Expose SqlAuthenticationParameters on SSPIContextProvider

twsouthwick · twsouthwick · commit 120662f88e02 · 2024-08-19T11:38:50.000-07:00
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/ManagedSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/ManagedSSPIContextProvider.cs
@@ -12,11 +12,12 @@ internal sealed class ManagedSSPIContextProvider : SSPIContextProvider
     {
         private SspiClientContextStatus? _sspiClientContextStatus;
 
-        protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] serverNames)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames)
         {
             _sspiClientContextStatus ??= new SspiClientContextStatus();
-            SNIProxy.GenSspiClientContext(_sspiClientContextStatus, incomingBlob, outgoingBlobWriter, serverNames);
+            SNIProxy.GenSspiClientContext(_sspiClientContextStatus, incomingBlob, outgoingBlobWriter, serverNames.ToArray());
             SqlClientEventSource.Log.TryTraceEvent("{0}.{1} | Info | Session Id {2}", nameof(ManagedSSPIContextProvider), nameof(GenerateSspiClientContext), _physicalStateObj.SessionId);
+            return true;
         }
     }
 }
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NativeSSPIContextProvider.cs
@@ -49,7 +49,7 @@ private void LoadSSPILibrary()
             }
         }
 
-        protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] _sniSpnBuffer)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames)
         {
 #if NETFRAMEWORK
             SNIHandle handle = _physicalStateObj.Handle;
@@ -60,7 +60,7 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
 
             var outBuff = outgoingBlobWriter.GetSpan((int)s_maxSSPILength);
 
-            if (0 != SNINativeMethodWrapper.SNISecGenClientContext(handle, incomingBlob, outBuff, out var sendLength, _sniSpnBuffer[0]))
+            if (0 != SNINativeMethodWrapper.SNISecGenClientContext(handle, incomingBlob, outBuff, out var sendLength, serverNames[0]))
             {
                 throw new InvalidOperationException(SQLMessage.SSPIGenerateError());
             }
@@ -71,6 +71,8 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
             }
 
             outgoingBlobWriter.Advance((int)sendLength);
+
+            return true;
         }
     }
 }
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
@@ -1,17 +1,17 @@
 ﻿#if NET8_0_OR_GREATER
 
 using System;
-using System.Text;
-using System.Net.Security;
 using System.Buffers;
+using System.Net.Security;
+using System.Text;
 
 #nullable enable
 
 namespace Microsoft.Data.SqlClient
 {
     internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider
     {
-        protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] serverNames)
+        protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames)
         {
             NegotiateAuthenticationStatusCode statusCode = default;
 
@@ -27,7 +27,7 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo
                 if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
                 {
                     outgoingBlobWriter.Write(result);
-                    return;
+                    return true;
                 }
             }
 
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/SSPIContextProvider.cs
@@ -26,18 +26,21 @@ private protected virtual void Initialize()
         {
         }
 
-        protected abstract void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] _sniSpnBuffer);
+        protected abstract bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames);
 
-        internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string sniSpnBuffer)
-            => SSPIData(receivedBuff, outgoingBlobWriter, new[] { sniSpnBuffer });
+        internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string serverNames)
+            => SSPIData(receivedBuff, outgoingBlobWriter, new[] { serverNames });
 
-        internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string[] sniSpnBuffer)
+        internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string[] serverNames)
         {
             using (TrySNIEventScope.Create(nameof(SSPIContextProvider)))
             {
                 try
                 {
-                    GenerateSspiClientContext(receivedBuff, outgoingBlobWriter, sniSpnBuffer);
+                    if (GenerateSspiClientContext(receivedBuff, outgoingBlobWriter, CreateSqlAuthParams(_parser.Connection, serverNames[0]), serverNames))
+                    {
+                        return;
+                    }
                 }
                 catch (Exception e)
                 {
@@ -46,6 +49,28 @@ internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outg
             }
         }
 
+        private static SqlAuthenticationParameters CreateSqlAuthParams(SqlInternalConnectionTds connection, string serverName)
+        {
+            var auth = new SqlAuthenticationParameters.Builder(
+                authenticationMethod: connection.ConnectionOptions.Authentication,
+                resource: null,
+                authority: null,
+                serverName: serverName,
+                connection.ConnectionOptions.InitialCatalog);
+
+            if (connection.ConnectionOptions.UserID is { } userId)
+            {
+                auth.WithUserId(userId);
+            }
+
+            if (connection.ConnectionOptions.Password is { } password)
+            {
+                auth.WithPassword(password);
+            }
+
+            return auth;
+        }
+
         protected void SSPIError(string error, string procedure)
         {
             Debug.Assert(!ADP.IsEmpty(procedure), "TdsParser.SSPIError called with an empty or null procedure string");

Original file line number	Diff line number	Diff line change
`@@ -12,11 +12,12 @@ internal sealed class ManagedSSPIContextProvider : SSPIContextProvider`
`12`	`12`	`{`
`13`	`13`	`private SspiClientContextStatus? _sspiClientContextStatus;`
`14`	`14`
`15`		`- protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] serverNames)`
	`15`	`+ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames)`
`16`	`16`	`{`
`17`	`17`	`_sspiClientContextStatus ??= new SspiClientContextStatus();`
`18`		`- SNIProxy.GenSspiClientContext(_sspiClientContextStatus, incomingBlob, outgoingBlobWriter, serverNames);`
	`18`	`+ SNIProxy.GenSspiClientContext(_sspiClientContextStatus, incomingBlob, outgoingBlobWriter, serverNames.ToArray());`
`19`	`19`	`SqlClientEventSource.Log.TryTraceEvent("{0}.{1} \| Info \| Session Id {2}", nameof(ManagedSSPIContextProvider), nameof(GenerateSspiClientContext), _physicalStateObj.SessionId);`
	`20`	`+ return true;`
`20`	`21`	`}`
`21`	`22`	`}`
`22`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ private void LoadSSPILibrary()`
`49`	`49`	`}`
`50`	`50`	`}`
`51`	`51`
`52`		`- protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] _sniSpnBuffer)`
	`52`	`+ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames)`
`53`	`53`	`{`
`54`	`54`	`#if NETFRAMEWORK`
`55`	`55`	`SNIHandle handle = _physicalStateObj.Handle;`
`@@ -60,7 +60,7 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo`
`60`	`60`
`61`	`61`	`var outBuff = outgoingBlobWriter.GetSpan((int)s_maxSSPILength);`
`62`	`62`
`63`		`- if (0 != SNINativeMethodWrapper.SNISecGenClientContext(handle, incomingBlob, outBuff, out var sendLength, _sniSpnBuffer[0]))`
	`63`	`+ if (0 != SNINativeMethodWrapper.SNISecGenClientContext(handle, incomingBlob, outBuff, out var sendLength, serverNames[0]))`
`64`	`64`	`{`
`65`	`65`	`throw new InvalidOperationException(SQLMessage.SSPIGenerateError());`
`66`	`66`	`}`
`@@ -71,6 +71,8 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`outgoingBlobWriter.Advance((int)sendLength);`
	`74`	`+`
	`75`	`+ return true;`
`74`	`76`	`}`
`75`	`77`	`}`
`76`	`78`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,17 +1,17 @@`
`1`	`1`	`#if NET8_0_OR_GREATER`
`2`	`2`
`3`	`3`	`using System;`
`4`		`-using System.Text;`
`5`		`-using System.Net.Security;`
`6`	`4`	`using System.Buffers;`
	`5`	`+using System.Net.Security;`
	`6`	`+using System.Text;`
`7`	`7`
`8`	`8`	`#nullable enable`
`9`	`9`
`10`	`10`	`namespace Microsoft.Data.SqlClient`
`11`	`11`	`{`
`12`	`12`	`internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider`
`13`	`13`	`{`
`14`		`- protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] serverNames)`
	`14`	`+ protected override bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames)`
`15`	`15`	`{`
`16`	`16`	`NegotiateAuthenticationStatusCode statusCode = default;`
`17`	`17`
`@@ -27,7 +27,7 @@ protected override void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlo`
`27`	`27`	`if (statusCode == NegotiateAuthenticationStatusCode.Completed \|\| statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)`
`28`	`28`	`{`
`29`	`29`	`outgoingBlobWriter.Write(result);`
`30`		`- return;`
	`30`	`+ return true;`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
Original file line number	Diff line number	Diff line change
`@@ -26,18 +26,21 @@ private protected virtual void Initialize()`
`26`	`26`	`{`
`27`	`27`	`}`
`28`	`28`
`29`		`- protected abstract void GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, string[] _sniSpnBuffer);`
	`29`	`+ protected abstract bool GenerateSspiClientContext(ReadOnlySpan<byte> incomingBlob, IBufferWriter<byte> outgoingBlobWriter, SqlAuthenticationParameters authParams, ReadOnlySpan<string> serverNames);`
`30`	`30`
`31`		`- internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string sniSpnBuffer)`
`32`		`- => SSPIData(receivedBuff, outgoingBlobWriter, new[] { sniSpnBuffer });`
	`31`	`+ internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string serverNames)`
	`32`	`+ => SSPIData(receivedBuff, outgoingBlobWriter, new[] { serverNames });`
`33`	`33`
`34`		`- internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string[] sniSpnBuffer)`
	`34`	`+ internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outgoingBlobWriter, string[] serverNames)`
`35`	`35`	`{`
`36`	`36`	`using (TrySNIEventScope.Create(nameof(SSPIContextProvider)))`
`37`	`37`	`{`
`38`	`38`	`try`
`39`	`39`	`{`
`40`		`- GenerateSspiClientContext(receivedBuff, outgoingBlobWriter, sniSpnBuffer);`
	`40`	`+ if (GenerateSspiClientContext(receivedBuff, outgoingBlobWriter, CreateSqlAuthParams(_parser.Connection, serverNames[0]), serverNames))`
	`41`	`+ {`
	`42`	`+ return;`
	`43`	`+ }`
`41`	`44`	`}`
`42`	`45`	`catch (Exception e)`
`43`	`46`	`{`
`@@ -46,6 +49,28 @@ internal void SSPIData(ReadOnlySpan<byte> receivedBuff, IBufferWriter<byte> outg`
`46`	`49`	`}`
`47`	`50`	`}`
`48`	`51`
	`52`	`+ private static SqlAuthenticationParameters CreateSqlAuthParams(SqlInternalConnectionTds connection, string serverName)`
	`53`	`+ {`
	`54`	`+ var auth = new SqlAuthenticationParameters.Builder(`
	`55`	`+ authenticationMethod: connection.ConnectionOptions.Authentication,`
	`56`	`+ resource: null,`
	`57`	`+ authority: null,`
	`58`	`+ serverName: serverName,`
	`59`	`+ connection.ConnectionOptions.InitialCatalog);`
	`60`	`+`
	`61`	`+ if (connection.ConnectionOptions.UserID is { } userId)`
	`62`	`+ {`
	`63`	`+ auth.WithUserId(userId);`
	`64`	`+ }`
	`65`	`+`
	`66`	`+ if (connection.ConnectionOptions.Password is { } password)`
	`67`	`+ {`
	`68`	`+ auth.WithPassword(password);`
	`69`	`+ }`
	`70`	`+`
	`71`	`+ return auth;`
	`72`	`+ }`
	`73`	`+`
`49`	`74`	`protected void SSPIError(string error, string procedure)`
`50`	`75`	`{`
`51`	`76`	`Debug.Assert(!ADP.IsEmpty(procedure), "TdsParser.SSPIError called with an empty or null procedure string");`