* origin/topic/dnthayer/ticket1516:
Remove wordexp functionality from broxygen
Fix a failing test on OpenBSD
Fix compiler warnings on OpenBSD
Fix a build failure on OpenBSD
Fix test core.pcap.dumper to work on OpenBSD
BIT-1516 #merged
Broxygen no longer attempts to do tilde expansion of PATH
components when trying to get the mtime of Bro (this involved removing
the wordexp functionality, which doesn't exist on OpenBSD). In the
very unlikely event that this causes problems for someone (this could
occur by running "bro -X configfile" if bro is located in a PATH
component which starts with a tilde, such as "~/bin"), the error
message text has been improved so that a user knows the workaround
for this (just run bro with a relative or absolute path).
Broxygen also no longer attempts to get the mtime of the bro executable
when bro wasn't invoked with the "-X" option.
The wordexp function doesn't exist in OpenBSD. Skipping this
functionality only affects users who have bro installed in a directory
in the PATH and the directory name as it appears in PATH starts with
a tilde (e.g. "~/bin"). A simple workaround for affected users
would be to change the PATH environment variable to not contain any
tildes.
At one place in the code, we do not check the correct return code. This
makes it possible for a reply to get a response of "good", when the ocsp
reply is not actually signed by the responder in question.
This also instructs ocsp verication to skip certificate chain
validation, which we do ourselves earlier because the OCSP verify
function cannot do it correctly (no way to pass timestamp).
The definition of a "struct pcap_pkthdr" on OpenBSD contains a member
of type "struct bpf_timeval" instead of "struct timeval" used on other
systems.
Also, on OpenBSD the header netinet/if_ether.h does not #include
net/if_arp.h as it does on other systems.
KerberosString formatting for principal name to be compliant with RFC 4120 section 5.2.2, which states that there can be a few components (and in practice we have seen 3, more than the 1 or 2 that is typical)
Moved the definitions of DCE_RPC::BackingState and DCE_RPC::State types
into the export block. These types are used in the redef of the
"connection" record.
* origin/topic/seth/smb-auth-fixes:
Disable SMB2 error data parsing.
Removed some files that aren't being used.
Fix SMB tree connect handling.
Fix a small issue where DCE_RPC commands were improperly being logged.
SMB fixes and cleanup.
Including a test for raw NTLM in SMB
Updates for SMB auth handling from Martin van Hensbergen.
BIT-1721 #merged
