1) Support for configurable LDAP over SSL port

2) Support for RFC 3909 - cancelRequest extendedOperation
3) Support for RFC 3062 - passwordModify extendedOperation
4) Column information for ExtendedRequest, SearchResultRef and AbandonRequest
5) Column information for multiple LDAP operations in the same packet (uses " | " separator)


svn path=/trunk/; revision=24195

3 files changed, 158 insertions, 45 deletions

diff --git a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
index 311bdf1677..df32b030dc 100644
--- a/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
+++ b/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn
@@ -106,7 +106,9 @@ LDAPResult ::= SEQUENCE {
                 -- 70 reserved for CLDAP 
                 affectsMultipleDSAs(71),-- new--
                 -- 72-79 unused 
-                other(80)},
+                other(80),
+		canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909
+		},
   -- 81-90 reserved for APIs 
   matchedDN     LDAPDN,
   errorMessage  ErrorMessage,
@@ -198,7 +200,9 @@ BindResponse ::= [APPLICATION 1]  SEQUENCE {
                 -- 70 reserved for CLDAP 
                 affectsMultipleDSAs(71),-- new--
                 -- 72-79 unused 
-                other(80)},
+                other(80),
+		canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909
+		},
   -- 81-90 reserved for APIs 
   matchedDN     LDAPDN,
   errorMessage  ErrorMessage,
@@ -356,7 +360,9 @@ ExtendedResponse ::= [APPLICATION 24]  SEQUENCE {
                 -- 70 reserved for CLDAP 
                 affectsMultipleDSAs(71),-- new--
                 -- 72-79 unused 
-                other(80)},
+                other(80),
+		canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909
+		},
   -- 81-90 reserved for APIs 
   matchedDN     LDAPDN,
   errorMessage  ErrorMessage,
@@ -417,6 +423,28 @@ ReplControlValue ::= SEQUENCE {
   cookie		OCTET STRING
 }
 
+-- RFC 3062
+
+--passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1
+
+PasswdModifyRequestValue ::= SEQUENCE {
+  userIdentity    [0]  OCTET STRING OPTIONAL,
+  oldPasswd       [1]  OCTET STRING OPTIONAL,
+  newPasswd       [2]  OCTET STRING OPTIONAL 
+}
+
+PasswdModifyResponseValue ::= SEQUENCE {
+  genPasswd       [0]     OCTET STRING OPTIONAL 
+}
+
+-- RFC 3909
+
+--cancelRequestOID OBJECT IDENTIFIER ::= 1.3.6.1.1.8
+
+CancelRequestValue ::= SEQUENCE {
+  cancelID	  MessageID
+}
+
 END
 
 -- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
diff --git a/asn1/ldap/ldap.cnf b/asn1/ldap/ldap.cnf
index 58cc1b0a9b..fc79450311 100644
--- a/asn1/ldap/ldap.cnf
+++ b/asn1/ldap/ldap.cnf
@@ -30,10 +30,14 @@ Mechanism  TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
 AssertionValue TYPE = FT_STRING  DISPLAY = BASE_NONE  STRINGS = NULL
 
 #.REGISTER
-SearchControlValue 	B "1.2.840.113556.1.4.319" "pagedResultsControl"
+SearchControlValue 		B "1.2.840.113556.1.4.319" "pagedResultsControl"
 SortKeyList	   		B "1.2.840.113556.1.4.473" "sortKeyList"
 SortResult			B "1.2.840.113556.1.4.474" "sortResult"
-ReplControlValue	B "1.2.840.113556.1.4.841" "replControlValue"
+ReplControlValue		B "1.2.840.113556.1.4.841" "replControlValue"
+#RFC 3062
+PasswdModifyRequestValue	B "1.3.6.1.4.1.4203.1.11.1" "passwdModifyOID"
+#RFC 3909
+CancelRequestValue		B "1.3.6.1.1.8"		    "cancelRequstOID"
 
 #.FN_FTR LDAPURL
 	PROTO_ITEM_SET_URL(actx->created_item);
@@ -316,7 +320,7 @@ ldap_conv_info_t *ldap_info;
 
 #.FN_BODY LDAPString VAL_PTR = &parameter_tvb
   tvbuff_t	*parameter_tvb = NULL;
-  char          *ldapstring;
+  char          *ldapstring = NULL;
   gchar		*sc = NULL; /* semi-colon pointer */
  
   %(DEFAULT_BODY)s
@@ -327,14 +331,15 @@ ldap_conv_info_t *ldap_info;
 
      if(parameter_tvb)
         ldapstring = tvb_get_ephemeral_string(parameter_tvb, 0, tvb_length_remaining(parameter_tvb, 0));
-     else
-        ldapstring = "<ROOT>";
 
      if(hf_index == hf_ldap_baseObject) {
   	/* this is search - put it on the scanline */
+	if(!ldapstring || !*ldapstring)
+	  ldapstring = "<ROOT>";
+
 	if(check_col(actx->pinfo->cinfo, COL_INFO)) 
 	  col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring);
-  
+
   	if(ldm_tree)
   	  proto_item_append_text(ldm_tree, " \"%%s\"", ldapstring); 
 
@@ -344,13 +349,22 @@ ldap_conv_info_t *ldap_info;
 	  proto_item_append_text(actx->created_item, " (%%s)", ldapstring); 
 	}
 
-     } else if ((hf_index == hf_ldap_errorMessage) && result) { /* only show message if not success */
+     } else if ((hf_index == hf_ldap_errorMessage) && ldapstring && *ldapstring) { /* only show message if not success */
 	if(check_col(actx->pinfo->cinfo, COL_INFO)) 
           col_append_fstr(actx->pinfo->cinfo, COL_INFO, "(%%s) ", ldapstring);     
 
         if(ldm_tree)
   	  proto_item_append_text(ldm_tree, " (%%s)", ldapstring); 
-     } else if (hf_index == hf_ldap_objectName) {
+
+     } else if ((hf_index == hf_ldap_objectName) || 
+		(hf_index == hf_ldap_name) || 
+	        (hf_index == hf_ldap_entry) ||
+		(hf_index == hf_ldap_object) ||
+		(hf_index == hf_ldap_delRequest) ) {
+
+	if(!ldapstring || !*ldapstring)
+	  ldapstring = "<ROOT>";
+
 	if(check_col(actx->pinfo->cinfo, COL_INFO)) 
           col_append_fstr(actx->pinfo->cinfo, COL_INFO, "\"%%s\" ", ldapstring);     
 
@@ -420,17 +434,14 @@ ldap_conv_info_t *ldap_info;
 
   ldap_do_protocolop(actx->pinfo);
 
-  if(result) {
-  
-    valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)");
+  valstr = val_to_str(result, ldap_T_resultCode_vals, "Unknown result(%%u)");
 
-    if (check_col(actx->pinfo->cinfo, COL_INFO))
-      col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
+  if (check_col(actx->pinfo->cinfo, COL_INFO))
+    col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
 
-    if(ldm_tree)
-      proto_item_append_text(ldm_tree, " %%s", valstr); 
+  if(ldm_tree)
+    proto_item_append_text(ldm_tree, " %%s", valstr); 
 
-  }
 
 #.FN_BODY BindResponse/_untag/resultCode  VAL_PTR = &result
 
@@ -440,17 +451,13 @@ ldap_conv_info_t *ldap_info;
 
   ldap_do_protocolop(actx->pinfo);
 
-  if(result) {
-  
-    valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)");
-
-    if (check_col(actx->pinfo->cinfo, COL_INFO))
-      col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
+  valstr = val_to_str(result, ldap_BindResponse_resultCode_vals, "Unknown result(%%u)");
 
-    if(ldm_tree)
-      proto_item_append_text(ldm_tree, " %%s", valstr); 
+  if (check_col(actx->pinfo->cinfo, COL_INFO))
+    col_append_fstr(actx->pinfo->cinfo, COL_INFO, "%%s ", valstr);
 
-  }
+  if(ldm_tree)
+    proto_item_append_text(ldm_tree, " %%s", valstr); 
 
   
 #.FN_BODY AttributeValue
@@ -563,8 +570,10 @@ ldap_conv_info_t *ldap_info;
 
 %(DEFAULT_BODY)s
 
-	proto_item_append_text(it, "%%s", and_filter_string);
-	Filter_string=ep_strdup_printf("%%s",and_filter_string);
+	if(and_filter_string) {
+		proto_item_append_text(it, "%%s", and_filter_string);
+		Filter_string=ep_strdup_printf("%%s",and_filter_string);
+	}
 	and_filter_string=old_and_filter_string;
 
 #.FN_FTR Filter/or/_item
@@ -587,8 +596,10 @@ ldap_conv_info_t *ldap_info;
 		tree = tr;
 	} 
 %(DEFAULT_BODY)s
-	proto_item_append_text(it, "%%s", or_filter_string);
-	Filter_string=ep_strdup_printf("%%s",or_filter_string);
+	if(or_filter_string) {
+		proto_item_append_text(it, "%%s", or_filter_string);
+		Filter_string=ep_strdup_printf("%%s",or_filter_string);
+	}
 	or_filter_string=old_or_filter_string;
 
 #.FN_FTR Filter/present
@@ -663,7 +674,8 @@ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &v
 		tree = tr;
 	}
 %(DEFAULT_BODY)s
-	proto_item_append_text(it, "%%s", Filter_string);
+	if(Filter_string)
+		proto_item_append_text(it, "%%s", Filter_string);
 
 #.FN_BODY AuthenticationChoice/ntlmsspNegotiate
 	/* make sure the protocol op comes first */
@@ -713,6 +725,29 @@ offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, &v
 		%(DEFAULT_BODY)s
 	}
 
+
+#.FN_BODY ExtendedRequest/_untag/requestValue
+
+	if((object_identifier_id != NULL) && oid_has_dissector(object_identifier_id)) {
+		offset = call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree);
+	} else {
+		%(DEFAULT_BODY)s
+	}
+
+#.FN_BODY SearchResultReference
+
+ %(DEFAULT_BODY)s
+
+ ldap_do_protocolop(actx->pinfo);  
+
+
+#.FN_BODY AbandonRequest
+
+ %(DEFAULT_BODY)s
+
+ ldap_do_protocolop(actx->pinfo);  
+
+
 #.NO_EMIT
 AttributeType
 Attribute
diff --git a/asn1/ldap/packet-ldap-template.c b/asn1/ldap/packet-ldap-template.c
index 147c1b89b2..3bedd544f7 100644
--- a/asn1/ldap/packet-ldap-template.c
+++ b/asn1/ldap/packet-ldap-template.c
@@ -161,18 +161,23 @@ static gint ett_mscldap_netlogon_flags = -1;
 static dissector_table_t ldap_name_dissector_table=NULL;
 static const char *object_identifier_id = NULL; /* LDAP OID */
 
-/* desegmentation of LDAP */
-static gboolean ldap_desegment = TRUE;
-static guint    ldap_tcp_port = 389;
-
 static gboolean do_protocolop = FALSE;
 static gchar    *attr_type = NULL;
 static gboolean is_binary_attr_type = FALSE;
+static guint32 last_frame_seen = 0;
 
 #define TCP_PORT_LDAP			389
+#define TCP_PORT_LDAPS			636
 #define UDP_PORT_CLDAP			389
 #define TCP_PORT_GLOBALCAT_LDAP         3268 /* Windows 2000 Global Catalog */
 
+/* desegmentation of LDAP */
+static gboolean ldap_desegment = TRUE;
+static guint global_ldap_tcp_port = TCP_PORT_LDAP;
+static guint global_ldaps_tcp_port = TCP_PORT_LDAPS;
+static guint tcp_port = 0;
+static guint ssl_port = 0;
+
 static dissector_handle_t gssapi_handle = NULL;
 static dissector_handle_t gssapi_wrap_handle = NULL;
 static dissector_handle_t ntlmssp_handle = NULL;
@@ -180,6 +185,9 @@ static dissector_handle_t spnego_handle = NULL;
 static dissector_handle_t ssl_handle = NULL;
 static dissector_handle_t ldap_handle = NULL;
 
+void prefs_register_ldap(void); /* forward declaration for use in preferences registration */
+
+
 /* different types of rpc calls ontop of ms cldap */
 #define	MSCLDAP_RPC_NETLOGON 	1
 
@@ -733,7 +741,17 @@ dissect_ldap_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean i
      * Info column.
      */
     if (check_col(pinfo->cinfo, COL_PROTOCOL)) col_set_str(pinfo->cinfo, COL_PROTOCOL, pinfo->current_proto);
-    if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
+
+    if(last_frame_seen == pinfo->fd->num) {
+      /* we have already dissected an ldap PDU in this frame - add a separator and set a fence */
+      if (check_col(pinfo->cinfo, COL_INFO)) {
+	col_append_str(pinfo->cinfo, COL_INFO, "| ");
+	col_set_fence(pinfo->cinfo, COL_INFO);
+      }
+    } else
+      if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO);
+
+    last_frame_seen = pinfo->fd->num;
 
     ldap_item = proto_tree_add_item(tree, is_mscldap?proto_cldap:proto_ldap, tvb, 0, -1, FALSE);
     ldap_tree = proto_item_add_subtree(ldap_item, ett_ldap);
@@ -1423,8 +1441,8 @@ this_was_not_normal_ldap:
 	  guint32 old_start_tls_frame;
 
 	  /* temporarily dissect this port as SSL */
-	  dissector_delete("tcp.port", ldap_tcp_port, ldap_handle); 
-	  ssl_dissector_add(ldap_tcp_port, "ldap", TRUE);
+	  dissector_delete("tcp.port", tcp_port, ldap_handle); 
+	  ssl_dissector_add(tcp_port, "ldap", TRUE);
     
 	  old_start_tls_frame = ldap_info->start_tls_frame;
 	  ldap_info->start_tls_frame = 0; /* make sure we don't call SSL again */
@@ -1433,10 +1451,10 @@ this_was_not_normal_ldap:
 	  offset = call_dissector(ssl_handle, tvb, pinfo, tree);
 
 	  ldap_info->start_tls_frame = old_start_tls_frame;
-	  ssl_dissector_delete(ldap_tcp_port, "ldap", TRUE);
+	  ssl_dissector_delete(tcp_port, "ldap", TRUE);
 
 	  /* restore ldap as the dissector for this port */
-	  dissector_add("tcp.port", ldap_tcp_port, ldap_handle);
+	  dissector_add("tcp.port", tcp_port, ldap_handle);
 
 	  /* we are done */
 	  return;
@@ -1471,6 +1489,7 @@ ldap_reinit(void)
   }
 
   ldap_info_items = NULL;
+  last_frame_seen = 0;
 
 }
 
@@ -1685,7 +1704,7 @@ void proto_register_ldap(void) {
 
   register_dissector("ldap", dissect_ldap_tcp, proto_ldap);
 
-  ldap_module = prefs_register_protocol(proto_ldap, NULL);
+  ldap_module = prefs_register_protocol(proto_ldap, prefs_register_ldap);
   prefs_register_bool_preference(ldap_module, "desegment_ldap_messages",
     "Reassemble LDAP messages spanning multiple TCP segments",
     "Whether the LDAP dissector should reassemble messages spanning multiple TCP segments."
@@ -1694,7 +1713,11 @@ void proto_register_ldap(void) {
 
   prefs_register_uint_preference(ldap_module, "tcp.port", "LDAP TCP Port",
 				 "Set the port for LDAP operations",
-				 10, &ldap_tcp_port);
+				 10, &global_ldap_tcp_port);
+
+  prefs_register_uint_preference(ldap_module, "ssl.port", "LDAPS TCP Port",
+				 "Set the port for LDAP operations over SSL",
+				 10, &global_ldaps_tcp_port);
 
   prefs_register_obsolete_preference(ldap_module, "max_pdu");
 
@@ -1717,9 +1740,11 @@ proto_reg_handoff_ldap(void)
 	dissector_handle_t cldap_handle;
 	ldap_handle = create_dissector_handle(dissect_ldap_tcp, proto_ldap);
 
-	dissector_add("tcp.port", ldap_tcp_port, ldap_handle);
+	dissector_add("tcp.port", global_ldap_tcp_port, ldap_handle);
 	dissector_add("tcp.port", TCP_PORT_GLOBALCAT_LDAP, ldap_handle);
 
+	ssl_dissector_add(global_ldaps_tcp_port, "ldap", TRUE);
+
 	cldap_handle = create_dissector_handle(dissect_mscldap, proto_cldap);
 	dissector_add("udp.port", UDP_PORT_CLDAP, cldap_handle);
 
@@ -1781,4 +1806,29 @@ proto_reg_handoff_ldap(void)
 
 }
 
+void prefs_register_ldap(void) {
+
+  if(tcp_port != global_ldap_tcp_port) {
+    if(tcp_port)
+      dissector_delete("tcp.port", tcp_port, ldap_handle);
+
+    /* Set our port number for future use */
+    tcp_port = global_ldap_tcp_port;
+
+    if(tcp_port) 
+      dissector_add("tcp.port", tcp_port, ldap_handle);
+
+  }
 
+  if(ssl_port != global_ldaps_tcp_port) {
+    if(ssl_port)
+      ssl_dissector_delete(ssl_port, "ldap", TRUE);
+
+    /* Set our port number for future use */
+    ssl_port = global_ldaps_tcp_port;
+
+    if(ssl_port) 
+      ssl_dissector_add(ssl_port, "ldap", TRUE);
+  }
+
+}