fix: Use expiry from negotiated context (#121)

Fixes #6
bodgit · Oct 13, 2023 · 0d4e7fc · 0d4e7fc
1 parent 7c134dd
commit 0d4e7fc
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 12 deletions.
diff --git a/gss/apcera.go b/gss/apcera.go
@@ -160,11 +160,10 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 	var (
 		input *gssapi.Buffer
 		ctx   *gssapi.CtxId
-		tkey  *dns.TKEY
 	)
 
 	for ok := true; ok; ok = c.lib.LastStatus.Major.ContinueNeeded() {
-		nctx, _, output, _, _, err := c.lib.InitSecContext(
+		nctx, _, output, _, duration, err := c.lib.InitSecContext(
 			c.lib.GSS_C_NO_CREDENTIAL,
 			ctx, // nil initially
 			service,
@@ -174,7 +173,7 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 			c.lib.GSS_C_NO_CHANNEL_BINDINGS,
 			input)
 
-		ctx = nctx
+		ctx, expiry = nctx, time.Now().UTC().Add(duration)
 
 		defer func() {
 			err = multierror.Append(err, output.Release()).ErrorOrNil()
@@ -190,7 +189,8 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 		}
 
 		//nolint:lll
-		if tkey, _, err = util.ExchangeTKEY(c.client, host, keyname, tsig.GSS, util.TkeyModeGSS, 3600, output.Bytes(), nil, "", ""); err != nil {
+		tkey, _, err := util.ExchangeTKEY(c.client, host, keyname, tsig.GSS, util.TkeyModeGSS, 3600, output.Bytes(), nil, "", "")
+		if err != nil {
 			return "", time.Time{}, multierror.Append(err, ctx.DeleteSecContext())
 		}
 
@@ -212,8 +212,6 @@ func (c *Client) NegotiateContext(host string) (keyname string, expiry time.Time
 		}()
 	}
 
-	expiry = time.Unix(int64(tkey.Expiration), 0)
-
 	c.m.Lock()
 	defer c.m.Unlock()
 

diff --git a/gss/gokrb5.go b/gss/gokrb5.go
@@ -127,14 +127,12 @@ func (c *Client) negotiateContext(host string, options []wrapper.Option[wrapper.
 		}
 	}
 
-	expiry := time.Unix(int64(tkey.Expiration), 0)
-
 	c.m.Lock()
 	defer c.m.Unlock()
 
 	c.ctx[keyname] = ctx
 
-	return keyname, expiry, nil
+	return keyname, ctx.Expiry(), nil
 }
 
 // NegotiateContext exchanges RFC 2930 TKEY records with the indicated DNS

diff --git a/gss/sspi.go b/gss/sspi.go
@@ -116,14 +116,12 @@ func (c *Client) negotiateContext(host string, creds *sspi.Credentials) (string,
 		}
 	}
 
-	expiry := time.Unix(int64(tkey.Expiration), 0)
-
 	c.m.Lock()
 	defer c.m.Unlock()
 
 	c.ctx[keyname] = ctx
 
-	return keyname, expiry, nil
+	return keyname, ctx.Expiry(), nil
 }
 
 // NegotiateContext exchanges RFC 2930 TKEY records with the indicated DNS