Allow build server to run on net46

2018-05-02 10:38:26 -07:00 · 2018-05-02 10:38:26 -07:00 · 41c0a69c5b
parent b2c59700d5
commit 41c0a69c5b
5 changed files with 57 additions and 9 deletions
--- a/build/buildpipeline/windows.groovy
+++ b/build/buildpipeline/windows.groovy
@ -2,7 +2,7 @@

 // 'node' indicates to Jenkins that the enclosed block runs on a node that matches
 // the label 'windows-with-vs'
-simpleNode('Windows_NT','latest') {
+simpleNode('Windows.10.Enterprise.RS3.ASPNET') {
    stage ('Checking out source') {
        checkout scm
    }
--- a/src/Microsoft.AspNetCore.Razor.Tasks/DotnetToolTask.cs
+++ b/src/Microsoft.AspNetCore.Razor.Tasks/DotnetToolTask.cs
@ -124,14 +124,16 @@ namespace Microsoft.AspNetCore.Razor.Tasks
            string commandLineCommands,
            out int result)
        {
+#if !NET46
            if (!SuppressCurrentUserOnlyPipeOptions && !Enum.IsDefined(typeof(PipeOptions), PipeOptionCurrentUserOnly))
            {
                // For security reasons, we don't want to spin up a server that doesn't
                // restrict requests only to the current user.
                result = -1;

-                return false;
+                return ForceServer;
            }
+#endif

            Log.LogMessage(StandardOutputLoggingImportance, "Server execution started.");
            using (_razorServerCts = new CancellationTokenSource())
--- a/src/Microsoft.AspNetCore.Razor.Tools/Client.cs
+++ b/src/Microsoft.AspNetCore.Razor.Tools/Client.cs
@ -4,6 +4,10 @@
 using System;
 using System.IO;
 using System.IO.Pipes;
+#if NET46
+using System.Security.AccessControl;
+using System.Security.Principal;
+#endif
 using System.Threading;
 using System.Threading.Tasks;

@ -67,9 +71,14 @@ namespace Microsoft.AspNetCore.Razor.Tools
                ServerLogger.Log("Named pipe '{0}' connected", pipeName);
                cancellationToken.ThrowIfCancellationRequested();

-                // The original code in Roslyn checks that the server pipe is owned by the same user for security.
-                // We plan to rely on the BCL for this but it's not yet implemented:
-                // See https://github.com/dotnet/corefx/issues/25427 
+#if NET46
+                // Verify that we own the pipe.
+                if (!CheckPipeConnectionOwnership(stream))
+                {
+                    ServerLogger.Log("Owner of named pipe is incorrect");
+                    return null;
+                }
+#endif

                return new NamedPipeClient(stream, GetNextIdentifier());
            }
@ -80,6 +89,44 @@ namespace Microsoft.AspNetCore.Razor.Tools
            }
        }

+#if NET46
+        /// <summary>
+        /// Check to ensure that the named pipe server we connected to is owned by the same
+        /// user.
+        /// </summary>
+        private static bool CheckPipeConnectionOwnership(NamedPipeClientStream pipeStream)
+        {
+            try
+            {
+                if (PlatformInformation.IsWindows)
+                {
+                    using (var currentIdentity = WindowsIdentity.GetCurrent())
+                    {
+                        var currentOwner = currentIdentity.Owner;
+                        var remotePipeSecurity = GetPipeSecurity(pipeStream);
+                        var remoteOwner = remotePipeSecurity.GetOwner(typeof(SecurityIdentifier));
+
+                        return currentOwner.Equals(remoteOwner);
+                    }
+                }
+
+                // We don't need to verify on non-windows as that will be taken care of by the
+                // PipeOptions.CurrentUserOnly flag.
+                return false;
+            }
+            catch (Exception ex)
+            {
+                ServerLogger.LogException(ex, "Checking pipe connection");
+                return false;
+            }
+        }
+
+        private static ObjectSecurity GetPipeSecurity(PipeStream pipeStream)
+        {
+            return pipeStream.GetAccessControl();
+        }
+#endif
+
        private static PipeOptions GetPipeOptions()
        {
            var options = PipeOptions.Asynchronous;
--- a/test/Microsoft.AspNetCore.Razor.Design.Test/IntegrationTests/BuildIntegrationTest.cs
+++ b/test/Microsoft.AspNetCore.Razor.Design.Test/IntegrationTests/BuildIntegrationTest.cs
@ -25,9 +25,8 @@ namespace Microsoft.AspNetCore.Razor.Design.IntegrationTests
        public Task Build_SimpleMvc_UsingDotnetMSBuildAndWithoutBuildServer_CanBuildSuccessfully()
            => Build_SimpleMvc_WithoutBuildServer_CanBuildSuccessfully(MSBuildProcessKind.Dotnet);

-        [ConditionalFact(Skip = "https://github.com/aspnet/Razor/issues/2208")]
-        [OSSkipCondition(OperatingSystems.Linux)]
-        [OSSkipCondition(OperatingSystems.MacOSX)]
+        [ConditionalFact]
+        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
        [InitializeTestProject("SimpleMvc")]
        public Task Build_SimpleMvc_UsingDesktopMSBuildAndWithoutBuildServer_CanBuildSuccessfully()
            => Build_SimpleMvc_WithoutBuildServer_CanBuildSuccessfully(MSBuildProcessKind.Desktop);
--- a/test/Microsoft.AspNetCore.Razor.Design.Test/IntegrationTests/BuildServerIntegrationTest.cs
+++ b/test/Microsoft.AspNetCore.Razor.Design.Test/IntegrationTests/BuildServerIntegrationTest.cs
@ -30,7 +30,7 @@ namespace Microsoft.AspNetCore.Razor.Design.IntegrationTests
        public Task Build_SimpleMvc_WithServer_UsingDotnetMSBuild_CanBuildSuccessfully()
            => Build_SimpleMvc_CanBuildSuccessfully(MSBuildProcessKind.Dotnet);

-        [ConditionalFact(Skip = "https://github.com/aspnet/Razor/issues/2208")]
+        [ConditionalFact]
        [OSSkipCondition(OperatingSystems.Linux | OperatingSystems.MacOSX)]
        [InitializeTestProject("SimpleMvc")]
        public Task Build_SimpleMvc_WithServer_UsingDesktopMSBuild_CanBuildSuccessfully()