prettify dissection od ldap attributes

special case some common special attributes such as DomainSid and DomainGuid and dissect them as SIDs and GUIDs examples of these special attributes can be seen in Xiaoguang Liu's email to wireshark dev git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@18719 f5534014-38df-0310-8fa8-9805f1628bb7
author: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2006-07-12 09:02:00 +0000
committer: sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7> 2006-07-12 09:02:00 +0000
commit: 0f78b905582e333ceedec7bd7779f461e1e737cc (patch)
tree: d9fd738ddc9647f9e61352976259e7b0684514fd /asn1
parent: 4fdc9994e1bca275e1ec718c508639c1fb1d1094 (diff)
1 files changed, 59 insertions, 5 deletions
diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c
index e13b0a7445..fe2e0c3670 100644
--- a/asn1/ldap/packet-ldap-template.c
+++ b/asn1/ldap/packet-ldap-template.c
@@ -85,6 +85,8 @@
 #include <epan/oid_resolv.h>
 #include <epan/strutil.h>
 #include <epan/dissectors/packet-tcp.h>
+#include <epan/dissectors/packet-windows-common.h>
+#include <epan/dissectors/packet-dcerpc.h>
 
 #include "packet-frame.h"
 #include "packet-ldap.h"
@@ -105,6 +107,7 @@ static int hf_ldap_sasl_buffer_length = -1;
 static int hf_ldap_response_in = -1;
 static int hf_ldap_response_to = -1;
 static int hf_ldap_time = -1;
+static int hf_ldap_guid = -1;
 
 static int hf_mscldap_netlogon_type = -1;
 static int hf_mscldap_netlogon_flags = -1;
@@ -248,8 +251,12 @@ ldap_info_equal_unmatched(gconstpointer k1, gconstpointer k2)
   return key1->messageId==key2->messageId;
 }
 
+/* This string contains the last LDAPString that was decoded */
+static char *attributedesc_string=NULL;
+
 /* This string contains the last AssertionValue that was decoded */
 static char *assertionvalue_string=NULL;
+
 /* if the octet string contain all printable ASCII characters, then
  * display it as a string, othervise just display it in hex.
  */
@@ -273,12 +280,56 @@ dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, pa
 		return offset;
 	}
 
+
+	/*
+	 * Some special/wellknown attributes in common LDAP (read AD)
+	 * are neither ascii strings nor blobs of hex data.
+	 * Special case these attributes and decode them more nicely.
+	 *
+	 * Add more special cases as required to prettify further
+	 * (there cant be that many ones that are truly interesting)
+	 */
+	if(!strncmp("DomainSid", attributedesc_string, 9)){
+		tvbuff_t *sid_tvb;
+		char *tmpstr;
+
+		/* this octet string contains an NT SID */
+		sid_tvb=tvb_new_subset(tvb, offset, len, len);
+		dissect_nt_sid(sid_tvb, 0, tree, "SID", &tmpstr, hf_index);
+		assertionvalue_string=ep_strdup(tmpstr);
+		g_free(tmpstr);
+
+		goto finished;
+	} else if ( (len==16) /* GUIDs are always 16 bytes */ 
+	&& (!strncmp("DomainGuid", attributedesc_string, 10))) {
+		guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
+		e_uuid_t uuid;
+		
+		/* This octet string contained a GUID */
+		dissect_dcerpc_uuid_t(tvb, offset, pinfo, tree, drep, hf_ldap_guid, &uuid);
+
+		assertionvalue_string=ep_alloc(1024);
+		g_snprintf(assertionvalue_string, 1023, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+                          uuid.Data1, uuid.Data2, uuid.Data3,
+                          uuid.Data4[0], uuid.Data4[1],
+                          uuid.Data4[2], uuid.Data4[3],
+                          uuid.Data4[4], uuid.Data4[5],
+                          uuid.Data4[6], uuid.Data4[7]);
+
+		goto finished;
+	}
+
 	/*
-	 * Check whether the string is printable ASCII or binary.
+	 * It was not one of our "wellknown" attributes so make the best
+	 * we can and just try to see if it is an ascii string or if it
+	 * is a binary blob.
 	 *
 	 * XXX - should we support reading RFC 2252-style schemas
 	 * for LDAP, and using that to determine how to display
 	 * attribute values and assertion values?
+	 *
+	 * -- I dont think there are full schemas available that describe the 
+	 *  interesting cases i.e. AD -- ronnie
 	 */
 	str=tvb_get_ptr(tvb, offset, len);
 	is_ascii=TRUE;
@@ -304,14 +355,13 @@ dissect_ldap_AssertionValue(gboolean implicit_tag, tvbuff_t *tvb, int offset, pa
 	}
 
 	proto_tree_add_string(tree, hf_index, tvb, offset, len, assertionvalue_string);
-	offset+=len;
 
+
+finished:
+	offset+=len;
 	return offset;
 }
 
-/* This string contains the last LDAPString that was decoded */
-static char *attributedesc_string=NULL;
-
 /* This string contains the last Filter item that was decoded */
 static char *Filter_string=NULL;
 static char *and_filter_string=NULL;
@@ -1370,6 +1420,10 @@ void proto_register_ldap(void) {
       { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32,
         TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }},
 
+    { &hf_ldap_guid,
+      { "GUID", "ldap.guid", FT_GUID, BASE_NONE,
+        NULL, 0, "GUID", HFILL }},
+
 #include "packet-ldap-hfarr.c"
   };
author	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2006-07-12 09:02:00 +0000
committer	sahlberg <sahlberg@f5534014-38df-0310-8fa8-9805f1628bb7>	2006-07-12 09:02:00 +0000
commit	0f78b905582e333ceedec7bd7779f461e1e737cc (patch)
tree	d9fd738ddc9647f9e61352976259e7b0684514fd /asn1
parent	4fdc9994e1bca275e1ec718c508639c1fb1d1094 (diff)