Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ldap: Implement extended request/response and StartTLS support

Browse source 
PCAP was produced with a local OpenLDAP server configured to support StartTLS.

This puts the Zeek calls into a separate ldap_zeek.spicy file/module
to separate it from LDAP.
This commit is contained in:
Arne Welzel 2024-07-17 17:00:53 +02:00
parent f4a79fa703
commit 09a48c7028
19 changed files with 269 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

7
scripts/base/protocols/ldap/consts.zeek
View file

@ -120,4 +120,11 @@ export {
"searching", [ LDAP::SearchDerefAlias_DEREF_FINDING_BASE ] =
"finding", [ LDAP::SearchDerefAlias_DEREF_ALWAYS ] = "always", }
&default="unknown";
const EXTENDED_REQUESTS = {
# StartTLS, https://datatracker.ietf.org/doc/html/rfc4511#section-4.14.1
[ "1.3.6.1.4.1.1466.20037" ] = "StartTLS",
# whoami, https://datatracker.ietf.org/doc/html/rfc4532#section-2
[ "1.3.6.1.4.1.4203.1.11.3" ] = "whoami",
} &default="unknown" &redef;
}