Unix domain socket binding on WCF Client #5172
Conversation
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| <value>The specified channel type {0} is not supported by this channel manager.</value> | ||
| </data> | ||
| <data name="TcpConnectError" xml:space="preserve"> | ||
| <value>Could not connect to {0}. TCP error code {1}: {2}. </value> |
There was a problem hiding this comment.
Are the string resources that start with Tcp used? If so, they should probably be renamed and the message modified.
| public class UnixDomainSocketBinding : Binding | ||
| { | ||
| //private OptionalReliableSession _reliableSession; | ||
| // private BindingElements |
There was a problem hiding this comment.
This binding is to provide similar capabilities to NetNamedPipe so won't ever support reliable sessions. Remove the commented out reliable sessions fields.
| } | ||
|
|
||
| public UnixDomainSocketBinding(string configurationName) | ||
| : this() |
There was a problem hiding this comment.
Remove this method. It's only in the other bindings for legacy reasons. This is a new type so no need to start with this unsupported constructor.
| _transport = new UnixDomainSocketTransportBindingElement(); | ||
| _encoding = new BinaryMessageEncodingBindingElement(); | ||
| //_session = new ReliableSessionBindingElement(); | ||
| // _reliableSession = new OptionalReliableSession(_session); |
There was a problem hiding this comment.
Cleanup reliable sessions commented code
|
|
||
| // add security (*optional) | ||
| //SecurityBindingElement wsSecurity = CreateMessageSecurity(); | ||
| //if (wsSecurity != null) |
There was a problem hiding this comment.
We likely won't ever want to support message security as NetNamedPipe doesn't.
|
|
||
| /* | ||
| private SecurityBindingElement CreateMessageSecurity() | ||
| { |
| { | ||
| None, | ||
| Default , | ||
| Certificate , |
| } | ||
|
|
||
| internal BindingElement CreateTransportProtectionOnly() | ||
| { |
There was a problem hiding this comment.
This method should be used when SecurityMode is Transport and ClientCredentialType is None. We still need to secure the connection use TLS, we just don't provide a client certificate.
There was a problem hiding this comment.
| return CreatePosixIdentityOnlyBinding(); | ||
| } | ||
| }else if (_clientCredentialType == UnixDomainSocketClientCredentialType.Certificate ) | ||
| { |
| } | ||
|
|
||
| internal bool InternalShouldSerialize() | ||
| { |
There was a problem hiding this comment.
Remove, this was used when writing out the binding to config and would be used to know if it was using defaults or not. If using defaults, no need to write it out to the xml. This is left over dead code.
| if (!IsDefined(value)) | ||
| { | ||
| throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int)value, | ||
| typeof(SslProtocols))); |
| internal static class ConnectionOrientedTransportDefaults | ||
| { | ||
| //public const bool AllowNtlm = SspiSecurityTokenProvider.DefaultAllowNtlm; | ||
| //public const int ConnectionBufferSize = 8192; |
There was a problem hiding this comment.
Remove unused commented members
| using System.Runtime.CompilerServices; | ||
|
|
||
| [assembly:TypeForwardedTo(typeof(System.ServiceModel.Channels.ConnectionOrientedTransportBindingElement))] | ||
| [assembly:TypeForwardedTo(typeof(System.ServiceModel.Channels.SslStreamSecurityBindingElement))] |
There was a problem hiding this comment.
You don't need these. These were in nettcp to tell existing code that these types had been moved from nettcp to NetFramingBase, which is not for case for UDS
|
|
||
| [DefaultValue(Net.Security.ProtectionLevel.EncryptAndSign)] | ||
| public ProtectionLevel ProtectionLevel | ||
| { |
There was a problem hiding this comment.
I thought we removed this from the service side? This binding element doesn't do any encryption or signing of the data transmitted so it doesn't make sense to have it. If it's still there on the service side, please open an issue to remove it there too.
There was a problem hiding this comment.
tracking here on the server side CoreWCF/CoreWCF#1214 (comment) and removing client
| internal IdentityVerifier IdentityVerifier { get; private set; } | ||
|
|
||
| public ProtectionLevel ProtectionLevel { get; } | ||
|
|
| return null;; | ||
| } | ||
| public override string GetNextUpgrade() | ||
| { |
There was a problem hiding this comment.
Formatting. Need a blank line between methods.
| private class UnixPosixIdentitySecurityUpgradeInitiator : StreamSecurityUpgradeInitiator | ||
| { | ||
| string upgradeString = UnixPosixUpgradeString; | ||
| public UnixPosixIdentitySecurityUpgradeInitiator() |
There was a problem hiding this comment.
Missing acessor modifier (private). Naming convention should begin with _
| internal static class UnsafeNativeMethods | ||
| { | ||
| //public const int ERROR_SUCCESS = 0; | ||
| //public const int ERROR_FILE_NOT_FOUND = 2; |
|
Now that CoreWCF UDS has been released, can you add a scenario test. The folder for them is under the System.Private.ServiceModel\tests\Scenario folder |
|
Feedback from our call, we need to introduce a new security mode similar to |
| { | ||
| private UnixDomainSocketTransportBindingElement _transport; | ||
| private BinaryMessageEncodingBindingElement _encoding; | ||
| // private ReliableSessionBindingElement _session; |
| { | ||
| internal const SecurityMode DefaultMode = SecurityMode.Transport; | ||
|
|
||
| private SecurityMode _mode; |
There was a problem hiding this comment.
Need to create a UDS specific enum for this as we aren't supporting Message or TransportWithMessageCredentials. See NetNamedPipeSecurityMode Enum docs.
There was a problem hiding this comment.
This also goes with my comment here where we need TransportCredentialOnly for IdentityOnly
| Certificate, | ||
| Windows, | ||
| IdentityOnly, | ||
| } |
There was a problem hiding this comment.
As we're making a change to add a TransportCredentialOnly security mode, I don't think Only needs to be on here now. Also as it's now clearly only for *nix based systems like mac and Linux, I think PosixIdentity would be clearer, or maybe just Posix as we have just "Windows"
| private UnixDomainSocketSecurityMode _mode; | ||
|
|
||
| public UnixDomainSocketSecurity() | ||
| { |
There was a problem hiding this comment.
Instead of doing this inline, make DefaultMode a private static field and use the original constructor. Then you can use the default mode in the exception message of the private constructor
| if (_mode == UnixDomainSocketSecurityMode.Transport || _mode == UnixDomainSocketSecurityMode.TransportCredentialOnly) | ||
| { | ||
| if(_mode == UnixDomainSocketSecurityMode.TransportCredentialOnly && Transport.ClientCredentialType != UnixDomainSocketClientCredentialType.PosixIdentity) | ||
| { |
There was a problem hiding this comment.
Also throw when _mode it Transport and credential type is PosixIdentity as it should only be used for TransportCredentialOnly
Phase 1 ensuring no auth and posix identity works