zeek/testing/btest/scripts/base/protocols/krb/smb2_krb.test

# This test verifies that given the proper keytab file, the
# Kerberos analyzer can open the AD ticket in the Negotiate
# Protocol Request and find the user.
#
# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h
#
# @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab
# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT
# @TEST-EXEC: btest-diff .stdout

redef KRB::keytab = "smb2_krb.keytab";
global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef;

event zeek_init() &priority=5{
	Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports);
}

event krb_ap_request(c: connection, ticket: KRB::Ticket, opts:  KRB::AP_Options){
   print ticket$authenticationinfo;
}