Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Pluralize container names in LDAP types

Browse source
This commit is contained in:
Benjamin Bannier 2023-10-10 12:53:29 +02:00
parent 0c126f3c6b
commit 3a60a60619
12 changed files with 71 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

102
scripts/base/protocols/ldap/main.zeek
View file

@ -53,19 +53,19 @@ export {
version: int &log &optional; version: int &log &optional;
# normalized operations (e.g., bind_request and bind_response to "bind") # normalized operations (e.g., bind_request and bind_response to "bind")
opcode: set[string] &log &optional; opcodes: set[string] &log &optional;
# Result code(s) # Result code(s)
result: set[string] &log &optional; results: set[string] &log &optional;
# result diagnostic message(s) # result diagnostic message(s)
diagnostic_message: vector of string &log &optional; diagnostic_messages: vector of string &log &optional;
# object(s) # object(s)
object: vector of string &log &optional; objects: vector of string &log &optional;
# argument(s) # argument(s)
argument: vector of string &log &optional; arguments: vector of string &log &optional;
}; };
############################################################################# #############################################################################
@ -88,20 +88,20 @@ export {
message_id: int &log &optional; message_id: int &log &optional;
# sets of search scope and deref alias # sets of search scope and deref alias
scope: set[string] &log &optional; scopes: set[string] &log &optional;
deref: set[string] &log &optional; derefs: set[string] &log &optional;
# base search objects # base search objects
base_object: vector of string &log &optional; base_objects: vector of string &log &optional;
# number of results returned # number of results returned
result_count: count &log &optional; result_count: count &log &optional;
# Result code (s) # Result code (s)
result: set[string] &log &optional; results: set[string] &log &optional;
# result diagnostic message(s) # result diagnostic message(s)
diagnostic_message: vector of string &log &optional; diagnostic_messages: vector of string &log &optional;
# a string representation of the search filter used in the query # a string representation of the search filter used in the query
filter: string &log &optional; filter: string &log &optional;
@ -217,15 +217,15 @@ event LDAP::message(c: connection,
set_session(c, message_id, opcode); set_session(c, message_id, opcode);
if ( result != LDAP::ResultCode_Undef ) { if ( result != LDAP::ResultCode_Undef ) {
if ( ! c$ldap_searches[message_id]?$result ) if ( ! c$ldap_searches[message_id]?$results )
c$ldap_searches[message_id]$result = set(); c$ldap_searches[message_id]$results = set();
add c$ldap_searches[message_id]$result[RESULT_CODES[result]]; add c$ldap_searches[message_id]$results[RESULT_CODES[result]];
} }
if ( diagnostic_message != "" ) { if ( diagnostic_message != "" ) {
if ( ! c$ldap_searches[message_id]?$diagnostic_message ) if ( ! c$ldap_searches[message_id]?$diagnostic_messages )
c$ldap_searches[message_id]$diagnostic_message = vector(); c$ldap_searches[message_id]$diagnostic_messages = vector();
c$ldap_searches[message_id]$diagnostic_message += diagnostic_message; c$ldap_searches[message_id]$diagnostic_messages += diagnostic_message;
} }
if (( ! c$ldap_searches[message_id]?$proto ) && c?$ldap_proto) if (( ! c$ldap_searches[message_id]?$proto ) && c?$ldap_proto)
@ -237,43 +237,43 @@ event LDAP::message(c: connection,
} else if (opcode !in OPCODES_SEARCH) { } else if (opcode !in OPCODES_SEARCH) {
set_session(c, message_id, opcode); set_session(c, message_id, opcode);
if ( ! c$ldap_messages[message_id]?$opcode ) if ( ! c$ldap_messages[message_id]?$opcodes )
c$ldap_messages[message_id]$opcode = set(); c$ldap_messages[message_id]$opcodes = set();
add c$ldap_messages[message_id]$opcode[PROTOCOL_OPCODES[opcode]]; add c$ldap_messages[message_id]$opcodes[PROTOCOL_OPCODES[opcode]];
if ( result != LDAP::ResultCode_Undef ) { if ( result != LDAP::ResultCode_Undef ) {
if ( ! c$ldap_messages[message_id]?$result ) if ( ! c$ldap_messages[message_id]?$results )
c$ldap_messages[message_id]$result = set(); c$ldap_messages[message_id]$results = set();
add c$ldap_messages[message_id]$result[RESULT_CODES[result]]; add c$ldap_messages[message_id]$results[RESULT_CODES[result]];
} }
if ( diagnostic_message != "" ) { if ( diagnostic_message != "" ) {
if ( ! c$ldap_messages[message_id]?$diagnostic_message ) if ( ! c$ldap_messages[message_id]?$diagnostic_messages )
c$ldap_messages[message_id]$diagnostic_message = vector(); c$ldap_messages[message_id]$diagnostic_messages = vector();
c$ldap_messages[message_id]$diagnostic_message += diagnostic_message; c$ldap_messages[message_id]$diagnostic_messages += diagnostic_message;
} }
if ( object != "" ) { if ( object != "" ) {
if ( ! c$ldap_messages[message_id]?$object ) if ( ! c$ldap_messages[message_id]?$objects )
c$ldap_messages[message_id]$object = vector(); c$ldap_messages[message_id]$objects = vector();
c$ldap_messages[message_id]$object += object; c$ldap_messages[message_id]$objects += object;
} }
if ( argument != "" ) { if ( argument != "" ) {
if ( ! c$ldap_messages[message_id]?$argument ) if ( ! c$ldap_messages[message_id]?$arguments )
c$ldap_messages[message_id]$argument = vector(); c$ldap_messages[message_id]$arguments = vector();
if ("bind simple" in c$ldap_messages[message_id]$opcode && !default_capture_password) if ("bind simple" in c$ldap_messages[message_id]$opcodes && !default_capture_password)
c$ldap_messages[message_id]$argument += "REDACTED"; c$ldap_messages[message_id]$arguments += "REDACTED";
else else
c$ldap_messages[message_id]$argument += argument; c$ldap_messages[message_id]$arguments += argument;
} }
if (opcode in OPCODES_FINISHED) { if (opcode in OPCODES_FINISHED) {
if ((BIND_SIMPLE in c$ldap_messages[message_id]$opcode) || if ((BIND_SIMPLE in c$ldap_messages[message_id]$opcodes) ||
(BIND_SASL in c$ldap_messages[message_id]$opcode)) { (BIND_SASL in c$ldap_messages[message_id]$opcodes)) {
# don't have both "bind" and "bind <method>" in the operations list # don't have both "bind" and "bind <method>" in the operations list
delete c$ldap_messages[message_id]$opcode[PROTOCOL_OPCODES[LDAP::ProtocolOpcode_BIND_REQUEST]]; delete c$ldap_messages[message_id]$opcodes[PROTOCOL_OPCODES[LDAP::ProtocolOpcode_BIND_REQUEST]];
} }
if (( ! c$ldap_messages[message_id]?$proto ) && c?$ldap_proto) if (( ! c$ldap_messages[message_id]?$proto ) && c?$ldap_proto)
@ -301,21 +301,21 @@ event LDAP::searchreq(c: connection,
set_session(c, message_id, LDAP::ProtocolOpcode_SEARCH_REQUEST); set_session(c, message_id, LDAP::ProtocolOpcode_SEARCH_REQUEST);
if ( scope != LDAP::SearchScope_Undef ) { if ( scope != LDAP::SearchScope_Undef ) {
if ( ! c$ldap_searches[message_id]?$scope ) if ( ! c$ldap_searches[message_id]?$scopes )
c$ldap_searches[message_id]$scope = set(); c$ldap_searches[message_id]$scopes = set();
add c$ldap_searches[message_id]$scope[SEARCH_SCOPES[scope]]; add c$ldap_searches[message_id]$scopes[SEARCH_SCOPES[scope]];
} }
if ( deref != LDAP::SearchDerefAlias_Undef ) { if ( deref != LDAP::SearchDerefAlias_Undef ) {
if ( ! c$ldap_searches[message_id]?$deref ) if ( ! c$ldap_searches[message_id]?$derefs )
c$ldap_searches[message_id]$deref = set(); c$ldap_searches[message_id]$derefs = set();
add c$ldap_searches[message_id]$deref[SEARCH_DEREF_ALIASES[deref]]; add c$ldap_searches[message_id]$derefs[SEARCH_DEREF_ALIASES[deref]];
} }
if ( base_object != "" ) { if ( base_object != "" ) {
if ( ! c$ldap_searches[message_id]?$base_object ) if ( ! c$ldap_searches[message_id]?$base_objects )
c$ldap_searches[message_id]$base_object = vector(); c$ldap_searches[message_id]$base_objects = vector();
c$ldap_searches[message_id]$base_object += base_object; c$ldap_searches[message_id]$base_objects += base_object;
} }
c$ldap_searches[message_id]$filter = filter; c$ldap_searches[message_id]$filter = filter;
@ -347,13 +347,13 @@ event LDAP::bindreq(c: connection,
if ( ! c$ldap_messages[message_id]?$version ) if ( ! c$ldap_messages[message_id]?$version )
c$ldap_messages[message_id]$version = version; c$ldap_messages[message_id]$version = version;
if ( ! c$ldap_messages[message_id]?$opcode ) if ( ! c$ldap_messages[message_id]?$opcodes )
c$ldap_messages[message_id]$opcode = set(); c$ldap_messages[message_id]$opcodes = set();
if (authType == LDAP::BindAuthType_BIND_AUTH_SIMPLE) { if (authType == LDAP::BindAuthType_BIND_AUTH_SIMPLE) {
add c$ldap_messages[message_id]$opcode[BIND_SIMPLE]; add c$ldap_messages[message_id]$opcodes[BIND_SIMPLE];
} else if (authType == LDAP::BindAuthType_BIND_AUTH_SASL) { } else if (authType == LDAP::BindAuthType_BIND_AUTH_SASL) {
add c$ldap_messages[message_id]$opcode[BIND_SASL]; add c$ldap_messages[message_id]$opcodes[BIND_SASL];
} }
} }
@ -367,9 +367,9 @@ event connection_state_remove(c: connection) {
for ( [mid], m in c$ldap_messages ) { for ( [mid], m in c$ldap_messages ) {
if (mid > 0) { if (mid > 0) {
if ((BIND_SIMPLE in m$opcode) || (BIND_SASL in m$opcode)) { if ((BIND_SIMPLE in m$opcodes) || (BIND_SASL in m$opcodes)) {
# don't have both "bind" and "bind <method>" in the operations list # don't have both "bind" and "bind <method>" in the operations list
delete m$opcode[PROTOCOL_OPCODES[LDAP::ProtocolOpcode_BIND_REQUEST]]; delete m$opcodes[PROTOCOL_OPCODES[LDAP::ProtocolOpcode_BIND_REQUEST]];
} }
if (( ! m?$proto ) && c?$ldap_proto) if (( ! m?$proto ) && c?$ldap_proto)

20
testing/btest/Baseline/coverage.record-fields/out.default
View file

@ -362,15 +362,15 @@ connection {
} }
* ldap_messages: table[int] of record LDAP::MessageInfo, log=F, optional=T * ldap_messages: table[int] of record LDAP::MessageInfo, log=F, optional=T
LDAP::MessageInfo { LDAP::MessageInfo {
* argument: vector of string, log=T, optional=T * arguments: vector of string, log=T, optional=T
* diagnostic_message: vector of string, log=T, optional=T * diagnostic_messages: vector of string, log=T, optional=T
* id: record conn_id, log=T, optional=F * id: record conn_id, log=T, optional=F
conn_id { ... } conn_id { ... }
* message_id: int, log=T, optional=T * message_id: int, log=T, optional=T
* object: vector of string, log=T, optional=T * objects: vector of string, log=T, optional=T
* opcode: set[string], log=T, optional=T * opcodes: set[string], log=T, optional=T
* proto: string, log=T, optional=T * proto: string, log=T, optional=T
* result: set[string], log=T, optional=T * results: set[string], log=T, optional=T
* ts: time, log=T, optional=F * ts: time, log=T, optional=F
* uid: string, log=T, optional=F * uid: string, log=T, optional=F
* version: int, log=T, optional=T * version: int, log=T, optional=T
@ -379,17 +379,17 @@ connection {
* ldap_searches: table[int] of record LDAP::SearchInfo, log=F, optional=T * ldap_searches: table[int] of record LDAP::SearchInfo, log=F, optional=T
LDAP::SearchInfo { LDAP::SearchInfo {
* attributes: vector of string, log=T, optional=T * attributes: vector of string, log=T, optional=T
* base_object: vector of string, log=T, optional=T * base_objects: vector of string, log=T, optional=T
* deref: set[string], log=T, optional=T * derefs: set[string], log=T, optional=T
* diagnostic_message: vector of string, log=T, optional=T * diagnostic_messages: vector of string, log=T, optional=T
* filter: string, log=T, optional=T * filter: string, log=T, optional=T
* id: record conn_id, log=T, optional=F * id: record conn_id, log=T, optional=F
conn_id { ... } conn_id { ... }
* message_id: int, log=T, optional=T * message_id: int, log=T, optional=T
* proto: string, log=T, optional=T * proto: string, log=T, optional=T
* result: set[string], log=T, optional=T
* result_count: count, log=T, optional=T * result_count: count, log=T, optional=T
* scope: set[string], log=T, optional=T * results: set[string], log=T, optional=T
* scopes: set[string], log=T, optional=T
* ts: time, log=T, optional=F * ts: time, log=T, optional=F
* uid: string, log=T, optional=F * uid: string, log=T, optional=F
} }

2
testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap #path ldap
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcode result diagnostic_message object argument #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string] #types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED

2
testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap_search.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap_search #path ldap_search
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scope deref base_object result_count result diagnostic_message filter attributes #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string] #types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) sAMAccountName XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) sAMAccountName
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap #path ldap
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcode result diagnostic_message object argument #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string] #types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED

2
testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap_search.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap_search #path ldap_search
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scope deref base_object result_count result diagnostic_message filter attributes #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string] #types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 3268 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap #path ldap
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcode result diagnostic_message object argument #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string] #types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 1 3 bind simple success - xxxxxxxxxxx@xx.xxx.xxxxx.net REDACTED
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 3 3 bind simple success - CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net REDACTED

2
testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap_search.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap_search #path ldap_search
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scope deref base_object result_count result diagnostic_message filter attributes #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string] #types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 25936 10.0.0.2 32681 tcp 2 tree always DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net 1 success - (&(objectclass=*)(sAMAccountName=xxxxxxxx)) -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap #path ldap
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcode result diagnostic_message object argument #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id version opcodes results diagnostic_messages objects arguments
#types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string] #types time string addr port addr port string int int set[string] set[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 tcp 215 3 bind SASL success - - GSS-SPNEGO XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 tcp 215 3 bind SASL success - - GSS-SPNEGO
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap_search.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap_search #path ldap_search
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scope deref base_object result_count result diagnostic_message filter attributes #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto message_id scopes derefs base_objects result_count results diagnostic_messages filter attributes
#types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string] #types time string addr port addr port string int set[string] set[string] vector[string] count set[string] vector[string] string vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 tcp 213 base never - 1 success - (objectclass=*) - XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.31.1.104 3116 172.31.1.101 389 tcp 213 base never - 1 success - (objectclass=*) -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.ldap.search_filter_extended/ldap_search.log
View file

@ -5,7 +5,7 @@
#unset_field - #unset_field -
#path ldap_search #path ldap_search
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields uid filter base_object #fields uid filter base_objects
#types string string vector[string] #types string string vector[string]
CHhAvVGS1DHFjwGM9 (departmentNumber:2.16.840.1.113730.3.3.2.46.1:=>=N4709) DC=matrix\x2cDC=local CHhAvVGS1DHFjwGM9 (departmentNumber:2.16.840.1.113730.3.3.2.46.1:=>=N4709) DC=matrix\x2cDC=local
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/scripts/base/protocols/ldap/search_filter_extended.zeek
View file

@ -4,7 +4,7 @@
# #
# @TEST-REQUIRES: have-spicy # @TEST-REQUIRES: have-spicy
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/issue-32.pcapng %INPUT # @TEST-EXEC: zeek -C -r ${TRACES}/ldap/issue-32.pcapng %INPUT
# @TEST-EXEC: cat ldap_search.log | zeek-cut -C uid filter base_object > ldap_search.log2 && mv ldap_search.log2 ldap_search.log # @TEST-EXEC: cat ldap_search.log | zeek-cut -C uid filter base_objects > ldap_search.log2 && mv ldap_search.log2 ldap_search.log
# @TEST-EXEC: btest-diff ldap_search.log # @TEST-EXEC: btest-diff ldap_search.log
# #
# @TEST-DOC: Test LDAP analyzer with small trace. # @TEST-DOC: Test LDAP analyzer with small trace.