Pushing out the new NTLM and GSSAPI analyzers.

I accidentally left these out of the previous commit.
2025-10-08 09:38:19 +00:00 · 2016-04-03 04:18:45 -04:00 · 2016-04-03 04:18:45 -04:00 · d6e01b7769
commit d6e01b7769
parent 5b5589e167
18 changed files with 894 additions and 0 deletions
--- a/src/analyzer/protocol/gssapi/GSSAPI.cc
+++ b/src/analyzer/protocol/gssapi/GSSAPI.cc
@ -0,0 +1,56 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "GSSAPI.h"
+#include "analyzer/protocol/tcp/TCP_Reassembler.h"
+#include "Reporter.h"
+#include "events.bif.h"
+
+using namespace analyzer::gssapi;
+
+GSSAPI_Analyzer::GSSAPI_Analyzer(Connection* c)
+	: tcp::TCP_ApplicationAnalyzer("GSSAPI", c)
+	{
+	interp = new binpac::GSSAPI::GSSAPI_Conn(this);
+	}
+
+GSSAPI_Analyzer::~GSSAPI_Analyzer()
+	{
+	delete interp;
+	}
+
+void GSSAPI_Analyzer::Done()
+	{
+	tcp::TCP_ApplicationAnalyzer::Done();
+
+	interp->FlowEOF(true);
+	interp->FlowEOF(false);
+	}
+
+void GSSAPI_Analyzer::EndpointEOF(bool is_orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
+	interp->FlowEOF(is_orig);
+	}
+
+void GSSAPI_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
+
+	assert(TCP());
+
+	try
+		{
+		interp->NewData(orig, data, data + len);
+		ProtocolConfirmation();
+		}
+	catch ( const binpac::Exception& e )
+		{
+		ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
+		}
+	}
+
+void GSSAPI_Analyzer::Undelivered(uint64 seq, int len, bool orig)
+	{
+	tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
+	interp->NewGap(orig, len);
+	}