Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
16834 commits 387 branches 195 tags 255 MiB
Commit graph

18 commits

Author SHA1 Message Date
Arne Welzel
ceb798b42a Merge remote-tracking branch 'origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss' 
* origin/topic/awelzel/4275-ldap-gss-spnego-auth-miss:
  ldap: Clean up from code review
  ldap: Add Sicily Authentication constants
  ldap: Only switch into MS_KRB5 mode if responseToken exists

(cherry picked from commit a2a535d0c9)
 2025-05-06 09:46:49 +02:00
Arne Welzel
6f65b88f1b Merge remote-tracking branch 'origin/topic/awelzel/ldap-extended-request-response-starttls' 
* origin/topic/awelzel/ldap-extended-request-response-starttls:
  ldap: Add heuristic for wrap tokens
  ldap: Ignore ec/rrc for sealed wrap tokens
  ldap: Add LDAP sample with SASL-SRP mechanism
  ldap: Reintroduce encryption after SASL heuristic
  ldap: Fix assuming GSS-SPNEGO for all bindResponses
  ldap: Implement extended request/response and StartTLS support

(cherry picked from commit 6a6a5c3d0d)
 2024-08-30 11:47:08 -07:00
Vern Paxson
501bf167c3 fix for logic bug in ldap base script 2024-01-15 15:03:56 +01:00
Arne Welzel
242db4981d ldap: Use scalar values in logs where appropriate 
Skimming through the RFC, the previous approach of having containers for most
fields seems unfounded for normal protocol operation. The new weirds could just
as well be considered protocol violations. Outside of duplicated or missed data
they just shouldn't happen for well-behaved client/server behavior.
Additionally, with non-conformant traffic it would be trivial to cause
unbounded state growth and immense log record sizes.

Unfortunately, things have become a bit clunky now.

Closes #3504
 2024-01-03 11:57:31 +01:00
Arne Welzel
46d0287b49 ldap: Rename LDAP::search_result to LDAP::search_result_entry 
To avoid confusion potential confusion between SearchResultEntry
and SearchResultDone.
 2024-01-03 11:57:30 +01:00
Arne Welzel
a503c2a672 Merge remote-tracking branch 'origin/topic/awelzel/quic-ldap-event-prototypes' 
* origin/topic/awelzel/quic-ldap-event-prototypes:
  ldap: Use longer event names
  ldap: Add spicy-events.zeek
  quic: Add spicy-events.zeek
 2023-10-19 11:08:36 +02:00
Arne Welzel
e1864ec131 ldap: Use longer event names 
It's unusual to compress and shorten event names of protocol analyzers,
switch to a slightly longer name instead.
 2023-10-19 10:49:19 +02:00
Arne Welzel
fb31ad0c6e ldap: Add spicy-events.zeek 2023-10-19 10:48:34 +02:00
Arne Welzel
72df1a0216 Merge remote-tracking branch 'origin/topic/bbannier/issue-3234' 
* origin/topic/bbannier/issue-3234:
  Introduce dedicated `LDAP::Info`
  Remove redundant storing of protocol in LDAP logs
  Use LDAP `RemovalHook` instead of implementing `connection_state_remove`
  Tidy up LDAP code by using local references
  Pluralize container names in LDAP types
  Move LDAP script constants to their own file
  Name `LDAP::Message` and `LDAP::Search` `*Info`
  Make ports for LDAP analyzers fully configurable
  Require have-spicy for tests which log spicy-ldap information
  Fix LDAP analyzer setup for when Spicy analyzers are disabled
  Bump zeek-testing-private
  Integrate spicy-ldap test suite
  Move spicy-ldap into Zeek protocol analyzer tree
  Explicitly use all of spicy-ldap's modules
  Explicitly list `asn1.spicy` as spicy-ldap source
  Remove uses of `zeek` module in spicy-ldap
  Fix typos in spicy-ldap
  Remove project configuration files in spicy-ldap
  Integrate spicy-ldap into build
  Import zeek/spicy-ldap@57b5eff988
 2023-10-10 20:07:03 +02:00
Benjamin Bannier
346d2c49a9 Introduce dedicated LDAP::Info 2023-10-10 18:49:25 +02:00
Benjamin Bannier
301d8722bf Remove redundant storing of protocol in LDAP logs 2023-10-10 18:49:25 +02:00
Benjamin Bannier
82b3a4048f Use LDAP RemovalHook instead of implementing connection_state_remove 2023-10-10 18:49:25 +02:00
Benjamin Bannier
1d4412a9e7 Tidy up LDAP code by using local references 2023-10-10 18:49:25 +02:00
Benjamin Bannier
3a60a60619 Pluralize container names in LDAP types 2023-10-10 18:49:25 +02:00
Benjamin Bannier
0c126f3c6b Move LDAP script constants to their own file 2023-10-10 18:28:13 +02:00
Benjamin Bannier
c43bc52e18 Name LDAP::Message and LDAP::Search *Info 2023-10-10 18:28:13 +02:00
Benjamin Bannier
9b02b93889 Make ports for LDAP analyzers fully configurable 
This moves the ports the LDAP analyzers should be triggered on from the
EVT file to the Zeek module. This gives users full control over which
ports the analyzers are registered for while previously they could only
register them for additional ports (there is no Zeek script equivalent
of `Manager::UnregisterAnalyzerForPort`).

The analyzers could still be triggered via DPD, but this is intentional.
To fully disable analyzers users can use e.g.,

```zeek
event zeek_init()
    {
    Analyzer::disable_analyzer(Analyzer::ANALYZER_LDAP_TCP);
    }
```
 2023-10-10 18:28:13 +02:00
Benjamin Bannier
f172febbcb Move spicy-ldap into Zeek protocol analyzer tree 2023-10-10 09:21:57 +02:00
Renamed from src/spicy/spicy-ldap/analyzer/main.zeek (Browse further)