ldap: fix LDAPDN nits

Change variable name 'req' to 'resp' in function ldap_tx_get_responses_dn and documentation nits

Fixes:
73ae6e997f6c ("detect: add ldap.responses.dn")
16dcee46fc8a ("detect: add ldap.request.dn")

diff --git a/doc/userguide/rules/ldap-keywords.rst b/doc/userguide/rules/ldap-keywords.rst
index b37d099bf203d6ab2905958c18a02d88e549fbc5..d33ae02a226e6c3bf03f939c1df0242e3688d491 100644 (file)
--- a/doc/userguide/rules/ldap-keywords.rst
+++ b/doc/userguide/rules/ldap-keywords.rst
@@ -173,18 +173,19 @@ Comparison is case-sensitive.
 
 Syntax::
 
- ldap.request.dn; content:dc=example,dc=com;
+ ldap.request.dn; content:"<content to match against>";
 
 ``ldap.request.dn`` is a 'sticky buffer' and can be used as a ``fast_pattern``.
 
 This keyword maps to the EVE fields:
-``ldap.request.bind_request.name``
-``ldap.request.add_request.entry``
-``ldap.request.search_request.base_object``
-``ldap.request.modify_request.object``
-``ldap.request.del_request.dn``
-``ldap.request.mod_dn_request.entry``
-``ldap.request.compare_request.entry``
+
+   - ``ldap.request.bind_request.name``
+   - ``ldap.request.add_request.entry``
+   - ``ldap.request.search_request.base_object``
+   - ``ldap.request.modify_request.object``
+   - ``ldap.request.del_request.dn``
+   - ``ldap.request.mod_dn_request.entry``
+   - ``ldap.request.compare_request.entry``
 
 Example
 ^^^^^^^
@@ -215,22 +216,23 @@ Comparison is case-sensitive.
 
 Syntax::
 
- ldap.responses.dn; content:dc=example,dc=com;
+ ldap.responses.dn; content:"<content to match against>";
 
 ``ldap.responses.dn`` is a 'sticky buffer' and can be used as a ``fast_pattern``.
 
 ``ldap.responses.dn`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
 
 This keyword maps to the EVE fields:
-``ldap.responses[].search_result_entry.base_object``
-``ldap.responses[].bind_response.matched_dn``
-``ldap.responses[].search_result_done.matched_dn``
-``ldap.responses[].modify_response.matched_dn``
-``ldap.responses[].add_response.matched_dn``
-``ldap.responses[].del_response.matched_dn``
-``ldap.responses[].mod_dn_response.matched_dn``
-``ldap.responses[].compare_response.matched_dn``
-``ldap.responses[].extended_response.matched_dn``
+
+   - ``ldap.responses[].search_result_entry.base_object``
+   - ``ldap.responses[].bind_response.matched_dn``
+   - ``ldap.responses[].search_result_done.matched_dn``
+   - ``ldap.responses[].modify_response.matched_dn``
+   - ``ldap.responses[].add_response.matched_dn``
+   - ``ldap.responses[].del_response.matched_dn``
+   - ``ldap.responses[].mod_dn_response.matched_dn``
+   - ``ldap.responses[].compare_response.matched_dn``
+   - ``ldap.responses[].extended_response.matched_dn``
 
 Example
 ^^^^^^^

diff --git a/rust/src/ldap/detect.rs b/rust/src/ldap/detect.rs
index c982be5148e726ab2b3a01e192b2a1ad94df94d3..ee5a081e5c5553d6b892f61f6b5d8b78ae1f660c 100644 (file)
--- a/rust/src/ldap/detect.rs
+++ b/rust/src/ldap/detect.rs
@@ -362,15 +362,15 @@ unsafe extern "C" fn ldap_tx_get_responses_dn(
     let response = &tx.responses[local_id as usize];
     // We expect every response in one tx to be the same protocol_op
     let str_buffer: &str = match &response.protocol_op {
-        ProtocolOp::SearchResultEntry(req) => req.object_name.0.as_str(),
-        ProtocolOp::BindResponse(req) => req.result.matched_dn.0.as_str(),
-        ProtocolOp::SearchResultDone(req) => req.matched_dn.0.as_str(),
-        ProtocolOp::ModifyResponse(req) => req.result.matched_dn.0.as_str(),
-        ProtocolOp::AddResponse(req) => req.matched_dn.0.as_str(),
-        ProtocolOp::DelResponse(req) => req.matched_dn.0.as_str(),
-        ProtocolOp::ModDnResponse(req) => req.matched_dn.0.as_str(),
-        ProtocolOp::CompareResponse(req) => req.matched_dn.0.as_str(),
-        ProtocolOp::ExtendedResponse(req) => req.result.matched_dn.0.as_str(),
+        ProtocolOp::SearchResultEntry(resp) => resp.object_name.0.as_str(),
+        ProtocolOp::BindResponse(resp) => resp.result.matched_dn.0.as_str(),
+        ProtocolOp::SearchResultDone(resp) => resp.matched_dn.0.as_str(),
+        ProtocolOp::ModifyResponse(resp) => resp.result.matched_dn.0.as_str(),
+        ProtocolOp::AddResponse(resp) => resp.matched_dn.0.as_str(),
+        ProtocolOp::DelResponse(resp) => resp.matched_dn.0.as_str(),
+        ProtocolOp::ModDnResponse(resp) => resp.matched_dn.0.as_str(),
+        ProtocolOp::CompareResponse(resp) => resp.matched_dn.0.as_str(),
+        ProtocolOp::ExtendedResponse(resp) => resp.result.matched_dn.0.as_str(),
         _ => return false,
     };