diff options
| author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2006-05-08 17:52:42 +0000 |
|---|---|---|
| committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2006-05-08 17:52:42 +0000 |
| commit | 146d22767c001cdc283b8f5e05f48250b8d9d61e (patch) | |
| tree | 31d88954478bc2bf623e583986e4cba86a21820a /asn1 | |
| parent | e0f8325deb24244b16af10f7dc3c09b8a5afeb8e (diff) | |
LDAP attribute type dissector framework including support for "netlogon" attribute and PKI attributes
svn path=/trunk/; revision=18109
Diffstat (limited to 'asn1')
| -rw-r--r-- | asn1/ldap/ldap.cnf | 63 | ||||
| -rw-r--r-- | asn1/ldap/packet-ldap-template.c | 617 | ||||
| -rw-r--r-- | asn1/ldap/packet-ldap-template.h | 4 | ||||
| -rw-r--r-- | asn1/x509af/packet-x509af-template.c | 19 |
4 files changed, 359 insertions, 344 deletions
diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf index fab58b3334..0327dcc17f 100644 --- a/asn1/ldap/ldap.cnf +++ b/asn1/ldap/ldap.cnf @@ -239,6 +239,7 @@ ldap_conv_info_t *ldap_info; #.FN_BODY LDAPString tvbuff_t *parameter_tvb = NULL; char *ldapstring; + gchar *sc = NULL; /* semi-colon pointer */ %(DEFAULT_BODY)s @@ -270,6 +271,23 @@ ldap_conv_info_t *ldap_info; if(ldm_tree) proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring); + } else if (hf_index == hf_ldap_type) { + /* remember attribute type name */ + attr_type = ep_strdup(ldapstring); + + /* append it to the parent entry */ + proto_item_append_text(tree, " %%s", attr_type); + + /* remove the ";binary" component if present */ + if((sc = strchr(attr_type, ';')) != NULL) { + if(!strcmp(sc, ";binary")) { + *sc = '\0'; /* terminate the string */ + is_binary_attr_type = TRUE; + } + } else { + is_binary_attr_type = FALSE; + } + } if(parameter_tvb && ldapstring) @@ -338,6 +356,42 @@ ldap_conv_info_t *ldap_info; proto_item_append_text(ldm_tree, " %%s", valstr); } + + +#.FN_BODY AttributeValue + + tvbuff_t *next_tvb; + gchar *string; + guint32 i, len; + proto_item *pi; + int old_offset = offset; + + /* extract the value of the octetstring */ + offset = dissect_ber_octet_string(FALSE, pinfo, NULL, tvb, offset, hf_index, &next_tvb); + + /* if we have an attribute type that isn't binary see if there is a better dissector */ + if(!attr_type || !dissector_try_string(ldap_name_dissector_table, attr_type, next_tvb, pinfo, tree)) { + offset = old_offset; + + /* do the default thing */ + %(DEFAULT_BODY)s + + } + + len = tvb_length_remaining(next_tvb, 0); + + for(i = 0; i < len; i++) + if(!g_ascii_isprint(tvb_get_guint8(next_tvb, i))) + break; + + if(i == len) { + string = tvb_get_string(next_tvb, 0, tvb_length_remaining(next_tvb, 0)); + + pi = get_ber_last_created_item(); + + proto_item_set_text(pi, string); + + } #.FN_PARS AuthenticationChoice VAL_PTR = &branch @@ -350,7 +404,7 @@ ldap_conv_info_t *ldap_info; ldap_do_protocolop(pinfo); - if((branch > -1) && (branch < (sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0]))) + if((branch > -1) && (branch < (gint)(sizeof AuthenticationChoice_choice/sizeof AuthenticationChoice_choice[0]))) auth = AuthenticationChoice_choice[branch].value; valstr = val_to_str(auth, ldap_AuthenticationChoice_vals, "Unknown auth(%%u)"); @@ -370,7 +424,6 @@ ldap_conv_info_t *ldap_info; ldap_do_protocolop(pinfo); -#.NO_EMIT -AttributeDescription -AttributeValue - +#.NO_EMIT +AttributeType +Attribute diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c index d081e510c0..1f31cf2340 100644 --- a/asn1/ldap/packet-ldap-template.c +++ b/asn1/ldap/packet-ldap-template.c @@ -94,13 +94,16 @@ #define PSNAME "LDAP" #define PFNAME "ldap" -static dissector_handle_t ldap_handle=NULL; - /* Initialize the protocol and registered fields */ static int ldap_tap = -1; static int proto_ldap = -1; static int proto_cldap = -1; +static int hf_ldap_sasl_buffer_length = -1; +static int hf_ldap_response_in = -1; +static int hf_ldap_response_to = -1; +static int hf_ldap_time = -1; + static int hf_mscldap_netlogon_type = -1; static int hf_mscldap_netlogon_flags = -1; static int hf_mscldap_netlogon_flags_pdc = -1; @@ -126,28 +129,25 @@ static int hf_mscldap_netlogon_version = -1; static int hf_mscldap_netlogon_lm_token = -1; static int hf_mscldap_netlogon_nt_token = -1; -static int hf_ldap_sasl_buffer_length = -1; -static int hf_ldap_response_in = -1; -static int hf_ldap_response_to = -1; -static int hf_ldap_time = -1; - #include "packet-ldap-hf.c" /* Initialize the subtree pointers */ static gint ett_ldap = -1; static gint ett_ldap_msg = -1; static gint ett_ldap_sasl_blob = -1; -static gint ett_ldap_payload = -1; - +static guint ett_ldap_payload = -1; static gint ett_mscldap_netlogon_flags = -1; - #include "packet-ldap-ett.c" +static dissector_table_t ldap_name_dissector_table=NULL; + /* desegmentation of LDAP */ static gboolean ldap_desegment = TRUE; static guint ldap_tcp_port = 389; static gboolean do_protocolop = FALSE; +static gchar *attr_type = NULL; +static gboolean is_binary_attr_type = FALSE; #define TCP_PORT_LDAP 389 #define UDP_PORT_CLDAP 389 @@ -394,314 +394,8 @@ ldap_match_call_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gu return lcrp; } -static int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot) -{ - guint8 len; - - len=tvb_get_guint8(tvb, offset); - offset+=1; - *str=0; - - while(len){ - /* add potential field separation dot */ - if(prepend_dot){ - if(!maxlen){ - *str=0; - return offset; - } - maxlen--; - *str++='.'; - *str=0; - } - - if(len==0xc0){ - int new_offset; - /* ops its a mscldap compressed string */ - - new_offset=tvb_get_guint8(tvb, offset); - if (new_offset == offset - 1) - THROW(ReportedBoundsError); - offset+=1; - - dissect_mscldap_string(tvb, new_offset, str, maxlen, FALSE); - - return offset; - } - - prepend_dot=TRUE; - - if(maxlen<=len){ - if(maxlen>3){ - *str++='.'; - *str++='.'; - *str++='.'; - } - *str=0; - return offset; /* will mess up offset in caller, is unlikely */ - } - tvb_memcpy(tvb, str, offset, len); - str+=len; - *str=0; - maxlen-=len; - offset+=len; - - - len=tvb_get_guint8(tvb, offset); - offset+=1; - } - *str=0; - return offset; -} - - -/* These flag bits were found to be defined in the samba sources. - * I hope they are correct (but have serious doubts about the CLOSEST - * bit being used or being meaningful). - */ -static const true_false_string tfs_ads_pdc = { - "This is a PDC", - "This is NOT a pdc" -}; -static const true_false_string tfs_ads_gc = { - "This is a GLOBAL CATALOGUE of forest", - "This is NOT a global catalog of forest" -}; -static const true_false_string tfs_ads_ldap = { - "This is an LDAP server", - "This is NOT an ldap server" -}; -static const true_false_string tfs_ads_ds = { - "This dc supports DS", - "This dc does NOT support ds" -}; -static const true_false_string tfs_ads_kdc = { - "This is a KDC (kerberos)", - "This is NOT a kdc (kerberos)" -}; -static const true_false_string tfs_ads_timeserv = { - "This dc is running TIME SERVICES (ntp)", - "This dc is NOT running time services (ntp)" -}; -static const true_false_string tfs_ads_closest = { - "This is the CLOSEST dc (unreliable?)", - "This is NOT the closest dc" -}; -static const true_false_string tfs_ads_writable = { - "This dc is WRITABLE", - "This dc is NOT writable" -}; -static const true_false_string tfs_ads_good_timeserv = { - "This dc has a GOOD TIME SERVICE (i.e. hardware clock)", - "This dc does NOT have a good time service (i.e. no hardware clock)" -}; -static const true_false_string tfs_ads_ndnc = { - "Domain is NON-DOMAIN NC serviced by ldap server", - "Domain is NOT non-domain nc serviced by ldap server" -}; -static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset) -{ - guint32 flags; - proto_item *item; - proto_tree *tree=NULL; - - flags=tvb_get_letohl(tvb, offset); - item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE); - if(parent_tree){ - tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags); - } - - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ndnc, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_good_timeserv, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_writable, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_closest, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_timeserv, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_kdc, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ds, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_ldap, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_gc, - tvb, offset, 4, flags); - proto_tree_add_boolean(tree, hf_mscldap_netlogon_flags_pdc, - tvb, offset, 4, flags); - - offset += 4; - - return offset; -} - -static void dissect_mscldap_response_netlogon(proto_tree *tree, tvbuff_t *tvb) -{ - int old_offset, offset=0; - char str[256]; - -/*qqq*/ - - /* Type */ - /*XXX someone that knows what the type means should add that knowledge here*/ - proto_tree_add_item(tree, hf_mscldap_netlogon_type, tvb, offset, 4, TRUE); - offset += 4; - - /* Flags */ - offset = dissect_mscldap_netlogon_flags(tree, tvb, offset); - - /* Domain GUID */ - proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE); - offset += 16; - - /* Forest */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str); - - /* Domain */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str); - - /* Hostname */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str); - - /* NetBios Domain */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str); - - /* NetBios Hostname */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str); - - /* User */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str); - - /* Site */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str); - - /* Client Site */ - old_offset=offset; - offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); - proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str); - - /* Version */ - proto_tree_add_item(tree, hf_mscldap_netlogon_version, tvb, offset, 4, TRUE); - offset += 4; - - /* LM Token */ - proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, TRUE); - offset += 2; - - /* NT Token */ - proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, TRUE); - offset += 2; - -} - -static void dissect_mscldap_response(proto_tree *tree, tvbuff_t *tvb, guint32 rpc) -{ - switch(rpc){ - case MSCLDAP_RPC_NETLOGON: - dissect_mscldap_response_netlogon(tree, tvb); - break; - default: - proto_tree_add_text(tree, tvb, 0, tvb_length(tvb), - "ERROR: Unknown type of MS-CLDAP RPC call"); - } -} - -static int dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_); -static int dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_); - -static int mscldap_rpc_call=0; - #include "packet-ldap-fn.c" -static int -dissect_ldap_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { - tvbuff_t *parameter_tvb; - gchar *string; - guint32 i, len; - proto_item *pi; - ldap_conv_info_t *ldap_info; - - ldap_info=(ldap_conv_info_t *)pinfo->private_data; - /* if this is cldap then this might hold the RPC reply - */ - if(ldap_info && ldap_info->is_mscldap && mscldap_rpc_call){ - - offset = dissect_ber_octet_string(implicit_tag, pinfo, NULL, tvb, offset, hf_index, ¶meter_tvb); - dissect_mscldap_response(tree, parameter_tvb, mscldap_rpc_call); - mscldap_rpc_call=0; - - return offset; - } - - offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index, - ¶meter_tvb); - - - len = tvb_length_remaining(parameter_tvb, 0); - - for(i = 0; i < len; i++) - if(!g_ascii_isprint(tvb_get_guint8(parameter_tvb, i))) - break; - - if(i == len) { - string = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0)); - - pi = get_ber_last_created_item(); - - proto_item_set_text(pi, string); - - } - - return offset; -} - -static int -dissect_ldap_AttributeDescription(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, packet_info *pinfo _U_, proto_tree *tree, int hf_index _U_) { - tvbuff_t *parameter_tvb = NULL; - char *ldapstring=NULL; - ldap_conv_info_t *ldap_info; - - ldap_info=(ldap_conv_info_t *)pinfo->private_data; - - /* if this is cldap then this holds the name of the RPC function called - * and we have to remember it until the value is dissected. - */ - if(ldap_info && ldap_info->is_mscldap){ - mscldap_rpc_call=0; - dissect_ber_octet_string(implicit_tag, pinfo, NULL, tvb, offset, hf_index, - ¶meter_tvb); - if(parameter_tvb){ - ldapstring = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0)); - } - - if(ldapstring){ - if(!strcmp(ldapstring, "netlogon")){ - mscldap_rpc_call=MSCLDAP_RPC_NETLOGON; - } - g_free(ldapstring); - } - } - - offset = dissect_ldap_LDAPString(implicit_tag, tvb, offset, pinfo, tree, hf_index); - - return offset; -} - static void dissect_ldap_payload(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, ldap_conv_info_t *ldap_info, @@ -1168,6 +862,235 @@ dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean i } } } + +static int dissect_mscldap_string(tvbuff_t *tvb, int offset, char *str, int maxlen, gboolean prepend_dot) +{ + guint8 len; + + len=tvb_get_guint8(tvb, offset); + offset+=1; + *str=0; + + while(len){ + /* add potential field separation dot */ + if(prepend_dot){ + if(!maxlen){ + *str=0; + return offset; + } + maxlen--; + *str++='.'; + *str=0; + } + + if(len==0xc0){ + int new_offset; + /* ops its a mscldap compressed string */ + + new_offset=tvb_get_guint8(tvb, offset); + if (new_offset == offset - 1) + THROW(ReportedBoundsError); + offset+=1; + + dissect_mscldap_string(tvb, new_offset, str, maxlen, FALSE); + + return offset; + } + + prepend_dot=TRUE; + + if(maxlen<=len){ + if(maxlen>3){ + *str++='.'; + *str++='.'; + *str++='.'; + } + *str=0; + return offset; /* will mess up offset in caller, is unlikely */ + } + tvb_memcpy(tvb, str, offset, len); + str+=len; + *str=0; + maxlen-=len; + offset+=len; + + + len=tvb_get_guint8(tvb, offset); + offset+=1; + } + *str=0; + return offset; +} + +/* These flag bits were found to be defined in the samba sources. + * I hope they are correct (but have serious doubts about the CLOSEST + * bit being used or being meaningful). + */ +static const true_false_string tfs_ads_pdc = { + "This is a PDC", + "This is NOT a pdc" +}; +static const true_false_string tfs_ads_gc = { + "This is a GLOBAL CATALOGUE of forest", + "This is NOT a global catalog of forest" +}; +static const true_false_string tfs_ads_ldap = { + "This is an LDAP server", + "This is NOT an ldap server" +}; +static const true_false_string tfs_ads_ds = { + "This dc supports DS", + "This dc does NOT support ds" +}; +static const true_false_string tfs_ads_kdc = { + "This is a KDC (kerberos)", + "This is NOT a kdc (kerberos)" +}; +static const true_false_string tfs_ads_timeserv = { + "This dc is running TIME SERVICES (ntp)", + "This dc is NOT running time services (ntp)" +}; +static const true_false_string tfs_ads_closest = { + "This is the CLOSEST dc (unreliable?)", + "This is NOT the closest dc" +}; +static const true_false_string tfs_ads_writable = { + "This dc is WRITABLE", + "This dc is NOT writable" +}; +static const true_false_string tfs_ads_good_timeserv = { + "This dc has a GOOD TIME SERVICE (i.e. hardware clock)", + "This dc does NOT have a good time service (i.e. no hardware clock)" +}; +static const true_false_string tfs_ads_ndnc = { + "Domain is NON-DOMAIN NC serviced by ldap server", + "Domain is NOT non-domain nc serviced by ldap server" +}; +static int dissect_mscldap_netlogon_flags(proto_tree *parent_tree, tvbuff_t *tvb, int offset) +{ + guint32 flags; + proto_item *item; + proto_tree *tree=NULL; + guint fields[] = { hf_mscldap_netlogon_flags_ndnc, + hf_mscldap_netlogon_flags_good_timeserv, + hf_mscldap_netlogon_flags_writable, + hf_mscldap_netlogon_flags_closest, + hf_mscldap_netlogon_flags_timeserv, + hf_mscldap_netlogon_flags_kdc, + hf_mscldap_netlogon_flags_ds, + hf_mscldap_netlogon_flags_ldap, + hf_mscldap_netlogon_flags_gc, + hf_mscldap_netlogon_flags_pdc, + 0 }; + guint *field; + header_field_info *hfi; + gboolean one_bit_set = FALSE; + + flags=tvb_get_letohl(tvb, offset); + item=proto_tree_add_item(parent_tree, hf_mscldap_netlogon_flags, tvb, offset, 4, TRUE); + if(parent_tree){ + tree = proto_item_add_subtree(item, ett_mscldap_netlogon_flags); + } + + proto_item_append_text(item, " ("); + + for(field = fields; *field; field++) { + proto_tree_add_boolean(tree, *field, tvb, offset, 4, flags); + hfi = proto_registrar_get_nth(*field); + + if(flags & hfi->bitmask) { + + if(one_bit_set) + proto_item_append_text(item, ", "); + else + one_bit_set = TRUE; + + proto_item_append_text(item, hfi->name); + + } + } + + proto_item_append_text(item, ")"); + + offset += 4; + + return offset; +} + +static void dissect_NetLogon_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + int old_offset, offset=0; + char str[256]; + +/*qqq*/ + + /* Type */ + /*XXX someone that knows what the type means should add that knowledge here*/ + proto_tree_add_item(tree, hf_mscldap_netlogon_type, tvb, offset, 4, TRUE); + offset += 4; + + /* Flags */ + offset = dissect_mscldap_netlogon_flags(tree, tvb, offset); + + /* Domain GUID */ + proto_tree_add_item(tree, hf_mscldap_domain_guid, tvb, offset, 16, TRUE); + offset += 16; + + /* Forest */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_forest, tvb, old_offset, offset-old_offset, str); + + /* Domain */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_domain, tvb, old_offset, offset-old_offset, str); + + /* Hostname */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_hostname, tvb, old_offset, offset-old_offset, str); + + /* NetBios Domain */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_nb_domain, tvb, old_offset, offset-old_offset, str); + + /* NetBios Hostname */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_nb_hostname, tvb, old_offset, offset-old_offset, str); + + /* User */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_username, tvb, old_offset, offset-old_offset, str); + + /* Site */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_sitename, tvb, old_offset, offset-old_offset, str); + + /* Client Site */ + old_offset=offset; + offset=dissect_mscldap_string(tvb, offset, str, 255, FALSE); + proto_tree_add_string(tree, hf_mscldap_clientsitename, tvb, old_offset, offset-old_offset, str); + + /* Version */ + proto_tree_add_item(tree, hf_mscldap_netlogon_version, tvb, offset, 4, TRUE); + offset += 4; + + /* LM Token */ + proto_tree_add_item(tree, hf_mscldap_netlogon_lm_token, tvb, offset, 2, TRUE); + offset += 2; + + /* NT Token */ + proto_tree_add_item(tree, hf_mscldap_netlogon_nt_token, tvb, offset, 2, TRUE); + offset += 2; + +} + + static void dissect_ldap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { @@ -1203,6 +1126,23 @@ ldap_reinit(void) ldap_info_items = NULL; } + +void +register_ldap_name_dissector_handle(const char *attr_type, dissector_handle_t dissector) +{ + dissector_add_string("ldap.name", attr_type, dissector); +} + +void +register_ldap_name_dissector(const char *attr_type, dissector_t dissector, int proto) +{ + dissector_handle_t dissector_handle; + + dissector_handle=create_dissector_handle(dissector, proto); + register_ldap_name_dissector_handle(attr_type, dissector_handle); +} + + /*--- proto_register_ldap -------------------------------------------*/ void proto_register_ldap(void) { @@ -1210,6 +1150,23 @@ void proto_register_ldap(void) { static hf_register_info hf[] = { + { &hf_ldap_sasl_buffer_length, + { "SASL Buffer Length", "ldap.sasl_buffer_length", + FT_UINT32, BASE_DEC, NULL, 0x0, + "SASL Buffer Length", HFILL }}, + { &hf_ldap_response_in, + { "Response In", "ldap.response_in", + FT_FRAMENUM, BASE_DEC, NULL, 0x0, + "The response to this LDAP request is in this frame", HFILL }}, + { &hf_ldap_response_to, + { "Response To", "ldap.response_to", + FT_FRAMENUM, BASE_DEC, NULL, 0x0, + "This is a response to the LDAP request in this frame", HFILL }}, + { &hf_ldap_time, + { "Time", "ldap.time", + FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, + "The time between the Call and the Reply", HFILL }}, + { &hf_mscldap_netlogon_type, { "Type", "mscldap.netlogon.type", FT_UINT32, BASE_DEC, NULL, 0x0, @@ -1320,33 +1277,15 @@ void proto_register_ldap(void) { { "NDNC", "mscldap.netlogon.flags.ndnc", FT_BOOLEAN, 32, TFS(&tfs_ads_ndnc), 0x00000400, "Is this an NDNC dc?", HFILL }}, - - { &hf_ldap_sasl_buffer_length, - { "SASL Buffer Length", "ldap.sasl_buffer_length", - FT_UINT32, BASE_DEC, NULL, 0x0, - "SASL Buffer Length", HFILL }}, - { &hf_ldap_response_in, - { "Response In", "ldap.response_in", - FT_FRAMENUM, BASE_DEC, NULL, 0x0, - "The response to this LDAP request is in this frame", HFILL }}, - { &hf_ldap_response_to, - { "Response To", "ldap.response_to", - FT_FRAMENUM, BASE_DEC, NULL, 0x0, - "This is a response to the LDAP request in this frame", HFILL }}, - { &hf_ldap_time, - { "Time", "ldap.time", - FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, - "The time between the Call and the Reply", HFILL }}, - #include "packet-ldap-hfarr.c" }; /* List of subtrees */ static gint *ett[] = { - &ett_ldap, - &ett_ldap_payload, + &ett_ldap, + &ett_ldap_payload, &ett_ldap_sasl_blob, - &ett_ldap_msg, + &ett_ldap_msg, &ett_mscldap_netlogon_flags, #include "packet-ldap-ettarr.c" @@ -1381,6 +1320,9 @@ void proto_register_ldap(void) { register_init_routine(ldap_reinit); ldap_tap=register_tap("ldap"); + ldap_name_dissector_table = register_dissector_table("ldap.name", "LDAP Attribute Type Dissectors", FT_STRING, BASE_NONE); + + } @@ -1422,6 +1364,7 @@ proto_reg_handoff_ldap(void) register_ber_oid_name("1.3.6.1.4.1.1466.20037","LDAP_START_TLS_OID"); register_ber_oid_name("2.16.840.1.113730.3.4.9","LDAP_CONTROL_VLVREQUEST VLV"); + register_ldap_name_dissector("netlogon", dissect_NetLogon_PDU, proto_cldap); } diff --git a/asn1/ldap/packet-ldap-template.h b/asn1/ldap/packet-ldap-template.h index e36d27e4fe..de6465e2ec 100644 --- a/asn1/ldap/packet-ldap-template.h +++ b/asn1/ldap/packet-ldap-template.h @@ -26,6 +26,8 @@ #ifndef __PACKET_LDAP_H__ #define __PACKET_LDAP_H__ +# include <epan/packet.h> /* for dissector_*_t types */ + /* * These are all APPLICATION types; the value is the type tag. */ @@ -86,6 +88,8 @@ typedef struct ldap_call_response { guint protocolOpTag; } ldap_call_response_t; +void register_ldap_name_dissector_handle(const char *attr_type, dissector_handle_t dissector); +void register_ldap_name_dissector(const char *attr_type, dissector_t dissector, int proto); /*#include "packet-ldap-exp.h" */ diff --git a/asn1/x509af/packet-x509af-template.c b/asn1/x509af/packet-x509af-template.c index 365778cf6f..bcb4955c7a 100644 --- a/asn1/x509af/packet-x509af-template.c +++ b/asn1/x509af/packet-x509af-template.c @@ -39,6 +39,7 @@ #include "packet-x509ce.h" #include "packet-x509if.h" #include "packet-x509sat.h" +#include "packet-ldap.h" #define PNAME "X.509 Authentication Framework" #define PSNAME "X509AF" @@ -95,11 +96,11 @@ void proto_register_x509af(void) { static hf_register_info hf[] = { { &hf_x509af_algorithm_id, { "Algorithm Id", "x509af.algorithm.id", - FT_STRING, BASE_NONE, NULL, 0, + FT_OID, BASE_NONE, NULL, 0, "Algorithm Id", HFILL }}, { &hf_x509af_extension_id, { "Extension Id", "x509af.extension.id", - FT_STRING, BASE_NONE, NULL, 0, + FT_OID, BASE_NONE, NULL, 0, "Extension Id", HFILL }}, #include "packet-x509af-hfarr.c" }; @@ -154,5 +155,19 @@ void proto_reg_handoff_x509af(void) { register_ber_oid_dissector("1.3.14.3.2.24", dissect_ber_oid_NULL_callback, proto_x509af, "md2WithRSASignature"); register_ber_oid_dissector("1.3.14.3.2.25", dissect_ber_oid_NULL_callback, proto_x509af, "md5WithRSASignature"); register_ber_oid_dissector("1.3.14.3.2.26", dissect_ber_oid_NULL_callback, proto_x509af, "SHA-1"); + + /* these will generally be encoded as ";binary" in LDAP */ + + register_ldap_name_dissector("cACertificate", dissect_Certificate_PDU, proto_x509af); + register_ldap_name_dissector("certificate", dissect_Certificate_PDU, proto_x509af); + + register_ldap_name_dissector("certificateRevocationList", dissect_CertificateList_PDU, proto_x509af); + register_ldap_name_dissector("crl", dissect_CertificateList_PDU, proto_x509af); + + register_ldap_name_dissector("authorityRevocationList", dissect_CertificateList_PDU, proto_x509af); + register_ldap_name_dissector("arl", dissect_CertificateList_PDU, proto_x509af); + + register_ldap_name_dissector("crossCertificatePair", dissect_CertificatePair_PDU, proto_x509af); + } |