Ethereal-dev: Re: [ethereal-dev] ldap dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Mon, 27 Mar 2000 00:50:52 -0800
> Ok, here is another go at an ldap dissector. This one uses the asn1.c
> routines although I'm wrapping most of them to provide the
> functionality I need.

Looks good, although it can actually make more use of the stuff in
"asn1.c" and "asn1.h" than it currently does, at least if I add a couple
missing type tags to "asn1.h", for example using "asn1_id_decode()" to
decode type IDs and using "asn1_header_decode()" to decode
type-ID-plus-length headers.

This means using just the type tag, not the full type value with the
class and primitive/constructed bits, as the #defines for various LDAP
types (and checking the class and primitive/constructed bits elsewhere).

(I'm not sure why "packet-ldap.h" was defining XXX_30 as type IDs with
constructed encodings and XXX as type IDs with primitive encodings - for
example, it defines LDAP_REQ_UNBIND ax 0x42 (application type 2,
primitive encoding) and LDAP_REQ_UNBIND_30 as 0x62 (application type 2,
constructed encoding) - if "30" refers to LDAP v3, then I'd expect both
of them to use the primitive encoding, given that RFC 1777, for LDAP v2,
says

     UnbindRequest ::= [APPLICATION 2] NULL

and RFC 2251, for LDAP v3, also says

        UnbindRequest ::= [APPLICATION 2] NULL

and X.209, the ASN.1 BER spec, says "The encoding of a null value shall
be primitive".)

I've attached a patch to "asn1.h" to add in the type tags for the REAL
and ENUMERATED types - LDAP uses the ENUMERATED type - and have attached
the modified versions of "packet-ldap.c" and "packet-ldap.h"; I don't
have any LDAP captures with which to test them, but they at least
compile.  (I will check the "asn1.h" change into the CVS tree.)
Index: asn1.h
===================================================================
RCS file: /usr/local/cvsroot/ethereal/asn1.h,v
retrieving revision 1.2
diff -c -r1.2 asn1.h
*** asn1.h	1999/12/10 09:49:29	1.2
--- asn1.h	2000/03/27 08:39:39
***************
*** 45,50 ****
--- 45,52 ----
  #define ASN1_OJI       6     /* Object Identifier  */
  #define ASN1_OJD       7     /* Object Description */
  #define ASN1_EXT       8     /* External           */
+ #define ASN1_REAL      9     /* Real               */
+ #define ASN1_ENUM      10    /* Enumerated         */
  #define ASN1_SEQ       16    /* Sequence           */
  #define ASN1_SET       17    /* Set                */
  #define ASN1_NUMSTR    18    /* Numerical String   */
/* packet-ldap.c
 * Routines for ldap packet dissection
 *
 * $Id: packet-ldap.c,v 1.2 2000/01/07 22:05:32 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

/*
 * This is not a complete implementation. It doesn't handle the full version 3, more specifically,
 * it handles only the commands of version 2, but any additional characteristics of the ver3 command are supported.
 * It's also missing the substring and extensible search filters.
 * 
 * There should probably be alot more error checking, I simply assume that if we have a full packet, it will be a complete
 * and correct packet.
 * 
 * AFAIK, it will handle all messages used by the OpenLDAP 1.2.9 server and libraries which was my goal. I do plan to add
 * the remaining commands as time permits but this is not a priority to me. Send me an email if you need it and I'll see what
 * I can do.
 * 
 * Doug Nazar
 * nazard@xxxxxxxxxxxxxxx
 */

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <stdio.h>

#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif

#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#endif

#include <string.h>
#include <glib.h>
#include "packet.h"

#include "packet-ldap.h"
#include "asn1.h"

static int proto_ldap = -1;
static int hf_ldap_length = -1;
static int hf_ldap_message_id = -1;
static int hf_ldap_message_type = -1;
static int hf_ldap_message_length = -1;

static int hf_ldap_message_result = -1;
static int hf_ldap_message_result_matcheddn = -1;
static int hf_ldap_message_result_errormsg = -1;
static int hf_ldap_message_result_referral = -1;

static int hf_ldap_message_bind_version = -1;
static int hf_ldap_message_bind_dn = -1;
static int hf_ldap_message_bind_auth = -1;
static int hf_ldap_message_bind_auth_password = -1;

static int hf_ldap_message_search_base = -1;
static int hf_ldap_message_search_scope = -1;
static int hf_ldap_message_search_deref = -1;
static int hf_ldap_message_search_sizeLimit = -1;
static int hf_ldap_message_search_timeLimit = -1;
static int hf_ldap_message_search_typesOnly = -1;
static int hf_ldap_message_search_filter = -1;

static int hf_ldap_message_dn = -1;
static int hf_ldap_message_attribute = -1;
static int hf_ldap_message_value = -1;

static int hf_ldap_message_modrdn_name = -1;
static int hf_ldap_message_modrdn_delete = -1;
static int hf_ldap_message_modrdn_superior = -1;

static int hf_ldap_message_compare = -1;

static int hf_ldap_message_modify_add = -1;
static int hf_ldap_message_modify_replace = -1;
static int hf_ldap_message_modify_delete = -1;

static int hf_ldap_message_abandon_msgid = -1;

static gint ett_ldap = -1;
static gint ett_ldap_message = -1;
static gint ett_ldap_referrals = -1;
static gint ett_ldap_attribute = -1;

static value_string msgTypes [] = {
  {LDAP_REQ_BIND, "Bind Request"},
  {LDAP_REQ_UNBIND, "Unbind Request"},
  {LDAP_REQ_SEARCH, "Search Request"},
  {LDAP_REQ_MODIFY, "Modify Request"},
  {LDAP_REQ_ADD, "Add Request"},
  {LDAP_REQ_DELETE, "Delete Request"},
  {LDAP_REQ_MODRDN, "Modify RDN Request"},
  {LDAP_REQ_COMPARE, "Compare Request"},
  {LDAP_REQ_ABANDON, "Abandon Request"},
  {LDAP_REQ_EXTENDED, "Extended Request"},
    
  {LDAP_RES_BIND, "Bind Result"},
  {LDAP_RES_SEARCH_ENTRY, "Search Entry"},
  {LDAP_RES_SEARCH_RESULT, "Search Result"},
  {LDAP_RES_SEARCH_REF, "Search Result Reference"},
  {LDAP_RES_MODIFY, "Modify Result"},
  {LDAP_RES_ADD, "Add Result"},
  {LDAP_RES_DELETE, "Delete Result"},
  {LDAP_RES_MODRDN, "Modify RDN Result"},
  {LDAP_RES_COMPARE, "Compare Result"},
  {LDAP_REQ_EXTENDED, "Extended Response"},
};

static int read_length(ASN1_SCK *a, proto_tree *tree, int hf_id, guint *len)
{
  guint length = 0;
  gboolean def = FALSE;
  const guchar *start = a->pointer;
  
  asn1_length_decode(a, &def, &length);

  if (len)
    *len = length;

  if (tree)
    proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, length);

  return 0;
}

static int read_sequence(ASN1_SCK *a, guint *len)
{
  guint cls, con, tag;
  gboolean def;
  guint length;
  
  if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
    return 1;
  if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
    return 1;
  
  if (len)
    *len = length;
  
  return 0;
}

static int read_set(ASN1_SCK *a, guint *len)
{
  guint cls, con, tag;
  gboolean def;
  guint length;
  
  if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
    return 1;
  if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SET)
    return 1;
  
  if (len)
    *len = length;
  
  return 0;
}

static int read_integer_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
	proto_tree **new_tree, guint *i, const guchar *start, guint length)
{
  guint integer = 0;

  asn1_uint32_value_decode(a, length, &integer);

  if (i)
    *i = integer;

  if (tree)
  {
    proto_tree *temp_tree = 0;
    temp_tree = proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, integer);
    if (new_tree)
      *new_tree = temp_tree;
  }

  return 0;
}

static int read_integer(ASN1_SCK *a, proto_tree *tree, int hf_id,
	proto_tree **new_tree, guint *i, guint expected_tag)
{
  guint cls, con, tag;
  gboolean def;
  guint length;
  const guchar *start = a->pointer;
  
  if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
    return 1;
  if (cls != ASN1_UNI || con != ASN1_PRI || tag != expected_tag)
    return 1;

  return read_integer_value(a, tree, hf_id, new_tree, i, start, length);
}

static int read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
	proto_tree **new_tree, char **s, const guchar *start, guint length)
{
  guchar *string;
  
  if (length)
  {
    asn1_octet_string_value_decode(a, length, &string);
    string = g_realloc(string, length + 1);
    string[length] = '\0';
  }
  else
    string = "(null)";
    
  if (tree)
  {
    proto_tree *temp_tree;
    temp_tree = proto_tree_add_item(tree, hf_id, start - a->begin, a->pointer - start, string);
    if (new_tree)
      *new_tree = temp_tree;
  }

  if (s && length)
    *s = string;
  else if (length)
    g_free(string);

  return 0;
}

static int read_string(ASN1_SCK *a, proto_tree *tree, int hf_id,
	proto_tree **new_tree, char **s, guint expected_cls, guint expected_tag)
{
  guint cls, con, tag;
  gboolean def;
  guint length;
  const guchar *start = a->pointer;
  
  if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
    return 1;
  if (cls != expected_cls || con != ASN1_PRI || tag != expected_tag)
    return 1;

  return read_string_value(a, tree, hf_id, new_tree, s, start, length);
}

static void parse_filter_strings(ASN1_SCK *a, char **filter, guint *filter_length, const guchar *operation)
{
  guchar *string;
  guchar *string2;
  gint string_length;
  gint string2_length;
  guint string_bytes;

  asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
  asn1_octet_string_decode(a, &string2, &string2_length, &string_bytes);
  *filter_length += 3 + string_length + string2_length;
  *filter = g_realloc(*filter, *filter_length);
  sprintf(*filter + strlen(*filter), "(%.*s%s%.*s)", string_length, string, operation, string2_length, string2);
  g_free(string);
  g_free(string2);
}

static gboolean parse_filter(ASN1_SCK *a, char **filter, guint *filter_length, const guchar **end)
{
  guint cls, con, tag;
  guint length;
  gboolean def;

  /* XXX - what if this returns an error? */
  asn1_header_decode(a, &cls, &con, &tag, &def, &length);
  
  if (*end == 0)
  {
    *end = a->pointer + length;
    *filter_length = 1;
    *filter = g_malloc0(*filter_length);
  }

  if (cls == ASN1_CTX)	/* XXX - handle other types as errors? */
  {
    switch (tag)
    {
     case LDAP_FILTER_AND:
      {
        const guchar *add_end;

        if (con != ASN1_CON)
          break;		/* XXX - handle this as an error? */
        add_end = a->pointer + length;
        *filter_length += 3;
        *filter = g_realloc(*filter, *filter_length);
        strcat(*filter, "(&");
        while (!parse_filter(a, filter, filter_length, &add_end))
	  continue;
        strcat(*filter, ")");
      }
      break;
     case LDAP_FILTER_OR:
      {
        const guchar *or_end;

        if (con != ASN1_CON)
          break;		/* XXX - handle this as an error? */
        or_end = a->pointer + length;
        *filter_length += 3;
        *filter = g_realloc(*filter, *filter_length);
        strcat(*filter, "(|");
        while (!parse_filter(a, filter, filter_length, &or_end))
	  continue;
        strcat(*filter, ")");
      }
      break;
     case LDAP_FILTER_NOT:
      {
        const guchar *not_end;

        if (con != ASN1_CON)
          break;		/* XXX - handle this as an error? */
        not_end = a->pointer + length;
        *filter_length += 3;
        *filter = g_realloc(*filter, *filter_length);
        strcat(*filter, "(!");
        parse_filter(a, filter, filter_length, &not_end);
        strcat(*filter, ")");
      }
      break;
     case LDAP_FILTER_EQUALITY:
      if (con != ASN1_CON)
        break;		/* XXX - handle this as an error? */
      parse_filter_strings(a, filter, filter_length, "=");
      break;
     case LDAP_FILTER_GE:
      if (con != ASN1_CON)
        break;		/* XXX - handle this as an error? */
      parse_filter_strings(a, filter, filter_length, ">=");
      break;
     case LDAP_FILTER_LE:
      if (con != ASN1_CON)
        break;		/* XXX - handle this as an error? */
      parse_filter_strings(a, filter, filter_length, "<=");
      break;
     case LDAP_FILTER_APPROX:
      if (con != ASN1_CON)
        break;		/* XXX - handle this as an error? */
      parse_filter_strings(a, filter, filter_length, "~=");
      break;
     case LDAP_FILTER_PRESENT:
      {
        guchar *string;
        gint string_length;
        guint string_bytes;
    
        asn1_octet_string_decode(a, &string, &string_length, &string_bytes);
        *filter_length += 3 + string_length;
        *filter = g_realloc(*filter, *filter_length);
        sprintf(*filter + strlen(*filter), "(%.*s=*)", string_length, string);
        g_free(string);
      }
      break;
     case LDAP_FILTER_SUBSTRINGS:
      if (con != ASN1_CON)
        break;		/* XXX - handle this as an error? */
      asn1_null_decode(a, length);	/* XXX - actually decode this... */
      break;
     default:
      break;		/* XXX - handle this as an error? */
    }
  }
  
  return a->pointer == *end;
}

static int read_filter(ASN1_SCK *a, proto_tree *tree, int hf_id)
{
  const guchar *start = a->pointer;
  char *filter = 0;
  guint filter_length = 0;
  const guchar *end = 0;
     
  while (!parse_filter(a, &filter, &filter_length, &end))
    continue;
  
  if (tree)
    proto_tree_add_item(tree, hf_id, start-a->begin, a->pointer-start, filter);

  g_free(filter);

  return 0;
}

/********************************************************************************************/

static int dissect_ldap_result(ASN1_SCK *a, proto_tree *tree)
{
  guint resultCode = 0;
  
  read_integer(a, tree, hf_ldap_message_result, 0, &resultCode, ASN1_ENUM);
  read_string(a, tree, hf_ldap_message_result_matcheddn, 0, 0, ASN1_UNI, ASN1_OTS);
  read_string(a, tree, hf_ldap_message_result_errormsg, 0, 0, ASN1_UNI, ASN1_OTS);

  if (resultCode == 10)		/* Referral */
  {
    const guchar *start = a->pointer;
    const guchar *end;
    guint length;
    proto_tree *t, *referralTree;
    
    read_sequence(a, &length);
    t = proto_tree_add_text(tree, start-a->begin, length, "Referral URLs");
    referralTree = proto_item_add_subtree(t, ett_ldap_referrals);

    end = a->pointer + length;;
    while (a->pointer < end)
      read_string(a, referralTree, hf_ldap_message_result_referral, 0, 0, ASN1_UNI, ASN1_OTS);
  }
    
  return 0;
}

static int dissect_ldap_request_bind(ASN1_SCK *a, proto_tree *tree)
{
  guint cls, con, tag;
  guint def, length;
  const guchar *start;

  read_integer(a, tree, hf_ldap_message_bind_version, 0, 0, ASN1_INT);
  read_string(a, tree, hf_ldap_message_bind_dn, 0, 0, ASN1_UNI, ASN1_OTS);

  start = a->pointer;
  if (asn1_header_decode(a, &cls, &con, &tag, &def, &length) != ASN1_ERR_NOERROR)
    return 1;	/* XXX - right return value for an error? */
  if (cls != ASN1_CTX)
    return 1;	/* RFCs 1777 and 2251 say these are context-specific types */
  switch (tag)
  {
   case LDAP_AUTH_SIMPLE:
    proto_tree_add_item(tree, hf_ldap_message_bind_auth, start - a->begin,
			a->pointer - start);
    read_string_value(a, tree, hf_ldap_message_bind_auth_password, NULL, NULL,
			start, length);
    break;

    /* For Kerberos V4, dissect it as a ticket. */
    /* For SASL, dissect it as SaslCredentials. */
  }
  
  return 0;
}

static int dissect_ldap_response_bind(ASN1_SCK *a, proto_tree *tree)
{
  dissect_ldap_result(a, tree);
  /* FIXME: handle SASL data */
  return 0;
}

static int dissect_ldap_request_search(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end;
  
  read_string(a, tree, hf_ldap_message_search_base, 0, 0, ASN1_UNI, ASN1_OTS);
  read_integer(a, tree, hf_ldap_message_search_scope, 0, 0, ASN1_ENUM);
  read_integer(a, tree, hf_ldap_message_search_deref, 0, 0, ASN1_ENUM);
  read_integer(a, tree, hf_ldap_message_search_sizeLimit, 0, 0, ASN1_INT);
  read_integer(a, tree, hf_ldap_message_search_timeLimit, 0, 0, ASN1_INT);
  read_integer(a, tree, hf_ldap_message_search_typesOnly, 0, 0, ASN1_BOL);
  read_filter(a, tree, hf_ldap_message_search_filter);
  read_sequence(a, &seq_length);
  end = a->pointer + seq_length;
  while (a->pointer < end)
    read_string(a, tree, hf_ldap_message_attribute, 0, 0, ASN1_UNI, ASN1_OTS);
  return 0;
}

static int dissect_ldap_response_search_entry(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end_of_sequence;
 
  read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
  read_sequence(a, &seq_length);

  end_of_sequence = a->pointer + seq_length;
  while (a->pointer < end_of_sequence)
  {
    proto_tree *t, *attr_tree;
    guint set_length;
    const guchar *end_of_set;

    read_sequence(a, 0);
    read_string(a, tree, hf_ldap_message_attribute, &t, 0, ASN1_UNI, ASN1_OTS);
    attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);

    read_set(a, &set_length);
    end_of_set = a->pointer + set_length;
    while (a->pointer < end_of_set)
      read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
  }

  return 0;
}

static int dissect_ldap_request_add(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end_of_sequence;
  
  read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);

  read_sequence(a, &seq_length);
  end_of_sequence = a->pointer + seq_length;
  while (a->pointer < end_of_sequence)
  {
    proto_tree *t, *attr_tree;
    guint set_length;
    const guchar *end_of_set;

    read_sequence(a, 0);
    read_string(a, tree, hf_ldap_message_attribute, &t, 0, ASN1_UNI, ASN1_OTS);
    attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);

    read_set(a, &set_length);
    end_of_set = a->pointer + set_length;
    while (a->pointer < end_of_set)
      read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
  }

  return 0;
}

static int dissect_ldap_request_delete(ASN1_SCK *a, proto_tree *tree,
		const guchar *start, guint length)
{
  read_string_value(a, tree, hf_ldap_message_dn, NULL, NULL, start, length);
  return 0;
}

static int dissect_ldap_request_modifyrdn(ASN1_SCK *a, proto_tree *tree,
		guint length)
{
  const guchar *start = a->pointer;

  read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
  read_string(a, tree, hf_ldap_message_modrdn_name, 0, 0, ASN1_UNI, ASN1_OTS);
  read_integer(a, tree, hf_ldap_message_modrdn_delete, 0, 0, ASN1_BOL);
  
  if (a->pointer < (start + length)) {
    /* LDAP V3 Modify DN operation, with newSuperior */
    read_string(a, tree, hf_ldap_message_modrdn_superior, 0, 0, ASN1_UNI, ASN1_OTS);
  }

  return 0;
}

static int dissect_ldap_request_compare(ASN1_SCK *a, proto_tree *tree)
{
  const guchar *start;
  int length;
  char *string1 = 0;
  char *string2 = 0;
  char *compare;
  
  read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
  read_sequence(a, 0);

  start = a->pointer;
  read_string(a, 0, -1, 0, &string1, ASN1_UNI, ASN1_OTS);
  read_string(a, 0, -1, 0, &string2, ASN1_UNI, ASN1_OTS);

  length = 2 + strlen(string1) + strlen(string2);
  compare = g_malloc0(length);
  snprintf(compare, length, "%s=%s", string1, string2);
  proto_tree_add_item(tree, hf_ldap_message_compare, start-a->begin, a->pointer-start, compare);
  
  g_free(string1);
  g_free(string2);
  g_free(compare);
  
  return 0;
}

static int dissect_ldap_request_modify(ASN1_SCK *a, proto_tree *tree)
{
  guint seq_length;
  const guchar *end_of_sequence;
  
  read_string(a, tree, hf_ldap_message_dn, 0, 0, ASN1_UNI, ASN1_OTS);
  read_sequence(a, &seq_length);
  end_of_sequence = a->pointer + seq_length;
  while (a->pointer < end_of_sequence)
  {
    proto_tree *t = 0, *attr_tree;
    guint set_length;
    const guchar *end_of_set;
    guint operation;

    read_sequence(a, 0);
    read_integer(a, 0, -1, 0, &operation, ASN1_ENUM);
    read_sequence(a, 0);

    switch (operation)
    {
     case LDAP_MOD_ADD:
      read_string(a, tree, hf_ldap_message_modify_add, &t, 0, ASN1_UNI, ASN1_OTS);
      break;
     case LDAP_MOD_REPLACE:
      read_string(a, tree, hf_ldap_message_modify_replace, &t, 0, ASN1_UNI, ASN1_OTS);
      break;
     case LDAP_MOD_DELETE:
      read_string(a, tree, hf_ldap_message_modify_delete, &t, 0, ASN1_UNI, ASN1_OTS);
      break;
    }
    attr_tree = proto_item_add_subtree(t, ett_ldap_attribute);

    read_set(a, &set_length);
    end_of_set = a->pointer + set_length;
    while (a->pointer < end_of_set)
      read_string(a, attr_tree, hf_ldap_message_value, 0, 0, ASN1_UNI, ASN1_OTS);
  }

  return 0;
}

static int dissect_ldap_request_abandon(ASN1_SCK *a, proto_tree *tree,
		const guchar *start, guint length)
{
  read_integer_value(a, tree, hf_ldap_message_abandon_msgid, NULL, NULL,
			start, length); 
  return 0;
}

void
dissect_ldap(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
{
  proto_tree *ldap_tree = 0, *ti, *msg_tree;
  guint messageLength;
  guint messageId;
  guint protocolOpCls, protocolOpCon, protocolOpTag;
  gchar *typestr;
  guint opLen;
  ASN1_SCK a;
  const guchar *start;

  if (tree) 
  {
    ti = proto_tree_add_item(tree, proto_ldap, offset, END_OF_FRAME, NULL);
    ldap_tree = proto_item_add_subtree(ti, ett_ldap);
  }

  asn1_open(&a, pd, pi.captured_len);
  a.pointer += offset;

  if (read_sequence(&a, &messageLength))
  {
    if (tree)
      proto_tree_add_text(tree, offset, 1, "Invalid LDAP packet");
    return;
  }

  if (messageLength > (pi.captured_len - offset))
  {
    if (tree)
      proto_tree_add_text(tree, offset, END_OF_FRAME, "Sequence length: %u, LDAP packet data length = %u\n",
			  messageLength, pi.captured_len - offset);
    return;
  }
  
  read_integer(&a, ldap_tree, hf_ldap_message_id, 0, &messageId, ASN1_INT);
  start = a.pointer;
  asn1_id_decode(&a, &protocolOpCls, &protocolOpCon, &protocolOpTag);
  if (protocolOpCls != ASN1_APL)
    typestr = "Bad message type (not Application)";
  else
    typestr = val_to_str(protocolOpTag, msgTypes, "Bad message type (%u)");
  
  if (check_col(fd, COL_PROTOCOL))
    col_add_str(fd, COL_PROTOCOL, "LDAP");

  if (check_col(fd, COL_INFO))
    col_add_fstr(fd, COL_INFO, "MsgId=%u MsgType=%s",
		 messageId, typestr);

  if (tree) 
  {
    ti = proto_tree_add_item(ldap_tree, hf_ldap_message_type,
			start - a.begin, a.pointer - start, protocolOpTag);
    msg_tree = proto_item_add_subtree(ti, ett_ldap_message);
    start = a.pointer;
    read_length(&a, msg_tree, hf_ldap_message_length, &opLen);

    switch (protocolOpTag)
    {
     case LDAP_REQ_BIND:
      dissect_ldap_request_bind(&a, msg_tree);
      break;
     case LDAP_REQ_SEARCH:
      dissect_ldap_request_search(&a, msg_tree);
      break;
     case LDAP_REQ_ADD:
      dissect_ldap_request_add(&a, msg_tree);
      break;
     case LDAP_REQ_DELETE:
      dissect_ldap_request_delete(&a, msg_tree, start, opLen);
      break;
     case LDAP_REQ_MODRDN:
      dissect_ldap_request_modifyrdn(&a, msg_tree, opLen);
      break;
     case LDAP_REQ_COMPARE:
      dissect_ldap_request_compare(&a, msg_tree);
      break;
     case LDAP_REQ_MODIFY:
      dissect_ldap_request_modify(&a, msg_tree);
      break;
     case LDAP_REQ_ABANDON:
      dissect_ldap_request_abandon(&a, msg_tree, start, opLen);
      break;
     case LDAP_RES_BIND:
      dissect_ldap_response_bind(&a, msg_tree);
      break;
     case LDAP_RES_SEARCH_ENTRY:
      dissect_ldap_response_search_entry(&a, msg_tree);
      break;
     case LDAP_RES_SEARCH_RESULT:
     case LDAP_RES_MODIFY:
     case LDAP_RES_ADD:
     case LDAP_RES_DELETE:
     case LDAP_RES_MODRDN:
     case LDAP_RES_COMPARE:
      dissect_ldap_result(&a, msg_tree);
      break;
    }
  }
}

void
proto_register_ldap(void)
{
  static value_string result_codes[] = {
    {0, "Success"},
    {1, "Operations error"},
    {2, "Protocol error"},
    {3, "Time limit exceeded"},
    {4, "Size limit exceeded"},
    {5, "Compare false"},
    {6, "Compare true"},
    {7, "Authentication method not supported"},
    {8, "Strong authentication required"},
    {10, "Referral"},
    {11, "Administrative limit exceeded"},
    {12, "Unavailable critical extension"},
    {13, "Confidentiality required"},
    {14, "SASL bind in progress"},
    {16, "No such attribute"},
    {17, "Undefined attribute type"},
    {18, "Inappropriate matching"},
    {19, "Constraint violation"},
    {20, "Attribute or value exists"},
    {21, "Invalid attribute syntax"},
    {32, "No such object"},
    {33, "Alias problem"},
    {34, "Invalid DN syntax"},
    {36, "Alias derefetencing problem"},
    {48, "Inappropriate authentication"},
    {49, "Invalid credentials"},
    {50, "Insufficient access rights"},
    {51, "Busy"},
    {52, "Unavailable"},
    {53, "Unwilling to perform"},
    {54, "Loop detected"},
    {64, "Naming violation"},
    {65, "Objectclass violation"},
    {66, "Not allowed on non-leaf"},
    {67, "Not allowed on RDN"},
    {68, "Entry already exists"},
    {69, "Objectclass modification prohibited"},
    {71, "Affects multiple DSAs"},
    {80, "Other"},
  };

  static value_string auth_types[] = {
    {LDAP_AUTH_SIMPLE,    "Simple"},
    {LDAP_AUTH_KRBV4LDAP, "Kerberos V4 to the LDAP server"},
    {LDAP_AUTH_KRBV4DSA,  "Kerberos V4 to the DSA"},
    {LDAP_AUTH_SASL,      "SASL"},
  };
  
  static value_string search_scope[] = {
    {0x00, "Base"},
    {0x01, "Single"},
    {0x02, "Subtree"},
  };
    
  static value_string search_dereference[] = {
    {0x00, "Never"},
    {0x01, "Searching"},
    {0x02, "Base Object"},
    {0x03, "Always"},
  };
  
  static hf_register_info hf[] = {
    { &hf_ldap_length,
      { "Length",		"ldap.length",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Length" }},
	  
    { &hf_ldap_message_id,
      { "Message Id",		"ldap.message_id",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Message Id" }},
    { &hf_ldap_message_type,
      { "Message Type",		"ldap.message_type",
	FT_UINT8, BASE_HEX, &msgTypes, 0x0,
	"LDAP Message Type" }},
    { &hf_ldap_message_length,
      { "Message Length",		"ldap.message_length",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Message Length" }},

    { &hf_ldap_message_result,
      { "Result Code",		"ldap.result.code",
	FT_INT8, BASE_HEX, result_codes, 0x0,
	"LDAP Result Code" }},
    { &hf_ldap_message_result_matcheddn,
      { "Matched DN",		"ldap.result.matcheddn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Result Matched DN" }},
    { &hf_ldap_message_result_errormsg,
      { "Error Message",		"ldap.result.errormsg",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Result Error Message" }},
    { &hf_ldap_message_result_referral,
      { "Referral",		"ldap.result.referral",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Result Referral URL" }},

    { &hf_ldap_message_bind_version,
      { "Version",		"ldap.bind.version",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Bind Version" }},
    { &hf_ldap_message_bind_dn,
      { "DN",			"ldap.bind.dn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Bind Distinguished Name" }},
    { &hf_ldap_message_bind_auth,
      { "Auth Type",		"ldap.bind.auth_type",
	FT_UINT8, BASE_HEX, auth_types, 0x0,
	"LDAP Bind Auth Type" }},
    { &hf_ldap_message_bind_auth_password,
      { "Password",		"ldap.bind.password",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Bind Password" }},

    { &hf_ldap_message_search_base,
      { "Base DN",		"ldap.search.basedn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Search Base Distinguished Name" }},
    { &hf_ldap_message_search_scope,
      { "Scope",			"ldap.search.scope",
	FT_UINT8, BASE_HEX, search_scope, 0x0,
	"LDAP Search Scope" }},
    { &hf_ldap_message_search_deref,
      { "Dereference",		"ldap.search.dereference",
	FT_UINT8, BASE_HEX, search_dereference, 0x0,
	"LDAP Search Dereference" }},
    { &hf_ldap_message_search_sizeLimit,
      { "Size Limit",		"ldap.search.sizelimit",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Search Size Limit" }},
    { &hf_ldap_message_search_timeLimit,
      { "Time Limit",		"ldap.search.timelimit",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Search Time Limit" }},
    { &hf_ldap_message_search_typesOnly,
      { "Attributes Only",	"ldap.search.typesonly",
	FT_BOOLEAN, BASE_NONE, NULL, 0x0,
	"LDAP Search Attributes Only" }},
    { &hf_ldap_message_search_filter,
      { "Filter",		"ldap.search.filter",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Search Filter" }},
    { &hf_ldap_message_dn,
      { "Distinguished Name",	"ldap.dn",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Distinguished Name" }},
    { &hf_ldap_message_attribute,
      { "Attribute",		"ldap.attribute",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Attribute" }},
    { &hf_ldap_message_value,
      { "Value",		"ldap.value",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Value" }},

    { &hf_ldap_message_modrdn_name,
      { "New Name",		"ldap.modrdn.name",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP New Name" }},
    { &hf_ldap_message_modrdn_delete,
      { "Delete Values",	"ldap.modrdn.delete",
	FT_BOOLEAN, BASE_NONE, NULL, 0x0,
	"LDAP Modify RDN - Delete original values" }},
    { &hf_ldap_message_modrdn_superior,
      { "New Location",		"ldap.modrdn.superior",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Modify RDN - New Location" }},

    { &hf_ldap_message_compare,
      { "Test",		"ldap.compare.test",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Compare Test" }},

    { &hf_ldap_message_modify_add,
      { "Add",			"ldap.modify.add",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Add" }},
    { &hf_ldap_message_modify_replace,
      { "Replace",		"ldap.modify.replace",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Replace" }},
    { &hf_ldap_message_modify_delete,
      { "Delete",		"ldap.modify.delete",
	FT_STRING, BASE_NONE, NULL, 0x0,
	"LDAP Delete" }},

    { &hf_ldap_message_abandon_msgid,
      { "Abandon Msg Id",	"ldap.abandon.msgid",
	FT_INT32, BASE_DEC, NULL, 0x0,
	"LDAP Abandon Msg Id" }},
  };

  static gint *ett[] = {
    &ett_ldap,
    &ett_ldap_message,
    &ett_ldap_referrals,
    &ett_ldap_attribute
  };

  proto_ldap = proto_register_protocol("Lightweight Directory Access Protocol", "ldap");
  proto_register_field_array(proto_ldap, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
}
/* packet-ldap.h
 *
 * $Id: packet-ldap.h,v 1.1 2000/02/15 21:02:32 gram Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@xxxxxxxx>
 * Copyright 1998 Gerald Combs
 *
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

/*
 * These are all APPLICATION types; the value is the type tag.
 */
#define LDAP_REQ_BIND               0
#define LDAP_REQ_UNBIND             2
#define LDAP_REQ_SEARCH             3
#define LDAP_REQ_MODIFY             6
#define LDAP_REQ_ADD                8
#define LDAP_REQ_DELETE             10
#define LDAP_REQ_MODRDN             12
#define LDAP_REQ_COMPARE            14
#define LDAP_REQ_ABANDON            16
#define LDAP_REQ_EXTENDED           23	/* LDAP V3 only */

#define LDAP_RES_BIND               1
#define LDAP_RES_SEARCH_ENTRY       4
#define LDAP_RES_SEARCH_REF         19	/* LDAP V3 only */
#define LDAP_RES_SEARCH_RESULT      5
#define LDAP_RES_MODIFY             7
#define LDAP_RES_ADD                9
#define LDAP_RES_DELETE             11
#define LDAP_RES_MODRDN             13
#define LDAP_RES_COMPARE            15
#define LDAP_RES_EXTENDED           24	/* LDAP V3 only */

/*
 * These are all CONTEXT types; the value is the type tag.
 */

/* authentication type tags */
#define LDAP_AUTH_SIMPLE        0
#define LDAP_AUTH_KRBV4LDAP     1	/* LDAP V2 only */
#define LDAP_AUTH_KRBV4DSA      2	/* LDAP V2 only */
#define LDAP_AUTH_SASL          3	/* LDAP V3 only */

/* filter type tags */
#define LDAP_FILTER_AND         0
#define LDAP_FILTER_OR          1
#define LDAP_FILTER_NOT         2
#define LDAP_FILTER_EQUALITY    3
#define LDAP_FILTER_SUBSTRINGS  4
#define LDAP_FILTER_GE          5
#define LDAP_FILTER_LE          6
#define LDAP_FILTER_PRESENT     7
#define LDAP_FILTER_APPROX      8
#define LDAP_FILTER_EXTENSIBLE  9	/* LDAP V3 only */

#define LDAP_MOD_ADD            0
#define LDAP_MOD_DELETE         1
#define LDAP_MOD_REPLACE        2

void dissect_ldap(const u_char *, int, frame_data *, proto_tree *);