Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mono to SQL Server using integrated security no longer works on iOS #9028

Closed
MathieuMorrissette opened this issue Jun 5, 2018 · 9 comments

Comments

@MathieuMorrissette
Copy link

commented Jun 5, 2018

We used to be able to connect to an SQL Server using integrated security by specifying the username and password in the connection string. It is no longer working on mono 5.10.0

I know there are no security benefits to use integrated security on a Unix platform as it is supposed to be password-less but some of my app users were using this feature and are now left unable to connect to their SQL server. Has the support been dropped?

Steps to Reproduce

  1. Connect to an SQL Server using the code sample below.
using (var connection = new SqlConnection("data source=<host>\\<instance>;User ID=<domain>\\<user>; Password=<password>;database=<database>;Integrated Security=SSPI;"))
{
    connection.Open();
}

Current Behavior

Throws an Exception.

Expected Behavior

Connects just like with Mono 5.8.1 or maybe its just not supported anymore?

On which platforms did you notice this

iOS, (macOS, android) also have the same issue.

Version Used:
Mono 5.10.1.57 (2017-12/ea8a24b1bbf)

Stacktrace

Specified method is not supported.
  at Microsoft.Win32.SafeHandles.SafeGssNameHandle.CreatePrincipal (System.String name) <0x103ce280c + 0x00030> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Net.Security.SafeDeleteNegoContext..ctor (System.Net.Security.SafeFreeNegoCredentials credential, System.String targetName) <0x103b9cd84 + 0x0005c> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Net.Security.NegotiateStreamPal.EstablishSecurityContext (System.Net.Security.SafeFreeNegoCredentials credential, System.Net.Security.SafeDeleteContext& context, System.String targetName, System.Net.ContextFlagsPal inFlags, System.Net.Security.SecurityBuffer inputBuffer, System.Net.Security.SecurityBuffer outputBuffer, System.Net.ContextFlagsPal& outFlags) <0x103b9c534 + 0x0007f> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Net.Security.NegotiateStreamPal.InitializeSecurityContext (System.Net.Security.SafeFreeCredentials credentialsHandle, System.Net.Security.SafeDeleteContext& securityContext, System.String spn, System.Net.ContextFlagsPal requestedContextFlags, System.Net.Security.SecurityBuffer[] inSecurityBufferArray, System.Net.Security.SecurityBuffer outSecurityBuffer, System.Net.ContextFlagsPal& contextFlags) <0x103b9c7f8 + 0x00093> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.SNI.SNIProxy.GenSspiClientContext (System.Data.SqlClient.SNI.SspiClientContextStatus sspiClientContextStatus, System.Byte[] receivedBuff, System.Byte[]& sendBuff, System.Byte[] serverName) <0x103c6b7e8 + 0x00157> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.SNI.TdsParserStateObjectManaged.GenerateSspiClientContext (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength, System.Byte[] _sniSpnBuffer) <0x103c6f504 + 0x00043> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.TdsParser.SNISSPIData (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength) <0x103c5827c + 0x00027> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
Specified method is not supported.
  at Microsoft.Win32.SafeHandles.SafeGssNameHandle.CreatePrincipal (System.String name) <0x103ce280c + 0x00030> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Net.Security.SafeDeleteNegoContext..ctor (System.Net.Security.SafeFreeNegoCredentials credential, System.String targetName) <0x103b9cd84 + 0x0005c> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Net.Security.NegotiateStreamPal.EstablishSecurityContext (System.Net.Security.SafeFreeNegoCredentials credential, System.Net.Security.SafeDeleteContext& context, System.String targetName, System.Net.ContextFlagsPal inFlags, System.Net.Security.SecurityBuffer inputBuffer, System.Net.Security.SecurityBuffer outputBuffer, System.Net.ContextFlagsPal& outFlags) <0x103b9c534 + 0x0007f> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Net.Security.NegotiateStreamPal.InitializeSecurityContext (System.Net.Security.SafeFreeCredentials credentialsHandle, System.Net.Security.SafeDeleteContext& securityContext, System.String spn, System.Net.ContextFlagsPal requestedContextFlags, System.Net.Security.SecurityBuffer[] inSecurityBufferArray, System.Net.Security.SecurityBuffer outSecurityBuffer, System.Net.ContextFlagsPal& contextFlags) <0x103b9c7f8 + 0x00093> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.SNI.SNIProxy.GenSspiClientContext (System.Data.SqlClient.SNI.SspiClientContextStatus sspiClientContextStatus, System.Byte[] receivedBuff, System.Byte[]& sendBuff, System.Byte[] serverName) <0x103c6b7e8 + 0x00157> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.SNI.TdsParserStateObjectManaged.GenerateSspiClientContext (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength, System.Byte[] _sniSpnBuffer) <0x103c6f504 + 0x00043> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.TdsParser.SNISSPIData (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength) <0x103c5827c + 0x00027> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0  -  at System.Data.ProviderBase.DbConnectionPool.TryGetConnection (System.Data.Common.DbConnection owningObject, System.UInt32 waitForMultipleObjectsTimeout, System.Boolean allowCreate, System.Boolean onlyOneCheckConnection, System.Data.Common.DbConnectionOptions userOptions, System.Data.ProviderBase.DbConnectionInternal& connection) <0x103b3a460 + 0x001fc> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.ProviderBase.DbConnectionPool.TryGetConnection (System.Data.Common.DbConnection owningObject, System.Threading.Tasks.TaskCompletionSource`1[TResult] retry, System.Data.Common.DbConnectionOptions userOptions, System.Data.ProviderBase.DbConnectionInternal& connection) <0x103c86f0c + 0x00083> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection (System.Data.Common.DbConnection owningConnection, System.Threading.Tasks.TaskCompletionSource`1[TResult] retry, System.Data.Common.DbConnectionOptions userOptions, System.Data.ProviderBase.DbConnectionInternal oldConnection, System.Data.ProviderBase.DbConnectionInternal& connection) <0x103c848b8 + 0x002bf> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal (System.Data.Common.DbConnection outerConnection, System.Data.ProviderBase.DbConnectionFactory connectionFactory, System.Threading.Tasks.TaskCompletionSource`1[TResult] retry, System.Data.Common.DbConnectionOptions userOptions) <0x103c85b4c + 0x00104> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.ProviderBase.DbConnectionClosed.TryOpenConnection (System.Data.Common.DbConnection outerConnection, System.Data.ProviderBase.DbConnectionFactory connectionFactory, System.Threading.Tasks.TaskCompletionSource`1[TResult] retry, System.Data.Common.DbConnectionOptions userOptions) <0x103c8425c + 0x0000b> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.SqlConnection.TryOpen (System.Threading.Tasks.TaskCompletionSource`1[TResult] retry) <0x103c1fce0 + 0x000cf> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
  at System.Data.SqlClient.SqlConnection.Open () <0x103b29f30 + 0x000c4> in <3809544b44834bdc9f70d632bd5493e1#00c21f382d13682289c1f5e2f971daa6>:0
@EgorBo

This comment has been minimized.

Copy link
Member

commented Jun 5, 2018

We moved to .NET Core sources for System.Data but unfortunately the Integrated Security for non-windows platforms requires System.Net.Security.Native with pal_gssapi (krb5) ported to mono.
(I tried to do it a while ago - https://github.com/mono/mono/pull/6806/files)

@EgorBo EgorBo self-assigned this Jun 5, 2018
@nealef

This comment has been minimized.

Copy link
Contributor

commented Jun 5, 2018

@EgorBo

This comment has been minimized.

Copy link
Member

commented Jun 5, 2018

@nealef well it should work with the changes in the PR for macOS/iOS (GSS.framework) but it's tricky for linux.

@marek-safar marek-safar added this to the 2018-04 (5.14.xx) milestone Jun 12, 2018
marek-safar added a commit that referenced this issue Sep 21, 2018
PAL_gssapi.c was converted to C recently in corefx but since our fork is not up to date I copied `PAL_gssapi.c` and `PAL_gssapi.h` into mono/metadata (I guess I should just cherry-pick those files to our fork).
For System.Data it will allow users to connect to sql servers using SSPI (Security Support Provider Interface).
See #9028 and #9751
on macOS (and iOS) it uses built-in GSS.framework.
on Linux it requires an additional package (`krb`) to be installed (see .NET Core prerequisites, e.g. https://docs.microsoft.com/en-us/dotnet/core/linux-prerequisites?tabs=netcore2x#ubuntu). 
Unfortunately it's not installed on our CI yet.
@xfortin-devolutions

This comment has been minimized.

Copy link

commented Feb 1, 2019

@marek-safar Is it really fixed in 5.18? I've tried with Xamarin.Mac (Unsupported Frameworks) + Mono 5.18.0.240 and I still get the same error with the same stack. Does the fixes requires something else on our side?

@marek-safar

This comment has been minimized.

Copy link
Member

commented Feb 1, 2019

@xfortin-devolutions yes, it's. Do you have the latest 5.18 version and could you share your stack trace?

/cc @EgorBo

@xfortin-devolutions

This comment has been minimized.

Copy link

commented Feb 4, 2019

@marek-safar Have the changes been pushed to the stable channel released version (namely version 5.18.0.240)? If not, do we know when it will be?

@marek-safar

This comment has been minimized.

Copy link
Member

commented Feb 4, 2019

The change actually was not successfully backported to 5.18 and will be available in 5.20+ only

@xfortin-devolutions

This comment has been minimized.

Copy link

commented Jun 20, 2019

@marek-safar Any progress on this? If so which version of Mono contains the fix? With Mono 5.20.1.19 I'm getting this error:

System.Net.Security.Native
  at (wrapper managed-to-native) Interop+NetSecurityNative.ImportPrincipalName(Interop/NetSecurityNative/Status&,string,int,Microsoft.Win32.SafeHandles.SafeGssNameHandle&)
  at Microsoft.Win32.SafeHandles.SafeGssNameHandle.CreatePrincipal (System.String name) [0x00000] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.cs:39 
  at System.Net.Security.SafeDeleteNegoContext..ctor (System.Net.Security.SafeFreeNegoCredentials credential, System.String targetName) [0x0001c] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/System/Net/Security/Unix/SafeDeleteNegoContext.cs:46 
  at System.Net.Security.NegotiateStreamPal.EstablishSecurityContext (System.Net.Security.SafeFreeNegoCredentials credential, System.Net.Security.SafeDeleteContext& context, System.String targetName, System.Net.ContextFlagsPal inFlags, System.Net.Security.SecurityBuffer inputBuffer, System.Net.Security.SecurityBuffer outputBuffer, System.Net.ContextFlagsPal& outFlags) [0x0000b] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs:166 
  at System.Net.Security.NegotiateStreamPal.InitializeSecurityContext (System.Net.Security.SafeFreeCredentials credentialsHandle, System.Net.Security.SafeDeleteContext& securityContext, System.String spn, System.Net.ContextFlagsPal requestedContextFlags, System.Net.Security.SecurityBuffer[] inSecurityBufferArray, System.Net.Security.SecurityBuffer outSecurityBuffer, System.Net.ContextFlagsPal& contextFlags) [0x00037] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs:240 
  at System.Data.SqlClient.SNI.SNIProxy.GenSspiClientContext (System.Data.SqlClient.SNI.SspiClientContextStatus sspiClientContextStatus, System.Byte[] receivedBuff, System.Byte[]& sendBuff, System.Byte[] serverName) [0x0006b] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/System.Data.SqlClient/src/System/Data/SqlClient/SNI/SNIProxy.cs:113 
  at System.Data.SqlClient.SNI.TdsParserStateObjectManaged.GenerateSspiClientContext (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength, System.Byte[] _sniSpnBuffer) [0x00000] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/System.Data.SqlClient/src/System/Data/SqlClient/TdsParserStateObjectManaged.cs:240 
  at System.Data.SqlClient.TdsParser.SNISSPIData (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength) [0x00007] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/System.Data.SqlClient/src/System/Data/SqlClient/TdsParser.cs:6384 
System.Net.Security.Native
  at (wrapper managed-to-native) Interop+NetSecurityNative.ImportPrincipalName(Interop/NetSecurityNative/Status&,string,int,Microsoft.Win32.SafeHandles.SafeGssNameHandle&)
  at Microsoft.Win32.SafeHandles.SafeGssNameHandle.CreatePrincipal (System.String name) [0x00000] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.cs:39 
  at System.Net.Security.SafeDeleteNegoContext..ctor (System.Net.Security.SafeFreeNegoCredentials credential, System.String targetName) [0x0001c] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/System/Net/Security/Unix/SafeDeleteNegoContext.cs:46 
  at System.Net.Security.NegotiateStreamPal.EstablishSecurityContext (System.Net.Security.SafeFreeNegoCredentials credential, System.Net.Security.SafeDeleteContext& context, System.String targetName, System.Net.ContextFlagsPal inFlags, System.Net.Security.SecurityBuffer inputBuffer, System.Net.Security.SecurityBuffer outputBuffer, System.Net.ContextFlagsPal& outFlags) [0x0000b] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs:166 
  at System.Net.Security.NegotiateStreamPal.InitializeSecurityContext (System.Net.Security.SafeFreeCredentials credentialsHandle, System.Net.Security.SafeDeleteContext& securityContext, System.String spn, System.Net.ContextFlagsPal requestedContextFlags, System.Net.Security.SecurityBuffer[] inSecurityBufferArray, System.Net.Security.SecurityBuffer outSecurityBuffer, System.Net.ContextFlagsPal& contextFlags) [0x00037] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs:240 
  at System.Data.SqlClient.SNI.SNIProxy.GenSspiClientContext (System.Data.SqlClient.SNI.SspiClientContextStatus sspiClientContextStatus, System.Byte[] receivedBuff, System.Byte[]& sendBuff, System.Byte[] serverName) [0x0006b] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/System.Data.SqlClient/src/System/Data/SqlClient/SNI/SNIProxy.cs:113 
  at System.Data.SqlClient.SNI.TdsParserStateObjectManaged.GenerateSspiClientContext (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength, System.Byte[] _sniSpnBuffer) [0x00000] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/System.Data.SqlClient/src/System/Data/SqlClient/TdsParserStateObjectManaged.cs:240 
  at System.Data.SqlClient.TdsParser.SNISSPIData (System.Byte[] receivedBuff, System.UInt32 receivedLength, System.Byte[]& sendBuff, System.UInt32& sendLength) [0x00007] in /Users/builder/jenkins/workspace/build-package-osx-mono/2018-10/external/bockbuild/builds/mono-x64/external/corefx/src/System.Data.SqlClient/src/System/Data/SqlClient/TdsParser.cs:6384 

Not exactly the same error as previously, but not much of an improvement.

@marek-safar

This comment has been minimized.

Copy link
Member

commented Jun 21, 2019

Mono 5.20 has the original fix. If you are experiencing different symptoms, please create a new issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.