github.com/jcmturner/gokrb5/v8@v8.4.4/config/krb5conf_test.go (about) 1 package config 2 3 import ( 4 "os" 5 "testing" 6 "time" 7 8 "github.com/stretchr/testify/assert" 9 ) 10 11 const ( 12 krb5Conf = ` 13 [logging] 14 default = FILE:/var/log/kerberos/krb5libs.log 15 kdc = FILE:/var/log/kerberos/krb5kdc.log 16 admin_server = FILE:/var/log/kerberos/kadmind.log 17 18 [libdefaults] 19 default_realm = TEST.GOKRB5 ; comment to be ignored 20 dns_lookup_realm = false 21 22 dns_lookup_kdc = false 23 #dns_lookup_kdc = true 24 ;dns_lookup_kdc = true 25 #dns_lookup_kdc = true 26 ;dns_lookup_kdc = true 27 ticket_lifetime = 10h ;comment to be ignored 28 forwardable = yes #comment to be ignored 29 default_keytab_name = FILE:/etc/krb5.keytab 30 31 default_client_keytab_name = FILE:/home/gokrb5/client.keytab 32 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 # comment to be ignored 33 34 35 [realms] 36 TEST.GOKRB5 = { 37 kdc = 10.80.88.88:88 #comment to be ignored 38 kdc = assume.port.num ;comment to be ignored 39 kdc = some.other.port:1234 # comment to be ignored 40 41 kdc = 10.80.88.88* 42 kdc = 10.1.2.3.4:88 43 44 admin_server = 10.80.88.88:749 ; comment to be ignored 45 default_domain = test.gokrb5 46 } 47 EXAMPLE.COM = { 48 kdc = kerberos.example.com 49 kdc = kerberos-1.example.com 50 admin_server = kerberos.example.com 51 auth_to_local = RULE:[1:$1@$0](.*@EXAMPLE.COM)s/.*// 52 } 53 lowercase.org = { 54 kdc = kerberos.lowercase.org 55 admin_server = kerberos.lowercase.org 56 } 57 58 59 [domain_realm] 60 .test.gokrb5 = TEST.GOKRB5 #comment to be ignored 61 62 test.gokrb5 = TEST.GOKRB5 ;comment to be ignored 63 64 .example.com = EXAMPLE.COM # comment to be ignored 65 hostname1.example.com = EXAMPLE.COM ; comment to be ignored 66 hostname2.example.com = TEST.GOKRB5 67 .testlowercase.org = lowercase.org 68 69 70 [appdefaults] 71 pam = { 72 debug = false 73 74 ticket_lifetime = 36000 75 76 renew_lifetime = 36000 77 forwardable = true 78 krb4_convert = false 79 } 80 ` 81 krb5ConfJson = `{ 82 "LibDefaults": { 83 "AllowWeakCrypto": false, 84 "Canonicalize": false, 85 "CCacheType": 4, 86 "Clockskew": 300000000000, 87 "DefaultClientKeytabName": "FILE:/home/gokrb5/client.keytab", 88 "DefaultKeytabName": "FILE:/etc/krb5.keytab", 89 "DefaultRealm": "TEST.GOKRB5", 90 "DefaultTGSEnctypes": [ 91 "aes256-cts-hmac-sha1-96", 92 "aes128-cts-hmac-sha1-96", 93 "des3-cbc-sha1", 94 "arcfour-hmac-md5", 95 "camellia256-cts-cmac", 96 "camellia128-cts-cmac", 97 "des-cbc-crc", 98 "des-cbc-md5", 99 "des-cbc-md4" 100 ], 101 "DefaultTktEnctypes": [ 102 "aes256-cts-hmac-sha1-96", 103 "aes128-cts-hmac-sha1-96" 104 ], 105 "DefaultTGSEnctypeIDs": [ 106 18, 107 17, 108 23 109 ], 110 "DefaultTktEnctypeIDs": [ 111 18, 112 17 113 ], 114 "DNSCanonicalizeHostname": true, 115 "DNSLookupKDC": false, 116 "DNSLookupRealm": false, 117 "ExtraAddresses": null, 118 "Forwardable": true, 119 "IgnoreAcceptorHostname": false, 120 "K5LoginAuthoritative": false, 121 "K5LoginDirectory": "/home/test", 122 "KDCDefaultOptions": { 123 "Bytes": "AAAAEA==", 124 "BitLength": 32 125 }, 126 "KDCTimeSync": 1, 127 "NoAddresses": true, 128 "PermittedEnctypes": [ 129 "aes256-cts-hmac-sha1-96", 130 "aes128-cts-hmac-sha1-96", 131 "des3-cbc-sha1", 132 "arcfour-hmac-md5", 133 "camellia256-cts-cmac", 134 "camellia128-cts-cmac", 135 "des-cbc-crc", 136 "des-cbc-md5", 137 "des-cbc-md4" 138 ], 139 "PermittedEnctypeIDs": [ 140 18, 141 17, 142 23 143 ], 144 "PreferredPreauthTypes": [ 145 17, 146 16, 147 15, 148 14 149 ], 150 "Proxiable": false, 151 "RDNS": true, 152 "RealmTryDomains": -1, 153 "RenewLifetime": 0, 154 "SafeChecksumType": 8, 155 "TicketLifetime": 36000000000000, 156 "UDPPreferenceLimit": 1465, 157 "VerifyAPReqNofail": false 158 }, 159 "Realms": [ 160 { 161 "Realm": "TEST.GOKRB5", 162 "AdminServer": [ 163 "10.80.88.88:749" 164 ], 165 "DefaultDomain": "test.gokrb5", 166 "KDC": [ 167 "10.80.88.88:88", 168 "assume.port.num:88", 169 "some.other.port:1234", 170 "10.80.88.88:88" 171 ], 172 "KPasswdServer": [ 173 "10.80.88.88:464" 174 ], 175 "MasterKDC": null 176 }, 177 { 178 "Realm": "EXAMPLE.COM", 179 "AdminServer": [ 180 "kerberos.example.com" 181 ], 182 "DefaultDomain": "", 183 "KDC": [ 184 "kerberos.example.com:88", 185 "kerberos-1.example.com:88" 186 ], 187 "KPasswdServer": [ 188 "kerberos.example.com:464" 189 ], 190 "MasterKDC": null 191 }, 192 { 193 "Realm": "lowercase.org", 194 "AdminServer": [ 195 "kerberos.lowercase.org" 196 ], 197 "DefaultDomain": "", 198 "KDC": [ 199 "kerberos.lowercase.org:88" 200 ], 201 "KPasswdServer": [ 202 "kerberos.lowercase.org:464" 203 ], 204 "MasterKDC": null 205 } 206 ], 207 "DomainRealm": { 208 ".example.com": "EXAMPLE.COM", 209 ".test.gokrb5": "TEST.GOKRB5", 210 ".testlowercase.org": "lowercase.org", 211 "hostname1.example.com": "EXAMPLE.COM", 212 "hostname2.example.com": "TEST.GOKRB5", 213 "test.gokrb5": "TEST.GOKRB5" 214 } 215 }` 216 krb5Conf2 = ` 217 [logging] 218 default = FILE:/var/log/kerberos/krb5libs.log 219 kdc = FILE:/var/log/kerberos/krb5kdc.log 220 admin_server = FILE:/var/log/kerberos/kadmind.log 221 222 [libdefaults] 223 noaddresses = true 224 default_realm = TEST.GOKRB5 225 dns_lookup_realm = false 226 227 dns_lookup_kdc = false 228 #dns_lookup_kdc = true 229 ;dns_lookup_kdc = true 230 #dns_lookup_kdc = true 231 ;dns_lookup_kdc = true 232 ticket_lifetime = 10h 233 forwardable = yes 234 default_keytab_name = FILE:/etc/krb5.keytab 235 236 default_client_keytab_name = FILE:/home/gokrb5/client.keytab 237 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 238 239 [domain_realm] 240 .test.gokrb5 = TEST.GOKRB5 241 242 test.gokrb5 = TEST.GOKRB5 243 244 [appdefaults] 245 pam = { 246 debug = false 247 248 ticket_lifetime = 36000 249 250 renew_lifetime = 36000 251 forwardable = true 252 krb4_convert = false 253 } 254 [realms] 255 TEST.GOKRB5 = { 256 kdc = 10.80.88.88:88 257 kdc = assume.port.num 258 kdc = some.other.port:1234 259 260 kdc = 10.80.88.88* 261 kdc = 10.1.2.3.4:88 262 263 admin_server = 10.80.88.88:749 264 default_domain = test.gokrb5 265 } 266 EXAMPLE.COM = { 267 kdc = kerberos.example.com 268 kdc = kerberos-1.example.com 269 admin_server = kerberos.example.com 270 } 271 ` 272 krb5ConfNoBlankLines = ` 273 [logging] 274 default = FILE:/var/log/kerberos/krb5libs.log 275 kdc = FILE:/var/log/kerberos/krb5kdc.log 276 admin_server = FILE:/var/log/kerberos/kadmind.log 277 [libdefaults] 278 default_realm = TEST.GOKRB5 279 dns_lookup_realm = false 280 dns_lookup_kdc = false 281 #dns_lookup_kdc = true 282 ;dns_lookup_kdc = true 283 #dns_lookup_kdc = true 284 ;dns_lookup_kdc = true 285 ticket_lifetime = 10h 286 forwardable = yes 287 default_keytab_name = FILE:/etc/krb5.keytab 288 default_client_keytab_name = FILE:/home/gokrb5/client.keytab 289 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 290 [realms] 291 TEST.GOKRB5 = { 292 kdc = 10.80.88.88:88 293 kdc = assume.port.num 294 kdc = some.other.port:1234 295 kdc = 10.80.88.88* 296 kdc = 10.1.2.3.4:88 297 admin_server = 10.80.88.88:749 298 default_domain = test.gokrb5 299 } 300 EXAMPLE.COM = { 301 kdc = kerberos.example.com 302 kdc = kerberos-1.example.com 303 admin_server = kerberos.example.com 304 auth_to_local = RULE:[1:$1@$0](.*@EXAMPLE.COM)s/.*// 305 } 306 [domain_realm] 307 .test.gokrb5 = TEST.GOKRB5 308 test.gokrb5 = TEST.GOKRB5 309 ` 310 krb5ConfTabs = ` 311 [logging] 312 default = FILE:/var/log/kerberos/krb5libs.log 313 kdc = FILE:/var/log/kerberos/krb5kdc.log 314 admin_server = FILE:/var/log/kerberos/kadmind.log 315 316 [libdefaults] 317 default_realm = TEST.GOKRB5 318 dns_lookup_realm = false 319 320 dns_lookup_kdc = false 321 #dns_lookup_kdc = true 322 ;dns_lookup_kdc = true 323 #dns_lookup_kdc = true 324 ;dns_lookup_kdc = true 325 ticket_lifetime = 10h 326 forwardable = yes 327 default_keytab_name = FILE:/etc/krb5.keytab 328 329 default_client_keytab_name = FILE:/home/gokrb5/client.keytab 330 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 331 332 333 [realms] 334 TEST.GOKRB5 = { 335 kdc = 10.80.88.88:88 336 kdc = assume.port.num 337 kdc = some.other.port:1234 338 339 kdc = 10.80.88.88* 340 kdc = 10.1.2.3.4:88 341 342 admin_server = 10.80.88.88:749 343 default_domain = test.gokrb5 344 } 345 EXAMPLE.COM = { 346 kdc = kerberos.example.com 347 kdc = kerberos-1.example.com 348 admin_server = kerberos.example.com 349 auth_to_local = RULE:[1:$1@$0](.*@EXAMPLE.COM)s/.*// 350 } 351 352 353 [domain_realm] 354 .test.gokrb5 = TEST.GOKRB5 355 356 test.gokrb5 = TEST.GOKRB5 357 358 .example.com = EXAMPLE.COM 359 hostname1.example.com = EXAMPLE.COM 360 hostname2.example.com = TEST.GOKRB5 361 362 363 [appdefaults] 364 pam = { 365 debug = false 366 367 ticket_lifetime = 36000 368 369 renew_lifetime = 36000 370 forwardable = true 371 krb4_convert = false 372 }` 373 374 krb5ConfV4Lines = ` 375 [logging] 376 default = FILE:/var/log/kerberos/krb5libs.log 377 kdc = FILE:/var/log/kerberos/krb5kdc.log 378 admin_server = FILE:/var/log/kerberos/kadmind.log 379 380 [libdefaults] 381 default_realm = TEST.GOKRB5 382 dns_lookup_realm = false 383 384 dns_lookup_kdc = false 385 #dns_lookup_kdc = true 386 ;dns_lookup_kdc = true 387 #dns_lookup_kdc = true 388 ;dns_lookup_kdc = true 389 ticket_lifetime = 10h 390 forwardable = yes 391 default_keytab_name = FILE:/etc/krb5.keytab 392 393 default_client_keytab_name = FILE:/home/gokrb5/client.keytab 394 default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 395 396 397 [realms] 398 TEST.GOKRB5 = { 399 kdc = 10.80.88.88:88 400 kdc = assume.port.num 401 kdc = some.other.port:1234 402 403 kdc = 10.80.88.88* 404 kdc = 10.1.2.3.4:88 405 406 admin_server = 10.80.88.88:749 407 default_domain = test.gokrb5 408 v4_name_convert = { 409 host = { 410 rcmd = host 411 } 412 } 413 } 414 EXAMPLE.COM = { 415 kdc = kerberos.example.com 416 kdc = kerberos-1.example.com 417 admin_server = kerberos.example.com 418 auth_to_local = RULE:[1:$1@$0](.*@EXAMPLE.COM)s/.*// 419 } 420 421 422 [domain_realm] 423 .test.gokrb5 = TEST.GOKRB5 424 425 test.gokrb5 = TEST.GOKRB5 426 427 .example.com = EXAMPLE.COM 428 hostname1.example.com = EXAMPLE.COM 429 hostname2.example.com = TEST.GOKRB5 430 431 432 [appdefaults] 433 pam = { 434 debug = false 435 436 ticket_lifetime = 36000 437 438 renew_lifetime = 36000 439 forwardable = true 440 krb4_convert = false 441 } 442 ` 443 ) 444 445 func TestLoad(t *testing.T) { 446 t.Parallel() 447 cf, _ := os.CreateTemp(os.TempDir(), "TEST-gokrb5-krb5.conf") 448 defer os.Remove(cf.Name()) 449 cf.WriteString(krb5Conf) 450 451 c, err := Load(cf.Name()) 452 if err != nil { 453 t.Fatalf("Error loading config: %v", err) 454 } 455 456 assert.Equal(t, "TEST.GOKRB5", c.LibDefaults.DefaultRealm, "[libdefaults] default_realm not as expected") 457 assert.Equal(t, false, c.LibDefaults.DNSLookupRealm, "[libdefaults] dns_lookup_realm not as expected") 458 assert.Equal(t, false, c.LibDefaults.DNSLookupKDC, "[libdefaults] dns_lookup_kdc not as expected") 459 assert.Equal(t, time.Duration(10)*time.Hour, c.LibDefaults.TicketLifetime, "[libdefaults] Ticket lifetime not as expected") 460 assert.Equal(t, true, c.LibDefaults.Forwardable, "[libdefaults] forwardable not as expected") 461 assert.Equal(t, "FILE:/etc/krb5.keytab", c.LibDefaults.DefaultKeytabName, "[libdefaults] default_keytab_name not as expected") 462 assert.Equal(t, "FILE:/home/gokrb5/client.keytab", c.LibDefaults.DefaultClientKeytabName, "[libdefaults] default_client_keytab_name not as expected") 463 assert.Equal(t, []string{"aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96"}, c.LibDefaults.DefaultTktEnctypes, "[libdefaults] default_tkt_enctypes not as expected") 464 465 assert.Equal(t, 3, len(c.Realms), "Number of realms not as expected") 466 assert.Equal(t, "TEST.GOKRB5", c.Realms[0].Realm, "[realm] realm name not as expectd") 467 assert.Equal(t, []string{"10.80.88.88:749"}, c.Realms[0].AdminServer, "[realm] Admin_server not as expectd") 468 assert.Equal(t, []string{"10.80.88.88:464"}, c.Realms[0].KPasswdServer, "[realm] Kpasswd_server not as expectd") 469 assert.Equal(t, "test.gokrb5", c.Realms[0].DefaultDomain, "[realm] Default_domain not as expectd") 470 assert.Equal(t, []string{"10.80.88.88:88", "assume.port.num:88", "some.other.port:1234", "10.80.88.88:88"}, c.Realms[0].KDC, "[realm] Kdc not as expectd") 471 assert.Equal(t, []string{"kerberos.example.com:88", "kerberos-1.example.com:88"}, c.Realms[1].KDC, "[realm] Kdc not as expectd") 472 assert.Equal(t, []string{"kerberos.example.com"}, c.Realms[1].AdminServer, "[realm] Admin_server not as expectd") 473 474 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm[".test.gokrb5"], "Domain to realm mapping not as expected") 475 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm["test.gokrb5"], "Domain to realm mapping not as expected") 476 477 } 478 479 func TestLoadWithV4Lines(t *testing.T) { 480 t.Parallel() 481 cf, _ := os.CreateTemp(os.TempDir(), "TEST-gokrb5-krb5.conf") 482 defer os.Remove(cf.Name()) 483 cf.WriteString(krb5ConfV4Lines) 484 485 c, err := Load(cf.Name()) 486 if err == nil { 487 t.Fatalf("error should not be nil for config that includes v4 lines") 488 } 489 if _, ok := err.(UnsupportedDirective); !ok { 490 t.Fatalf("error should be of type UnsupportedDirective: %v", err) 491 } 492 493 assert.Equal(t, "TEST.GOKRB5", c.LibDefaults.DefaultRealm, "[libdefaults] default_realm not as expected") 494 assert.Equal(t, false, c.LibDefaults.DNSLookupRealm, "[libdefaults] dns_lookup_realm not as expected") 495 assert.Equal(t, false, c.LibDefaults.DNSLookupKDC, "[libdefaults] dns_lookup_kdc not as expected") 496 assert.Equal(t, time.Duration(10)*time.Hour, c.LibDefaults.TicketLifetime, "[libdefaults] Ticket lifetime not as expected") 497 assert.Equal(t, true, c.LibDefaults.Forwardable, "[libdefaults] forwardable not as expected") 498 assert.Equal(t, "FILE:/etc/krb5.keytab", c.LibDefaults.DefaultKeytabName, "[libdefaults] default_keytab_name not as expected") 499 assert.Equal(t, "FILE:/home/gokrb5/client.keytab", c.LibDefaults.DefaultClientKeytabName, "[libdefaults] default_client_keytab_name not as expected") 500 assert.Equal(t, []string{"aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96"}, c.LibDefaults.DefaultTktEnctypes, "[libdefaults] default_tkt_enctypes not as expected") 501 502 assert.Equal(t, 2, len(c.Realms), "Number of realms not as expected") 503 assert.Equal(t, "TEST.GOKRB5", c.Realms[0].Realm, "[realm] realm name not as expectd") 504 assert.Equal(t, []string{"10.80.88.88:749"}, c.Realms[0].AdminServer, "[realm] Admin_server not as expectd") 505 assert.Equal(t, []string{"10.80.88.88:464"}, c.Realms[0].KPasswdServer, "[realm] Kpasswd_server not as expectd") 506 assert.Equal(t, "test.gokrb5", c.Realms[0].DefaultDomain, "[realm] Default_domain not as expectd") 507 assert.Equal(t, []string{"10.80.88.88:88", "assume.port.num:88", "some.other.port:1234", "10.80.88.88:88"}, c.Realms[0].KDC, "[realm] Kdc not as expectd") 508 assert.Equal(t, []string{"kerberos.example.com:88", "kerberos-1.example.com:88"}, c.Realms[1].KDC, "[realm] Kdc not as expectd") 509 assert.Equal(t, []string{"kerberos.example.com"}, c.Realms[1].AdminServer, "[realm] Admin_server not as expectd") 510 511 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm[".test.gokrb5"], "Domain to realm mapping not as expected") 512 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm["test.gokrb5"], "Domain to realm mapping not as expected") 513 514 } 515 516 func TestLoad2(t *testing.T) { 517 t.Parallel() 518 c, err := NewFromString(krb5Conf2) 519 if err != nil { 520 t.Fatalf("Error loading config: %v", err) 521 } 522 523 assert.Equal(t, "TEST.GOKRB5", c.LibDefaults.DefaultRealm, "[libdefaults] default_realm not as expected") 524 assert.Equal(t, false, c.LibDefaults.DNSLookupRealm, "[libdefaults] dns_lookup_realm not as expected") 525 assert.Equal(t, false, c.LibDefaults.DNSLookupKDC, "[libdefaults] dns_lookup_kdc not as expected") 526 assert.Equal(t, time.Duration(10)*time.Hour, c.LibDefaults.TicketLifetime, "[libdefaults] Ticket lifetime not as expected") 527 assert.Equal(t, true, c.LibDefaults.Forwardable, "[libdefaults] forwardable not as expected") 528 assert.Equal(t, "FILE:/etc/krb5.keytab", c.LibDefaults.DefaultKeytabName, "[libdefaults] default_keytab_name not as expected") 529 assert.Equal(t, "FILE:/home/gokrb5/client.keytab", c.LibDefaults.DefaultClientKeytabName, "[libdefaults] default_client_keytab_name not as expected") 530 assert.Equal(t, []string{"aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96"}, c.LibDefaults.DefaultTktEnctypes, "[libdefaults] default_tkt_enctypes not as expected") 531 532 assert.Equal(t, 2, len(c.Realms), "Number of realms not as expected") 533 assert.Equal(t, "TEST.GOKRB5", c.Realms[0].Realm, "[realm] realm name not as expectd") 534 assert.Equal(t, []string{"10.80.88.88:749"}, c.Realms[0].AdminServer, "[realm] Admin_server not as expectd") 535 assert.Equal(t, []string{"10.80.88.88:464"}, c.Realms[0].KPasswdServer, "[realm] Kpasswd_server not as expectd") 536 assert.Equal(t, "test.gokrb5", c.Realms[0].DefaultDomain, "[realm] Default_domain not as expectd") 537 assert.Equal(t, []string{"10.80.88.88:88", "assume.port.num:88", "some.other.port:1234", "10.80.88.88:88"}, c.Realms[0].KDC, "[realm] Kdc not as expectd") 538 assert.Equal(t, []string{"kerberos.example.com:88", "kerberos-1.example.com:88"}, c.Realms[1].KDC, "[realm] Kdc not as expectd") 539 assert.Equal(t, []string{"kerberos.example.com"}, c.Realms[1].AdminServer, "[realm] Admin_server not as expectd") 540 541 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm[".test.gokrb5"], "Domain to realm mapping not as expected") 542 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm["test.gokrb5"], "Domain to realm mapping not as expected") 543 assert.True(t, c.LibDefaults.NoAddresses, "No address not set as true") 544 } 545 546 func TestLoadNoBlankLines(t *testing.T) { 547 t.Parallel() 548 c, err := NewFromString(krb5ConfNoBlankLines) 549 if err != nil { 550 t.Fatalf("Error loading config: %v", err) 551 } 552 553 assert.Equal(t, "TEST.GOKRB5", c.LibDefaults.DefaultRealm, "[libdefaults] default_realm not as expected") 554 assert.Equal(t, false, c.LibDefaults.DNSLookupRealm, "[libdefaults] dns_lookup_realm not as expected") 555 assert.Equal(t, false, c.LibDefaults.DNSLookupKDC, "[libdefaults] dns_lookup_kdc not as expected") 556 assert.Equal(t, time.Duration(10)*time.Hour, c.LibDefaults.TicketLifetime, "[libdefaults] Ticket lifetime not as expected") 557 assert.Equal(t, true, c.LibDefaults.Forwardable, "[libdefaults] forwardable not as expected") 558 assert.Equal(t, "FILE:/etc/krb5.keytab", c.LibDefaults.DefaultKeytabName, "[libdefaults] default_keytab_name not as expected") 559 assert.Equal(t, "FILE:/home/gokrb5/client.keytab", c.LibDefaults.DefaultClientKeytabName, "[libdefaults] default_client_keytab_name not as expected") 560 assert.Equal(t, []string{"aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96"}, c.LibDefaults.DefaultTktEnctypes, "[libdefaults] default_tkt_enctypes not as expected") 561 562 assert.Equal(t, 2, len(c.Realms), "Number of realms not as expected") 563 assert.Equal(t, "TEST.GOKRB5", c.Realms[0].Realm, "[realm] realm name not as expectd") 564 assert.Equal(t, []string{"10.80.88.88:749"}, c.Realms[0].AdminServer, "[realm] Admin_server not as expectd") 565 assert.Equal(t, []string{"10.80.88.88:464"}, c.Realms[0].KPasswdServer, "[realm] Kpasswd_server not as expectd") 566 assert.Equal(t, "test.gokrb5", c.Realms[0].DefaultDomain, "[realm] Default_domain not as expectd") 567 assert.Equal(t, []string{"10.80.88.88:88", "assume.port.num:88", "some.other.port:1234", "10.80.88.88:88"}, c.Realms[0].KDC, "[realm] Kdc not as expectd") 568 assert.Equal(t, []string{"kerberos.example.com:88", "kerberos-1.example.com:88"}, c.Realms[1].KDC, "[realm] Kdc not as expectd") 569 assert.Equal(t, []string{"kerberos.example.com"}, c.Realms[1].AdminServer, "[realm] Admin_server not as expectd") 570 571 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm[".test.gokrb5"], "Domain to realm mapping not as expected") 572 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm["test.gokrb5"], "Domain to realm mapping not as expected") 573 574 } 575 576 func TestLoadTabs(t *testing.T) { 577 t.Parallel() 578 cf, _ := os.CreateTemp(os.TempDir(), "TEST-gokrb5-krb5.conf") 579 defer os.Remove(cf.Name()) 580 cf.WriteString(krb5ConfTabs) 581 582 c, err := Load(cf.Name()) 583 if err != nil { 584 t.Fatalf("Error loading config: %v", err) 585 } 586 587 assert.Equal(t, "TEST.GOKRB5", c.LibDefaults.DefaultRealm, "[libdefaults] default_realm not as expected") 588 assert.Equal(t, false, c.LibDefaults.DNSLookupRealm, "[libdefaults] dns_lookup_realm not as expected") 589 assert.Equal(t, false, c.LibDefaults.DNSLookupKDC, "[libdefaults] dns_lookup_kdc not as expected") 590 assert.Equal(t, time.Duration(10)*time.Hour, c.LibDefaults.TicketLifetime, "[libdefaults] Ticket lifetime not as expected") 591 assert.Equal(t, true, c.LibDefaults.Forwardable, "[libdefaults] forwardable not as expected") 592 assert.Equal(t, "FILE:/etc/krb5.keytab", c.LibDefaults.DefaultKeytabName, "[libdefaults] default_keytab_name not as expected") 593 assert.Equal(t, "FILE:/home/gokrb5/client.keytab", c.LibDefaults.DefaultClientKeytabName, "[libdefaults] default_client_keytab_name not as expected") 594 assert.Equal(t, []string{"aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96"}, c.LibDefaults.DefaultTktEnctypes, "[libdefaults] default_tkt_enctypes not as expected") 595 596 assert.Equal(t, 2, len(c.Realms), "Number of realms not as expected") 597 assert.Equal(t, "TEST.GOKRB5", c.Realms[0].Realm, "[realm] realm name not as expectd") 598 assert.Equal(t, []string{"10.80.88.88:749"}, c.Realms[0].AdminServer, "[realm] Admin_server not as expectd") 599 assert.Equal(t, []string{"10.80.88.88:464"}, c.Realms[0].KPasswdServer, "[realm] Kpasswd_server not as expectd") 600 assert.Equal(t, "test.gokrb5", c.Realms[0].DefaultDomain, "[realm] Default_domain not as expectd") 601 assert.Equal(t, []string{"10.80.88.88:88", "assume.port.num:88", "some.other.port:1234", "10.80.88.88:88"}, c.Realms[0].KDC, "[realm] Kdc not as expectd") 602 assert.Equal(t, []string{"kerberos.example.com:88", "kerberos-1.example.com:88"}, c.Realms[1].KDC, "[realm] Kdc not as expectd") 603 assert.Equal(t, []string{"kerberos.example.com"}, c.Realms[1].AdminServer, "[realm] Admin_server not as expectd") 604 605 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm[".test.gokrb5"], "Domain to realm mapping not as expected") 606 assert.Equal(t, "TEST.GOKRB5", c.DomainRealm["test.gokrb5"], "Domain to realm mapping not as expected") 607 608 } 609 610 func TestParseDuration(t *testing.T) { 611 t.Parallel() 612 // https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html#duration 613 hms, _ := time.ParseDuration("12h30m15s") 614 hm, _ := time.ParseDuration("12h30m") 615 h, _ := time.ParseDuration("12h") 616 var tests = []struct { 617 timeStr string 618 duration time.Duration 619 }{ 620 {"100", time.Duration(100) * time.Second}, 621 {"12:30", hm}, 622 {"12:30:15", hms}, 623 {"1d12h30m15s", time.Duration(24)*time.Hour + hms}, 624 {"1d12h30m", time.Duration(24)*time.Hour + hm}, 625 {"1d12h", time.Duration(24)*time.Hour + h}, 626 {"1d", time.Duration(24) * time.Hour}, 627 } 628 for _, test := range tests { 629 d, err := parseDuration(test.timeStr) 630 if err != nil { 631 t.Errorf("error parsing %s: %v", test.timeStr, err) 632 } 633 assert.Equal(t, test.duration, d, "Duration not as expected for: "+test.timeStr) 634 635 } 636 637 } 638 639 func TestResolveRealm(t *testing.T) { 640 t.Parallel() 641 c, err := NewFromString(krb5Conf) 642 if err != nil { 643 t.Fatalf("Error loading config: %v", err) 644 } 645 646 tests := []struct { 647 domainName string 648 want string 649 }{ 650 {"unknown.com", ""}, 651 {"hostname1.example.com", "EXAMPLE.COM"}, 652 {"hostname2.example.com", "TEST.GOKRB5"}, 653 {"one.two.three.example.com", "EXAMPLE.COM"}, 654 {".test.gokrb5", "TEST.GOKRB5"}, 655 {"foo.testlowercase.org", "lowercase.org"}, 656 } 657 for _, tt := range tests { 658 t.Run(tt.domainName, func(t *testing.T) { 659 if got := c.ResolveRealm(tt.domainName); got != tt.want { 660 t.Errorf("config.ResolveRealm() = %v, want %v", got, tt.want) 661 } 662 }) 663 } 664 } 665 666 func TestJSON(t *testing.T) { 667 t.Parallel() 668 c, err := NewFromString(krb5Conf) 669 if err != nil { 670 t.Fatalf("Error loading config: %v", err) 671 } 672 c.LibDefaults.K5LoginDirectory = "/home/test" 673 j, err := c.JSON() 674 if err != nil { 675 t.Errorf("error marshaling krb config to JSON: %v", err) 676 } 677 assert.Equal(t, krb5ConfJson, j, "krb config marshaled json not as expected") 678 679 t.Log(j) 680 }