Add missing propset ...
authorjmayer <jmayer@f5534014-38df-0310-8fa8-9805f1628bb7>
Fri, 9 Dec 2005 16:46:24 +0000 (16:46 +0000)
committerjmayer <jmayer@f5534014-38df-0310-8fa8-9805f1628bb7>
Fri, 9 Dec 2005 16:46:24 +0000 (16:46 +0000)
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@16749 f5534014-38df-0310-8fa8-9805f1628bb7

asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn [changed mode: 0755->0644]
asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig [changed mode: 0755->0644]
asn1/ldap/Makefile.nmake [changed mode: 0755->0644]
asn1/ldap/ldap.cnf [changed mode: 0755->0644]
asn1/ldap/packet-ldap-template.c [changed mode: 0755->0644]
asn1/ldap/packet-ldap-template.h [changed mode: 0755->0644]

old mode 100755 (executable)
new mode 100644 (file)
index e85cb4f..51709b9
@@ -117,9 +117,9 @@ Control ::= SEQUENCE {
   criticality   BOOLEAN DEFAULT FALSE,
   controlValue  OCTET STRING OPTIONAL
 }
-\r
+
 ControlType ::= LDAPOID
-\r
+
 BindRequest ::= [APPLICATION 0]  SEQUENCE {
   version         INTEGER(1..127),
   name            LDAPDN,
@@ -135,53 +135,53 @@ AuthenticationChoice ::= CHOICE {
 SaslCredentials ::= SEQUENCE {
   mechanism    Mechanism,
   credentials  OCTET STRING OPTIONAL
-}\r
-\r
+}
+
 Mechanism ::=  LDAPString
 
 BindResponse ::= [APPLICATION 1]  SEQUENCE {
---  COMPONENTS OF LDAPResult,\r
-  resultCode\r
-    ENUMERATED {success(0), operationsError(1), protocolError(2),\r
-                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),\r
-                compareTrue(6), authMethodNotSupported(7),\r
-                strongAuthRequired(8),\r
-                -- 9 reserved \r
-                referral(10),-- new-- adminLimitExceeded(11),-- new--\r
-                unavailableCriticalExtension(12),-- new--\r
-                confidentialityRequired(13),-- new--\r
-                saslBindInProgress(14),-- new-- noSuchAttribute(16),\r
-                undefinedAttributeType(17), inappropriateMatching(18),\r
-                constraintViolation(19), attributeOrValueExists(20),\r
-                invalidAttributeSyntax(21),\r
-                -- 22-31 unused \r
-                noSuchObject(32), aliasProblem(33),\r
-                invalidDNSyntax(34),\r
-                -- 35 reserved for undefined isLeaf \r
-                aliasDereferencingProblem(36),\r
-                -- 37-47 unused \r
-                inappropriateAuthentication(48), invalidCredentials(49),\r
-                insufficientAccessRights(50), busy(51), unavailable(52),\r
-                unwillingToPerform(53),\r
-                loopDetect(54),\r
-                -- 55-63 unused \r
-                namingViolation(64), objectClassViolation(65),\r
-                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),\r
-                entryAlreadyExists(68),\r
-                objectClassModsProhibited(69),\r
-                -- 70 reserved for CLDAP \r
-                affectsMultipleDSAs(71),-- new--\r
-                -- 72-79 unused \r
-                other(80)},\r
-  -- 81-90 reserved for APIs \r
-  matchedDN     LDAPDN,\r
-  errorMessage  ErrorMessage,\r
-  referral      [3]  Referral OPTIONAL,\r
-\r
+--  COMPONENTS OF LDAPResult,
+  resultCode
+    ENUMERATED {success(0), operationsError(1), protocolError(2),
+                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+                compareTrue(6), authMethodNotSupported(7),
+                strongAuthRequired(8),
+                -- 9 reserved 
+                referral(10),-- new-- adminLimitExceeded(11),-- new--
+                unavailableCriticalExtension(12),-- new--
+                confidentialityRequired(13),-- new--
+                saslBindInProgress(14),-- new-- noSuchAttribute(16),
+                undefinedAttributeType(17), inappropriateMatching(18),
+                constraintViolation(19), attributeOrValueExists(20),
+                invalidAttributeSyntax(21),
+                -- 22-31 unused 
+                noSuchObject(32), aliasProblem(33),
+                invalidDNSyntax(34),
+                -- 35 reserved for undefined isLeaf 
+                aliasDereferencingProblem(36),
+                -- 37-47 unused 
+                inappropriateAuthentication(48), invalidCredentials(49),
+                insufficientAccessRights(50), busy(51), unavailable(52),
+                unwillingToPerform(53),
+                loopDetect(54),
+                -- 55-63 unused 
+                namingViolation(64), objectClassViolation(65),
+                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+                entryAlreadyExists(68),
+                objectClassModsProhibited(69),
+                -- 70 reserved for CLDAP 
+                affectsMultipleDSAs(71),-- new--
+                -- 72-79 unused 
+                other(80)},
+  -- 81-90 reserved for APIs 
+  matchedDN     LDAPDN,
+  errorMessage  ErrorMessage,
+  referral      [3]  Referral OPTIONAL,
+
 -- end of components
   serverSaslCreds  [7]  OCTET STRING OPTIONAL
-}\r
-\r
+}
+
 ErrorMessage ::= LDAPString
 
 UnbindRequest ::= [APPLICATION 2]  NULL
@@ -232,7 +232,7 @@ MatchingRuleAssertion ::= SEQUENCE {
 SearchResultEntry ::= [APPLICATION 4]  SEQUENCE {
   objectName  LDAPDN,
   attributes  PartialAttributeList
-}\r
+}
 
 PartialAttributeList ::=
   SEQUENCE OF SEQUENCE {type  AttributeDescription,
@@ -297,47 +297,47 @@ ExtendedRequest ::= [APPLICATION 23]  SEQUENCE {
 
 ExtendedResponse ::= [APPLICATION 24]  SEQUENCE {
 --  COMPONENTS OF LDAPResult,
-  resultCode\r
-    ENUMERATED {success(0), operationsError(1), protocolError(2),\r
-                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),\r
-                compareTrue(6), authMethodNotSupported(7),\r
-                strongAuthRequired(8),\r
-                -- 9 reserved \r
-                referral(10),-- new-- adminLimitExceeded(11),-- new--\r
-                unavailableCriticalExtension(12),-- new--\r
-                confidentialityRequired(13),-- new--\r
-                saslBindInProgress(14),-- new-- noSuchAttribute(16),\r
-                undefinedAttributeType(17), inappropriateMatching(18),\r
-                constraintViolation(19), attributeOrValueExists(20),\r
-                invalidAttributeSyntax(21),\r
-                -- 22-31 unused \r
-                noSuchObject(32), aliasProblem(33),\r
-                invalidDNSyntax(34),\r
-                -- 35 reserved for undefined isLeaf \r
-                aliasDereferencingProblem(36),\r
-                -- 37-47 unused \r
-                inappropriateAuthentication(48), invalidCredentials(49),\r
-                insufficientAccessRights(50), busy(51), unavailable(52),\r
-                unwillingToPerform(53),\r
-                loopDetect(54),\r
-                -- 55-63 unused \r
-                namingViolation(64), objectClassViolation(65),\r
-                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),\r
-                entryAlreadyExists(68),\r
-                objectClassModsProhibited(69),\r
-                -- 70 reserved for CLDAP \r
-                affectsMultipleDSAs(71),-- new--\r
-                -- 72-79 unused \r
-                other(80)},\r
-  -- 81-90 reserved for APIs \r
-  matchedDN     LDAPDN,\r
-  errorMessage  ErrorMessage,\r
-  referral      [3]  Referral OPTIONAL,\r
--- end of COMPONENTS\r
+  resultCode
+    ENUMERATED {success(0), operationsError(1), protocolError(2),
+                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+                compareTrue(6), authMethodNotSupported(7),
+                strongAuthRequired(8),
+                -- 9 reserved 
+                referral(10),-- new-- adminLimitExceeded(11),-- new--
+                unavailableCriticalExtension(12),-- new--
+                confidentialityRequired(13),-- new--
+                saslBindInProgress(14),-- new-- noSuchAttribute(16),
+                undefinedAttributeType(17), inappropriateMatching(18),
+                constraintViolation(19), attributeOrValueExists(20),
+                invalidAttributeSyntax(21),
+                -- 22-31 unused 
+                noSuchObject(32), aliasProblem(33),
+                invalidDNSyntax(34),
+                -- 35 reserved for undefined isLeaf 
+                aliasDereferencingProblem(36),
+                -- 37-47 unused 
+                inappropriateAuthentication(48), invalidCredentials(49),
+                insufficientAccessRights(50), busy(51), unavailable(52),
+                unwillingToPerform(53),
+                loopDetect(54),
+                -- 55-63 unused 
+                namingViolation(64), objectClassViolation(65),
+                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+                entryAlreadyExists(68),
+                objectClassModsProhibited(69),
+                -- 70 reserved for CLDAP 
+                affectsMultipleDSAs(71),-- new--
+                -- 72-79 unused 
+                other(80)},
+  -- 81-90 reserved for APIs 
+  matchedDN     LDAPDN,
+  errorMessage  ErrorMessage,
+  referral      [3]  Referral OPTIONAL,
+-- end of COMPONENTS
   responseName  [10]  ResponseName OPTIONAL,
   response      [11]  OCTET STRING OPTIONAL
-}\r
-\r
+}
+
 ResponseName ::= LDAPOID
 
 END
old mode 100755 (executable)
new mode 100644 (file)
index e85cb4f..51709b9
@@ -117,9 +117,9 @@ Control ::= SEQUENCE {
   criticality   BOOLEAN DEFAULT FALSE,
   controlValue  OCTET STRING OPTIONAL
 }
-\r
+
 ControlType ::= LDAPOID
-\r
+
 BindRequest ::= [APPLICATION 0]  SEQUENCE {
   version         INTEGER(1..127),
   name            LDAPDN,
@@ -135,53 +135,53 @@ AuthenticationChoice ::= CHOICE {
 SaslCredentials ::= SEQUENCE {
   mechanism    Mechanism,
   credentials  OCTET STRING OPTIONAL
-}\r
-\r
+}
+
 Mechanism ::=  LDAPString
 
 BindResponse ::= [APPLICATION 1]  SEQUENCE {
---  COMPONENTS OF LDAPResult,\r
-  resultCode\r
-    ENUMERATED {success(0), operationsError(1), protocolError(2),\r
-                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),\r
-                compareTrue(6), authMethodNotSupported(7),\r
-                strongAuthRequired(8),\r
-                -- 9 reserved \r
-                referral(10),-- new-- adminLimitExceeded(11),-- new--\r
-                unavailableCriticalExtension(12),-- new--\r
-                confidentialityRequired(13),-- new--\r
-                saslBindInProgress(14),-- new-- noSuchAttribute(16),\r
-                undefinedAttributeType(17), inappropriateMatching(18),\r
-                constraintViolation(19), attributeOrValueExists(20),\r
-                invalidAttributeSyntax(21),\r
-                -- 22-31 unused \r
-                noSuchObject(32), aliasProblem(33),\r
-                invalidDNSyntax(34),\r
-                -- 35 reserved for undefined isLeaf \r
-                aliasDereferencingProblem(36),\r
-                -- 37-47 unused \r
-                inappropriateAuthentication(48), invalidCredentials(49),\r
-                insufficientAccessRights(50), busy(51), unavailable(52),\r
-                unwillingToPerform(53),\r
-                loopDetect(54),\r
-                -- 55-63 unused \r
-                namingViolation(64), objectClassViolation(65),\r
-                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),\r
-                entryAlreadyExists(68),\r
-                objectClassModsProhibited(69),\r
-                -- 70 reserved for CLDAP \r
-                affectsMultipleDSAs(71),-- new--\r
-                -- 72-79 unused \r
-                other(80)},\r
-  -- 81-90 reserved for APIs \r
-  matchedDN     LDAPDN,\r
-  errorMessage  ErrorMessage,\r
-  referral      [3]  Referral OPTIONAL,\r
-\r
+--  COMPONENTS OF LDAPResult,
+  resultCode
+    ENUMERATED {success(0), operationsError(1), protocolError(2),
+                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+                compareTrue(6), authMethodNotSupported(7),
+                strongAuthRequired(8),
+                -- 9 reserved 
+                referral(10),-- new-- adminLimitExceeded(11),-- new--
+                unavailableCriticalExtension(12),-- new--
+                confidentialityRequired(13),-- new--
+                saslBindInProgress(14),-- new-- noSuchAttribute(16),
+                undefinedAttributeType(17), inappropriateMatching(18),
+                constraintViolation(19), attributeOrValueExists(20),
+                invalidAttributeSyntax(21),
+                -- 22-31 unused 
+                noSuchObject(32), aliasProblem(33),
+                invalidDNSyntax(34),
+                -- 35 reserved for undefined isLeaf 
+                aliasDereferencingProblem(36),
+                -- 37-47 unused 
+                inappropriateAuthentication(48), invalidCredentials(49),
+                insufficientAccessRights(50), busy(51), unavailable(52),
+                unwillingToPerform(53),
+                loopDetect(54),
+                -- 55-63 unused 
+                namingViolation(64), objectClassViolation(65),
+                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+                entryAlreadyExists(68),
+                objectClassModsProhibited(69),
+                -- 70 reserved for CLDAP 
+                affectsMultipleDSAs(71),-- new--
+                -- 72-79 unused 
+                other(80)},
+  -- 81-90 reserved for APIs 
+  matchedDN     LDAPDN,
+  errorMessage  ErrorMessage,
+  referral      [3]  Referral OPTIONAL,
+
 -- end of components
   serverSaslCreds  [7]  OCTET STRING OPTIONAL
-}\r
-\r
+}
+
 ErrorMessage ::= LDAPString
 
 UnbindRequest ::= [APPLICATION 2]  NULL
@@ -232,7 +232,7 @@ MatchingRuleAssertion ::= SEQUENCE {
 SearchResultEntry ::= [APPLICATION 4]  SEQUENCE {
   objectName  LDAPDN,
   attributes  PartialAttributeList
-}\r
+}
 
 PartialAttributeList ::=
   SEQUENCE OF SEQUENCE {type  AttributeDescription,
@@ -297,47 +297,47 @@ ExtendedRequest ::= [APPLICATION 23]  SEQUENCE {
 
 ExtendedResponse ::= [APPLICATION 24]  SEQUENCE {
 --  COMPONENTS OF LDAPResult,
-  resultCode\r
-    ENUMERATED {success(0), operationsError(1), protocolError(2),\r
-                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),\r
-                compareTrue(6), authMethodNotSupported(7),\r
-                strongAuthRequired(8),\r
-                -- 9 reserved \r
-                referral(10),-- new-- adminLimitExceeded(11),-- new--\r
-                unavailableCriticalExtension(12),-- new--\r
-                confidentialityRequired(13),-- new--\r
-                saslBindInProgress(14),-- new-- noSuchAttribute(16),\r
-                undefinedAttributeType(17), inappropriateMatching(18),\r
-                constraintViolation(19), attributeOrValueExists(20),\r
-                invalidAttributeSyntax(21),\r
-                -- 22-31 unused \r
-                noSuchObject(32), aliasProblem(33),\r
-                invalidDNSyntax(34),\r
-                -- 35 reserved for undefined isLeaf \r
-                aliasDereferencingProblem(36),\r
-                -- 37-47 unused \r
-                inappropriateAuthentication(48), invalidCredentials(49),\r
-                insufficientAccessRights(50), busy(51), unavailable(52),\r
-                unwillingToPerform(53),\r
-                loopDetect(54),\r
-                -- 55-63 unused \r
-                namingViolation(64), objectClassViolation(65),\r
-                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),\r
-                entryAlreadyExists(68),\r
-                objectClassModsProhibited(69),\r
-                -- 70 reserved for CLDAP \r
-                affectsMultipleDSAs(71),-- new--\r
-                -- 72-79 unused \r
-                other(80)},\r
-  -- 81-90 reserved for APIs \r
-  matchedDN     LDAPDN,\r
-  errorMessage  ErrorMessage,\r
-  referral      [3]  Referral OPTIONAL,\r
--- end of COMPONENTS\r
+  resultCode
+    ENUMERATED {success(0), operationsError(1), protocolError(2),
+                timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+                compareTrue(6), authMethodNotSupported(7),
+                strongAuthRequired(8),
+                -- 9 reserved 
+                referral(10),-- new-- adminLimitExceeded(11),-- new--
+                unavailableCriticalExtension(12),-- new--
+                confidentialityRequired(13),-- new--
+                saslBindInProgress(14),-- new-- noSuchAttribute(16),
+                undefinedAttributeType(17), inappropriateMatching(18),
+                constraintViolation(19), attributeOrValueExists(20),
+                invalidAttributeSyntax(21),
+                -- 22-31 unused 
+                noSuchObject(32), aliasProblem(33),
+                invalidDNSyntax(34),
+                -- 35 reserved for undefined isLeaf 
+                aliasDereferencingProblem(36),
+                -- 37-47 unused 
+                inappropriateAuthentication(48), invalidCredentials(49),
+                insufficientAccessRights(50), busy(51), unavailable(52),
+                unwillingToPerform(53),
+                loopDetect(54),
+                -- 55-63 unused 
+                namingViolation(64), objectClassViolation(65),
+                notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+                entryAlreadyExists(68),
+                objectClassModsProhibited(69),
+                -- 70 reserved for CLDAP 
+                affectsMultipleDSAs(71),-- new--
+                -- 72-79 unused 
+                other(80)},
+  -- 81-90 reserved for APIs 
+  matchedDN     LDAPDN,
+  errorMessage  ErrorMessage,
+  referral      [3]  Referral OPTIONAL,
+-- end of COMPONENTS
   responseName  [10]  ResponseName OPTIONAL,
   response      [11]  OCTET STRING OPTIONAL
-}\r
-\r
+}
+
 ResponseName ::= LDAPOID
 
 END
old mode 100755 (executable)
new mode 100644 (file)
index b61dd63..01cb834
@@ -1,42 +1,42 @@
-## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake\r
-#\r
-# $Id: Makefile.nmake 13077 2005-01-16 23:26:02Z lroland $\r
-\r
-include ../../config.nmake\r
-\r
-UNIX2DOS=$(PERL) ../../tools/unix2dos.pl\r
-\r
-PROTOCOL_NAME=ldap\r
-DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h\r
-\r
-all: generate_dissector\r
-\r
-generate_dissector: $(DISSECTOR_FILES)\r
-\r
-$(DISSECTOR_FILES): ../../tools/asn2eth.py Lightweight-Directory-Access-Protocol-V3.asn packet-ldap-template.c packet-ldap-template.h ldap.cnf\r
-!IFDEF PYTHON\r
-       $(PYTHON) ../../tools/asn2eth.py -X -b -e -p $(PROTOCOL_NAME) -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn\r
-!ELSE\r
-       @echo Error: You need Python to use asn2eth.py\r
-       @exit 1\r
-!ENDIF\r
-\r
-clean:\r
-       rm -f parsetab.py $(DISSECTOR_FILES)\r
-\r
-# Fix EOL in generated dissectors. Cygwin's python generates files with \r
-# mixed EOL styles, which can't be commited to the SVN repository.\r
-# Stuff included from template and "cnf" files has "\r\n" on windows, while \r
-# the generated stuff has "\n".\r
-\r
-fix_eol: generate_dissector\r
-       move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp\r
-       move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp\r
-       $(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c\r
-       $(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h\r
-       del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp\r
-\r
-copy_files: generate_dissector fix_eol\r
-       xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y\r
-       xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y\r
-\r
+## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
+#
+# $Id$
+
+include ../../config.nmake
+
+UNIX2DOS=$(PERL) ../../tools/unix2dos.pl
+
+PROTOCOL_NAME=ldap
+DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h
+
+all: generate_dissector
+
+generate_dissector: $(DISSECTOR_FILES)
+
+$(DISSECTOR_FILES): ../../tools/asn2eth.py Lightweight-Directory-Access-Protocol-V3.asn packet-ldap-template.c packet-ldap-template.h ldap.cnf
+!IFDEF PYTHON
+       $(PYTHON) ../../tools/asn2eth.py -X -b -e -p $(PROTOCOL_NAME) -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn
+!ELSE
+       @echo Error: You need Python to use asn2eth.py
+       @exit 1
+!ENDIF
+
+clean:
+       rm -f parsetab.py $(DISSECTOR_FILES)
+
+# Fix EOL in generated dissectors. Cygwin's python generates files with 
+# mixed EOL styles, which can't be commited to the SVN repository.
+# Stuff included from template and "cnf" files has "\r\n" on windows, while 
+# the generated stuff has "\n".
+
+fix_eol: generate_dissector
+       move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp
+       move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp
+       $(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c
+       $(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h
+       del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
+
+copy_files: generate_dissector fix_eol
+       xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+       xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
+
old mode 100755 (executable)
new mode 100644 (file)
index 3be33f9..e4080ab
@@ -1,38 +1,38 @@
-# ros.cnf\r
-# ros conformation file\r
-# Copyright 2005 Anders Broman \r
-# $Id:$\r
-\r
-\r
-#.PDU \r
-LDAPMessage\r
-\r
-#.TYPE_RENAME\r
-\r
-BindResponse/resultCode BindResponse_resultCode\r
-ExtendedResponse/resultCode ExtendedResponse_resultCode\r
-ModifyRequest/modification ModifyRequest_modification\r
-\r
-#.FIELD_RENAME\r
-BindResponse/resultCode bindResponse_resultCode\r
-ExtendedResponse/resultCode extendedResponse_resultCode\r
-SearchRequest/attributes searchRequest_attributes\r
-SearchResultEntry/attributes searchResultEntry_attributes\r
-ModifyRequest/modification modifyRequest_modification\r
-SubstringFilter/substrings substringFilter_substrings\r
-\r
-#.TYPE_ATTR\r
-LDAPDN TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-RelativeLDAPDN TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-AttributeType TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-AttributeDescription TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-MatchingRuleId TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-ErrorMessage TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-LDAPURL TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-Mechanism  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-ControlType  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-ResponseName  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL\r
-\r
-#.FN_PARS MessageID VAL_PTR = &MessageID\r
-#.FN_PARS AuthenticationChoice VAL_PTR = &AuthenticationChoice\r
-\r
+# ros.cnf
+# ros conformation file
+# Copyright 2005 Anders Broman 
+# $Id$
+
+
+#.PDU 
+LDAPMessage
+
+#.TYPE_RENAME
+
+BindResponse/resultCode BindResponse_resultCode
+ExtendedResponse/resultCode ExtendedResponse_resultCode
+ModifyRequest/modification ModifyRequest_modification
+
+#.FIELD_RENAME
+BindResponse/resultCode bindResponse_resultCode
+ExtendedResponse/resultCode extendedResponse_resultCode
+SearchRequest/attributes searchRequest_attributes
+SearchResultEntry/attributes searchResultEntry_attributes
+ModifyRequest/modification modifyRequest_modification
+SubstringFilter/substrings substringFilter_substrings
+
+#.TYPE_ATTR
+LDAPDN TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+RelativeLDAPDN TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+AttributeType TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+AttributeDescription TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+MatchingRuleId TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+ErrorMessage TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+LDAPURL TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+Mechanism  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+ControlType  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+ResponseName  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
+
+#.FN_PARS MessageID VAL_PTR = &MessageID
+#.FN_PARS AuthenticationChoice VAL_PTR = &AuthenticationChoice
+
old mode 100755 (executable)
new mode 100644 (file)
index da73727..95aa3e0
-/* packet-ldap.c\r
- * Routines for ldap packet dissection\r
- *\r
- * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).\r
- *\r
- * $Id: packet-ldap.c 16332 2005-10-27 08:50:42Z sahlberg $\r
- *\r
- * Ethereal - Network traffic analyzer\r
- * By Gerald Combs <gerald@ethereal.com>\r
- * Copyright 1998 Gerald Combs\r
- *\r
- * This program is free software; you can redistribute it and/or\r
- * modify it under the terms of the GNU General Public License\r
- * as published by the Free Software Foundation; either version 2\r
- * of the License, or (at your option) any later version.\r
- *\r
- * This program is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r
- * GNU General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU General Public License\r
- * along with this program; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.\r
- */\r
-\r
-/*\r
- * This is not a complete implementation. It doesn't handle the full version 3, more specifically,\r
- * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.\r
- * It's also missing extensible search filters.\r
- *\r
- * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete\r
- * and correct packet.\r
- *\r
- * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add\r
- * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what\r
- * I can do.\r
- *\r
- * Doug Nazar\r
- * nazard@dragoninc.on.ca\r
- */\r
-\r
-/*\r
- * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the\r
- *              ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2\r
- *              TCP segments.\r
- *\r
- * Ronald W. Henderson\r
- * ronald.henderson@cognicaseusa.com\r
- */\r
-\r
-/*\r
- * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC\r
- *               using information from the SNIA 2003 conference paper :\r
- *               Active Directory Domain Controller Location Service\r
- *                    by Anthony Liguori\r
- * ronnie sahlberg\r
- */\r
-\r
-/*\r
- * 17-DEC-2004 - added basic decoding for LDAP Controls\r
- * 20-DEC-2004 - added handling for GSS-API encrypted blobs\r
- *\r
- * Stefan Metzmacher <metze@samba.org>\r
- *\r
- * 15-NOV-2005 - Changed to use the asn2eth compiler\r
- * Anders Broman <anders.broman@ericsson.com>\r
- */\r
-\r
-#ifdef HAVE_CONFIG_H\r
-# include "config.h"\r
-#endif\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-\r
-#include <glib.h>\r
-\r
-#include <epan/packet.h>\r
-#include <epan/conversation.h>\r
-#include <epan/prefs.h>\r
-#include <epan/conversation.h>\r
-#include <epan/tap.h>\r
-#include <epan/emem.h>\r
-\r
-#include "packet-frame.h"\r
-#include "packet-ldap.h"\r
-\r
-#include "packet-ber.h"\r
-#include "packet-per.h"\r
-\r
-#define PNAME  "Lightweight-Directory-Access-Protocol"\r
-#define PSNAME "LDAP"\r
-#define PFNAME "ldap"\r
-\r
-\r
-\r
-static dissector_handle_t ldap_handle=NULL;\r
-\r
-/* Initialize the protocol and registered fields */\r
-static int ldap_tap = -1;\r
-static int proto_ldap = -1;\r
-static int proto_cldap = -1;\r
-\r
-static int hf_ldap_sasl_buffer_length = -1;\r
-\r
-#include "packet-ldap-hf.c"\r
-\r
-/* Initialize the subtree pointers */\r
-static gint ett_ldap = -1;\r
-static gint ett_ldap_msg = -1;\r
-static gint ett_ldap_sasl_blob = -1;\r
-static guint ett_ldap_payload = -1;\r
-\r
-#include "packet-ldap-ett.c"\r
-\r
-/* desegmentation of LDAP */\r
-static gboolean ldap_desegment = TRUE;\r
-\r
-#define TCP_PORT_LDAP                  389\r
-#define UDP_PORT_CLDAP                 389\r
-#define TCP_PORT_GLOBALCAT_LDAP         3268 /* Windows 2000 Global Catalog */\r
-\r
-static dissector_handle_t gssapi_handle;\r
-static dissector_handle_t gssapi_wrap_handle;\r
-\r
-\r
-/* different types of rpc calls ontop of ms cldap */\r
-#define        MSCLDAP_RPC_NETLOGON    1\r
-\r
-\r
-/*\r
- * Data structure attached to a conversation, giving authentication\r
- * information from a bind request.\r
- * We keep a linked list of them, so that we can free up all the\r
- * authentication mechanism strings.\r
- */\r
-typedef struct ldap_conv_info_t {\r
-  struct ldap_conv_info_t *next;\r
-  guint auth_type;             /* authentication type */\r
-  char *auth_mech;             /* authentication mechanism */\r
-  guint32 first_auth_frame;    /* first frame that would use a security layer */\r
-  GHashTable *unmatched;\r
-  GHashTable *matched;\r
-  gboolean is_mscldap;\r
-  gboolean first_time;\r
-} ldap_conv_info_t;\r
-static ldap_conv_info_t *ldap_info_items;\r
-\r
-static guint\r
-ldap_info_hash_matched(gconstpointer k)\r
-{\r
-  const ldap_call_response_t *key = k;\r
-\r
-  return key->messageId;\r
-}\r
-\r
-static gint\r
-ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)\r
-{\r
-  const ldap_call_response_t *key1 = k1;\r
-  const ldap_call_response_t *key2 = k2;\r
-\r
-  if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){\r
-    return 0;\r
-  }\r
-  if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){\r
-    return 0;\r
-  }\r
-\r
-  return key1->messageId==key2->messageId;\r
-}\r
-\r
-static guint\r
-ldap_info_hash_unmatched(gconstpointer k)\r
-{\r
-  const ldap_call_response_t *key = k;\r
-\r
-  return key->messageId;\r
-}\r
-\r
-static gint\r
-ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)\r
-{\r
-  const ldap_call_response_t *key1 = k1;\r
-  const ldap_call_response_t *key2 = k2;\r
-\r
-  return key1->messageId==key2->messageId;\r
-}\r
-\r
-/* Global variables */\r
-guint32 MessageID;\r
-guint32 AuthenticationChoice;\r
-\r
-#include "packet-ldap-fn.c"\r
-\r
-static void\r
-dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,\r
-                    proto_tree *tree, ldap_conv_info_t *ldap_info,\r
-                    gboolean rest_is_pad, gboolean is_mscldap)\r
-{\r
-  int offset = 0;\r
-  gboolean first_time = TRUE;\r
-  guint length_remaining;\r
-  guint msg_len = 0;\r
-  int messageOffset = 0;\r
-  guint headerLength = 0;\r
-  guint length = 0;\r
-  tvbuff_t *msg_tvb = NULL;\r
-  proto_item *msg_item = NULL;\r
-  proto_tree *msg_tree = NULL;\r
-  gint8 class;\r
-  gboolean pc, ind = 0;\r
-  gint32 ber_tag;\r
-\r
-  while (tvb_reported_length_remaining(tvb, offset) > 0) {\r
-    /*\r
-     * This will throw an exception if we don't have any data left.\r
-     * That's what we want.  (See "tcp_dissect_pdus()", which is\r
-     * similar)\r
-     */\r
-    length_remaining = tvb_ensure_length_remaining(tvb, offset);\r
-\r
-    if (rest_is_pad && length_remaining < 6) return;\r
-\r
-    /*\r
-     * The frame begins\r
-     * with a "Sequence Of" header.\r
-     * Can we do reassembly?\r
-     */\r
-    if (ldap_desegment && pinfo->can_desegment) {\r
-        /*\r
-         * Yes - is the "Sequence Of" header split across segment\r
-         * boundaries?  We require at least 6 bytes for the header\r
-         * which allows for a 4 byte length (ASN.1 BER).\r
-         */\r
-        if (length_remaining < 6) {\r
-         /* stop if the caller says that we are given all data and the rest is padding\r
-          * this is for the SASL GSSAPI case when the data is only signed and not sealed\r
-          */\r
-          pinfo->desegment_offset = offset;\r
-          pinfo->desegment_len = 6 - length_remaining;\r
-          return;\r
-        }\r
-    }\r
-\r
-    /*\r
-     * OK, try to read the "Sequence Of" header; this gets the total\r
-     * length of the LDAP message.\r
-     */\r
-       messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);\r
-       messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind);\r
-\r
-    if (ber_tag == BER_UNI_TAG_SEQUENCE) {\r
-       /*\r
-        * Add the length of the "Sequence Of" header to the message\r
-        * length.\r
-        */\r
-       headerLength = messageOffset - offset;\r
-       msg_len += headerLength;\r
-        if (msg_len < headerLength) {\r
-           /*\r
-            * The message length was probably so large that the total length\r
-            * overflowed.\r
-            *\r
-            * Report this as an error.\r
-            */\r
-           show_reported_bounds_error(tvb, pinfo, tree);\r
-           return;\r
-        }\r
-    } else {\r
-       /*\r
-        * We couldn't parse the header; just make it the amount of data\r
-        * remaining in the tvbuff, so we'll give up on this segment\r
-        * after attempting to parse the message - there's nothing more\r
-        * we can do.  "dissect_ldap_message()" will display the error.\r
-        */\r
-       msg_len = length_remaining;\r
-    }\r
-\r
-    /*\r
-     * Is the message split across segment boundaries?\r
-     */\r
-    if (length_remaining < msg_len) {\r
-        /* provide a hint to TCP where the next PDU starts */\r
-        pinfo->want_pdu_tracking=2;\r
-        pinfo->bytes_until_next_pdu= msg_len - length_remaining;\r
-        /*\r
-         * Can we do reassembly?\r
-         */\r
-        if (ldap_desegment && pinfo->can_desegment) {\r
-           /*\r
-            * Yes.  Tell the TCP dissector where the data for this message\r
-            * starts in the data it handed us, and how many more bytes\r
-            * we need, and return.\r
-            */\r
-           pinfo->desegment_offset = offset;\r
-           pinfo->desegment_len = msg_len - length_remaining;\r
-           return;\r
-        }\r
-    }\r
-\r
-    /*\r
-     * Construct a tvbuff containing the amount of the payload we have\r
-     * available.  Make its reported length the amount of data in the\r
-     * LDAP message.\r
-     *\r
-     * XXX - if reassembly isn't enabled. the subdissector will throw a\r
-     * BoundsError exception, rather than a ReportedBoundsError exception.\r
-     * We really want a tvbuff where the length is "length", the reported\r
-     * length is "plen", and the "if the snapshot length were infinite"\r
-     * length is the minimum of the reported length of the tvbuff handed\r
-     * to us and "plen", with a new type of exception thrown if the offset\r
-     * is within the reported length but beyond that third length, with\r
-     * that exception getting the "Unreassembled Packet" error.\r
-     */\r
-    length = length_remaining;\r
-    if (length > msg_len) length = msg_len;\r
-    msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);\r
-\r
-    /*\r
-     * Now dissect the LDAP message.\r
-     */\r
-    if (tree) {\r
-        msg_item = proto_tree_add_text(tree, msg_tvb, 0, msg_len, "LDAP Message");\r
-        msg_tree = proto_item_add_subtree(msg_item, ett_ldap_msg);\r
-    }\r
-\r
-    /*dissect_ldap_message(msg_tvb, 0, pinfo, msg_tree, msg_item, first_time, ldap_info, is_mscldap);*/\r
-       ldap_info->first_time= first_time;\r
-       ldap_info->is_mscldap = is_mscldap;\r
-       pinfo->private_data = ldap_info;\r
-       dissect_LDAPMessage_PDU(msg_tvb, pinfo, msg_tree);\r
-\r
-\r
-    offset += msg_len;\r
-\r
-    first_time = FALSE;\r
-  }\r
-}\r
-\r
-static void\r
-dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)\r
-{\r
-  int offset = 0;\r
-  conversation_t *conversation;\r
-  gboolean doing_sasl_security = FALSE;\r
-  guint length_remaining;\r
-  ldap_conv_info_t *ldap_info = NULL;\r
-  proto_item *ldap_item = NULL;\r
-  proto_tree *ldap_tree = NULL;\r
-\r
-  /*\r
-   * Do we have a conversation for this connection?\r
-   */\r
-  conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,\r
-                                   pinfo->ptype, pinfo->srcport,\r
-                                   pinfo->destport, 0);\r
-  if (conversation == NULL) {\r
-    /* We don't yet have a conversation, so create one. */\r
-    conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,\r
-                                   pinfo->ptype, pinfo->srcport,\r
-                                    pinfo->destport, 0);\r
-  }\r
-\r
-  /*\r
-   * Do we already have a type and mechanism?\r
-   */\r
-  ldap_info = conversation_get_proto_data(conversation, proto_ldap);\r
-  if (ldap_info == NULL) {\r
-    /* No.  Attach that information to the conversation, and add\r
-     * it to the list of information structures.\r
-     */\r
-    ldap_info = se_alloc(sizeof(ldap_conv_info_t));\r
-    ldap_info->auth_type = 0;\r
-    ldap_info->auth_mech = 0;\r
-    ldap_info->first_auth_frame = 0;\r
-    ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);\r
-    ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);\r
-    conversation_add_proto_data(conversation, proto_ldap, ldap_info);\r
-    ldap_info->next = ldap_info_items;\r
-    ldap_info_items = ldap_info;\r
-  } \r
-\r
-  switch (ldap_info->auth_type) {\r
-    case LDAP_AUTH_SASL:\r
-    /*\r
-     * It's SASL; are we using a security layer?\r
-     */\r
-    if (ldap_info->first_auth_frame != 0 &&\r
-       pinfo->fd->num >= ldap_info->first_auth_frame) {\r
-       doing_sasl_security = TRUE;     /* yes */\r
-    }\r
-  }\r
-\r
-  while (tvb_reported_length_remaining(tvb, offset) > 0) {\r
-\r
-    /*\r
-     * This will throw an exception if we don't have any data left.\r
-     * That's what we want.  (See "tcp_dissect_pdus()", which is\r
-     * similar, but doesn't have to deal with the SASL issues.\r
-     * XXX - can we make "tcp_dissect_pdus()" provide enough information\r
-     * to the "get_pdu_len" routine so that we could have one dealing\r
-     * with the SASL issues, have that routine deal with SASL and\r
-     * ASN.1, and just use "tcp_dissect_pdus()"?)\r
-     */\r
-    length_remaining = tvb_ensure_length_remaining(tvb, offset);\r
-\r
-    /*\r
-     * Try to find out if we have a plain LDAP buffer\r
-     * with a "Sequence Of" header or a SASL buffer with\r
-     * Can we do reassembly?\r
-     */\r
-    if (ldap_desegment && pinfo->can_desegment) {\r
-        /*\r
-         * Yes - is the "Sequence Of" header split across segment\r
-         * boundaries?  We require at least 6 bytes for the header\r
-         * which allows for a 4 byte length (ASN.1 BER).\r
-        * For the SASL case we need at least 4 bytes, so this is \r
-        * no problem here because we check for 6 bytes ans sasl buffers\r
-        * with less than 2 bytes should not exist...\r
-         */\r
-        if (length_remaining < 6) {\r
-           pinfo->desegment_offset = offset;\r
-           pinfo->desegment_len = 6 - length_remaining;\r
-           return;\r
-        }\r
-    }\r
-\r
-    /* It might still be a packet containing a SASL security layer\r
-     * but its just that we never saw the BIND packet.\r
-     * check if it looks like it could be a SASL blob here\r
-     * and in that case just assume it is GSS-SPNEGO\r
-     */\r
-    if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))\r
-      &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))\r
-      &&(tvb_get_guint8(tvb, offset+4)==0x60) ){\r
-        ldap_info->auth_type=LDAP_AUTH_SASL;\r
-        ldap_info->first_auth_frame=pinfo->fd->num;\r
-        ldap_info->auth_mech=g_strdup("GSS-SPNEGO");\r
-        doing_sasl_security=TRUE;\r
-    }\r
-\r
-    /*\r
-     * This is the first PDU, set the Protocol column and clear the\r
-     * Info column.\r
-     */\r
-    if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);\r
-    if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);\r
-\r
-    ldap_item = proto_tree_add_item(tree, proto_ldap, tvb, 0, -1, FALSE);\r
-    ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);\r
-\r
-    /*\r
-     * Might we be doing a SASL security layer and, if so, *are* we doing\r
-     * one?\r
-     *\r
-     * Just because we've seen a bind reply for SASL, that doesn't mean\r
-     * that we're using a SASL security layer; I've seen captures in\r
-     * which some SASL negotiations lead to a security layer being used\r
-     * and other negotiations don't, and it's not obvious what's different\r
-     * in the two negotiations.  Therefore, we assume that if the first\r
-     * byte is 0, it's a length for a SASL security layer (that way, we\r
-     * never reassemble more than 16 megabytes, protecting us from\r
-     * chewing up *too* much memory), and otherwise that it's an LDAP\r
-     * message (actually, if it's an LDAP message it should begin with 0x30,\r
-     * but we want to parse garbage as LDAP messages rather than really\r
-     * huge lengths).\r
-     */\r
-\r
-    if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {\r
-      proto_item *sasl_item = NULL;\r
-      proto_tree *sasl_tree = NULL;\r
-      tvbuff_t *sasl_tvb;\r
-      guint sasl_len, sasl_msg_len, length;\r
-      /*\r
-       * Yes.  The frame begins with a 4-byte big-endian length.\r
-       * And we know we have at least 6 bytes\r
-       */\r
-\r
-      /*\r
-       * Get the SASL length, which is the length of data in the buffer\r
-       * following the length (i.e., it's 4 less than the total length).\r
-       *\r
-       * XXX - do we need to reassemble buffers?  For now, we\r
-       * assume that each LDAP message is entirely contained within\r
-       * a buffer.\r
-       */\r
-      sasl_len = tvb_get_ntohl(tvb, offset);\r
-      sasl_msg_len = sasl_len + 4;\r
-      if (sasl_msg_len < 4) {\r
-        /*\r
-         * The message length was probably so large that the total length\r
-        * overflowed.\r
-         *\r
-         * Report this as an error.\r
-         */\r
-        show_reported_bounds_error(tvb, pinfo, tree);\r
-        return;\r
-      }\r
-\r
-      /*\r
-       * Is the buffer split across segment boundaries?\r
-       */\r
-      if (length_remaining < sasl_msg_len) {\r
-        /* provide a hint to TCP where the next PDU starts */\r
-        pinfo->want_pdu_tracking = 2;\r
-        pinfo->bytes_until_next_pdu= sasl_msg_len - length_remaining;\r
-        /*\r
-         * Can we do reassembly?\r
-         */\r
-        if (ldap_desegment && pinfo->can_desegment) {\r
-          /*\r
-           * Yes.  Tell the TCP dissector where the data for this message\r
-           * starts in the data it handed us, and how many more bytes we\r
-           * need, and return.\r
-           */\r
-          pinfo->desegment_offset = offset;\r
-          pinfo->desegment_len = sasl_msg_len - length_remaining;\r
-          return;\r
-        }\r
-      }\r
-\r
-      /*\r
-       * Construct a tvbuff containing the amount of the payload we have\r
-       * available.  Make its reported length the amount of data in the PDU.\r
-       *\r
-       * XXX - if reassembly isn't enabled. the subdissector will throw a\r
-       * BoundsError exception, rather than a ReportedBoundsError exception.\r
-       * We really want a tvbuff where the length is "length", the reported\r
-       * length is "plen", and the "if the snapshot length were infinite"\r
-       * length is the minimum of the reported length of the tvbuff handed\r
-       * to us and "plen", with a new type of exception thrown if the offset\r
-       * is within the reported length but beyond that third length, with\r
-       * that exception getting the "Unreassembled Packet" error.\r
-       */\r
-      length = length_remaining;\r
-      if (length > sasl_msg_len) length = sasl_msg_len;\r
-      sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);\r
-\r
-      if (ldap_tree) {\r
-        proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,\r
-                            sasl_len);\r
-\r
-        sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0,  sasl_msg_len, "SASL buffer");\r
-        sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);\r
-      }\r
-\r
-      if (ldap_info->auth_mech != NULL &&\r
-          strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {\r
-         tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;\r
-         int ver_len;\r
-         int length;\r
-\r
-          /*\r
-           * This is GSS-API (using SPNEGO, but we should be done with\r
-           * the negotiation by now).\r
-           *\r
-           * Dissect the GSS_Wrap() token; it'll return the length of\r
-           * the token, from which we compute the offset in the tvbuff at\r
-           * which the plaintext data, i.e. the LDAP message, begins.\r
-           */\r
-          length = tvb_length_remaining(sasl_tvb, 4);\r
-          if ((guint)length > sasl_len)\r
-              length = sasl_len;\r
-         gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);\r
-\r
-         /* Attempt decryption of the GSSAPI wrapped data if possible */\r
-         pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;\r
-         pinfo->gssapi_wrap_tvb=NULL;\r
-         pinfo->gssapi_encrypted_tvb=NULL;\r
-         pinfo->gssapi_decrypted_tvb=NULL;\r
-          ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);\r
-         /* if we could unwrap, do a tvb shuffle */\r
-         if(pinfo->gssapi_decrypted_tvb){\r
-               decr_tvb=pinfo->gssapi_decrypted_tvb;\r
-         }\r
-         /* tidy up */\r
-         pinfo->decrypt_gssapi_tvb=0;\r
-         pinfo->gssapi_wrap_tvb=NULL;\r
-         pinfo->gssapi_encrypted_tvb=NULL;\r
-         pinfo->gssapi_decrypted_tvb=NULL;\r
-\r
-          /*\r
-           * if len is 0 it probably mean that we got a PDU that is not\r
-           * aligned to the start of the segment.\r
-           */\r
-          if(ver_len==0){\r
-             return;\r
-          }\r
-\r
-         /*\r
-          * if we don't have unwrapped data,\r
-          * see if the wrapping involved encryption of the\r
-          * data; if not, just use the plaintext data.\r
-          */\r
-         if (!decr_tvb) {\r
-           if(!pinfo->gssapi_data_encrypted){\r
-             plain_tvb = tvb_new_subset(gssapi_tvb,  ver_len, -1, -1);\r
-           }\r
-         }\r
-\r
-          if (decr_tvb) {\r
-           proto_item *enc_item = NULL;\r
-           proto_tree *enc_tree = NULL;\r
-\r
-            /*\r
-             * The LDAP message was encrypted in the packet, and has\r
-             * been decrypted; dissect the decrypted LDAP message.\r
-             */\r
-            if (sasl_tree) {\r
-             enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,\r
-                                "GSS-API Encrypted payload (%d byte%s)",\r
-                                sasl_len - ver_len,\r
-                                plurality(sasl_len - ver_len, "", "s"));\r
-             enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);\r
-            }\r
-           dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap);\r
-          } else if (plain_tvb) {\r
-           proto_item *plain_item = NULL;\r
-           proto_tree *plain_tree = NULL;\r
-\r
-           /*\r
-            * The LDAP message wasn't encrypted in the packet;\r
-            * dissect the plain LDAP message.\r
-             */\r
-           if (sasl_tree) {\r
-              plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,\r
-                                "GSS-API payload (%d byte%s)",\r
-                                sasl_len - ver_len,\r
-                                plurality(sasl_len - ver_len, "", "s"));\r
-             plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);\r
-            }\r
-\r
-           dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap);\r
-         } else {\r
-            /*\r
-             * The LDAP message was encrypted in the packet, and was\r
-             * not decrypted; just show it as encrypted data.\r
-             */\r
-            if (check_col(pinfo->cinfo, COL_INFO)) {\r
-                   col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)",\r
-                                 sasl_len - ver_len,\r
-                                 plurality(sasl_len - ver_len, "", "s"));\r
-            }\r
-           if (sasl_tree) {\r
-              proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,\r
-                                "GSS-API Encrypted payload (%d byte%s)",\r
-                                sasl_len - ver_len,\r
-                                plurality(sasl_len - ver_len, "", "s"));\r
-           }\r
-          }\r
-      }\r
-      offset += sasl_msg_len;\r
-    } else {\r
-       /* plain LDAP, so dissect the payload */\r
-       dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap);\r
-       /* dissect_ldap_payload() has it's own loop so go out here */\r
-       break;\r
-    }\r
-  }\r
-}\r
-static void\r
-dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)\r
-{\r
-       dissect_ldap_pdu(tvb, pinfo, tree, FALSE);\r
-       return;\r
-}\r
-\r
-static void\r
-dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)\r
-{\r
-       dissect_ldap_pdu(tvb, pinfo, tree, TRUE);\r
-       return;\r
-}\r
-\r
-\r
-static void\r
-ldap_reinit(void)\r
-{\r
-  ldap_conv_info_t *ldap_info;\r
-\r
-  /* Free up state attached to the ldap_info structures */\r
-  for (ldap_info = ldap_info_items; ldap_info != NULL; ldap_info = ldap_info->next) {\r
-    if (ldap_info->auth_mech != NULL) {\r
-      g_free(ldap_info->auth_mech);\r
-      ldap_info->auth_mech=NULL;\r
-    }\r
-    g_hash_table_destroy(ldap_info->matched);\r
-    ldap_info->matched=NULL;\r
-    g_hash_table_destroy(ldap_info->unmatched);\r
-    ldap_info->unmatched=NULL;\r
-  }\r
-\r
-  ldap_info_items = NULL;\r
-\r
-}\r
-/*--- proto_register_ldap -------------------------------------------*/\r
-void proto_register_ldap(void) {\r
-\r
-  /* List of fields */\r
-\r
-  static hf_register_info hf[] = {\r
-\r
-             { &hf_ldap_sasl_buffer_length,\r
-                         { "SASL Buffer Length",       "ldap.sasl_buffer_length",\r
-                         FT_UINT32, BASE_DEC, NULL, 0x0,\r
-                         "SASL Buffer Length", HFILL }},\r
-\r
-#include "packet-ldap-hfarr.c"\r
-  };\r
-\r
-  /* List of subtrees */\r
-  static gint *ett[] = {\r
-         &ett_ldap,\r
-       &ett_ldap_payload,\r
-    &ett_ldap_sasl_blob,\r
-       &ett_ldap_msg,\r
-\r
-#include "packet-ldap-ettarr.c"\r
-  };\r
-\r
-    module_t *ldap_module;\r
-\r
-  /* Register protocol */\r
-  proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);\r
-  /* Register fields and subtrees */\r
-  proto_register_field_array(proto_ldap, hf, array_length(hf));\r
-  proto_register_subtree_array(ett, array_length(ett));\r
-\r
\r
-  register_dissector("ldap", dissect_ldap, proto_ldap);\r
-\r
-  ldap_module = prefs_register_protocol(proto_ldap, NULL);\r
-  prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",\r
-    "Reassemble LDAP messages spanning multiple TCP segments",\r
-    "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."\r
-    " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",\r
-    &ldap_desegment);\r
-\r
-  proto_cldap = proto_register_protocol(\r
-         "Connectionless Lightweight Directory Access Protocol",\r
-         "CLDAP", "cldap");\r
-\r
-  register_init_routine(ldap_reinit);\r
-  ldap_tap=register_tap("ldap");\r
-\r
-}\r
-\r
-\r
-/*--- proto_reg_handoff_ldap ---------------------------------------*/\r
-void\r
-proto_reg_handoff_ldap(void)\r
-{\r
-       dissector_handle_t ldap_handle, cldap_handle;\r
-       ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);\r
-       dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);\r
-       dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);\r
-\r
-       cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);\r
-       dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);\r
-\r
-       gssapi_handle = find_dissector("gssapi");\r
-       gssapi_wrap_handle = find_dissector("gssapi_verf");\r
-\r
-\r
-\r
-}\r
-\r
-\r
+/* packet-ldap.c
+ * Routines for ldap packet dissection
+ *
+ * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/*
+ * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
+ * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
+ * It's also missing extensible search filters.
+ *
+ * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
+ * and correct packet.
+ *
+ * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
+ * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
+ * I can do.
+ *
+ * Doug Nazar
+ * nazard@dragoninc.on.ca
+ */
+
+/*
+ * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
+ *              ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
+ *              TCP segments.
+ *
+ * Ronald W. Henderson
+ * ronald.henderson@cognicaseusa.com
+ */
+
+/*
+ * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
+ *               using information from the SNIA 2003 conference paper :
+ *               Active Directory Domain Controller Location Service
+ *                    by Anthony Liguori
+ * ronnie sahlberg
+ */
+
+/*
+ * 17-DEC-2004 - added basic decoding for LDAP Controls
+ * 20-DEC-2004 - added handling for GSS-API encrypted blobs
+ *
+ * Stefan Metzmacher <metze@samba.org>
+ *
+ * 15-NOV-2005 - Changed to use the asn2eth compiler
+ * Anders Broman <anders.broman@ericsson.com>
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#include <glib.h>
+
+#include <epan/packet.h>
+#include <epan/conversation.h>
+#include <epan/prefs.h>
+#include <epan/conversation.h>
+#include <epan/tap.h>
+#include <epan/emem.h>
+
+#include "packet-frame.h"
+#include "packet-ldap.h"
+
+#include "packet-ber.h"
+#include "packet-per.h"
+
+#define PNAME  "Lightweight-Directory-Access-Protocol"
+#define PSNAME "LDAP"
+#define PFNAME "ldap"
+
+
+
+static dissector_handle_t ldap_handle=NULL;
+
+/* Initialize the protocol and registered fields */
+static int ldap_tap = -1;
+static int proto_ldap = -1;
+static int proto_cldap = -1;
+
+static int hf_ldap_sasl_buffer_length = -1;
+
+#include "packet-ldap-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_ldap = -1;
+static gint ett_ldap_msg = -1;
+static gint ett_ldap_sasl_blob = -1;
+static guint ett_ldap_payload = -1;
+
+#include "packet-ldap-ett.c"
+
+/* desegmentation of LDAP */
+static gboolean ldap_desegment = TRUE;
+
+#define TCP_PORT_LDAP                  389
+#define UDP_PORT_CLDAP                 389
+#define TCP_PORT_GLOBALCAT_LDAP         3268 /* Windows 2000 Global Catalog */
+
+static dissector_handle_t gssapi_handle;
+static dissector_handle_t gssapi_wrap_handle;
+
+
+/* different types of rpc calls ontop of ms cldap */
+#define        MSCLDAP_RPC_NETLOGON    1
+
+
+/*
+ * Data structure attached to a conversation, giving authentication
+ * information from a bind request.
+ * We keep a linked list of them, so that we can free up all the
+ * authentication mechanism strings.
+ */
+typedef struct ldap_conv_info_t {
+  struct ldap_conv_info_t *next;
+  guint auth_type;             /* authentication type */
+  char *auth_mech;             /* authentication mechanism */
+  guint32 first_auth_frame;    /* first frame that would use a security layer */
+  GHashTable *unmatched;
+  GHashTable *matched;
+  gboolean is_mscldap;
+  gboolean first_time;
+} ldap_conv_info_t;
+static ldap_conv_info_t *ldap_info_items;
+
+static guint
+ldap_info_hash_matched(gconstpointer k)
+{
+  const ldap_call_response_t *key = k;
+
+  return key->messageId;
+}
+
+static gint
+ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
+{
+  const ldap_call_response_t *key1 = k1;
+  const ldap_call_response_t *key2 = k2;
+
+  if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
+    return 0;
+  }
+  if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
+    return 0;
+  }
+
+  return key1->messageId==key2->messageId;
+}
+
+static guint
+ldap_info_hash_unmatched(gconstpointer k)
+{
+  const ldap_call_response_t *key = k;
+
+  return key->messageId;
+}
+
+static gint
+ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
+{
+  const ldap_call_response_t *key1 = k1;
+  const ldap_call_response_t *key2 = k2;
+
+  return key1->messageId==key2->messageId;
+}
+
+/* Global variables */
+guint32 MessageID;
+guint32 AuthenticationChoice;
+
+#include "packet-ldap-fn.c"
+
+static void
+dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
+                    proto_tree *tree, ldap_conv_info_t *ldap_info,
+                    gboolean rest_is_pad, gboolean is_mscldap)
+{
+  int offset = 0;
+  gboolean first_time = TRUE;
+  guint length_remaining;
+  guint msg_len = 0;
+  int messageOffset = 0;
+  guint headerLength = 0;
+  guint length = 0;
+  tvbuff_t *msg_tvb = NULL;
+  proto_item *msg_item = NULL;
+  proto_tree *msg_tree = NULL;
+  gint8 class;
+  gboolean pc, ind = 0;
+  gint32 ber_tag;
+
+  while (tvb_reported_length_remaining(tvb, offset) > 0) {
+    /*
+     * This will throw an exception if we don't have any data left.
+     * That's what we want.  (See "tcp_dissect_pdus()", which is
+     * similar)
+     */
+    length_remaining = tvb_ensure_length_remaining(tvb, offset);
+
+    if (rest_is_pad && length_remaining < 6) return;
+
+    /*
+     * The frame begins
+     * with a "Sequence Of" header.
+     * Can we do reassembly?
+     */
+    if (ldap_desegment && pinfo->can_desegment) {
+        /*
+         * Yes - is the "Sequence Of" header split across segment
+         * boundaries?  We require at least 6 bytes for the header
+         * which allows for a 4 byte length (ASN.1 BER).
+         */
+        if (length_remaining < 6) {
+         /* stop if the caller says that we are given all data and the rest is padding
+          * this is for the SASL GSSAPI case when the data is only signed and not sealed
+          */
+          pinfo->desegment_offset = offset;
+          pinfo->desegment_len = 6 - length_remaining;
+          return;
+        }
+    }
+
+    /*
+     * OK, try to read the "Sequence Of" header; this gets the total
+     * length of the LDAP message.
+     */
+       messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
+       messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind);
+
+    if (ber_tag == BER_UNI_TAG_SEQUENCE) {
+       /*
+        * Add the length of the "Sequence Of" header to the message
+        * length.
+        */
+       headerLength = messageOffset - offset;
+       msg_len += headerLength;
+        if (msg_len < headerLength) {
+           /*
+            * The message length was probably so large that the total length
+            * overflowed.
+            *
+            * Report this as an error.
+            */
+           show_reported_bounds_error(tvb, pinfo, tree);
+           return;
+        }
+    } else {
+       /*
+        * We couldn't parse the header; just make it the amount of data
+        * remaining in the tvbuff, so we'll give up on this segment
+        * after attempting to parse the message - there's nothing more
+        * we can do.  "dissect_ldap_message()" will display the error.
+        */
+       msg_len = length_remaining;
+    }
+
+    /*
+     * Is the message split across segment boundaries?
+     */
+    if (length_remaining < msg_len) {
+        /* provide a hint to TCP where the next PDU starts */
+        pinfo->want_pdu_tracking=2;
+        pinfo->bytes_until_next_pdu= msg_len - length_remaining;
+        /*
+         * Can we do reassembly?
+         */
+        if (ldap_desegment && pinfo->can_desegment) {
+           /*
+            * Yes.  Tell the TCP dissector where the data for this message
+            * starts in the data it handed us, and how many more bytes
+            * we need, and return.
+            */
+           pinfo->desegment_offset = offset;
+           pinfo->desegment_len = msg_len - length_remaining;
+           return;
+        }
+    }
+
+    /*
+     * Construct a tvbuff containing the amount of the payload we have
+     * available.  Make its reported length the amount of data in the
+     * LDAP message.
+     *
+     * XXX - if reassembly isn't enabled. the subdissector will throw a
+     * BoundsError exception, rather than a ReportedBoundsError exception.
+     * We really want a tvbuff where the length is "length", the reported
+     * length is "plen", and the "if the snapshot length were infinite"
+     * length is the minimum of the reported length of the tvbuff handed
+     * to us and "plen", with a new type of exception thrown if the offset
+     * is within the reported length but beyond that third length, with
+     * that exception getting the "Unreassembled Packet" error.
+     */
+    length = length_remaining;
+    if (length > msg_len) length = msg_len;
+    msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
+
+    /*
+     * Now dissect the LDAP message.
+     */
+    if (tree) {
+        msg_item = proto_tree_add_text(tree, msg_tvb, 0, msg_len, "LDAP Message");
+        msg_tree = proto_item_add_subtree(msg_item, ett_ldap_msg);
+    }
+
+    /*dissect_ldap_message(msg_tvb, 0, pinfo, msg_tree, msg_item, first_time, ldap_info, is_mscldap);*/
+       ldap_info->first_time= first_time;
+       ldap_info->is_mscldap = is_mscldap;
+       pinfo->private_data = ldap_info;
+       dissect_LDAPMessage_PDU(msg_tvb, pinfo, msg_tree);
+
+
+    offset += msg_len;
+
+    first_time = FALSE;
+  }
+}
+
+static void
+dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
+{
+  int offset = 0;
+  conversation_t *conversation;
+  gboolean doing_sasl_security = FALSE;
+  guint length_remaining;
+  ldap_conv_info_t *ldap_info = NULL;
+  proto_item *ldap_item = NULL;
+  proto_tree *ldap_tree = NULL;
+
+  /*
+   * Do we have a conversation for this connection?
+   */
+  conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
+                                   pinfo->ptype, pinfo->srcport,
+                                   pinfo->destport, 0);
+  if (conversation == NULL) {
+    /* We don't yet have a conversation, so create one. */
+    conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
+                                   pinfo->ptype, pinfo->srcport,
+                                    pinfo->destport, 0);
+  }
+
+  /*
+   * Do we already have a type and mechanism?
+   */
+  ldap_info = conversation_get_proto_data(conversation, proto_ldap);
+  if (ldap_info == NULL) {
+    /* No.  Attach that information to the conversation, and add
+     * it to the list of information structures.
+     */
+    ldap_info = se_alloc(sizeof(ldap_conv_info_t));
+    ldap_info->auth_type = 0;
+    ldap_info->auth_mech = 0;
+    ldap_info->first_auth_frame = 0;
+    ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
+    ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
+    conversation_add_proto_data(conversation, proto_ldap, ldap_info);
+    ldap_info->next = ldap_info_items;
+    ldap_info_items = ldap_info;
+  } 
+
+  switch (ldap_info->auth_type) {
+    case LDAP_AUTH_SASL:
+    /*
+     * It's SASL; are we using a security layer?
+     */
+    if (ldap_info->first_auth_frame != 0 &&
+       pinfo->fd->num >= ldap_info->first_auth_frame) {
+       doing_sasl_security = TRUE;     /* yes */
+    }
+  }
+
+  while (tvb_reported_length_remaining(tvb, offset) > 0) {
+
+    /*
+     * This will throw an exception if we don't have any data left.
+     * That's what we want.  (See "tcp_dissect_pdus()", which is
+     * similar, but doesn't have to deal with the SASL issues.
+     * XXX - can we make "tcp_dissect_pdus()" provide enough information
+     * to the "get_pdu_len" routine so that we could have one dealing
+     * with the SASL issues, have that routine deal with SASL and
+     * ASN.1, and just use "tcp_dissect_pdus()"?)
+     */
+    length_remaining = tvb_ensure_length_remaining(tvb, offset);
+
+    /*
+     * Try to find out if we have a plain LDAP buffer
+     * with a "Sequence Of" header or a SASL buffer with
+     * Can we do reassembly?
+     */
+    if (ldap_desegment && pinfo->can_desegment) {
+        /*
+         * Yes - is the "Sequence Of" header split across segment
+         * boundaries?  We require at least 6 bytes for the header
+         * which allows for a 4 byte length (ASN.1 BER).
+        * For the SASL case we need at least 4 bytes, so this is 
+        * no problem here because we check for 6 bytes ans sasl buffers
+        * with less than 2 bytes should not exist...
+         */
+        if (length_remaining < 6) {
+           pinfo->desegment_offset = offset;
+           pinfo->desegment_len = 6 - length_remaining;
+           return;
+        }
+    }
+
+    /* It might still be a packet containing a SASL security layer
+     * but its just that we never saw the BIND packet.
+     * check if it looks like it could be a SASL blob here
+     * and in that case just assume it is GSS-SPNEGO
+     */
+    if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
+      &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
+      &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
+        ldap_info->auth_type=LDAP_AUTH_SASL;
+        ldap_info->first_auth_frame=pinfo->fd->num;
+        ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
+        doing_sasl_security=TRUE;
+    }
+
+    /*
+     * This is the first PDU, set the Protocol column and clear the
+     * Info column.
+     */
+    if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
+    if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
+
+    ldap_item = proto_tree_add_item(tree, proto_ldap, tvb, 0, -1, FALSE);
+    ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
+
+    /*
+     * Might we be doing a SASL security layer and, if so, *are* we doing
+     * one?
+     *
+     * Just because we've seen a bind reply for SASL, that doesn't mean
+     * that we're using a SASL security layer; I've seen captures in
+     * which some SASL negotiations lead to a security layer being used
+     * and other negotiations don't, and it's not obvious what's different
+     * in the two negotiations.  Therefore, we assume that if the first
+     * byte is 0, it's a length for a SASL security layer (that way, we
+     * never reassemble more than 16 megabytes, protecting us from
+     * chewing up *too* much memory), and otherwise that it's an LDAP
+     * message (actually, if it's an LDAP message it should begin with 0x30,
+     * but we want to parse garbage as LDAP messages rather than really
+     * huge lengths).
+     */
+
+    if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
+      proto_item *sasl_item = NULL;
+      proto_tree *sasl_tree = NULL;
+      tvbuff_t *sasl_tvb;
+      guint sasl_len, sasl_msg_len, length;
+      /*
+       * Yes.  The frame begins with a 4-byte big-endian length.
+       * And we know we have at least 6 bytes
+       */
+
+      /*
+       * Get the SASL length, which is the length of data in the buffer
+       * following the length (i.e., it's 4 less than the total length).
+       *
+       * XXX - do we need to reassemble buffers?  For now, we
+       * assume that each LDAP message is entirely contained within
+       * a buffer.
+       */
+      sasl_len = tvb_get_ntohl(tvb, offset);
+      sasl_msg_len = sasl_len + 4;
+      if (sasl_msg_len < 4) {
+        /*
+         * The message length was probably so large that the total length
+        * overflowed.
+         *
+         * Report this as an error.
+         */
+        show_reported_bounds_error(tvb, pinfo, tree);
+        return;
+      }
+
+      /*
+       * Is the buffer split across segment boundaries?
+       */
+      if (length_remaining < sasl_msg_len) {
+        /* provide a hint to TCP where the next PDU starts */
+        pinfo->want_pdu_tracking = 2;
+        pinfo->bytes_until_next_pdu= sasl_msg_len - length_remaining;
+        /*
+         * Can we do reassembly?
+         */
+        if (ldap_desegment && pinfo->can_desegment) {
+          /*
+           * Yes.  Tell the TCP dissector where the data for this message
+           * starts in the data it handed us, and how many more bytes we
+           * need, and return.
+           */
+          pinfo->desegment_offset = offset;
+          pinfo->desegment_len = sasl_msg_len - length_remaining;
+          return;
+        }
+      }
+
+      /*
+       * Construct a tvbuff containing the amount of the payload we have
+       * available.  Make its reported length the amount of data in the PDU.
+       *
+       * XXX - if reassembly isn't enabled. the subdissector will throw a
+       * BoundsError exception, rather than a ReportedBoundsError exception.
+       * We really want a tvbuff where the length is "length", the reported
+       * length is "plen", and the "if the snapshot length were infinite"
+       * length is the minimum of the reported length of the tvbuff handed
+       * to us and "plen", with a new type of exception thrown if the offset
+       * is within the reported length but beyond that third length, with
+       * that exception getting the "Unreassembled Packet" error.
+       */
+      length = length_remaining;
+      if (length > sasl_msg_len) length = sasl_msg_len;
+      sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
+
+      if (ldap_tree) {
+        proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
+                            sasl_len);
+
+        sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0,  sasl_msg_len, "SASL buffer");
+        sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
+      }
+
+      if (ldap_info->auth_mech != NULL &&
+          strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
+         tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
+         int ver_len;
+         int length;
+
+          /*
+           * This is GSS-API (using SPNEGO, but we should be done with
+           * the negotiation by now).
+           *
+           * Dissect the GSS_Wrap() token; it'll return the length of
+           * the token, from which we compute the offset in the tvbuff at
+           * which the plaintext data, i.e. the LDAP message, begins.
+           */
+          length = tvb_length_remaining(sasl_tvb, 4);
+          if ((guint)length > sasl_len)
+              length = sasl_len;
+         gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
+
+         /* Attempt decryption of the GSSAPI wrapped data if possible */
+         pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
+         pinfo->gssapi_wrap_tvb=NULL;
+         pinfo->gssapi_encrypted_tvb=NULL;
+         pinfo->gssapi_decrypted_tvb=NULL;
+          ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
+         /* if we could unwrap, do a tvb shuffle */
+         if(pinfo->gssapi_decrypted_tvb){
+               decr_tvb=pinfo->gssapi_decrypted_tvb;
+         }
+         /* tidy up */
+         pinfo->decrypt_gssapi_tvb=0;
+         pinfo->gssapi_wrap_tvb=NULL;
+         pinfo->gssapi_encrypted_tvb=NULL;
+         pinfo->gssapi_decrypted_tvb=NULL;
+
+          /*
+           * if len is 0 it probably mean that we got a PDU that is not
+           * aligned to the start of the segment.
+           */
+          if(ver_len==0){
+             return;
+          }
+
+         /*
+          * if we don't have unwrapped data,
+          * see if the wrapping involved encryption of the
+          * data; if not, just use the plaintext data.
+          */
+         if (!decr_tvb) {
+           if(!pinfo->gssapi_data_encrypted){
+             plain_tvb = tvb_new_subset(gssapi_tvb,  ver_len, -1, -1);
+           }
+         }
+
+          if (decr_tvb) {
+           proto_item *enc_item = NULL;
+           proto_tree *enc_tree = NULL;
+
+            /*
+             * The LDAP message was encrypted in the packet, and has
+             * been decrypted; dissect the decrypted LDAP message.
+             */
+            if (sasl_tree) {
+             enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+                                "GSS-API Encrypted payload (%d byte%s)",
+                                sasl_len - ver_len,
+                                plurality(sasl_len - ver_len, "", "s"));
+             enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
+            }
+           dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap);
+          } else if (plain_tvb) {
+           proto_item *plain_item = NULL;
+           proto_tree *plain_tree = NULL;
+
+           /*
+            * The LDAP message wasn't encrypted in the packet;
+            * dissect the plain LDAP message.
+             */
+           if (sasl_tree) {
+              plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+                                "GSS-API payload (%d byte%s)",
+                                sasl_len - ver_len,
+                                plurality(sasl_len - ver_len, "", "s"));
+             plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
+            }
+
+           dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap);
+         } else {
+            /*
+             * The LDAP message was encrypted in the packet, and was
+             * not decrypted; just show it as encrypted data.
+             */
+            if (check_col(pinfo->cinfo, COL_INFO)) {
+                   col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)",
+                                 sasl_len - ver_len,
+                                 plurality(sasl_len - ver_len, "", "s"));
+            }
+           if (sasl_tree) {
+              proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+                                "GSS-API Encrypted payload (%d byte%s)",
+                                sasl_len - ver_len,
+                                plurality(sasl_len - ver_len, "", "s"));
+           }
+          }
+      }
+      offset += sasl_msg_len;
+    } else {
+       /* plain LDAP, so dissect the payload */
+       dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap);
+       /* dissect_ldap_payload() has it's own loop so go out here */
+       break;
+    }
+  }
+}
+static void
+dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+       dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
+       return;
+}
+
+static void
+dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+       dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
+       return;
+}
+
+
+static void
+ldap_reinit(void)
+{
+  ldap_conv_info_t *ldap_info;
+
+  /* Free up state attached to the ldap_info structures */
+  for (ldap_info = ldap_info_items; ldap_info != NULL; ldap_info = ldap_info->next) {
+    if (ldap_info->auth_mech != NULL) {
+      g_free(ldap_info->auth_mech);
+      ldap_info->auth_mech=NULL;
+    }
+    g_hash_table_destroy(ldap_info->matched);
+    ldap_info->matched=NULL;
+    g_hash_table_destroy(ldap_info->unmatched);
+    ldap_info->unmatched=NULL;
+  }
+
+  ldap_info_items = NULL;
+
+}
+/*--- proto_register_ldap -------------------------------------------*/
+void proto_register_ldap(void) {
+
+  /* List of fields */
+
+  static hf_register_info hf[] = {
+
+             { &hf_ldap_sasl_buffer_length,
+                         { "SASL Buffer Length",       "ldap.sasl_buffer_length",
+                         FT_UINT32, BASE_DEC, NULL, 0x0,
+                         "SASL Buffer Length", HFILL }},
+
+#include "packet-ldap-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+         &ett_ldap,
+       &ett_ldap_payload,
+    &ett_ldap_sasl_blob,
+       &ett_ldap_msg,
+
+#include "packet-ldap-ettarr.c"
+  };
+
+    module_t *ldap_module;
+
+  /* Register protocol */
+  proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_ldap, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+  register_dissector("ldap", dissect_ldap, proto_ldap);
+
+  ldap_module = prefs_register_protocol(proto_ldap, NULL);
+  prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
+    "Reassemble LDAP messages spanning multiple TCP segments",
+    "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
+    " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
+    &ldap_desegment);
+
+  proto_cldap = proto_register_protocol(
+         "Connectionless Lightweight Directory Access Protocol",
+         "CLDAP", "cldap");
+
+  register_init_routine(ldap_reinit);
+  ldap_tap=register_tap("ldap");
+
+}
+
+
+/*--- proto_reg_handoff_ldap ---------------------------------------*/
+void
+proto_reg_handoff_ldap(void)
+{
+       dissector_handle_t ldap_handle, cldap_handle;
+       ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);
+       dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);
+       dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
+
+       cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
+       dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);
+
+       gssapi_handle = find_dissector("gssapi");
+       gssapi_wrap_handle = find_dissector("gssapi_verf");
+
+
+
+}
+
+
old mode 100755 (executable)
new mode 100644 (file)
index 79becfa..e36d27e
@@ -1,94 +1,94 @@
-/* packet-ldap.h\r
- * Routines for ros packet dissection\r
- * Copyright 2005, Anders Broman <anders.broman@ericsson.com>\r
- *\r
- * $Id: packet-ros-template.h 12203 2004-10-05 09:18:55Z guy $\r
- *\r
- * Ethereal - Network traffic analyzer\r
- * By Gerald Combs <gerald@ethereal.com>\r
- * Copyright 1998 Gerald Combs\r
- *\r
- * This program is free software; you can redistribute it and/or\r
- * modify it under the terms of the GNU General Public License\r
- * as published by the Free Software Foundation; either version 2\r
- * of the License, or (at your option) any later version.\r
- *\r
- * This program is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r
- * GNU General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU General Public License\r
- * along with this program; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.\r
- */\r
-\r
-#ifndef __PACKET_LDAP_H__\r
-#define __PACKET_LDAP_H__\r
-\r
-/*\r
- * These are all APPLICATION types; the value is the type tag.\r
- */\r
-#define LDAP_REQ_BIND               0\r
-#define LDAP_REQ_UNBIND             2\r
-#define LDAP_REQ_SEARCH             3\r
-#define LDAP_REQ_MODIFY             6\r
-#define LDAP_REQ_ADD                8\r
-#define LDAP_REQ_DELETE             10\r
-#define LDAP_REQ_MODRDN             12\r
-#define LDAP_REQ_COMPARE            14\r
-#define LDAP_REQ_ABANDON            16\r
-#define LDAP_REQ_EXTENDED           23 /* LDAP V3 only */\r
-\r
-#define LDAP_RES_BIND               1\r
-#define LDAP_RES_SEARCH_ENTRY       4\r
-#define LDAP_RES_SEARCH_REF         19 /* LDAP V3 only */\r
-#define LDAP_RES_SEARCH_RESULT      5\r
-#define LDAP_RES_MODIFY             7\r
-#define LDAP_RES_ADD                9\r
-#define LDAP_RES_DELETE             11\r
-#define LDAP_RES_MODRDN             13\r
-#define LDAP_RES_COMPARE            15\r
-#define LDAP_RES_EXTENDED           24 /* LDAP V3 only */\r
-\r
-/*\r
- * These are all CONTEXT types; the value is the type tag.\r
- */\r
-\r
-/* authentication type tags */\r
-#define LDAP_AUTH_SIMPLE        0\r
-#define LDAP_AUTH_KRBV4LDAP     1      /* LDAP V2 only */\r
-#define LDAP_AUTH_KRBV4DSA      2      /* LDAP V2 only */\r
-#define LDAP_AUTH_SASL          3      /* LDAP V3 only */\r
-\r
-/* filter type tags */\r
-#define LDAP_FILTER_AND         0\r
-#define LDAP_FILTER_OR          1\r
-#define LDAP_FILTER_NOT         2\r
-#define LDAP_FILTER_EQUALITY    3\r
-#define LDAP_FILTER_SUBSTRINGS  4\r
-#define LDAP_FILTER_GE          5\r
-#define LDAP_FILTER_LE          6\r
-#define LDAP_FILTER_PRESENT     7\r
-#define LDAP_FILTER_APPROX      8\r
-#define LDAP_FILTER_EXTENSIBLE  9      /* LDAP V3 only */\r
-\r
-#define LDAP_MOD_ADD            0\r
-#define LDAP_MOD_DELETE         1\r
-#define LDAP_MOD_REPLACE        2\r
-\r
-typedef struct ldap_call_response {\r
-  gboolean is_request;\r
-  guint32 req_frame;\r
-  nstime_t req_time;\r
-  guint32 rep_frame;\r
-  guint messageId;\r
-  guint protocolOpTag;\r
-} ldap_call_response_t;\r
-\r
-\r
-/*#include "packet-ldap-exp.h" */\r
-\r
-#endif  /* PACKET_LDAP_H */\r
-\r
-\r
+/* packet-ldap.h
+ * Routines for ros packet dissection
+ * Copyright 2005, Anders Broman <anders.broman@ericsson.com>
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifndef __PACKET_LDAP_H__
+#define __PACKET_LDAP_H__
+
+/*
+ * These are all APPLICATION types; the value is the type tag.
+ */
+#define LDAP_REQ_BIND               0
+#define LDAP_REQ_UNBIND             2
+#define LDAP_REQ_SEARCH             3
+#define LDAP_REQ_MODIFY             6
+#define LDAP_REQ_ADD                8
+#define LDAP_REQ_DELETE             10
+#define LDAP_REQ_MODRDN             12
+#define LDAP_REQ_COMPARE            14
+#define LDAP_REQ_ABANDON            16
+#define LDAP_REQ_EXTENDED           23 /* LDAP V3 only */
+
+#define LDAP_RES_BIND               1
+#define LDAP_RES_SEARCH_ENTRY       4
+#define LDAP_RES_SEARCH_REF         19 /* LDAP V3 only */
+#define LDAP_RES_SEARCH_RESULT      5
+#define LDAP_RES_MODIFY             7
+#define LDAP_RES_ADD                9
+#define LDAP_RES_DELETE             11
+#define LDAP_RES_MODRDN             13
+#define LDAP_RES_COMPARE            15
+#define LDAP_RES_EXTENDED           24 /* LDAP V3 only */
+
+/*
+ * These are all CONTEXT types; the value is the type tag.
+ */
+
+/* authentication type tags */
+#define LDAP_AUTH_SIMPLE        0
+#define LDAP_AUTH_KRBV4LDAP     1      /* LDAP V2 only */
+#define LDAP_AUTH_KRBV4DSA      2      /* LDAP V2 only */
+#define LDAP_AUTH_SASL          3      /* LDAP V3 only */
+
+/* filter type tags */
+#define LDAP_FILTER_AND         0
+#define LDAP_FILTER_OR          1
+#define LDAP_FILTER_NOT         2
+#define LDAP_FILTER_EQUALITY    3
+#define LDAP_FILTER_SUBSTRINGS  4
+#define LDAP_FILTER_GE          5
+#define LDAP_FILTER_LE          6
+#define LDAP_FILTER_PRESENT     7
+#define LDAP_FILTER_APPROX      8
+#define LDAP_FILTER_EXTENSIBLE  9      /* LDAP V3 only */
+
+#define LDAP_MOD_ADD            0
+#define LDAP_MOD_DELETE         1
+#define LDAP_MOD_REPLACE        2
+
+typedef struct ldap_call_response {
+  gboolean is_request;
+  guint32 req_frame;
+  nstime_t req_time;
+  guint32 rep_frame;
+  guint messageId;
+  guint protocolOpTag;
+} ldap_call_response_t;
+
+
+/*#include "packet-ldap-exp.h" */
+
+#endif  /* PACKET_LDAP_H */
+
+