Extended the cldap desector to include all the current netlogon response data
types.
Expanded the cldap netlogon ntver option to be a bit mask of the search flags
Updated the DS flags fields to include Windows 2008 options.
svn path=/trunk/; revision=25942
Attached is a patch to the ldap_reinit() function to fix bug 2407.
This particular bug was triggered by the order of steps used to walk
and free the nodes of the ldap_info_items list.
This should go into the next 1.0 release.
svn path=/trunk/; revision=24838
2) Support for RFC 3909 - cancelRequest extendedOperation
3) Support for RFC 3062 - passwordModify extendedOperation
4) Column information for ExtendedRequest, SearchResultRef and AbandonRequest
5) Column information for multiple LDAP operations in the same packet (uses " | " separator)
svn path=/trunk/; revision=24195
dissect_ber_boolean() to return a value and update asn2wrs to generate the new signature.
Regenerate all BER dissectors.
svn path=/trunk/; revision=24015
- retrieving the list of remote PCAP interfaces
- password authentication support
- UDP data fransfer
- packet sampling (available in WinPcap 4.x)
etc.
fix problem if non-default rpcap port is used
svn path=/trunk/; revision=23750
authentication packet or else we will get inconsistent dissection when
clicking on packets.
(inconsistent as in : a certain packet might/might not be dissected as
LDAP/SASL depending on which packets we clicked on previously)
svn path=/trunk/; revision=22949
cant check that the payload starts with BER tag 0x60 and an oid.
instead check that the length byte (first 4 bytes) look sane and if
SASL authentication has been negotiated on the connection
also, sometimes clients will mix both non-SASL and SASL protected LDAP
traffic on the same tcp connection by initially performing simple
unauthenticated searches on the database before performing the Bind.
svn path=/trunk/; revision=22948
a SASL encapsulated ldap blob can contain more than one LDAP message so
the rest_is_pad parameter is bogus and thus removed.
make dissect_ldap_pdu handle when we have more than one LDAP message
inside one sasl blob
svn path=/trunk/; revision=22181
1) Handle empty (zero length) saslCredentials
2) Handle "GSSAPI" auth_mech when identified from the bind
3) Annotate column info to show SASL service applied to LDAP operation
svn path=/trunk/; revision=20830
I created two patches:
1.) move the handling of the compressed strings in CLDAP 'netlogon' replies into a generic place.
2.) implement dissection of SMB_NETLOGON cmd's 0x17 and 0x19
svn path=/trunk/; revision=19970
*) Remove maximum LDAP PDU size check - they can get large with either large attributes (e.g. CRLs, SPIFs) or with lots of results (see http://www.wireshark.org/lists/wireshark-users/200610/msg00197.html). The max size preference is also removed.
*) Support for dissecting LDAP controls including server side sorting and paged results. A new BER function is introduced to see if there is a dissector for a given OID.
*) Remove reference to removed BER preference in the LDAP reassembly preference.
*) Mark a LDAPURL as a URL
svn path=/trunk/; revision=19792
there are many reasons why some protocols actually need to be able to access the pinfo structure while determining the pdu size
svn path=/trunk/; revision=19751
pretty horrible hack to store an ntlmssp blob inside an ldap string
the info column is not entirely pretty but the payload is at least decoded
svn path=/trunk/; revision=19490
This patch makes the the maximum valid LDAP PDU size a preference. The default value for this new preference is 65535 for backwards compatibility.
svn path=/trunk/; revision=19288
use tcp_dissect_pdus() which works insterad of trying to do the pdu tracking and signalling for reassembly manually.
This makes ldap pdu tracking and reassembly work properly for cases when hosts are streaming lpad over tcp and there is little or none alignlemt of pdus to the start of a segment
svn path=/trunk/; revision=18965