# x509if.cnf # X509IF conformation file #.IMPORT ../x509sat/x509sat-exp.cnf #.MODULE_IMPORT DirectoryAbstractService dap #.OMIT_ASSIGNMENT ObjectClassKind #.END #.CLASS ATTRIBUTE &derivation ClassReference ATTRIBUTE &Type &equality-match ClassReference MATCHING-RULE &ordering-match ClassReference MATCHING-RULE &substrings-match ClassReference MATCHING-RULE &single-valued BooleanType &collective BooleanType &no-user-modification BooleanType &usage TypeReference AttributeUsage &id ObjectIdentifierType #.END #.CLASS CONTEXT &Type &Assertion &id ObjectIdentifierType #.END #.CLASS OBJECT-CLASS &Superclasses ClassReference OBJECT-CLASS &kind TypeReference ObjectClassKind &MandatoryAttributes ClassReference ATTRIBUTE &OptionalAttributes ClassReference ATTRIBUTE &id ObjectIdentifierType #.END #.CLASS MATCHING-RESTRICTION &Restriction &Rules _FixedTypeValueSetFieldSpec &id ObjectIdentifierType #.END #.CLASS MATCHING-RULE &ParentMatchingRules ClassReference MATCHING-RULE &AssertionType &uniqueMatchIndicator ClassReference ATTRIBUTE &id ObjectIdentifierType #.END #.EXPORTS OBJECT-CLASS ATTRIBUTE MATCHING-RULE MAPPING-BASED-MATCHING NAME-FORM STRUCTURE-RULE CONTENT-RULE CONTEXT SEARCH-RULE MATCHING-RESTRICTION AllowedSubset Attribute AttributeCombination AttributeType AttributeTypeAndDistinguishedValue AttributeTypeAssertion AttributeUsage AttributeValue AttributeValueAssertion #BaseDistance ChopSpecification Context ContextAssertion ContextCombination ContextProfile ControlOptions DistinguishedName DITContentRule DITContextUse DITStructureRule EntryLimit ImposedSubset LocalName Mapping MatchingUse MRMapping MRSubstitution Name Refinement RelativeDistinguishedName RelaxationPolicy RDNSequence RequestAttribute ResultAttribute RuleIdentifier SearchRule SearchRuleDescription SearchRuleId SubtreeSpecification #.PDU DistinguishedName #.NO_EMIT #.TYPE_RENAME AttributeTypeAndDistinguishedValue/valuesWithContext T_valWithContext AttributeTypeAndDistinguishedValue/valuesWithContext/_item T_valWithContext_item ChopSpecification/specificExclusions T_chopSpecificExclusions ChopSpecification/specificExclusions/_item T_chopSpecificExclusions_item #.FIELD_RENAME AttributeTypeAssertion/assertedContexts ata_assertedContexts AttributeTypeAndDistinguishedValue/value atadv_value AttributeTypeAndDistinguishedValue/valuesWithContext valueswithContext AttributeTypeAndDistinguishedValue/valuesWithContext/_item valueswithContext_item ChopSpecification/specificExclusions chopSpecificExclusions ChopSpecification/specificExclusions/_item chopSpecificExclusions_item Refinement/and refinement_and Refinement/and/_item refinement_and_item Refinement/not refinement_not Refinement/or refinement_or Refinement/or/_item refinement_or_item ContextAssertion/contextType ca_contextType ContextAssertion/contextValues ca_contextValues ContextAssertion/contextValues/_item ca_contextValues_item ContextCombination/not contextcombination_not ContextCombination/and contextcombination_and ContextCombination/and/_item contextcombination_and_item ContextCombination/or contextcombination_or ContextCombination/or/_item contextcombination_or_item RelaxationPolicy/maximum maximum_relaxation RelaxationPolicy/minimum minimum_relaxation RequestAttribute/defaultValues/_item/values ra_values RequestAttribute/defaultValues/_item/values/_item ra_values_item RequestAttribute/selectedValues ra_selectedValues RequestAttribute/selectedValues/_item ra_selectedValues_item #.REGISTER DistinguishedName B "2.5.4.1" "id-at-aliasedEntryName" DistinguishedName B "2.5.4.31" "id-at-member" DistinguishedName B "2.5.4.32" "id-at-owner" DistinguishedName B "2.5.4.33" "id-at-roleOccupant" DistinguishedName B "2.5.4.34" "id-at-seeAlso" DistinguishedName B "2.5.4.49" "id-at-distinguishedName" DistinguishedName B "2.5.18.3" "id-oa-creatorsName" DistinguishedName B "2.5.18.4" "id-oa-modifiersName" SubtreeSpecification B "2.5.18.6" "id-oa-subtreeSpecification" DistinguishedName B "2.5.18.10" "id-oa-subschemaSubentry" DistinguishedName B "2.5.18.11" "id-oa-accessControlSubentry" DistinguishedName B "2.5.18.12" "id-oa-collectiveAttributeSubentry" DistinguishedName B "2.5.18.13" "id-oa-contextDefaultSubentry" HierarchyLevel B "2.5.18.17" "id-oa-hierarchyLevel" HierarchyBelow B "2.5.18.18" "iid-oa-hierarchyBelow" # X402 - see master list in acp133.cnf DistinguishedName B "2.6.5.2.5" "id-at-mhs-message-store-dn" DistinguishedName B "2.6.5.2.14" "id-at-mhs-dl-related-lists" # ACP133 - see master list in acp133.cnf DistinguishedName B "2.16.840.1.101.2.2.1.3" "id-at-alternateRecipient" DistinguishedName B "2.16.840.1.101.2.2.1.4" "id-at-associatedOrganization" DistinguishedName B "2.16.840.1.101.2.2.1.6" "id-at-associatedPLA" DistinguishedName B "2.16.840.1.101.2.2.1.49" "id-at-aliasPointer" DistinguishedName B "2.16.840.1.101.2.2.1.61" "id-at-listPointer" DistinguishedName B "2.16.840.1.101.2.2.1.110" "id-at-administrator" DistinguishedName B "2.16.840.1.101.2.2.1.111" "id-at-aigsExpanded" DistinguishedName B "2.16.840.1.101.2.2.1.113" "id-at-associatedAL" DistinguishedName B "2.16.840.1.101.2.2.1.114" "id-at-copyMember" DistinguishedName B "2.16.840.1.101.2.2.1.117" "id-at-guard" DistinguishedName B "2.16.840.1.101.2.2.1.121" "id-at-networkDN" DistinguishedName B "2.16.840.1.101.2.2.1.138" "id-at-plasServed" DistinguishedName B "2.16.840.1.101.2.2.1.139" "id-at-deployed" DistinguishedName B "2.16.840.1.101.2.2.1.140" "id-at-garrison" DistinguishedName B "2.16.840.1.101.2.2.1.184" "id-at-aCPDutyOfficer" DistinguishedName B "2.16.840.1.101.2.2.1.188" "id-at-primaryMember" #.FN_PARS ContextAssertion/contextType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY ContextAssertion/contextValues/_item offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS AttributeTypeAndDistinguishedValue/type FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY AttributeTypeAndDistinguishedValue/type const char *fmt; const char *name; %(DEFAULT_BODY)s if(actx->external.direct_reference) { /* see if we can find a nice name */ name = oid_resolved_from_string(actx->pinfo->pool, actx->external.direct_reference); if(!name) name = actx->external.direct_reference; if(last_rdn_buf) { /* append it to the RDN */ wmem_strbuf_append(last_rdn_buf, name); wmem_strbuf_append_c(last_rdn_buf, '='); /* append it to the tree */ proto_item_append_text(tree, " (%%s=", name); } else if(doing_attr) { /* append it to the parent item */ proto_item_append_text(tree, " (%%s)", name); } if((fmt = val_to_str_const(hf_index, fmt_vals, "")) && *fmt) { /* we have a format */ last_ava = (char *)wmem_alloc(actx->pinfo->pool, MAX_AVA_STR_LEN); *last_ava = '\0'; register_frame_end_routine (actx->pinfo, x509if_frame_end); snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt); proto_item_append_text(tree, " %%s", last_ava); } } #.FN_BODY AttributeTypeAndDistinguishedValue/value int old_offset = offset; tvbuff_t *out_tvb; char *value = NULL; const char *fmt; const char *name = NULL; const char *orig_oid = actx->external.direct_reference; offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); /* in dissecting the value we may have overridden the OID of the value - which is a problem if there are multiple values */ actx->external.direct_reference = orig_oid; /* try and dissect as a string */ dissect_ber_octet_string(false, actx, NULL, tvb, old_offset, hf_x509if_any_string, &out_tvb); /* should also try and dissect as an OID and integer */ /* of course, if I can look up the syntax .... */ if(out_tvb) { /* it was a string - format it */ value = tvb_format_text(actx->pinfo->pool, out_tvb, 0, tvb_reported_length(out_tvb)); if(last_rdn_buf) { wmem_strbuf_append(last_rdn_buf, value); /* append it to the tree*/ proto_item_append_text(tree, "%%s)", value); } if((fmt = val_to_str_const(ava_hf_index, fmt_vals, "")) && *fmt) { /* we have a format */ if (!last_ava) { last_ava = (char *)wmem_alloc(actx->pinfo->pool, MAX_AVA_STR_LEN); } if(!(name = oid_resolved_from_string(actx->pinfo->pool, actx->external.direct_reference))) name = actx->external.direct_reference; snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value); proto_item_append_text(tree, " %%s", last_ava); } } #.FN_PARS RequestAttribute/attributeType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY RequestAttribute/selectedValues/_item offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS RequestAttribute/defaultValues/_item/entryType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY RequestAttribute/defaultValues/_item/values/_item offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_BODY Attribute/valuesWithContext/_item/value offset=call_ber_oid_callback("unknown", tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS ResultAttribute/attributeType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY ResultAttribute/outputValues/selectedValues/_item offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS Context/contextType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY Context/contextValues/_item offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS AttributeType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY AttributeValue offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS AttributeValueAssertion/type FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY AttributeValueAssertion/assertion offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS Attribute/type FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY Attribute/values/_item offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS ContextProfile/contextType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY ContextProfile/contextValue/_item offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_PARS MatchingUse/restrictionType FN_VARIANT = _str HF_INDEX = hf_x509if_object_identifier_id VAL_PTR = &actx->external.direct_reference #.FN_BODY MatchingUse/restrictionValue offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_BODY AttributeTypeAndDistinguishedValue/valuesWithContext/_item/distingAttrValue offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL); #.FN_BODY RelativeDistinguishedName rdn_one_value = false; top_of_rdn = tree; last_rdn_buf = wmem_strbuf_new(actx->pinfo->pool, ""); register_frame_end_routine (actx->pinfo, x509if_frame_end); %(DEFAULT_BODY)s /* we've finished - close the bracket */ proto_item_append_text(top_of_rdn, " (%%s)", wmem_strbuf_get_str(last_rdn_buf)); /* now append this to the DN */ if (last_dn_buf) { if(wmem_strbuf_get_len(last_dn_buf) > 0) { wmem_strbuf_t *temp_dn_buf = wmem_strbuf_new_sized(actx->pinfo->pool, wmem_strbuf_get_len(last_rdn_buf) + wmem_strbuf_get_len(last_dn_buf) + 1); wmem_strbuf_append(temp_dn_buf, wmem_strbuf_get_str(last_rdn_buf)); wmem_strbuf_append_c(temp_dn_buf, ','); wmem_strbuf_append(temp_dn_buf, wmem_strbuf_get_str(last_dn_buf)); wmem_strbuf_destroy(last_dn_buf); last_dn_buf = temp_dn_buf; } else { wmem_strbuf_append(last_dn_buf, wmem_strbuf_get_str(last_rdn_buf)); } } last_rdn_buf = NULL; /* it will get freed when the next packet is dissected */ #.FN_BODY RelativeDistinguishedName/_item if(!rdn_one_value) { top_of_rdn = tree; } else { if(last_rdn_buf) /* this is an additional value - delimit */ wmem_strbuf_append_c(last_rdn_buf, '+'); } %(DEFAULT_BODY)s rdn_one_value = true; #.FN_BODY RDNSequence const char *fmt; dn_one_rdn = false; /* reset */ last_dn_buf = wmem_strbuf_new(actx->pinfo->pool, ""); top_of_dn = NULL; register_frame_end_routine (actx->pinfo, x509if_frame_end); %(DEFAULT_BODY)s /* we've finished - append the dn */ proto_item_append_text(top_of_dn, " (%%s)", wmem_strbuf_get_str(last_dn_buf)); /* see if we should append this to the col info */ if((fmt = val_to_str_const(hf_index, fmt_vals, "")) && *fmt) { /* we have a format */ col_append_fstr(actx->pinfo->cinfo, COL_INFO, " %%s%%s", fmt, wmem_strbuf_get_str(last_dn_buf)); } #.FN_BODY RDNSequence/_item if(!dn_one_rdn) { /* this is the first element - record the top */ top_of_dn = tree; } %(DEFAULT_BODY)s dn_one_rdn = true; #.FN_BODY AttributeValueAssertion ava_hf_index = hf_index; last_ava = (char *)wmem_alloc(actx->pinfo->pool, MAX_AVA_STR_LEN); *last_ava = '\0'; register_frame_end_routine (actx->pinfo, x509if_frame_end); %(DEFAULT_BODY)s ava_hf_index=-1; #.FN_BODY Attribute doing_attr = true; register_frame_end_routine (actx->pinfo, x509if_frame_end); %(DEFAULT_BODY)s #.END