Wireshark-bugs: [Wireshark-bugs] [Bug 5239] New: The CLDAP attribute value on a CLDAP reply is n

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 20 Sep 2010 12:59:01 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5239

           Summary: The CLDAP attribute value on a CLDAP reply is no
                    longer being decoded
           Product: Wireshark
           Version: 1.4.0
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: fschorr@xxxxxxxxxxx


Build Information:
Version 1.4.0 (SVN Rev 34005 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Aug
29 2010), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729
--
A problem has shown up with the decoding of the AttributeValue for the 
"netlogon" attribute in a CLDAP response.  This problem showed up sometime
after Wireshark 1.3.5.  I tested using 1.4.0 and 1.5.0-34154 and both showed
the same failure.

I'm attaching a capture to this bug report.  The following examples are showing
the response in frame 4 in the capture.

In Wireshark 1.4.0 and 1.5.0-34154 the decode of frame 4 looks like:

Connectionless Lightweight Directory Access Protocol
    LDAPMessage searchResEntry(1) "<ROOT>" [1 result]
        messageID: 1
        protocolOp: searchResEntry (4)
            searchResEntry
                objectName: 
                attributes: 1 item
                    PartialAttributeList item netlogon
                        type: netlogon
                        vals: 1 item
                            AttributeValue:
17000000fd03000057a2d80c69f5b846b1c6ed6dcf21d199...

The correct decode should look like:

Connectionless Lightweight Directory Access Protocol
    LDAPMessage searchResEntry(1) "<ROOT>" [1 result]
        messageID: 1
        protocolOp: searchResEntry (4)
            searchResEntry
                objectName: 
                attributes: 1 item
                    PartialAttributeList netlogon
                        type: netlogon
                        vals: 1 item
                            Type: LOGON_SAM_LOGON_RESPONSE_EX (23)
                            Flags: 0x000003fd (Good Time Serv, Writable,
Closest, Time Serv, KDC, DS, LDAP, GC, PDC)
                                0... .... .... .... .... .... .... .... = FDC:
The NC is not the default forest NC (Windows 2008)
                                .0.. .... .... .... .... .... .... .... = DNC:
The NC is not the default NC (Windows 2008)
                                ..0. .... .... .... .... .... .... .... = DNS:
Server name is not in DNS format (Windows 2008)
                                .... .... .... .... ...0 .... .... .... = WDC:
Domain controller is not a Windows 2008 writable NC
                                .... .... .... .... .... 0... .... .... = RODC:
Domain controller is not a Windows 2008 RODC
                                .... .... .... .... .... .0.. .... .... = NDNC:
Domain is NOT non-domain nc serviced by ldap server
                                .... .... .... .... .... ..1. .... .... = Good
Time Serv: This dc has a GOOD TIME SERVICE (i.e. hardware clock)
                                .... .... .... .... .... ...1 .... .... =
Writable: This dc is WRITABLE
                                .... .... .... .... .... .... 1... .... =
Closest: This is the CLOSEST dc
                                .... .... .... .... .... .... .1.. .... = Time
Serv: This dc is running TIME SERVICES (ntp)
                                .... .... .... .... .... .... ..1. .... = KDC:
This is a KDC (kerberos)
                                .... .... .... .... .... .... ...1 .... = DS:
This dc supports DS
                                .... .... .... .... .... .... .... 1... = LDAP:
This is an LDAP server
                                .... .... .... .... .... .... .... .1.. = GC:
This is a GLOBAL CATALOGUE of forest
                                .... .... .... .... .... .... .... ...1 = PDC:
This is a PDC
                            Domain GUID: 57A2D80C69F5B846B1C6ED6DCF21D199
                            Forest: duluth.local
                            Domain: duluth.local
                            Hostname: w2k3-dc.duluth.local
                            NetBios Domain: DULUTH
                            NetBios Hostname: W2K3-DC
                            Username: 
                            Site: Default-First-Site
                            Client Site: Default-First-Site
                            Version: 5
                            LM Token: 0xffff
                            NT Token: 0xffff

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.