From ec9356c379cba934864c751ba07a9537bd01c1ca Mon Sep 17 00:00:00 2001 From: Pierre Chifflier Date: Wed, 13 Nov 2024 16:39:03 +0100 Subject: [PATCH] ldap: add test for STARTTLS extended operation --- tests/ldap-starttls/input.pcap | Bin 0 -> 7401 bytes tests/ldap-starttls/test.yaml | 27 +++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 tests/ldap-starttls/input.pcap create mode 100644 tests/ldap-starttls/test.yaml diff --git a/tests/ldap-starttls/input.pcap b/tests/ldap-starttls/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..681bf12ac89473fa20904c108714568b8c6fc336 GIT binary patch literal 7401 zc-pO*2{@G9|HjWOb|UL!$slXRFeqEL?1Yr;dktADBt>>vQ_1=&YhqOPB}z&v#u^D( zv%ClqLg@cY-nKWt|E23~uIre2%z5VXz3=aRjyae1CxvNnfCS$kNC1O=UQi_*3E-s! z7SL-8@be?2*NXTgK&tSsH(>w1zDfxTUZ)qu5-(EWxw!xX037+b76~V(gzwKC{W1xG zAS2SQ{%0C2_$nn1-<}T<#Z&2jr4h$h+I@&-2;F43ISsvKZQ>BIz>f}Q2n2{Fd?yhp zwEUF71DfoyIYs_ADJY1d_A>>;0f)iPqWqXeg|Wht!lJ_B&=3`uloS@jV6gj$MeO4L zuTuXpwg4)`;9pY5zDo6hD0a|fyUi)WzeyoVmHe54p@yV-kx{~+h$6oPG>rcbHPHa# zR&SzgEC8Ym=K#%U1MDogoF$>%3hm=OTDL3cSJ5Jw2A0Zl2cxLq83=7(nJ z-OP^Sv5OyQM(?^NdVOH8CjcnaSbzg6Kngg5OMn@O0R?an><1@7C}035fC!KUia-L$ zfgnH$NB|Q0V1~~yVpTNIFUXN_Bn%FN!->-RaskK#8)Fk`o?C8OH6-u(7iqpfO3UYG zMj(Jb8~~jSY0fYd1}+srY!U?sCmV>;ETKG)p&_LZ3Q-UF zNCSgWkpK)zlo`WFia3fyP}681RMbNo7-*y2kDqbJ>|~)4mB5H%MKNNc`^BV8SZKtc zOR@d`T>d|I`rrJK0wVzk|0sa*4}<&rgCvJD@decuwx>M>rH!gPV+-8gK7^ljDn-NG zS6p4ax%=rut*W9$(1ej|(hDn3!!r)6dK?)#ojZ6-xRi--c9)xHAo*b@r_x6pwl4O` zj9n$;*@hzZY-@7GF0b=_bG&wC>x*2h2%oYmF=3lp!i-dkE92C!BzVB=%gp@l3@*bF zP~$W7Fo!T4Q0*MskjzNNd&MEz+j*MWh(+w3cqlX@PbiEyp+UxVR%kj&Bn!?Z#kyfu~IQ3Gxc-^m(Ol4?jr7% zEY&{1gz~-oG;UIb#VWS{L>@hQ=PBjR1BW#Q(s)#ZBh^uFb!J&rDub`>>8$-wu6s92 z!~F8u>26&)@*DG7MzHsb-m{Eec-m81xPs%Lf?>i;m#f@U^-H*E@P97coqSNZEj9}` z6GX8D8)FlS;8w%k$@gvfi~hR&k=vk|MBL6lDN5vjiMn_ffI+Y^Hlg5ulY)XMMZby) zp@TF5KOAHEb8sX@;8>fwt`ADn*>^9>(N~!}zwM@=5LKEsd!*UP^a&^Zg&dn5bpBx# zhyyw;Cc7&mwT8!zdbQ=5%DX9qd+qT~#xQt3d_OX67xiJ=1%88lb=7sas!El&@$1cv z$o(@}hrEzYH`naso^gtCa}9iO=Xq%|v5!e&*J&rBV4VU0%)rLjL@?i01&bMc6D<5q zumDjoBP19GBeL=f0q6l6V-r@^mRZK%Sa*JA5zY03so8G}9a>8ckvbAnLXd70k!dR| z{FE1MV6NFee$$>pR~tS2aBY6iY^}~6l`(@M#o`x2$Z z`GDZ{KBCmSW#Er|ZR!+(n#r=?0fv;&@FZ-{}`-y^rDF3s02IT-y!8XPwtd1?S zB)+kFe{Ej=Zqn9Cbs-Id7p(chG^`3o&$LbUG2pC{#6q^047BXkvWcJ{QsleB?|<){ z)NcPV$!%48D~3DTj5&i}u~#mH1`cMe-mlIZZ@4be)6kDg2q`)9!n)LhmE~dkG@uCV z*exyl8W(Y?7jeX1=Y!l|7d!o)_Oca-$!7$}a!#fQCHSRl^rO9v?vE#QsZyC7-}fxt zlRWsZb1DXj?5z{b7uJ_;G%cxd!)07dFt-Q#C-*!jT63!W&umR%eULp9n>1VCDnzl- zh66lwCw|igz&w7F0yO~U^OaIPM5M4F5HP)%B7eEz-r;xXcb?T}ZR&)SwfXp)9Ft1# zEBP{J--@*k8}MznQ0BeNdnL2ex`2?2xn&=b^NuLgoDI zQv~;3HHQXvt8zSJgQ=#*{*;}O<^;W1)5QQQj+8d7y1RWU?)2{p!zS@UN}Qvb!-CD!)e%-8EWBw9CrLxuw5zg>w}SudQss@t9U zd_iTHng1b&WsSxsiet)`2g#mkyTK)c2=*V*M*4r*YFB49XY_iM$3~qxXgB}LGm>sf zT1A!Ex-}g*kb&AEvw7=Cw!C&G*6GEuQ0rV_G(WbkdI)MA7~qX>%Az`PxAd))Bx~p^ zdk)X89V#(8##UT4tEF})B=7YQZZuoUIvGcpw$VPTPx>TmGUYA97rT0LDXi&?_u=|^mnwbhO6J5R!zouE>+y_P zo`?Kk|L@RX0et3SmHp}w~wp2;L=|9JY{6B3~Dr|Ba}ou--R9vC}zFZL$R2js;{T7KN6J!yx9ObJfO0*s%d%{$mbrS97 zNTuICNe^}pjI_9^uQ%88dcM)trSv&nWPKq;JF(O^P^mJ|(Mo3XPjG-`w7*G6T3A@SqLBXBXFoIxx1)7q(BL57vk0ZY4!-OpZ!ZGrknOxlU1Dy^ z@+AtJ>8E)!G3U$sB-}d458dqChXuxC&$WW3QmoW(ed_T!&)Yz1^lC@?l#cLX<~$RJ zilRW|NGj8S^MtqcEZj-zkH0;-Xn0{t0J{NveBj$YOI6jLv$t@xJ zwy|uuvJ>`i!r2akJ5>G7xbEF3M?{f=q+oUg#qsOL+KKV+i|P<=PnFyKDM?DZFgx}7 z#yvf~17%GjPM*M%Oh(Ss5C+3>MW*m?<+Un(&XegoSbe@ojNd4 z7#hcuespaBYhq{r(2Ol})?>7tq|CjF=P8!QZ}C8Ryd$Am;Xwc&>h)_LNU|f2nw?mzD zG-yHvV{6fYmKENwmsGKwiZpZTBv(u7_ZoR2L15dLuoBdi=#U(eXE2V8{k*TLf2try zUi-jfZ99sv4&SzWiH8RLkJ4G5@)up&b!GT*Qo3G1nwF_v#-($?+STi971BMWmor|n z4f9!_t6M-U=Zv1w?!)cu&v$&2P?0uIJ*{~S-MDBMCY2me|E%Qtf+$X}(2IoNv)c zs8W;={XlVPk4negXY943$ng_9%3>~cOTmuKK0hw5=0;zB28k6&WgBd-su1;Na`VSi z!XG=3PWCV_y;)_pvI4R%u&le~4#_)^8Fhj+Rxj5zMZaSKT$C?`m-C*@1+7+!slT~C z)~r?h&?G298+Fd5=VZZMKV^mP-RiPK;Sai^i&k=zdLnBq^;sQ`6guB(Sc^Qts;m?H zV3%l8ZNdxSo50S^Pm8J`x$iOEkF`qUM^wX{GjXfIc^pZYb zw(-UvqgKm7+{RPAkI$kcR>};b$Gft`CT|T6%;-%e4z3>42g;MCie@-hI&^2;RngE5u-^xD^0iYozY2ingPyaD`t<-RGPLNNSx-VBSWp6!K=

_QPP3@7Tc@jwRm6Hy+kfIL(t4K9G(Mkln|k?;BiC^)>BVD3 zHyp4$-FG;!%2rcF_R>*OL@WFtEB?gVmh^$_n1pS(!6Sok)wY30>b-b?pOXIMii)0z*9O{vGd{7v*v%knid%LnUpe1mvTl z71d{{32N@0kye!#j-?tVTjnLn*V6}xFvyC<@aE_2?9)pvRQ(*RcKb2!()f&z5J@}F zP+j>I6@!Q8Snyt*+-j#aX$j|~8CcbVXc!J2(BqXU6niy$r<5CQ-jvAb5`b}XcAtpL zB)y-gV7+)-FgLmno1x{>nTfK!;OZ~9@+_!9Uvi$7Xw^4H>BWz{c|-+c(L?yZj^nu<4zw_IK%ri*BE(D(PQf z)3};rvz+hS{Y=96(kT02#Wld>5Cjhn<+-FgbhIQ)zP#Ern^HAG@Y+O`|ql zRV}}B)PFfw^g#IEDpSiJz2vR#7{|-s;XQ6qqWkQs!~=4Ex!dqYG^Z%hN^i(YO~?_= V%^SwJ<%Sg#FZ782+hhme{{Sx&$?yOG literal 0 Hc-jL100001 diff --git a/tests/ldap-starttls/test.yaml b/tests/ldap-starttls/test.yaml new file mode 100644 index 000000000..56e0ab5f9 --- /dev/null +++ b/tests/ldap-starttls/test.yaml @@ -0,0 +1,27 @@ +requires: + min-version: 8 + +args: +- -k none + +pcap: input.pcap + +checks: +- filter: + count: 1 + match: + event_type: ldap + ldap.request.message_id: 1 + ldap.request.operation: extended_request + ldap.request.extended_request.name: "1.3.6.1.4.1.1466.20037" +- filter: + count: 1 + match: + event_type: tls + tls.from_proto: ldap + tls.issuerdn: CN=LDAP SSL test + tls.notafter: '2025-01-28T02:18:29' + tls.notbefore: '2015-01-31T02:18:29' + tls.serial: 00:8A:07:E0:8D:4A:B5:0A:7B + tls.subject: CN=LDAP SSL test + tls.version: TLS 1.2 -- 2.47.2