Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

Fix SqlClient Kerberos on Linux#36513

Merged
davidsh merged 1 commit intodotnet:masterfrom
davidsh:sqlclient_kerb_fix
Apr 1, 2019
Merged

Fix SqlClient Kerberos on Linux#36513
davidsh merged 1 commit intodotnet:masterfrom
davidsh:sqlclient_kerb_fix

Conversation

@davidsh
Copy link
Contributor

@davidsh davidsh commented Mar 31, 2019

This PR is a follow-up to PR #36329. In that previous PR, I changed to use the
GSS_C_NT_HOSTBASED_SERVICE format for the SPN. That requires using a '@' separator
character instead of a "/". I had assumed since System.Data.SqlClient was including
the source files from Common for SafeDeleteNegoContext.cs that it would have the
corresponding change to use the proper separator character. However, it appears that
the file was only included to get the project building. It was using a separate file
to calculate the SPN.

The customer requiring these fixes reported that Kerberos was working properly now
for HttpClient and NegotiateStream. But SqlClient was still broken.

This PR completes the fix so that SqlClient will work properly with Kerberos especially
in multiple domain/realm environments. This fix was manually tested in the enterprise
scenario test lab.

@davidsh
Fix SqlClient Kerberos on Linux
1c32076 
This PR is a follow-up to PR dotnet#36329. In that previous PR, I changed to use the
GSS_C_NT_HOSTBASED_SERVICE format for the SPN. That requires using a '@' separator
character instead of a "/". I had assumed since System.Data.SqlClient was including
the source files from Common for SafeDeleteNegoContext.cs that it would have the
corresponding change to use the proper separator character. However, it appears that
the file was only included to get the project building. It was using a separate file
to calculate the SPN.

The customer requiring these fixes reported that Kerberos was working properly now
for HttpClient and NegotiateStream. But SqlClient was still broken.

This PR completes the fix so that SqlClient will work properly with Kerberos especially
in multiple domain/realm environments. This fix was manually tested in the enterprise
scenario test lab.
@davidsh davidsh added this to the 3.0 milestone Mar 31, 2019
@davidsh davidsh self-assigned this Mar 31, 2019
@davidsh
Copy link
Contributor Author

davidsh commented Mar 31, 2019

/azp run corefx-outerloop-windows

@davidsh
Copy link
Contributor Author

davidsh commented Mar 31, 2019

/azp run corefx-outerloop-linux

@azure-pipelines
Copy link

azure-pipelines bot commented Mar 31, 2019

Azure Pipelines successfully started running 1 pipeline(s).

1 similar comment
@azure-pipelines
Copy link

azure-pipelines bot commented Mar 31, 2019

Azure Pipelines successfully started running 1 pipeline(s).

@davidsh davidsh added the tenet-compatibility Incompatibility with previous versions or .NET Framework label Mar 31, 2019
wfurt
wfurt approved these changes Apr 1, 2019
View reviewed changes
Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@davidsh davidsh merged commit 78c4c8b into dotnet:master Apr 1, 2019
@davidsh davidsh deleted the sqlclient_kerb_fix branch April 1, 2019 04:17
picenka21 pushed a commit to picenka21/runtime that referenced this pull request Feb 18, 2022
@davidsh
Fix SqlClient Kerberos on Linux (dotnet/corefx#36513)
c65820c 
This PR is a follow-up to PR dotnet/corefx#36329. In that previous PR, I changed to use the
GSS_C_NT_HOSTBASED_SERVICE format for the SPN. That requires using a '@' separator
character instead of a "/". I had assumed since System.Data.SqlClient was including
the source files from Common for SafeDeleteNegoContext.cs that it would have the
corresponding change to use the proper separator character. However, it appears that
the file was only included to get the project building. It was using a separate file
to calculate the SPN.

The customer requiring these fixes reported that Kerberos was working properly now
for HttpClient and NegotiateStream. But SqlClient was still broken.

This PR completes the fix so that SqlClient will work properly with Kerberos especially
in multiple domain/realm environments. This fix was manually tested in the enterprise
scenario test lab.

Commit migrated from dotnet/corefx@78c4c8b
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@saurabh500 saurabh500 saurabh500 approved these changes

@stephentoub stephentoub stephentoub approved these changes

@wfurt wfurt wfurt approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@davidsh davidsh

Labels

area-System.Data.SqlClient tenet-compatibility Incompatibility with previous versions or .NET Framework

Projects

None yet

Milestone

3.0

Development

Successfully merging this pull request may close these issues.

4 participants

@davidsh @saurabh500 @stephentoub @wfurt