From acced829c343f3b05ebae3ada1eca93feb14762c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 11 Jan 2021 16:42:21 +0100 Subject: [PATCH 1/2] Update Kerberos library to latest major New import path: github.com/jcmturner/gokrb5/v8 --- broker_test.go | 2 +- gssapi_kerberos.go | 16 ++++++------- kerberos_client.go | 12 +++++----- kerberos_client_test.go | 52 +++++++++++++++++++++++++++++++++++++---- mockkerberos.go | 10 ++++---- 5 files changed, 67 insertions(+), 25 deletions(-) diff --git a/broker_test.go b/broker_test.go index 37064b7cb..5f859c8f2 100644 --- a/broker_test.go +++ b/broker_test.go @@ -9,8 +9,8 @@ import ( "testing" "time" + "github.com/jcmturner/gokrb5/v8/krberror" "github.com/rcrowley/go-metrics" - "gopkg.in/jcmturner/gokrb5.v7/krberror" ) func ExampleBroker() { diff --git a/gssapi_kerberos.go b/gssapi_kerberos.go index 1993fc08f..44fd44625 100644 --- a/gssapi_kerberos.go +++ b/gssapi_kerberos.go @@ -1,19 +1,19 @@ package sarama import ( + "encoding/asn1" "encoding/binary" "fmt" "io" "strings" "time" - "github.com/jcmturner/gofork/encoding/asn1" - "gopkg.in/jcmturner/gokrb5.v7/asn1tools" - "gopkg.in/jcmturner/gokrb5.v7/gssapi" - "gopkg.in/jcmturner/gokrb5.v7/iana/chksumtype" - "gopkg.in/jcmturner/gokrb5.v7/iana/keyusage" - "gopkg.in/jcmturner/gokrb5.v7/messages" - "gopkg.in/jcmturner/gokrb5.v7/types" + "github.com/jcmturner/gokrb5/v8/asn1tools" + "github.com/jcmturner/gokrb5/v8/gssapi" + "github.com/jcmturner/gokrb5/v8/iana/chksumtype" + "github.com/jcmturner/gokrb5/v8/iana/keyusage" + "github.com/jcmturner/gokrb5/v8/messages" + "github.com/jcmturner/gokrb5/v8/types" ) const ( @@ -154,7 +154,7 @@ func (krbAuth *GSSAPIKerberosAuth) createKrb5Token( * */ func (krbAuth *GSSAPIKerberosAuth) appendGSSAPIHeader(payload []byte) ([]byte, error) { - oidBytes, err := asn1.Marshal(gssapi.OID(gssapi.OIDKRB5)) + oidBytes, err := asn1.Marshal(gssapi.OIDKRB5.OID()) if err != nil { return nil, err } diff --git a/kerberos_client.go b/kerberos_client.go index ebc114179..01a53193b 100644 --- a/kerberos_client.go +++ b/kerberos_client.go @@ -1,10 +1,10 @@ package sarama import ( - krb5client "gopkg.in/jcmturner/gokrb5.v7/client" - krb5config "gopkg.in/jcmturner/gokrb5.v7/config" - "gopkg.in/jcmturner/gokrb5.v7/keytab" - "gopkg.in/jcmturner/gokrb5.v7/types" + krb5client "github.com/jcmturner/gokrb5/v8/client" + krb5config "github.com/jcmturner/gokrb5/v8/config" + "github.com/jcmturner/gokrb5/v8/keytab" + "github.com/jcmturner/gokrb5/v8/types" ) type KerberosGoKrb5Client struct { @@ -37,9 +37,9 @@ func createClient(config *GSSAPIConfig, cfg *krb5config.Config) (KerberosClient, if err != nil { return nil, err } - client = krb5client.NewClientWithKeytab(config.Username, config.Realm, kt, cfg, krb5client.DisablePAFXFAST(config.DisablePAFXFAST)) + client = krb5client.NewWithKeytab(config.Username, config.Realm, kt, cfg, krb5client.DisablePAFXFAST(config.DisablePAFXFAST)) } else { - client = krb5client.NewClientWithPassword(config.Username, + client = krb5client.NewWithPassword(config.Username, config.Realm, config.Password, cfg, krb5client.DisablePAFXFAST(config.DisablePAFXFAST)) } return &KerberosGoKrb5Client{*client}, nil diff --git a/kerberos_client_test.go b/kerberos_client_test.go index 9cd7a21b6..7c2ed31bc 100644 --- a/kerberos_client_test.go +++ b/kerberos_client_test.go @@ -4,8 +4,7 @@ import ( "errors" "testing" - krbcfg "gopkg.in/jcmturner/gokrb5.v7/config" - "gopkg.in/jcmturner/gokrb5.v7/test/testdata" + krbcfg "github.com/jcmturner/gokrb5/v8/config" ) /* @@ -15,6 +14,49 @@ import ( * */ +const ( + krb5cfg = `[libdefaults] + default_realm = TEST.GOKRB5 + dns_lookup_realm = false + dns_lookup_kdc = false + ticket_lifetime = 24h + forwardable = yes + default_tkt_enctypes = aes256-cts-hmac-sha1-96 + default_tgs_enctypes = aes256-cts-hmac-sha1-96 + noaddresses = false +[realms] + TEST.GOKRB5 = { + kdc = 127.0.0.1:88 + admin_server = 127.0.0.1:749 + default_domain = test.gokrb5 + } + RESDOM.GOKRB5 = { + kdc = 10.80.88.88:188 + admin_server = 127.0.0.1:749 + default_domain = resdom.gokrb5 + } + USER.GOKRB5 = { + kdc = 192.168.88.100:88 + admin_server = 192.168.88.100:464 + default_domain = user.gokrb5 + } + RES.GOKRB5 = { + kdc = 192.168.88.101:88 + admin_server = 192.168.88.101:464 + default_domain = res.gokrb5 + } +[domain_realm] + .test.gokrb5 = TEST.GOKRB5 + test.gokrb5 = TEST.GOKRB5 + .resdom.gokrb5 = RESDOM.GOKRB5 + resdom.gokrb5 = RESDOM.GOKRB5 + .user.gokrb5 = USER.GOKRB5 + user.gokrb5 = USER.GOKRB5 + .res.gokrb5 = RES.GOKRB5 + res.gokrb5 = RES.GOKRB5 +` +) + func TestFaildToCreateKerberosConfig(t *testing.T) { expectedErr := errors.New("configuration file could not be opened: krb5.conf open krb5.conf: no such file or directory") clientConfig := NewTestConfig() @@ -34,7 +76,7 @@ func TestFaildToCreateKerberosConfig(t *testing.T) { } func TestCreateWithPassword(t *testing.T) { - kerberosConfig, err := krbcfg.NewConfigFromString(testdata.TEST_KRB5CONF) + kerberosConfig, err := krbcfg.NewFromString(krb5cfg) if err != nil { t.Fatal(err) } @@ -64,7 +106,7 @@ func TestCreateWithPassword(t *testing.T) { } func TestCreateWithKeyTab(t *testing.T) { - kerberosConfig, err := krbcfg.NewConfigFromString(testdata.TEST_KRB5CONF) + kerberosConfig, err := krbcfg.NewFromString(krb5cfg) if err != nil { t.Fatal(err) } @@ -86,7 +128,7 @@ func TestCreateWithKeyTab(t *testing.T) { } func TestCreateWithDisablePAFXFAST(t *testing.T) { - kerberosConfig, err := krbcfg.NewConfigFromString(testdata.TEST_KRB5CONF) + kerberosConfig, err := krbcfg.NewFromString(krb5cfg) if err != nil { t.Fatal(err) } diff --git a/mockkerberos.go b/mockkerberos.go index d36649d8a..beb00e5b5 100644 --- a/mockkerberos.go +++ b/mockkerberos.go @@ -4,11 +4,11 @@ import ( "encoding/binary" "encoding/hex" - "gopkg.in/jcmturner/gokrb5.v7/credentials" - "gopkg.in/jcmturner/gokrb5.v7/gssapi" - "gopkg.in/jcmturner/gokrb5.v7/iana/keyusage" - "gopkg.in/jcmturner/gokrb5.v7/messages" - "gopkg.in/jcmturner/gokrb5.v7/types" + "github.com/jcmturner/gokrb5/v8/credentials" + "github.com/jcmturner/gokrb5/v8/gssapi" + "github.com/jcmturner/gokrb5/v8/iana/keyusage" + "github.com/jcmturner/gokrb5/v8/messages" + "github.com/jcmturner/gokrb5/v8/types" ) type KafkaGSSAPIHandler struct { From 13fa0252d31c03366673efb1b2a99db8d7a84069 Mon Sep 17 00:00:00 2001 From: Vlad Gorodetsky Date: Fri, 22 Jan 2021 16:07:35 +0200 Subject: [PATCH 2/2] Fix go.mod downgrades --- go.mod | 10 ++-------- go.sum | 34 ++++++++++++++++++++++------------ 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index 9fcc19ab5..f4cc90c00 100644 --- a/go.mod +++ b/go.mod @@ -11,8 +11,7 @@ require ( github.com/fortytw2/leaktest v1.3.0 github.com/frankban/quicktest v1.11.3 // indirect github.com/golang/snappy v0.0.2 // indirect - github.com/hashicorp/go-uuid v1.0.2 // indirect - github.com/jcmturner/gofork v1.0.0 + github.com/jcmturner/gokrb5/v8 v8.4.2 github.com/klauspost/compress v1.11.7 github.com/kr/text v0.2.0 // indirect github.com/pierrec/lz4 v2.6.0+incompatible @@ -21,14 +20,9 @@ require ( github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c github.com/xdg/stringprep v1.0.0 // indirect golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad // indirect - golang.org/x/net v0.0.0-20201224014010-6772e930b67b + golang.org/x/net v0.0.0-20210119194325-5f4716e94777 golang.org/x/text v0.3.5 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect - gopkg.in/jcmturner/aescts.v1 v1.0.1 // indirect - gopkg.in/jcmturner/dnsutils.v1 v1.0.1 // indirect - gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect - gopkg.in/jcmturner/gokrb5.v7 v7.5.0 - gopkg.in/jcmturner/rpc.v1 v1.1.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect ) diff --git a/go.sum b/go.sum index 8ea054edf..94afb2ae5 100644 --- a/go.sum +++ b/go.sum @@ -18,10 +18,24 @@ github.com/golang/snappy v0.0.2 h1:aeE13tS0IiQgFjYdoL8qN3K1N2bXXtI6Vi51/y7BpMw= github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= github.com/jcmturner/gofork v1.0.0 h1:J7uCkflzTEhUZ64xqKnkDxq3kzc96ajM1Gli5ktUem8= github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.2 h1:6ZIM6b/JJN0X8UM43ZOM6Z4SJzla+a/u7scXFJzodkA= +github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/klauspost/compress v1.11.7 h1:0hzRabrMN4tSTvMfnL3SCv1ZGeAP23ynzodBgaHeMeg= github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= @@ -38,6 +52,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c h1:u40Z8hqBAAQyv+vATcGgV0YCnDjqSL7/q/JyPhhJSPk= @@ -46,13 +62,16 @@ github.com/xdg/stringprep v1.0.0 h1:d9X0esnoa3dFsV0FG35rAT0RIhYFlPq7MiP+DW89La0= github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -72,16 +91,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/jcmturner/aescts.v1 v1.0.1 h1:cVVZBK2b1zY26haWB4vbBiZrfFQnfbTVrE3xZq6hrEw= -gopkg.in/jcmturner/aescts.v1 v1.0.1/go.mod h1:nsR8qBOg+OucoIW+WMhB3GspUQXq9XorLnQb9XtvcOo= -gopkg.in/jcmturner/dnsutils.v1 v1.0.1 h1:cIuC1OLRGZrld+16ZJvvZxVJeKPsvd5eUIvxfoN5hSM= -gopkg.in/jcmturner/dnsutils.v1 v1.0.1/go.mod h1:m3v+5svpVOhtFAP/wSz+yzh4Mc0Fg7eRhxkJMWSIz9Q= -gopkg.in/jcmturner/goidentity.v3 v3.0.0 h1:1duIyWiTaYvVx3YX2CYtpJbUFd7/UuPYCfgXtQ3VTbI= -gopkg.in/jcmturner/goidentity.v3 v3.0.0/go.mod h1:oG2kH0IvSYNIu80dVAyu/yoefjq1mNfM5bm88whjWx4= -gopkg.in/jcmturner/gokrb5.v7 v7.5.0 h1:a9tsXlIDD9SKxotJMK3niV7rPZAJeX2aD/0yg3qlIrg= -gopkg.in/jcmturner/gokrb5.v7 v7.5.0/go.mod h1:l8VISx+WGYp+Fp7KRbsiUuXTTOnxIc3Tuvyavf11/WM= -gopkg.in/jcmturner/rpc.v1 v1.1.0 h1:QHIUxTX1ISuAv9dD2wJ9HWQVuWDX/Zc0PfeC2tjc4rU= -gopkg.in/jcmturner/rpc.v1 v1.1.0/go.mod h1:YIdkC4XfD6GXbzje11McwsDuOlZQSb9W4vfLvuNnlv8= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=