45 lines
1.2 KiB
Plaintext
45 lines
1.2 KiB
Plaintext
# This test verifies that without a keytab file no entries are
|
|
# created and no errors happen.
|
|
#
|
|
# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h
|
|
#
|
|
# @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab
|
|
# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT
|
|
# @TEST-EXEC: btest-diff .stdout
|
|
# @TEST-EXEC: btest-diff .stderr
|
|
|
|
module SMB;
|
|
|
|
export {
|
|
global get_file_handle: function(c: connection, is_orig: bool): string;
|
|
global describe_file: function(f: fa_file): string;
|
|
}
|
|
|
|
global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef;
|
|
|
|
|
|
# Stubs for testing so that we don't produce a warning due
|
|
# to missing get_file_handle() handlers for SMB.
|
|
function get_file_handle(c: connection, is_orig: bool): string
|
|
{
|
|
return cat(c$uid);
|
|
}
|
|
|
|
function describe_file(f: fa_file): string
|
|
{
|
|
return "";
|
|
}
|
|
|
|
event zeek_init() &priority=5
|
|
{
|
|
Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports);
|
|
Files::register_protocol(Analyzer::ANALYZER_SMB,
|
|
[$get_file_handle = SMB::get_file_handle,
|
|
$describe = SMB::describe_file]);
|
|
}
|
|
|
|
event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
|
|
{
|
|
print ticket?$authenticationinfo;
|
|
}
|