From: Eloy Pérez González Date: Thu, 28 Apr 2022 10:40:56 +0000 (+0200) Subject: krb5: add AS-REQ and TGS-REQ transactions X-Git-Tag: suricata-7.0.0-rc2~167 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=511dbfe17181c6c850a1490a3b167d355d0046f9;p=thirdparty%2Fsuricata.git krb5: add AS-REQ and TGS-REQ transactions Fix bug in ticket #4529 --- diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs index bceae25519..b550d1f99d 100644 --- a/rust/src/krb/krb5.rs +++ b/rust/src/krb/krb5.rs @@ -132,6 +132,16 @@ impl KRB5State { if hdr.class() != Class::Application { return 0; } match hdr.tag().0 { 10 => { + let req = krb5_parser::parse_as_req(i); + if let Ok((_,kdc_req)) = req { + let mut tx = self.new_tx(direction); + tx.msg_type = MessageType::KRB_AS_REQ; + tx.cname = kdc_req.req_body.cname; + tx.realm = Some(kdc_req.req_body.realm); + tx.sname = kdc_req.req_body.sname; + tx.etype = None; + self.transactions.push(tx); + }; self.req_id = 10; }, 11 => { @@ -152,6 +162,16 @@ impl KRB5State { self.req_id = 0; }, 12 => { + let req = krb5_parser::parse_tgs_req(i); + if let Ok((_,kdc_req)) = req { + let mut tx = self.new_tx(direction); + tx.msg_type = MessageType::KRB_TGS_REQ; + tx.cname = kdc_req.req_body.cname; + tx.realm = Some(kdc_req.req_body.realm); + tx.sname = kdc_req.req_body.sname; + tx.etype = None; + self.transactions.push(tx); + }; self.req_id = 12; }, 13 => {