Ethereal-dev: [ethereal-dev] ldap dissector
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: nazard@xxxxxxxxxxxxxxx
Date: Thu, 23 Mar 2000 06:06:16 -0500 (EST)
Ok, here is another go at an ldap dissector. This one uses the asn1.c routines although I'm wrapping most of them to provide the functionality I need. -- Doug Nazar Dragon Computer Consultants Inc. Tel: (416) 708-1578 Fax: (416) 708-8081
/* packet-ldap.c
 * Routines for ldap packet dissection
 *
 * $Id: packet-ldap.c,v 1.2 2000/01/07 22:05:32 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
/*
 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
 * It's also missing the substring and extensible search filters.
 * 
 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
 * and correct packet.
 * 
 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
 * I can do.
 * 
 * Doug Nazar
 * nazard@xxxxxxxxxxxxxxx
 */
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#include <string.h>
#include <glib.h>
#include "packet.h"
#include "packet-ldap.h"
#include "asn1.h"
static int proto_ldap = -1;
static int hf_ldap_length = -1;
static int hf_ldap_message_id = -1;
static int hf_ldap_message_type = -1;
static int hf_ldap_message_length = -1;
static int hf_ldap_message_result = -1;
static int hf_ldap_message_result_matcheddn = -1;
static int hf_ldap_message_result_errormsg = -1;
static int hf_ldap_message_result_referral = -1;
static int hf_ldap_message_bind_version = -1;
static int hf_ldap_message_bind_dn = -1;
static int hf_ldap_message_bind_auth = -1;
static int hf_ldap_message_bind_auth_password = -1;
static int hf_ldap_message_search_base = -1;
static int hf_ldap_message_search_scope = -1;
static int hf_ldap_message_search_deref = -1;
static int hf_ldap_message_search_sizeLimit = -1;
static int hf_ldap_message_search_timeLimit = -1;
static int hf_ldap_message_search_typesOnly = -1;
static int hf_ldap_message_search_filter = -1;
static int hf_ldap_message_dn = -1;
static int hf_ldap_message_attribute = -1;
static int hf_ldap_message_value = -1;
static int hf_ldap_message_modrdn_name = -1;
static int hf_ldap_message_modrdn_delete = -1;
static int hf_ldap_message_modrdn_superior = -1;
static int hf_ldap_message_compare = -1;
static int hf_ldap_message_modify_add = -1;
static int hf_ldap_message_modify_replace = -1;
static int hf_ldap_message_modify_delete = -1;
static int hf_ldap_message_abandon_msgid = -1;
static gint ett_ldap = -1;
static gint ett_ldap_message = -1;
static gint ett_ldap_referrals = -1;
static gint ett_ldap_attribute = -1;
static value_string msgTypes [] = {
  {LDAP_REQ_BIND, "Bind Request"},
  {LDAP_REQ_UNBIND, "Unbind Request"},
  {LDAP_REQ_UNBIND_30, "Unbind Request"},
  {LDAP_REQ_SEARCH, "Search Request"},
  {LDAP_REQ_MODIFY, "Modify Request"},
  {LDAP_REQ_ADD, "Add Request"},
  {LDAP_REQ_DELETE, "Delete Request"},
  {LDAP_REQ_DELETE_30, "Delete Request"},
  {LDAP_REQ_MODRDN, "Modify RDN Request"},
  {LDAP_REQ_COMPARE, "Compare Request"},
  {LDAP_REQ_ABANDON, "Abandon Request"},
  {LDAP_REQ_ABANDON_30, "Abandon Request"},
    
  {LDAP_RES_BIND, "Bind Result"},
  {LDAP_RES_SEARCH_ENTRY, "Search Entry"},
  {LDAP_RES_SEARCH_RESULT, "Search Result"},
  {LDAP_RES_MODIFY, "Modify Result"},
  {LDAP_RES_ADD, "Add Result"},
  {LDAP_RES_DELETE, "Delete Result"},
  {LDAP_RES_MODRDN, "Modify RDN Result"},
  {LDAP_RES_COMPARE, "Compare Result"}
};
static const char *message_type_str(long messageType)
{
  int count = sizeof(msgTypes) / sizeof(value_string);
  while (count--)
  {
    if (msgTypes[count].value == messageType)
      return msgTypes[count].strptr;
  }
  
  return "Unknown";
}
static int read_length(ASN1_SCK *a, proto_tree *tree, int hf_id, guint *len)
{
  guint length = 0;
  gboolean def = FALSE;
  const guchar *start = a->pointer;
  
  asn1_length_decode(a, &def, &length);
  if (len)
    *len = length;
  if (tree)
    proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, length);
  return 0;
}
static int read_sequence(ASN1_SCK *a, guint *len)
{
  guchar tag = 0;
  guint length = 0;
  gboolean def = FALSE;
  
  asn1_octet_decode(a, &tag);
  if (tag != LBER_SEQUENCE)
    return 1;
  
  asn1_length_decode(a, &def, &length);
  if (len)
    *len = length;
  
  return 0;
}
static int read_set(ASN1_SCK *a, guint *len)
{
  guchar tag = 0;
  guint length = 0;
  gboolean def = FALSE;
  
  asn1_octet_decode(a, &tag);
  if (tag != LBER_SET)
    return 1;
  
  asn1_length_decode(a, &def, &length);
  if (len)
    *len = length;
  
  return 0;
}
static int read_integer(ASN1_SCK *a, proto_tree *tree, int hf_id, proto_tree **new_tree, guint *i, guchar expected_tag)
{
  guint length = 0;
  guint integer = 0;
  guchar tag = 0;
  gboolean def = FALSE;
  const guchar *start = a->pointer;
  
  asn1_octet_decode(a, &tag);
  if (tag != expected_tag)
    return 1;
  asn1_length_decode(a, &def, &length);
  asn1_uint32_value_decode(a, length, &integer);
  if (i)
    *i = integer;
  if (tree)
  {
    proto_tree *temp_tree = 0;
    temp_tree = proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, integer);
    if (new_tree)
      *new_tree = temp_tree;
  }
  return 0;
}
static int read_string(ASN1_SCK *a, proto_tree *tree, int hf_id, proto_tree **new_tree, char **s, guchar expected_tag)
{
  guchar *string;
  guchar tag = 0;
  guint length = 0;
  gboolean def = FALSE;
  const guchar *start = a->pointer;
  
  asn1_octet_decode(a, &tag);
  if (tag != expected_tag)
    return 1;
  asn1_length_decode(a, &def, &length);
  if (length)
  {
    asn1_octet_string_value_decode(a, length, &string);
    string = g_realloc(string, length + 1);
    string[length] = '\0';
  }
  else
    string = "(null)";
    
  if (tree)
  {
    proto_tree *temp_tree;
    temp_tree = proto_tree_add_item(tree, hf_id, start - a->begin, a->pointer - start, string);
    if (new_tree)
      *new_tree = temp_tree;
  }
  if (s && length)
    *s = string;
  else if (length)
    g_free(string);
  return 0;
}
static void parse_filter_strings(ASN1_SCK *a, char **filter, guint *filter_length, const guchar *operation)
{
  guchar *string;
  guchar *string2;
  gint string_length;
  gint string2_length;
  guint string_bytes;
  asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
  asn1_octet_string_decode(a, &string2, &string2_length, &string_bytes);
  *filter_length += 3 + string_length + string2_length;
  *filter = g_realloc(*filter, *filter_length);
  sprintf(*filter + strlen(*filter), "(%.*s%s%.*s)", string_length, string, operation, string2_length, string2);
  g_free(string);
  g_free(string2);
}
static gboolean parse_filter(ASN1_SCK *a, char **filter, guint *filter_length, const guchar **end)
{
  guchar tag;
  guint length;
  gboolean def;
  asn1_octet_decode(a, &tag);
  asn1_length_decode(a, &def, &length);
  
  if (*end == 0)
  {
    *end = a->pointer + length;
    *filter_length = 1;
    *filter = g_malloc0(*filter_length);
  }
  switch (tag)
  {
   case LDAP_FILTER_AND:
    {
      const guchar *add_end = a->pointer + length;
      *filter_length += 3;
      *filter = g_realloc(*filter, *filter_length);
      strcat(*filter, "(&");
      while (!parse_filter(a, filter, filter_length, &add_end))
	continue;
      strcat(*filter, ")");
    }
    break;
   case LDAP_FILTER_OR:
    {
      const guchar *or_end = a->pointer + length;
      *filter_length += 3;
      *filter = g_realloc(*filter, *filter_length);
      strcat(*filter, "(|");
      while (!parse_filter(a, filter, filter_length, &or_end))
	continue;
      strcat(*filter, ")");
    }
    break;
   case LDAP_FILTER_NOT:
    {
      const guchar *not_end = a->pointer + length;
      *filter_length += 3;
      *filter = g_realloc(*filter, *filter_length);
      strcat(*filter, "(!");
      parse_filter(a, filter, filter_length, ¬_end);
      strcat(*filter, ")");
    }
    break;
   case LDAP_FILTER_EQUALITY:
    parse_filter_strings(a, filter, filter_length, "=");
    break;
   case LDAP_FILTER_GE:
    parse_filter_strings(a, filter, filter_length, ">=");
    break;
   case LDAP_FILTER_LE:
    parse_filter_strings(a, filter, filter_length, "<=");
    break;
   case LDAP_FILTER_APPROX:
    parse_filter_strings(a, filter, filter_length, "~=");
    break;
   case LDAP_FILTER_PRESENT:
   case LDAP_FILTER_PRESENT_30:
    {
      guchar *string;
      gint string_length;
      guint string_bytes;
    
      asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
      *filter_length += 3 + string_length;
      *filter = g_realloc(*filter, *filter_length);
      sprintf(*filter + strlen(*filter), "(%.*s=*)", string_length, string);
      g_free(string);
    }
    break;
   case LDAP_FILTER_SUBSTRINGS:
    asn1_null_decode(a, length);
    break;
  }
  
  return a->pointer == *end;
}
static int read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
{
  const guchar *start = a->pointer;
  char *filter = 0;
  guint filter_length = 0;
  const guchar *end = 0;
     
  while (!parse_filter(a, &filter, &filter_length, &end))
    continue;
  
  if (tree)
    proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, filter);
  g_free(filter);
  return 0;
}
/********************************************************************************************/
static int dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
{
  guint resultCode = 0;
  
  read_length(a, tree, hf_ldap_message_length, 0);
  read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, LBER_ENUMERATED);
  read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, LBER_OCTETSTRING);
  read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, LBER_OCTETSTRING);
  if (resultCode == 10)		/* Referral */
  {
    const guchar *start = a->pointer;
    const guchar *end;
    guint length;
    proto_tree *t, *referralTree;
    
    read_sequence(a, &length);
    t = proto_tree_add_text(tree, start-a->begin, length, "Referral URLs");
    referralTree = proto_item_add_subtree(t, ett_ldap_referrals);
    end = a->pointer + length;;
    while (a->pointer < end)
      read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, LBER_OCTETSTRING);
  }
    
  return 0;
}
static int dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree)
{
  read_length(a, tree, hf_ldap_message_length, 0);
  read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, LBER_INTEGER);
  read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, LBER_OCTETSTRING);
  switch (*a->pointer)
  {
   case LDAP_AUTH_SIMPLE:
   case LDAP_AUTH_SIMPLE_30:
    proto_tree_add_item(tree, hf_ldap_message_bind_auth, a->pointer-a->begin, 1, *a->pointer);
    read_string(a, tree, hf_ldap_message_bind_auth_password, 0, 0, *a->pointer);
    break;
  }
  
  return 0;
}
static int dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree)
{
  dissect_ldap_result(a, tree);
  /* FIXME: handle SASL data */
  return 0;
}
static int dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end;
  
  read_length(a, tree, hf_ldap_message_length, 0);
  read_string(a, tree, hf_ldap_message_search_base, 0, 0, LBER_OCTETSTRING);
  read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, LBER_ENUMERATED);
  read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, LBER_ENUMERATED);
  read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, LBER_INTEGER);
  read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, LBER_INTEGER);
  read_integer(a, tree, hf_ldap_message_search_typesOnly, 0, 0, LBER_BOOLEAN);
  read_filter(a, tree, hf_ldap_message_search_filter);
  read_sequence(a, &seq_length);
  end = a->pointer + seq_length;
  while (a->pointer < end)
    read_string(a, tree, hf_ldap_message_attribute, 0, 0, LBER_OCTETSTRING);
  return 0;
}
static int dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end_of_sequence;
 
  read_length(a, tree, hf_ldap_message_length, 0);
  read_string(a, tree, hf_ldap_message_dn, 0, 0, LBER_OCTETSTRING);
  read_sequence(a, &seq_length);
  end_of_sequence = a->pointer + seq_length;
  while (a->pointer < end_of_sequence)
  {
    proto_tree *t, *attr_tree;
    guint set_length;
    const guchar *end_of_set;
    read_sequence(a, 0);
    read_string(a, tree, hf_ldap_message_attribute, &t, 0, LBER_OCTETSTRING);
    attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
    read_set(a, &set_length);
    end_of_set = a->pointer + set_length;
    while (a->pointer < end_of_set)
      read_string(a, attr_tree, hf_ldap_message_value, 0, 0, LBER_OCTETSTRING);
  }
  return 0;
}
static int dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end_of_sequence;
  
  read_length(a, tree, hf_ldap_message_length, 0);
  read_string(a, tree, hf_ldap_message_dn, 0, 0, LBER_OCTETSTRING);
  read_sequence(a, &seq_length);
  end_of_sequence = a->pointer + seq_length;
  while (a->pointer < end_of_sequence)
  {
    proto_tree *t, *attr_tree;
    guint set_length;
    const guchar *end_of_set;
    read_sequence(a, 0);
    read_string(a, tree, hf_ldap_message_attribute, &t, 0, LBER_OCTETSTRING);
    attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
    read_set(a, &set_length);
    end_of_set = a->pointer + set_length;
    while (a->pointer < end_of_set)
      read_string(a, attr_tree, hf_ldap_message_value, 0, 0, LBER_OCTETSTRING);
  }
  return 0;
}
static int dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree)
{
  read_string(a, tree, hf_ldap_message_dn, 0, 0, LDAP_REQ_DELETE);
  return 0;
}
static int dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree)
{
  guint length;
  const guchar *start;
  start = a->pointer;
  read_length(a, tree, hf_ldap_message_length, &length);
  read_string(a, tree, hf_ldap_message_dn, 0, 0, LBER_OCTETSTRING);
  read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, LBER_OCTETSTRING);
  read_integer(a, tree, hf_ldap_message_modrdn_delete, 0, 0, LBER_BOOLEAN);
  
  if (a->pointer < (start + length))
    read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, LBER_OCTETSTRING);
  return 0;
}
static int dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
{
  const guchar *start;
  int length;
  char *string1 = 0;
  char *string2 = 0;
  char *compare;
  
  read_length(a, tree, hf_ldap_message_length, 0);
  read_string(a, tree, hf_ldap_message_dn, 0, 0, LBER_OCTETSTRING);
  read_sequence(a, 0);
  start = a->pointer;
  read_string(a, 0, -1, 0, &string1, LBER_OCTETSTRING);
  read_string(a, 0, -1, 0, &string2, LBER_OCTETSTRING);
  length = 2 + strlen(string1) + strlen(string2);
  compare = g_malloc0(length);
  snprintf(compare, length, "%s=%s", string1, string2);
  proto_tree_add_item(tree, hf_ldap_message_compare, start-a->begin, a->pointer-start, compare);
  
  g_free(string1);
  g_free(string2);
  g_free(compare);
  
  return 0;
}
static int dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end_of_sequence;
  
  read_length(a, tree, hf_ldap_message_length, 0);
  read_string(a, tree, hf_ldap_message_dn, 0, 0, LBER_OCTETSTRING);
  read_sequence(a, &seq_length);
  end_of_sequence = a->pointer + seq_length;
  while (a->pointer < end_of_sequence)
  {
    proto_tree *t = 0, *attr_tree;
    guint set_length;
    const guchar *end_of_set;
    guint operation;
    read_sequence(a, 0);
    read_integer(a, 0, -1, 0, &operation, LBER_ENUMERATED);
    read_sequence(a, 0);
    switch (operation)
    {
     case LDAP_MOD_ADD:
      read_string(a, tree, hf_ldap_message_modify_add, &t, 0, LBER_OCTETSTRING);
      break;
     case LDAP_MOD_REPLACE:
      read_string(a, tree, hf_ldap_message_modify_replace, &t, 0, LBER_OCTETSTRING);
      break;
     case LDAP_MOD_DELETE:
      read_string(a, tree, hf_ldap_message_modify_delete, &t, 0, LBER_OCTETSTRING);
      break;
    }
    attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
    read_set(a, &set_length);
    end_of_set = a->pointer + set_length;
    while (a->pointer < end_of_set)
      read_string(a, attr_tree, hf_ldap_message_value, 0, 0, LBER_OCTETSTRING);
  }
  return 0;
}
static int dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree)
{
  read_integer(a, tree, hf_ldap_message_abandon_msgid, 0, 0, LDAP_REQ_ABANDON);
  return 0;
}
void
dissect_ldap(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
{
  proto_tree *ldap_tree = 0, *ti, *msg_tree;
  guint messageLength;
  guint messageId;
  guchar messageType;
  ASN1_SCK a;
  if (tree) 
  {
    ti = proto_tree_add_item(tree, proto_ldap, offset, END_OF_FRAME, NULL);
    ldap_tree = proto_item_add_subtree(ti, ett_ldap);
  }
  asn1_open(&a, pd, pi.captured_len);
  a.pointer += offset;
  if (read_sequence(&a, &messageLength))
  {
    if (tree)
      proto_tree_add_text(tree, offset, 1, "Invalid LDAP packet");
    return;
  }
  if (messageLength > (pi.captured_len - offset))
  {
    if (tree)
      proto_tree_add_text(tree, offset, END_OF_FRAME, "Sequence length: %u, LDAP packet data length = %u\n",
			  messageLength, pi.captured_len - offset);
    return;
  }
  
  read_integer(&a, ldap_tree, hf_ldap_message_id, 0, &messageId, LBER_INTEGER);
  asn1_octet_decode(&a, &messageType);
  
  if (check_col(fd, COL_PROTOCOL))
    col_add_str(fd, COL_PROTOCOL, "LDAP");
  if (check_col(fd, COL_INFO))
    col_add_fstr(fd, COL_INFO, "MsgId=%u MsgType=%s",
		 messageId, message_type_str(messageType));
  if (tree) 
  {
    ti = proto_tree_add_item(ldap_tree, hf_ldap_message_type, a.pointer - a.begin - 1, 1, messageType);
    msg_tree = proto_item_add_subtree(ti, ett_ldap_message);
    switch (messageType)
    {
     case LDAP_REQ_BIND:
      dissect_ldap_request_bind(&a, msg_tree);
      break;
     case LDAP_REQ_SEARCH:
      dissect_ldap_request_search(&a, msg_tree);
      break;
     case LDAP_REQ_ADD:
      dissect_ldap_request_add(&a, msg_tree);
      break;
     case LDAP_REQ_DELETE:
      dissect_ldap_request_delete(&a, msg_tree);
      break;
     case LDAP_REQ_MODRDN:
      dissect_ldap_request_modifyrdn(&a, msg_tree);
      break;
     case LDAP_REQ_COMPARE:
      dissect_ldap_request_compare(&a, msg_tree);
      break;
     case LDAP_REQ_MODIFY:
      dissect_ldap_request_modify(&a, msg_tree);
      break;
     case LDAP_REQ_ABANDON:
      dissect_ldap_request_abandon(&a, msg_tree);
      break;
     case LDAP_RES_BIND:
      dissect_ldap_response_bind(&a, msg_tree);
      break;
     case LDAP_RES_SEARCH_ENTRY:
      dissect_ldap_response_search_entry(&a, msg_tree);
      break;
     case LDAP_RES_SEARCH_RESULT:
     case LDAP_RES_MODIFY:
     case LDAP_RES_ADD:
     case LDAP_RES_DELETE:
     case LDAP_RES_MODRDN:
     case LDAP_RES_COMPARE:
      dissect_ldap_result(&a, msg_tree);
      break;
    }
  }
}
void
proto_register_ldap(void)
{
  static value_string result_codes[] = {
    {0, "Success"},
    {1, "Operations error"},
    {2, "Protocol error"},
    {3, "Time limit exceeded"},
    {4, "Size limit exceeded"},
    {5, "Compare false"},
    {6, "Compare true"},
    {7, "Authentication method not supported"},
    {8, "Strong authentication required"},
    {10, "Referral"},
    {11, "Administrative limit exceeded"},
    {12, "Unavailable critical extension"},
    {13, "Confidentiality required"},
    {14, "SASL bind in progress"},
    {16, "No such attribute"},
    {17, "Undefined attribute type"},
    {18, "Inappropriate matching"},
    {19, "Constraint violation"},
    {20, "Attribute or value exists"},
    {21, "Invalid attribute syntax"},
    {32, "No such object"},
    {33, "Alias problem"},
    {34, "Invalid DN syntax"},
    {36, "Alias derefetencing problem"},
    {48, "Inappropriate authentication"},
    {49, "Invalid credentials"},
    {50, "Insufficient access rights"},
    {51, "Busy"},
    {52, "Unavailable"},
    {53, "Unwilling to perform"},
    {54, "Loop detected"},
    {64, "Naming violation"},
    {65, "Objectclass violation"},
    {66, "Not allowed on non-leaf"},
    {67, "Not allowed on RDN"},
    {68, "Entry already exists"},
    {69, "Objectclass modification prohibited"},
    {71, "Affects multiple DSAs"},
    {80, "Other"},
  };
  static value_string auth_types[] = {
    {LDAP_AUTH_NONE, "None"},
    {LDAP_AUTH_SIMPLE, "Simple"},
    {LDAP_AUTH_SIMPLE_30, "Simple"},
    {LDAP_AUTH_KRBV4, "Kerberos"},
    {LDAP_AUTH_KRBV41, "Kerberos V4.1"},
    {LDAP_AUTH_KRBV41_30, "Kerberos V4.1"},
    {LDAP_AUTH_KRBV42, "Kerberos V4.2"},
    {LDAP_AUTH_KRBV42_30, "Kerberos V4.2"},
  };
  
  static value_string search_scope[] = {
    {0x00, "Base"},
    {0x01, "Single"},
    {0x02, "Subtree"},
  };
    
  static value_string search_dereference[] = {
    {0x00, "Never"},
    {0x01, "Searching"},
    {0x02, "Base Object"},
    {0x03, "Always"},
  };
  
  static hf_register_info hf[] = {
    { &hf_ldap_length,
      { "Length",		"ldap.length",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Length" }},
	  
    { &hf_ldap_message_id,
      { "Message Id",		"ldap.message_id",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Message Id" }},
    { &hf_ldap_message_type,
      { "Message Type",		"ldap.message_type",
	FT_UINT8, BASE_HEX, &msgTypes, 0x0,
	"LDAP Message Type" }},
    { &hf_ldap_message_length,
      { "Message Length",		"ldap.message_length",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Message Length" }},
    { &hf_ldap_message_result,
      { "Result Code",		"ldap.result.code",
	FT_INT8, BASE_HEX, result_codes, 0x0,
	"LDAP Result Code" }},
    { &hf_ldap_message_result_matcheddn,
      { "Matched DN",		"ldap.result.matcheddn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Result Matched DN" }},
    { &hf_ldap_message_result_errormsg,
      { "Error Message",		"ldap.result.errormsg",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Result Error Message" }},
    { &hf_ldap_message_result_referral,
      { "Referral",		"ldap.result.referral",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Result Referral URL" }},
    { &hf_ldap_message_bind_version,
      { "Version",		"ldap.bind.version",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Bind Version" }},
    { &hf_ldap_message_bind_dn,
      { "DN",			"ldap.bind.dn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Bind Distinguished Name" }},
    { &hf_ldap_message_bind_auth,
      { "Auth Type",		"ldap.bind.auth_type",
	FT_INT8, BASE_HEX, auth_types, 0x0,
	"LDAP Bind Auth Type" }},
    { &hf_ldap_message_bind_auth_password,
      { "Password",		"ldap.bind.password",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Bind Password" }},
    { &hf_ldap_message_search_base,
      { "Base DN",		"ldap.search.basedn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Search Base Distinguished Name" }},
    { &hf_ldap_message_search_scope,
      { "Scope",			"ldap.search.scope",
	FT_UINT8, BASE_HEX, search_scope, 0x0,
	"LDAP Search Scope" }},
    { &hf_ldap_message_search_deref,
      { "Dereference",		"ldap.search.dereference",
	FT_UINT8, BASE_HEX, search_dereference, 0x0,
	"LDAP Search Dereference" }},
    { &hf_ldap_message_search_sizeLimit,
      { "Size Limit",		"ldap.search.sizelimit",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Search Size Limit" }},
    { &hf_ldap_message_search_timeLimit,
      { "Time Limit",		"ldap.search.timelimit",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Search Time Limit" }},
    { &hf_ldap_message_search_typesOnly,
      { "Attributes Only",	"ldap.search.typesonly",
	FT_BOOLEAN, BASE_NONE, NULL, 0x0,
	"LDAP Search Attributes Only" }},
    { &hf_ldap_message_search_filter,
      { "Filter",		"ldap.search.filter",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Search Filter" }},
    { &hf_ldap_message_dn,
      { "Distinguished Name",	"ldap.dn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Distinguished Name" }},
    { &hf_ldap_message_attribute,
      { "Attribute",		"ldap.attribute",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Attribute" }},
    { &hf_ldap_message_value,
      { "Value",		"ldap.value",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Value" }},
    { &hf_ldap_message_modrdn_name,
      { "New Name",		"ldap.modrdn.name",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP New Name" }},
    { &hf_ldap_message_modrdn_delete,
      { "Delete Values",	"ldap.modrdn.delete",
	FT_BOOLEAN, BASE_NONE, NULL, 0x0,
	"LDAP Modify RDN - Delete original values" }},
    { &hf_ldap_message_modrdn_superior,
      { "New Location",		"ldap.modrdn.superior",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Modify RDN - New Location" }},
    { &hf_ldap_message_compare,
      { "Test",		"ldap.compare.test",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Compare Test" }},
    { &hf_ldap_message_modify_add,
      { "Add",			"ldap.modify.add",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Add" }},
    { &hf_ldap_message_modify_replace,
      { "Replace",		"ldap.modify.replace",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Replace" }},
    { &hf_ldap_message_modify_delete,
      { "Delete",		"ldap.modify.delete",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Delete" }},
    { &hf_ldap_message_abandon_msgid,
      { "Abandon Msg Id",	"ldap.abandon.msgid",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Abandon Msg Id" }},
  };
  static gint *ett[] = {
    &ett_ldap,
    &ett_ldap_message,
    &ett_ldap_referrals,
    &ett_ldap_attribute
  };
  proto_ldap = proto_register_protocol("Lightweight Directory Access Protocol", "ldap");
  proto_register_field_array(proto_ldap, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
}
/* packet-ldap.h * * $Id: packet-ldap.h,v 1.1 2000/02/15 21:02:32 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@xxxxxxxx> * Copyright 1998 Gerald Combs * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #define LBER_BOOLEAN 0x01L #define LBER_INTEGER 0x02L #define LBER_BITSTRING 0x03L #define LBER_OCTETSTRING 0x04L #define LBER_NULL 0x05L #define LBER_ENUMERATED 0x0aL #define LBER_SEQUENCE 0x30L /* constructed */ #define LBER_SET 0x31L /* constructed */ #define OLD_LBER_SEQUENCE 0x10L /* w/o constructed bit - broken */ #define OLD_LBER_SET 0x11L /* w/o constructed bit - broken */ #define LDAP_REQ_BIND 0x60L /* application + constructed */ #define LDAP_REQ_UNBIND 0x42L /* application + primitive */ #define LDAP_REQ_SEARCH 0x63L /* application + constructed */ #define LDAP_REQ_MODIFY 0x66L /* application + constructed */ #define LDAP_REQ_ADD 0x68L /* application + constructed */ #define LDAP_REQ_DELETE 0x4aL /* application + primitive */ #define LDAP_REQ_MODRDN 0x6cL /* application + constructed */ #define LDAP_REQ_COMPARE 0x6eL /* application + constructed */ #define LDAP_REQ_ABANDON 0x50L /* application + primitive */ #define LDAP_REQ_UNBIND_30 0x62L #define LDAP_REQ_DELETE_30 0x6aL #define LDAP_REQ_ABANDON_30 0x70L #define OLD_LDAP_REQ_BIND 0x00L #define OLD_LDAP_REQ_UNBIND 0x02L #define OLD_LDAP_REQ_SEARCH 0x03L #define OLD_LDAP_REQ_MODIFY 0x06L #define OLD_LDAP_REQ_ADD 0x08L #define OLD_LDAP_REQ_DELETE 0x0aL #define OLD_LDAP_REQ_MODRDN 0x0cL #define OLD_LDAP_REQ_COMPARE 0x0eL #define OLD_LDAP_REQ_ABANDON 0x10L #define LDAP_RES_BIND 0x61L /* application + constructed */ #define LDAP_RES_SEARCH_ENTRY 0x64L /* application + constructed */ #define LDAP_RES_SEARCH_RESULT 0x65L /* application + constructed */ #define LDAP_RES_MODIFY 0x67L /* application + constructed */ #define LDAP_RES_ADD 0x69L /* application + constructed */ #define LDAP_RES_DELETE 0x6bL /* application + constructed */ #define LDAP_RES_MODRDN 0x6dL /* application + constructed */ #define LDAP_RES_COMPARE 0x6fL /* application + constructed */ #define OLD_LDAP_RES_BIND 0x01L #define OLD_LDAP_RES_SEARCH_ENTRY 0x04L #define OLD_LDAP_RES_SEARCH_RESULT 0x05L #define OLD_LDAP_RES_MODIFY 0x07L #define OLD_LDAP_RES_ADD 0x09L #define OLD_LDAP_RES_DELETE 0x0bL #define OLD_LDAP_RES_MODRDN 0x0dL #define OLD_LDAP_RES_COMPARE 0x0fL #define LDAP_AUTH_NONE 0x00L /* no authentication */ #define LDAP_AUTH_SIMPLE 0x80L /* context specific + primitive */ #define LDAP_AUTH_KRBV4 0xffL /* means do both of the following */ #define LDAP_AUTH_KRBV41 0x81L /* context specific + primitive */ #define LDAP_AUTH_KRBV42 0x82L /* context specific + primitive */ #define LDAP_AUTH_SIMPLE_30 0xa0L /* context specific + constructed */ #define LDAP_AUTH_KRBV41_30 0xa1L /* context specific + constructed */ #define LDAP_AUTH_KRBV42_30 0xa2L /* context specific + constructed */ #define OLD_LDAP_AUTH_SIMPLE 0x00L #define OLD_LDAP_AUTH_KRBV4 0x01L #define OLD_LDAP_AUTH_KRBV42 0x02L /* filter types */ #define LDAP_FILTER_AND 0xa0L /* context specific + constructed */ #define LDAP_FILTER_OR 0xa1L /* context specific + constructed */ #define LDAP_FILTER_NOT 0xa2L /* context specific + constructed */ #define LDAP_FILTER_EQUALITY 0xa3L /* context specific + constructed */ #define LDAP_FILTER_SUBSTRINGS 0xa4L /* context specific + constructed */ #define LDAP_FILTER_GE 0xa5L /* context specific + constructed */ #define LDAP_FILTER_LE 0xa6L /* context specific + constructed */ #define LDAP_FILTER_PRESENT 0x87L /* context specific + primitive */ #define LDAP_FILTER_APPROX 0xa8L /* context specific + constructed */ /* 3.0 compatibility filter types */ #define LDAP_FILTER_PRESENT_30 0xa7L /* context specific + constructed */ #define LDAP_MOD_ADD 0x00 #define LDAP_MOD_DELETE 0x01 #define LDAP_MOD_REPLACE 0x02 void dissect_ldap(const u_char *, int, frame_data *, proto_tree *);
- Follow-Ups:
- Re: [ethereal-dev] ldap dissector
- From: Guy Harris
 
- Re: [ethereal-dev] ldap dissector
- From: Guy Harris
 
 
- Re: [ethereal-dev] ldap dissector
- Prev by Date: [ethereal-dev] [PATCH] Saving a temporary file on WIN32
- Next by Date: [ethereal-dev] Bug in Data-count and Hex-Dump from ethereal
- Previous by thread: Re: [ethereal-dev] ldap dissector
- Next by thread: Re: [ethereal-dev] ldap dissector
- Index(es):