Ethereal-dev: Re: [ethereal-dev] ldap dissector
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Mon, 27 Mar 2000 00:50:52 -0800
> Ok, here is another go at an ldap dissector. This one uses the asn1.c
> routines although I'm wrapping most of them to provide the
> functionality I need.
Looks good, although it can actually make more use of the stuff in
"asn1.c" and "asn1.h" than it currently does, at least if I add a couple
missing type tags to "asn1.h", for example using "asn1_id_decode()" to
decode type IDs and using "asn1_header_decode()" to decode
type-ID-plus-length headers.
This means using just the type tag, not the full type value with the
class and primitive/constructed bits, as the #defines for various LDAP
types (and checking the class and primitive/constructed bits elsewhere).
(I'm not sure why "packet-ldap.h" was defining XXX_30 as type IDs with
constructed encodings and XXX as type IDs with primitive encodings - for
example, it defines LDAP_REQ_UNBIND ax 0x42 (application type 2,
primitive encoding) and LDAP_REQ_UNBIND_30 as 0x62 (application type 2,
constructed encoding) - if "30" refers to LDAP v3, then I'd expect both
of them to use the primitive encoding, given that RFC 1777, for LDAP v2,
says
UnbindRequest ::= [APPLICATION 2] NULL
and RFC 2251, for LDAP v3, also says
UnbindRequest ::= [APPLICATION 2] NULL
and X.209, the ASN.1 BER spec, says "The encoding of a null value shall
be primitive".)
I've attached a patch to "asn1.h" to add in the type tags for the REAL
and ENUMERATED types - LDAP uses the ENUMERATED type - and have attached
the modified versions of "packet-ldap.c" and "packet-ldap.h"; I don't
have any LDAP captures with which to test them, but they at least
compile. (I will check the "asn1.h" change into the CVS tree.)
Index: asn1.h =================================================================== RCS file: /usr/local/cvsroot/ethereal/asn1.h,v retrieving revision 1.2 diff -c -r1.2 asn1.h *** asn1.h 1999/12/10 09:49:29 1.2 --- asn1.h 2000/03/27 08:39:39 *************** *** 45,50 **** --- 45,52 ---- #define ASN1_OJI 6 /* Object Identifier */ #define ASN1_OJD 7 /* Object Description */ #define ASN1_EXT 8 /* External */ + #define ASN1_REAL 9 /* Real */ + #define ASN1_ENUM 10 /* Enumerated */ #define ASN1_SEQ 16 /* Sequence */ #define ASN1_SET 17 /* Set */ #define ASN1_NUMSTR 18 /* Numerical String */
/* packet-ldap.c
* Routines for ldap packet dissection
*
* $Id: packet-ldap.c,v 1.2 2000/01/07 22:05:32 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@xxxxxxxx>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
* This is not a complete implementation. It doesn't handle the full version 3, more specifically,
* it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
* It's also missing the substring and extensible search filters.
*
* There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
* and correct packet.
*
* AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
* the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
* I can do.
*
* Doug Nazar
* nazard@xxxxxxxxxxxxxxx
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif
#include <string.h>
#include <glib.h>
#include "packet.h"
#include "packet-ldap.h"
#include "asn1.h"
static int proto_ldap = -1;
static int hf_ldap_length = -1;
static int hf_ldap_message_id = -1;
static int hf_ldap_message_type = -1;
static int hf_ldap_message_length = -1;
static int hf_ldap_message_result = -1;
static int hf_ldap_message_result_matcheddn = -1;
static int hf_ldap_message_result_errormsg = -1;
static int hf_ldap_message_result_referral = -1;
static int hf_ldap_message_bind_version = -1;
static int hf_ldap_message_bind_dn = -1;
static int hf_ldap_message_bind_auth = -1;
static int hf_ldap_message_bind_auth_password = -1;
static int hf_ldap_message_search_base = -1;
static int hf_ldap_message_search_scope = -1;
static int hf_ldap_message_search_deref = -1;
static int hf_ldap_message_search_sizeLimit = -1;
static int hf_ldap_message_search_timeLimit = -1;
static int hf_ldap_message_search_typesOnly = -1;
static int hf_ldap_message_search_filter = -1;
static int hf_ldap_message_dn = -1;
static int hf_ldap_message_attribute = -1;
static int hf_ldap_message_value = -1;
static int hf_ldap_message_modrdn_name = -1;
static int hf_ldap_message_modrdn_delete = -1;
static int hf_ldap_message_modrdn_superior = -1;
static int hf_ldap_message_compare = -1;
static int hf_ldap_message_modify_add = -1;
static int hf_ldap_message_modify_replace = -1;
static int hf_ldap_message_modify_delete = -1;
static int hf_ldap_message_abandon_msgid = -1;
static gint ett_ldap = -1;
static gint ett_ldap_message = -1;
static gint ett_ldap_referrals = -1;
static gint ett_ldap_attribute = -1;
static value_string msgTypes [] = {
{LDAP_REQ_BIND, "Bind Request"},
{LDAP_REQ_UNBIND, "Unbind Request"},
{LDAP_REQ_SEARCH, "Search Request"},
{LDAP_REQ_MODIFY, "Modify Request"},
{LDAP_REQ_ADD, "Add Request"},
{LDAP_REQ_DELETE, "Delete Request"},
{LDAP_REQ_MODRDN, "Modify RDN Request"},
{LDAP_REQ_COMPARE, "Compare Request"},
{LDAP_REQ_ABANDON, "Abandon Request"},
{LDAP_REQ_EXTENDED, "Extended Request"},
{LDAP_RES_BIND, "Bind Result"},
{LDAP_RES_SEARCH_ENTRY, "Search Entry"},
{LDAP_RES_SEARCH_RESULT, "Search Result"},
{LDAP_RES_SEARCH_REF, "Search Result Reference"},
{LDAP_RES_MODIFY, "Modify Result"},
{LDAP_RES_ADD, "Add Result"},
{LDAP_RES_DELETE, "Delete Result"},
{LDAP_RES_MODRDN, "Modify RDN Result"},
{LDAP_RES_COMPARE, "Compare Result"},
{LDAP_REQ_EXTENDED, "Extended Response"},
};
static int read_length(ASN1_SCK *a, proto_tree *tree, int hf_id, guint *len)
{
guint length = 0;
gboolean def = FALSE;
const guchar *start = a->pointer;
asn1_length_decode(a, &def, &length);
if (len)
*len = length;
if (tree)
proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, length);
return 0;
}
static int read_sequence(ASN1_SCK *a, guint *len)
{
guint cls, con, tag;
gboolean def;
guint length;
if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
return 1;
if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
return 1;
if (len)
*len = length;
return 0;
}
static int read_set(ASN1_SCK *a, guint *len)
{
guint cls, con, tag;
gboolean def;
guint length;
if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
return 1;
if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SET)
return 1;
if (len)
*len = length;
return 0;
}
static int read_integer_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
proto_tree **new_tree, guint *i, const guchar *start, guint length)
{
guint integer = 0;
asn1_uint32_value_decode(a, length, &integer);
if (i)
*i = integer;
if (tree)
{
proto_tree *temp_tree = 0;
temp_tree = proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, integer);
if (new_tree)
*new_tree = temp_tree;
}
return 0;
}
static int read_integer(ASN1_SCK *a, proto_tree *tree, int hf_id,
proto_tree **new_tree, guint *i, guint expected_tag)
{
guint cls, con, tag;
gboolean def;
guint length;
const guchar *start = a->pointer;
if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
return 1;
if (cls != ASN1_UNI || con != ASN1_PRI || tag != expected_tag)
return 1;
return read_integer_value(a, tree, hf_id, new_tree, i, start, length);
}
static int read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
proto_tree **new_tree, char **s, const guchar *start, guint length)
{
guchar *string;
if (length)
{
asn1_octet_string_value_decode(a, length, &string);
string = g_realloc(string, length + 1);
string[length] = '\0';
}
else
string = "(null)";
if (tree)
{
proto_tree *temp_tree;
temp_tree = proto_tree_add_item(tree, hf_id, start - a->begin, a->pointer - start, string);
if (new_tree)
*new_tree = temp_tree;
}
if (s && length)
*s = string;
else if (length)
g_free(string);
return 0;
}
static int read_string(ASN1_SCK *a, proto_tree *tree, int hf_id,
proto_tree **new_tree, char **s, guint expected_cls, guint expected_tag)
{
guint cls, con, tag;
gboolean def;
guint length;
const guchar *start = a->pointer;
if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
return 1;
if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
return 1;
return read_string_value(a, tree, hf_id, new_tree, s, start, length);
}
static void parse_filter_strings(ASN1_SCK *a, char **filter, guint *filter_length, const guchar *operation)
{
guchar *string;
guchar *string2;
gint string_length;
gint string2_length;
guint string_bytes;
asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
asn1_octet_string_decode(a, &string2, &string2_length, &string_bytes);
*filter_length += 3 + string_length + string2_length;
*filter = g_realloc(*filter, *filter_length);
sprintf(*filter + strlen(*filter), "(%.*s%s%.*s)", string_length, string, operation, string2_length, string2);
g_free(string);
g_free(string2);
}
static gboolean parse_filter(ASN1_SCK *a, char **filter, guint *filter_length, const guchar **end)
{
guint cls, con, tag;
guint length;
gboolean def;
/* XXX - what if this returns an error? */
asn1_header_decode(a, &cls, &con, &tag, &def, &length);
if (*end == 0)
{
*end = a->pointer + length;
*filter_length = 1;
*filter = g_malloc0(*filter_length);
}
if (cls == ASN1_CTX) /* XXX - handle other types as errors? */
{
switch (tag)
{
case LDAP_FILTER_AND:
{
const guchar *add_end;
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
add_end = a->pointer + length;
*filter_length += 3;
*filter = g_realloc(*filter, *filter_length);
strcat(*filter, "(&");
while (!parse_filter(a, filter, filter_length, &add_end))
continue;
strcat(*filter, ")");
}
break;
case LDAP_FILTER_OR:
{
const guchar *or_end;
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
or_end = a->pointer + length;
*filter_length += 3;
*filter = g_realloc(*filter, *filter_length);
strcat(*filter, "(|");
while (!parse_filter(a, filter, filter_length, &or_end))
continue;
strcat(*filter, ")");
}
break;
case LDAP_FILTER_NOT:
{
const guchar *not_end;
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
not_end = a->pointer + length;
*filter_length += 3;
*filter = g_realloc(*filter, *filter_length);
strcat(*filter, "(!");
parse_filter(a, filter, filter_length, ¬_end);
strcat(*filter, ")");
}
break;
case LDAP_FILTER_EQUALITY:
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
parse_filter_strings(a, filter, filter_length, "=");
break;
case LDAP_FILTER_GE:
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
parse_filter_strings(a, filter, filter_length, ">=");
break;
case LDAP_FILTER_LE:
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
parse_filter_strings(a, filter, filter_length, "<=");
break;
case LDAP_FILTER_APPROX:
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
parse_filter_strings(a, filter, filter_length, "~=");
break;
case LDAP_FILTER_PRESENT:
{
guchar *string;
gint string_length;
guint string_bytes;
asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
*filter_length += 3 + string_length;
*filter = g_realloc(*filter, *filter_length);
sprintf(*filter + strlen(*filter), "(%.*s=*)", string_length, string);
g_free(string);
}
break;
case LDAP_FILTER_SUBSTRINGS:
if (con != ASN1_CON)
break; /* XXX - handle this as an error? */
asn1_null_decode(a, length); /* XXX - actually decode this... */
break;
default:
break; /* XXX - handle this as an error? */
}
}
return a->pointer == *end;
}
static int read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
{
const guchar *start = a->pointer;
char *filter = 0;
guint filter_length = 0;
const guchar *end = 0;
while (!parse_filter(a, &filter, &filter_length, &end))
continue;
if (tree)
proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, filter);
g_free(filter);
return 0;
}
/********************************************************************************************/
static int dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
{
guint resultCode = 0;
read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, ASN1_ENUM);
read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, ASN1_UNI, ASN1_OTS);
read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, ASN1_UNI, ASN1_OTS);
if (resultCode == 10) /* Referral */
{
const guchar *start = a->pointer;
const guchar *end;
guint length;
proto_tree *t, *referralTree;
read_sequence(a, &length);
t = proto_tree_add_text(tree, start-a->begin, length, "Referral URLs");
referralTree = proto_item_add_subtree(t, ett_ldap_referrals);
end = a->pointer + length;;
while (a->pointer < end)
read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, ASN1_UNI, ASN1_OTS);
}
return 0;
}
static int dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree)
{
guint cls, con, tag;
guint def, length;
const guchar *start;
read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT);
read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, ASN1_UNI, ASN1_OTS);
start = a->pointer;
if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
return 1; /* XXX - right return value for an error? */
if (cls != ASN1_CTX)
return 1; /* RFCs 1777 and 2251 say these are context-specific types */
switch (tag)
{
case LDAP_AUTH_SIMPLE:
proto_tree_add_item(tree, hf_ldap_message_bind_auth, start - a->begin,
a->pointer - start);
read_string_value(a, tree, hf_ldap_message_bind_auth_password, NULL, NULL,
start, length);
break;
/* For Kerberos V4, dissect it as a ticket. */
/* For SASL, dissect it as SaslCredentials. */
}
return 0;
}
static int dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree)
{
dissect_ldap_result(a, tree);
/* FIXME: handle SASL data */
return 0;
}
static int dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
const guchar *end;
read_string(a, tree, hf_ldap_message_search_base, 0, 0, ASN1_UNI, ASN1_OTS);
read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, ASN1_ENUM);
read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, ASN1_ENUM);
read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, ASN1_INT);
read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, ASN1_INT);
read_integer(a, tree, hf_ldap_message_search_typesOnly, 0, 0, ASN1_BOL);
read_filter(a, tree, hf_ldap_message_search_filter);
read_sequence(a, &seq_length);
end = a->pointer + seq_length;
while (a->pointer < end)
read_string(a, tree, hf_ldap_message_attribute, 0, 0, ASN1_UNI, ASN1_OTS);
return 0;
}
static int dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
const guchar *end_of_sequence;
read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
read_sequence(a, &seq_length);
end_of_sequence = a->pointer + seq_length;
while (a->pointer < end_of_sequence)
{
proto_tree *t, *attr_tree;
guint set_length;
const guchar *end_of_set;
read_sequence(a, 0);
read_string(a, tree, hf_ldap_message_attribute, &t, 0, ASN1_UNI, ASN1_OTS);
attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
read_set(a, &set_length);
end_of_set = a->pointer + set_length;
while (a->pointer < end_of_set)
read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
}
return 0;
}
static int dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
const guchar *end_of_sequence;
read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
read_sequence(a, &seq_length);
end_of_sequence = a->pointer + seq_length;
while (a->pointer < end_of_sequence)
{
proto_tree *t, *attr_tree;
guint set_length;
const guchar *end_of_set;
read_sequence(a, 0);
read_string(a, tree, hf_ldap_message_attribute, &t, 0, ASN1_UNI, ASN1_OTS);
attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
read_set(a, &set_length);
end_of_set = a->pointer + set_length;
while (a->pointer < end_of_set)
read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
}
return 0;
}
static int dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree,
const guchar *start, guint length)
{
read_string_value(a, tree, hf_ldap_message_dn, NULL, NULL, start, length);
return 0;
}
static int dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree,
guint length)
{
const guchar *start = a->pointer;
read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, ASN1_UNI, ASN1_OTS);
read_integer(a, tree, hf_ldap_message_modrdn_delete, 0, 0, ASN1_BOL);
if (a->pointer < (start + length)) {
/* LDAP V3 Modify DN operation, with newSuperior */
read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, ASN1_UNI, ASN1_OTS);
}
return 0;
}
static int dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
{
const guchar *start;
int length;
char *string1 = 0;
char *string2 = 0;
char *compare;
read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
read_sequence(a, 0);
start = a->pointer;
read_string(a, 0, -1, 0, &string1, ASN1_UNI, ASN1_OTS);
read_string(a, 0, -1, 0, &string2, ASN1_UNI, ASN1_OTS);
length = 2 + strlen(string1) + strlen(string2);
compare = g_malloc0(length);
snprintf(compare, length, "%s=%s", string1, string2);
proto_tree_add_item(tree, hf_ldap_message_compare, start-a->begin, a->pointer-start, compare);
g_free(string1);
g_free(string2);
g_free(compare);
return 0;
}
static int dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
{
guint seq_length;
const guchar *end_of_sequence;
read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
read_sequence(a, &seq_length);
end_of_sequence = a->pointer + seq_length;
while (a->pointer < end_of_sequence)
{
proto_tree *t = 0, *attr_tree;
guint set_length;
const guchar *end_of_set;
guint operation;
read_sequence(a, 0);
read_integer(a, 0, -1, 0, &operation, ASN1_ENUM);
read_sequence(a, 0);
switch (operation)
{
case LDAP_MOD_ADD:
read_string(a, tree, hf_ldap_message_modify_add, &t, 0, ASN1_UNI, ASN1_OTS);
break;
case LDAP_MOD_REPLACE:
read_string(a, tree, hf_ldap_message_modify_replace, &t, 0, ASN1_UNI, ASN1_OTS);
break;
case LDAP_MOD_DELETE:
read_string(a, tree, hf_ldap_message_modify_delete, &t, 0, ASN1_UNI, ASN1_OTS);
break;
}
attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);
read_set(a, &set_length);
end_of_set = a->pointer + set_length;
while (a->pointer < end_of_set)
read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
}
return 0;
}
static int dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree,
const guchar *start, guint length)
{
read_integer_value(a, tree, hf_ldap_message_abandon_msgid, NULL, NULL,
start, length);
return 0;
}
void
dissect_ldap(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
{
proto_tree *ldap_tree = 0, *ti, *msg_tree;
guint messageLength;
guint messageId;
guint protocolOpCls, protocolOpCon, protocolOpTag;
gchar *typestr;
guint opLen;
ASN1_SCK a;
const guchar *start;
if (tree)
{
ti = proto_tree_add_item(tree, proto_ldap, offset, END_OF_FRAME, NULL);
ldap_tree = proto_item_add_subtree(ti, ett_ldap);
}
asn1_open(&a, pd, pi.captured_len);
a.pointer += offset;
if (read_sequence(&a, &messageLength))
{
if (tree)
proto_tree_add_text(tree, offset, 1, "Invalid LDAP packet");
return;
}
if (messageLength > (pi.captured_len - offset))
{
if (tree)
proto_tree_add_text(tree, offset, END_OF_FRAME, "Sequence length: %u, LDAP packet data length = %u\n",
messageLength, pi.captured_len - offset);
return;
}
read_integer(&a, ldap_tree, hf_ldap_message_id, 0, &messageId, ASN1_INT);
start = a.pointer;
asn1_id_decode(&a, &protocolOpCls, &protocolOpCon, &protocolOpTag);
if (protocolOpCls != ASN1_APL)
typestr = "Bad message type (not Application)";
else
typestr = val_to_str(protocolOpTag, msgTypes, "Bad message type (%u)");
if (check_col(fd, COL_PROTOCOL))
col_add_str(fd, COL_PROTOCOL, "LDAP");
if (check_col(fd, COL_INFO))
col_add_fstr(fd, COL_INFO, "MsgId=%u MsgType=%s",
messageId, typestr);
if (tree)
{
ti = proto_tree_add_item(ldap_tree, hf_ldap_message_type,
start - a.begin, a.pointer - start, protocolOpTag);
msg_tree = proto_item_add_subtree(ti, ett_ldap_message);
start = a.pointer;
read_length(&a, msg_tree, hf_ldap_message_length, &opLen);
switch (protocolOpTag)
{
case LDAP_REQ_BIND:
dissect_ldap_request_bind(&a, msg_tree);
break;
case LDAP_REQ_SEARCH:
dissect_ldap_request_search(&a, msg_tree);
break;
case LDAP_REQ_ADD:
dissect_ldap_request_add(&a, msg_tree);
break;
case LDAP_REQ_DELETE:
dissect_ldap_request_delete(&a, msg_tree, start, opLen);
break;
case LDAP_REQ_MODRDN:
dissect_ldap_request_modifyrdn(&a, msg_tree, opLen);
break;
case LDAP_REQ_COMPARE:
dissect_ldap_request_compare(&a, msg_tree);
break;
case LDAP_REQ_MODIFY:
dissect_ldap_request_modify(&a, msg_tree);
break;
case LDAP_REQ_ABANDON:
dissect_ldap_request_abandon(&a, msg_tree, start, opLen);
break;
case LDAP_RES_BIND:
dissect_ldap_response_bind(&a, msg_tree);
break;
case LDAP_RES_SEARCH_ENTRY:
dissect_ldap_response_search_entry(&a, msg_tree);
break;
case LDAP_RES_SEARCH_RESULT:
case LDAP_RES_MODIFY:
case LDAP_RES_ADD:
case LDAP_RES_DELETE:
case LDAP_RES_MODRDN:
case LDAP_RES_COMPARE:
dissect_ldap_result(&a, msg_tree);
break;
}
}
}
void
proto_register_ldap(void)
{
static value_string result_codes[] = {
{0, "Success"},
{1, "Operations error"},
{2, "Protocol error"},
{3, "Time limit exceeded"},
{4, "Size limit exceeded"},
{5, "Compare false"},
{6, "Compare true"},
{7, "Authentication method not supported"},
{8, "Strong authentication required"},
{10, "Referral"},
{11, "Administrative limit exceeded"},
{12, "Unavailable critical extension"},
{13, "Confidentiality required"},
{14, "SASL bind in progress"},
{16, "No such attribute"},
{17, "Undefined attribute type"},
{18, "Inappropriate matching"},
{19, "Constraint violation"},
{20, "Attribute or value exists"},
{21, "Invalid attribute syntax"},
{32, "No such object"},
{33, "Alias problem"},
{34, "Invalid DN syntax"},
{36, "Alias derefetencing problem"},
{48, "Inappropriate authentication"},
{49, "Invalid credentials"},
{50, "Insufficient access rights"},
{51, "Busy"},
{52, "Unavailable"},
{53, "Unwilling to perform"},
{54, "Loop detected"},
{64, "Naming violation"},
{65, "Objectclass violation"},
{66, "Not allowed on non-leaf"},
{67, "Not allowed on RDN"},
{68, "Entry already exists"},
{69, "Objectclass modification prohibited"},
{71, "Affects multiple DSAs"},
{80, "Other"},
};
static value_string auth_types[] = {
{LDAP_AUTH_SIMPLE, "Simple"},
{LDAP_AUTH_KRBV4LDAP, "Kerberos V4 to the LDAP server"},
{LDAP_AUTH_KRBV4DSA, "Kerberos V4 to the DSA"},
{LDAP_AUTH_SASL, "SASL"},
};
static value_string search_scope[] = {
{0x00, "Base"},
{0x01, "Single"},
{0x02, "Subtree"},
};
static value_string search_dereference[] = {
{0x00, "Never"},
{0x01, "Searching"},
{0x02, "Base Object"},
{0x03, "Always"},
};
static hf_register_info hf[] = {
{ &hf_ldap_length,
{ "Length", "ldap.length",
FT_INT32, BASE_DEC, NULL, 0x0,
"LDAP Length" }},
{ &hf_ldap_message_id,
{ "Message Id", "ldap.message_id",
FT_INT32, BASE_DEC, NULL, 0x0,
"LDAP Message Id" }},
{ &hf_ldap_message_type,
{ "Message Type", "ldap.message_type",
FT_UINT8, BASE_HEX, &msgTypes, 0x0,
"LDAP Message Type" }},
{ &hf_ldap_message_length,
{ "Message Length", "ldap.message_length",
FT_INT32, BASE_DEC, NULL, 0x0,
"LDAP Message Length" }},
{ &hf_ldap_message_result,
{ "Result Code", "ldap.result.code",
FT_INT8, BASE_HEX, result_codes, 0x0,
"LDAP Result Code" }},
{ &hf_ldap_message_result_matcheddn,
{ "Matched DN", "ldap.result.matcheddn",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Result Matched DN" }},
{ &hf_ldap_message_result_errormsg,
{ "Error Message", "ldap.result.errormsg",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Result Error Message" }},
{ &hf_ldap_message_result_referral,
{ "Referral", "ldap.result.referral",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Result Referral URL" }},
{ &hf_ldap_message_bind_version,
{ "Version", "ldap.bind.version",
FT_INT32, BASE_DEC, NULL, 0x0,
"LDAP Bind Version" }},
{ &hf_ldap_message_bind_dn,
{ "DN", "ldap.bind.dn",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Bind Distinguished Name" }},
{ &hf_ldap_message_bind_auth,
{ "Auth Type", "ldap.bind.auth_type",
FT_UINT8, BASE_HEX, auth_types, 0x0,
"LDAP Bind Auth Type" }},
{ &hf_ldap_message_bind_auth_password,
{ "Password", "ldap.bind.password",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Bind Password" }},
{ &hf_ldap_message_search_base,
{ "Base DN", "ldap.search.basedn",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Search Base Distinguished Name" }},
{ &hf_ldap_message_search_scope,
{ "Scope", "ldap.search.scope",
FT_UINT8, BASE_HEX, search_scope, 0x0,
"LDAP Search Scope" }},
{ &hf_ldap_message_search_deref,
{ "Dereference", "ldap.search.dereference",
FT_UINT8, BASE_HEX, search_dereference, 0x0,
"LDAP Search Dereference" }},
{ &hf_ldap_message_search_sizeLimit,
{ "Size Limit", "ldap.search.sizelimit",
FT_INT32, BASE_DEC, NULL, 0x0,
"LDAP Search Size Limit" }},
{ &hf_ldap_message_search_timeLimit,
{ "Time Limit", "ldap.search.timelimit",
FT_INT32, BASE_DEC, NULL, 0x0,
"LDAP Search Time Limit" }},
{ &hf_ldap_message_search_typesOnly,
{ "Attributes Only", "ldap.search.typesonly",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"LDAP Search Attributes Only" }},
{ &hf_ldap_message_search_filter,
{ "Filter", "ldap.search.filter",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Search Filter" }},
{ &hf_ldap_message_dn,
{ "Distinguished Name", "ldap.dn",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Distinguished Name" }},
{ &hf_ldap_message_attribute,
{ "Attribute", "ldap.attribute",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Attribute" }},
{ &hf_ldap_message_value,
{ "Value", "ldap.value",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Value" }},
{ &hf_ldap_message_modrdn_name,
{ "New Name", "ldap.modrdn.name",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP New Name" }},
{ &hf_ldap_message_modrdn_delete,
{ "Delete Values", "ldap.modrdn.delete",
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"LDAP Modify RDN - Delete original values" }},
{ &hf_ldap_message_modrdn_superior,
{ "New Location", "ldap.modrdn.superior",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Modify RDN - New Location" }},
{ &hf_ldap_message_compare,
{ "Test", "ldap.compare.test",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Compare Test" }},
{ &hf_ldap_message_modify_add,
{ "Add", "ldap.modify.add",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Add" }},
{ &hf_ldap_message_modify_replace,
{ "Replace", "ldap.modify.replace",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Replace" }},
{ &hf_ldap_message_modify_delete,
{ "Delete", "ldap.modify.delete",
FT_STRING, BASE_NONE, NULL, 0x0,
"LDAP Delete" }},
{ &hf_ldap_message_abandon_msgid,
{ "Abandon Msg Id", "ldap.abandon.msgid",
FT_INT32, BASE_DEC, NULL, 0x0,
"LDAP Abandon Msg Id" }},
};
static gint *ett[] = {
&ett_ldap,
&ett_ldap_message,
&ett_ldap_referrals,
&ett_ldap_attribute
};
proto_ldap = proto_register_protocol("Lightweight Directory Access Protocol", "ldap");
proto_register_field_array(proto_ldap, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
/* packet-ldap.h * * $Id: packet-ldap.h,v 1.1 2000/02/15 21:02:32 gram Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@xxxxxxxx> * Copyright 1998 Gerald Combs * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* * These are all APPLICATION types; the value is the type tag. */ #define LDAP_REQ_BIND 0 #define LDAP_REQ_UNBIND 2 #define LDAP_REQ_SEARCH 3 #define LDAP_REQ_MODIFY 6 #define LDAP_REQ_ADD 8 #define LDAP_REQ_DELETE 10 #define LDAP_REQ_MODRDN 12 #define LDAP_REQ_COMPARE 14 #define LDAP_REQ_ABANDON 16 #define LDAP_REQ_EXTENDED 23 /* LDAP V3 only */ #define LDAP_RES_BIND 1 #define LDAP_RES_SEARCH_ENTRY 4 #define LDAP_RES_SEARCH_REF 19 /* LDAP V3 only */ #define LDAP_RES_SEARCH_RESULT 5 #define LDAP_RES_MODIFY 7 #define LDAP_RES_ADD 9 #define LDAP_RES_DELETE 11 #define LDAP_RES_MODRDN 13 #define LDAP_RES_COMPARE 15 #define LDAP_RES_EXTENDED 24 /* LDAP V3 only */ /* * These are all CONTEXT types; the value is the type tag. */ /* authentication type tags */ #define LDAP_AUTH_SIMPLE 0 #define LDAP_AUTH_KRBV4LDAP 1 /* LDAP V2 only */ #define LDAP_AUTH_KRBV4DSA 2 /* LDAP V2 only */ #define LDAP_AUTH_SASL 3 /* LDAP V3 only */ /* filter type tags */ #define LDAP_FILTER_AND 0 #define LDAP_FILTER_OR 1 #define LDAP_FILTER_NOT 2 #define LDAP_FILTER_EQUALITY 3 #define LDAP_FILTER_SUBSTRINGS 4 #define LDAP_FILTER_GE 5 #define LDAP_FILTER_LE 6 #define LDAP_FILTER_PRESENT 7 #define LDAP_FILTER_APPROX 8 #define LDAP_FILTER_EXTENSIBLE 9 /* LDAP V3 only */ #define LDAP_MOD_ADD 0 #define LDAP_MOD_DELETE 1 #define LDAP_MOD_REPLACE 2 void dissect_ldap(const u_char *, int, frame_data *, proto_tree *);
- References:
- [ethereal-dev] ldap dissector
- From: nazard
- [ethereal-dev] ldap dissector
- Prev by Date: Re: [ethereal-dev] hang on dumps with default tcpdump snaplen
- Next by Date: [ethereal-dev] Possible bug in packet-ppp.c
- Previous by thread: [ethereal-dev] ldap dissector
- Next by thread: Re: [ethereal-dev] ldap dissector
- Index(es):
