Added OwnsCredentials property to manage the scope of credentials.

tyranid · tyranid · commit 8b0773618b1f · 2021-11-18T10:49:49.000-08:00
diff --git a/NtApiDotNet/Win32/Rpc/Transport/RpcTransportSecurity.cs b/NtApiDotNet/Win32/Rpc/Transport/RpcTransportSecurity.cs
@@ -203,12 +203,9 @@ internal IClientAuthenticationContext CreateClientContext()
                     throw new ArgumentException($"Unsupported authentication level {AuthenticationLevel}");
             }
 
-            using (var creds = CredentialHandle.Create(GetAuthPackageName(),
-                    SecPkgCredFlags.Outbound, Credentials))
-            {
-                return new ClientAuthenticationContext(creds, GetContextRequestFlags(),
-                    ServicePrincipalName, SecDataRep.Native);
-            }
+            return new ClientAuthenticationContext(CredentialHandle.Create(GetAuthPackageName(),
+                SecPkgCredFlags.Outbound, Credentials), GetContextRequestFlags(),
+                    ServicePrincipalName, SecDataRep.Native) { OwnsCredentials = true };
         }
         #endregion
     }
diff --git a/NtApiDotNet/Win32/Security/Authentication/ClientAuthenticationContext.cs b/NtApiDotNet/Win32/Security/Authentication/ClientAuthenticationContext.cs
@@ -67,6 +67,10 @@ private void Dispose(bool _)
                 SecurityNativeMethods.DeleteSecurityContext(_context);
                 _context = null;
             }
+            if (OwnsCredentials)
+            {
+                _creds?.Dispose();
+            }
         }
         #endregion
 
@@ -185,6 +189,12 @@ private void Dispose(bool _)
         /// </summary>
         public bool IsLoopback => SecurityContextUtils.GetIsLoopback(Context);
 
+        /// <summary>
+        /// Get or set whether the context owns the credentials object or not. If true
+        /// then the credentials are disposed with the context.
+        /// </summary>
+        public bool OwnsCredentials { get; set; }
+
         #endregion
 
         #region Constructors
diff --git a/NtApiDotNet/Win32/Security/Authentication/ServerAuthenticationContext.cs b/NtApiDotNet/Win32/Security/Authentication/ServerAuthenticationContext.cs
@@ -59,13 +59,16 @@ private SecStatusCode CallAccept(List<SecurityBuffer> input_buffers, List<Securi
             return result;
         }
 
-
         private void Dispose(bool _)
         {
             if (_context != null)
             {
                 SecurityNativeMethods.DeleteSecurityContext(_context);
             }
+            if (OwnsCredentials)
+            {
+                _creds?.Dispose();
+            }
         }
 
         private string GetTargetName()
@@ -196,6 +199,12 @@ private string GetTargetName()
         /// </summary>
         public bool IsLoopback => SecurityContextUtils.GetIsLoopback(Context);
 
+        /// <summary>
+        /// Get or set whether the context owns the credentials object or not. If true
+        /// then the credentials are disposed with the context.
+        /// </summary>
+        public bool OwnsCredentials { get; set; }
+
         #endregion
 
         #region Public Methods

Original file line number	Diff line number	Diff line change
`@@ -203,12 +203,9 @@ internal IClientAuthenticationContext CreateClientContext()`
`203`	`203`	`throw new ArgumentException($"Unsupported authentication level {AuthenticationLevel}");`
`204`	`204`	`}`
`205`	`205`
`206`		`- using (var creds = CredentialHandle.Create(GetAuthPackageName(),`
`207`		`- SecPkgCredFlags.Outbound, Credentials))`
`208`		`- {`
`209`		`- return new ClientAuthenticationContext(creds, GetContextRequestFlags(),`
`210`		`- ServicePrincipalName, SecDataRep.Native);`
`211`		`- }`
	`206`	`+ return new ClientAuthenticationContext(CredentialHandle.Create(GetAuthPackageName(),`
	`207`	`+ SecPkgCredFlags.Outbound, Credentials), GetContextRequestFlags(),`
	`208`	`+ ServicePrincipalName, SecDataRep.Native) { OwnsCredentials = true };`
`212`	`209`	`}`
`213`	`210`	`#endregion`
`214`	`211`	`}`
Original file line number	Diff line number	Diff line change
`@@ -59,13 +59,16 @@ private SecStatusCode CallAccept(List<SecurityBuffer> input_buffers, List<Securi`
`59`	`59`	`return result;`
`60`	`60`	`}`
`61`	`61`
`62`		`-`
`63`	`62`	`private void Dispose(bool _)`
`64`	`63`	`{`
`65`	`64`	`if (_context != null)`
`66`	`65`	`{`
`67`	`66`	`SecurityNativeMethods.DeleteSecurityContext(_context);`
`68`	`67`	`}`
	`68`	`+ if (OwnsCredentials)`
	`69`	`+ {`
	`70`	`+ _creds?.Dispose();`
	`71`	`+ }`
`69`	`72`	`}`
`70`	`73`
`71`	`74`	`private string GetTargetName()`
`@@ -196,6 +199,12 @@ private string GetTargetName()`
`196`	`199`	`/// </summary>`
`197`	`200`	`public bool IsLoopback => SecurityContextUtils.GetIsLoopback(Context);`
`198`	`201`
	`202`	`+ /// <summary>`
	`203`	`+ /// Get or set whether the context owns the credentials object or not. If true`
	`204`	`+ /// then the credentials are disposed with the context.`
	`205`	`+ /// </summary>`
	`206`	`+ public bool OwnsCredentials { get; set; }`
	`207`	`+`
`199`	`208`	`#endregion`
`200`	`209`
`201`	`210`	`#region Public Methods`