From: Victor Julien Date: Fri, 3 May 2019 07:18:47 +0000 (+0200) Subject: detect/krb5: add krb5.sname and krb5.cname X-Git-Tag: suricata-5.0.0-rc1~523 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2638f719538b0b7b942d39c1162cd71f3b9d55e;p=thirdparty%2Fsuricata.git detect/krb5: add krb5.sname and krb5.cname --- diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index 2c1a9a8232..a37441f052 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -33,7 +33,6 @@ #include "detect-krb5-cname.h" -#ifdef HAVE_RUST #include "rust.h" #include "app-layer-krb5.h" #include "rust-krb-detect-gen.h" @@ -47,7 +46,8 @@ struct Krb5PrincipalNameDataArgs { static int DetectKrb5CNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) { - DetectBufferSetActiveList(s, g_krb5_cname_buffer_id); + if (DetectBufferSetActiveList(s, g_krb5_cname_buffer_id) < 0) + return -1; if (DetectSignatureSetAppProto(s, ALPROTO_KRB5) != 0) return -1; @@ -192,9 +192,10 @@ static int PrefilterMpmKrb5CNameRegister(DetectEngineCtx *de_ctx, void DetectKrb5CNameRegister(void) { - sigmatch_table[DETECT_AL_KRB5_CNAME].name = "krb5_cname"; + sigmatch_table[DETECT_AL_KRB5_CNAME].name = "krb5.cname"; + sigmatch_table[DETECT_AL_KRB5_CNAME].alias = "krb5_cname"; sigmatch_table[DETECT_AL_KRB5_CNAME].Setup = DetectKrb5CNameSetup; - sigmatch_table[DETECT_AL_KRB5_CNAME].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_KRB5_CNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name"; DetectAppLayerMpmRegister2("krb5_cname", SIG_FLAG_TOCLIENT, 2, @@ -210,9 +211,3 @@ void DetectKrb5CNameRegister(void) g_krb5_cname_buffer_id = DetectBufferTypeGetByName("krb5_cname"); } - -#else /* NO RUST */ - -void DetectKrb5CNameRegister(void) {} - -#endif diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index dd01c7d963..5a919bfb2a 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -33,7 +33,6 @@ #include "detect-krb5-sname.h" -#ifdef HAVE_RUST #include "rust.h" #include "app-layer-krb5.h" #include "rust-krb-detect-gen.h" @@ -47,7 +46,8 @@ struct Krb5PrincipalNameDataArgs { static int DetectKrb5SNameSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg) { - DetectBufferSetActiveList(s, g_krb5_sname_buffer_id); + if (DetectBufferSetActiveList(s, g_krb5_sname_buffer_id) < 0) + return -1; if (DetectSignatureSetAppProto(s, ALPROTO_KRB5) != 0) return -1; @@ -192,9 +192,10 @@ static int PrefilterMpmKrb5SNameRegister(DetectEngineCtx *de_ctx, void DetectKrb5SNameRegister(void) { - sigmatch_table[DETECT_AL_KRB5_SNAME].name = "krb5_sname"; + sigmatch_table[DETECT_AL_KRB5_SNAME].name = "krb5.sname"; + sigmatch_table[DETECT_AL_KRB5_SNAME].alias = "krb5_sname"; sigmatch_table[DETECT_AL_KRB5_SNAME].Setup = DetectKrb5SNameSetup; - sigmatch_table[DETECT_AL_KRB5_SNAME].flags |= SIGMATCH_NOOPT; + sigmatch_table[DETECT_AL_KRB5_SNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_AL_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name"; DetectAppLayerMpmRegister2("krb5_sname", SIG_FLAG_TOCLIENT, 2, @@ -210,9 +211,3 @@ void DetectKrb5SNameRegister(void) g_krb5_sname_buffer_id = DetectBufferTypeGetByName("krb5_sname"); } - -#else /* NO RUST */ - -void DetectKrb5SNameRegister(void) {} - -#endif