diff options
author | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2008-01-26 10:12:22 +0000 |
---|---|---|
committer | Graeme Lunt <graeme.lunt@smhs.co.uk> | 2008-01-26 10:12:22 +0000 |
commit | fcef5823db5c3c1b0243d3712302976bcc63bfd2 (patch) | |
tree | cee8a454b911e2ef60165b4027d9989e49d30cc6 /asn1 | |
parent | b3e2ef167bccc6fa982dbe6cadd450faa2b9c51c (diff) |
1) Support for configurable LDAP over SSL port
2) Support for RFC 3909 - cancelRequest extendedOperation
3) Support for RFC 3062 - passwordModify extendedOperation
4) Column information for ExtendedRequest, SearchResultRef and AbandonRequest
5) Column information for multiple LDAP operations in the same packet (uses " | " separator)
svn path=/trunk/; revision=24195
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn | 34 | ||||
-rw-r--r-- | asn1/ldap/ldap.cnf | 95 | ||||
-rw-r--r-- | asn1/ldap/packet-ldap-template.c | 74 |
3 files changed, 158 insertions, 45 deletions
diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn index 311bdf1677..df32b030dc 100644 --- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn +++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn @@ -106,7 +106,9 @@ LDAPResult ::= SEQUENCE { -- 70 reserved for CLDAP affectsMultipleDSAs(71),-- new-- -- 72-79 unused - other(80)}, + other(80), + canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909 + }, -- 81-90 reserved for APIs matchedDN LDAPDN, errorMessage ErrorMessage, @@ -198,7 +200,9 @@ BindResponse ::= [APPLICATION 1] SEQUENCE { -- 70 reserved for CLDAP affectsMultipleDSAs(71),-- new-- -- 72-79 unused - other(80)}, + other(80), + canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909 + }, -- 81-90 reserved for APIs matchedDN LDAPDN, errorMessage ErrorMessage, @@ -356,7 +360,9 @@ ExtendedResponse ::= [APPLICATION 24] SEQUENCE { -- 70 reserved for CLDAP affectsMultipleDSAs(71),-- new-- -- 72-79 unused - other(80)}, + other(80), + canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909 + }, -- 81-90 reserved for APIs matchedDN LDAPDN, errorMessage ErrorMessage, @@ -417,6 +423,28 @@ ReplControlValue ::= SEQUENCE { cookie OCTET STRING } +-- RFC 3062 + +--passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1 + +PasswdModifyRequestValue ::= SEQUENCE { + userIdentity [0] OCTET STRING OPTIONAL, + oldPasswd [1] OCTET STRING OPTIONAL, + newPasswd [2] OCTET STRING OPTIONAL +} + +PasswdModifyResponseValue ::= SEQUENCE { + genPasswd [0] OCTET STRING OPTIONAL +} + +-- RFC 3909 + +--cancelRequestOID OBJECT IDENTIFIER ::= 1.3.6.1.1.8 + +CancelRequestValue ::= SEQUENCE { + cancelID MessageID +} + END -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf index 58cc1b0a9b..fc79450311 100644 --- a/asn1/ldap/ldap.cnf +++ b/asn1/ldap/ldap.cnf @@ -30,10 +30,14 @@ Mechanism TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL AssertionValue TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL #.REGISTER -SearchControlValue B "1.2.840.113556.1.4.319" "pagedResultsControl" +SearchControlValue B "1.2.840.113556.1.4.319" "pagedResultsControl" SortKeyList B "1.2.840.113556.1.4.473" "sortKeyList" SortResult B "1.2.840.113556.1.4.474" "sortResult" -ReplControlValue B "1.2.840.113556.1.4.841" "replControlValue" +ReplControlValue B "1.2.840.113556.1.4.841" "replControlValue" +#RFC 3062 +PasswdModifyRequestValue B "1.3.6.1.4.1.4203.1.11.1" "passwdModifyOID" +#RFC 3909 +CancelRequestValue B "1.3.6.1.1.8" "cancelRequstOID" #.FN_FTR LDAPURL PROTO_ITEM_SET_URL(actx->created_item); @@ -316,7 +320,7 @@ ldap_conv_info_t *ldap_info; #.FN_BODY LDAPString VAL_PTR = ¶meter_tvb tvbuff_t *parameter_tvb = NULL; - char *ldapstring; + char *ldapstring = NULL; gchar *sc = NULL; /* semi-colon pointer */ %(DEFAULT_BODY)s @@ -327,14 +331,15 @@ ldap_conv_info_t *ldap_info; if(parameter_tvb) ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0)); - else - ldapstring = "<ROOT>"; if(hf_index == hf_ldap_baseObject) { /* this is search - put it on the scanline */ + if(!ldapstring || !*ldapstring) + ldapstring = "<ROOT>"; + if(check_col(actx->pinfo->cinfo, COL_INFO)) col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring); - + if(ldm_tree) proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring); @@ -344,13 +349,22 @@ ldap_conv_info_t *ldap_info; proto_item_append_text(actx->created_item, " (%%s)", ldapstring); } - } else if ((hf_index == hf_ldap_errorMessage) && result) { /* only show message if not success */ + } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */ if(check_col(actx->pinfo->cinfo, COL_INFO)) col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%%s) ", ldapstring); if(ldm_tree) proto_item_append_text(ldm_tree, " (%%s)", ldapstring); - } else if (hf_index == hf_ldap_objectName) { + + } else if ((hf_index == hf_ldap_objectName) || + (hf_index == hf_ldap_name) || + (hf_index == hf_ldap_entry) || + (hf_index == hf_ldap_object) || + (hf_index == hf_ldap_delRequest) ) { + + if(!ldapstring || !*ldapstring) + ldapstring = "<ROOT>"; + if(check_col(actx->pinfo->cinfo, COL_INFO)) col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring); @@ -420,17 +434,14 @@ ldap_conv_info_t *ldap_info; ldap_do_protocolop(actx->pinfo); - if(result) { - - valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)"); + valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)"); - if (check_col(actx->pinfo->cinfo, COL_INFO)) - col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr); + if (check_col(actx->pinfo->cinfo, COL_INFO)) + col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr); - if(ldm_tree) - proto_item_append_text(ldm_tree, " %%s", valstr); + if(ldm_tree) + proto_item_append_text(ldm_tree, " %%s", valstr); - } #.FN_BODY BindResponse/_untag/resultCode VAL_PTR = &result @@ -440,17 +451,13 @@ ldap_conv_info_t *ldap_info; ldap_do_protocolop(actx->pinfo); - if(result) { - - valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)"); - - if (check_col(actx->pinfo->cinfo, COL_INFO)) - col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr); + valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)"); - if(ldm_tree) - proto_item_append_text(ldm_tree, " %%s", valstr); + if (check_col(actx->pinfo->cinfo, COL_INFO)) + col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr); - } + if(ldm_tree) + proto_item_append_text(ldm_tree, " %%s", valstr); #.FN_BODY AttributeValue @@ -563,8 +570,10 @@ ldap_conv_info_t *ldap_info; %(DEFAULT_BODY)s - proto_item_append_text(it, "%%s", and_filter_string); - Filter_string=ep_strdup_printf("%%s",and_filter_string); + if(and_filter_string) { + proto_item_append_text(it, "%%s", and_filter_string); + Filter_string=ep_strdup_printf("%%s",and_filter_string); + } and_filter_string=old_and_filter_string; #.FN_FTR Filter/or/_item @@ -587,8 +596,10 @@ ldap_conv_info_t *ldap_info; tree = tr; } %(DEFAULT_BODY)s - proto_item_append_text(it, "%%s", or_filter_string); - Filter_string=ep_strdup_printf("%%s",or_filter_string); + if(or_filter_string) { + proto_item_append_text(it, "%%s", or_filter_string); + Filter_string=ep_strdup_printf("%%s",or_filter_string); + } or_filter_string=old_or_filter_string; #.FN_FTR Filter/present @@ -663,7 +674,8 @@ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &v tree = tr; } %(DEFAULT_BODY)s - proto_item_append_text(it, "%%s", Filter_string); + if(Filter_string) + proto_item_append_text(it, "%%s", Filter_string); #.FN_BODY AuthenticationChoice/ntlmsspNegotiate /* make sure the protocol op comes first */ @@ -713,6 +725,29 @@ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &v %(DEFAULT_BODY)s } + +#.FN_BODY ExtendedRequest/_untag/requestValue + + if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) { + offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + } else { + %(DEFAULT_BODY)s + } + +#.FN_BODY SearchResultReference + + %(DEFAULT_BODY)s + + ldap_do_protocolop(actx->pinfo); + + +#.FN_BODY AbandonRequest + + %(DEFAULT_BODY)s + + ldap_do_protocolop(actx->pinfo); + + #.NO_EMIT AttributeType Attribute diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c index 147c1b89b2..3bedd544f7 100644 --- a/asn1/ldap/packet-ldap-template.c +++ b/asn1/ldap/packet-ldap-template.c @@ -161,18 +161,23 @@ static gint ett_mscldap_netlogon_flags = -1; static dissector_table_t ldap_name_dissector_table=NULL; static const char *object_identifier_id = NULL; /* LDAP OID */ -/* desegmentation of LDAP */ -static gboolean ldap_desegment = TRUE; -static guint ldap_tcp_port = 389; - static gboolean do_protocolop = FALSE; static gchar *attr_type = NULL; static gboolean is_binary_attr_type = FALSE; +static guint32 last_frame_seen = 0; #define TCP_PORT_LDAP 389 +#define TCP_PORT_LDAPS 636 #define UDP_PORT_CLDAP 389 #define TCP_PORT_GLOBALCAT_LDAP 3268 /* Windows 2000 Global Catalog */ +/* desegmentation of LDAP */ +static gboolean ldap_desegment = TRUE; +static guint global_ldap_tcp_port = TCP_PORT_LDAP; +static guint global_ldaps_tcp_port = TCP_PORT_LDAPS; +static guint tcp_port = 0; +static guint ssl_port = 0; + static dissector_handle_t gssapi_handle = NULL; static dissector_handle_t gssapi_wrap_handle = NULL; static dissector_handle_t ntlmssp_handle = NULL; @@ -180,6 +185,9 @@ static dissector_handle_t spnego_handle = NULL; static dissector_handle_t ssl_handle = NULL; static dissector_handle_t ldap_handle = NULL; +void prefs_register_ldap(void); /* forward declaration for use in preferences registration */ + + /* different types of rpc calls ontop of ms cldap */ #define MSCLDAP_RPC_NETLOGON 1 @@ -733,7 +741,17 @@ dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean i * Info column. */ if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto); - if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO); + + if(last_frame_seen == pinfo->fd->num) { + /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */ + if (check_col(pinfo->cinfo, COL_INFO)) { + col_append_str(pinfo->cinfo, COL_INFO, "| "); + col_set_fence(pinfo->cinfo, COL_INFO); + } + } else + if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO); + + last_frame_seen = pinfo->fd->num; ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, FALSE); ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap); @@ -1423,8 +1441,8 @@ this_was_not_normal_ldap: guint32 old_start_tls_frame; /* temporarily dissect this port as SSL */ - dissector_delete("tcp.port", ldap_tcp_port, ldap_handle); - ssl_dissector_add(ldap_tcp_port, "ldap", TRUE); + dissector_delete("tcp.port", tcp_port, ldap_handle); + ssl_dissector_add(tcp_port, "ldap", TRUE); old_start_tls_frame = ldap_info->start_tls_frame; ldap_info->start_tls_frame = 0; /* make sure we don't call SSL again */ @@ -1433,10 +1451,10 @@ this_was_not_normal_ldap: offset = call_dissector(ssl_handle, tvb, pinfo, tree); ldap_info->start_tls_frame = old_start_tls_frame; - ssl_dissector_delete(ldap_tcp_port, "ldap", TRUE); + ssl_dissector_delete(tcp_port, "ldap", TRUE); /* restore ldap as the dissector for this port */ - dissector_add("tcp.port", ldap_tcp_port, ldap_handle); + dissector_add("tcp.port", tcp_port, ldap_handle); /* we are done */ return; @@ -1471,6 +1489,7 @@ ldap_reinit(void) } ldap_info_items = NULL; + last_frame_seen = 0; } @@ -1685,7 +1704,7 @@ void proto_register_ldap(void) { register_dissector("ldap", dissect_ldap_tcp, proto_ldap); - ldap_module = prefs_register_protocol(proto_ldap, NULL); + ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap); prefs_register_bool_preference(ldap_module, "desegment_ldap_messages", "Reassemble LDAP messages spanning multiple TCP segments", "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments." @@ -1694,7 +1713,11 @@ void proto_register_ldap(void) { prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port", "Set the port for LDAP operations", - 10, &ldap_tcp_port); + 10, &global_ldap_tcp_port); + + prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port", + "Set the port for LDAP operations over SSL", + 10, &global_ldaps_tcp_port); prefs_register_obsolete_preference(ldap_module, "max_pdu"); @@ -1717,9 +1740,11 @@ proto_reg_handoff_ldap(void) dissector_handle_t cldap_handle; ldap_handle = create_dissector_handle(dissect_ldap_tcp, proto_ldap); - dissector_add("tcp.port", ldap_tcp_port, ldap_handle); + dissector_add("tcp.port", global_ldap_tcp_port, ldap_handle); dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle); + ssl_dissector_add(global_ldaps_tcp_port, "ldap", TRUE); + cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap); dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle); @@ -1781,4 +1806,29 @@ proto_reg_handoff_ldap(void) } +void prefs_register_ldap(void) { + + if(tcp_port != global_ldap_tcp_port) { + if(tcp_port) + dissector_delete("tcp.port", tcp_port, ldap_handle); + + /* Set our port number for future use */ + tcp_port = global_ldap_tcp_port; + + if(tcp_port) + dissector_add("tcp.port", tcp_port, ldap_handle); + + } + if(ssl_port != global_ldaps_tcp_port) { + if(ssl_port) + ssl_dissector_delete(ssl_port, "ldap", TRUE); + + /* Set our port number for future use */ + ssl_port = global_ldaps_tcp_port; + + if(ssl_port) + ssl_dissector_add(ssl_port, "ldap", TRUE); + } + +} |