8 лет назад · e4f1ffe3cb
--- a/client/ASExchange.go
+++ b/client/ASExchange.go
@@ -31,7 +31,7 @@ func (cl *Client) ASExchange() error {
 
				 
			
 
				 	var ASRep messages.ASRep
			
 
				 
			
 
				-	rb, err := cl.SendToKDC(b)
			
 
				+	rb, err := cl.SendToKDC(b, ASReq.ReqBody.SName)
			
 
				 	if err != nil {
			
 
				 		if e, ok := err.(messages.KRBError); ok && e.ErrorCode == errorcode.KDC_ERR_PREAUTH_REQUIRED {
			
 
				 			// From now on assume this client will need to do this pre-auth and set the PAData
			
@@ -44,7 +44,7 @@ func (cl *Client) ASExchange() error {
 
				 			if err != nil {
			
 
				 				return krberror.Errorf(err, krberror.EncodingError, "AS Exchange Error: failed marshaling AS_REQ with PAData")
			
 
				 			}
			
 
				-			rb, err = cl.SendToKDC(b)
			
 
				+			rb, err = cl.SendToKDC(b, ASReq.ReqBody.SName)
			
 
				 			if err != nil {
			
 
				 				return krberror.Errorf(err, krberror.NetworkingError, "AS Exchange Error: failed sending AS_REQ to KDC")
			
 
				 			}
			
--- a/client/TGSExchange.go
+++ b/client/TGSExchange.go
@@ -24,7 +24,7 @@ func (cl *Client) TGSExchange(spn types.PrincipalName, tkt messages.Ticket, sess
 
				 	if err != nil {
			
 
				 		return tgsReq, tgsRep, krberror.Errorf(err, krberror.EncodingError, "TGS Exchange Error: failed to generate a new TGS_REQ")
			
 
				 	}
			
 
				-	r, err := cl.SendToKDC(b)
			
 
				+	r, err := cl.SendToKDC(b, tgsReq.ReqBody.SName)
			
 
				 	if err != nil {
			
 
				 		return tgsReq, tgsRep, krberror.Errorf(err, krberror.NetworkingError, "TGS Exchange Error: issue sending TGS_REQ to KDC")
			
 
				 	}
			
--- a/client/client_ad_integration_test.go
+++ b/client/client_ad_integration_test.go
@@ -1,4 +1,4 @@
 
				-// +build ad-integration
			
 
				+// +build adintegration
			
 
				 // To turn on this test use -tags=integration in go test command
			
 
				 
			
 
				 package client
			
@@ -7,11 +7,8 @@ import (
 
				 	"encoding/hex"
			
 
				 	"github.com/stretchr/testify/assert"
			
 
				 	"gopkg.in/jcmturner/gokrb5.v1/config"
			
 
				-	"gopkg.in/jcmturner/gokrb5.v1/credentials"
			
 
				-	"gopkg.in/jcmturner/gokrb5.v1/iana/etypeID"
			
 
				 	"gopkg.in/jcmturner/gokrb5.v1/keytab"
			
 
				 	"gopkg.in/jcmturner/gokrb5.v1/testdata"
			
 
				-	"net/http"
			
 
				 	"testing"
			
 
				 )
			
 
				 
			
@@ -48,4 +45,43 @@ func TestClient_GetServiceTicket_AD(t *testing.T) {
 
				 	}
			
 
				 	assert.Equal(t, spn, tkt.SName.GetPrincipalNameString())
			
 
				 	assert.Equal(t, 18, key.KeyType)
			
 
				-}
			
 
				+}
			
 
				+
			
 
				+func TestClient_SuccessfulLogin_AD_TRUST_USER_DOMAIN(t *testing.T) {
			
 
				+	b, err := hex.DecodeString(testdata.TESTUSER1_USERKRB5_AD_KEYTAB)
			
 
				+	kt, _ := keytab.Parse(b)
			
 
				+	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
			
 
				+	c.Realms[0].KDC = []string{testdata.TEST_KDC_AD_TRUST_USER_DOMAIN}
			
 
				+	c.LibDefaults.DefaultRealm = "USER.GOKRB5"
			
 
				+	cl := NewClientWithKeytab("testuser1", "USER.GOKRB5", kt)
			
 
				+	cl.WithConfig(c)
			
 
				+	cl.GoKrb5Conf.DisablePAFXFast = true
			
 
				+
			
 
				+	err = cl.Login()
			
 
				+	if err != nil {
			
 
				+		t.Fatalf("Error on login: %v\n", err)
			
 
				+	}
			
 
				+}
			
 
				+
			
 
				+func TestClient_GetServiceTicket_AD_TRUST_USER_DOMAIN(t *testing.T) {
			
 
				+	b, err := hex.DecodeString(testdata.TESTUSER1_USERKRB5_AD_KEYTAB)
			
 
				+	kt, _ := keytab.Parse(b)
			
 
				+	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF)
			
 
				+	c.Realms[0].KDC = []string{testdata.TEST_KDC_AD_TRUST_USER_DOMAIN}
			
 
				+	c.LibDefaults.DefaultRealm = "USER.GOKRB5"
			
 
				+	cl := NewClientWithKeytab("testuser1", "USER.GOKRB5", kt)
			
 
				+	cl.WithConfig(c)
			
 
				+	cl.GoKrb5Conf.DisablePAFXFast = true
			
 
				+
			
 
				+	err = cl.Login()
			
 
				+	if err != nil {
			
 
				+		t.Fatalf("Error on login: %v\n", err)
			
 
				+	}
			
 
				+	spn := "HTTP/host.res.gokrb5"
			
 
				+	tkt, key, err := cl.GetServiceTicket(spn)
			
 
				+	if err != nil {
			
 
				+		t.Fatalf("Error getting service ticket: %v\n", err)
			
 
				+	}
			
 
				+	assert.Equal(t, spn, tkt.SName.GetPrincipalNameString())
			
 
				+	assert.Equal(t, 18, key.KeyType)
			
 
				+}
			
--- a/client/network.go
+++ b/client/network.go
@@ -5,7 +5,9 @@ import (
 
				 	"encoding/binary"
			
 
				 	"fmt"
			
 
				 	"gopkg.in/jcmturner/gokrb5.v1/iana/errorcode"
			
 
				+	"gopkg.in/jcmturner/gokrb5.v1/iana/nametype"
			
 
				 	"gopkg.in/jcmturner/gokrb5.v1/messages"
			
 
				+	"gopkg.in/jcmturner/gokrb5.v1/types"
			
 
				 	"io"
			
 
				 	"math/rand"
			
 
				 	"net"
			
@@ -13,11 +15,18 @@ import (
 
				 )
			
 
				 
			
 
				 // SendToKDC performs network actions to send data to the KDC.
			
 
				-func (cl *Client) SendToKDC(b []byte) ([]byte, error) {
			
 
				+func (cl *Client) SendToKDC(b []byte, spn types.PrincipalName) ([]byte, error) {
			
 
				 	var rb []byte
			
 
				 	var kdcs []string
			
 
				+	var realm string
			
 
				+	switch spn.NameType {
			
 
				+	case nametype.KRB_NT_PRINCIPAL:
			
 
				+		realm = cl.Config.ResolveRealm(spn.NameString[1])
			
 
				+	case nametype.KRB_NT_SRV_INST:
			
 
				+		realm = cl.Config.LibDefaults.DefaultRealm
			
 
				+	}
			
 
				 	for _, r := range cl.Config.Realms {
			
 
				-		if r.Realm == cl.Config.LibDefaults.DefaultRealm {
			
 
				+		if r.Realm == realm {
			
 
				 			kdcs = r.KDC
			
 
				 			break
			
 
				 		}
			
--- a/testdata/test_vectors.go
+++ b/testdata/test_vectors.go
--- a/testenv/sysHTTP_RES.GOKRB5.testtab
+++ b/testenv/sysHTTP_RES.GOKRB5.testtab
--- a/testenv/testuser1-USER.GOKRB5.testtab
+++ b/testenv/testuser1-USER.GOKRB5.testtab