Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/johanna/gh-3144'

Browse source 
* origin/topic/johanna/gh-3144:
  GSSAPI: basic support for MIC/WRAP tokens

(cherry picked from commit 93988d6db6)
This commit is contained in:
Tim Wojtulewicz 2023-06-21 15:33:24 -07:00
parent 6a033d5aed
commit 0c6f3bacf0
2 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/analyzer/protocol/gssapi/gssapi-protocol.pac
View file

@ -1,6 +1,16 @@
type GSSAPI_NEG_TOKEN(is_orig: bool) = record {
type GSSAPI_SELECT(is_orig: bool) = record {
wrapper : ASN1EncodingMeta;
token: case tok_id of {
0x0404 -> mic_blob: bytestring &restofdata;
0x0504 -> wrap_blob: bytestring &restofdata;
default -> neg_token: GSSAPI_NEG_TOKEN(is_orig, is_init);
} &requires(is_init) &requires(tok_id);
} &let {
is_init: bool = wrapper.tag == 0x60;
tok_id: uint32 = (wrapper.tag << 8) | wrapper.len;
} &byteorder=littleendian;
type GSSAPI_NEG_TOKEN(is_orig: bool, is_init: bool) = record {
have_oid : case is_init of {
true -> oid : ASN1Encoding;
false -> no_oid : empty;
@ -13,8 +23,6 @@ type GSSAPI_NEG_TOKEN(is_orig: bool) = record {
true -> init : GSSAPI_NEG_TOKEN_INIT;
false -> resp : GSSAPI_NEG_TOKEN_RESP;
};
} &let {
is_init: bool = wrapper.tag == 0x60;
} &byteorder=littleendian;
type GSSAPI_NEG_TOKEN_INIT = record {

2
src/analyzer/protocol/gssapi/gssapi.pac
View file

@ -23,7 +23,7 @@ connection GSSAPI_Conn(zeek_analyzer: ZeekAnalyzer) {
# Now we define the flow:
flow GSSAPI_Flow(is_orig: bool) {
datagram = GSSAPI_NEG_TOKEN(is_orig) withcontext(connection, this);
datagram = GSSAPI_SELECT(is_orig) withcontext(connection, this);
};
%include gssapi-analyzer.pac