golint fixes and new krbclient vagrant

client/client_ad_integration_test.go

@@ -14,7 +14,7 @@ import (
 )
 
 func TestClient_SuccessfulLogin_AD(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	c.Realms[0].KDC = []string{testdata.TEST_KDC_AD}
@@ -28,7 +28,7 @@ func TestClient_SuccessfulLogin_AD(t *testing.T) {
 }
 
 func TestClient_GetServiceTicket_AD(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	c.Realms[0].KDC = []string{testdata.TEST_KDC_AD}
@@ -49,7 +49,7 @@ func TestClient_GetServiceTicket_AD(t *testing.T) {
 }
 
 func TestClient_SuccessfulLogin_AD_TRUST_USER_DOMAIN(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_USERKRB5_AD_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_USERKRB5_AD_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	c.Realms[0].KDC = []string{testdata.TEST_KDC_AD_TRUST_USER_DOMAIN}

client/client_dns_test.go

@@ -62,7 +62,7 @@ func TestClient_Login_DNSKDCs(t *testing.T) {
 	//Blank out the KDCs to ensure they are not being used
 	c.Realms = []config.Realm{}
 
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	cl := NewClientWithKeytab("testuser1", "TEST.GOKRB5", kt)
 	cl.WithConfig(c)

client/client_integration_test.go

@@ -33,7 +33,7 @@ func TestClient_SuccessfulLogin_Keytab(t *testing.T) {
 	if addr == "" {
 		addr = testdata.TEST_KDC_ADDR
 	}
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	var tests = []string{
@@ -77,7 +77,7 @@ func TestClient_SuccessfulLogin_Password(t *testing.T) {
 }
 
 func TestClient_SuccessfulLogin_TCPOnly(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -96,7 +96,7 @@ func TestClient_SuccessfulLogin_TCPOnly(t *testing.T) {
 }
 
 func TestClient_ASExchange_TGSExchange_EncTypes_Keytab(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -170,7 +170,7 @@ func TestClient_ASExchange_TGSExchange_EncTypes_Password(t *testing.T) {
 }
 
 func TestClient_FailedLogin(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_WRONGPASSWD)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_WRONGPASSWD)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -188,7 +188,7 @@ func TestClient_FailedLogin(t *testing.T) {
 }
 
 func TestClient_SuccessfulLogin_UserRequiringPreAuth(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER2_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER2_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -206,7 +206,7 @@ func TestClient_SuccessfulLogin_UserRequiringPreAuth(t *testing.T) {
 }
 
 func TestClient_SuccessfulLogin_UserRequiringPreAuth_TCPOnly(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER2_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER2_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -225,7 +225,7 @@ func TestClient_SuccessfulLogin_UserRequiringPreAuth_TCPOnly(t *testing.T) {
 }
 
 func TestClient_NetworkTimeout(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	c.Realms[0].KDC = []string{testdata.TEST_KDC_BADADDR + ":88"}
@@ -239,7 +239,7 @@ func TestClient_NetworkTimeout(t *testing.T) {
 }
 
 func TestClient_GetServiceTicket(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -272,7 +272,7 @@ func TestClient_GetServiceTicket(t *testing.T) {
 }
 
 func TestClient_GetServiceTicket_InvalidSPN(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -294,7 +294,7 @@ func TestClient_GetServiceTicket_InvalidSPN(t *testing.T) {
 }
 
 func TestClient_GetServiceTicket_OlderKDC(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -675,7 +675,7 @@ func TestGetServiceTicketFromCCacheWithoutKDC(t *testing.T) {
 }
 
 func TestClient_ChangePasswd(t *testing.T) {
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	addr := os.Getenv("TEST_KDC_ADDR")
@@ -708,7 +708,7 @@ func TestClient_AutoRenew_Goroutine_Count(t *testing.T) {
 	if addr == "" {
 		addr = testdata.TEST_KDC_ADDR
 	}
-	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	b, _ := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
 	kt, _ := keytab.Parse(b)
 	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
 	c.Realms[0].KDC = []string{addr + ":" + testdata.TEST_KDC}

client/passwd.go

@@ -29,7 +29,13 @@ func (cl *Client) ChangePasswd(newPasswd string) (bool, error) {
 	ASRep, err := cl.ASExchange(cl.Credentials.Realm, ASReq, 0)
 
 	msg, key, err := kadmin.ChangePasswdMsg(cl.Credentials.CName, cl.Credentials.Realm, newPasswd, ASRep.Ticket, ASRep.DecryptedEncPart.Key)
+	if err != nil {
+		return false, err
+	}
 	r, err := cl.sendToKPasswd(msg)
+	if err != nil {
+		return false, err
+	}
 	err = r.Decrypt(key)
 	if err != nil {
 		return false, err

service/http.go

@@ -27,11 +27,15 @@ const (
 	// CTXKeyAuthenticated is the request context key holding a boolean indicating if the request has been authenticated.
 	CTXKeyAuthenticated ctxKey = 0
 	// CTXKeyCredentials is the request context key holding the credentials gopkg.in/jcmturner/goidentity.v2/Identity object.
-	CTXKeyCredentials              ctxKey = 1
-	HTTPHeaderAuthResponse                = "WWW-Authenticate"
-	HTTPHeaderAuthResponseValueKey        = "Negotiate"
-	HTTPHeaderAuthRequest                 = "Authorization"
-	UnauthorizedMsg                       = "Unauthorised.\n"
+	CTXKeyCredentials ctxKey = 1
+	// HTTPHeaderAuthRequest is the header that will hold authn/z information.
+	HTTPHeaderAuthRequest = "Authorization"
+	// HTTPHeaderAuthResponse is the header that will hold SPNEGO data from the server.
+	HTTPHeaderAuthResponse = "WWW-Authenticate"
+	// HTTPHeaderAuthResponseValueKey is the key in the auth header for SPNEGO.
+	HTTPHeaderAuthResponseValueKey = "Negotiate"
+	// UnauthorizedMsg is the message returned in the body when authentication fails.
+	UnauthorizedMsg = "Unauthorised.\n"
 )
 
 // SPNEGOKRB5Authenticate is a Kerberos SPNEGO authentication HTTP handler wrapper.

testenv/krbclient-vagrant/.gitignore

@@ -1,2 +1,3 @@
 .vagrant
-.vagrant/*
+.vagrant/*
+*console.log

testenv/krbclient-vagrant/Vagrantfile

@@ -3,10 +3,10 @@ Vagrant.configure("2") do |config|
     v.memory = 1024
     v.cpus = 1
   end
-  config.vm.define "krb5kdc", primary: true do |krb5kdc|
-    krb5kdc.vm.hostname = "client.test.gokrb5"
-    krb5kdc.vm.box = "centos/7"
-    krb5kdc.vm.network "private_network", ip: "10.80.88.89", netmask: "255.255.0.0"
-    krb5kdc.vm.provision :shell, path: "bootstrap.sh"
+  config.vm.define "krbclient", primary: true do |krbclient|
+    krbclient.vm.hostname = "client.test.gokrb5"
+    krbclient.vm.box = "ubuntu/bionic64"
+    krbclient.vm.network "private_network", ip: "10.80.88.89", netmask: "255.255.0.0"
+    krbclient.vm.provision :shell, path: "bootstrap.sh"
   end
-end
+end

testenv/krbclient-vagrant/bootstrap.sh

@@ -2,24 +2,12 @@
 
 rm /etc/localtime
 ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
-setenforce 0
-sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/sysconfig/selinux
-
-yum update -y && yum clean all
-yum install -y tcpdump krb5-workstation ntp vim
-
-systemctl stop firewalld
-systemctl disable firewalld
-systemctl enable ntpd
-
-cat <<EOF >> /etc/sysctl.conf
-net.ipv6.conf.all.disable_ipv6 = 1
-net.ipv6.conf.default.disable_ipv6 = 1
-net.ipv6.conf.lo.disable_ipv6 = 1
-EOF
 
 mkdir -p /var/log/kerberos
 cp /vagrant/krb5.conf /etc/krb5.conf
 echo "10.80.88.88 kdc.test.gokrb5" >> /etc/hosts
+echo "10.80.88.90 host.test.gokrb5" >> /etc/hosts
+
+sudo apt-get update && sudo apt-get install -y krb5-user ntp && apt-get upgrade -y
 
 reboot