mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
Merge remote-tracking branch 'origin/topic/awelzel/ldap-extended-request-response-starttls'
* origin/topic/awelzel/ldap-extended-request-response-starttls:
ldap: Add heuristic for wrap tokens
ldap: Ignore ec/rrc for sealed wrap tokens
ldap: Add LDAP sample with SASL-SRP mechanism
ldap: Reintroduce encryption after SASL heuristic
ldap: Fix assuming GSS-SPNEGO for all bindResponses
ldap: Implement extended request/response and StartTLS support
(cherry picked from commit 6a6a5c3d0d)
This commit is contained in:
Arne Welzel
Tim Wojtulewicz
parent
cfe47f40a4
commit
6f65b88f1b
32 changed files with 506 additions and 56 deletions
12
testing/btest/scripts/base/protocols/ldap/sasl-ntlm.zeek
Normal file
12
testing/btest/scripts/base/protocols/ldap/sasl-ntlm.zeek
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
|
||||
|
||||
# @TEST-REQUIRES: have-spicy
|
||||
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/sasl-ntlm.pcap %INPUT
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
# @TEST-EXEC: btest-diff ldap.log
|
||||
# @TEST-EXEC: btest-diff ldap_search.log
|
||||
# @TEST-EXEC: ! test -f dpd.log
|
||||
# @TEST-EXEC: ! test -f analyzer.log
|
||||
#
|
||||
# @TEST-DOC: This broke after #3826 got merged
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
|
||||
|
||||
# @TEST-REQUIRES: have-spicy
|
||||
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/sasl-scram-sha-512.pcap %INPUT
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
# @TEST-EXEC: btest-diff ldap.log
|
||||
# @TEST-EXEC: btest-diff ldap_search.log
|
||||
# @TEST-EXEC: ! test -f dpd.log
|
||||
# @TEST-EXEC: ! test -f analyzer.log
|
||||
#
|
||||
# @TEST-DOC: This broke after #3826 got merged
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
|
||||
|
||||
# @TEST-REQUIRES: have-spicy
|
||||
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/sasl-srp-who-am-i.pcap %INPUT
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
# @TEST-EXEC: btest-diff ldap.log
|
||||
# @TEST-EXEC: ! test -f dpd.log
|
||||
# @TEST-EXEC: ! test -f analyzer.log
|
||||
#
|
||||
# @TEST-DOC: SASL authentication using SRP (Secure Remote Password)
|
||||
25
testing/btest/scripts/base/protocols/ldap/starttls.zeek
Normal file
25
testing/btest/scripts/base/protocols/ldap/starttls.zeek
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
|
||||
|
||||
# @TEST-REQUIRES: have-spicy
|
||||
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/ldap-starttls.pcap %INPUT >out
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
# @TEST-EXEC: btest-diff ldap.log
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: ! test -f dpd.log
|
||||
# @TEST-EXEC: ! test -f analyzer.log
|
||||
#
|
||||
# @TEST-DOC: LDAP supports StartTLS through extendedRequest 1.3.6.1.4.1.1466.20037
|
||||
|
||||
event LDAP::extended_request(c: connection, message_id: int, request_name: string, request_value: string) {
|
||||
print c$uid, "extended_request", fmt("%s (%s)", request_name, LDAP::EXTENDED_REQUESTS[request_name]), request_value;
|
||||
}
|
||||
|
||||
event LDAP::extended_response(c: connection, message_id: int, result: LDAP::ResultCode, response_name: string, response_value: string) {
|
||||
print c$uid, "extended_response", result, response_name, response_value;
|
||||
}
|
||||
|
||||
event LDAP::starttls(c: connection) {
|
||||
print c$uid, "LDAP::starttls";
|
||||
}
|
||||
20
testing/btest/scripts/base/protocols/ldap/who-am-i.zeek
Normal file
20
testing/btest/scripts/base/protocols/ldap/who-am-i.zeek
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
|
||||
|
||||
# @TEST-REQUIRES: have-spicy
|
||||
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/ldap-who-am-i.pcap %INPUT >out
|
||||
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
|
||||
# @TEST-EXEC: btest-diff out
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
# @TEST-EXEC: btest-diff ldap.log
|
||||
# @TEST-EXEC: ! test -f dpd.log
|
||||
# @TEST-EXEC: ! test -f analyzer.log
|
||||
#
|
||||
# @TEST-DOC: Testing OpenLDAP's ldapwhoami utility with simple authentication.
|
||||
|
||||
event LDAP::extended_request(c: connection, message_id: int, request_name: string, request_value: string) {
|
||||
print c$uid, "extended_request", fmt("%s (%s)", request_name, LDAP::EXTENDED_REQUESTS[request_name]), request_value;
|
||||
}
|
||||
|
||||
event LDAP::extended_response(c: connection, message_id: int, result: LDAP::ResultCode, response_name: string, response_value: string) {
|
||||
print c$uid, "extended_response", result, response_name, response_value;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue