Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 02:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GSSAPI analyzer now forwards authentication blobs more correctly (and other fixes).

Browse source 
Previously, the GSSAPI analyzer blindly forwarded authentication
blobs to the NTLM analyzer (which it instantiated too early). Now
it waits to instantiate sub analyzers until a blob of a particular
type has been seen.  It also makes the distinction between krb and
ntlm and forwards to the correct analyzer.

This required some fixes to the KRB analyzer because KRB over GSSAPI
looks slightly different than raw KRB.

The KRB analyzer also now includes support for the PA_ENCTYPE_INFO2
pre-auth data type.
This commit is contained in:
Seth Hall 2016-08-09 10:27:21 -04:00
parent 4a3dfe69b1
commit cbde25f1b8
5 changed files with 69 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/analyzer/protocol/gssapi/gssapi-protocol.pac
View file

@ -53,3 +53,4 @@ type GSSAPI_NEG_TOKEN_MECH_TOKEN(is_orig: bool) = record {
meta : ASN1EncodingMeta;
mech_token : bytestring &length=meta.length;
};