Skip to content

Commit

Permalink
Restructure NegotiateAuthentication implementation (#87930)
Browse files Browse the repository at this point in the history
* Change NegotiateAuthentication implementation to use indirection through NegotiateAuthenticationPal to the actual implementation.

The PAL implementation are merged from different sources to follow the same structure:
- NTAuthentication.Managed.cs -> NegotiateAuthenticationPal.Managed.cs
- NTAuthentication.Common.cs + NegotiateStreamPal.Windows.cs -> NegotiateAuthenticationPal.Windows.cs
- NTAuthentication.Common.cs + NegotiateStreamPal.Unix.cs -> NegotiateAuthenticationPal.Unix.cs

This split allows to delete ContextFlagsPal, SafeDeleteNegoContext, and SafeFreeNegoCredentials abstractions that were used in NegotiateStreamPal.

* Unify impersonation level validation between Windows and Unix pllatforms

* Split managed NTLM and managed SPNEGO implementations; add UseManagedNtlm switch on Unix platforms

* Remove debug cruft

* Fix couple of errors in managed SPNEGO

* Remove debug print

* Fix message sequence in managed NTLM; remove unused method

* Fix fallbacks on macOS GSSAPI

* Cleanup and fallbacks for missing NTLM, GSSAPI

* Adjust tests to assume that NTLM is always available on Unix

* Don't claim NTLM support on Browser

* Revert "Don't claim NTLM support on Browser"

This reverts commit 87d0c56.

* Attempt to fix the browser tests

* Revert "Attempt to fix the browser tests"

This reverts commit 91d7ce2.

* Browser test suppression

* Respect UseManagedNtlm=false on platforms without NTLM GSSAPI provider

* Update src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs

* Revert all the fallback code paths, System.Net.Security.UseManagedNtlm has to be enabled explicitly; NativeAOT on Linux Bionic does that by default because it doesn't have GSSAPI and native shim
  • Loading branch information
filipnavara committed Jul 18, 2023
1 parent f1d6099 commit f7ad726
Show file tree
Hide file tree
Showing 25 changed files with 3,006 additions and 3,307 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,9 @@ The .NET Foundation licenses this file to you under the MIT license.
<IlcArg Include="--feature:System.Linq.Expressions.CanEmitObjectArrayDelegate=false" />
<IlcArg Include="--feature:System.Linq.Expressions.CanCreateArbitraryDelegates=false" />

<!-- Linux Bionic doesn't ship GSSAPI, so enable managed implementation -->
<IlcArg Condition="'$(_linuxLibcFlavor)' == 'bionic'" Include="--feature:System.Net.Security.UseManagedNtlm=true" />

<!-- The managed debugging support in libraries is unused - trim it -->
<IlcArg Condition="'$(IlcKeepManagedDebuggerSupport)' != 'true'" Include="--feature:System.Diagnostics.Debugger.IsSupported=false" />
<IlcArg Condition="'$(UseWindowsThreadPool)' != '' and '$(_targetOS)' == 'win'" Include="--feature:System.Threading.ThreadPool.UseWindowsThreadPool=$(UseWindowsThreadPool)" />
Expand Down

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ internal static async Task HandleAuthenticationRequestWithFakeServer(LoopbackSer
[ConditionalTheory(nameof(IsNtlmAvailable))]
[InlineData(true)]
[InlineData(false)]
[SkipOnPlatform(TestPlatforms.Browser, "Credentials and HttpListener is not supported on Browser")]
public async Task DefaultHandler_FakeServer_Success(bool useNtlm)
{
await LoopbackServer.CreateClientAndServerAsync(
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<linker>
<assembly fullname="System.Net.Security">
<type fullname="System.Net.NegotiateAuthenticationPal">
<method signature="System.Boolean get_UseManagedNtlm()" feature="System.Net.Security.UseManagedNtlm" featurevalue="false" body="stub" value="false" />
</type>
</assembly>
</linker>
30 changes: 12 additions & 18 deletions src/libraries/System.Net.Security/src/System.Net.Security.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
<DefineConstants Condition="'$(UseAndroidCrypto)' == 'true' or '$(UseAppleCrypto)' == 'true'">$(DefineConstants);SYSNETSECURITY_NO_OPENSSL</DefineConstants>
<GenAPIExcludeApiList>ReferenceAssemblyExclusions.txt</GenAPIExcludeApiList>
</PropertyGroup>
<Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" Condition="'$(UseManagedNtlm)' == 'true'" />
<Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" Condition="'$(TargetPlatformIdentifier)' != '' and '$(TargetPlatformIdentifier)' != 'windows'" />
<ItemGroup>
<Compile Include="System\Security\Authentication\ExtendedProtection\ExtendedProtectionPolicy.cs" />
<Compile Include="System\Security\Authentication\ExtendedProtection\ServiceNameCollection.cs" />
Expand All @@ -29,6 +29,8 @@
</ItemGroup>
<ItemGroup Condition="'$(TargetPlatformIdentifier)' != ''">
<Compile Include="System\Net\CertificateValidationPal.cs" />
<Compile Include="System\Net\NegotiateAuthenticationPal.cs" />
<Compile Include="System\Net\NegotiateAuthenticationPal.Unsupported.cs" />
<Compile Include="System\Net\SslStreamContext.cs" />
<Compile Include="System\Net\Security\AuthenticatedStream.cs" />
<Compile Include="System\Security\Authentication\AuthenticationException.cs" />
Expand Down Expand Up @@ -57,9 +59,7 @@
<Compile Include="System\Net\Security\TlsAlertType.cs" />
<Compile Include="System\Net\Security\TlsFrameHelper.cs" />
<!-- NegotiateStream -->
<Compile Include="System\Net\ContextFlagsPal.cs" />
<Compile Include="System\Net\SecurityStatusPal.cs" />
<Compile Include="System\Net\NTAuthentication.cs" />
<Compile Include="System\Net\StreamFramer.cs" />
<Compile Include="System\Net\Security\NegotiateStream.cs" />
<Compile Include="System\Security\Authentication\ExtendedProtection\PolicyEnforcement.cs" />
Expand Down Expand Up @@ -107,8 +107,6 @@
Link="Common\System\Net\Security\SSPIHandleCache.cs" />
<Compile Include="$(CommonPath)System\Net\NegotiationInfoClass.cs"
Link="Common\System\Net\NegotiationInfoClass.cs" />
<Compile Include="System\Net\NTAuthentication.Common.cs"
Condition="'$(UseManagedNtlm)' != 'true'" />
<Compile Include="$(CommonPath)System\HexConverter.cs"
Link="Common\System\HexConverter.cs" />
<Compile Include="$(CommonPath)Interop\Windows\SChannel\Interop.SECURITY_STATUS.cs"
Expand Down Expand Up @@ -155,8 +153,8 @@
</ItemGroup>
<ItemGroup Condition="'$(TargetPlatformIdentifier)' == 'windows'">
<Compile Include="System\Net\CertificateValidationPal.Windows.cs" />
<Compile Include="System\Net\NegotiateAuthenticationPal.Windows.cs" />
<Compile Include="System\Net\Security\CipherSuitesPolicyPal.Windows.cs" />
<Compile Include="System\Net\Security\NegotiateStreamPal.Windows.cs" />
<Compile Include="System\Net\Security\SslStreamCertificateContext.Windows.cs" />
<Compile Include="System\Net\Security\SslStreamPal.Windows.cs" />
<Compile Include="System\Net\Security\SslConnectionInfo.Windows.cs" />
Expand All @@ -171,7 +169,6 @@
Link="Common\System\Net\Security\SecurityBufferType.Windows.cs" />
<!-- NegotiateStream -->
<Compile Include="System\Net\SecurityStatusAdapterPal.Windows.cs" />
<Compile Include="System\Net\ContextFlagsAdapterPal.Windows.cs" />
<Compile Include="$(CommonPath)System\Net\Security\SecurityContextTokenHandle.cs"
Link="Common\System\Net\Security\SecurityContextTokenHandle.cs" />
<!-- Interop -->
Expand Down Expand Up @@ -287,13 +284,10 @@
<Compile Include="System\Net\Security\Pal.Managed\SafeChannelBindingHandle.cs" />
</ItemGroup>
<ItemGroup Condition="'$(TargetPlatformIdentifier)' != '' and '$(TargetPlatformIdentifier)' != 'windows' and '$(UseManagedNtlm)' != 'true'">
<ILLinkSubstitutionsXmls Include="$(ILLinkDirectory)ILLink.Substitutions.xml" />
<Compile Include="System\Net\NegotiateAuthenticationPal.Unix.cs" />
<Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\GssSafeHandles.cs"
Link="Common\Microsoft\Win32\SafeHandles\GssSafeHandles.cs" />
<Compile Include="$(CommonPath)System\Net\Security\Unix\SafeDeleteNegoContext.cs"
Link="Common\System\Net\Security\Unix\SafeDeleteNegoContext.cs" />
<Compile Include="$(CommonPath)System\Net\Security\Unix\SafeFreeNegoCredentials.cs"
Link="Common\System\Net\Security\Unix\SafeFreeNegoCredentials.cs" />
<Compile Include="System\Net\ContextFlagsAdapterPal.Unix.cs" />
<Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.Initialization.cs"
Link="Common\Interop\Unix\System.Net.Security.Native\Interop.Initialization.cs" />
<Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.GssApiException.cs"
Expand All @@ -304,11 +298,13 @@
Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.cs" />
<Compile Include="$(CommonPath)Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs"
Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.IsNtlmInstalled.cs" />
<Compile Include="System\Net\Security\NegotiateStreamPal.Unix.cs" />
</ItemGroup>
<ItemGroup Condition="'$(UseManagedNtlm)' == 'true'">
<Compile Include="System\Net\Security\NegotiateStreamPal.Managed.cs" />
<Compile Include="System\Net\NTAuthentication.Managed.cs" />
<Compile Include="System\Net\NegotiateAuthenticationPal.Managed.cs" />
</ItemGroup>
<ItemGroup Condition="'$(TargetPlatformIdentifier)' != '' and '$(TargetPlatformIdentifier)' != 'windows'">
<Compile Include="System\Net\NegotiateAuthenticationPal.ManagedNtlm.cs" />
<Compile Include="System\Net\NegotiateAuthenticationPal.ManagedSpnego.cs" />
<Compile Include="$(CommonPath)System\Net\Security\MD4.cs"
Link="Common\System\Net\Security\MD4.cs" />
<Compile Include="$(CommonPath)System\Net\Security\RC4.cs"
Expand Down Expand Up @@ -455,9 +451,7 @@
<ItemGroup Condition="'$(TargetPlatformIdentifier)' != '' and '$(TargetPlatformIdentifier)' != 'windows'">
<Reference Include="System.Diagnostics.StackTrace" />
<Reference Include="System.Security.Cryptography" />
</ItemGroup>
<ItemGroup Condition="'$(UseManagedNtlm)' == 'true'">
<ProjectReference Include="$(LibrariesProjectRoot)System.Formats.Asn1\src\System.Formats.Asn1.csproj" />
<Reference Include="System.Runtime.Numerics" />
<ProjectReference Include="$(LibrariesProjectRoot)System.Formats.Asn1\src\System.Formats.Asn1.csproj" />
</ItemGroup>
</Project>

0 comments on commit f7ad726

Please sign in to comment.