diff --git a/packet-ldap.c b/packet-ldap.c index 6d9842da6c..e0374c902a 100644 --- a/packet-ldap.c +++ b/packet-ldap.c @@ -3,7 +3,7 @@ * * See RFC 1777 (LDAP v2), RFC 2251 (LDAP v3), and RFC 2222 (SASL). * - * $Id: packet-ldap.c,v 1.73 2004/01/19 22:58:59 guy Exp $ + * $Id: packet-ldap.c,v 1.74 2004/04/20 08:33:15 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -130,6 +130,16 @@ static int hf_ldap_message_abandon_msgid = -1; static int hf_mscldap_netlogon_type = -1; static int hf_mscldap_netlogon_flags = -1; +static int hf_mscldap_netlogon_flags_pdc = -1; +static int hf_mscldap_netlogon_flags_gc = -1; +static int hf_mscldap_netlogon_flags_ldap = -1; +static int hf_mscldap_netlogon_flags_ds = -1; +static int hf_mscldap_netlogon_flags_kdc = -1; +static int hf_mscldap_netlogon_flags_timeserv = -1; +static int hf_mscldap_netlogon_flags_closest = -1; +static int hf_mscldap_netlogon_flags_writable = -1; +static int hf_mscldap_netlogon_flags_good_timeserv = -1; +static int hf_mscldap_netlogon_flags_ndnc = -1; static int hf_mscldap_domain_guid = -1; static int hf_mscldap_forest = -1; static int hf_mscldap_domain = -1; @@ -147,6 +157,7 @@ static gint ett_ldap = -1; static gint ett_ldap_gssapi_token = -1; static gint ett_ldap_referrals = -1; static gint ett_ldap_attribute = -1; +static gint ett_mscldap_netlogon_flags = -1; static int ldap_tap = -1; @@ -1360,6 +1371,89 @@ static int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int maxl return offset; } + +/* These flag bits were found to be defined in the samba sources. + * I hope they are correct (but have serious doubts about the CLOSEST + * bit being used or being meaningful). + */ +static const true_false_string tfs_ads_pdc = { + "This is a PDC", + "This is NOT a pdc" +}; +static const true_false_string tfs_ads_gc = { + "This is a GLOBAL CATALOGUE of forest", + "This is NOT a global catalog of forest" +}; +static const true_false_string tfs_ads_ldap = { + "This is an LDAP server", + "This is NOT an ldap server" +}; +static const true_false_string tfs_ads_ds = { + "This dc supports DS", + "This dc does NOT support ds" +}; +static const true_false_string tfs_ads_kdc = { + "This is a KDC (kerberos)", + "This is NOT a kdc (kerberos)" +}; +static const true_false_string tfs_ads_timeserv = { + "This dc is running TIME SERVICES (ntp)", + "This dc is NOT running time services (ntp)" +}; +static const true_false_string tfs_ads_closest = { + "This is the CLOSEST dc (unreliable?)", + "This is NOT the closest dc" +}; +static const true_false_string tfs_ads_writable = { + "This dc is WRITABLE", + "This dc is NOT writable" +}; +static const true_false_string tfs_ads_good_timeserv = { + "This dc has a GOOD TIME SERVICE (i.e. hardware clock)", + "This dc does NOT have a good time service (i.e. no hardware clock)" +}; +static const true_false_string tfs_ads_ndnc = { + "Domain is NON-DOMAIN NC serviced by ldap server", + "Domain is NOT non-domain nc serviced by ldap server" +}; +static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset) +{ + guint32 flags; + proto_item *item; + proto_tree *tree=NULL; + + flags=tvb_get_letohl(tvb, offset); + item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE); + if(parent_tree){ + tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags); + } + + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ndnc, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_good_timeserv, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_writable, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_closest, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_timeserv, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_kdc, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ds, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ldap, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_gc, + tvb, offset, 4, flags); + proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_pdc, + tvb, offset, 4, flags); + + offset += 4; + + return offset; +} + static void dissect_mscldap_response_netlogon(proto_tree *tree, tvbuff_t *tvb) { int old_offset, offset=0; @@ -1373,9 +1467,7 @@ static void dissect_mscldap_response_netlogon(proto_tree *tree, tvbuff_t *tvb) offset += 4; /* Flags */ - /*XXX someone that knows what these flags are should add that knowledge here*/ - proto_tree_add_item(tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE); - offset += 4; + offset = dissect_mscldap_netlogon_flags(tree, tvb, offset); /* Domain GUID */ proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE); @@ -2780,7 +2872,7 @@ proto_register_ldap(void) { &hf_mscldap_netlogon_flags, { "Flags", "mscldap.netlogon.flags", FT_UINT32, BASE_HEX, NULL, 0x0, - "Flags ", HFILL }}, + "Netlogon flags describing the DC properties", HFILL }}, { &hf_mscldap_domain_guid, { "Domain GUID", "mscldap.domain.guid", @@ -2827,13 +2919,54 @@ proto_register_ldap(void) FT_STRING, BASE_NONE, NULL, 0x0, "Client Site name", HFILL }}, + { &hf_mscldap_netlogon_flags_pdc, + { "PDC", "mscldap.netlogon.flags.pdc", FT_BOOLEAN, 32, + TFS(&tfs_ads_pdc), 0x00000001, "Is this DC a PDC or not?", HFILL }}, + + { &hf_mscldap_netlogon_flags_gc, + { "GC", "mscldap.netlogon.flags.gc", FT_BOOLEAN, 32, + TFS(&tfs_ads_gc), 0x00000004, "Does this dc service as a GLOBAL CATALOGUE?", HFILL }}, + + { &hf_mscldap_netlogon_flags_ldap, + { "LDAP", "mscldap.netlogon.flags.ldap", FT_BOOLEAN, 32, + TFS(&tfs_ads_ldap), 0x00000008, "Does this DC act as an LDAP server?", HFILL }}, + + { &hf_mscldap_netlogon_flags_ds, + { "DS", "mscldap.netlogon.flags.ds", FT_BOOLEAN, 32, + TFS(&tfs_ads_ds), 0x00000010, "Does this dc provide DS services?", HFILL }}, + + { &hf_mscldap_netlogon_flags_kdc, + { "KDC", "mscldap.netlogon.flags.kdc", FT_BOOLEAN, 32, + TFS(&tfs_ads_kdc), 0x00000020, "Does this dc act as a KDC?", HFILL }}, + + { &hf_mscldap_netlogon_flags_timeserv, + { "Time Serv", "mscldap.netlogon.flags.timeserv", FT_BOOLEAN, 32, + TFS(&tfs_ads_timeserv), 0x00000040, "Does this dc provide time services (ntp) ?", HFILL }}, + + { &hf_mscldap_netlogon_flags_closest, + { "Closest", "mscldap.netlogon.flags.closest", FT_BOOLEAN, 32, + TFS(&tfs_ads_closest), 0x00000080, "Is this the closest dc? (is this used at all?)", HFILL }}, + + { &hf_mscldap_netlogon_flags_writable, + { "Writable", "mscldap.netlogon.flags.writable", FT_BOOLEAN, 32, + TFS(&tfs_ads_writable), 0x00000100, "Is this dc writable? (i.e. can it update the AD?)", HFILL }}, + + { &hf_mscldap_netlogon_flags_good_timeserv, + { "Good Time Serv", "mscldap.netlogon.flags.good_timeserv", FT_BOOLEAN, 32, + TFS(&tfs_ads_good_timeserv), 0x00000200, "Is this a Good Time Server? (i.e. does it have a hardware clock)", HFILL }}, + + { &hf_mscldap_netlogon_flags_ndnc, + { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32, + TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }}, + }; static gint *ett[] = { &ett_ldap, &ett_ldap_gssapi_token, &ett_ldap_referrals, - &ett_ldap_attribute + &ett_ldap_attribute, + &ett_mscldap_netlogon_flags }; module_t *ldap_module;