feat(auth)!: add ResetSecurityContext to IAuthenticationClient for DFS target auth#3
Open
jahales wants to merge 1 commit into
Open
feat(auth)!: add ResetSecurityContext to IAuthenticationClient for DFS target auth#3jahales wants to merge 1 commit into
jahales wants to merge 1 commit into
Conversation
…S target auth Add ResetSecurityContext(string host) to IAuthenticationClient interface, enabling auth-client reuse when connecting to DFS target servers. - IAuthenticationClient: add ResetSecurityContext(string host) method - NTLMAuthenticationClient: implement reset (update SPN, clear handshake state) - SMB2Client: retain IAuthenticationClient after Login, clear on Logoff/Disconnect - SMB2Client: expose Transport property for target client construction BREAKING CHANGE: IAuthenticationClient now requires a ResetSecurityContext(string host) method. Existing implementations must add this method.
jahales
force-pushed
the
3-smb2-dfs-auth-infrastructure
branch
from
0c1c280 to
4c64941
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add
ResetSecurityContext(string host)toIAuthenticationClientand implement it inNTLMAuthenticationClient. This enables reusing a single auth-client instance when connecting to DFS target servers (needed by the upcomingSMB2DfsFileStore).Also retain the
IAuthenticationClientreference inSMB2Clientafter successful login (cleared on logoff/disconnect) and expose aTransportproperty for target client construction.This is PR 1 of 2 for DFS file store support. PR 2 will add
SMB2DfsFileStoreand theTreeConnect()DFS root detection, building on this foundation.Changes
IAuthenticationClient.csResetSecurityContext(string host)method (+XML doc)NTLMAuthenticationClient.csResetSecurityContext: update SPN tocifs/{host}, clear handshake stateSMB2Client.csm_authenticationClientafterLogin(), clear onLogoff()/Disconnect(), addTransportpropertyBreaking Change
IAuthenticationClientnow requires aResetSecurityContext(string host)method. Existing implementations must add this method.This is the only public interface change for the entire DFS feature — Tal proposed this approach in the PR TalAloni#326 discussion as a worthy tradeoff for integrated DFS support that works with Kerberos.
Type of Change
Testing
NTDirectoryFileSystemTests.TestCancel— requires local filesystem)m_authenticationClientis stored but not yet usedContext
specs/3-smb2-dfs-filestore/spec.md(FR-009, FR-010, FR-011, FR-012)