Vitor Tomaz
Родитель
33a173006b
Коммит
14e5237c31
|
|
@ -214,6 +214,10 @@ if ($null -ne $parameters['DelayBetweenConnections']) {
|
|||
$DelayBetweenConnections = $parameters['DelayBetweenConnections']
|
||||
}
|
||||
|
||||
$TrustServerCertificate = $false
|
||||
if ($null -ne $parameters['TrustServerCertificate']) {
|
||||
$TrustServerCertificate = $parameters['TrustServerCertificate']
|
||||
}
|
||||
|
||||
if ([string]::IsNullOrEmpty($env:TEMP)) {
|
||||
$env:TEMP = '/tmp';
|
||||
|
|
@ -282,7 +286,7 @@ try {
|
|||
$encryption = [System.Security.Authentication.SslProtocols]::Tls12 -bor [System.Security.Authentication.SslProtocols]::Tls11 -bor [System.Security.Authentication.SslProtocols]::Default
|
||||
}
|
||||
}
|
||||
$tdsClient = [TDSClient.TDS.Client.TDSSQLTestClient]::new($Server, $Port, $AuthenticationType, $User, $Password, $Database, $encryption, $AuthenticationLibrary, $UserAssignedIdentityClientId)
|
||||
$tdsClient = [TDSClient.TDS.Client.TDSSQLTestClient]::new($Server, $Port, $AuthenticationType, $User, $Password, $Database, $encryption, $AuthenticationLibrary, $UserAssignedIdentityClientI, $TrustServerCertificate)
|
||||
|
||||
for ($i = 1; $i -le $ConnectionAttempts; ++$i) {
|
||||
$log = [System.IO.File]::CreateText($logPath)
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ $ConnectionAttempts = 1
|
|||
$DelayBetweenConnections = 1
|
||||
$CollectNetworkTrace = $true # Set as $true (default) or $false
|
||||
$EncryptionProtocol = 'Tls 1.2' # Supported values: 'Tls 1.0', 'Tls 1.1', 'Tls 1.2'; Without this parameter operating system will choose the best protocol to use
|
||||
$TrustServerCertificate = $false # Set as $true or $false (default)
|
||||
|
||||
# Parameter region when Invoke-Command -ScriptBlock is used
|
||||
$parameters = $args[0]
|
||||
|
|
@ -83,6 +84,9 @@ if ($null -ne $parameters) {
|
|||
if ($null -ne $parameters['DelayBetweenConnections']) {
|
||||
$DelayBetweenConnections = $parameters['DelayBetweenConnections']
|
||||
}
|
||||
if ($null -ne $parameters['TrustServerCertificate']) {
|
||||
$TrustServerCertificate = $parameters['TrustServerCertificate']
|
||||
}
|
||||
}
|
||||
|
||||
# Setting default parameters if not provided
|
||||
|
|
@ -1271,6 +1275,7 @@ function RunConnectivityPolicyTests($port) {
|
|||
outFolderName = $outFolderName
|
||||
ConnectionAttempts = $ConnectionAttempts
|
||||
DelayBetweenConnections = $DelayBetweenConnections
|
||||
TrustServerCertificate = $TrustServerCertificate
|
||||
}
|
||||
|
||||
if ($Local) {
|
||||
|
|
@ -1378,7 +1383,7 @@ function LookupDatabaseInSysDatabases($Server, $dbPort, $Database, $Authenticati
|
|||
}
|
||||
}
|
||||
|
||||
function RunConnectionToDatabaseTestsAndAdvancedTests($Server, $dbPort, $Database, $AuthenticationType, $AuthenticationLibrary, $User, $Password) {
|
||||
function RunConnectionToDatabaseTestsAndAdvancedTests($Server, $dbPort, $Database, $AuthenticationType, $AuthenticationLibrary, $User, $Password, $TrustServerCertificate) {
|
||||
try {
|
||||
$customDatabaseNameWasSet = $Database -and $Database.Length -gt 0 -and $Database -ne 'master'
|
||||
|
||||
|
|
@ -1491,12 +1496,12 @@ try {
|
|||
Write-Host Warning: Cannot write log file -ForegroundColor Yellow
|
||||
}
|
||||
|
||||
TrackWarningAnonymously 'v2.5'
|
||||
TrackWarningAnonymously 'v2.6'
|
||||
TrackWarningAnonymously ('PowerShell ' + $PSVersionTable.PSVersion + '|' + $PSVersionTable.Platform + '|' + $PSVersionTable.OS )
|
||||
|
||||
try {
|
||||
Write-Host '******************************************' -ForegroundColor Green
|
||||
Write-Host ' Azure SQL Connectivity Checker v2.5 ' -ForegroundColor Green
|
||||
Write-Host ' Azure SQL Connectivity Checker v2.6 ' -ForegroundColor Green
|
||||
Write-Host '******************************************' -ForegroundColor Green
|
||||
Write-Host
|
||||
Write-Host 'Parameters' -ForegroundColor Yellow
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ namespace TDSClient.TDS.Client
|
|||
private TcpClient Client;
|
||||
private readonly TDSClientVersion Version;
|
||||
private readonly SslProtocols EncryptionProtocol;
|
||||
private readonly bool TrustServerCertificate;
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the <see cref="TDSSQLTestClient"/> class.
|
||||
|
|
@ -70,7 +71,8 @@ namespace TDSClient.TDS.Client
|
|||
string database,
|
||||
SslProtocols encryptionProtocol = SslProtocols.Tls12,
|
||||
string authenticationLibrary = null,
|
||||
string identityClientId = null)
|
||||
string identityClientId = null,
|
||||
bool trustServerCertificate = false)
|
||||
{
|
||||
ValidateInputParameters(server, userID, password, database, authenticationType);
|
||||
|
||||
|
|
@ -85,6 +87,7 @@ namespace TDSClient.TDS.Client
|
|||
EncryptionProtocol = encryptionProtocol;
|
||||
ConnectionAttempt = 0;
|
||||
AuthenticationType = AuthTypeStringToEnum[authenticationType];
|
||||
TrustServerCertificate = trustServerCertificate;
|
||||
|
||||
if (authenticationLibrary != null)
|
||||
{
|
||||
|
|
@ -286,43 +289,6 @@ namespace TDSClient.TDS.Client
|
|||
LoggingUtilities.WriteLog($" Login7 message sent.");
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Receives and handles a federated authentication info response from server.
|
||||
/// </summary>
|
||||
/// <returns></returns>
|
||||
/// <exception cref="Exception"></exception>
|
||||
/// <exception cref="InvalidOperationException"></exception>
|
||||
private Tuple<string, string> ReceiveFedAuthInfoMessage()
|
||||
{
|
||||
LoggingUtilities.AddEmptyLine();
|
||||
LoggingUtilities.WriteLog($" Waiting for FedAuthInfoMessage response.");
|
||||
|
||||
if (TdsCommunicator.ReceiveTDSMessage() is TDSTokenStreamPacketData response)
|
||||
{
|
||||
foreach (var token in response.Tokens)
|
||||
{
|
||||
if (token is TDSEnvChangeToken)
|
||||
{
|
||||
ProcessEnvChangeToken(token as TDSEnvChangeToken);
|
||||
}
|
||||
else if (token is TDSFedAuthInfoToken)
|
||||
{
|
||||
return ProcessFedAuthInfoToken(token as TDSFedAuthInfoToken);
|
||||
}
|
||||
else if (token is TDSErrorToken)
|
||||
{
|
||||
token.ProcessToken();
|
||||
}
|
||||
}
|
||||
|
||||
throw new Exception("Server couldn't return a proper Fed Auth Info message.");
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new InvalidOperationException();
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Send Fedauth message containing access token to the server
|
||||
/// </summary>
|
||||
|
|
@ -352,7 +318,7 @@ namespace TDSClient.TDS.Client
|
|||
response.Encryption == TDSEncryptionOption.EncryptReq)
|
||||
{
|
||||
LoggingUtilities.WriteLog($" Server requires encryption, enabling encryption.");
|
||||
TdsCommunicator.EnableEncryption(Server, EncryptionProtocol);
|
||||
TdsCommunicator.EnableEncryption(Server, EncryptionProtocol, TrustServerCertificate);
|
||||
LoggingUtilities.WriteLog($" Encryption enabled.");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -96,6 +96,20 @@ namespace TDSClient.TDS.Comms
|
|||
return false;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Trust Server Certificate
|
||||
/// </summary>
|
||||
/// <param name="sender">Sender object</param>
|
||||
/// <param name="certificate">X509 Certificate</param>
|
||||
/// <param name="chain">X509 Chain</param>
|
||||
/// <param name="sslPolicyErrors">SSL Policy Errors</param>
|
||||
/// <returns>Returns true if no errors occurred.</returns>
|
||||
public static bool TrustServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
|
||||
{
|
||||
LoggingUtilities.WriteLog($" Skipping certification validation");
|
||||
return true;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Print Certificate Chain.
|
||||
/// </summary>
|
||||
|
|
@ -155,11 +169,16 @@ namespace TDSClient.TDS.Comms
|
|||
/// </summary>
|
||||
/// <param name="server">Server FQDN</param>
|
||||
/// <param name="encryptionProtocol">Encryption Protocol</param>
|
||||
public void EnableEncryption(string server, SslProtocols encryptionProtocol)
|
||||
public void EnableEncryption(string server, SslProtocols encryptionProtocol, bool trustServerCertificate)
|
||||
{
|
||||
var tempStream0 = new TDSTemporaryStream(InnerTdsStream);
|
||||
LoggingUtilities.WriteLog($" Opening a new SslStream.");
|
||||
var tempStream1 = new SslStream(tempStream0, true, ValidateServerCertificate);
|
||||
LoggingUtilities.WriteLog($" Trust Server Certificate:{trustServerCertificate}");
|
||||
|
||||
SslStream tempStream1 = trustServerCertificate
|
||||
? new SslStream(tempStream0, true, new RemoteCertificateValidationCallback(TrustServerCertificate))
|
||||
: new SslStream(tempStream0, true, new RemoteCertificateValidationCallback(ValidateServerCertificate));
|
||||
|
||||
LoggingUtilities.WriteLog($" Trying to authenticate using {encryptionProtocol}:");
|
||||
tempStream1.AuthenticateAsClient(server, new X509CertificateCollection(), encryptionProtocol, true);
|
||||
tempStream0.InnerStream = InnerTdsStream.InnerStream;
|
||||
|
|
@ -264,7 +283,7 @@ namespace TDSClient.TDS.Comms
|
|||
MemoryStream ms = new MemoryStream(buffer);
|
||||
data.Pack(ms);
|
||||
InnerStream.Write(buffer, 0, buffer.Length);
|
||||
|
||||
|
||||
UpdateCommunicatorState();
|
||||
}
|
||||
|
||||
|
|
@ -333,7 +352,7 @@ namespace TDSClient.TDS.Comms
|
|||
/// <returns></returns>
|
||||
private bool IsAADAuth(TDSAuthenticationType authenticationType)
|
||||
{
|
||||
var aadAuthTypes = new TDSAuthenticationType[] {
|
||||
var aadAuthTypes = new TDSAuthenticationType[] {
|
||||
TDSAuthenticationType.ADPassword,
|
||||
TDSAuthenticationType.ADIntegrated,
|
||||
TDSAuthenticationType.ADInteractive,
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
using System;
|
||||
using System.Runtime.ConstrainedExecution;
|
||||
using System.Threading;
|
||||
using TDSClient.TDS.Client;
|
||||
|
||||
|
|
|
|||
Двоичные данные
netstandard2.0/TDSClient.dll
Двоичные данные
netstandard2.0/TDSClient.dll
Двоичный файл не отображается.
Загрузка…
Ссылка в новой задаче