670d38ec71
svn path=/trunk/; revision=36190
838 lines
24 KiB
INI
838 lines
24 KiB
INI
# ldap.cnf
|
|
# LDAP conformation file
|
|
# Copyright 2005 Anders Broman
|
|
# $Id$
|
|
|
|
|
|
#.PDU
|
|
LDAPMessage
|
|
|
|
#.TYPE_RENAME
|
|
|
|
BindResponse/_untag/resultCode BindResponse_resultCode
|
|
ExtendedResponse/_untag/resultCode ExtendedResponse_resultCode
|
|
ModifyRequest/_untag/modification ModifyRequest_modification
|
|
|
|
#.FIELD_RENAME
|
|
BindResponse/_untag/resultCode bindResponse_resultCode
|
|
ExtendedResponse/_untag/resultCode extendedResponse_resultCode
|
|
SearchRequest/_untag/attributes searchRequest_attributes
|
|
SearchResultEntry/_untag/attributes searchResultEntry_attributes
|
|
ModifyRequest/_untag/modification modifyRequest_modification
|
|
SubstringFilter/substrings substringFilter_substrings
|
|
BindResponse/_untag/matchedDN bindResponse_matchedDN
|
|
IntermediateResponse/_untag/responseValue intermediateResponse_responseValue
|
|
|
|
#.TYPE_ATTR
|
|
LDAPString TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
LDAPURL TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
LDAPOID TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
AssertionValue TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL
|
|
|
|
#.REGISTER
|
|
SearchControlValue B "1.2.840.113556.1.4.319" "pagedResultsControl"
|
|
SortKeyList B "1.2.840.113556.1.4.473" "sortKeyList"
|
|
SortResult B "1.2.840.113556.1.4.474" "sortResult"
|
|
DirSyncControlValue B "1.2.840.113556.1.4.841" "dirsync"
|
|
#RFC 3062
|
|
PasswdModifyRequestValue B "1.3.6.1.4.1.4203.1.11.1" "passwdModifyOID"
|
|
#RFC 3909
|
|
CancelRequestValue B "1.3.6.1.1.8" "cancelRequestOID"
|
|
#RFC 4533
|
|
SyncRequestValue B "1.3.6.1.4.1.4203.1.9.1.1" "syncRequestOID"
|
|
SyncStateValue B "1.3.6.1.4.1.4203.1.9.1.2" "syncStateOID"
|
|
SyncDoneValue B "1.3.6.1.4.1.4203.1.9.1.3" "syncDoneOID"
|
|
SyncInfoValue B "1.3.6.1.4.1.4203.1.9.1.4" "syncInfoOID"
|
|
# Draft RFC - Password Policy for LDAP Directories
|
|
PasswordPolicyResponseValue B "1.3.6.1.4.1.42.2.27.8.5.1" "passwordPolicy"
|
|
|
|
#.FN_FTR LDAPURL
|
|
PROTO_ITEM_SET_URL(actx->created_item);
|
|
|
|
#.FN_HDR LDAPOID
|
|
|
|
tvbuff_t *parameter_tvb;
|
|
const gchar *name;
|
|
|
|
#.FN_PARS LDAPOID VAL_PTR = ¶meter_tvb
|
|
|
|
#.FN_FTR LDAPOID
|
|
|
|
object_identifier_id = NULL;
|
|
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
|
|
object_identifier_id = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
|
|
name = oid_resolved_from_string(object_identifier_id);
|
|
|
|
if(name){
|
|
proto_item_append_text(actx->created_item, " (%s)", name);
|
|
|
|
if((hf_index == hf_ldap_requestName) || (hf_index == hf_ldap_responseName)) {
|
|
ldap_do_protocolop(actx->pinfo);
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%s ", name);
|
|
}
|
|
}
|
|
|
|
if(((hf_index == hf_ldap_responseName) || (hf_index == hf_ldap_requestName)) &&
|
|
!strcmp(object_identifier_id, "1.3.6.1.4.1.1466.20037")) {
|
|
|
|
/* we have agreed start_tls */
|
|
ldap_conv_info_t *ldap_info = NULL;
|
|
|
|
ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
|
|
|
|
if(ldap_info) {
|
|
if(hf_index == hf_ldap_responseName)
|
|
/* TLS in the next frame */
|
|
ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
|
|
else
|
|
/* remember we have asked to start_tls */
|
|
ldap_info->start_tls_pending = TRUE;
|
|
}
|
|
}
|
|
|
|
#.FN_BODY MessageID VAL_PTR = &MessageID
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldm_tree = tree;
|
|
|
|
#.FN_PARS ProtocolOp VAL_PTR = &ProtocolOp
|
|
|
|
#.FN_HDR ProtocolOp
|
|
|
|
ldap_call_response_t *lcrp;
|
|
ldap_conv_info_t *ldap_info = (ldap_conv_info_t *)actx->pinfo->private_data;
|
|
do_protocolop = TRUE;
|
|
|
|
#.FN_FTR ProtocolOp
|
|
|
|
if (ProtocolOp == -1) {
|
|
return offset;
|
|
}
|
|
|
|
/* ProtocolOp is the index, not the tag so convert it to the tag value */
|
|
ProtocolOp = ldap_ProtocolOp_vals[ProtocolOp].value;
|
|
|
|
lcrp=ldap_match_call_response(tvb, actx->pinfo, tree, MessageID, ProtocolOp);
|
|
if(lcrp){
|
|
tap_queue_packet(ldap_tap, actx->pinfo, lcrp);
|
|
}
|
|
|
|
/* XXX: the count will not work if the results span multiple TCP packets */
|
|
|
|
if(ldap_info && tree) { /* only count once - on tree pass */
|
|
switch(ProtocolOp) {
|
|
|
|
case LDAP_RES_SEARCH_ENTRY:
|
|
ldap_info->num_results++;
|
|
|
|
proto_item_append_text(tree, " [%d result%s]",
|
|
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
|
|
|
|
break;
|
|
|
|
case LDAP_RES_SEARCH_RESULT:
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, " [%d result%s]",
|
|
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
|
|
|
|
proto_item_append_text(tree, " [%d result%s]",
|
|
ldap_info->num_results, ldap_info->num_results == 1 ? "" : "s");
|
|
|
|
ldap_info->num_results = 0;
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
if(ldap_info && (ProtocolOp == LDAP_RES_EXTENDED)) {
|
|
/* this is an extend result */
|
|
|
|
if(ldap_info->start_tls_pending && !ldap_info->start_tls_frame) {
|
|
/* XXX: some directories do not correctly return the responseName in the extendedResponse so we don't know start_tls has been negotiated */
|
|
|
|
col_append_str(actx->pinfo->cinfo, COL_INFO, "[LDAP_START_TLS_OID responseName missing] ");
|
|
ldap_info->start_tls_frame = (actx->pinfo->fd->num) + 1;
|
|
}
|
|
|
|
ldap_info->start_tls_pending = FALSE;
|
|
}
|
|
|
|
#.FN_BODY Simple
|
|
ldap_conv_info_t *ldap_info;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_info = actx->pinfo->private_data;
|
|
ldap_info->auth_type = LDAP_AUTH_SIMPLE;
|
|
|
|
actx->pinfo->private_data = ldap_info;
|
|
|
|
#.FN_BODY Mechanism VAL_PTR = ¶meter_tvb
|
|
|
|
ldap_conv_info_t *ldap_info;
|
|
tvbuff_t *parameter_tvb;
|
|
char *mechanism = NULL;
|
|
%(DEFAULT_BODY)s
|
|
ldap_info = actx->pinfo->private_data;
|
|
ldap_info->auth_type = LDAP_AUTH_SASL;
|
|
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
|
|
/*
|
|
* We need to remember the authentication type and mechanism for this
|
|
* conversation.
|
|
*
|
|
* XXX - actually, we might need to remember more than one
|
|
* type and mechanism, if you can unbind and rebind with a
|
|
* different type and/or mechanism.
|
|
*/
|
|
if(!actx->pinfo->fd->flags.visited) {
|
|
mechanism = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
|
|
ldap_info->first_auth_frame = 0; /* not known until we see the bind reply */
|
|
/*
|
|
* If the mechanism in this request is an empty string (which is
|
|
* returned as a null pointer), use the saved mechanism instead.
|
|
* Otherwise, if the saved mechanism is an empty string (null),
|
|
* save this mechanism.
|
|
*/
|
|
if (mechanism == NULL) {
|
|
mechanism = ldap_info->auth_mech;
|
|
} else {
|
|
g_free(ldap_info->auth_mech);
|
|
ldap_info->auth_mech = mechanism;
|
|
}
|
|
actx->pinfo->private_data = ldap_info;
|
|
}
|
|
#.FN_BODY Credentials VAL_PTR = ¶meter_tvb
|
|
|
|
tvbuff_t *parameter_tvb;
|
|
ldap_conv_info_t *ldap_info;
|
|
gint8 class;
|
|
gboolean pc;
|
|
gint32 tag;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
|
|
ldap_info = actx->pinfo->private_data;
|
|
get_ber_identifier(parameter_tvb, 0, &class, &pc, &tag);
|
|
|
|
/*if ((ldap_info->auth_mech != NULL) && (strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) && (class==BER_CLASS_CON)) {*/
|
|
if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_CON)) {
|
|
/*
|
|
* This is a GSS-API token ancapsulated within GSS-SPNEGO.
|
|
* We need to check the first byte to check whether the blob
|
|
* contains SPNEGO or GSSAPI.
|
|
* All SPNEGO PDUs are of class CONSTRUCTED while
|
|
* GSS PDUs are class APPLICATION
|
|
*/
|
|
if (parameter_tvb && (tvb_length(parameter_tvb) > 0))
|
|
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
|
|
}
|
|
/*if ((ldap_info->auth_mech != NULL) && ((strcmp(ldap_info->auth_mech, "GSSAPI") == 0) || (class==BER_CLASS_APP))) {*/
|
|
if ((ldap_info->auth_mech != NULL) && (class==BER_CLASS_APP)) {
|
|
/*
|
|
* This is a raw GSS-API token.
|
|
*/
|
|
if (parameter_tvb && (tvb_length(parameter_tvb) > 0)) {
|
|
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
|
|
}
|
|
}
|
|
actx->pinfo->private_data = ldap_info;
|
|
|
|
|
|
#.FN_BODY ServerSaslCreds VAL_PTR = ¶meter_tvb
|
|
|
|
tvbuff_t *parameter_tvb = NULL;
|
|
ldap_conv_info_t *ldap_info;
|
|
|
|
%(DEFAULT_BODY)s
|
|
if (!parameter_tvb)
|
|
return offset;
|
|
ldap_info = actx->pinfo->private_data;
|
|
switch (ldap_info->auth_type) {
|
|
|
|
/* For Kerberos V4, dissect it as a ticket. */
|
|
/* XXX - what about LDAP_AUTH_SIMPLE? */
|
|
|
|
case LDAP_AUTH_SASL:
|
|
/*
|
|
* All frames after this are assumed to use a security layer.
|
|
*
|
|
* XXX - won't work if there's another reply, with the security
|
|
* layer, starting in the same TCP segment that ends this
|
|
* reply, but as LDAP is a request/response protocol, and
|
|
* as the client probably can't start using authentication until
|
|
* it gets the bind reply and the server won't send a reply until
|
|
* it gets a request, that probably won't happen.
|
|
*
|
|
* XXX - that assumption is invalid; it's not clear where the
|
|
* hell you find out whether there's any security layer. In
|
|
* one capture, we have two GSS-SPNEGO negotiations, both of
|
|
* which select MS KRB5, and the only differences in the tokens
|
|
* is in the RC4-HMAC ciphertext. The various
|
|
* draft-ietf--cat-sasl-gssapi-NN.txt drafts seem to imply
|
|
* that the RFC 2222 spoo with the bitmask and maximum
|
|
* output message size stuff is done - but where does that
|
|
* stuff show up? Is it in the ciphertext, which means it's
|
|
* presumably encrypted?
|
|
*
|
|
* Grrr. We have to do a gross heuristic, checking whether the
|
|
* putative LDAP message begins with 0x00 or not, making the
|
|
* assumption that we won't have more than 2^24 bytes of
|
|
* encapsulated stuff.
|
|
*/
|
|
ldap_info->first_auth_frame = actx->pinfo->fd->num + 1;
|
|
if (ldap_info->auth_mech != NULL &&
|
|
strcmp(ldap_info->auth_mech, "GSS-SPNEGO") == 0) {
|
|
/* It could be the second leg of GSS-SPNEGO wrapping NTLMSSP
|
|
* which might not be wrapped in GSS-SPNEGO but be a raw
|
|
* NTLMSSP blob
|
|
*/
|
|
if ( (tvb_length(parameter_tvb)>=7)
|
|
&& (!tvb_memeql(parameter_tvb, 0, "NTLMSSP", 7))){
|
|
call_dissector(ntlmssp_handle, parameter_tvb, actx->pinfo, tree);
|
|
break;
|
|
}
|
|
/*
|
|
* This is a GSS-API token.
|
|
*/
|
|
if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
|
|
call_dissector(spnego_handle, parameter_tvb, actx->pinfo, tree);
|
|
} else if (ldap_info->auth_mech != NULL &&
|
|
strcmp(ldap_info->auth_mech, "GSSAPI") == 0) {
|
|
/*
|
|
* This is a GSS-API token.
|
|
*/
|
|
if(parameter_tvb && (tvb_length(parameter_tvb) > 0))
|
|
call_dissector(gssapi_handle, parameter_tvb, actx->pinfo, tree);
|
|
}
|
|
break;
|
|
}
|
|
actx->pinfo->private_data = ldap_info;
|
|
|
|
#.FN_BODY LDAPString VAL_PTR = ¶meter_tvb
|
|
tvbuff_t *parameter_tvb = NULL;
|
|
const char *ldapstring = NULL;
|
|
gchar *sc = NULL; /* semi-colon pointer */
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if (parameter_tvb || (hf_index == hf_ldap_baseObject)) {
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
if(parameter_tvb)
|
|
ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0));
|
|
|
|
if(hf_index == hf_ldap_baseObject) {
|
|
/* this is search - put it on the scanline */
|
|
if(!ldapstring || !*ldapstring)
|
|
ldapstring = "<ROOT>";
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
|
|
|
|
|
|
if(!parameter_tvb) {
|
|
|
|
proto_item_append_text(actx->created_item, " (%%s)", ldapstring);
|
|
}
|
|
|
|
} else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%%s) ", ldapstring);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " (%%s)", ldapstring);
|
|
|
|
} else if ((hf_index == hf_ldap_objectName) ||
|
|
(hf_index == hf_ldap_name) ||
|
|
(hf_index == hf_ldap_entry) ||
|
|
(hf_index == hf_ldap_object) ||
|
|
(hf_index == hf_ldap_delRequest) ) {
|
|
|
|
if(!ldapstring || !*ldapstring)
|
|
ldapstring = "<ROOT>";
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring);
|
|
} else if (hf_index == hf_ldap_attributeDesc){
|
|
/* remember the attribute description */
|
|
attributedesc_string=ldapstring;
|
|
} else if (hf_index == hf_ldap_initial){
|
|
/* remember the substring item */
|
|
substring_item_init=ldapstring;
|
|
} else if (hf_index == hf_ldap_any){
|
|
/* remember the substring item */
|
|
substring_item_any=ldapstring;
|
|
} else if (hf_index == hf_ldap_final){
|
|
/* remember the substring item */
|
|
substring_item_final=ldapstring;
|
|
} else if (hf_index == hf_ldap_matchingRule){
|
|
/* remember the matching rule */
|
|
matching_rule_string=ldapstring;
|
|
} else if (hf_index == hf_ldap_present){
|
|
/* remember the present name */
|
|
Filter_string=ldapstring;
|
|
} else if (hf_index == hf_ldap_type) {
|
|
/* remember attribute type name */
|
|
attr_type = ep_strdup(ldapstring);
|
|
|
|
/* append it to the parent entry */
|
|
proto_item_append_text(tree, " %%s", attr_type);
|
|
|
|
/* remove the ";binary" component if present */
|
|
if((sc = strchr(attr_type, ';')) != NULL) {
|
|
if(!strcmp(sc, ";binary")) {
|
|
*sc = '\0'; /* terminate the string */
|
|
is_binary_attr_type = TRUE;
|
|
}
|
|
} else {
|
|
is_binary_attr_type = FALSE;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#.FN_BODY SearchRequest/_untag/scope VAL_PTR = &scope
|
|
|
|
guint32 scope = 0xffff;
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
valstr = val_to_str(scope, ldap_T_scope_vals, "Unknown scope(%%u)");
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
#.FN_BODY LDAPResult/resultCode VAL_PTR = &result
|
|
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)");
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
|
|
#.FN_BODY BindResponse/_untag/resultCode VAL_PTR = &result
|
|
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)");
|
|
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
|
|
#.FN_BODY AttributeValue
|
|
|
|
tvbuff_t *next_tvb = NULL;
|
|
gchar *string;
|
|
guint32 i, len;
|
|
int old_offset = offset;
|
|
|
|
/* attr_type, should be set before calling this function */
|
|
|
|
/* extract the value of the octetstring */
|
|
offset = dissect_ber_octet_string(FALSE, actx, NULL, tvb, offset, hf_index, &next_tvb);
|
|
|
|
/* if we have an attribute type that isn't binary see if there is a better dissector */
|
|
if(!attr_type || !next_tvb || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, actx->pinfo, tree)) {
|
|
offset = old_offset;
|
|
|
|
/* do the default thing */
|
|
%(DEFAULT_BODY)s
|
|
|
|
}
|
|
|
|
len = tvb_length_remaining(next_tvb, 0);
|
|
|
|
for(i = 0; i < len; i++)
|
|
if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i)))
|
|
break;
|
|
|
|
if(i == len) {
|
|
string = tvb_get_ephemeral_string(next_tvb, 0, tvb_length_remaining(next_tvb, 0));
|
|
|
|
|
|
proto_item_set_text(actx->created_item, "%%s", string);
|
|
|
|
}
|
|
|
|
#.FN_BODY AuthenticationChoice VAL_PTR = &branch
|
|
gint branch = -1;
|
|
gint auth = -1;
|
|
const gchar *valstr;
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0])))
|
|
auth = AuthenticationChoice_choice[branch].value;
|
|
|
|
valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%%u)");
|
|
|
|
/* If auth is NTLM (10 or 11) don't add to column as the NTLM dissection will do this */
|
|
if ((auth != 10) && (auth != 11))
|
|
col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
|
|
|
|
if(ldm_tree)
|
|
proto_item_append_text(ldm_tree, " %%s", valstr);
|
|
|
|
|
|
#.FN_BODY UnbindRequest
|
|
|
|
implicit_tag = TRUE; /* correct problem with asn2wrs */
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
|
|
|
|
|
|
|
|
#.FN_HDR SearchRequest/_untag/filter
|
|
Filter_string=NULL;
|
|
Filter_elements = 0;
|
|
Filter_length = 0;
|
|
|
|
#.FN_FTR SearchRequest/_untag/filter
|
|
Filter_string=NULL;
|
|
and_filter_string=NULL;
|
|
Filter_elements = 0;
|
|
Filter_length = 0;
|
|
|
|
#.FN_FTR Filter/equalityMatch
|
|
Filter_string=ep_strdup_printf("(%s=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
|
|
#.FN_FTR Filter/greaterOrEqual
|
|
Filter_string=ep_strdup_printf("(%s>=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
|
|
#.FN_FTR Filter/lessOrEqual
|
|
Filter_string=ep_strdup_printf("(%s<=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
|
|
#.FN_FTR Filter/approxMatch
|
|
Filter_string=ep_strdup_printf("(%s~=%s)",
|
|
string_or_null(attributedesc_string),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
#.FN_FTR Filter/and/_item
|
|
if(and_filter_string){
|
|
and_filter_string=ep_strdup_printf("(&%s%s)",and_filter_string,Filter_string);
|
|
} else {
|
|
and_filter_string=Filter_string;
|
|
}
|
|
|
|
#.FN_BODY Filter/and
|
|
proto_tree *tr=NULL;
|
|
proto_item *it=NULL;
|
|
const char *old_and_filter_string=and_filter_string;
|
|
|
|
and_filter_string=NULL;
|
|
if(tree){
|
|
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "and: ");
|
|
tr=proto_item_add_subtree(it, ett_ldap_T_and);
|
|
tree = tr;
|
|
}
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
if(and_filter_string) {
|
|
proto_item_append_text(it, "%%s", and_filter_string);
|
|
Filter_string=ep_strdup_printf("%%s",and_filter_string);
|
|
}
|
|
and_filter_string=old_and_filter_string;
|
|
|
|
#.FN_FTR Filter/or/_item
|
|
if(or_filter_string){
|
|
or_filter_string=ep_strdup_printf("(|%s%s)",or_filter_string,Filter_string);
|
|
} else {
|
|
or_filter_string=Filter_string;
|
|
}
|
|
|
|
|
|
#.FN_BODY Filter/or
|
|
proto_tree *tr=NULL;
|
|
proto_item *it=NULL;
|
|
const char *old_or_filter_string=or_filter_string;
|
|
|
|
or_filter_string=NULL;
|
|
if(tree){
|
|
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "or: ");
|
|
tr=proto_item_add_subtree(it, ett_ldap_T_or);
|
|
tree = tr;
|
|
}
|
|
%(DEFAULT_BODY)s
|
|
if(or_filter_string) {
|
|
proto_item_append_text(it, "%%s", or_filter_string);
|
|
Filter_string=ep_strdup_printf("%%s",or_filter_string);
|
|
}
|
|
or_filter_string=old_or_filter_string;
|
|
|
|
#.FN_FTR Filter/present
|
|
Filter_string=ep_strdup_printf("(%s=*)",string_or_null(Filter_string));
|
|
|
|
#.FN_FTR Filter/not
|
|
Filter_string=ep_strdup_printf("(!%s)",string_or_null(Filter_string));
|
|
|
|
#.FN_BODY MatchingRuleAssertion/dnAttributes
|
|
gboolean val;
|
|
|
|
offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &val);
|
|
|
|
|
|
matching_rule_dnattr = val;
|
|
|
|
|
|
#.FN_HDR Filter/extensibleMatch
|
|
attr_type=NULL;
|
|
matching_rule_string=NULL;
|
|
ldapvalue_string=NULL;
|
|
matching_rule_dnattr=FALSE;
|
|
|
|
#.FN_FTR Filter/extensibleMatch
|
|
Filter_string=ep_strdup_printf("(%s:%s%s%s=%s)",
|
|
(attr_type?attr_type:""),
|
|
(matching_rule_dnattr?"dn:":""),
|
|
(matching_rule_string?matching_rule_string:""),
|
|
(matching_rule_string?":":""),
|
|
string_or_null(ldapvalue_string));
|
|
|
|
#.FN_FTR SubstringFilter/substrings/_item
|
|
if (substring_item_final) {
|
|
substring_value=ep_strdup_printf("%s%s",
|
|
(substring_value?substring_value:"*"),
|
|
substring_item_final);
|
|
} else if (substring_item_any) {
|
|
substring_value=ep_strdup_printf("%s%s*",
|
|
(substring_value?substring_value:"*"),
|
|
substring_item_any);
|
|
} else if (substring_item_init) {
|
|
substring_value=ep_strdup_printf("%s*",
|
|
substring_item_init);
|
|
}
|
|
|
|
#.FN_BODY SubstringFilter
|
|
proto_tree *tr=NULL;
|
|
proto_item *it=NULL;
|
|
const char *old_substring_value=substring_value;
|
|
|
|
attr_type=NULL;
|
|
substring_value=NULL;
|
|
substring_item_init=NULL;
|
|
substring_item_any=NULL;
|
|
substring_item_final=NULL;
|
|
if(tree){
|
|
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "substring: ");
|
|
tr=proto_item_add_subtree(it, ett_ldap_SubstringFilter);
|
|
tree = tr;
|
|
}
|
|
%(DEFAULT_BODY)s
|
|
Filter_string=ep_strdup_printf("(%%s=%%s)",
|
|
string_or_null(attr_type),
|
|
string_or_null(substring_value));
|
|
proto_item_append_text(it, "%%s", Filter_string);
|
|
substring_value=old_substring_value;
|
|
|
|
#.FN_BODY Filter
|
|
proto_tree *tr=NULL;
|
|
proto_item *it=NULL;
|
|
attributedesc_string=NULL;
|
|
|
|
if (Filter_length++ > MAX_FILTER_LEN) {
|
|
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Filter length exceeds %%u. Giving up.", MAX_FILTER_LEN);
|
|
THROW(ReportedBoundsError);
|
|
}
|
|
|
|
if (Filter_elements++ > MAX_FILTER_ELEMENTS) {
|
|
expert_add_info_format(actx->pinfo, tree, PI_UNDECODED, PI_ERROR, "Found more than %%u filter elements. Giving up.", MAX_FILTER_ELEMENTS);
|
|
THROW(ReportedBoundsError);
|
|
}
|
|
|
|
if(tree){
|
|
it=proto_tree_add_text(tree, tvb, offset, tvb_length_remaining(tvb, offset), "Filter: ");
|
|
tr=proto_item_add_subtree(it, ett_ldap_Filter);
|
|
tree = tr;
|
|
}
|
|
%(DEFAULT_BODY)s
|
|
if(Filter_string)
|
|
proto_item_append_text(it, "%%s", string_or_null(Filter_string));
|
|
|
|
#.FN_BODY AuthenticationChoice/ntlmsspNegotiate
|
|
/* make sure the protocol op comes first */
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
|
|
offset+=tvb_length_remaining(tvb, offset);
|
|
|
|
#.FN_BODY AuthenticationChoice/ntlmsspAuth
|
|
/* make sure the protocol op comes first */
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
call_dissector(ntlmssp_handle, tvb, actx->pinfo, tree);
|
|
offset+=tvb_length_remaining(tvb, offset);
|
|
|
|
#.FN_BODY BindResponse/_untag/matchedDN
|
|
tvbuff_t *new_tvb=NULL;
|
|
|
|
offset = dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_ldap_matchedDN, &new_tvb);
|
|
|
|
if( new_tvb
|
|
&& (tvb_length(new_tvb)>=7)
|
|
&& (!tvb_memeql(new_tvb, 0, "NTLMSSP", 7))){
|
|
|
|
/* make sure the protocol op comes first */
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
call_dissector(ntlmssp_handle, new_tvb, actx->pinfo, tree);
|
|
}
|
|
return offset;
|
|
|
|
#.FN_BODY Control/controlValue
|
|
gint8 class;
|
|
gboolean pc, ind;
|
|
gint32 tag;
|
|
guint32 len;
|
|
|
|
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
|
/* remove the OCTET STRING encoding */
|
|
offset=dissect_ber_identifier(actx->pinfo, NULL, tvb, offset, &class, &pc, &tag);
|
|
offset=dissect_ber_length(actx->pinfo, NULL, tvb, offset, &len, &ind);
|
|
|
|
call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
|
|
|
|
offset += len;
|
|
} else {
|
|
%(DEFAULT_BODY)s
|
|
}
|
|
|
|
|
|
#.FN_BODY ExtendedRequest/_untag/requestValue
|
|
|
|
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
|
|
} else {
|
|
%(DEFAULT_BODY)s
|
|
}
|
|
|
|
#.FN_HDR IntermediateResponse/_untag/responseValue
|
|
|
|
const gchar *name;
|
|
|
|
#.FN_BODY IntermediateResponse/_untag/responseValue
|
|
if(ldm_tree && object_identifier_id) {
|
|
proto_item_set_text(ldm_tree, "%%s %%s", "IntermediateResponse", object_identifier_id);
|
|
name = oid_resolved_from_string(object_identifier_id);
|
|
if(name)
|
|
proto_item_append_text(ldm_tree, " (%%s)", name);
|
|
}
|
|
if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
|
|
offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
|
|
} else {
|
|
%(DEFAULT_BODY)s
|
|
}
|
|
|
|
#.FN_BODY DirSyncFlags
|
|
gint8 class;
|
|
gboolean pc;
|
|
gint32 tag;
|
|
guint32 len;
|
|
gint32 val;
|
|
header_field_info *hfinfo;
|
|
|
|
int otheroffset = offset;
|
|
if(!implicit_tag){
|
|
otheroffset=dissect_ber_identifier(actx->pinfo, tree, tvb, otheroffset, &class, &pc, &tag);
|
|
otheroffset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
|
|
} else {
|
|
gint32 remaining=tvb_length_remaining(tvb, offset);
|
|
len=remaining>0 ? remaining : 0;
|
|
}
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, -1, &val);
|
|
|
|
hfinfo = proto_registrar_get_nth(hf_index);
|
|
|
|
if (val >0) {
|
|
proto_tree *subtree = NULL;
|
|
proto_item *item = NULL;
|
|
item = proto_tree_add_text(tree, tvb, otheroffset+1, len, "%s: 0x%08x", hfinfo->name, val);
|
|
subtree = proto_item_add_subtree(item, ett_ldap_DirSyncFlagsSubEntry);
|
|
|
|
if (val & 0x1) {
|
|
proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Object_Security");
|
|
}
|
|
if (val & 0x800) {
|
|
proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Ancestor_First");
|
|
}
|
|
if (val & 0x2000) {
|
|
proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Public_Data_Only");
|
|
}
|
|
if (val & 0x80000000) {
|
|
proto_tree_add_text(subtree, tvb, otheroffset+1, len, "Flag Incremental_Value");
|
|
}
|
|
} else {
|
|
proto_tree_add_text(tree, tvb, otheroffset+len, len, "%s: 0", hfinfo->name);
|
|
}
|
|
|
|
#.FN_BODY SearchResultReference
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
|
|
#.FN_BODY AbandonRequest
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
ldap_do_protocolop(actx->pinfo);
|
|
|
|
#.NO_EMIT
|
|
AttributeType
|
|
Attribute
|
|
AssertionValue
|