Merge remote-tracking branch 'origin/topic/awelzel/3919-ldap-logs-missing'

* origin/topic/awelzel/3919-ldap-logs-missing:
  btest/ldap: Add regression test for #3919

(cherry picked from commit a339cfa4c0)

testing/btest/Baseline/scripts.base.protocols.ldap.invalid_credentials/ldap.log

@@ -0,0 +1,35 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ldap
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	version	opcode	result	diagnostic_message	object	argument
+#types	time	string	addr	port	addr	port	int	int	string	string	string	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	65	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	66	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	83	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	84	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	101	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	102	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	119	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	120	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	137	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	138	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	155	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	156	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	173	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	174	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	191	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	192	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	209	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	210	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	227	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	228	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	245	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	246	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	263	3	bind SASL	SASL bind in progress	-	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	264	3	bind SASL	invalid credentials	8009030C: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52e, v4563?	-	GSS-SPNEGO
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.66.141	53653	192.168.66.138	389	349	-	unbind	-	-	-	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Traces/README

@@ -21,3 +21,5 @@ Trace Index/Sources:
 - ldap/ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap: Harvested from CTU-SME-11
   (Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 389 and port 50041.
   https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
+- ldap/ldap_invalid_credentials.pcap
+  Provided by Martin van Hensbergen in issue #3919.

testing/btest/scripts/base/protocols/ldap/invalid_credentials.zeek

@@ -0,0 +1,5 @@
+# @TEST-DOC: Regression test case for #3919 for invalid credentials.
+#
+# @TEST-REQUIRES: have-spicy
+# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/ldap_invalid_credentials.pcap %INPUT
+# @TEST-EXEC: btest-diff ldap.log