mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.10.0.47

Browse Source 
Former-commit-id: d0813289fa2d35e1f8ed77530acb4fb1df441bc0
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2018-01-24 17:04:36 +00:00
parent 88ff76fe28
commit e46a49ecf1
5927 changed files with 226314 additions and 129848 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/AppContextDefaultValues.Default.cs
View File

@ -38,6 +38,15 @@ namespace System
LocalAppContext.DefineSwitchDefault(LocalAppContextSwitches.DisableUsingServicePointManagerSecurityProtocolsString, true);
}
if (version <= 40700)
{
// Define the switches that should be true for 4.7.0 or less, false for 4.7.1+.
LocalAppContext.DefineSwitchDefault(LocalAppContextSwitches.UseSha1InPipeConnectionGetHashAlgorithmString, true);
LocalAppContext.DefineSwitchDefault(LocalAppContextSwitches.DisableAddressHeaderCollectionValidationString, true);
LocalAppContext.DefineSwitchDefault(LocalAppContextSwitches.UseSha1InMsmqEncryptionAlgorithmString, true);
LocalAppContext.DefineSwitchDefault(LocalAppContextSwitches.DontEnableSystemDefaultTlsVersionsString, true);
}
break;
}
}

4
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/AddressHeaderCollection.cs
View File

@ -38,11 +38,11 @@ namespace System.ServiceModel.Channels
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.MessageHeaderIsNull0)));
}
}
else
else if (!LocalAppContextSwitches.DisableAddressHeaderCollectionValidation)
{
foreach (AddressHeader addressHeader in addressHeaders)
{
if (addressHeaders == null)
if (addressHeader == null)
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentException(SR.GetString(SR.MessageHeaderIsNull0)));
}
}

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/Addressing.cs
View File

@ -466,7 +466,7 @@ namespace System.ServiceModel.Channels
if (actor.Length == 0 && mustUnderstand == mustUnderstandValue && !relay)
{
if ((object)to == (object)version.Anonymous)
if ((object)to == (object)version.AnonymousUri)
{
if (version == AddressingVersion.WSAddressing10)
return AnonymousTo10;

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/HttpChannelFactory.cs
View File

@ -302,7 +302,7 @@ namespace System.ServiceModel.Channels
{
if (this.hashAlgorithm == null)
{
this.hashAlgorithm = CryptoHelper.CreateHashAlgorithm(SecurityAlgorithms.Sha1Digest);
this.hashAlgorithm = CryptoHelper.CreateHashAlgorithm(SecurityAlgorithms.Sha256Digest);
}
else
{

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/Msmq.cs
View File

@ -114,7 +114,7 @@ namespace System.ServiceModel.Channels
if (null == errorStrings)
{
#pragma warning suppress 56523 // Callers (there is only one) handle an invalid handle returned from here.
errorStrings = UnsafeNativeMethods.LoadLibrary("MQUTIL.DLL");
errorStrings = UnsafeNativeMethods.LoadLibraryEx("MQUTIL.DLL", IntPtr.Zero, UnsafeNativeMethods.LOAD_LIBRARY_AS_DATAFILE | UnsafeNativeMethods.LOAD_LIBRARY_SEARCH_SYSTEM32);
}
}
}

18
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/NamedPipeTransportBindingElement.cs
View File

@ -5,12 +5,14 @@
namespace System.ServiceModel.Channels
{
using System.Collections.Generic;
using Collections.ObjectModel;
using System.Security.Principal;
using System.ServiceModel.Activation;
public class NamedPipeTransportBindingElement : ConnectionOrientedTransportBindingElement
{
List<SecurityIdentifier> allowedUsers;
List<SecurityIdentifier> allowedUsers = new List<SecurityIdentifier>();
Collection<SecurityIdentifier> allowedUsersCollection;
NamedPipeConnectionPoolSettings connectionPoolSettings = new NamedPipeConnectionPoolSettings();
NamedPipeSettings settings = new NamedPipeSettings();
@ -24,7 +26,6 @@ namespace System.ServiceModel.Channels
{
if (elementToBeCloned.allowedUsers != null)
{
this.allowedUsers = new List<SecurityIdentifier>(elementToBeCloned.AllowedUsers.Count);
foreach (SecurityIdentifier id in elementToBeCloned.allowedUsers)
{
this.allowedUsers.Add(id);
@ -48,6 +49,19 @@ namespace System.ServiceModel.Channels
}
}
public Collection<SecurityIdentifier> AllowedSecurityIdentifiers
{
get
{
if (this.allowedUsersCollection == null)
{
this.allowedUsersCollection = new Collection<SecurityIdentifier>(this.allowedUsers);
}
return this.allowedUsersCollection;
}
}
public NamedPipeConnectionPoolSettings ConnectionPoolSettings
{
get { return this.connectionPoolSettings; }

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/PipeConnection.cs.REMOVED.git-id
View File

@ -1 +1 @@
9b1f4f0e0038ba1cd310aa71fcdbed8bd39085c6
16f89740523d779047c60efbcd0d72466c266f9c

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/SslStreamSecurityBindingElement.cs
View File

@ -68,7 +68,7 @@ namespace System.ServiceModel.Channels
}
}
[DefaultValue(TransportDefaults.SslProtocols)]
[DefaultValue(TransportDefaults.OldDefaultSslProtocols)]
public SslProtocols SslProtocols
{
get

25
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/TransportDefaults.cs
View File

@ -163,7 +163,8 @@ namespace System.ServiceModel.Channels
internal const int MaxPoolSize = 8;
internal const MsmqAuthenticationMode MsmqAuthenticationMode = System.ServiceModel.MsmqAuthenticationMode.WindowsDomain;
internal const MsmqEncryptionAlgorithm MsmqEncryptionAlgorithm = System.ServiceModel.MsmqEncryptionAlgorithm.RC4Stream;
internal const MsmqSecureHashAlgorithm MsmqSecureHashAlgorithm = System.ServiceModel.MsmqSecureHashAlgorithm.Sha1;
internal const MsmqSecureHashAlgorithm DefaultMsmqSecureHashAlgorithm = System.ServiceModel.MsmqSecureHashAlgorithm.Sha256;
internal static MsmqSecureHashAlgorithm MsmqSecureHashAlgorithm { get { return LocalAppContextSwitches.UseSha1InMsmqEncryptionAlgorithm ? MsmqSecureHashAlgorithm.Sha1 : DefaultMsmqSecureHashAlgorithm; } }
internal const ProtectionLevel MsmqProtectionLevel = ProtectionLevel.Sign;
internal const ReceiveErrorHandling ReceiveErrorHandling = System.ServiceModel.ReceiveErrorHandling.Fault;
internal const int ReceiveRetryCount = 5;
@ -202,10 +203,26 @@ namespace System.ServiceModel.Channels
internal const bool RequireClientCertificate = false;
internal const int MaxFaultSize = MaxBufferSize;
internal const int MaxSecurityFaultSize = 16384;
internal const SslProtocols OldDefaultSslProtocols = System.Security.Authentication.SslProtocols.Tls |
System.Security.Authentication.SslProtocols.Tls11 |
System.Security.Authentication.SslProtocols.Tls12;
internal const SslProtocols SslProtocols = System.Security.Authentication.SslProtocols.Tls |
System.Security.Authentication.SslProtocols.Tls11 |
System.Security.Authentication.SslProtocols.Tls12;
internal static SslProtocols SslProtocols
{
get
{
if (LocalAppContextSwitches.DontEnableSystemDefaultTlsVersions)
{
return OldDefaultSslProtocols;
}
else
{
// SslProtocols.None uses the default SSL protocol from the OS.
return System.Security.Authentication.SslProtocols.None;
}
}
}
// Calling CreateFault on an incoming message can expose some DoS-related security
// vulnerabilities when a service is in streaming mode. See MB 47592 for more details.

8
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Channels/UnsafeNativeMethods.cs
View File

@ -465,6 +465,9 @@ namespace System.ServiceModel.Channels
public const uint MAX_PATH = 260;
public const uint LOAD_LIBRARY_AS_DATAFILE = 0x00000002;
public const uint LOAD_LIBRARY_SEARCH_SYSTEM32 = 0x00000800;
[StructLayout(LayoutKind.Sequential)]
internal class SECURITY_ATTRIBUTES
{
@ -1092,6 +1095,10 @@ namespace System.ServiceModel.Channels
[ResourceExposure(ResourceScope.Process)]
internal static extern SafeLibraryHandle LoadLibrary(string libFilename);
[DllImport(KERNEL32, CharSet = CharSet.Auto, SetLastError = true)]
[ResourceExposure(ResourceScope.Process)]
internal static extern SafeLibraryHandle LoadLibraryEx(string lpModuleName, IntPtr hFile, uint dwFlags);
// On Vista and higher, check the value of the machine FIPS policy
[DllImport(BCRYPT, SetLastError = true)]
[ResourceExposure(ResourceScope.None)]
@ -1099,7 +1106,6 @@ namespace System.ServiceModel.Channels
[MarshalAs(UnmanagedType.U1), Out] out bool pfEnabled
);
#if !FEATURE_CORECLR
private static IntPtr GetCurrentProcessToken() { return new IntPtr(-4); }

4
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Configuration/MsmqTransportSecurityElement.cs
View File

@ -40,11 +40,11 @@ namespace System.ServiceModel.Configuration
set { base[ConfigurationStrings.MsmqProtectionLevel] = value; }
}
[ConfigurationProperty(ConfigurationStrings.MsmqSecureHashAlgorithm, DefaultValue = MsmqDefaults.MsmqSecureHashAlgorithm)]
[ConfigurationProperty(ConfigurationStrings.MsmqSecureHashAlgorithm)]
[ServiceModelEnumValidator(typeof(MsmqSecureHashAlgorithmHelper))]
public MsmqSecureHashAlgorithm MsmqSecureHashAlgorithm
{
get { return (MsmqSecureHashAlgorithm)base[ConfigurationStrings.MsmqSecureHashAlgorithm]; }
get { return (MsmqSecureHashAlgorithm)(base[ConfigurationStrings.MsmqSecureHashAlgorithm] ?? MsmqDefaults.MsmqSecureHashAlgorithm); }
set { base[ConfigurationStrings.MsmqSecureHashAlgorithm] = value; }
}

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Configuration/SslStreamSecurityElement.cs
View File

@ -23,7 +23,7 @@ namespace System.ServiceModel.Configuration
set { base[ConfigurationStrings.RequireClientCertificate] = value; }
}
[ConfigurationProperty(ConfigurationStrings.SslProtocols, DefaultValue = TransportDefaults.SslProtocols)]
[ConfigurationProperty(ConfigurationStrings.SslProtocols, DefaultValue = TransportDefaults.OldDefaultSslProtocols)]
[ServiceModelEnumValidator(typeof(SslProtocolsHelper))]
public SslProtocols SslProtocols
{

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Configuration/TcpTransportSecurityElement.cs
View File

@ -40,7 +40,7 @@ namespace System.ServiceModel.Configuration
private set { base[ConfigurationStrings.ExtendedProtectionPolicy] = value; }
}
[ConfigurationProperty(ConfigurationStrings.SslProtocols, DefaultValue = TransportDefaults.SslProtocols)]
[ConfigurationProperty(ConfigurationStrings.SslProtocols, DefaultValue = TransportDefaults.OldDefaultSslProtocols)]
[ServiceModelEnumValidator(typeof(SslProtocolsHelper))]
public SslProtocols SslProtocols
{

50
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/LocalAppContextSwitches.cs
View File

@ -12,15 +12,59 @@ namespace System.ServiceModel
// in 4.6 and above. So we set DisableExplicitConnectionCloseHeader to true if running 4.5.2 or less.
internal static class LocalAppContextSwitches
{
private const string DisableExplicitConnectionCloseHeaderString = "Switch.System.ServiceModel.DisableExplicitConnectionCloseHeader";
private const string AllowUnsignedToHeaderString = "Switch.System.ServiceModel.AllowUnsignedToHeader";
private const string DisableCngCertificatesString = "Switch.System.ServiceModel.DisableCngCertificates";
internal const string DisableExplicitConnectionCloseHeaderString = "Switch.System.ServiceModel.DisableExplicitConnectionCloseHeader";
internal const string AllowUnsignedToHeaderString = "Switch.System.ServiceModel.AllowUnsignedToHeader";
internal const string DisableCngCertificatesString = "Switch.System.ServiceModel.DisableCngCertificates";
internal const string DisableUsingServicePointManagerSecurityProtocolsString = "Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols";
internal const string UseSha1InPipeConnectionGetHashAlgorithmString = "Switch.System.ServiceModel.UseSha1InPipeConnectionGetHashAlgorithm";
internal const string DisableAddressHeaderCollectionValidationString = "Switch.System.ServiceModel.DisableAddressHeaderCollectionValidation";
internal const string UseSha1InMsmqEncryptionAlgorithmString = "Switch.System.ServiceModel.UseSha1InMsmqEncryptionAlgorithm";
internal const string DontEnableSystemDefaultTlsVersionsString = "Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions";
private static int disableExplicitConnectionCloseHeader;
private static int allowUnsignedToHeader;
private static int disableCngCertificates;
private static int disableUsingServicePointManagerSecurityProtocols;
private static int useSha1InPipeConnectionGetHashAlgorithm;
private static int disableAddressHeaderCollectionValidation;
private static int useSha1InMsmqEncryptionAlgorithm;
private static int dontEnableSystemDefaultTlsVersions;
public static bool DontEnableSystemDefaultTlsVersions
{
[MethodImpl(MethodImplOptions.AggressiveInlining)]
get
{
return LocalAppContext.GetCachedSwitchValue(DontEnableSystemDefaultTlsVersionsString, ref dontEnableSystemDefaultTlsVersions);
}
}
public static bool UseSha1InMsmqEncryptionAlgorithm
{
[MethodImpl(MethodImplOptions.AggressiveInlining)]
get
{
return LocalAppContext.GetCachedSwitchValue(UseSha1InMsmqEncryptionAlgorithmString, ref useSha1InMsmqEncryptionAlgorithm);
}
}
public static bool DisableAddressHeaderCollectionValidation
{
[MethodImpl(MethodImplOptions.AggressiveInlining)]
get
{
return LocalAppContext.GetCachedSwitchValue(DisableAddressHeaderCollectionValidationString, ref disableAddressHeaderCollectionValidation);
}
}
public static bool UseSha1InPipeConnectionGetHashAlgorithm
{
[MethodImpl(MethodImplOptions.AggressiveInlining)]
get
{
return LocalAppContext.GetCachedSwitchValue(UseSha1InPipeConnectionGetHashAlgorithmString, ref useSha1InPipeConnectionGetHashAlgorithm);
}
}
public static bool DisableExplicitConnectionCloseHeader
{

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/MsmqTransportSecurity.cs
View File

@ -67,7 +67,7 @@ namespace System.ServiceModel
}
}
[DefaultValue(MsmqDefaults.MsmqSecureHashAlgorithm)]
[DefaultValue(MsmqDefaults.DefaultMsmqSecureHashAlgorithm)]
public MsmqSecureHashAlgorithm MsmqSecureHashAlgorithm
{
get { return this.msmqHashAlgorithm; }

22
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Security/Tokens/WindowsUserNameCachingSecurityTokenAuthenticator.cs
View File

@ -22,7 +22,7 @@ namespace System.ServiceModel.Security.Tokens
class LogonTokenCache : TimeBoundedCache
{
const int lowWaterMarkFactor = 75;
const int saltSize = 4;
const int saltSize = 256;
TimeSpan cachedLogonTokenLifetime;
RNGCryptoServiceProvider random;
@ -99,14 +99,14 @@ namespace System.ServiceModel.Security.Tokens
public LogonToken(string userName, string password, byte[] salt, ReadOnlyCollection<IAuthorizationPolicy> authorizationPolicies)
{
this.userName = userName;
this.passwordHash = ComputeHash(password, salt);
this.passwordHash = ComputeHMACSHA256Hash(password, salt);
this.salt = salt;
this.authorizationPolicies = System.IdentityModel.SecurityUtils.CloneAuthorizationPoliciesIfNecessary(authorizationPolicies);
}
public bool PasswordEquals(string password)
{
byte[] passwordHash = ComputeHash(password, this.salt);
byte[] passwordHash = ComputeHMACSHA256Hash(password, this.salt);
return CryptoHelper.IsEqual(this.passwordHash, passwordHash);
}
@ -125,21 +125,11 @@ namespace System.ServiceModel.Security.Tokens
System.IdentityModel.SecurityUtils.DisposeAuthorizationPoliciesIfNecessary(this.authorizationPolicies);
}
static byte[] ComputeHash(string password, byte[] salt)
static byte[] ComputeHMACSHA256Hash(string password, byte[] key)
{
if (String.IsNullOrEmpty(password))
using (HMACSHA256 hmac = new HMACSHA256(key))
{
return salt;
}
byte[] bytes = Encoding.Unicode.GetBytes(password);
int saltSize = salt.Length;
for (int i = 0; i < bytes.Length; ++i)
{
bytes[i] ^= salt[i % saltSize];
}
using (HashAlgorithm hashAlgorithm = CryptoHelper.NewSha1HashAlgorithm())
{
return hashAlgorithm.ComputeHash(bytes);
return hmac.ComputeHash(Encoding.Unicode.GetBytes(password));
}
}
}

2
mcs/class/referencesource/System.ServiceModel/System/ServiceModel/TcpTransportSecurity.cs
View File

@ -81,7 +81,7 @@ namespace System.ServiceModel
}
}
[DefaultValue(TransportDefaults.SslProtocols)]
[DefaultValue(TransportDefaults.OldDefaultSslProtocols)]
public SslProtocols SslProtocols
{
get { return this.sslProtocols; }