fix deadlock on client

client/client_integration_test.go

@@ -728,8 +728,8 @@ func TestClient_AutoRenew_Goroutine(t *testing.T) {
 		t.Errorf("error on logging in: %v\n", err)
 	}
 	n := runtime.NumGoroutine()
-	for i := 0; i < 6; i++ {
-		time.Sleep(time.Second * 20)
+	for i := 0; i < 24; i++ {
+		time.Sleep(time.Second * 5)
 		_, endTime, _, _, err := cl.sessionTimes("TEST.GOKRB5")
 		if err != nil {
 			t.Errorf("could not get client's session: %v", err)
@@ -737,6 +737,16 @@ func TestClient_AutoRenew_Goroutine(t *testing.T) {
 		if time.Now().UTC().After(endTime) {
 			t.Fatalf("session auto update failed")
 		}
+		spn := "HTTP/host.test.gokrb5"
+		tkt, key, err := cl.GetServiceTicket(spn)
+		if err != nil {
+			t.Fatalf("error getting service ticket: %v\n", err)
+		}
+		b, _ := hex.DecodeString(testdata.HTTP_KEYTAB)
+		skt, _ := keytab.Parse(b)
+		tkt.DecryptEncPart(skt, "")
+		assert.Equal(t, spn, tkt.SName.GetPrincipalNameString())
+		assert.Equal(t, int32(18), key.KeyType)
 		if runtime.NumGoroutine() > n {
 			t.Fatalf("number of goroutines is increasing: should not be more than %d, is %d", n, runtime.NumGoroutine())
 		}

client/session.go

@@ -205,11 +205,12 @@ func (cl *Client) ensureValidSession(realm string) error {
 	s, ok := cl.sessions.get(realm)
 	if ok {
 		s.mux.RLock()
-		defer s.mux.RUnlock()
 		d := s.endTime.Sub(s.authTime) / 6
 		if s.endTime.Sub(time.Now().UTC()) > d {
+			s.mux.RUnlock()
 			return nil
 		}
+		s.mux.RUnlock()
 		_, err := cl.refreshSession(s)
 		return err
 	}

testenv/mit-krb5kdc/bootstrap.sh

@@ -26,7 +26,7 @@ EOF
 
 cp /vagrant/krb5.conf /etc/krb5.conf
 cp /vagrant/*.service /etc/systemd/system/
-systemctl enable krb5kdc krb5kdc-resdom krb5kdc-latest krb5kdc-older httpd dns
+systemctl enable krb5kdc krb5kdc-resdom krb5kdc-latest krb5kdc-older krb5kdc-shorttickets httpd dns
 
 
 /usr/bin/docker pull jcmturner/gokrb5:http
@@ -34,6 +34,7 @@ systemctl enable krb5kdc krb5kdc-resdom krb5kdc-latest krb5kdc-older httpd dns
 /usr/bin/docker pull jcmturner/gokrb5:kdc-resdom
 /usr/bin/docker pull jcmturner/gokrb5:kdc-older
 /usr/bin/docker pull jcmturner/gokrb5:kdc-latest
+/usr/bin/docker pull jcmturner/gokrb5:kdc-shorttickets
 /usr/bin/docker pull jcmturner/gokrb5:dns
 
 

testenv/mit-krb5kdc/krb5kdc-shorttickets.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Kerberos KDC
+After=docker.service
+After=network.target
+Requires=docker.service
+
+[Service]
+Environment="DOCKER_IMAGE=jcmturner/gokrb5:kdc-shorttickets"
+Environment="PORT=58"
+Environment="NAME=gokrb5-kdc-shorttickets"
+TimeoutStartSec=0
+#Restart=always
+ExecStartPre=-/usr/bin/docker kill %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStartPre=-/usr/bin/docker pull ${DOCKER_IMAGE}
+ExecStart=/usr/bin/docker run -h kdc.test.gokrb5 -v /etc/localtime:/etc/localtime:ro -p ${PORT}:88 -p ${PORT}:88/udp --rm --name ${NAME} ${DOCKER_IMAGE}
+ExecStartPost=/bin/sh -c "while [ ! -f ${DATA_HOST}/.initialised ]; do sleep 2; done"
+ExecStop=/usr/bin/docker stop --time=60 %n
+ExecStopPost=-/usr/bin/docker rm %n
+
+[Install]
+WantedBy=multi-user.target