vor 8 Jahren · 40c8cb559c
--- a/client/network.go
+++ b/client/network.go
@@ -118,6 +118,9 @@ func (cl *Client) sendKDCUDP(realm string, b []byte) ([]byte, error) {
 
				 		return r, err
			
 
				 	}
			
 
				 	r, err = cl.sendUDP(conn, b)
			
 
				+	if err != nil {
			
 
				+		return r, err
			
 
				+	}
			
 
				 	return checkForKRBError(r)
			
 
				 }
			
 
				 
			
--- a/client/passwd.go
+++ b/client/passwd.go
@@ -8,6 +8,7 @@ import (
 
				 	"gopkg.in/jcmturner/gokrb5.v5/messages"
			
 
				 )
			
 
				 
			
 
				+// Kpasswd server response codes.
			
 
				 const (
			
 
				 	KRB5_KPASSWD_SUCCESS             = 0
			
 
				 	KRB5_KPASSWD_MALFORMED           = 1
			
@@ -19,6 +20,7 @@ const (
 
				 	KRB5_KPASSWD_INITIAL_FLAG_NEEDED = 7
			
 
				 )
			
 
				 
			
 
				+// ChangePasswd changes the password of the client to the value provided.
			
 
				 func (cl *Client) ChangePasswd(newPasswd string) (bool, error) {
			
 
				 	ASReq, err := messages.NewASReqForChgPasswd(cl.Credentials.Realm, cl.Config, cl.Credentials.CName)
			
 
				 	if err != nil {
			
--- a/config/hosts.go
+++ b/config/hosts.go
@@ -68,6 +68,9 @@ func (c *Config) GetKpasswdServers(realm string, tcp bool) (int, map[int]string,
 
				 		}
			
 
				 		if c < 1 {
			
 
				 			c, addrs, err = dnsutils.OrderedSRV("kerberos-adm", proto, realm)
			
 
				+			if err != nil {
			
 
				+				return count, kdcs, err
			
 
				+			}
			
 
				 		}
			
 
				 		if len(addrs) < 1 {
			
 
				 			return count, kdcs, fmt.Errorf("no kpasswd or kadmin SRV records found for realm %s", realm)
			
--- a/kadmin/changepasswddata.go
+++ b/kadmin/changepasswddata.go
@@ -5,12 +5,14 @@ import (
 
				 	"gopkg.in/jcmturner/gokrb5.v5/types"
			
 
				 )
			
 
				 
			
 
				+// ChangePasswdData is the payload to a password change message.
			
 
				 type ChangePasswdData struct {
			
 
				 	NewPasswd []byte              `asn1:"explicit,tag:0"`
			
 
				 	TargName  types.PrincipalName `asn1:"explicit,optional,tag:1"`
			
 
				 	TargRealm string              `asn1:"generalstring,optional,explicit,tag:2"`
			
 
				 }
			
 
				 
			
 
				+// Mashal ChangePasswdData into a byte slice.
			
 
				 func (c *ChangePasswdData) Marshal() ([]byte, error) {
			
 
				 	b, err := asn1.Marshal(*c)
			
 
				 	if err != nil {
			
--- a/kadmin/message.go
+++ b/kadmin/message.go
@@ -15,11 +15,13 @@ const (
 
				 	verisonHex = "ff80"
			
 
				 )
			
 
				 
			
 
				+// Request message for changing password.
			
 
				 type Request struct {
			
 
				 	APREQ   messages.APReq
			
 
				 	KRBPriv messages.KRBPriv
			
 
				 }
			
 
				 
			
 
				+// Reply message for a password change.
			
 
				 type Reply struct {
			
 
				 	MessageLength int
			
 
				 	Version       int
			
@@ -32,6 +34,7 @@ type Reply struct {
 
				 	Result        string
			
 
				 }
			
 
				 
			
 
				+// Mashal a Request into a byte slice.
			
 
				 func (m *Request) Marshal() (b []byte, err error) {
			
 
				 	b = []byte{255, 128} // protocol version number: contains the hex constant 0xff80 (big-endian integer).
			
 
				 	ab, e := m.APREQ.Marshal()
			
@@ -63,6 +66,7 @@ func (m *Request) Marshal() (b []byte, err error) {
 
				 	return
			
 
				 }
			
 
				 
			
 
				+// Unmarshal a byte slice into a Reply.
			
 
				 func (m *Reply) Unmarshal(b []byte) error {
			
 
				 	m.MessageLength = int(binary.BigEndian.Uint16(b[0:2]))
			
 
				 	m.Version = int(binary.BigEndian.Uint16(b[2:4]))
			
@@ -96,6 +100,7 @@ func parseResponse(b []byte) (c uint16, s string) {
 
				 	return
			
 
				 }
			
 
				 
			
 
				+// Decrypt the encrypted part of the KRBError within the change password Reply.
			
 
				 func (m *Reply) Decrypt(key types.EncryptionKey) error {
			
 
				 	if m.IsKRBError {
			
 
				 		return m.KRBError
			
--- a/kadmin/passwd.go
+++ b/kadmin/passwd.go
@@ -7,6 +7,7 @@ import (
 
				 	"gopkg.in/jcmturner/gokrb5.v5/types"
			
 
				 )
			
 
				 
			
 
				+// ChangePasswdMsg generate a change password request and also return the key needed to decrypt the reply.
			
 
				 func ChangePasswdMsg(cname types.PrincipalName, realm, password string, tkt messages.Ticket, sessionKey types.EncryptionKey) (r Request, k types.EncryptionKey, err error) {
			
 
				 	// Create change password data struct and marshal to bytes
			
 
				 	chgpasswd := ChangePasswdData{
			
--- a/messages/APReq.go
+++ b/messages/APReq.go
@@ -84,7 +84,7 @@ func encryptAuthenticator(a types.Authenticator, sessionKey types.EncryptionKey,
 
				 	return ed, nil
			
 
				 }
			
 
				 
			
 
				-// Decrypt the Authenticator within the AP_REQ.
			
 
				+// DecryptAuthenticator decrypts the Authenticator within the AP_REQ.
			
 
				 // sessionKey may simply be the key within the decrypted EncPart of the ticket within the AP_REQ.
			
 
				 func (a *APReq) DecryptAuthenticator(sessionKey types.EncryptionKey) (auth types.Authenticator, err error) {
			
 
				 	var usage uint32
			
--- a/messages/KDCReq.go
+++ b/messages/KDCReq.go
@@ -92,7 +92,7 @@ func NewASReqForTGT(realm string, c *config.Config, cname types.PrincipalName) (
 
				 	return NewASReq(realm, c, cname, sname)
			
 
				 }
			
 
				 
			
 
				-// NewASReq generates a new KRB_AS_REQ struct for a TGT request.
			
 
				+// NewASReqForChgPasswd generates a new KRB_AS_REQ struct for a change password request.
			
 
				 func NewASReqForChgPasswd(realm string, c *config.Config, cname types.PrincipalName) (ASReq, error) {
			
 
				 	sname := types.PrincipalName{
			
 
				 		NameType:   nametype.KRB_NT_PRINCIPAL,
			
@@ -101,7 +101,7 @@ func NewASReqForChgPasswd(realm string, c *config.Config, cname types.PrincipalN
 
				 	return NewASReq(realm, c, cname, sname)
			
 
				 }
			
 
				 
			
 
				-// NewASReqSNAME generates a new KRB_AS_REQ struct for a given SNAME.
			
 
				+// NewASReq generates a new KRB_AS_REQ struct for a given SNAME.
			
 
				 func NewASReq(realm string, c *config.Config, cname, sname types.PrincipalName) (ASReq, error) {
			
 
				 	nonce, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
			
 
				 	if err != nil {