tidy up and tests

.travis.yml

@@ -19,12 +19,14 @@ before_install:
   - docker pull jcmturner/gokrb5:http
   - docker pull jcmturner/gokrb5:dns
   - docker pull jcmturner/gokrb5:kdc-centos-default
+  - docker pull jcmturner/gokrb5:kdc-res
   - docker pull jcmturner/gokrb5:kdc-older
   - docker pull jcmturner/gokrb5:kdc-latest
   - docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -e "TEST_KDC_ADDR=127.0.0.1" -p 53:53 -p 53:53/udp --name dns jcmturner/gokrb5:dns
   - docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 88:88 -p 88:88/udp --name krb5kdc jcmturner/gokrb5:kdc-centos-default
   - docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 78:88 -p 78:88/udp --name krb5kdc-old jcmturner/gokrb5:kdc-older
   - docker run -d -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 98:88 -p 98:88/udp --name krb5kdc-latest jcmturner/gokrb5:kdc-latest
+  - docker run -d -h kdc.resdom.gokrb5 -v /etc/localtime:/etc/localtime:ro -p 188:88 -p 188:88/udp --name krb5kdc-res jcmturner/gokrb5:kdc-res
   - docker run -d --add-host host.test.gokrb5:127.0.0.88 -v /etc/localtime:/etc/localtime:ro -p 80:80 -p 443:443 --name gokrb5-http jcmturner/gokrb5:http
 
 before_script:
@@ -37,4 +39,5 @@ addons:
   hosts:
     - host.test.gokrb5
     - kdc.test.gokrb5
+    - kdc.resdom.gokrb5
 

client/client_integration_test.go

@@ -459,3 +459,52 @@ func TestClient_Login_DNSKDCs(t *testing.T) {
 		t.Errorf("Error on logging in using DNS lookup of KDCs: %v\n", err)
 	}
 }
+
+// Login to the TEST.GOKRB5 domain and request service ticket for resource in the RESDOM.GOKRB5 domain.
+// There is a trust between the two domains.
+func TestClient_GetServiceTicket_Trusted_Resource_Domain(t *testing.T) {
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	kt, _ := keytab.Parse(b)
+	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
+
+	addr := os.Getenv("TEST_KDC_ADDR")
+	if addr == "" {
+		addr = testdata.TEST_KDC_ADDR
+	}
+	for i, r := range c.Realms {
+		if r.Realm == "TEST.GOKRB5" {
+			c.Realms[i].KDC = []string{addr + ":" + testdata.TEST_KDC}
+		}
+		if r.Realm == "RESDOM.GOKRB5" {
+			c.Realms[i].KDC = []string{addr + ":" + testdata.TEST_KDC_RESDOM}
+		}
+	}
+
+	c.LibDefaults.DefaultRealm = "TEST.GOKRB5"
+	cl := NewClientWithKeytab("testuser1", "TEST.GOKRB5", kt)
+	c.LibDefaults.DefaultTktEnctypes = []string{"aes256-cts-hmac-sha1-96"}
+	c.LibDefaults.DefaultTktEnctypeIDs = []int{etypeID.ETypesByName["aes256-cts-hmac-sha1-96"]}
+	c.LibDefaults.DefaultTGSEnctypes = []string{"aes256-cts-hmac-sha1-96"}
+	c.LibDefaults.DefaultTGSEnctypeIDs = []int{etypeID.ETypesByName["aes256-cts-hmac-sha1-96"]}
+	cl.WithConfig(c)
+
+	err := cl.Login()
+
+	if err != nil {
+		t.Fatalf("Error on login: %v\n", err)
+	}
+	spn := "HTTP/host.resdom.gokrb5"
+	tkt, key, err := cl.GetServiceTicket(spn)
+	if err != nil {
+		t.Fatalf("Error getting service ticket: %v\n", err)
+	}
+	assert.Equal(t, spn, tkt.SName.GetPrincipalNameString())
+	assert.Equal(t, etypeID.ETypesByName["aes256-cts-hmac-sha1-96"], key.KeyType)
+
+	b, _ = hex.DecodeString(testdata.SYSHTTP_RESDOM_KEYTAB)
+	skt, _ := keytab.Parse(b)
+	err = tkt.DecryptEncPart(skt, "")
+	if err != nil {
+		t.Errorf("Error decrypting ticket with service keytab: %v", err)
+	}
+}

config/krb5conf_test.go

@@ -62,6 +62,7 @@ const (
  hostname1.example.com = EXAMPLE.COM
  hostname2.example.com = TEST.GOKRB5
 
+
 [appdefaults]
  pam = {
    debug = false
@@ -301,6 +302,7 @@ func TestResolveRealm(t *testing.T) {
 		{"hostname1.example.com", "EXAMPLE.COM"},
 		{"hostname2.example.com", "TEST.GOKRB5"},
 		{"one.two.three.example.com", "EXAMPLE.COM"},
+		{".test.gokrb5", "TEST.GOKRB5"},
 	}
 	for _, tt := range tests {
 		t.Run(tt.domainName, func(t *testing.T) {

testdata/test_vectors.go

@@ -117,6 +117,7 @@ const (
 	TESTUSER3_KEYTAB              = "05020000003b0001000b544553542e474f4b52423500097465737475736572330000000159beb2740100110010220789f5cf68e44a852c73b1e3729efc000000010000004b0001000b544553542e474f4b52423500097465737475736572330000000159beb27401001200205e1b7287f78f3f88c9eefe92c08ec1613f35d72bc6ee2c2e1c5cb6fb9d8b0580000000010000003b0001000b544553542e474f4b52423500097465737475736572330000000159beb2740200110010220789f5cf68e44a852c73b1e3729efc000000020000004b0001000b544553542e474f4b52423500097465737475736572330000000159beb27402001200205e1b7287f78f3f88c9eefe92c08ec1613f35d72bc6ee2c2e1c5cb6fb9d8b0580000000020000003b0001000b544553542e474f4b52423500097465737475736572330000000159beb2740100130010d2509e2bf9c08f73aafe08745c85e8fd000000010000003b0001000b544553542e474f4b52423500097465737475736572330000000159beb2740200130010d2509e2bf9c08f73aafe08745c85e8fd000000020000004b0001000b544553542e474f4b52423500097465737475736572330000000159beb274010014002060e5e3fb9166db825eb3e4ff4bd1f4307e3f5fe85cdf7faccf8d65330557f74e000000010000004b0001000b544553542e474f4b52423500097465737475736572330000000159beb274020014002060e5e3fb9166db825eb3e4ff4bd1f4307e3f5fe85cdf7faccf8d65330557f74e00000002000000430001000b544553542e474f4b52423500097465737475736572330000000159beb27401001000182cad768989a125fd26f24adf671976456d8097548c4c83f100000001000000430001000b544553542e474f4b52423500097465737475736572330000000159beb27402001000182cad768989a125fd26f24adf671976456d8097548c4c83f1000000020000003b0001000b544553542e474f4b52423500097465737475736572330000000159beb2740100170010084768c373663b3bef1f6385883cf7ff000000010000003b0001000b544553542e474f4b52423500097465737475736572330000000159beb2740200170010084768c373663b3bef1f6385883cf7ff00000002"
 	HTTP_KEYTAB                   = "0502000000440002000b544553542e474f4b5242350004485454500010686f73742e746573742e676f6b72623500000001590dc4dc010011001057a7754c70c4d85c155c718c2f1292b0000000540002000b544553542e474f4b5242350004485454500010686f73742e746573742e676f6b72623500000001590dc4dc01001200209cad00bbc72d703258e911dc18e6d5487cf737bf67fd111f0c2463ad6033bf51000000440002000b544553542e474f4b5242350004485454500010686f73742e746573742e676f6b72623500000001590dc4dc020011001057a7754c70c4d85c155c718c2f1292b0000000540002000b544553542e474f4b5242350004485454500010686f73742e746573742e676f6b72623500000001590dc4dc02001200209cad00bbc72d703258e911dc18e6d5487cf737bf67fd111f0c2463ad6033bf51"
 	SYSHTTP_KEYTAB                = "0502000000450001000b544553542e474f4b52423500077379734854545000000001590dc5af020012002043763702868978d1b6d91a36704b987e27e517250055bdfc40b8a6b3848d9aae"
+	SYSHTTP_RESDOM_KEYTAB         = "05020000005c0002000d524553444f4d2e474f4b5242350004485454500012686f73742e726573646f6d2e676f6b726235000000015a3d94070100120020e53945463c231ab747635c96d5fc48f6591ce41cec98ad2620b50f52c2bafa96000000010000004c0002000d524553444f4d2e474f4b5242350004485454500012686f73742e726573646f6d2e676f6b726235000000015a3d940701001100103ae5388332dc948e00427332658c537800000001000000540002000d524553444f4d2e474f4b5242350004485454500012686f73742e726573646f6d2e676f6b726235000000015a3d940701001000183da7b93eb698233de3b07f080b07191a49a83d32d3587c8f000000010000004c0002000d524553444f4d2e474f4b5242350004485454500012686f73742e726573646f6d2e676f6b726235000000015a3d9407010013001036e58aaaf739aad8bc49115dfd8d304b000000010000005c0002000d524553444f4d2e474f4b5242350004485454500012686f73742e726573646f6d2e676f6b726235000000015a3d9407010014002055e4bf018dfdd3906f0f84149b6d503a03bdf494ba40f482faf67e7a77b9c05f000000010000004c0002000d524553444f4d2e474f4b5242350004485454500012686f73742e726573646f6d2e676f6b726235000000015a3d94070100170010c050d33acce5fac748f6f26bd686e1c700000001"
 	SYSHTTP_RESGOKRB5_AD_KEYTAB   = "0502000000380001000a5245532e474f4b5242350007737973485454500000000159de7b4b0100170010c050d33acce5fac748f6f26bd686e1c700000001000000380001000a5245532e474f4b5242350007737973485454500000000159de7b4b01001100100bed4565fa65bbcc167ee344775339c200000001000000480001000a5245532e474f4b5242350007737973485454500000000159de7b4b01001200209a5faf803b231d69ee7d559be62980cc01b9d4c67d18e42450920b0625a4dd2600000001000000380001000a5245532e474f4b5242350007737973485454500000000159de7b4b01001300103e8f9a29e92595691c9f753312ba4c7e00000001000000480001000a5245532e474f4b5242350007737973485454500000000159de7b4b0100140020bcf7aa970b530504cc610eefa4893b5e03a71f9f6962d993a36cf9fc7ba4d7bc00000001000000380001000a5245532e474f4b5242350007737973485454500000000159de7b4b0200170010c050d33acce5fac748f6f26bd686e1c700000002000000380001000a5245532e474f4b5242350007737973485454500000000159de7b4b02001100100bed4565fa65bbcc167ee344775339c200000002000000480001000a5245532e474f4b5242350007737973485454500000000159de7b4b02001200209a5faf803b231d69ee7d559be62980cc01b9d4c67d18e42450920b0625a4dd2600000002000000380001000a5245532e474f4b5242350007737973485454500000000159de7b4b02001300103e8f9a29e92595691c9f753312ba4c7e00000002000000480001000a5245532e474f4b5242350007737973485454500000000159de7b4b0200140020bcf7aa970b530504cc610eefa4893b5e03a71f9f6962d993a36cf9fc7ba4d7bc00000002"
 	TEST_AS_REQ                   = "6a81a63081a3a103020105a20302010aa30e300c300aa10402020095a2020400a48186308183a00703050040000010a1163014a003020101a10d300b1b09746573747573657231a20d1b0b544553542e474f4b524235a320301ea003020102a11730151b066b72627467741b0b544553542e474f4b524235a511180f32303137303232303134323530315aa70602040f6755a6a814301202011202011102011002011702011902011a"
 	TEST_AS_REP                   = "6b8202f3308202efa003020105a10302010ba22e302c302aa103020113a2230421301f301da003020112a1161b14544553542e474f4b524235746573747573657231a30d1b0b544553542e474f4b524235a4163014a003020101a10d300b1b09746573747573657231a582015a6182015630820152a003020105a10d1b0b544553542e474f4b524235a220301ea003020102a11730151b066b72627467741b0b544553542e474f4b524235a382011830820114a003020112a103020101a28201060482010264d3fa49d89b627ed471298846ff92cd8632f657c58fe25322a61fffa32bb7966dc4c44c86a81353def2a11c36c537191406a609147f424a63266c00d02bcc56a27b0969d86ff4352634be9e2a4ac0ad5a36b0b0a3d689f128c0afa97401796e88037a35ad19efaf31d1ed4f3213769c03a58bc90ffac2051db152c0ed0809ad05ffb03aa3afaf731ed85f7a73020cb72355e0de27842dcf7eae3de9f7c14aa237edb25153b217ef3693373bc3cacbebe406910ff9ae9d00b7b08f726cb29a213cb9ad51ba80a8c24fa4b6692a445686889702cfa6ea749bac03e27e982407aca623fbd48586bcf566cfe87e1d9f17a74b1315669c16480f93e9d8782e71a8f11000a682012c30820128a003020112a282011f0482011b99b86153c0393c0e4130628f3e1e0f0a1f034e7e61a111b7fad15884e231c8fd8727e0bc945c9b35be20c57d057c8b09b0de74c53fb38cc15c9a2d483023fc369f5bde4da7324b4732b5a3d9504d92f67026aaa01df4f0138245d2ccb1c5a4014804cf295c7e7e56a867e6cf0c534f667f32da7aa5e700af1461764f1c276a8ff0fbee0e99322fe2059d2321853be09d0956c3afcfd07e3e702646a4678926a77bea20d9aaf3086b6d384821c81900af9013a3519f0e50eab6e1491d72e4ee17c2a44441b2ebc8a796cc3d876e328347dce65f61104e14d4c31532885776c9c8a70186b8b39f928972945c98bd60381ead5448e7ebe93fea308054287ac34b0583b4b9b5e43c5f8518d693ba9eb48a219c27344466b3c693a70462"
@@ -127,6 +128,7 @@ const (
 	TEST_KDC_ADDR                 = "10.80.88.88"
 	TEST_KDC                      = "88"
 	TEST_KDC_LASTEST              = "98"
+	TEST_KDC_RESDOM               = "188"
 	TEST_KDC_OLD                  = "78"
 	TEST_KDC_BADADDR              = "10.80.88.153"
 	TEST_KDC_AD                   = "10.80.88.68:88"
@@ -144,9 +146,14 @@ const (
 
 [realms]
  TEST.GOKRB5 = {
-  kdc = 127.0.0.1:88
+  kdc = 10.80.88.88:88
   admin_server = 127.0.0.1:749
   default_domain = test.gokrb5
+ }
+ RESDOM.GOKRB5 = {
+  kdc = 10.80.88.88:188
+  admin_server = 127.0.0.1:749
+  default_domain = resdom.gokrb5
  }
   USER.GOKRB5 = {
   kdc = 10.80.88.48:88
@@ -162,6 +169,8 @@ const (
 [domain_realm]
  .test.gokrb5 = TEST.GOKRB5
  test.gokrb5 = TEST.GOKRB5
+ .resdom.gokrb5 = RESDOM.GOKRB5
+ resdom.gokrb5 = RESDOM.GOKRB5
   .user.gokrb5 = USER.GOKRB5
  user.gokrb5 = USER.GOKRB5
   .res.gokrb5 = RES.GOKRB5