diff options
author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2006-11-04 09:14:54 +0000 |
---|---|---|
committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2006-11-04 09:14:54 +0000 |
commit | e15d91a592f122d4a17b9f324281abe634bb7e06 (patch) | |
tree | 20d43189d3193f41c10af44b02d475a065c764ba /asn1 | |
parent | 350cd176c21f9a4a23ed0ea0245d5ca227bedf2a (diff) |
General updates to:
*) Remove maximum LDAP PDU size check - they can get large with either large attributes (e.g. CRLs, SPIFs) or with lots of results (see http://www.wireshark.org/lists/wireshark-users/200610/msg00197.html). The max size preference is also removed.
*) Support for dissecting LDAP controls including server side sorting and paged results. A new BER function is introduced to see if there is a dissector for a given OID.
*) Remove reference to removed BER preference in the LDAP reassembly preference.
*) Mark a LDAPURL as a URL
svn path=/trunk/; revision=19792
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn | 51 | ||||
-rw-r--r-- | asn1/ldap/ldap.cnf | 47 | ||||
-rw-r--r-- | asn1/ldap/packet-ldap-template.c | 17 |
3 files changed, 101 insertions, 14 deletions
diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn index 5afe6ff4f2..b993335258 100644 --- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn +++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn @@ -113,7 +113,7 @@ LDAPResult ::= SEQUENCE { Referral ::= SEQUENCE OF LDAPURL -LDAPURL ::= LDAPString -- limited to characters permitted in URLs +LDAPURL ::= OCTET STRING -- LDAPString - - limited to characters permitted in URLs Controls ::= SEQUENCE OF Control @@ -366,6 +366,55 @@ ExtendedResponse ::= [APPLICATION 24] SEQUENCE { ResponseName ::= LDAPOID +-- RFC 2696 - Simple Paged Results Manipulation + +SearchControlValue ::= SEQUENCE { + size INTEGER --(0..maxInt)--, + -- requested page size from client + -- result set size estimate from server + cookie OCTET STRING +} + +-- RFC 2891 - Server Side Sorting of Search Results + +SortKeyList ::= SEQUENCE OF SEQUENCE { + attributeType AttributeDescription, + orderingRule [0] MatchingRuleId OPTIONAL, + reverseOrder [1] BOOLEAN DEFAULT FALSE } + +SortResult ::= SEQUENCE { + sortResult ENUMERATED { + success (0), -- results are sorted + operationsError (1), -- server internal failure + timeLimitExceeded (3), -- timelimit reached before + -- sorting was completed + strongAuthRequired (8), -- refused to return sorted + -- results via insecure + -- protocol + adminLimitExceeded (11), -- too many matching entries + -- for the server to sort + noSuchAttribute (16), -- unrecognized attribute + -- type in sort key + inappropriateMatching (18), -- unrecognized or + -- inappropriate matching + -- rule in sort key + insufficientAccessRights (50), -- refused to return sorted + -- results to this client + busy (51), -- too busy to process + unwillingToPerform (53), -- unable to sort + other (80) + }, + attributeType [0] AttributeDescription OPTIONAL } + + +-- Draft RFC - but used in some implementations + +ReplControlValue ::= SEQUENCE { + parentsFirst INTEGER, + maxReturnLength INTEGER, + cookie OCTET STRING +} + END -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf index 33805a0aed..749658af98 100644 --- a/asn1/ldap/ldap.cnf +++ b/asn1/ldap/ldap.cnf @@ -28,6 +28,15 @@ LDAPOID TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL AssertionValue TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL +#.REGISTER +SearchControlValue B "1.2.840.113556.1.4.319" "pagedResultsControl" +SortKeyList B "1.2.840.113556.1.4.473" "sortKeyList" +SortResult B "1.2.840.113556.1.4.474" "sortResult" +ReplControlValue B "1.2.840.113556.1.4.841" "replControlValue" + +#.FN_FTR LDAPURL + PROTO_ITEM_SET_URL(get_ber_last_created_item()); + #.FN_PARS LDAPOID VAL_PTR = ¶meter_tvb #.FN_HDR LDAPOID @@ -35,13 +44,19 @@ AssertionValue TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL const gchar *name; proto_item *item = NULL; - #.FN_FTR LDAPOID + + object_identifier_id = NULL; + if (!parameter_tvb) return offset; - item = get_ber_last_created_item(); - name = get_oid_str_name(tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0))); + + object_identifier_id = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0)); + name = get_oid_str_name(object_identifier_id); + if(name){ + item = get_ber_last_created_item(); + proto_item_append_text(item, " (%s)", name); proto_item_append_text(tree, " %s", name); } @@ -253,12 +268,19 @@ ldap_conv_info_t *ldap_info; ldapstring = "<ROOT>"; if(hf_index == hf_ldap_baseObject) { - /* this is search - but it on the scanline */ + /* this is search - put it on the scanline */ if(check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring); if(ldm_tree) proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring); + + + if(!parameter_tvb) { + + proto_item_append_text(ber_last_created_item, " (%%s)", ldapstring); + } + } else if ((hf_index == hf_ldap_errorMessage) && result) { /* only show message if not success */ if(check_col(pinfo->cinfo, COL_INFO)) col_append_fstr(pinfo->cinfo, COL_INFO, "(%%s) ", ldapstring); @@ -617,6 +639,23 @@ ldap_conv_info_t *ldap_info; } return offset; +#.FN_BODY Control/controlValue + gint8 class; + gboolean pc, ind; + gint32 tag; + guint32 len; + + if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { + /* remove the OCTET STRING encoding */ + offset=dissect_ber_identifier(pinfo, NULL, tvb, offset, &class, &pc, &tag); + offset=dissect_ber_length(pinfo, NULL, tvb, offset, &len, &ind); + + call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree); + + offset += len; + } else { + %(DEFAULT_BODY)s + } #.NO_EMIT AttributeType diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c index 8089774937..aab1769931 100644 --- a/asn1/ldap/packet-ldap-template.c +++ b/asn1/ldap/packet-ldap-template.c @@ -157,11 +157,11 @@ static gint ett_mscldap_netlogon_flags = -1; #include "packet-ldap-ett.c" static dissector_table_t ldap_name_dissector_table=NULL; +static const char *object_identifier_id = NULL; /* LDAP OID */ /* desegmentation of LDAP */ static gboolean ldap_desegment = TRUE; static guint ldap_tcp_port = 389; -static guint ldap_max_pdu_size = 65535; static gboolean do_protocolop = FALSE; static gchar *attr_type = NULL; @@ -1332,8 +1332,7 @@ dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) */ sasl_len=tvb_get_ntohl(tvb, 0); - if( (sasl_len>ldap_max_pdu_size) - || (sasl_len<2) ){ + if( sasl_len<2 ){ goto this_was_not_sasl; } @@ -1367,7 +1366,7 @@ this_was_not_sasl: offset=get_ber_length(NULL, tvb, 1, &ldap_len, &ind); /* dont check ind since indefinite length is never used for ldap (famous last words)*/ - if(ldap_len<2 || ldap_len>ldap_max_pdu_size){ + if(ldap_len<2){ goto this_was_not_normal_ldap; } @@ -1623,17 +1622,13 @@ void proto_register_ldap(void) { prefs_register_bool_preference(ldap_module, "desegment_ldap_messages", "Reassemble LDAP messages spanning multiple TCP segments", "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments." - " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings, and disable \"Verify length\" in the BER protocol settings", + "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", &ldap_desegment); prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port", "Set the port for LDAP operations", 10, &ldap_tcp_port); - prefs_register_uint_preference(ldap_module, "max_pdu", "LDAP Maximum PDU Size", - "The maximum LDAP PDU size. PDUs larger than this will be considered invalid.", - 10, &ldap_max_pdu_size); - proto_cldap = proto_register_protocol( "Connectionless Lightweight Directory Access Protocol", "CLDAP", "cldap"); @@ -1699,6 +1694,10 @@ proto_reg_handoff_ldap(void) register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap); register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap); register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap); + +#include "packet-ldap-dis-tab.c" + + } |