github.com/jcmturner/gokrb5/v8@v8.4.4/client/client_ad_integration_test.go (about) 1 package client 2 3 import ( 4 "bytes" 5 "encoding/hex" 6 "log" 7 "testing" 8 9 "github.com/jcmturner/gokrb5/v8/config" 10 "github.com/jcmturner/gokrb5/v8/iana/etypeID" 11 "github.com/jcmturner/gokrb5/v8/iana/nametype" 12 "github.com/jcmturner/gokrb5/v8/keytab" 13 "github.com/jcmturner/gokrb5/v8/test" 14 "github.com/jcmturner/gokrb5/v8/test/testdata" 15 "github.com/jcmturner/gokrb5/v8/types" 16 "github.com/stretchr/testify/assert" 17 ) 18 19 func TestClient_SuccessfulLogin_AD(t *testing.T) { 20 test.AD(t) 21 22 b, _ := hex.DecodeString(testdata.KEYTAB_TESTUSER1_USER_GOKRB5) 23 kt := keytab.New() 24 kt.Unmarshal(b) 25 c, _ := config.NewFromString(testdata.KRB5_CONF_AD) 26 cl := NewWithKeytab("testuser1", "USER.GOKRB5", kt, c, DisablePAFXFAST(true)) 27 28 err := cl.Login() 29 if err != nil { 30 t.Fatalf("Error on login: %v\n", err) 31 } 32 } 33 34 func TestClient_SuccessfulLogin_AD_Without_PreAuth(t *testing.T) { 35 test.AD(t) 36 37 b, _ := hex.DecodeString(testdata.KEYTAB_TESTUSER3_USER_GOKRB5) 38 kt := keytab.New() 39 kt.Unmarshal(b) 40 c, _ := config.NewFromString(testdata.KRB5_CONF_AD) 41 cl := NewWithKeytab("testuser3", "USER.GOKRB5", kt, c, DisablePAFXFAST(true)) 42 43 err := cl.Login() 44 if err != nil { 45 t.Fatalf("Error on login: %v\n", err) 46 } 47 } 48 49 func TestClient_GetServiceTicket_AD(t *testing.T) { 50 test.AD(t) 51 52 b, _ := hex.DecodeString(testdata.KEYTAB_TESTUSER1_USER_GOKRB5) 53 kt := keytab.New() 54 kt.Unmarshal(b) 55 c, _ := config.NewFromString(testdata.KRB5_CONF_AD) 56 cl := NewWithKeytab("testuser1", "USER.GOKRB5", kt, c) 57 58 err := cl.Login() 59 if err != nil { 60 t.Fatalf("Error on login: %v\n", err) 61 } 62 spn := "HTTP/user2.user.gokrb5" 63 tkt, key, err := cl.GetServiceTicket(spn) 64 if err != nil { 65 t.Fatalf("Error getting service ticket: %v\n", err) 66 } 67 assert.Equal(t, spn, tkt.SName.PrincipalNameString()) 68 assert.Equal(t, int32(18), key.KeyType) 69 70 b, _ = hex.DecodeString(testdata.KEYTAB_TESTUSER2_USER_GOKRB5) 71 skt := keytab.New() 72 skt.Unmarshal(b) 73 sname := types.PrincipalName{NameType: nametype.KRB_NT_PRINCIPAL, NameString: []string{"testuser2"}} 74 err = tkt.DecryptEncPart(skt, &sname) 75 if err != nil { 76 t.Errorf("could not decrypt service ticket: %v", err) 77 } 78 w := bytes.NewBufferString("") 79 l := log.New(w, "", 0) 80 isPAC, pac, err := tkt.GetPACType(skt, &sname, l) 81 if err != nil { 82 t.Log(w.String()) 83 t.Errorf("error getting PAC: %v", err) 84 } 85 assert.True(t, isPAC, "should have PAC") 86 assert.Equal(t, "USER", pac.KerbValidationInfo.LogonDomainName.String(), "domain name in PAC not correct") 87 } 88 89 func TestClient_GetServiceTicket_AD_TRUST_USER_DOMAIN(t *testing.T) { 90 test.AD(t) 91 92 b, _ := hex.DecodeString(testdata.KEYTAB_TESTUSER1_USER_GOKRB5) 93 kt := keytab.New() 94 kt.Unmarshal(b) 95 c, _ := config.NewFromString(testdata.KRB5_CONF_AD) 96 c.LibDefaults.Canonicalize = true 97 c.LibDefaults.DefaultTktEnctypes = []string{"rc4-hmac"} 98 c.LibDefaults.DefaultTktEnctypeIDs = []int32{etypeID.ETypesByName["rc4-hmac"]} 99 c.LibDefaults.DefaultTGSEnctypes = []string{"rc4-hmac"} 100 c.LibDefaults.DefaultTGSEnctypeIDs = []int32{etypeID.ETypesByName["rc4-hmac"]} 101 cl := NewWithKeytab("testuser1", "USER.GOKRB5", kt, c, DisablePAFXFAST(true)) 102 err := cl.Login() 103 104 if err != nil { 105 t.Fatalf("Error on login: %v\n", err) 106 } 107 spn := "HTTP/host.res.gokrb5" 108 tkt, key, err := cl.GetServiceTicket(spn) 109 if err != nil { 110 t.Fatalf("Error getting service ticket: %v\n", err) 111 } 112 assert.Equal(t, spn, tkt.SName.PrincipalNameString()) 113 assert.Equal(t, etypeID.ETypesByName["rc4-hmac"], key.KeyType) 114 115 b, _ = hex.DecodeString(testdata.KEYTAB_SYSHTTP_RES_GOKRB5) 116 skt := keytab.New() 117 skt.Unmarshal(b) 118 sname := types.PrincipalName{NameType: nametype.KRB_NT_PRINCIPAL, NameString: []string{"sysHTTP"}} 119 err = tkt.DecryptEncPart(skt, &sname) 120 if err != nil { 121 t.Errorf("error decrypting ticket with service keytab: %v", err) 122 } 123 w := bytes.NewBufferString("") 124 l := log.New(w, "", 0) 125 isPAC, pac, err := tkt.GetPACType(skt, &sname, l) 126 if err != nil { 127 t.Log(w.String()) 128 t.Errorf("error getting PAC: %v", err) 129 } 130 assert.True(t, isPAC, "Did not find PAC in service ticket") 131 assert.Equal(t, "testuser1", pac.KerbValidationInfo.EffectiveName.Value, "PAC value not parsed") 132 133 } 134 135 func TestClient_GetServiceTicket_AD_USER_DOMAIN(t *testing.T) { 136 test.AD(t) 137 138 b, _ := hex.DecodeString(testdata.KEYTAB_TESTUSER1_USER_GOKRB5) 139 kt := keytab.New() 140 kt.Unmarshal(b) 141 c, _ := config.NewFromString(testdata.KRB5_CONF_AD) 142 c.LibDefaults.Canonicalize = true 143 c.LibDefaults.DefaultTktEnctypes = []string{"rc4-hmac"} 144 c.LibDefaults.DefaultTktEnctypeIDs = []int32{etypeID.ETypesByName["rc4-hmac"]} 145 c.LibDefaults.DefaultTGSEnctypes = []string{"rc4-hmac"} 146 c.LibDefaults.DefaultTGSEnctypeIDs = []int32{etypeID.ETypesByName["rc4-hmac"]} 147 cl := NewWithKeytab("testuser1", "USER.GOKRB5", kt, c, DisablePAFXFAST(true)) 148 149 err := cl.Login() 150 151 if err != nil { 152 t.Fatalf("Error on login: %v\n", err) 153 } 154 spn := "HTTP/user2.user.gokrb5" 155 tkt, _, err := cl.GetServiceTicket(spn) 156 if err != nil { 157 t.Fatalf("Error getting service ticket: %v\n", err) 158 } 159 assert.Equal(t, spn, tkt.SName.PrincipalNameString()) 160 //assert.Equal(t, etypeID.ETypesByName["rc4-hmac"], key.KeyType) 161 162 b, _ = hex.DecodeString(testdata.KEYTAB_TESTUSER2_USER_GOKRB5) 163 skt := keytab.New() 164 skt.Unmarshal(b) 165 sname := types.PrincipalName{NameType: nametype.KRB_NT_PRINCIPAL, NameString: []string{"testuser2"}} 166 err = tkt.DecryptEncPart(skt, &sname) 167 if err != nil { 168 t.Errorf("error decrypting ticket with service keytab: %v", err) 169 } 170 w := bytes.NewBufferString("") 171 l := log.New(w, "", 0) 172 isPAC, pac, err := tkt.GetPACType(skt, &sname, l) 173 if err != nil { 174 t.Log(w.String()) 175 t.Errorf("error getting PAC: %v", err) 176 } 177 assert.True(t, isPAC, "Did not find PAC in service ticket") 178 assert.Equal(t, "testuser1", pac.KerbValidationInfo.EffectiveName.Value, "PAC value not parsed") 179 180 }