Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory #111877
Conversation
|
Note regarding the |
1 similar comment
|
Note regarding the |
steveharter
force-pushed
the
FixIssue-104260
branch
from
8b298a5 to
510c98b
Compare
steveharter
changed the title
src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
Show resolved
Hide resolved
...ryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapSessionOptions.Linux.cs
Show resolved
Hide resolved
...ryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapSessionOptions.Linux.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs
Outdated
Show resolved
Hide resolved
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("android")] | ||
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")] | ||
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] | ||
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] |
There was a problem hiding this comment.
These are redundant, the assembly has <UnsupportedOSPlatforms>browser;android;ios;tvos</UnsupportedOSPlatforms> attribute
https://github.com/dotnet/runtime/blob/f552567173b706812d11579f8059a14a748dab81/src/libraries/System.DirectoryServices.Protocols/Directory.Build.props#L6C1-L6C78
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("android")] | |
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("browser")] | |
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] | |
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] |
There was a problem hiding this comment.
Thanks Buyaa! Removed those.
There was a problem hiding this comment.
Removed from source but not from ref
There was a problem hiding this comment.
I'm still seeing these, @steveharter. I think we can omit the attributes already defined at the assembly level, and just add the one additional windows one here?
There was a problem hiding this comment.
Nevermind, for some reason was looking at subset of commits.
There was a problem hiding this comment.
I'm assuming the previously excluded browser;android;ios;tvos were because the browser and mobile platforms don't support LDAP \ DirectoryServices.
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("ios")] | ||
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("tvos")] | ||
| [System.Runtime.Versioning.UnsupportedOSPlatformAttribute("windows")] | ||
| public void StartNewTlsSessionContext() { } | ||
| public bool TcpKeepAlive { get { throw null; } set { } } | ||
| public System.DirectoryServices.Protocols.VerifyServerCertificateCallback VerifyServerCertificate { get { throw null; } set { } } |
There was a problem hiding this comment.
Not sure if it changed but, we were talking to make VerifyServerCertificate windows only with this change
| public System.DirectoryServices.Protocols.VerifyServerCertificateCallback VerifyServerCertificate { get { throw null; } set { } } | |
| [System.Runtime.Versioning.SupportedOSPlatformAttribute("windows")] | |
| public System.DirectoryServices.Protocols.VerifyServerCertificateCallback VerifyServerCertificate { get { throw null; } set { } } |
There was a problem hiding this comment.
Thanks Buyaa! I'll put up another PR for that (per this PR's description I elected not to do any of that, but VerifyServerCertificateCallback has caused a lot of pain so I will do that one-off).
src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
Outdated
Show resolved
Hide resolved
|
|
||
| set | ||
| { | ||
| if (!Directory.Exists(value)) |
There was a problem hiding this comment.
Do we know if a relative path is OK to pass to LDAP? Will it resolve in the same way that Directory.Exists does?
There was a problem hiding this comment.
Yes it seems to work locally. All other path-based APIs support relative paths AFAIK and both Directory.Exists() and LDAP client are based upon the current working directory of the current application (and LDAP client is in-process).
| { | ||
| using (var connection = GetConnection(bind: false)) | ||
| { | ||
| Assert.Throws<DirectoryNotFoundException>(() => connection.SessionOptions.TrustedCertificatesDirectory = "nonexistent"); |
There was a problem hiding this comment.
What happens if the directory is deleted after our check then user calls StartNewTlsSessionContext, do we care?
There was a problem hiding this comment.
We don't care. We would throw a vague exception like "unable to connect to server" based on the underlying LDAP error code.
* main: (23 commits) add important remarks to NrbfDecoder (dotnet#111286) docs: fix spelling grammar and missing words in clr-code-guide.md (dotnet#112222) Consider type declaration order in MethodImpls (dotnet#111998) Add a feature flag to not use GVM in Linq Select (dotnet#109978) [cDAC] Implement ISOSDacInterface::GetMethodDescPtrFromIp (dotnet#110755) Restructure JSImport/JSExport generators to share more code and utilize more Microsoft.Interop.SourceGeneration shared code (dotnet#107769) Add more detailed explanations to control-flow RegexOpcode values (dotnet#112170) Add repo-specific condition to labeling workflows (dotnet#112169) Fix bad assembly when a nested exported type is marked via link.xml (dotnet#107945) Make `CalculateAssemblyAction` virtual. (dotnet#112154) JIT: Enable reusing profile-aware DFS trees between phases (dotnet#112198) Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory (dotnet#111877) JIT: Support custom `ClassLayout` instances with GC pointers in them (dotnet#112064) Factor positive lookaheads better into find optimizations (dotnet#112107) Add ImmutableCollectionsMarshal.AsMemory (dotnet#112177) [mono] ILStrip write directly to the output filestream (dotnet#112142) Allow the NativeAOT runtime pack to be specified as the ILC runtime package (dotnet#111876) JIT: some reworking for conditional escape analysis (dotnet#112194) Replace HELPER_METHOD_FRAME with DynamicHelperFrame in patchpoints (dotnet#112025) [Android] Decouple runtime initialization and entry point execution for Android sample (dotnet#111742) ...
|
/backport to release/8.0-staging |
|
Started backporting to release/8.0-staging: https://github.com/dotnet/runtime/actions/runs/13311570389 |
|
@steveharter backporting to "release/8.0-staging" failed, the patch most likely resulted in conflicts: $ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch
Applying: Add support for setting CertificateDirectory
Using index info to reconstruct a base tree...
M src/libraries/Common/src/Interop/Interop.Ldap.cs
M src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
M src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
M src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.cs
M src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs
M src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesTestHelpers.cs
Falling back to patching base and 3-way merge...
Auto-merging src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesTestHelpers.cs
Auto-merging src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs
CONFLICT (content): Merge conflict in src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs
Auto-merging src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.cs
Auto-merging src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
Auto-merging src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
CONFLICT (content): Merge conflict in src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
Auto-merging src/libraries/Common/src/Interop/Interop.Ldap.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 Add support for setting CertificateDirectory
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
|
/backport to release/9.0-staging |
|
Started backporting to release/9.0-staging: https://github.com/dotnet/runtime/actions/runs/13311678524 |
|
@steveharter backporting to "release/9.0-staging" failed, the patch most likely resulted in conflicts: $ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch
Applying: Add support for setting CertificateDirectory
Using index info to reconstruct a base tree...
M src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
M src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
M src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs
Falling back to patching base and 3-way merge...
Auto-merging src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs
Auto-merging src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
Auto-merging src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
CONFLICT (content): Merge conflict in src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 Add support for setting CertificateDirectory
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
Fixes #104260
Note that the two new members here throw
PlatformNotSupportedExceptionin the appropriate non-Linux cases. However, this was not carried forward to the many other pre-existing members that only run on Linux or non-Linux. Assuming we want to do this, I will create an issue to tract that work but do not plan to address that work in this PR. We could also remove the support forPlatformNotSupportedExceptionfor now in this PR.