You've already forked linux-packaging-mono
Imported Upstream version 4.3.2.467
Former-commit-id: 9c2cb47f45fa221e661ab616387c9cda183f283d
This commit is contained in:
Xamarin Public Jenkins
@@ -126,10 +126,19 @@ namespace System.ServiceModel.Channels
|
||||
|
||||
public override void Close()
|
||||
{
|
||||
this.FlushPendingBuffer();
|
||||
stream.Close();
|
||||
this.WaitForAllWritesToComplete();
|
||||
this.closed = true;
|
||||
try
|
||||
{
|
||||
if (!this.closed)
|
||||
{
|
||||
this.FlushPendingBuffer();
|
||||
stream.Close();
|
||||
this.WaitForAllWritesToComplete();
|
||||
}
|
||||
}
|
||||
finally
|
||||
{
|
||||
this.closed = true;
|
||||
}
|
||||
}
|
||||
|
||||
public override void Flush()
|
||||
|
||||
@@ -1 +1 @@
|
||||
bf44d9efe557a80fed2c9fe79388602c857ecbfa
|
||||
8187627a3c626ffd202a933cbf037c37879803d8
|
||||
@@ -26,4 +26,4 @@ namespace System.ServiceModel.Channels
|
||||
// we estimate that implementors of a custom web socket factory will find it enough too.
|
||||
public abstract WebSocket CreateWebSocket(Stream connection, WebSocketTransportSettings settings);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -35,6 +35,7 @@ namespace System.ServiceModel.Channels
|
||||
{
|
||||
static bool httpWebRequestWebPermissionDenied = false;
|
||||
static RequestCachePolicy requestCachePolicy = new RequestCachePolicy(RequestCacheLevel.BypassCache);
|
||||
static long connectionGroupNamePrefix = 0;
|
||||
|
||||
readonly ClientWebSocketFactory clientWebSocketFactory;
|
||||
|
||||
@@ -65,6 +66,7 @@ namespace System.ServiceModel.Channels
|
||||
WebSocketTransportSettings webSocketSettings;
|
||||
ConnectionBufferPool bufferPool;
|
||||
Lazy<string> webSocketSoapContentType;
|
||||
string uniqueConnectionGroupNamePrefix;
|
||||
|
||||
internal HttpChannelFactory(HttpTransportBindingElement bindingElement, BindingContext context)
|
||||
: base(bindingElement, context, HttpTransportDefaults.GetDefaultMessageEncoderFactory())
|
||||
@@ -183,6 +185,15 @@ namespace System.ServiceModel.Channels
|
||||
}
|
||||
|
||||
this.webSocketSoapContentType = new Lazy<string>(() => { return this.MessageEncoderFactory.CreateSessionEncoder().ContentType; }, LazyThreadSafetyMode.ExecutionAndPublication);
|
||||
|
||||
if (ServiceModelAppSettings.HttpTransportPerFactoryConnectionPool)
|
||||
{
|
||||
this.uniqueConnectionGroupNamePrefix = Interlocked.Increment(ref connectionGroupNamePrefix).ToString();
|
||||
}
|
||||
else
|
||||
{
|
||||
this.uniqueConnectionGroupNamePrefix = string.Empty;
|
||||
}
|
||||
}
|
||||
|
||||
public bool AllowCookies
|
||||
@@ -665,7 +676,7 @@ namespace System.ServiceModel.Channels
|
||||
}
|
||||
|
||||
string prefix = this.OnGetConnectionGroupPrefix(httpWebRequest, clientCertificateToken);
|
||||
inputString = string.Concat(prefix, inputString);
|
||||
inputString = string.Concat(this.uniqueConnectionGroupNamePrefix, prefix, inputString);
|
||||
|
||||
string credentialHash = null;
|
||||
|
||||
@@ -1170,6 +1181,7 @@ namespace System.ServiceModel.Channels
|
||||
ChannelBinding channelBinding;
|
||||
int webRequestCompleted;
|
||||
EventTraceActivity eventTraceActivity;
|
||||
const string ConnectionGroupPrefixMessagePropertyName = "HttpTransportConnectionGroupNamePrefix";
|
||||
|
||||
public HttpChannelRequest(HttpRequestChannel channel, HttpChannelFactory<IRequestChannel> factory)
|
||||
{
|
||||
@@ -1179,11 +1191,27 @@ namespace System.ServiceModel.Channels
|
||||
this.factory = factory;
|
||||
}
|
||||
|
||||
private string GetConnectionGroupPrefix(Message message)
|
||||
{
|
||||
object property;
|
||||
if (message.Properties.TryGetValue(ConnectionGroupPrefixMessagePropertyName, out property))
|
||||
{
|
||||
string prefix = property as string;
|
||||
if (prefix != null)
|
||||
{
|
||||
return prefix;
|
||||
}
|
||||
}
|
||||
|
||||
return string.Empty;
|
||||
}
|
||||
|
||||
public void SendRequest(Message message, TimeSpan timeout)
|
||||
{
|
||||
TimeoutHelper timeoutHelper = new TimeoutHelper(timeout);
|
||||
factory.ApplyManualAddressing(ref this.to, ref this.via, message);
|
||||
this.webRequest = channel.GetWebRequest(this.to, this.via, ref timeoutHelper);
|
||||
this.webRequest.ConnectionGroupName = GetConnectionGroupPrefix(message) + this.webRequest.ConnectionGroupName;
|
||||
|
||||
Message request = message;
|
||||
|
||||
|
||||
@@ -1 +1 @@
|
||||
d2389c42a4141d68294b289c4b94a4a6d24729a9
|
||||
5df21319d3d6e9046fc229fc5459ad17a351de9b
|
||||
@@ -23,7 +23,7 @@ namespace System.ServiceModel.Channels
|
||||
where TChannel : class, IChannel
|
||||
{
|
||||
readonly bool useCustomClientCertificateVerification;
|
||||
readonly bool shouldValidateClientCertificate;
|
||||
bool shouldValidateClientCertificate;
|
||||
bool useHostedClientCertificateMapping;
|
||||
bool requireClientCertificate;
|
||||
SecurityTokenAuthenticator certificateAuthenticator;
|
||||
@@ -125,6 +125,12 @@ namespace System.ServiceModel.Channels
|
||||
{
|
||||
base.ApplyHostedContext(virtualPath, isMetadataListener);
|
||||
useHostedClientCertificateMapping = AspNetEnvironment.Current.ValidateHttpsSettings(virtualPath, ref this.requireClientCertificate);
|
||||
|
||||
// We want to validate the certificate if IIS is set to require a client certificate
|
||||
if (this.requireClientCertificate)
|
||||
{
|
||||
this.shouldValidateClientCertificate = true;
|
||||
}
|
||||
}
|
||||
|
||||
internal override ITransportManagerRegistration CreateTransportManagerRegistration(Uri listenUri)
|
||||
|
||||
@@ -14,4 +14,4 @@ namespace System.ServiceModel.Channels
|
||||
IAsyncResult BeginWaitForChannel(TimeSpan timeout, AsyncCallback callback, object state);
|
||||
bool EndWaitForChannel(IAsyncResult result);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -11,4 +11,4 @@ namespace System.ServiceModel.Channels
|
||||
void EnableChannelBindingSupport();
|
||||
bool IsChannelBindingSupportEnabled { get; }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -17,4 +17,4 @@ namespace System.ServiceModel.Channels
|
||||
/// </summary>
|
||||
CookieContainer CookieContainer { get; set; }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -25,4 +25,4 @@ namespace System.ServiceModel.Channels
|
||||
|
||||
TimeSpan SendTimeout { get; }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -11,4 +11,4 @@ namespace System.ServiceModel.Channels
|
||||
ChannelBinding GetChannelBinding(StreamUpgradeInitiator upgradeInitiator, ChannelBindingKind kind);
|
||||
ChannelBinding GetChannelBinding(StreamUpgradeAcceptor upgradeAcceptor, ChannelBindingKind kind);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -507,7 +507,7 @@ namespace System.ServiceModel.Channels
|
||||
switch (header.HeaderType)
|
||||
{
|
||||
case HeaderType.BufferedMessageHeader:
|
||||
AddHeader(new Header(header.HeaderKind, CaptureBufferedHeader(collection.bufferedMessageData,
|
||||
AddHeader(new Header(header.HeaderKind, collection.CaptureBufferedHeader(collection.bufferedMessageData,
|
||||
header.HeaderInfo, headerIndex), processing));
|
||||
break;
|
||||
case HeaderType.ReadableHeader:
|
||||
|
||||
@@ -7,6 +7,7 @@ namespace System.ServiceModel.Channels
|
||||
using System.Runtime.InteropServices;
|
||||
using System.Runtime.Versioning;
|
||||
using System.Security;
|
||||
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
|
||||
|
||||
[SuppressUnmanagedCodeSecurity]
|
||||
internal static class SafeNativeMethods
|
||||
@@ -20,10 +21,19 @@ namespace System.ServiceModel.Channels
|
||||
[Out] out uint increment,
|
||||
[Out] out uint adjustmentDisabled
|
||||
);
|
||||
|
||||
|
||||
[DllImport(KERNEL32, SetLastError = true)]
|
||||
[ResourceExposure(ResourceScope.None)]
|
||||
public static extern void GetSystemTimeAsFileTime(out long time);
|
||||
private static extern void GetSystemTimeAsFileTime([Out] out FILETIME time);
|
||||
|
||||
public static void GetSystemTimeAsFileTime(out long time) {
|
||||
FILETIME fileTime;
|
||||
GetSystemTimeAsFileTime(out fileTime);
|
||||
time = 0;
|
||||
time |= (uint)fileTime.dwHighDateTime;
|
||||
time <<= sizeof(uint) * 8;
|
||||
time |= (uint)fileTime.dwLowDateTime;
|
||||
}
|
||||
|
||||
[Fx.Tag.SecurityNote(Critical = "Calls critical method GetSystemTimeAdjustment.",
|
||||
Safe = "Method is a SafeNativeMethod.")]
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
//-----------------------------------------------------------------------------
|
||||
namespace System.ServiceModel.Channels
|
||||
{
|
||||
using System.Security.Authentication;
|
||||
using System.ComponentModel;
|
||||
using System.Collections.Generic;
|
||||
using System.Net.Security;
|
||||
@@ -16,10 +17,12 @@ namespace System.ServiceModel.Channels
|
||||
{
|
||||
IdentityVerifier identityVerifier;
|
||||
bool requireClientCertificate;
|
||||
SslProtocols sslProtocols;
|
||||
|
||||
public SslStreamSecurityBindingElement()
|
||||
{
|
||||
this.requireClientCertificate = TransportDefaults.RequireClientCertificate;
|
||||
this.sslProtocols = TransportDefaults.SslProtocols;
|
||||
}
|
||||
|
||||
protected SslStreamSecurityBindingElement(SslStreamSecurityBindingElement elementToBeCloned)
|
||||
@@ -27,6 +30,7 @@ namespace System.ServiceModel.Channels
|
||||
{
|
||||
this.identityVerifier = elementToBeCloned.identityVerifier;
|
||||
this.requireClientCertificate = elementToBeCloned.requireClientCertificate;
|
||||
this.sslProtocols = elementToBeCloned.sslProtocols;
|
||||
}
|
||||
|
||||
public IdentityVerifier IdentityVerifier
|
||||
@@ -64,6 +68,20 @@ namespace System.ServiceModel.Channels
|
||||
}
|
||||
}
|
||||
|
||||
[DefaultValue(TransportDefaults.SslProtocols)]
|
||||
public SslProtocols SslProtocols
|
||||
{
|
||||
get
|
||||
{
|
||||
return this.sslProtocols;
|
||||
}
|
||||
set
|
||||
{
|
||||
SslProtocolsHelper.Validate(value);
|
||||
this.sslProtocols = value;
|
||||
}
|
||||
}
|
||||
|
||||
public override IChannelFactory<TChannel> BuildChannelFactory<TChannel>(BindingContext context)
|
||||
{
|
||||
if (context == null)
|
||||
@@ -218,7 +236,7 @@ namespace System.ServiceModel.Channels
|
||||
return false;
|
||||
}
|
||||
|
||||
return this.requireClientCertificate == ssl.requireClientCertificate;
|
||||
return this.requireClientCertificate == ssl.requireClientCertificate && this.sslProtocols == ssl.sslProtocols;
|
||||
}
|
||||
|
||||
[EditorBrowsable(EditorBrowsableState.Never)]
|
||||
|
||||
@@ -34,17 +34,19 @@ namespace System.ServiceModel.Channels
|
||||
bool requireClientCertificate;
|
||||
string scheme;
|
||||
bool enableChannelBinding;
|
||||
SslProtocols sslProtocols;
|
||||
|
||||
SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenManager clientSecurityTokenManager, bool requireClientCertificate, string scheme, IdentityVerifier identityVerifier)
|
||||
SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenManager clientSecurityTokenManager, bool requireClientCertificate, string scheme, IdentityVerifier identityVerifier, SslProtocols sslProtocols)
|
||||
: base(timeouts)
|
||||
{
|
||||
this.identityVerifier = identityVerifier;
|
||||
this.scheme = scheme;
|
||||
this.clientSecurityTokenManager = clientSecurityTokenManager;
|
||||
this.requireClientCertificate = requireClientCertificate;
|
||||
this.sslProtocols = sslProtocols;
|
||||
}
|
||||
|
||||
SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenProvider serverTokenProvider, bool requireClientCertificate, SecurityTokenAuthenticator clientCertificateAuthenticator, string scheme, IdentityVerifier identityVerifier)
|
||||
SslStreamSecurityUpgradeProvider(IDefaultCommunicationTimeouts timeouts, SecurityTokenProvider serverTokenProvider, bool requireClientCertificate, SecurityTokenAuthenticator clientCertificateAuthenticator, string scheme, IdentityVerifier identityVerifier, SslProtocols sslProtocols)
|
||||
: base(timeouts)
|
||||
{
|
||||
this.serverTokenProvider = serverTokenProvider;
|
||||
@@ -52,6 +54,7 @@ namespace System.ServiceModel.Channels
|
||||
this.clientCertificateAuthenticator = clientCertificateAuthenticator;
|
||||
this.identityVerifier = identityVerifier;
|
||||
this.scheme = scheme;
|
||||
this.sslProtocols = sslProtocols;
|
||||
}
|
||||
|
||||
public static SslStreamSecurityUpgradeProvider CreateClientProvider(
|
||||
@@ -65,7 +68,7 @@ namespace System.ServiceModel.Channels
|
||||
}
|
||||
SecurityTokenManager tokenManager = credentialProvider.CreateSecurityTokenManager();
|
||||
|
||||
return new SslStreamSecurityUpgradeProvider(context.Binding, tokenManager, bindingElement.RequireClientCertificate, context.Binding.Scheme, bindingElement.IdentityVerifier);
|
||||
return new SslStreamSecurityUpgradeProvider(context.Binding, tokenManager, bindingElement.RequireClientCertificate, context.Binding.Scheme, bindingElement.IdentityVerifier, bindingElement.SslProtocols);
|
||||
}
|
||||
|
||||
public static SslStreamSecurityUpgradeProvider CreateServerProvider(
|
||||
@@ -99,7 +102,7 @@ namespace System.ServiceModel.Channels
|
||||
TransportSecurityHelpers.GetCertificateTokenAuthenticator(tokenManager, context.Binding.Scheme, listenUri);
|
||||
|
||||
return new SslStreamSecurityUpgradeProvider(context.Binding, tokenProvider, bindingElement.RequireClientCertificate,
|
||||
certificateAuthenticator, context.Binding.Scheme, bindingElement.IdentityVerifier);
|
||||
certificateAuthenticator, context.Binding.Scheme, bindingElement.IdentityVerifier, bindingElement.SslProtocols);
|
||||
}
|
||||
|
||||
public override EndpointIdentity Identity
|
||||
@@ -164,6 +167,11 @@ namespace System.ServiceModel.Channels
|
||||
get { return this.scheme; }
|
||||
}
|
||||
|
||||
public SslProtocols SslProtocols
|
||||
{
|
||||
get { return this.sslProtocols; }
|
||||
}
|
||||
|
||||
public override T GetProperty<T>()
|
||||
{
|
||||
if (typeof(T) == typeof(IChannelBindingProvider) || typeof(T) == typeof(IStreamUpgradeChannelBindingProvider))
|
||||
@@ -589,7 +597,7 @@ namespace System.ServiceModel.Channels
|
||||
try
|
||||
{
|
||||
sslStream.AuthenticateAsServer(this.parent.ServerCertificate, this.parent.RequireClientCertificate,
|
||||
SslProtocols.Default, false);
|
||||
this.parent.SslProtocols, false);
|
||||
}
|
||||
catch (AuthenticationException exception)
|
||||
{
|
||||
@@ -703,7 +711,7 @@ namespace System.ServiceModel.Channels
|
||||
|
||||
this.sslStream = new SslStream(stream, false, this.acceptor.ValidateRemoteCertificate);
|
||||
return this.sslStream.BeginAuthenticateAsServer(this.acceptor.parent.ServerCertificate,
|
||||
this.acceptor.parent.RequireClientCertificate, SslProtocols.Default, false, callback, this);
|
||||
this.acceptor.parent.RequireClientCertificate, this.acceptor.parent.SslProtocols, false, callback, this);
|
||||
}
|
||||
|
||||
protected override Stream OnCompleteAuthenticateAsServer(IAsyncResult result)
|
||||
@@ -910,7 +918,7 @@ namespace System.ServiceModel.Channels
|
||||
SslStream sslStream = new SslStream(stream, false, this.ValidateRemoteCertificate, selectionCallback);
|
||||
try
|
||||
{
|
||||
sslStream.AuthenticateAsClient(string.Empty, clientCertificates, SslProtocols.Default, false);
|
||||
sslStream.AuthenticateAsClient(string.Empty, clientCertificates, this.parent.SslProtocols, false);
|
||||
}
|
||||
catch (SecurityTokenValidationException tokenValidationException)
|
||||
{
|
||||
@@ -995,7 +1003,7 @@ namespace System.ServiceModel.Channels
|
||||
try
|
||||
{
|
||||
return this.sslStream.BeginAuthenticateAsClient(string.Empty, this.clientCertificates,
|
||||
SslProtocols.Default, false, callback, this);
|
||||
this.initiator.parent.SslProtocols, false, callback, this);
|
||||
}
|
||||
catch (SecurityTokenValidationException tokenValidationException)
|
||||
{
|
||||
|
||||
@@ -8,6 +8,7 @@ namespace System.ServiceModel.Channels
|
||||
using System.Net.Security;
|
||||
using System.Net.WebSockets;
|
||||
using System.Runtime;
|
||||
using System.Security.Authentication;
|
||||
using System.Security.Principal;
|
||||
using System.ServiceModel;
|
||||
using System.ServiceModel.Dispatcher;
|
||||
@@ -201,6 +202,10 @@ namespace System.ServiceModel.Channels
|
||||
internal const bool RequireClientCertificate = false;
|
||||
internal const int MaxFaultSize = MaxBufferSize;
|
||||
internal const int MaxSecurityFaultSize = 16384;
|
||||
internal const SslProtocols SslProtocols = System.Security.Authentication.SslProtocols.Ssl3 |
|
||||
System.Security.Authentication.SslProtocols.Tls |
|
||||
System.Security.Authentication.SslProtocols.Tls11 |
|
||||
System.Security.Authentication.SslProtocols.Tls12;
|
||||
|
||||
// Calling CreateFault on an incoming message can expose some DoS-related security
|
||||
// vulnerabilities when a service is in streaming mode. See MB 47592 for more details.
|
||||
|
||||
@@ -1099,6 +1099,12 @@ namespace System.ServiceModel.Channels
|
||||
[MarshalAs(UnmanagedType.U1), Out] out bool pfEnabled
|
||||
);
|
||||
|
||||
|
||||
#if !FEATURE_CORECLR
|
||||
// On CoreCLR this is not the way to determine if a process is a tailored application (which means APPX).
|
||||
// On CoreCLR AppX is determined by a flag past to the host which is exposed by AppDomain.IsAppXProcess in mscorlib.
|
||||
// The reason for this if-def is to ensure nobody takes a dependency on this on CoreCLR.
|
||||
|
||||
// AppModel.h functions (Win8+)
|
||||
[DllImport(KERNEL32, CharSet = CharSet.None, EntryPoint = "GetCurrentPackageId")]
|
||||
[SecurityCritical]
|
||||
@@ -1128,6 +1134,7 @@ namespace System.ServiceModel.Channels
|
||||
/// Indicates weather the running application is an immersive (or modern) Windows 8 (or later) application.
|
||||
/// </summary>
|
||||
internal static Lazy<bool> IsTailoredApplication = new Lazy<bool>(() => _IsTailoredApplication());
|
||||
#endif //!FEATURE_CORECLR
|
||||
}
|
||||
|
||||
[SuppressUnmanagedCodeSecurity]
|
||||
|
||||
@@ -664,7 +664,7 @@ namespace System.ServiceModel.Channels
|
||||
new ArraySegment<byte>(internalBuffer, receivedByteCount, internalBuffer.Length - receivedByteCount),
|
||||
CancellationToken.None);
|
||||
|
||||
await receiveTask.ContinueOnCapturedContextFlow<WebSocketReceiveResult>();
|
||||
await receiveTask.ConfigureAwait(false);
|
||||
|
||||
result = receiveTask.Result;
|
||||
this.CheckCloseStatus(result);
|
||||
@@ -847,7 +847,8 @@ namespace System.ServiceModel.Channels
|
||||
if (this.streamWaitTask != null)
|
||||
{
|
||||
//// Wait until the previous stream message finished.
|
||||
await this.streamWaitTask.Task.ContinueOnCapturedContextFlow<object>();
|
||||
|
||||
await this.streamWaitTask.Task.ConfigureAwait(false);
|
||||
}
|
||||
|
||||
this.streamWaitTask = new TaskCompletionSource<object>();
|
||||
@@ -857,7 +858,7 @@ namespace System.ServiceModel.Channels
|
||||
{
|
||||
if (!this.useStreaming)
|
||||
{
|
||||
await this.ReadBufferedMessageAsync();
|
||||
await this.ReadBufferedMessageAsync().ConfigureAwait(false);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -875,7 +876,8 @@ namespace System.ServiceModel.Channels
|
||||
Task<WebSocketReceiveResult> receiveTask = this.webSocket.ReceiveAsync(
|
||||
new ArraySegment<byte>(buffer, 0, this.receiveBufferSize),
|
||||
CancellationToken.None);
|
||||
await receiveTask.ContinueOnCapturedContextFlow<WebSocketReceiveResult>();
|
||||
|
||||
await receiveTask.ConfigureAwait(false);
|
||||
|
||||
WebSocketReceiveResult result = receiveTask.Result;
|
||||
this.CheckCloseStatus(result);
|
||||
|
||||
Reference in New Issue
Block a user