/src/suricata7/rust/src/krb/log.rs

Source
/* Copyright (C) 2018 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

// written by Pierre Chifflier  <chifflier@wzdftpd.net>

use crate::jsonbuilder::{JsonBuilder, JsonError};
use crate::krb::krb5::{KRB5Transaction,test_weak_encryption};

fn krb5_log_response(jsb: &mut JsonBuilder, tx: &mut KRB5Transaction) -> Result<(), JsonError>
{
    match tx.error_code {
        Some(c) => {
            jsb.set_string("msg_type", &format!("{:?}", tx.msg_type))?;
            if let Some(req_type) = tx.req_type {
                jsb.set_string("failed_request", &format!("{:?}", req_type))?;
            } else {
                // In case we capture the response but not the request
                // we can't know the failed request type, since it could be
                // AS-REQ or TGS-REQ
                jsb.set_string("failed_request", "UNKNOWN")?;
            }
            jsb.set_string("error_code", &format!("{:?}", c))?;
        },
        None    => { jsb.set_string("msg_type", &format!("{:?}", tx.msg_type))?; },
    }
    let cname = match tx.cname {
        Some(ref x) => format!("{}", x),
        None        => "<empty>".to_owned(),
    };
    let realm = match tx.realm {
        Some(ref x) => x.0.to_string(),
        None        => "<empty>".to_owned(),
    };
    let sname = match tx.sname {
        Some(ref x) => format!("{}", x),
        None        => "<empty>".to_owned(),
    };
    let encryption = match tx.etype {
        Some(ref x) => format!("{:?}", x),
        None        => "<none>".to_owned(),
    };
    jsb.set_string("cname", &cname)?;
    jsb.set_string("realm", &realm)?;
    jsb.set_string("sname", &sname)?;
    jsb.set_string("encryption", &encryption)?;
    jsb.set_bool("weak_encryption", tx.etype.map_or(false,test_weak_encryption))?;
    if let Some(x) = tx.ticket_etype {
        let refs = format!("{:?}", x);
        jsb.set_string("ticket_encryption", &refs)?;
        jsb.set_bool("ticket_weak_encryption", test_weak_encryption(x))?;
    }

    return Ok(());
}

#[no_mangle]
pub extern "C" fn rs_krb5_log_json_response(jsb: &mut JsonBuilder, tx: &mut KRB5Transaction) -> bool
{
    krb5_log_response(jsb, tx).is_ok()
}

Line	Count	Source
1		/* Copyright (C) 2018 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		// written by Pierre Chifflier <chifflier@wzdftpd.net>
19
20		use crate::jsonbuilder::{JsonBuilder, JsonError};
21		use crate::krb::krb5::{KRB5Transaction,test_weak_encryption};
22
23	941	fn krb5_log_response(jsb: &mut JsonBuilder, tx: &mut KRB5Transaction) -> Result<(), JsonError>
24		{
25	941	match tx.error_code {
26	462	Some(c) => {
27	462	jsb.set_string("msg_type", &format!("{:?}", tx.msg_type))?;
28	462	if let Some(req_type) = tx.req_type {
29	100	jsb.set_string("failed_request", &format!("{:?}", req_type))?;
30		} else {
31		// In case we capture the response but not the request
32		// we can't know the failed request type, since it could be
33		// AS-REQ or TGS-REQ
34	362	jsb.set_string("failed_request", "UNKNOWN")?;
35		}
36	462	jsb.set_string("error_code", &format!("{:?}", c))?;
37		},
38	479	None => { jsb.set_string("msg_type", &format!("{:?}", tx.msg_type))?; },
39		}
40	941	let cname = match tx.cname {
41	463	Some(ref x) => format!("{}", x),
42	478	None => "<empty>".to_owned(),
43		};
44	941	let realm = match tx.realm {
45	479	Some(ref x) => x.0.to_string(),
46	462	None => "<empty>".to_owned(),
47		};
48	941	let sname = match tx.sname {
49	941	Some(ref x) => format!("{}", x),
50	0	None => "<empty>".to_owned(),
51		};
52	941	let encryption = match tx.etype {
53	33	Some(ref x) => format!("{:?}", x),
54	908	None => "<none>".to_owned(),
55		};
56	941	jsb.set_string("cname", &cname)?;
57	941	jsb.set_string("realm", &realm)?;
58	941	jsb.set_string("sname", &sname)?;
59	941	jsb.set_string("encryption", &encryption)?;
60	941	jsb.set_bool("weak_encryption", tx.etype.map_or(false,test_weak_encryption))?;
61	941	if let Some(x) = tx.ticket_etype {
62	33	let refs = format!("{:?}", x);
63	33	jsb.set_string("ticket_encryption", &refs)?;
64	33	jsb.set_bool("ticket_weak_encryption", test_weak_encryption(x))?;
65	908	}
66
67	941	return Ok(());
68	941	}
69
70		#[no_mangle]
71	941	pub extern "C" fn rs_krb5_log_json_response(jsb: &mut JsonBuilder, tx: &mut KRB5Transaction) -> bool
72		{
73	941	krb5_log_response(jsb, tx).is_ok()
74	941	}

Coverage Report

Created: 2026-02-14 06:42