General updates to:

*) Remove maximum LDAP PDU size check - they can get large with either large attributes (e.g. CRLs, SPIFs) or with lots of results (see http://www.wireshark.org/lists/wireshark-users/200610/msg00197.html). The max size preference is also removed. *) Support for dissecting LDAP controls including server side sorting and paged results. A new BER function is introduced to see if there is a dissector for a given OID. *) Remove reference to removed BER preference in the LDAP reassembly preference. *) Mark a LDAPURL as a URL svn path=/trunk/; revision=19792
author: Graeme Lunt <graeme.lunt@smhs.co.uk> 2006-11-04 09:14:54 +0000
committer: Graeme Lunt <graeme.lunt@smhs.co.uk> 2006-11-04 09:14:54 +0000
commit: e15d91a592f122d4a17b9f324281abe634bb7e06 (patch)
tree: 20d43189d3193f41c10af44b02d475a065c764ba /asn1
parent: 350cd176c21f9a4a23ed0ea0245d5ca227bedf2a (diff)
3 files changed, 101 insertions, 14 deletions
diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
index 5afe6ff4f2..b993335258 100644
--- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
+++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
@@ -113,7 +113,7 @@ LDAPResult ::= SEQUENCE {
 
 Referral ::= SEQUENCE OF LDAPURL
 
-LDAPURL ::= LDAPString -- limited to characters permitted in URLs
+LDAPURL ::= OCTET STRING -- LDAPString - - limited to characters permitted in URLs
 
 Controls ::= SEQUENCE OF Control
 
@@ -366,6 +366,55 @@ ExtendedResponse ::= [APPLICATION 24]  SEQUENCE {
 
 ResponseName ::= LDAPOID
 
+-- RFC 2696 - Simple Paged Results Manipulation
+
+SearchControlValue ::= SEQUENCE {
+  size	INTEGER --(0..maxInt)--,
+                -- requested page size from client
+                -- result set size estimate from server
+  cookie OCTET STRING
+}
+
+-- RFC 2891 - Server Side Sorting of Search Results
+
+SortKeyList ::= SEQUENCE OF SEQUENCE {
+  attributeType   AttributeDescription,
+  orderingRule    [0] MatchingRuleId OPTIONAL,
+  reverseOrder    [1] BOOLEAN DEFAULT FALSE }
+
+SortResult ::= SEQUENCE {
+  sortResult  ENUMERATED {
+    success                   (0), -- results are sorted
+    operationsError           (1), -- server internal failure
+    timeLimitExceeded         (3), -- timelimit reached before
+    -- sorting was completed
+    strongAuthRequired        (8), -- refused to return sorted
+    -- results via insecure
+    -- protocol
+    adminLimitExceeded       (11), -- too many matching entries
+    -- for the server to sort
+    noSuchAttribute          (16), -- unrecognized attribute
+    -- type in sort key
+    inappropriateMatching    (18), -- unrecognized or
+    -- inappropriate matching
+    -- rule in sort key
+    insufficientAccessRights (50), -- refused to return sorted
+    -- results to this client
+    busy                     (51), -- too busy to process
+    unwillingToPerform       (53), -- unable to sort
+    other                    (80)
+  },
+  attributeType [0] AttributeDescription OPTIONAL }
+
+
+-- Draft RFC - but used in some implementations
+
+ReplControlValue ::= SEQUENCE {
+  parentsFirst  	INTEGER,
+  maxReturnLength	INTEGER,
+  cookie		OCTET STRING
+}
+
 END
 
 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf
index 33805a0aed..749658af98 100644
--- a/asn1/ldap/ldap.cnf
+++ b/asn1/ldap/ldap.cnf
@@ -28,6 +28,15 @@ LDAPOID  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
 Mechanism  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
 AssertionValue TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
 
+#.REGISTER
+SearchControlValue 	B "1.2.840.113556.1.4.319" "pagedResultsControl"
+SortKeyList	   	B "1.2.840.113556.1.4.473" "sortKeyList"
+SortResult		B "1.2.840.113556.1.4.474" "sortResult"
+ReplControlValue	B "1.2.840.113556.1.4.841" "replControlValue"
+
+#.FN_FTR LDAPURL
+	PROTO_ITEM_SET_URL(get_ber_last_created_item());
+
 #.FN_PARS LDAPOID VAL_PTR = &parameter_tvb
 #.FN_HDR LDAPOID
 
@@ -35,13 +44,19 @@ AssertionValue TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
 	const gchar *name;
 	proto_item	*item = NULL;
 
-
 #.FN_FTR LDAPOID
+	
+	object_identifier_id = NULL;
+
 	if (!parameter_tvb)
 		return offset;
-	item = get_ber_last_created_item();
-	name = get_oid_str_name(tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0)));
+
+	object_identifier_id = tvb_get_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb,0));
+	name = get_oid_str_name(object_identifier_id);
+
 	if(name){
+		item = get_ber_last_created_item();
+
 		proto_item_append_text(item, " (%s)", name);
 		proto_item_append_text(tree, " %s", name);	
 	}
@@ -253,12 +268,19 @@ ldap_conv_info_t *ldap_info;
         ldapstring = "<ROOT>";
 
      if(hf_index == hf_ldap_baseObject) {
-  	/* this is search - but it on the scanline */
+  	/* this is search - put it on the scanline */
 	if(check_col(pinfo->cinfo, COL_INFO)) 
 	  col_append_fstr(pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring);
   
   	if(ldm_tree)
   	  proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring); 
+
+
+	if(!parameter_tvb) {
+
+	  proto_item_append_text(ber_last_created_item, " (%%s)", ldapstring); 
+	}
+
      } else if ((hf_index == hf_ldap_errorMessage) && result) { /* only show message if not success */
 	if(check_col(pinfo->cinfo, COL_INFO)) 
           col_append_fstr(pinfo->cinfo, COL_INFO, "(%%s) ", ldapstring);     
@@ -617,6 +639,23 @@ ldap_conv_info_t *ldap_info;
 	}
 	return offset;
 
+#.FN_BODY Control/controlValue
+	gint8 class;
+	gboolean pc, ind;
+	gint32 tag;
+	guint32 len;
+	
+	if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
+		/* remove the OCTET STRING encoding */		
+		offset=dissect_ber_identifier(pinfo, NULL, tvb, offset, &class, &pc, &tag);
+		offset=dissect_ber_length(pinfo, NULL, tvb, offset, &len, &ind);
+
+		call_ber_oid_callback(object_identifier_id, tvb, offset, pinfo, tree);
+
+		offset += len;
+	} else {
+		%(DEFAULT_BODY)s
+	}
 
 #.NO_EMIT
 AttributeType
diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c
index 8089774937..aab1769931 100644
--- a/asn1/ldap/packet-ldap-template.c
+++ b/asn1/ldap/packet-ldap-template.c
@@ -157,11 +157,11 @@ static gint ett_mscldap_netlogon_flags = -1;
 #include "packet-ldap-ett.c"
 
 static dissector_table_t ldap_name_dissector_table=NULL;
+static const char *object_identifier_id = NULL; /* LDAP OID */
 
 /* desegmentation of LDAP */
 static gboolean ldap_desegment = TRUE;
 static guint    ldap_tcp_port = 389;
-static guint    ldap_max_pdu_size = 65535;
 
 static gboolean do_protocolop = FALSE;
 static gchar    *attr_type = NULL;
@@ -1332,8 +1332,7 @@ dissect_ldap_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 	 */
 	sasl_len=tvb_get_ntohl(tvb, 0);
  
-	if( (sasl_len>ldap_max_pdu_size) 
-	||  (sasl_len<2) ){
+	if( sasl_len<2 ){
 		goto this_was_not_sasl;
 	}
 
@@ -1367,7 +1366,7 @@ this_was_not_sasl:
 	offset=get_ber_length(NULL, tvb, 1, &ldap_len, &ind);
 
 	/* dont check ind since indefinite length is never used for ldap (famous last words)*/
-	if(ldap_len<2 || ldap_len>ldap_max_pdu_size){
+	if(ldap_len<2){
 		goto this_was_not_normal_ldap;
 	}
 
@@ -1623,17 +1622,13 @@ void proto_register_ldap(void) {
   prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
     "Reassemble LDAP messages spanning multiple TCP segments",
     "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
-    " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings, and disable \"Verify length\" in the BER protocol settings",
+    "To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
     &ldap_desegment);
 
   prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
 				 "Set the port for LDAP operations",
 				 10, &ldap_tcp_port);
 
-  prefs_register_uint_preference(ldap_module, "max_pdu", "LDAP Maximum PDU Size",
-				 "The maximum LDAP PDU size. PDUs larger than this will be considered invalid.",
-				 10, &ldap_max_pdu_size);
-
   proto_cldap = proto_register_protocol(
 	  "Connectionless Lightweight Directory Access Protocol",
 	  "CLDAP", "cldap");
@@ -1699,6 +1694,10 @@ proto_reg_handoff_ldap(void)
 	register_ldap_name_dissector("supportedCapabilities", dissect_ldap_oid, proto_ldap);
 	register_ldap_name_dissector("objectSid", dissect_ldap_sid, proto_ldap);
 	register_ldap_name_dissector("nTSecurityDescriptor", dissect_ldap_nt_sec_desc, proto_ldap);
+
+#include "packet-ldap-dis-tab.c"
+	
+
 }
author	Graeme Lunt <graeme.lunt@smhs.co.uk>	2006-11-04 09:14:54 +0000
committer	Graeme Lunt <graeme.lunt@smhs.co.uk>	2006-11-04 09:14:54 +0000
commit	e15d91a592f122d4a17b9f324281abe634bb7e06 (patch)
tree	20d43189d3193f41c10af44b02d475a065c764ba /asn1
parent	350cd176c21f9a4a23ed0ea0245d5ca227bedf2a (diff)