Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.1.0] | Add new Attestation Protocol "None" #1539

Merged
merged 3 commits into from
Mar 28, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,7 @@ End Module
|Application Intent<br /><br /> -or-<br /><br />ApplicationIntent|ReadWrite|Declares the application workload type when connecting to a server. Possible values are `ReadOnly` and `ReadWrite`. For example:<br /><br /> `ApplicationIntent=ReadOnly`<br /><br /> For more information about SqlClient support for Always On Availability Groups, see [SqlClient Support for High Availability, Disaster Recovery](/sql/connect/ado-net/sql/sqlclient-support-high-availability-disaster-recovery).|
|Asynchronous Processing<br /><br /> -or-<br /><br /> Async|'false'|This property is obsolete and should not used.<br /><br /> When `true`, enables asynchronous operation support. Recognized values are `true`, `false`, `yes`, and `no`.<br /><br /> This property is ignored beginning in .NET Framework 4.5. For more information about SqlClient support for asynchronous programming, see [Asynchronous Programming](/sql/connect/ado-net/asynchronous-programming).|
|AttachDBFilename<br /><br /> -or-<br /><br /> Extended Properties<br /><br /> -or-<br /><br /> Initial File Name|N/A|The name of the primary database file, including the full path name of an attachable database. AttachDBFilename is only supported for primary data files with an .mdf extension.<br /><br /> If the value of the AttachDBFileName key is specified in the connection string, the database is attached and becomes the default database for the connection.<br /><br /> If this key is not specified and if the database was previously attached, the database will not be reattached. The previously attached database will be used as the default database for the connection.<br /><br /> If this key is specified together with the AttachDBFileName key, the value of this key will be used as the alias. However, if the name is already used in another attached database, the connection will fail.<br /><br /> The path may be absolute or relative by using the DataDirectory substitution string. If DataDirectory is used, the database file must exist within a subdirectory of the directory pointed to by the substitution string. **Note:** Remote server, HTTP, and UNC path names are not supported. <br /><br /> The database name must be specified with the keyword 'database' (or one of its aliases) as in the following:<br /><br /> <code>"AttachDbFileName=&#124;DataDirectory&#124;\data\YourDB.mdf;integrated security=true;database=YourDatabase"</code><br /><br /> An error will be generated if a log file exists in the same directory as the data file and the 'database' keyword is used when attaching the primary data file. In this case, remove the log file. Once the database is attached, a new log file will be automatically generated based on the physical path.|
|Attestation Protocol|N/A|Gets or sets the value of Attestation Protocol.<br /><br />Valid values are:<br />`AAS`<br />`HGS`|
|Attestation Protocol|N/A|Gets or sets the value of Attestation Protocol.<br /><br />Valid values are:<br />`AAS`<br />`HGS`<br />`None`|
|Authentication|N/A|The authentication method used for [Connecting to SQL Database By Using Azure Active Directory Authentication](https://azure.microsoft.com/documentation/articles/sql-database-aad-authentication/#7-connect-to-your-database-by-using-azure-active-directory-identities).<br /><br /> Valid values are:<br /><br /> `Active Directory Integrated`, `Active Directory Interactive`, `Active Directory Password`, 'Active Directory Service Principal', 'Active Directory Device Code Flow', 'Active Directory Managed Identity', 'Active Directory MSI', 'Active Directory Default', `Sql Password`. Currently `Active Directory Integrated` and `Active Directory Interactive` modes of authentication are supported only for .NET Framework. |
|Column Encryption Setting|N/A|Enables or disables [Always Encrypted](/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-2017) functionality for the connection.|
|Command Timeout|30|The default wait time (in seconds) before terminating the attempt to execute a command and generating an error.<br /><br /> Valid values are greater than or equal to 0 and less than or equal to 2147483647.|
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@
<summary>Attestation portocol for Azure Attestation Service</summary>
<value>1</value>
</AAS>
<SIM>
<summary>Attestation protocol for Simulator</summary>
<None>
<summary>Attestation protocol for no attestation. Only compatible with Virtualization-based security (VBS) enclaves. An Enclave Attestation Url is not required when using this protocol.</summary>
<value>2</value>
</SIM>
</None>
<HGS>
<summary>Attestation protocol for Host Guardian Service</summary>
<value>3</value>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -391,10 +391,8 @@ public enum SqlConnectionAttestationProtocol
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/AAS/*' />
AAS = 1,

#if ENCLAVE_SIMULATOR
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/SIM/*' />
SIM = 2,
#endif
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/None/*' />
None = 2,

/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/HGS/*' />
HGS = 3
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,9 @@
<Compile Include="..\..\src\Microsoft\Data\SqlClient\VirtualSecureModeEnclaveProvider.cs">
<Link>Microsoft\Data\SqlClient\VirtualSecureModeEnclaveProvider.cs</Link>
</Compile>
<Compile Include="..\..\src\Microsoft\Data\SqlClient\NoneAttestationEnclaveProvider.cs">
<Link>Microsoft\Data\SqlClient\NoneAttestationEnclaveProvider.cs</Link>
</Compile>
<Compile Include="..\..\src\Microsoft\Data\SqlClient\VirtualSecureModeEnclaveProviderBase.cs">
<Link>Microsoft\Data\SqlClient\VirtualSecureModeEnclaveProviderBase.cs</Link>
</Compile>
Expand All @@ -391,9 +394,6 @@
<Compile Include="Microsoft\Data\SqlClient\SqlConnectionFactory.AssemblyLoadContext.cs" />
<Compile Include="Microsoft\Data\SqlClient\SqlDependencyUtils.AssemblyLoadContext.cs" />
</ItemGroup>
<ItemGroup Condition="'$(OSGroup)' != 'AnyOS' AND '$(TargetFramework)' != 'netstandard2.0' AND '$(BuildSimulator)' == 'true'">
<Compile Include="Microsoft\Data\SqlClient\SimulatorEnclaveProvider.NetCoreApp.cs" />
</ItemGroup>
<ItemGroup Condition="'$(OSGroup)' != 'AnyOS'">
<Compile Include="Microsoft\Data\SqlClient\Server\MetadataUtilsSmi.cs" />
<Compile Include="Microsoft\Data\SqlClient\Server\SmiEventSink.cs" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -306,9 +306,7 @@ internal static string ColumnEncryptionSettingToString(SqlConnectionColumnEncryp
/// </summary>
const string AttestationProtocolHGS = "HGS";
const string AttestationProtocolAAS = "AAS";
#if ENCLAVE_SIMULATOR
const string AttestationProtocolSIM = "SIM";
#endif
const string AttestationProtocolNone = "None";

/// <summary>
/// Convert a string value to the corresponding SqlConnectionAttestationProtocol
Expand All @@ -328,13 +326,11 @@ internal static bool TryConvertToAttestationProtocol(string value, out SqlConnec
result = SqlConnectionAttestationProtocol.AAS;
return true;
}
#if ENCLAVE_SIMULATOR
else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolSIM))
else if (StringComparer.InvariantCultureIgnoreCase.Equals(value, AttestationProtocolNone))
{
result = SqlConnectionAttestationProtocol.SIM;
result = SqlConnectionAttestationProtocol.None;
return true;
}
#endif
else
{
result = DbConnectionStringDefaults.AttestationProtocol;
Expand All @@ -344,18 +340,11 @@ internal static bool TryConvertToAttestationProtocol(string value, out SqlConnec

internal static bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol value)
{
#if ENCLAVE_SIMULATOR
Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 4, "SqlConnectionAttestationProtocol enum has changed, update needed");
return value == SqlConnectionAttestationProtocol.NotSpecified
|| value == SqlConnectionAttestationProtocol.HGS
|| value == SqlConnectionAttestationProtocol.AAS
|| value == SqlConnectionAttestationProtocol.SIM;
#else
Debug.Assert(Enum.GetNames(typeof(SqlConnectionAttestationProtocol)).Length == 3, "SqlConnectionAttestationProtocol enum has changed, update needed");
return value == SqlConnectionAttestationProtocol.NotSpecified
|| value == SqlConnectionAttestationProtocol.HGS
|| value == SqlConnectionAttestationProtocol.AAS;
#endif
|| value == SqlConnectionAttestationProtocol.None;
}

internal static string AttestationProtocolToString(SqlConnectionAttestationProtocol value)
Expand All @@ -368,10 +357,8 @@ internal static string AttestationProtocolToString(SqlConnectionAttestationProto
return AttestationProtocolHGS;
case SqlConnectionAttestationProtocol.AAS:
return AttestationProtocolAAS;
#if ENCLAVE_SIMULATOR
case SqlConnectionAttestationProtocol.SIM:
return AttestationProtocolSIM;
#endif
case SqlConnectionAttestationProtocol.None:
return AttestationProtocolNone;
default:
return null;
}
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -197,10 +197,9 @@ internal bool IsColumnEncryptionEnabled
}
}

internal bool ShouldUseEnclaveBasedWorkflow
{
get { return !string.IsNullOrWhiteSpace(_activeConnection.EnclaveAttestationUrl) && IsColumnEncryptionEnabled; }
}
internal bool ShouldUseEnclaveBasedWorkflow =>
(!string.IsNullOrWhiteSpace(_activeConnection.EnclaveAttestationUrl) || Connection.AttestationProtocol == SqlConnectionAttestationProtocol.None) &&
IsColumnEncryptionEnabled;

/// <summary>
/// Per-command custom providers. It can be provided by the user and can be set more than once.
Expand Down Expand Up @@ -4189,7 +4188,7 @@ private void ReadDescribeEncryptionParameterResults(SqlDataReader ds, ReadOnlyDi

if (isRequestedByEnclave)
{
if (string.IsNullOrWhiteSpace(this.Connection.EnclaveAttestationUrl))
if (string.IsNullOrWhiteSpace(this.Connection.EnclaveAttestationUrl) && Connection.AttestationProtocol != SqlConnectionAttestationProtocol.None)
{
throw SQL.NoAttestationUrlSpecifiedForEnclaveBasedQuerySpDescribe(this._activeConnection.Parser.EnclaveType);
}
Expand Down Expand Up @@ -4619,8 +4618,11 @@ private void GenerateEnclavePackage()
return;
}

if (string.IsNullOrWhiteSpace(this._activeConnection.EnclaveAttestationUrl))
if (string.IsNullOrWhiteSpace(this._activeConnection.EnclaveAttestationUrl) &&
Connection.AttestationProtocol != SqlConnectionAttestationProtocol.None)
{
throw SQL.NoAttestationUrlSpecifiedForEnclaveBasedQueryGeneratingEnclavePackage(this._activeConnection.Parser.EnclaveType);
}

string enclaveType = this._activeConnection.Parser.EnclaveType;
if (string.IsNullOrWhiteSpace(enclaveType))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1070,10 +1070,8 @@ public enum SqlConnectionAttestationProtocol
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/AAS/*' />
AAS = 1,

#if ENCLAVE_SIMULATOR
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/SIM/*' />
SIM = 2,
#endif
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/None/*' />
None = 2,

/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/HGS/*' />
HGS = 3
Expand Down
Loading