From d742a2275669373e7c5a97695ff94cfcb464d8ce Mon Sep 17 00:00:00 2001
From: Tal Aloni <tal.aloni.il@gmail.com>
Date: Sat, 4 Mar 2017 14:59:28 +0200
Subject: [PATCH] GSS improvements, set context to null after a successfull
 call to DeleteSecurityContext

---
 SMBLibrary/Authentication/GSSAPI/GSSProvider.cs      | 12 +++++++++---
 SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs    |  4 ++--
 .../NTLM/IndependentNTLMAuthenticationProvider.cs    |  4 +++-
 .../NTLM/NTLMAuthenticationProviderBase.cs           |  2 +-
 .../Win32/IntegratedNTLMAuthenticationProvider.cs    | 12 +++++++++---
 5 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/SMBLibrary/Authentication/GSSAPI/GSSProvider.cs b/SMBLibrary/Authentication/GSSAPI/GSSProvider.cs
index 9def58e..50c7ddf 100644
--- a/SMBLibrary/Authentication/GSSAPI/GSSProvider.cs
+++ b/SMBLibrary/Authentication/GSSAPI/GSSProvider.cs
@@ -112,17 +112,23 @@ namespace SMBLibrary.Authentication.GSSAPI
             return mechanism.GetContextAttribute(context, attributeName);
         }
 
-        public void DeleteSecurityContext(ref object context)
+        public bool DeleteSecurityContext(ref object context)
         {
+            bool result = false;
             if (context != null)
             {
                 IGSSMechanism mechanism;
                 if (m_contextToMechanism.TryGetValue(context, out mechanism))
                 {
-                    mechanism.DeleteSecurityContext(ref context);
-                    m_contextToMechanism.Remove(context);
+                    object contextReference = context;
+                    result = mechanism.DeleteSecurityContext(ref context);
+                    if (result)
+                    {
+                        m_contextToMechanism.Remove(contextReference);
+                    }
                 }
             }
+            return result;
         }
 
         /// <summary>
diff --git a/SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs b/SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs
index d903272..4863208 100644
--- a/SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs
+++ b/SMBLibrary/Authentication/GSSAPI/IGSSMechanism.cs
@@ -18,12 +18,12 @@ namespace SMBLibrary.Authentication.GSSAPI
 
         /// <summary>
         /// Equivalent to GSS_Delete_sec_context
-        /// Obtains information about a given security context (even an incomplete one)
         /// </summary>
-        void DeleteSecurityContext(ref object context);
+        bool DeleteSecurityContext(ref object context);
 
         /// <summary>
         /// Equivalent to GSS_Inquire_context
+        /// Obtains information about a given security context (even an incomplete one)
         /// </summary>
         object GetContextAttribute(object context, GSSAttributeName attributeName);
 
diff --git a/SMBLibrary/Authentication/NTLM/IndependentNTLMAuthenticationProvider.cs b/SMBLibrary/Authentication/NTLM/IndependentNTLMAuthenticationProvider.cs
index d6ee49b..e505b65 100644
--- a/SMBLibrary/Authentication/NTLM/IndependentNTLMAuthenticationProvider.cs
+++ b/SMBLibrary/Authentication/NTLM/IndependentNTLMAuthenticationProvider.cs
@@ -223,8 +223,10 @@ namespace SMBLibrary.Authentication.NTLM
             }
         }
 
-        public override void DeleteSecurityContext(ref object context)
+        public override bool DeleteSecurityContext(ref object context)
         {
+            context = null;
+            return true;
         }
 
         public override object GetContextAttribute(object context, GSSAttributeName attributeName)
diff --git a/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs b/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs
index 546e2ad..59b02bb 100644
--- a/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs
+++ b/SMBLibrary/Authentication/NTLM/NTLMAuthenticationProviderBase.cs
@@ -46,7 +46,7 @@ namespace SMBLibrary.Authentication.NTLM
 
         public abstract NTStatus Authenticate(object context, AuthenticateMessage authenticateMessage);
 
-        public abstract void DeleteSecurityContext(ref object context);
+        public abstract bool DeleteSecurityContext(ref object context);
 
         public abstract object GetContextAttribute(object context, GSSAttributeName attributeName);
 
diff --git a/SMBLibrary/Win32/IntegratedNTLMAuthenticationProvider.cs b/SMBLibrary/Win32/IntegratedNTLMAuthenticationProvider.cs
index 5173124..192eb3a 100644
--- a/SMBLibrary/Win32/IntegratedNTLMAuthenticationProvider.cs
+++ b/SMBLibrary/Win32/IntegratedNTLMAuthenticationProvider.cs
@@ -125,16 +125,22 @@ namespace SMBLibrary.Win32.Security
             }
         }
 
-        public override void DeleteSecurityContext(ref object context)
+        public override bool DeleteSecurityContext(ref object context)
         {
             AuthContext authContext = context as AuthContext;
             if (authContext == null)
             {
-                return;
+                return false;
             }
 
             SecHandle handle = ((AuthContext)context).ServerContext;
-            SSPIHelper.DeleteSecurityContext(ref handle);
+            uint result = SSPIHelper.DeleteSecurityContext(ref handle);
+            bool success = (result == 0); // SEC_E_OK
+            if (success)
+            {
+                context = null;
+            }
+            return success;
         }
 
         public override object GetContextAttribute(object context, GSSAttributeName attributeName)