I am trying to get a grasp on the rules that allow us to invoke protocols. We all know that https://www.example.com/path/?argument=value#segment allows us to get our https resources through https protocol. It gets a little more interesting when we add in some other protocols. One example would be ftp.example.com. Another example we saw with log4J. Jdns:ldap://{10.0.0.1} where this was the IP address of www.something-evil.com. I ‘ve tried to dissect the schema of the ldap protocol which follows ABNF syntax:
noidlen = numericoid [ LCURLY len RCURLY ]
len = number
oids = oid / ( LPAREN WSP oidlist WSP RPAREN )
oidlist = oid *( WSP DOLLAR WSP oid )
extensions = *( SP xstring SP qdstrings )
xstring = "X" HYPHEN 1*( ALPHA / HYPHEN / USCORE )
qdescrs = qdescr / ( LPAREN WSP qdescrlist WSP RPAREN )
qdescrlist = [ qdescr *( SP qdescr ) ]
qdescr = SQUOTE descr SQUOTE
qdstrings = qdstring / ( LPAREN WSP qdstringlist WSP RPAREN )
qdstringlist = [ qdstring *( SP qdstring ) ]
qdstring = SQUOTE dstring SQUOTE
dstring = 1*( QS / QQ / QUTF8 ) ; escaped UTF-8 string
QQ = ESC %x32 %x37 ; "27"
QS = ESC %x35 ( %x43 / %x63 ) ; "5C" / "5c"
; Any UTF-8 encoded Unicode character
; except %x27 ("'") and %x5C ("")
QUTF8 = QUTF1 / UTFMB
; Any ASCII character except %x27 ("'") and %x5C ("")
QUTF1 = %x00-26 / %x28-5B / %x5D-7F
For those who like to read along ABNF uses the following operators:
; //for a comment
SPACE // for concatenation
/ //works like OR operator
=/ //for adding to a list
[] //indicates optional element
() //groups elements together to apply rules to the group
- //specifies a range
I’ve also taken a look into the noidlen class and found out some interesting things explaining at least some of the keywords used.
noidlen = numericoid [ LCURLY len RCURLY ]
numericoid = number 1*( DOT number )
len = number
number = DIGIT | ( LDIGIT 1*DIGIT )
DIGIT = %x30 | LDIGIT ; "0"-"9"
LDIGIT = %x31-39 ; "1"-"9"
DOT = %x2E ; period (".")
LCURLY = %x7B ; left curly brace "{"
RCURLY = %x7D ; right curly brace "}"
All this research however still leaves me in the dark about many variables and I find myself unable to see the big picture; How does this schema relate to something like ldap://{10.0.0.1}. For instance what is QQ, what is QS, WSP DOLLAR WSP oid (oid = objects identifier), this all looks a little magical to me and there is no reference to a global documentation as to how the keywords, or their respective order is structured (would it for instance be a problem if I declared Xstrings before extensions). I hope you don’t think I’m too lazy to do my homework. I’m just stuck on diving deeper into the practical aspects of services and networking.