Merge pull request #412 from dotnet/bugfix/deleg-client

Allow caller to pass client to authenticator

Author: SteveSyfuhs

Kerberos.NET/Client/KerberosClient.cs

@@ -259,6 +259,30 @@ public string UserPrincipalName
             }
         }
 
+        /// <summary>
+        /// Create a new Kerberos client based on the configuration of an existing client or create a new one from scratch.
+        /// </summary>
+        /// <param name="delegationClient">The client to copy from</param>
+        /// <param name="config">The config to pass in if the client is null</param>
+        /// <param name="logger">The logger to use for the new client</param>
+        /// <returns></returns>
+        internal static KerberosClient CopyOrCreate(KerberosClient delegationClient, Krb5Config config, ILoggerFactory logger)
+        {
+            if (delegationClient == null)
+            {
+                return new KerberosClient(config, logger) { CacheInMemory = true };
+            }
+
+            return new KerberosClient(
+                delegationClient.Configuration ?? config,
+                delegationClient.loggerFactory ?? logger,
+                delegationClient.Transports.ToArray()
+            )
+            {
+                CacheInMemory = true
+            };
+        }
+
         /// <summary>
         /// Reset any connection state that may be cached from previous attempts.
         /// </summary>

Kerberos.NET/KerberosAuthenticator.cs

@@ -9,6 +9,7 @@
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
+using Kerberos.NET.Client;
 using Kerberos.NET.Configuration;
 using Kerberos.NET.Crypto;
 using Kerberos.NET.Entities;
@@ -27,17 +28,21 @@ public class KerberosAuthenticator
 
         public UserNameFormat UserNameFormat { get; set; } = UserNameFormat.UserPrincipalName;
 
-        public KerberosAuthenticator(string upn, KeyTable keytab, Krb5Config config, ILoggerFactory logger = null)
+        public KerberosAuthenticator(string upn, KeyTable keytab, KerberosClient delegationClient, ILoggerFactory logger = null)
             : this(new KerberosValidator(keytab, logger))
         {
             if (!string.IsNullOrWhiteSpace(upn))
             {
-                this.s4uProvider = new S4UProviderFactory(upn, keytab, config, logger);
+                this.s4uProvider = new S4UProviderFactory(upn, keytab, delegationClient, delegationClient?.Configuration, logger);
             }
         }
 
+        public KerberosAuthenticator(string upn, KeyTable keytab, Krb5Config config = null, ILoggerFactory logger = null)
+            : this(upn, keytab, new KerberosClient(config, logger) { CacheInMemory = true }, logger)
+        { }
+
         public KerberosAuthenticator(KeyTable keytab, ILoggerFactory logger = null)
-            : this(null, keytab, null, logger)
+            : this(null, keytab, (Krb5Config)null, logger)
         {
 
         }

Kerberos.NET/S4UProviderFactory.cs

@@ -16,9 +16,9 @@ internal class S4UProviderFactory : IS4UProviderFactory
         private readonly KerberosClient client;
         private readonly KerberosCredential credential;
 
-        public S4UProviderFactory(string upn, KeyTable keytab, Krb5Config config = null, ILoggerFactory logger = null)
+        public S4UProviderFactory(string upn, KeyTable keytab, KerberosClient delegationClient, Krb5Config config = null, ILoggerFactory logger = null)
         {
-            this.client = new KerberosClient(config, logger) { CacheInMemory = true };
+            this.client = KerberosClient.CopyOrCreate(delegationClient, config, logger);
             this.credential = new KeytabCredential(upn, keytab);
         }