Add krb unit test

2025-10-14 04:28:20 +00:00 · 2018-05-08 14:46:35 -04:00 · 2018-05-08 14:46:35 -04:00 · afac2ac20f
commit afac2ac20f
parent ae7625bb2b
4 changed files with 20 additions and 0 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.krb.smb2_krb/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.krb.smb2_krb/.stdout
@ -0,0 +1 @@
+wallior@DS.SUSQ.COM
--- a/testing/btest/Traces/krb/smb2_krb.keytab
+++ b/testing/btest/Traces/krb/smb2_krb.keytab
--- a/testing/btest/Traces/krb/smb2_krb.pcap
+++ b/testing/btest/Traces/krb/smb2_krb.pcap
--- a/testing/btest/scripts/base/protocols/krb/smb2_krb.test
+++ b/testing/btest/scripts/base/protocols/krb/smb2_krb.test
@ -0,0 +1,19 @@
+# This test verifies that given the proper keytab file, the 
+#   Kerberos analyzer can open the AD ticket in the Negociate
+#   Protocol Request and find the user.
+
+# @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab
+# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+redef KRB::keytab = "smb2_krb.keytab";
+global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef;
+
+event bro_init() &priority=5{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports);
+}
+
+event krb_ap_request(c: connection, ticket: KRB::Ticket, opts:  KRB::AP_Options){
+   print ticket$authenticationinfo;
+}
+