private static AppDomain CreateModAppDomain(string modFile)
{
//TODO: Should maybe log error
if (ModAppDomains.ContainsKey(modFile))
{
return(ModAppDomains[modFile]);
}
string modDir = Path.GetDirectoryName(modFile);
AppDomainSetup appDomainSetup = new AppDomainSetup();
appDomainSetup.DisallowCodeDownload = true;
appDomainSetup.DisallowBindingRedirects = true;
appDomainSetup.PrivateBinPath = string.Format("{0};{1}", modDir.Replace("file:\\", ""), Environment.CurrentDirectory);
//appDomainSetup.PrivateBinPathProbe = null;
appDomainSetup.ApplicationName = AppDomain.CurrentDomain.SetupInformation.ApplicationName;
appDomainSetup.ApplicationBase = Environment.CurrentDirectory;
appDomainSetup.DynamicBase = Environment.CurrentDirectory;
PermissionSet permissions = new PermissionSet(null);
//Make sure mods only read from allowed directories
if (allowedReadDirs.Length > 0)
{
FileIOPermission readPermission = new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, allowedReadDirs);
permissions.AddPermission(readPermission);
}
//Allow mod to read from its own directory and game base directory
modDir = modDir.Replace("file:\\", "");
FileIOPermission readOwnDirectory = new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, new string[] { Path.GetFullPath(modDir), Path.GetFullPath(AppDomain.CurrentDomain.BaseDirectory) });
permissions.AddPermission(readOwnDirectory);
//Make sure mods only write to allowed directories
if (allowedWriteDirs.Length > 0)
{
FileIOPermission writePermission = new FileIOPermission(FileIOPermissionAccess.Write | FileIOPermissionAccess.Append, allowedWriteDirs);
permissions.AddPermission(writePermission);
}
//Allow mod to run code
SecurityPermission sp = new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.Infrastructure | SecurityPermissionFlag.SerializationFormatter | SecurityPermissionFlag.AllFlags);
permissions.SetPermission(sp);
//Restrict mods reflection capabilities
ReflectionPermission rp = new ReflectionPermission(ReflectionPermissionFlag.NoFlags);
permissions.SetPermission(rp);
return(AppDomain.CreateDomain(string.Format("{0}AppDomain", Path.GetFileNameWithoutExtension(modFile)), AppDomain.CurrentDomain.Evidence, appDomainSetup, permissions, typeof(Mod).Assembly.Evidence.GetHostEvidence <StrongName>()));
}
internal PolicyStatement CalculatePolicy(Url url)
{
URLString uRLString = url.GetURLString();
if (string.Compare(uRLString.Scheme, "file", StringComparison.OrdinalIgnoreCase) != 0)
{
return(null);
}
string directoryName = uRLString.GetDirectoryName();
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.SetPermission(new FileIOPermission(this.m_access, Path.GetFullPath(directoryName)));
return(new PolicyStatement(permSet, PolicyStatementAttribute.Nothing));
}
private PolicyStatement CalculatePolicy(Url url)
{
URLString urlString = url.GetURLString();
if (String.Compare(urlString.Scheme, "file", true, CultureInfo.InvariantCulture) != 0)
{
return(null);
}
String directory = urlString.GetDirectoryName();
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.SetPermission(new FileIOPermission(m_access, directory));
return(new PolicyStatement(permSet, PolicyStatementAttribute.Nothing));
}
// NOTE: To test, replace www.contoso.com w/ the local string
//<snippet1>
public static Object GetFile(String fileURL, XmlResolver resolver)
{
// Generate the default PermissionSet using the file URL.
Evidence evidence = XmlSecureResolver.CreateEvidenceForUrl(fileURL);
PermissionSet myPermissions = SecurityManager.ResolvePolicy(evidence);
// Modify the PermissionSet to only allow access to http://www.contoso.com.
// Create a WebPermission which only allows access to http://www.contoso.com.
WebPermission myWebPermission = new WebPermission(NetworkAccess.Connect, "http://www.contoso.com");
// Replace the existing WebPermission in myPermissions with the updated WebPermission.
myPermissions.SetPermission(myWebPermission);
// Use the modified PermissionSet to construct the XmlSecureResolver.
XmlSecureResolver sResolver = new XmlSecureResolver(resolver, myPermissions);
// Get the object.
Uri fullUri = sResolver.ResolveUri(null, fileURL);
return(sResolver.GetEntity(fullUri, null, null));
}
public ServerProcessing ProcessMessage(IServerChannelSinkStack sinkStack,
IMessage requestMsg,
ITransportHeaders requestHeaders, Stream requestStream,
out IMessage responseMsg, out ITransportHeaders responseHeaders,
out Stream responseStream)
{
if (requestMsg != null)
{
// The message has already been deserialized so delegate to the next sink.
return(_nextSink.ProcessMessage(
sinkStack,
requestMsg, requestHeaders, requestStream,
out responseMsg, out responseHeaders, out responseStream));
}
if (requestHeaders == null)
{
throw new ArgumentNullException("requestHeaders");
}
BaseTransportHeaders wkRequestHeaders = requestHeaders as BaseTransportHeaders;
ServerProcessing processing;
responseHeaders = null;
responseStream = null;
String verb = null;
String contentType = null;
bool bCanServiceRequest = true;
// determine the content type
String contentTypeHeader = null;
if (wkRequestHeaders != null)
{
contentTypeHeader = wkRequestHeaders.ContentType;
}
else
{
contentTypeHeader = requestHeaders["Content-Type"] as String;
}
if (contentTypeHeader != null)
{
String charsetValue;
HttpChannelHelper.ParseContentType(contentTypeHeader,
out contentType, out charsetValue);
}
// check to see if Content-Type matches
if ((contentType != null) &&
(String.CompareOrdinal(contentType, CoreChannel.BinaryMimeType) != 0))
{
bCanServiceRequest = false;
}
// check for http specific verbs
if (_protocol == Protocol.Http)
{
verb = (String)requestHeaders["__RequestVerb"];
if (!verb.Equals("POST") && !verb.Equals("M-POST"))
{
bCanServiceRequest = false;
}
}
// either delegate or return an error message if we can't service the request
if (!bCanServiceRequest)
{
// delegate to next sink if available
if (_nextSink != null)
{
return(_nextSink.ProcessMessage(sinkStack, null, requestHeaders, requestStream,
out responseMsg, out responseHeaders, out responseStream));
}
else
{
// send back an error message
if (_protocol == Protocol.Http)
{
// return a client bad request error
responseHeaders = new TransportHeaders();
responseHeaders["__HttpStatusCode"] = "400";
responseHeaders["__HttpReasonPhrase"] = "Bad Request";
responseStream = null;
responseMsg = null;
return(ServerProcessing.Complete);
}
else
{
// The transport sink will catch this and do something here.
throw new RemotingException(
CoreChannel.GetResourceString("Remoting_Channels_InvalidRequestFormat"));
}
}
}
try
{
String objectUri = null;
bool bIsCustomErrorEnabled = true;
object oIsCustomErrorEnabled = requestHeaders["__CustomErrorsEnabled"];
if (oIsCustomErrorEnabled != null && oIsCustomErrorEnabled is bool)
{
bIsCustomErrorEnabled = (bool)oIsCustomErrorEnabled;
}
CallContext.SetData("__CustomErrorsEnabled", bIsCustomErrorEnabled);
if (wkRequestHeaders != null)
{
objectUri = wkRequestHeaders.RequestUri;
}
else
{
objectUri = (String)requestHeaders[CommonTransportKeys.RequestUri];
}
if (objectUri != lastUri && RemotingServices.GetServerTypeForUri(objectUri) == null)
{
throw new RemotingException(
CoreChannel.GetResourceString("Remoting_ChnlSink_UriNotPublished"));
}
else
{
lastUri = objectUri;
}
PermissionSet currentPermissionSet = null;
if (this.TypeFilterLevel != TypeFilterLevel.Full)
{
currentPermissionSet = new PermissionSet(PermissionState.None);
currentPermissionSet.SetPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
}
try {
if (currentPermissionSet != null)
{
currentPermissionSet.PermitOnly();
}
// Deserialize Request - Stream to IMessage
requestMsg = CoreChannel.DeserializeBinaryRequestMessage(objectUri, requestStream, _strictBinding, this.TypeFilterLevel);
}
finally {
if (currentPermissionSet != null)
{
CodeAccessPermission.RevertPermitOnly();
}
}
requestStream.Close();
if (requestMsg == null)
{
throw new RemotingException(CoreChannel.GetResourceString("Remoting_DeserializeMessage"));
}
// Dispatch Call
sinkStack.Push(this, null);
processing =
_nextSink.ProcessMessage(sinkStack, requestMsg, requestHeaders, null,
out responseMsg, out responseHeaders, out responseStream);
// make sure that responseStream is null
if (responseStream != null)
{
throw new RemotingException(
CoreChannel.GetResourceString("Remoting_ChnlSink_WantNullResponseStream"));
}
switch (processing)
{
case ServerProcessing.Complete:
{
if (responseMsg == null)
{
throw new RemotingException(CoreChannel.GetResourceString("Remoting_DispatchMessage"));
}
sinkStack.Pop(this);
SerializeResponse(sinkStack, responseMsg,
ref responseHeaders, out responseStream);
break;
} // case ServerProcessing.Complete
case ServerProcessing.OneWay:
{
sinkStack.Pop(this);
break;
} // case ServerProcessing.OneWay:
case ServerProcessing.Async:
{
sinkStack.Store(this, null);
break;
} // case ServerProcessing.Async
} // switch (processing)
}
catch (Exception e)
{
processing = ServerProcessing.Complete;
responseMsg = new ReturnMessage(e, (IMethodCallMessage)(requestMsg == null?new ErrorMessage():requestMsg));
//
CallContext.SetData("__ClientIsClr", true);
responseStream = (MemoryStream)CoreChannel.SerializeBinaryMessage(responseMsg, _includeVersioning);
CallContext.FreeNamedDataSlot("__ClientIsClr");
responseStream.Position = 0;
responseHeaders = new TransportHeaders();
if (_protocol == Protocol.Http)
{
responseHeaders["Content-Type"] = CoreChannel.BinaryMimeType;
}
}
finally{
CallContext.FreeNamedDataSlot("__CustomErrorsEnabled");
}
return(processing);
} // ProcessMessage
internal PolicyStatement CalculatePolicy(Url url) {
URLString urlString = url.GetURLString();
if (String.Compare(urlString.Scheme, "file", StringComparison.OrdinalIgnoreCase) != 0)
return null;
string directory = urlString.GetDirectoryName();
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.SetPermission(new FileIOPermission(m_access, System.IO.Path.GetFullPath(directory)));
return new PolicyStatement(permSet, PolicyStatementAttribute.Nothing);
}
public static void PermissionSetDemo()
{
Console.WriteLine("Executing PermissionSetDemo");
try
{
//<Snippet2>
// Open a new PermissionSet.
PermissionSet ps1 = new PermissionSet(PermissionState.None);
Console.WriteLine("Adding permission to open a file from a file dialog box.");
//<Snippet3>
// Add a permission to the permission set.
ps1.AddPermission(
new FileDialogPermission(FileDialogPermissionAccess.Open));
//</Snippet3>
Console.WriteLine("Demanding permission to open a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
//</Snippet2>
Console.WriteLine("Adding permission to save a file from a file dialog box.");
ps1.AddPermission(
new FileDialogPermission(FileDialogPermissionAccess.Save));
Console.WriteLine("Demanding permission to open and save a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to read environment variable USERNAME.");
ps1.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to read environment variable COMPUTERNAME.");
ps1.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "COMPUTERNAME"));
//<Snippet4>
// Demand all the permissions in the set.
Console.WriteLine("Demand all permissions.");
ps1.Demand();
//</Snippet4>
Console.WriteLine("Demand succeeded.");
//<Snippet5>
// Display the number of permissions in the set.
Console.WriteLine("Number of permissions = " + ps1.Count);
//</Snippet5>
//<Snippet6>
// Display the value of the IsSynchronized property.
Console.WriteLine("IsSynchronized property = " + ps1.IsSynchronized);
//</Snippet6>
//<Snippet7>
// Display the value of the IsReadOnly property.
Console.WriteLine("IsReadOnly property = " + ps1.IsReadOnly);
//</Snippet7>
//<Snippet8>
// Display the value of the SyncRoot property.
Console.WriteLine("SyncRoot property = " + ps1.SyncRoot);
//</Snippet8>
//<Snippet9>
// Display the result of a call to the ContainsNonCodeAccessPermissions method.
// Gets a value indicating whether the PermissionSet contains permissions
// that are not derived from CodeAccessPermission.
// Returns true if the PermissionSet contains permissions that are not
// derived from CodeAccessPermission; otherwise, false.
Console.WriteLine("ContainsNonCodeAccessPermissions method returned " +
ps1.ContainsNonCodeAccessPermissions());
//</Snippet9>
//<Snippet10>
Console.WriteLine("Value of the permission set ToString = \n" + ps1.ToString());
//</Snippet10>
PermissionSet ps2 = new PermissionSet(PermissionState.None);
//<Snippet11>
// Create a second permission set and compare it to the first permission set.
ps2.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps2.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Write, "COMPUTERNAME"));
IEnumerator list = ps1.GetEnumerator();
Console.WriteLine("Permissions in first permission set:");
while (list.MoveNext())
{
Console.WriteLine(list.Current.ToString());
}
Console.WriteLine("Second permission IsSubsetOf first permission = " + ps2.IsSubsetOf(ps1));
//</Snippet11>
//<Snippet12>
// Display the intersection of two permission sets.
PermissionSet ps3 = ps2.Intersect(ps1);
Console.WriteLine("The intersection of the first permission set and "
+ "the second permission set = " + ps3.ToString());
//</Snippet12>
// Create a new permission set.
PermissionSet ps4 = new PermissionSet(PermissionState.None);
ps4.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read,
"C:\\Temp\\Testfile.txt"));
ps4.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.Write | FileIOPermissionAccess.Append,
"C:\\Temp\\Testfile.txt"));
//<Snippet13>
// Display the union of two permission sets.
PermissionSet ps5 = ps3.Union(ps4);
Console.WriteLine("The union of permission set 3 and permission set 4 = "
+ ps5.ToString());
//</Snippet13>
//<Snippet15>
// Remove FileIOPermission from the permission set.
ps5.RemovePermission(typeof(FileIOPermission));
Console.WriteLine("The last permission set after removing FileIOPermission = "
+ ps5.ToString());
//</Snippet15>
//<Snippet16>
// Change the permission set using SetPermission.
ps5.SetPermission(new EnvironmentPermission(EnvironmentPermissionAccess.AllAccess, "USERNAME"));
Console.WriteLine("Permission set after SetPermission = " + ps5.ToString());
//</Snippet16>
//<Snippet17>
// Display result of ToXml and FromXml operations.
PermissionSet ps6 = new PermissionSet(PermissionState.None);
ps6.FromXml(ps5.ToXml());
Console.WriteLine("Result of ToFromXml = " + ps6.ToString() + "\n");
//</Snippet17>
//<Snippet18>
// Display results of PermissionSet.GetEnumerator.
IEnumerator psEnumerator = ps1.GetEnumerator();
while (psEnumerator.MoveNext())
{
Console.WriteLine(psEnumerator.Current);
}
//</Snippet18>
//<Snippet19>
// Check for an unrestricted permission set.
PermissionSet ps7 = new PermissionSet(PermissionState.Unrestricted);
Console.WriteLine("Permission set is unrestricted = " + ps7.IsUnrestricted());
//</Snippet19>
//<Snippet20>
// Create and display a copy of a permission set.
ps7 = ps5.Copy();
Console.WriteLine("Result of copy = " + ps7.ToString());
//</Snippet20>
}
catch (Exception e)
{
Console.WriteLine(e.Message.ToString());
}
}
public ServerProcessing ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, out IMessage responseMsg, out ITransportHeaders responseHeaders, out Stream responseStream)
{
ServerProcessing complete;
if (requestMsg != null)
{
return(this._nextSink.ProcessMessage(sinkStack, requestMsg, requestHeaders, requestStream, out responseMsg, out responseHeaders, out responseStream));
}
if (requestHeaders == null)
{
throw new ArgumentNullException("requestHeaders");
}
BaseTransportHeaders headers = requestHeaders as BaseTransportHeaders;
responseHeaders = null;
responseStream = null;
string str = null;
string str2 = null;
bool flag = true;
string contentType = null;
if (headers != null)
{
contentType = headers.ContentType;
}
else
{
contentType = requestHeaders["Content-Type"] as string;
}
if (contentType != null)
{
string str4;
HttpChannelHelper.ParseContentType(contentType, out str2, out str4);
}
if ((str2 != null) && (string.Compare(str2, "text/xml", StringComparison.Ordinal) != 0))
{
flag = false;
}
if (this._protocol == Protocol.Http)
{
str = (string)requestHeaders["__RequestVerb"];
if (!str.Equals("POST") && !str.Equals("M-POST"))
{
flag = false;
}
}
if (!flag)
{
if (this._nextSink != null)
{
return(this._nextSink.ProcessMessage(sinkStack, null, requestHeaders, requestStream, out responseMsg, out responseHeaders, out responseStream));
}
if (this._protocol != Protocol.Http)
{
throw new RemotingException(CoreChannel.GetResourceString("Remoting_Channels_InvalidRequestFormat"));
}
responseHeaders = new TransportHeaders();
responseHeaders["__HttpStatusCode"] = "400";
responseHeaders["__HttpReasonPhrase"] = "Bad Request";
responseStream = null;
responseMsg = null;
return(ServerProcessing.Complete);
}
bool bClientIsClr = true;
try
{
string str7;
string uRI = null;
if (headers != null)
{
uRI = headers.RequestUri;
}
else
{
uRI = (string)requestHeaders["__RequestUri"];
}
if (RemotingServices.GetServerTypeForUri(uRI) == null)
{
throw new RemotingException(CoreChannel.GetResourceString("Remoting_ChnlSink_UriNotPublished"));
}
if (this._protocol == Protocol.Http)
{
string str6 = (string)requestHeaders["User-Agent"];
if (str6 != null)
{
if (str6.IndexOf("MS .NET Remoting") == -1)
{
bClientIsClr = false;
}
}
else
{
bClientIsClr = false;
}
}
bool data = true;
object obj2 = requestHeaders["__CustomErrorsEnabled"];
if ((obj2 != null) && (obj2 is bool))
{
data = (bool)obj2;
}
CallContext.SetData("__CustomErrorsEnabled", data);
Header[] channelHeaders = this.GetChannelHeaders(requestHeaders, out str7);
PermissionSet set = null;
if (this.TypeFilterLevel != System.Runtime.Serialization.Formatters.TypeFilterLevel.Full)
{
set = new PermissionSet(PermissionState.None);
set.SetPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
}
try
{
if (set != null)
{
set.PermitOnly();
}
requestMsg = CoreChannel.DeserializeSoapRequestMessage(requestStream, channelHeaders, this._strictBinding, this.TypeFilterLevel);
}
finally
{
if (set != null)
{
CodeAccessPermission.RevertPermitOnly();
}
}
requestStream.Close();
if (requestMsg == null)
{
throw new RemotingException(CoreChannel.GetResourceString("Remoting_DeserializeMessage"));
}
if ((str7 != null) && !SoapServices.IsSoapActionValidForMethodBase(str7, ((IMethodMessage)requestMsg).MethodBase))
{
throw new RemotingException(string.Format(CultureInfo.CurrentCulture, CoreChannel.GetResourceString("Remoting_Soap_InvalidSoapAction"), new object[] { str7 }));
}
sinkStack.Push(this, null);
complete = this._nextSink.ProcessMessage(sinkStack, requestMsg, requestHeaders, null, out responseMsg, out responseHeaders, out responseStream);
if (responseStream != null)
{
throw new RemotingException(CoreChannel.GetResourceString("Remoting_ChnlSink_WantNullResponseStream"));
}
switch (complete)
{
case ServerProcessing.Complete:
if (responseMsg == null)
{
throw new RemotingException(CoreChannel.GetResourceString("Remoting_DispatchMessage"));
}
break;
case ServerProcessing.OneWay:
sinkStack.Pop(this);
return(complete);
case ServerProcessing.Async:
sinkStack.Store(this, null);
return(complete);
default:
return(complete);
}
sinkStack.Pop(this);
this.SerializeResponse(sinkStack, responseMsg, bClientIsClr, ref responseHeaders, out responseStream);
return(complete);
}
catch (Exception exception)
{
complete = ServerProcessing.Complete;
responseMsg = new ReturnMessage(exception, (requestMsg == null) ? ((IMethodCallMessage) new System.Runtime.Remoting.Channels.Http.ErrorMessage()) : ((IMethodCallMessage)requestMsg));
CallContext.SetData("__ClientIsClr", bClientIsClr);
responseStream = (MemoryStream)CoreChannel.SerializeSoapMessage(responseMsg, this._includeVersioning);
CallContext.FreeNamedDataSlot("__ClientIsClr");
responseStream.Position = 0L;
responseHeaders = new TransportHeaders();
if (this._protocol == Protocol.Http)
{
responseHeaders["__HttpStatusCode"] = "500";
responseHeaders["__HttpReasonPhrase"] = "Internal Server Error";
responseHeaders["Content-Type"] = "text/xml; charset=\"utf-8\"";
}
}
finally
{
CallContext.FreeNamedDataSlot("__CustomErrorsEnabled");
}
return(complete);
}
