From 4e4d5e5b32ce4ea1fa9831ea2e7baa35cc3f839a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 09:42:55 +0000 Subject: [PATCH 1/4] Initial plan From ff153bd5f9db42398b39a0956edaf0059d267762 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 10:03:12 +0000 Subject: [PATCH 2/4] Remove stderr logging from pal_gssapi.c, add NetEventSource.Error logging in managed code Agent-Logs-Url: https://github.com/dotnet/runtime/sessions/9153c03c-ec0e-4f65-b140-ed29f159d0f9 Co-authored-by: rzikm <32671551+rzikm@users.noreply.github.com> --- .../System/Net/NegotiateAuthenticationPal.Unix.cs | 13 +++++++++++++ .../libs/System.Net.Security.Native/pal_gssapi.c | 6 +++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index 475483944f84a3..50d456ed29d384 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -55,6 +55,12 @@ public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOpt // GSSAPI shim may not be available on some platforms (Linux Bionic) return new UnsupportedNegotiateAuthenticationPal(clientOptions); } + catch (TypeInitializationException tie) + { + // GSSAPI native library (e.g. libgssapi_krb5) may not be available on the system + if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, tie); + return new UnsupportedNegotiateAuthenticationPal(clientOptions); + } } public static NegotiateAuthenticationPal Create(NegotiateAuthenticationServerOptions serverOptions) @@ -78,6 +84,12 @@ public static NegotiateAuthenticationPal Create(NegotiateAuthenticationServerOpt // GSSAPI shim may not be available on some platforms (Linux Bionic) return new UnsupportedNegotiateAuthenticationPal(serverOptions); } + catch (TypeInitializationException tie) + { + // GSSAPI native library (e.g. libgssapi_krb5) may not be available on the system + if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, tie); + return new UnsupportedNegotiateAuthenticationPal(serverOptions); + } } internal sealed class UnixNegotiateAuthenticationPal : NegotiateAuthenticationPal @@ -774,6 +786,7 @@ public static bool CheckHasSystemNetSecurityNative() } catch (Exception e) when (e is EntryPointNotFoundException || e is DllNotFoundException || e is TypeInitializationException) { + if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, e); // libSystem.Net.Security.Native is not available return false; } diff --git a/src/native/libs/System.Net.Security.Native/pal_gssapi.c b/src/native/libs/System.Net.Security.Native/pal_gssapi.c index 9be66b8a7566c2..5954a113c03feb 100644 --- a/src/native/libs/System.Net.Security.Native/pal_gssapi.c +++ b/src/native/libs/System.Net.Security.Native/pal_gssapi.c @@ -122,7 +122,7 @@ static void* volatile s_gssLib = NULL; static int32_t ensure_gss_shim_initialized(void) { void* lib = dlopen(gss_lib_name, RTLD_LAZY); - if (lib == NULL) { fprintf(stderr, "Cannot load library %s \nError: %s\n", gss_lib_name, dlerror()); return -1; } + if (lib == NULL) { return -1; } // check is someone else has opened and published s_gssLib already if (!pal_atomic_cas_ptr(&s_gssLib, lib, NULL)) @@ -132,10 +132,10 @@ static int32_t ensure_gss_shim_initialized(void) // initialize indirection pointers for all functions, like: // gss_accept_sec_context_ptr = (TYPEOF(gss_accept_sec_context)*)dlsym(s_gssLib, "gss_accept_sec_context"); - // if (gss_accept_sec_context_ptr == NULL) { fprintf(stderr, "Cannot get symbol %s from %s \nError: %s\n", "gss_accept_sec_context", gss_lib_name, dlerror()); return -1; } + // if (gss_accept_sec_context_ptr == NULL) { return -1; } #define PER_FUNCTION_BLOCK(fn) \ fn##_ptr = (TYPEOF(fn)*)dlsym(s_gssLib, #fn); \ - if (fn##_ptr == NULL) { fprintf(stderr, "Cannot get symbol " #fn " from %s \nError: %s\n", gss_lib_name, dlerror()); return -1; } + if (fn##_ptr == NULL) { return -1; } FOR_ALL_GSS_FUNCTIONS #undef PER_FUNCTION_BLOCK From b04fdcba346b069cbc798a0d571b14da05c461e0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 15:31:17 +0000 Subject: [PATCH 3/4] Address review comments: restore dlsym stderr, use DllNotFoundException in GssInitializer, add when guard Agent-Logs-Url: https://github.com/dotnet/runtime/sessions/9feee3d0-a8a2-4360-a981-593fe45e6f8b Co-authored-by: rzikm <32671551+rzikm@users.noreply.github.com> --- .../Interop.NetSecurityNative.IsNtlmInstalled.cs | 14 ++++++-------- .../System/Net/NegotiateAuthenticationPal.Unix.cs | 11 ++++++----- .../libs/System.Net.Security.Native/pal_gssapi.c | 4 ++-- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs index b799ef433e8830..9156fbb6e9ea43 100644 --- a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs +++ b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs @@ -22,17 +22,15 @@ static NetSecurityNative() internal static class GssInitializer { - static GssInitializer() - { - if (EnsureGssInitialized() != 0) - { - throw new InvalidOperationException(); - } - } + private const string GssApiLibraryName = "libgssapi_krb5.so.2"; + private static readonly bool s_isInitialized = EnsureGssInitialized() == 0; internal static void Initialize() { - // No-op that exists to provide a hook for other static constructors. + if (!s_isInitialized) + { + throw new DllNotFoundException(GssApiLibraryName); + } } } } diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs index 50d456ed29d384..45b928cf72180c 100644 --- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs +++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs @@ -55,10 +55,10 @@ public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOpt // GSSAPI shim may not be available on some platforms (Linux Bionic) return new UnsupportedNegotiateAuthenticationPal(clientOptions); } - catch (TypeInitializationException tie) + catch (TypeInitializationException tie) when (tie.InnerException is DllNotFoundException) { // GSSAPI native library (e.g. libgssapi_krb5) may not be available on the system - if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, tie); + if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, tie.InnerException); return new UnsupportedNegotiateAuthenticationPal(clientOptions); } } @@ -84,10 +84,10 @@ public static NegotiateAuthenticationPal Create(NegotiateAuthenticationServerOpt // GSSAPI shim may not be available on some platforms (Linux Bionic) return new UnsupportedNegotiateAuthenticationPal(serverOptions); } - catch (TypeInitializationException tie) + catch (TypeInitializationException tie) when (tie.InnerException is DllNotFoundException) { // GSSAPI native library (e.g. libgssapi_krb5) may not be available on the system - if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, tie); + if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, tie.InnerException); return new UnsupportedNegotiateAuthenticationPal(serverOptions); } } @@ -786,7 +786,8 @@ public static bool CheckHasSystemNetSecurityNative() } catch (Exception e) when (e is EntryPointNotFoundException || e is DllNotFoundException || e is TypeInitializationException) { - if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, e); + Exception logException = e is TypeInitializationException tie ? tie.InnerException ?? e : e; + if (NetEventSource.Log.IsEnabled()) NetEventSource.Error(null, logException); // libSystem.Net.Security.Native is not available return false; } diff --git a/src/native/libs/System.Net.Security.Native/pal_gssapi.c b/src/native/libs/System.Net.Security.Native/pal_gssapi.c index 5954a113c03feb..e0779820bc1f1a 100644 --- a/src/native/libs/System.Net.Security.Native/pal_gssapi.c +++ b/src/native/libs/System.Net.Security.Native/pal_gssapi.c @@ -132,10 +132,10 @@ static int32_t ensure_gss_shim_initialized(void) // initialize indirection pointers for all functions, like: // gss_accept_sec_context_ptr = (TYPEOF(gss_accept_sec_context)*)dlsym(s_gssLib, "gss_accept_sec_context"); - // if (gss_accept_sec_context_ptr == NULL) { return -1; } + // if (gss_accept_sec_context_ptr == NULL) { fprintf(stderr, "Cannot get symbol %s from %s \nError: %s\n", "gss_accept_sec_context", gss_lib_name, dlerror()); return -1; } #define PER_FUNCTION_BLOCK(fn) \ fn##_ptr = (TYPEOF(fn)*)dlsym(s_gssLib, #fn); \ - if (fn##_ptr == NULL) { return -1; } + if (fn##_ptr == NULL) { fprintf(stderr, "Cannot get symbol " #fn " from %s \nError: %s\n", gss_lib_name, dlerror()); return -1; } FOR_ALL_GSS_FUNCTIONS #undef PER_FUNCTION_BLOCK From e81a60196e2381703e18e4f8e05b90b2e45bb417 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 15:56:46 +0000 Subject: [PATCH 4/4] Simplify GssInitializer: throw DllNotFoundException directly from static constructor Agent-Logs-Url: https://github.com/dotnet/runtime/sessions/fd3637bc-49ab-45df-96df-8de0eaebab3b Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com> --- .../Interop.NetSecurityNative.IsNtlmInstalled.cs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs index 9156fbb6e9ea43..3834c80c46fab7 100644 --- a/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs +++ b/src/libraries/Common/src/Interop/Unix/System.Net.Security.Native/Interop.NetSecurityNative.IsNtlmInstalled.cs @@ -23,15 +23,19 @@ static NetSecurityNative() internal static class GssInitializer { private const string GssApiLibraryName = "libgssapi_krb5.so.2"; - private static readonly bool s_isInitialized = EnsureGssInitialized() == 0; - internal static void Initialize() + static GssInitializer() { - if (!s_isInitialized) + if (EnsureGssInitialized() != 0) { throw new DllNotFoundException(GssApiLibraryName); } } + + internal static void Initialize() + { + // No-op that exists to provide a hook for other static constructors. + } } } }