client auto renewal

client/TGSExchange.go

@@ -6,7 +6,6 @@ import (
 	"github.com/jcmturner/gokrb5/iana/nametype"
 	"github.com/jcmturner/gokrb5/messages"
 	"github.com/jcmturner/gokrb5/types"
-	"os"
 	"strings"
 	"time"
 )
@@ -37,7 +36,6 @@ func (cl *Client) TGSExchange(spn types.PrincipalName, tkt types.Ticket, session
 	if err != nil {
 		return tgsReq, tgsRep, fmt.Errorf("Error decrypting EncPart of TGS_REP: %v", err)
 	}
-	fmt.Fprintf(os.Stderr, "TGSRep: %+v\n", tgsRep)
 	if ok, err := tgsRep.IsValid(cl.Config, tgsReq); !ok {
 		return tgsReq, tgsRep, fmt.Errorf("TGS_REP is not valid: %v", err)
 	}
@@ -75,7 +73,5 @@ func (cl *Client) GetServiceTicket(spn string) error {
 		tgsRep.DecryptedEncPart.RenewTill,
 		tgsRep.DecryptedEncPart.Key,
 	)
-	e, _ := cl.Cache.GetEntry(spn)
-	fmt.Fprintf(os.Stderr, "ServiceTkt: %+v", e)
 	return nil
 }

client/cache.go

@@ -1,9 +1,7 @@
 package client
 
 import (
-	"fmt"
 	"github.com/jcmturner/gokrb5/types"
-	"os"
 	"strings"
 	"time"
 )
@@ -77,7 +75,6 @@ func (cl *Client) RenewTicket(e CacheEntry) (CacheEntry, error) {
 	spn := e.Ticket.SName
 	_, tgsRep, err := cl.TGSExchange(spn, e.Ticket, e.SessionKey, true)
 	if err != nil {
-		fmt.Fprintf(os.Stderr, "Renew err: %+v\n", err)
 		return e, err
 	}
 	e = cl.Cache.AddEntry(

client/session.go

@@ -40,7 +40,7 @@ func (cl *Client) EnableAutoSessionRenewal() {
 	go func() {
 		for {
 			//Wait until one minute before endtime
-			w := (time.Until(cl.Session.EndTime) * 5) / 6
+			w := (cl.Session.EndTime.Sub(time.Now()) * 5) / 6
 			if w < 0 {
 				return
 			}

messages/KDCRep.go

@@ -286,8 +286,10 @@ func (k *TGSRep) IsValid(cfg *config.Config, tgsReq TGSReq) (bool, error) {
 	if len(tgsReq.ReqBody.Addresses) > 0 {
 		//TODO compare if address list is the same
 	}
-	if !tgsReq.Renewal && (time.Since(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(time.Now()) > cfg.LibDefaults.Clockskew) {
-		return false, fmt.Errorf("Clock skew with KDC too large. Greater than %v seconds", cfg.LibDefaults.Clockskew.Seconds())
+	if time.Since(k.DecryptedEncPart.StartTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.StartTime.Sub(time.Now()) > cfg.LibDefaults.Clockskew {
+		if time.Since(k.DecryptedEncPart.AuthTime) > cfg.LibDefaults.Clockskew || k.DecryptedEncPart.AuthTime.Sub(time.Now()) > cfg.LibDefaults.Clockskew {
+			return false, fmt.Errorf("Clock skew with KDC too large. Greater than %v seconds.", cfg.LibDefaults.Clockskew.Seconds())
+		}
 	}
 	return true, nil
 }

messages/KDCReq.go

@@ -99,8 +99,8 @@ func NewASReq(c *config.Config, username string) ASReq {
 					NameType:   nametype.KRB_NT_SRV_INST,
 					NameString: []string{"krbtgt", c.LibDefaults.Default_realm},
 				},
-				//Till:  t.Add(c.LibDefaults.Ticket_lifetime),
-				Till:  t.Add(time.Duration(24) * time.Hour),
+				Till: t.Add(c.LibDefaults.Ticket_lifetime),
+				//Till:  t.Add(time.Duration(24) * time.Hour),
 				Nonce: nonce,
 				EType: c.LibDefaults.Default_tkt_enctype_ids,
 			},
@@ -135,8 +135,8 @@ func NewTGSReq(username string, c *config.Config, tkt types.Ticket, sessionKey t
 				KDCOptions: types.NewKrbFlags(),
 				Realm:      c.ResolveRealm(spn.NameString[len(spn.NameString)-1]),
 				SName:      spn,
-				//Till:       t.Add(c.LibDefaults.Ticket_lifetime),
-				Till:  t.Add(time.Duration(2) * time.Minute),
+				Till:       t.Add(c.LibDefaults.Ticket_lifetime),
+				//Till:  t.Add(time.Duration(2) * time.Minute),
 				Nonce: nonce,
 				EType: c.LibDefaults.Default_tgs_enctype_ids,
 			},