From 50d94b2f95fab2efdae8bc3e3fa4014806b10cb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Mayer?= Date: Fri, 9 Dec 2005 16:46:24 +0000 Subject: Add missing propset ... svn path=/trunk/; revision=16749 --- .../Lightweight-Directory-Access-Protocol-V3.asn | 168 +-- ...ghtweight-Directory-Access-Protocol-V3.asn.orig | 168 +-- asn1/ldap/Makefile.nmake | 84 +- asn1/ldap/ldap.cnf | 76 +- asn1/ldap/packet-ldap-template.c | 1540 ++++++++++---------- asn1/ldap/packet-ldap-template.h | 188 +-- 6 files changed, 1112 insertions(+), 1112 deletions(-) mode change 100755 => 100644 asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn mode change 100755 => 100644 asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig mode change 100755 => 100644 asn1/ldap/Makefile.nmake mode change 100755 => 100644 asn1/ldap/ldap.cnf mode change 100755 => 100644 asn1/ldap/packet-ldap-template.c mode change 100755 => 100644 asn1/ldap/packet-ldap-template.h (limited to 'asn1/ldap') diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn old mode 100755 new mode 100644 index e85cb4fe5e..51709b9032 --- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn +++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn @@ -117,9 +117,9 @@ Control ::= SEQUENCE { criticality BOOLEAN DEFAULT FALSE, controlValue OCTET STRING OPTIONAL } - + ControlType ::= LDAPOID - + BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER(1..127), name LDAPDN, @@ -135,53 +135,53 @@ AuthenticationChoice ::= CHOICE { SaslCredentials ::= SEQUENCE { mechanism Mechanism, credentials OCTET STRING OPTIONAL -} - +} + Mechanism ::= LDAPString BindResponse ::= [APPLICATION 1] SEQUENCE { --- COMPONENTS OF LDAPResult, - resultCode - ENUMERATED {success(0), operationsError(1), protocolError(2), - timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), - compareTrue(6), authMethodNotSupported(7), - strongAuthRequired(8), - -- 9 reserved - referral(10),-- new-- adminLimitExceeded(11),-- new-- - unavailableCriticalExtension(12),-- new-- - confidentialityRequired(13),-- new-- - saslBindInProgress(14),-- new-- noSuchAttribute(16), - undefinedAttributeType(17), inappropriateMatching(18), - constraintViolation(19), attributeOrValueExists(20), - invalidAttributeSyntax(21), - -- 22-31 unused - noSuchObject(32), aliasProblem(33), - invalidDNSyntax(34), - -- 35 reserved for undefined isLeaf - aliasDereferencingProblem(36), - -- 37-47 unused - inappropriateAuthentication(48), invalidCredentials(49), - insufficientAccessRights(50), busy(51), unavailable(52), - unwillingToPerform(53), - loopDetect(54), - -- 55-63 unused - namingViolation(64), objectClassViolation(65), - notAllowedOnNonLeaf(66), notAllowedOnRDN(67), - entryAlreadyExists(68), - objectClassModsProhibited(69), - -- 70 reserved for CLDAP - affectsMultipleDSAs(71),-- new-- - -- 72-79 unused - other(80)}, - -- 81-90 reserved for APIs - matchedDN LDAPDN, - errorMessage ErrorMessage, - referral [3] Referral OPTIONAL, - +-- COMPONENTS OF LDAPResult, + resultCode + ENUMERATED {success(0), operationsError(1), protocolError(2), + timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), + compareTrue(6), authMethodNotSupported(7), + strongAuthRequired(8), + -- 9 reserved + referral(10),-- new-- adminLimitExceeded(11),-- new-- + unavailableCriticalExtension(12),-- new-- + confidentialityRequired(13),-- new-- + saslBindInProgress(14),-- new-- noSuchAttribute(16), + undefinedAttributeType(17), inappropriateMatching(18), + constraintViolation(19), attributeOrValueExists(20), + invalidAttributeSyntax(21), + -- 22-31 unused + noSuchObject(32), aliasProblem(33), + invalidDNSyntax(34), + -- 35 reserved for undefined isLeaf + aliasDereferencingProblem(36), + -- 37-47 unused + inappropriateAuthentication(48), invalidCredentials(49), + insufficientAccessRights(50), busy(51), unavailable(52), + unwillingToPerform(53), + loopDetect(54), + -- 55-63 unused + namingViolation(64), objectClassViolation(65), + notAllowedOnNonLeaf(66), notAllowedOnRDN(67), + entryAlreadyExists(68), + objectClassModsProhibited(69), + -- 70 reserved for CLDAP + affectsMultipleDSAs(71),-- new-- + -- 72-79 unused + other(80)}, + -- 81-90 reserved for APIs + matchedDN LDAPDN, + errorMessage ErrorMessage, + referral [3] Referral OPTIONAL, + -- end of components serverSaslCreds [7] OCTET STRING OPTIONAL -} - +} + ErrorMessage ::= LDAPString UnbindRequest ::= [APPLICATION 2] NULL @@ -232,7 +232,7 @@ MatchingRuleAssertion ::= SEQUENCE { SearchResultEntry ::= [APPLICATION 4] SEQUENCE { objectName LDAPDN, attributes PartialAttributeList -} +} PartialAttributeList ::= SEQUENCE OF SEQUENCE {type AttributeDescription, @@ -297,47 +297,47 @@ ExtendedRequest ::= [APPLICATION 23] SEQUENCE { ExtendedResponse ::= [APPLICATION 24] SEQUENCE { -- COMPONENTS OF LDAPResult, - resultCode - ENUMERATED {success(0), operationsError(1), protocolError(2), - timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), - compareTrue(6), authMethodNotSupported(7), - strongAuthRequired(8), - -- 9 reserved - referral(10),-- new-- adminLimitExceeded(11),-- new-- - unavailableCriticalExtension(12),-- new-- - confidentialityRequired(13),-- new-- - saslBindInProgress(14),-- new-- noSuchAttribute(16), - undefinedAttributeType(17), inappropriateMatching(18), - constraintViolation(19), attributeOrValueExists(20), - invalidAttributeSyntax(21), - -- 22-31 unused - noSuchObject(32), aliasProblem(33), - invalidDNSyntax(34), - -- 35 reserved for undefined isLeaf - aliasDereferencingProblem(36), - -- 37-47 unused - inappropriateAuthentication(48), invalidCredentials(49), - insufficientAccessRights(50), busy(51), unavailable(52), - unwillingToPerform(53), - loopDetect(54), - -- 55-63 unused - namingViolation(64), objectClassViolation(65), - notAllowedOnNonLeaf(66), notAllowedOnRDN(67), - entryAlreadyExists(68), - objectClassModsProhibited(69), - -- 70 reserved for CLDAP - affectsMultipleDSAs(71),-- new-- - -- 72-79 unused - other(80)}, - -- 81-90 reserved for APIs - matchedDN LDAPDN, - errorMessage ErrorMessage, - referral [3] Referral OPTIONAL, --- end of COMPONENTS + resultCode + ENUMERATED {success(0), operationsError(1), protocolError(2), + timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), + compareTrue(6), authMethodNotSupported(7), + strongAuthRequired(8), + -- 9 reserved + referral(10),-- new-- adminLimitExceeded(11),-- new-- + unavailableCriticalExtension(12),-- new-- + confidentialityRequired(13),-- new-- + saslBindInProgress(14),-- new-- noSuchAttribute(16), + undefinedAttributeType(17), inappropriateMatching(18), + constraintViolation(19), attributeOrValueExists(20), + invalidAttributeSyntax(21), + -- 22-31 unused + noSuchObject(32), aliasProblem(33), + invalidDNSyntax(34), + -- 35 reserved for undefined isLeaf + aliasDereferencingProblem(36), + -- 37-47 unused + inappropriateAuthentication(48), invalidCredentials(49), + insufficientAccessRights(50), busy(51), unavailable(52), + unwillingToPerform(53), + loopDetect(54), + -- 55-63 unused + namingViolation(64), objectClassViolation(65), + notAllowedOnNonLeaf(66), notAllowedOnRDN(67), + entryAlreadyExists(68), + objectClassModsProhibited(69), + -- 70 reserved for CLDAP + affectsMultipleDSAs(71),-- new-- + -- 72-79 unused + other(80)}, + -- 81-90 reserved for APIs + matchedDN LDAPDN, + errorMessage ErrorMessage, + referral [3] Referral OPTIONAL, +-- end of COMPONENTS responseName [10] ResponseName OPTIONAL, response [11] OCTET STRING OPTIONAL -} - +} + ResponseName ::= LDAPOID END diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig old mode 100755 new mode 100644 index e85cb4fe5e..51709b9032 --- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig +++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn.orig @@ -117,9 +117,9 @@ Control ::= SEQUENCE { criticality BOOLEAN DEFAULT FALSE, controlValue OCTET STRING OPTIONAL } - + ControlType ::= LDAPOID - + BindRequest ::= [APPLICATION 0] SEQUENCE { version INTEGER(1..127), name LDAPDN, @@ -135,53 +135,53 @@ AuthenticationChoice ::= CHOICE { SaslCredentials ::= SEQUENCE { mechanism Mechanism, credentials OCTET STRING OPTIONAL -} - +} + Mechanism ::= LDAPString BindResponse ::= [APPLICATION 1] SEQUENCE { --- COMPONENTS OF LDAPResult, - resultCode - ENUMERATED {success(0), operationsError(1), protocolError(2), - timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), - compareTrue(6), authMethodNotSupported(7), - strongAuthRequired(8), - -- 9 reserved - referral(10),-- new-- adminLimitExceeded(11),-- new-- - unavailableCriticalExtension(12),-- new-- - confidentialityRequired(13),-- new-- - saslBindInProgress(14),-- new-- noSuchAttribute(16), - undefinedAttributeType(17), inappropriateMatching(18), - constraintViolation(19), attributeOrValueExists(20), - invalidAttributeSyntax(21), - -- 22-31 unused - noSuchObject(32), aliasProblem(33), - invalidDNSyntax(34), - -- 35 reserved for undefined isLeaf - aliasDereferencingProblem(36), - -- 37-47 unused - inappropriateAuthentication(48), invalidCredentials(49), - insufficientAccessRights(50), busy(51), unavailable(52), - unwillingToPerform(53), - loopDetect(54), - -- 55-63 unused - namingViolation(64), objectClassViolation(65), - notAllowedOnNonLeaf(66), notAllowedOnRDN(67), - entryAlreadyExists(68), - objectClassModsProhibited(69), - -- 70 reserved for CLDAP - affectsMultipleDSAs(71),-- new-- - -- 72-79 unused - other(80)}, - -- 81-90 reserved for APIs - matchedDN LDAPDN, - errorMessage ErrorMessage, - referral [3] Referral OPTIONAL, - +-- COMPONENTS OF LDAPResult, + resultCode + ENUMERATED {success(0), operationsError(1), protocolError(2), + timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), + compareTrue(6), authMethodNotSupported(7), + strongAuthRequired(8), + -- 9 reserved + referral(10),-- new-- adminLimitExceeded(11),-- new-- + unavailableCriticalExtension(12),-- new-- + confidentialityRequired(13),-- new-- + saslBindInProgress(14),-- new-- noSuchAttribute(16), + undefinedAttributeType(17), inappropriateMatching(18), + constraintViolation(19), attributeOrValueExists(20), + invalidAttributeSyntax(21), + -- 22-31 unused + noSuchObject(32), aliasProblem(33), + invalidDNSyntax(34), + -- 35 reserved for undefined isLeaf + aliasDereferencingProblem(36), + -- 37-47 unused + inappropriateAuthentication(48), invalidCredentials(49), + insufficientAccessRights(50), busy(51), unavailable(52), + unwillingToPerform(53), + loopDetect(54), + -- 55-63 unused + namingViolation(64), objectClassViolation(65), + notAllowedOnNonLeaf(66), notAllowedOnRDN(67), + entryAlreadyExists(68), + objectClassModsProhibited(69), + -- 70 reserved for CLDAP + affectsMultipleDSAs(71),-- new-- + -- 72-79 unused + other(80)}, + -- 81-90 reserved for APIs + matchedDN LDAPDN, + errorMessage ErrorMessage, + referral [3] Referral OPTIONAL, + -- end of components serverSaslCreds [7] OCTET STRING OPTIONAL -} - +} + ErrorMessage ::= LDAPString UnbindRequest ::= [APPLICATION 2] NULL @@ -232,7 +232,7 @@ MatchingRuleAssertion ::= SEQUENCE { SearchResultEntry ::= [APPLICATION 4] SEQUENCE { objectName LDAPDN, attributes PartialAttributeList -} +} PartialAttributeList ::= SEQUENCE OF SEQUENCE {type AttributeDescription, @@ -297,47 +297,47 @@ ExtendedRequest ::= [APPLICATION 23] SEQUENCE { ExtendedResponse ::= [APPLICATION 24] SEQUENCE { -- COMPONENTS OF LDAPResult, - resultCode - ENUMERATED {success(0), operationsError(1), protocolError(2), - timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), - compareTrue(6), authMethodNotSupported(7), - strongAuthRequired(8), - -- 9 reserved - referral(10),-- new-- adminLimitExceeded(11),-- new-- - unavailableCriticalExtension(12),-- new-- - confidentialityRequired(13),-- new-- - saslBindInProgress(14),-- new-- noSuchAttribute(16), - undefinedAttributeType(17), inappropriateMatching(18), - constraintViolation(19), attributeOrValueExists(20), - invalidAttributeSyntax(21), - -- 22-31 unused - noSuchObject(32), aliasProblem(33), - invalidDNSyntax(34), - -- 35 reserved for undefined isLeaf - aliasDereferencingProblem(36), - -- 37-47 unused - inappropriateAuthentication(48), invalidCredentials(49), - insufficientAccessRights(50), busy(51), unavailable(52), - unwillingToPerform(53), - loopDetect(54), - -- 55-63 unused - namingViolation(64), objectClassViolation(65), - notAllowedOnNonLeaf(66), notAllowedOnRDN(67), - entryAlreadyExists(68), - objectClassModsProhibited(69), - -- 70 reserved for CLDAP - affectsMultipleDSAs(71),-- new-- - -- 72-79 unused - other(80)}, - -- 81-90 reserved for APIs - matchedDN LDAPDN, - errorMessage ErrorMessage, - referral [3] Referral OPTIONAL, --- end of COMPONENTS + resultCode + ENUMERATED {success(0), operationsError(1), protocolError(2), + timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), + compareTrue(6), authMethodNotSupported(7), + strongAuthRequired(8), + -- 9 reserved + referral(10),-- new-- adminLimitExceeded(11),-- new-- + unavailableCriticalExtension(12),-- new-- + confidentialityRequired(13),-- new-- + saslBindInProgress(14),-- new-- noSuchAttribute(16), + undefinedAttributeType(17), inappropriateMatching(18), + constraintViolation(19), attributeOrValueExists(20), + invalidAttributeSyntax(21), + -- 22-31 unused + noSuchObject(32), aliasProblem(33), + invalidDNSyntax(34), + -- 35 reserved for undefined isLeaf + aliasDereferencingProblem(36), + -- 37-47 unused + inappropriateAuthentication(48), invalidCredentials(49), + insufficientAccessRights(50), busy(51), unavailable(52), + unwillingToPerform(53), + loopDetect(54), + -- 55-63 unused + namingViolation(64), objectClassViolation(65), + notAllowedOnNonLeaf(66), notAllowedOnRDN(67), + entryAlreadyExists(68), + objectClassModsProhibited(69), + -- 70 reserved for CLDAP + affectsMultipleDSAs(71),-- new-- + -- 72-79 unused + other(80)}, + -- 81-90 reserved for APIs + matchedDN LDAPDN, + errorMessage ErrorMessage, + referral [3] Referral OPTIONAL, +-- end of COMPONENTS responseName [10] ResponseName OPTIONAL, response [11] OCTET STRING OPTIONAL -} - +} + ResponseName ::= LDAPOID END diff --git a/asn1/ldap/Makefile.nmake b/asn1/ldap/Makefile.nmake old mode 100755 new mode 100644 index b61dd6378e..01cb834da2 --- a/asn1/ldap/Makefile.nmake +++ b/asn1/ldap/Makefile.nmake @@ -1,42 +1,42 @@ -## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake -# -# $Id: Makefile.nmake 13077 2005-01-16 23:26:02Z lroland $ - -include ../../config.nmake - -UNIX2DOS=$(PERL) ../../tools/unix2dos.pl - -PROTOCOL_NAME=ldap -DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h - -all: generate_dissector - -generate_dissector: $(DISSECTOR_FILES) - -$(DISSECTOR_FILES): ../../tools/asn2eth.py Lightweight-Directory-Access-Protocol-V3.asn packet-ldap-template.c packet-ldap-template.h ldap.cnf -!IFDEF PYTHON - $(PYTHON) ../../tools/asn2eth.py -X -b -e -p $(PROTOCOL_NAME) -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn -!ELSE - @echo Error: You need Python to use asn2eth.py - @exit 1 -!ENDIF - -clean: - rm -f parsetab.py $(DISSECTOR_FILES) - -# Fix EOL in generated dissectors. Cygwin's python generates files with -# mixed EOL styles, which can't be commited to the SVN repository. -# Stuff included from template and "cnf" files has "\r\n" on windows, while -# the generated stuff has "\n". - -fix_eol: generate_dissector - move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp - move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp - $(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c - $(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h - del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp - -copy_files: generate_dissector fix_eol - xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y - xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y - +## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake +# +# $Id$ + +include ../../config.nmake + +UNIX2DOS=$(PERL) ../../tools/unix2dos.pl + +PROTOCOL_NAME=ldap +DISSECTOR_FILES=packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).h + +all: generate_dissector + +generate_dissector: $(DISSECTOR_FILES) + +$(DISSECTOR_FILES): ../../tools/asn2eth.py Lightweight-Directory-Access-Protocol-V3.asn packet-ldap-template.c packet-ldap-template.h ldap.cnf +!IFDEF PYTHON + $(PYTHON) ../../tools/asn2eth.py -X -b -e -p $(PROTOCOL_NAME) -c ldap.cnf -s packet-ldap-template Lightweight-Directory-Access-Protocol-V3.asn +!ELSE + @echo Error: You need Python to use asn2eth.py + @exit 1 +!ENDIF + +clean: + rm -f parsetab.py $(DISSECTOR_FILES) + +# Fix EOL in generated dissectors. Cygwin's python generates files with +# mixed EOL styles, which can't be commited to the SVN repository. +# Stuff included from template and "cnf" files has "\r\n" on windows, while +# the generated stuff has "\n". + +fix_eol: generate_dissector + move packet-$(PROTOCOL_NAME).c packet-$(PROTOCOL_NAME).c.tmp + move packet-$(PROTOCOL_NAME).h packet-$(PROTOCOL_NAME).h.tmp + $(UNIX2DOS) < packet-$(PROTOCOL_NAME).c.tmp > packet-$(PROTOCOL_NAME).c + $(UNIX2DOS) < packet-$(PROTOCOL_NAME).h.tmp > packet-$(PROTOCOL_NAME).h + del /f packet-$(PROTOCOL_NAME).c.tmp packet-$(PROTOCOL_NAME).h.tmp + +copy_files: generate_dissector fix_eol + xcopy packet-$(PROTOCOL_NAME).c ..\..\epan\dissectors /d /y + xcopy packet-$(PROTOCOL_NAME).h ..\..\epan\dissectors /d /y + diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf old mode 100755 new mode 100644 index 3be33f9f85..e4080ab369 --- a/asn1/ldap/ldap.cnf +++ b/asn1/ldap/ldap.cnf @@ -1,38 +1,38 @@ -# ros.cnf -# ros conformation file -# Copyright 2005 Anders Broman -# $Id:$ - - -#.PDU -LDAPMessage - -#.TYPE_RENAME - -BindResponse/resultCode BindResponse_resultCode -ExtendedResponse/resultCode ExtendedResponse_resultCode -ModifyRequest/modification ModifyRequest_modification - -#.FIELD_RENAME -BindResponse/resultCode bindResponse_resultCode -ExtendedResponse/resultCode extendedResponse_resultCode -SearchRequest/attributes searchRequest_attributes -SearchResultEntry/attributes searchResultEntry_attributes -ModifyRequest/modification modifyRequest_modification -SubstringFilter/substrings substringFilter_substrings - -#.TYPE_ATTR -LDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -RelativeLDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -AttributeType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -AttributeDescription TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -MatchingRuleId TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -ErrorMessage TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -ControlType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL -ResponseName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL - -#.FN_PARS MessageID VAL_PTR = &MessageID -#.FN_PARS AuthenticationChoice VAL_PTR = &AuthenticationChoice - +# ros.cnf +# ros conformation file +# Copyright 2005 Anders Broman +# $Id$ + + +#.PDU +LDAPMessage + +#.TYPE_RENAME + +BindResponse/resultCode BindResponse_resultCode +ExtendedResponse/resultCode ExtendedResponse_resultCode +ModifyRequest/modification ModifyRequest_modification + +#.FIELD_RENAME +BindResponse/resultCode bindResponse_resultCode +ExtendedResponse/resultCode extendedResponse_resultCode +SearchRequest/attributes searchRequest_attributes +SearchResultEntry/attributes searchResultEntry_attributes +ModifyRequest/modification modifyRequest_modification +SubstringFilter/substrings substringFilter_substrings + +#.TYPE_ATTR +LDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +RelativeLDAPDN TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +AttributeType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +AttributeDescription TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +MatchingRuleId TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +ErrorMessage TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +ControlType TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +ResponseName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL + +#.FN_PARS MessageID VAL_PTR = &MessageID +#.FN_PARS AuthenticationChoice VAL_PTR = &AuthenticationChoice + diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c old mode 100755 new mode 100644 index da73727748..95aa3e07c1 --- a/asn1/ldap/packet-ldap-template.c +++ b/asn1/ldap/packet-ldap-template.c @@ -1,770 +1,770 @@ -/* packet-ldap.c - * Routines for ldap packet dissection - * - * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL). - * - * $Id: packet-ldap.c 16332 2005-10-27 08:50:42Z sahlberg $ - * - * Ethereal - Network traffic analyzer - * By Gerald Combs - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ - -/* - * This is not a complete implementation. It doesn't handle the full version 3, more specifically, - * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported. - * It's also missing extensible search filters. - * - * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete - * and correct packet. - * - * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add - * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what - * I can do. - * - * Doug Nazar - * nazard@dragoninc.on.ca - */ - -/* - * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the - * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2 - * TCP segments. - * - * Ronald W. Henderson - * ronald.henderson@cognicaseusa.com - */ - -/* - * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC - * using information from the SNIA 2003 conference paper : - * Active Directory Domain Controller Location Service - * by Anthony Liguori - * ronnie sahlberg - */ - -/* - * 17-DEC-2004 - added basic decoding for LDAP Controls - * 20-DEC-2004 - added handling for GSS-API encrypted blobs - * - * Stefan Metzmacher - * - * 15-NOV-2005 - Changed to use the asn2eth compiler - * Anders Broman - */ - -#ifdef HAVE_CONFIG_H -# include "config.h" -#endif - -#include -#include - -#include - -#include -#include -#include -#include -#include -#include - -#include "packet-frame.h" -#include "packet-ldap.h" - -#include "packet-ber.h" -#include "packet-per.h" - -#define PNAME "Lightweight-Directory-Access-Protocol" -#define PSNAME "LDAP" -#define PFNAME "ldap" - - - -static dissector_handle_t ldap_handle=NULL; - -/* Initialize the protocol and registered fields */ -static int ldap_tap = -1; -static int proto_ldap = -1; -static int proto_cldap = -1; - -static int hf_ldap_sasl_buffer_length = -1; - -#include "packet-ldap-hf.c" - -/* Initialize the subtree pointers */ -static gint ett_ldap = -1; -static gint ett_ldap_msg = -1; -static gint ett_ldap_sasl_blob = -1; -static guint ett_ldap_payload = -1; - -#include "packet-ldap-ett.c" - -/* desegmentation of LDAP */ -static gboolean ldap_desegment = TRUE; - -#define TCP_PORT_LDAP 389 -#define UDP_PORT_CLDAP 389 -#define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */ - -static dissector_handle_t gssapi_handle; -static dissector_handle_t gssapi_wrap_handle; - - -/* different types of rpc calls ontop of ms cldap */ -#define MSCLDAP_RPC_NETLOGON 1 - - -/* - * Data structure attached to a conversation, giving authentication - * information from a bind request. - * We keep a linked list of them, so that we can free up all the - * authentication mechanism strings. - */ -typedef struct ldap_conv_info_t { - struct ldap_conv_info_t *next; - guint auth_type; /* authentication type */ - char *auth_mech; /* authentication mechanism */ - guint32 first_auth_frame; /* first frame that would use a security layer */ - GHashTable *unmatched; - GHashTable *matched; - gboolean is_mscldap; - gboolean first_time; -} ldap_conv_info_t; -static ldap_conv_info_t *ldap_info_items; - -static guint -ldap_info_hash_matched(gconstpointer k) -{ - const ldap_call_response_t *key = k; - - return key->messageId; -} - -static gint -ldap_info_equal_matched(gconstpointer k1, gconstpointer k2) -{ - const ldap_call_response_t *key1 = k1; - const ldap_call_response_t *key2 = k2; - - if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){ - return 0; - } - if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){ - return 0; - } - - return key1->messageId==key2->messageId; -} - -static guint -ldap_info_hash_unmatched(gconstpointer k) -{ - const ldap_call_response_t *key = k; - - return key->messageId; -} - -static gint -ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2) -{ - const ldap_call_response_t *key1 = k1; - const ldap_call_response_t *key2 = k2; - - return key1->messageId==key2->messageId; -} - -/* Global variables */ -guint32 MessageID; -guint32 AuthenticationChoice; - -#include "packet-ldap-fn.c" - -static void -dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo, - proto_tree *tree, ldap_conv_info_t *ldap_info, - gboolean rest_is_pad, gboolean is_mscldap) -{ - int offset = 0; - gboolean first_time = TRUE; - guint length_remaining; - guint msg_len = 0; - int messageOffset = 0; - guint headerLength = 0; - guint length = 0; - tvbuff_t *msg_tvb = NULL; - proto_item *msg_item = NULL; - proto_tree *msg_tree = NULL; - gint8 class; - gboolean pc, ind = 0; - gint32 ber_tag; - - while (tvb_reported_length_remaining(tvb, offset) > 0) { - /* - * This will throw an exception if we don't have any data left. - * That's what we want. (See "tcp_dissect_pdus()", which is - * similar) - */ - length_remaining = tvb_ensure_length_remaining(tvb, offset); - - if (rest_is_pad && length_remaining < 6) return; - - /* - * The frame begins - * with a "Sequence Of" header. - * Can we do reassembly? - */ - if (ldap_desegment && pinfo->can_desegment) { - /* - * Yes - is the "Sequence Of" header split across segment - * boundaries? We require at least 6 bytes for the header - * which allows for a 4 byte length (ASN.1 BER). - */ - if (length_remaining < 6) { - /* stop if the caller says that we are given all data and the rest is padding - * this is for the SASL GSSAPI case when the data is only signed and not sealed - */ - pinfo->desegment_offset = offset; - pinfo->desegment_len = 6 - length_remaining; - return; - } - } - - /* - * OK, try to read the "Sequence Of" header; this gets the total - * length of the LDAP message. - */ - messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag); - messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind); - - if (ber_tag == BER_UNI_TAG_SEQUENCE) { - /* - * Add the length of the "Sequence Of" header to the message - * length. - */ - headerLength = messageOffset - offset; - msg_len += headerLength; - if (msg_len < headerLength) { - /* - * The message length was probably so large that the total length - * overflowed. - * - * Report this as an error. - */ - show_reported_bounds_error(tvb, pinfo, tree); - return; - } - } else { - /* - * We couldn't parse the header; just make it the amount of data - * remaining in the tvbuff, so we'll give up on this segment - * after attempting to parse the message - there's nothing more - * we can do. "dissect_ldap_message()" will display the error. - */ - msg_len = length_remaining; - } - - /* - * Is the message split across segment boundaries? - */ - if (length_remaining < msg_len) { - /* provide a hint to TCP where the next PDU starts */ - pinfo->want_pdu_tracking=2; - pinfo->bytes_until_next_pdu= msg_len - length_remaining; - /* - * Can we do reassembly? - */ - if (ldap_desegment && pinfo->can_desegment) { - /* - * Yes. Tell the TCP dissector where the data for this message - * starts in the data it handed us, and how many more bytes - * we need, and return. - */ - pinfo->desegment_offset = offset; - pinfo->desegment_len = msg_len - length_remaining; - return; - } - } - - /* - * Construct a tvbuff containing the amount of the payload we have - * available. Make its reported length the amount of data in the - * LDAP message. - * - * XXX - if reassembly isn't enabled. the subdissector will throw a - * BoundsError exception, rather than a ReportedBoundsError exception. - * We really want a tvbuff where the length is "length", the reported - * length is "plen", and the "if the snapshot length were infinite" - * length is the minimum of the reported length of the tvbuff handed - * to us and "plen", with a new type of exception thrown if the offset - * is within the reported length but beyond that third length, with - * that exception getting the "Unreassembled Packet" error. - */ - length = length_remaining; - if (length > msg_len) length = msg_len; - msg_tvb = tvb_new_subset(tvb, offset, length, msg_len); - - /* - * Now dissect the LDAP message. - */ - if (tree) { - msg_item = proto_tree_add_text(tree, msg_tvb, 0, msg_len, "LDAP Message"); - msg_tree = proto_item_add_subtree(msg_item, ett_ldap_msg); - } - - /*dissect_ldap_message(msg_tvb, 0, pinfo, msg_tree, msg_item, first_time, ldap_info, is_mscldap);*/ - ldap_info->first_time= first_time; - ldap_info->is_mscldap = is_mscldap; - pinfo->private_data = ldap_info; - dissect_LDAPMessage_PDU(msg_tvb, pinfo, msg_tree); - - - offset += msg_len; - - first_time = FALSE; - } -} - -static void -dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap) -{ - int offset = 0; - conversation_t *conversation; - gboolean doing_sasl_security = FALSE; - guint length_remaining; - ldap_conv_info_t *ldap_info = NULL; - proto_item *ldap_item = NULL; - proto_tree *ldap_tree = NULL; - - /* - * Do we have a conversation for this connection? - */ - conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, - pinfo->ptype, pinfo->srcport, - pinfo->destport, 0); - if (conversation == NULL) { - /* We don't yet have a conversation, so create one. */ - conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, - pinfo->ptype, pinfo->srcport, - pinfo->destport, 0); - } - - /* - * Do we already have a type and mechanism? - */ - ldap_info = conversation_get_proto_data(conversation, proto_ldap); - if (ldap_info == NULL) { - /* No. Attach that information to the conversation, and add - * it to the list of information structures. - */ - ldap_info = se_alloc(sizeof(ldap_conv_info_t)); - ldap_info->auth_type = 0; - ldap_info->auth_mech = 0; - ldap_info->first_auth_frame = 0; - ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched); - ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched); - conversation_add_proto_data(conversation, proto_ldap, ldap_info); - ldap_info->next = ldap_info_items; - ldap_info_items = ldap_info; - } - - switch (ldap_info->auth_type) { - case LDAP_AUTH_SASL: - /* - * It's SASL; are we using a security layer? - */ - if (ldap_info->first_auth_frame != 0 && - pinfo->fd->num >= ldap_info->first_auth_frame) { - doing_sasl_security = TRUE; /* yes */ - } - } - - while (tvb_reported_length_remaining(tvb, offset) > 0) { - - /* - * This will throw an exception if we don't have any data left. - * That's what we want. (See "tcp_dissect_pdus()", which is - * similar, but doesn't have to deal with the SASL issues. - * XXX - can we make "tcp_dissect_pdus()" provide enough information - * to the "get_pdu_len" routine so that we could have one dealing - * with the SASL issues, have that routine deal with SASL and - * ASN.1, and just use "tcp_dissect_pdus()"?) - */ - length_remaining = tvb_ensure_length_remaining(tvb, offset); - - /* - * Try to find out if we have a plain LDAP buffer - * with a "Sequence Of" header or a SASL buffer with - * Can we do reassembly? - */ - if (ldap_desegment && pinfo->can_desegment) { - /* - * Yes - is the "Sequence Of" header split across segment - * boundaries? We require at least 6 bytes for the header - * which allows for a 4 byte length (ASN.1 BER). - * For the SASL case we need at least 4 bytes, so this is - * no problem here because we check for 6 bytes ans sasl buffers - * with less than 2 bytes should not exist... - */ - if (length_remaining < 6) { - pinfo->desegment_offset = offset; - pinfo->desegment_len = 6 - length_remaining; - return; - } - } - - /* It might still be a packet containing a SASL security layer - * but its just that we never saw the BIND packet. - * check if it looks like it could be a SASL blob here - * and in that case just assume it is GSS-SPNEGO - */ - if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5)) - &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4)) - &&(tvb_get_guint8(tvb, offset+4)==0x60) ){ - ldap_info->auth_type=LDAP_AUTH_SASL; - ldap_info->first_auth_frame=pinfo->fd->num; - ldap_info->auth_mech=g_strdup("GSS-SPNEGO"); - doing_sasl_security=TRUE; - } - - /* - * This is the first PDU, set the Protocol column and clear the - * Info column. - */ - if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto); - if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO); - - ldap_item = proto_tree_add_item(tree, proto_ldap, tvb, 0, -1, FALSE); - ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap); - - /* - * Might we be doing a SASL security layer and, if so, *are* we doing - * one? - * - * Just because we've seen a bind reply for SASL, that doesn't mean - * that we're using a SASL security layer; I've seen captures in - * which some SASL negotiations lead to a security layer being used - * and other negotiations don't, and it's not obvious what's different - * in the two negotiations. Therefore, we assume that if the first - * byte is 0, it's a length for a SASL security layer (that way, we - * never reassemble more than 16 megabytes, protecting us from - * chewing up *too* much memory), and otherwise that it's an LDAP - * message (actually, if it's an LDAP message it should begin with 0x30, - * but we want to parse garbage as LDAP messages rather than really - * huge lengths). - */ - - if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) { - proto_item *sasl_item = NULL; - proto_tree *sasl_tree = NULL; - tvbuff_t *sasl_tvb; - guint sasl_len, sasl_msg_len, length; - /* - * Yes. The frame begins with a 4-byte big-endian length. - * And we know we have at least 6 bytes - */ - - /* - * Get the SASL length, which is the length of data in the buffer - * following the length (i.e., it's 4 less than the total length). - * - * XXX - do we need to reassemble buffers? For now, we - * assume that each LDAP message is entirely contained within - * a buffer. - */ - sasl_len = tvb_get_ntohl(tvb, offset); - sasl_msg_len = sasl_len + 4; - if (sasl_msg_len < 4) { - /* - * The message length was probably so large that the total length - * overflowed. - * - * Report this as an error. - */ - show_reported_bounds_error(tvb, pinfo, tree); - return; - } - - /* - * Is the buffer split across segment boundaries? - */ - if (length_remaining < sasl_msg_len) { - /* provide a hint to TCP where the next PDU starts */ - pinfo->want_pdu_tracking = 2; - pinfo->bytes_until_next_pdu= sasl_msg_len - length_remaining; - /* - * Can we do reassembly? - */ - if (ldap_desegment && pinfo->can_desegment) { - /* - * Yes. Tell the TCP dissector where the data for this message - * starts in the data it handed us, and how many more bytes we - * need, and return. - */ - pinfo->desegment_offset = offset; - pinfo->desegment_len = sasl_msg_len - length_remaining; - return; - } - } - - /* - * Construct a tvbuff containing the amount of the payload we have - * available. Make its reported length the amount of data in the PDU. - * - * XXX - if reassembly isn't enabled. the subdissector will throw a - * BoundsError exception, rather than a ReportedBoundsError exception. - * We really want a tvbuff where the length is "length", the reported - * length is "plen", and the "if the snapshot length were infinite" - * length is the minimum of the reported length of the tvbuff handed - * to us and "plen", with a new type of exception thrown if the offset - * is within the reported length but beyond that third length, with - * that exception getting the "Unreassembled Packet" error. - */ - length = length_remaining; - if (length > sasl_msg_len) length = sasl_msg_len; - sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len); - - if (ldap_tree) { - proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, - sasl_len); - - sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL buffer"); - sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob); - } - - if (ldap_info->auth_mech != NULL && - strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) { - tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL; - int ver_len; - int length; - - /* - * This is GSS-API (using SPNEGO, but we should be done with - * the negotiation by now). - * - * Dissect the GSS_Wrap() token; it'll return the length of - * the token, from which we compute the offset in the tvbuff at - * which the plaintext data, i.e. the LDAP message, begins. - */ - length = tvb_length_remaining(sasl_tvb, 4); - if ((guint)length > sasl_len) - length = sasl_len; - gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len); - - /* Attempt decryption of the GSSAPI wrapped data if possible */ - pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; - pinfo->gssapi_wrap_tvb=NULL; - pinfo->gssapi_encrypted_tvb=NULL; - pinfo->gssapi_decrypted_tvb=NULL; - ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree); - /* if we could unwrap, do a tvb shuffle */ - if(pinfo->gssapi_decrypted_tvb){ - decr_tvb=pinfo->gssapi_decrypted_tvb; - } - /* tidy up */ - pinfo->decrypt_gssapi_tvb=0; - pinfo->gssapi_wrap_tvb=NULL; - pinfo->gssapi_encrypted_tvb=NULL; - pinfo->gssapi_decrypted_tvb=NULL; - - /* - * if len is 0 it probably mean that we got a PDU that is not - * aligned to the start of the segment. - */ - if(ver_len==0){ - return; - } - - /* - * if we don't have unwrapped data, - * see if the wrapping involved encryption of the - * data; if not, just use the plaintext data. - */ - if (!decr_tvb) { - if(!pinfo->gssapi_data_encrypted){ - plain_tvb = tvb_new_subset(gssapi_tvb, ver_len, -1, -1); - } - } - - if (decr_tvb) { - proto_item *enc_item = NULL; - proto_tree *enc_tree = NULL; - - /* - * The LDAP message was encrypted in the packet, and has - * been decrypted; dissect the decrypted LDAP message. - */ - if (sasl_tree) { - enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1, - "GSS-API Encrypted payload (%d byte%s)", - sasl_len - ver_len, - plurality(sasl_len - ver_len, "", "s")); - enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload); - } - dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap); - } else if (plain_tvb) { - proto_item *plain_item = NULL; - proto_tree *plain_tree = NULL; - - /* - * The LDAP message wasn't encrypted in the packet; - * dissect the plain LDAP message. - */ - if (sasl_tree) { - plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1, - "GSS-API payload (%d byte%s)", - sasl_len - ver_len, - plurality(sasl_len - ver_len, "", "s")); - plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload); - } - - dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap); - } else { - /* - * The LDAP message was encrypted in the packet, and was - * not decrypted; just show it as encrypted data. - */ - if (check_col(pinfo->cinfo, COL_INFO)) { - col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)", - sasl_len - ver_len, - plurality(sasl_len - ver_len, "", "s")); - } - if (sasl_tree) { - proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1, - "GSS-API Encrypted payload (%d byte%s)", - sasl_len - ver_len, - plurality(sasl_len - ver_len, "", "s")); - } - } - } - offset += sasl_msg_len; - } else { - /* plain LDAP, so dissect the payload */ - dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap); - /* dissect_ldap_payload() has it's own loop so go out here */ - break; - } - } -} -static void -dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) -{ - dissect_ldap_pdu(tvb, pinfo, tree, FALSE); - return; -} - -static void -dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) -{ - dissect_ldap_pdu(tvb, pinfo, tree, TRUE); - return; -} - - -static void -ldap_reinit(void) -{ - ldap_conv_info_t *ldap_info; - - /* Free up state attached to the ldap_info structures */ - for (ldap_info = ldap_info_items; ldap_info != NULL; ldap_info = ldap_info->next) { - if (ldap_info->auth_mech != NULL) { - g_free(ldap_info->auth_mech); - ldap_info->auth_mech=NULL; - } - g_hash_table_destroy(ldap_info->matched); - ldap_info->matched=NULL; - g_hash_table_destroy(ldap_info->unmatched); - ldap_info->unmatched=NULL; - } - - ldap_info_items = NULL; - -} -/*--- proto_register_ldap -------------------------------------------*/ -void proto_register_ldap(void) { - - /* List of fields */ - - static hf_register_info hf[] = { - - { &hf_ldap_sasl_buffer_length, - { "SASL Buffer Length", "ldap.sasl_buffer_length", - FT_UINT32, BASE_DEC, NULL, 0x0, - "SASL Buffer Length", HFILL }}, - -#include "packet-ldap-hfarr.c" - }; - - /* List of subtrees */ - static gint *ett[] = { - &ett_ldap, - &ett_ldap_payload, - &ett_ldap_sasl_blob, - &ett_ldap_msg, - -#include "packet-ldap-ettarr.c" - }; - - module_t *ldap_module; - - /* Register protocol */ - proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME); - /* Register fields and subtrees */ - proto_register_field_array(proto_ldap, hf, array_length(hf)); - proto_register_subtree_array(ett, array_length(ett)); - - - register_dissector("ldap", dissect_ldap, proto_ldap); - - ldap_module = prefs_register_protocol(proto_ldap, NULL); - prefs_register_bool_preference(ldap_module, "desegment_ldap_messages", - "Reassemble LDAP messages spanning multiple TCP segments", - "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments." - " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", - &ldap_desegment); - - proto_cldap = proto_register_protocol( - "Connectionless Lightweight Directory Access Protocol", - "CLDAP", "cldap"); - - register_init_routine(ldap_reinit); - ldap_tap=register_tap("ldap"); - -} - - -/*--- proto_reg_handoff_ldap ---------------------------------------*/ -void -proto_reg_handoff_ldap(void) -{ - dissector_handle_t ldap_handle, cldap_handle; - ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap); - dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle); - dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle); - - cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap); - dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle); - - gssapi_handle = find_dissector("gssapi"); - gssapi_wrap_handle = find_dissector("gssapi_verf"); - - - -} - - +/* packet-ldap.c + * Routines for ldap packet dissection + * + * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL). + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +/* + * This is not a complete implementation. It doesn't handle the full version 3, more specifically, + * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported. + * It's also missing extensible search filters. + * + * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete + * and correct packet. + * + * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add + * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what + * I can do. + * + * Doug Nazar + * nazard@dragoninc.on.ca + */ + +/* + * 11/11/2002 - Fixed problem when decoding LDAP with desegmentation enabled and the + * ASN.1 BER Universal Class Tag: "Sequence Of" header is encapsulated across 2 + * TCP segments. + * + * Ronald W. Henderson + * ronald.henderson@cognicaseusa.com + */ + +/* + * 20-JAN-2004 - added decoding of MS-CLDAP netlogon RPC + * using information from the SNIA 2003 conference paper : + * Active Directory Domain Controller Location Service + * by Anthony Liguori + * ronnie sahlberg + */ + +/* + * 17-DEC-2004 - added basic decoding for LDAP Controls + * 20-DEC-2004 - added handling for GSS-API encrypted blobs + * + * Stefan Metzmacher + * + * 15-NOV-2005 - Changed to use the asn2eth compiler + * Anders Broman + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include + +#include +#include +#include +#include +#include +#include + +#include "packet-frame.h" +#include "packet-ldap.h" + +#include "packet-ber.h" +#include "packet-per.h" + +#define PNAME "Lightweight-Directory-Access-Protocol" +#define PSNAME "LDAP" +#define PFNAME "ldap" + + + +static dissector_handle_t ldap_handle=NULL; + +/* Initialize the protocol and registered fields */ +static int ldap_tap = -1; +static int proto_ldap = -1; +static int proto_cldap = -1; + +static int hf_ldap_sasl_buffer_length = -1; + +#include "packet-ldap-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_ldap = -1; +static gint ett_ldap_msg = -1; +static gint ett_ldap_sasl_blob = -1; +static guint ett_ldap_payload = -1; + +#include "packet-ldap-ett.c" + +/* desegmentation of LDAP */ +static gboolean ldap_desegment = TRUE; + +#define TCP_PORT_LDAP 389 +#define UDP_PORT_CLDAP 389 +#define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */ + +static dissector_handle_t gssapi_handle; +static dissector_handle_t gssapi_wrap_handle; + + +/* different types of rpc calls ontop of ms cldap */ +#define MSCLDAP_RPC_NETLOGON 1 + + +/* + * Data structure attached to a conversation, giving authentication + * information from a bind request. + * We keep a linked list of them, so that we can free up all the + * authentication mechanism strings. + */ +typedef struct ldap_conv_info_t { + struct ldap_conv_info_t *next; + guint auth_type; /* authentication type */ + char *auth_mech; /* authentication mechanism */ + guint32 first_auth_frame; /* first frame that would use a security layer */ + GHashTable *unmatched; + GHashTable *matched; + gboolean is_mscldap; + gboolean first_time; +} ldap_conv_info_t; +static ldap_conv_info_t *ldap_info_items; + +static guint +ldap_info_hash_matched(gconstpointer k) +{ + const ldap_call_response_t *key = k; + + return key->messageId; +} + +static gint +ldap_info_equal_matched(gconstpointer k1, gconstpointer k2) +{ + const ldap_call_response_t *key1 = k1; + const ldap_call_response_t *key2 = k2; + + if( key1->req_frame && key2->req_frame && (key1->req_frame!=key2->req_frame) ){ + return 0; + } + if( key1->rep_frame && key2->rep_frame && (key1->rep_frame!=key2->rep_frame) ){ + return 0; + } + + return key1->messageId==key2->messageId; +} + +static guint +ldap_info_hash_unmatched(gconstpointer k) +{ + const ldap_call_response_t *key = k; + + return key->messageId; +} + +static gint +ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2) +{ + const ldap_call_response_t *key1 = k1; + const ldap_call_response_t *key2 = k2; + + return key1->messageId==key2->messageId; +} + +/* Global variables */ +guint32 MessageID; +guint32 AuthenticationChoice; + +#include "packet-ldap-fn.c" + +static void +dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo, + proto_tree *tree, ldap_conv_info_t *ldap_info, + gboolean rest_is_pad, gboolean is_mscldap) +{ + int offset = 0; + gboolean first_time = TRUE; + guint length_remaining; + guint msg_len = 0; + int messageOffset = 0; + guint headerLength = 0; + guint length = 0; + tvbuff_t *msg_tvb = NULL; + proto_item *msg_item = NULL; + proto_tree *msg_tree = NULL; + gint8 class; + gboolean pc, ind = 0; + gint32 ber_tag; + + while (tvb_reported_length_remaining(tvb, offset) > 0) { + /* + * This will throw an exception if we don't have any data left. + * That's what we want. (See "tcp_dissect_pdus()", which is + * similar) + */ + length_remaining = tvb_ensure_length_remaining(tvb, offset); + + if (rest_is_pad && length_remaining < 6) return; + + /* + * The frame begins + * with a "Sequence Of" header. + * Can we do reassembly? + */ + if (ldap_desegment && pinfo->can_desegment) { + /* + * Yes - is the "Sequence Of" header split across segment + * boundaries? We require at least 6 bytes for the header + * which allows for a 4 byte length (ASN.1 BER). + */ + if (length_remaining < 6) { + /* stop if the caller says that we are given all data and the rest is padding + * this is for the SASL GSSAPI case when the data is only signed and not sealed + */ + pinfo->desegment_offset = offset; + pinfo->desegment_len = 6 - length_remaining; + return; + } + } + + /* + * OK, try to read the "Sequence Of" header; this gets the total + * length of the LDAP message. + */ + messageOffset = get_ber_identifier(tvb, offset, &class, &pc, &ber_tag); + messageOffset = get_ber_length(tree, tvb, messageOffset, &msg_len, &ind); + + if (ber_tag == BER_UNI_TAG_SEQUENCE) { + /* + * Add the length of the "Sequence Of" header to the message + * length. + */ + headerLength = messageOffset - offset; + msg_len += headerLength; + if (msg_len < headerLength) { + /* + * The message length was probably so large that the total length + * overflowed. + * + * Report this as an error. + */ + show_reported_bounds_error(tvb, pinfo, tree); + return; + } + } else { + /* + * We couldn't parse the header; just make it the amount of data + * remaining in the tvbuff, so we'll give up on this segment + * after attempting to parse the message - there's nothing more + * we can do. "dissect_ldap_message()" will display the error. + */ + msg_len = length_remaining; + } + + /* + * Is the message split across segment boundaries? + */ + if (length_remaining < msg_len) { + /* provide a hint to TCP where the next PDU starts */ + pinfo->want_pdu_tracking=2; + pinfo->bytes_until_next_pdu= msg_len - length_remaining; + /* + * Can we do reassembly? + */ + if (ldap_desegment && pinfo->can_desegment) { + /* + * Yes. Tell the TCP dissector where the data for this message + * starts in the data it handed us, and how many more bytes + * we need, and return. + */ + pinfo->desegment_offset = offset; + pinfo->desegment_len = msg_len - length_remaining; + return; + } + } + + /* + * Construct a tvbuff containing the amount of the payload we have + * available. Make its reported length the amount of data in the + * LDAP message. + * + * XXX - if reassembly isn't enabled. the subdissector will throw a + * BoundsError exception, rather than a ReportedBoundsError exception. + * We really want a tvbuff where the length is "length", the reported + * length is "plen", and the "if the snapshot length were infinite" + * length is the minimum of the reported length of the tvbuff handed + * to us and "plen", with a new type of exception thrown if the offset + * is within the reported length but beyond that third length, with + * that exception getting the "Unreassembled Packet" error. + */ + length = length_remaining; + if (length > msg_len) length = msg_len; + msg_tvb = tvb_new_subset(tvb, offset, length, msg_len); + + /* + * Now dissect the LDAP message. + */ + if (tree) { + msg_item = proto_tree_add_text(tree, msg_tvb, 0, msg_len, "LDAP Message"); + msg_tree = proto_item_add_subtree(msg_item, ett_ldap_msg); + } + + /*dissect_ldap_message(msg_tvb, 0, pinfo, msg_tree, msg_item, first_time, ldap_info, is_mscldap);*/ + ldap_info->first_time= first_time; + ldap_info->is_mscldap = is_mscldap; + pinfo->private_data = ldap_info; + dissect_LDAPMessage_PDU(msg_tvb, pinfo, msg_tree); + + + offset += msg_len; + + first_time = FALSE; + } +} + +static void +dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean is_mscldap) +{ + int offset = 0; + conversation_t *conversation; + gboolean doing_sasl_security = FALSE; + guint length_remaining; + ldap_conv_info_t *ldap_info = NULL; + proto_item *ldap_item = NULL; + proto_tree *ldap_tree = NULL; + + /* + * Do we have a conversation for this connection? + */ + conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, + pinfo->ptype, pinfo->srcport, + pinfo->destport, 0); + if (conversation == NULL) { + /* We don't yet have a conversation, so create one. */ + conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, + pinfo->ptype, pinfo->srcport, + pinfo->destport, 0); + } + + /* + * Do we already have a type and mechanism? + */ + ldap_info = conversation_get_proto_data(conversation, proto_ldap); + if (ldap_info == NULL) { + /* No. Attach that information to the conversation, and add + * it to the list of information structures. + */ + ldap_info = se_alloc(sizeof(ldap_conv_info_t)); + ldap_info->auth_type = 0; + ldap_info->auth_mech = 0; + ldap_info->first_auth_frame = 0; + ldap_info->matched=g_hash_table_new(ldap_info_hash_matched, ldap_info_equal_matched); + ldap_info->unmatched=g_hash_table_new(ldap_info_hash_unmatched, ldap_info_equal_unmatched); + conversation_add_proto_data(conversation, proto_ldap, ldap_info); + ldap_info->next = ldap_info_items; + ldap_info_items = ldap_info; + } + + switch (ldap_info->auth_type) { + case LDAP_AUTH_SASL: + /* + * It's SASL; are we using a security layer? + */ + if (ldap_info->first_auth_frame != 0 && + pinfo->fd->num >= ldap_info->first_auth_frame) { + doing_sasl_security = TRUE; /* yes */ + } + } + + while (tvb_reported_length_remaining(tvb, offset) > 0) { + + /* + * This will throw an exception if we don't have any data left. + * That's what we want. (See "tcp_dissect_pdus()", which is + * similar, but doesn't have to deal with the SASL issues. + * XXX - can we make "tcp_dissect_pdus()" provide enough information + * to the "get_pdu_len" routine so that we could have one dealing + * with the SASL issues, have that routine deal with SASL and + * ASN.1, and just use "tcp_dissect_pdus()"?) + */ + length_remaining = tvb_ensure_length_remaining(tvb, offset); + + /* + * Try to find out if we have a plain LDAP buffer + * with a "Sequence Of" header or a SASL buffer with + * Can we do reassembly? + */ + if (ldap_desegment && pinfo->can_desegment) { + /* + * Yes - is the "Sequence Of" header split across segment + * boundaries? We require at least 6 bytes for the header + * which allows for a 4 byte length (ASN.1 BER). + * For the SASL case we need at least 4 bytes, so this is + * no problem here because we check for 6 bytes ans sasl buffers + * with less than 2 bytes should not exist... + */ + if (length_remaining < 6) { + pinfo->desegment_offset = offset; + pinfo->desegment_len = 6 - length_remaining; + return; + } + } + + /* It might still be a packet containing a SASL security layer + * but its just that we never saw the BIND packet. + * check if it looks like it could be a SASL blob here + * and in that case just assume it is GSS-SPNEGO + */ + if(!doing_sasl_security && (tvb_bytes_exist(tvb, offset, 5)) + &&(tvb_get_ntohl(tvb, offset)<=(guint)(tvb_reported_length_remaining(tvb, offset)-4)) + &&(tvb_get_guint8(tvb, offset+4)==0x60) ){ + ldap_info->auth_type=LDAP_AUTH_SASL; + ldap_info->first_auth_frame=pinfo->fd->num; + ldap_info->auth_mech=g_strdup("GSS-SPNEGO"); + doing_sasl_security=TRUE; + } + + /* + * This is the first PDU, set the Protocol column and clear the + * Info column. + */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto); + if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO); + + ldap_item = proto_tree_add_item(tree, proto_ldap, tvb, 0, -1, FALSE); + ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap); + + /* + * Might we be doing a SASL security layer and, if so, *are* we doing + * one? + * + * Just because we've seen a bind reply for SASL, that doesn't mean + * that we're using a SASL security layer; I've seen captures in + * which some SASL negotiations lead to a security layer being used + * and other negotiations don't, and it's not obvious what's different + * in the two negotiations. Therefore, we assume that if the first + * byte is 0, it's a length for a SASL security layer (that way, we + * never reassemble more than 16 megabytes, protecting us from + * chewing up *too* much memory), and otherwise that it's an LDAP + * message (actually, if it's an LDAP message it should begin with 0x30, + * but we want to parse garbage as LDAP messages rather than really + * huge lengths). + */ + + if (doing_sasl_security && tvb_get_guint8(tvb, offset) == 0) { + proto_item *sasl_item = NULL; + proto_tree *sasl_tree = NULL; + tvbuff_t *sasl_tvb; + guint sasl_len, sasl_msg_len, length; + /* + * Yes. The frame begins with a 4-byte big-endian length. + * And we know we have at least 6 bytes + */ + + /* + * Get the SASL length, which is the length of data in the buffer + * following the length (i.e., it's 4 less than the total length). + * + * XXX - do we need to reassemble buffers? For now, we + * assume that each LDAP message is entirely contained within + * a buffer. + */ + sasl_len = tvb_get_ntohl(tvb, offset); + sasl_msg_len = sasl_len + 4; + if (sasl_msg_len < 4) { + /* + * The message length was probably so large that the total length + * overflowed. + * + * Report this as an error. + */ + show_reported_bounds_error(tvb, pinfo, tree); + return; + } + + /* + * Is the buffer split across segment boundaries? + */ + if (length_remaining < sasl_msg_len) { + /* provide a hint to TCP where the next PDU starts */ + pinfo->want_pdu_tracking = 2; + pinfo->bytes_until_next_pdu= sasl_msg_len - length_remaining; + /* + * Can we do reassembly? + */ + if (ldap_desegment && pinfo->can_desegment) { + /* + * Yes. Tell the TCP dissector where the data for this message + * starts in the data it handed us, and how many more bytes we + * need, and return. + */ + pinfo->desegment_offset = offset; + pinfo->desegment_len = sasl_msg_len - length_remaining; + return; + } + } + + /* + * Construct a tvbuff containing the amount of the payload we have + * available. Make its reported length the amount of data in the PDU. + * + * XXX - if reassembly isn't enabled. the subdissector will throw a + * BoundsError exception, rather than a ReportedBoundsError exception. + * We really want a tvbuff where the length is "length", the reported + * length is "plen", and the "if the snapshot length were infinite" + * length is the minimum of the reported length of the tvbuff handed + * to us and "plen", with a new type of exception thrown if the offset + * is within the reported length but beyond that third length, with + * that exception getting the "Unreassembled Packet" error. + */ + length = length_remaining; + if (length > sasl_msg_len) length = sasl_msg_len; + sasl_tvb = tvb_new_subset(tvb, offset, length, sasl_msg_len); + + if (ldap_tree) { + proto_tree_add_uint(ldap_tree, hf_ldap_sasl_buffer_length, sasl_tvb, 0, 4, + sasl_len); + + sasl_item = proto_tree_add_text(ldap_tree, sasl_tvb, 0, sasl_msg_len, "SASL buffer"); + sasl_tree = proto_item_add_subtree(sasl_item, ett_ldap_sasl_blob); + } + + if (ldap_info->auth_mech != NULL && + strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) { + tvbuff_t *gssapi_tvb, *plain_tvb = NULL, *decr_tvb= NULL; + int ver_len; + int length; + + /* + * This is GSS-API (using SPNEGO, but we should be done with + * the negotiation by now). + * + * Dissect the GSS_Wrap() token; it'll return the length of + * the token, from which we compute the offset in the tvbuff at + * which the plaintext data, i.e. the LDAP message, begins. + */ + length = tvb_length_remaining(sasl_tvb, 4); + if ((guint)length > sasl_len) + length = sasl_len; + gssapi_tvb = tvb_new_subset(sasl_tvb, 4, length, sasl_len); + + /* Attempt decryption of the GSSAPI wrapped data if possible */ + pinfo->decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL; + pinfo->gssapi_wrap_tvb=NULL; + pinfo->gssapi_encrypted_tvb=NULL; + pinfo->gssapi_decrypted_tvb=NULL; + ver_len = call_dissector(gssapi_wrap_handle, gssapi_tvb, pinfo, sasl_tree); + /* if we could unwrap, do a tvb shuffle */ + if(pinfo->gssapi_decrypted_tvb){ + decr_tvb=pinfo->gssapi_decrypted_tvb; + } + /* tidy up */ + pinfo->decrypt_gssapi_tvb=0; + pinfo->gssapi_wrap_tvb=NULL; + pinfo->gssapi_encrypted_tvb=NULL; + pinfo->gssapi_decrypted_tvb=NULL; + + /* + * if len is 0 it probably mean that we got a PDU that is not + * aligned to the start of the segment. + */ + if(ver_len==0){ + return; + } + + /* + * if we don't have unwrapped data, + * see if the wrapping involved encryption of the + * data; if not, just use the plaintext data. + */ + if (!decr_tvb) { + if(!pinfo->gssapi_data_encrypted){ + plain_tvb = tvb_new_subset(gssapi_tvb, ver_len, -1, -1); + } + } + + if (decr_tvb) { + proto_item *enc_item = NULL; + proto_tree *enc_tree = NULL; + + /* + * The LDAP message was encrypted in the packet, and has + * been decrypted; dissect the decrypted LDAP message. + */ + if (sasl_tree) { + enc_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1, + "GSS-API Encrypted payload (%d byte%s)", + sasl_len - ver_len, + plurality(sasl_len - ver_len, "", "s")); + enc_tree = proto_item_add_subtree(enc_item, ett_ldap_payload); + } + dissect_ldap_payload(decr_tvb, pinfo, enc_tree, ldap_info, TRUE, is_mscldap); + } else if (plain_tvb) { + proto_item *plain_item = NULL; + proto_tree *plain_tree = NULL; + + /* + * The LDAP message wasn't encrypted in the packet; + * dissect the plain LDAP message. + */ + if (sasl_tree) { + plain_item = proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1, + "GSS-API payload (%d byte%s)", + sasl_len - ver_len, + plurality(sasl_len - ver_len, "", "s")); + plain_tree = proto_item_add_subtree(plain_item, ett_ldap_payload); + } + + dissect_ldap_payload(plain_tvb, pinfo, plain_tree, ldap_info, TRUE, is_mscldap); + } else { + /* + * The LDAP message was encrypted in the packet, and was + * not decrypted; just show it as encrypted data. + */ + if (check_col(pinfo->cinfo, COL_INFO)) { + col_add_fstr(pinfo->cinfo, COL_INFO, "LDAP GSS-API Encrypted payload (%d byte%s)", + sasl_len - ver_len, + plurality(sasl_len - ver_len, "", "s")); + } + if (sasl_tree) { + proto_tree_add_text(sasl_tree, gssapi_tvb, ver_len, -1, + "GSS-API Encrypted payload (%d byte%s)", + sasl_len - ver_len, + plurality(sasl_len - ver_len, "", "s")); + } + } + } + offset += sasl_msg_len; + } else { + /* plain LDAP, so dissect the payload */ + dissect_ldap_payload(tvb, pinfo, ldap_tree, ldap_info, FALSE, is_mscldap); + /* dissect_ldap_payload() has it's own loop so go out here */ + break; + } + } +} +static void +dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + dissect_ldap_pdu(tvb, pinfo, tree, FALSE); + return; +} + +static void +dissect_mscldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + dissect_ldap_pdu(tvb, pinfo, tree, TRUE); + return; +} + + +static void +ldap_reinit(void) +{ + ldap_conv_info_t *ldap_info; + + /* Free up state attached to the ldap_info structures */ + for (ldap_info = ldap_info_items; ldap_info != NULL; ldap_info = ldap_info->next) { + if (ldap_info->auth_mech != NULL) { + g_free(ldap_info->auth_mech); + ldap_info->auth_mech=NULL; + } + g_hash_table_destroy(ldap_info->matched); + ldap_info->matched=NULL; + g_hash_table_destroy(ldap_info->unmatched); + ldap_info->unmatched=NULL; + } + + ldap_info_items = NULL; + +} +/*--- proto_register_ldap -------------------------------------------*/ +void proto_register_ldap(void) { + + /* List of fields */ + + static hf_register_info hf[] = { + + { &hf_ldap_sasl_buffer_length, + { "SASL Buffer Length", "ldap.sasl_buffer_length", + FT_UINT32, BASE_DEC, NULL, 0x0, + "SASL Buffer Length", HFILL }}, + +#include "packet-ldap-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_ldap, + &ett_ldap_payload, + &ett_ldap_sasl_blob, + &ett_ldap_msg, + +#include "packet-ldap-ettarr.c" + }; + + module_t *ldap_module; + + /* Register protocol */ + proto_ldap = proto_register_protocol(PNAME, PSNAME, PFNAME); + /* Register fields and subtrees */ + proto_register_field_array(proto_ldap, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + + register_dissector("ldap", dissect_ldap, proto_ldap); + + ldap_module = prefs_register_protocol(proto_ldap, NULL); + prefs_register_bool_preference(ldap_module, "desegment_ldap_messages", + "Reassemble LDAP messages spanning multiple TCP segments", + "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments." + " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", + &ldap_desegment); + + proto_cldap = proto_register_protocol( + "Connectionless Lightweight Directory Access Protocol", + "CLDAP", "cldap"); + + register_init_routine(ldap_reinit); + ldap_tap=register_tap("ldap"); + +} + + +/*--- proto_reg_handoff_ldap ---------------------------------------*/ +void +proto_reg_handoff_ldap(void) +{ + dissector_handle_t ldap_handle, cldap_handle; + ldap_handle = create_dissector_handle(dissect_ldap, proto_ldap); + dissector_add("tcp.port", TCP_PORT_LDAP, ldap_handle); + dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle); + + cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap); + dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle); + + gssapi_handle = find_dissector("gssapi"); + gssapi_wrap_handle = find_dissector("gssapi_verf"); + + + +} + + diff --git a/asn1/ldap/packet-ldap-template.h b/asn1/ldap/packet-ldap-template.h old mode 100755 new mode 100644 index 79becfafd1..e36d27e4fe --- a/asn1/ldap/packet-ldap-template.h +++ b/asn1/ldap/packet-ldap-template.h @@ -1,94 +1,94 @@ -/* packet-ldap.h - * Routines for ros packet dissection - * Copyright 2005, Anders Broman - * - * $Id: packet-ros-template.h 12203 2004-10-05 09:18:55Z guy $ - * - * Ethereal - Network traffic analyzer - * By Gerald Combs - * Copyright 1998 Gerald Combs - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - */ - -#ifndef __PACKET_LDAP_H__ -#define __PACKET_LDAP_H__ - -/* - * These are all APPLICATION types; the value is the type tag. - */ -#define LDAP_REQ_BIND 0 -#define LDAP_REQ_UNBIND 2 -#define LDAP_REQ_SEARCH 3 -#define LDAP_REQ_MODIFY 6 -#define LDAP_REQ_ADD 8 -#define LDAP_REQ_DELETE 10 -#define LDAP_REQ_MODRDN 12 -#define LDAP_REQ_COMPARE 14 -#define LDAP_REQ_ABANDON 16 -#define LDAP_REQ_EXTENDED 23 /* LDAP V3 only */ - -#define LDAP_RES_BIND 1 -#define LDAP_RES_SEARCH_ENTRY 4 -#define LDAP_RES_SEARCH_REF 19 /* LDAP V3 only */ -#define LDAP_RES_SEARCH_RESULT 5 -#define LDAP_RES_MODIFY 7 -#define LDAP_RES_ADD 9 -#define LDAP_RES_DELETE 11 -#define LDAP_RES_MODRDN 13 -#define LDAP_RES_COMPARE 15 -#define LDAP_RES_EXTENDED 24 /* LDAP V3 only */ - -/* - * These are all CONTEXT types; the value is the type tag. - */ - -/* authentication type tags */ -#define LDAP_AUTH_SIMPLE 0 -#define LDAP_AUTH_KRBV4LDAP 1 /* LDAP V2 only */ -#define LDAP_AUTH_KRBV4DSA 2 /* LDAP V2 only */ -#define LDAP_AUTH_SASL 3 /* LDAP V3 only */ - -/* filter type tags */ -#define LDAP_FILTER_AND 0 -#define LDAP_FILTER_OR 1 -#define LDAP_FILTER_NOT 2 -#define LDAP_FILTER_EQUALITY 3 -#define LDAP_FILTER_SUBSTRINGS 4 -#define LDAP_FILTER_GE 5 -#define LDAP_FILTER_LE 6 -#define LDAP_FILTER_PRESENT 7 -#define LDAP_FILTER_APPROX 8 -#define LDAP_FILTER_EXTENSIBLE 9 /* LDAP V3 only */ - -#define LDAP_MOD_ADD 0 -#define LDAP_MOD_DELETE 1 -#define LDAP_MOD_REPLACE 2 - -typedef struct ldap_call_response { - gboolean is_request; - guint32 req_frame; - nstime_t req_time; - guint32 rep_frame; - guint messageId; - guint protocolOpTag; -} ldap_call_response_t; - - -/*#include "packet-ldap-exp.h" */ - -#endif /* PACKET_LDAP_H */ - - +/* packet-ldap.h + * Routines for ros packet dissection + * Copyright 2005, Anders Broman + * + * $Id$ + * + * Ethereal - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifndef __PACKET_LDAP_H__ +#define __PACKET_LDAP_H__ + +/* + * These are all APPLICATION types; the value is the type tag. + */ +#define LDAP_REQ_BIND 0 +#define LDAP_REQ_UNBIND 2 +#define LDAP_REQ_SEARCH 3 +#define LDAP_REQ_MODIFY 6 +#define LDAP_REQ_ADD 8 +#define LDAP_REQ_DELETE 10 +#define LDAP_REQ_MODRDN 12 +#define LDAP_REQ_COMPARE 14 +#define LDAP_REQ_ABANDON 16 +#define LDAP_REQ_EXTENDED 23 /* LDAP V3 only */ + +#define LDAP_RES_BIND 1 +#define LDAP_RES_SEARCH_ENTRY 4 +#define LDAP_RES_SEARCH_REF 19 /* LDAP V3 only */ +#define LDAP_RES_SEARCH_RESULT 5 +#define LDAP_RES_MODIFY 7 +#define LDAP_RES_ADD 9 +#define LDAP_RES_DELETE 11 +#define LDAP_RES_MODRDN 13 +#define LDAP_RES_COMPARE 15 +#define LDAP_RES_EXTENDED 24 /* LDAP V3 only */ + +/* + * These are all CONTEXT types; the value is the type tag. + */ + +/* authentication type tags */ +#define LDAP_AUTH_SIMPLE 0 +#define LDAP_AUTH_KRBV4LDAP 1 /* LDAP V2 only */ +#define LDAP_AUTH_KRBV4DSA 2 /* LDAP V2 only */ +#define LDAP_AUTH_SASL 3 /* LDAP V3 only */ + +/* filter type tags */ +#define LDAP_FILTER_AND 0 +#define LDAP_FILTER_OR 1 +#define LDAP_FILTER_NOT 2 +#define LDAP_FILTER_EQUALITY 3 +#define LDAP_FILTER_SUBSTRINGS 4 +#define LDAP_FILTER_GE 5 +#define LDAP_FILTER_LE 6 +#define LDAP_FILTER_PRESENT 7 +#define LDAP_FILTER_APPROX 8 +#define LDAP_FILTER_EXTENSIBLE 9 /* LDAP V3 only */ + +#define LDAP_MOD_ADD 0 +#define LDAP_MOD_DELETE 1 +#define LDAP_MOD_REPLACE 2 + +typedef struct ldap_call_response { + gboolean is_request; + guint32 req_frame; + nstime_t req_time; + guint32 rep_frame; + guint messageId; + guint protocolOpTag; +} ldap_call_response_t; + + +/*#include "packet-ldap-exp.h" */ + +#endif /* PACKET_LDAP_H */ + + -- cgit v1.2.3