mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 5.10.0.47

Browse Source 
Former-commit-id: d0813289fa2d35e1f8ed77530acb4fb1df441bc0
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
2018-01-24 17:04:36 +00:00
parent 88ff76fe28
commit e46a49ecf1
5927 changed files with 226314 additions and 129848 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
mcs/class/referencesource/System.Web/Security/Cryptography/CryptoAlgorithms.cs
View File

@@ -81,6 +81,14 @@ namespace System.Web.Security.Cryptography {
return new SHA256Cng();
}
internal static SHA384 CreateSHA384() {
return new SHA384Cng();
}
internal static SHA512 CreateSHA512() {
return new SHA512Cng();
}
[SuppressMessage("Microsoft.Cryptographic.Standard", "CA5353:TripleDESCannotBeUsed", Justification = @"This is only used by legacy code; new features do not use this algorithm.")]
[Obsolete("3DES is deprecated and MUST NOT be used by new features. Consider using AES instead.")]
internal static TripleDES CreateTripleDES() {

15
mcs/class/referencesource/System.Web/Security/FormsAuthentication.cs
View File

@@ -63,6 +63,12 @@ namespace System.Web.Security {
hashAlgorithm = CryptoAlgorithms.CreateSHA1();
else if (StringUtil.EqualsIgnoreCase(passwordFormat, "md5"))
hashAlgorithm = CryptoAlgorithms.CreateMD5();
else if (StringUtil.EqualsIgnoreCase(passwordFormat, "sha256"))
hashAlgorithm = CryptoAlgorithms.CreateSHA256();
else if (StringUtil.EqualsIgnoreCase(passwordFormat, "sha384"))
hashAlgorithm = CryptoAlgorithms.CreateSHA384();
else if (StringUtil.EqualsIgnoreCase(passwordFormat, "sha512"))
hashAlgorithm = CryptoAlgorithms.CreateSHA512();
else
throw new ArgumentException(SR.GetString(SR.InvalidArgumentValue, "passwordFormat"));
@@ -346,6 +352,15 @@ namespace System.Web.Security {
#pragma warning disable 618 // HashPasswordForStorignInConfigFile is now obsolete
switch (settings.Forms.Credentials.PasswordFormat)
{
case FormsAuthPasswordFormat.SHA256:
encPassword = HashPasswordForStoringInConfigFile(password, "sha256");
break;
case FormsAuthPasswordFormat.SHA384:
encPassword = HashPasswordForStoringInConfigFile(password, "sha384");
break;
case FormsAuthPasswordFormat.SHA512:
encPassword = HashPasswordForStoringInConfigFile(password, "sha512");
break;
case FormsAuthPasswordFormat.SHA1:
encPassword = HashPasswordForStoringInConfigFile(password, "sha1");
break;

29
mcs/class/referencesource/System.Web/Security/Membership.cs
View File

@@ -399,6 +399,13 @@ namespace System.Web.Security {
MembershipSection settings = appConfig.Membership;
generalSettingsInitialized = InitializeSettings(initializeGeneralSettings, appConfig, settings);
defaultProviderInitialized = InitializeDefaultProvider(initializeDefaultProvider, settings);
// VSO #265267 log warning in event log when using clear password and encrypted password in Membership provider
// VSO #433626 In order to minimize the behavior change, we are going to read the password format from the config settings only instead of getting from the provider class
// Also allow user to opt-out this feature.
if (AppSettings.LogMembershipPasswordFormatWarning) {
CheckedPasswordFormat(settings);
}
} catch (Exception e) {
s_InitializeException = e;
throw;
@@ -412,23 +419,23 @@ namespace System.Web.Security {
if (defaultProviderInitialized) {
s_InitializedDefaultProvider = true;
}
// VSO #265267 log warning in event log when using clear password and encrypted password in Membership provider
// VSO #366114 Move this to only after the initialization has fully completed.
if (s_Initialized && s_InitializedDefaultProvider) {
CheckedPasswordFormat(s_Providers);
}
}
}
// VSO #265267 we want to log a warning in the event log, whenever detect using clear password or encrypted password formats settings in Membership provider
private static void CheckedPasswordFormat(MembershipProviderCollection providers) {
// VSO #433626 In order to minimize the behavior change, we are going to read the password format from the config settings only instead of getting from the provider class
private static void CheckedPasswordFormat(MembershipSection settings) {
//VSO #294931 Since this is an optional feature, we want to prevent any corner cases that were not able to return the password format. In those cases, we will just do nothing and not log any warnings.
try {
foreach (MembershipProvider p in providers) {
if (p != null && (p.PasswordFormat == MembershipPasswordFormat.Clear || p.PasswordFormat == MembershipPasswordFormat.Encrypted)) {
string providerName = p.Name ?? string.Empty;
WebBaseEvent.RaiseRuntimeError(new ConfigurationErrorsException(SR.GetString(SR.MembershipPasswordFormat_Obsoleted, providerName, p.PasswordFormat)), typeof(MembershipProvider));
if (settings != null && settings.Providers != null) {
foreach (ProviderSettings ps in settings.Providers) {
if (ps != null && ps.Parameters != null) {
string passwordFormat = ps.Parameters["passwordFormat"];
if (StringUtil.EqualsIgnoreCase(passwordFormat, "Clear") || StringUtil.EqualsIgnoreCase(passwordFormat, "Encrypted")) {
string providerName = ps.Name ?? string.Empty;
WebBaseEvent.RaiseRuntimeError(new ConfigurationErrorsException(SR.GetString(SR.MembershipPasswordFormat_Obsoleted, providerName, passwordFormat)), typeof(MembershipProvider));
}
}
}
}
}