From 48e7aed4e568428bb83e79bdd7abb0e55c9a336a Mon Sep 17 00:00:00 2001
From: Pierre Chifflier <chifflier@wzdftpd.net>
Date: Wed, 13 Nov 2024 16:39:03 +0100
Subject: [PATCH] ldap: add test for STARTTLS extended operation

---
 tests/ldap-starttls/input.pcap | Bin 0 -> 7401 bytes
 tests/ldap-starttls/test.yaml  |  27 +++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 tests/ldap-starttls/input.pcap
 create mode 100644 tests/ldap-starttls/test.yaml

diff --git a/tests/ldap-starttls/input.pcap b/tests/ldap-starttls/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..681bf12ac89473fa20904c108714568b8c6fc336
GIT binary patch
literal 7401
zcmb_f2{=^!+di|{iL4WbLDq_4P_}H@6;iTguOVxNq{uF7D%naADn@0=79}O2ktLdt
zHOq^THH5x%GQCY-|NmFtRnK)jW6m+>+`s#N?&tZP)Bda|6AmDO?|}qh;K5mK;(-uh
zdcX$!4kcwo^w>d%V$^ETABuo3qzu?4dRX{6t27QenE}ts1F!%9M}DbA!fEN@yYfb$
z^DqR0212{^$7rzdOZ0d`djW_jo5A`s8ie=_?IDO}2BJer8Dwsl-{vL@A{GX*z{~(K
zkPB>s7lZ_HViu(be8Ag7Nf~4m)&D073PjQQ5e18e!(gXSL7dW(I7xX)X-QcyrDf&i
zC1tQ!+)ii_Tfs&A8C9~dg`lve|BLGAH>v?3iWA5YO3ENpmHai;A5b8w^8Zr(ih^YX
zsru2-!$7+tzZx{^kC~ATY6=#y`adum4FUBV$_0RzASEa%gUsy8ubKUT0x?Vf#;iaT
z)Nhm%0RUcL^SB`p2Z-7suhKp7ThZI+2d7!RtPc`!i*rmP_dHYm=6D;40N6q}01s#Z
z3V<tc9^eFI05xC_unRZ_L;`HUQ9ue%2GjvLKm`Z`=m9DK3Er6P3k>RNCh!C;5{`ty
zVQ@G^tv3$<@<C2eQU;lt@2{zmi&hO<qdo|t7D!30K$H`K08HQjuy=!+I}F9Xxoo6G
z<7n^f+t&>YCz($#jLGYSUka~P!6@aw+KfpS=OGphr<*McC5if{4P}<3C9!l1@JGh9
ztbx=3s;^9-wSNNF{%5u(m!%$0=-~LV_)u92L?ILy0RZse`k|zZ4Ta#+zpGFO$2W!G
z3O^|XXJi22v;dq6fWxsNuyru;83?FIbU-vsf1G{^{TVD1HJwC+Zp0@h7>t1mz@nr%
zvFy}{gGdA;li?n9V~nY(A;$a2NpCD47n8IcRvIUbm66^hqhQI!Bm*AG>>?ljA6Ew7
zphSUD0f^u@02>?y4-N*>TuvqzR@*q9@D*1yuO=lHdcA)PKjl`6fqAcZdio3Yu}0ce
z#Y<s`!<Q8oR-Q*^?br4>FnA(w;Fe@52l3QaFW*qw{cdihPtcAY&R5wxOU7=SNj37U
zsXXv_TM(G*xAnG()VYf2Nv9G^p2;QbaHXs!UiV^(56rpDI_U1eG8_R~ILjEj4~qs_
zqc<Trk?i*$)Pz0i&R5!=&i>Tonax%2J3b*;e(2vqNEDVc=s*8}5&8iek_wA}!M;!u
z24zKnOyOtG5gXVwWJ{^+7lvjPbsRhni!3KJyH=`aWoMko5(wBPAXqHelB3-VaG(M&
zJWra?;<8KZJDSgm;XAHL+Pz<2EK^83JXRO=e(wyoR%Q6*?WEeda-(}WdWSEZn(8uA
zp}jtDU=I7Z=s&~mM_@i~fG<1(RIrU(8wr&AY6Fn%m_Xb8EpwAZKy%xC-=4mkn*&6#
z1zim#Wsuun{CCYw68UCsK>8<h1ISI_y&+P3f0LBde<OA79smr0h)_}nnH1sIq`uDu
zk`y@8Y=GjQNky=LoPZ!adwD%@AYJTGo32p+O5Z(j2g)^2Q?Q`zhPVVnrXg>v^|71d
zZYB%44qI4)qbd-)_qJGWtBf@m8a?ROmT#r%r55eC-Tx|<&G+%g;VGxMxlLz9O?TE+
z*Ws%wwcaPMH#Z@7P3P?ML%zDP=A`n1Uq(=%f6iOzwdMFu4!Nx-+#p%^76O1Z$P`M-
zAQKk(UBWWpE=VRU`7dEHXb`f4LmUQ!unLL*pc@2%k}}9xIlql%@h{fhAF-efBM7GB
zyeV>U?P`R=frJvGVw03oTT#*H{CLyD`h8<Joau}VF+-2n=C{w(?!BuuYC5R?pg{sT
zrXn(AXyBpzthxB1hpemkofT>6rOZu}&%B<7+&bGzIBW~!mMvm?gR<vMN$KZ6H^3%2
z_z&xG5^S94*5=d#ZWq-=WMRJS7QfO9QN368r!Ba#H<F~*S!H@bx8f;U@T;s4$~uVh
zXT|#g1qGt~*W#I$0{{c~7yu<@kc-#x>*A5I<i0Y3uzG$jUcol%)(Kq+J<|s60!b!r
zwSy<yCVJWMc4;yZn@jpzb{IIsunww=Toetye_CN%@TmNzsvQ+W9c>o;;cs{=7a~Ik
za#kN!=a0R-BG>)051$fIa<aj`)Q6kvar+cN7uvB+QTZ)C=6nz0fb-rtm22lnLC<@5
z3T0HYLX`O@(j`)YZtC@6{LLSZrF3dDSRUE=;-)Wc__fnorm4KG<D6&LmmTzN8Sz79
z0vs@}M<&O%*F$AE4odSk=B-RG=<D(SP;9YFAc}(_93X(=LrEDM1%Ubdx&RxaiHrgk
z02c7A0M&zFr;2eQ5HRC};$W4bo}mwz55Co>9O@)A4Mjv>xu%sq)Cgq1eJjyEsz0#Z
zMpO8L@WpJBeIYRqb)B_>o;Kd=L{Jx}d!&Mq_l&FlF(TEVm3xR5U4D<ibM~g&$rx*i
z$+#7tM^jV!ZRsQ3!|Sq{qmdoCtm!5+CTQWKg@mb!gn$Fg7WauQ?{gmLGZ$sO9qDb=
zU8*_3c2urwNq~v!tW-z$#YhbGh?HTX$bGhixL*7=zI~Z#MVbY-j}yInbX;EY+LaU7
zUs~zw?Mmm1JxnxCv|0?YL#MYH)ZOdV@@D-|6g5GR(BL1@AJUhVSBPVHZ`#P2e4mLS
z?Pe3zRfMQY%f;HZ!PMHm8wJLl`=smUuPf1EgEwmkYZ^xjR&{xEo++%1vJT$ovaHwi
zOnp@I!T`++Loc{|7}5C?#@ytZqhWPUb5@T}d1Bo0Jx=p)d}CQA6}7aX(yi@<14>}o
zprj0P>8O5PI&$xfud~YHz+J@?#za}V>Ort{K)-PEs~m=-_e$R@$a6=&aYp-gZqZ8E
zYhfo)vs&tORQ`T9@p`kZvYSPWRU7k*#<b6pmXrQUB8jWVmZDyr^xyw+GFCD0v|keX
za)-_pT=$GG7xmK8nUa*-q3iEu<c$EKyZ`9xU(;r7UCAClZ#L-}U_X{MBlOr)(#dBW
zRr<sZN6#F$%_a)blca6d7;3++#yj3INjPyB;jbddSgV<^Kio~xEh<){QlVlV_;Os8
zMIWd5iZouYnHv+G)|rG6v79ZoxU)KZd313#ra0R}^t!2yURagy=vYqO%|bEBX-G<=
zeQ;m`)DTL_AdjJv-<9%h^EWAhM?XuMfU=@<W<LB>7`f>&(d@8`O4nnvFMCAYT(~Nm
z)ZOi08yER|J;gsXM+2XCsRj?~btP;wnT}c^TAVUcYg%~ju;6g0eYJiQ=dwnI|CK@R
zR8wn{%PS#EXiQ`Kn2rZN^L6)gcHYXcro$}6l9>9fn9-02+?TuQ7V{QI!%WiL7CTZD
zoR#FKilg%ytei#Y?PVb9uR-d6W6a3n@Ptk$aLk<gzNbI~pn4EO;nY9?S3zZ=qztma
zM}95v#+V_apg<J&e+8a}P#~|W(eq!hZ@m6y^MPw2Uv}A~QjOEZD5J|)Ej5^ZsJ2IG
zyYEePnx$5J|LkVCcWA854HM(p?zi(zjvl4;EU}G6bnVbm-+@b20$;75q>PQF!hgH1
zI-Ni-_(5$2|K3*6QfHxw*ss=l=y_tqV7obURijk2b$uq>=c0Le7MH%ccx8?Vv6UgV
zOe0sBYw=ClNgBHwCQ=zCnp~A9`aau}KHhp;>~^mE-H6-%B*Z_XMuhAv1wvHsqiPOX
zcb3kKitcAuYv}gj0>VRV<AW_DGNYo})g??uzXV~p1YPZ$!UhIJUc_jGc8J_g^Y<fC
z4?50U)}`j9FQ2D#n0lT+op7eSSI(=0cHa%sP8?t{T5k}pkZz}Y>vMO&8R3`I=5My#
zoZKt9m_5&dwtXTf_Iimwubi<Zd!jq!W7drVvzSjxoNe-#!iIvn_Oni}CFj8p>Lr}X
z9wX!kr+KBs-?31R)^x-DLp;@CdY7Tk9pAML<%%d)lNY}oLwDqgg<)#)$KpDK*K^JG
zV0x<3PAs2s@0hQzf2gu$%(0^cs)^X?8e)GN;4t4A=yIRFFoNDnn=yx@-2dYB_e{CD
zF2|-`YESMSFN#bOx_NM|A7|<0{Mec&d&Xy^ovO^cO6WOGC}?qad9o|9S?y7X2<q)y
zA$k$t&rz!^J6}hfGiW@#(3GnzrO{TaW+w*kxL_{1MJifr=(ggA%j(YlEpnOnLs?kF
zvStg|%Ou4=?_j&vc<@S{3w39eB`z?VxrSID&cT^JgSUKU2w7>O2l01$%MVZJ)&qMh
zh@!VvAuA<;C@$7CfE8#~C@F(%SmEF9tql|uEC{~iTW{5($%cgkRU|W$c87D}3nKCO
zdoeDRbnHt{jJN1gkA#hDVI6HcFv^m<jMFNXGmzG9BwC%cKEL4xIU>)_l$EeosV-L|
z@=eE(iC=bB^-UJ$sv7QoYUo54)e+csKXu<g@Ie;a<H6EPTQ3ehO}l9vl4)RNoOS+m
zxMB4=PlaN4>4mJ<JVPS(r|T9F%ef;bjRij29=x)k-JE+Vm^X6wr^{^2gU1}LQi43g
zm>#sEx$oxGh<Km4ka(Q+8m`s9a8KnGEqBicCzsCA7qfWY+%+>CtkYzF3+T{pz_fHx
z+co0#a`fM0#?Q3qrBtcQNzc)p->%hh?*(t|2y*P`ma>HNT?(*6GxbMgb-Y;1Pa<(*
z89W2+RTa|y9A3c$diYZp>WOa7rFW~Gc6NYr1CD!}%05*W8gmk`#_i|1rXF-CM1cOa
z<Z}Lt*|6108QphRMw<;DJhlu=F+`pA=ss3>FGy3ZYn!g}VDzKT_~MnkwC>m%TN7@V
z14Zt)UarL+<<{Jr_-LziT5U=L5SYR%D9Vhg8N`--usyB*X-8L);JX3BJY#_Q!|9jF
z2jkSIkmdsoZCkIz*{W`D(q(w?q5H}Gz?ZzU$O}rg%@>cG`Sft{Z<WnbQf%frl<a!j
z!o27Khl^YP7ho>nA@{>I^YoGtk4LGpNY@+HYZ-zE6>a!#J{jfm$bhV7YeNHk20aEP
zWst}C^IuzS<B_9VZ=F>>0Gy4dfF??-)uN#>p5cFF1|_#rW*R@%nIkiCYoLGHcrtZh
z^^ggmIbo%4jrU~1km{C{yQ1AR_P!ck({e2km@^%EbQLyiK4EO9?={93pEj!>;!d+-
z{RG3H?}$d?^+#OUYE?|%kjfNZwOlV#d3k*8xQEdxbY)kjO^wq!OI@Nm&X>{oGk>wc
zivo_Z`Sd%C%kNwTju<E|9xA@>f)nbxi^gf%O%^*V#wkEj1c6fgjeS!-0PO84u(!{D
z?`^2-YS9pifCJ56**D23C=lh}eRBil>%Mt4Da29<U13X`(7~ZpoEv-R#BP&OtRJ!`
zVhn2y1Sg%6h}8;h-5<GsiniwQ)%f9gOrzxR=2>rkbT7|((R~0~D%_C<-~k^+p`;A5
zH->-P8&jY+o__Vl<d5Fq0KM^K2T3Af^<$K9YhOH-6FMh*dWnRzi5fQwY}GZ~U4}<p
zAf&J*bMM;np?OgyZyfodu`*KLaZ*e*E?!-ChLNb_O^UUvJbNg^?5b^knrb6!h!mT$
zOoDJhE?=*4Mv?ZHaGg6(g_p*r10<;0g$C=&FKU@SKFvk&BMIu9&}Sx|R%GMW31ed0
zv)fo$sYvF{%-vE!%;8t5>>eRlH+S#xq-^SkscQC%cf|AJdvRF?9;9rP<5|yO@s$^0
zFHPj<nIWn8K&k%BI~#5EuK24|n<<~UzI(^kiRKUA4>q2;<e%aR?;d~!N%;PLuz>;<
zq`z*CM`-SLV49_W`6tmKtGhYvA8zh1zH_pwq;G*o?^3SAazS9%3ptDPBfJ9@mu){D
zDB{}`UsxIg=Ufptb&eh{T$pu=*u&VZWiN?aJW7*2rPRya;~4i$tr6`rO>(A@-J{q#
zpxPR~^USJyXG>x%!=@qMq~*}k!OIH0L}M-zyUj97B6V*a(Pu#|8P)Onl|k%S+tPt>
zme2r^b4&I^ZXEA8-2EFF3<U?5q72WBUN*63(wVBNR^=NBUe1%=9sQ5i<nkv!RlB<u
z$*OmSkJywLy|^Uzh*nhP4!jA&FAWvUACyubG&PizLH0KL?|S>)1L$gFB>2G#0RICo
C6Up!Z

literal 0
HcmV?d00001

diff --git a/tests/ldap-starttls/test.yaml b/tests/ldap-starttls/test.yaml
new file mode 100644
index 000000000..56e0ab5f9
--- /dev/null
+++ b/tests/ldap-starttls/test.yaml
@@ -0,0 +1,27 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+pcap: input.pcap
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: ldap
+      ldap.request.message_id: 1
+      ldap.request.operation: extended_request
+      ldap.request.extended_request.name: "1.3.6.1.4.1.1466.20037"
+- filter:
+    count: 1
+    match:
+      event_type: tls
+      tls.from_proto: ldap
+      tls.issuerdn: CN=LDAP SSL test
+      tls.notafter: '2025-01-28T02:18:29'
+      tls.notbefore: '2015-01-31T02:18:29'
+      tls.serial: 00:8A:07:E0:8D:4A:B5:0A:7B
+      tls.subject: CN=LDAP SSL test
+      tls.version: TLS 1.2