Fix | Fixes issue in Integrated Security auth on Windows (Managed SNI) (

#777)
dotnet · Nov 5, 2020 · 63b79e3 · 63b79e3
1 parent 30f2a4d
commit 63b79e3
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/...soft.Data.SqlClient/netcore/src/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs b/...soft.Data.SqlClient/netcore/src/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs
@@ -189,7 +189,14 @@ internal static int QueryMaxTokenSize(string package)
             // This value is not used on Unix
             return 0;
         }
-
+
+        internal static SecurityStatusPal CompleteAuthToken(
+            ref SafeDeleteContext securityContext,
+            SecurityBuffer[] inSecurityBufferArray)
+        {
+            return new SecurityStatusPal(SecurityStatusPalErrorCode.OK);
+        }
+
         internal static SafeFreeCredentials AcquireDefaultCredential(string package, bool isServer)
         {
             return AcquireCredentialsHandle(package, isServer, new NetworkCredential(string.Empty, string.Empty, string.Empty));

diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIProxy.cs b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SNI/SNIProxy.cs
@@ -20,7 +20,6 @@ internal class SNIProxy
         private const int DefaultSqlServerPort = 1433;
         private const int DefaultSqlServerDacPort = 1434;
         private const string SqlServerSpnHeader = "MSSQLSvc";
-        private const int MaxTokenSize = 0;
 
         internal class SspiClientContextResult
         {
@@ -96,7 +95,8 @@ internal void GenSspiClientContext(SspiClientContextStatus sspiClientContextStat
                 inSecurityBufferArray = Array.Empty<SecurityBuffer>();
             }
 
-            int tokenSize = MaxTokenSize;
+            int tokenSize = NegotiateStreamPal.QueryMaxTokenSize(securityPackage);
+
             SecurityBuffer outSecurityBuffer = new SecurityBuffer(tokenSize, SecurityBufferType.SECBUFFER_TOKEN);
 
             ContextFlagsPal requestedContextFlags = ContextFlagsPal.Connection
@@ -119,7 +119,7 @@ internal void GenSspiClientContext(SspiClientContextStatus sspiClientContextStat
                 statusCode.ErrorCode == SecurityStatusPalErrorCode.CompAndContinue)
             {
                 inSecurityBufferArray = new SecurityBuffer[] { outSecurityBuffer };
-                statusCode = new SecurityStatusPal(SecurityStatusPalErrorCode.OK);
+                statusCode = NegotiateStreamPal.CompleteAuthToken(ref securityContext, inSecurityBufferArray);
                 outSecurityBuffer.token = null;
             }
 
@@ -372,7 +372,7 @@ private static byte[] GetSqlServerSPN(string hostNameOrAddress, string portOrIns
         /// <returns>SNITCPHandle</returns>
         private SNITCPHandle CreateTcpHandle(DataSource details, long timerExpire, object callbackObject, bool parallel, string cachedFQDN, ref SQLDNSInfo pendingDNSInfo)
         {
-            // TCP Format: 
+            // TCP Format:
             // tcp:<host name>\<instance name>
             // tcp:<host name>,<TCP/IP port number>
 
@@ -474,7 +474,7 @@ internal SNIError GetLastError()
         }
 
         /// <summary>
-        /// Gets the Local db Named pipe data source if the input is a localDB server. 
+        /// Gets the Local db Named pipe data source if the input is a localDB server.
         /// </summary>
         /// <param name="fullServerName">The data source</param>
         /// <param name="error">Set true when an error occurred while getting LocalDB up</param>
@@ -529,7 +529,7 @@ internal enum Protocol { TCP, NP, None, Admin };
         internal Protocol _connectionProtocol = Protocol.None;
 
         /// <summary>
-        /// Provides the HostName of the server to connect to for TCP protocol. 
+        /// Provides the HostName of the server to connect to for TCP protocol.
         /// This information is also used for finding the SPN of SqlServer
         /// </summary>
         internal string ServerName { get; private set; }
@@ -733,7 +733,7 @@ private bool InferConnectionDetails()
             // Instance Name Handling. Only if we found a '\' and we did not find a port in the Data Source
             else if (backSlashIndex > -1)
             {
-                // This means that there will not be any part separated by comma. 
+                // This means that there will not be any part separated by comma.
                 InstanceName = tokensByCommaAndSlash[1].Trim();
 
                 if (string.IsNullOrWhiteSpace(InstanceName))
@@ -781,7 +781,7 @@ private bool InferNamedPipesInformation()
                     string[] tokensByBackSlash = _dataSourceAfterTrimmingProtocol.Split(BackSlashCharacter);
 
                     // The datasource is of the format \\host\pipe\sql\query [0]\[1]\[2]\[3]\[4]\[5]
-                    // It would at least have 6 parts. 
+                    // It would at least have 6 parts.
                     // Another valid Sql named pipe for an named instance is \\.\pipe\MSSQL$MYINSTANCE\sql\query
                     if (tokensByBackSlash.Length < 6)
                     {