gokrb5.v7/client/session.go

package client

import (
	"github.com/jcmturner/gokrb5/iana/nametype"
	"github.com/jcmturner/gokrb5/types"
	"time"
)

// Client session struct.
type Session struct {
	AuthTime             time.Time
	EndTime              time.Time
	RenewTill            time.Time
	TGT                  types.Ticket
	SessionKey           types.EncryptionKey
	SessionKeyExpiration time.Time
}

//Enable the automatic renewal for the client's TGT session.
func (cl *Client) EnableAutoSessionRenewal() {
	go func() {
		for {
			//Wait until one minute before endtime
			w := (cl.Session.EndTime.Sub(time.Now()) * 5) / 6
			if w < 0 {
				return
			}
			time.Sleep(w)
			cl.updateTGT()
		}
	}()
}

//Renew the client's TGT session.
func (cl *Client) RenewTGT() error {
	spn := types.PrincipalName{
		NameType:   nametype.KRB_NT_SRV_INST,
		NameString: []string{"krbtgt", cl.Session.TGT.Realm},
	}
	_, tgsRep, err := cl.TGSExchange(spn, cl.Session.TGT, cl.Session.SessionKey, true)
	if err != nil {
		return err
	}
	cl.Session = &Session{
		AuthTime:             tgsRep.DecryptedEncPart.AuthTime,
		EndTime:              tgsRep.DecryptedEncPart.EndTime,
		RenewTill:            tgsRep.DecryptedEncPart.RenewTill,
		TGT:                  tgsRep.Ticket,
		SessionKey:           tgsRep.DecryptedEncPart.Key,
		SessionKeyExpiration: tgsRep.DecryptedEncPart.KeyExpiration,
	}
	return nil
}

func (cl *Client) updateTGT() error {
	if time.Now().Before(cl.Session.RenewTill) {
		err := cl.RenewTGT()
		if err != nil {
			return err
		}
	} else {
		err := cl.Login()
		if err != nil {
			return err
		}
	}
	return nil
}