/* packet-ldap.c
* Routines for ldap packet dissection
*
- * $Id: packet-ldap.c,v 1.28 2001/10/26 18:28:16 gram Exp $
+ * $Id: packet-ldap.c,v 1.41 2002/03/31 22:17:37 guy Exp $
*
* Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@zing.org>
+ * By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
# include "snprintf.h"
#endif
-#include "packet.h"
+#include <epan/packet.h>
#include "packet-ldap.h"
#include "asn1.h"
+#include "prefs.h"
static int proto_ldap = -1;
static int hf_ldap_length = -1;
static gint ett_ldap_referrals = -1;
static gint ett_ldap_attribute = -1;
+/* desegmentation of LDAP */
+static gboolean ldap_desegment = TRUE;
+
#define TCP_PORT_LDAP 389
static value_string msgTypes [] = {
guint length = 0;
gboolean def = FALSE;
int start = a->offset;
+ int ret;
- asn1_length_decode(a, &def, &length);
+ ret = asn1_length_decode(a, &def, &length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse length: %s",
+ proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
+ }
+ return ret;
+ }
if (len)
*len = length;
if (tree)
proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, length);
- return 0;
+ return ASN1_ERR_NOERROR;
}
static int read_sequence(ASN1_SCK *a, guint *len)
guint cls, con, tag;
gboolean def;
guint length;
+ int ret;
- if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
- return 1;
+ ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
+ if (ret != ASN1_ERR_NOERROR)
+ return ret;
if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
- return 1;
+ return ASN1_ERR_WRONG_TYPE;
if (len)
*len = length;
- return 0;
+ return ASN1_ERR_NOERROR;
}
static int read_set(ASN1_SCK *a, guint *len)
guint cls, con, tag;
gboolean def;
guint length;
+ int ret;
- if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
- return 1;
+ ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
+ if (ret != ASN1_ERR_NOERROR)
+ return ret;
if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SET)
- return 1;
+ return ASN1_ERR_WRONG_TYPE;
if (len)
*len = length;
- return 0;
+ return ASN1_ERR_NOERROR;
}
static int read_integer_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
- proto_tree **new_tree, guint *i, int start, guint length)
+ proto_item **new_item, guint *i, int start, guint length)
{
guint integer = 0;
+ proto_item *temp_item = NULL;
+ int ret;
- asn1_uint32_value_decode(a, length, &integer);
+ ret = asn1_uint32_value_decode(a, length, &integer);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse value: %s",
+ proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
+ }
+ return ret;
+ }
if (i)
*i = integer;
if (tree)
- {
- proto_tree *temp_tree = 0;
- temp_tree = proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, integer);
- if (new_tree)
- *new_tree = temp_tree;
- }
+ temp_item = proto_tree_add_uint(tree, hf_id, a->tvb, start, a->offset-start, integer);
+
+ if (new_item)
+ *new_item = temp_item;
- return 0;
+ return ASN1_ERR_NOERROR;
}
static int read_integer(ASN1_SCK *a, proto_tree *tree, int hf_id,
- proto_tree **new_tree, guint *i, guint expected_tag)
+ proto_item **new_item, guint *i, guint expected_tag)
{
guint cls, con, tag;
gboolean def;
guint length;
int start = a->offset;
+ int ret;
- if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
- return 1;
- if (cls != ASN1_UNI || con != ASN1_PRI || tag != expected_tag)
- return 1;
+ ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
+ if (ret == ASN1_ERR_NOERROR) {
+ if (cls != ASN1_UNI || con != ASN1_PRI || tag != expected_tag)
+ ret = ASN1_ERR_WRONG_TYPE;
+ }
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse header: %s",
+ (hf_id != -1) ? proto_registrar_get_name(hf_id) : "LDAP message",
+ asn1_err_to_str(ret));
+ }
+ return ret;
+ }
- return read_integer_value(a, tree, hf_id, new_tree, i, start, length);
+ return read_integer_value(a, tree, hf_id, new_item, i, start, length);
}
static int read_boolean_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
- proto_tree **new_tree, guint *i, int start, guint length)
+ proto_item **new_item, guint *i, int start, guint length)
{
guint integer = 0;
+ proto_item *temp_item = NULL;
+ int ret;
- asn1_uint32_value_decode(a, length, &integer);
+ ret = asn1_uint32_value_decode(a, length, &integer);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse value: %s",
+ proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
+ }
+ return ret;
+ }
if (i)
*i = integer;
if (tree)
- {
- proto_tree *temp_tree = 0;
- temp_tree = proto_tree_add_boolean(tree, hf_id, a->tvb, start, a->offset-start, integer);
- if (new_tree)
- *new_tree = temp_tree;
- }
+ temp_item = proto_tree_add_boolean(tree, hf_id, a->tvb, start, a->offset-start, integer);
+ if (new_item)
+ *new_item = temp_item;
- return 0;
+ return ASN1_ERR_NOERROR;
}
static int read_boolean(ASN1_SCK *a, proto_tree *tree, int hf_id,
- proto_tree **new_tree, guint *i)
+ proto_item **new_item, guint *i)
{
guint cls, con, tag;
gboolean def;
guint length;
int start = a->offset;
+ int ret;
- if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
- return 1;
- if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_BOL)
- return 1;
+ ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
+ if (ret == ASN1_ERR_NOERROR) {
+ if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_BOL)
+ ret = ASN1_ERR_WRONG_TYPE;
+ }
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse header: %s",
+ proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
+ }
+ return ret;
+ }
- return read_boolean_value(a, tree, hf_id, new_tree, i, start, length);
+ return read_boolean_value(a, tree, hf_id, new_item, i, start, length);
}
-static void read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
- proto_tree **new_tree, char **s, int start, guint length)
+static int read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
+ proto_item **new_item, char **s, int start, guint length)
{
guchar *string;
+ proto_item *temp_item = NULL;
+ int ret;
if (length)
{
- asn1_string_value_decode(a, length, &string);
+ ret = asn1_string_value_decode(a, length, &string);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse value: %s",
+ proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
+ }
+ return ret;
+ }
string = g_realloc(string, length + 1);
string[length] = '\0';
}
string = "(null)";
if (tree)
- {
- proto_tree *temp_tree;
- temp_tree = proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset - start, string);
- if (new_tree)
- *new_tree = temp_tree;
- }
+ temp_item = proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset - start, string);
+ if (new_item)
+ *new_item = temp_item;
if (s && length)
*s = string;
else if (length)
g_free(string);
+
+ return ASN1_ERR_NOERROR;
}
static int read_string(ASN1_SCK *a, proto_tree *tree, int hf_id,
- proto_tree **new_tree, char **s, guint expected_cls, guint expected_tag)
+ proto_item **new_item, char **s, guint expected_cls, guint expected_tag)
{
guint cls, con, tag;
gboolean def;
int ret;
ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
- if (ret != ASN1_ERR_NOERROR)
+ if (ret == ASN1_ERR_NOERROR) {
+ if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
+ ret = ASN1_ERR_WRONG_TYPE;
+ }
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse header: %s",
+ proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
+ }
return ret;
- if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
- return ASN1_ERR_WRONG_TYPE;
+ }
- read_string_value(a, tree, hf_id, new_tree, s, start, length);
- return ASN1_ERR_NOERROR;
+ return read_string_value(a, tree, hf_id, new_item, s, start, length);
}
static int parse_filter_strings(ASN1_SCK *a, char **filter, guint *filter_length, const guchar *operation)
if (con != ASN1_CON)
return ASN1_ERR_WRONG_TYPE;
ret = parse_filter_strings(a, filter, filter_length, "=");
- if (ret != -1 && ret != ASN1_ERR_NOERROR)
+ if (ret != ASN1_ERR_NOERROR)
return ret;
break;
case LDAP_FILTER_GE:
if (con != ASN1_CON)
return ASN1_ERR_WRONG_TYPE;
ret = parse_filter_strings(a, filter, filter_length, ">=");
- if (ret != -1 && ret != ASN1_ERR_NOERROR)
+ if (ret != ASN1_ERR_NOERROR)
return ret;
break;
case LDAP_FILTER_LE:
if (con != ASN1_CON)
return ASN1_ERR_WRONG_TYPE;
ret = parse_filter_strings(a, filter, filter_length, "~=");
- if (ret != -1 && ret != ASN1_ERR_NOERROR)
+ if (ret != ASN1_ERR_NOERROR)
return ret;
break;
case LDAP_FILTER_PRESENT:
return ASN1_ERR_WRONG_TYPE;
/* Richard Dawe: Handle substrings */
ret = parse_filter_substrings(a, filter, filter_length);
- if (ret != -1 && ret != ASN1_ERR_NOERROR)
+ if (ret != ASN1_ERR_NOERROR)
return ret;
break;
default:
return ret;
}
-static int read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
+static gboolean read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
{
int start = a->offset;
char *filter = 0;
if (tree) {
if (ret != -1) {
proto_tree_add_text(tree, a->tvb, start, 0,
- "Error parsing filter (%d)", ret);
+ "%s: ERROR: Can't parse filter: %s",
+ proto_registrar_get_name(hf_id), asn1_err_to_str(ret));
} else
proto_tree_add_string(tree, hf_id, a->tvb, start, a->offset-start, filter);
}
g_free(filter);
- return 0;
+ return (ret == -1) ? TRUE : FALSE;
}
/********************************************************************************************/
-static int dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
{
guint resultCode = 0;
+ int ret;
- read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, ASN1_ENUM);
- read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, ASN1_UNI, ASN1_OTS);
- read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, ASN1_UNI, ASN1_OTS);
+ if (read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, ASN1_ENUM) != ASN1_ERR_NOERROR)
+ return;
+ if (read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ if (read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
if (resultCode == 10) /* Referral */
{
int start = a->offset;
int end;
guint length;
- proto_tree *t, *referralTree;
+ proto_item *ti;
+ proto_tree *referralTree;
- read_sequence(a, &length);
- t = proto_tree_add_text(tree, a->tvb, start, length, "Referral URLs");
- referralTree = proto_item_add_subtree(t, ett_ldap_referrals);
+ ret = read_sequence(a, &length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "ERROR: Couldn't parse referral URL sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
+ ti = proto_tree_add_text(tree, a->tvb, start, length, "Referral URLs");
+ referralTree = proto_item_add_subtree(ti, ett_ldap_referrals);
end = a->offset + length;
- while (a->offset < end)
- read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, ASN1_UNI, ASN1_OTS);
+ while (a->offset < end) {
+ if (read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ }
}
-
- return 0;
}
-static int dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree)
{
guint cls, con, tag;
guint def, length;
int start;
+ int ret;
- read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT);
- read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, ASN1_UNI, ASN1_OTS);
+ if (read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
+ return;
+ if (read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
start = a->offset;
- if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
- return 1; /* XXX - right return value for an error? */
- if (cls != ASN1_CTX)
- return 1; /* RFCs 1777 and 2251 say these are context-specific types */
+ ret = asn1_header_decode(a, &cls, &con, &tag, &def, &length);
+ if (ret == ASN1_ERR_NOERROR) {
+ if (cls != ASN1_CTX) {
+ /* RFCs 1777 and 2251 say these are context-specific types */
+ ret = ASN1_ERR_WRONG_TYPE;
+ }
+ }
+ if (ret != ASN1_ERR_NOERROR) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "%s: ERROR: Couldn't parse header: %s",
+ proto_registrar_get_name(hf_ldap_message_bind_auth),
+ asn1_err_to_str(ret));
+ return;
+ }
proto_tree_add_uint(tree, hf_ldap_message_bind_auth, a->tvb, start,
a->offset - start, tag);
switch (tag)
{
case LDAP_AUTH_SIMPLE:
- read_string_value(a, tree, hf_ldap_message_bind_auth_password, NULL, NULL,
- start, length);
+ if (read_string_value(a, tree, hf_ldap_message_bind_auth_password, NULL,
+ NULL, start, length) != ASN1_ERR_NOERROR)
+ return;
break;
/* For Kerberos V4, dissect it as a ticket. */
/* For SASL, dissect it as SaslCredentials. */
}
-
- return 0;
}
-static int dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree)
{
- dissect_ldap_result(a, tree);
/* FIXME: handle SASL data */
- return 0;
+ dissect_ldap_result(a, tree);
}
-static int dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
int end;
int ret;
- read_string(a, tree, hf_ldap_message_search_base, 0, 0, ASN1_UNI, ASN1_OTS);
- read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, ASN1_ENUM);
- read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, ASN1_ENUM);
- read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, ASN1_INT);
- read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, ASN1_INT);
- read_boolean(a, tree, hf_ldap_message_search_typesOnly, 0, 0);
- ret = read_filter(a, tree, hf_ldap_message_search_filter);
- if (ret != ASN1_ERR_NOERROR)
- return ret;
- read_sequence(a, &seq_length);
+ if (read_string(a, tree, hf_ldap_message_search_base, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ if (read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
+ return;
+ if (read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, ASN1_ENUM) != ASN1_ERR_NOERROR)
+ return;
+ if (read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
+ return;
+ if (read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, ASN1_INT) != ASN1_ERR_NOERROR)
+ return;
+ if (read_boolean(a, tree, hf_ldap_message_search_typesOnly, 0, 0) != ASN1_ERR_NOERROR)
+ return;
+ if (!read_filter(a, tree, hf_ldap_message_search_filter))
+ return;
+ ret = read_sequence(a, &seq_length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse LDAP attribute sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
end = a->offset + seq_length;
while (a->offset < end) {
- ret = read_string(a, tree, hf_ldap_message_attribute, 0, 0, ASN1_UNI, ASN1_OTS);
- if (ret != ASN1_ERR_NOERROR)
- return ret;
+ if (read_string(a, tree, hf_ldap_message_attribute, 0, 0, ASN1_UNI,
+ ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
}
- return ASN1_ERR_NOERROR;
}
-static int dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
int end_of_sequence;
+ int ret;
- read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
- read_sequence(a, &seq_length);
+ if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ ret = read_sequence(a, &seq_length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse search entry response sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
end_of_sequence = a->offset + seq_length;
while (a->offset < end_of_sequence)
{
- proto_tree *t, *attr_tree;
+ proto_item *ti;
+ proto_tree *attr_tree;
guint set_length;
int end_of_set;
- read_sequence(a, 0);
- read_string(a, tree, hf_ldap_message_attribute, &t, 0, ASN1_UNI, ASN1_OTS);
- attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
-
- read_set(a, &set_length);
+ ret = read_sequence(a, 0);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse LDAP attribute sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
+ if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
+
+ ret = read_set(a, &set_length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse LDAP value set header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
end_of_set = a->offset + set_length;
- while (a->offset < end_of_set)
- read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
+ while (a->offset < end_of_set) {
+ if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
+ ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ }
}
-
- return 0;
}
-static int dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
int end_of_sequence;
+ int ret;
- read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
+ if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+
+ ret = read_sequence(a, &seq_length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse add request sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
- read_sequence(a, &seq_length);
end_of_sequence = a->offset + seq_length;
while (a->offset < end_of_sequence)
{
- proto_tree *t, *attr_tree;
+ proto_item *ti;
+ proto_tree *attr_tree;
guint set_length;
int end_of_set;
- read_sequence(a, 0);
- read_string(a, tree, hf_ldap_message_attribute, &t, 0, ASN1_UNI, ASN1_OTS);
- attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
-
- read_set(a, &set_length);
+ ret = read_sequence(a, 0);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse LDAP attribute sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
+ if (read_string(a, tree, hf_ldap_message_attribute, &ti, 0, ASN1_UNI,
+ ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
+
+ ret = read_set(a, &set_length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse LDAP value set header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
end_of_set = a->offset + set_length;
- while (a->offset < end_of_set)
- read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
+ while (a->offset < end_of_set) {
+ if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ }
}
-
- return 0;
}
-static int dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree,
+static void dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree,
int start, guint length)
{
read_string_value(a, tree, hf_ldap_message_dn, NULL, NULL, start, length);
- return 0;
}
-static int dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree,
+static void dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree,
guint length)
{
int start = a->offset;
- read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
- read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, ASN1_UNI, ASN1_OTS);
- read_boolean(a, tree, hf_ldap_message_modrdn_delete, 0, 0);
+ if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ if (read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ if (read_boolean(a, tree, hf_ldap_message_modrdn_delete, 0, 0) != ASN1_ERR_NOERROR)
+ return;
if (a->offset < (int) (start + length)) {
/* LDAP V3 Modify DN operation, with newSuperior */
- read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, ASN1_UNI, ASN1_OTS);
+ if (read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
}
-
- return 0;
}
-static int dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
{
int start;
int length;
char *string1 = 0;
char *string2 = 0;
char *compare;
+ int ret;
- read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
- read_sequence(a, 0);
+ if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ ret = read_sequence(a, 0);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse compare request sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
start = a->offset;
- read_string(a, 0, -1, 0, &string1, ASN1_UNI, ASN1_OTS);
- read_string(a, 0, -1, 0, &string2, ASN1_UNI, ASN1_OTS);
-
- if (string1 == 0 && string2 == 0) /* read_string failed */
- return 1;
+ ret = read_string(a, 0, -1, 0, &string1, ASN1_UNI, ASN1_OTS);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "ERROR: Couldn't parse compare type: %s", asn1_err_to_str(ret));
+ }
+ return;
+ }
+ ret = read_string(a, 0, -1, 0, &string2, ASN1_UNI, ASN1_OTS);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, start, 0,
+ "ERROR: Couldn't parse compare value: %s", asn1_err_to_str(ret));
+ }
+ return;
+ }
length = 2 + strlen(string1) + strlen(string2);
compare = g_malloc0(length);
g_free(string2);
g_free(compare);
- return 0;
+ return;
}
-static int dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
+static void dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
int end_of_sequence;
+ int ret;
- read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
- read_sequence(a, &seq_length);
+ if (read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ ret = read_sequence(a, &seq_length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse modify request sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
end_of_sequence = a->offset + seq_length;
while (a->offset < end_of_sequence)
{
- proto_tree *t = 0, *attr_tree;
+ proto_item *ti;
+ proto_tree *attr_tree;
guint set_length;
int end_of_set;
guint operation;
- read_sequence(a, 0);
- read_integer(a, 0, -1, 0, &operation, ASN1_ENUM);
- read_sequence(a, 0);
+ ret = read_sequence(a, 0);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse modify request item sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
+ ret = read_integer(a, 0, -1, 0, &operation, ASN1_ENUM);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse modify operation: %s",
+ asn1_err_to_str(ret));
+ return;
+ }
+ }
+ ret = read_sequence(a, 0);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse modify request operation sequence header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
switch (operation)
{
case LDAP_MOD_ADD:
- read_string(a, tree, hf_ldap_message_modify_add, &t, 0, ASN1_UNI, ASN1_OTS);
+ if (read_string(a, tree, hf_ldap_message_modify_add, &ti, 0, ASN1_UNI,
+ ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
break;
+
case LDAP_MOD_REPLACE:
- read_string(a, tree, hf_ldap_message_modify_replace, &t, 0, ASN1_UNI, ASN1_OTS);
+ if (read_string(a, tree, hf_ldap_message_modify_replace, &ti, 0,
+ ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
break;
+
case LDAP_MOD_DELETE:
- read_string(a, tree, hf_ldap_message_modify_delete, &t, 0, ASN1_UNI, ASN1_OTS);
+ if (read_string(a, tree, hf_ldap_message_modify_delete, &ti, 0,
+ ASN1_UNI, ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
break;
- }
- attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
- read_set(a, &set_length);
+ default:
+ proto_tree_add_text(tree, a->tvb, a->offset, 0,
+ "Unknown LDAP modify operation (%u)", operation);
+ return;
+ }
+ attr_tree = proto_item_add_subtree(ti, ett_ldap_attribute);
+
+ ret = read_set(a, &set_length);
+ if (ret != ASN1_ERR_NOERROR) {
+ if (tree) {
+ proto_tree_add_text(attr_tree, a->tvb, a->offset, 0,
+ "ERROR: Couldn't parse LDAP value set header: %s",
+ asn1_err_to_str(ret));
+ }
+ return;
+ }
end_of_set = a->offset + set_length;
- while (a->offset < end_of_set)
- read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
+ while (a->offset < end_of_set) {
+ if (read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI,
+ ASN1_OTS) != ASN1_ERR_NOERROR)
+ return;
+ }
}
-
- return 0;
}
-static int dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree,
+static void dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree,
int start, guint length)
{
read_integer_value(a, tree, hf_ldap_message_abandon_msgid, NULL, NULL,
- start, length);
- return 0;
+ start, length);
}
static void
dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- int offset = 0;
proto_tree *ldap_tree = 0, *ti, *msg_tree;
guint messageLength;
guint messageId;
+ int next_offset;
guint protocolOpCls, protocolOpCon, protocolOpTag;
gchar *typestr;
guint opLen;
ASN1_SCK a;
int start;
- int first_time = 1;
+ gboolean first_time = TRUE;
int ret;
- if (check_col(pinfo->fd, COL_PROTOCOL))
- col_set_str(pinfo->fd, COL_PROTOCOL, "LDAP");
- if (check_col(pinfo->fd, COL_INFO))
- col_clear(pinfo->fd, COL_INFO);
-
- if (tree)
- {
- ti = proto_tree_add_item(tree, proto_ldap, tvb, offset, tvb_length(tvb),
- FALSE);
- ldap_tree = proto_item_add_subtree(ti, ett_ldap);
- }
-
asn1_open(&a, tvb, 0);
- while (tvb_reported_length_remaining(tvb, offset) > 0)
+ while (tvb_reported_length_remaining(tvb, a.offset) > 0)
{
int message_id_start;
int message_id_length;
int message_start;
+ /*
+ * XXX - should handle the initial sequence specifier split across
+ * segment boundaries.
+ */
message_start = a.offset;
- if (read_sequence(&a, &messageLength))
+ ret = read_sequence(&a, &messageLength);
+ if (ret != ASN1_ERR_NOERROR)
{
- if (first_time && check_col(pinfo->fd, COL_INFO))
- col_set_str(pinfo->fd, COL_INFO, "Invalid LDAP packet");
- if (ldap_tree)
- proto_tree_add_text(ldap_tree, tvb, offset, 1, "Invalid LDAP packet");
+ if (first_time)
+ {
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
+ if (check_col(pinfo->cinfo, COL_INFO))
+ {
+ col_add_fstr(pinfo->cinfo, COL_INFO,
+ "Invalid LDAP message (Can't parse sequence header: %s)",
+ asn1_err_to_str(ret));
+ }
+ }
+ if (tree)
+ {
+ ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start, -1,
+ FALSE);
+ ldap_tree = proto_item_add_subtree(ti, ett_ldap);
+ proto_tree_add_text(ldap_tree, tvb, message_start, -1,
+ "Invalid LDAP message (Can't parse sequence header: %s)",
+ asn1_err_to_str(ret));
+ }
break;
}
+ /*
+ * Desegmentation check.
+ */
+ if (ldap_desegment) {
+ if (pinfo->can_desegment
+ && messageLength > (guint)tvb_length_remaining(tvb, a.offset)) {
+ /*
+ * This frame doesn't have all of the data for this message,
+ * but we can do reassembly on it.
+ *
+ * Tell the TCP dissector where the data for this message
+ * starts in the data it handed us, and how many more bytes
+ * we need, and return.
+ */
+ pinfo->desegment_offset = message_start;
+ pinfo->desegment_len = messageLength -
+ tvb_length_remaining(tvb, a.offset);
+ return;
+ }
+ }
+ next_offset = a.offset + messageLength;
+
+ if (first_time)
+ {
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "LDAP");
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_clear(pinfo->cinfo, COL_INFO);
+ }
+
+ if (tree)
+ {
+ ti = proto_tree_add_item(tree, proto_ldap, tvb, message_start,
+ next_offset - message_start, FALSE);
+ ldap_tree = proto_item_add_subtree(ti, ett_ldap);
+ }
+
message_id_start = a.offset;
- if (read_integer(&a, 0, -1, 0, &messageId, ASN1_INT))
+ ret = read_integer(&a, 0, hf_ldap_message_id, 0, &messageId, ASN1_INT);
+ if (ret != ASN1_ERR_NOERROR)
{
- if (first_time && check_col(pinfo->fd, COL_INFO))
- col_set_str(pinfo->fd, COL_INFO, "Invalid LDAP packet (No Message ID)");
+ if (first_time && check_col(pinfo->cinfo, COL_INFO))
+ col_add_fstr(pinfo->cinfo, COL_INFO, "Invalid LDAP packet (Can't parse Message ID: %s)",
+ asn1_err_to_str(ret));
if (ldap_tree)
proto_tree_add_text(ldap_tree, tvb, message_id_start, 1,
- "Invalid LDAP packet (No Message ID)");
+ "Invalid LDAP packet (Can't parse Message ID: %s)",
+ asn1_err_to_str(ret));
break;
}
message_id_length = a.offset - message_id_start;
if (protocolOpCls != ASN1_APL)
typestr = "Bad message type (not Application)";
else
- typestr = val_to_str(protocolOpTag, msgTypes, "Bad message type (%u)");
+ typestr = val_to_str(protocolOpTag, msgTypes, "Unknown message type (%u)");
if (first_time)
{
- if (check_col(pinfo->fd, COL_INFO))
- col_add_fstr(pinfo->fd, COL_INFO, "MsgId=%u MsgType=%s",
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_add_fstr(pinfo->cinfo, COL_INFO, "MsgId=%u MsgType=%s",
messageId, typestr);
- first_time = 0;
- if (!tree)
- return;
+ first_time = FALSE;
}
if (ldap_tree)
ti = proto_tree_add_text(ldap_tree, tvb, message_id_start, messageLength, "Message: Id=%u %s", messageId, typestr);
msg_tree = proto_item_add_subtree(ti, ett_ldap_message);
start = a.offset;
- read_length(&a, msg_tree, hf_ldap_message_length, &opLen);
+ if (read_length(&a, msg_tree, hf_ldap_message_length, &opLen) != ASN1_ERR_NOERROR)
+ return;
- switch (protocolOpTag)
+ if (protocolOpCls != ASN1_APL)
+ {
+ proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
+ "%s", typestr);
+ }
+ else
{
- case LDAP_REQ_BIND:
- dissect_ldap_request_bind(&a, msg_tree);
- break;
- case LDAP_REQ_SEARCH:
- ret = dissect_ldap_request_search(&a, msg_tree);
- /* XXX - do something with "ret" */
- break;
- case LDAP_REQ_ADD:
- dissect_ldap_request_add(&a, msg_tree);
- break;
- case LDAP_REQ_DELETE:
- dissect_ldap_request_delete(&a, msg_tree, start, opLen);
- break;
- case LDAP_REQ_MODRDN:
- dissect_ldap_request_modifyrdn(&a, msg_tree, opLen);
- break;
- case LDAP_REQ_COMPARE:
- dissect_ldap_request_compare(&a, msg_tree);
- break;
- case LDAP_REQ_MODIFY:
- dissect_ldap_request_modify(&a, msg_tree);
- break;
- case LDAP_REQ_ABANDON:
- dissect_ldap_request_abandon(&a, msg_tree, start, opLen);
- break;
- case LDAP_RES_BIND:
- dissect_ldap_response_bind(&a, msg_tree);
- break;
- case LDAP_RES_SEARCH_ENTRY:
- dissect_ldap_response_search_entry(&a, msg_tree);
- break;
- case LDAP_RES_SEARCH_RESULT:
- case LDAP_RES_MODIFY:
- case LDAP_RES_ADD:
- case LDAP_RES_DELETE:
- case LDAP_RES_MODRDN:
- case LDAP_RES_COMPARE:
- dissect_ldap_result(&a, msg_tree);
- break;
+ switch (protocolOpTag)
+ {
+ case LDAP_REQ_BIND:
+ dissect_ldap_request_bind(&a, msg_tree);
+ break;
+ case LDAP_REQ_UNBIND:
+ /* Nothing to dissect */
+ break;
+ case LDAP_REQ_SEARCH:
+ dissect_ldap_request_search(&a, msg_tree);
+ break;
+ case LDAP_REQ_MODIFY:
+ dissect_ldap_request_modify(&a, msg_tree);
+ break;
+ case LDAP_REQ_ADD:
+ dissect_ldap_request_add(&a, msg_tree);
+ break;
+ case LDAP_REQ_DELETE:
+ dissect_ldap_request_delete(&a, msg_tree, start, opLen);
+ break;
+ case LDAP_REQ_MODRDN:
+ dissect_ldap_request_modifyrdn(&a, msg_tree, opLen);
+ break;
+ case LDAP_REQ_COMPARE:
+ dissect_ldap_request_compare(&a, msg_tree);
+ break;
+ case LDAP_REQ_ABANDON:
+ dissect_ldap_request_abandon(&a, msg_tree, start, opLen);
+ break;
+ case LDAP_RES_BIND:
+ dissect_ldap_response_bind(&a, msg_tree);
+ break;
+ case LDAP_RES_SEARCH_ENTRY:
+ dissect_ldap_response_search_entry(&a, msg_tree);
+ break;
+ case LDAP_RES_SEARCH_RESULT:
+ case LDAP_RES_MODIFY:
+ case LDAP_RES_ADD:
+ case LDAP_RES_DELETE:
+ case LDAP_RES_MODRDN:
+ case LDAP_RES_COMPARE:
+ dissect_ldap_result(&a, msg_tree);
+ break;
+ default:
+ proto_tree_add_text(msg_tree, a.tvb, a.offset, opLen,
+ "Unknown LDAP operation (%u)", protocolOpTag);
+ break;
+ }
}
}
- offset = a.offset;
+
+ /*
+ * XXX - what if "a.offset" is past the offset of the next top-level
+ * sequence? Show that as an error?
+ */
+ a.offset = next_offset;
}
}
&ett_ldap_referrals,
&ett_ldap_attribute
};
+ module_t *ldap_module;
proto_ldap = proto_register_protocol("Lightweight Directory Access Protocol",
"LDAP", "ldap");
proto_register_field_array(proto_ldap, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
+
+ ldap_module = prefs_register_protocol(proto_ldap, NULL);
+ prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
+ "Desegment all LDAP messages spanning multiple TCP segments",
+ "Whether the LDAP dissector should desegment all messages spanning multiple TCP segments",
+ &ldap_desegment);
}
void
proto_reg_handoff_ldap(void)
{
- dissector_add("tcp.port", TCP_PORT_LDAP, dissect_ldap, proto_ldap);
+ dissector_handle_t ldap_handle;
+
+ ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);
+ dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);
}
git.samba.org / obnox / wireshark / wip.git / blobdiff