Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/vladg/kerberos'

Browse source 
* origin/topic/vladg/kerberos:
  Fix doc on krb_cred
  Update the KRB tests a bit.
This commit is contained in:
Robin Sommer 2015-04-21 11:17:53 -07:00
commit 9911993c6f
28 changed files with 538 additions and 1449 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/krb/consts.bro
View file

@ -94,6 +94,6 @@ export {
[25] = "camellia128-cts-cmac",
[26] = "camellia256-cts-cmac",
[65] = "subkey-keymaterial",
};
};
}

6
scripts/base/protocols/krb/files.bro
View file

@ -96,12 +96,12 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
}
else
{
info$server_cert = f$info;
info$server_cert = f$info;
info$server_cert_fuid = f$id;
}
c$krb = info;
Files::add_analyzer(f, Files::ANALYZER_X509);
# Always calculate hashes. They are not necessary for base scripts
# but very useful for identification, and required for policy scripts
@ -118,7 +118,7 @@ function fill_in_subjects(c: connection)
c$krb$client_cert_subject = c$krb$client_cert$x509$certificate$subject;
if ( c$krb?$server_cert && c$krb$server_cert?$x509 && c$krb$server_cert$x509?$certificate )
c$krb$server_cert_subject = c$krb$server_cert$x509$certificate$subject;
c$krb$server_cert_subject = c$krb$server_cert$x509$certificate$subject;
}
event krb_error(c: connection, msg: Error_Msg)

18
scripts/base/protocols/krb/main.bro
View file

@ -14,7 +14,7 @@ export {
uid: string &log;
## The connection's 4-tuple of endpoint addresses/ports.
id: conn_id &log;
## Request type - Authentication Service ("AS") or
## Ticket Granting Service ("TGS")
request_type: string &log &optional;
@ -58,7 +58,7 @@ export {
# by Windows AD Kerberos.
"Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
} &redef;
## Event that can be handled to access the KRB record as it is sent on
## to the logging framework.
global log_krb: event(rec: Info);
@ -91,10 +91,10 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
if ( c?$krb && c$krb$logged )
return;
if ( c?$krb )
info = c$krb;
if ( ! info?$ts )
{
info$ts = network_time();
@ -113,7 +113,7 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
if ( msg?$error_text ) info$error_msg = msg$error_text;
else if ( msg$error_code in error_msg ) info$error_msg = error_msg[msg$error_code];
c$krb = info;
}
@ -184,9 +184,9 @@ event krb_as_response(c: connection, msg: KDC_Response) &priority=5
if ( c?$krb && c$krb$logged )
return;
if ( c?$krb )
if ( c?$krb )
info = c$krb;
if ( ! info?$ts )
{
info$ts = network_time();
@ -219,7 +219,7 @@ event krb_tgs_response(c: connection, msg: KDC_Response) &priority=5
if ( c?$krb )
info = c$krb;
if ( ! info?$ts )
{
info$ts = network_time();
@ -233,7 +233,7 @@ event krb_tgs_response(c: connection, msg: KDC_Response) &priority=5
info$service = msg$ticket$service_name;
info$cipher = cipher_name[msg$ticket$cipher];
info$success = T;
c$krb = info;
}