Fix Negotiate/SPNEGO Kerberos to NTLM fallback on Linux (dotnet/corefx#35383)
This PR adds support to our Linux gssapi layer so that we properly handle the Negotiate
protocol (SPNEGO) being able to to fall back from Kerberos to NTLM.
Windows Negotiate SSPI implements the SPNEGO protocol. However, it has built-in error
handling for dealing with quick fallback from Kerberos to NTLM in error cases such as where
the client is not on a domain/Kerberos realm, the client is using a local credential, the
client is talking to a non-domain server, etc.
However, the Linux implementation of SPNEGO doesn't handle those error cases very well.
So, I added the proper retry logic when generating the initial context token. Now, we will
be able to fall back from SPNEGO-wrapped Kerberos to SPNEGO-wrapped NTLM protocol blobs.
A similar bug exists in libcurl which is why Curl and CurlHandler are unable to connect to
Negotiate servers when not part of the Kerberos realm. I am considering proposing my fixes
to the libcurl repo as well.
I added more tests to support this PR and did manual testing. I added some additional
EventSource tracing as well.
Contributes to dotnet/corefx#34878
Commit migrated from https://github.com/dotnet/corefx/commit/
1fd3ba126538c2fed76d2279db26dc7ba5ceed41