From 457c937753fadaffbd7ea4c4ae585be9758bd4c3 Mon Sep 17 00:00:00 2001 From: Maxim Lipnin Date: Mon, 26 Apr 2021 16:57:43 +0300 Subject: [PATCH 01/10] Add PNSE version of NegotiateStreamPal class --- .../Net/Security/NegotiateStreamPal.PNSE.cs | 122 ++++++++++++++++++ .../src/System.Net.Security.csproj | 15 ++- .../Net/Security/NegotiateStreamPal.PNSE.cs | 31 +++++ 3 files changed, 165 insertions(+), 3 deletions(-) create mode 100644 src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PNSE.cs create mode 100644 src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PNSE.cs diff --git a/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PNSE.cs b/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PNSE.cs new file mode 100644 index 0000000000000..646052b4fb18d --- /dev/null +++ b/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PNSE.cs @@ -0,0 +1,122 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +using System.IO; +using System.ComponentModel; +using System.Diagnostics; +using System.Diagnostics.CodeAnalysis; +using System.Runtime.InteropServices; +using System.Security; +using System.Security.Authentication; +using System.Security.Authentication.ExtendedProtection; +using System.Security.Principal; +using System.Text; +using System.Threading; +using Microsoft.Win32.SafeHandles; + +namespace System.Net.Security +{ + // + // The class maintains the state of the authentication process and the security context. + // It encapsulates security context and does the real work in authentication and + // user data encryption with NEGO SSPI package. + // + internal static partial class NegotiateStreamPal + { + internal static string QueryContextClientSpecifiedSpn(SafeDeleteContext securityContext) + { + throw new PlatformNotSupportedException(SR.net_nego_server_not_supported); + } + + internal static string QueryContextAuthenticationPackage(SafeDeleteContext securityContext) + { + throw new PlatformNotSupportedException(); + } + + internal static SecurityStatusPal InitializeSecurityContext( + ref SafeFreeCredentials credentialsHandle, + ref SafeDeleteContext? securityContext, + string? spn, + ContextFlagsPal requestedContextFlags, + byte[]? incomingBlob, + ChannelBinding? channelBinding, + ref byte[]? resultBlob, + ref ContextFlagsPal contextFlags) + { + throw new PlatformNotSupportedException(); + } + + internal static SecurityStatusPal AcceptSecurityContext( + SafeFreeCredentials? credentialsHandle, + ref SafeDeleteContext? securityContext, + ContextFlagsPal requestedContextFlags, + byte[]? incomingBlob, + ChannelBinding? channelBinding, + ref byte[] resultBlob, + ref ContextFlagsPal contextFlags) + { + throw new PlatformNotSupportedException(); + } + + internal static Win32Exception CreateExceptionFromError(SecurityStatusPal statusCode) + { + throw new PlatformNotSupportedException(); + } + + internal static int QueryMaxTokenSize(string package) + { + throw new PlatformNotSupportedException(); + } + + internal static SafeFreeCredentials AcquireDefaultCredential(string package, bool isServer) + { + throw new PlatformNotSupportedException(); + } + + internal static SafeFreeCredentials AcquireCredentialsHandle(string package, bool isServer, NetworkCredential credential) + { + throw new PlatformNotSupportedException(); + } + + internal static SecurityStatusPal CompleteAuthToken( + ref SafeDeleteContext? securityContext, + byte[]? incomingBlob) + { + throw new PlatformNotSupportedException(); + } + + internal static int Encrypt( + SafeDeleteContext securityContext, + ReadOnlySpan buffer, + bool isConfidential, + bool isNtlm, + [NotNull] ref byte[]? output, + uint sequenceNumber) + { + throw new PlatformNotSupportedException(); + } + + internal static int Decrypt( + SafeDeleteContext securityContext, + byte[]? buffer, + int offset, + int count, + bool isConfidential, + bool isNtlm, + out int newOffset, + uint sequenceNumber) + { + throw new PlatformNotSupportedException(); + } + + internal static int VerifySignature(SafeDeleteContext securityContext, byte[] buffer, int offset, int count) + { + throw new PlatformNotSupportedException(); + } + + internal static int MakeSignature(SafeDeleteContext securityContext, byte[] buffer, int offset, int count, [AllowNull] ref byte[] output) + { + throw new PlatformNotSupportedException(); + } + } +} diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj index 69f7d83079a3d..d8f9ebf14f8e2 100644 --- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj +++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj @@ -254,8 +254,6 @@ Link="Common\System\Net\ContextFlagsAdapterPal.Unix.cs" /> - - + + + + + + + + + + diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PNSE.cs b/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PNSE.cs new file mode 100644 index 0000000000000..8b4c98f1a8887 --- /dev/null +++ b/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PNSE.cs @@ -0,0 +1,31 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +using System.ComponentModel; +using System.Security.Principal; + +namespace System.Net.Security +{ + // + // The class maintains the state of the authentication process and the security context. + // It encapsulates security context and does the real work in authentication and + // user data encryption with NEGO SSPI package. + // + internal static partial class NegotiateStreamPal + { + internal static IIdentity GetIdentity(NTAuthentication context) + { + throw new PlatformNotSupportedException(); + } + + internal static string QueryContextAssociatedName(SafeDeleteContext? securityContext) + { + throw new PlatformNotSupportedException(SR.net_nego_server_not_supported); + } + + internal static void ValidateImpersonationLevel(TokenImpersonationLevel impersonationLevel) + { + throw new PlatformNotSupportedException(); + } + } +} From 871ac98fc2999feddc6aebcb89c5d48f3d61f495 Mon Sep 17 00:00:00 2001 From: Maxim Lipnin Date: Mon, 26 Apr 2021 17:30:34 +0300 Subject: [PATCH 02/10] Rename PNSE to PlatformNotSupported --- ...l.PNSE.cs => NegotiateStreamPal.PlatformNotSupported.cs} | 0 .../System.Net.Security/src/System.Net.Security.csproj | 6 +++--- ...l.PNSE.cs => NegotiateStreamPal.PlatformNotSupported.cs} | 0 3 files changed, 3 insertions(+), 3 deletions(-) rename src/libraries/Common/src/System/Net/Security/{NegotiateStreamPal.PNSE.cs => NegotiateStreamPal.PlatformNotSupported.cs} (100%) rename src/libraries/System.Net.Security/src/System/Net/Security/{NegotiateStreamPal.PNSE.cs => NegotiateStreamPal.PlatformNotSupported.cs} (100%) diff --git a/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PNSE.cs b/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs similarity index 100% rename from src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PNSE.cs rename to src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj index d8f9ebf14f8e2..7e1b927fc8f2c 100644 --- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj +++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj @@ -276,9 +276,9 @@ - - + + diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PNSE.cs b/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs similarity index 100% rename from src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PNSE.cs rename to src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs From 60d99f7430a69cfc21434243f8e53cfeaa9bb6e6 Mon Sep 17 00:00:00 2001 From: Maxim Lipnin Date: Tue, 27 Apr 2021 15:00:28 +0300 Subject: [PATCH 03/10] Remove the interop files from the build --- .../Interop.NetSecurityNative.GssFlags.cs | 28 +++++++++ .../Interop.NetSecurityNative.Status.cs | 38 ++++++++++++ .../Interop.NetSecurityNative.cs | 46 -------------- .../GssSafeHandles.PlatformNotSupported.cs | 61 +++++++++++++++++++ ...extFlagsAdapterPal.PlatformNotSupported.cs | 20 ++++++ .../src/System.Net.Http.csproj | 4 ++ .../src/System.Net.Mail.csproj | 4 ++ .../src/System.Net.Security.csproj | 40 +++++++----- 8 files changed, 179 insertions(+), 62 deletions(-) create mode 100644 src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.GssFlags.cs create mode 100644 src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.Status.cs create mode 100644 src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs create mode 100644 src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs diff --git a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.GssFlags.cs b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.GssFlags.cs new file mode 100644 index 0000000000000..53f5f025bf479 --- /dev/null +++ b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.GssFlags.cs @@ -0,0 +1,28 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +using System; + +internal static partial class Interop +{ + internal static partial class NetSecurityNative + { + [Flags] + internal enum GssFlags : uint + { + GSS_C_DELEG_FLAG = 0x1, + GSS_C_MUTUAL_FLAG = 0x2, + GSS_C_REPLAY_FLAG = 0x4, + GSS_C_SEQUENCE_FLAG = 0x8, + GSS_C_CONF_FLAG = 0x10, + GSS_C_INTEG_FLAG = 0x20, + GSS_C_ANON_FLAG = 0x40, + GSS_C_PROT_READY_FLAG = 0x80, + GSS_C_TRANS_FLAG = 0x100, + GSS_C_DCE_STYLE = 0x1000, + GSS_C_IDENTIFY_FLAG = 0x2000, + GSS_C_EXTENDED_ERROR_FLAG = 0x4000, + GSS_C_DELEG_POLICY_FLAG = 0x8000 + } + } +} diff --git a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.Status.cs b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.Status.cs new file mode 100644 index 0000000000000..2a17373a42391 --- /dev/null +++ b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.Status.cs @@ -0,0 +1,38 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +using System; + +internal static partial class Interop +{ + internal static partial class NetSecurityNative + { + // https://www.gnu.org/software/gss/reference/gss.pdf Page 65 + internal const int GSS_C_ROUTINE_ERROR_OFFSET = 16; + + // https://www.gnu.org/software/gss/reference/gss.pdf Page 9 + internal enum Status : uint + { + GSS_S_COMPLETE = 0, + GSS_S_CONTINUE_NEEDED = 1, + GSS_S_BAD_MECH = 1 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_BAD_NAME = 2 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_BAD_NAMETYPE = 3 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_BAD_BINDINGS = 4 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_BAD_STATUS = 5 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_BAD_SIG = 6 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_NO_CRED = 7 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_NO_CONTEXT = 8 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_DEFECTIVE_TOKEN = 9 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_DEFECTIVE_CREDENTIAL = 10 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_CREDENTIALS_EXPIRED = 11 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_CONTEXT_EXPIRED = 12 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_FAILURE = 13 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_BAD_QOP = 14 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_UNAUTHORIZED = 15 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_UNAVAILABLE = 16 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_DUPLICATE_ELEMENT = 17 << GSS_C_ROUTINE_ERROR_OFFSET, + GSS_S_NAME_NOT_MN = 18 << GSS_C_ROUTINE_ERROR_OFFSET, + } + } +} diff --git a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs index d165615328610..083b6ce18b77d 100644 --- a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs +++ b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs @@ -169,51 +169,5 @@ internal static Status UnwrapBuffer( return Unwrap(out minorStatus, contextHandle, inputBytes, offset, count, ref outBuffer); } - - // https://www.gnu.org/software/gss/reference/gss.pdf Page 65 - internal const int GSS_C_ROUTINE_ERROR_OFFSET = 16; - - // https://www.gnu.org/software/gss/reference/gss.pdf Page 9 - internal enum Status : uint - { - GSS_S_COMPLETE = 0, - GSS_S_CONTINUE_NEEDED = 1, - GSS_S_BAD_MECH = 1 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_BAD_NAME = 2 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_BAD_NAMETYPE = 3 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_BAD_BINDINGS = 4 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_BAD_STATUS = 5 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_BAD_SIG = 6 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_NO_CRED = 7 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_NO_CONTEXT = 8 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_DEFECTIVE_TOKEN = 9 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_DEFECTIVE_CREDENTIAL = 10 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_CREDENTIALS_EXPIRED = 11 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_CONTEXT_EXPIRED = 12 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_FAILURE = 13 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_BAD_QOP = 14 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_UNAUTHORIZED = 15 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_UNAVAILABLE = 16 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_DUPLICATE_ELEMENT = 17 << GSS_C_ROUTINE_ERROR_OFFSET, - GSS_S_NAME_NOT_MN = 18 << GSS_C_ROUTINE_ERROR_OFFSET, - } - - [Flags] - internal enum GssFlags : uint - { - GSS_C_DELEG_FLAG = 0x1, - GSS_C_MUTUAL_FLAG = 0x2, - GSS_C_REPLAY_FLAG = 0x4, - GSS_C_SEQUENCE_FLAG = 0x8, - GSS_C_CONF_FLAG = 0x10, - GSS_C_INTEG_FLAG = 0x20, - GSS_C_ANON_FLAG = 0x40, - GSS_C_PROT_READY_FLAG = 0x80, - GSS_C_TRANS_FLAG = 0x100, - GSS_C_DCE_STYLE = 0x1000, - GSS_C_IDENTIFY_FLAG = 0x2000, - GSS_C_EXTENDED_ERROR_FLAG = 0x4000, - GSS_C_DELEG_POLICY_FLAG = 0x8000 - } } } diff --git a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs new file mode 100644 index 0000000000000..8b95dd174d2db --- /dev/null +++ b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs @@ -0,0 +1,61 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +using System; +using System.Diagnostics; +using System.Runtime.InteropServices; +using System.Text; + +namespace Microsoft.Win32.SafeHandles +{ + internal sealed class SafeGssNameHandle : SafeHandle + { + public static SafeGssNameHandle CreateUser(string name) => throw new PlatformNotSupportedException(); + public static SafeGssNameHandle CreateTarget(string name) => throw new PlatformNotSupportedException(); + public override bool IsInvalid + { + get { throw new PlatformNotSupportedException(); } + } + + protected override bool ReleaseHandle() => throw new PlatformNotSupportedException(); + public SafeGssNameHandle() + : base(IntPtr.Zero, true) + { + throw new PlatformNotSupportedException(); + } + } + + internal sealed class SafeGssCredHandle : SafeHandle + { + public static SafeGssCredHandle CreateAcceptor() => throw new PlatformNotSupportedException(); + public static SafeGssCredHandle Create(string username, string password, bool isNtlmOnly) => throw new PlatformNotSupportedException(); + public SafeGssCredHandle() + : base(IntPtr.Zero, true) + { + throw new PlatformNotSupportedException(); + } + + public override bool IsInvalid + { + get { throw new PlatformNotSupportedException(); } + } + + protected override bool ReleaseHandle() => throw new PlatformNotSupportedException(); + } + + internal sealed class SafeGssContextHandle : SafeHandle + { + public SafeGssContextHandle() + : base(IntPtr.Zero, true) + { + throw new PlatformNotSupportedException(); + } + + public override bool IsInvalid + { + get { throw new PlatformNotSupportedException(); } + } + + protected override bool ReleaseHandle() => throw new PlatformNotSupportedException(); + } +} diff --git a/src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs b/src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs new file mode 100644 index 0000000000000..00085cb6e02d8 --- /dev/null +++ b/src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs @@ -0,0 +1,20 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. + +using System; + +namespace System.Net +{ + internal static class ContextFlagsAdapterPal + { + internal static ContextFlagsPal GetContextFlagsPalFromInterop(Interop.NetSecurityNative.GssFlags gssFlags, bool isServer) + { + throw new PlatformNotSupportedException(); + } + + internal static Interop.NetSecurityNative.GssFlags GetInteropFromContextFlagsPal(ContextFlagsPal flags, bool isServer) + { + throw new PlatformNotSupportedException(); + } + } +} diff --git a/src/libraries/System.Net.Http/src/System.Net.Http.csproj b/src/libraries/System.Net.Http/src/System.Net.Http.csproj index 6db9882aeafb9..8f495ebd79224 100644 --- a/src/libraries/System.Net.Http/src/System.Net.Http.csproj +++ b/src/libraries/System.Net.Http/src/System.Net.Http.csproj @@ -327,6 +327,10 @@ Link="Common\System\Net\Security\Unix\SecChannelBindings.cs" /> + + + + - - - - - - - + + - + + + + + + + + + + - From 0ac3a315c26bc18e64a4d69056b640c41b729e34 Mon Sep 17 00:00:00 2001 From: Maxim Lipnin Date: Tue, 27 Apr 2021 16:29:07 +0300 Subject: [PATCH 04/10] Remove redundant compile element --- .../System.Net.Security/src/System.Net.Security.csproj | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj index 92bc0c6a19a60..98952cf24b724 100644 --- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj +++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj @@ -262,8 +262,6 @@ - Date: Tue, 27 Apr 2021 17:07:17 +0300 Subject: [PATCH 05/10] Add missing compile elements --- .../tests/Unit/System.Net.Mail.Unit.Tests.csproj | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj b/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj index 92c660864602e..8f1b9077289dc 100644 --- a/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj +++ b/src/libraries/System.Net.Mail/tests/Unit/System.Net.Mail.Unit.Tests.csproj @@ -160,8 +160,12 @@ Link="Common\Interop\Unix\System.Net.Security.Native\Interop.GssApiException.cs" /> + + Date: Wed, 28 Apr 2021 09:20:22 +0300 Subject: [PATCH 06/10] Make the handle ctors private --- .../SafeHandles/GssSafeHandles.PlatformNotSupported.cs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs index 8b95dd174d2db..db7db58b2d27c 100644 --- a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs +++ b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs @@ -18,10 +18,9 @@ public override bool IsInvalid } protected override bool ReleaseHandle() => throw new PlatformNotSupportedException(); - public SafeGssNameHandle() + private SafeGssNameHandle() : base(IntPtr.Zero, true) { - throw new PlatformNotSupportedException(); } } @@ -29,10 +28,9 @@ internal sealed class SafeGssCredHandle : SafeHandle { public static SafeGssCredHandle CreateAcceptor() => throw new PlatformNotSupportedException(); public static SafeGssCredHandle Create(string username, string password, bool isNtlmOnly) => throw new PlatformNotSupportedException(); - public SafeGssCredHandle() + private SafeGssCredHandle() : base(IntPtr.Zero, true) { - throw new PlatformNotSupportedException(); } public override bool IsInvalid @@ -45,10 +43,9 @@ public override bool IsInvalid internal sealed class SafeGssContextHandle : SafeHandle { - public SafeGssContextHandle() + private SafeGssContextHandle() : base(IntPtr.Zero, true) { - throw new PlatformNotSupportedException(); } public override bool IsInvalid From 9f2c4888453336a89e5291164b3f7940d9d87539 Mon Sep 17 00:00:00 2001 From: Maxim Lipnin Date: Wed, 28 Apr 2021 13:36:30 +0300 Subject: [PATCH 07/10] Exclude SafeDeleteNegoContext.cs and SafeFreeNegoCredentials.cs from the build --- .../SafeHandles/GssSafeHandles.PlatformNotSupported.cs | 4 ---- .../System.Net.Security/src/System.Net.Security.csproj | 8 ++++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs index db7db58b2d27c..aad618714725d 100644 --- a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs +++ b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs @@ -10,8 +10,6 @@ namespace Microsoft.Win32.SafeHandles { internal sealed class SafeGssNameHandle : SafeHandle { - public static SafeGssNameHandle CreateUser(string name) => throw new PlatformNotSupportedException(); - public static SafeGssNameHandle CreateTarget(string name) => throw new PlatformNotSupportedException(); public override bool IsInvalid { get { throw new PlatformNotSupportedException(); } @@ -26,8 +24,6 @@ private SafeGssNameHandle() internal sealed class SafeGssCredHandle : SafeHandle { - public static SafeGssCredHandle CreateAcceptor() => throw new PlatformNotSupportedException(); - public static SafeGssCredHandle Create(string username, string password, bool isNtlmOnly) => throw new PlatformNotSupportedException(); private SafeGssCredHandle() : base(IntPtr.Zero, true) { diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj index 98952cf24b724..8a2c4b5206311 100644 --- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj +++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj @@ -246,12 +246,8 @@ Link="Common\Interop\Unix\System.Net.Security.Native\Interop.NetSecurityNative.Status.cs" /> - - @@ -262,6 +258,10 @@ + + Date: Wed, 28 Apr 2021 16:31:31 +0300 Subject: [PATCH 08/10] Highlight the unsupported APIs --- .../Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs | 4 ++++ .../System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs | 2 ++ .../Net/Security/NegotiateStreamPal.PlatformNotSupported.cs | 2 ++ .../System.Net.Security/src/System/Net/NTAuthentication.cs | 2 ++ .../src/System/Net/Security/NegotiateStream.cs | 2 ++ .../Net/Security/NegotiateStreamPal.PlatformNotSupported.cs | 2 ++ 6 files changed, 14 insertions(+) diff --git a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs index aad618714725d..0c6a8304620ad 100644 --- a/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs +++ b/src/libraries/Common/src/Microsoft/Win32/SafeHandles/GssSafeHandles.PlatformNotSupported.cs @@ -4,10 +4,12 @@ using System; using System.Diagnostics; using System.Runtime.InteropServices; +using System.Runtime.Versioning; using System.Text; namespace Microsoft.Win32.SafeHandles { + [UnsupportedOSPlatform("tvos")] internal sealed class SafeGssNameHandle : SafeHandle { public override bool IsInvalid @@ -22,6 +24,7 @@ private SafeGssNameHandle() } } + [UnsupportedOSPlatform("tvos")] internal sealed class SafeGssCredHandle : SafeHandle { private SafeGssCredHandle() @@ -37,6 +40,7 @@ public override bool IsInvalid protected override bool ReleaseHandle() => throw new PlatformNotSupportedException(); } + [UnsupportedOSPlatform("tvos")] internal sealed class SafeGssContextHandle : SafeHandle { private SafeGssContextHandle() diff --git a/src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs b/src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs index 00085cb6e02d8..ee4d9cb16dd4e 100644 --- a/src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs +++ b/src/libraries/Common/src/System/Net/ContextFlagsAdapterPal.PlatformNotSupported.cs @@ -2,9 +2,11 @@ // The .NET Foundation licenses this file to you under the MIT license. using System; +using System.Runtime.Versioning; namespace System.Net { + [UnsupportedOSPlatform("tvos")] internal static class ContextFlagsAdapterPal { internal static ContextFlagsPal GetContextFlagsPalFromInterop(Interop.NetSecurityNative.GssFlags gssFlags, bool isServer) diff --git a/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs b/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs index 646052b4fb18d..00eb37b101b52 100644 --- a/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs +++ b/src/libraries/Common/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs @@ -6,6 +6,7 @@ using System.Diagnostics; using System.Diagnostics.CodeAnalysis; using System.Runtime.InteropServices; +using System.Runtime.Versioning; using System.Security; using System.Security.Authentication; using System.Security.Authentication.ExtendedProtection; @@ -21,6 +22,7 @@ namespace System.Net.Security // It encapsulates security context and does the real work in authentication and // user data encryption with NEGO SSPI package. // + [UnsupportedOSPlatform("tvos")] internal static partial class NegotiateStreamPal { internal static string QueryContextClientSpecifiedSpn(SafeDeleteContext securityContext) diff --git a/src/libraries/System.Net.Security/src/System/Net/NTAuthentication.cs b/src/libraries/System.Net.Security/src/System/Net/NTAuthentication.cs index 93b77ffbba0d3..75f41a9e8d72c 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NTAuthentication.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NTAuthentication.cs @@ -4,10 +4,12 @@ using System.ComponentModel; using System.Diagnostics.CodeAnalysis; using System.Net.Security; +using System.Runtime.Versioning; using System.Security.Authentication.ExtendedProtection; namespace System.Net { + [UnsupportedOSPlatform("tvos")] internal sealed partial class NTAuthentication { internal string? AssociatedName diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStream.cs b/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStream.cs index e84f1eaebc7bd..8ea35c6dfcb45 100644 --- a/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStream.cs +++ b/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStream.cs @@ -7,6 +7,7 @@ using System.IO; using System.Runtime.CompilerServices; using System.Runtime.ExceptionServices; +using System.Runtime.Versioning; using System.Security.Authentication; using System.Security.Authentication.ExtendedProtection; using System.Security.Principal; @@ -18,6 +19,7 @@ namespace System.Net.Security /// /// Provides a stream that uses the Negotiate security protocol to authenticate the client, and optionally the server, in client-server communication. /// + [UnsupportedOSPlatform("tvos")] public partial class NegotiateStream : AuthenticatedStream { /// Set as the _exception when the instance is disposed. diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs b/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs index 8b4c98f1a8887..b41a28ccb9e10 100644 --- a/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs +++ b/src/libraries/System.Net.Security/src/System/Net/Security/NegotiateStreamPal.PlatformNotSupported.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.ComponentModel; +using System.Runtime.Versioning; using System.Security.Principal; namespace System.Net.Security @@ -11,6 +12,7 @@ namespace System.Net.Security // It encapsulates security context and does the real work in authentication and // user data encryption with NEGO SSPI package. // + [UnsupportedOSPlatform("tvos")] internal static partial class NegotiateStreamPal { internal static IIdentity GetIdentity(NTAuthentication context) From 60b7a9f850d9d506fd32c853989284275e218955 Mon Sep 17 00:00:00 2001 From: Maxim Lipnin Date: Wed, 28 Apr 2021 17:46:00 +0300 Subject: [PATCH 09/10] Update ref-part --- src/libraries/System.Net.Security/ref/System.Net.Security.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libraries/System.Net.Security/ref/System.Net.Security.cs b/src/libraries/System.Net.Security/ref/System.Net.Security.cs index ab478a68272a8..5fba93d1506bd 100644 --- a/src/libraries/System.Net.Security/ref/System.Net.Security.cs +++ b/src/libraries/System.Net.Security/ref/System.Net.Security.cs @@ -33,6 +33,7 @@ public enum EncryptionPolicy NoEncryption = 2, } public delegate System.Security.Cryptography.X509Certificates.X509Certificate LocalCertificateSelectionCallback(object sender, string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection localCertificates, System.Security.Cryptography.X509Certificates.X509Certificate? remoteCertificate, string[] acceptableIssuers); + [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] public partial class NegotiateStream : System.Net.Security.AuthenticatedStream { public NegotiateStream(System.IO.Stream innerStream) : base (default(System.IO.Stream), default(bool)) { } From bff6a095cd64926fea338200d934e8b3bd81c0ae Mon Sep 17 00:00:00 2001 From: Maxim Lipnin Date: Wed, 28 Apr 2021 18:35:50 +0300 Subject: [PATCH 10/10] Reduce the condition --- .../System.Net.Security/src/System.Net.Security.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj index 8a2c4b5206311..13d7f6b29a2ff 100644 --- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj +++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj @@ -278,7 +278,7 @@ Link="Common\System\Net\Security\NegotiateStreamPal.Unix.cs" /> - +