diff options
author | João Valverde <joao.valverde@tecnico.ulisboa.pt> | 2016-03-09 03:17:51 +0000 |
---|---|---|
committer | João Valverde <j@v6e.pt> | 2016-03-13 21:30:24 +0000 |
commit | 54a520d4a1151c68d0b4e5f09a8d82466fa499f3 (patch) | |
tree | 7aacae160382098ce651ac862a5dfd5de4beff94 /epan/dissectors/asn1/dop | |
parent | c1f3c935bdd33090c87f0d2f84842ce9729b747a (diff) |
Move /asn1 to /epan/dissectors
Change-Id: I1208fe3c2ba428995526f561e8f792b8d871e9a9
Reviewed-on: https://code.wireshark.org/review/14388
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: João Valverde <j@v6e.pt>
Diffstat (limited to 'epan/dissectors/asn1/dop')
-rw-r--r-- | epan/dissectors/asn1/dop/CMakeLists.txt | 61 | ||||
-rw-r--r-- | epan/dissectors/asn1/dop/Makefile.am | 23 | ||||
-rw-r--r-- | epan/dissectors/asn1/dop/Makefile.common | 70 | ||||
-rw-r--r-- | epan/dissectors/asn1/dop/Makefile.nmake | 26 | ||||
-rw-r--r-- | epan/dissectors/asn1/dop/dop.asn | 881 | ||||
-rw-r--r-- | epan/dissectors/asn1/dop/dop.cnf | 202 | ||||
-rw-r--r-- | epan/dissectors/asn1/dop/packet-dop-template.c | 346 | ||||
-rw-r--r-- | epan/dissectors/asn1/dop/packet-dop-template.h | 29 |
8 files changed, 1638 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/dop/CMakeLists.txt b/epan/dissectors/asn1/dop/CMakeLists.txt new file mode 100644 index 0000000000..9df5fa05cb --- /dev/null +++ b/epan/dissectors/asn1/dop/CMakeLists.txt @@ -0,0 +1,61 @@ +# CMakeLists.txt +# +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# + +set( PROTOCOL_NAME dop ) + +set( PROTO_OPT ) + +set( EXPORT_FILES + ${PROTOCOL_NAME}-exp.cnf +) + +set( EXT_ASN_FILE_LIST +) + +set( ASN_FILE_LIST + ${PROTOCOL_NAME}.asn +) + +set( EXTRA_DIST + ${ASN_FILE_LIST} + packet-${PROTOCOL_NAME}-template.c + packet-${PROTOCOL_NAME}-template.h + ${PROTOCOL_NAME}.cnf +) + +set( SRC_FILES + ${EXTRA_DIST} + ${EXT_ASN_FILE_LIST} +) + +set( A2W_FLAGS -b ) + +set( EXTRA_CNF + "${CMAKE_CURRENT_BINARY_DIR}/../dap/dap-exp.cnf" + "${CMAKE_CURRENT_BINARY_DIR}/../dsp/dsp-exp.cnf" + "${CMAKE_CURRENT_BINARY_DIR}/../crmf/crmf-exp.cnf" + "${CMAKE_CURRENT_BINARY_DIR}/../x509af/x509af-exp.cnf" + "${CMAKE_CURRENT_BINARY_DIR}/../x509if/x509if-exp.cnf" + "${CMAKE_CURRENT_BINARY_DIR}/../x509sat/x509sat-exp.cnf" +) + +ASN2WRS() + diff --git a/epan/dissectors/asn1/dop/Makefile.am b/epan/dissectors/asn1/dop/Makefile.am new file mode 100644 index 0000000000..72d28e600b --- /dev/null +++ b/epan/dissectors/asn1/dop/Makefile.am @@ -0,0 +1,23 @@ +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +include ../Makefile.preinc +include Makefile.common +include ../Makefile.inc + diff --git a/epan/dissectors/asn1/dop/Makefile.common b/epan/dissectors/asn1/dop/Makefile.common new file mode 100644 index 0000000000..13a68e96c3 --- /dev/null +++ b/epan/dissectors/asn1/dop/Makefile.common @@ -0,0 +1,70 @@ +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +PROTOCOL_NAME=dop + +EXPORT_FILES = \ + $(PROTOCOL_NAME)-exp.cnf + +EXT_ASN_FILE_LIST = + +ASN_FILE_LIST = \ + $(PROTOCOL_NAME).asn + +# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn +# files do not exist for all protocols: Please add/remove as required. +EXTRA_DIST = \ + $(EXTRA_DIST_COMMON) \ + $(ASN_FILE_LIST) \ + packet-$(PROTOCOL_NAME)-template.c \ + packet-$(PROTOCOL_NAME)-template.h \ + $(PROTOCOL_NAME).cnf + +SRC_FILES = \ + $(EXTRA_DIST) \ + $(EXT_ASN_FILE_LIST) + +A2W_FLAGS= -b + +EXTRA_CNF= \ + $(builddir)/../dap/dap-exp.cnf \ + $(builddir)/../dsp/dsp-exp.cnf \ + $(builddir)/../crmf/crmf-exp.cnf \ + $(builddir)/../x509af/x509af-exp.cnf \ + $(builddir)/../x509if/x509if-exp.cnf \ + $(builddir)/../x509sat/x509sat-exp.cnf + +$(builddir)/../dap/dap-exp.cnf: + (cd $(builddir)/../dap && $(MAKE_CNF_EXPORT)) + +$(builddir)/../dsp/dsp-exp.cnf: + (cd $(builddir)/../dsp && $(MAKE_CNF_EXPORT)) + +$(builddir)/../crmf/crmf-exp.cnf: + (cd $(builddir)/../crmf && $(MAKE_CNF_EXPORT)) + +$(builddir)/../x509af/x509af-exp.cnf: + (cd $(builddir)/../x509af && $(MAKE_CNF_EXPORT)) + +$(builddir)/../x509if/x509if-exp.cnf: + (cd $(builddir)/../x509if && $(MAKE_CNF_EXPORT)) + +$(builddir)/../x509sat/x509sat-exp.cnf: + (cd $(builddir)/../x509sat && $(MAKE_CNF_EXPORT)) + diff --git a/epan/dissectors/asn1/dop/Makefile.nmake b/epan/dissectors/asn1/dop/Makefile.nmake new file mode 100644 index 0000000000..d296638ddd --- /dev/null +++ b/epan/dissectors/asn1/dop/Makefile.nmake @@ -0,0 +1,26 @@ +## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake +# +# Wireshark - Network traffic analyzer +# By Gerald Combs <gerald@wireshark.org> +# Copyright 1998 Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +include ../../../../config.nmake +include ../Makefile.preinc.nmake +include Makefile.common +include ../Makefile.inc.nmake + diff --git a/epan/dissectors/asn1/dop/dop.asn b/epan/dissectors/asn1/dop/dop.asn new file mode 100644 index 0000000000..cba83c0538 --- /dev/null +++ b/epan/dissectors/asn1/dop/dop.asn @@ -0,0 +1,881 @@ +-- Module DSAOperationalAttributeTypes (X.501:02/2001) +DSAOperationalAttributeTypes {joint-iso-itu-t ds(5) module(1) + dsaOperationalAttributeTypes(22) 4} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 + distributedOperations, id-doa, id-kmr, informationFramework, + opBindingManagement, selectedAttributeTypes, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) + usefulDefinitions(0) 4} + ATTRIBUTE, MATCHING-RULE, Name, Attribute, DistinguishedName, + RelativeDistinguishedName, Refinement, SubtreeSpecification, AttributeType, ContextAssertion + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 4} +-- OperationalBindingID +-- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) +-- opBindingManagement(18) 4} + -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 + AccessPoint, MasterAndShadowAccessPoints + FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) + distributedOperations(3) 4} + -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 + DirectoryString, NameAndOptionalUID, bitStringMatch + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + PresentationAddress, ProtocolInformation + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 4} + DirectoryBindArgument, DirectoryBindError, SecurityParameters + FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 5} + -- from ITU-T Rec. X.509 | ISO/IEC 9594-8 + AlgorithmIdentifier + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 4} + AttributeTypeAndValue + FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) + basicAccessControl(24) 4} + Filter + FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 4}; + +-- data types +DSEType ::= BIT STRING { + root(0), -- root DSE + glue(1), -- represents knowledge of a name only + cp(2), -- context prefix + entry(3), -- object entry + alias(4), -- alias entry + subr(5), -- subordinate reference + nssr(6), -- non-specific subordinate reference + supr(7), -- superior reference + xr(8), -- cross reference + admPoint(9), -- administrative point + subentry(10), -- subentry + shadow(11), -- shadow copy + immSupr(13), -- immediate superior reference + rhob(14), -- rhob information + sa(15), -- subordinate reference to alias entry + dsSubentry(16), -- DSA Specific subentry + familyMember(17), -- family member + ditBridge(18), -- DIT bridge reference + writeableCopy(19) -- writeable copy +} + +SupplierOrConsumer ::= SET { +-- COMPONENTS OF AccessPoint, - - supplier or consumer + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + agreementID [3] OperationalBindingID +} + +SupplierInformation ::= SET { +-- COMPONENTS OF SupplierOrConsumer, - - supplier + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + agreementID [3] OperationalBindingID, + supplier-is-master [4] BOOLEAN DEFAULT TRUE, + non-supplying-master [5] AccessPoint OPTIONAL +} + +ConsumerInformation ::= SupplierOrConsumer -- consumer + +SupplierAndConsumers ::= SET { +-- COMPONENTS OF AccessPoint, - - supplier + ae-title [0] Name, + address [1] PresentationAddress, + protocolInformation [2] SET --SIZE (1..MAX)-- OF ProtocolInformation OPTIONAL, + consumers [3] SET OF AccessPoint +} + +-- attribute types +--dseType ATTRIBUTE ::= { +-- WITH SYNTAX DSEType +-- EQUALITY MATCHING RULE bitStringMatch +-- SINGLE VALUE TRUE +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-dseType +--} + +--myAccessPoint ATTRIBUTE ::= { +-- WITH SYNTAX AccessPoint +-- EQUALITY MATCHING RULE accessPointMatch +-- SINGLE VALUE TRUE +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-myAccessPoint +--} + +--superiorKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX AccessPoint +-- EQUALITY MATCHING RULE accessPointMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-superiorKnowledge +--} + +--specificKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX MasterAndShadowAccessPoints +-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch +-- SINGLE VALUE TRUE +-- NO USER MODIFICATION TRUE +-- USAGE distributedOperation +-- ID id-doa-specificKnowledge +--} + +--nonSpecificKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX MasterAndShadowAccessPoints +-- EQUALITY MATCHING RULE masterAndShadowAccessPointsMatch +-- NO USER MODIFICATION TRUE +-- USAGE distributedOperation +-- ID id-doa-nonSpecificKnowledge +--} + +--supplierKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX SupplierInformation +-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-supplierKnowledge +--} + +--consumerKnowledge ATTRIBUTE ::= { +-- WITH SYNTAX ConsumerInformation +-- EQUALITY MATCHING RULE supplierOrConsumerInformationMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-consumerKnowledge +--} + +--secondaryShadows ATTRIBUTE ::= { +-- WITH SYNTAX SupplierAndConsumers +-- EQUALITY MATCHING RULE supplierAndConsumersMatch +-- NO USER MODIFICATION TRUE +-- USAGE dSAOperation +-- ID id-doa-secondaryShadows +--} + +-- matching rules +--accessPointMatch MATCHING-RULE ::= { +-- SYNTAX Name +-- ID id-kmr-accessPointMatch +--} + +--masterAndShadowAccessPointsMatch MATCHING-RULE ::= { +-- SYNTAX SET OF Name +-- ID id-kmr-masterShadowMatch +--} + +--supplierOrConsumerInformationMatch MATCHING-RULE ::= { +-- SYNTAX +-- SET {ae-title [0] Name, +-- agreement-identifier [2] INTEGER} +-- ID id-kmr-supplierConsumerMatch +--} + +--supplierAndConsumersMatch MATCHING-RULE ::= { +-- SYNTAX Name +-- ID id-kmr-supplierConsumersMatch +--} + +-- object identifier assignments +-- dsa operational attributes +--id-doa-dseType OBJECT IDENTIFIER ::= +-- {id-doa 0} + +--id-doa-myAccessPoint OBJECT IDENTIFIER ::= {id-doa 1} + +--id-doa-superiorKnowledge OBJECT IDENTIFIER ::= {id-doa 2} + +--id-doa-specificKnowledge OBJECT IDENTIFIER ::= {id-doa 3} + +--id-doa-nonSpecificKnowledge OBJECT IDENTIFIER ::= {id-doa 4} + +--id-doa-supplierKnowledge OBJECT IDENTIFIER ::= {id-doa 5} + +--id-doa-consumerKnowledge OBJECT IDENTIFIER ::= {id-doa 6} + +--id-doa-secondaryShadows OBJECT IDENTIFIER ::= {id-doa 7} + +-- knowledge matching rules +--id-kmr-accessPointMatch OBJECT IDENTIFIER ::= +-- {id-kmr 0} + +--id-kmr-masterShadowMatch OBJECT IDENTIFIER ::= {id-kmr 1} + +--id-kmr-supplierConsumerMatch OBJECT IDENTIFIER ::= {id-kmr 2} + +--id-kmr-supplierConsumersMatch OBJECT IDENTIFIER ::= {id-kmr 3} + +--END DSAOperationalAttributeTypes + +-- we include this here to reduce the number of dissectors +-- Module OperationalBindingManagement (X.501:08/2005) +--OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) +-- opBindingManagement(18) 5} DEFINITIONS ::= +--BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +--IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 +-- directoryAbstractService, directoryShadowAbstractService, +-- distributedOperations, directoryOSIProtocols, enhancedSecurity, +-- hierarchicalOperationalBindings, commonProtocolSpecification +-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) +-- usefulDefinitions(0) 5} +-- OPTIONALLY-PROTECTED-SEQ +-- FROM EnhancedSecurity {joint-iso-itu-t ds(5) modules(1) +-- enhancedSecurity(28) 5} +-- hierarchicalOperationalBinding, nonSpecificHierarchicalOperationalBinding +-- FROM HierarchicalOperationalBindings hierarchicalOperationalBindings + -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 +-- CommonResultsSeq, directoryBind, directoryUnbind, securityError, +-- SecurityParameters +-- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) +-- directoryAbstractService(2) 5} + -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 +-- AccessPoint +-- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) +-- distributedOperations(3) 5} + -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 +-- id-err-operationalBindingError, id-op-establishOperationalBinding, +-- id-op-modifyOperationalBinding, id-op-terminateOperationalBinding, +-- OPERATION, ERROR +-- FROM CommonProtocolSpecification commonProtocolSpecification +-- APPLICATION-CONTEXT +-- FROM DirectoryOSIProtocols directoryOSIProtocols + -- from ITU-T Rec. X.525 | ISO/IEC 9594-9 +-- shadowOperationalBinding +-- FROM DirectoryShadowAbstractService directoryShadowAbstractService; + +-- bind and unbind +dSAOperationalBindingManagementBind OPERATION ::= + directoryBind + +DSAOperationalManagementBindArgument ::= DirectoryBindArgument +DSAOperationalManagementBindResult ::= DirectoryBindArgument +DSAOperationalManagementBindError ::= DirectoryBindError + +dSAOperationalBindingManagementUnbind OPERATION ::= directoryUnbind + +-- operations, arguments and results +--establishOperationalBinding OPERATION ::= { +-- ARGUMENT EstablishOperationalBindingArgument +-- RESULT EstablishOperationalBindingResult +-- ERRORS {operationalBindingError | securityError} +-- CODE id-op-establishOperationalBinding +--} + +EstablishOperationalBindingArgumentData ::= +-- OPTIONALLY-PROTECTED-SEQ +-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER, + bindingID [1] OperationalBindingID OPTIONAL, + accessPoint [2] AccessPoint, + -- symmetric, Role A initiates, or Role B initiates + initiator + CHOICE {symmetric + [3] -- OPERATIONAL-BINDING.&both.&EstablishParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleA-initiates + [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleB-initiates + [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam + -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, + agreement + [6] -- OPERATIONAL-BINDING.&Agreement + -- ({OpBindingSet}{@bindingType}) -- ANY, + valid [7] Validity DEFAULT {}, + securityParameters [8] SecurityParameters OPTIONAL} --} + +-- expand OPTIONALLY-PROTECTED macro +EstablishOperationalBindingArgument ::= CHOICE { + unsignedEstablishOperationalBindingArgument EstablishOperationalBindingArgumentData, + signedEstablishOperationalBindingArgument SEQUENCE { + establishOperationalBindingArgument EstablishOperationalBindingArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +OperationalBindingID ::= SEQUENCE {identifier INTEGER, + version INTEGER +} + +Validity ::= SEQUENCE { + validFrom [0] CHOICE {now [0] NULL, + time [1] Time } DEFAULT now:NULL, + validUntil + [1] CHOICE {explicitTermination [0] NULL, + time [1] Time + } DEFAULT explicitTermination:NULL +} + +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} + +EstablishOperationalBindingResult ::= +-- OPTIONALLY-PROTECTED-SEQ +-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet}) -- OBJECT IDENTIFIER, + bindingID [1] OperationalBindingID OPTIONAL, + accessPoint [2] AccessPoint, + -- symmetric, Role A replies , or Role B replies + initiator + CHOICE {symmetric + [3] -- OPERATIONAL-BINDING.&both.&EstablishParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleA-replies + [4] -- OPERATIONAL-BINDING.&roleA.&EstablishParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleB-replies + [5] -- OPERATIONAL-BINDING.&roleB.&EstablishParam + -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, +-- COMPONENTS OF CommonResultsSeq}} + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL} + + +--modifyOperationalBinding OPERATION ::= { +-- ARGUMENT ModifyOperationalBindingArgument +-- RESULT ModifyOperationalBindingResult +-- ERRORS {operationalBindingError | securityError} +-- CODE id-op-modifyOperationalBinding +--} + +ModifyOperationalBindingArgumentData ::= +-- OPTIONALLY-PROTECTED-SEQ +-- {--SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER, + bindingID [1] OperationalBindingID, + accessPoint [2] AccessPoint OPTIONAL, + -- symmetric, Role A initiates, or Role B initiates + initiator + CHOICE {symmetric + [3] -- OPERATIONAL-BINDING.&both.&ModifyParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleA-initiates + [4] -- OPERATIONAL-BINDING.&roleA.&ModifyParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleB-initiates + [5] -- OPERATIONAL-BINDING.&roleB.&ModifyParam + -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, + newBindingID [6] OperationalBindingID, + newAgreement + [7] -- OPERATIONAL-BINDING.&Agreement + -- ({OpBindingSet}{@bindingType}) -- ANY OPTIONAL, + valid [8] Validity OPTIONAL, + securityParameters [9] SecurityParameters OPTIONAL} -- } + + +ModifyOperationalBindingArgument ::= CHOICE { + unsignedModifyOperationalBindingArgument ModifyOperationalBindingArgumentData, + signedModifyOperationalBindingArgument SEQUENCE { + modifyOperationalBindingArgument ModifyOperationalBindingArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ModifyOperationalBindingResult ::= CHOICE { + null [0] NULL, + protected [1] SEQUENCE { + modifyOperationalBindingResultData ModifyOperationalBindingResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +ModifyOperationalBindingResultData ::= SEQUENCE { + newBindingID OperationalBindingID, + bindingType + -- OPERATIONAL-BINDING.&id + -- ({OpBindingSet}) -- OBJECT IDENTIFIER, + newAgreement + -- OPERATIONAL-BINDING.&Agreement + -- ({OpBindingSet}{@.bindingType}) -- ANY, + valid Validity OPTIONAL, + --COMPONENTS OF CommonResultsSeq + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL + -- }} +} + +--terminateOperationalBinding OPERATION ::= { +-- ARGUMENT TerminateOperationalBindingArgument +-- RESULT TerminateOperationalBindingResult +-- ERRORS {operationalBindingError | securityError} +-- CODE id-op-terminateOperationalBinding +--} + +TerminateOperationalBindingArgumentData ::= +-- OPTIONALLY-PROTECTED-SEQ +-- {-- SEQUENCE {bindingType [0] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER, + bindingID [1] OperationalBindingID, + -- symmetric, Role A initiates, or Role B initiates + initiator + CHOICE {symmetric + [2] -- OPERATIONAL-BINDING.&both.&TerminateParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleA-initiates + [3] -- OPERATIONAL-BINDING.&roleA.&TerminateParam + -- ({OpBindingSet}{@bindingType}) -- ANY, + roleB-initiates + [4] -- OPERATIONAL-BINDING.&roleB.&TerminateParam + -- ({OpBindingSet}{@bindingType}) -- ANY } OPTIONAL, + terminateAt [5] Time OPTIONAL, + securityParameters [6] SecurityParameters OPTIONAL} --} + + +TerminateOperationalBindingArgument ::= CHOICE { + unsignedTerminateOperationalBindingArgument TerminateOperationalBindingArgumentData, + signedTerminateOperationalBindingArgument SEQUENCE { + terminateOperationalBindingArgument TerminateOperationalBindingArgumentData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +TerminateOperationalBindingResult ::= CHOICE { + null [0] NULL, + protected [1] SEQUENCE { + terminateOperationalBindingResultData TerminateOperationalBindingResultData, + algorithmIdentifier AlgorithmIdentifier, + encrypted BIT STRING + } +} + +TerminateOperationalBindingResultData ::= SEQUENCE { + bindingID OperationalBindingID, + bindingType + -- OPERATIONAL-BINDING.&id + -- ({OpBindingSet}) -- OBJECT IDENTIFIER, + terminateAt GeneralizedTime OPTIONAL, + --COMPONENTS OF CommonResultsSeq + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL +-- }} +} + +-- errors and parameters +--operationalBindingError ERROR ::= { +-- PARAMETER OPTIONALLY-PROTECTED-SEQ {OpBindingErrorParam} +-- CODE id-err-operationalBindingError +--} + +OpBindingErrorParam ::= SEQUENCE { + problem + [0] ENUMERATED {invalidID(0), duplicateID(1), unsupportedBindingType(2), + notAllowedForRole(3), parametersMissing(4), + roleAssignment(5), invalidStartTime(6), invalidEndTime(7), + invalidAgreement(8), currentlyNotDecidable(9), + modificationNotAllowed(10)}, + bindingType [1] --OPERATIONAL-BINDING.&id({OpBindingSet})-- OBJECT IDENTIFIER OPTIONAL, + agreementProposal + [2] -- OPERATIONAL-BINDING.&Agreement({OpBindingSet}{@bindingType})-- ANY OPTIONAL, + retryAt [3] Time OPTIONAL, +-- COMPONENTS OF CommonResultsSeq + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL + +} + +-- information object classes +--OPERATIONAL-BINDING ::= CLASS { +-- &Agreement , +-- &Cooperation OP-BINDING-COOP, +-- &both OP-BIND-ROLE OPTIONAL, +-- &roleA OP-BIND-ROLE OPTIONAL, +-- &roleB OP-BIND-ROLE OPTIONAL, +-- &id OBJECT IDENTIFIER UNIQUE +--} +--WITH SYNTAX { +-- AGREEMENT &Agreement +-- APPLICATION CONTEXTS &Cooperation +-- [SYMMETRIC &both] +-- [ASYMMETRIC +-- [ROLE-A &roleA] +-- [ROLE-B &roleB]] +-- ID &id +--} + +--OP-BINDING-COOP ::= CLASS { +-- &applContext APPLICATION-CONTEXT, +-- &Operations OPERATION OPTIONAL +--}WITH SYNTAX {&applContext +-- [APPLIES TO &Operations] +--} + +--OP-BIND-ROLE ::= CLASS { +-- &establish BOOLEAN DEFAULT FALSE, +-- &EstablishParam OPTIONAL, +-- &modify BOOLEAN DEFAULT FALSE, +-- &ModifyParam OPTIONAL, +-- &terminate BOOLEAN DEFAULT FALSE, +-- &TerminateParam OPTIONAL +--} +--WITH SYNTAX { +-- [ESTABLISHMENT-INITIATOR &establish] +-- [ESTABLISHMENT-PARAMETER &EstablishParam] +-- [MODIFICATION-INITIATOR &modify] +-- [MODIFICATION-PARAMETER &ModifyParam] +-- [TERMINATION-INITIATOR &terminate] +-- [TERMINATION-PARAMETER &TerminateParam] +--} + +--OpBindingSet OPERATIONAL-BINDING ::= +-- {shadowOperationalBinding | hierarchicalOperationalBinding | +-- nonSpecificHierarchicalOperationalBinding} + +--END - - OperationalBindingManagement + +-- Module HierarchicalOperationalBindings (X.518:08/2005) +--HierarchicalOperationalBindings {joint-iso-itu-t ds(5) module(1) +-- hierarchicalOperationalBindings(20) 5} DEFINITIONS ::= +--BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +--IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 +-- directoryOperationalBindingTypes, directoryOSIProtocols, +-- distributedOperations, informationFramework, opBindingManagement +-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) +-- usefulDefinitions(0) 5} +-- Attribute, DistinguishedName, RelativeDistinguishedName +-- FROM InformationFramework {joint-iso-itu-t ds(5) module(1) +-- informationFramework(1) 5} +-- OPERATIONAL-BINDING +-- FROM OperationalBindingManagement {joint-iso-itu-t ds(5) module(1) +-- opBindingManagement(18) 5} + -- from ITU-T Rec. X.518 | ISO/IEC 9594-4 +-- MasterAndShadowAccessPoints +-- FROM DistributedOperations {joint-iso-itu-t ds(5) module(1) +-- distributedOperations(3) 5} + -- from ITU-T Rec. X.519 | ISO/IEC 9594-5 +-- directorySystemAC +-- FROM DirectoryOSIProtocols {joint-iso-itu-t ds(5) module(1) +-- directoryOSIProtocols(37) 5} +-- id-op-binding-hierarchical, id-op-binding-non-specific-hierarchical +-- FROM DirectoryOperationalBindingTypes {joint-iso-itu-t ds(5) module(1) +-- directoryOperationalBindingTypes(25) 5}; + +-- types +HierarchicalAgreement ::= SEQUENCE { + rdn [0] RelativeDistinguishedName, + immediateSuperior [1] DistinguishedName +} + +SuperiorToSubordinate ::= SEQUENCE { + contextPrefixInfo [0] DITcontext, + entryInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, + immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +DITcontext ::= SEQUENCE OF Vertex + +Vertex ::= SEQUENCE { + rdn [0] RelativeDistinguishedName, + admPointInfo [1] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, + subentries [2] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL, + accessPoints [3] MasterAndShadowAccessPoints OPTIONAL +} + +SubentryInfo ::= SEQUENCE { + rdn [0] RelativeDistinguishedName, + info [1] SET OF Attribute +} + +SubordinateToSuperior ::= SEQUENCE { + accessPoints [0] MasterAndShadowAccessPoints OPTIONAL, + alias [1] BOOLEAN DEFAULT FALSE, + entryInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL, + subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL +} + +SuperiorToSubordinateModification ::= +-- SuperiorToSubordinate(WITH COMPONENTS { +-- ..., +-- entryInfo ABSENT +-- }) + SEQUENCE { + contextPrefixInfo [0] DITcontext, + immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +NonSpecificHierarchicalAgreement ::= SEQUENCE { + immediateSuperior [1] DistinguishedName +} + +NHOBSuperiorToSubordinate ::= +-- SuperiorToSubordinate(WITH COMPONENTS { +-- ..., +-- entryInfo ABSENT +-- }) + SEQUENCE { + contextPrefixInfo [0] DITcontext, + immediateSuperiorInfo [2] SET --SIZE (1..MAX)-- OF Attribute OPTIONAL +} + +NHOBSubordinateToSuperior ::= SEQUENCE { + accessPoints [0] MasterAndShadowAccessPoints OPTIONAL, + subentries [3] SET --SIZE (1..MAX)-- OF SubentryInfo OPTIONAL +} + +-- operational binding information objects +--hierarchicalOperationalBinding OPERATIONAL-BINDING ::= { +-- AGREEMENT HierarchicalAgreement +-- APPLICATION CONTEXTS {{directorySystemAC}} +-- ASYMMETRIC ROLE-A - - superior DSA - - +-- {ESTABLISHMENT-INITIATOR TRUE +-- ESTABLISHMENT-PARAMETER SuperiorToSubordinate +-- MODIFICATION-INITIATOR TRUE +-- MODIFICATION-PARAMETER SuperiorToSubordinateModification +-- TERMINATION-INITIATOR TRUE} +-- ROLE-B - - subordinate DSA - - +-- {ESTABLISHMENT-INITIATOR TRUE +-- ESTABLISHMENT-PARAMETER SubordinateToSuperior +-- MODIFICATION-INITIATOR TRUE +-- MODIFICATION-PARAMETER SubordinateToSuperior +-- TERMINATION-INITIATOR TRUE} +-- ID id-op-binding-hierarchical +--} + +--nonSpecificHierarchicalOperationalBinding OPERATIONAL-BINDING ::= { +-- AGREEMENT NonSpecificHierarchicalAgreement +-- APPLICATION CONTEXTS {{directorySystemAC}} +-- ASYMMETRIC ROLE-A - - superior DSA - - +-- {ESTABLISHMENT-PARAMETER NHOBSuperiorToSubordinate +-- MODIFICATION-INITIATOR TRUE +-- MODIFICATION-PARAMETER NHOBSuperiorToSubordinate +-- TERMINATION-INITIATOR TRUE} +-- ROLE-B - - subordinate DSA - - +-- {ESTABLISHMENT-INITIATOR TRUE +-- ESTABLISHMENT-PARAMETER NHOBSubordinateToSuperior +-- MODIFICATION-INITIATOR TRUE +-- MODIFICATION-PARAMETER NHOBSubordinateToSuperior +-- TERMINATION-INITIATOR TRUE} +-- ID id-op-binding-non-specific-hierarchical +--} + +--END - - HierarchicalOperationalBindings + +-- Module BasicAccessControl (X.501:02/2001) +--BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 4} +--DEFINITIONS ::= +--BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. +--IMPORTS + -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 +-- directoryAbstractService, id-aca, id-acScheme, informationFramework, +-- selectedAttributeTypes, upperBounds +-- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) +-- usefulDefinitions(0) 4} +-- ATTRIBUTE, AttributeType, ContextAssertion, DistinguishedName, MATCHING-RULE, +-- objectIdentifierMatch, Refinement, SubtreeSpecification, +-- SupportedAttributes +-- FROM InformationFramework {joint-iso-itu-t ds(5) module(1) +-- informationFramework(1) 4} + -- from ITU-T Rec. X.511 | ISO/IEC 9594-3 +-- Filter +-- FROM DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) +-- directoryAbstractService(2) 4} + -- from ITU-T Rec. X.520 | ISO/IEC 9594-6 +-- DirectoryString{}, directoryStringFirstComponentMatch, NameAndOptionalUID, +-- UniqueIdentifier +-- FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) +-- selectedAttributeTypes(5) 4} +-- ub-tag +-- FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}; + +-- types +ACIItem ::= SEQUENCE { + identificationTag DirectoryString --{ub-tag}--, + precedence Precedence, + authenticationLevel AuthenticationLevel, + itemOrUserFirst + CHOICE {itemFirst + [0] SEQUENCE {protectedItems ProtectedItems, + itemPermissions SET OF ItemPermission}, + userFirst + [1] SEQUENCE {userClasses UserClasses, + userPermissions SET OF UserPermission}} +} + +Precedence ::= INTEGER --(0..255)-- + +ProtectedItems ::= SEQUENCE { + entry [0] NULL OPTIONAL, + allUserAttributeTypes [1] NULL OPTIONAL, + attributeType + [2] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, + allAttributeValues + [3] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, + allUserAttributeTypesAndValues [4] NULL OPTIONAL, + attributeValue + [5] SET --SIZE (1..MAX)-- OF AttributeTypeAndValue OPTIONAL, + selfValue + [6] SET --SIZE (1..MAX)-- OF AttributeType OPTIONAL, + rangeOfValues [7] Filter OPTIONAL, + maxValueCount + [8] SET --SIZE (1..MAX)-- OF MaxValueCount OPTIONAL, + maxImmSub [9] INTEGER OPTIONAL, + restrictedBy + [10] SET --SIZE (1..MAX)-- OF RestrictedValue OPTIONAL, + contexts + [11] SET --SIZE (1..MAX)-- OF ContextAssertion OPTIONAL, + classes [12] Refinement OPTIONAL +} + +MaxValueCount ::= SEQUENCE {type AttributeType, + maxCount INTEGER +} + +RestrictedValue ::= SEQUENCE {type AttributeType, + valuesIn AttributeType +} + +UserClasses ::= SEQUENCE { + allUsers [0] NULL OPTIONAL, + thisEntry [1] NULL OPTIONAL, + name [2] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL, + userGroup [3] SET --SIZE (1..MAX)-- OF NameAndOptionalUID OPTIONAL, + -- dn component shall be the name of an + -- entry of GroupOfUniqueNames + subtree [4] SET --SIZE (1..MAX)-- OF SubtreeSpecification OPTIONAL +} + +ItemPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + userClasses UserClasses, + grantsAndDenials GrantsAndDenials +} + +UserPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + protectedItems ProtectedItems, + grantsAndDenials GrantsAndDenials +} + +AuthenticationLevel ::= CHOICE { + basicLevels + SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)}, + localQualifier INTEGER OPTIONAL, + signed BOOLEAN DEFAULT FALSE}, + other EXTERNAL +} + +GrantsAndDenials ::= BIT STRING { + -- permissions that may be used in conjunction + -- with any component of ProtectedItems + grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3), + grantRead(4), denyRead(5), grantRemove(6), + denyRemove(7), + -- permissions that may be used only in conjunction + -- with the entry component + grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11), + grantImport(12), denyImport(13), grantModify(14), denyModify(15), + grantRename(16), denyRename(17), grantReturnDN(18), + denyReturnDN(19), + -- permissions that may be used in conjunction + -- with any component, except entry, of ProtectedItems + grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23), + grantInvoke(24), denyInvoke(25)} + +--AttributeTypeAndValue ::= SEQUENCE { +-- type ATTRIBUTE.&id({SupportedAttributes}), +-- value ATTRIBUTE.&Type({SupportedAttributes}{@type}) +--} + +-- attributes +--accessControlScheme ATTRIBUTE ::= { +-- WITH SYNTAX OBJECT IDENTIFIER +-- EQUALITY MATCHING RULE objectIdentifierMatch +-- SINGLE VALUE TRUE +-- USAGE directoryOperation +-- ID id-aca-accessControlScheme +--} + +--prescriptiveACI ATTRIBUTE ::= { +-- WITH SYNTAX ACIItem +-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch +-- USAGE directoryOperation +-- ID id-aca-prescriptiveACI +--} + +--entryACI ATTRIBUTE ::= { +-- WITH SYNTAX ACIItem +-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch +-- USAGE directoryOperation +-- ID id-aca-entryACI +--} + +--subentryACI ATTRIBUTE ::= { +-- WITH SYNTAX ACIItem +-- EQUALITY MATCHING RULE directoryStringFirstComponentMatch +-- USAGE directoryOperation +-- ID id-aca-subentryACI +--} + +-- object identifier assignments +-- attributes +--id-aca-accessControlScheme OBJECT IDENTIFIER ::= +-- {id-aca 1} + +--id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4} + +--id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5} + +--id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6} + +-- access control schemes - +--basicAccessControlScheme OBJECT IDENTIFIER ::= +-- {id-acScheme 1} + +--simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2} + +--rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3} + +--rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4} + +--rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5} + +END -- BasicAccessControl + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + + + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/epan/dissectors/asn1/dop/dop.cnf b/epan/dissectors/asn1/dop/dop.cnf new file mode 100644 index 0000000000..e6629be715 --- /dev/null +++ b/epan/dissectors/asn1/dop/dop.cnf @@ -0,0 +1,202 @@ +#.IMPORT ../x509sat/x509sat-exp.cnf +#.IMPORT ../x509if/x509if-exp.cnf +#.IMPORT ../x509af/x509af-exp.cnf +#.IMPORT ../dsp/dsp-exp.cnf +#.IMPORT ../dap/dap-exp.cnf +#.IMPORT ../crmf/crmf-exp.cnf + +#.MODULE_IMPORT +BasicAccessControl crmf + +#.EXPORTS +DSEType +SupplierAndConsumers +OperationalBindingID + +#.NO_EMIT ONLY_VALS +EstablishOperationalBindingArgument +ModifyOperationalBindingArgument +ModifyOperationalBindingResult +TerminateOperationalBindingArgument +TerminateOperationalBindingResult + +#.TYPE_RENAME +EstablishOperationalBindingArgumentData/initiator EstablishArgumentInitiator +ModifyOperationalBindingArgumentData/initiator ModifyArgumentInitiator +TerminateOperationalBindingArgumentData/initiator TerminateArgumentInitiator + +ModifyOperationalBindingArgumentData/newAgreement ArgumentNewAgreement +ModifyOperationalBindingResultData/newAgreement ResultNewAgreement + +ModifyOperationalBindingResult/protected ProtectedModifyResult +TerminateOperationalBindingResult/protected ProtectedTerminateResult + +EstablishOperationalBindingArgumentData/initiator/roleA-initiates EstablishRoleAInitiates +ModifyOperationalBindingArgumentData/initiator/roleA-initiates ModifyRoleAInitiates +TerminateOperationalBindingArgumentData/initiator/roleA-initiates TerminateRoleAInitiates + +EstablishOperationalBindingArgumentData/initiator/roleB-initiates EstablishRoleBInitiates +ModifyOperationalBindingArgumentData/initiator/roleB-initiates ModifyRoleBInitiates +TerminateOperationalBindingArgumentData/initiator/roleB-initiates TerminateRoleBInitiates + +EstablishOperationalBindingArgumentData/initiator/symmetric EstablishSymmetric +ModifyOperationalBindingArgumentData/initiator/symmetric ModifySymmetric +TerminateOperationalBindingArgumentData/initiator/symmetric TerminateSymmetric + + +#.FIELD_RENAME +EstablishOperationalBindingArgumentData/initiator establishInitiator +ModifyOperationalBindingArgumentData/initiator modifyInitiator +TerminateOperationalBindingArgumentData/initiator terminateInitiator + +ModifyOperationalBindingArgumentData/newAgreement argumentNewAgreement +ModifyOperationalBindingResultData/newAgreement resultNewAgreement + +ModifyOperationalBindingResult/protected protectedModifyResult +TerminateOperationalBindingResult/protected protectedTerminateResult + +EstablishOperationalBindingArgumentData/initiator/roleA-initiates establishRoleAInitiates +ModifyOperationalBindingArgumentData/initiator/roleA-initiates modifyRoleAInitiates +TerminateOperationalBindingArgumentData/initiator/roleA-initiates terminateRoleAInitiates + +EstablishOperationalBindingArgumentData/initiator/roleB-initiates establishRoleBInitiates +ModifyOperationalBindingArgumentData/initiator/roleB-initiates modifyRoleBInitiates +TerminateOperationalBindingArgumentData/initiator/roleB-initiates terminateRoleBInitiates + +EstablishOperationalBindingArgumentData/initiator/symmetric establishSymmetric +ModifyOperationalBindingArgumentData/initiator/symmetric modifySymmetric +TerminateOperationalBindingArgumentData/initiator/symmetric terminateSymmetric + +TerminateOperationalBindingArgumentData/terminateAt terminateAtTime +TerminateOperationalBindingResultData/terminateAt terminateAtGeneralizedTime + + +#.REGISTER +DSEType B "2.5.12.0" "id-doa-dseType" +SupplierInformation B "2.5.12.5" "id-doa-supplierKnowledge" +ConsumerInformation B "2.5.12.6" "id-doa-consumerKnowledge" +SupplierAndConsumers B "2.5.12.7" "id-doa-secondaryShadows" + +HierarchicalAgreement S dop.oid "agreement.2.5.19.2" +SuperiorToSubordinate S dop.oid "establish.rolea.2.5.19.2" +SuperiorToSubordinateModification S dop.oid "modify.rolea.2.5.19.2" +SubordinateToSuperior S dop.oid "establish.roleb.2.5.19.2" +SubordinateToSuperior S dop.oid "modify.roleb.2.5.19.2" + +NonSpecificHierarchicalAgreement S dop.oid "agreement.2.5.19.3" +NHOBSuperiorToSubordinate S dop.oid "establish.rolea.2.5.19.3" +NHOBSuperiorToSubordinate S dop.oid "modify.rolea.2.5.19.3" +NHOBSubordinateToSuperior S dop.oid "establish.roleb.2.5.19.3" +NHOBSubordinateToSuperior S dop.oid "modify.roleb.2.5.19.3" + +ACIItem B "2.5.24.4" "id-aca-prescriptiveACI" +ACIItem B "2.5.24.5" "id-aca-entryACI" +ACIItem B "2.5.24.6" "id-aca-subentryACI" + +#.VIRTUAL_ASSGN +BindingType EstablishOperationalBindingArgumentData/bindingType +#.SET_TYPE +EstablishOperationalBindingArgumentData/bindingType BindingType +EstablishOperationalBindingResult/bindingType BindingType +ModifyOperationalBindingArgumentData/bindingType BindingType +ModifyOperationalBindingResultData/bindingType BindingType +TerminateOperationalBindingArgumentData/bindingType BindingType +TerminateOperationalBindingResultData/bindingType BindingType +OpBindingErrorParam/bindingType BindingType +#.END + +#.FN_PARS BindingType FN_VARIANT = _str VAL_PTR = &binding_type +#.FN_FTR BindingType + append_oid(actx->pinfo, binding_type); +#.END + +#.FN_BODY EstablishOperationalBindingArgumentData/initiator/symmetric + + offset = call_dop_oid_callback("establish.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data); + +#.FN_BODY EstablishOperationalBindingArgumentData/initiator/roleA-initiates + + offset = call_dop_oid_callback("establish.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data); + +#.FN_BODY EstablishOperationalBindingArgumentData/initiator/roleB-initiates + + offset = call_dop_oid_callback("establish.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data); + +#.FN_BODY ModifyOperationalBindingArgumentData/initiator/symmetric + + offset = call_dop_oid_callback("modify.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data); + +#.FN_BODY ModifyOperationalBindingArgumentData/initiator/roleA-initiates + + offset = call_dop_oid_callback("modify.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data); + +#.FN_BODY ModifyOperationalBindingArgumentData/initiator/roleB-initiates + + offset = call_dop_oid_callback("modify.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data); + +#.FN_BODY TerminateOperationalBindingArgumentData/initiator/symmetric + + offset = call_dop_oid_callback("terminate.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data); + +#.FN_BODY TerminateOperationalBindingArgumentData/initiator/roleA-initiates + + offset = call_dop_oid_callback("terminate.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data); + +#.FN_BODY TerminateOperationalBindingArgumentData/initiator/roleB-initiates + + offset = call_dop_oid_callback("terminate.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data); + +#.FN_BODY EstablishOperationalBindingArgumentData/agreement + + offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data); + +#.FN_BODY EstablishOperationalBindingResult/initiator/symmetric + + offset = call_dop_oid_callback("establish.symmetric", tvb, offset, actx->pinfo, tree, "symmetric", actx->private_data); + +#.FN_BODY EstablishOperationalBindingResult/initiator/roleA-replies + + offset = call_dop_oid_callback("establish.rolea", tvb, offset, actx->pinfo, tree, "roleA", actx->private_data); + +#.FN_BODY EstablishOperationalBindingResult/initiator/roleB-replies + + offset = call_dop_oid_callback("establish.roleb", tvb, offset, actx->pinfo, tree, "roleB", actx->private_data); + +#.FN_BODY OpBindingErrorParam/agreementProposal + + offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data); + +#.FN_BODY ModifyOperationalBindingResultData/newAgreement + + offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data); + +#.FN_BODY ModifyOperationalBindingArgumentData/newAgreement + + offset = call_dop_oid_callback("agreement", tvb, offset, actx->pinfo, tree, NULL, actx->private_data); + + +#.FN_BODY OperationalBindingID/identifier VAL_PTR = &value + guint32 value; + + %(DEFAULT_BODY)s + + col_append_fstr(actx->pinfo->cinfo, COL_INFO, " id=%%d", value); + + + +#.FN_BODY OperationalBindingID/version VAL_PTR = &value + guint32 value; + + %(DEFAULT_BODY)s + + col_append_fstr(actx->pinfo->cinfo, COL_INFO, ",%%d", value); + +#.FN_PARS Precedence VAL_PTR = &precedence + +#.FN_BODY Precedence + guint32 precedence = 0; + + %(DEFAULT_BODY)s + + proto_item_append_text(tree, " precedence=%%d", precedence); + diff --git a/epan/dissectors/asn1/dop/packet-dop-template.c b/epan/dissectors/asn1/dop/packet-dop-template.c new file mode 100644 index 0000000000..1cf698a20d --- /dev/null +++ b/epan/dissectors/asn1/dop/packet-dop-template.c @@ -0,0 +1,346 @@ +/* packet-dop.c + * Routines for X.501 (DSA Operational Attributes) packet dissection + * Graeme Lunt 2005 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <epan/packet.h> +#include <epan/prefs.h> +#include <epan/oids.h> +#include <epan/asn1.h> +#include <epan/expert.h> + +#include "packet-ber.h" +#include "packet-acse.h" +#include "packet-ros.h" + +#include "packet-x509sat.h" +#include "packet-x509af.h" +#include "packet-x509if.h" +#include "packet-dap.h" +#include "packet-dsp.h" +#include "packet-crmf.h" + + +#include "packet-dop.h" + +#define PNAME "X.501 Directory Operational Binding Management Protocol" +#define PSNAME "DOP" +#define PFNAME "dop" + +void proto_register_dop(void); +void proto_reg_handoff_dop(void); + +static guint global_dop_tcp_port = 102; +static dissector_handle_t tpkt_handle; +static void prefs_register_dop(void); /* forward declaration for use in preferences registration */ + +/* Initialize the protocol and registered fields */ +static int proto_dop = -1; + +static const char *binding_type = NULL; /* binding_type */ + +static int call_dop_oid_callback(const char *base_string, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, const char *col_info, void* data); + +#include "packet-dop-hf.c" + +/* Initialize the subtree pointers */ +static gint ett_dop = -1; +static gint ett_dop_unknown = -1; +#include "packet-dop-ett.c" + +static expert_field ei_dop_unknown_binding_parameter = EI_INIT; +static expert_field ei_dop_unsupported_opcode = EI_INIT; +static expert_field ei_dop_unsupported_errcode = EI_INIT; +static expert_field ei_dop_unsupported_pdu = EI_INIT; +static expert_field ei_dop_zero_pdu = EI_INIT; + +/* Dissector table */ +static dissector_table_t dop_dissector_table; + +static void append_oid(packet_info *pinfo, const char *oid) +{ + const char *name = NULL; + + name = oid_resolved_from_string(wmem_packet_scope(), oid); + col_append_fstr(pinfo->cinfo, COL_INFO, " %s", name ? name : oid); +} + +#include "packet-dop-fn.c" + +static int +call_dop_oid_callback(const char *base_string, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, const char *col_info, void* data) +{ + char* binding_param; + + binding_param = wmem_strdup_printf(wmem_packet_scope(), "%s.%s", base_string, binding_type ? binding_type : ""); + + col_append_fstr(pinfo->cinfo, COL_INFO, " %s", col_info); + + if (dissector_try_string(dop_dissector_table, binding_param, tvb, pinfo, tree, data)) { + offset = tvb_reported_length (tvb); + } else { + proto_item *item; + proto_tree *next_tree; + + next_tree = proto_tree_add_subtree_format(tree, tvb, 0, -1, ett_dop_unknown, &item, + "Dissector for parameter %s OID:%s not implemented. Contact Wireshark developers if you want this supported", base_string, binding_type ? binding_type : "<empty>"); + + offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree); + expert_add_info(pinfo, item, &ei_dop_unknown_binding_parameter); + } + + return offset; +} + + +/* +* Dissect DOP PDUs inside a ROS PDUs +*/ +static int +dissect_dop(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data) +{ + int offset = 0; + int old_offset; + proto_item *item; + proto_tree *tree; + struct SESSION_DATA_STRUCTURE* session; + int (*dop_dissector)(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) = NULL; + const char *dop_op_name; + asn1_ctx_t asn1_ctx; + + /* do we have operation information from the ROS dissector? */ + if (data == NULL) + return 0; + session = (struct SESSION_DATA_STRUCTURE*)data; + + asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); + + item = proto_tree_add_item(parent_tree, proto_dop, tvb, 0, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_dop); + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DOP"); + col_clear(pinfo->cinfo, COL_INFO); + + asn1_ctx.private_data = session; + + switch(session->ros_op & ROS_OP_MASK) { + case (ROS_OP_BIND | ROS_OP_ARGUMENT): /* BindInvoke */ + dop_dissector = dissect_dop_DSAOperationalManagementBindArgument; + dop_op_name = "DSA-Operational-Bind-Argument"; + break; + case (ROS_OP_BIND | ROS_OP_RESULT): /* BindResult */ + dop_dissector = dissect_dop_DSAOperationalManagementBindResult; + dop_op_name = "DSA-Operational-Bind-Result"; + break; + case (ROS_OP_BIND | ROS_OP_ERROR): /* BindError */ + dop_dissector = dissect_dop_DSAOperationalManagementBindError; + dop_op_name = "DSA-Operational-Management-Bind-Error"; + break; + case (ROS_OP_INVOKE | ROS_OP_ARGUMENT): /* Invoke Argument */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 100: /* establish */ + dop_dissector = dissect_dop_EstablishOperationalBindingArgument; + dop_op_name = "Establish-Operational-Binding-Argument"; + break; + case 101: /* terminate */ + dop_dissector = dissect_dop_TerminateOperationalBindingArgument; + dop_op_name = "Terminate-Operational-Binding-Argument"; + break; + case 102: /* modify */ + dop_dissector = dissect_dop_ModifyOperationalBindingArgument; + dop_op_name = "Modify-Operational-Binding-Argument"; + break; + default: + proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_opcode, tvb, offset, -1, + "Unsupported DOP Argument opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_RESULT): /* Return Result */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 100: /* establish */ + dop_dissector = dissect_dop_EstablishOperationalBindingResult; + dop_op_name = "Establish-Operational-Binding-Result"; + break; + case 101: /* terminate */ + dop_dissector = dissect_dop_TerminateOperationalBindingResult; + dop_op_name = "Terminate-Operational-Binding-Result"; + break; + case 102: /* modify */ + dop_dissector = dissect_dop_ModifyOperationalBindingResult; + dop_op_name = "Modify-Operational-Binding-Result"; + break; + default: + proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_opcode, tvb, offset, -1, + "Unsupported DOP Result opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK); + break; + } + break; + case (ROS_OP_INVOKE | ROS_OP_ERROR): /* Return Error */ + switch(session->ros_op & ROS_OP_OPCODE_MASK) { + case 100: /* operational-binding */ + dop_dissector = dissect_dop_OpBindingErrorParam; + dop_op_name = "Operational-Binding-Error"; + break; + default: + proto_tree_add_expert_format(tree, pinfo, &ei_dop_unsupported_errcode, tvb, offset, -1, + "Unsupported DOP Error opcode (%d)", session->ros_op & ROS_OP_OPCODE_MASK); + break; + } + break; + default: + proto_tree_add_expert(tree, pinfo, &ei_dop_unsupported_pdu, tvb, offset, -1); + return tvb_captured_length(tvb); + } + + if(dop_dissector) { + col_set_str(pinfo->cinfo, COL_INFO, dop_op_name); + + while (tvb_reported_length_remaining(tvb, offset) > 0){ + old_offset=offset; + offset=(*dop_dissector)(FALSE, tvb, offset, &asn1_ctx, tree, -1); + if(offset == old_offset){ + proto_tree_add_expert(tree, pinfo, &ei_dop_zero_pdu, tvb, offset, -1); + break; + } + } + } + + return tvb_captured_length(tvb); +} + + + +/*--- proto_register_dop -------------------------------------------*/ +void proto_register_dop(void) { + + /* List of fields */ + static hf_register_info hf[] = + { +#include "packet-dop-hfarr.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + &ett_dop, + &ett_dop_unknown, +#include "packet-dop-ettarr.c" + }; + + static ei_register_info ei[] = { + { &ei_dop_unknown_binding_parameter, { "dop.unknown_binding_parameter", PI_UNDECODED, PI_WARN, "Unknown binding-parameter", EXPFILL }}, + { &ei_dop_unsupported_opcode, { "dop.unsupported_opcode", PI_UNDECODED, PI_WARN, "Unsupported DOP opcode", EXPFILL }}, + { &ei_dop_unsupported_errcode, { "dop.unsupported_errcode", PI_UNDECODED, PI_WARN, "Unsupported DOP errcode", EXPFILL }}, + { &ei_dop_unsupported_pdu, { "dop.unsupported_pdu", PI_UNDECODED, PI_WARN, "Unsupported DOP PDU", EXPFILL }}, + { &ei_dop_zero_pdu, { "dop.zero_pdu", PI_PROTOCOL, PI_ERROR, "Internal error, zero-byte DOP PDU", EXPFILL }}, + }; + + expert_module_t* expert_dop; + module_t *dop_module; + + /* Register protocol */ + proto_dop = proto_register_protocol(PNAME, PSNAME, PFNAME); + + register_dissector("dop", dissect_dop, proto_dop); + + dop_dissector_table = register_dissector_table("dop.oid", "DOP OID Dissectors", FT_STRING, BASE_NONE, DISSECTOR_TABLE_ALLOW_DUPLICATE); + + /* Register fields and subtrees */ + proto_register_field_array(proto_dop, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + expert_dop = expert_register_protocol(proto_dop); + expert_register_field_array(expert_dop, ei, array_length(ei)); + + /* Register our configuration options for DOP, particularly our port */ + + dop_module = prefs_register_protocol_subtree("OSI/X.500", proto_dop, prefs_register_dop); + + prefs_register_uint_preference(dop_module, "tcp.port", "DOP TCP Port", + "Set the port for DOP operations (if other" + " than the default of 102)", + 10, &global_dop_tcp_port); + + +} + + +/*--- proto_reg_handoff_dop --- */ +void proto_reg_handoff_dop(void) { + dissector_handle_t dop_handle; + +#include "packet-dop-dis-tab.c" + /* APPLICATION CONTEXT */ + + oid_add_from_string("id-ac-directory-operational-binding-management","2.5.3.3"); + + /* ABSTRACT SYNTAXES */ + + /* Register DOP with ROS (with no use of RTSE) */ + dop_handle = find_dissector("dop"); + register_ros_oid_dissector_handle("2.5.9.4", dop_handle, 0, "id-as-directory-operational-binding-management", FALSE); + + /* BINDING TYPES */ + + oid_add_from_string("shadow-agreement","2.5.19.1"); + oid_add_from_string("hierarchical-agreement","2.5.19.2"); + oid_add_from_string("non-specific-hierarchical-agreement","2.5.19.3"); + + /* ACCESS CONTROL SCHEMES */ + oid_add_from_string("basic-ACS","2.5.28.1"); + oid_add_from_string("simplified-ACS","2.5.28.2"); + oid_add_from_string("ruleBased-ACS","2.5.28.3"); + oid_add_from_string("ruleAndBasic-ACS","2.5.28.4"); + oid_add_from_string("ruleAndSimple-ACS","2.5.28.5"); + + /* ADMINISTRATIVE ROLES */ + oid_add_from_string("id-ar-autonomousArea","2.5.23.1"); + oid_add_from_string("id-ar-accessControlSpecificArea","2.5.23.2"); + oid_add_from_string("id-ar-accessControlInnerArea","2.5.23.3"); + oid_add_from_string("id-ar-subschemaAdminSpecificArea","2.5.23.4"); + oid_add_from_string("id-ar-collectiveAttributeSpecificArea","2.5.23.5"); + oid_add_from_string("id-ar-collectiveAttributeInnerArea","2.5.23.6"); + oid_add_from_string("id-ar-contextDefaultSpecificArea","2.5.23.7"); + oid_add_from_string("id-ar-serviceSpecificArea","2.5.23.8"); + + /* remember the tpkt handler for change in preferences */ + tpkt_handle = find_dissector("tpkt"); + +} + +static void +prefs_register_dop(void) +{ + static guint tcp_port = 0; + + /* de-register the old port */ + /* port 102 is registered by TPKT - don't undo this! */ + if((tcp_port > 0) && (tcp_port != 102) && tpkt_handle) + dissector_delete_uint("tcp.port", tcp_port, tpkt_handle); + + /* Set our port number for future use */ + tcp_port = global_dop_tcp_port; + + if((tcp_port > 0) && (tcp_port != 102) && tpkt_handle) + dissector_add_uint("tcp.port", tcp_port, tpkt_handle); + +} diff --git a/epan/dissectors/asn1/dop/packet-dop-template.h b/epan/dissectors/asn1/dop/packet-dop-template.h new file mode 100644 index 0000000000..ddb37b621f --- /dev/null +++ b/epan/dissectors/asn1/dop/packet-dop-template.h @@ -0,0 +1,29 @@ +/* packet-x501.h + * Routines for X.501 (DSA Operational Attributes) packet dissection + * Graeme Lunt 2005 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef PACKET_X501_H +#define PACKET_X501_H + +#include "packet-dop-exp.h" + +#endif /* PACKET_X501_H */ |