Skip to content

Commit

Permalink
fix issue where the latest key was not returned (#396)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcmturner
jcmturner authored Jul 9, 2020
1 parent 9822c92 commit 265fb9b
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 2 deletions.
5 changes: 3 additions & 2 deletions v8/keytab/keytab.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ func New() *Keytab {
func (kt *Keytab) GetEncryptionKey(princName types.PrincipalName, realm string, kvno int, etype int32) (types.EncryptionKey, int, error) {
var key types.EncryptionKey
var t time.Time
var kv int
for _, k := range kt.Entries {
if k.Principal.Realm == realm && len(k.Principal.Components) == len(princName.NameString) &&
k.Key.KeyType == etype &&
Expand All @@ -86,15 +87,15 @@ func (kt *Keytab) GetEncryptionKey(princName types.PrincipalName, realm string,
}
if p {
key = k.Key
kvno = int(k.KVNO)
kv = int(k.KVNO)
t = k.Timestamp
}
}
}
if len(key.KeyValue) < 1 {
return key, 0, fmt.Errorf("matching key not found in keytab. Looking for %v realm: %v kvno: %v etype: %v", princName.NameString, realm, kvno, etype)
}
return key, kvno, nil
return key, kv, nil
}

// Create a new Keytab entry.
Expand Down
28 changes: 28 additions & 0 deletions v8/keytab/keytab_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@ import (
"time"

"github.com/jcmturner/gokrb5/v8/iana/etypeID"
"github.com/jcmturner/gokrb5/v8/iana/nametype"
"github.com/jcmturner/gokrb5/v8/test/testdata"
"github.com/jcmturner/gokrb5/v8/types"
"github.com/stretchr/testify/assert"
)

Expand Down Expand Up @@ -221,3 +223,29 @@ func TestKeytabEntriesService(t *testing.T) {
// Compare content
assert.Equal(t, generated, ktutilbytes, "Service keytab doesn't match ktutil keytab")
}

func TestKeytab_GetEncryptionKey(t *testing.T) {
princ := "HTTP/princ.test.gokrb5"
realm := "TEST.GOKRB5"

kt := New()
kt.AddEntry(princ, realm, "abcdefg", time.Unix(100, 0), 1, 18)
kt.AddEntry(princ, realm, "abcdefg", time.Unix(200, 0), 2, 18)
kt.AddEntry(princ, realm, "abcdefg", time.Unix(300, 0), 3, 18)
kt.AddEntry(princ, realm, "abcdefg", time.Unix(400, 0), 4, 18)
kt.AddEntry(princ, realm, "abcdefg", time.Unix(350, 0), 5, 18)
kt.AddEntry("HTTP/other.test.gokrb5", realm, "abcdefg", time.Unix(500, 0), 5, 18)

pn := types.NewPrincipalName(nametype.KRB_NT_PRINCIPAL, princ)

_, kvno, err := kt.GetEncryptionKey(pn, realm, 0, 18)
if err != nil {
t.Error(err)
}
assert.Equal(t, 4, kvno)
_, kvno, err = kt.GetEncryptionKey(pn, realm, 3, 18)
if err != nil {
t.Error(err)
}
assert.Equal(t, 3, kvno)
}

0 comments on commit 265fb9b

Please sign in to comment.