinfo, tree, NULL, TRUE, tvb_length(tvb), &ldap_access_mask_info);
4525 dissect_ldap_sid(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree)
4529 /* this octet string contains an NT SID */
4530 dissect_nt_sid(tvb, 0, tree, "SID", &tmpstr, hf_ldap_sid);
4531 ldapvalue_string=tmpstr;
4535 dissect_ldap_guid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4537 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4540 /* This octet string contained a GUID */
4541 dissect_dcerpc_uuid_t(tvb, 0, pinfo, tree, drep, hf_ldap_guid, &uuid);
4543 ldapvalue_string=ep_alloc(1024);
4544 g_snprintf(ldapvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
4545 uuid.Data1, uuid.Data2, uuid.Data3,
4546 uuid.Data4[0], uuid.Data4[1],
4547 uuid.Data4[2], uuid.Data4[3],
4548 uuid.Data4[4], uuid.Data4[5],
4549 uuid.Data4[6], uuid.Data4[7]);
4553 dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4559 conversation_t *conversation;
4560 ldap_conv_info_t *ldap_info = NULL;
4563 * Do we have a conversation for this connection?
4565 conversation = find_conversation(pinfo->fd->num,
4566 &pinfo->src, &pinfo->dst,
4567 pinfo->ptype, pinfo->srcport,
4568 pinfo->destport, 0);
4570 ldap_info = conversation_get_proto_data(conversation, proto_ldap);
4575 /* This is a bit tricky. We have to find out whether SASL is used
4576 * so that we know how big a header we are supposed to pass
4577 * to tcp_dissect_pdus()
4578 * We must also cope with the case when a client connects to LDAP
4579 * and performs a few unauthenticated searches of LDAP before
4580 * it performs the bind on the same tcp connection.
4582 /* check for a SASL header, i.e. assume it is SASL if
4583 * 1, first four bytes (SASL length) is an integer
4584 * with a value that must be <LDAP_SASL_MAX_BUF and >2
4585 * (>2 to fight false positives, 0x00000000 is a common
4586 * "random" tcp payload)
4587 * (SASL ldap PDUs might be >64k in size, which is why
4588 * LDAP_SASL_MAX_BUF is used - defined in packet-ldap.h)
4590 * 2, we must have a conversation and the auth type must
4593 sasl_len=tvb_get_ntohl(tvb, 0);
4596 goto this_was_not_sasl;
4599 if( sasl_len>LDAP_SASL_MAX_BUF ){
4600 goto this_was_not_sasl;
4603 if((!ldap_info) || (ldap_info->auth_type!=LDAP_AUTH_SASL) ){
4604 goto this_was_not_sasl;
4607 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_sasl_ldap_pdu_len, dissect_sasl_ldap_pdu);
4611 /* check if it is a normal BER encoded LDAP packet
4612 * i.e. first byte is 0x30 followed by a length that is
4614 * (no ldap PDUs are ever >64kb? )
4616 if(tvb_get_guint8(tvb, 0)!=0x30){
4617 goto this_was_not_normal_ldap;
4620 /* check that length makes sense */
4621 offset=get_ber_length(tvb, 1, &ldap_len, &ind);
4623 /* dont check ind since indefinite length is never used for ldap (famous last words)*/
4625 goto this_was_not_normal_ldap;
4628 tcp_dissect_pdus(tvb, pinfo, tree, ldap_desegment, 4, get_normal_ldap_pdu_len, dissect_normal_ldap_pdu);
4632 this_was_not_normal_ldap:
4634 /* perhaps it was SSL? */
4636 ldap_info->start_tls_frame &&
4637 ( pinfo->fd->num >= ldap_info->start_tls_frame)) {
4639 /* we have started TLS and so this may be an SSL layer */
4640 guint32 old_start_tls_frame;
4642 /* temporarily dissect this port as SSL */
4643 dissector_delete("tcp.port", tcp_port, ldap_handle);
4644 ssl_dissector_add(tcp_port, "ldap", TRUE);
4646 old_start_tls_frame = ldap_info->start_tls_frame;
4647 ldap_info->start_tls_frame = 0; /* make sure we don't call SSL again */
4648 pinfo->can_desegment++; /* ignore this LDAP layer so SSL can use the TCP resegment */
4650 offset = call_dissector(ssl_handle, tvb, pinfo, tree);
4652 ldap_info->start_tls_frame = old_start_tls_frame;
4653 ssl_dissector_delete(tcp_port, "ldap", TRUE);
4655 /* restore ldap as the dissector for this port */
4656 dissector_add("tcp.port", tcp_port, ldap_handle);
4666 dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
4668 dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
4676 ldap_conv_info_t *ldap_info;
4678 /* Free up state attached to the ldap_info structures */
4679 for (ldap_info = ldap_info_items; ldap_info != NULL; ) {
4680 ldap_conv_info_t *next;
4682 g_free(ldap_info->auth_mech);
4683 g_hash_table_destroy(ldap_info->matched);
4684 g_hash_table_destroy(ldap_info->unmatched);
4686 next = ldap_info->next;
4691 ldap_info_items = NULL;
4695 register_ldap_name_dissector_handle(const char *attr_type, dissector_handle_t dissector)
4697 dissector_add_string("ldap.name", attr_type, dissector);
4701 register_ldap_name_dissector(const char *attr_type, dissector_t dissector, int proto)
4703 dissector_handle_t dissector_handle;
4705 dissector_handle=create_dissector_handle(dissector, proto);
4706 register_ldap_name_dissector_handle(attr_type, dissector_handle);
4710 /*--- proto_register_ldap -------------------------------------------*/
4711 void proto_register_ldap(void) {
4713 /* List of fields */
4715 static hf_register_info hf[] = {
4717 { &hf_ldap_sasl_buffer_length,
4718 { "SASL Buffer Length", "ldap.sasl_buffer_length",
4719 FT_UINT32, BASE_DEC, NULL, 0x0,
4721 { &hf_ldap_response_in,
4722 { "Response In", "ldap.response_in",
4723 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4724 "The response to this LDAP request is in this frame", HFILL }},
4725 { &hf_ldap_response_to,
4726 { "Response To", "ldap.response_to",
4727 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
4728 "This is a response to the LDAP request in this frame", HFILL }},
4730 { "Time", "ldap.time",
4731 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
4732 "The time between the Call and the Reply", HFILL }},
4734 { &hf_mscldap_netlogon_type,
4735 { "Type", "mscldap.netlogon.type",
4736 FT_UINT16, BASE_DEC, NULL, 0x0,
4737 "NetLogon Response type", HFILL }},
4739 { &hf_mscldap_netlogon_version,
4740 { "Version", "mscldap.netlogon.version",
4741 FT_UINT32, BASE_DEC, NULL, 0x0,
4744 { &hf_mscldap_netlogon_ipaddress_family,
4745 { "Family", "mscldap.netlogon.ipaddress.family",
4746 FT_UINT16, BASE_DEC, NULL, 0x0,
4749 { &hf_mscldap_netlogon_ipaddress_ipv4,
4750 { "IPv4", "mscldap.netlogon.ipaddress.ipv4",
4751 FT_IPv4, BASE_NONE, NULL, 0x0,
4752 "IP Address", HFILL }},
4754 { &hf_mscldap_netlogon_ipaddress_port,
4755 { "Port", "mscldap.netlogon.ipaddress.port",
4756 FT_UINT16, BASE_DEC, NULL, 0x0,
4759 { &hf_mscldap_netlogon_ipaddress,
4760 { "IP Address","mscldap.netlogon.ipaddress",
4761 FT_IPv4, BASE_NONE, NULL, 0x0,
4762 "Domain Controller IP Address", HFILL }},
4764 { &hf_mscldap_netlogon_lm_token,
4765 { "LM Token", "mscldap.netlogon.lm_token",
4766 FT_UINT16, BASE_HEX, NULL, 0x0,
4769 { &hf_mscldap_netlogon_nt_token,
4770 { "NT Token", "mscldap.netlogon.nt_token",
4771 FT_UINT16, BASE_HEX, NULL, 0x0,
4774 { &hf_mscldap_netlogon_flags,
4775 { "Flags", "mscldap.netlogon.flags",
4776 FT_UINT32, BASE_HEX, NULL, 0x0,
4777 "Netlogon flags describing the DC properties", HFILL }},
4779 { &hf_mscldap_ntver_flags,
4780 { "Search Flags", "mscldap.ntver.searchflags",
4781 FT_UINT32, BASE_HEX, NULL, 0x0,
4782 "cldap Netlogon request flags", HFILL }},
4784 { &hf_mscldap_domain_guid,
4785 { "Domain GUID", "mscldap.domain.guid",
4786 FT_BYTES, BASE_NONE, NULL, 0x0,
4789 { &hf_mscldap_forest,
4790 { "Forest", "mscldap.forest",
4791 FT_STRING, BASE_NONE, NULL, 0x0,
4794 { &hf_mscldap_domain,
4795 { "Domain", "mscldap.domain",
4796 FT_STRING, BASE_NONE, NULL, 0x0,
4797 "Domainname", HFILL }},
4799 { &hf_mscldap_hostname,
4800 { "Hostname", "mscldap.hostname",
4801 FT_STRING, BASE_NONE, NULL, 0x0,
4804 { &hf_mscldap_nb_domain,
4805 { "NetBios Domain", "mscldap.nb_domain",
4806 FT_STRING, BASE_NONE, NULL, 0x0,
4807 "NetBios Domainname", HFILL }},
4809 { &hf_mscldap_nb_hostname,
4810 { "NetBios Hostname", "mscldap.nb_hostname",
4811 FT_STRING, BASE_NONE, NULL, 0x0,
4814 { &hf_mscldap_username,
4815 { "Username", "mscldap.username",
4816 FT_STRING, BASE_NONE, NULL, 0x0,
4817 "User name", HFILL }},
4819 { &hf_mscldap_sitename,
4820 { "Site", "mscldap.sitename",
4821 FT_STRING, BASE_NONE, NULL, 0x0,
4822 "Site name", HFILL }},
4824 { &hf_mscldap_clientsitename,
4825 { "Client Site", "mscldap.clientsitename",
4826 FT_STRING, BASE_NONE, NULL, 0x0,
4827 "Client Site name", HFILL }},
4830 { "Sid", "ldap.sid",
4831 FT_STRING, BASE_NONE, NULL, 0x0,
4834 { &hf_mscldap_ntver_flags_v5cs,
4835 { "V5CS", "mscldap.ntver.searchflags.v5cs", FT_BOOLEAN, 32,
4836 TFS(&tfs_ntver_v5cs), 0x00000010, NULL, HFILL }},
4838 { &hf_mscldap_ntver_flags_v5ip,
4839 { "V5IP", "mscldap.ntver.searchflags.v5ip", FT_BOOLEAN, 32,
4840 TFS(&tfs_ntver_v5ip), 0x00000008, NULL, HFILL }},
4842 { &hf_mscldap_ntver_flags_v5ex,
4843 { "V5EX", "mscldap.ntver.searchflags.v5ex", FT_BOOLEAN, 32,
4844 TFS(&tfs_ntver_v5ex), 0x00000004, NULL, HFILL }},
4846 { &hf_mscldap_ntver_flags_v5,
4847 { "V5", "mscldap.ntver.searchflags.v5", FT_BOOLEAN, 32,
4848 TFS(&tfs_ntver_v5), 0x00000002, NULL, HFILL }},
4850 { &hf_mscldap_ntver_flags_v1,
4851 { "V1", "mscldap.ntver.searchflags.v1", FT_BOOLEAN, 32,
4852 TFS(&tfs_ntver_v1), 0x00000001, NULL, HFILL }},
4854 { &hf_mscldap_ntver_flags_gc,
4855 { "GC", "mscldap.ntver.searchflags.gc", FT_BOOLEAN, 32,
4856 TFS(&tfs_ntver_gc), 0x80000000, NULL, HFILL }},
4858 { &hf_mscldap_ntver_flags_local,
4859 { "Local", "mscldap.ntver.searchflags.local", FT_BOOLEAN, 32,
4860 TFS(&tfs_ntver_local), 0x40000000, NULL, HFILL }},
4862 { &hf_mscldap_ntver_flags_ip,
4863 { "IP", "mscldap.ntver.searchflags.ip", FT_BOOLEAN, 32,
4864 TFS(&tfs_ntver_ip), 0x20000000, NULL, HFILL }},
4866 { &hf_mscldap_ntver_flags_pdc,
4867 { "PDC", "mscldap.ntver.searchflags.pdc", FT_BOOLEAN, 32,
4868 TFS(&tfs_ntver_pdc), 0x10000000, NULL, HFILL }},
4870 { &hf_mscldap_ntver_flags_nt4,
4871 { "NT4", "mscldap.ntver.searchflags.nt4", FT_BOOLEAN, 32,
4872 TFS(&tfs_ntver_nt4), 0x01000000, NULL, HFILL }},
4874 { &hf_mscldap_netlogon_flags_pdc,
4875 { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32,
4876 TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }},
4878 { &hf_mscldap_netlogon_flags_gc,
4879 { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32,
4880 TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }},
4882 { &hf_mscldap_netlogon_flags_ldap,
4883 { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32,
4884 TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }},
4886 { &hf_mscldap_netlogon_flags_ds,
4887 { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32,
4888 TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }},
4890 { &hf_mscldap_netlogon_flags_kdc,
4891 { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32,
4892 TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }},
4894 { &hf_mscldap_netlogon_flags_timeserv,
4895 { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32,
4896 TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }},
4898 { &hf_mscldap_netlogon_flags_closest,
4899 { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32,
4900 TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc?", HFILL }},
4902 { &hf_mscldap_netlogon_flags_writable,
4903 { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32,
4904 TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable?", HFILL }},
4906 { &hf_mscldap_netlogon_flags_good_timeserv,
4907 { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32,
4908 TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }},
4910 { &hf_mscldap_netlogon_flags_ndnc,
4911 { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
4912 TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
4914 { &hf_mscldap_netlogon_flags_rodc,
4915 { "RODC", "mscldap.netlogon.flags.rodc", FT_BOOLEAN, 32,
4916 TFS(&tfs_ads_rodc), 0x00000800, "Is this an read only dc?", HFILL }},
4918 { &hf_mscldap_netlogon_flags_wdc,
4919 { "WDC", "mscldap.netlogon.flags.writabledc.", FT_BOOLEAN, 32,
4920 TFS(&tfs_ads_wdc), 0x00001000, "Is this an writable dc (Windows 2008)?", HFILL }},
4922 { &hf_mscldap_netlogon_flags_dns,
4923 { "DNS", "mscldap.netlogon.flags.dnsname", FT_BOOLEAN, 32,
4924 TFS(&tfs_ads_dns), 0x20000000, "Does the server have a dns name (Windows 2008)?", HFILL }},
4926 { &hf_mscldap_netlogon_flags_dnc,
4927 { "DNC", "mscldap.netlogon.flags.defaultnc", FT_BOOLEAN, 32,
4928 TFS(&tfs_ads_dnc), 0x40000000, "Is this the default NC (Windows 2008)?", HFILL }},
4930 { &hf_mscldap_netlogon_flags_fnc,
4931 { "FDC", "mscldap.netlogon.flags.forestnc", FT_BOOLEAN, 32,
4932 TFS(&tfs_ads_fnc), 0x80000000, "Is the the NC the default forest root(Windows 2008)?", HFILL }},
4935 { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
4936 NULL, 0, NULL, HFILL }},
4938 { &hf_ldap_AccessMask_ADS_CREATE_CHILD,
4939 { "Create Child", "ldap.AccessMask.ADS_CREATE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CREATE_CHILD_tfs), LDAP_ACCESSMASK_ADS_CREATE_CHILD, NULL, HFILL }},
4941 { &hf_ldap_AccessMask_ADS_DELETE_CHILD,
4942 { "Delete Child", "ldap.AccessMask.ADS_DELETE_CHILD", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_CHILD_tfs), LDAP_ACCESSMASK_ADS_DELETE_CHILD, NULL, HFILL }},
4944 { &hf_ldap_AccessMask_ADS_LIST,
4945 { "List", "ldap.AccessMask.ADS_LIST", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_tfs), LDAP_ACCESSMASK_ADS_LIST, NULL, HFILL }},
4947 { &hf_ldap_AccessMask_ADS_SELF_WRITE,
4948 { "Self Write", "ldap.AccessMask.ADS_SELF_WRITE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_SELF_WRITE_tfs), LDAP_ACCESSMASK_ADS_SELF_WRITE, NULL, HFILL }},
4950 { &hf_ldap_AccessMask_ADS_READ_PROP,
4951 { "Read Prop", "ldap.AccessMask.ADS_READ_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_READ_PROP_tfs), LDAP_ACCESSMASK_ADS_READ_PROP, NULL, HFILL }},
4953 { &hf_ldap_AccessMask_ADS_WRITE_PROP,
4954 { "Write Prop", "ldap.AccessMask.ADS_WRITE_PROP", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_WRITE_PROP_tfs), LDAP_ACCESSMASK_ADS_WRITE_PROP, NULL, HFILL }},
4956 { &hf_ldap_AccessMask_ADS_DELETE_TREE,
4957 { "Delete Tree", "ldap.AccessMask.ADS_DELETE_TREE", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_DELETE_TREE_tfs), LDAP_ACCESSMASK_ADS_DELETE_TREE, NULL, HFILL }},
4959 { &hf_ldap_AccessMask_ADS_LIST_OBJECT,
4960 { "List Object", "ldap.AccessMask.ADS_LIST_OBJECT", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_LIST_OBJECT_tfs), LDAP_ACCESSMASK_ADS_LIST_OBJECT, NULL, HFILL }},
4962 { &hf_ldap_AccessMask_ADS_CONTROL_ACCESS,
4963 { "Control Access", "ldap.AccessMask.ADS_CONTROL_ACCESS", FT_BOOLEAN, 32, TFS(&ldap_AccessMask_ADS_CONTROL_ACCESS_tfs), LDAP_ACCESSMASK_ADS_CONTROL_ACCESS, NULL, HFILL }},
4966 /*--- Included file: packet-ldap-hfarr.c ---*/
4967 #line 1 "packet-ldap-hfarr.c"
4968 { &hf_ldap_LDAPMessage_PDU,
4969 { "LDAPMessage", "ldap.LDAPMessage",
4970 FT_NONE, BASE_NONE, NULL, 0,
4971 "ldap.LDAPMessage", HFILL }},
4972 { &hf_ldap_SearchControlValue_PDU,
4973 { "SearchControlValue", "ldap.SearchControlValue",
4974 FT_NONE, BASE_NONE, NULL, 0,
4975 "ldap.SearchControlValue", HFILL }},
4976 { &hf_ldap_SortKeyList_PDU,
4977 { "SortKeyList", "ldap.SortKeyList",
4978 FT_UINT32, BASE_DEC, NULL, 0,
4979 "ldap.SortKeyList", HFILL }},
4980 { &hf_ldap_SortResult_PDU,
4981 { "SortResult", "ldap.SortResult",
4982 FT_NONE, BASE_NONE, NULL, 0,
4983 "ldap.SortResult", HFILL }},
4984 { &hf_ldap_ReplControlValue_PDU,
4985 { "ReplControlValue", "ldap.ReplControlValue",
4986 FT_NONE, BASE_NONE, NULL, 0,
4987 "ldap.ReplControlValue", HFILL }},
4988 { &hf_ldap_PasswdModifyRequestValue_PDU,
4989 { "PasswdModifyRequestValue", "ldap.PasswdModifyRequestValue",
4990 FT_NONE, BASE_NONE, NULL, 0,
4991 "ldap.PasswdModifyRequestValue", HFILL }},
4992 { &hf_ldap_CancelRequestValue_PDU,
4993 { "CancelRequestValue", "ldap.CancelRequestValue",
4994 FT_NONE, BASE_NONE, NULL, 0,
4995 "ldap.CancelRequestValue", HFILL }},
4996 { &hf_ldap_SyncRequestValue_PDU,
4997 { "SyncRequestValue", "ldap.SyncRequestValue",
4998 FT_NONE, BASE_NONE, NULL, 0,
4999 "ldap.SyncRequestValue", HFILL }},
5000 { &hf_ldap_SyncStateValue_PDU,
5001 { "SyncStateValue", "ldap.SyncStateValue",
5002 FT_NONE, BASE_NONE, NULL, 0,
5003 "ldap.SyncStateValue", HFILL }},
5004 { &hf_ldap_SyncDoneValue_PDU,
5005 { "SyncDoneValue", "ldap.SyncDoneValue",
5006 FT_NONE, BASE_NONE, NULL, 0,
5007 "ldap.SyncDoneValue", HFILL }},
5008 { &hf_ldap_SyncInfoValue_PDU,
5009 { "SyncInfoValue", "ldap.SyncInfoValue",
5010 FT_UINT32, BASE_DEC, VALS(ldap_SyncInfoValue_vals), 0,
5011 "ldap.SyncInfoValue", HFILL }},
5012 { &hf_ldap_PasswordPolicyResponseValue_PDU,
5013 { "PasswordPolicyResponseValue", "ldap.PasswordPolicyResponseValue",
5014 FT_NONE, BASE_NONE, NULL, 0,
5015 "ldap.PasswordPolicyResponseValue", HFILL }},
5016 { &hf_ldap_messageID,
5017 { "messageID", "ldap.messageID",
5018 FT_UINT32, BASE_DEC, NULL, 0,
5019 "ldap.MessageID", HFILL }},
5020 { &hf_ldap_protocolOp,
5021 { "protocolOp", "ldap.protocolOp",
5022 FT_UINT32, BASE_DEC, VALS(ldap_ProtocolOp_vals), 0,
5023 "ldap.ProtocolOp", HFILL }},
5024 { &hf_ldap_controls,
5025 { "controls", "ldap.controls",
5026 FT_UINT32, BASE_DEC, NULL, 0,
5027 "ldap.Controls", HFILL }},
5028 { &hf_ldap_bindRequest,
5029 { "bindRequest", "ldap.bindRequest",
5030 FT_NONE, BASE_NONE, NULL, 0,
5031 "ldap.BindRequest", HFILL }},
5032 { &hf_ldap_bindResponse,
5033 { "bindResponse", "ldap.bindResponse",
5034 FT_NONE, BASE_NONE, NULL, 0,
5035 "ldap.BindResponse", HFILL }},
5036 { &hf_ldap_unbindRequest,
5037 { "unbindRequest", "ldap.unbindRequest",
5038 FT_NONE, BASE_NONE, NULL, 0,
5039 "ldap.UnbindRequest", HFILL }},
5040 { &hf_ldap_searchRequest,
5041 { "searchRequest", "ldap.searchRequest",
5042 FT_NONE, BASE_NONE, NULL, 0,
5043 "ldap.SearchRequest", HFILL }},
5044 { &hf_ldap_searchResEntry,
5045 { "searchResEntry", "ldap.searchResEntry",
5046 FT_NONE, BASE_NONE, NULL, 0,
5047 "ldap.SearchResultEntry", HFILL }},
5048 { &hf_ldap_searchResDone,
5049 { "searchResDone", "ldap.searchResDone",
5050 FT_NONE, BASE_NONE, NULL, 0,
5051 "ldap.SearchResultDone", HFILL }},
5052 { &hf_ldap_searchResRef,
5053 { "searchResRef", "ldap.searchResRef",
5054 FT_UINT32, BASE_DEC, NULL, 0,
5055 "ldap.SearchResultReference", HFILL }},
5056 { &hf_ldap_modifyRequest,
5057 { "modifyRequest", "ldap.modifyRequest",
5058 FT_NONE, BASE_NONE, NULL, 0,
5059 "ldap.ModifyRequest", HFILL }},
5060 { &hf_ldap_modifyResponse,
5061 { "modifyResponse", "ldap.modifyResponse",
5062 FT_NONE, BASE_NONE, NULL, 0,
5063 "ldap.ModifyResponse", HFILL }},
5064 { &hf_ldap_addRequest,
5065 { "addRequest", "ldap.addRequest",
5066 FT_NONE, BASE_NONE, NULL, 0,
5067 "ldap.AddRequest", HFILL }},
5068 { &hf_ldap_addResponse,
5069 { "addResponse", "ldap.addResponse",
5070 FT_NONE, BASE_NONE, NULL, 0,
5071 "ldap.AddResponse", HFILL }},
5072 { &hf_ldap_delRequest,
5073 { "delRequest", "ldap.delRequest",
5074 FT_STRING, BASE_NONE, NULL, 0,
5075 "ldap.DelRequest", HFILL }},
5076 { &hf_ldap_delResponse,
5077 { "delResponse", "ldap.delResponse",
5078 FT_NONE, BASE_NONE, NULL, 0,
5079 "ldap.DelResponse", HFILL }},
5080 { &hf_ldap_modDNRequest,
5081 { "modDNRequest", "ldap.modDNRequest",
5082 FT_NONE, BASE_NONE, NULL, 0,
5083 "ldap.ModifyDNRequest", HFILL }},
5084 { &hf_ldap_modDNResponse,
5085 { "modDNResponse", "ldap.modDNResponse",
5086 FT_NONE, BASE_NONE, NULL, 0,
5087 "ldap.ModifyDNResponse", HFILL }},
5088 { &hf_ldap_compareRequest,
5089 { "compareRequest", "ldap.compareRequest",
5090 FT_NONE, BASE_NONE, NULL, 0,
5091 "ldap.CompareRequest", HFILL }},
5092 { &hf_ldap_compareResponse,
5093 { "compareResponse", "ldap.compareResponse",
5094 FT_NONE, BASE_NONE, NULL, 0,
5095 "ldap.CompareResponse", HFILL }},
5096 { &hf_ldap_abandonRequest,
5097 { "abandonRequest", "ldap.abandonRequest",
5098 FT_UINT32, BASE_DEC, NULL, 0,
5099 "ldap.AbandonRequest", HFILL }},
5100 { &hf_ldap_extendedReq,
5101 { "extendedReq", "ldap.extendedReq",
5102 FT_NONE, BASE_NONE, NULL, 0,
5103 "ldap.ExtendedRequest", HFILL }},
5104 { &hf_ldap_extendedResp,
5105 { "extendedResp", "ldap.extendedResp",
5106 FT_NONE, BASE_NONE, NULL, 0,
5107 "ldap.ExtendedResponse", HFILL }},
5108 { &hf_ldap_intermediateResponse,
5109 { "intermediateResponse", "ldap.intermediateResponse",
5110 FT_NONE, BASE_NONE, NULL, 0,
5111 "ldap.IntermediateResponse", HFILL }},
5112 { &hf_ldap_AttributeDescriptionList_item,
5113 { "AttributeDescription", "ldap.AttributeDescription",
5114 FT_STRING, BASE_NONE, NULL, 0,
5115 "ldap.AttributeDescription", HFILL }},
5116 { &hf_ldap_attributeDesc,
5117 { "attributeDesc", "ldap.attributeDesc",
5118 FT_STRING, BASE_NONE, NULL, 0,
5119 "ldap.AttributeDescription", HFILL }},
5120 { &hf_ldap_assertionValue,
5121 { "assertionValue", "ldap.assertionValue",
5122 FT_STRING, BASE_NONE, NULL, 0,
5123 "ldap.AssertionValue", HFILL }},
5125 { "type", "ldap.type",
5126 FT_STRING, BASE_NONE, NULL, 0,
5127 "ldap.AttributeDescription", HFILL }},
5129 { "vals", "ldap.vals",
5130 FT_UINT32, BASE_DEC, NULL, 0,
5131 "ldap.SET_OF_AttributeValue", HFILL }},
5132 { &hf_ldap_vals_item,
5133 { "AttributeValue", "ldap.AttributeValue",
5134 FT_BYTES, BASE_NONE, NULL, 0,
5135 "ldap.AttributeValue", HFILL }},
5136 { &hf_ldap_resultCode,
5137 { "resultCode", "ldap.resultCode",
5138 FT_UINT32, BASE_DEC, VALS(ldap_T_resultCode_vals), 0,
5139 "ldap.T_resultCode", HFILL }},
5140 { &hf_ldap_matchedDN,
5141 { "matchedDN", "ldap.matchedDN",
5142 FT_STRING, BASE_NONE, NULL, 0,
5143 "ldap.LDAPDN", HFILL }},
5144 { &hf_ldap_errorMessage,
5145 { "errorMessage", "ldap.errorMessage",
5146 FT_STRING, BASE_NONE, NULL, 0,
5147 "ldap.ErrorMessage", HFILL }},
5148 { &hf_ldap_referral,
5149 { "referral", "ldap.referral",
5150 FT_UINT32, BASE_DEC, NULL, 0,
5151 "ldap.Referral", HFILL }},
5152 { &hf_ldap_Referral_item,
5153 { "LDAPURL", "ldap.LDAPURL",
5154 FT_STRING, BASE_NONE, NULL, 0,
5155 "ldap.LDAPURL", HFILL }},
5156 { &hf_ldap_Controls_item,
5157 { "Control", "ldap.Control",
5158 FT_NONE, BASE_NONE, NULL, 0,
5159 "ldap.Control", HFILL }},
5160 { &hf_ldap_controlType,
5161 { "controlType", "ldap.controlType",
5162 FT_STRING, BASE_NONE, NULL, 0,
5163 "ldap.ControlType", HFILL }},
5164 { &hf_ldap_criticality,
5165 { "criticality", "ldap.criticality",
5166 FT_BOOLEAN, BASE_NONE, NULL, 0,
5167 "ldap.BOOLEAN", HFILL }},
5168 { &hf_ldap_controlValue,
5169 { "controlValue", "ldap.controlValue",
5170 FT_BYTES, BASE_NONE, NULL, 0,
5171 "ldap.T_controlValue", HFILL }},
5173 { "version", "ldap.version",
5174 FT_UINT32, BASE_DEC, NULL, 0,
5175 "ldap.INTEGER_1_127", HFILL }},
5177 { "name", "ldap.name",
5178 FT_STRING, BASE_NONE, NULL, 0,
5179 "ldap.LDAPDN", HFILL }},
5180 { &hf_ldap_authentication,
5181 { "authentication", "ldap.authentication",
5182 FT_UINT32, BASE_DEC, VALS(ldap_AuthenticationChoice_vals), 0,
5183 "ldap.AuthenticationChoice", HFILL }},
5185 { "simple", "ldap.simple",
5186 FT_BYTES, BASE_NONE, NULL, 0,
5187 "ldap.Simple", HFILL }},
5189 { "sasl", "ldap.sasl",
5190 FT_NONE, BASE_NONE, NULL, 0,
5191 "ldap.SaslCredentials", HFILL }},
5192 { &hf_ldap_ntlmsspNegotiate,
5193 { "ntlmsspNegotiate", "ldap.ntlmsspNegotiate",
5194 FT_BYTES, BASE_NONE, NULL, 0,
5195 "ldap.T_ntlmsspNegotiate", HFILL }},
5196 { &hf_ldap_ntlmsspAuth,
5197 { "ntlmsspAuth", "ldap.ntlmsspAuth",
5198 FT_BYTES, BASE_NONE, NULL, 0,
5199 "ldap.T_ntlmsspAuth", HFILL }},
5200 { &hf_ldap_mechanism,
5201 { "mechanism", "ldap.mechanism",
5202 FT_STRING, BASE_NONE, NULL, 0,
5203 "ldap.Mechanism", HFILL }},
5204 { &hf_ldap_credentials,
5205 { "credentials", "ldap.credentials",
5206 FT_BYTES, BASE_NONE, NULL, 0,
5207 "ldap.Credentials", HFILL }},
5208 { &hf_ldap_bindResponse_resultCode,
5209 { "resultCode", "ldap.resultCode",
5210 FT_UINT32, BASE_DEC, VALS(ldap_BindResponse_resultCode_vals), 0,
5211 "ldap.BindResponse_resultCode", HFILL }},
5212 { &hf_ldap_bindResponse_matchedDN,
5213 { "matchedDN", "ldap.matchedDN",
5214 FT_STRING, BASE_NONE, NULL, 0,
5215 "ldap.T_bindResponse_matchedDN", HFILL }},
5216 { &hf_ldap_serverSaslCreds,
5217 { "serverSaslCreds", "ldap.serverSaslCreds",
5218 FT_BYTES, BASE_NONE, NULL, 0,
5219 "ldap.ServerSaslCreds", HFILL }},
5220 { &hf_ldap_baseObject,
5221 { "baseObject", "ldap.baseObject",
5222 FT_STRING, BASE_NONE, NULL, 0,
5223 "ldap.LDAPDN", HFILL }},
5225 { "scope", "ldap.scope",
5226 FT_UINT32, BASE_DEC, VALS(ldap_T_scope_vals), 0,
5227 "ldap.T_scope", HFILL }},
5228 { &hf_ldap_derefAliases,
5229 { "derefAliases", "ldap.derefAliases",
5230 FT_UINT32, BASE_DEC, VALS(ldap_T_derefAliases_vals), 0,
5231 "ldap.T_derefAliases", HFILL }},
5232 { &hf_ldap_sizeLimit,
5233 { "sizeLimit", "ldap.sizeLimit",
5234 FT_UINT32, BASE_DEC, NULL, 0,
5235 "ldap.INTEGER_0_maxInt", HFILL }},
5236 { &hf_ldap_timeLimit,
5237 { "timeLimit", "ldap.timeLimit",
5238 FT_UINT32, BASE_DEC, NULL, 0,
5239 "ldap.INTEGER_0_maxInt", HFILL }},
5240 { &hf_ldap_typesOnly,
5241 { "typesOnly", "ldap.typesOnly",
5242 FT_BOOLEAN, BASE_NONE, NULL, 0,
5243 "ldap.BOOLEAN", HFILL }},
5245 { "filter", "ldap.filter",
5246 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5247 "ldap.T_filter", HFILL }},
5248 { &hf_ldap_searchRequest_attributes,
5249 { "attributes", "ldap.attributes",
5250 FT_UINT32, BASE_DEC, NULL, 0,
5251 "ldap.AttributeDescriptionList", HFILL }},
5253 { "and", "ldap.and",
5254 FT_UINT32, BASE_DEC, NULL, 0,
5255 "ldap.T_and", HFILL }},
5256 { &hf_ldap_and_item,
5257 { "and item", "ldap.and_item",
5258 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5259 "ldap.T_and_item", HFILL }},
5262 FT_UINT32, BASE_DEC, NULL, 0,
5263 "ldap.T_or", HFILL }},
5265 { "or item", "ldap.or_item",
5266 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5267 "ldap.T_or_item", HFILL }},
5269 { "not", "ldap.not",
5270 FT_UINT32, BASE_DEC, VALS(ldap_Filter_vals), 0,
5271 "ldap.T_not", HFILL }},
5272 { &hf_ldap_equalityMatch,
5273 { "equalityMatch", "ldap.equalityMatch",
5274 FT_NONE, BASE_NONE, NULL, 0,
5275 "ldap.T_equalityMatch", HFILL }},
5276 { &hf_ldap_substrings,
5277 { "substrings", "ldap.substrings",
5278 FT_NONE, BASE_NONE, NULL, 0,
5279 "ldap.SubstringFilter", HFILL }},
5280 { &hf_ldap_greaterOrEqual,
5281 { "greaterOrEqual", "ldap.greaterOrEqual",
5282 FT_NONE, BASE_NONE, NULL, 0,
5283 "ldap.T_greaterOrEqual", HFILL }},
5284 { &hf_ldap_lessOrEqual,
5285 { "lessOrEqual", "ldap.lessOrEqual",
5286 FT_NONE, BASE_NONE, NULL, 0,
5287 "ldap.T_lessOrEqual", HFILL }},
5289 { "present", "ldap.present",
5290 FT_STRING, BASE_NONE, NULL, 0,
5291 "ldap.T_present", HFILL }},
5292 { &hf_ldap_approxMatch,
5293 { "approxMatch", "ldap.approxMatch",
5294 FT_NONE, BASE_NONE, NULL, 0,
5295 "ldap.T_approxMatch", HFILL }},
5296 { &hf_ldap_extensibleMatch,
5297 { "extensibleMatch", "ldap.extensibleMatch",
5298 FT_NONE, BASE_NONE, NULL, 0,
5299 "ldap.T_extensibleMatch", HFILL }},
5300 { &hf_ldap_substringFilter_substrings,
5301 { "substrings", "ldap.substrings",
5302 FT_UINT32, BASE_DEC, NULL, 0,
5303 "ldap.T_substringFilter_substrings", HFILL }},
5304 { &hf_ldap_substringFilter_substrings_item,
5305 { "substrings item", "ldap.substrings_item",
5306 FT_UINT32, BASE_DEC, VALS(ldap_T_substringFilter_substrings_item_vals), 0,
5307 "ldap.T_substringFilter_substrings_item", HFILL }},
5309 { "initial", "ldap.initial",
5310 FT_STRING, BASE_NONE, NULL, 0,
5311 "ldap.LDAPString", HFILL }},
5313 { "any", "ldap.any",
5314 FT_STRING, BASE_NONE, NULL, 0,
5315 "ldap.LDAPString", HFILL }},
5317 { "final", "ldap.final",
5318 FT_STRING, BASE_NONE, NULL, 0,
5319 "ldap.LDAPString", HFILL }},
5320 { &hf_ldap_matchingRule,
5321 { "matchingRule", "ldap.matchingRule",
5322 FT_STRING, BASE_NONE, NULL, 0,
5323 "ldap.MatchingRuleId", HFILL }},
5324 { &hf_ldap_matchValue,
5325 { "matchValue", "ldap.matchValue",
5326 FT_STRING, BASE_NONE, NULL, 0,
5327 "ldap.AssertionValue", HFILL }},
5328 { &hf_ldap_dnAttributes,
5329 { "dnAttributes", "ldap.dnAttributes",
5330 FT_BOOLEAN, BASE_NONE, NULL, 0,
5331 "ldap.T_dnAttributes", HFILL }},
5332 { &hf_ldap_objectName,
5333 { "objectName", "ldap.objectName",
5334 FT_STRING, BASE_NONE, NULL, 0,
5335 "ldap.LDAPDN", HFILL }},
5336 { &hf_ldap_searchResultEntry_attributes,
5337 { "attributes", "ldap.attributes",
5338 FT_UINT32, BASE_DEC, NULL, 0,
5339 "ldap.PartialAttributeList", HFILL }},
5340 { &hf_ldap_PartialAttributeList_item,
5341 { "PartialAttributeList item", "ldap.PartialAttributeList_item",
5342 FT_NONE, BASE_NONE, NULL, 0,
5343 "ldap.PartialAttributeList_item", HFILL }},
5344 { &hf_ldap__untag_item,
5345 { "LDAPURL", "ldap.LDAPURL",
5346 FT_STRING, BASE_NONE, NULL, 0,
5347 "ldap.LDAPURL", HFILL }},
5349 { "object", "ldap.object",
5350 FT_STRING, BASE_NONE, NULL, 0,
5351 "ldap.LDAPDN", HFILL }},
5352 { &hf_ldap_modifyRequest_modification,
5353 { "modification", "ldap.modification",
5354 FT_UINT32, BASE_DEC, NULL, 0,
5355 "ldap.ModifyRequest_modification", HFILL }},
5356 { &hf_ldap_modifyRequest_modification_item,
5357 { "modification item", "ldap.modification_item",
5358 FT_NONE, BASE_NONE, NULL, 0,
5359 "ldap.T_modifyRequest_modification_item", HFILL }},
5360 { &hf_ldap_operation,
5361 { "operation", "ldap.operation",
5362 FT_UINT32, BASE_DEC, VALS(ldap_T_operation_vals), 0,
5363 "ldap.T_operation", HFILL }},
5364 { &hf_ldap_modification,
5365 { "modification", "ldap.modification",
5366 FT_NONE, BASE_NONE, NULL, 0,
5367 "ldap.AttributeTypeAndValues", HFILL }},
5369 { "entry", "ldap.entry",
5370 FT_STRING, BASE_NONE, NULL, 0,
5371 "ldap.LDAPDN", HFILL }},
5372 { &hf_ldap_attributes,
5373 { "attributes", "ldap.attributes",
5374 FT_UINT32, BASE_DEC, NULL, 0,
5375 "ldap.AttributeList", HFILL }},
5376 { &hf_ldap_AttributeList_item,
5377 { "AttributeList item", "ldap.AttributeList_item",
5378 FT_NONE, BASE_NONE, NULL, 0,
5379 "ldap.AttributeList_item", HFILL }},
5381 { "newrdn", "ldap.newrdn",
5382 FT_STRING, BASE_NONE, NULL, 0,
5383 "ldap.RelativeLDAPDN", HFILL }},
5384 { &hf_ldap_deleteoldrdn,
5385 { "deleteoldrdn", "ldap.deleteoldrdn",
5386 FT_BOOLEAN, BASE_NONE, NULL, 0,
5387 "ldap.BOOLEAN", HFILL }},
5388 { &hf_ldap_newSuperior,
5389 { "newSuperior", "ldap.newSuperior",
5390 FT_STRING, BASE_NONE, NULL, 0,
5391 "ldap.LDAPDN", HFILL }},
5393 { "ava", "ldap.ava",
5394 FT_NONE, BASE_NONE, NULL, 0,
5395 "ldap.AttributeValueAssertion", HFILL }},
5396 { &hf_ldap_requestName,
5397 { "requestName", "ldap.requestName",
5398 FT_STRING, BASE_NONE, NULL, 0,
5399 "ldap.LDAPOID", HFILL }},
5400 { &hf_ldap_requestValue,
5401 { "requestValue", "ldap.requestValue",
5402 FT_BYTES, BASE_NONE, NULL, 0,
5403 "ldap.T_requestValue", HFILL }},
5404 { &hf_ldap_extendedResponse_resultCode,
5405 { "resultCode", "ldap.resultCode",
5406 FT_UINT32, BASE_DEC, VALS(ldap_ExtendedResponse_resultCode_vals), 0,
5407 "ldap.ExtendedResponse_resultCode", HFILL }},
5408 { &hf_ldap_responseName,
5409 { "responseName", "ldap.responseName",
5410 FT_STRING, BASE_NONE, NULL, 0,
5411 "ldap.ResponseName", HFILL }},
5412 { &hf_ldap_response,
5413 { "response", "ldap.response",
5414 FT_BYTES, BASE_NONE, NULL, 0,
5415 "ldap.OCTET_STRING", HFILL }},
5416 { &hf_ldap_intermediateResponse_responseValue,
5417 { "responseValue", "ldap.responseValue",
5418 FT_BYTES, BASE_NONE, NULL, 0,
5419 "ldap.T_intermediateResponse_responseValue", HFILL }},
5421 { "size", "ldap.size",
5422 FT_INT32, BASE_DEC, NULL, 0,
5423 "ldap.INTEGER", HFILL }},
5425 { "cookie", "ldap.cookie",
5426 FT_BYTES, BASE_NONE, NULL, 0,
5427 "ldap.OCTET_STRING", HFILL }},
5428 { &hf_ldap_SortKeyList_item,
5429 { "SortKeyList item", "ldap.SortKeyList_item",
5430 FT_NONE, BASE_NONE, NULL, 0,
5431 "ldap.SortKeyList_item", HFILL }},
5432 { &hf_ldap_attributeType,
5433 { "attributeType", "ldap.attributeType",
5434 FT_STRING, BASE_NONE, NULL, 0,
5435 "ldap.AttributeDescription", HFILL }},
5436 { &hf_ldap_orderingRule,
5437 { "orderingRule", "ldap.orderingRule",
5438 FT_STRING, BASE_NONE, NULL, 0,
5439 "ldap.MatchingRuleId", HFILL }},
5440 { &hf_ldap_reverseOrder,
5441 { "reverseOrder", "ldap.reverseOrder",
5442 FT_BOOLEAN, BASE_NONE, NULL, 0,
5443 "ldap.BOOLEAN", HFILL }},
5444 { &hf_ldap_sortResult,
5445 { "sortResult", "ldap.sortResult",
5446 FT_UINT32, BASE_DEC, VALS(ldap_T_sortResult_vals), 0,
5447 "ldap.T_sortResult", HFILL }},
5448 { &hf_ldap_parentsFirst,
5449 { "parentsFirst", "ldap.parentsFirst",
5450 FT_INT32, BASE_DEC, NULL, 0,
5451 "ldap.INTEGER", HFILL }},
5452 { &hf_ldap_maxReturnLength,
5453 { "maxReturnLength", "ldap.maxReturnLength",
5454 FT_INT32, BASE_DEC, NULL, 0,
5455 "ldap.INTEGER", HFILL }},
5456 { &hf_ldap_userIdentity,
5457 { "userIdentity", "ldap.userIdentity",
5458 FT_BYTES, BASE_NONE, NULL, 0,
5459 "ldap.OCTET_STRING", HFILL }},
5460 { &hf_ldap_oldPasswd,
5461 { "oldPasswd", "ldap.oldPasswd",
5462 FT_BYTES, BASE_NONE, NULL, 0,
5463 "ldap.OCTET_STRING", HFILL }},
5464 { &hf_ldap_newPasswd,
5465 { "newPasswd", "ldap.newPasswd",
5466 FT_BYTES, BASE_NONE, NULL, 0,
5467 "ldap.OCTET_STRING", HFILL }},
5468 { &hf_ldap_genPasswd,
5469 { "genPasswd", "ldap.genPasswd",
5470 FT_BYTES, BASE_NONE, NULL, 0,
5471 "ldap.OCTET_STRING", HFILL }},
5472 { &hf_ldap_cancelID,
5473 { "cancelID", "ldap.cancelID",
5474 FT_UINT32, BASE_DEC, NULL, 0,
5475 "ldap.MessageID", HFILL }},
5477 { "mode", "ldap.mode",
5478 FT_UINT32, BASE_DEC, VALS(ldap_T_mode_vals), 0,
5479 "ldap.T_mode", HFILL }},
5480 { &hf_ldap_reloadHint,
5481 { "reloadHint", "ldap.reloadHint",
5482 FT_BOOLEAN, BASE_NONE, NULL, 0,
5483 "ldap.BOOLEAN", HFILL }},
5485 { "state", "ldap.state",
5486 FT_UINT32, BASE_DEC, VALS(ldap_T_state_vals), 0,
5487 "ldap.T_state", HFILL }},
5488 { &hf_ldap_entryUUID,
5489 { "entryUUID", "ldap.entryUUID",
5490 FT_BYTES, BASE_NONE, NULL, 0,
5491 "ldap.SyncUUID", HFILL }},
5492 { &hf_ldap_refreshDeletes,
5493 { "refreshDeletes", "ldap.refreshDeletes",
5494 FT_BOOLEAN, BASE_NONE, NULL, 0,
5495 "ldap.BOOLEAN", HFILL }},
5496 { &hf_ldap_newcookie,
5497 { "newcookie", "ldap.newcookie",
5498 FT_BYTES, BASE_NONE, NULL, 0,
5499 "ldap.OCTET_STRING", HFILL }},
5500 { &hf_ldap_refreshDelete,
5501 { "refreshDelete", "ldap.refreshDelete",
5502 FT_NONE, BASE_NONE, NULL, 0,
5503 "ldap.T_refreshDelete", HFILL }},
5504 { &hf_ldap_refreshDone,
5505 { "refreshDone", "ldap.refreshDone",
5506 FT_BOOLEAN, BASE_NONE, NULL, 0,
5507 "ldap.BOOLEAN", HFILL }},
5508 { &hf_ldap_refreshPresent,
5509 { "refreshPresent", "ldap.refreshPresent",
5510 FT_NONE, BASE_NONE, NULL, 0,
5511 "ldap.T_refreshPresent", HFILL }},
5512 { &hf_ldap_syncIdSet,
5513 { "syncIdSet", "ldap.syncIdSet",
5514 FT_NONE, BASE_NONE, NULL, 0,
5515 "ldap.T_syncIdSet", HFILL }},
5516 { &hf_ldap_syncUUIDs,
5517 { "syncUUIDs", "ldap.syncUUIDs",
5518 FT_UINT32, BASE_DEC, NULL, 0,
5519 "ldap.SET_OF_SyncUUID", HFILL }},
5520 { &hf_ldap_syncUUIDs_item,
5521 { "SyncUUID", "ldap.SyncUUID",
5522 FT_BYTES, BASE_NONE, NULL, 0,
5523 "ldap.SyncUUID", HFILL }},
5525 { "warning", "ldap.warning",
5526 FT_UINT32, BASE_DEC, VALS(ldap_T_warning_vals), 0,
5527 "ldap.T_warning", HFILL }},
5528 { &hf_ldap_timeBeforeExpiration,
5529 { "timeBeforeExpiration", "ldap.timeBeforeExpiration",
5530 FT_UINT32, BASE_DEC, NULL, 0,
5531 "ldap.INTEGER_0_maxInt", HFILL }},
5532 { &hf_ldap_graceAuthNsRemaining,
5533 { "graceAuthNsRemaining", "ldap.graceAuthNsRemaining",
5534 FT_UINT32, BASE_DEC, NULL, 0,
5535 "ldap.INTEGER_0_maxInt", HFILL }},
5537 { "error", "ldap.error",
5538 FT_UINT32, BASE_DEC, VALS(ldap_T_error_vals), 0,
5539 "ldap.T_error", HFILL }},
5541 /*--- End of included file: packet-ldap-hfarr.c ---*/
5542 #line 2087 "packet-ldap-template.c"
5545 /* List of subtrees */
5546 static gint *ett[] = {
5549 &ett_ldap_sasl_blob,
5551 &ett_mscldap_netlogon_flags,
5552 &ett_mscldap_ntver_flags,
5553 &ett_mscldap_ipdetails,
5556 /*--- Included file: packet-ldap-ettarr.c ---*/
5557 #line 1 "packet-ldap-ettarr.c"
5558 &ett_ldap_LDAPMessage,
5559 &ett_ldap_ProtocolOp,
5560 &ett_ldap_AttributeDescriptionList,
5561 &ett_ldap_AttributeValueAssertion,
5562 &ett_ldap_Attribute,
5563 &ett_ldap_SET_OF_AttributeValue,
5564 &ett_ldap_LDAPResult,
5568 &ett_ldap_BindRequest_U,
5569 &ett_ldap_AuthenticationChoice,
5570 &ett_ldap_SaslCredentials,
5571 &ett_ldap_BindResponse_U,
5572 &ett_ldap_SearchRequest_U,
5576 &ett_ldap_SubstringFilter,
5577 &ett_ldap_T_substringFilter_substrings,
5578 &ett_ldap_T_substringFilter_substrings_item,
5579 &ett_ldap_MatchingRuleAssertion,
5580 &ett_ldap_SearchResultEntry_U,
5581 &ett_ldap_PartialAttributeList,
5582 &ett_ldap_PartialAttributeList_item,
5583 &ett_ldap_SEQUENCE_OF_LDAPURL,
5584 &ett_ldap_ModifyRequest_U,
5585 &ett_ldap_ModifyRequest_modification,
5586 &ett_ldap_T_modifyRequest_modification_item,
5587 &ett_ldap_AttributeTypeAndValues,
5588 &ett_ldap_AddRequest_U,
5589 &ett_ldap_AttributeList,
5590 &ett_ldap_AttributeList_item,
5591 &ett_ldap_ModifyDNRequest_U,
5592 &ett_ldap_CompareRequest_U,
5593 &ett_ldap_ExtendedRequest_U,
5594 &ett_ldap_ExtendedResponse_U,
5595 &ett_ldap_IntermediateResponse_U,
5596 &ett_ldap_SearchControlValue,
5597 &ett_ldap_SortKeyList,
5598 &ett_ldap_SortKeyList_item,
5599 &ett_ldap_SortResult,
5600 &ett_ldap_ReplControlValue,
5601 &ett_ldap_PasswdModifyRequestValue,
5602 &ett_ldap_PasswdModifyResponseValue,
5603 &ett_ldap_CancelRequestValue,
5604 &ett_ldap_SyncRequestValue,
5605 &ett_ldap_SyncStateValue,
5606 &ett_ldap_SyncDoneValue,
5607 &ett_ldap_SyncInfoValue,
5608 &ett_ldap_T_refreshDelete,
5609 &ett_ldap_T_refreshPresent,
5610 &ett_ldap_T_syncIdSet,
5611 &ett_ldap_SET_OF_SyncUUID,
5612 &ett_ldap_PasswordPolicyResponseValue,
5613 &ett_ldap_T_warning,
5615 /*--- End of included file: packet-ldap-ettarr.c ---*/
5616 #line 2100 "packet-ldap-template.c"
5619 module_t *ldap_module;
5621 /* Register protocol */
5622 proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
5623 /* Register fields and subtrees */
5624 proto_register_field_array(proto_ldap, hf, array_length(hf));
5625 proto_register_subtree_array(ett, array_length(ett));
5628 register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
5630 ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
5631 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
5632 "Reassemble LDAP messages spanning multiple TCP segments",
5633 "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
5634 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
5637 prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
5638 "Set the port for LDAP operations",
5639 10, &global_ldap_tcp_port);
5641 prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port",
5642 "Set the port for LDAP operations over SSL",
5643 10, &global_ldaps_tcp_port);
5645 prefs_register_obsolete_preference(ldap_module, "max_pdu");
5647 proto_cldap = proto_register_protocol(
5648 "Connectionless Lightweight Directory Access Protocol",
5651 register_init_routine(ldap_reinit);
5652 ldap_tap=register_tap("ldap");
5654 ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", FT_STRING, BASE_NONE);
5659 /*--- proto_reg_handoff_ldap ---------------------------------------*/
5661 proto_reg_handoff_ldap(void)
5663 dissector_handle_t cldap_handle;
5664 ldap_handle = find_dissector("ldap");
5666 dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
5668 cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
5669 dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);
5671 gssapi_handle = find_dissector("gssapi");
5672 gssapi_wrap_handle = find_dissector("gssapi_verf");
5673 spnego_handle = find_dissector("spnego");
5675 ntlmssp_handle = find_dissector("ntlmssp");
5677 ssl_handle = find_dissector("ssl");
5679 prefs_register_ldap();
5681 /* http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dsml/dsml/ldap_controls_and_session_support.asp */
5682 oid_add_from_string("LDAP_PAGED_RESULT_OID_STRING","1.2.840.113556.1.4.319");
5683 oid_add_from_string("LDAP_SERVER_SHOW_DELETED_OID","1.2.840.113556.1.4.417");
5684 oid_add_from_string("LDAP_SERVER_SORT_OID","1.2.840.113556.1.4.473");
5685 oid_add_from_string("LDAP_CONTROL_SORT_RESP_OID","1.2.840.113556.1.4.474");
5686 oid_add_from_string("LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID","1.2.840.113556.1.4.521");
5687 oid_add_from_string("LDAP_SERVER_NOTIFICATION_OID","1.2.840.113556.1.4.528");
5688 oid_add_from_string("LDAP_SERVER_EXTENDED_DN_OID","1.2.840.113556.1.4.529");
5689 oid_add_from_string("meetingAdvertiseScope","1.2.840.113556.1.4.582");
5690 oid_add_from_string("LDAP_SERVER_LAZY_COMMIT_OID","1.2.840.113556.1.4.619");
5691 oid_add_from_string("mhsORAddress","1.2.840.113556.1.4.650");
5692 oid_add_from_string("managedObjects","1.2.840.113556.1.4.654");
5693 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_OID","1.2.840.113556.1.4.800");
5694 oid_add_from_string("LDAP_SERVER_SD_FLAGS_OID","1.2.840.113556.1.4.801");
5695 oid_add_from_string("LDAP_OID_COMPARATOR_OR","1.2.840.113556.1.4.804");
5696 oid_add_from_string("LDAP_SERVER_TREE_DELETE_OID","1.2.840.113556.1.4.805");
5697 oid_add_from_string("LDAP_SERVER_DIRSYNC_OID","1.2.840.113556.1.4.841");
5698 oid_add_from_string("None","1.2.840.113556.1.4.970");
5699 oid_add_from_string("LDAP_SERVER_VERIFY_NAME_OID","1.2.840.113556.1.4.1338");
5700 oid_add_from_string("LDAP_SERVER_DOMAIN_SCOPE_OID","1.2.840.113556.1.4.1339");
5701 oid_add_from_string("LDAP_SERVER_SEARCH_OPTIONS_OID","1.2.840.113556.1.4.1340");
5702 oid_add_from_string("LDAP_SERVER_PERMISSIVE_MODIFY_OID","1.2.840.113556.1.4.1413");
5703 oid_add_from_string("LDAP_SERVER_ASQ_OID","1.2.840.113556.1.4.1504");
5704 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_V51_OID","1.2.840.113556.1.4.1670");
5705 oid_add_from_string("LDAP_SERVER_FAST_BIND_OID","1.2.840.113556.1.4.1781");
5706 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID","1.2.840.113556.1.4.1791");
5707 oid_add_from_string("msDS-ObjectReference","1.2.840.113556.1.4.1840");
5708 oid_add_from_string("msDS-QuotaEffective","1.2.840.113556.1.4.1848");
5709 oid_add_from_string("LDAP_CAP_ACTIVE_DIRECTORY_ADAM_OID","1.2.840.113556.1.4.1851");
5710 oid_add_from_string("msDS-PortSSL","1.2.840.113556.1.4.1860");
5711 oid_add_from_string("msDS-isRODC","1.2.840.113556.1.4.1960");
5712 oid_add_from_string("msDS-SDReferenceDomain","1.2.840.113556.1.4.1711");
5713 oid_add_from_string("msDS-AdditionalDnsHostName","1.2.840.113556.1.4.1717");
5714 oid_add_from_string("None","1.3.6.1.4.1.1466.101.119.1");
5715 oid_add_from_string("LDAP_START_TLS_OID","1.3.6.1.4.1.1466.20037");
5716 oid_add_from_string("LDAP_CONTROL_VLVREQUEST VLV","2.16.840.1.113730.3.4.9");
5717 oid_add_from_string("LDAP_CONTROL_VLVRESPONSE VLV","2.16.840.1.113730.3.4.10");
5718 oid_add_from_string("LDAP_SERVER_QUOTA_CONTROL_OID","1.2.840.113556.1.4.1852");
5719 oid_add_from_string("LDAP_SERVER_RANGE_OPTION_OID","1.2.840.113556.1.4.802");
5720 oid_add_from_string("LDAP_SERVER_SHUTDOWN_NOTIFY_OID","1.2.840.113556.1.4.1907");
5721 oid_add_from_string("LDAP_SERVER_RANGE_RETRIEVAL_NOERR_OID","1.2.840.113556.1.4.1948");
5723 register_ldap_name_dissector("netlogon", dissect_NetLogon_PDU, proto_cldap);
5724 register_ldap_name_dissector("objectGUID", dissect_ldap_guid, proto_ldap);
5725 register_ldap_name_dissector("supportedControl", dissect_ldap_oid, proto_ldap);
5726 register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap);
5727 register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap);
5728 register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap);
5731 /*--- Included file: packet-ldap-dis-tab.c ---*/
5732 #line 1 "packet-ldap-dis-tab.c"
5733 register_ber_oid_dissector("1.2.840.113556.1.4.319", dissect_SearchControlValue_PDU, proto_ldap, "pagedResultsControl");
5734 register_ber_oid_dissector("1.2.840.113556.1.4.473", dissect_SortKeyList_PDU, proto_ldap, "sortKeyList");
5735 register_ber_oid_dissector("1.2.840.113556.1.4.474", dissect_SortResult_PDU, proto_ldap, "sortResult");
5736 register_ber_oid_dissector("1.2.840.113556.1.4.841", dissect_ReplControlValue_PDU, proto_ldap, "replControlValue");
5737 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.11.1", dissect_PasswdModifyRequestValue_PDU, proto_ldap, "passwdModifyOID");
5738 register_ber_oid_dissector("1.3.6.1.1.8", dissect_CancelRequestValue_PDU, proto_ldap, "cancelRequestOID");
5739 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.1", dissect_SyncRequestValue_PDU, proto_ldap, "syncRequestOID");
5740 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.2", dissect_SyncStateValue_PDU, proto_ldap, "syncStateOID");
5741 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.3", dissect_SyncDoneValue_PDU, proto_ldap, "syncDoneOID");
5742 register_ber_oid_dissector("1.3.6.1.4.1.4203.1.9.1.4", dissect_SyncInfoValue_PDU, proto_ldap, "syncInfoOID");
5743 register_ber_oid_dissector("1.3.6.1.4.1.42.2.27.8.5.1", dissect_PasswordPolicyResponseValue_PDU, proto_ldap, "passwordPolicy");
5746 /*--- End of included file: packet-ldap-dis-tab.c ---*/
5747 #line 2214 "packet-ldap-template.c"
5752 void prefs_register_ldap(void) {
5754 if(tcp_port != global_ldap_tcp_port) {
5756 dissector_delete("tcp.port", tcp_port, ldap_handle);
5758 /* Set our port number for future use */
5759 tcp_port = global_ldap_tcp_port;
5762 dissector_add("tcp.port", tcp_port, ldap_handle);
5766 if(ssl_port != global_ldaps_tcp_port) {
5768 ssl_dissector_delete(ssl_port, "ldap", TRUE);
5770 /* Set our port number for future use */
5771 ssl_port = global_ldaps_tcp_port;
5774 ssl_dissector_add(ssl_port, "ldap", TRUE);