handle badly formatted spns without panic

client/client_integration_test.go

@@ -15,6 +15,7 @@ import (
 	"gopkg.in/jcmturner/gokrb5.v3/iana/etypeID"
 	"gopkg.in/jcmturner/gokrb5.v3/keytab"
 	"gopkg.in/jcmturner/gokrb5.v3/testdata"
+	"strings"
 )
 
 func TestClient_SuccessfulLogin_Keytab(t *testing.T) {
@@ -260,6 +261,28 @@ func TestClient_GetServiceTicket(t *testing.T) {
 	assert.Equal(t, key.KeyValue, key2.KeyValue)
 }
 
+func TestClient_GetServiceTicket_InvalidSPN(t *testing.T) {
+	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	kt, _ := keytab.Parse(b)
+	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
+	addr := os.Getenv("TEST_KDC_ADDR")
+	if addr == "" {
+		addr = testdata.TEST_KDC_ADDR
+	}
+	c.Realms[0].KDC = []string{addr + ":" + testdata.TEST_KDC}
+	cl := NewClientWithKeytab("testuser1", "TEST.GOKRB5", kt)
+	cl.WithConfig(c)
+
+	err = cl.Login()
+	if err != nil {
+		t.Fatalf("Error on login: %v\n", err)
+	}
+	spn := "host.test.gokrb5"
+	_, _, err = cl.GetServiceTicket(spn)
+	assert.NotNil(t, err, "Expected unknown principal error")
+	assert.True(t, strings.Contains(err.Error(), "KDC_ERR_S_PRINCIPAL_UNKNOWN"), "Error text not as expected")
+}
+
 func TestClient_GetServiceTicket_OlderKDC(t *testing.T) {
 	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)

client/session.go

@@ -135,6 +135,6 @@ func (cl *Client) GetSessionFromRealm(realm string) (*session, error) {
 
 // GetSessionFromPrincipalName returns the session for the realm of the principal provided.
 func (cl *Client) GetSessionFromPrincipalName(spn types.PrincipalName) (*session, error) {
-	realm := cl.Config.ResolveRealm(spn.NameString[1])
+	realm := cl.Config.ResolveRealm(spn.NameString[len(spn.NameString)-1])
 	return cl.GetSessionFromRealm(realm)
 }