]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
projects / thirdparty / snort3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f0fed2c)
Merge pull request #2579 in SNORT/snort3 from ~SATHIRKA/snort3:client_login_failure...
authorShravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Fri, 6 Nov 2020 01:51:48 +0000 (01:51 +0000)
committerShravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Fri, 6 Nov 2020 01:51:48 +0000 (01:51 +0000)
Squashed commit of the following:

commit 2e0205b16c0c50de6348a5b7a5999eb0aa59d483
Author: Sreeja Athirkandathil Narayanan <sathirka@cisco.com>
Date:   Fri Oct 23 16:35:57 2020 -0400

    appid: Support client login failure event

19 files changed:
src/network_inspectors/appid/appid_app_descriptor.cc patch | blob | blame | history
src/network_inspectors/appid/appid_app_descriptor.h patch | blob | blame | history
src/network_inspectors/appid/appid_detector.cc patch | blob | blame | history
src/network_inspectors/appid/appid_http_session.cc patch | blob | blame | history
src/network_inspectors/appid/appid_session.cc patch | blob | blame | history
src/network_inspectors/appid/appid_session.h patch | blob | blame | history
src/network_inspectors/appid/appid_session_api.cc patch | blob | blame | history
src/network_inspectors/appid/appid_session_api.h patch | blob | blame | history
src/network_inspectors/appid/detector_plugins/detector_imap.cc patch | blob | blame | history
src/network_inspectors/appid/detector_plugins/detector_pop3.cc patch | blob | blame | history
src/network_inspectors/appid/test/appid_api_test.cc patch | blob | blame | history
src/network_inspectors/appid/test/appid_discovery_test.cc patch | blob | blame | history
src/network_inspectors/appid/test/appid_http_session_test.cc patch | blob | blame | history
src/network_inspectors/appid/test/appid_mock_definitions.h patch | blob | blame | history
src/network_inspectors/appid/test/appid_mock_session.h patch | blob | blame | history
src/network_inspectors/appid/test/appid_session_api_test.cc patch | blob | blame | history
src/network_inspectors/appid/tp_appid_utils.cc patch | blob | blame | history
src/network_inspectors/rna/rna_app_discovery.cc patch | blob | blame | history
src/pub_sub/appid_events.h patch | blob | blame | history

diff --git a/src/network_inspectors/appid/appid_app_descriptor.cc b/src/network_inspectors/appid/appid_app_descriptor.cc
index 2430e38a6fa8e994068a8d1db1d34b1d7f25896d..22c4fd7202bf38560b4b02e7c7d1f0854fc3dacc 100644 (file)
--- a/src/network_inspectors/appid/appid_app_descriptor.cc
+++ b/src/network_inspectors/appid/appid_app_descriptor.cc
@@ -77,7 +77,7 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidC
     if ( my_username != username )
     {
         my_username = username;
-        change_bits.set(APPID_CLIENT_USERNAME_BIT);
+        change_bits.set(APPID_USER_INFO_BIT);
     }
 
     if ( my_user_id != app_id )
@@ -86,7 +86,7 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidC
         if ( app_id > APP_ID_NONE )
         {
             AppIdPegCounts::inc_user_count(app_id);
-            change_bits.set(APPID_CLIENT_USERID_BIT);
+            change_bits.set(APPID_USER_INFO_BIT);
         }
     }
 }
diff --git a/src/network_inspectors/appid/appid_app_descriptor.h b/src/network_inspectors/appid/appid_app_descriptor.h
index 6210a11afd4bfe0240d8fdd55f474f53261a1754..89b5d2701b5a5787235c616843dbf227c1f61cbf 100644 (file)
--- a/src/network_inspectors/appid/appid_app_descriptor.h
+++ b/src/network_inspectors/appid/appid_app_descriptor.h
@@ -53,10 +53,10 @@ public:
         my_version.clear();
     }
 
-    virtual void update(AppId id, AppidChangeBits& change_bits, char* version)
+    virtual void update(AppId id, char* version)
     {
         set_id(id);
-        set_version(version, change_bits);
+        set_version(version);
     }
 
     virtual void update_stats(AppId id, bool increment = true) = 0;
@@ -80,13 +80,10 @@ public:
         return my_version.empty() ? nullptr : my_version.c_str();
     }
 
-    void set_version(const char* version, AppidChangeBits& change_bits)
+    void set_version(const char* version)
     {
         if ( version )
-        {
             my_version = version;
-            change_bits.set(APPID_VERSION_BIT);
-        }
     }
 
 private:
@@ -159,7 +156,7 @@ public:
         if ( vendor )
         {
             my_vendor = vendor;
-            change_bits.set(APPID_SERVICE_VENDOR_BIT);
+            change_bits.set(APPID_SERVICE_INFO_BIT);
         }
     }
 
@@ -170,7 +167,7 @@ public:
         for (tmp_subtype = &subtype; *tmp_subtype; tmp_subtype = &(*tmp_subtype)->next)
             ;
         *tmp_subtype = &more_subtype;
-        change_bits.set(APPID_SERVICE_SUBTYPE_BIT);
+        change_bits.set(APPID_SERVICE_INFO_BIT);
     }
 
     const AppIdServiceSubtype* get_subtype() const
diff --git a/src/network_inspectors/appid/appid_detector.cc b/src/network_inspectors/appid/appid_detector.cc
index f5c681517327fefe5555a1d76ad126ebc798373f..93479451c45be2963ac44958668da17a684a6b5f 100644 (file)
--- a/src/network_inspectors/appid/appid_detector.cc
+++ b/src/network_inspectors/appid/appid_detector.cc
@@ -83,9 +83,9 @@ void AppIdDetector::add_user(AppIdSession& asd, const char* username, AppId appI
 {
     asd.set_client_user(appId, username, change_bits);
     if ( success )
-        change_bits.set(APPID_CLIENT_LOGIN_SUCCEEDED_BIT);
+        asd.set_user_logged_in();
     else
-        change_bits.reset(APPID_CLIENT_LOGIN_SUCCEEDED_BIT);
+        asd.clear_user_logged_in();
 }
 
 void AppIdDetector::add_payload(AppIdSession& asd, AppId payload_id)
diff --git a/src/network_inspectors/appid/appid_http_session.cc b/src/network_inspectors/appid/appid_http_session.cc
index 03609acd7de595ffdd2aa9f31fbdff4b10637135..5d348016749ddba0a21a311efb64e0be97febe18 100644 (file)
--- a/src/network_inspectors/appid/appid_http_session.cc
+++ b/src/network_inspectors/appid/appid_http_session.cc
@@ -381,7 +381,7 @@ void AppIdHttpSession::process_chp_buffers(AppidChangeBits& change_bits, HttpPat
             else
                 client.update_user(asd.get_service_id(), user, change_bits);
             user = nullptr;
-            change_bits.set(APPID_CLIENT_LOGIN_SUCCEEDED_BIT);
+            asd.set_user_logged_in();
         }
 
         chp_candidate = 0;
@@ -409,7 +409,11 @@ void AppIdHttpSession::set_client(AppId app_id, AppidChangeBits& change_bits, co
 
     client.set_id(app_id);
     change_bits.set(APPID_CLIENT_BIT);
-    client.set_version(version, change_bits);
+    if (version)
+    {
+        client.set_version(version);
+        change_bits.set(APPID_CLIENT_INFO_BIT);
+    }
 
     if (appidDebug->is_active())
     {
@@ -427,7 +431,7 @@ void AppIdHttpSession::set_payload(AppId app_id, AppidChangeBits& change_bits, c
 
     payload.set_id(app_id);
     change_bits.set(APPID_PAYLOAD_BIT);
-    payload.set_version(version, change_bits);
+    payload.set_version(version);
 
     if (appidDebug->is_active())
     {
diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc
index f68647f7aa7a4fcc26034b71e3f58b7c97c46c33..2814c1a66f3aed2be2620caaad799ceef6aa61c5 100644 (file)
--- a/src/network_inspectors/appid/appid_session.cc
+++ b/src/network_inspectors/appid/appid_session.cc
@@ -516,7 +516,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits)
         {
             if (api.client.get_id() == APP_ID_NONE or api.client.get_id() == APP_ID_SSL_CLIENT)
                 set_client_appid_data(client_id, change_bits);
-            set_payload_appid_data(payload_id, change_bits);
+            set_payload_appid_data(payload_id);
         }
         scan_flags &= ~SCAN_SSL_HOST_FLAG;
     }
@@ -528,7 +528,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits)
         {
             if (api.client.get_id() == APP_ID_NONE or api.client.get_id() == APP_ID_SSL_CLIENT)
                 set_client_appid_data(client_id, change_bits);
-            set_payload_appid_data(payload_id, change_bits);
+            set_payload_appid_data(payload_id);
         }
         scan_flags &= ~SCAN_SSL_CERTIFICATE_FLAG;
     }
@@ -539,7 +539,7 @@ void AppIdSession::examine_ssl_metadata(AppidChangeBits& change_bits)
             client_id, payload_id))
         {
             set_client_appid_data(client_id, change_bits);
-            set_payload_appid_data(payload_id, change_bits);
+            set_payload_appid_data(payload_id);
         }
         tsession->set_tls_org_unit(nullptr, 0);
     }
@@ -603,10 +603,13 @@ void AppIdSession::set_client_appid_data(AppId id, AppidChangeBits& change_bits,
                 return;
         api.client.set_id(id);
     }
-    api.client.set_version(version, change_bits);
+    if (!version)
+        return;
+    api.client.set_version(version);
+    change_bits.set(APPID_CLIENT_INFO_BIT);
 }
 
-void AppIdSession::set_payload_appid_data(AppId id, AppidChangeBits& change_bits, char* version)
+void AppIdSession::set_payload_appid_data(AppId id, char* version)
 {
     if (id <= APP_ID_NONE)
         return;
@@ -615,7 +618,7 @@ void AppIdSession::set_payload_appid_data(AppId id, AppidChangeBits& change_bits
         odp_ctxt.get_app_info_mgr().get_priority(id))
         return;
     api.payload.set_id(id);
-    api.payload.set_version(version, change_bits);
+    api.payload.set_version(version);
 }
 
 void AppIdSession::set_service_appid_data(AppId id, AppidChangeBits& change_bits, char* version)
@@ -631,7 +634,9 @@ void AppIdSession::set_service_appid_data(AppId id, AppidChangeBits& change_bits
         return;
     }
 
-    api.service.update(id, change_bits, version);
+    api.service.update(id, version);
+    if (version)
+        change_bits.set(APPID_SERVICE_INFO_BIT);
 }
 
 bool AppIdSession::is_svc_taking_too_much_time() const
diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h
index 65c86b74b1921f926aa75c0e94e88e1ceb2a2779..31ad3525d949a3ca6926d9f01b91c8329f982242 100644 (file)
--- a/src/network_inspectors/appid/appid_session.h
+++ b/src/network_inspectors/appid/appid_session.h
@@ -358,7 +358,7 @@ public:
     void examine_ssl_metadata(AppidChangeBits& change_bits);
     void set_client_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
     void set_service_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
-    void set_payload_appid_data(AppId, AppidChangeBits& change_bits, char* version = nullptr);
+    void set_payload_appid_data(AppId, char* version = nullptr);
     void check_app_detection_restart(AppidChangeBits& change_bits,
         ThirdPartyAppIdContext* tp_appid_ctxt);
     void check_ssl_detection_restart(AppidChangeBits& change_bits,
@@ -474,7 +474,10 @@ public:
 
     void set_service_version(const char* version, AppidChangeBits& change_bits)
     {
-        api.service.set_version(version, change_bits);
+        if (!version)
+            return;
+        api.service.set_version(version);
+        change_bits.set(APPID_SERVICE_INFO_BIT);
     }
 
     void set_service_vendor(const char* vendor, AppidChangeBits& change_bits)
@@ -504,7 +507,10 @@ public:
 
     void set_client_version(const char* version, AppidChangeBits& change_bits)
     {
-        api.client.set_version(version, change_bits);
+        if (!version)
+            return;
+        api.client.set_version(version);
+        change_bits.set(APPID_CLIENT_INFO_BIT);
     }
 
     const char* get_client_user() const
@@ -585,6 +591,16 @@ public:
         return service_ip.is_set();
     }
 
+    void set_user_logged_in()
+    {
+        api.set_user_logged_in();
+    }
+
+    void clear_user_logged_in()
+    {
+        api.clear_user_logged_in();
+    }
+
 private:
     uint16_t prev_http2_raw_packet = 0;
 
diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc
index 84f97f7027fa503837213acb798d70afb9776213..00511ad1e00800f57c45538bd9a07afbf2b80b8b 100644 (file)
--- a/src/network_inspectors/appid/appid_session_api.cc
+++ b/src/network_inspectors/appid/appid_session_api.cc
@@ -56,9 +56,10 @@ void AppIdSessionApi::get_service_info(const char*& vendor, const char*& version
     subtype = service.get_subtype();
 }
 
-const char* AppIdSessionApi::get_client_info(AppId& service) const
+const char* AppIdSessionApi::get_user_info(AppId& service, bool& login) const
 {
     service = client.get_user_id();
+    login = user_logged_in;
     return client.get_username();
 }
 
@@ -244,7 +245,7 @@ bool AppIdSessionApi::is_appid_available() const
         asd->get_session_flags(APPID_SESSION_NO_TPI)) );
 }
 
-const char* AppIdSessionApi::get_client_version(uint32_t stream_index) const
+const char* AppIdSessionApi::get_client_info(uint32_t stream_index) const
 {
     if (uint32_t num_hsessions = get_hsessions_size())
     {
diff --git a/src/network_inspectors/appid/appid_session_api.h b/src/network_inspectors/appid/appid_session_api.h
index 972ef7d59eef104f873583934a877c7f90c8b7da..0e896a6666c6a7d8f47184d429b272ef5b05c8c2 100644 (file)
--- a/src/network_inspectors/appid/appid_session_api.h
+++ b/src/network_inspectors/appid/appid_session_api.h
@@ -106,7 +106,7 @@ public:
     AppId get_service_app_id() const;
     void get_service_info(const char*& vendor, const char*& version,
         const AppIdServiceSubtype*& subtype) const;
-    const char* get_client_info(AppId& service) const;
+    const char* get_user_info(AppId& service, bool& login) const;
     AppId get_misc_app_id(uint32_t stream_index = 0) const;
     AppId get_client_app_id(uint32_t stream_index = 0) const;
     AppId get_payload_app_id(uint32_t stream_index = 0) const;
@@ -117,7 +117,7 @@ public:
         uint32_t stream_index = 0) const;
     bool is_appid_inspecting_session() const;
     bool is_appid_available() const;
-    const char* get_client_version(uint32_t stream_index = 0) const;
+    const char* get_client_info(uint32_t stream_index = 0) const;
     uint64_t get_appid_session_attribute(uint64_t flag) const;
     const SfIp* get_initiator_ip() const;
     const AppIdDnsSession* get_dns_session() const;
@@ -145,6 +145,10 @@ public:
         return session_id;
     }
 
+    void set_user_logged_in() { user_logged_in = true; }
+
+    void clear_user_logged_in() { user_logged_in = false; }
+
 protected:
     AppIdSessionApi(const AppIdSession* asd, const SfIp& ip);
 
@@ -160,6 +164,7 @@ private:
     ServiceAppDescriptor service;
     char* tls_host = nullptr;
     std::string session_id;
+    bool user_logged_in = false;
 
     // Following two fields are used only for non-http sessions. For HTTP traffic,
     // these fields are maintained inside AppIdHttpSession.
diff --git a/src/network_inspectors/appid/detector_plugins/detector_imap.cc b/src/network_inspectors/appid/detector_plugins/detector_imap.cc
index d719876af69dfd5894b97d19124d9284e773faef..e54b55f2ef75daccc0a1aa8b36c580e9e0fd8e44 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_imap.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_imap.cc
@@ -300,7 +300,7 @@ static int imap_server_validate(ImapDetectorData* dd, const uint8_t* data, uint1
             if ((id->pos < (sizeof(id->tagValue) - 1))
                 && (isImapTagChar(*data)))
             {
-                id->tagValue[id->pos] = *data;
+                id->tagValue[id->pos++] = *data;
             }
             else
             {
diff --git a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
index e0e59b1677d2bd4d05cb8933860a0313b3f59923..1ccf77b3ba0a8f300aaec8ff3eaac4a8aa829a6b 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
+++ b/src/network_inspectors/appid/detector_plugins/detector_pop3.cc
@@ -361,14 +361,18 @@ static int pop3_server_validate(POP3DetectorData* dd, const uint8_t* data, uint1
             }
             else
             {
-                pop3_service_detector->add_user(asd, dd->client.username, APP_ID_POP3, true, change_bits);
-                snort_free(dd->client.username);
-                dd->client.username = nullptr;
-                dd->need_continue = 0;
-                asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
-                dd->client.got_user = 1;
-                if (dd->client.detected)
-                    asd.set_client_detected();
+                if (dd->client.state == POP3_CLIENT_STATE_TRANS)
+                {
+                    pop3_service_detector->add_user(asd, dd->client.username, APP_ID_POP3, true, change_bits);
+                    snort_free(dd->client.username);
+                    dd->client.username = nullptr;
+                    dd->need_continue = 0;
+                    asd.clear_session_flags(APPID_SESSION_CLIENT_GETS_SERVER_PACKETS);
+                    if (dd->client.detected)
+                        asd.set_client_detected();
+                }
+                else
+                    dd->client.got_user = 1;
             }
         }
         if (server && begin)
diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc
index bd28c870c66cf1bfd68cdebc558d0e99b4ff5766..38d167835a504a04e0b03b919143d5dbce61338f 100644 (file)
--- a/src/network_inspectors/appid/test/appid_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_api_test.cc
@@ -331,7 +331,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     CHECK_EQUAL(service, APPID_UT_ID);
     CHECK_EQUAL(client, APPID_UT_ID);
     CHECK_EQUAL(payload, APPID_UT_ID);
-    STRCMP_EQUAL("Published change_bits == 00000000000000000000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000000000000", test_log);
 
     service = APP_ID_NONE;
     client = APP_ID_NONE;
@@ -344,7 +344,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
-    STRCMP_EQUAL("Published change_bits == 00000000000100011000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000100011000", test_log);
 
     mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits);
     mock_session->tsession->set_tls_cname("www.cisco.com", 13, change_bits);
@@ -360,7 +360,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Cisco");
-    STRCMP_EQUAL("Published change_bits == 00000000000100011000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000100011000", test_log);
 
     string host = "";
     val = appid_api.ssl_app_group_id_lookup(flow, (const char*)(host.c_str()), nullptr,
@@ -371,7 +371,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Google");
-    STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000100000000", test_log);
     mock().checkExpectations();
 }
 
diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc
index 717f9a31c3ce4d562031f4d4ac388129bf6aa92b..919cbff5b6fca521303dcc2c47d892d9546326ac 100644 (file)
--- a/src/network_inspectors/appid/test/appid_discovery_test.cc
+++ b/src/network_inspectors/appid/test/appid_discovery_test.cc
@@ -376,7 +376,7 @@ TEST(appid_discovery_tests, event_published_when_ignoring_flow)
 
     // Detect changes in service, client, payload, and misc appid
     mock().checkExpectations();
-    STRCMP_EQUAL("Published change_bits == 00000000000001111100", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000001111100", test_log);
 
     delete &asd->get_api();
     delete asd;
@@ -408,7 +408,7 @@ TEST(appid_discovery_tests, event_published_when_processing_flow)
 
     // Detect changes in service, client, payload, and misc appid
     mock().checkExpectations();
-    STRCMP_EQUAL("Published change_bits == 00000000000001111100", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000001111100", test_log);
     delete &asd->get_api();
     delete asd;
     delete flow;
@@ -426,7 +426,7 @@ TEST(appid_discovery_tests, change_bits_for_client_version)
     asd->set_client_version(version, change_bits);
 
     // Detect changes in client version
-    CHECK_EQUAL(change_bits.test(APPID_VERSION_BIT), true);
+    CHECK_EQUAL(change_bits.test(APPID_CLIENT_INFO_BIT), true);
     delete &asd->get_api();
     delete asd;
 }
@@ -503,11 +503,11 @@ TEST(appid_discovery_tests, change_bits_to_string)
     change_bits.set();
     change_bits_to_string(change_bits, str);
     STRCMP_EQUAL(str.c_str(), "created, reset, service, client, payload, misc, referred, host,"
-        " tls-host, url, user-agent, response, referrer, dns-host, version, service-vendor, service-subtype,"
-        " client-username, client-userid, client-login-succeeded");
+        " tls-host, url, user-agent, response, referrer, dns-host, service-info, client-info,"
+        " user-info");
 
     // Failure of this test is a reminder that enum is changed, hence translator needs update
-    CHECK_EQUAL(APPID_MAX_BIT, 20);
+    CHECK_EQUAL(APPID_MAX_BIT, 17);
 }
 
 int main(int argc, char** argv)
diff --git a/src/network_inspectors/appid/test/appid_http_session_test.cc b/src/network_inspectors/appid/test/appid_http_session_test.cc
index 7380dcf2941ba65d89111f1e31217009fb04d8e6..bfef312cf74f5997b13de73cb60b4481ef05a6b1 100644 (file)
--- a/src/network_inspectors/appid/test/appid_http_session_test.cc
+++ b/src/network_inspectors/appid/test/appid_http_session_test.cc
@@ -126,7 +126,7 @@ void AppIdSession::set_service_appid_data(AppId, AppidChangeBits&, char*)
 {
 }
 
-void AppIdSession::set_payload_appid_data(AppId, AppidChangeBits&, char*)
+void AppIdSession::set_payload_appid_data(AppId, char*)
 {
 }
 
diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h
index 46e4eec01863645ff3ac261a8429128ad9ec3247..957c65750b526753c23a4adfe3df82fb84fb84e2 100644 (file)
--- a/src/network_inspectors/appid/test/appid_mock_definitions.h
+++ b/src/network_inspectors/appid/test/appid_mock_definitions.h
@@ -67,8 +67,7 @@ void ClientAppDescriptor::update_user(AppId app_id, const char* username, AppidC
 {
     my_username = username;
     my_user_id = app_id;
-    change_bits.set(APPID_CLIENT_USERNAME_BIT);
-    change_bits.set(APPID_CLIENT_USERID_BIT);
+    change_bits.set(APPID_USER_INFO_BIT);
 }
 void ClientAppDescriptor::update_stats(AppId, bool) {}
 void PayloadAppDescriptor::update_stats(AppId, bool) {}
diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h
index afe169adaa9f0cc9aebf75c7850f3b8946572855..f2be49fb9d62a90cbcb31ed0d1cd820148ca3f14 100644 (file)
--- a/src/network_inspectors/appid/test/appid_mock_session.h
+++ b/src/network_inspectors/appid/test/appid_mock_session.h
@@ -160,7 +160,8 @@ AppIdHttpSession* AppIdSession::create_http_session(uint32_t)
     AppidChangeBits change_bits;
 
     hsession->client.set_id(APPID_UT_ID);
-    hsession->client.set_version(APPID_UT_CLIENT_VERSION, change_bits);
+    hsession->client.set_version(APPID_UT_CLIENT_VERSION);
+    change_bits.set(APPID_CLIENT_INFO_BIT);
     hsession->payload.set_id(APPID_UT_ID);
     hsession->misc_app_id = APPID_UT_ID;
     hsession->referred_payload_app_id = APPID_UT_ID;
diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc
index b7796aa6ed9c1582b424044a75ca1cb78a375283..25c142f3d94be1a332aada9177a01b31c68956d4 100644 (file)
--- a/src/network_inspectors/appid/test/appid_session_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_session_api_test.cc
@@ -215,15 +215,15 @@ TEST(appid_session_api, is_appid_available)
     CHECK_TRUE(val);
 }
 
-TEST(appid_session_api, get_client_version)
+TEST(appid_session_api, get_client_info)
 {
     const char* val;
-    val = mock_session->get_api().get_client_version();
+    val = mock_session->get_api().get_client_info();
     STRCMP_EQUAL(val, APPID_UT_CLIENT_VERSION);
     mock_session->create_http_session();
-    val = mock_session->get_api().get_client_version(0);
+    val = mock_session->get_api().get_client_info(0);
     STRCMP_EQUAL(APPID_UT_CLIENT_VERSION, val);
-    val = mock_session->get_api().get_client_version(2);
+    val = mock_session->get_api().get_client_info(2);
     STRCMP_EQUAL(nullptr, val);
 }
 TEST(appid_session_api, get_http_session)
diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc
index 1cc58a004ae9c89a44719fc1823ade6d2ee74659..3b13cb2d1161444caeb7f3eda72094834e6000c2 100644 (file)
--- a/src/network_inspectors/appid/tp_appid_utils.cc
+++ b/src/network_inspectors/appid/tp_appid_utils.cc
@@ -491,7 +491,7 @@ static inline void process_ftp_control(AppIdSession& asd,
         (field=attribute_data.ftp_command_user()) != nullptr)
     {
         asd.set_client_user(APP_ID_FTP_CONTROL, field->c_str(), change_bits);
-        change_bits.set(APPID_CLIENT_LOGIN_SUCCEEDED_BIT);
+        asd.set_user_logged_in();
     }
 }
 
diff --git a/src/network_inspectors/rna/rna_app_discovery.cc b/src/network_inspectors/rna/rna_app_discovery.cc
index bb7400744eafd8e9e9bada1c5e47b31be326a554..65e55ea5f73a7c65d910982e4049db378bfd9284 100644 (file)
--- a/src/network_inspectors/rna/rna_app_discovery.cc
+++ b/src/network_inspectors/rna/rna_app_discovery.cc
@@ -83,7 +83,7 @@ void RnaAppDiscovery::process(AppidEvent* appid_event, DiscoveryFilter& filter,
         if ( appid_change_bits[APPID_CLIENT_BIT] and client > APP_ID_NONE
             and service > APP_ID_NONE )
         {
-            const char* version = appid_session_api.get_client_version();
+            const char* version = appid_session_api.get_client_info();
             if ( p->packet_flags & PKT_FROM_SERVER )
             {
                 auto cht = host_cache.find(p->flow->client_ip);
@@ -105,7 +105,7 @@ void RnaAppDiscovery::process(AppidEvent* appid_event, DiscoveryFilter& filter,
         }
     }
 
-    if ( appid_change_bits[APPID_SERVICE_VENDOR_BIT] or appid_change_bits[APPID_VERSION_BIT] )
+    if ( appid_change_bits[APPID_SERVICE_INFO_BIT] )
     {
         const char* vendor;
         const char* version;
@@ -117,18 +117,19 @@ void RnaAppDiscovery::process(AppidEvent* appid_event, DiscoveryFilter& filter,
 
     if ( conf->enable_banner_grab and p->is_from_server() and
         (appid_change_bits[APPID_RESPONSE_BIT] or
-        ((appid_change_bits[APPID_SERVICE_VENDOR_BIT] or appid_change_bits[APPID_VERSION_BIT])) or
-        (appid_change_bits[APPID_SERVICE_BIT])) )
+        appid_change_bits[APPID_SERVICE_INFO_BIT] or
+        appid_change_bits[APPID_SERVICE_BIT]) )
     {
         discover_banner(p, proto, ht, &p->flow->server_ip, src_mac, logger, service);
     }
 
     // Appid supports only login success event. Change checks once login failure and
     // logoff is supported
-    if ( appid_change_bits[APPID_CLIENT_LOGIN_SUCCEEDED_BIT] and filter.is_user_monitored(p) )
+    if ( appid_change_bits[APPID_USER_INFO_BIT] and filter.is_user_monitored(p) )
     {
-        const char* username = appid_session_api.get_client_info(service);
-        if ( service > APP_ID_NONE and username and *username )
+        bool login;
+        const char* username = appid_session_api.get_user_info(service, login);
+        if ( login and service > APP_ID_NONE and username and *username )
             discover_user(p, ht, (const struct in6_addr*) p->ptrs.ip_api.get_dst()->get_ip6_ptr(),
                 logger, username, service, proto);
     }
diff --git a/src/pub_sub/appid_events.h b/src/pub_sub/appid_events.h
index 25a8c28e37b370e44e7cd13981954b68031f9c79..928c6bb315b2aa506d44da22ae17b1f4d3272e63 100644 (file)
--- a/src/pub_sub/appid_events.h
+++ b/src/pub_sub/appid_events.h
@@ -59,12 +59,9 @@ enum AppidChangeBit
     APPID_DNS_HOST_BIT,
 
     // other
-    APPID_VERSION_BIT,
-    APPID_SERVICE_VENDOR_BIT,
-    APPID_SERVICE_SUBTYPE_BIT,
-    APPID_CLIENT_USERNAME_BIT,
-    APPID_CLIENT_USERID_BIT,
-    APPID_CLIENT_LOGIN_SUCCEEDED_BIT,
+    APPID_SERVICE_INFO_BIT,
+    APPID_CLIENT_INFO_BIT,
+    APPID_USER_INFO_BIT,
 
     APPID_MAX_BIT
 };
@@ -103,18 +100,12 @@ inline void change_bits_to_string(AppidChangeBits& change_bits, std::string& str
         --n? str.append("referrer, ") : str.append("referrer");
     if (change_bits.test(APPID_DNS_HOST_BIT))
         --n? str.append("dns-host, ") : str.append("dns-host");
-    if (change_bits.test(APPID_VERSION_BIT))
-        --n? str.append("version, ") : str.append("version");
-    if (change_bits.test(APPID_SERVICE_VENDOR_BIT))
-        --n? str.append("service-vendor, ") : str.append("service-vendor");
-    if (change_bits.test(APPID_SERVICE_SUBTYPE_BIT))
-        --n? str.append("service-subtype, ") : str.append("service-subtype");
-    if (change_bits.test(APPID_CLIENT_USERNAME_BIT))
-        --n? str.append("client-username, ") : str.append("client-username");
-    if (change_bits.test(APPID_CLIENT_USERID_BIT))
-        --n? str.append("client-userid, ") : str.append("client-userid");
-    if (change_bits.test(APPID_CLIENT_LOGIN_SUCCEEDED_BIT))
-        --n? str.append("client-login-succeeded, ") : str.append("client-login-succeeded");
+    if (change_bits.test(APPID_SERVICE_INFO_BIT))
+        --n? str.append("service-info, ") : str.append("service-info");
+    if (change_bits.test(APPID_CLIENT_INFO_BIT))
+        --n? str.append("client-info, ") : str.append("client-info");
+    if (change_bits.test(APPID_USER_INFO_BIT))
+        --n? str.append("user-info, ") : str.append("user-info");
     if (n != 0) // make sure all bits from AppidChangeBit enum get translated
         str.append("change_bits_to_string error!");
 }
Mirror of https://github.com/snort3/snort3.git