Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Clean up formatting.

Browse source
This commit is contained in:
Vlad Grigorescu 2015-02-05 14:21:34 -05:00
parent aea0ae453e
commit 444ff240bd
7 changed files with 47 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/krb/files.bro
View file

@ -103,7 +103,7 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
c$krb = info;
Files::add_analyzer(f, Files::ANALYZER_X509);
# always calculate hashes. They are not necessary for base scripts
# Always calculate hashes. They are not necessary for base scripts
# but very useful for identification, and required for policy scripts
Files::add_analyzer(f, Files::ANALYZER_MD5);
Files::add_analyzer(f, Files::ANALYZER_SHA1);

27
scripts/base/protocols/krb/main.bro
View file

@ -58,7 +58,7 @@ export {
# log NEEDED_PREAUTH.
"NEEDED_PREAUTH",
# This is a more specific version of NEEDED_PREAUTH that's used
# by Winodws AD Kerberos.
# by Windows AD Kerberos.
"Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
} &redef;
@ -82,8 +82,7 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
if ( msg?$error_text && msg$error_text in ignored_errors )
{
if ( c?$krb )
delete c$krb;
if ( c?$krb ) delete c$krb;
return;
}
@ -100,8 +99,7 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
info$id = c$id;
}
if ( ! info?$client )
if ( msg?$client_name || msg?$client_realm )
if ( ! info?$client && ( msg?$client_name || msg?$client_realm ) )
info$client = fmt("%s%s", msg?$client_name ? msg$client_name + "/" : "",
msg?$client_realm ? msg$client_realm : "");
@ -110,13 +108,8 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
info$error_code = msg$error_code;
if ( msg?$error_text )
info$error_msg = msg$error_text;
else
{
if ( msg$error_code in error_msg )
info$error_msg = error_msg[msg$error_code];
}
if ( msg?$error_text ) info$error_msg = msg$error_text;
else if ( msg$error_code in error_msg ) info$error_msg = error_msg[msg$error_code];
c$krb = info;
}
@ -158,15 +151,13 @@ event krb_as_request(c: connection, msg: KDC_Request) &priority=5
{
if ( msg$host_addrs[i]?$ip )
{
if ( ! info?$network_addrs )
info$network_addrs = vector();
if ( ! info?$network_addrs ) info$network_addrs = vector();
info$network_addrs[|info$network_addrs|] = msg$host_addrs[i]$ip;
}
if ( msg$host_addrs[i]?$netbios )
{
if ( ! info?$netbios_addrs )
info$netbios_addrs = vector();
if ( ! info?$netbios_addrs ) info$netbios_addrs = vector();
info$netbios_addrs[|info$netbios_addrs|] = msg$host_addrs[i]$netbios;
}
}
@ -191,8 +182,7 @@ event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5
info$uid = c$uid;
info$id = c$id;
info$service = msg$service_name;
if ( msg?$from )
info$from = msg$from;
if ( msg?$from ) info$from = msg$from;
info$till = msg$till;
c$krb = info;
@ -226,7 +216,6 @@ event krb_as_response(c: connection, msg: KDC_Response) &priority=5
event krb_as_response(c: connection, msg: KDC_Response) &priority=-5
{
Log::write(KRB::LOG, c$krb);
c$krb$logged = T;
}

1
src/analyzer/protocol/krb/events.bif
View file

@ -157,4 +157,3 @@ event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%);
## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
## krb_ap_request krb_ap_response krb_priv krb_safe krb_cred
event krb_error%(c: connection, msg: KRB::Error_Msg%);

2
src/analyzer/protocol/krb/krb-protocol.pac
View file

@ -75,7 +75,7 @@ type KRB_REQ_Arg_Data(index: uint8) = case index of {
7 -> nonce : ASN1Integer;
8 -> etype : Array;
9 -> addrs : KRB_Host_Addresses;
10 -> auth_data : ASN1OctetString; # TODO
10 -> auth_data : ASN1OctetString;
11 -> addl_tkts : KRB_Ticket_Sequence;
default -> unknown : bytestring &restofdata;
};