revert

twsouthwick · twsouthwick · commit 09db0471f87d · 2024-08-19T13:19:42.000-07:00
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
@@ -11,27 +11,34 @@ namespace Microsoft.Data.SqlClient
 {
     internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider
     {
+        private NegotiateAuthentication? _negotiateAuth = null;
+
         protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, byte[][] _sniSpnBuffer)
         {
-            NegotiateAuthenticationStatusCode statusCode = default;
+            NegotiateAuthenticationStatusCode statusCode = NegotiateAuthenticationStatusCode.UnknownCredentials;
 
             for (int i = 0; i < _sniSpnBuffer.Length; i++)
             {
-                var negotiateAuth = new NegotiateAuthentication(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = Encoding.Unicode.GetString(_sniSpnBuffer[i]) });
-                var result = negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode);
-
+                _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = Encoding.Unicode.GetString(_sniSpnBuffer[i]) });
+                var sendBuff = _negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode)!;
                 // Log session id, status code and the actual SPN used in the negotiation
                 SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}, StatusCode={3}, SPN={4}", nameof(NegotiateSSPIContextProvider),
-                    nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, negotiateAuth.TargetName);
-
+                    nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, _negotiateAuth.TargetName);
                 if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
                 {
-                    outgoingBlobWriter.Write(result);
-                    return;
+                    outgoingBlobWriter.Write(sendBuff);
+                    break; // Successful case, exit the loop with current SPN.
+                }
+                else
+                {
+                    _negotiateAuth = null; // Reset _negotiateAuth to be generated again for next SPN.
                 }
             }
 
-            throw new InvalidOperationException(SQLMessage.SSPIGenerateError() + Environment.NewLine + statusCode);
+            if (statusCode is not NegotiateAuthenticationStatusCode.Completed and not NegotiateAuthenticationStatusCode.ContinueNeeded)
+            {
+                throw new InvalidOperationException(SQLMessage.SSPIGenerateError() + Environment.NewLine + statusCode);
+            }
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -11,27 +11,34 @@ namespace Microsoft.Data.SqlClient`
`11`	`11`	`{`
`12`	`12`	`internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider`
`13`	`13`	`{`
	`14`	`+ private NegotiateAuthentication? _negotiateAuth = null;`
	`15`	`+`
`14`	`16`	`protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, byte[][] _sniSpnBuffer)`
`15`	`17`	`{`
`16`		`- NegotiateAuthenticationStatusCode statusCode = default;`
	`18`	`+ NegotiateAuthenticationStatusCode statusCode = NegotiateAuthenticationStatusCode.UnknownCredentials;`
`17`	`19`
`18`	`20`	`for (int i = 0; i < _sniSpnBuffer.Length; i++)`
`19`	`21`	`{`
`20`		`- var negotiateAuth = new NegotiateAuthentication(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = Encoding.Unicode.GetString(_sniSpnBuffer[i]) });`
`21`		`- var result = negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode);`
`22`		`-`
	`22`	`+ _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = Encoding.Unicode.GetString(_sniSpnBuffer[i]) });`
	`23`	`+ var sendBuff = _negotiateAuth.GetOutgoingBlob(incomingBlob, out statusCode)!;`
`23`	`24`	`// Log session id, status code and the actual SPN used in the negotiation`
`24`	`25`	`SqlClientEventSource.Log.TryTraceEvent("{0}.{1} \| Info \| Session Id {2}, StatusCode={3}, SPN={4}", nameof(NegotiateSSPIContextProvider),`
`25`		`- nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, negotiateAuth.TargetName);`
`26`		`-`
	`26`	`+ nameof(GenerateSspiClientContext), _physicalStateObj.SessionId, statusCode, _negotiateAuth.TargetName);`
`27`	`27`	`if (statusCode == NegotiateAuthenticationStatusCode.Completed \|\| statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)`
`28`	`28`	`{`
`29`		`- outgoingBlobWriter.Write(result);`
`30`		`- return;`
	`29`	`+ outgoingBlobWriter.Write(sendBuff);`
	`30`	`+ break; // Successful case, exit the loop with current SPN.`
	`31`	`+ }`
	`32`	`+ else`
	`33`	`+ {`
	`34`	`+ _negotiateAuth = null; // Reset _negotiateAuth to be generated again for next SPN.`
`31`	`35`	`}`
`32`	`36`	`}`
`33`	`37`
`34`		`- throw new InvalidOperationException(SQLMessage.SSPIGenerateError() + Environment.NewLine + statusCode);`
	`38`	`+ if (statusCode is not NegotiateAuthenticationStatusCode.Completed and not NegotiateAuthenticationStatusCode.ContinueNeeded)`
	`39`	`+ {`
	`40`	`+ throw new InvalidOperationException(SQLMessage.SSPIGenerateError() + Environment.NewLine + statusCode);`
	`41`	`+ }`
`35`	`42`	`}`
`36`	`43`	`}`
`37`	`44`	`}`