forked from osmocom/wireshark
4e1b5ea866
Change-Id: I1a317b19d8076588c9305dae6287bb80cc14da64 Reviewed-on: https://code.wireshark.org/review/4494 Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net> Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org> Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
422 lines
14 KiB
INI
422 lines
14 KiB
INI
# x509if.cnf
|
|
# X509IF conformation file
|
|
|
|
#.IMPORT ../x509sat/x509sat-exp.cnf
|
|
|
|
#.MODULE_IMPORT
|
|
DirectoryAbstractService dap
|
|
|
|
#.OMIT_ASSIGNMENT
|
|
ObjectClassKind
|
|
#.END
|
|
#.CLASS ATTRIBUTE
|
|
&derivation ClassReference ATTRIBUTE
|
|
&Type
|
|
&equality-match ClassReference MATCHING-RULE
|
|
&ordering-match ClassReference MATCHING-RULE
|
|
&substrings-match ClassReference MATCHING-RULE
|
|
&single-valued BooleanType
|
|
&collective BooleanType
|
|
&no-user-modification BooleanType
|
|
&usage TypeReference AttributeUsage
|
|
&id ObjectIdentifierType
|
|
#.END
|
|
#.CLASS CONTEXT
|
|
&Type
|
|
&Assertion
|
|
&id ObjectIdentifierType
|
|
#.END
|
|
#.CLASS OBJECT-CLASS
|
|
&Superclasses ClassReference OBJECT-CLASS
|
|
&kind TypeReference ObjectClassKind
|
|
&MandatoryAttributes ClassReference ATTRIBUTE
|
|
&OptionalAttributes ClassReference ATTRIBUTE
|
|
&id ObjectIdentifierType
|
|
#.END
|
|
|
|
#.CLASS MATCHING-RESTRICTION
|
|
&Restriction
|
|
&Rules _FixedTypeValueSetFieldSpec
|
|
&id ObjectIdentifierType
|
|
#.END
|
|
|
|
#.CLASS MATCHING-RULE
|
|
&ParentMatchingRules ClassReference MATCHING-RULE
|
|
&AssertionType
|
|
&uniqueMatchIndicator ClassReference ATTRIBUTE
|
|
&id ObjectIdentifierType
|
|
#.END
|
|
|
|
#.EXPORTS
|
|
OBJECT-CLASS
|
|
ATTRIBUTE
|
|
MATCHING-RULE
|
|
MAPPING-BASED-MATCHING
|
|
NAME-FORM
|
|
STRUCTURE-RULE
|
|
CONTENT-RULE
|
|
CONTEXT
|
|
SEARCH-RULE
|
|
MATCHING-RESTRICTION
|
|
AllowedSubset
|
|
Attribute
|
|
AttributeCombination
|
|
AttributeType
|
|
AttributeTypeAndDistinguishedValue
|
|
AttributeTypeAssertion
|
|
AttributeUsage
|
|
AttributeValue
|
|
AttributeValueAssertion
|
|
#BaseDistance
|
|
ChopSpecification
|
|
Context
|
|
ContextAssertion
|
|
ContextCombination
|
|
ContextProfile
|
|
ControlOptions
|
|
DistinguishedName
|
|
DITContentRule
|
|
DITContextUse
|
|
DITStructureRule
|
|
EntryLimit
|
|
ImposedSubset
|
|
LocalName
|
|
Mapping
|
|
MatchingUse
|
|
MRMapping
|
|
MRSubstitution
|
|
Name
|
|
Refinement
|
|
RelativeDistinguishedName
|
|
RelaxationPolicy
|
|
RDNSequence
|
|
RequestAttribute
|
|
ResultAttribute
|
|
RuleIdentifier
|
|
SearchRule
|
|
SearchRuleDescription
|
|
SearchRuleId
|
|
SubtreeSpecification
|
|
|
|
#.PDU_NEW
|
|
DistinguishedName
|
|
|
|
#.NO_EMIT
|
|
|
|
#.TYPE_RENAME
|
|
AttributeTypeAndDistinguishedValue/valuesWithContext T_valWithContext
|
|
AttributeTypeAndDistinguishedValue/valuesWithContext/_item T_valWithContext_item
|
|
ChopSpecification/specificExclusions T_chopSpecificExclusions
|
|
ChopSpecification/specificExclusions/_item T_chopSpecificExclusions_item
|
|
|
|
#.FIELD_RENAME
|
|
AttributeTypeAssertion/assertedContexts ata_assertedContexts
|
|
AttributeTypeAndDistinguishedValue/value atadv_value
|
|
AttributeTypeAndDistinguishedValue/valuesWithContext valueswithContext
|
|
AttributeTypeAndDistinguishedValue/valuesWithContext/_item valueswithContext_item
|
|
ChopSpecification/specificExclusions chopSpecificExclusions
|
|
ChopSpecification/specificExclusions/_item chopSpecificExclusions_item
|
|
Refinement/and refinement_and
|
|
Refinement/and/_item refinement_and_item
|
|
Refinement/not refinement_not
|
|
Refinement/or refinement_or
|
|
Refinement/or/_item refinement_or_item
|
|
ContextAssertion/contextType ca_contextType
|
|
ContextAssertion/contextValues ca_contextValues
|
|
ContextAssertion/contextValues/_item ca_contextValues_item
|
|
ContextCombination/not contextcombination_not
|
|
ContextCombination/and contextcombination_and
|
|
ContextCombination/and/_item contextcombination_and_item
|
|
ContextCombination/or contextcombination_or
|
|
ContextCombination/or/_item contextcombination_or_item
|
|
RelaxationPolicy/maximum maximum_relaxation
|
|
RelaxationPolicy/minimum minimum_relaxation
|
|
RequestAttribute/defaultValues/_item/values ra_values
|
|
RequestAttribute/defaultValues/_item/values/_item ra_values_item
|
|
RequestAttribute/selectedValues ra_selectedValues
|
|
RequestAttribute/selectedValues/_item ra_selectedValues_item
|
|
|
|
#.REGISTER_NEW
|
|
DistinguishedName B "2.5.4.1" "id-at-aliasedEntryName"
|
|
DistinguishedName B "2.5.4.31" "id-at-member"
|
|
DistinguishedName B "2.5.4.32" "id-at-owner"
|
|
DistinguishedName B "2.5.4.33" "id-at-roleOccupant"
|
|
DistinguishedName B "2.5.4.34" "id-at-seeAlso"
|
|
DistinguishedName B "2.5.4.49" "id-at-distinguishedName"
|
|
|
|
DistinguishedName B "2.5.18.3" "id-oa-creatorsName"
|
|
DistinguishedName B "2.5.18.4" "id-oa-modifiersName"
|
|
SubtreeSpecification B "2.5.18.6" "id-oa-subtreeSpecification"
|
|
DistinguishedName B "2.5.18.10" "id-oa-subschemaSubentry"
|
|
DistinguishedName B "2.5.18.11" "id-oa-accessControlSubentry"
|
|
DistinguishedName B "2.5.18.12" "id-oa-collectiveAttributeSubentry"
|
|
DistinguishedName B "2.5.18.13" "id-oa-contextDefaultSubentry"
|
|
HierarchyLevel B "2.5.18.17" "id-oa-hierarchyLevel"
|
|
HierarchyBelow B "2.5.18.18" "iid-oa-hierarchyBelow"
|
|
# X402 - see master list in acp133.cnf
|
|
DistinguishedName B "2.6.5.2.5" "id-at-mhs-message-store-dn"
|
|
DistinguishedName B "2.6.5.2.14" "id-at-mhs-dl-related-lists"
|
|
|
|
# ACP133 - see master list in acp133.cnf
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.3" "id-at-alternateRecipient"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.4" "id-at-associatedOrganization"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.6" "id-at-associatedPLA"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.49" "id-at-aliasPointer"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.61" "id-at-listPointer"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.110" "id-at-administrator"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.111" "id-at-aigsExpanded"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.113" "id-at-associatedAL"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.114" "id-at-copyMember"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.117" "id-at-guard"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.121" "id-at-networkDN"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.138" "id-at-plasServed"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.139" "id-at-deployed"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.140" "id-at-garrison"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.184" "id-at-aCPDutyOfficer"
|
|
DistinguishedName B "2.16.840.1.101.2.2.1.188" "id-at-primaryMember"
|
|
|
|
|
|
|
|
#.FN_PARS ContextAssertion/contextType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY ContextAssertion/contextValues/_item
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS AttributeTypeAndDistinguishedValue/type
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY AttributeTypeAndDistinguishedValue/type
|
|
const char *fmt;
|
|
const char *name;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if(actx->external.direct_reference) {
|
|
/* see if we can find a nice name */
|
|
name = oid_resolved_from_string(actx->external.direct_reference);
|
|
if(!name) name = actx->external.direct_reference;
|
|
|
|
if(last_rdn) { /* append it to the RDN */
|
|
g_strlcat(last_rdn, name, MAX_RDN_STR_LEN);
|
|
g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN);
|
|
|
|
/* append it to the tree */
|
|
proto_item_append_text(tree, " (%%s=", name);
|
|
} else if(doing_attr) {
|
|
/* append it to the parent item */
|
|
proto_item_append_text(tree, " (%%s)", name);
|
|
}
|
|
|
|
if((fmt = val_to_str_const(hf_index, fmt_vals, "")) && *fmt) {
|
|
/* we have a format */
|
|
last_ava = (char *)wmem_alloc(wmem_packet_scope(), MAX_AVA_STR_LEN); *last_ava = '\0';
|
|
register_frame_end_routine (actx->pinfo, x509if_frame_end);
|
|
|
|
g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt);
|
|
|
|
proto_item_append_text(tree, " %%s", last_ava);
|
|
|
|
}
|
|
}
|
|
|
|
#.FN_BODY AttributeTypeAndDistinguishedValue/value
|
|
int old_offset = offset;
|
|
tvbuff_t *out_tvb;
|
|
char *value = NULL;
|
|
const char *fmt;
|
|
const char *name = NULL;
|
|
const char *orig_oid = actx->external.direct_reference;
|
|
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
/* in dissecting the value we may have overridden the OID of the value - which is
|
|
a problem if there are multiple values */
|
|
actx->external.direct_reference = orig_oid;
|
|
|
|
/* try and dissect as a string */
|
|
dissect_ber_octet_string(FALSE, actx, NULL, tvb, old_offset, hf_x509if_any_string, &out_tvb);
|
|
|
|
/* should also try and dissect as an OID and integer */
|
|
/* of course, if I can look up the syntax .... */
|
|
|
|
if(out_tvb) {
|
|
/* it was a string - format it */
|
|
value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb));
|
|
|
|
if(last_rdn) {
|
|
g_strlcat(last_rdn, value, MAX_RDN_STR_LEN);
|
|
|
|
/* append it to the tree*/
|
|
proto_item_append_text(tree, "%%s)", value);
|
|
}
|
|
|
|
if((fmt = val_to_str_const(ava_hf_index, fmt_vals, "")) && *fmt) {
|
|
/* we have a format */
|
|
|
|
if (!last_ava) {
|
|
last_ava = (char *)wmem_alloc(wmem_packet_scope(), MAX_AVA_STR_LEN);
|
|
}
|
|
|
|
if(!(name = oid_resolved_from_string(actx->external.direct_reference)))
|
|
name = actx->external.direct_reference;
|
|
g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value);
|
|
|
|
proto_item_append_text(tree, " %%s", last_ava);
|
|
|
|
}
|
|
}
|
|
|
|
#.FN_PARS RequestAttribute/attributeType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY RequestAttribute/selectedValues/_item
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS RequestAttribute/defaultValues/_item/entryType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY RequestAttribute/defaultValues/_item/values/_item
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_BODY Attribute/valuesWithContext/_item/value
|
|
offset=call_ber_oid_callback("unknown", tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS ResultAttribute/attributeType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY ResultAttribute/outputValues/selectedValues/_item
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS Context/contextType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY Context/contextValues/_item
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS AttributeType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY AttributeValue
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS AttributeValueAssertion/type
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY AttributeValueAssertion/assertion
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS Attribute/type
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY Attribute/values/_item
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS ContextProfile/contextType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY ContextProfile/contextValue/_item
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_PARS MatchingUse/restrictionType
|
|
FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference
|
|
|
|
#.FN_BODY MatchingUse/restrictionValue
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_BODY AttributeTypeAndDistinguishedValue/valuesWithContext/_item/distingAttrValue
|
|
offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
#.FN_BODY RelativeDistinguishedName
|
|
char *temp_dn;
|
|
|
|
rdn_one_value = FALSE;
|
|
top_of_rdn = tree;
|
|
last_rdn = (char *)wmem_alloc(wmem_packet_scope(), MAX_DN_STR_LEN); *last_rdn = '\0';
|
|
register_frame_end_routine (actx->pinfo, x509if_frame_end);
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
/* we've finished - close the bracket */
|
|
proto_item_append_text(top_of_rdn, " (%%s)", last_rdn);
|
|
|
|
/* now append this to the DN */
|
|
if (last_dn) {
|
|
if(*last_dn) {
|
|
temp_dn = (char *)wmem_alloc(wmem_packet_scope(), MAX_DN_STR_LEN); /* is there a better way to use ep_alloc here ? */
|
|
g_snprintf(temp_dn, MAX_DN_STR_LEN, "%%s,%%s", last_rdn, last_dn);
|
|
last_dn[0] = '\0';
|
|
g_strlcat(last_dn, temp_dn, MAX_DN_STR_LEN);
|
|
} else {
|
|
g_strlcat(last_dn, last_rdn, MAX_DN_STR_LEN);
|
|
}
|
|
}
|
|
|
|
last_rdn = NULL; /* it will get freed when the next packet is dissected */
|
|
|
|
#.FN_BODY RelativeDistinguishedName/_item
|
|
|
|
if(!rdn_one_value) {
|
|
top_of_rdn = tree;
|
|
} else {
|
|
|
|
if(last_rdn)
|
|
/* this is an additional value - delimit */
|
|
g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN);
|
|
}
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
rdn_one_value = TRUE;
|
|
|
|
#.FN_BODY RDNSequence
|
|
const char *fmt;
|
|
|
|
dn_one_rdn = FALSE; /* reset */
|
|
last_dn = (char *)wmem_alloc(wmem_packet_scope(), MAX_DN_STR_LEN); *last_dn = '\0';
|
|
top_of_dn = NULL;
|
|
register_frame_end_routine (actx->pinfo, x509if_frame_end);
|
|
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
/* we've finished - append the dn */
|
|
proto_item_append_text(top_of_dn, " (%%s)", last_dn);
|
|
|
|
/* see if we should append this to the col info */
|
|
if((fmt = val_to_str_const(hf_index, fmt_vals, "")) && *fmt) {
|
|
/* we have a format */
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, " %%s%%s", fmt, last_dn);
|
|
}
|
|
|
|
|
|
#.FN_BODY RDNSequence/_item
|
|
|
|
if(!dn_one_rdn) {
|
|
/* this is the first element - record the top */
|
|
top_of_dn = tree;
|
|
}
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
dn_one_rdn = TRUE;
|
|
|
|
#.FN_BODY AttributeValueAssertion
|
|
|
|
ava_hf_index = hf_index;
|
|
last_ava = (char *)wmem_alloc(wmem_packet_scope(), MAX_AVA_STR_LEN); *last_ava = '\0';
|
|
register_frame_end_routine (actx->pinfo, x509if_frame_end);
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ava_hf_index=-1;
|
|
|
|
#.FN_BODY Attribute
|
|
doing_attr = TRUE;
|
|
register_frame_end_routine (actx->pinfo, x509if_frame_end);
|
|
|
|
%(DEFAULT_BODY)s
|
|
#.END
|
|
|
|
|