osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/epan/dissectors/asn1/ldap/ldap.cnf

818 lines
26 KiB
INI
Raw Blame History

# ldap.cnf
# LDAP conformation file
# Copyright 2005 Anders Broman
#.OMIT_ASSIGNMENT
DirSyncFlagsSubEntry
PasswdModifyResponseValue
#.PDU
#.TYPE_RENAME
BindResponse/_untag/resultCode BindResponse_resultCode
ExtendedResponse/_untag/resultCode ExtendedResponse_resultCode
ModifyRequest/_untag/modification ModifyRequest_modification
#.FIELD_RENAME
BindResponse/_untag/resultCode bindResponse_resultCode
ExtendedResponse/_untag/resultCode extendedResponse_resultCode
SearchRequest/_untag/attributes searchRequest_attributes
SearchResultEntry/_untag/attributes searchResultEntry_attributes
ModifyRequest/_untag/modification modifyRequest_modification
SubstringFilter/substrings substringFilter_substrings
BindResponse/_untag/matchedDN bindResponse_matchedDN
IntermediateResponse/_untag/responseValue intermediateResponse_responseValue
#.TYPE_ATTR
LDAPString TYPE = FT_STRING DISPLAY = STR_UNICODE STRINGS = NULL
LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
LDAPOID TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
AssertionValue TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
DirSyncFlags TYPE = FT_UINT32 DISPLAY = BASE_HEX STRINGS = NULL
Simple TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
#.REGISTER
SearchControlValue B "1.2.840.113556.1.4.319" "pagedResultsControl"
SortKeyList B "1.2.840.113556.1.4.473" "sortKeyList"
SortResult B "1.2.840.113556.1.4.474" "sortResult"
DirSyncControlValue B "1.2.840.113556.1.4.841" "dirsync"
#RFC 3062
PasswdModifyRequestValue B "1.3.6.1.4.1.4203.1.11.1" "passwdModifyOID"
#RFC 3909
CancelRequestValue B "1.3.6.1.1.8" "cancelRequestOID"
#RFC 4533
SyncRequestValue B "1.3.6.1.4.1.4203.1.9.1.1" "syncRequestOID"
SyncStateValue B "1.3.6.1.4.1.4203.1.9.1.2" "syncStateOID"
SyncDoneValue B "1.3.6.1.4.1.4203.1.9.1.3" "syncDoneOID"
SyncInfoValue B "1.3.6.1.4.1.4203.1.9.1.4" "syncInfoOID"
# Draft RFC - Password Policy for LDAP Directories
PasswordPolicyResponseValue B "1.3.6.1.4.1.42.2.27.8.5.1" "passwordPolicy"
#.FN_FTR LDAPURL
proto_item_set_url(actx->created_item);
#.FN_HDR LDAPOID
tvbuff_t *parameter_tvb;
const gchar *name;
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
#.FN_PARS LDAPOID VAL_PTR = &parameter_tvb
#.FN_FTR LDAPOID
object_identifier_id = NULL;
if (!parameter_tvb)
return offset;
object_identifier_id = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
if(name){
proto_item_append_text(actx->created_item, " (%s)", name);
if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
ldap_do_protocolop(actx->pinfo);
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
}
}
/* Has the client requested the Start TLS operation? */
if (ldap_info && hf_index == hf_ldap_requestName &&
!strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
/* remember we have asked to start_tls */
ldap_info->start_tls_pending = TRUE;
}
#.FN_BODY MessageID VAL_PTR = &MessageID
%(DEFAULT_BODY)s
ldm_tree = tree;
#.FN_PARS ProtocolOp VAL_PTR = &ProtocolOp
#.FN_HDR ProtocolOp
ldap_call_response_t *lcrp;
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
do_protocolop = TRUE;
#.FN_FTR ProtocolOp
if (ProtocolOp == -1) {
return offset;
}
/* ProtocolOp is the index, not the tag so convert it to the tag value */
ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp, ldap_info);
if(lcrp){
tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
}
/* XXX: the count will not work if the results span multiple TCP packets */
if(ldap_info) { /* only count once */
switch(ProtocolOp) {
case LDAP_RES_SEARCH_ENTRY:
if (!actx->pinfo->fd->visited)
ldap_info->num_results++;
proto_item_append_text(tree, " [%d result%s]",
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
break;
case LDAP_RES_SEARCH_RESULT:
col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
proto_item_append_text(tree, " [%d result%s]",
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
break;
default:
break;
}
}
#.FN_BODY Simple
ldap_conv_info_t *ldap_info;
%(DEFAULT_BODY)s
ldap_info = (ldap_conv_info_t *)actx->private_data;
ldap_info->auth_type = LDAP_AUTH_SIMPLE;
#.FN_BODY Mechanism VAL_PTR = &parameter_tvb
ldap_conv_info_t *ldap_info;
tvbuff_t *parameter_tvb;
char *mechanism = NULL;
%(DEFAULT_BODY)s
ldap_info = (ldap_conv_info_t *)actx->private_data;
ldap_info->auth_type = LDAP_AUTH_SASL;
if (!parameter_tvb)
return offset;
/*
* We need to remember the authentication type and mechanism for this
* conversation.
*
* XXX - actually, we might need to remember more than one
* type and mechanism, if you can unbind and rebind with a
* different type and/or mechanism.
*/
if(!actx->pinfo->fd->visited) {
mechanism = tvb_get_string_enc(wmem_file_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb,0), ENC_UTF_8|ENC_NA);
ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
/*
* If the mechanism in this request is an empty string (which is
* returned as a null pointer), use the saved mechanism instead.
* Otherwise, if the saved mechanism is an empty string (null),
* save this mechanism.
*/
if (mechanism != NULL) {
wmem_free(wmem_file_scope(), ldap_info->auth_mech);
ldap_info->auth_mech = mechanism;
}
}
#.FN_BODY Credentials VAL_PTR = &parameter_tvb
tvbuff_t *parameter_tvb;
ldap_conv_info_t *ldap_info;
gint8 ber_class;
gboolean pc;
gint32 tag;
%(DEFAULT_BODY)s
if (!parameter_tvb)
return offset;
ldap_info = (ldap_conv_info_t *)actx->private_data;
get_ber_identifier(parameter_tvb, 0, &ber_class, &pc, &tag);
/*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (ber_class==BER_CLASS_CON)) {*/
if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_CON)) {
/*
* This is a GSS-API token ancapsulated within GSS-SPNEGO.
* We need to check the first byte to check whether the blob
* contains SPNEGO or GSSAPI.
* All SPNEGO PDUs are of class CONSTRUCTED while
* GSS PDUs are class APPLICATION
*/
if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
}
/*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (ber_class==BER_CLASS_APP))) {*/
if ((ldap_info->auth_mech != NULL) && (ber_class==BER_CLASS_APP)) {
/*
* This is a raw GSS-API token.
*/
if (parameter_tvb && (tvb_reported_length(parameter_tvb) > 0)) {
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
}
}
/* Restore private data */
actx->private_data = ldap_info;
#.FN_BODY ServerSaslCreds VAL_PTR = &parameter_tvb
tvbuff_t *parameter_tvb = NULL;
ldap_conv_info_t *ldap_info;
%(DEFAULT_BODY)s
if (!parameter_tvb)
return offset;
ldap_info = (ldap_conv_info_t *)actx->private_data;
switch (ldap_info->auth_type) {
/* For Kerberos V4, dissect it as a ticket. */
/* XXX - what about LDAP_AUTH_SIMPLE? */
case LDAP_AUTH_SASL:
/*
* All frames after this are assumed to use a security layer.
*
* XXX - won't work if there's another reply, with the security
* layer, starting in the same TCP segment that ends this
* reply, but as LDAP is a request/response protocol, and
* as the client probably can't start using authentication until
* it gets the bind reply and the server won't send a reply until
* it gets a request, that probably won't happen.
*
* XXX - that assumption is invalid; it's not clear where the
* hell you find out whether there's any security layer. In
* one capture, we have two GSS-SPNEGO negotiations, both of
* which select MS KRB5, and the only differences in the tokens
* is in the RC4-HMAC ciphertext. The various
* draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
* that the RFC 2222 spoo with the bitmask and maximum
* output message size stuff is done - but where does that
* stuff show up? Is it in the ciphertext, which means it's
* presumably encrypted?
*
* Grrr. We have to do a gross heuristic, checking whether the
* putative LDAP message begins with 0x00 or not, making the
* assumption that we won't have more than 2^24 bytes of
* encapsulated stuff.
*/
ldap_info->first_auth_frame = actx->pinfo->num + 1;
if (ldap_info->auth_mech != NULL &&
strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
/* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
* which might not be wrapped in GSS-SPNEGO but be a raw
* NTLMSSP blob
*/
if ( (tvb_reported_length(parameter_tvb)>=7)
&& (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
break;
}
/*
* This is a GSS-API token.
*/
if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
} else if (ldap_info->auth_mech != NULL &&
strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
/*
* This is a GSS-API token.
*/
if(parameter_tvb && (tvb_reported_length(parameter_tvb) > 0))
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
}
break;
}
actx->private_data = ldap_info;
#.FN_BODY LDAPString VAL_PTR = &parameter_tvb
tvbuff_t *parameter_tvb = NULL;
const char *ldapstring = NULL;
gchar *sc = NULL; /* semi-colon pointer */
offset = dissect_ber_octet_string_with_encoding(implicit_tag, actx, tree, tvb, offset, hf_index,
&parameter_tvb, ENC_UTF_8|ENC_NA);
if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
ldap_do_protocolop(actx->pinfo);
if(parameter_tvb)
ldapstring = tvb_get_string_enc(wmem_packet_scope(), parameter_tvb, 0, tvb_reported_length_remaining(parameter_tvb, 0), ENC_UTF_8|ENC_NA);
if(hf_index == hf_ldap_baseObject) {
/* this is search - put it on the scanline */
if(!ldapstring || !*ldapstring)
ldapstring = "<ROOT>";
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
if(ldm_tree)
proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
if(!parameter_tvb) {
proto_item_append_text(actx->created_item, " (%%s)", ldapstring);
}
} else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%%s) ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
if(ldm_tree)
proto_item_append_text(ldm_tree, " (%%s)", ldapstring);
} else if ((hf_index == hf_ldap_objectName) ||
(hf_index == hf_ldap_name) ||
(hf_index == hf_ldap_entry) ||
(hf_index == hf_ldap_object) ||
(hf_index == hf_ldap_delRequest) ) {
if(!ldapstring || !*ldapstring)
ldapstring = "<ROOT>";
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", format_text(wmem_packet_scope(), ldapstring, strlen(ldapstring)));
if(ldm_tree)
proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
} else if (hf_index == hf_ldap_attributeDesc){
/* remember the attribute description */
attributedesc_string=ldapstring;
} else if (hf_index == hf_ldap_initial){
/* remember the substring item */
substring_item_init=ldapstring;
} else if (hf_index == hf_ldap_any){
/* remember the substring item */
substring_item_any=ldapstring;
} else if (hf_index == hf_ldap_final){
/* remember the substring item */
substring_item_final=ldapstring;
} else if (hf_index == hf_ldap_matchingRule){
/* remember the matching rule */
matching_rule_string=ldapstring;
} else if (hf_index == hf_ldap_present){
/* remember the present name */
Filter_string=ldapstring;
} else if (hf_index == hf_ldap_type) {
/* remember attribute type name */
attr_type = wmem_strdup(wmem_packet_scope(), ldapstring);
/* append it to the parent entry */
proto_item_append_text(tree, " %%s", attr_type);
/* remove the ";binary" component if present */
if((sc = strchr(attr_type, ';')) != NULL) {
if(!strcmp(sc, ";binary")) {
*sc = '\0'; /* terminate the string */
is_binary_attr_type = TRUE;
}
} else {
is_binary_attr_type = FALSE;
}
}
}
#.FN_BODY SearchRequest/_untag/scope VAL_PTR = &scope
guint32 scope = 0xffff;
const gchar *valstr;
%(DEFAULT_BODY)s
ldap_do_protocolop(actx->pinfo);
valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%%u)");
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
if(ldm_tree)
proto_item_append_text(ldm_tree, " %%s", valstr);
#.FN_BODY LDAPResult/resultCode VAL_PTR = &result
const gchar *valstr;
%(DEFAULT_BODY)s
ldap_do_protocolop(actx->pinfo);
valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)");
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
if(ldm_tree)
proto_item_append_text(ldm_tree, " %%s", valstr);
#.FN_BODY BindResponse/_untag/resultCode VAL_PTR = &result
const gchar *valstr;
%(DEFAULT_BODY)s
ldap_do_protocolop(actx->pinfo);
valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)");
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
if(ldm_tree)
proto_item_append_text(ldm_tree, " %%s", valstr);
#.FN_BODY ExtendedResponse/_untag/resultCode
guint32 resultCode;
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->private_data;
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&resultCode);
/* If Start TLS request was sent and resultCode is success... */
if (ldap_info && ldap_info->start_tls_pending &&
hf_index == hf_ldap_extendedResponse_resultCode && resultCode == 0) {
/* The conversation will continue using SSL */
ssl_starttls_ack(find_dissector("tls"), actx->pinfo, ldap_handle);
ldap_info->start_tls_pending = FALSE;
}
#.FN_BODY AttributeValue
tvbuff_t *next_tvb = NULL;
gchar *string;
int old_offset = offset;
gint *hf_id;
/* attr_type, should be set before calling this function */
/* extract the value of the octetstring */
offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
/* first check if we have a custom attribute type configured */
if ((hf_id = get_hf_for_header (attr_type)) != NULL)
proto_tree_add_item (tree, *hf_id, next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
/* if we have an attribute type that isn't binary see if there is a better dissector */
else if(!attr_type || !next_tvb || !dissector_try_string_new(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree, FALSE, NULL)) {
offset = old_offset;
/* do the default thing */
%(DEFAULT_BODY)s
if(tvb_ascii_isprint(next_tvb, 0, tvb_reported_length(next_tvb))) {
string = tvb_get_string_enc(wmem_packet_scope(), next_tvb, 0, tvb_reported_length_remaining(next_tvb, 0), ENC_UTF_8|ENC_NA);
proto_item_set_text(actx->created_item, "AttributeValue: %%s", string);
}
}
#.FN_BODY AuthenticationChoice VAL_PTR = &branch
gint branch = -1;
gint auth = -1;
const gchar *valstr;
%(DEFAULT_BODY)s
ldap_do_protocolop(actx->pinfo);
if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
auth = AuthenticationChoice_choice[branch].value;
valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%%u)");
/* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
if ((auth != 10) && (auth != 11))
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
if(ldm_tree)
proto_item_append_text(ldm_tree, " %%s", valstr);
#.FN_BODY UnbindRequest
implicit_tag = TRUE; /* correct problem with asn2wrs */
%(DEFAULT_BODY)s
ldap_do_protocolop(actx->pinfo);
#.FN_HDR SearchRequest/_untag/filter
Filter_string=NULL;
Filter_elements = 0;
Filter_length = 0;
#.FN_FTR SearchRequest/_untag/filter
Filter_string=NULL;
and_filter_string=NULL;
Filter_elements = 0;
Filter_length = 0;
#.FN_FTR Filter/equalityMatch
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=%s)",
string_or_null(attributedesc_string),
string_or_null(ldapvalue_string));
#.FN_FTR Filter/greaterOrEqual
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s>=%s)",
string_or_null(attributedesc_string),
string_or_null(ldapvalue_string));
#.FN_FTR Filter/lessOrEqual
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s<=%s)",
string_or_null(attributedesc_string),
string_or_null(ldapvalue_string));
#.FN_FTR Filter/approxMatch
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s~=%s)",
string_or_null(attributedesc_string),
string_or_null(ldapvalue_string));
#.FN_FTR Filter/and/_item
if(and_filter_string){
and_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(&%s%s)",and_filter_string,Filter_string);
} else {
and_filter_string=Filter_string;
}
#.FN_BODY Filter/and
proto_tree *tr=NULL;
proto_item *it=NULL;
const char *old_and_filter_string=and_filter_string;
and_filter_string=NULL;
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_and, &it, "and: ");
tree = tr;
%(DEFAULT_BODY)s
if(and_filter_string) {
proto_item_append_text(it, "%%s", and_filter_string);
Filter_string=wmem_strdup(wmem_packet_scope(), and_filter_string);
}
and_filter_string=old_and_filter_string;
#.FN_FTR Filter/or/_item
if(or_filter_string){
or_filter_string=wmem_strdup_printf(wmem_packet_scope(), "(|%s%s)",or_filter_string,Filter_string);
} else {
or_filter_string=Filter_string;
}
#.FN_BODY Filter/or
proto_tree *tr;
proto_item *it;
const char *old_or_filter_string=or_filter_string;
or_filter_string=NULL;
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_T_or, &it, "or: ");
tree = tr;
%(DEFAULT_BODY)s
if(or_filter_string) {
proto_item_append_text(it, "%%s", or_filter_string);
Filter_string=wmem_strdup(wmem_packet_scope(), or_filter_string);
}
or_filter_string=old_or_filter_string;
#.FN_FTR Filter/present
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s=*)",string_or_null(Filter_string));
#.FN_FTR Filter/not
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(!%s)",string_or_null(Filter_string));
#.FN_BODY MatchingRuleAssertion/dnAttributes
gboolean val;
offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
matching_rule_dnattr = val;
#.FN_HDR Filter/extensibleMatch
attr_type=NULL;
matching_rule_string=NULL;
ldapvalue_string=NULL;
matching_rule_dnattr=FALSE;
#.FN_FTR Filter/extensibleMatch
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%s:%s%s%s=%s)",
(attr_type?attr_type:""),
(matching_rule_dnattr?"dn:":""),
(matching_rule_string?matching_rule_string:""),
(matching_rule_string?":":""),
string_or_null(ldapvalue_string));
#.FN_FTR SubstringFilter/substrings/_item
if (substring_item_final) {
substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s",
(substring_value?substring_value:"*"),
substring_item_final);
} else if (substring_item_any) {
substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s%s*",
(substring_value?substring_value:"*"),
substring_item_any);
} else if (substring_item_init) {
substring_value=wmem_strdup_printf(wmem_packet_scope(), "%s*",
substring_item_init);
}
#.FN_BODY SubstringFilter
proto_tree *tr;
proto_item *it;
const char *old_substring_value=substring_value;
attr_type=NULL;
substring_value=NULL;
substring_item_init=NULL;
substring_item_any=NULL;
substring_item_final=NULL;
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_SubstringFilter, &it, "substring: ");
tree = tr;
%(DEFAULT_BODY)s
Filter_string=wmem_strdup_printf(wmem_packet_scope(), "(%%s=%%s)",
string_or_null(attr_type),
string_or_null(substring_value));
proto_item_append_text(it, "%%s", Filter_string);
substring_value=old_substring_value;
#.FN_BODY Filter
proto_tree *tr;
proto_item *it;
attributedesc_string=NULL;
if (Filter_length++ > MAX_FILTER_LEN) {
expert_add_info_format(actx->pinfo, tree, &ei_ldap_exceeded_filter_length, "Filter length exceeds %%u. Giving up.", MAX_FILTER_LEN);
THROW(ReportedBoundsError);
}
if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
expert_add_info_format(actx->pinfo, tree, &ei_ldap_too_many_filter_elements, "Found more than %%u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
THROW(ReportedBoundsError);
}
tr=proto_tree_add_subtree(tree, tvb, offset, -1, ett_ldap_Filter, &it, "Filter: ");
tree = tr;
%(DEFAULT_BODY)s
if(Filter_string)
proto_item_append_text(it, "%%s", string_or_null(Filter_string));
#.FN_BODY AuthenticationChoice/ntlmsspNegotiate
/* make sure the protocol op comes first */
ldap_do_protocolop(actx->pinfo);
call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
offset+=tvb_reported_length_remaining(tvb, offset);
#.FN_BODY AuthenticationChoice/ntlmsspAuth
/* make sure the protocol op comes first */
ldap_do_protocolop(actx->pinfo);
call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
offset+=tvb_reported_length_remaining(tvb, offset);
#.FN_BODY BindResponse/_untag/matchedDN
tvbuff_t *new_tvb=NULL;
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
if( new_tvb
&& (tvb_reported_length(new_tvb)>=7)
&& (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
/* make sure the protocol op comes first */
ldap_do_protocolop(actx->pinfo);
call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
}
#.FN_BODY Control/controlValue
gint8 ber_class;
gboolean pc, ind;
gint32 tag;
guint32 len;
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
/* remove the OCTET STRING encoding */
offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &ber_class, &pc, &tag);
offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
offset += len;
} else {
%(DEFAULT_BODY)s
}
#.FN_BODY ExtendedRequest/_untag/requestValue
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
} else {
%(DEFAULT_BODY)s
}
#.FN_HDR IntermediateResponse/_untag/responseValue
const gchar *name;
#.FN_BODY IntermediateResponse/_untag/responseValue
if(ldm_tree && object_identifier_id) {
proto_item_set_text(ldm_tree, "%%s %%s", "IntermediateResponse", object_identifier_id);
name = oid_resolved_from_string(wmem_packet_scope(), object_identifier_id);
if(name)
proto_item_append_text(ldm_tree, " (%%s)", name);
}
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);
} else {
%(DEFAULT_BODY)s
}
#.FN_BODY DirSyncFlags
gint8 ber_class;
gboolean pc;
gint32 tag;
guint32 len;
gint32 val;
int otheroffset = offset;
if(!implicit_tag){
dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &ber_class, &pc, &tag);
otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
} else {
gint32 remaining=tvb_reported_length_remaining(tvb, offset);
len=remaining>0 ? remaining : 0;
}
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
if (val >0) {
static int * const flags[] = {
&hf_ldap_object_security_flag,
&hf_ldap_ancestor_first_flag,
&hf_ldap_public_data_only_flag,
&hf_ldap_incremental_value_flag,
NULL
};
proto_tree_add_bitmask_value_with_flags(tree, tvb, otheroffset+1, hf_index,
ett_ldap_DirSyncFlagsSubEntry, flags, val, BMT_NO_APPEND);
} else {
proto_tree_add_uint(tree, hf_index, tvb, otheroffset+len, len, 0);
}
#.FN_BODY SearchResultReference
%(DEFAULT_BODY)s
ldap_do_protocolop(actx->pinfo);
#.FN_BODY AbandonRequest
%(DEFAULT_BODY)s
ldap_do_protocolop(actx->pinfo);
#.NO_EMIT
AttributeType
Attribute
AssertionValue
#
# Editor modelines - https://www.wireshark.org/tools/modelines.html
#
# Local variables:
# c-basic-offset: 2
# tab-width: 8
# indent-tabs-mode: nil
# End:
#
# vi: set shiftwidth=2 tabstop=8 expandtab:
# :indentSize=2:tabSize=8:noTabs=true:
#
View Git Blame Copy Permalink