Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor base krb scripts and update tests.

Browse source
This commit is contained in:
Seth Hall 2017-02-18 13:55:39 -05:00
parent c40a89e5db
commit 0b8b76cfab
8 changed files with 135 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

26
scripts/policy/protocols/krb/ticket-logging.bro
View file

@ -1,3 +1,7 @@
##! Add Kerberos ticket hashes to the krb.log
@load base/protocols/krb
module KRB;
redef record Info += {
@ -9,25 +13,11 @@ redef record Info += {
event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
{
if ( c?$krb && c$krb$logged )
return;
local info: Info;
# Will be overwritten when request is a TGS
c$krb$request_type = "AP";
if ( !c?$krb )
{
info$ts = network_time();
info$uid = c$uid;
info$id = c$id;
}
else
info = c$krb;
info$request_type = "AP"; # Will be overwritten when request is a TGS
if ( ticket?$ciphertext )
info$auth_ticket = md5_hash(ticket$ciphertext);
c$krb = info;
c$krb$auth_ticket = md5_hash(ticket$ciphertext);
}
event krb_as_response(c: connection, msg: KDC_Response)
@ -40,4 +30,4 @@ event krb_tgs_response(c: connection, msg: KDC_Response)
{
if ( msg$ticket?$ciphertext )
c$krb$new_ticket = md5_hash(msg$ticket$ciphertext);
}
}