Merge remote-tracking branch 'origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss'

* origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss: ldap: Clean up from code review ldap: Add Sicily Authentication constants ldap: Only switch into MS_KRB5 mode if responseToken exists (cherry picked from commit a2a535d0c9)
2025-10-04 15:48:19 +00:00 · 2025-04-16 09:34:09 +02:00 · 2025-04-16 09:34:09 +02:00 · ceb798b42a
commit ceb798b42a
parent ec18da8baa
11 changed files with 113 additions and 16 deletions
--- a/scripts/base/protocols/ldap/consts.zeek
+++ b/scripts/base/protocols/ldap/consts.zeek
@ -26,6 +26,8 @@ export {

 	const BIND_SIMPLE = "bind simple";
 	const BIND_SASL = "bind SASL";
+	const BIND_SICILY_NEGOTIATE = "sicily_negotiate";
+	const BIND_SICILY_RESPONSE= "sicily_response";

 	const RESULT_CODES = { [ LDAP::ResultCode_SUCCESS ] = "success", [
 	    LDAP::ResultCode_OPERATIONS_ERROR ] = "operations error", [
--- a/scripts/base/protocols/ldap/main.zeek
+++ b/scripts/base/protocols/ldap/main.zeek
@ -372,13 +372,23 @@ event LDAP::bind_request(c: connection,
  if ( m?$opcode )
    Reporter::conn_weird("LDAP_bind_opcode_already_set", c, m$opcode, "LDAP");

-  if (authType == LDAP::BindAuthType_BIND_AUTH_SIMPLE) {
+  switch ( authType ) {
+  case LDAP::BindAuthType_BIND_AUTH_SIMPLE:
    m$opcode = BIND_SIMPLE;
-  } else if (authType == LDAP::BindAuthType_BIND_AUTH_SASL) {
+    break;
+  case LDAP::BindAuthType_BIND_AUTH_SASL:
    m$opcode = BIND_SASL;
-  } else {
+    break;
+  case LDAP::BindAuthType_SICILY_NEGOTIATE:
+    m$opcode = BIND_SICILY_NEGOTIATE;
+    break;
+  case LDAP::BindAuthType_SICILY_RESPONSE:
+    m$opcode = BIND_SICILY_RESPONSE;
+    break;
+  default:
    Reporter::conn_weird("LDAP_unknown_auth_type", c, cat(authType), "LDAP");
    m$opcode = cat(authType);
+    break;
  }
 }