Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

Enable NegotiateStream For Unix #6469

Merged
kapilash merged 1 commit into from
Mar 18, 2016
Merged

Enable NegotiateStream For Unix #6469

kapilash merged 1 commit into from
Mar 18, 2016

Conversation

@kapilash
Copy link
Contributor

@kapilash kapilash commented Feb 26, 2016

Problem

Enabling System.Net.Security.NegotiateStream for Unix.

Solution

This PR introduces the implementation of NegotiateStream based on native implementations of gssapi

The native implementations used are mit-krb5 on linux and the built-in GSS.Framework for OSX.

Also included are scripts to configure and deploy KDC on the host machine so as to run the associated tests.

cc: @stephentoub @bartonjs @CIPop @davidsh @vijaykota @shrutigarg

@davidsh davidsh added this to the 1.0.0-rtm milestone Feb 26, 2016
justinvp
justinvp reviewed Feb 26, 2016
View reviewed changes
src/Native/System.Net.Security.Native/pal_gssapi.cpp Outdated
assert(outBuffer != nullptr);
// count refers to the length of the input message. That is, number of bytes of inputBytes
// starting at offset
// that need to be wrapped.
Copy link
Contributor

@justinvp justinvp Feb 26, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: why the extra line wrap here?

bartonjs
bartonjs reviewed Mar 18, 2016
View reviewed changes
src/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.cs Outdated
Debug.Assert(offset >= 0 && offset <= inputBytes.Length, "offset must be valid");
Debug.Assert( count >=0 && count <= inputBytes.Length, "count must be valid");
Debug.Assert(count + offset <= inputBytes.Length, "offset and count must be valid");
Debug.Assert(count >=0 && count <= inputBytes.Length, "count must be valid");
Copy link
Member

@bartonjs bartonjs Mar 18, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Missing space between >= and 0.

@bartonjs
Copy link
Member

bartonjs commented Mar 18, 2016

Aside from the one missing space, the new commit looks good.

Pending changes I don't see reflected in the deferral issue:

Open questions:

I'm okay with those being deferred, if that's the plan; but the feedback shouldn't be lost. (And Steve and I had a few comments about improving the test code).

Since it was pointed out to me that while Ubuntu 14.04 OuterLoop failed previously, 3 other distros ran; so the tests have been seen to pass (e.g. http://dotnet-ci.cloudapp.net/job/dotnet_corefx/job/outerloop_ubuntu15.10_debug_tst_prtest/3/testReport/System.Net.Security.Tests/KerberosTest/), so I'm not concerned that it hasn't been tested.

As long as the other pending work/questions are tracked (or fixed) LGTM.

@kapilash
Enable NegotiateStream For Unix
facff9e 
Enabling NegotiateStream for Unix using native gssapi implementation.
The native libraries used are mit-krb5 on linux and the built-in GSS.Framework for OSX.

Also included are the tests which rely on configuring and deploying KDC on the host machine.
@kapilash
Copy link
Contributor Author

kapilash commented Mar 18, 2016

Pending changes I don't see reflected in the deferral issue:
Incorrect comment: #6469 (diff)
Bad use of var: #6469 (comment)
Unexpected usages of UnsignedCast: #6469 (comment)

These are all fixed.

Open questions:

Reassigning freshly-built struct fields: #6469 (comment)
We assert that a ** isn't null, but do we also need to inspect the value it's pointing at?: #6469 (comment), others

Updated #7031 with these and other issues. I believe I did not miss any thing now.
I am merging this.

Thanks a lot @bartonjs , @stephentoub

kapilash added a commit that referenced this pull request Mar 18, 2016
@kapilash
Merge pull request #6469 from kapilash/negotiatestream
f13855b 
Enable NegotiateStream For Unix
@kapilash kapilash merged commit f13855b into dotnet:master Mar 18, 2016
@kapilash kapilash deleted the negotiatestream branch March 18, 2016 19:56
@kapilash kapilash mentioned this pull request Mar 29, 2016
Merged
CIPop
CIPop reviewed Apr 8, 2016
View reviewed changes
src/Common/src/Interop/Windows/sspicli/NegotiationInfoClass.cs
internal class NegotiationInfoClass
internal partial class NegotiationInfoClass
{
internal const string NTLM = "NTLM";
Copy link

@CIPop CIPop Apr 8, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the reason this got separated in two? I find it odd to have a partial class only to define 3 const strings. Shouldn't we create a new class for these strings instead if they can't live here?

@roji roji mentioned this pull request May 11, 2016
Closed
@kapilash kapilash mentioned this pull request May 11, 2016
Merged
@karelz karelz modified the milestones: 1.0.0-rtm, 1.2.0 Dec 3, 2016
@karelz karelz added the os-linux Linux OS (any supported distro) label Mar 8, 2017
This was referenced Jan 31, 2020
Closed
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

area-System.Net os-linux Linux OS (any supported distro)

Projects

None yet

Milestone

1.0.0-rtm

Development

Successfully merging this pull request may close these issues.