Hi monks.

I'm trying to debug some problems with an LDAP server around here, and as they are related to the password policy controls, I want to be able to read them. I capture the traffic with wireshack and see that in the answer to the bid request the control has, say, this value:

308400000006a004800200e3

And, according to some documentation, this is the ASN.1 structure that is supposed to fill:

PasswordPolicyResponseValue ::= SEQUENCE {
  warning [0] CHOICE OPTIONAL {
    timeBeforeExpiration [0] INTEGER (0 .. maxInt),
    graceLoginsRemaining [1] INTEGER (0 .. maxInt) 
  }
  error [1] ENUMERATED OPTIONAL {
    passwordExpired       (0),
    accountLocked         (1),
    changeAfterReset      (2),
    passwordModNotAllowed (3),
    mustSupplyOldPassword (4),
    invalidPasswordSyntax (5),
    passwordTooShort      (6),
    passwordTooYoung      (7),
    passwordInHistory     (8) 
  }
}

[download]

So, with zero knowledge as usual :-P I went and did this small program:

#!/usr/bin/perl 

use Convert::ASN1;
use Data::Dumper;

$asn = Convert::ASN1->new;
$asn->prepare(q<
PasswordPolicyResponseValue ::= SEQUENCE {
  warning [0] CHOICE  {
    timeBeforeExpiration [0] INTEGER,
    graceLoginsRemaining [1] INTEGER
  }
  error [1] ENUMERATED  {
    passwordExpired       (0),
    accountLocked         (1),
    changeAfterReset      (2),
    passwordModNotAllowed (3),
    mustSupplyOldPassword (4),
    invalidPasswordSyntax (5),
    passwordTooShort      (6),
    passwordTooYoung      (7),
    passwordInHistory     (8)
  }
}
>) or die($asn->error);

$data="308400000006a004800200e3";
$data=pack("h*",$data);
$structure=$asn->decode($data) or print $asn->error();
print Dumper($structure);

[download]

And guess what, it didnt work :-P Ok, the first problem is that if I use the original definition, it dies with errors saying there are plenty of syntax mistakes in that ASN.1 thingy, so first question, what is the format Convert::ASN1 expects? Is documented? Is that definition bad?

So after taking out some things out till it compiles, I got the one that is in the code above. That gets out of prepare, but dies in the decoding with a completly unhelpful:

"decode error at /usr/lib/perl5/site_perl/5.10/Convert/ASN1/_decode.pm line 57."

So, ok, what would be the quick & easy way to get to see if the values in the control definition are being set, and to what values, using Convert::ASN1 or any other module you think its best?

Best regards

In reply to Using Convert::ASN1 to decode an LDAP control by Latro

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.