| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376 |
- //------------------------------------------------------------------------------
- // <copyright file="DBDataPermission.cs" company="Microsoft">
- // Copyright (c) Microsoft Corporation. All rights reserved.
- // </copyright>
- // <owner current="true" primary="true">Microsoft</owner>
- // <owner current="true" primary="false">Microsoft</owner>
- //------------------------------------------------------------------------------
- namespace System.Data.Common {
- using System.Collections;
- using System.Data.Common;
- using System.Diagnostics;
- using System.Globalization;
- using System.Runtime.Serialization;
- using System.Security;
- using System.Security.Permissions;
- using System.Text;
- [SecurityPermissionAttribute(SecurityAction.InheritanceDemand, ControlEvidence=true, ControlPolicy=true)]
- [Serializable]
- public abstract class DBDataPermission : CodeAccessPermission, IUnrestrictedPermission {
- private bool _isUnrestricted;// = false;
- private bool _allowBlankPassword;// = false;
- private NameValuePermission _keyvaluetree = NameValuePermission.Default;
- private /*DBConnectionString[]*/ArrayList _keyvalues; // = null;
- [ Obsolete("DBDataPermission() has been deprecated. Use the DBDataPermission(PermissionState.None) constructor. http://go.microsoft.com/fwlink/?linkid=14202", true) ] // V1.2.3300, MDAC 86034
- protected DBDataPermission() : this(PermissionState.None) { // V1.0.3300
- }
- protected DBDataPermission(PermissionState state) { // V1.0.3300
- if (state == PermissionState.Unrestricted) {
- _isUnrestricted = true;
- }
- else if (state == PermissionState.None) {
- _isUnrestricted = false;
- }
- else {
- throw ADP.InvalidPermissionState(state);
- }
- }
- [ Obsolete("DBDataPermission(PermissionState state,Boolean allowBlankPassword) has been deprecated. Use the DBDataPermission(PermissionState.None) constructor. http://go.microsoft.com/fwlink/?linkid=14202", true) ] // V1.2.3300, MDAC 86034
- protected DBDataPermission(PermissionState state, bool allowBlankPassword) : this(state) { // V1.0.3300, MDAC 84281
- AllowBlankPassword = allowBlankPassword;
- }
- protected DBDataPermission(DBDataPermission permission) { // V1.0.5000, for Copy
- if (null == permission) {
- throw ADP.ArgumentNull("permissionAttribute");
- }
- CopyFrom(permission);
- }
- protected DBDataPermission(DBDataPermissionAttribute permissionAttribute) { // V1.0.5000, for CreatePermission
- if (null == permissionAttribute) {
- throw ADP.ArgumentNull("permissionAttribute");
- }
- _isUnrestricted = permissionAttribute.Unrestricted;
- if (!_isUnrestricted) {
- _allowBlankPassword = permissionAttribute.AllowBlankPassword;
- if (permissionAttribute.ShouldSerializeConnectionString() || permissionAttribute.ShouldSerializeKeyRestrictions()) { // MDAC 86773
- Add(permissionAttribute.ConnectionString, permissionAttribute.KeyRestrictions, permissionAttribute.KeyRestrictionBehavior);
- }
- }
- }
- // how connectionString security is used
- // parsetable (all string) is shared with connection
- internal DBDataPermission(DbConnectionOptions connectionOptions) { // v2.0
- if (null != connectionOptions) {
- _allowBlankPassword = connectionOptions.HasBlankPassword; // MDAC 84563
- AddPermissionEntry(new DBConnectionString(connectionOptions));
- }
- }
- public bool AllowBlankPassword { // V1.0.3300
- get {
- return _allowBlankPassword;
- }
- set { // MDAC 61263
- // for behavioral backward compatability with V1.1
- // set_AllowBlankPassword does not _isUnrestricted=false
- _allowBlankPassword = value;
- }
- }
- public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { // V1.0.5000
- DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, false);
- AddPermissionEntry(constr);
- }
- internal void AddPermissionEntry(DBConnectionString entry) {
- if (null == _keyvaluetree) {
- _keyvaluetree = new NameValuePermission();
- }
- if (null == _keyvalues) {
- _keyvalues = new ArrayList();
- }
- NameValuePermission.AddEntry(_keyvaluetree, _keyvalues, entry);
- _isUnrestricted = false; // MDAC 84639
- }
- protected void Clear() { // V1.2.3300, MDAC 83105
- _keyvaluetree = null;
- _keyvalues = null;
- }
- // IPermission interface methods
- // [ObsoleteAttribute("override Copy instead of using default implementation")] // not inherited
- override public IPermission Copy() {
- DBDataPermission copy = CreateInstance();
- copy.CopyFrom(this);
- return copy;
- }
- private void CopyFrom(DBDataPermission permission) {
- _isUnrestricted = permission.IsUnrestricted();
- if (!_isUnrestricted) {
- _allowBlankPassword = permission.AllowBlankPassword;
- if (null != permission._keyvalues) {
- _keyvalues = (ArrayList) permission._keyvalues.Clone();
- if (null != permission._keyvaluetree) {
- _keyvaluetree = permission._keyvaluetree.CopyNameValue();
- }
- }
- }
- }
- // [ Obsolete("use DBDataPermission(DBDataPermission) ctor") ]
- [System.Security.Permissions.PermissionSetAttribute(System.Security.Permissions.SecurityAction.Demand, Name="FullTrust")] // V1.0.5000, MDAC 82936
- virtual protected DBDataPermission CreateInstance() {
- // derived class should override with a different implementation avoiding reflection to allow semi-trusted scenarios
- return (Activator.CreateInstance(GetType(), System.Reflection.BindingFlags.Public|System.Reflection.BindingFlags.Instance, null, null, CultureInfo.InvariantCulture, null) as DBDataPermission);
- }
- override public IPermission Intersect(IPermission target) { // used during Deny actions
- if (null == target) {
- return null;
- }
- if (target.GetType() != this.GetType()) {
- throw ADP.PermissionTypeMismatch();
- }
- if (this.IsUnrestricted()) { // MDAC 84803, NDPWhidbey 29121
- return target.Copy();
- }
- DBDataPermission operand = (DBDataPermission) target;
- if (operand.IsUnrestricted()) { // NDPWhidbey 29121
- return this.Copy();
- }
- DBDataPermission newPermission = (DBDataPermission) operand.Copy();
- newPermission._allowBlankPassword &= AllowBlankPassword;
- if ((null != _keyvalues) && (null != newPermission._keyvalues)) {
- newPermission._keyvalues.Clear();
- newPermission._keyvaluetree.Intersect(newPermission._keyvalues, _keyvaluetree);
- }
- else {
- // either target.Add or this.Add have not been called
- // return a non-null object so IsSubset calls will fail
- newPermission._keyvalues = null;
- newPermission._keyvaluetree = null;
- }
- if (newPermission.IsEmpty()) { // no intersection, MDAC 86773
- newPermission = null;
- }
- return newPermission;
- }
- private bool IsEmpty() { // MDAC 84804
- ArrayList keyvalues = _keyvalues;
- bool flag = (!IsUnrestricted() && !AllowBlankPassword && ((null == keyvalues) || (0 == keyvalues.Count)));
- return flag;
- }
- override public bool IsSubsetOf(IPermission target) {
- if (null == target) {
- return IsEmpty();
- }
- if (target.GetType() != this.GetType()) {
- throw ADP.PermissionTypeMismatch();
- }
- DBDataPermission superset = (target as DBDataPermission);
- bool subset = superset.IsUnrestricted();
- if (!subset) {
- if (!IsUnrestricted() &&
- (!AllowBlankPassword || superset.AllowBlankPassword) &&
- ((null == _keyvalues) || (null != superset._keyvaluetree))) {
- subset = true;
- if (null != _keyvalues) {
- foreach(DBConnectionString kventry in _keyvalues) {
- if(!superset._keyvaluetree.CheckValueForKeyPermit(kventry)) {
- subset = false;
- break;
- }
- }
- }
- }
- }
- return subset;
- }
- // IUnrestrictedPermission interface methods
- public bool IsUnrestricted() {
- return _isUnrestricted;
- }
- override public IPermission Union(IPermission target) {
- if (null == target) {
- return this.Copy();
- }
- if (target.GetType() != this.GetType()) {
- throw ADP.PermissionTypeMismatch();
- }
- if (IsUnrestricted()) { // MDAC 84803
- return this.Copy();
- }
- DBDataPermission newPermission = (DBDataPermission) target.Copy();
- if (!newPermission.IsUnrestricted()) {
- newPermission._allowBlankPassword |= AllowBlankPassword;
- if (null != _keyvalues) {
- foreach(DBConnectionString entry in _keyvalues) {
- newPermission.AddPermissionEntry(entry);
- }
- }
- }
- return (newPermission.IsEmpty() ? null : newPermission);
- }
- private string DecodeXmlValue(string value) {
- if ((null != value) && (0 < value.Length)) {
- value = value.Replace(""", "\"");
- value = value.Replace("'", "\'");
- value = value.Replace("<", "<");
- value = value.Replace(">", ">");
- value = value.Replace("&", "&");
- }
- return value;
- }
- private string EncodeXmlValue(string value) {
- if ((null != value) && (0 < value.Length)) {
- value = value.Replace('\0', ' '); // assumption that '\0' will only be at end of string
- value = value.Trim();
- value = value.Replace("&", "&");
- value = value.Replace(">", ">");
- value = value.Replace("<", "<");
- value = value.Replace("\'", "'");
- value = value.Replace("\"", """);
- }
- return value;
- }
- // <IPermission class="...Permission" version="1" AllowBlankPassword=false>
- // <add ConnectionString="provider=x;data source=y;" KeyRestrictions="address=;server=" KeyRestrictionBehavior=PreventUsage/>
- // </IPermission>
- override public void FromXml(SecurityElement securityElement) {
- // code derived from CodeAccessPermission.ValidateElement
- if (null == securityElement) {
- throw ADP.ArgumentNull("securityElement");
- }
- string tag = securityElement.Tag;
- if (!tag.Equals(XmlStr._Permission) && !tag.Equals(XmlStr._IPermission)) {
- throw ADP.NotAPermissionElement();
- }
- String version = securityElement.Attribute(XmlStr._Version);
- if ((null != version) && !version.Equals(XmlStr._VersionNumber)) {
- throw ADP.InvalidXMLBadVersion();
- }
- string unrestrictedValue = securityElement.Attribute(XmlStr._Unrestricted);
- _isUnrestricted = (null != unrestrictedValue) && Boolean.Parse(unrestrictedValue);
- Clear(); // MDAC 83105
- if (!_isUnrestricted) {
- string allowNull = securityElement.Attribute(XmlStr._AllowBlankPassword);
- _allowBlankPassword = (null != allowNull) && Boolean.Parse(allowNull);
- ArrayList children = securityElement.Children;
- if (null != children) {
- foreach(SecurityElement keyElement in children) {
- tag = keyElement.Tag;
- if ((XmlStr._add == tag) || ((null != tag) && (XmlStr._add == tag.ToLower(CultureInfo.InvariantCulture)))) {
- string constr = keyElement.Attribute(XmlStr._ConnectionString);
- string restrt = keyElement.Attribute(XmlStr._KeyRestrictions);
- string behavr = keyElement.Attribute(XmlStr._KeyRestrictionBehavior);
- KeyRestrictionBehavior behavior = KeyRestrictionBehavior.AllowOnly;
- if (null != behavr) {
- behavior = (KeyRestrictionBehavior) Enum.Parse(typeof(KeyRestrictionBehavior), behavr, true);
- }
- constr = DecodeXmlValue(constr);
- restrt = DecodeXmlValue(restrt);
- Add(constr, restrt, behavior);
- }
- }
- }
- }
- else {
- _allowBlankPassword = false;
- }
- }
- // <IPermission class="...Permission" version="1" AllowBlankPassword=false>
- // <add ConnectionString="provider=x;data source=y;"/>
- // <add ConnectionString="provider=x;data source=y;" KeyRestrictions="user id=;password=;" KeyRestrictionBehavior=AllowOnly/>
- // <add ConnectionString="provider=x;data source=y;" KeyRestrictions="address=;server=" KeyRestrictionBehavior=PreventUsage/>
- // </IPermission>
- override public SecurityElement ToXml() {
- Type type = this.GetType();
- SecurityElement root = new SecurityElement(XmlStr._IPermission);
- root.AddAttribute(XmlStr._class, type.AssemblyQualifiedName.Replace('\"', '\''));
- root.AddAttribute(XmlStr._Version, XmlStr._VersionNumber);
- if (IsUnrestricted()) {
- root.AddAttribute(XmlStr._Unrestricted, XmlStr._true);
- }
- else {
- root.AddAttribute(XmlStr._AllowBlankPassword, _allowBlankPassword.ToString(CultureInfo.InvariantCulture));
- if (null != _keyvalues) {
- foreach(DBConnectionString value in _keyvalues) {
- SecurityElement valueElement = new SecurityElement(XmlStr._add);
- string tmp;
- tmp = value.ConnectionString; // WebData 97375
- tmp = EncodeXmlValue(tmp);
- if (!ADP.IsEmpty(tmp)) {
- valueElement.AddAttribute(XmlStr._ConnectionString, tmp);
- }
- tmp = value.Restrictions;
- tmp = EncodeXmlValue(tmp);
- if (null == tmp) { tmp = ADP.StrEmpty; }
- valueElement.AddAttribute(XmlStr._KeyRestrictions, tmp);
- tmp = value.Behavior.ToString();
- valueElement.AddAttribute(XmlStr._KeyRestrictionBehavior, tmp);
- root.AddChild(valueElement);
- }
- }
- }
- return root;
- }
- private static class XmlStr {
- internal const string _class = "class";
- internal const string _IPermission = "IPermission";
- internal const string _Permission = "Permission";
- internal const string _Unrestricted = "Unrestricted";
- internal const string _AllowBlankPassword = "AllowBlankPassword";
- internal const string _true = "true";
- internal const string _Version = "version";
- internal const string _VersionNumber = "1";
- internal const string _add = "add";
- internal const string _ConnectionString = "ConnectionString";
- internal const string _KeyRestrictions = "KeyRestrictions";
- internal const string _KeyRestrictionBehavior = "KeyRestrictionBehavior";
- }
- }
- }
|
