Merge remote-tracking branch 'origin/topic/johanna/gh-3144'

* origin/topic/johanna/gh-3144: GSSAPI: basic support for MIC/WRAP tokens (cherry picked from commit 93988d6db6)
2025-10-14 04:28:20 +00:00 · 2023-06-21 15:33:24 -07:00 · 2023-06-21 15:33:24 -07:00 · 0c6f3bacf0
commit 0c6f3bacf0
parent 6a033d5aed
2 changed files with 13 additions and 5 deletions
--- a/src/analyzer/protocol/gssapi/gssapi-protocol.pac
+++ b/src/analyzer/protocol/gssapi/gssapi-protocol.pac
@ -1,6 +1,16 @@
-
+type GSSAPI_SELECT(is_orig: bool) = record {
 type GSSAPI_NEG_TOKEN(is_orig: bool) = record {
 	wrapper  : ASN1EncodingMeta;
 	token: case tok_id of {
 		0x0404 -> mic_blob: bytestring &restofdata;
 		0x0504 -> wrap_blob: bytestring &restofdata;
 		default -> neg_token: GSSAPI_NEG_TOKEN(is_orig, is_init);
 	} &requires(is_init) &requires(tok_id);
 } &let {
 	is_init: bool = wrapper.tag == 0x60;
 	tok_id: uint32 = (wrapper.tag << 8) | wrapper.len;
 } &byteorder=littleendian;
 type GSSAPI_NEG_TOKEN(is_orig: bool, is_init: bool) = record {
 	have_oid : case is_init of {
 		true  -> oid    : ASN1Encoding;
 		false -> no_oid : empty;
@ -13,8 +23,6 @@ type GSSAPI_NEG_TOKEN(is_orig: bool) = record {
 		true  -> init : GSSAPI_NEG_TOKEN_INIT;
 		false -> resp : GSSAPI_NEG_TOKEN_RESP;
 	};
 } &let {
 	is_init: bool = wrapper.tag == 0x60;
 } &byteorder=littleendian;
 type GSSAPI_NEG_TOKEN_INIT = record {
--- a/src/analyzer/protocol/gssapi/gssapi.pac
+++ b/src/analyzer/protocol/gssapi/gssapi.pac
@ -23,7 +23,7 @@ connection GSSAPI_Conn(zeek_analyzer: ZeekAnalyzer) {
 # Now we define the flow:
 flow GSSAPI_Flow(is_orig: bool) {
-	datagram = GSSAPI_NEG_TOKEN(is_orig) withcontext(connection, this);
+	datagram = GSSAPI_SELECT(is_orig) withcontext(connection, this);
 };
 %include gssapi-analyzer.pac