From 42fcc894253ecb3c58d060351b47073ccebec1b7 Mon Sep 17 00:00:00 2001
From: Scott Runnels <srunnels@gmail.com>
Date: Fri, 4 May 2012 02:14:51 -0400
Subject: [PATCH] more lining up. more blaming Seth!

---
 http-basic-auth.bro | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/http-basic-auth.bro b/http-basic-auth.bro
index 0b47c93..43fa5e2 100644
--- a/http-basic-auth.bro
+++ b/http-basic-auth.bro
@@ -7,20 +7,19 @@ export {
   };
 }
 
-event http_header(c: connection, is_orig: bool, name: string, value: string) 
-	{
-	if (/AUTHORIZATION/ in name && /Basic/ in value)
-		{
-		local parts = split1(decode_base64(sub_bytes(value, 7, |value|)), /:/);
-		if (|parts| == 2)
-		  NOTICE([$note=HTTP::Basic_Auth_Server,
-                  $msg="Server identified in which Basic Access Authentication is in use.",
-                  $sub=fmt("username: %s password: %s", 
-                  parts[1], 
-                  HTTP::default_capture_password == F ? "Blocked" : parts[2]),
+event http_header(c: connection, is_orig: bool, name: string, value: string)
+    {
+    if (/AUTHORIZATION/ in name && /Basic/ in value)
+        {
+        local parts = split1(decode_base64(sub_bytes(value, 7, |value|)), /:/);
+        if (|parts| == 2)
+          NOTICE([$note=HTTP::Basic_Auth_Server,
+                  $msg="Server identified on which Basic Access Authentication is in use."
+                  $sub=fmt("username: %s password: %s",
+                           parts[1],
+                           HTTP::default_capture_password == F ? "Blocked" : parts[2]),
                   $conn=c,
                   $identifier=cat(c$id$resp_h,c$id$resp_p),
-                  $suppress_for=1day
-                 ]);
-		}
-	}
+                  $suppress_for=1day]);
+        }
+    }