diff --git a/config/krb5conf_test.go b/config/krb5conf_test.go index 27a8e754..6122f5ea 100644 --- a/config/krb5conf_test.go +++ b/config/krb5conf_test.go @@ -45,6 +45,79 @@ const ( # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM ` + krb5ConfIHead = ` +[logging] + default = FILE:/var/log/kerberos/krb5libs.log + kdc = FILE:/var/log/kerberos/krb5kdc.log + admin_server = FILE:/var/log/kerberos/kadmind.log + +` + krb5Include = ` +[libdefaults] + default_realm = TEST.GOKRB5 ; comment to be ignored + dns_lookup_realm = false + + dns_lookup_kdc = false + #dns_lookup_kdc = true + ;dns_lookup_kdc = true +#dns_lookup_kdc = true +;dns_lookup_kdc = true + ticket_lifetime = 10h ;comment to be ignored + forwardable = yes #comment to be ignored + default_keytab_name = FILE:/etc/krb5.keytab + + default_client_keytab_name = FILE:/home/gokrb5/client.keytab + default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 # comment to be ignored + +` + krb5ConfI = ` +[realms] + TEST.GOKRB5 = { + kdc = 10.80.88.88:88 #comment to be ignored + kdc = assume.port.num ;comment to be ignored + kdc = some.other.port:1234 # comment to be ignored + + kdc = 10.80.88.88* + kdc = 10.1.2.3.4:88 + + admin_server = 10.80.88.88:749 ; comment to be ignored + default_domain = test.gokrb5 + } + EXAMPLE.COM = { + kdc = kerberos.example.com + kdc = kerberos-1.example.com + admin_server = kerberos.example.com + auth_to_local = RULE:[1:$1@$0](.*@EXAMPLE.COM)s/.*// + } + lowercase.org = { + kdc = kerberos.lowercase.org + admin_server = kerberos.lowercase.org + } + + +[domain_realm] + .test.gokrb5 = TEST.GOKRB5 #comment to be ignored + + test.gokrb5 = TEST.GOKRB5 ;comment to be ignored + + .example.com = EXAMPLE.COM # comment to be ignored + hostname1.example.com = EXAMPLE.COM ; comment to be ignored + hostname2.example.com = TEST.GOKRB5 + .testlowercase.org = lowercase.org + + +[appdefaults] + pam = { + debug = false + + ticket_lifetime = 36000 + + renew_lifetime = 36000 + forwardable = true + krb4_convert = false + } +` + krb5Conf = ` [logging] default = FILE:/var/log/kerberos/krb5libs.log @@ -343,7 +416,7 @@ const ( ` ) -func TestLoadinc(t *testing.T) { +func TestLoadincludedir(t *testing.T) { t.Parallel() cf, _ := ioutil.TempFile(os.TempDir(), "TEST-gokrb5-krb5inc.conf") defer os.Remove(cf.Name()) @@ -391,6 +464,44 @@ func TestLoadinc(t *testing.T) { } +func TestLoadinclude(t *testing.T) { + t.Parallel() + cf, _ := ioutil.TempFile(os.TempDir(), "TEST-gokrb5-krb5inc.conf") + defer os.Remove(cf.Name()) + incf, _ := ioutil.TempFile(os.TempDir(), "TEST-gokrb5-krb5include") + defer os.Remove(incf.Name()) + incf.WriteString(krb5Include) + krb5ContentsI := krb5ConfIHead + fmt.Sprintf("include %s\n", incf.Name()) + krb5ConfI + cf.WriteString(krb5ContentsI) + + c, err := Load(cf.Name()) + if err != nil { + t.Fatalf("Error loading config: %v", err) + } + + assert.Equal(t, "TEST.GOKRB5", c.LibDefaults.DefaultRealm, "[libdefaults] default_realm not as expected") + assert.Equal(t, false, c.LibDefaults.DNSLookupRealm, "[libdefaults] dns_lookup_realm not as expected") + assert.Equal(t, false, c.LibDefaults.DNSLookupKDC, "[libdefaults] dns_lookup_kdc not as expected") + assert.Equal(t, time.Duration(10)*time.Hour, c.LibDefaults.TicketLifetime, "[libdefaults] Ticket lifetime not as expected") + assert.Equal(t, true, c.LibDefaults.Forwardable, "[libdefaults] forwardable not as expected") + assert.Equal(t, "FILE:/etc/krb5.keytab", c.LibDefaults.DefaultKeytabName, "[libdefaults] default_keytab_name not as expected") + assert.Equal(t, "FILE:/home/gokrb5/client.keytab", c.LibDefaults.DefaultClientKeytabName, "[libdefaults] default_client_keytab_name not as expected") + assert.Equal(t, []string{"aes256-cts-hmac-sha1-96", "aes128-cts-hmac-sha1-96"}, c.LibDefaults.DefaultTktEnctypes, "[libdefaults] default_tkt_enctypes not as expected") + + assert.Equal(t, 3, len(c.Realms), "Number of realms not as expected") + assert.Equal(t, "TEST.GOKRB5", c.Realms[0].Realm, "[realm] realm name not as expectd") + assert.Equal(t, []string{"10.80.88.88:749"}, c.Realms[0].AdminServer, "[realm] Admin_server not as expectd") + assert.Equal(t, []string{"10.80.88.88:464"}, c.Realms[0].KPasswdServer, "[realm] Kpasswd_server not as expectd") + assert.Equal(t, "test.gokrb5", c.Realms[0].DefaultDomain, "[realm] Default_domain not as expectd") + assert.Equal(t, []string{"10.80.88.88:88", "assume.port.num:88", "some.other.port:1234", "10.80.88.88:88"}, c.Realms[0].KDC, "[realm] Kdc not as expectd") + assert.Equal(t, []string{"kerberos.example.com:88", "kerberos-1.example.com:88"}, c.Realms[1].KDC, "[realm] Kdc not as expectd") + assert.Equal(t, []string{"kerberos.example.com"}, c.Realms[1].AdminServer, "[realm] Admin_server not as expectd") + + assert.Equal(t, "TEST.GOKRB5", c.DomainRealm[".test.gokrb5"], "Domain to realm mapping not as expected") + assert.Equal(t, "TEST.GOKRB5", c.DomainRealm["test.gokrb5"], "Domain to realm mapping not as expected") + +} + func TestLoad(t *testing.T) { t.Parallel() cf, _ := ioutil.TempFile(os.TempDir(), "TEST-gokrb5-krb5.conf")