Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Use LDAP RemovalHook instead of implementing connection_state_remove

Browse source
This commit is contained in:
Benjamin Bannier 2023-10-10 13:05:35 +02:00
parent 1d4412a9e7
commit 82b3a4048f
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
scripts/base/protocols/ldap/main.zeek
View file

@ -30,6 +30,9 @@ export {
## Default logging policy hook for LDAP_SEARCH_LOG.
global log_policy_search: Log::PolicyHook;
## LDAP finalization hook.
global finalize_ldap: Conn::RemovalHook;
#############################################################################
# This is the format of ldap.log (ldap operations minus search-related)
# Each line represents a unique connection+message_id (requests/responses)
@ -161,6 +164,7 @@ event zeek_init() &priority=5 {
#############################################################################
function set_session(c: connection, message_id: int, opcode: LDAP::ProtocolOpcode) {
Conn::register_removal_hook(c, finalize_ldap);
if (! c?$ldap_messages )
c$ldap_messages = table();
@ -363,8 +367,7 @@ event LDAP::bindreq(c: connection,
}
#############################################################################
event connection_state_remove(c: connection) {
hook finalize_ldap(c: connection) {
# log any "pending" unlogged LDAP messages/searches
if ( c?$ldap_messages && (|c$ldap_messages| > 0) ) {