Clean up formatting.

scripts/base/protocols/krb/files.bro

@@ -10,14 +10,14 @@ export {
 		# Client certificate
 		client_cert:		Files::Info &optional;
 		# Subject of client certificate, if any
-		client_cert_subject:string &log &optional;
+		client_cert_subject:	string &log &optional;
 		# File unique ID of client cert, if any
 		client_cert_fuid:	string &log &optional;
 
 		# Server certificate
 		server_cert:		Files::Info &optional;
 		# Subject of server certificate, if any
-		server_cert_subject:string &log &optional;
+		server_cert_subject:	string &log &optional;
 		# File unique ID of server cert, if any
 		server_cert_fuid:	string &log &optional;
 	};
@@ -58,8 +58,8 @@ function describe_file(f: fa_file): string
 		}
 
 	return cat("Serial: ", f$info$x509$certificate$serial, " Subject: ",
-		f$info$x509$certificate$subject, " Issuer: ",
-		f$info$x509$certificate$issuer);
+			       f$info$x509$certificate$subject, " Issuer: ",
+			       f$info$x509$certificate$issuer);
 	}
 
 event bro_init() &priority=5
@@ -103,7 +103,7 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
 	c$krb = info;
 		
 	Files::add_analyzer(f, Files::ANALYZER_X509);
-	# always calculate hashes. They are not necessary for base scripts
+	# Always calculate hashes. They are not necessary for base scripts
 	# but very useful for identification, and required for policy scripts
 	Files::add_analyzer(f, Files::ANALYZER_MD5);
 	Files::add_analyzer(f, Files::ANALYZER_SHA1);

scripts/base/protocols/krb/main.bro

@@ -58,7 +58,7 @@ export {
 		# log NEEDED_PREAUTH.
 		"NEEDED_PREAUTH",
 		# This is a more specific version of NEEDED_PREAUTH that's used
-		# by Winodws AD Kerberos.
+		# by Windows AD Kerberos.
 		"Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
 	} &redef;
 	
@@ -82,8 +82,7 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
 
 	if ( msg?$error_text && msg$error_text in ignored_errors )
 		{
-		if ( c?$krb )
-			delete c$krb;
+		if ( c?$krb ) delete c$krb;
 		return;
 		}
 
@@ -100,23 +99,17 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
 		info$id  = c$id;
 		}
 
-	if ( ! info?$client )
-		if ( msg?$client_name || msg?$client_realm )
-			info$client = fmt("%s%s", msg?$client_name ? msg$client_name + "/" : "",
-		  			 	  msg?$client_realm ? msg$client_realm : "");
+	if ( ! info?$client && ( msg?$client_name || msg?$client_realm ) )
+		info$client = fmt("%s%s", msg?$client_name ? msg$client_name + "/" : "",
+				 	  msg?$client_realm ? msg$client_realm : "");
 
 	info$service = msg$service_name;
 	info$result = "failed";
 
 	info$error_code = msg$error_code;
 
-	if ( msg?$error_text )
-		info$error_msg = msg$error_text;
-	else
-		{
-		if ( msg$error_code in error_msg )
-			info$error_msg = error_msg[msg$error_code];
-		}
+	if ( msg?$error_text )			info$error_msg = msg$error_text;
+	else if ( msg$error_code in error_msg ) info$error_msg = error_msg[msg$error_code];
 		
 	c$krb = info;
 	}
@@ -158,15 +151,13 @@ event krb_as_request(c: connection, msg: KDC_Request) &priority=5
 			{
 			if ( msg$host_addrs[i]?$ip )
 				{
-				if ( ! info?$network_addrs )
-					info$network_addrs = vector();
+				if ( ! info?$network_addrs ) info$network_addrs = vector();
 				info$network_addrs[|info$network_addrs|] = msg$host_addrs[i]$ip;
 				}
 
 			if ( msg$host_addrs[i]?$netbios )
 				{
-				if ( ! info?$netbios_addrs )
-					info$netbios_addrs = vector();
+				if ( ! info?$netbios_addrs ) info$netbios_addrs = vector();
 				info$netbios_addrs[|info$netbios_addrs|] = msg$host_addrs[i]$netbios;
 				}
 			}
@@ -191,8 +182,7 @@ event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5
 	info$uid = c$uid;
 	info$id  = c$id;
 	info$service = msg$service_name;
-	if ( msg?$from )
-		info$from = msg$from;
+	if ( msg?$from ) info$from = msg$from;
 	info$till = msg$till;
 
 	c$krb = info;
@@ -205,7 +195,7 @@ event krb_as_response(c: connection, msg: KDC_Response) &priority=5
 	if ( c?$krb && c$krb$logged )
 		return;
 
-	if ( c?$krb )
+	if ( c?$krb ) 
 		info = c$krb;
 		
 	if ( ! info?$ts )
@@ -226,7 +216,6 @@ event krb_as_response(c: connection, msg: KDC_Response) &priority=5
 
 event krb_as_response(c: connection, msg: KDC_Response) &priority=-5
 	{
-		
 	Log::write(KRB::LOG, c$krb);
 	c$krb$logged = T;
 	}

src/analyzer/protocol/krb/events.bif

@@ -157,4 +157,3 @@ event krb_cred%(c: connection, is_orig: bool, tickets: KRB::Ticket_Vector%);
 ## .. bro:see:: krb_as_request krb_as_response krb_tgs_request krb_tgs_response
 ##    krb_ap_request krb_ap_response krb_priv krb_safe krb_cred
 event krb_error%(c: connection, msg: KRB::Error_Msg%);
-

src/analyzer/protocol/krb/krb-asn1.pac

@@ -68,14 +68,14 @@ type ASN1Encoding = record {
 };
 
 type ASN1EncodingMeta = record {
-	tag:      	uint8;
-	len:      	uint8;
-	more_len: 	bytestring &length = long_len ? (len & 0x7f) : 0;
+	tag	: uint8;
+	len	: uint8;
+	more_len: bytestring &length = long_len ? (len & 0x7f) : 0;
 } &let {
-	long_len: 	bool = (len & 0x80) > 0;
-	length:   	uint64 = long_len ? binary_to_int64(more_len) : len;
-	has_index:	bool = (tag >= ASN1_INDEX_TAG_OFFSET);
-	index:    	uint8 = tag - ASN1_INDEX_TAG_OFFSET;
+	long_len	: bool = (len & 0x80) > 0;
+	length		: uint64 = long_len ? binary_to_int64(more_len) : len;
+	has_index	: bool = (tag >= ASN1_INDEX_TAG_OFFSET);
+	index		: uint8 = tag - ASN1_INDEX_TAG_OFFSET;
 };
 
 type ASN1OptionalEncodingMeta(is_present: bool, previous_metadata: ASN1EncodingMeta) = case is_present of {
@@ -94,19 +94,19 @@ type ASN1OctetString = record {
 };
 
 type SequenceElement(grab_content: bool) = record {
-     index_meta: ASN1EncodingMeta;
-     have_content: case grab_content of {
+     index_meta	  : ASN1EncodingMeta;
+     have_content : case grab_content of {
      	true  -> data: ASN1Encoding;
-		false -> meta: ASN1EncodingMeta;
+	false -> meta: ASN1EncodingMeta;
      };
 } &let {
-     index: uint8 = index_meta.index;
-     length: uint64 = index_meta.length;
+     index  : uint8 = index_meta.index;
+     length : uint64 = index_meta.length;
 };
 
 type Array = record {
-     array_meta: ASN1EncodingMeta;
-     data: ASN1Encoding[];
+     array_meta	: ASN1EncodingMeta;
+     data	: ASN1Encoding[];
 };
 
 function binary_to_int64(bs: bytestring): int64

src/analyzer/protocol/krb/krb-defs.pac

@@ -14,11 +14,11 @@ enum KRBMessageTypes {
 
 # Defined by IANA in Kerberos Parameters - Pre-authentication and Typed Data
 enum KRBPADataTypes {
-	PA_TGS_REQ 		= 1,
-	PA_ENC_TIMESTAMP	= 2,
-	PA_PW_SALT 		= 3,
-	PA_PW_AS_REQ 		= 16,	
-	PA_PW_AS_REP		= 17,
+	PA_TGS_REQ 	 = 1,
+	PA_ENC_TIMESTAMP = 2,
+	PA_PW_SALT 	 = 3,
+	PA_PW_AS_REQ 	 = 16,	
+	PA_PW_AS_REP	 = 17,
 };
 
 # Defined in RFC 4120

src/analyzer/protocol/krb/krb-padata.pac

@@ -127,14 +127,14 @@ type KRB_PA_Data_Optional(is_orig: bool, pkt_type: uint8, desired_index: uint8)
 #
 # Note: Split off due to a BinPAC bug
 type KRB_PA_Data_Optional_Contents(is_orig: bool, is_present: bool, pkt_type: uint8, length: uint64) = case is_present of {
-	true -> padata: KRB_PA_Data_Sequence(is_orig, pkt_type) &length=length;
-	false -> none: empty;
+	true -> padata	: KRB_PA_Data_Sequence(is_orig, pkt_type) &length=length;
+	false -> none	: empty;
 };
 
 # This is our main type
 type KRB_PA_Data_Sequence(is_orig: bool, pkt_type: uint8) = record {
-	meta    	: ASN1EncodingMeta;
-	data		: KRB_PA_Data_Container(is_orig, pkt_type, meta.tag, meta.length);
+	meta    : ASN1EncodingMeta;
+	data	: KRB_PA_Data_Container(is_orig, pkt_type, meta.tag, meta.length);
 };
 
 # The data in KRB_PA_Data_Sequence is usually (and supposed to be) a sequence, which we'll parse,

src/analyzer/protocol/krb/krb-protocol.pac

@@ -75,15 +75,15 @@ type KRB_REQ_Arg_Data(index: uint8) = case index of {
  	7  	-> nonce	: ASN1Integer;
  	8  	-> etype	: Array;
  	9  	-> addrs	: KRB_Host_Addresses;
- 	10 	-> auth_data 	: ASN1OctetString; # TODO
+ 	10 	-> auth_data 	: ASN1OctetString;
  	11 	-> addl_tkts 	: KRB_Ticket_Sequence;
 	default -> unknown	: bytestring &restofdata;
 };
 
 type KRB_KDC_Options = record {
-	meta : ASN1EncodingMeta;
-	pad: uint8;
-	flags: uint32;
+	meta	: ASN1EncodingMeta;
+	pad	: uint8;
+	flags	: uint32;
 } &let {
 	reserved		: bool	= (flags & 0x80000000) > 0;
 	forwardable		: bool	= (flags & 0x40000000) > 0;
@@ -168,8 +168,8 @@ type KRB_ERROR_Arg(is_orig: bool, error_code: int64) = record {
 	seq_meta: ASN1EncodingMeta;
 	args	: KRB_ERROR_Arg_Data(is_orig, seq_meta.index, error_code) &length=arg_length;
 } &let {
-	process_in_parent: bool = seq_meta.index == 6;
-	arg_length : uint64 = ( process_in_parent ? 0 : seq_meta.length);
+	process_in_parent : bool = seq_meta.index == 6;
+	arg_length 	  : uint64 = ( process_in_parent ? 0 : seq_meta.length);
 };
 
 type KRB_ERROR_Arg_Data(is_orig: bool, index: uint8, error_code: int64) = case index of {
@@ -189,8 +189,8 @@ type KRB_ERROR_Arg_Data(is_orig: bool, index: uint8, error_code: int64) = case i
 };
 
 type KRB_ERROR_E_Data(is_orig: bool, error_code: uint64) = case ( error_code == KDC_ERR_PREAUTH_REQUIRED ) of {
-	true 	-> padata 	: KRB_PA_Data_Sequence(is_orig, KRB_ERROR);
-	false	-> unknown	: bytestring &restofdata;
+	true 	-> padata  : KRB_PA_Data_Sequence(is_orig, KRB_ERROR);
+	false	-> unknown : bytestring &restofdata;
 };
 
 ### KRB_SAFE