forked from osmocom/wireshark
818 lines
26 KiB
INI
818 lines
26 KiB
INI
# ldap.cnf
|
|
# LDAP conformation file
|
|
# Copyright 2005 Anders Broman
|
|
|
|
#.OMIT_ASSIGNMENT
|
|
DirSyncFlagsSubEntry
|
|
PasswdModifyResponseValue
|
|
|
|
#.PDU
|
|
|
|
#.TYPE_RENAME
|
|
|
|
BindResponse/_untag/resultCode BindResponse_resultCode
|
|
ExtendedResponse/_untag/resultCode ExtendedResponse_resultCode
|
|
ModifyRequest/_untag/modification ModifyRequest_modification
|
|
|
|
#.FIELD_RENAME
|
|
BindResponse/_untag/resultCode bindResponse_resultCode
|
|
ExtendedResponse/_untag/resultCode extendedResponse_resultCode
|
|
SearchRequest/_untag/attributes searchRequest_attributes
|
|
SearchResultEntry/_untag/attributes searchResultEntry_attributes
|
|
ModifyRequest/_untag/modification modifyRequest_modification
|
|
SubstringFilter/substrings substringFilter_substrings
|
|
BindResponse/_untag/matchedDN bindResponse_matchedDN
|
|
IntermediateResponse/_untag/responseValue intermediateResponse_responseValue
|
|
|
|
#.TYPE_ATTR
|
|
LDAPString TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
LDAPOID TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
AssertionValue TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
DirSyncFlags TYPE = FT_UINT32 DISPLAY = BASE_HEX STRINGS = NULL
|
|
Simple TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
|
|
#.REGISTER
|
|
SearchControlValue B "1.2.840.113556.1.4.319" "pagedResultsControl"
|
|
SortKeyList B "1.2.840.113556.1.4.473" "sortKeyList"
|
|
SortResult B "1.2.840.113556.1.4.474" "sortResult"
|
|
DirSyncControlValue B "1.2.840.113556.1.4.841" "dirsync"
|
|
#RFC 3062
|
|
PasswdModifyRequestValue B "1.3.6.1.4.1.4203.1.11.1" "passwdModifyOID"
|
|
#RFC 3909
|
|
CancelRequestValue B "1.3.6.1.1.8" "cancelRequestOID"
|
|
#RFC 4533
|
|
SyncRequestValue B "1.3.6.1.4.1.4203.1.9.1.1" "syncRequestOID"
|
|
SyncStateValue B "1.3.6.1.4.1.4203.1.9.1.2" "syncStateOID"
|
|
SyncDoneValue B "1.3.6.1.4.1.4203.1.9.1.3" "syncDoneOID"
|
|
SyncInfoValue B "1.3.6.1.4.1.4203.1.9.1.4" "syncInfoOID"
|
|
# Draft RFC - Password Policy for LDAP Directories
|
|
PasswordPolicyResponseValue B "1.3.6.1.4.1.42.2.27.8.5.1" "passwordPolicy"
|
|
|
|
#.FN_FTR LDAPURL
|
|
proto_item_set_url(actx->created_item);
|
|
|
|
#.FN_HDR LDAPOID
|
|
|
|
tvbuff_t *parameter_tvb;
|
|
const gchar *name;
|
|
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
|
|
|
|
#.FN_PARS LDAPOID VAL_PTR = ¶meter_tvb
|
|
|
|
#.FN_FTR LDAPOID
|
|
|
|
object_identifier_id = NULL;
|
|
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
|
|
object_identifier_id = tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
|
|
name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id);
|
|
|
|
if(name){
|
|
proto_item_append_text(actx->created_item, " (%s)", name);
|
|
|
|
if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
|
|
ldap_do_protocolop(actx->pinfo);
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
|
|
}
|
|
}
|
|
|
|
/* Has the client requested the Start TLS operation? */
|
|
if (ldap_info && hf_index == hf_ldap_requestName &&
|
|
!strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
|
|
/* remember we have asked to start_tls */
|
|
ldap_info->start_tls_pending = TRUE;
|
|
}
|
|
|
|
#.FN_BODY MessageID VAL_PTR = &MessageID
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldm_tree = tree;
|
|
|
|
#.FN_PARS ProtocolOp VAL_PTR = &ProtocolOp
|
|
|
|
#.FN_HDR ProtocolOp
|
|
|
|
ldap_call_response_t *lcrp;
|
|
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
|
|
do_protocolop = TRUE;
|
|
|
|
#.FN_FTR ProtocolOp
|
|
|
|
if (ProtocolOp == -1) {
|
|
return offset;
|
|
}
|
|
|
|
/* ProtocolOp is the index, not the tag so convert it to the tag value */
|
|
ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
|
|
|
|
lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info);
|
|
if(lcrp){
|
|
tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
|
|
}
|
|
|
|
/* XXX: the count will not work if the results span multiple TCP packets */
|
|
|
|
if(ldap_info) { /* only count once */
|
|
switch(ProtocolOp) {
|
|
|
|
case LDAP_RES_SEARCH_ENTRY:
|
|
if (!actx->pinfo->fd->visited)
|
|
ldap_info->num_results++;
|
|
|
|
proto_item_append_text(tree, " [%d result%s]",
|
|
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
|
|
|
|
break;
|
|
|
|
case LDAP_RES_SEARCH_RESULT:
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
|
|
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
|
|
|
|
proto_item_append_text(tree, " [%d result%s]",
|
|
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
|
|
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
|
|
#.FN_BODY Simple
|
|
ldap_conv_info_t *ldap_info;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_info = (ldap_conv_info_t *)actx->private_data;
|
|
ldap_info->auth_type = LDAP_AUTH_SIMPLE;
|
|
|
|
#.FN_BODY Mechanism VAL_PTR = ¶meter_tvb
|
|
|
|
ldap_conv_info_t *ldap_info;
|
|
tvbuff_t *parameter_tvb;
|
|
char *mechanism = NULL;
|
|
%(DEFAULT_BODY)s
|
|
ldap_info = (ldap_conv_info_t *)actx->private_data;
|
|
ldap_info->auth_type = LDAP_AUTH_SASL;
|
|
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
|
|
/*
|
|
* We need to remember the authentication type and mechanism for this
|
|
* conversation.
|
|
*
|
|
* XXX - actually, we might need to remember more than one
|
|
* type and mechanism, if you can unbind and rebind with a
|
|
* different type and/or mechanism.
|
|
*/
|
|
if(!actx->pinfo->fd->visited) {
|
|
mechanism = tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
|
|
ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
|
|
/*
|
|
* If the mechanism in this request is an empty string (which is
|
|
* returned as a null pointer), use the saved mechanism instead.
|
|
* Otherwise, if the saved mechanism is an empty string (null),
|
|
* save this mechanism.
|
|
*/
|
|
if (mechanism != NULL) {
|
|
wmem_free(wmem_file_scope(), ldap_info->auth_mech);
|
|
ldap_info->auth_mech = mechanism;
|
|
}
|
|
}
|
|
#.FN_BODY Credentials VAL_PTR = ¶meter_tvb
|
|
|
|
tvbuff_t *parameter_tvb;
|
|
ldap_conv_info_t *ldap_info;
|
|
gint8 ber_class;
|
|
gboolean pc;
|
|
gint32 tag;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
|
|
ldap_info = (ldap_conv_info_t *)actx->private_data;
|
|
get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
|
|
|
|
/*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
|
|
if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
|
|
/*
|
|
* This is a GSS-API token ancapsulated within GSS-SPNEGO.
|
|
* We need to check the first byte to check whether the blob
|
|
* contains SPNEGO or GSSAPI.
|
|
* All SPNEGO PDUs are of class CONSTRUCTED while
|
|
* GSS PDUs are class APPLICATION
|
|
*/
|
|
if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
|
|
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
|
|
}
|
|
/*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
|
|
if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
|
|
/*
|
|
* This is a raw GSS-API token.
|
|
*/
|
|
if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) {
|
|
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
|
|
}
|
|
}
|
|
/* Restore private data */
|
|
actx->private_data = ldap_info;
|
|
|
|
|
|
#.FN_BODY ServerSaslCreds VAL_PTR = ¶meter_tvb
|
|
|
|
tvbuff_t *parameter_tvb = NULL;
|
|
ldap_conv_info_t *ldap_info;
|
|
|
|
%(DEFAULT_BODY)s
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
ldap_info = (ldap_conv_info_t *)actx->private_data;
|
|
switch (ldap_info->auth_type) {
|
|
|
|
/* For Kerberos V4, dissect it as a ticket. */
|
|
/* XXX - what about LDAP_AUTH_SIMPLE? */
|
|
|
|
case LDAP_AUTH_SASL:
|
|
/*
|
|
* All frames after this are assumed to use a security layer.
|
|
*
|
|
* XXX - won't work if there's another reply, with the security
|
|
* layer, starting in the same TCP segment that ends this
|
|
* reply, but as LDAP is a request/response protocol, and
|
|
* as the client probably can't start using authentication until
|
|
* it gets the bind reply and the server won't send a reply until
|
|
* it gets a request, that probably won't happen.
|
|
*
|
|
* XXX - that assumption is invalid; it's not clear where the
|
|
* hell you find out whether there's any security layer. In
|
|
* one capture, we have two GSS-SPNEGO negotiations, both of
|
|
* which select MS KRB5, and the only differences in the tokens
|
|
* is in the RC4-HMAC ciphertext. The various
|
|
* draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
|
|
* that the RFC 2222 spoo with the bitmask and maximum
|
|
* output message size stuff is done - but where does that
|
|
* stuff show up? Is it in the ciphertext, which means it's
|
|
* presumably encrypted?
|
|
*
|
|
* Grrr. We have to do a gross heuristic, checking whether the
|
|
* putative LDAP message begins with 0x00 or not, making the
|
|
* assumption that we won't have more than 2^24 bytes of
|
|
* encapsulated stuff.
|
|
*/
|
|
ldap_info->first_auth_frame = actx->pinfo->num + 1;
|
|
if (ldap_info->auth_mech != NULL &&
|
|
strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
|
|
/* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
|
|
* which might not be wrapped in GSS-SPNEGO but be a raw
|
|
* NTLMSSP blob
|
|
*/
|
|
if ( (tvb_reported_length(parameter_tvb)>=7)
|
|
&& (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
|
|
call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
|
|
break;
|
|
}
|
|
/*
|
|
* This is a GSS-API token.
|
|
*/
|
|
if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
|
|
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
|
|
} else if (ldap_info->auth_mech != NULL &&
|
|
strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
|
|
/*
|
|
* This is a GSS-API token.
|
|
*/
|
|
if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
|
|
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
|
|
}
|
|
break;
|
|
}
|
|
actx->private_data = ldap_info;
|
|
|
|
#.FN_BODY LDAPString VAL_PTR = ¶meter_tvb
|
|
tvbuff_t *parameter_tvb = NULL;
|
|
const char *ldapstring = NULL;
|
|
gchar *sc = NULL; /* semi-colon pointer */
|
|
|
|
offset = dissect_ber_octet_string_with_encoding(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
¶meter_tvb, ENC_UTF_8|ENC_NA);
|
|
|
|
if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
if(parameter_tvb)
|
|
ldapstring = tvb_get_string_enc(actx->pinfo->pool, parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
|
|
|
|
if(hf_index == hf_ldap_baseObject) {
|
|
/* this is search - put it on the scanline */
|
|
if(!ldapstring || !*ldapstring)
|
|
ldapstring = "<ROOT>";
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring)));
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
|
|
|
|
|
|
if(!parameter_tvb) {
|
|
|
|
proto_item_append_text(actx->created_item, " (%%s)", ldapstring);
|
|
}
|
|
|
|
} else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%%s) ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring)));
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " (%%s)", ldapstring);
|
|
|
|
} else if ((hf_index == hf_ldap_objectName) ||
|
|
(hf_index == hf_ldap_name) ||
|
|
(hf_index == hf_ldap_entry) ||
|
|
(hf_index == hf_ldap_object) ||
|
|
(hf_index == hf_ldap_delRequest) ) {
|
|
|
|
if(!ldapstring || !*ldapstring)
|
|
ldapstring = "<ROOT>";
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", format_text(actx->pinfo->pool, ldapstring, strlen(ldapstring)));
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
|
|
} else if (hf_index == hf_ldap_attributeDesc){
|
|
/* remember the attribute description */
|
|
attributedesc_string=ldapstring;
|
|
} else if (hf_index == hf_ldap_initial){
|
|
/* remember the substring item */
|
|
substring_item_init=ldapstring;
|
|
} else if (hf_index == hf_ldap_any){
|
|
/* remember the substring item */
|
|
substring_item_any=ldapstring;
|
|
} else if (hf_index == hf_ldap_final){
|
|
/* remember the substring item */
|
|
substring_item_final=ldapstring;
|
|
} else if (hf_index == hf_ldap_matchingRule){
|
|
/* remember the matching rule */
|
|
matching_rule_string=ldapstring;
|
|
} else if (hf_index == hf_ldap_present){
|
|
/* remember the present name */
|
|
Filter_string=ldapstring;
|
|
} else if (hf_index == hf_ldap_type) {
|
|
/* remember attribute type name */
|
|
attr_type = wmem_strdup(actx->pinfo->pool, ldapstring);
|
|
|
|
/* append it to the parent entry */
|
|
proto_item_append_text(tree, " %%s", attr_type);
|
|
|
|
/* remove the ";binary" component if present */
|
|
if((sc = strchr(attr_type, ';')) != NULL) {
|
|
if(!strcmp(sc, ";binary")) {
|
|
*sc = '\0'; /* terminate the string */
|
|
is_binary_attr_type = TRUE;
|
|
}
|
|
} else {
|
|
is_binary_attr_type = FALSE;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
#.FN_BODY SearchRequest/_untag/scope VAL_PTR = &scope
|
|
|
|
guint32 scope = 0xffff;
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%%u)");
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
#.FN_BODY LDAPResult/resultCode VAL_PTR = &result
|
|
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)");
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
|
|
#.FN_BODY BindResponse/_untag/resultCode VAL_PTR = &result
|
|
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)");
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
#.FN_BODY ExtendedResponse/_untag/resultCode
|
|
guint32 resultCode;
|
|
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
|
&resultCode);
|
|
/* If Start TLS request was sent and resultCode is success... */
|
|
if (ldap_info && ldap_info->start_tls_pending &&
|
|
hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) {
|
|
/* The conversation will continue using SSL */
|
|
ssl_starttls_ack(find_dissector("tls"), actx->pinfo, ldap_handle);
|
|
ldap_info->start_tls_pending = FALSE;
|
|
}
|
|
|
|
|
|
#.FN_BODY AttributeValue
|
|
|
|
tvbuff_t *next_tvb = NULL;
|
|
gchar *string;
|
|
int old_offset = offset;
|
|
gint *hf_id;
|
|
|
|
/* attr_type, should be set before calling this function */
|
|
|
|
/* extract the value of the octetstring */
|
|
offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
|
|
|
|
/* first check if we have a custom attribute type configured */
|
|
if ((hf_id = get_hf_for_header (attr_type)) != NULL)
|
|
proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
|
|
|
|
/* if we have an attribute type that isn't binary see if there is a better dissector */
|
|
else if(!attr_type || !next_tvb || !dissector_try_string_new(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, FALSE, NULL)) {
|
|
offset = old_offset;
|
|
|
|
/* do the default thing */
|
|
%(DEFAULT_BODY)s
|
|
|
|
if(tvb_ascii_isprint(next_tvb, 0, tvb_reported_length(next_tvb))) {
|
|
string = tvb_get_string_enc(actx->pinfo->pool, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
|
|
proto_item_set_text(actx->created_item, "AttributeValue: %%s", string);
|
|
}
|
|
}
|
|
|
|
#.FN_BODY AuthenticationChoice VAL_PTR = &branch
|
|
gint branch = -1;
|
|
gint auth = -1;
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
|
|
auth = AuthenticationChoice_choice[branch].value;
|
|
|
|
valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%%u)");
|
|
|
|
/* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
|
|
if ((auth != 10) && (auth != 11))
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
|
|
#.FN_BODY UnbindRequest
|
|
|
|
implicit_tag = TRUE; /* correct problem with asn2wrs */
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
|
|
|
|
|
|
|
|
#.FN_HDR SearchRequest/_untag/filter
|
|
Filter_string=NULL;
|
|
Filter_elements = 0;
|
|
Filter_length = 0;
|
|
|
|
#.FN_FTR SearchRequest/_untag/filter
|
|
Filter_string=NULL;
|
|
and_filter_string=NULL;
|
|
Filter_elements = 0;
|
|
Filter_length = 0;
|
|
|
|
#.FN_FTR Filter/equalityMatch
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
|
|
#.FN_FTR Filter/greaterOrEqual
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s>=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
|
|
#.FN_FTR Filter/lessOrEqual
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s<=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
|
|
#.FN_FTR Filter/approxMatch
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s~=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
#.FN_FTR Filter/and/_item
|
|
if(and_filter_string){
|
|
and_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(&%s%s)",and_filter_string,Filter_string);
|
|
} else {
|
|
and_filter_string=Filter_string;
|
|
}
|
|
|
|
#.FN_BODY Filter/and
|
|
proto_tree *tr=NULL;
|
|
proto_item *it=NULL;
|
|
const char *old_and_filter_string=and_filter_string;
|
|
|
|
and_filter_string=NULL;
|
|
|
|
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
|
|
tree = tr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if(and_filter_string) {
|
|
proto_item_append_text(it, "%%s", and_filter_string);
|
|
Filter_string=wmem_strdup(actx->pinfo->pool, and_filter_string);
|
|
}
|
|
and_filter_string=old_and_filter_string;
|
|
|
|
#.FN_FTR Filter/or/_item
|
|
if(or_filter_string){
|
|
or_filter_string=wmem_strdup_printf(actx->pinfo->pool, "(|%s%s)",or_filter_string,Filter_string);
|
|
} else {
|
|
or_filter_string=Filter_string;
|
|
}
|
|
|
|
|
|
#.FN_BODY Filter/or
|
|
proto_tree *tr;
|
|
proto_item *it;
|
|
const char *old_or_filter_string=or_filter_string;
|
|
|
|
or_filter_string=NULL;
|
|
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
|
|
tree = tr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
if(or_filter_string) {
|
|
proto_item_append_text(it, "%%s", or_filter_string);
|
|
Filter_string=wmem_strdup(actx->pinfo->pool, or_filter_string);
|
|
}
|
|
or_filter_string=old_or_filter_string;
|
|
|
|
#.FN_FTR Filter/present
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s=*)",string_or_null(Filter_string));
|
|
|
|
#.FN_FTR Filter/not
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(!%s)",string_or_null(Filter_string));
|
|
|
|
#.FN_BODY MatchingRuleAssertion/dnAttributes
|
|
gboolean val;
|
|
|
|
offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
|
|
|
|
|
|
matching_rule_dnattr = val;
|
|
|
|
|
|
#.FN_HDR Filter/extensibleMatch
|
|
attr_type=NULL;
|
|
matching_rule_string=NULL;
|
|
ldapvalue_string=NULL;
|
|
matching_rule_dnattr=FALSE;
|
|
|
|
#.FN_FTR Filter/extensibleMatch
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%s:%s%s%s=%s)",
|
|
(attr_type?attr_type:""),
|
|
(matching_rule_dnattr?"dn:":""),
|
|
(matching_rule_string?matching_rule_string:""),
|
|
(matching_rule_string?":":""),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
#.FN_FTR SubstringFilter/substrings/_item
|
|
if (substring_item_final) {
|
|
substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s",
|
|
(substring_value?substring_value:"*"),
|
|
substring_item_final);
|
|
} else if (substring_item_any) {
|
|
substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s%s*",
|
|
(substring_value?substring_value:"*"),
|
|
substring_item_any);
|
|
} else if (substring_item_init) {
|
|
substring_value=wmem_strdup_printf(actx->pinfo->pool, "%s*",
|
|
substring_item_init);
|
|
}
|
|
|
|
#.FN_BODY SubstringFilter
|
|
proto_tree *tr;
|
|
proto_item *it;
|
|
const char *old_substring_value=substring_value;
|
|
|
|
attr_type=NULL;
|
|
substring_value=NULL;
|
|
substring_item_init=NULL;
|
|
substring_item_any=NULL;
|
|
substring_item_final=NULL;
|
|
|
|
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
|
|
tree = tr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
Filter_string=wmem_strdup_printf(actx->pinfo->pool, "(%%s=%%s)",
|
|
string_or_null(attr_type),
|
|
string_or_null(substring_value));
|
|
proto_item_append_text(it, "%%s", Filter_string);
|
|
substring_value=old_substring_value;
|
|
|
|
#.FN_BODY Filter
|
|
proto_tree *tr;
|
|
proto_item *it;
|
|
attributedesc_string=NULL;
|
|
|
|
if (Filter_length++ > MAX_FILTER_LEN) {
|
|
expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %%u. Giving up.", MAX_FILTER_LEN);
|
|
THROW(ReportedBoundsError);
|
|
}
|
|
|
|
if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
|
|
expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %%u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
|
|
THROW(ReportedBoundsError);
|
|
}
|
|
|
|
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
|
|
tree = tr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
if(Filter_string)
|
|
proto_item_append_text(it, "%%s", string_or_null(Filter_string));
|
|
|
|
#.FN_BODY AuthenticationChoice/ntlmsspNegotiate
|
|
/* make sure the protocol op comes first */
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
|
|
offset+=tvb_reported_length_remaining(tvb, offset);
|
|
|
|
#.FN_BODY AuthenticationChoice/ntlmsspAuth
|
|
/* make sure the protocol op comes first */
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
|
|
offset+=tvb_reported_length_remaining(tvb, offset);
|
|
|
|
#.FN_BODY BindResponse/_untag/matchedDN
|
|
tvbuff_t *new_tvb=NULL;
|
|
|
|
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
|
|
|
|
if( new_tvb
|
|
&& (tvb_reported_length(new_tvb)>=7)
|
|
&& (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
|
|
|
|
/* make sure the protocol op comes first */
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
|
|
}
|
|
|
|
#.FN_BODY Control/controlValue
|
|
gint8 ber_class;
|
|
gboolean pc, ind;
|
|
gint32 tag;
|
|
guint32 len;
|
|
|
|
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
|
/* remove the OCTET STRING encoding */
|
|
offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
|
|
offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
|
|
|
|
call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
|
|
offset += len;
|
|
} else {
|
|
%(DEFAULT_BODY)s
|
|
}
|
|
|
|
|
|
#.FN_BODY ExtendedRequest/_untag/requestValue
|
|
|
|
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
} else {
|
|
%(DEFAULT_BODY)s
|
|
}
|
|
|
|
#.FN_HDR IntermediateResponse/_untag/responseValue
|
|
|
|
const gchar *name;
|
|
|
|
#.FN_BODY IntermediateResponse/_untag/responseValue
|
|
if(ldm_tree && object_identifier_id) {
|
|
proto_item_set_text(ldm_tree, "%%s %%s", "IntermediateResponse", object_identifier_id);
|
|
name = oid_resolved_from_string(actx->pinfo->pool, object_identifier_id);
|
|
if(name)
|
|
proto_item_append_text(ldm_tree, " (%%s)", name);
|
|
}
|
|
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
|
|
} else {
|
|
%(DEFAULT_BODY)s
|
|
}
|
|
|
|
#.FN_BODY DirSyncFlags
|
|
gint8 ber_class;
|
|
gboolean pc;
|
|
gint32 tag;
|
|
guint32 len;
|
|
gint32 val;
|
|
|
|
int otheroffset = offset;
|
|
if(!implicit_tag){
|
|
dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
|
|
otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
|
|
} else {
|
|
gint32 remaining=tvb_reported_length_remaining(tvb, offset);
|
|
len=remaining>0 ? remaining : 0;
|
|
}
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
|
|
|
|
if (val >0) {
|
|
static int * const flags[] = {
|
|
&hf_ldap_object_security_flag,
|
|
&hf_ldap_ancestor_first_flag,
|
|
&hf_ldap_public_data_only_flag,
|
|
&hf_ldap_incremental_value_flag,
|
|
NULL
|
|
};
|
|
|
|
proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index,
|
|
ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND);
|
|
} else {
|
|
proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
|
|
}
|
|
|
|
#.FN_BODY SearchResultReference
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
|
|
#.FN_BODY AbandonRequest
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
#.NO_EMIT
|
|
AttributeType
|
|
Attribute
|
|
AssertionValue
|
|
|
|
#
|
|
# Editor modelines - https://www.wireshark.org/tools/modelines.html
|
|
#
|
|
# Local variables:
|
|
# c-basic-offset: 2
|
|
# tab-width: 8
|
|
# indent-tabs-mode: nil
|
|
# End:
|
|
#
|
|
# vi: set shiftwidth=2 tabstop=8 expandtab:
|
|
# :indentSize=2:tabSize=8:noTabs=true:
|
|
#
|