mirror of
https://github.com/zeek/zeek.git
synced 2025-10-12 11:38:20 +00:00
Whitespace cleanup to the NTLM SSP file.
This commit is contained in:
Seth Hall
parent
90559a3372
commit
e8064ff189
1 changed files with 156 additions and 151 deletions
|
|
@ -46,8 +46,10 @@ refine connection SMB_Conn += {
|
|||
function build_av_record(val: SMB_NTLM_AV_Pair_Sequence): BroVal
|
||||
%{
|
||||
RecordVal* result = new RecordVal(BifType::Record::SMB::NTLMAVs);
|
||||
for ( uint i = 0; ${val.pairs[i].id} != 0; i++ ) {
|
||||
switch ( ${val.pairs[i].id} ) {
|
||||
for ( uint i = 0; ${val.pairs[i].id} != 0; i++ )
|
||||
{
|
||||
switch ( ${val.pairs[i].id} )
|
||||
{
|
||||
case 1:
|
||||
result->Assign(0, uint8s_to_stringval(${val.pairs[i].nb_computer_name.data}));
|
||||
break;
|
||||
|
|
@ -84,6 +86,7 @@ refine connection SMB_Conn += {
|
|||
%{
|
||||
if ( ${val.gssapi.is_init} )
|
||||
return true;
|
||||
|
||||
for ( uint i = 0; i < ${val.gssapi.resp.args}->size(); ++i )
|
||||
{
|
||||
switch ( ${val.gssapi.resp.args[i].seq_meta.index} )
|
||||
|
|
@ -158,34 +161,33 @@ refine connection SMB_Conn += {
|
|||
|
||||
return true;
|
||||
%}
|
||||
|
||||
};
|
||||
|
||||
type GSSAPI_NEG_TOKEN(header: SMB_Header) = record {
|
||||
wrapper : ASN1EncodingMeta;
|
||||
have_oid : case is_init of {
|
||||
true -> oid: ASN1Encoding;
|
||||
false -> no_oid: empty;
|
||||
true -> oid : ASN1Encoding;
|
||||
false -> no_oid : empty;
|
||||
};
|
||||
have_init_wrapper: case is_init of {
|
||||
true -> init_wrapper: ASN1EncodingMeta;
|
||||
false -> no_init_wrapper: empty;
|
||||
have_init_wrapper : case is_init of {
|
||||
true -> init_wrapper : ASN1EncodingMeta;
|
||||
false -> no_init_wrapper : empty;
|
||||
};
|
||||
msg_type : case is_init of {
|
||||
true -> init: GSSAPI_NEG_TOKEN_INIT(header);
|
||||
false -> resp: GSSAPI_NEG_TOKEN_RESP(header);
|
||||
};
|
||||
} &let {
|
||||
is_init: bool = wrapper.tag == 0x60;
|
||||
is_init: bool = (wrapper.tag == 0x60);
|
||||
};
|
||||
|
||||
type GSSAPI_NEG_TOKEN_INIT(header: SMB_Header) = record {
|
||||
seq_meta: ASN1EncodingMeta;
|
||||
seq_meta : ASN1EncodingMeta;
|
||||
args : GSSAPI_NEG_TOKEN_INIT_Arg(header)[];
|
||||
};
|
||||
|
||||
type GSSAPI_NEG_TOKEN_INIT_Arg(header: SMB_Header) = record {
|
||||
seq_meta: ASN1EncodingMeta;
|
||||
seq_meta : ASN1EncodingMeta;
|
||||
args : GSSAPI_NEG_TOKEN_INIT_Arg_Data(header, seq_meta.index) &length=seq_meta.length;
|
||||
};
|
||||
|
||||
|
|
@ -197,12 +199,12 @@ type GSSAPI_NEG_TOKEN_INIT_Arg_Data(header: SMB_Header, index: uint8) = case ind
|
|||
};
|
||||
|
||||
type GSSAPI_NEG_TOKEN_RESP(header: SMB_Header) = record {
|
||||
seq_meta: ASN1EncodingMeta;
|
||||
seq_meta : ASN1EncodingMeta;
|
||||
args : GSSAPI_NEG_TOKEN_RESP_Arg(header)[];
|
||||
};
|
||||
|
||||
type GSSAPI_NEG_TOKEN_RESP_Arg(header: SMB_Header) = record {
|
||||
seq_meta: ASN1EncodingMeta;
|
||||
seq_meta : ASN1EncodingMeta;
|
||||
args : GSSAPI_NEG_TOKEN_RESP_Arg_Data(header, seq_meta.index) &length=seq_meta.length;
|
||||
};
|
||||
|
||||
|
|
@ -243,6 +245,7 @@ type SMB_NTLM_Negotiate(header: SMB_Header, offset: uint16) = record {
|
|||
absolute_offset : uint16 = offsetof(payload) + offset;
|
||||
domain_name : SMB_NTLM_String(domain_name_fields, absolute_offset, flags.negotiate_unicode) withinput payload &if(flags.negotiate_oem_domain_supplied);
|
||||
workstation : SMB_NTLM_String(workstation_fields, absolute_offset, flags.negotiate_unicode) withinput payload &if(flags.negotiate_oem_workstation_supplied);
|
||||
|
||||
proc : bool = $context.connection.proc_smb_ntlm_negotiate(header, this);
|
||||
};
|
||||
|
||||
|
|
@ -261,16 +264,17 @@ type SMB_NTLM_Challenge(header: SMB_Header, offset: uint16) = record {
|
|||
absolute_offset : uint16 = offsetof(payload) + offset;
|
||||
target_name : SMB_NTLM_String(target_name_fields, absolute_offset, flags.negotiate_unicode) withinput payload &if(flags.request_target);
|
||||
target_info : SMB_NTLM_AV_Pair_Sequence(target_info_fields.offset - absolute_offset) withinput payload &if(flags.negotiate_target_info);
|
||||
|
||||
proc : bool = $context.connection.proc_smb_ntlm_challenge(header, this);
|
||||
};
|
||||
|
||||
type SMB_NTLM_Authenticate(header: SMB_Header, offset: uint16) = record {
|
||||
lm_challenge_response_fields: SMB_NTLM_StringData;
|
||||
nt_challenge_response_fields: SMB_NTLM_StringData;
|
||||
lm_challenge_response_fields : SMB_NTLM_StringData;
|
||||
nt_challenge_response_fields : SMB_NTLM_StringData;
|
||||
domain_name_fields : SMB_NTLM_StringData;
|
||||
user_name_fields : SMB_NTLM_StringData;
|
||||
workstation_fields : SMB_NTLM_StringData;
|
||||
encrypted_session_key_fields: SMB_NTLM_StringData;
|
||||
encrypted_session_key_fields : SMB_NTLM_StringData;
|
||||
flags : SMB_NTLM_Negotiate_Flags;
|
||||
version_present : case flags.negotiate_version of {
|
||||
true -> version : SMB_NTLM_Version;
|
||||
|
|
@ -288,6 +292,7 @@ type SMB_NTLM_Authenticate(header: SMB_Header, offset: uint16) = record {
|
|||
user_name : SMB_NTLM_String(user_name_fields, absolute_offset, flags.negotiate_unicode) withinput payload &if(user_name_fields.length > 0);
|
||||
workstation : SMB_NTLM_String(workstation_fields, absolute_offset , flags.negotiate_unicode) withinput payload &if(workstation_fields.length > 0);
|
||||
encrypted_session_key : SMB_NTLM_String(encrypted_session_key_fields, absolute_offset, flags.negotiate_unicode) withinput payload &if(flags.negotiate_key_exch);
|
||||
|
||||
proc : bool = $context.connection.proc_smb_ntlm_authenticate(header, this);
|
||||
};
|
||||
|
||||
|
|
@ -310,13 +315,13 @@ type SMB_Fixed_Length_String(unicode: bool) = record {
|
|||
};
|
||||
|
||||
type SMB_NTLM_String(fields: SMB_NTLM_StringData, offset: uint16, unicode: bool) = record {
|
||||
: padding to fields.offset - offset;
|
||||
string: SMB_Fixed_Length_String(unicode) &length=fields.length;
|
||||
pad1 : padding to fields.offset - offset;
|
||||
string : SMB_Fixed_Length_String(unicode) &length=fields.length;
|
||||
};
|
||||
|
||||
type SMB_NTLM_AV_Pair_Sequence(offset: uint16) = record {
|
||||
: padding to offset;
|
||||
pairs: SMB_NTLM_AV_Pair[] &until ($element.last);
|
||||
pad1 : padding to offset;
|
||||
pairs : SMB_NTLM_AV_Pair[] &until($element.last);
|
||||
};
|
||||
|
||||
type SMB_NTLM_AV_Pair = record {
|
||||
|
|
@ -346,7 +351,7 @@ type SMB_NTLM_AV_Pair = record {
|
|||
type SMB_NTLM_Single_Host = record {
|
||||
size : uint32;
|
||||
padpad : padding[4];
|
||||
data_present: uint32;
|
||||
data_present : uint32;
|
||||
optional : case custom_data_present of {
|
||||
true -> custom_data : bytestring &length=4;
|
||||
false -> nothing : empty;
|
||||
|
|
@ -361,18 +366,18 @@ type SMB_LM_Response(offset: uint16) = record {
|
|||
# LMv2 (16 byte response + 8 byte client challenge. No way to
|
||||
# know for sure.
|
||||
padpad : padding to offset;
|
||||
response: bytestring &length=24;
|
||||
response : bytestring &length=24;
|
||||
};
|
||||
|
||||
type SMB_NTLM_Response(offset: uint16) = record {
|
||||
padpad : padding to offset;
|
||||
response: bytestring &length=24;
|
||||
response : bytestring &length=24;
|
||||
};
|
||||
|
||||
type SMB_NTLMv2_Response(flags: SMB_NTLM_Negotiate_Flags, offset: uint16) = record {
|
||||
padpad : padding to offset;
|
||||
response : bytestring &length=16;
|
||||
client_challenge: SMB_NTLMv2_Client_Challenge(flags);
|
||||
client_challenge : SMB_NTLMv2_Client_Challenge(flags);
|
||||
};
|
||||
|
||||
type SMB_NTLMv2_Client_Challenge(flags: SMB_NTLM_Negotiate_Flags) = record {
|
||||
|
|
@ -380,7 +385,7 @@ type SMB_NTLMv2_Client_Challenge(flags: SMB_NTLM_Negotiate_Flags) = record {
|
|||
max_resp_type : uint8;
|
||||
reserved : padding[6];
|
||||
timestamp : uint64;
|
||||
client_challenge: bytestring &length=8;
|
||||
client_challenge : bytestring &length=8;
|
||||
reserved2 : padding[4];
|
||||
av_pairs : SMB_NTLM_AV_Pair_Sequence(0);
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue