Accueil Explorer Aide
S'inscrire Connexion
publics
/
gokrb5.v7
0
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

use default realm only if not specified.

Jonathan Turner il y a 7 ans
Parent
33d8e0c92d
commit
0c2b760642
3 fichiers modifiés avec 14 ajouts et 10 suppressions
Vue séparée Afficher les stats Diff
  1. 1 0
      client/TGSExchange.go
  2. 10 10
      client/client.go
  3. 3 0
      config/hosts.go

+ 1 - 0
client/TGSExchange.go
Voir le fichier 

@@ -41,6 +41,7 @@ func (cl *Client) TGSExchange(spn types.PrincipalName, kdcRealm string, tkt mess
 
 	if err != nil {
 
 		return tgsReq, tgsRep, krberror.Errorf(err, krberror.EncodingError, "TGS Exchange Error: failed to process the TGS_REP")
 
 	}
 
+	// TODO should this check the first element is krbtgt rather than the nametype?
 
 	if tgsRep.Ticket.SName.NameType == nametype.KRB_NT_SRV_INST && !tgsRep.Ticket.SName.Equal(spn) {
 
 		if referral > 5 {
 
 			return tgsReq, tgsRep, krberror.Errorf(err, krberror.KRBMsgError, "maximum number of referrals exceeded")

+ 10 - 10
client/client.go
Voir le fichier 

@@ -167,22 +167,22 @@ func (cl *Client) LoadConfig(cfgPath string) (*Client, error) {
 
 
 // IsConfigured indicates if the client has the values required set.
 
 func (cl *Client) IsConfigured() (bool, error) {
 
+	if cl.Credentials.Username == "" {
 
+		return false, errors.New("client does not have a username")
 
+	}
 
+	if cl.Credentials.Realm == "" {
 
+		return false, errors.New("client does not have a define realm")
 
+	}
 
 	// Client needs to have either a password, keytab or a session already (later when loading from CCache)
 
 	if !cl.Credentials.HasPassword() && !cl.Credentials.HasKeytab() {
 
-		sess, err := cl.GetSessionFromRealm(cl.Config.LibDefaults.DefaultRealm)
 
+		sess, err := cl.GetSessionFromRealm(cl.Credentials.Realm)
 
 		if err != nil || sess.AuthTime.IsZero() {
 
 			return false, errors.New("client has neither a keytab nor a password set and no session")
 
 		}
 
 	}
 
-	if cl.Credentials.Username == "" {
 
-		return false, errors.New("client does not have a username")
 
-	}
 
-	if cl.Config.LibDefaults.DefaultRealm == "" {
 
-		return false, errors.New("client krb5 config does not have a default realm")
 
-	}
 
 	if !cl.Config.LibDefaults.DNSLookupKDC {
 
 		for _, r := range cl.Config.Realms {
 
-			if r.Realm == cl.Config.LibDefaults.DefaultRealm {
 
+			if r.Realm == cl.Credentials.Realm {
 
 				if len(r.KDC) > 0 {
 
 					return true, nil
 
 				}
 
@@ -195,8 +195,8 @@ func (cl *Client) IsConfigured() (bool, error) {
 
 
 // Login the client with the KDC via an AS exchange.
 
 func (cl *Client) Login() error {
 
-	if cl.Credentials.Realm == "" {
 
-		cl.Credentials.Realm = cl.Config.LibDefaults.DefaultRealm
 
+	if ok, err := cl.IsConfigured(); !ok {
 
+		return err
 
 	}
 
 	ASReq, err := messages.NewASReqForTGT(cl.Credentials.Realm, cl.Config, cl.Credentials.CName)
 
 	if err != nil {

+ 3 - 0
config/hosts.go
Voir le fichier 

@@ -12,6 +12,9 @@ import (
 
 
 // GetKDCs returns the count of KDCs available and a map of KDC host names keyed on preference order.
 
 func (c *Config) GetKDCs(realm string, tcp bool) (int, map[int]string, error) {
 
+	if realm == "" {
 
+		realm = c.LibDefaults.DefaultRealm
 
+	}
 
 	kdcs := make(map[int]string)
 
 	var count int