Merge ca7841a into f7ab115

dotnet · Jun 10, 2024 · 3697d08 · 3697d08
2 parents f7ab115 + ca7841a
commit 3697d08
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/...icrosoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs b/...icrosoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SSPI/NegotiateSSPIContextProvider.cs
@@ -14,13 +14,27 @@ internal sealed class NegotiateSSPIContextProvider : SSPIContextProvider
 
         internal override void GenerateSspiClientContext(ReadOnlyMemory<byte> received, ref byte[] sendBuff, ref uint sendLength, byte[][] _sniSpnBuffer)
         {
-            _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = Encoding.Unicode.GetString(_sniSpnBuffer[0]) });
-            sendBuff = _negotiateAuth.GetOutgoingBlob(received.Span, out NegotiateAuthenticationStatusCode statusCode)!;
-            SqlClientEventSource.Log.TryTraceEvent("TdsParserStateObjectManaged.GenerateSspiClientContext | Info | Session Id {0}, StatusCode={1}", _physicalStateObj.SessionId, statusCode);
+            NegotiateAuthenticationStatusCode statusCode = NegotiateAuthenticationStatusCode.UnknownCredentials;
+
+            for (int i = 0; i < _sniSpnBuffer.Length; i++)
+            {
+                string spnName = Encoding.Unicode.GetString(_sniSpnBuffer[i]);
+                _negotiateAuth ??= new(new NegotiateAuthenticationClientOptions { Package = "Negotiate", TargetName = spnName });
+                sendBuff = _negotiateAuth.GetOutgoingBlob(received.Span, out statusCode)!;
+                // Log session id, status code and the actual SPN used in the negotiation
+                SqlClientEventSource.Log.TryTraceEvent($"TdsParserStateObjectManaged.GenerateSspiClientContext | Info | Session Id {_physicalStateObj.SessionId}, StatusCode={statusCode}, SPN={_negotiateAuth.TargetName}");
+
+                if (statusCode == NegotiateAuthenticationStatusCode.Completed || statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded)
+                    break; // Successful case, exit the loop with current SPN.
+                else
+                    _negotiateAuth = null; // Reset _negotiateAuth to be generated again for next SPN.
+            }
+
             if (statusCode is not NegotiateAuthenticationStatusCode.Completed and not NegotiateAuthenticationStatusCode.ContinueNeeded)
             {
                 throw new InvalidOperationException(SQLMessage.SSPIGenerateError() + Environment.NewLine + statusCode);
             }
+
             sendLength = (uint)(sendBuff != null ? sendBuff.Length : 0);
         }
     }