From d79ebf5499583d4280d9a65ef2e83b89862bd0cc Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Mon, 27 Nov 2023 17:30:25 +0100 Subject: [PATCH 1/8] Use managed ntlm on linux-bionic --- .../src/System/Net/NegotiateAuthenticationPal.Unix.cs | 9 ++++++--- .../tests/UnitTests/NegotiateAuthenticationTests.cs | 5 +---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index f200e11ca4c43..e52e82cb11e01 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -22,7 +22,8 @@ internal partial class NegotiateAuthenticationPal private static bool UseManagedNtlm { get; } = AppContext.TryGetSwitch("System.Net.Security.UseManagedNtlm", out bool useManagedNtlm) ? useManagedNtlm : - OperatingSystem.IsMacOS() || OperatingSystem.IsIOS() || OperatingSystem.IsMacCatalyst(); + OperatingSystem.IsMacOS() || OperatingSystem.IsIOS() || OperatingSystem.IsMacCatalyst() || + (OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase)); public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOptions clientOptions) { @@ -559,7 +560,8 @@ private NegotiateAuthenticationStatusCode InitializeSecurityContext( { if (NetEventSource.Log.IsEnabled()) { - string protocol = _packageType switch { + string protocol = _packageType switch + { Interop.NetSecurityNative.PackageType.NTLM => "NTLM", Interop.NetSecurityNative.PackageType.Kerberos => "Kerberos", _ => "SPNEGO" @@ -635,7 +637,8 @@ private NegotiateAuthenticationStatusCode InitializeSecurityContext( { if (NetEventSource.Log.IsEnabled()) { - string protocol = _packageType switch { + string protocol = _packageType switch + { Interop.NetSecurityNative.PackageType.NTLM => "NTLM", Interop.NetSecurityNative.PackageType.Kerberos => "Kerberos", _ => isNtlmUsed ? "SPNEGO-NTLM" : "SPNEGO-Kerberos" diff --git a/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs b/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs index e2a092ba5e7af..56d86c06b51e2 100644 --- a/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs +++ b/src/libraries/System.Net.Security/tests/UnitTests/NegotiateAuthenticationTests.cs @@ -32,7 +32,6 @@ public void Constructor_Overloads_Validation() } [Fact] - [SkipOnPlatform(TestPlatforms.LinuxBionic, "https://github.com/dotnet/runtime/issues/93104")] public void RemoteIdentity_ThrowsOnUnauthenticated() { NegotiateAuthenticationClientOptions clientOptions = new NegotiateAuthenticationClientOptions { Credential = s_testCredentialRight, TargetName = "HTTP/foo" }; @@ -66,7 +65,6 @@ public void RemoteIdentity_ThrowsOnDisposed() } [Fact] - [SkipOnPlatform(TestPlatforms.LinuxBionic, "https://github.com/dotnet/runtime/issues/93104")] public void Package_Unsupported() { NegotiateAuthenticationClientOptions clientOptions = new NegotiateAuthenticationClientOptions { Package = "INVALID", Credential = s_testCredentialRight, TargetName = "HTTP/foo" }; @@ -98,7 +96,6 @@ public void Package_Unsupported_NTLM() [Fact] [SkipOnPlatform(TestPlatforms.Windows, "The test is specific to GSSAPI / Managed implementations of NegotiateAuthentication")] - [SkipOnPlatform(TestPlatforms.LinuxBionic, "https://github.com/dotnet/runtime/issues/93104")] public void DefaultNetworkCredentials_NTLM_DoesNotThrow() { NegotiateAuthenticationClientOptions clientOptions = new NegotiateAuthenticationClientOptions { Package = "NTLM", Credential = CredentialCache.DefaultNetworkCredentials, TargetName = "HTTP/foo" }; @@ -169,7 +166,7 @@ public static IEnumerable TestCredentials() yield return new object[] { new NetworkCredential("rightusername", "rightpassword") }; yield return new object[] { new NetworkCredential("rightusername", "rightpassword", "rightdomain") }; yield return new object[] { new NetworkCredential("rightusername@rightdomain.com", "rightpassword") }; - } + } [ConditionalTheory(nameof(IsNtlmAvailable))] [MemberData(nameof(TestCredentials))] From 415c61ae517fc208788be0edba9b728665ec3333 Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Tue, 28 Nov 2023 12:39:07 +0100 Subject: [PATCH 2/8] Fix failing unit test --- .../Common/tests/System/Net/Capability.Security.Unix.cs | 7 ++++--- .../src/System/Net/NegotiateAuthenticationPal.Unix.cs | 9 +++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs index 3e08ee08a837a..1928edd9f2f3f 100644 --- a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs +++ b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs @@ -7,9 +7,10 @@ public static partial class Capability { public static bool IsNtlmInstalled() { - // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to - // all supported distributions. The second part of the check should be removed when it does. - return Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); + return System.Net.NegotiateAuthenticationPal.UseManagedNtlm || + // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to + // all supported distributions. The second part of the check should be removed when it does. + Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); } } } diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index e52e82cb11e01..de666fedc5afe 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -470,6 +470,15 @@ private static Interop.NetSecurityNative.PackageType GetPackageType(string packa else { // Native shim currently supports only NTLM, Negotiate and Kerberos + + if (UseManagedNtlm) + { + // use constructor taking the message as it does not + // call into libSystem.Net.Security.Native which may be + // unavailable on platforms using Managed NTLM implementation + throw new Interop.NetSecurityNative.GssApiException(SR.Format(SR.net_gssapi_operation_failed_majoronly, Interop.NetSecurityNative.Status.GSS_S_UNAVAILABLE.ToString("x"))); + } + throw new Interop.NetSecurityNative.GssApiException(Interop.NetSecurityNative.Status.GSS_S_UNAVAILABLE, 0); } } From ddf00d4523eccc5ced51ffb00d1e8a454497d6ae Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Tue, 28 Nov 2023 12:48:03 +0100 Subject: [PATCH 3/8] Fix compilation --- .../Common/tests/System/Net/Capability.Security.Unix.cs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs index 1928edd9f2f3f..3e08ee08a837a 100644 --- a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs +++ b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs @@ -7,10 +7,9 @@ public static partial class Capability { public static bool IsNtlmInstalled() { - return System.Net.NegotiateAuthenticationPal.UseManagedNtlm || - // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to - // all supported distributions. The second part of the check should be removed when it does. - Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); + // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to + // all supported distributions. The second part of the check should be removed when it does. + return Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); } } } From 6b21cb12b5177d56053bb30073c326dba268e494 Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Tue, 28 Nov 2023 13:51:33 +0100 Subject: [PATCH 4/8] Enable more tests on ubuntu-bionic --- .../Interop.GssApiException.cs | 8 +++++- .../System/Net/Capability.Security.Unix.cs | 11 +++++--- .../Net/NegotiateAuthenticationPal.Unix.cs | 26 ++++++++++++------- 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.GssApiException.cs b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.GssApiException.cs index e99d957778808..45dc7c9325a47 100644 --- a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.GssApiException.cs +++ b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.GssApiException.cs @@ -71,13 +71,19 @@ private static string GetGssApiDisplayStatus(Status majorStatus, Status minorSta private static string? GetGssApiDisplayStatus(Status status, bool isMinor) { + if (!System.Net.NegotiateAuthenticationPal.HasSystemNetSecurityNative) + { + // avoid calling into libSystem.Net.Security.Native. + return null; + } + GssBuffer displayBuffer = default(GssBuffer); try { Interop.NetSecurityNative.Status minStat; Interop.NetSecurityNative.Status displayCallStatus = isMinor ? - DisplayMinorStatus(out minStat, status, ref displayBuffer): + DisplayMinorStatus(out minStat, status, ref displayBuffer) : DisplayMajorStatus(out minStat, status, ref displayBuffer); return (Status.GSS_S_COMPLETE != displayCallStatus) ? null : Marshal.PtrToStringUTF8(displayBuffer._data); } diff --git a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs index 3e08ee08a837a..09fdff79c35b0 100644 --- a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs +++ b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs @@ -1,15 +1,20 @@ // Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. +using System.Runtime.InteropServices; + namespace System.Net.Test.Common { public static partial class Capability { public static bool IsNtlmInstalled() { - // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to - // all supported distributions. The second part of the check should be removed when it does. - return Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); + return + // Linux bionic uses managed NTLM implementation + OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase) || + // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to + // all supported distributions. The second part of the check should be removed when it does. + Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); } } } diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index de666fedc5afe..710160481a108 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -19,6 +19,8 @@ namespace System.Net { internal partial class NegotiateAuthenticationPal { + private static readonly Lazy _hasSystemNetSecurityNative = new Lazy(CheckHasSystemNetSecurityNative); + internal static bool HasSystemNetSecurityNative => _hasSystemNetSecurityNative.Value; private static bool UseManagedNtlm { get; } = AppContext.TryGetSwitch("System.Net.Security.UseManagedNtlm", out bool useManagedNtlm) ? useManagedNtlm : @@ -35,7 +37,7 @@ public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOpt return ManagedNtlmNegotiateAuthenticationPal.Create(clientOptions); case NegotiationInfoClass.Negotiate: - return new ManagedSpnegoNegotiateAuthenticationPal(clientOptions, supportKerberos: true); + return new ManagedSpnegoNegotiateAuthenticationPal(clientOptions, supportKerberos: HasSystemNetSecurityNative); } } @@ -470,15 +472,6 @@ private static Interop.NetSecurityNative.PackageType GetPackageType(string packa else { // Native shim currently supports only NTLM, Negotiate and Kerberos - - if (UseManagedNtlm) - { - // use constructor taking the message as it does not - // call into libSystem.Net.Security.Native which may be - // unavailable on platforms using Managed NTLM implementation - throw new Interop.NetSecurityNative.GssApiException(SR.Format(SR.net_gssapi_operation_failed_majoronly, Interop.NetSecurityNative.Status.GSS_S_UNAVAILABLE.ToString("x"))); - } - throw new Interop.NetSecurityNative.GssApiException(Interop.NetSecurityNative.Status.GSS_S_UNAVAILABLE, 0); } } @@ -776,5 +769,18 @@ internal static NegotiateAuthenticationStatusCode GetErrorCode(Interop.NetSecuri } } } + + public static bool CheckHasSystemNetSecurityNative() + { + try + { + return Interop.NetSecurityNative.IsNtlmInstalled(); + } + catch (Exception e) when (e is EntryPointNotFoundException || e is DllNotFoundException || e is TypeInitializationException) + { + // libSystem.Net.Security.Native is not available + return false; + } + } } } From 82c1136afd6eb7e8c650ca776b45b717d42fb2e3 Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Wed, 29 Nov 2023 10:43:31 +0100 Subject: [PATCH 5/8] Change runtime identifier check to regex --- .../Common/tests/System/Net/Capability.Security.Unix.cs | 3 ++- .../System.Net.Security/src/System.Net.Security.csproj | 1 + .../src/System/Net/NegotiateAuthenticationPal.Unix.cs | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs index 09fdff79c35b0..778cdf04b218e 100644 --- a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs +++ b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Runtime.InteropServices; +using System.Text.RegularExpressions; namespace System.Net.Test.Common { @@ -11,7 +12,7 @@ public static bool IsNtlmInstalled() { return // Linux bionic uses managed NTLM implementation - OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase) || + OperatingSystem.IsLinux() && Regex.IsMatch(RuntimeInformation.RuntimeIdentifier, "^linux-bionic(-.*)?$", RegexOptions.CultureInvariant | RegexOptions.NonBacktracking | RegexOptions.ExplicitCapture) || // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to // all supported distributions. The second part of the check should be removed when it does. Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj index 9a7fd09fd88b1..5cb0ddcdad099 100644 --- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj +++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj @@ -462,6 +462,7 @@ + diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index 710160481a108..88cfdf104b166 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -13,6 +13,7 @@ using System.Security.Authentication.ExtendedProtection; using System.Security.Principal; using System.Text; +using System.Text.RegularExpressions; using Microsoft.Win32.SafeHandles; namespace System.Net @@ -25,7 +26,7 @@ internal partial class NegotiateAuthenticationPal AppContext.TryGetSwitch("System.Net.Security.UseManagedNtlm", out bool useManagedNtlm) ? useManagedNtlm : OperatingSystem.IsMacOS() || OperatingSystem.IsIOS() || OperatingSystem.IsMacCatalyst() || - (OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase)); + (OperatingSystem.IsLinux() && Regex.IsMatch(RuntimeInformation.RuntimeIdentifier, "^linux-bionic(-.*)?$", RegexOptions.CultureInvariant | RegexOptions.NonBacktracking | RegexOptions.ExplicitCapture)); public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOptions clientOptions) { From 19dd5ed6bca1a66b67345569516643482601e53e Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Wed, 29 Nov 2023 10:53:23 +0100 Subject: [PATCH 6/8] Revert "Change runtime identifier check to regex" This reverts commit 82c1136afd6eb7e8c650ca776b45b717d42fb2e3. --- .../Common/tests/System/Net/Capability.Security.Unix.cs | 3 +-- .../System.Net.Security/src/System.Net.Security.csproj | 1 - .../src/System/Net/NegotiateAuthenticationPal.Unix.cs | 3 +-- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs index 778cdf04b218e..09fdff79c35b0 100644 --- a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs +++ b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs @@ -2,7 +2,6 @@ // The .NET Foundation licenses this file to you under the MIT license. using System.Runtime.InteropServices; -using System.Text.RegularExpressions; namespace System.Net.Test.Common { @@ -12,7 +11,7 @@ public static bool IsNtlmInstalled() { return // Linux bionic uses managed NTLM implementation - OperatingSystem.IsLinux() && Regex.IsMatch(RuntimeInformation.RuntimeIdentifier, "^linux-bionic(-.*)?$", RegexOptions.CultureInvariant | RegexOptions.NonBacktracking | RegexOptions.ExplicitCapture) || + OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase) || // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to // all supported distributions. The second part of the check should be removed when it does. Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj index 5cb0ddcdad099..9a7fd09fd88b1 100644 --- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj +++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj @@ -462,7 +462,6 @@ - diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index 88cfdf104b166..710160481a108 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -13,7 +13,6 @@ using System.Security.Authentication.ExtendedProtection; using System.Security.Principal; using System.Text; -using System.Text.RegularExpressions; using Microsoft.Win32.SafeHandles; namespace System.Net @@ -26,7 +25,7 @@ internal partial class NegotiateAuthenticationPal AppContext.TryGetSwitch("System.Net.Security.UseManagedNtlm", out bool useManagedNtlm) ? useManagedNtlm : OperatingSystem.IsMacOS() || OperatingSystem.IsIOS() || OperatingSystem.IsMacCatalyst() || - (OperatingSystem.IsLinux() && Regex.IsMatch(RuntimeInformation.RuntimeIdentifier, "^linux-bionic(-.*)?$", RegexOptions.CultureInvariant | RegexOptions.NonBacktracking | RegexOptions.ExplicitCapture)); + (OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase)); public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOptions clientOptions) { From c83777830ad67875ca36d6580baa3164bf158602 Mon Sep 17 00:00:00 2001 From: Radek Zikmund Date: Wed, 29 Nov 2023 10:53:50 +0100 Subject: [PATCH 7/8] add hyphen to startswith --- .../Common/tests/System/Net/Capability.Security.Unix.cs | 2 +- .../src/System/Net/NegotiateAuthenticationPal.Unix.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs index 09fdff79c35b0..a7da2a905b078 100644 --- a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs +++ b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs @@ -11,7 +11,7 @@ public static bool IsNtlmInstalled() { return // Linux bionic uses managed NTLM implementation - OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase) || + OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic-", StringComparison.OrdinalIgnoreCase) || // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to // all supported distributions. The second part of the check should be removed when it does. Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3); diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index 710160481a108..d3b39321b12bf 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -25,7 +25,7 @@ internal partial class NegotiateAuthenticationPal AppContext.TryGetSwitch("System.Net.Security.UseManagedNtlm", out bool useManagedNtlm) ? useManagedNtlm : OperatingSystem.IsMacOS() || OperatingSystem.IsIOS() || OperatingSystem.IsMacCatalyst() || - (OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic", StringComparison.OrdinalIgnoreCase)); + (OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic-", StringComparison.OrdinalIgnoreCase)); public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOptions clientOptions) { From 1ede5678375f23cd32a6f78861a145a0798f6085 Mon Sep 17 00:00:00 2001 From: Radek Zikmund <32671551+rzikm@users.noreply.github.com> Date: Wed, 29 Nov 2023 14:03:24 +0100 Subject: [PATCH 8/8] Update src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs Co-authored-by: Adeel Mujahid <3840695+am11@users.noreply.github.com> --- .../Common/tests/System/Net/Capability.Security.Unix.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs index a7da2a905b078..bad2ddd2dd73f 100644 --- a/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs +++ b/src/libraries/Common/tests/System/Net/Capability.Security.Unix.cs @@ -11,7 +11,7 @@ public static bool IsNtlmInstalled() { return // Linux bionic uses managed NTLM implementation - OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic-", StringComparison.OrdinalIgnoreCase) || + (OperatingSystem.IsLinux() && RuntimeInformation.RuntimeIdentifier.StartsWith("linux-bionic-", StringComparison.Ordinal)) || // GSS on Linux does not work with OpenSSL 3.0. Fix was submitted to gss-ntlm but it will take a while to make to // all supported distributions. The second part of the check should be removed when it does. Interop.NetSecurityNative.IsNtlmInstalled() && (!PlatformDetection.IsOpenSslSupported || PlatformDetection.OpenSslVersion.Major < 3);