fix: Use expiry from negotiated context (#121)

bodgit · web-flow · commit 0d4e7fc34569 · 2023-10-14T00:37:02.000+01:00
Fixes #6
diff --git a/gss/apcera.go b/gss/apcera.go
@@ -160,11 +160,10 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 	var (
 		input *gssapi.Buffer
 		ctx   *gssapi.CtxId
-		tkey  *dns.TKEY
 	)
 
 	for ok := true; ok; ok = c.lib.LastStatus.Major.ContinueNeeded() {
-		nctx, _, output, _, _, err := c.lib.InitSecContext(
+		nctx, _, output, _, duration, err := c.lib.InitSecContext(
 			c.lib.GSS_C_NO_CREDENTIAL,
 			ctx, // nil initially
 			service,
@@ -174,7 +173,7 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 			c.lib.GSS_C_NO_CHANNEL_BINDINGS,
 			input)
 
-		ctx = nctx
+		ctx, expiry = nctx, time.Now().UTC().Add(duration)
 
 		defer func() {
 			err = multierror.Append(err, output.Release()).ErrorOrNil()
@@ -190,7 +189,8 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 		}
 
 		//nolint:lll
-		if tkey, _, err = util.ExchangeTKEY(c.client, host, keyname, tsig.GSS, util.TkeyModeGSS, 3600, output.Bytes(), nil, "", ""); err != nil {
+		tkey, _, err := util.ExchangeTKEY(c.client, host, keyname, tsig.GSS, util.TkeyModeGSS, 3600, output.Bytes(), nil, "", "")
+		if err != nil {
 			return "", time.Time{}, multierror.Append(err, ctx.DeleteSecContext())
 		}
 
@@ -212,8 +212,6 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 		}()
 	}
 
-	expiry = time.Unix(int64(tkey.Expiration), 0)
-
 	c.m.Lock()
 	defer c.m.Unlock()
 
diff --git a/gss/gokrb5.go b/gss/gokrb5.go
@@ -127,14 +127,12 @@ func (c *Client) negotiateContext(host string, options []wrapper.Option[wrapper.
 		}
 	}
 
-	expiry := time.Unix(int64(tkey.Expiration), 0)
-
 	c.m.Lock()
 	defer c.m.Unlock()
 
 	c.ctx[keyname] = ctx
 
-	return keyname, expiry, nil
+	return keyname, ctx.Expiry(), nil
 }
 
 // NegotiateContext exchanges RFC 2930 TKEY records with the indicated DNS
diff --git a/gss/sspi.go b/gss/sspi.go
@@ -116,14 +116,12 @@ func (c *Client) negotiateContext(host string, creds *sspi.Credentials) (string,
 		}
 	}
 
-	expiry := time.Unix(int64(tkey.Expiration), 0)
-
 	c.m.Lock()
 	defer c.m.Unlock()
 
 	c.ctx[keyname] = ctx
 
-	return keyname, expiry, nil
+	return keyname, ctx.Expiry(), nil
 }
 
 // NegotiateContext exchanges RFC 2930 TKEY records with the indicated DNS

Original file line number	Diff line number	Diff line change
`@@ -127,14 +127,12 @@ func (c *Client) negotiateContext(host string, options []wrapper.Option[wrapper.`
`127`	`127`	`}`
`128`	`128`	`}`
`129`	`129`
`130`		`- expiry := time.Unix(int64(tkey.Expiration), 0)`
`131`		`-`
`132`	`130`	`c.m.Lock()`
`133`	`131`	`defer c.m.Unlock()`
`134`	`132`
`135`	`133`	`c.ctx[keyname] = ctx`
`136`	`134`
`137`		`- return keyname, expiry, nil`
	`135`	`+ return keyname, ctx.Expiry(), nil`
`138`	`136`	`}`
`139`	`137`
`140`	`138`	`// NegotiateContext exchanges RFC 2930 TKEY records with the indicated DNS`
Original file line number	Diff line number	Diff line change
`@@ -116,14 +116,12 @@ func (c Client) negotiateContext(host string, creds sspi.Credentials) (string,`
`116`	`116`	`}`
`117`	`117`	`}`
`118`	`118`
`119`		`- expiry := time.Unix(int64(tkey.Expiration), 0)`
`120`		`-`
`121`	`119`	`c.m.Lock()`
`122`	`120`	`defer c.m.Unlock()`
`123`	`121`
`124`	`122`	`c.ctx[keyname] = ctx`
`125`	`123`
`126`		`- return keyname, expiry, nil`
	`124`	`+ return keyname, ctx.Expiry(), nil`
`127`	`125`	`}`
`128`	`126`
`129`	`127`	`// NegotiateContext exchanges RFC 2930 TKEY records with the indicated DNS`