Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement NegotiateAuthentication API #70720

Merged
merged 28 commits into from
Jun 21, 2022
Merged

Implement NegotiateAuthentication API #70720

Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
4ac2501
WIP: Add implementation of NegotiateAuthentication
filipnavara Jun 3, 2022
c7a6bce
WIP: Update error code mapping
filipnavara Jun 4, 2022
5d5c61f
Spanify input of GetOutgoingBlob
filipnavara Jun 4, 2022
d0d1bba
Update comments
filipnavara Jun 4, 2022
982e7c3
Move NegotiateStreamPal.Encrypt/Decrypt to shared sources. Unix imple…
filipnavara Jun 4, 2022
cbd24a2
Revert accidental change
filipnavara Jun 4, 2022
9d4d557
Build fixes.
filipnavara Jun 4, 2022
c371515
Fix error handling condition
filipnavara Jun 4, 2022
3306c67
Update error mapping based on HttpListener usage.
filipnavara Jun 4, 2022
065d87c
WIP: HttpListener test
filipnavara Jun 7, 2022
447020a
Move workaround from HttpListener to low-level SSPI code
filipnavara Jun 7, 2022
bed08fa
Fix build
filipnavara Jun 14, 2022
318ca06
Clean up
filipnavara Jun 14, 2022
5474811
Revert "WIP: HttpListener test"
filipnavara Jun 14, 2022
4cdb8af
Convert System.Net.Http.FunctionalTests to use NegotiateAuthenticatio…
filipnavara Jun 14, 2022
34e47c4
Dispose the identity along NegotiateAuthentication
filipnavara Jun 14, 2022
73ac446
Modify unit tests to use the new API
filipnavara Jun 14, 2022
7e85f10
Add exceptions for invalid inputs/states
filipnavara Jun 14, 2022
7c870bd
Remove tvOS unsupported marker, managed NTLM is used on tvOS
filipnavara Jun 16, 2022
1bd0cde
Apply suggestions from code review
filipnavara Jun 14, 2022
e93f073
Fix typo
filipnavara Jun 14, 2022
5aae44d
Remove reference equality checks from IsNTLM/IsKerberos
filipnavara Jun 16, 2022
b746590
Remove NTAuthentication.AssociatedName to make it more obvious which …
filipnavara Jun 16, 2022
dd7dd9a
Add comment
filipnavara Jun 16, 2022
39a43b2
Add more tests, handle unsupported protocols
filipnavara Jun 16, 2022
9a4ccdf
Handle NotSupportedException from NTAuthentication constructor
filipnavara Jun 16, 2022
e86ce79
Add workaround for linker issue
filipnavara Jun 17, 2022
ffed0be
Apply suggestions from code review
filipnavara Jun 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 82 additions & 6 deletions ...libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,21 +73,21 @@ internal static partial Status ReleaseCred(
ref IntPtr credHandle);

[LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_InitSecContext")]
internal static partial Status InitSecContext(
private static partial Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
[MarshalAs(UnmanagedType.Bool)] bool isNtlmOnly,
SafeGssNameHandle? targetName,
uint reqFlags,
byte[]? inputBytes,
ref byte inputBytes,
int inputLength,
ref GssBuffer token,
out uint retFlags,
[MarshalAs(UnmanagedType.Bool)] out bool isNtlmUsed);

[LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_InitSecContextEx")]
internal static partial Status InitSecContext(
private static partial Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
Expand All @@ -96,23 +96,99 @@ internal static partial Status InitSecContext(
int cbtSize,
SafeGssNameHandle? targetName,
uint reqFlags,
byte[]? inputBytes,
ref byte inputBytes,
int inputLength,
ref GssBuffer token,
out uint retFlags,
[MarshalAs(UnmanagedType.Bool)] out bool isNtlmUsed);

internal static Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
bool isNtlmOnly,
SafeGssNameHandle? targetName,
uint reqFlags,
ReadOnlySpan<byte> inputBytes,
ref GssBuffer token,
out uint retFlags,
out bool isNtlmUsed)
{
return InitSecContext(
out minorStatus,
initiatorCredHandle,
ref contextHandle,
isNtlmOnly,
targetName,
reqFlags,
ref MemoryMarshal.GetReference(inputBytes),
inputBytes.Length,
ref token,
out retFlags,
out isNtlmUsed);
}

internal static Status InitSecContext(
out Status minorStatus,
SafeGssCredHandle initiatorCredHandle,
ref SafeGssContextHandle contextHandle,
bool isNtlmOnly,
IntPtr cbt,
int cbtSize,
SafeGssNameHandle? targetName,
uint reqFlags,
ReadOnlySpan<byte> inputBytes,
ref GssBuffer token,
out uint retFlags,
out bool isNtlmUsed)
{
return InitSecContext(
out minorStatus,
initiatorCredHandle,
ref contextHandle,
isNtlmOnly,
cbt,
cbtSize,
targetName,
reqFlags,
ref MemoryMarshal.GetReference(inputBytes),
inputBytes.Length,
ref token,
out retFlags,
out isNtlmUsed);
}

[LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_AcceptSecContext")]
internal static partial Status AcceptSecContext(
private static partial Status AcceptSecContext(
out Status minorStatus,
SafeGssCredHandle acceptorCredHandle,
ref SafeGssContextHandle acceptContextHandle,
byte[]? inputBytes,
ref byte inputBytes,
int inputLength,
ref GssBuffer token,
out uint retFlags,
[MarshalAs(UnmanagedType.Bool)] out bool isNtlmUsed);

internal static Status AcceptSecContext(
out Status minorStatus,
SafeGssCredHandle acceptorCredHandle,
ref SafeGssContextHandle acceptContextHandle,
ReadOnlySpan<byte> inputBytes,
ref GssBuffer token,
out uint retFlags,
out bool isNtlmUsed)
{
return AcceptSecContext(
out minorStatus,
acceptorCredHandle,
ref acceptContextHandle,
ref MemoryMarshal.GetReference(inputBytes),
inputBytes.Length,
ref token,
out retFlags,
out isNtlmUsed);
}

[LibraryImport(Interop.Libraries.NetSecurityNative, EntryPoint="NetSecurityNative_DeleteSecContext")]
internal static partial Status DeleteSecContext(
out Status minorStatus,
Expand Down
59 changes: 0 additions & 59 deletions src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs
View file
Open in desktop

This file was deleted.

22 changes: 0 additions & 22 deletions src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs
View file
Open in desktop

This file was deleted.

49 changes: 42 additions & 7 deletions src/libraries/Common/src/System/Net/NTAuthentication.Common.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

using System.ComponentModel;
using System.Diagnostics;
using System.Diagnostics.CodeAnalysis;
using System.Net.Security;
Expand All @@ -10,7 +11,6 @@

namespace System.Net
{
[UnsupportedOSPlatform("tvos")]
internal sealed partial class NTAuthentication
{
private bool _isServer;
Expand Down Expand Up @@ -81,12 +81,17 @@ internal bool IsKerberos
{
get
{
if (_lastProtocolName == null)
{
_lastProtocolName = ProtocolName;
}
_lastProtocolName ??= ProtocolName;
return _lastProtocolName == NegotiationInfoClass.Kerberos;
}
}

return (object)_lastProtocolName == (object)NegotiationInfoClass.Kerberos;
internal bool IsNTLM
{
get
{
_lastProtocolName ??= ProtocolName;
return _lastProtocolName == NegotiationInfoClass.NTLM;
}
}

Expand Down Expand Up @@ -150,6 +155,7 @@ internal void CloseContext()
{
_securityContext.Dispose();
}
_isCompleted = false;
}

internal int VerifySignature(byte[] buffer, int offset, int count)
Expand Down Expand Up @@ -204,11 +210,16 @@ internal int MakeSignature(byte[] buffer, int offset, int count, [AllowNull] ref

internal byte[]? GetOutgoingBlob(byte[]? incomingBlob, bool throwOnError)
{
return GetOutgoingBlob(incomingBlob, throwOnError, out _);
return GetOutgoingBlob(incomingBlob.AsSpan(), throwOnError, out _);
}

// Accepts an incoming binary security blob and returns an outgoing binary security blob.
internal byte[]? GetOutgoingBlob(byte[]? incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
{
return GetOutgoingBlob(incomingBlob.AsSpan(), throwOnError, out statusCode);
}

internal byte[]? GetOutgoingBlob(ReadOnlySpan<byte> incomingBlob, bool throwOnError, out SecurityStatusPal statusCode)
{
byte[]? result = new byte[_tokenSize];

Expand Down Expand Up @@ -312,5 +323,29 @@ internal int MakeSignature(byte[] buffer, int offset, int count, [AllowNull] ref

return spn;
}

internal int Encrypt(ReadOnlySpan<byte> buffer, [NotNull] ref byte[]? output, uint sequenceNumber)
{
return NegotiateStreamPal.Encrypt(
_securityContext!,
buffer,
(_contextFlags & ContextFlagsPal.Confidentiality) != 0,
IsNTLM,
ref output,
sequenceNumber);
}

internal int Decrypt(byte[] payload, int offset, int count, out int newOffset, uint expectedSeqNumber)
{
return NegotiateStreamPal.Decrypt(
_securityContext!,
payload,
offset,
count,
(_contextFlags & ContextFlagsPal.Confidentiality) != 0,
IsNTLM,
out newOffset,
expectedSeqNumber);
}
}
}
Loading