aboutsummaryrefslogtreecommitdiffstats
path: root/asn1/ldap
diff options
context:
space:
mode:
authorJörg Mayer <jmayer@loplof.de>2005-12-09 16:46:24 +0000
committerJörg Mayer <jmayer@loplof.de>2005-12-09 16:46:24 +0000
commit50d94b2f95fab2efdae8bc3e3fa4014806b10cb2 (patch)
treed7ff3b140838214689cc0ffe6ad7bdba85c8a646 /asn1/ldap
parent9e0577d0d2a46e49de0bdb94e4ab779155d7a34f (diff)
downloadwireshark-50d94b2f95fab2efdae8bc3e3fa4014806b10cb2.tar.gz
wireshark-50d94b2f95fab2efdae8bc3e3fa4014806b10cb2.tar.bz2
wireshark-50d94b2f95fab2efdae8bc3e3fa4014806b10cb2.zip
Add missing propset ...
svn path=/trunk/; revision=16749
Diffstat (limited to 'asn1/ldap')
-rw-r--r--[-rwxr-xr-x]asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn168
-rw-r--r--[-rwxr-xr-x]asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig168
-rw-r--r--[-rwxr-xr-x]asn1/ldap/Makefile.nmake84
-rw-r--r--[-rwxr-xr-x]asn1/ldap/ldap.cnf76
-rw-r--r--[-rwxr-xr-x]asn1/ldap/packet-ldap-template.c1540
-rw-r--r--[-rwxr-xr-x]asn1/ldap/packet-ldap-template.h188
6 files changed, 1112 insertions, 1112 deletions
diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
index e85cb4fe5e..51709b9032 100755..100644
--- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
+++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
@@ -117,9 +117,9 @@ Control ::= SEQUENCE {
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL
}
-
+
ControlType ::= LDAPOID
-
+
BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER(1..127),
name LDAPDN,
@@ -135,53 +135,53 @@ AuthenticationChoice ::= CHOICE {
SaslCredentials ::= SEQUENCE {
mechanism Mechanism,
credentials OCTET STRING OPTIONAL
-}
-
+}
+
Mechanism ::= LDAPString
BindResponse ::= [APPLICATION 1] SEQUENCE {
--- COMPONENTS OF LDAPResult,
- resultCode
- ENUMERATED {success(0), operationsError(1), protocolError(2),
- timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
- compareTrue(6), authMethodNotSupported(7),
- strongAuthRequired(8),
- -- 9 reserved
- referral(10),-- new-- adminLimitExceeded(11),-- new--
- unavailableCriticalExtension(12),-- new--
- confidentialityRequired(13),-- new--
- saslBindInProgress(14),-- new-- noSuchAttribute(16),
- undefinedAttributeType(17), inappropriateMatching(18),
- constraintViolation(19), attributeOrValueExists(20),
- invalidAttributeSyntax(21),
- -- 22-31 unused
- noSuchObject(32), aliasProblem(33),
- invalidDNSyntax(34),
- -- 35 reserved for undefined isLeaf
- aliasDereferencingProblem(36),
- -- 37-47 unused
- inappropriateAuthentication(48), invalidCredentials(49),
- insufficientAccessRights(50), busy(51), unavailable(52),
- unwillingToPerform(53),
- loopDetect(54),
- -- 55-63 unused
- namingViolation(64), objectClassViolation(65),
- notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
- entryAlreadyExists(68),
- objectClassModsProhibited(69),
- -- 70 reserved for CLDAP
- affectsMultipleDSAs(71),-- new--
- -- 72-79 unused
- other(80)},
- -- 81-90 reserved for APIs
- matchedDN LDAPDN,
- errorMessage ErrorMessage,
- referral [3] Referral OPTIONAL,
-
+-- COMPONENTS OF LDAPResult,
+ resultCode
+ ENUMERATED {success(0), operationsError(1), protocolError(2),
+ timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+ compareTrue(6), authMethodNotSupported(7),
+ strongAuthRequired(8),
+ -- 9 reserved
+ referral(10),-- new-- adminLimitExceeded(11),-- new--
+ unavailableCriticalExtension(12),-- new--
+ confidentialityRequired(13),-- new--
+ saslBindInProgress(14),-- new-- noSuchAttribute(16),
+ undefinedAttributeType(17), inappropriateMatching(18),
+ constraintViolation(19), attributeOrValueExists(20),
+ invalidAttributeSyntax(21),
+ -- 22-31 unused
+ noSuchObject(32), aliasProblem(33),
+ invalidDNSyntax(34),
+ -- 35 reserved for undefined isLeaf
+ aliasDereferencingProblem(36),
+ -- 37-47 unused
+ inappropriateAuthentication(48), invalidCredentials(49),
+ insufficientAccessRights(50), busy(51), unavailable(52),
+ unwillingToPerform(53),
+ loopDetect(54),
+ -- 55-63 unused
+ namingViolation(64), objectClassViolation(65),
+ notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+ entryAlreadyExists(68),
+ objectClassModsProhibited(69),
+ -- 70 reserved for CLDAP
+ affectsMultipleDSAs(71),-- new--
+ -- 72-79 unused
+ other(80)},
+ -- 81-90 reserved for APIs
+ matchedDN LDAPDN,
+ errorMessage ErrorMessage,
+ referral [3] Referral OPTIONAL,
+
-- end of components
serverSaslCreds [7] OCTET STRING OPTIONAL
-}
-
+}
+
ErrorMessage ::= LDAPString
UnbindRequest ::= [APPLICATION 2] NULL
@@ -232,7 +232,7 @@ MatchingRuleAssertion ::= SEQUENCE {
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList
-}
+}
PartialAttributeList ::=
SEQUENCE OF SEQUENCE {type AttributeDescription,
@@ -297,47 +297,47 @@ ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
-- COMPONENTS OF LDAPResult,
- resultCode
- ENUMERATED {success(0), operationsError(1), protocolError(2),
- timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
- compareTrue(6), authMethodNotSupported(7),
- strongAuthRequired(8),
- -- 9 reserved
- referral(10),-- new-- adminLimitExceeded(11),-- new--
- unavailableCriticalExtension(12),-- new--
- confidentialityRequired(13),-- new--
- saslBindInProgress(14),-- new-- noSuchAttribute(16),
- undefinedAttributeType(17), inappropriateMatching(18),
- constraintViolation(19), attributeOrValueExists(20),
- invalidAttributeSyntax(21),
- -- 22-31 unused
- noSuchObject(32), aliasProblem(33),
- invalidDNSyntax(34),
- -- 35 reserved for undefined isLeaf
- aliasDereferencingProblem(36),
- -- 37-47 unused
- inappropriateAuthentication(48), invalidCredentials(49),
- insufficientAccessRights(50), busy(51), unavailable(52),
- unwillingToPerform(53),
- loopDetect(54),
- -- 55-63 unused
- namingViolation(64), objectClassViolation(65),
- notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
- entryAlreadyExists(68),
- objectClassModsProhibited(69),
- -- 70 reserved for CLDAP
- affectsMultipleDSAs(71),-- new--
- -- 72-79 unused
- other(80)},
- -- 81-90 reserved for APIs
- matchedDN LDAPDN,
- errorMessage ErrorMessage,
- referral [3] Referral OPTIONAL,
--- end of COMPONENTS
+ resultCode
+ ENUMERATED {success(0), operationsError(1), protocolError(2),
+ timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+ compareTrue(6), authMethodNotSupported(7),
+ strongAuthRequired(8),
+ -- 9 reserved
+ referral(10),-- new-- adminLimitExceeded(11),-- new--
+ unavailableCriticalExtension(12),-- new--
+ confidentialityRequired(13),-- new--
+ saslBindInProgress(14),-- new-- noSuchAttribute(16),
+ undefinedAttributeType(17), inappropriateMatching(18),
+ constraintViolation(19), attributeOrValueExists(20),
+ invalidAttributeSyntax(21),
+ -- 22-31 unused
+ noSuchObject(32), aliasProblem(33),
+ invalidDNSyntax(34),
+ -- 35 reserved for undefined isLeaf
+ aliasDereferencingProblem(36),
+ -- 37-47 unused
+ inappropriateAuthentication(48), invalidCredentials(49),
+ insufficientAccessRights(50), busy(51), unavailable(52),
+ unwillingToPerform(53),
+ loopDetect(54),
+ -- 55-63 unused
+ namingViolation(64), objectClassViolation(65),
+ notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+ entryAlreadyExists(68),
+ objectClassModsProhibited(69),
+ -- 70 reserved for CLDAP
+ affectsMultipleDSAs(71),-- new--
+ -- 72-79 unused
+ other(80)},
+ -- 81-90 reserved for APIs
+ matchedDN LDAPDN,
+ errorMessage ErrorMessage,
+ referral [3] Referral OPTIONAL,
+-- end of COMPONENTS
responseName [10] ResponseName OPTIONAL,
response [11] OCTET STRING OPTIONAL
-}
-
+}
+
ResponseName ::= LDAPOID
END
diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig
index e85cb4fe5e..51709b9032 100755..100644
--- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig
+++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig
@@ -117,9 +117,9 @@ Control ::= SEQUENCE {
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL
}
-
+
ControlType ::= LDAPOID
-
+
BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER(1..127),
name LDAPDN,
@@ -135,53 +135,53 @@ AuthenticationChoice ::= CHOICE {
SaslCredentials ::= SEQUENCE {
mechanism Mechanism,
credentials OCTET STRING OPTIONAL
-}
-
+}
+
Mechanism ::= LDAPString
BindResponse ::= [APPLICATION 1] SEQUENCE {
--- COMPONENTS OF LDAPResult,
- resultCode
- ENUMERATED {success(0), operationsError(1), protocolError(2),
- timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
- compareTrue(6), authMethodNotSupported(7),
- strongAuthRequired(8),
- -- 9 reserved
- referral(10),-- new-- adminLimitExceeded(11),-- new--
- unavailableCriticalExtension(12),-- new--
- confidentialityRequired(13),-- new--
- saslBindInProgress(14),-- new-- noSuchAttribute(16),
- undefinedAttributeType(17), inappropriateMatching(18),
- constraintViolation(19), attributeOrValueExists(20),
- invalidAttributeSyntax(21),
- -- 22-31 unused
- noSuchObject(32), aliasProblem(33),
- invalidDNSyntax(34),
- -- 35 reserved for undefined isLeaf
- aliasDereferencingProblem(36),
- -- 37-47 unused
- inappropriateAuthentication(48), invalidCredentials(49),
- insufficientAccessRights(50), busy(51), unavailable(52),
- unwillingToPerform(53),
- loopDetect(54),
- -- 55-63 unused
- namingViolation(64), objectClassViolation(65),
- notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
- entryAlreadyExists(68),
- objectClassModsProhibited(69),
- -- 70 reserved for CLDAP
- affectsMultipleDSAs(71),-- new--
- -- 72-79 unused
- other(80)},
- -- 81-90 reserved for APIs
- matchedDN LDAPDN,
- errorMessage ErrorMessage,
- referral [3] Referral OPTIONAL,
-
+-- COMPONENTS OF LDAPResult,
+ resultCode
+ ENUMERATED {success(0), operationsError(1), protocolError(2),
+ timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+ compareTrue(6), authMethodNotSupported(7),
+ strongAuthRequired(8),
+ -- 9 reserved
+ referral(10),-- new-- adminLimitExceeded(11),-- new--
+ unavailableCriticalExtension(12),-- new--
+ confidentialityRequired(13),-- new--
+ saslBindInProgress(14),-- new-- noSuchAttribute(16),
+ undefinedAttributeType(17), inappropriateMatching(18),
+ constraintViolation(19), attributeOrValueExists(20),
+ invalidAttributeSyntax(21),
+ -- 22-31 unused
+ noSuchObject(32), aliasProblem(33),
+ invalidDNSyntax(34),
+ -- 35 reserved for undefined isLeaf
+ aliasDereferencingProblem(36),
+ -- 37-47 unused
+ inappropriateAuthentication(48), invalidCredentials(49),
+ insufficientAccessRights(50), busy(51), unavailable(52),
+ unwillingToPerform(53),
+ loopDetect(54),
+ -- 55-63 unused
+ namingViolation(64), objectClassViolation(65),
+ notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+ entryAlreadyExists(68),
+ objectClassModsProhibited(69),
+ -- 70 reserved for CLDAP
+ affectsMultipleDSAs(71),-- new--
+ -- 72-79 unused
+ other(80)},
+ -- 81-90 reserved for APIs
+ matchedDN LDAPDN,
+ errorMessage ErrorMessage,
+ referral [3] Referral OPTIONAL,
+
-- end of components
serverSaslCreds [7] OCTET STRING OPTIONAL
-}
-
+}
+
ErrorMessage ::= LDAPString
UnbindRequest ::= [APPLICATION 2] NULL
@@ -232,7 +232,7 @@ MatchingRuleAssertion ::= SEQUENCE {
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList
-}
+}
PartialAttributeList ::=
SEQUENCE OF SEQUENCE {type AttributeDescription,
@@ -297,47 +297,47 @@ ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
-- COMPONENTS OF LDAPResult,
- resultCode
- ENUMERATED {success(0), operationsError(1), protocolError(2),
- timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
- compareTrue(6), authMethodNotSupported(7),
- strongAuthRequired(8),
- -- 9 reserved
- referral(10),-- new-- adminLimitExceeded(11),-- new--
- unavailableCriticalExtension(12),-- new--
- confidentialityRequired(13),-- new--
- saslBindInProgress(14),-- new-- noSuchAttribute(16),
- undefinedAttributeType(17), inappropriateMatching(18),
- constraintViolation(19), attributeOrValueExists(20),
- invalidAttributeSyntax(21),
- -- 22-31 unused
- noSuchObject(32), aliasProblem(33),
- invalidDNSyntax(34),
- -- 35 reserved for undefined isLeaf
- aliasDereferencingProblem(36),
- -- 37-47 unused
- inappropriateAuthentication(48), invalidCredentials(49),
- insufficientAccessRights(50), busy(51), unavailable(52),
- unwillingToPerform(53),
- loopDetect(54),
- -- 55-63 unused
- namingViolation(64), objectClassViolation(65),
- notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
- entryAlreadyExists(68),
- objectClassModsProhibited(69),
- -- 70 reserved for CLDAP
- affectsMultipleDSAs(71),-- new--
- -- 72-79 unused
- other(80)},
- -- 81-90 reserved for APIs
- matchedDN LDAPDN,
- errorMessage ErrorMessage,
- referral [3] Referral OPTIONAL,
--- end of COMPONENTS
+ resultCode
+ ENUMERATED {success(0), operationsError(1), protocolError(2),
+ timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5),
+ compareTrue(6), authMethodNotSupported(7),
+ strongAuthRequired(8),
+ -- 9 reserved
+ referral(10),-- new-- adminLimitExceeded(11),-- new--
+ unavailableCriticalExtension(12),-- new--
+ confidentialityRequired(13),-- new--
+ saslBindInProgress(14),-- new-- noSuchAttribute(16),
+ undefinedAttributeType(17), inappropriateMatching(18),
+ constraintViolation(19), attributeOrValueExists(20),
+ invalidAttributeSyntax(21),
+ -- 22-31 unused
+ noSuchObject(32), aliasProblem(33),
+ invalidDNSyntax(34),
+ -- 35 reserved for undefined isLeaf
+ aliasDereferencingProblem(36),
+ -- 37-47 unused
+ inappropriateAuthentication(48), invalidCredentials(49),
+ insufficientAccessRights(50), busy(51), unavailable(52),
+ unwillingToPerform(53),
+ loopDetect(54),
+ -- 55-63 unused
+ namingViolation(64), objectClassViolation(65),
+ notAllowedOnNonLeaf(66), notAllowedOnRDN(67),
+ entryAlreadyExists(68),
+ objectClassModsProhibited(69),
+ -- 70 reserved for CLDAP
+ affectsMultipleDSAs(71),-- new--
+ -- 72-79 unused
+ other(80)},
+ -- 81-90 reserved for APIs
+ matchedDN LDAPDN,
+ errorMessage ErrorMessage,
+ referral [3] Referral OPTIONAL,
+-- end of COMPONENTS
responseName [10] ResponseName OPTIONAL,
response [11] OCTET STRING OPTIONAL
-}
-
+}
+
ResponseName ::= LDAPOID
END
diff --git a/asn1/ldap/Makefile.nmake b/asn1/ldap/Makefile.nmake
index b61dd6378e..01cb834da2 100755..100644
--- a/asn1/ldap/Makefile.nmake
+++ b/asn1/ldap/Makefile.nmake
@@ -1,42 +1,42 @@
-## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
-#
-# $Id: Makefile.nmake 13077 2005-01-16 23:26:02Z lroland $
-
-include ../../config.nmake
-
-UNIX2DOS=$(PERL) ../../tools/unix2dos.pl
-
-PROTOCOL_NAME=ldap
-DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h
-
-all: generate_dissector
-
-generate_dissector: $(DISSECTOR_FILES)
-
-$(DISSECTOR_FILES): ../../tools/asn2eth.py Lightweight-Directory-Access-Protocol-V3.asn packet-ldap-template.c packet-ldap-template.h ldap.cnf
-!IFDEF PYTHON
- $(PYTHON) ../../tools/asn2eth.py -X -b -e -p $(PROTOCOL_NAME) -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn
-!ELSE
- @echo Error: You need Python to use asn2eth.py
- @exit 1
-!ENDIF
-
-clean:
- rm -f parsetab.py $(DISSECTOR_FILES)
-
-# Fix EOL in generated dissectors. Cygwin's python generates files with
-# mixed EOL styles, which can't be commited to the SVN repository.
-# Stuff included from template and "cnf" files has "\r\n" on windows, while
-# the generated stuff has "\n".
-
-fix_eol: generate_dissector
- move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp
- move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp
- $(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c
- $(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h
- del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
-
-copy_files: generate_dissector fix_eol
- xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
- xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
-
+## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
+#
+# $Id$
+
+include ../../config.nmake
+
+UNIX2DOS=$(PERL) ../../tools/unix2dos.pl
+
+PROTOCOL_NAME=ldap
+DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h
+
+all: generate_dissector
+
+generate_dissector: $(DISSECTOR_FILES)
+
+$(DISSECTOR_FILES): ../../tools/asn2eth.py Lightweight-Directory-Access-Protocol-V3.asn packet-ldap-template.c packet-ldap-template.h ldap.cnf
+!IFDEF PYTHON
+ $(PYTHON) ../../tools/asn2eth.py -X -b -e -p $(PROTOCOL_NAME) -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn
+!ELSE
+ @echo Error: You need Python to use asn2eth.py
+ @exit 1
+!ENDIF
+
+clean:
+ rm -f parsetab.py $(DISSECTOR_FILES)
+
+# Fix EOL in generated dissectors. Cygwin's python generates files with
+# mixed EOL styles, which can't be commited to the SVN repository.
+# Stuff included from template and "cnf" files has "\r\n" on windows, while
+# the generated stuff has "\n".
+
+fix_eol: generate_dissector
+ move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp
+ move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp
+ $(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c
+ $(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h
+ del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp
+
+copy_files: generate_dissector fix_eol
+ xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y
+ xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y
+
diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf
index 3be33f9f85..e4080ab369 100755..100644
--- a/asn1/ldap/ldap.cnf
+++ b/asn1/ldap/ldap.cnf
@@ -1,38 +1,38 @@
-# ros.cnf
-# ros conformation file
-# Copyright 2005 Anders Broman
-# $Id:$
-
-
-#.PDU
-LDAPMessage
-
-#.TYPE_RENAME
-
-BindResponse/resultCode BindResponse_resultCode
-ExtendedResponse/resultCode ExtendedResponse_resultCode
-ModifyRequest/modification ModifyRequest_modification
-
-#.FIELD_RENAME
-BindResponse/resultCode bindResponse_resultCode
-ExtendedResponse/resultCode extendedResponse_resultCode
-SearchRequest/attributes searchRequest_attributes
-SearchResultEntry/attributes searchResultEntry_attributes
-ModifyRequest/modification modifyRequest_modification
-SubstringFilter/substrings substringFilter_substrings
-
-#.TYPE_ATTR
-LDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-RelativeLDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-AttributeType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-AttributeDescription TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-MatchingRuleId TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-ErrorMessage TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-ControlType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-ResponseName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
-
-#.FN_PARS MessageID VAL_PTR = &MessageID
-#.FN_PARS AuthenticationChoice VAL_PTR = &AuthenticationChoice
-
+# ros.cnf
+# ros conformation file
+# Copyright 2005 Anders Broman
+# $Id$
+
+
+#.PDU
+LDAPMessage
+
+#.TYPE_RENAME
+
+BindResponse/resultCode BindResponse_resultCode
+ExtendedResponse/resultCode ExtendedResponse_resultCode
+ModifyRequest/modification ModifyRequest_modification
+
+#.FIELD_RENAME
+BindResponse/resultCode bindResponse_resultCode
+ExtendedResponse/resultCode extendedResponse_resultCode
+SearchRequest/attributes searchRequest_attributes
+SearchResultEntry/attributes searchResultEntry_attributes
+ModifyRequest/modification modifyRequest_modification
+SubstringFilter/substrings substringFilter_substrings
+
+#.TYPE_ATTR
+LDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+RelativeLDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+AttributeType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+AttributeDescription TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+MatchingRuleId TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+ErrorMessage TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+ControlType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+ResponseName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
+
+#.FN_PARS MessageID VAL_PTR = &MessageID
+#.FN_PARS AuthenticationChoice VAL_PTR = &AuthenticationChoice
+
diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c
index da73727748..95aa3e07c1 100755..100644
--- a/asn1/ldap/packet-ldap-template.c
+++ b/asn1/ldap/packet-ldap-template.c
@@ -1,770 +1,770 @@
-/* packet-ldap.c
- * Routines for ldap packet dissection
- *
- * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
- *
- * $Id: packet-ldap.c 16332 2005-10-27 08:50:42Z sahlberg $
- *
- * Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@ethereal.com>
- * Copyright 1998 Gerald Combs
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- */
-
-/*
- * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
- * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
- * It's also missing extensible search filters.
- *
- * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
- * and correct packet.
- *
- * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
- * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
- * I can do.
- *
- * Doug Nazar
- * nazard@dragoninc.on.ca
- */
-
-/*
- * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
- * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
- * TCP segments.
- *
- * Ronald W. Henderson
- * ronald.henderson@cognicaseusa.com
- */
-
-/*
- * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
- * using information from the SNIA 2003 conference paper :
- * Active Directory Domain Controller Location Service
- * by Anthony Liguori
- * ronnie sahlberg
- */
-
-/*
- * 17-DEC-2004 - added basic decoding for LDAP Controls
- * 20-DEC-2004 - added handling for GSS-API encrypted blobs
- *
- * Stefan Metzmacher <metze@samba.org>
- *
- * 15-NOV-2005 - Changed to use the asn2eth compiler
- * Anders Broman <anders.broman@ericsson.com>
- */
-
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <stdio.h>
-#include <string.h>
-
-#include <glib.h>
-
-#include <epan/packet.h>
-#include <epan/conversation.h>
-#include <epan/prefs.h>
-#include <epan/conversation.h>
-#include <epan/tap.h>
-#include <epan/emem.h>
-
-#include "packet-frame.h"
-#include "packet-ldap.h"
-
-#include "packet-ber.h"
-#include "packet-per.h"
-
-#define PNAME "Lightweight-Directory-Access-Protocol"
-#define PSNAME "LDAP"
-#define PFNAME "ldap"
-
-
-
-static dissector_handle_t ldap_handle=NULL;
-
-/* Initialize the protocol and registered fields */
-static int ldap_tap = -1;
-static int proto_ldap = -1;
-static int proto_cldap = -1;
-
-static int hf_ldap_sasl_buffer_length = -1;
-
-#include "packet-ldap-hf.c"
-
-/* Initialize the subtree pointers */
-static gint ett_ldap = -1;
-static gint ett_ldap_msg = -1;
-static gint ett_ldap_sasl_blob = -1;
-static guint ett_ldap_payload = -1;
-
-#include "packet-ldap-ett.c"
-
-/* desegmentation of LDAP */
-static gboolean ldap_desegment = TRUE;
-
-#define TCP_PORT_LDAP 389
-#define UDP_PORT_CLDAP 389
-#define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
-
-static dissector_handle_t gssapi_handle;
-static dissector_handle_t gssapi_wrap_handle;
-
-
-/* different types of rpc calls ontop of ms cldap */
-#define MSCLDAP_RPC_NETLOGON 1
-
-
-/*
- * Data structure attached to a conversation, giving authentication
- * information from a bind request.
- * We keep a linked list of them, so that we can free up all the
- * authentication mechanism strings.
- */
-typedef struct ldap_conv_info_t {
- struct ldap_conv_info_t *next;
- guint auth_type; /* authentication type */
- char *auth_mech; /* authentication mechanism */
- guint32 first_auth_frame; /* first frame that would use a security layer */
- GHashTable *unmatched;
- GHashTable *matched;
- gboolean is_mscldap;
- gboolean first_time;
-} ldap_conv_info_t;
-static ldap_conv_info_t *ldap_info_items;
-
-static guint
-ldap_info_hash_matched(gconstpointer k)
-{
- const ldap_call_response_t *key = k;
-
- return key->messageId;
-}
-
-static gint
-ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
-{
- const ldap_call_response_t *key1 = k1;
- const ldap_call_response_t *key2 = k2;
-
- if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
- return 0;
- }
- if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
- return 0;
- }
-
- return key1->messageId==key2->messageId;
-}
-
-static guint
-ldap_info_hash_unmatched(gconstpointer k)
-{
- const ldap_call_response_t *key = k;
-
- return key->messageId;
-}
-
-static gint
-ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
-{
- const ldap_call_response_t *key1 = k1;
- const ldap_call_response_t *key2 = k2;
-
- return key1->messageId==key2->messageId;
-}
-
-/* Global variables */
-guint32 MessageID;
-guint32 AuthenticationChoice;
-
-#include "packet-ldap-fn.c"
-
-static void
-dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
- proto_tree *tree, ldap_conv_info_t *ldap_info,
- gboolean rest_is_pad, gboolean is_mscldap)
-{
- int offset = 0;
- gboolean first_time = TRUE;
- guint length_remaining;
- guint msg_len = 0;
- int messageOffset = 0;
- guint headerLength = 0;
- guint length = 0;
- tvbuff_t *msg_tvb = NULL;
- proto_item *msg_item = NULL;
- proto_tree *msg_tree = NULL;
- gint8 class;
- gboolean pc, ind = 0;
- gint32 ber_tag;
-
- while (tvb_reported_length_remaining(tvb, offset) > 0) {
- /*
- * This will throw an exception if we don't have any data left.
- * That's what we want. (See "tcp_dissect_pdus()", which is
- * similar)
- */
- length_remaining = tvb_ensure_length_remaining(tvb, offset);
-
- if (rest_is_pad && length_remaining < 6) return;
-
- /*
- * The frame begins
- * with a "Sequence Of" header.
- * Can we do reassembly?
- */
- if (ldap_desegment && pinfo->can_desegment) {
- /*
- * Yes - is the "Sequence Of" header split across segment
- * boundaries? We require at least 6 bytes for the header
- * which allows for a 4 byte length (ASN.1 BER).
- */
- if (length_remaining < 6) {
- /* stop if the caller says that we are given all data and the rest is padding
- * this is for the SASL GSSAPI case when the data is only signed and not sealed
- */
- pinfo->desegment_offset = offset;
- pinfo->desegment_len = 6 - length_remaining;
- return;
- }
- }
-
- /*
- * OK, try to read the "Sequence Of" header; this gets the total
- * length of the LDAP message.
- */
- messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
- messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind);
-
- if (ber_tag == BER_UNI_TAG_SEQUENCE) {
- /*
- * Add the length of the "Sequence Of" header to the message
- * length.
- */
- headerLength = messageOffset - offset;
- msg_len += headerLength;
- if (msg_len < headerLength) {
- /*
- * The message length was probably so large that the total length
- * overflowed.
- *
- * Report this as an error.
- */
- show_reported_bounds_error(tvb, pinfo, tree);
- return;
- }
- } else {
- /*
- * We couldn't parse the header; just make it the amount of data
- * remaining in the tvbuff, so we'll give up on this segment
- * after attempting to parse the message - there's nothing more
- * we can do. "dissect_ldap_message()" will display the error.
- */
- msg_len = length_remaining;
- }
-
- /*
- * Is the message split across segment boundaries?
- */
- if (length_remaining < msg_len) {
- /* provide a hint to TCP where the next PDU starts */
- pinfo->want_pdu_tracking=2;
- pinfo->bytes_until_next_pdu= msg_len - length_remaining;
- /*
- * Can we do reassembly?
- */
- if (ldap_desegment && pinfo->can_desegment) {
- /*
- * Yes. Tell the TCP dissector where the data for this message
- * starts in the data it handed us, and how many more bytes
- * we need, and return.
- */
- pinfo->desegment_offset = offset;
- pinfo->desegment_len = msg_len - length_remaining;
- return;
- }
- }
-
- /*
- * Construct a tvbuff containing the amount of the payload we have
- * available. Make its reported length the amount of data in the
- * LDAP message.
- *
- * XXX - if reassembly isn't enabled. the subdissector will throw a
- * BoundsError exception, rather than a ReportedBoundsError exception.
- * We really want a tvbuff where the length is "length", the reported
- * length is "plen", and the "if the snapshot length were infinite"
- * length is the minimum of the reported length of the tvbuff handed
- * to us and "plen", with a new type of exception thrown if the offset
- * is within the reported length but beyond that third length, with
- * that exception getting the "Unreassembled Packet" error.
- */
- length = length_remaining;
- if (length > msg_len) length = msg_len;
- msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
-
- /*
- * Now dissect the LDAP message.
- */
- if (tree) {
- msg_item = proto_tree_add_text(tree, msg_tvb, 0, msg_len, "LDAP Message");
- msg_tree = proto_item_add_subtree(msg_item, ett_ldap_msg);
- }
-
- /*dissect_ldap_message(msg_tvb, 0, pinfo, msg_tree, msg_item, first_time, ldap_info, is_mscldap);*/
- ldap_info->first_time= first_time;
- ldap_info->is_mscldap = is_mscldap;
- pinfo->private_data = ldap_info;
- dissect_LDAPMessage_PDU(msg_tvb, pinfo, msg_tree);
-
-
- offset += msg_len;
-
- first_time = FALSE;
- }
-}
-
-static void
-dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
-{
- int offset = 0;
- conversation_t *conversation;
- gboolean doing_sasl_security = FALSE;
- guint length_remaining;
- ldap_conv_info_t *ldap_info = NULL;
- proto_item *ldap_item = NULL;
- proto_tree *ldap_tree = NULL;
-
- /*
- * Do we have a conversation for this connection?
- */
- conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
- pinfo->ptype, pinfo->srcport,
- pinfo->destport, 0);
- if (conversation == NULL) {
- /* We don't yet have a conversation, so create one. */
- conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
- pinfo->ptype, pinfo->srcport,
- pinfo->destport, 0);
- }
-
- /*
- * Do we already have a type and mechanism?
- */
- ldap_info = conversation_get_proto_data(conversation, proto_ldap);
- if (ldap_info == NULL) {
- /* No. Attach that information to the conversation, and add
- * it to the list of information structures.
- */
- ldap_info = se_alloc(sizeof(ldap_conv_info_t));
- ldap_info->auth_type = 0;
- ldap_info->auth_mech = 0;
- ldap_info->first_auth_frame = 0;
- ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
- ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
- conversation_add_proto_data(conversation, proto_ldap, ldap_info);
- ldap_info->next = ldap_info_items;
- ldap_info_items = ldap_info;
- }
-
- switch (ldap_info->auth_type) {
- case LDAP_AUTH_SASL:
- /*
- * It's SASL; are we using a security layer?
- */
- if (ldap_info->first_auth_frame != 0 &&
- pinfo->fd->num >= ldap_info->first_auth_frame) {
- doing_sasl_security = TRUE; /* yes */
- }
- }
-
- while (tvb_reported_length_remaining(tvb, offset) > 0) {
-
- /*
- * This will throw an exception if we don't have any data left.
- * That's what we want. (See "tcp_dissect_pdus()", which is
- * similar, but doesn't have to deal with the SASL issues.
- * XXX - can we make "tcp_dissect_pdus()" provide enough information
- * to the "get_pdu_len" routine so that we could have one dealing
- * with the SASL issues, have that routine deal with SASL and
- * ASN.1, and just use "tcp_dissect_pdus()"?)
- */
- length_remaining = tvb_ensure_length_remaining(tvb, offset);
-
- /*
- * Try to find out if we have a plain LDAP buffer
- * with a "Sequence Of" header or a SASL buffer with
- * Can we do reassembly?
- */
- if (ldap_desegment && pinfo->can_desegment) {
- /*
- * Yes - is the "Sequence Of" header split across segment
- * boundaries? We require at least 6 bytes for the header
- * which allows for a 4 byte length (ASN.1 BER).
- * For the SASL case we need at least 4 bytes, so this is
- * no problem here because we check for 6 bytes ans sasl buffers
- * with less than 2 bytes should not exist...
- */
- if (length_remaining < 6) {
- pinfo->desegment_offset = offset;
- pinfo->desegment_len = 6 - length_remaining;
- return;
- }
- }
-
- /* It might still be a packet containing a SASL security layer
- * but its just that we never saw the BIND packet.
- * check if it looks like it could be a SASL blob here
- * and in that case just assume it is GSS-SPNEGO
- */
- if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
- &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
- &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
- ldap_info->auth_type=LDAP_AUTH_SASL;
- ldap_info->first_auth_frame=pinfo->fd->num;
- ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
- doing_sasl_security=TRUE;
- }
-
- /*
- * This is the first PDU, set the Protocol column and clear the
- * Info column.
- */
- if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
- if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
-
- ldap_item = proto_tree_add_item(tree, proto_ldap, tvb, 0, -1, FALSE);
- ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
-
- /*
- * Might we be doing a SASL security layer and, if so, *are* we doing
- * one?
- *
- * Just because we've seen a bind reply for SASL, that doesn't mean
- * that we're using a SASL security layer; I've seen captures in
- * which some SASL negotiations lead to a security layer being used
- * and other negotiations don't, and it's not obvious what's different
- * in the two negotiations. Therefore, we assume that if the first
- * byte is 0, it's a length for a SASL security layer (that way, we
- * never reassemble more than 16 megabytes, protecting us from
- * chewing up *too* much memory), and otherwise that it's an LDAP
- * message (actually, if it's an LDAP message it should begin with 0x30,
- * but we want to parse garbage as LDAP messages rather than really
- * huge lengths).
- */
-
- if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
- proto_item *sasl_item = NULL;
- proto_tree *sasl_tree = NULL;
- tvbuff_t *sasl_tvb;
- guint sasl_len, sasl_msg_len, length;
- /*
- * Yes. The frame begins with a 4-byte big-endian length.
- * And we know we have at least 6 bytes
- */
-
- /*
- * Get the SASL length, which is the length of data in the buffer
- * following the length (i.e., it's 4 less than the total length).
- *
- * XXX - do we need to reassemble buffers? For now, we
- * assume that each LDAP message is entirely contained within
- * a buffer.
- */
- sasl_len = tvb_get_ntohl(tvb, offset);
- sasl_msg_len = sasl_len + 4;
- if (sasl_msg_len < 4) {
- /*
- * The message length was probably so large that the total length
- * overflowed.
- *
- * Report this as an error.
- */
- show_reported_bounds_error(tvb, pinfo, tree);
- return;
- }
-
- /*
- * Is the buffer split across segment boundaries?
- */
- if (length_remaining < sasl_msg_len) {
- /* provide a hint to TCP where the next PDU starts */
- pinfo->want_pdu_tracking = 2;
- pinfo->bytes_until_next_pdu= sasl_msg_len - length_remaining;
- /*
- * Can we do reassembly?
- */
- if (ldap_desegment && pinfo->can_desegment) {
- /*
- * Yes. Tell the TCP dissector where the data for this message
- * starts in the data it handed us, and how many more bytes we
- * need, and return.
- */
- pinfo->desegment_offset = offset;
- pinfo->desegment_len = sasl_msg_len - length_remaining;
- return;
- }
- }
-
- /*
- * Construct a tvbuff containing the amount of the payload we have
- * available. Make its reported length the amount of data in the PDU.
- *
- * XXX - if reassembly isn't enabled. the subdissector will throw a
- * BoundsError exception, rather than a ReportedBoundsError exception.
- * We really want a tvbuff where the length is "length", the reported
- * length is "plen", and the "if the snapshot length were infinite"
- * length is the minimum of the reported length of the tvbuff handed
- * to us and "plen", with a new type of exception thrown if the offset
- * is within the reported length but beyond that third length, with
- * that exception getting the "Unreassembled Packet" error.
- */
- length = length_remaining;
- if (length > sasl_msg_len) length = sasl_msg_len;
- sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
-
- if (ldap_tree) {
- proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
- sasl_len);
-
- sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL buffer");
- sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
- }
-
- if (ldap_info->auth_mech != NULL &&
- strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
- tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
- int ver_len;
- int length;
-
- /*
- * This is GSS-API (using SPNEGO, but we should be done with
- * the negotiation by now).
- *
- * Dissect the GSS_Wrap() token; it'll return the length of
- * the token, from which we compute the offset in the tvbuff at
- * which the plaintext data, i.e. the LDAP message, begins.
- */
- length = tvb_length_remaining(sasl_tvb, 4);
- if ((guint)length > sasl_len)
- length = sasl_len;
- gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
-
- /* Attempt decryption of the GSSAPI wrapped data if possible */
- pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
- pinfo->gssapi_wrap_tvb=NULL;
- pinfo->gssapi_encrypted_tvb=NULL;
- pinfo->gssapi_decrypted_tvb=NULL;
- ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
- /* if we could unwrap, do a tvb shuffle */
- if(pinfo->gssapi_decrypted_tvb){
- decr_tvb=pinfo->gssapi_decrypted_tvb;
- }
- /* tidy up */
- pinfo->decrypt_gssapi_tvb=0;
- pinfo->gssapi_wrap_tvb=NULL;
- pinfo->gssapi_encrypted_tvb=NULL;
- pinfo->gssapi_decrypted_tvb=NULL;
-
- /*
- * if len is 0 it probably mean that we got a PDU that is not
- * aligned to the start of the segment.
- */
- if(ver_len==0){
- return;
- }
-
- /*
- * if we don't have unwrapped data,
- * see if the wrapping involved encryption of the
- * data; if not, just use the plaintext data.
- */
- if (!decr_tvb) {
- if(!pinfo->gssapi_data_encrypted){
- plain_tvb = tvb_new_subset(gssapi_tvb, ver_len, -1, -1);
- }
- }
-
- if (decr_tvb) {
- proto_item *enc_item = NULL;
- proto_tree *enc_tree = NULL;
-
- /*
- * The LDAP message was encrypted in the packet, and has
- * been decrypted; dissect the decrypted LDAP message.
- */
- if (sasl_tree) {
- enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
- "GSS-API Encrypted payload (%d byte%s)",
- sasl_len - ver_len,
- plurality(sasl_len - ver_len, "", "s"));
- enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
- }
- dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap);
- } else if (plain_tvb) {
- proto_item *plain_item = NULL;
- proto_tree *plain_tree = NULL;
-
- /*
- * The LDAP message wasn't encrypted in the packet;
- * dissect the plain LDAP message.
- */
- if (sasl_tree) {
- plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
- "GSS-API payload (%d byte%s)",
- sasl_len - ver_len,
- plurality(sasl_len - ver_len, "", "s"));
- plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
- }
-
- dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap);
- } else {
- /*
- * The LDAP message was encrypted in the packet, and was
- * not decrypted; just show it as encrypted data.
- */
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)",
- sasl_len - ver_len,
- plurality(sasl_len - ver_len, "", "s"));
- }
- if (sasl_tree) {
- proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
- "GSS-API Encrypted payload (%d byte%s)",
- sasl_len - ver_len,
- plurality(sasl_len - ver_len, "", "s"));
- }
- }
- }
- offset += sasl_msg_len;
- } else {
- /* plain LDAP, so dissect the payload */
- dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap);
- /* dissect_ldap_payload() has it's own loop so go out here */
- break;
- }
- }
-}
-static void
-dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
-{
- dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
- return;
-}
-
-static void
-dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
-{
- dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
- return;
-}
-
-
-static void
-ldap_reinit(void)
-{
- ldap_conv_info_t *ldap_info;
-
- /* Free up state attached to the ldap_info structures */
- for (ldap_info = ldap_info_items; ldap_info != NULL; ldap_info = ldap_info->next) {
- if (ldap_info->auth_mech != NULL) {
- g_free(ldap_info->auth_mech);
- ldap_info->auth_mech=NULL;
- }
- g_hash_table_destroy(ldap_info->matched);
- ldap_info->matched=NULL;
- g_hash_table_destroy(ldap_info->unmatched);
- ldap_info->unmatched=NULL;
- }
-
- ldap_info_items = NULL;
-
-}
-/*--- proto_register_ldap -------------------------------------------*/
-void proto_register_ldap(void) {
-
- /* List of fields */
-
- static hf_register_info hf[] = {
-
- { &hf_ldap_sasl_buffer_length,
- { "SASL Buffer Length", "ldap.sasl_buffer_length",
- FT_UINT32, BASE_DEC, NULL, 0x0,
- "SASL Buffer Length", HFILL }},
-
-#include "packet-ldap-hfarr.c"
- };
-
- /* List of subtrees */
- static gint *ett[] = {
- &ett_ldap,
- &ett_ldap_payload,
- &ett_ldap_sasl_blob,
- &ett_ldap_msg,
-
-#include "packet-ldap-ettarr.c"
- };
-
- module_t *ldap_module;
-
- /* Register protocol */
- proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
- /* Register fields and subtrees */
- proto_register_field_array(proto_ldap, hf, array_length(hf));
- proto_register_subtree_array(ett, array_length(ett));
-
-
- register_dissector("ldap", dissect_ldap, proto_ldap);
-
- ldap_module = prefs_register_protocol(proto_ldap, NULL);
- prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
- "Reassemble LDAP messages spanning multiple TCP segments",
- "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
- " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
- &ldap_desegment);
-
- proto_cldap = proto_register_protocol(
- "Connectionless Lightweight Directory Access Protocol",
- "CLDAP", "cldap");
-
- register_init_routine(ldap_reinit);
- ldap_tap=register_tap("ldap");
-
-}
-
-
-/*--- proto_reg_handoff_ldap ---------------------------------------*/
-void
-proto_reg_handoff_ldap(void)
-{
- dissector_handle_t ldap_handle, cldap_handle;
- ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);
- dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);
- dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
-
- cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
- dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);
-
- gssapi_handle = find_dissector("gssapi");
- gssapi_wrap_handle = find_dissector("gssapi_verf");
-
-
-
-}
-
-
+/* packet-ldap.c
+ * Routines for ldap packet dissection
+ *
+ * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL).
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*
+ * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
+ * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
+ * It's also missing extensible search filters.
+ *
+ * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
+ * and correct packet.
+ *
+ * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
+ * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
+ * I can do.
+ *
+ * Doug Nazar
+ * nazard@dragoninc.on.ca
+ */
+
+/*
+ * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the
+ * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2
+ * TCP segments.
+ *
+ * Ronald W. Henderson
+ * ronald.henderson@cognicaseusa.com
+ */
+
+/*
+ * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC
+ * using information from the SNIA 2003 conference paper :
+ * Active Directory Domain Controller Location Service
+ * by Anthony Liguori
+ * ronnie sahlberg
+ */
+
+/*
+ * 17-DEC-2004 - added basic decoding for LDAP Controls
+ * 20-DEC-2004 - added handling for GSS-API encrypted blobs
+ *
+ * Stefan Metzmacher <metze@samba.org>
+ *
+ * 15-NOV-2005 - Changed to use the asn2eth compiler
+ * Anders Broman <anders.broman@ericsson.com>
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#include <glib.h>
+
+#include <epan/packet.h>
+#include <epan/conversation.h>
+#include <epan/prefs.h>
+#include <epan/conversation.h>
+#include <epan/tap.h>
+#include <epan/emem.h>
+
+#include "packet-frame.h"
+#include "packet-ldap.h"
+
+#include "packet-ber.h"
+#include "packet-per.h"
+
+#define PNAME "Lightweight-Directory-Access-Protocol"
+#define PSNAME "LDAP"
+#define PFNAME "ldap"
+
+
+
+static dissector_handle_t ldap_handle=NULL;
+
+/* Initialize the protocol and registered fields */
+static int ldap_tap = -1;
+static int proto_ldap = -1;
+static int proto_cldap = -1;
+
+static int hf_ldap_sasl_buffer_length = -1;
+
+#include "packet-ldap-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_ldap = -1;
+static gint ett_ldap_msg = -1;
+static gint ett_ldap_sasl_blob = -1;
+static guint ett_ldap_payload = -1;
+
+#include "packet-ldap-ett.c"
+
+/* desegmentation of LDAP */
+static gboolean ldap_desegment = TRUE;
+
+#define TCP_PORT_LDAP 389
+#define UDP_PORT_CLDAP 389
+#define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */
+
+static dissector_handle_t gssapi_handle;
+static dissector_handle_t gssapi_wrap_handle;
+
+
+/* different types of rpc calls ontop of ms cldap */
+#define MSCLDAP_RPC_NETLOGON 1
+
+
+/*
+ * Data structure attached to a conversation, giving authentication
+ * information from a bind request.
+ * We keep a linked list of them, so that we can free up all the
+ * authentication mechanism strings.
+ */
+typedef struct ldap_conv_info_t {
+ struct ldap_conv_info_t *next;
+ guint auth_type; /* authentication type */
+ char *auth_mech; /* authentication mechanism */
+ guint32 first_auth_frame; /* first frame that would use a security layer */
+ GHashTable *unmatched;
+ GHashTable *matched;
+ gboolean is_mscldap;
+ gboolean first_time;
+} ldap_conv_info_t;
+static ldap_conv_info_t *ldap_info_items;
+
+static guint
+ldap_info_hash_matched(gconstpointer k)
+{
+ const ldap_call_response_t *key = k;
+
+ return key->messageId;
+}
+
+static gint
+ldap_info_equal_matched(gconstpointer k1, gconstpointer k2)
+{
+ const ldap_call_response_t *key1 = k1;
+ const ldap_call_response_t *key2 = k2;
+
+ if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){
+ return 0;
+ }
+ if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){
+ return 0;
+ }
+
+ return key1->messageId==key2->messageId;
+}
+
+static guint
+ldap_info_hash_unmatched(gconstpointer k)
+{
+ const ldap_call_response_t *key = k;
+
+ return key->messageId;
+}
+
+static gint
+ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
+{
+ const ldap_call_response_t *key1 = k1;
+ const ldap_call_response_t *key2 = k2;
+
+ return key1->messageId==key2->messageId;
+}
+
+/* Global variables */
+guint32 MessageID;
+guint32 AuthenticationChoice;
+
+#include "packet-ldap-fn.c"
+
+static void
+dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo,
+ proto_tree *tree, ldap_conv_info_t *ldap_info,
+ gboolean rest_is_pad, gboolean is_mscldap)
+{
+ int offset = 0;
+ gboolean first_time = TRUE;
+ guint length_remaining;
+ guint msg_len = 0;
+ int messageOffset = 0;
+ guint headerLength = 0;
+ guint length = 0;
+ tvbuff_t *msg_tvb = NULL;
+ proto_item *msg_item = NULL;
+ proto_tree *msg_tree = NULL;
+ gint8 class;
+ gboolean pc, ind = 0;
+ gint32 ber_tag;
+
+ while (tvb_reported_length_remaining(tvb, offset) > 0) {
+ /*
+ * This will throw an exception if we don't have any data left.
+ * That's what we want. (See "tcp_dissect_pdus()", which is
+ * similar)
+ */
+ length_remaining = tvb_ensure_length_remaining(tvb, offset);
+
+ if (rest_is_pad && length_remaining < 6) return;
+
+ /*
+ * The frame begins
+ * with a "Sequence Of" header.
+ * Can we do reassembly?
+ */
+ if (ldap_desegment && pinfo->can_desegment) {
+ /*
+ * Yes - is the "Sequence Of" header split across segment
+ * boundaries? We require at least 6 bytes for the header
+ * which allows for a 4 byte length (ASN.1 BER).
+ */
+ if (length_remaining < 6) {
+ /* stop if the caller says that we are given all data and the rest is padding
+ * this is for the SASL GSSAPI case when the data is only signed and not sealed
+ */
+ pinfo->desegment_offset = offset;
+ pinfo->desegment_len = 6 - length_remaining;
+ return;
+ }
+ }
+
+ /*
+ * OK, try to read the "Sequence Of" header; this gets the total
+ * length of the LDAP message.
+ */
+ messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag);
+ messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind);
+
+ if (ber_tag == BER_UNI_TAG_SEQUENCE) {
+ /*
+ * Add the length of the "Sequence Of" header to the message
+ * length.
+ */
+ headerLength = messageOffset - offset;
+ msg_len += headerLength;
+ if (msg_len < headerLength) {
+ /*
+ * The message length was probably so large that the total length
+ * overflowed.
+ *
+ * Report this as an error.
+ */
+ show_reported_bounds_error(tvb, pinfo, tree);
+ return;
+ }
+ } else {
+ /*
+ * We couldn't parse the header; just make it the amount of data
+ * remaining in the tvbuff, so we'll give up on this segment
+ * after attempting to parse the message - there's nothing more
+ * we can do. "dissect_ldap_message()" will display the error.
+ */
+ msg_len = length_remaining;
+ }
+
+ /*
+ * Is the message split across segment boundaries?
+ */
+ if (length_remaining < msg_len) {
+ /* provide a hint to TCP where the next PDU starts */
+ pinfo->want_pdu_tracking=2;
+ pinfo->bytes_until_next_pdu= msg_len - length_remaining;
+ /*
+ * Can we do reassembly?
+ */
+ if (ldap_desegment && pinfo->can_desegment) {
+ /*
+ * Yes. Tell the TCP dissector where the data for this message
+ * starts in the data it handed us, and how many more bytes
+ * we need, and return.
+ */
+ pinfo->desegment_offset = offset;
+ pinfo->desegment_len = msg_len - length_remaining;
+ return;
+ }
+ }
+
+ /*
+ * Construct a tvbuff containing the amount of the payload we have
+ * available. Make its reported length the amount of data in the
+ * LDAP message.
+ *
+ * XXX - if reassembly isn't enabled. the subdissector will throw a
+ * BoundsError exception, rather than a ReportedBoundsError exception.
+ * We really want a tvbuff where the length is "length", the reported
+ * length is "plen", and the "if the snapshot length were infinite"
+ * length is the minimum of the reported length of the tvbuff handed
+ * to us and "plen", with a new type of exception thrown if the offset
+ * is within the reported length but beyond that third length, with
+ * that exception getting the "Unreassembled Packet" error.
+ */
+ length = length_remaining;
+ if (length > msg_len) length = msg_len;
+ msg_tvb = tvb_new_subset(tvb, offset, length, msg_len);
+
+ /*
+ * Now dissect the LDAP message.
+ */
+ if (tree) {
+ msg_item = proto_tree_add_text(tree, msg_tvb, 0, msg_len, "LDAP Message");
+ msg_tree = proto_item_add_subtree(msg_item, ett_ldap_msg);
+ }
+
+ /*dissect_ldap_message(msg_tvb, 0, pinfo, msg_tree, msg_item, first_time, ldap_info, is_mscldap);*/
+ ldap_info->first_time= first_time;
+ ldap_info->is_mscldap = is_mscldap;
+ pinfo->private_data = ldap_info;
+ dissect_LDAPMessage_PDU(msg_tvb, pinfo, msg_tree);
+
+
+ offset += msg_len;
+
+ first_time = FALSE;
+ }
+}
+
+static void
+dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap)
+{
+ int offset = 0;
+ conversation_t *conversation;
+ gboolean doing_sasl_security = FALSE;
+ guint length_remaining;
+ ldap_conv_info_t *ldap_info = NULL;
+ proto_item *ldap_item = NULL;
+ proto_tree *ldap_tree = NULL;
+
+ /*
+ * Do we have a conversation for this connection?
+ */
+ conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
+ pinfo->ptype, pinfo->srcport,
+ pinfo->destport, 0);
+ if (conversation == NULL) {
+ /* We don't yet have a conversation, so create one. */
+ conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
+ pinfo->ptype, pinfo->srcport,
+ pinfo->destport, 0);
+ }
+
+ /*
+ * Do we already have a type and mechanism?
+ */
+ ldap_info = conversation_get_proto_data(conversation, proto_ldap);
+ if (ldap_info == NULL) {
+ /* No. Attach that information to the conversation, and add
+ * it to the list of information structures.
+ */
+ ldap_info = se_alloc(sizeof(ldap_conv_info_t));
+ ldap_info->auth_type = 0;
+ ldap_info->auth_mech = 0;
+ ldap_info->first_auth_frame = 0;
+ ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched);
+ ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched);
+ conversation_add_proto_data(conversation, proto_ldap, ldap_info);
+ ldap_info->next = ldap_info_items;
+ ldap_info_items = ldap_info;
+ }
+
+ switch (ldap_info->auth_type) {
+ case LDAP_AUTH_SASL:
+ /*
+ * It's SASL; are we using a security layer?
+ */
+ if (ldap_info->first_auth_frame != 0 &&
+ pinfo->fd->num >= ldap_info->first_auth_frame) {
+ doing_sasl_security = TRUE; /* yes */
+ }
+ }
+
+ while (tvb_reported_length_remaining(tvb, offset) > 0) {
+
+ /*
+ * This will throw an exception if we don't have any data left.
+ * That's what we want. (See "tcp_dissect_pdus()", which is
+ * similar, but doesn't have to deal with the SASL issues.
+ * XXX - can we make "tcp_dissect_pdus()" provide enough information
+ * to the "get_pdu_len" routine so that we could have one dealing
+ * with the SASL issues, have that routine deal with SASL and
+ * ASN.1, and just use "tcp_dissect_pdus()"?)
+ */
+ length_remaining = tvb_ensure_length_remaining(tvb, offset);
+
+ /*
+ * Try to find out if we have a plain LDAP buffer
+ * with a "Sequence Of" header or a SASL buffer with
+ * Can we do reassembly?
+ */
+ if (ldap_desegment && pinfo->can_desegment) {
+ /*
+ * Yes - is the "Sequence Of" header split across segment
+ * boundaries? We require at least 6 bytes for the header
+ * which allows for a 4 byte length (ASN.1 BER).
+ * For the SASL case we need at least 4 bytes, so this is
+ * no problem here because we check for 6 bytes ans sasl buffers
+ * with less than 2 bytes should not exist...
+ */
+ if (length_remaining < 6) {
+ pinfo->desegment_offset = offset;
+ pinfo->desegment_len = 6 - length_remaining;
+ return;
+ }
+ }
+
+ /* It might still be a packet containing a SASL security layer
+ * but its just that we never saw the BIND packet.
+ * check if it looks like it could be a SASL blob here
+ * and in that case just assume it is GSS-SPNEGO
+ */
+ if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5))
+ &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4))
+ &&(tvb_get_guint8(tvb, offset+4)==0x60) ){
+ ldap_info->auth_type=LDAP_AUTH_SASL;
+ ldap_info->first_auth_frame=pinfo->fd->num;
+ ldap_info->auth_mech=g_strdup("GSS-SPNEGO");
+ doing_sasl_security=TRUE;
+ }
+
+ /*
+ * This is the first PDU, set the Protocol column and clear the
+ * Info column.
+ */
+ if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
+ if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
+
+ ldap_item = proto_tree_add_item(tree, proto_ldap, tvb, 0, -1, FALSE);
+ ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
+
+ /*
+ * Might we be doing a SASL security layer and, if so, *are* we doing
+ * one?
+ *
+ * Just because we've seen a bind reply for SASL, that doesn't mean
+ * that we're using a SASL security layer; I've seen captures in
+ * which some SASL negotiations lead to a security layer being used
+ * and other negotiations don't, and it's not obvious what's different
+ * in the two negotiations. Therefore, we assume that if the first
+ * byte is 0, it's a length for a SASL security layer (that way, we
+ * never reassemble more than 16 megabytes, protecting us from
+ * chewing up *too* much memory), and otherwise that it's an LDAP
+ * message (actually, if it's an LDAP message it should begin with 0x30,
+ * but we want to parse garbage as LDAP messages rather than really
+ * huge lengths).
+ */
+
+ if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) {
+ proto_item *sasl_item = NULL;
+ proto_tree *sasl_tree = NULL;
+ tvbuff_t *sasl_tvb;
+ guint sasl_len, sasl_msg_len, length;
+ /*
+ * Yes. The frame begins with a 4-byte big-endian length.
+ * And we know we have at least 6 bytes
+ */
+
+ /*
+ * Get the SASL length, which is the length of data in the buffer
+ * following the length (i.e., it's 4 less than the total length).
+ *
+ * XXX - do we need to reassemble buffers? For now, we
+ * assume that each LDAP message is entirely contained within
+ * a buffer.
+ */
+ sasl_len = tvb_get_ntohl(tvb, offset);
+ sasl_msg_len = sasl_len + 4;
+ if (sasl_msg_len < 4) {
+ /*
+ * The message length was probably so large that the total length
+ * overflowed.
+ *
+ * Report this as an error.
+ */
+ show_reported_bounds_error(tvb, pinfo, tree);
+ return;
+ }
+
+ /*
+ * Is the buffer split across segment boundaries?
+ */
+ if (length_remaining < sasl_msg_len) {
+ /* provide a hint to TCP where the next PDU starts */
+ pinfo->want_pdu_tracking = 2;
+ pinfo->bytes_until_next_pdu= sasl_msg_len - length_remaining;
+ /*
+ * Can we do reassembly?
+ */
+ if (ldap_desegment && pinfo->can_desegment) {
+ /*
+ * Yes. Tell the TCP dissector where the data for this message
+ * starts in the data it handed us, and how many more bytes we
+ * need, and return.
+ */
+ pinfo->desegment_offset = offset;
+ pinfo->desegment_len = sasl_msg_len - length_remaining;
+ return;
+ }
+ }
+
+ /*
+ * Construct a tvbuff containing the amount of the payload we have
+ * available. Make its reported length the amount of data in the PDU.
+ *
+ * XXX - if reassembly isn't enabled. the subdissector will throw a
+ * BoundsError exception, rather than a ReportedBoundsError exception.
+ * We really want a tvbuff where the length is "length", the reported
+ * length is "plen", and the "if the snapshot length were infinite"
+ * length is the minimum of the reported length of the tvbuff handed
+ * to us and "plen", with a new type of exception thrown if the offset
+ * is within the reported length but beyond that third length, with
+ * that exception getting the "Unreassembled Packet" error.
+ */
+ length = length_remaining;
+ if (length > sasl_msg_len) length = sasl_msg_len;
+ sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len);
+
+ if (ldap_tree) {
+ proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4,
+ sasl_len);
+
+ sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL buffer");
+ sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob);
+ }
+
+ if (ldap_info->auth_mech != NULL &&
+ strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
+ tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL;
+ int ver_len;
+ int length;
+
+ /*
+ * This is GSS-API (using SPNEGO, but we should be done with
+ * the negotiation by now).
+ *
+ * Dissect the GSS_Wrap() token; it'll return the length of
+ * the token, from which we compute the offset in the tvbuff at
+ * which the plaintext data, i.e. the LDAP message, begins.
+ */
+ length = tvb_length_remaining(sasl_tvb, 4);
+ if ((guint)length > sasl_len)
+ length = sasl_len;
+ gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len);
+
+ /* Attempt decryption of the GSSAPI wrapped data if possible */
+ pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
+ pinfo->gssapi_wrap_tvb=NULL;
+ pinfo->gssapi_encrypted_tvb=NULL;
+ pinfo->gssapi_decrypted_tvb=NULL;
+ ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree);
+ /* if we could unwrap, do a tvb shuffle */
+ if(pinfo->gssapi_decrypted_tvb){
+ decr_tvb=pinfo->gssapi_decrypted_tvb;
+ }
+ /* tidy up */
+ pinfo->decrypt_gssapi_tvb=0;
+ pinfo->gssapi_wrap_tvb=NULL;
+ pinfo->gssapi_encrypted_tvb=NULL;
+ pinfo->gssapi_decrypted_tvb=NULL;
+
+ /*
+ * if len is 0 it probably mean that we got a PDU that is not
+ * aligned to the start of the segment.
+ */
+ if(ver_len==0){
+ return;
+ }
+
+ /*
+ * if we don't have unwrapped data,
+ * see if the wrapping involved encryption of the
+ * data; if not, just use the plaintext data.
+ */
+ if (!decr_tvb) {
+ if(!pinfo->gssapi_data_encrypted){
+ plain_tvb = tvb_new_subset(gssapi_tvb, ver_len, -1, -1);
+ }
+ }
+
+ if (decr_tvb) {
+ proto_item *enc_item = NULL;
+ proto_tree *enc_tree = NULL;
+
+ /*
+ * The LDAP message was encrypted in the packet, and has
+ * been decrypted; dissect the decrypted LDAP message.
+ */
+ if (sasl_tree) {
+ enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+ "GSS-API Encrypted payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload);
+ }
+ dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap);
+ } else if (plain_tvb) {
+ proto_item *plain_item = NULL;
+ proto_tree *plain_tree = NULL;
+
+ /*
+ * The LDAP message wasn't encrypted in the packet;
+ * dissect the plain LDAP message.
+ */
+ if (sasl_tree) {
+ plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+ "GSS-API payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload);
+ }
+
+ dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap);
+ } else {
+ /*
+ * The LDAP message was encrypted in the packet, and was
+ * not decrypted; just show it as encrypted data.
+ */
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ }
+ if (sasl_tree) {
+ proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1,
+ "GSS-API Encrypted payload (%d byte%s)",
+ sasl_len - ver_len,
+ plurality(sasl_len - ver_len, "", "s"));
+ }
+ }
+ }
+ offset += sasl_msg_len;
+ } else {
+ /* plain LDAP, so dissect the payload */
+ dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap);
+ /* dissect_ldap_payload() has it's own loop so go out here */
+ break;
+ }
+ }
+}
+static void
+dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ dissect_ldap_pdu(tvb, pinfo, tree, FALSE);
+ return;
+}
+
+static void
+dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ dissect_ldap_pdu(tvb, pinfo, tree, TRUE);
+ return;
+}
+
+
+static void
+ldap_reinit(void)
+{
+ ldap_conv_info_t *ldap_info;
+
+ /* Free up state attached to the ldap_info structures */
+ for (ldap_info = ldap_info_items; ldap_info != NULL; ldap_info = ldap_info->next) {
+ if (ldap_info->auth_mech != NULL) {
+ g_free(ldap_info->auth_mech);
+ ldap_info->auth_mech=NULL;
+ }
+ g_hash_table_destroy(ldap_info->matched);
+ ldap_info->matched=NULL;
+ g_hash_table_destroy(ldap_info->unmatched);
+ ldap_info->unmatched=NULL;
+ }
+
+ ldap_info_items = NULL;
+
+}
+/*--- proto_register_ldap -------------------------------------------*/
+void proto_register_ldap(void) {
+
+ /* List of fields */
+
+ static hf_register_info hf[] = {
+
+ { &hf_ldap_sasl_buffer_length,
+ { "SASL Buffer Length", "ldap.sasl_buffer_length",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ "SASL Buffer Length", HFILL }},
+
+#include "packet-ldap-hfarr.c"
+ };
+
+ /* List of subtrees */
+ static gint *ett[] = {
+ &ett_ldap,
+ &ett_ldap_payload,
+ &ett_ldap_sasl_blob,
+ &ett_ldap_msg,
+
+#include "packet-ldap-ettarr.c"
+ };
+
+ module_t *ldap_module;
+
+ /* Register protocol */
+ proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME);
+ /* Register fields and subtrees */
+ proto_register_field_array(proto_ldap, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+
+
+ register_dissector("ldap", dissect_ldap, proto_ldap);
+
+ ldap_module = prefs_register_protocol(proto_ldap, NULL);
+ prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
+ "Reassemble LDAP messages spanning multiple TCP segments",
+ "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
+ " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
+ &ldap_desegment);
+
+ proto_cldap = proto_register_protocol(
+ "Connectionless Lightweight Directory Access Protocol",
+ "CLDAP", "cldap");
+
+ register_init_routine(ldap_reinit);
+ ldap_tap=register_tap("ldap");
+
+}
+
+
+/*--- proto_reg_handoff_ldap ---------------------------------------*/
+void
+proto_reg_handoff_ldap(void)
+{
+ dissector_handle_t ldap_handle, cldap_handle;
+ ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap);
+ dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle);
+ dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
+
+ cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
+ dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);
+
+ gssapi_handle = find_dissector("gssapi");
+ gssapi_wrap_handle = find_dissector("gssapi_verf");
+
+
+
+}
+
+
diff --git a/asn1/ldap/packet-ldap-template.h b/asn1/ldap/packet-ldap-template.h
index 79becfafd1..e36d27e4fe 100755..100644
--- a/asn1/ldap/packet-ldap-template.h
+++ b/asn1/ldap/packet-ldap-template.h
@@ -1,94 +1,94 @@
-/* packet-ldap.h
- * Routines for ros packet dissection
- * Copyright 2005, Anders Broman <anders.broman@ericsson.com>
- *
- * $Id: packet-ros-template.h 12203 2004-10-05 09:18:55Z guy $
- *
- * Ethereal - Network traffic analyzer
- * By Gerald Combs <gerald@ethereal.com>
- * Copyright 1998 Gerald Combs
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- */
-
-#ifndef __PACKET_LDAP_H__
-#define __PACKET_LDAP_H__
-
-/*
- * These are all APPLICATION types; the value is the type tag.
- */
-#define LDAP_REQ_BIND 0
-#define LDAP_REQ_UNBIND 2
-#define LDAP_REQ_SEARCH 3
-#define LDAP_REQ_MODIFY 6
-#define LDAP_REQ_ADD 8
-#define LDAP_REQ_DELETE 10
-#define LDAP_REQ_MODRDN 12
-#define LDAP_REQ_COMPARE 14
-#define LDAP_REQ_ABANDON 16
-#define LDAP_REQ_EXTENDED 23 /* LDAP V3 only */
-
-#define LDAP_RES_BIND 1
-#define LDAP_RES_SEARCH_ENTRY 4
-#define LDAP_RES_SEARCH_REF 19 /* LDAP V3 only */
-#define LDAP_RES_SEARCH_RESULT 5
-#define LDAP_RES_MODIFY 7
-#define LDAP_RES_ADD 9
-#define LDAP_RES_DELETE 11
-#define LDAP_RES_MODRDN 13
-#define LDAP_RES_COMPARE 15
-#define LDAP_RES_EXTENDED 24 /* LDAP V3 only */
-
-/*
- * These are all CONTEXT types; the value is the type tag.
- */
-
-/* authentication type tags */
-#define LDAP_AUTH_SIMPLE 0
-#define LDAP_AUTH_KRBV4LDAP 1 /* LDAP V2 only */
-#define LDAP_AUTH_KRBV4DSA 2 /* LDAP V2 only */
-#define LDAP_AUTH_SASL 3 /* LDAP V3 only */
-
-/* filter type tags */
-#define LDAP_FILTER_AND 0
-#define LDAP_FILTER_OR 1
-#define LDAP_FILTER_NOT 2
-#define LDAP_FILTER_EQUALITY 3
-#define LDAP_FILTER_SUBSTRINGS 4
-#define LDAP_FILTER_GE 5
-#define LDAP_FILTER_LE 6
-#define LDAP_FILTER_PRESENT 7
-#define LDAP_FILTER_APPROX 8
-#define LDAP_FILTER_EXTENSIBLE 9 /* LDAP V3 only */
-
-#define LDAP_MOD_ADD 0
-#define LDAP_MOD_DELETE 1
-#define LDAP_MOD_REPLACE 2
-
-typedef struct ldap_call_response {
- gboolean is_request;
- guint32 req_frame;
- nstime_t req_time;
- guint32 rep_frame;
- guint messageId;
- guint protocolOpTag;
-} ldap_call_response_t;
-
-
-/*#include "packet-ldap-exp.h" */
-
-#endif /* PACKET_LDAP_H */
-
-
+/* packet-ldap.h
+ * Routines for ros packet dissection
+ * Copyright 2005, Anders Broman <anders.broman@ericsson.com>
+ *
+ * $Id$
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifndef __PACKET_LDAP_H__
+#define __PACKET_LDAP_H__
+
+/*
+ * These are all APPLICATION types; the value is the type tag.
+ */
+#define LDAP_REQ_BIND 0
+#define LDAP_REQ_UNBIND 2
+#define LDAP_REQ_SEARCH 3
+#define LDAP_REQ_MODIFY 6
+#define LDAP_REQ_ADD 8
+#define LDAP_REQ_DELETE 10
+#define LDAP_REQ_MODRDN 12
+#define LDAP_REQ_COMPARE 14
+#define LDAP_REQ_ABANDON 16
+#define LDAP_REQ_EXTENDED 23 /* LDAP V3 only */
+
+#define LDAP_RES_BIND 1
+#define LDAP_RES_SEARCH_ENTRY 4
+#define LDAP_RES_SEARCH_REF 19 /* LDAP V3 only */
+#define LDAP_RES_SEARCH_RESULT 5
+#define LDAP_RES_MODIFY 7
+#define LDAP_RES_ADD 9
+#define LDAP_RES_DELETE 11
+#define LDAP_RES_MODRDN 13
+#define LDAP_RES_COMPARE 15
+#define LDAP_RES_EXTENDED 24 /* LDAP V3 only */
+
+/*
+ * These are all CONTEXT types; the value is the type tag.
+ */
+
+/* authentication type tags */
+#define LDAP_AUTH_SIMPLE 0
+#define LDAP_AUTH_KRBV4LDAP 1 /* LDAP V2 only */
+#define LDAP_AUTH_KRBV4DSA 2 /* LDAP V2 only */
+#define LDAP_AUTH_SASL 3 /* LDAP V3 only */
+
+/* filter type tags */
+#define LDAP_FILTER_AND 0
+#define LDAP_FILTER_OR 1
+#define LDAP_FILTER_NOT 2
+#define LDAP_FILTER_EQUALITY 3
+#define LDAP_FILTER_SUBSTRINGS 4
+#define LDAP_FILTER_GE 5
+#define LDAP_FILTER_LE 6
+#define LDAP_FILTER_PRESENT 7
+#define LDAP_FILTER_APPROX 8
+#define LDAP_FILTER_EXTENSIBLE 9 /* LDAP V3 only */
+
+#define LDAP_MOD_ADD 0
+#define LDAP_MOD_DELETE 1
+#define LDAP_MOD_REPLACE 2
+
+typedef struct ldap_call_response {
+ gboolean is_request;
+ guint32 req_frame;
+ nstime_t req_time;
+ guint32 rep_frame;
+ guint messageId;
+ guint protocolOpTag;
+} ldap_call_response_t;
+
+
+/*#include "packet-ldap-exp.h" */
+
+#endif /* PACKET_LDAP_H */
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-26 16:57:43 +0000