Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Generate ssh_auth_attempted for the 'none' authentication method.

Browse source 
ssh_auth_attempted sets some requisite fields that ssh_auth_successful
relies on. ssh_auth_attempted wasn't getting called because of a logic
error.

For a more complete discussion of this issue, see:
https://github.com/bro/bro/issues/192
This commit is contained in:
Vlad Grigorescu 2018-10-23 10:35:18 -05:00
parent 2586e5aa3e
commit 46f727a6fa
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/analyzer/protocol/ssh/SSH.cc
View file

@ -106,6 +106,8 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
if ( ! userauth_failure_size && (len + 16 == service_accept_size) ) if ( ! userauth_failure_size && (len + 16 == service_accept_size) )
{ {
auth_decision_made = true; auth_decision_made = true;
if ( ssh_auth_attempted )
BifEvent::generate_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
if ( ssh_auth_successful ) if ( ssh_auth_successful )
BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true); BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
return; return;