SEBA-902 single-olt tests;
Pin protoc-gen-go to 1.3.2 to resolve compatibility issue;
Run go mod tidy / go mod vendor on importer;
Add Go Module support to demotest
Change-Id: Ifde824fc9a6317b0adc1e12bea54ee1f9b788906
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go
index 8ad3e55..93ff1db 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go
@@ -60,7 +60,7 @@
return tgsReq, tgsRep, err
}
}
- tgsReq, err = messages.NewTGSReq(cl.Credentials.CName(), kdcRealm, cl.Config, tgt, sessionKey, tgsReq.ReqBody.SName, tgsReq.Renewal)
+ tgsReq, err = messages.NewTGSReq(cl.Credentials.CName(), realm, cl.Config, tgsRep.Ticket, tgsRep.DecryptedEncPart.Key, tgsReq.ReqBody.SName, tgsReq.Renewal)
if err != nil {
return tgsReq, tgsRep, err
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go
index 6e4c83c..cc93174 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go
@@ -188,6 +188,18 @@
return nil
}
+// AffirmLogin will only perform an AS exchange with the KDC if the client does not already have a TGT.
+func (cl *Client) AffirmLogin() error {
+ _, endTime, _, _, err := cl.sessionTimes(cl.Credentials.Domain())
+ if err != nil || time.Now().UTC().After(endTime) {
+ err := cl.Login()
+ if err != nil {
+ return fmt.Errorf("could not get valid TGT for client's realm: %v", err)
+ }
+ }
+ return nil
+}
+
// realmLogin obtains or renews a TGT and establishes a session for the realm specified.
func (cl *Client) realmLogin(realm string) error {
if realm == cl.Credentials.Domain() {
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go
index 19d25e6..493fb2f 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go
@@ -69,49 +69,47 @@
}
// dialKDCTCP establishes a UDP connection to a KDC.
-func dialKDCUDP(count int, kdcs map[int]string) (conn *net.UDPConn, err error) {
+func dialKDCUDP(count int, kdcs map[int]string) (*net.UDPConn, error) {
i := 1
for i <= count {
- udpAddr, e := net.ResolveUDPAddr("udp", kdcs[i])
- if e != nil {
- err = fmt.Errorf("error resolving KDC address: %v", e)
- return
+ udpAddr, err := net.ResolveUDPAddr("udp", kdcs[i])
+ if err != nil {
+ return nil, fmt.Errorf("error resolving KDC address: %v", err)
}
- conn, err = net.DialUDP("udp", nil, udpAddr)
+
+ conn, err := net.DialTimeout("udp", udpAddr.String(), 5*time.Second)
if err == nil {
- err = conn.SetDeadline(time.Now().Add(5 * time.Second))
- if err != nil {
- return
+ if err := conn.SetDeadline(time.Now().Add(5 * time.Second)); err != nil {
+ return nil, err
}
- return
+ // conn is guaranteed to be a UDPConn
+ return conn.(*net.UDPConn), nil
}
i++
}
- err = errors.New("error in getting a UDP connection to any of the KDCs")
- return
+ return nil, errors.New("error in getting a UDP connection to any of the KDCs")
}
// dialKDCTCP establishes a TCP connection to a KDC.
-func dialKDCTCP(count int, kdcs map[int]string) (conn *net.TCPConn, err error) {
+func dialKDCTCP(count int, kdcs map[int]string) (*net.TCPConn, error) {
i := 1
for i <= count {
- tcpAddr, e := net.ResolveTCPAddr("tcp", kdcs[i])
- if e != nil {
- err = fmt.Errorf("error resolving KDC address: %v", e)
- return
+ tcpAddr, err := net.ResolveTCPAddr("tcp", kdcs[i])
+ if err != nil {
+ return nil, fmt.Errorf("error resolving KDC address: %v", err)
}
- conn, err = net.DialTCP("tcp", nil, tcpAddr)
+
+ conn, err := net.DialTimeout("tcp", tcpAddr.String(), 5*time.Second)
if err == nil {
- err = conn.SetDeadline(time.Now().Add(5 * time.Second))
- if err != nil {
- return
+ if err := conn.SetDeadline(time.Now().Add(5 * time.Second)); err != nil {
+ return nil, err
}
- return
+ // conn is guaranteed to be a TCPConn
+ return conn.(*net.TCPConn), nil
}
i++
}
- err = errors.New("error in getting a TCP connection to any of the KDCs")
- return
+ return nil, errors.New("error in getting a TCP connection to any of the KDCs")
}
// sendKDCUDP sends bytes to the KDC via UDP.
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go
index e6d4180..da838ed 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go
@@ -44,7 +44,7 @@
return false, err
}
if r.ResultCode != KRB5_KPASSWD_SUCCESS {
- return false, fmt.Errorf("error response from kdamin: %s", r.Result)
+ return false, fmt.Errorf("error response from kadmin: code: %d; result: %s; krberror: %v", r.ResultCode, r.Result, r.KRBError)
}
cl.Credentials.WithPassword(newPasswd)
return true, nil
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go
index 516c823..12c04c4 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go
@@ -38,7 +38,7 @@
// s := NewSettings(AssumePreAuthentication(true))
func AssumePreAuthentication(b bool) func(*Settings) {
return func(s *Settings) {
- s.disablePAFXFast = b
+ s.assumePreAuthentication = b
}
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go
index a58c234..a67989f 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go
@@ -18,37 +18,41 @@
kdcs := make(map[int]string)
var count int
- // Use DNS to resolve kerberos SRV records if configured to do so in krb5.conf.
- if c.LibDefaults.DNSLookupKDC {
- proto := "udp"
- if tcp {
- proto = "tcp"
+ // Get the KDCs from the krb5.conf.
+ var ks []string
+ for _, r := range c.Realms {
+ if r.Realm != realm {
+ continue
}
- c, addrs, err := dnsutils.OrderedSRV("kerberos", proto, realm)
- if err != nil {
- return count, kdcs, err
- }
- if len(addrs) < 1 {
- return count, kdcs, fmt.Errorf("no KDC SRV records found for realm %s", realm)
- }
- count = c
- for k, v := range addrs {
- kdcs[k] = strings.TrimRight(v.Target, ".") + ":" + strconv.Itoa(int(v.Port))
- }
- } else {
- // Get the KDCs from the krb5.conf an order them randomly for preference.
- var ks []string
- for _, r := range c.Realms {
- if r.Realm == realm {
- ks = r.KDC
- break
- }
- }
- count = len(ks)
- if count < 1 {
- return count, kdcs, fmt.Errorf("no KDCs defined in configuration for realm %s", realm)
- }
+ ks = r.KDC
+ }
+ count = len(ks)
+
+ if count > 0 {
+ // Order the kdcs randomly for preference.
kdcs = randServOrder(ks)
+ return count, kdcs, nil
+ }
+
+ if !c.LibDefaults.DNSLookupKDC {
+ return count, kdcs, fmt.Errorf("no KDCs defined in configuration for realm %s", realm)
+ }
+
+ // Use DNS to resolve kerberos SRV records.
+ proto := "udp"
+ if tcp {
+ proto = "tcp"
+ }
+ index, addrs, err := dnsutils.OrderedSRV("kerberos", proto, realm)
+ if err != nil {
+ return count, kdcs, err
+ }
+ if len(addrs) < 1 {
+ return count, kdcs, fmt.Errorf("no KDC SRV records found for realm %s", realm)
+ }
+ count = index
+ for k, v := range addrs {
+ kdcs[k] = strings.TrimRight(v.Target, ".") + ":" + strconv.Itoa(int(v.Port))
}
return count, kdcs, nil
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go
index dbc61c3..8efe92d 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go
@@ -119,6 +119,10 @@
// Parse the lines of the [libdefaults] section of the configuration into the LibDefaults struct.
func (l *LibDefaults) parseLines(lines []string) error {
for _, line := range lines {
+ //Remove comments after the values
+ if idx := strings.IndexAny(line, "#;"); idx != -1 {
+ line = line[:idx]
+ }
line = strings.TrimSpace(line)
if line == "" {
continue
@@ -333,6 +337,10 @@
if ignore && c > 0 && !strings.Contains(line, "{") && !strings.Contains(line, "}") {
continue
}
+ //Remove comments after the values
+ if idx := strings.IndexAny(line, "#;"); idx != -1 {
+ line = line[:idx]
+ }
line = strings.TrimSpace(line)
if line == "" {
continue
@@ -407,6 +415,10 @@
var start int
var c int
for i, l := range lines {
+ //Remove comments after the values
+ if idx := strings.IndexAny(l, "#;"); idx != -1 {
+ l = l[:idx]
+ }
l = strings.TrimSpace(l)
if l == "" {
continue
@@ -454,6 +466,10 @@
// Parse the lines of the [domain_realm] section of the configuration and add to the mapping.
func (d *DomainRealm) parseLines(lines []string) error {
for _, line := range lines {
+ //Remove comments after the values
+ if idx := strings.IndexAny(line, "#;"); idx != -1 {
+ line = line[:idx]
+ }
if strings.TrimSpace(line) == "" {
continue
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go
index 62acab7..beec066 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go
@@ -288,6 +288,11 @@
return false
}
+// ValidUntil returns the credential's valid until date
+func (c *Credentials) ValidUntil() time.Time {
+ return c.validUntil
+}
+
// Attributes returns the Credentials' attributes map.
func (c *Credentials) Attributes() map[string]interface{} {
return c.attributes
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go
index 0c7fc38..22c0204 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go
@@ -141,6 +141,10 @@
// Unmarshal byte slice of Keytab data into Keytab type.
func (kt *Keytab) Unmarshal(b []byte) error {
+ if len(b) < 2 {
+ return fmt.Errorf("byte array is less than 2 bytes: %d", len(b))
+ }
+
//The first byte of the file always has the value 5
if b[0] != keytabFirstByte {
return errors.New("invalid keytab data. First byte does not equal 5")
@@ -165,7 +169,10 @@
*/
// n tracks position in the byte array
n := 2
- l := readInt32(b, &n, &endian)
+ l, err := readInt32(b, &n, &endian)
+ if err != nil {
+ return err
+ }
for l != 0 {
if l < 0 {
//Zero padded so skip over
@@ -173,23 +180,52 @@
n = n + int(l)
} else {
//fmt.Printf("Bytes for entry: %v\n", b[n:n+int(l)])
+ if n < 0 {
+ return fmt.Errorf("%d can't be less than zero", n)
+ }
+ if n+int(l) > len(b) {
+ return fmt.Errorf("%s's length is less than %d", b, n+int(l))
+ }
eb := b[n : n+int(l)]
n = n + int(l)
ke := newKeytabEntry()
// p keeps track as to where we are in the byte stream
var p int
+ var err error
parsePrincipal(eb, &p, kt, &ke, &endian)
- ke.Timestamp = readTimestamp(eb, &p, &endian)
- ke.KVNO8 = uint8(readInt8(eb, &p, &endian))
- ke.Key.KeyType = int32(readInt16(eb, &p, &endian))
- kl := int(readInt16(eb, &p, &endian))
- ke.Key.KeyValue = readBytes(eb, &p, kl, &endian)
+ ke.Timestamp, err = readTimestamp(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ rei8, err := readInt8(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ ke.KVNO8 = uint8(rei8)
+ rei16, err := readInt16(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ ke.Key.KeyType = int32(rei16)
+ rei16, err = readInt16(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ kl := int(rei16)
+ ke.Key.KeyValue, err = readBytes(eb, &p, kl, &endian)
+ if err != nil {
+ return err
+ }
//The 32-bit key version overrides the 8-bit key version.
// To determine if it is present, the implementation must check that at least 4 bytes remain in the record after the other fields are read,
// and that the value of the 32-bit integer contained in those bytes is non-zero.
if len(eb)-p >= 4 {
// The 32-bit key may be present
- ke.KVNO = uint32(readInt32(eb, &p, &endian))
+ ri32, err := readInt32(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ ke.KVNO = uint32(ri32)
}
if ke.KVNO == 0 {
// Handles if the value from the last 4 bytes was zero and also if there are not the 4 bytes present. Makes sense to put the same value here as KVNO8
@@ -199,11 +235,15 @@
kt.Entries = append(kt.Entries, ke)
}
// Check if there are still 4 bytes left to read
- if n > len(b) || len(b[n:]) < 4 {
+ // Also check that n is greater than zero
+ if n < 0 || n > len(b) || len(b[n:]) < 4 {
break
}
// Read the size of the next entry
- l = readInt32(b, &n, &endian)
+ l, err = readInt32(b, &n, &endian)
+ if err != nil {
+ return err
+ }
}
return nil
}
@@ -249,20 +289,41 @@
// Parse the Keytab bytes of a principal into a Keytab entry's principal.
func parsePrincipal(b []byte, p *int, kt *Keytab, ke *entry, e *binary.ByteOrder) error {
- ke.Principal.NumComponents = readInt16(b, p, e)
+ var err error
+ ke.Principal.NumComponents, err = readInt16(b, p, e)
+ if err != nil {
+ return err
+ }
if kt.version == 1 {
//In version 1 the number of components includes the realm. Minus 1 to make consistent with version 2
ke.Principal.NumComponents--
}
- lenRealm := readInt16(b, p, e)
- ke.Principal.Realm = string(readBytes(b, p, int(lenRealm), e))
+ lenRealm, err := readInt16(b, p, e)
+ if err != nil {
+ return err
+ }
+ realmB, err := readBytes(b, p, int(lenRealm), e)
+ if err != nil {
+ return err
+ }
+ ke.Principal.Realm = string(realmB)
for i := 0; i < int(ke.Principal.NumComponents); i++ {
- l := readInt16(b, p, e)
- ke.Principal.Components = append(ke.Principal.Components, string(readBytes(b, p, int(l), e)))
+ l, err := readInt16(b, p, e)
+ if err != nil {
+ return err
+ }
+ compB, err := readBytes(b, p, int(l), e)
+ if err != nil {
+ return err
+ }
+ ke.Principal.Components = append(ke.Principal.Components, string(compB))
}
if kt.version != 1 {
//Name Type is omitted in version 1
- ke.Principal.NameType = readInt32(b, p, e)
+ ke.Principal.NameType, err = readInt32(b, p, e)
+ if err != nil {
+ return err
+ }
}
return nil
}
@@ -315,12 +376,23 @@
}
// Read bytes representing a timestamp.
-func readTimestamp(b []byte, p *int, e *binary.ByteOrder) time.Time {
- return time.Unix(int64(readInt32(b, p, e)), 0)
+func readTimestamp(b []byte, p *int, e *binary.ByteOrder) (time.Time, error) {
+ i32, err := readInt32(b, p, e)
+ if err != nil {
+ return time.Time{}, err
+ }
+ return time.Unix(int64(i32), 0), nil
}
// Read bytes representing an eight bit integer.
-func readInt8(b []byte, p *int, e *binary.ByteOrder) (i int8) {
+func readInt8(b []byte, p *int, e *binary.ByteOrder) (i int8, err error) {
+ if *p < 0 {
+ return 0, fmt.Errorf("%d cannot be less than zero", *p)
+ }
+
+ if (*p + 1) > len(b) {
+ return 0, fmt.Errorf("%s's length is less than %d", b, *p+1)
+ }
buf := bytes.NewBuffer(b[*p : *p+1])
binary.Read(buf, *e, &i)
*p++
@@ -328,7 +400,15 @@
}
// Read bytes representing a sixteen bit integer.
-func readInt16(b []byte, p *int, e *binary.ByteOrder) (i int16) {
+func readInt16(b []byte, p *int, e *binary.ByteOrder) (i int16, err error) {
+ if *p < 0 {
+ return 0, fmt.Errorf("%d cannot be less than zero", *p)
+ }
+
+ if (*p + 2) > len(b) {
+ return 0, fmt.Errorf("%s's length is less than %d", b, *p+2)
+ }
+
buf := bytes.NewBuffer(b[*p : *p+2])
binary.Read(buf, *e, &i)
*p += 2
@@ -336,19 +416,36 @@
}
// Read bytes representing a thirty two bit integer.
-func readInt32(b []byte, p *int, e *binary.ByteOrder) (i int32) {
+func readInt32(b []byte, p *int, e *binary.ByteOrder) (i int32, err error) {
+ if *p < 0 {
+ return 0, fmt.Errorf("%d cannot be less than zero", *p)
+ }
+
+ if (*p + 4) > len(b) {
+ return 0, fmt.Errorf("%s's length is less than %d", b, *p+4)
+ }
+
buf := bytes.NewBuffer(b[*p : *p+4])
binary.Read(buf, *e, &i)
*p += 4
return
}
-func readBytes(b []byte, p *int, s int, e *binary.ByteOrder) []byte {
- buf := bytes.NewBuffer(b[*p : *p+s])
+func readBytes(b []byte, p *int, s int, e *binary.ByteOrder) ([]byte, error) {
+ if s < 0 {
+ return nil, fmt.Errorf("%d cannot be less than zero", s)
+ }
+ i := *p + s
+ if i > len(b) {
+ return nil, fmt.Errorf("%s's length is greater than %d", b, i)
+ }
+ buf := bytes.NewBuffer(b[*p:i])
r := make([]byte, s)
- binary.Read(buf, *e, &r)
+ if err := binary.Read(buf, *e, &r); err != nil {
+ return nil, err
+ }
*p += s
- return r
+ return r, nil
}
func isNativeEndianLittle() bool {