From c40e7c5af39f36284022a01d5da13432dc433fab Mon Sep 17 00:00:00 2001 From: Filip Navara Date: Sat, 26 Aug 2023 08:36:22 +0200 Subject: [PATCH] Fix implementation of NegotiateAuthentication.Wrap for Kerberos on Windows --- .../Net/NegotiateAuthenticationPal.Windows.cs | 31 ++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs index 3dcb03bfd08f74..07e8dea22baa9c 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Windows.cs @@ -421,28 +421,32 @@ public override unsafe NegotiateAuthenticationStatusCode Wrap(ReadOnlySpan Debug.Assert(success); // alloc new output buffer if not supplied or too small - int resultSize = input.Length + sizes.cbMaxSignature; + int resultSize = input.Length + sizes.cbSecurityTrailer + sizes.cbBlockSize; Span outputBuffer = outputWriter.GetSpan(resultSize); // make a copy of user data for in-place encryption - input.CopyTo(outputBuffer.Slice(sizes.cbMaxSignature, input.Length)); + input.CopyTo(outputBuffer.Slice(sizes.cbSecurityTrailer, input.Length)); isEncrypted = requestEncryption; fixed (byte* outputPtr = outputBuffer) { // Prepare buffers TOKEN(signature), DATA and Padding. - Interop.SspiCli.SecBuffer* unmanagedBuffer = stackalloc Interop.SspiCli.SecBuffer[2]; + Interop.SspiCli.SecBuffer* unmanagedBuffer = stackalloc Interop.SspiCli.SecBuffer[3]; Interop.SspiCli.SecBuffer* tokenBuffer = &unmanagedBuffer[0]; Interop.SspiCli.SecBuffer* dataBuffer = &unmanagedBuffer[1]; + Interop.SspiCli.SecBuffer* paddingBuffer = &unmanagedBuffer[2]; tokenBuffer->BufferType = SecurityBufferType.SECBUFFER_TOKEN; tokenBuffer->pvBuffer = (IntPtr)(outputPtr); - tokenBuffer->cbBuffer = sizes.cbMaxSignature; + tokenBuffer->cbBuffer = sizes.cbSecurityTrailer; dataBuffer->BufferType = SecurityBufferType.SECBUFFER_DATA; - dataBuffer->pvBuffer = (IntPtr)(outputPtr + sizes.cbMaxSignature); + dataBuffer->pvBuffer = (IntPtr)(outputPtr + sizes.cbSecurityTrailer); dataBuffer->cbBuffer = input.Length; + paddingBuffer->BufferType = SecurityBufferType.SECBUFFER_PADDING; + paddingBuffer->pvBuffer = (IntPtr)(outputPtr + sizes.cbSecurityTrailer + input.Length); + paddingBuffer->cbBuffer = sizes.cbBlockSize; - Interop.SspiCli.SecBufferDesc sdcInOut = new Interop.SspiCli.SecBufferDesc(2) + Interop.SspiCli.SecBufferDesc sdcInOut = new Interop.SspiCli.SecBufferDesc(3) { pBuffers = unmanagedBuffer }; @@ -460,7 +464,20 @@ public override unsafe NegotiateAuthenticationStatusCode Wrap(ReadOnlySpan }; } - outputWriter.Advance(tokenBuffer->cbBuffer + dataBuffer->cbBuffer); + // Compact the result + if (tokenBuffer->cbBuffer != sizes.cbSecurityTrailer) + { + outputBuffer.Slice(sizes.cbSecurityTrailer, dataBuffer->cbBuffer).CopyTo( + outputBuffer.Slice(tokenBuffer->cbBuffer, dataBuffer->cbBuffer)); + } + if (tokenBuffer->cbBuffer != sizes.cbSecurityTrailer || + paddingBuffer->cbBuffer != sizes.cbBlockSize) + { + outputBuffer.Slice(sizes.cbSecurityTrailer + input.Length, paddingBuffer->cbBuffer).CopyTo( + outputBuffer.Slice(tokenBuffer->cbBuffer + dataBuffer->cbBuffer, paddingBuffer->cbBuffer)); + } + + outputWriter.Advance(tokenBuffer->cbBuffer + dataBuffer->cbBuffer + paddingBuffer->cbBuffer); return NegotiateAuthenticationStatusCode.Completed; } }