Fix a possible timeout with gss/sspi auth (#5028)

vonzshik · web-flow · commit ae3309f259db · 2023-04-07T13:36:06.000Z
Fixes #4888
diff --git a/src/Npgsql/Internal/NpgsqlConnector.Auth.cs b/src/Npgsql/Internal/NpgsqlConnector.Auth.cs
@@ -300,13 +300,15 @@ async Task AuthenticateGSS(bool async)
             var response = ExpectAny<AuthenticationRequestMessage>(await ReadMessage(async), this);
             if (response.AuthRequestType == AuthenticationRequestType.AuthenticationOk)
                 break;
-            var gssMsg = response as AuthenticationGSSContinueMessage;
-            if (gssMsg == null)
+            if (response is not AuthenticationGSSContinueMessage gssMsg)
                 throw new NpgsqlException($"Received unexpected authentication request message {response.AuthRequestType}");
             data = authContext.GetOutgoingBlob(gssMsg.AuthenticationData.AsSpan(), out statusCode)!;
-            if (statusCode == NegotiateAuthenticationStatusCode.Completed)
+            if (statusCode is not NegotiateAuthenticationStatusCode.Completed and not NegotiateAuthenticationStatusCode.ContinueNeeded)
+                throw new NpgsqlException($"Error while authenticating GSS/SSPI: {statusCode}");
+            // We might get NegotiateAuthenticationStatusCode.Completed but the data will not be null
+            // This can happen if it's the first cycle, in which case we have to send that data to complete handshake (#4888)
+            if (data is null)
                 continue;
-            Debug.Assert(statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded);
             await WritePassword(data, 0, data.Length, async, UserCancellationToken);
             await Flush(async, UserCancellationToken);
         }
