2 * Routines for ldap packet dissection
4 * $Id: packet-ldap.c,v 1.45 2002/08/26 09:21:54 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
27 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
28 * It's also missing extensible search filters.
30 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
33 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
34 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
38 * nazard@dragoninc.on.ca
50 #ifdef NEED_SNPRINTF_H
51 # include "snprintf.h"
54 #include <epan/packet.h>
56 #include "packet-ldap.h"
60 static int proto_ldap = -1;
61 static int hf_ldap_length = -1;
62 static int hf_ldap_message_id = -1;
63 static int hf_ldap_message_type = -1;
64 static int hf_ldap_message_length = -1;
66 static int hf_ldap_message_result = -1;
67 static int hf_ldap_message_result_matcheddn = -1;
68 static int hf_ldap_message_result_errormsg = -1;
69 static int hf_ldap_message_result_referral = -1;
71 static int hf_ldap_message_bind_version = -1;
72 static int hf_ldap_message_bind_dn = -1;
73 static int hf_ldap_message_bind_auth = -1;
74 static int hf_ldap_message_bind_auth_password = -1;
75 static int hf_ldap_message_bind_auth_mechanism = -1;
76 static int hf_ldap_message_bind_auth_credentials = -1;
77 static int hf_ldap_message_bind_server_credentials = -1;
79 static int hf_ldap_message_search_base = -1;
80 static int hf_ldap_message_search_scope = -1;
81 static int hf_ldap_message_search_deref = -1;
82 static int hf_ldap_message_search_sizeLimit = -1;
83 static int hf_ldap_message_search_timeLimit = -1;
84 static int hf_ldap_message_search_typesOnly = -1;
85 static int hf_ldap_message_search_filter = -1;
87 static int hf_ldap_message_dn = -1;
88 static int hf_ldap_message_attribute = -1;
89 static int hf_ldap_message_value = -1;
91 static int hf_ldap_message_modrdn_name = -1;
92 static int hf_ldap_message_modrdn_delete = -1;
93 static int hf_ldap_message_modrdn_superior = -1;
95 static int hf_ldap_message_compare = -1;
97 static int hf_ldap_message_modify_add = -1;
98 static int hf_ldap_message_modify_replace = -1;
99 static int hf_ldap_message_modify_delete = -1;
101 static int hf_ldap_message_abandon_msgid = -1;
103 static gint ett_ldap = -1;
104 static gint ett_ldap_message = -1;
105 static gint ett_ldap_gssapi_token = -1;
106 static gint ett_ldap_referrals = -1;
107 static gint ett_ldap_attribute = -1;
109 /* desegmentation of LDAP */
110 static gboolean ldap_desegment = TRUE;
112 #define TCP_PORT_LDAP 389
113 #define UDP_PORT_CLDAP 389
115 static dissector_handle_t gssapi_handle;
117 static value_string msgTypes [] = {
118 {LDAP_REQ_BIND, "Bind Request"},
119 {LDAP_REQ_UNBIND, "Unbind Request"},
120 {LDAP_REQ_SEARCH, "Search Request"},
121 {LDAP_REQ_MODIFY, "Modify Request"},
122 {LDAP_REQ_ADD, "Add Request"},
123 {LDAP_REQ_DELETE, "Delete Request"},
124 {LDAP_REQ_MODRDN, "Modify RDN Request"},
125 {LDAP_REQ_COMPARE, "Compare Request"},
126 {LDAP_REQ_ABANDON, "Abandon Request"},
127 {LDAP_REQ_EXTENDED, "Extended Request"},
129 {LDAP_RES_BIND, "Bind Result"},
130 {LDAP_RES_SEARCH_ENTRY, "Search Entry"},
131 {LDAP_RES_SEARCH_RESULT, "Search Result"},
132 {LDAP_RES_SEARCH_REF, "Search Result Reference"},
133 {LDAP_RES_MODIFY, "Modify Result"},
134 {LDAP_RES_ADD, "Add Result"},
135 {LDAP_RES_DELETE, "Delete Result"},
136 {LDAP_RES_MODRDN, "Modify RDN Result"},
137 {LDAP_RES_COMPARE, "Compare Result"},
138 {LDAP_REQ_EXTENDED, "Extended Response"},
142 static int read_length(ASN1_SCK *a, proto_tree *tree, int hf_id, guint *len)
145 gboolean def = FALSE;
146 int start = a->offset;
149 ret = asn1_length_decode(a, &def, &length);
150 if (ret != ASN1_ERR_NOERROR) {
152 proto_tree_add_text(tree, a->tvb, start, 0,
153 "%s: ERROR: Couldn't parse length: %s",
154 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
163 proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, length);
165 return ASN1_ERR_NOERROR;
168 static int read_sequence(ASN1_SCK *a, guint *len)
175 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
176 if (ret != ASN1_ERR_NOERROR)
178 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
179 return ASN1_ERR_WRONG_TYPE;
184 return ASN1_ERR_NOERROR;
187 static int read_set(ASN1_SCK *a, guint *len)
194 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
195 if (ret != ASN1_ERR_NOERROR)
197 if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SET)
198 return ASN1_ERR_WRONG_TYPE;
203 return ASN1_ERR_NOERROR;
206 static int read_integer_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
207 proto_item **new_item, guint *i, int start, guint length)
210 proto_item *temp_item = NULL;
213 ret = asn1_uint32_value_decode(a, length, &integer);
214 if (ret != ASN1_ERR_NOERROR) {
216 proto_tree_add_text(tree, a->tvb, start, 0,
217 "%s: ERROR: Couldn't parse value: %s",
218 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
227 temp_item = proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, integer);
230 *new_item = temp_item;
232 return ASN1_ERR_NOERROR;
235 static int read_integer(ASN1_SCK *a, proto_tree *tree, int hf_id,
236 proto_item **new_item, guint *i, guint expected_tag)
241 int start = a->offset;
244 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
245 if (ret == ASN1_ERR_NOERROR) {
246 if (cls != ASN1_UNI || con != ASN1_PRI || tag != expected_tag)
247 ret = ASN1_ERR_WRONG_TYPE;
249 if (ret != ASN1_ERR_NOERROR) {
251 proto_tree_add_text(tree, a->tvb, start, 0,
252 "%s: ERROR: Couldn't parse header: %s",
253 (hf_id != -1) ? proto_registrar_get_name(hf_id) : "LDAP message",
254 asn1_err_to_str(ret));
259 return read_integer_value(a, tree, hf_id, new_item, i, start, length);
262 static int read_boolean_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
263 proto_item **new_item, guint *i, int start, guint length)
266 proto_item *temp_item = NULL;
269 ret = asn1_uint32_value_decode(a, length, &integer);
270 if (ret != ASN1_ERR_NOERROR) {
272 proto_tree_add_text(tree, a->tvb, start, 0,
273 "%s: ERROR: Couldn't parse value: %s",
274 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
283 temp_item = proto_tree_add_boolean(tree, hf_id, a->tvb, start, a->offset-start, integer);
285 *new_item = temp_item;
287 return ASN1_ERR_NOERROR;
290 static int read_boolean(ASN1_SCK *a, proto_tree *tree, int hf_id,
291 proto_item **new_item, guint *i)
296 int start = a->offset;
299 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
300 if (ret == ASN1_ERR_NOERROR) {
301 if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_BOL)
302 ret = ASN1_ERR_WRONG_TYPE;
304 if (ret != ASN1_ERR_NOERROR) {
306 proto_tree_add_text(tree, a->tvb, start, 0,
307 "%s: ERROR: Couldn't parse header: %s",
308 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
313 return read_boolean_value(a, tree, hf_id, new_item, i, start, length);
316 static int read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
317 proto_item **new_item, char **s, int start, guint length)
320 proto_item *temp_item = NULL;
325 ret = asn1_string_value_decode(a, length, &string);
326 if (ret != ASN1_ERR_NOERROR) {
328 proto_tree_add_text(tree, a->tvb, start, 0,
329 "%s: ERROR: Couldn't parse value: %s",
330 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
334 string = g_realloc(string, length + 1);
335 string[length] = '\0';
341 temp_item = proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset - start, string);
343 *new_item = temp_item;
350 return ASN1_ERR_NOERROR;
353 static int read_string(ASN1_SCK *a, proto_tree *tree, int hf_id,
354 proto_item **new_item, char **s, guint expected_cls, guint expected_tag)
359 int start = a->offset;
362 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
363 if (ret == ASN1_ERR_NOERROR) {
364 if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
365 ret = ASN1_ERR_WRONG_TYPE;
367 if (ret != ASN1_ERR_NOERROR) {
369 proto_tree_add_text(tree, a->tvb, start, 0,
370 "%s: ERROR: Couldn't parse header: %s",
371 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
376 return read_string_value(a, tree, hf_id, new_item, s, start, length);
379 static int read_bytestring_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
380 proto_item **new_item, char **s, int start, guint length)
383 proto_item *temp_item = NULL;
388 ret = asn1_string_value_decode(a, length, &string);
389 if (ret != ASN1_ERR_NOERROR) {
391 proto_tree_add_text(tree, a->tvb, start, 0,
392 "%s: ERROR: Couldn't parse value: %s",
393 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
397 string = g_realloc(string, length + 1);
398 string[length] = '\0';
404 temp_item = proto_tree_add_bytes(tree, hf_id, a->tvb, start, a->offset - start, string);
406 *new_item = temp_item;
413 return ASN1_ERR_NOERROR;
416 static int read_bytestring(ASN1_SCK *a, proto_tree *tree, int hf_id,
417 proto_item **new_item, char **s, guint expected_cls, guint expected_tag)
422 int start = a->offset;
425 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
426 if (ret == ASN1_ERR_NOERROR) {
427 if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
428 ret = ASN1_ERR_WRONG_TYPE;
430 if (ret != ASN1_ERR_NOERROR) {
432 proto_tree_add_text(tree, a->tvb, start, 0,
433 "%s: ERROR: Couldn't parse header: %s",
434 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
439 return read_bytestring_value(a, tree, hf_id, new_item, s, start, length);
442 static int parse_filter_strings(ASN1_SCK *a, char **filter, guint *filter_length, const guchar *operation)
447 guint string2_length;
452 ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
453 if (ret != ASN1_ERR_NOERROR)
455 ret = asn1_octet_string_decode(a, &string2, &string2_length, &string_bytes);
456 if (ret != ASN1_ERR_NOERROR)
458 *filter_length += 2 + strlen(operation) + string_length + string2_length;
459 *filter = g_realloc(*filter, *filter_length);
460 filterp = *filter + strlen(*filter);
462 if (string_length != 0) {
463 memcpy(filterp, string, string_length);
464 filterp += string_length;
466 strcpy(filterp, operation);
467 filterp += strlen(operation);
468 if (string2_length != 0) {
469 memcpy(filterp, string2, string2_length);
470 filterp += string2_length;
476 return ASN1_ERR_NOERROR;
479 /* Richard Dawe: To parse substring filters, I added this function. */
480 static int parse_filter_substrings(ASN1_SCK *a, char **filter, guint *filter_length)
491 /* For ASN.1 parsing of octet strings */
497 ret = asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
498 if (ret != ASN1_ERR_NOERROR)
501 ret = asn1_sequence_decode(a, &seq_len, &header_bytes);
502 if (ret != ASN1_ERR_NOERROR)
505 *filter_length += 2 + 1 + string_length;
506 *filter = g_realloc(*filter, *filter_length);
508 filterp = *filter + strlen(*filter);
510 if (string_length != 0) {
511 memcpy(filterp, string, string_length);
512 filterp += string_length;
518 /* Now decode seq_len's worth of octet strings. */
520 end = a->offset + seq_len;
522 while (a->offset < end) {
523 /* Octet strings here are context-specific, which
524 * asn1_octet_string_decode() barfs on. Emulate it, but don't barf. */
525 ret = asn1_header_decode (a, &cls, &con, &tag, &def, &string_length);
526 if (ret != ASN1_ERR_NOERROR)
529 /* XXX - check the tag? */
530 if (cls != ASN1_CTX || con != ASN1_PRI) {
531 /* XXX - handle the constructed encoding? */
532 return ASN1_ERR_WRONG_TYPE;
535 return ASN1_ERR_LENGTH_NOT_DEFINITE;
537 ret = asn1_string_value_decode(a, (int) string_length, &string);
538 if (ret != ASN1_ERR_NOERROR)
541 /* If we have an 'any' component with a string value, we need to append
542 * an extra asterisk before final component. */
543 if ((tag == 1) && (string_length != 0))
546 if ( (tag == 1) || ((tag == 2) && any_valued) )
548 *filter_length += string_length;
549 *filter = g_realloc(*filter, *filter_length);
551 filterp = *filter + strlen(*filter);
552 if ( (tag == 1) || ((tag == 2) && any_valued) )
556 if (string_length != 0) {
557 memcpy(filterp, string, string_length);
558 filterp += string_length;
567 *filter = g_realloc(*filter, *filter_length);
568 filterp = *filter + strlen(*filter);
572 /* NB: Allocated byte for this earlier */
576 return ASN1_ERR_NOERROR;
579 /* Returns -1 if we're at the end, returns an ASN1_ERR value otherwise. */
580 static int parse_filter(ASN1_SCK *a, char **filter, guint *filter_length,
588 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
589 if (ret != ASN1_ERR_NOERROR)
594 *end = a->offset + length;
596 *filter = g_malloc0(*filter_length);
599 if (cls == ASN1_CTX) /* XXX - handle other types as errors? */
603 case LDAP_FILTER_AND:
608 return ASN1_ERR_WRONG_TYPE;
609 add_end = a->offset + length;
611 *filter = g_realloc(*filter, *filter_length);
612 strcat(*filter, "(&");
613 while ((ret = parse_filter(a, filter, filter_length, &add_end))
618 strcat(*filter, ")");
626 return ASN1_ERR_WRONG_TYPE;
627 or_end = a->offset + length;
629 *filter = g_realloc(*filter, *filter_length);
630 strcat(*filter, "(|");
631 while ((ret = parse_filter(a, filter, filter_length, &or_end))
636 strcat(*filter, ")");
639 case LDAP_FILTER_NOT:
644 return ASN1_ERR_WRONG_TYPE;
645 not_end = a->offset + length;
647 *filter = g_realloc(*filter, *filter_length);
648 strcat(*filter, "(!");
649 ret = parse_filter(a, filter, filter_length, ¬_end);
650 if (ret != -1 && ret != ASN1_ERR_NOERROR)
652 strcat(*filter, ")");
655 case LDAP_FILTER_EQUALITY:
657 return ASN1_ERR_WRONG_TYPE;
658 ret = parse_filter_strings(a, filter, filter_length, "=");
659 if (ret != ASN1_ERR_NOERROR)
664 return ASN1_ERR_WRONG_TYPE;
665 ret = parse_filter_strings(a, filter, filter_length, ">=");
666 if (ret != ASN1_ERR_NOERROR)
671 return ASN1_ERR_WRONG_TYPE;
672 ret = parse_filter_strings(a, filter, filter_length, "<=");
673 if (ret != -1 && ret != ASN1_ERR_NOERROR)
676 case LDAP_FILTER_APPROX:
678 return ASN1_ERR_WRONG_TYPE;
679 ret = parse_filter_strings(a, filter, filter_length, "~=");
680 if (ret != ASN1_ERR_NOERROR)
683 case LDAP_FILTER_PRESENT:
689 return ASN1_ERR_WRONG_TYPE;
690 ret = asn1_string_value_decode(a, length, &string);
691 if (ret != ASN1_ERR_NOERROR)
693 *filter_length += 4 + length;
694 *filter = g_realloc(*filter, *filter_length);
695 filterp = *filter + strlen(*filter);
698 memcpy(filterp, string, length);
708 case LDAP_FILTER_SUBSTRINGS:
710 return ASN1_ERR_WRONG_TYPE;
711 /* Richard Dawe: Handle substrings */
712 ret = parse_filter_substrings(a, filter, filter_length);
713 if (ret != ASN1_ERR_NOERROR)
717 return ASN1_ERR_WRONG_TYPE;
721 if (a->offset == *end)
727 static gboolean read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
729 int start = a->offset;
731 guint filter_length = 0;
735 while ((ret = parse_filter(a, &filter, &filter_length, &end))
741 proto_tree_add_text(tree, a->tvb, start, 0,
742 "%s: ERROR: Can't parse filter: %s",
743 proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
745 proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset-start, filter);
750 return (ret == -1) ? TRUE : FALSE;
753 /********************************************************************************************/
755 static void dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
757 guint resultCode = 0;
760 if (read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, ASN1_ENUM) != ASN1_ERR_NOERROR)
762 if (read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
764 if (read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
767 if (resultCode == 10) /* Referral */
769 int start = a->offset;
773 proto_tree *referralTree;
775 ret = read_sequence(a, &length);
776 if (ret != ASN1_ERR_NOERROR) {
778 proto_tree_add_text(tree, a->tvb, start, 0,
779 "ERROR: Couldn't parse referral URL sequence header: %s",
780 asn1_err_to_str(ret));
784 ti = proto_tree_add_text(tree, a->tvb, start, length, "Referral URLs");
785 referralTree = proto_item_add_subtree(ti, ett_ldap_referrals);
787 end = a->offset + length;
788 while (a->offset < end) {
789 if (read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
795 static void dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree,
796 tvbuff_t *tvb, packet_info *pinfo)
806 gint available_length, reported_length;
809 proto_tree *gtree = NULL;
811 if (read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
813 if (read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
817 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
818 if (ret == ASN1_ERR_NOERROR) {
819 if (cls != ASN1_CTX) {
820 /* RFCs 1777 and 2251 say these are context-specific types */
821 ret = ASN1_ERR_WRONG_TYPE;
824 if (ret != ASN1_ERR_NOERROR) {
825 proto_tree_add_text(tree, a->tvb, start, 0,
826 "%s: ERROR: Couldn't parse header: %s",
827 proto_registrar_get_name(hf_ldap_message_bind_auth),
828 asn1_err_to_str(ret));
831 proto_tree_add_uint(tree, hf_ldap_message_bind_auth, a->tvb, start,
832 a->offset - start, tag);
833 end = a->offset + length;
836 case LDAP_AUTH_SIMPLE:
837 if (read_string_value(a, tree, hf_ldap_message_bind_auth_password, NULL,
838 NULL, start, length) != ASN1_ERR_NOERROR)
842 /* For Kerberos V4, dissect it as a ticket. */
845 if (read_string(a, tree, hf_ldap_message_bind_auth_mechanism, NULL,
846 &mechanism, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
848 if (a->offset < end) {
849 if (strcmp(mechanism, "GSS-SPNEGO") == 0) {
851 * This is a GSS-API token.
852 * Find out how big it is by parsing the ASN.1 header for the
853 * OCTET STREAM that contains it.
855 token_offset = a->offset;
856 ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
857 if (ret != ASN1_ERR_NOERROR) {
858 proto_tree_add_text(tree, a->tvb, token_offset, 0,
859 "%s: ERROR: Couldn't parse header: %s",
860 proto_registrar_get_name(hf_ldap_message_bind_auth_credentials),
861 asn1_err_to_str(ret));
865 gitem = proto_tree_add_text(tree, tvb, token_offset,
866 (a->offset + length) - token_offset, "GSS-API Token");
867 gtree = proto_item_add_subtree(gitem, ett_ldap_gssapi_token);
869 available_length = tvb_length_remaining(tvb, token_offset);
870 reported_length = tvb_reported_length_remaining(tvb, token_offset);
871 g_assert(available_length >= 0);
872 g_assert(reported_length >= 0);
873 if (available_length > reported_length)
874 available_length = reported_length;
875 if ((guint)available_length > length)
876 available_length = length;
877 if ((guint)reported_length > length)
878 reported_length = length;
879 new_tvb = tvb_new_subset(tvb, a->offset, available_length, reported_length);
880 call_dissector(gssapi_handle, new_tvb, pinfo, gtree);
883 if (read_bytestring(a, tree, hf_ldap_message_bind_auth_credentials,
884 NULL, NULL, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
892 static void dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree,
893 int start, guint length)
897 end = start + length;
898 dissect_ldap_result(a, tree);
899 if (a->offset < end) {
900 if (read_bytestring(a, tree, hf_ldap_message_bind_server_credentials,
901 NULL, NULL, ASN1_CTX, 7) != ASN1_ERR_NOERROR)
906 static void dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
912 if (read_string(a, tree, hf_ldap_message_search_base, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
914 if (read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
916 if (read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
918 if (read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
920 if (read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
922 if (read_boolean(a, tree, hf_ldap_message_search_typesOnly, 0, 0) != ASN1_ERR_NOERROR)
924 if (!read_filter(a, tree, hf_ldap_message_search_filter))
926 ret = read_sequence(a, &seq_length);
927 if (ret != ASN1_ERR_NOERROR) {
929 proto_tree_add_text(tree, a->tvb, a->offset, 0,
930 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
931 asn1_err_to_str(ret));
935 end = a->offset + seq_length;
936 while (a->offset < end) {
937 if (read_string(a, tree, hf_ldap_message_attribute, 0, 0, ASN1_UNI,
938 ASN1_OTS) != ASN1_ERR_NOERROR)
943 static void dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
949 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
951 ret = read_sequence(a, &seq_length);
952 if (ret != ASN1_ERR_NOERROR) {
954 proto_tree_add_text(tree, a->tvb, a->offset, 0,
955 "ERROR: Couldn't parse search entry response sequence header: %s",
956 asn1_err_to_str(ret));
961 end_of_sequence = a->offset + seq_length;
962 while (a->offset < end_of_sequence)
965 proto_tree *attr_tree;
969 ret = read_sequence(a, 0);
970 if (ret != ASN1_ERR_NOERROR) {
972 proto_tree_add_text(tree, a->tvb, a->offset, 0,
973 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
974 asn1_err_to_str(ret));
978 if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
980 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
982 ret = read_set(a, &set_length);
983 if (ret != ASN1_ERR_NOERROR) {
985 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
986 "ERROR: Couldn't parse LDAP value set header: %s",
987 asn1_err_to_str(ret));
991 end_of_set = a->offset + set_length;
992 while (a->offset < end_of_set) {
993 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
994 ASN1_OTS) != ASN1_ERR_NOERROR)
1000 static void dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
1003 int end_of_sequence;
1006 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1009 ret = read_sequence(a, &seq_length);
1010 if (ret != ASN1_ERR_NOERROR) {
1012 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1013 "ERROR: Couldn't parse add request sequence header: %s",
1014 asn1_err_to_str(ret));
1019 end_of_sequence = a->offset + seq_length;
1020 while (a->offset < end_of_sequence)
1023 proto_tree *attr_tree;
1027 ret = read_sequence(a, 0);
1028 if (ret != ASN1_ERR_NOERROR) {
1030 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1031 "ERROR: Couldn't parse LDAP attribute sequence header: %s",
1032 asn1_err_to_str(ret));
1036 if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI,
1037 ASN1_OTS) != ASN1_ERR_NOERROR)
1039 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
1041 ret = read_set(a, &set_length);
1042 if (ret != ASN1_ERR_NOERROR) {
1044 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
1045 "ERROR: Couldn't parse LDAP value set header: %s",
1046 asn1_err_to_str(ret));
1050 end_of_set = a->offset + set_length;
1051 while (a->offset < end_of_set) {
1052 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1058 static void dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree,
1059 int start, guint length)
1061 read_string_value(a, tree, hf_ldap_message_dn, NULL, NULL, start, length);
1064 static void dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree,
1067 int start = a->offset;
1069 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1071 if (read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1073 if (read_boolean(a, tree, hf_ldap_message_modrdn_delete, 0, 0) != ASN1_ERR_NOERROR)
1076 if (a->offset < (int) (start + length)) {
1077 /* LDAP V3 Modify DN operation, with newSuperior */
1078 if (read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1083 static void dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
1092 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1094 ret = read_sequence(a, 0);
1095 if (ret != ASN1_ERR_NOERROR) {
1097 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1098 "ERROR: Couldn't parse compare request sequence header: %s",
1099 asn1_err_to_str(ret));
1105 ret = read_string(a, 0, -1, 0, &string1, ASN1_UNI, ASN1_OTS);
1106 if (ret != ASN1_ERR_NOERROR) {
1108 proto_tree_add_text(tree, a->tvb, start, 0,
1109 "ERROR: Couldn't parse compare type: %s", asn1_err_to_str(ret));
1113 ret = read_string(a, 0, -1, 0, &string2, ASN1_UNI, ASN1_OTS);
1114 if (ret != ASN1_ERR_NOERROR) {
1116 proto_tree_add_text(tree, a->tvb, start, 0,
1117 "ERROR: Couldn't parse compare value: %s", asn1_err_to_str(ret));
1122 length = 2 + strlen(string1) + strlen(string2);
1123 compare = g_malloc0(length);
1124 snprintf(compare, length, "%s=%s", string1, string2);
1125 proto_tree_add_string(tree, hf_ldap_message_compare, a->tvb, start,
1126 a->offset-start, compare);
1135 static void dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
1138 int end_of_sequence;
1141 if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1143 ret = read_sequence(a, &seq_length);
1144 if (ret != ASN1_ERR_NOERROR) {
1146 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1147 "ERROR: Couldn't parse modify request sequence header: %s",
1148 asn1_err_to_str(ret));
1152 end_of_sequence = a->offset + seq_length;
1153 while (a->offset < end_of_sequence)
1156 proto_tree *attr_tree;
1161 ret = read_sequence(a, 0);
1162 if (ret != ASN1_ERR_NOERROR) {
1164 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1165 "ERROR: Couldn't parse modify request item sequence header: %s",
1166 asn1_err_to_str(ret));
1170 ret = read_integer(a, 0, -1, 0, &operation, ASN1_ENUM);
1171 if (ret != ASN1_ERR_NOERROR) {
1173 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1174 "ERROR: Couldn't parse modify operation: %s",
1175 asn1_err_to_str(ret));
1179 ret = read_sequence(a, 0);
1180 if (ret != ASN1_ERR_NOERROR) {
1182 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1183 "ERROR: Couldn't parse modify request operation sequence header: %s",
1184 asn1_err_to_str(ret));
1192 if (read_string(a, tree, hf_ldap_message_modify_add, &ti, 0, ASN1_UNI,
1193 ASN1_OTS) != ASN1_ERR_NOERROR)
1197 case LDAP_MOD_REPLACE:
1198 if (read_string(a, tree, hf_ldap_message_modify_replace, &ti, 0,
1199 ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1203 case LDAP_MOD_DELETE:
1204 if (read_string(a, tree, hf_ldap_message_modify_delete, &ti, 0,
1205 ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
1210 proto_tree_add_text(tree, a->tvb, a->offset, 0,
1211 "Unknown LDAP modify operation (%u)", operation);
1214 attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
1216 ret = read_set(a, &set_length);
1217 if (ret != ASN1_ERR_NOERROR) {
1219 proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
1220 "ERROR: Couldn't parse LDAP value set header: %s",
1221 asn1_err_to_str(ret));
1225 end_of_set = a->offset + set_length;
1226 while (a->offset < end_of_set) {
1227 if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
1228 ASN1_OTS) != ASN1_ERR_NOERROR)
1234 static void dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree,
1235 int start, guint length)
1237 read_integer_value(a, tree, hf_ldap_message_abandon_msgid, NULL, NULL,
1242 dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
1244 proto_tree *ldap_tree = 0, *ti, *msg_tree;
1245 guint messageLength;
1248 guint protocolOpCls, protocolOpCon, protocolOpTag;
1253 gboolean first_time = TRUE;
1256 asn1_open(&a, tvb, 0);
1258 while (tvb_reported_length_remaining(tvb, a.offset) > 0)
1260 int message_id_start;
1261 int message_id_length;
1265 * XXX - should handle the initial sequence specifier split across
1266 * segment boundaries.
1268 message_start = a.offset;
1269 ret = read_sequence(&a, &messageLength);
1270 if (ret != ASN1_ERR_NOERROR)
1274 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1275 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
1276 if (check_col(pinfo->cinfo, COL_INFO))
1278 col_add_fstr(pinfo->cinfo, COL_INFO,
1279 "Invalid LDAP message (Can't parse sequence header: %s)",
1280 asn1_err_to_str(ret));
1285 ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start, -1,
1287 ldap_tree = proto_item_add_subtree(ti, ett_ldap);
1288 proto_tree_add_text(ldap_tree, tvb, message_start, -1,
1289 "Invalid LDAP message (Can't parse sequence header: %s)",
1290 asn1_err_to_str(ret));
1296 * Desegmentation check.
1298 if (ldap_desegment) {
1299 if (pinfo->can_desegment
1300 && messageLength > (guint)tvb_length_remaining(tvb, a.offset)) {
1302 * This frame doesn't have all of the data for this message,
1303 * but we can do reassembly on it.
1305 * Tell the TCP dissector where the data for this message
1306 * starts in the data it handed us, and how many more bytes
1307 * we need, and return.
1309 pinfo->desegment_offset = message_start;
1310 pinfo->desegment_len = messageLength -
1311 tvb_length_remaining(tvb, a.offset);
1315 next_offset = a.offset + messageLength;
1319 if (check_col(pinfo->cinfo, COL_PROTOCOL))
1320 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
1321 if (check_col(pinfo->cinfo, COL_INFO))
1322 col_clear(pinfo->cinfo, COL_INFO);
1327 ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start,
1328 next_offset - message_start, FALSE);
1329 ldap_tree = proto_item_add_subtree(ti, ett_ldap);
1332 message_id_start = a.offset;
1333 ret = read_integer(&a, 0, hf_ldap_message_id, 0, &messageId, ASN1_INT);
1334 if (ret != ASN1_ERR_NOERROR)
1336 if (first_time && check_col(pinfo->cinfo, COL_INFO))
1337 col_add_fstr(pinfo->cinfo, COL_INFO, "Invalid LDAP packet (Can't parse Message ID: %s)",
1338 asn1_err_to_str(ret));
1340 proto_tree_add_text(ldap_tree, tvb, message_id_start, 1,
1341 "Invalid LDAP packet (Can't parse Message ID: %s)",
1342 asn1_err_to_str(ret));
1345 message_id_length = a.offset - message_id_start;
1348 asn1_id_decode(&a, &protocolOpCls, &protocolOpCon, &protocolOpTag);
1349 if (protocolOpCls != ASN1_APL)
1350 typestr = "Bad message type (not Application)";
1352 typestr = val_to_str(protocolOpTag, msgTypes, "Unknown message type (%u)");
1356 if (check_col(pinfo->cinfo, COL_INFO))
1357 col_add_fstr(pinfo->cinfo, COL_INFO, "MsgId=%u MsgType=%s",
1358 messageId, typestr);
1364 proto_tree_add_uint_hidden(ldap_tree, hf_ldap_message_id, tvb, message_id_start, message_id_length, messageId);
1365 proto_tree_add_uint_hidden(ldap_tree, hf_ldap_message_type, tvb,
1366 start, a.offset - start, protocolOpTag);
1367 ti = proto_tree_add_text(ldap_tree, tvb, message_id_start, messageLength, "Message: Id=%u %s", messageId, typestr);
1368 msg_tree = proto_item_add_subtree(ti, ett_ldap_message);
1370 if (read_length(&a, msg_tree, hf_ldap_message_length, &opLen) != ASN1_ERR_NOERROR)
1373 if (protocolOpCls != ASN1_APL)
1375 proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
1380 switch (protocolOpTag)
1383 dissect_ldap_request_bind(&a, msg_tree, tvb, pinfo);
1385 case LDAP_REQ_UNBIND:
1386 /* Nothing to dissect */
1388 case LDAP_REQ_SEARCH:
1389 dissect_ldap_request_search(&a, msg_tree);
1391 case LDAP_REQ_MODIFY:
1392 dissect_ldap_request_modify(&a, msg_tree);
1395 dissect_ldap_request_add(&a, msg_tree);
1397 case LDAP_REQ_DELETE:
1398 dissect_ldap_request_delete(&a, msg_tree, start, opLen);
1400 case LDAP_REQ_MODRDN:
1401 dissect_ldap_request_modifyrdn(&a, msg_tree, opLen);
1403 case LDAP_REQ_COMPARE:
1404 dissect_ldap_request_compare(&a, msg_tree);
1406 case LDAP_REQ_ABANDON:
1407 dissect_ldap_request_abandon(&a, msg_tree, start, opLen);
1410 dissect_ldap_response_bind(&a, msg_tree, start, opLen);
1412 case LDAP_RES_SEARCH_ENTRY:
1413 dissect_ldap_response_search_entry(&a, msg_tree);
1415 case LDAP_RES_SEARCH_RESULT:
1416 case LDAP_RES_MODIFY:
1418 case LDAP_RES_DELETE:
1419 case LDAP_RES_MODRDN:
1420 case LDAP_RES_COMPARE:
1421 dissect_ldap_result(&a, msg_tree);
1424 proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
1425 "Unknown LDAP operation (%u)", protocolOpTag);
1432 * XXX - what if "a.offset" is past the offset of the next top-level
1433 * sequence? Show that as an error?
1435 a.offset = next_offset;
1440 proto_register_ldap(void)
1442 static value_string result_codes[] = {
1444 {1, "Operations error"},
1445 {2, "Protocol error"},
1446 {3, "Time limit exceeded"},
1447 {4, "Size limit exceeded"},
1448 {5, "Compare false"},
1449 {6, "Compare true"},
1450 {7, "Authentication method not supported"},
1451 {8, "Strong authentication required"},
1453 {11, "Administrative limit exceeded"},
1454 {12, "Unavailable critical extension"},
1455 {13, "Confidentiality required"},
1456 {14, "SASL bind in progress"},
1457 {16, "No such attribute"},
1458 {17, "Undefined attribute type"},
1459 {18, "Inappropriate matching"},
1460 {19, "Constraint violation"},
1461 {20, "Attribute or value exists"},
1462 {21, "Invalid attribute syntax"},
1463 {32, "No such object"},
1464 {33, "Alias problem"},
1465 {34, "Invalid DN syntax"},
1466 {36, "Alias derefetencing problem"},
1467 {48, "Inappropriate authentication"},
1468 {49, "Invalid credentials"},
1469 {50, "Insufficient access rights"},
1471 {52, "Unavailable"},
1472 {53, "Unwilling to perform"},
1473 {54, "Loop detected"},
1474 {64, "Naming violation"},
1475 {65, "Objectclass violation"},
1476 {66, "Not allowed on non-leaf"},
1477 {67, "Not allowed on RDN"},
1478 {68, "Entry already exists"},
1479 {69, "Objectclass modification prohibited"},
1480 {71, "Affects multiple DSAs"},
1485 static value_string auth_types[] = {
1486 {LDAP_AUTH_SIMPLE, "Simple"},
1487 {LDAP_AUTH_KRBV4LDAP, "Kerberos V4 to the LDAP server"},
1488 {LDAP_AUTH_KRBV4DSA, "Kerberos V4 to the DSA"},
1489 {LDAP_AUTH_SASL, "SASL"},
1493 static value_string search_scope[] = {
1500 static value_string search_dereference[] = {
1502 {0x01, "Searching"},
1503 {0x02, "Base Object"},
1508 static hf_register_info hf[] = {
1510 { "Length", "ldap.length",
1511 FT_UINT32, BASE_DEC, NULL, 0x0,
1512 "LDAP Length", HFILL }},
1514 { &hf_ldap_message_id,
1515 { "Message Id", "ldap.message_id",
1516 FT_UINT32, BASE_DEC, NULL, 0x0,
1517 "LDAP Message Id", HFILL }},
1518 { &hf_ldap_message_type,
1519 { "Message Type", "ldap.message_type",
1520 FT_UINT8, BASE_HEX, &msgTypes, 0x0,
1521 "LDAP Message Type", HFILL }},
1522 { &hf_ldap_message_length,
1523 { "Message Length", "ldap.message_length",
1524 FT_UINT32, BASE_DEC, NULL, 0x0,
1525 "LDAP Message Length", HFILL }},
1527 { &hf_ldap_message_result,
1528 { "Result Code", "ldap.result.code",
1529 FT_UINT8, BASE_HEX, result_codes, 0x0,
1530 "LDAP Result Code", HFILL }},
1531 { &hf_ldap_message_result_matcheddn,
1532 { "Matched DN", "ldap.result.matcheddn",
1533 FT_STRING, BASE_NONE, NULL, 0x0,
1534 "LDAP Result Matched DN", HFILL }},
1535 { &hf_ldap_message_result_errormsg,
1536 { "Error Message", "ldap.result.errormsg",
1537 FT_STRING, BASE_NONE, NULL, 0x0,
1538 "LDAP Result Error Message", HFILL }},
1539 { &hf_ldap_message_result_referral,
1540 { "Referral", "ldap.result.referral",
1541 FT_STRING, BASE_NONE, NULL, 0x0,
1542 "LDAP Result Referral URL", HFILL }},
1544 { &hf_ldap_message_bind_version,
1545 { "Version", "ldap.bind.version",
1546 FT_UINT32, BASE_DEC, NULL, 0x0,
1547 "LDAP Bind Version", HFILL }},
1548 { &hf_ldap_message_bind_dn,
1549 { "DN", "ldap.bind.dn",
1550 FT_STRING, BASE_NONE, NULL, 0x0,
1551 "LDAP Bind Distinguished Name", HFILL }},
1552 { &hf_ldap_message_bind_auth,
1553 { "Auth Type", "ldap.bind.auth_type",
1554 FT_UINT8, BASE_HEX, auth_types, 0x0,
1555 "LDAP Bind Auth Type", HFILL }},
1556 { &hf_ldap_message_bind_auth_password,
1557 { "Password", "ldap.bind.password",
1558 FT_STRING, BASE_NONE, NULL, 0x0,
1559 "LDAP Bind Password", HFILL }},
1560 { &hf_ldap_message_bind_auth_mechanism,
1561 { "Mechanism", "ldap.bind.mechanism",
1562 FT_STRING, BASE_NONE, NULL, 0x0,
1563 "LDAP Bind Mechanism", HFILL }},
1564 { &hf_ldap_message_bind_auth_credentials,
1565 { "Credentials", "ldap.bind.credentials",
1566 FT_BYTES, BASE_NONE, NULL, 0x0,
1567 "LDAP Bind Credentials", HFILL }},
1568 { &hf_ldap_message_bind_server_credentials,
1569 { "Server Credentials", "ldap.bind.server_credentials",
1570 FT_BYTES, BASE_NONE, NULL, 0x0,
1571 "LDAP Bind Server Credentials", HFILL }},
1573 { &hf_ldap_message_search_base,
1574 { "Base DN", "ldap.search.basedn",
1575 FT_STRING, BASE_NONE, NULL, 0x0,
1576 "LDAP Search Base Distinguished Name", HFILL }},
1577 { &hf_ldap_message_search_scope,
1578 { "Scope", "ldap.search.scope",
1579 FT_UINT8, BASE_HEX, search_scope, 0x0,
1580 "LDAP Search Scope", HFILL }},
1581 { &hf_ldap_message_search_deref,
1582 { "Dereference", "ldap.search.dereference",
1583 FT_UINT8, BASE_HEX, search_dereference, 0x0,
1584 "LDAP Search Dereference", HFILL }},
1585 { &hf_ldap_message_search_sizeLimit,
1586 { "Size Limit", "ldap.search.sizelimit",
1587 FT_UINT32, BASE_DEC, NULL, 0x0,
1588 "LDAP Search Size Limit", HFILL }},
1589 { &hf_ldap_message_search_timeLimit,
1590 { "Time Limit", "ldap.search.timelimit",
1591 FT_UINT32, BASE_DEC, NULL, 0x0,
1592 "LDAP Search Time Limit", HFILL }},
1593 { &hf_ldap_message_search_typesOnly,
1594 { "Attributes Only", "ldap.search.typesonly",
1595 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1596 "LDAP Search Attributes Only", HFILL }},
1597 { &hf_ldap_message_search_filter,
1598 { "Filter", "ldap.search.filter",
1599 FT_STRING, BASE_NONE, NULL, 0x0,
1600 "LDAP Search Filter", HFILL }},
1601 { &hf_ldap_message_dn,
1602 { "Distinguished Name", "ldap.dn",
1603 FT_STRING, BASE_NONE, NULL, 0x0,
1604 "LDAP Distinguished Name", HFILL }},
1605 { &hf_ldap_message_attribute,
1606 { "Attribute", "ldap.attribute",
1607 FT_STRING, BASE_NONE, NULL, 0x0,
1608 "LDAP Attribute", HFILL }},
1610 * XXX - not all LDAP values are text strings; we'd need a file
1611 * describing which values (by name) are text strings and which are
1614 * Some values that are, at least in Microsoft's schema, binary
1618 * nTSecurityDescriptor
1621 { &hf_ldap_message_value,
1622 { "Value", "ldap.value",
1623 FT_STRING, BASE_NONE, NULL, 0x0,
1624 "LDAP Value", HFILL }},
1626 { &hf_ldap_message_modrdn_name,
1627 { "New Name", "ldap.modrdn.name",
1628 FT_STRING, BASE_NONE, NULL, 0x0,
1629 "LDAP New Name", HFILL }},
1630 { &hf_ldap_message_modrdn_delete,
1631 { "Delete Values", "ldap.modrdn.delete",
1632 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
1633 "LDAP Modify RDN - Delete original values", HFILL }},
1634 { &hf_ldap_message_modrdn_superior,
1635 { "New Location", "ldap.modrdn.superior",
1636 FT_STRING, BASE_NONE, NULL, 0x0,
1637 "LDAP Modify RDN - New Location", HFILL }},
1639 { &hf_ldap_message_compare,
1640 { "Test", "ldap.compare.test",
1641 FT_STRING, BASE_NONE, NULL, 0x0,
1642 "LDAP Compare Test", HFILL }},
1644 { &hf_ldap_message_modify_add,
1645 { "Add", "ldap.modify.add",
1646 FT_STRING, BASE_NONE, NULL, 0x0,
1647 "LDAP Add", HFILL }},
1648 { &hf_ldap_message_modify_replace,
1649 { "Replace", "ldap.modify.replace",
1650 FT_STRING, BASE_NONE, NULL, 0x0,
1651 "LDAP Replace", HFILL }},
1652 { &hf_ldap_message_modify_delete,
1653 { "Delete", "ldap.modify.delete",
1654 FT_STRING, BASE_NONE, NULL, 0x0,
1655 "LDAP Delete", HFILL }},
1657 { &hf_ldap_message_abandon_msgid,
1658 { "Abandon Msg Id", "ldap.abandon.msgid",
1659 FT_UINT32, BASE_DEC, NULL, 0x0,
1660 "LDAP Abandon Msg Id", HFILL }},
1663 static gint *ett[] = {
1666 &ett_ldap_gssapi_token,
1667 &ett_ldap_referrals,
1670 module_t *ldap_module;
1672 proto_ldap = proto_register_protocol("Lightweight Directory Access Protocol",
1674 proto_register_field_array(proto_ldap, hf, array_length(hf));
1675 proto_register_subtree_array(ett, array_length(ett));
1677 ldap_module = prefs_register_protocol(proto_ldap, NULL);
1678 prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
1679 "Desegment all LDAP messages spanning multiple TCP segments",
1680 "Whether the LDAP dissector should desegment all messages spanning multiple TCP segments",
1685 proto_reg_handoff_ldap(void)
1687 dissector_handle_t ldap_handle;
1689 ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);
1690 dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);
1691 dissector_add("udp.port", UDP_PORT_CLDAP, ldap_handle);
1693 gssapi_handle = find_dissector("gssapi");