Move /asn1 to /epan/dissectors

Change-Id: I1208fe3c2ba428995526f561e8f792b8d871e9a9
Reviewed-on: https://code.wireshark.org/review/14388
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>

8 files changed, 1638 insertions, 0 deletions

diff --git a/epan/dissectors/asn1/dop/CMakeLists.txt b/epan/dissectors/asn1/dop/CMakeLists.txt
new file mode 100644
index 0000000000..9df5fa05cb
--- /dev/null
+++ b/epan/dissectors/asn1/dop/CMakeLists.txt
@@ -0,0 +1,61 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+set( PROTOCOL_NAME dop )
+
+set( PROTO_OPT )
+
+set( EXPORT_FILES
+	${PROTOCOL_NAME}-exp.cnf
+)
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	${PROTOCOL_NAME}.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	packet-${PROTOCOL_NAME}-template.h
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b )
+
+set( EXTRA_CNF
+	"${CMAKE_CURRENT_BINARY_DIR}/../dap/dap-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../dsp/dsp-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../crmf/crmf-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509if/x509if-exp.cnf"
+	"${CMAKE_CURRENT_BINARY_DIR}/../x509sat/x509sat-exp.cnf"
+)
+
+ASN2WRS()
+
diff --git a/epan/dissectors/asn1/dop/Makefile.am b/epan/dissectors/asn1/dop/Makefile.am
new file mode 100644
index 0000000000..72d28e600b
--- /dev/null
+++ b/epan/dissectors/asn1/dop/Makefile.am
@@ -0,0 +1,23 @@
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+include ../Makefile.preinc
+include Makefile.common
+include ../Makefile.inc
+
diff --git a/epan/dissectors/asn1/dop/Makefile.common b/epan/dissectors/asn1/dop/Makefile.common
new file mode 100644
index 0000000000..13a68e96c3
--- /dev/null
+++ b/epan/dissectors/asn1/dop/Makefile.common
@@ -0,0 +1,70 @@
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+PROTOCOL_NAME=dop
+
+EXPORT_FILES = \
+	$(PROTOCOL_NAME)-exp.cnf
+
+EXT_ASN_FILE_LIST =
+
+ASN_FILE_LIST = \
+	$(PROTOCOL_NAME).asn
+
+# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn
+# files do not exist for all protocols: Please add/remove as required.
+EXTRA_DIST = \
+	$(EXTRA_DIST_COMMON) \
+	$(ASN_FILE_LIST) \
+	packet-$(PROTOCOL_NAME)-template.c \
+	packet-$(PROTOCOL_NAME)-template.h \
+	$(PROTOCOL_NAME).cnf
+
+SRC_FILES = \
+	$(EXTRA_DIST) \
+	$(EXT_ASN_FILE_LIST)
+
+A2W_FLAGS= -b
+
+EXTRA_CNF= \
+        $(builddir)/../dap/dap-exp.cnf \
+        $(builddir)/../dsp/dsp-exp.cnf \
+        $(builddir)/../crmf/crmf-exp.cnf \
+        $(builddir)/../x509af/x509af-exp.cnf \
+        $(builddir)/../x509if/x509if-exp.cnf \
+        $(builddir)/../x509sat/x509sat-exp.cnf
+
+$(builddir)/../dap/dap-exp.cnf:
+	(cd $(builddir)/../dap && $(MAKE_CNF_EXPORT))
+
+$(builddir)/../dsp/dsp-exp.cnf:
+	(cd $(builddir)/../dsp && $(MAKE_CNF_EXPORT))
+
+$(builddir)/../crmf/crmf-exp.cnf:
+	(cd $(builddir)/../crmf && $(MAKE_CNF_EXPORT))
+
+$(builddir)/../x509af/x509af-exp.cnf:
+	(cd $(builddir)/../x509af && $(MAKE_CNF_EXPORT))
+
+$(builddir)/../x509if/x509if-exp.cnf:
+	(cd $(builddir)/../x509if && $(MAKE_CNF_EXPORT))
+
+$(builddir)/../x509sat/x509sat-exp.cnf:
+	(cd $(builddir)/../x509sat && $(MAKE_CNF_EXPORT))
+
diff --git a/epan/dissectors/asn1/dop/Makefile.nmake b/epan/dissectors/asn1/dop/Makefile.nmake
new file mode 100644
index 0000000000..d296638ddd
--- /dev/null
+++ b/epan/dissectors/asn1/dop/Makefile.nmake
@@ -0,0 +1,26 @@
+## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+include ../../../../config.nmake
+include ../Makefile.preinc.nmake
+include Makefile.common
+include ../Makefile.inc.nmake
+
diff --git a/epan/dissectors/asn1/dop/dop.asn b/epan/dissectors/asn1/dop/dop.asn
new file mode 100644
index 0000000000..cba83c0538
--- /dev/null
+++ b/epan/dissectors/asn1/dop/dop.asn
@@ -0,0 +1,881 @@
+-- Module DSAOperationalAttributeTypes (X.501:02/2001)
+DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1)
+  dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+  distributedOperations, id-doa, id-kmr, informationFramework,
+    opBindingManagement, selectedAttributeTypes, upperBounds
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+      usefulDefinitions(0) 4}
+  ATTRIBUTE, MATCHING-RULE, Name, Attribute, DistinguishedName,
+  RelativeDistinguishedName, Refinement, SubtreeSpecification, AttributeType, ContextAssertion
+    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+      informationFramework(1) 4}
+--  OperationalBindingID
+--    FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
+--      opBindingManagement(18) 4}
+  -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
+  AccessPoint, MasterAndShadowAccessPoints
+    FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+      distributedOperations(3) 4}
+  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
+  DirectoryString, NameAndOptionalUID,  bitStringMatch
+    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+      selectedAttributeTypes(5) 4}
+  PresentationAddress, ProtocolInformation
+    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+      selectedAttributeTypes(5) 4}
+  DirectoryBindArgument, DirectoryBindError, SecurityParameters
+    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+      directoryAbstractService(2) 5}
+  -- from ITU-T Rec. X.509 | ISO/IEC 9594-8
+  AlgorithmIdentifier
+    FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+      authenticationFramework(7) 4}
+  AttributeTypeAndValue
+    FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1)
+      basicAccessControl(24) 4}
+  Filter
+    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+      directoryAbstractService(2) 4};
+
+-- data types
+DSEType ::= BIT STRING {
+  root(0), -- root DSE
+  glue(1), -- represents knowledge of a name only
+  cp(2), -- context prefix
+  entry(3), -- object entry
+  alias(4), -- alias entry
+  subr(5), -- subordinate reference
+  nssr(6), -- non-specific subordinate reference
+  supr(7), -- superior reference
+  xr(8), -- cross reference
+  admPoint(9), -- administrative point
+  subentry(10), -- subentry
+  shadow(11), -- shadow copy
+  immSupr(13), -- immediate superior reference
+  rhob(14), -- rhob information
+  sa(15), -- subordinate reference to alias entry
+  dsSubentry(16), -- DSA Specific subentry
+  familyMember(17), -- family member
+  ditBridge(18), -- DIT bridge reference
+  writeableCopy(19) -- writeable copy
+}
+
+SupplierOrConsumer ::= SET {
+--  COMPONENTS OF AccessPoint, - - supplier or consumer
+  ae-title             [0]  Name,
+  address              [1]  PresentationAddress,
+  protocolInformation  [2]  SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
+  agreementID  [3]  OperationalBindingID
+}
+
+SupplierInformation ::= SET {
+--  COMPONENTS OF SupplierOrConsumer, - - supplier
+  ae-title             [0]  Name,
+  address              [1]  PresentationAddress,
+  protocolInformation  [2]  SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
+  agreementID  	       [3]  OperationalBindingID,
+  supplier-is-master   [4]  BOOLEAN DEFAULT TRUE,
+  non-supplying-master [5]  AccessPoint OPTIONAL
+}
+
+ConsumerInformation ::= SupplierOrConsumer -- consumer
+
+SupplierAndConsumers ::= SET {
+--  COMPONENTS OF AccessPoint, - - supplier
+  ae-title             [0]  Name,
+  address              [1]  PresentationAddress,
+  protocolInformation  [2]  SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL,
+  consumers  	       [3]  SET OF AccessPoint
+}
+
+-- attribute types
+--dseType ATTRIBUTE ::= {
+--  WITH SYNTAX             DSEType
+--  EQUALITY MATCHING RULE  bitStringMatch
+--  SINGLE VALUE            TRUE
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-dseType
+--}
+
+--myAccessPoint ATTRIBUTE ::= {
+--  WITH SYNTAX             AccessPoint
+--  EQUALITY MATCHING RULE  accessPointMatch
+--  SINGLE VALUE            TRUE
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-myAccessPoint
+--}
+
+--superiorKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             AccessPoint
+--  EQUALITY MATCHING RULE  accessPointMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-superiorKnowledge
+--}
+
+--specificKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             MasterAndShadowAccessPoints
+--  EQUALITY MATCHING RULE  masterAndShadowAccessPointsMatch
+--  SINGLE VALUE            TRUE
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   distributedOperation
+--  ID                      id-doa-specificKnowledge
+--}
+
+--nonSpecificKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             MasterAndShadowAccessPoints
+--  EQUALITY MATCHING RULE  masterAndShadowAccessPointsMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   distributedOperation
+--  ID                      id-doa-nonSpecificKnowledge
+--}
+
+--supplierKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             SupplierInformation
+--  EQUALITY MATCHING RULE  supplierOrConsumerInformationMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-supplierKnowledge
+--}
+
+--consumerKnowledge ATTRIBUTE ::= {
+--  WITH SYNTAX             ConsumerInformation
+--  EQUALITY MATCHING RULE  supplierOrConsumerInformationMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-consumerKnowledge
+--}
+
+--secondaryShadows ATTRIBUTE ::= {
+--  WITH SYNTAX             SupplierAndConsumers
+--  EQUALITY MATCHING RULE  supplierAndConsumersMatch
+--  NO USER MODIFICATION    TRUE
+--  USAGE                   dSAOperation
+--  ID                      id-doa-secondaryShadows
+--}
+
+-- matching rules
+--accessPointMatch MATCHING-RULE ::= {
+--  SYNTAX  Name
+--  ID      id-kmr-accessPointMatch
+--}
+
+--masterAndShadowAccessPointsMatch MATCHING-RULE ::= {
+--  SYNTAX  SET OF Name
+--  ID      id-kmr-masterShadowMatch
+--}
+
+--supplierOrConsumerInformationMatch MATCHING-RULE ::= {
+--  SYNTAX
+--    SET {ae-title              [0]  Name,
+--         agreement-identifier  [2]  INTEGER}
+--  ID      id-kmr-supplierConsumerMatch
+--}
+
+--supplierAndConsumersMatch MATCHING-RULE ::= {
+--  SYNTAX  Name
+--  ID      id-kmr-supplierConsumersMatch
+--}
+
+-- object identifier assignments
+-- dsa operational attributes
+--id-doa-dseType OBJECT IDENTIFIER ::=
+--  {id-doa 0}
+
+--id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1}
+
+--id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2}
+
+--id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3}
+
+--id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4}
+
+--id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5}
+
+--id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6}
+
+--id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7}
+
+-- knowledge matching rules
+--id-kmr-accessPointMatch OBJECT IDENTIFIER ::=
+--  {id-kmr 0}
+
+--id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1}
+
+--id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2}
+
+--id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3}
+
+--END DSAOperationalAttributeTypes
+
+-- we include this here to reduce the number of dissectors
+-- Module OperationalBindingManagement (X.501:08/2005)
+--OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
+--  opBindingManagement(18) 5} DEFINITIONS ::=
+--BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+--IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+--  directoryAbstractService, directoryShadowAbstractService,
+--    distributedOperations, directoryOSIProtocols, enhancedSecurity,
+--    hierarchicalOperationalBindings, commonProtocolSpecification
+--    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+--      usefulDefinitions(0) 5}
+--  OPTIONALLY-PROTECTED-SEQ
+--    FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1)
+--      enhancedSecurity(28) 5}
+--  hierarchicalOperationalBinding, nonSpecificHierarchicalOperationalBinding
+--    FROM HierarchicalOperationalBindings hierarchicalOperationalBindings
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+--  CommonResultsSeq, directoryBind, directoryUnbind, securityError,
+--    SecurityParameters
+--    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+--      directoryAbstractService(2) 5}
+  -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
+--  AccessPoint
+--    FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+--      distributedOperations(3) 5}
+  -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
+--  id-err-operationalBindingError, id-op-establishOperationalBinding,
+--    id-op-modifyOperationalBinding, id-op-terminateOperationalBinding,
+--    OPERATION, ERROR
+--    FROM CommonProtocolSpecification commonProtocolSpecification
+--  APPLICATION-CONTEXT
+--    FROM DirectoryOSIProtocols directoryOSIProtocols
+  -- from ITU-T Rec. X.525 | ISO/IEC 9594-9
+--  shadowOperationalBinding
+--    FROM DirectoryShadowAbstractService directoryShadowAbstractService;
+
+-- bind and unbind
+dSAOperationalBindingManagementBind OPERATION ::=
+  directoryBind
+
+DSAOperationalManagementBindArgument ::= DirectoryBindArgument
+DSAOperationalManagementBindResult ::= DirectoryBindArgument
+DSAOperationalManagementBindError ::= DirectoryBindError
+
+dSAOperationalBindingManagementUnbind OPERATION ::= directoryUnbind
+
+-- operations, arguments and results
+--establishOperationalBinding OPERATION ::= {
+--  ARGUMENT  EstablishOperationalBindingArgument
+--  RESULT    EstablishOperationalBindingResult
+--  ERRORS    {operationalBindingError | securityError}
+--  CODE      id-op-establishOperationalBinding
+--}
+
+EstablishOperationalBindingArgumentData ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {-- SEQUENCE {bindingType         [0]  --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
+               bindingID           [1]  OperationalBindingID OPTIONAL,
+               accessPoint         [2]  AccessPoint,
+               -- symmetric, Role A initiates, or Role B initiates
+               initiator
+                 CHOICE {symmetric
+                           [3] -- OPERATIONAL-BINDING.&both.&EstablishParam
+                               -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-initiates
+                           [4]  -- OPERATIONAL-BINDING.&roleA.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-initiates
+                           [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam
+                               -- ({OpBindingSet}{@bindingType}) -- ANY }  OPTIONAL,
+               agreement
+                 [6]  -- OPERATIONAL-BINDING.&Agreement
+                      -- ({OpBindingSet}{@bindingType}) -- ANY,
+               valid               [7]  Validity DEFAULT {},
+               securityParameters  [8]  SecurityParameters OPTIONAL} --}
+
+-- expand OPTIONALLY-PROTECTED macro
+EstablishOperationalBindingArgument ::= CHOICE {
+  unsignedEstablishOperationalBindingArgument EstablishOperationalBindingArgumentData,
+  signedEstablishOperationalBindingArgument SEQUENCE {
+    establishOperationalBindingArgument	EstablishOperationalBindingArgumentData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+    }
+}
+
+OperationalBindingID ::= SEQUENCE {identifier  INTEGER,
+                                   version     INTEGER
+}
+
+Validity ::= SEQUENCE {
+  validFrom   [0]  CHOICE {now   [0]  NULL,
+                           time  [1]  Time } DEFAULT now:NULL,
+  validUntil
+    [1]  CHOICE {explicitTermination  [0]  NULL,
+                 time                 [1]  Time
+  } DEFAULT explicitTermination:NULL
+}
+
+Time ::= CHOICE {utcTime          UTCTime,
+                 generalizedTime  GeneralizedTime
+}
+
+EstablishOperationalBindingResult ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {-- SEQUENCE {bindingType  [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER,
+               bindingID    [1]  OperationalBindingID OPTIONAL,
+               accessPoint  [2]  AccessPoint,
+               -- symmetric, Role A replies , or Role B replies
+               initiator
+                 CHOICE {symmetric
+                           [3]  -- OPERATIONAL-BINDING.&both.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-replies
+                           [4]  -- OPERATIONAL-BINDING.&roleA.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-replies
+                           [5]  -- OPERATIONAL-BINDING.&roleB.&EstablishParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
+--               COMPONENTS OF CommonResultsSeq}}
+       	       securityParameters  [30]  SecurityParameters OPTIONAL,
+	       performer           [29]  DistinguishedName OPTIONAL,
+	       aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+	       notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL}
+
+
+--modifyOperationalBinding OPERATION ::= {
+--  ARGUMENT  ModifyOperationalBindingArgument
+--  RESULT    ModifyOperationalBindingResult
+--  ERRORS    {operationalBindingError | securityError}
+--  CODE      id-op-modifyOperationalBinding
+--}
+
+ModifyOperationalBindingArgumentData ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {--SEQUENCE {bindingType         [0]  --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
+               bindingID           [1]  OperationalBindingID,
+               accessPoint         [2]  AccessPoint OPTIONAL,
+               -- symmetric, Role A initiates, or Role B initiates
+               initiator
+                 CHOICE {symmetric
+                           [3]  -- OPERATIONAL-BINDING.&both.&ModifyParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-initiates
+                           [4]  -- OPERATIONAL-BINDING.&roleA.&ModifyParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-initiates
+                           [5]  -- OPERATIONAL-BINDING.&roleB.&ModifyParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
+               newBindingID        [6]  OperationalBindingID,
+               newAgreement
+                 [7]  -- OPERATIONAL-BINDING.&Agreement
+                      --  ({OpBindingSet}{@bindingType}) -- ANY OPTIONAL,
+               valid               [8]  Validity OPTIONAL,
+               securityParameters  [9]  SecurityParameters OPTIONAL} -- }
+
+
+ModifyOperationalBindingArgument ::= CHOICE {
+  unsignedModifyOperationalBindingArgument ModifyOperationalBindingArgumentData,
+  signedModifyOperationalBindingArgument SEQUENCE {
+    modifyOperationalBindingArgument	ModifyOperationalBindingArgumentData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+    }
+}
+
+ModifyOperationalBindingResult ::= CHOICE {
+  null       [0]  NULL,
+  protected  [1]  SEQUENCE {
+    modifyOperationalBindingResultData	ModifyOperationalBindingResultData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+  }
+}
+
+ModifyOperationalBindingResultData ::= SEQUENCE {
+  newBindingID  OperationalBindingID,
+  bindingType
+    -- OPERATIONAL-BINDING.&id
+    -- ({OpBindingSet}) -- OBJECT IDENTIFIER,
+  newAgreement
+    -- OPERATIONAL-BINDING.&Agreement
+    -- ({OpBindingSet}{@.bindingType}) -- ANY,
+  valid         Validity OPTIONAL,
+  --COMPONENTS OF CommonResultsSeq
+  securityParameters  [30]  SecurityParameters OPTIONAL,
+  performer           [29]  DistinguishedName OPTIONAL,
+  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+  --          }}
+}
+
+--terminateOperationalBinding OPERATION ::= {
+--  ARGUMENT  TerminateOperationalBindingArgument
+--  RESULT    TerminateOperationalBindingResult
+--  ERRORS    {operationalBindingError | securityError}
+--  CODE      id-op-terminateOperationalBinding
+--}
+
+TerminateOperationalBindingArgumentData ::=
+--  OPTIONALLY-PROTECTED-SEQ
+--    {-- SEQUENCE {bindingType         [0]  --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER,
+               bindingID           [1] OperationalBindingID,
+               -- symmetric, Role A initiates, or Role B initiates
+               initiator
+                 CHOICE {symmetric
+                           [2]  -- OPERATIONAL-BINDING.&both.&TerminateParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleA-initiates
+                           [3]  -- OPERATIONAL-BINDING.&roleA.&TerminateParam
+                                -- ({OpBindingSet}{@bindingType}) -- ANY,
+                         roleB-initiates
+                           [4]  -- OPERATIONAL-BINDING.&roleB.&TerminateParam
+                                --  ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL,
+               terminateAt         [5]  Time OPTIONAL,
+               securityParameters  [6]  SecurityParameters OPTIONAL} --}
+
+
+TerminateOperationalBindingArgument ::= CHOICE {
+  unsignedTerminateOperationalBindingArgument TerminateOperationalBindingArgumentData,
+  signedTerminateOperationalBindingArgument SEQUENCE {
+    terminateOperationalBindingArgument	TerminateOperationalBindingArgumentData,
+    algorithmIdentifier			AlgorithmIdentifier,
+    encrypted				BIT STRING
+    }
+}
+
+TerminateOperationalBindingResult ::= CHOICE {
+  null       [0]  NULL,
+  protected  [1]  SEQUENCE {
+    terminateOperationalBindingResultData	TerminateOperationalBindingResultData,
+    algorithmIdentifier				AlgorithmIdentifier,
+    encrypted					BIT STRING
+  }
+}
+
+TerminateOperationalBindingResultData ::= SEQUENCE {
+  bindingID    OperationalBindingID,
+  bindingType
+    -- OPERATIONAL-BINDING.&id
+    -- ({OpBindingSet}) -- OBJECT IDENTIFIER,
+  terminateAt  GeneralizedTime OPTIONAL,
+  --COMPONENTS OF CommonResultsSeq
+  securityParameters  [30]  SecurityParameters OPTIONAL,
+  performer           [29]  DistinguishedName OPTIONAL,
+  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+--           }}
+}
+
+-- errors and parameters
+--operationalBindingError ERROR ::= {
+--  PARAMETER OPTIONALLY-PROTECTED-SEQ  {OpBindingErrorParam}
+--  CODE                                id-err-operationalBindingError
+--}
+
+OpBindingErrorParam ::= SEQUENCE {
+  problem
+    [0]  ENUMERATED {invalidID(0), duplicateID(1), unsupportedBindingType(2),
+                     notAllowedForRole(3), parametersMissing(4),
+                     roleAssignment(5), invalidStartTime(6), invalidEndTime(7),
+                     invalidAgreement(8), currentlyNotDecidable(9),
+                     modificationNotAllowed(10)},
+  bindingType        [1]  --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER OPTIONAL,
+  agreementProposal
+    [2]  -- OPERATIONAL-BINDING.&Agreement({OpBindingSet}{@bindingType})-- ANY OPTIONAL,
+  retryAt            [3]  Time OPTIONAL,
+--  COMPONENTS OF CommonResultsSeq
+  securityParameters  [30]  SecurityParameters OPTIONAL,
+  performer           [29]  DistinguishedName OPTIONAL,
+  aliasDereferenced   [28]  BOOLEAN DEFAULT FALSE,
+  notification        [27]  SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL
+
+}
+
+-- information object classes
+--OPERATIONAL-BINDING ::= CLASS {
+--  &Agreement    ,
+--  &Cooperation  OP-BINDING-COOP,
+--  &both         OP-BIND-ROLE OPTIONAL,
+--  &roleA        OP-BIND-ROLE OPTIONAL,
+--  &roleB        OP-BIND-ROLE OPTIONAL,
+--  &id           OBJECT IDENTIFIER UNIQUE
+--}
+--WITH SYNTAX {
+--  AGREEMENT &Agreement
+--  APPLICATION CONTEXTS &Cooperation
+--  [SYMMETRIC &both]
+--  [ASYMMETRIC
+--   [ROLE-A &roleA]
+--   [ROLE-B &roleB]]
+--  ID &id
+--}
+
+--OP-BINDING-COOP ::= CLASS {
+--  &applContext  APPLICATION-CONTEXT,
+--  &Operations   OPERATION OPTIONAL
+--}WITH SYNTAX {&applContext
+--              [APPLIES TO &Operations]
+--}
+
+--OP-BIND-ROLE ::= CLASS {
+--  &establish       BOOLEAN DEFAULT FALSE,
+--  &EstablishParam  OPTIONAL,
+--  &modify          BOOLEAN DEFAULT FALSE,
+--  &ModifyParam     OPTIONAL,
+--  &terminate       BOOLEAN DEFAULT FALSE,
+--  &TerminateParam  OPTIONAL
+--}
+--WITH SYNTAX {
+--  [ESTABLISHMENT-INITIATOR &establish]
+--  [ESTABLISHMENT-PARAMETER &EstablishParam]
+--  [MODIFICATION-INITIATOR &modify]
+--  [MODIFICATION-PARAMETER &ModifyParam]
+--  [TERMINATION-INITIATOR &terminate]
+--  [TERMINATION-PARAMETER &TerminateParam]
+--}
+
+--OpBindingSet OPERATIONAL-BINDING ::=
+--  {shadowOperationalBinding | hierarchicalOperationalBinding |
+--   nonSpecificHierarchicalOperationalBinding}
+
+--END - - OperationalBindingManagement
+
+-- Module HierarchicalOperationalBindings (X.518:08/2005)
+--HierarchicalOperationalBindings {joint-iso-itu-t ds(5) module(1)
+--  hierarchicalOperationalBindings(20) 5} DEFINITIONS ::=
+--BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+--IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+--  directoryOperationalBindingTypes, directoryOSIProtocols,
+--    distributedOperations, informationFramework, opBindingManagement
+--    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+--      usefulDefinitions(0) 5}
+--  Attribute, DistinguishedName, RelativeDistinguishedName
+--    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+--      informationFramework(1) 5}
+--  OPERATIONAL-BINDING
+--    FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1)
+--      opBindingManagement(18) 5}
+  -- from ITU-T Rec. X.518 | ISO/IEC 9594-4
+--  MasterAndShadowAccessPoints
+--    FROM DistributedOperations {joint-iso-itu-t ds(5) module(1)
+--      distributedOperations(3) 5}
+  -- from ITU-T Rec. X.519 | ISO/IEC 9594-5
+--  directorySystemAC
+--    FROM DirectoryOSIProtocols {joint-iso-itu-t ds(5) module(1)
+--      directoryOSIProtocols(37) 5}
+--  id-op-binding-hierarchical, id-op-binding-non-specific-hierarchical
+--    FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1)
+--      directoryOperationalBindingTypes(25) 5};
+
+-- types
+HierarchicalAgreement ::= SEQUENCE {
+  rdn                [0]  RelativeDistinguishedName,
+  immediateSuperior  [1]  DistinguishedName
+}
+
+SuperiorToSubordinate ::= SEQUENCE {
+  contextPrefixInfo      [0]  DITcontext,
+  entryInfo              [1]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
+  immediateSuperiorInfo  [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
+}
+
+DITcontext ::= SEQUENCE OF Vertex
+
+Vertex ::= SEQUENCE {
+  rdn           [0]  RelativeDistinguishedName,
+  admPointInfo  [1]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
+  subentries    [2]  SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL,
+  accessPoints  [3]  MasterAndShadowAccessPoints OPTIONAL
+}
+
+SubentryInfo ::= SEQUENCE {
+  rdn   [0]  RelativeDistinguishedName,
+  info  [1]  SET OF Attribute
+}
+
+SubordinateToSuperior ::= SEQUENCE {
+  accessPoints  [0]  MasterAndShadowAccessPoints OPTIONAL,
+  alias         [1]  BOOLEAN DEFAULT FALSE,
+  entryInfo     [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL,
+  subentries    [3]  SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
+}
+
+SuperiorToSubordinateModification ::=
+--  SuperiorToSubordinate(WITH COMPONENTS {
+--                          ...,
+--                          entryInfo  ABSENT
+--                        })
+  SEQUENCE {
+  contextPrefixInfo      [0]  DITcontext,
+  immediateSuperiorInfo  [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
+}
+
+NonSpecificHierarchicalAgreement ::= SEQUENCE {
+  immediateSuperior  [1]  DistinguishedName
+}
+
+NHOBSuperiorToSubordinate ::=
+--  SuperiorToSubordinate(WITH COMPONENTS {
+--                          ...,
+--                          entryInfo  ABSENT
+--                        })
+  SEQUENCE {
+  contextPrefixInfo      [0]  DITcontext,
+  immediateSuperiorInfo  [2]  SET --SIZE (1..MAX)-- OF Attribute OPTIONAL
+}
+
+NHOBSubordinateToSuperior ::= SEQUENCE {
+  accessPoints  [0]  MasterAndShadowAccessPoints OPTIONAL,
+  subentries    [3]  SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL
+}
+
+-- operational binding information objects
+--hierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
+--  AGREEMENT             HierarchicalAgreement
+--  APPLICATION CONTEXTS  {{directorySystemAC}}
+--  ASYMMETRIC ROLE-A - - superior DSA - -
+--    {ESTABLISHMENT-INITIATOR  TRUE
+--     ESTABLISHMENT-PARAMETER  SuperiorToSubordinate
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   SuperiorToSubordinateModification
+--     TERMINATION-INITIATOR    TRUE}
+--  ROLE-B - - subordinate DSA - -
+--    {ESTABLISHMENT-INITIATOR  TRUE
+--     ESTABLISHMENT-PARAMETER  SubordinateToSuperior
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   SubordinateToSuperior
+--     TERMINATION-INITIATOR    TRUE}
+--  ID                    id-op-binding-hierarchical
+--}
+
+--nonSpecificHierarchicalOperationalBinding OPERATIONAL-BINDING ::= {
+--  AGREEMENT             NonSpecificHierarchicalAgreement
+--  APPLICATION CONTEXTS  {{directorySystemAC}}
+--  ASYMMETRIC ROLE-A - - superior DSA - -
+--    {ESTABLISHMENT-PARAMETER  NHOBSuperiorToSubordinate
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   NHOBSuperiorToSubordinate
+--     TERMINATION-INITIATOR    TRUE}
+--  ROLE-B - - subordinate DSA - -
+--    {ESTABLISHMENT-INITIATOR  TRUE
+--     ESTABLISHMENT-PARAMETER  NHOBSubordinateToSuperior
+--     MODIFICATION-INITIATOR   TRUE
+--     MODIFICATION-PARAMETER   NHOBSubordinateToSuperior
+--     TERMINATION-INITIATOR    TRUE}
+--  ID                    id-op-binding-non-specific-hierarchical
+--}
+
+--END - - HierarchicalOperationalBindings
+
+-- Module BasicAccessControl (X.501:02/2001)
+--BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4}
+--DEFINITIONS ::=
+--BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
+-- within the Directory Specifications, and for the use of other applications which will use them to access
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+--IMPORTS
+  -- from ITU-T Rec. X.501 | ISO/IEC 9594-2
+--  directoryAbstractService, id-aca, id-acScheme, informationFramework,
+--    selectedAttributeTypes, upperBounds
+--    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+--      usefulDefinitions(0) 4}
+--  ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE,
+--    objectIdentifierMatch, Refinement, SubtreeSpecification,
+--    SupportedAttributes
+--    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+--      informationFramework(1) 4}
+  -- from ITU-T Rec. X.511 | ISO/IEC 9594-3
+--  Filter
+--    FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1)
+--      directoryAbstractService(2) 4}
+  -- from ITU-T Rec. X.520 | ISO/IEC 9594-6
+--  DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID,
+--    UniqueIdentifier
+--    FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1)
+--      selectedAttributeTypes(5) 4}
+--  ub-tag
+--    FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4};
+
+-- types
+ACIItem ::= SEQUENCE {
+  identificationTag   DirectoryString --{ub-tag}--,
+  precedence           Precedence,
+  authenticationLevel  AuthenticationLevel,
+  itemOrUserFirst
+    CHOICE {itemFirst
+              [0]  SEQUENCE {protectedItems   ProtectedItems,
+                             itemPermissions  SET OF ItemPermission},
+            userFirst
+              [1]  SEQUENCE {userClasses      UserClasses,
+                             userPermissions  SET OF UserPermission}}
+}
+
+Precedence ::= INTEGER --(0..255)--
+
+ProtectedItems ::= SEQUENCE {
+  entry                           [0]  NULL OPTIONAL,
+  allUserAttributeTypes           [1]  NULL OPTIONAL,
+  attributeType
+    [2]  SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
+  allAttributeValues
+    [3]  SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
+  allUserAttributeTypesAndValues  [4]  NULL OPTIONAL,
+  attributeValue
+    [5]  SET --SIZE (1..MAX)-- OF AttributeTypeAndValue OPTIONAL,
+  selfValue
+    [6]  SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL,
+  rangeOfValues                   [7]  Filter OPTIONAL,
+  maxValueCount
+    [8]  SET --SIZE (1..MAX)-- OF MaxValueCount OPTIONAL,
+  maxImmSub                       [9]  INTEGER OPTIONAL,
+  restrictedBy
+    [10]  SET --SIZE (1..MAX)-- OF RestrictedValue OPTIONAL,
+  contexts
+    [11]  SET --SIZE (1..MAX)-- OF ContextAssertion OPTIONAL,
+  classes                         [12]  Refinement OPTIONAL
+}
+
+MaxValueCount ::= SEQUENCE {type      AttributeType,
+                            maxCount  INTEGER
+}
+
+RestrictedValue ::= SEQUENCE {type      AttributeType,
+                              valuesIn  AttributeType
+}
+
+UserClasses ::= SEQUENCE {
+  allUsers   [0]  NULL OPTIONAL,
+  thisEntry  [1]  NULL OPTIONAL,
+  name       [2]  SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
+  userGroup  [3]  SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL,
+  -- dn component shall be the name of an
+  -- entry of GroupOfUniqueNames
+  subtree    [4]  SET --SIZE (1..MAX)-- OF SubtreeSpecification OPTIONAL
+}
+
+ItemPermission ::= SEQUENCE {
+  precedence        Precedence OPTIONAL,
+  -- defaults to precedence in ACIItem
+  userClasses       UserClasses,
+  grantsAndDenials  GrantsAndDenials
+}
+
+UserPermission ::= SEQUENCE {
+  precedence        Precedence OPTIONAL,
+  -- defaults to precedence in ACIItem
+  protectedItems    ProtectedItems,
+  grantsAndDenials  GrantsAndDenials
+}
+
+AuthenticationLevel ::= CHOICE {
+  basicLevels
+    SEQUENCE {level           ENUMERATED {none(0), simple(1), strong(2)},
+              localQualifier  INTEGER OPTIONAL,
+              signed          BOOLEAN DEFAULT FALSE},
+  other        EXTERNAL
+}
+
+GrantsAndDenials ::= BIT STRING {
+  -- permissions that may be used in conjunction
+  -- with any component of ProtectedItems
+  grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
+  grantRead(4), denyRead(5), grantRemove(6),
+  denyRemove(7),
+  -- permissions that may be used only in conjunction
+  -- with the entry component
+  grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
+  grantImport(12), denyImport(13), grantModify(14), denyModify(15),
+  grantRename(16), denyRename(17), grantReturnDN(18),
+  denyReturnDN(19),
+  -- permissions that may be used in conjunction
+  -- with any component, except entry, of ProtectedItems
+  grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
+  grantInvoke(24), denyInvoke(25)}
+
+--AttributeTypeAndValue ::= SEQUENCE {
+--  type   ATTRIBUTE.&id({SupportedAttributes}),
+--  value  ATTRIBUTE.&Type({SupportedAttributes}{@type})
+--}
+
+-- attributes
+--accessControlScheme ATTRIBUTE ::= {
+--  WITH SYNTAX             OBJECT IDENTIFIER
+--  EQUALITY MATCHING RULE  objectIdentifierMatch
+--  SINGLE VALUE            TRUE
+--  USAGE                   directoryOperation
+--  ID                      id-aca-accessControlScheme
+--}
+
+--prescriptiveACI ATTRIBUTE ::= {
+--  WITH SYNTAX             ACIItem
+--  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+--  USAGE                   directoryOperation
+--  ID                      id-aca-prescriptiveACI
+--}
+
+--entryACI ATTRIBUTE ::= {
+--  WITH SYNTAX             ACIItem
+--  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+--  USAGE                   directoryOperation
+--  ID                      id-aca-entryACI
+--}
+
+--subentryACI ATTRIBUTE ::= {
+--  WITH SYNTAX             ACIItem
+--  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+--  USAGE                   directoryOperation
+--  ID                      id-aca-subentryACI
+--}
+
+-- object identifier assignments
+-- attributes
+--id-aca-accessControlScheme OBJECT IDENTIFIER ::=
+--  {id-aca 1}
+
+--id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}
+
+--id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}
+
+--id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}
+
+-- access control schemes -
+--basicAccessControlScheme OBJECT IDENTIFIER ::=
+--  {id-acScheme 1}
+
+--simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}
+
+--rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}
+
+--rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}
+
+--rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}
+
+END -- BasicAccessControl
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
+
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+
diff --git a/epan/dissectors/asn1/dop/dop.cnf b/epan/dissectors/asn1/dop/dop.cnf
new file mode 100644
index 0000000000..e6629be715
--- /dev/null
+++ b/epan/dissectors/asn1/dop/dop.cnf
@@ -0,0 +1,202 @@
+#.IMPORT ../x509sat/x509sat-exp.cnf
+#.IMPORT ../x509if/x509if-exp.cnf
+#.IMPORT ../x509af/x509af-exp.cnf
+#.IMPORT ../dsp/dsp-exp.cnf
+#.IMPORT ../dap/dap-exp.cnf
+#.IMPORT ../crmf/crmf-exp.cnf
+
+#.MODULE_IMPORT
+BasicAccessControl		crmf
+
+#.EXPORTS
+DSEType
+SupplierAndConsumers
+OperationalBindingID
+
+#.NO_EMIT ONLY_VALS
+EstablishOperationalBindingArgument
+ModifyOperationalBindingArgument
+ModifyOperationalBindingResult
+TerminateOperationalBindingArgument
+TerminateOperationalBindingResult
+
+#.TYPE_RENAME
+EstablishOperationalBindingArgumentData/initiator	EstablishArgumentInitiator
+ModifyOperationalBindingArgumentData/initiator		ModifyArgumentInitiator
+TerminateOperationalBindingArgumentData/initiator	TerminateArgumentInitiator
+
+ModifyOperationalBindingArgumentData/newAgreement	ArgumentNewAgreement
+ModifyOperationalBindingResultData/newAgreement		ResultNewAgreement
+
+ModifyOperationalBindingResult/protected		ProtectedModifyResult
+TerminateOperationalBindingResult/protected		ProtectedTerminateResult
+
+EstablishOperationalBindingArgumentData/initiator/roleA-initiates	EstablishRoleAInitiates
+ModifyOperationalBindingArgumentData/initiator/roleA-initiates		ModifyRoleAInitiates
+TerminateOperationalBindingArgumentData/initiator/roleA-initiates	TerminateRoleAInitiates
+
+EstablishOperationalBindingArgumentData/initiator/roleB-initiates	EstablishRoleBInitiates
+ModifyOperationalBindingArgumentData/initiator/roleB-initiates		ModifyRoleBInitiates
+TerminateOperationalBindingArgumentData/initiator/roleB-initiates	TerminateRoleBInitiates
+
+EstablishOperationalBindingArgumentData/initiator/symmetric		EstablishSymmetric
+ModifyOperationalBindingArgumentData/initiator/symmetric		ModifySymmetric
+TerminateOperationalBindingArgumentData/initiator/symmetric		TerminateSymmetric
+
+
+#.FIELD_RENAME
+EstablishOperationalBindingArgumentData/initiator	establishInitiator
+ModifyOperationalBindingArgumentData/initiator		modifyInitiator
+TerminateOperationalBindingArgumentData/initiator	terminateInitiator
+
+ModifyOperationalBindingArgumentData/newAgreement	argumentNewAgreement
+ModifyOperationalBindingResultData/newAgreement		resultNewAgreement
+
+ModifyOperationalBindingResult/protected		protectedModifyResult
+TerminateOperationalBindingResult/protected		protectedTerminateResult
+
+EstablishOperationalBindingArgumentData/initiator/roleA-initiates	establishRoleAInitiates
+ModifyOperationalBindingArgumentData/initiator/roleA-initiates		modifyRoleAInitiates
+TerminateOperationalBindingArgumentData/initiator/roleA-initiates	terminateRoleAInitiates
+
+EstablishOperationalBindingArgumentData/initiator/roleB-initiates	establishRoleBInitiates
+ModifyOperationalBindingArgumentData/initiator/roleB-initiates		modifyRoleBInitiates
+TerminateOperationalBindingArgumentData/initiator/roleB-initiates	terminateRoleBInitiates
+
+EstablishOperationalBindingArgumentData/initiator/symmetric		establishSymmetric
+ModifyOperationalBindingArgumentData/initiator/symmetric		modifySymmetric
+TerminateOperationalBindingArgumentData/initiator/symmetric		terminateSymmetric
+
+TerminateOperationalBindingArgumentData/terminateAt			terminateAtTime
+TerminateOperationalBindingResultData/terminateAt			terminateAtGeneralizedTime
+
+
+#.REGISTER
+DSEType					B "2.5.12.0" "id-doa-dseType"
+SupplierInformation		B "2.5.12.5" "id-doa-supplierKnowledge"
+ConsumerInformation		B "2.5.12.6" "id-doa-consumerKnowledge"
+SupplierAndConsumers		B "2.5.12.7" "id-doa-secondaryShadows"
+
+HierarchicalAgreement				S dop.oid	"agreement.2.5.19.2"
+SuperiorToSubordinate				S dop.oid	"establish.rolea.2.5.19.2"
+SuperiorToSubordinateModification	S dop.oid	"modify.rolea.2.5.19.2"
+SubordinateToSuperior				S dop.oid	"establish.roleb.2.5.19.2"
+SubordinateToSuperior				S dop.oid	"modify.roleb.2.5.19.2"
+
+NonSpecificHierarchicalAgreement	S dop.oid	"agreement.2.5.19.3"
+NHOBSuperiorToSubordinate			S dop.oid	"establish.rolea.2.5.19.3"
+NHOBSuperiorToSubordinate			S dop.oid	"modify.rolea.2.5.19.3"
+NHOBSubordinateToSuperior			S dop.oid	"establish.roleb.2.5.19.3"
+NHOBSubordinateToSuperior			S dop.oid	"modify.roleb.2.5.19.3"
+
+ACIItem		B	"2.5.24.4" "id-aca-prescriptiveACI"
+ACIItem		B	"2.5.24.5" "id-aca-entryACI"
+ACIItem		B	"2.5.24.6" "id-aca-subentryACI"
+
+#.VIRTUAL_ASSGN
+BindingType EstablishOperationalBindingArgumentData/bindingType
+#.SET_TYPE
+EstablishOperationalBindingArgumentData/bindingType  BindingType
+EstablishOperationalBindingResult/bindingType  BindingType
+ModifyOperationalBindingArgumentData/bindingType  BindingType
+ModifyOperationalBindingResultData/bindingType  BindingType
+TerminateOperationalBindingArgumentData/bindingType  BindingType
+TerminateOperationalBindingResultData/bindingType  BindingType
+OpBindingErrorParam/bindingType  BindingType
+#.END
+
+#.FN_PARS	BindingType  FN_VARIANT = _str VAL_PTR = &binding_type
+#.FN_FTR	BindingType
+  append_oid(actx->pinfo, binding_type);
+#.END
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/initiator/symmetric
+
+  offset = call_dop_oid_callback("establish.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/initiator/roleA-initiates
+
+  offset = call_dop_oid_callback("establish.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/initiator/roleB-initiates
+
+  offset = call_dop_oid_callback("establish.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/initiator/symmetric
+
+  offset = call_dop_oid_callback("modify.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/initiator/roleA-initiates
+
+  offset = call_dop_oid_callback("modify.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/initiator/roleB-initiates
+
+  offset = call_dop_oid_callback("modify.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	TerminateOperationalBindingArgumentData/initiator/symmetric
+
+  offset = call_dop_oid_callback("terminate.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	TerminateOperationalBindingArgumentData/initiator/roleA-initiates
+
+  offset = call_dop_oid_callback("terminate.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	TerminateOperationalBindingArgumentData/initiator/roleB-initiates
+
+  offset = call_dop_oid_callback("terminate.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingArgumentData/agreement
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingResult/initiator/symmetric
+
+  offset = call_dop_oid_callback("establish.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingResult/initiator/roleA-replies
+
+  offset = call_dop_oid_callback("establish.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data);
+
+#.FN_BODY	EstablishOperationalBindingResult/initiator/roleB-replies
+
+  offset = call_dop_oid_callback("establish.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data);
+
+#.FN_BODY	OpBindingErrorParam/agreementProposal
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingResultData/newAgreement
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+#.FN_BODY	ModifyOperationalBindingArgumentData/newAgreement
+
+  offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data);
+
+
+#.FN_BODY OperationalBindingID/identifier  VAL_PTR	= &value
+	guint32	value;
+
+	%(DEFAULT_BODY)s
+
+	col_append_fstr(actx->pinfo->cinfo, COL_INFO, " id=%%d", value);
+
+
+
+#.FN_BODY OperationalBindingID/version	VAL_PTR	= &value
+	guint32	value;
+
+	%(DEFAULT_BODY)s
+
+	col_append_fstr(actx->pinfo->cinfo, COL_INFO, ",%%d", value);
+
+#.FN_PARS Precedence VAL_PTR = &precedence
+
+#.FN_BODY Precedence
+  guint32 precedence = 0;
+
+  %(DEFAULT_BODY)s
+
+  proto_item_append_text(tree, " precedence=%%d", precedence);
+
diff --git a/epan/dissectors/asn1/dop/packet-dop-template.c b/epan/dissectors/asn1/dop/packet-dop-template.c
new file mode 100644
index 0000000000..1cf698a20d
--- /dev/null
+++ b/epan/dissectors/asn1/dop/packet-dop-template.c
@@ -0,0 +1,346 @@
+/* packet-dop.c
+ * Routines for X.501 (DSA Operational Attributes)  packet dissection
+ * Graeme Lunt 2005
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+#include <epan/expert.h>
+
+#include "packet-ber.h"
+#include "packet-acse.h"
+#include "packet-ros.h"
+
+#include "packet-x509sat.h"
+#include "packet-x509af.h"
+#include "packet-x509if.h"
+#include "packet-dap.h"
+#include "packet-dsp.h"
+#include "packet-crmf.h"
+
+
+#include "packet-dop.h"
+
+#define PNAME  "X.501 Directory Operational Binding Management Protocol"
+#define PSNAME "DOP"
+#define PFNAME "dop"
+
+void proto_register_dop(void);
+void proto_reg_handoff_dop(void);
+
+static guint global_dop_tcp_port = 102;
+static dissector_handle_t tpkt_handle;
+static void prefs_register_dop(void); /* forward declaration for use in preferences registration */
+
+/* Initialize the protocol and registered fields */
+static int proto_dop = -1;
+
+static const char *binding_type = NULL; /* binding_type */
+
+static int call_dop_oid_callback(const char *base_string, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, const char *col_info, void* data);
+
+#include "packet-dop-hf.c"
+
+/* Initialize the subtree pointers */
+static gint ett_dop = -1;
+static gint ett_dop_unknown = -1;
+#include "packet-dop-ett.c"
+
+static expert_field ei_dop_unknown_binding_parameter = EI_INIT;
+static expert_field ei_dop_unsupported_opcode = EI_INIT;
+static expert_field ei_dop_unsupported_errcode = EI_INIT;
+static expert_field ei_dop_unsupported_pdu = EI_INIT;
+static expert_field ei_dop_zero_pdu = EI_INIT;
+
+/* Dissector table */
+static dissector_table_t dop_dissector_table;
+
+static void append_oid(packet_info *pinfo, const char *oid)
+{
+  	const char *name = NULL;
+
+    name = oid_resolved_from_string(wmem_packet_scope(), oid);
+    col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name ? name : oid);
+}
+
+#include "packet-dop-fn.c"
+
+static int
+call_dop_oid_callback(const char *base_string, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, const char *col_info, void* data)
+{
+  char* binding_param;
+
+  binding_param = wmem_strdup_printf(wmem_packet_scope(), "%s.%s", base_string, binding_type ? binding_type : "");
+
+  col_append_fstr(pinfo->cinfo, COL_INFO, " %s", col_info);
+
+  if (dissector_try_string(dop_dissector_table, binding_param, tvb, pinfo, tree, data)) {
+     offset = tvb_reported_length (tvb);
+  } else {
+     proto_item *item;
+     proto_tree *next_tree;
+
+     next_tree = proto_tree_add_subtree_format(tree, tvb, 0, -1, ett_dop_unknown, &item,
+         "Dissector for parameter %s OID:%s not implemented. Contact Wireshark developers if you want this supported", base_string, binding_type ? binding_type : "<empty>");
+
+     offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree);
+     expert_add_info(pinfo, item, &ei_dop_unknown_binding_parameter);
+   }
+
+   return offset;
+}
+
+
+/*
+* Dissect DOP PDUs inside a ROS PDUs
+*/
+static int
+dissect_dop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data)
+{
+	int offset = 0;
+	int old_offset;
+	proto_item *item;
+	proto_tree *tree;
+	struct SESSION_DATA_STRUCTURE* session;
+	int (*dop_dissector)(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) = NULL;
+	const char *dop_op_name;
+	asn1_ctx_t asn1_ctx;
+
+	/* do we have operation information from the ROS dissector? */
+	if (data == NULL)
+		return 0;
+	session = (struct SESSION_DATA_STRUCTURE*)data;
+
+	asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+
+	item = proto_tree_add_item(parent_tree, proto_dop, tvb, 0, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_dop);
+
+	col_set_str(pinfo->cinfo, COL_PROTOCOL, "DOP");
+  	col_clear(pinfo->cinfo, COL_INFO);
+
+	asn1_ctx.private_data = session;
+
+	switch(session->ros_op & ROS_OP_MASK) {
+	case (ROS_OP_BIND | ROS_OP_ARGUMENT):	/*  BindInvoke */
+	  dop_dissector = dissect_dop_DSAOperationalManagementBindArgument;
+	  dop_op_name = "DSA-Operational-Bind-Argument";
+	  break;
+	case (ROS_OP_BIND | ROS_OP_RESULT):	/*  BindResult */
+	  dop_dissector = dissect_dop_DSAOperationalManagementBindResult;
+	  dop_op_name = "DSA-Operational-Bind-Result";
+	  break;
+	case (ROS_OP_BIND | ROS_OP_ERROR):	/*  BindError */
+	  dop_dissector = dissect_dop_DSAOperationalManagementBindError;
+	  dop_op_name = "DSA-Operational-Management-Bind-Error";
+	  break;
+	case (ROS_OP_INVOKE | ROS_OP_ARGUMENT):	/*  Invoke Argument */
+	  switch(session->ros_op & ROS_OP_OPCODE_MASK) {
+	  case 100: /* establish */
+	    dop_dissector = dissect_dop_EstablishOperationalBindingArgument;
+	    dop_op_name = "Establish-Operational-Binding-Argument";
+	    break;
+	  case 101: /* terminate */
+	    dop_dissector = dissect_dop_TerminateOperationalBindingArgument;
+	    dop_op_name = "Terminate-Operational-Binding-Argument";
+	    break;
+	  case 102: /* modify */
+	    dop_dissector = dissect_dop_ModifyOperationalBindingArgument;
+	    dop_op_name = "Modify-Operational-Binding-Argument";
+	    break;
+	  default:
+	    proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_opcode, tvb, offset, -1,
+	        "Unsupported DOP Argument opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK);
+	    break;
+	  }
+	  break;
+	case (ROS_OP_INVOKE | ROS_OP_RESULT):	/*  Return Result */
+	  switch(session->ros_op & ROS_OP_OPCODE_MASK) {
+	  case 100: /* establish */
+	    dop_dissector = dissect_dop_EstablishOperationalBindingResult;
+	    dop_op_name = "Establish-Operational-Binding-Result";
+	    break;
+	  case 101: /* terminate */
+	    dop_dissector = dissect_dop_TerminateOperationalBindingResult;
+	    dop_op_name = "Terminate-Operational-Binding-Result";
+	    break;
+	  case 102: /* modify */
+	    dop_dissector = dissect_dop_ModifyOperationalBindingResult;
+	    dop_op_name = "Modify-Operational-Binding-Result";
+	    break;
+	  default:
+	    proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_opcode, tvb, offset, -1,
+	            "Unsupported DOP Result opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK);
+	    break;
+	  }
+	  break;
+	case (ROS_OP_INVOKE | ROS_OP_ERROR):	/*  Return Error */
+	  switch(session->ros_op & ROS_OP_OPCODE_MASK) {
+	  case 100: /* operational-binding */
+	    dop_dissector = dissect_dop_OpBindingErrorParam;
+	    dop_op_name = "Operational-Binding-Error";
+	    break;
+	  default:
+	    proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_errcode, tvb, offset, -1,
+	        "Unsupported DOP Error opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK);
+	    break;
+	  }
+	  break;
+	default:
+	  proto_tree_add_expert(tree, pinfo, &ei_dop_unsupported_pdu, tvb, offset, -1);
+	  return tvb_captured_length(tvb);
+	}
+
+	if(dop_dissector) {
+      col_set_str(pinfo->cinfo, COL_INFO, dop_op_name);
+
+	  while (tvb_reported_length_remaining(tvb, offset) > 0){
+	    old_offset=offset;
+	    offset=(*dop_dissector)(FALSE, tvb, offset, &asn1_ctx, tree, -1);
+	    if(offset == old_offset){
+	      proto_tree_add_expert(tree, pinfo, &ei_dop_zero_pdu, tvb, offset, -1);
+	      break;
+	    }
+	  }
+	}
+
+	return tvb_captured_length(tvb);
+}
+
+
+
+/*--- proto_register_dop -------------------------------------------*/
+void proto_register_dop(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] =
+  {
+#include "packet-dop-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+    &ett_dop,
+    &ett_dop_unknown,
+#include "packet-dop-ettarr.c"
+  };
+
+  static ei_register_info ei[] = {
+     { &ei_dop_unknown_binding_parameter, { "dop.unknown_binding_parameter", PI_UNDECODED, PI_WARN, "Unknown binding-parameter", EXPFILL }},
+     { &ei_dop_unsupported_opcode, { "dop.unsupported_opcode", PI_UNDECODED, PI_WARN, "Unsupported DOP opcode", EXPFILL }},
+     { &ei_dop_unsupported_errcode, { "dop.unsupported_errcode", PI_UNDECODED, PI_WARN, "Unsupported DOP errcode", EXPFILL }},
+     { &ei_dop_unsupported_pdu, { "dop.unsupported_pdu", PI_UNDECODED, PI_WARN, "Unsupported DOP PDU", EXPFILL }},
+     { &ei_dop_zero_pdu, { "dop.zero_pdu", PI_PROTOCOL, PI_ERROR, "Internal error, zero-byte DOP PDU", EXPFILL }},
+  };
+
+  expert_module_t* expert_dop;
+  module_t *dop_module;
+
+  /* Register protocol */
+  proto_dop = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  register_dissector("dop", dissect_dop, proto_dop);
+
+  dop_dissector_table = register_dissector_table("dop.oid", "DOP OID Dissectors", FT_STRING, BASE_NONE, DISSECTOR_TABLE_ALLOW_DUPLICATE);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_dop, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+  expert_dop = expert_register_protocol(proto_dop);
+  expert_register_field_array(expert_dop, ei, array_length(ei));
+
+  /* Register our configuration options for DOP, particularly our port */
+
+  dop_module = prefs_register_protocol_subtree("OSI/X.500", proto_dop, prefs_register_dop);
+
+  prefs_register_uint_preference(dop_module, "tcp.port", "DOP TCP Port",
+				 "Set the port for DOP operations (if other"
+				 " than the default of 102)",
+				 10, &global_dop_tcp_port);
+
+
+}
+
+
+/*--- proto_reg_handoff_dop --- */
+void proto_reg_handoff_dop(void) {
+  dissector_handle_t dop_handle;
+
+#include "packet-dop-dis-tab.c"
+  /* APPLICATION CONTEXT */
+
+  oid_add_from_string("id-ac-directory-operational-binding-management","2.5.3.3");
+
+  /* ABSTRACT SYNTAXES */
+
+  /* Register DOP with ROS (with no use of RTSE) */
+  dop_handle = find_dissector("dop");
+  register_ros_oid_dissector_handle("2.5.9.4", dop_handle, 0, "id-as-directory-operational-binding-management", FALSE);
+
+  /* BINDING TYPES */
+
+  oid_add_from_string("shadow-agreement","2.5.19.1");
+  oid_add_from_string("hierarchical-agreement","2.5.19.2");
+  oid_add_from_string("non-specific-hierarchical-agreement","2.5.19.3");
+
+  /* ACCESS CONTROL SCHEMES */
+  oid_add_from_string("basic-ACS","2.5.28.1");
+  oid_add_from_string("simplified-ACS","2.5.28.2");
+  oid_add_from_string("ruleBased-ACS","2.5.28.3");
+  oid_add_from_string("ruleAndBasic-ACS","2.5.28.4");
+  oid_add_from_string("ruleAndSimple-ACS","2.5.28.5");
+
+  /* ADMINISTRATIVE ROLES */
+  oid_add_from_string("id-ar-autonomousArea","2.5.23.1");
+  oid_add_from_string("id-ar-accessControlSpecificArea","2.5.23.2");
+  oid_add_from_string("id-ar-accessControlInnerArea","2.5.23.3");
+  oid_add_from_string("id-ar-subschemaAdminSpecificArea","2.5.23.4");
+  oid_add_from_string("id-ar-collectiveAttributeSpecificArea","2.5.23.5");
+  oid_add_from_string("id-ar-collectiveAttributeInnerArea","2.5.23.6");
+  oid_add_from_string("id-ar-contextDefaultSpecificArea","2.5.23.7");
+  oid_add_from_string("id-ar-serviceSpecificArea","2.5.23.8");
+
+  /* remember the tpkt handler for change in preferences */
+  tpkt_handle = find_dissector("tpkt");
+
+}
+
+static void
+prefs_register_dop(void)
+{
+  static guint tcp_port = 0;
+
+  /* de-register the old port */
+  /* port 102 is registered by TPKT - don't undo this! */
+  if((tcp_port > 0) && (tcp_port != 102) && tpkt_handle)
+    dissector_delete_uint("tcp.port", tcp_port, tpkt_handle);
+
+  /* Set our port number for future use */
+  tcp_port = global_dop_tcp_port;
+
+  if((tcp_port > 0) && (tcp_port != 102) && tpkt_handle)
+    dissector_add_uint("tcp.port", tcp_port, tpkt_handle);
+
+}
diff --git a/epan/dissectors/asn1/dop/packet-dop-template.h b/epan/dissectors/asn1/dop/packet-dop-template.h
new file mode 100644
index 0000000000..ddb37b621f
--- /dev/null
+++ b/epan/dissectors/asn1/dop/packet-dop-template.h
@@ -0,0 +1,29 @@
+/* packet-x501.h
+ * Routines for X.501 (DSA Operational Attributes) packet dissection
+ * Graeme Lunt 2005
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef PACKET_X501_H
+#define PACKET_X501_H
+
+#include "packet-dop-exp.h"
+
+#endif  /* PACKET_X501_H */