/src/suricata7/src/output-json-krb5.c

Source
/* Copyright (C) 2018-2021 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Pierre Chifflier <chifflier@wzdftpd.net>
 *
 * Implement JSON/eve logging app-layer KRB5.
 */

#include "suricata-common.h"
#include "detect.h"
#include "pkt-var.h"
#include "conf.h"

#include "threads.h"
#include "threadvars.h"
#include "tm-threads.h"

#include "util-unittest.h"
#include "util-buffer.h"
#include "util-debug.h"
#include "util-byte.h"

#include "output.h"
#include "output-json.h"

#include "app-layer.h"
#include "app-layer-parser.h"

#include "app-layer-krb5.h"
#include "output-json-krb5.h"

#include "rust.h"

static int JsonKRB5Logger(ThreadVars *tv, void *thread_data,
    const Packet *p, Flow *f, void *state, void *tx, uint64_t tx_id)
{
    KRB5Transaction *krb5tx = tx;
    OutputJsonThreadCtx *thread = thread_data;

    JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "krb5", NULL, thread->ctx);
    if (unlikely(jb == NULL)) {
        return TM_ECODE_FAILED;
    }

    jb_open_object(jb, "krb5");
    if (!rs_krb5_log_json_response(jb, krb5tx)) {
        goto error;
    }
    jb_close(jb);

    OutputJsonBuilderBuffer(jb, thread);

    jb_free(jb);
    return TM_ECODE_OK;

error:
    jb_free(jb);
    return TM_ECODE_FAILED;
}

static OutputInitResult OutputKRB5LogInitSub(ConfNode *conf,
    OutputCtx *parent_ctx)
{
    AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
    AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
    return OutputJsonLogInitSub(conf, parent_ctx);
}

void JsonKRB5LogRegister(void)
{
    /* Register as an eve sub-module. */
    OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonKRB5Log", "eve-log.krb5",
            OutputKRB5LogInitSub, ALPROTO_KRB5, JsonKRB5Logger, JsonLogThreadInit,
            JsonLogThreadDeinit, NULL);

    SCLogDebug("KRB5 JSON logger registered.");
}

Line	Count	Source
1		/* Copyright (C) 2018-2021 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		/**
19		* \file
20		*
21		* \author Pierre Chifflier <chifflier@wzdftpd.net>
22		*
23		* Implement JSON/eve logging app-layer KRB5.
24		*/
25
26		#include "suricata-common.h"
27		#include "detect.h"
28		#include "pkt-var.h"
29		#include "conf.h"
30
31		#include "threads.h"
32		#include "threadvars.h"
33		#include "tm-threads.h"
34
35		#include "util-unittest.h"
36		#include "util-buffer.h"
37		#include "util-debug.h"
38		#include "util-byte.h"
39
40		#include "output.h"
41		#include "output-json.h"
42
43		#include "app-layer.h"
44		#include "app-layer-parser.h"
45
46		#include "app-layer-krb5.h"
47		#include "output-json-krb5.h"
48
49		#include "rust.h"
50
51		static int JsonKRB5Logger(ThreadVars tv, void thread_data,
52		const Packet p, Flow f, void state, void tx, uint64_t tx_id)
53	1.23k	{
54	1.23k	KRB5Transaction *krb5tx = tx;
55	1.23k	OutputJsonThreadCtx *thread = thread_data;
56
57	1.23k	JsonBuilder *jb = CreateEveHeader(p, LOG_DIR_PACKET, "krb5", NULL, thread->ctx);
58	1.23k	if (unlikely(jb == NULL)) {
59	0	return TM_ECODE_FAILED;
60	0	}
61
62	1.23k	jb_open_object(jb, "krb5");
63	1.23k	if (!rs_krb5_log_json_response(jb, krb5tx)) {
64	0	goto error;
65	0	}
66	1.23k	jb_close(jb);
67
68	1.23k	OutputJsonBuilderBuffer(jb, thread);
69
70	1.23k	jb_free(jb);
71	1.23k	return TM_ECODE_OK;
72
73	0	error:
74	0	jb_free(jb);
75	0	return TM_ECODE_FAILED;
76	1.23k	}
77
78		static OutputInitResult OutputKRB5LogInitSub(ConfNode *conf,
79		OutputCtx *parent_ctx)
80	2	{
81	2	AppLayerParserRegisterLogger(IPPROTO_TCP, ALPROTO_KRB5);
82	2	AppLayerParserRegisterLogger(IPPROTO_UDP, ALPROTO_KRB5);
83	2	return OutputJsonLogInitSub(conf, parent_ctx);
84	2	}
85
86		void JsonKRB5LogRegister(void)
87	33	{
88		/* Register as an eve sub-module. */
89	33	OutputRegisterTxSubModule(LOGGER_JSON_TX, "eve-log", "JsonKRB5Log", "eve-log.krb5",
90	33	OutputKRB5LogInitSub, ALPROTO_KRB5, JsonKRB5Logger, JsonLogThreadInit,
91	33	JsonLogThreadDeinit, NULL);
92
93	33	SCLogDebug("KRB5 JSON logger registered.");
94	33	}

Coverage Report

Created: 2026-03-31 07:45