mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 13:38:19 +00:00
Clean up formatting.
This commit is contained in:
Vlad Grigorescu
parent
aea0ae453e
commit
444ff240bd
7 changed files with 47 additions and 59 deletions
|
|
@ -10,14 +10,14 @@ export {
|
|||
# Client certificate
|
||||
client_cert: Files::Info &optional;
|
||||
# Subject of client certificate, if any
|
||||
client_cert_subject:string &log &optional;
|
||||
client_cert_subject: string &log &optional;
|
||||
# File unique ID of client cert, if any
|
||||
client_cert_fuid: string &log &optional;
|
||||
|
||||
# Server certificate
|
||||
server_cert: Files::Info &optional;
|
||||
# Subject of server certificate, if any
|
||||
server_cert_subject:string &log &optional;
|
||||
server_cert_subject: string &log &optional;
|
||||
# File unique ID of server cert, if any
|
||||
server_cert_fuid: string &log &optional;
|
||||
};
|
||||
|
|
@ -103,7 +103,7 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
|
|||
c$krb = info;
|
||||
|
||||
Files::add_analyzer(f, Files::ANALYZER_X509);
|
||||
# always calculate hashes. They are not necessary for base scripts
|
||||
# Always calculate hashes. They are not necessary for base scripts
|
||||
# but very useful for identification, and required for policy scripts
|
||||
Files::add_analyzer(f, Files::ANALYZER_MD5);
|
||||
Files::add_analyzer(f, Files::ANALYZER_SHA1);
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ export {
|
|||
# log NEEDED_PREAUTH.
|
||||
"NEEDED_PREAUTH",
|
||||
# This is a more specific version of NEEDED_PREAUTH that's used
|
||||
# by Winodws AD Kerberos.
|
||||
# by Windows AD Kerberos.
|
||||
"Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
|
||||
} &redef;
|
||||
|
||||
|
|
@ -82,8 +82,7 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
|
|||
|
||||
if ( msg?$error_text && msg$error_text in ignored_errors )
|
||||
{
|
||||
if ( c?$krb )
|
||||
delete c$krb;
|
||||
if ( c?$krb ) delete c$krb;
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -100,8 +99,7 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
|
|||
info$id = c$id;
|
||||
}
|
||||
|
||||
if ( ! info?$client )
|
||||
if ( msg?$client_name || msg?$client_realm )
|
||||
if ( ! info?$client && ( msg?$client_name || msg?$client_realm ) )
|
||||
info$client = fmt("%s%s", msg?$client_name ? msg$client_name + "/" : "",
|
||||
msg?$client_realm ? msg$client_realm : "");
|
||||
|
||||
|
|
@ -110,13 +108,8 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
|
|||
|
||||
info$error_code = msg$error_code;
|
||||
|
||||
if ( msg?$error_text )
|
||||
info$error_msg = msg$error_text;
|
||||
else
|
||||
{
|
||||
if ( msg$error_code in error_msg )
|
||||
info$error_msg = error_msg[msg$error_code];
|
||||
}
|
||||
if ( msg?$error_text ) info$error_msg = msg$error_text;
|
||||
else if ( msg$error_code in error_msg ) info$error_msg = error_msg[msg$error_code];
|
||||
|
||||
c$krb = info;
|
||||
}
|
||||
|
|
@ -158,15 +151,13 @@ event krb_as_request(c: connection, msg: KDC_Request) &priority=5
|
|||
{
|
||||
if ( msg$host_addrs[i]?$ip )
|
||||
{
|
||||
if ( ! info?$network_addrs )
|
||||
info$network_addrs = vector();
|
||||
if ( ! info?$network_addrs ) info$network_addrs = vector();
|
||||
info$network_addrs[|info$network_addrs|] = msg$host_addrs[i]$ip;
|
||||
}
|
||||
|
||||
if ( msg$host_addrs[i]?$netbios )
|
||||
{
|
||||
if ( ! info?$netbios_addrs )
|
||||
info$netbios_addrs = vector();
|
||||
if ( ! info?$netbios_addrs ) info$netbios_addrs = vector();
|
||||
info$netbios_addrs[|info$netbios_addrs|] = msg$host_addrs[i]$netbios;
|
||||
}
|
||||
}
|
||||
|
|
@ -191,8 +182,7 @@ event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5
|
|||
info$uid = c$uid;
|
||||
info$id = c$id;
|
||||
info$service = msg$service_name;
|
||||
if ( msg?$from )
|
||||
info$from = msg$from;
|
||||
if ( msg?$from ) info$from = msg$from;
|
||||
info$till = msg$till;
|
||||
|
||||
c$krb = info;
|
||||
|
|
@ -226,7 +216,6 @@ event krb_as_response(c: connection, msg: KDC_Response) &priority=5
|
|||
|
||||
event krb_as_response(c: connection, msg: KDC_Response) &priority=-5
|
||||
{
|
||||
|
||||
Log::write(KRB::LOG, c$krb);
|
||||
c$krb$logged = T;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -157,4 +157,3 @@ event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%);
|
|||
## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
|
||||
## krb_ap_request krb_ap_response krb_priv krb_safe krb_cred
|
||||
event krb_error%(c: connection, msg: KRB::Error_Msg%);
|
||||
|
||||
|
|
|
|||
|
|
@ -68,14 +68,14 @@ type ASN1Encoding = record {
|
|||
};
|
||||
|
||||
type ASN1EncodingMeta = record {
|
||||
tag: uint8;
|
||||
len: uint8;
|
||||
tag : uint8;
|
||||
len : uint8;
|
||||
more_len: bytestring &length = long_len ? (len & 0x7f) : 0;
|
||||
} &let {
|
||||
long_len: bool = (len & 0x80) > 0;
|
||||
length: uint64 = long_len ? binary_to_int64(more_len) : len;
|
||||
has_index: bool = (tag >= ASN1_INDEX_TAG_OFFSET);
|
||||
index: uint8 = tag - ASN1_INDEX_TAG_OFFSET;
|
||||
long_len : bool = (len & 0x80) > 0;
|
||||
length : uint64 = long_len ? binary_to_int64(more_len) : len;
|
||||
has_index : bool = (tag >= ASN1_INDEX_TAG_OFFSET);
|
||||
index : uint8 = tag - ASN1_INDEX_TAG_OFFSET;
|
||||
};
|
||||
|
||||
type ASN1OptionalEncodingMeta(is_present: bool, previous_metadata: ASN1EncodingMeta) = case is_present of {
|
||||
|
|
@ -94,19 +94,19 @@ type ASN1OctetString = record {
|
|||
};
|
||||
|
||||
type SequenceElement(grab_content: bool) = record {
|
||||
index_meta: ASN1EncodingMeta;
|
||||
have_content: case grab_content of {
|
||||
index_meta : ASN1EncodingMeta;
|
||||
have_content : case grab_content of {
|
||||
true -> data: ASN1Encoding;
|
||||
false -> meta: ASN1EncodingMeta;
|
||||
};
|
||||
} &let {
|
||||
index: uint8 = index_meta.index;
|
||||
length: uint64 = index_meta.length;
|
||||
index : uint8 = index_meta.index;
|
||||
length : uint64 = index_meta.length;
|
||||
};
|
||||
|
||||
type Array = record {
|
||||
array_meta: ASN1EncodingMeta;
|
||||
data: ASN1Encoding[];
|
||||
array_meta : ASN1EncodingMeta;
|
||||
data : ASN1Encoding[];
|
||||
};
|
||||
|
||||
function binary_to_int64(bs: bytestring): int64
|
||||
|
|
|
|||
|
|
@ -127,8 +127,8 @@ type KRB_PA_Data_Optional(is_orig: bool, pkt_type: uint8, desired_index: uint8)
|
|||
#
|
||||
# Note: Split off due to a BinPAC bug
|
||||
type KRB_PA_Data_Optional_Contents(is_orig: bool, is_present: bool, pkt_type: uint8, length: uint64) = case is_present of {
|
||||
true -> padata: KRB_PA_Data_Sequence(is_orig, pkt_type) &length=length;
|
||||
false -> none: empty;
|
||||
true -> padata : KRB_PA_Data_Sequence(is_orig, pkt_type) &length=length;
|
||||
false -> none : empty;
|
||||
};
|
||||
|
||||
# This is our main type
|
||||
|
|
|
|||
|
|
@ -75,15 +75,15 @@ type KRB_REQ_Arg_Data(index: uint8) = case index of {
|
|||
7 -> nonce : ASN1Integer;
|
||||
8 -> etype : Array;
|
||||
9 -> addrs : KRB_Host_Addresses;
|
||||
10 -> auth_data : ASN1OctetString; # TODO
|
||||
10 -> auth_data : ASN1OctetString;
|
||||
11 -> addl_tkts : KRB_Ticket_Sequence;
|
||||
default -> unknown : bytestring &restofdata;
|
||||
};
|
||||
|
||||
type KRB_KDC_Options = record {
|
||||
meta : ASN1EncodingMeta;
|
||||
pad: uint8;
|
||||
flags: uint32;
|
||||
pad : uint8;
|
||||
flags : uint32;
|
||||
} &let {
|
||||
reserved : bool = (flags & 0x80000000) > 0;
|
||||
forwardable : bool = (flags & 0x40000000) > 0;
|
||||
|
|
@ -168,7 +168,7 @@ type KRB_ERROR_Arg(is_orig: bool, error_code: int64) = record {
|
|||
seq_meta: ASN1EncodingMeta;
|
||||
args : KRB_ERROR_Arg_Data(is_orig, seq_meta.index, error_code) &length=arg_length;
|
||||
} &let {
|
||||
process_in_parent: bool = seq_meta.index == 6;
|
||||
process_in_parent : bool = seq_meta.index == 6;
|
||||
arg_length : uint64 = ( process_in_parent ? 0 : seq_meta.length);
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue