public override bool IsSubsetOf(IPermission target)
{
if (target == null)
{
return(false);
}
DnsPermission newTarget = target as DnsPermission;
if (newTarget == null)
{
throw new ArgumentException();
}
if (!restrictedState)
{
if (!newTarget.restrictedState)
{
return(true);
}
else
{
return(false);
}
}
return(true);
}
public void PermissionState_Bad ()
{
PermissionState ps = (PermissionState)Int32.MinValue;
DnsPermission dp = new DnsPermission (ps);
// no ArgumentException here
Assert.IsFalse (dp.IsUnrestricted ());
}
public override IPermission Intersect(IPermission target)
{
if (target == null)
{
throw new ArgumentNullException("IPermission");
}
DnsPermission newTarget = target as DnsPermission;
if (newTarget == null)
{
throw new ArgumentException();
}
if (!restrictedState)
{
return(newTarget);
}
if (!newTarget.restrictedState)
{
return(this);
}
return(null);
}
/// <summary>
/// Checks to see if DNS information is available to the caller
///
/// </summary>
///
/// <returns/>
public bool GetIsDnsAvailable()
{
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
DnsPermission dnsPermission = new DnsPermission(PermissionState.Unrestricted);
permissionSet.AddPermission((IPermission) dnsPermission);
return permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet);
}
} // GetHostName
/*****************************************************************************
* Function : resolve
*
* Abstract: Converts IP/hostnames to IP numerical address using DNS
* Additional methods provided for convenience
* (These methods will resolve strings and hostnames. In case of
* multiple IP addresses, the address returned is chosen arbitrarily.)
*
* Input Parameters: host/IP
*
* Returns: IPAddress
******************************************************************************/
/// <include file='doc\DNS.uex' path='docs/doc[@for="Dns.Resolve"]/*' />
/// <devdoc>
/// <para>Creates an <see cref='System.Net.IPAddress'/>
/// instance from a DNS hostname.</para>
/// </devdoc>
// UEUE
public static IPHostEntry Resolve(string hostName)
{
//
// demand Unrestricted DnsPermission for this call
//
s_DnsPermission.Demand();
//This is a perf optimization, this method call others that will demand and we already did that.
s_DnsPermission.Assert();
IPHostEntry ipHostEntry = null;
try {
if (hostName == null)
{
throw new ArgumentNullException("hostName");
}
GlobalLog.Print("Dns.Resolve: " + hostName);
//
// as a minor perf improvement, we'll look at the first character
// in the hostName and if that's a digit, call GetHostByAddress() first.
// note that GetHostByAddress() will succeed ONLY if the first character is a digit.
// hence if this is not the case, below, we will only call GetHostByName()
// specifically, on Win2k, only the following are valid:
// "11.22.33.44" - success
// "0x0B16212C" - success
// while these will fail or return bogus data (note the prepended spaces):
// " 11.22.33.44" - bogus data
// " 0x0B16212C" - bogus data
// " 0B16212C" - bogus data
// "0B16212C" - failure
//
// IPv6 support: added ':' as a legal character in IP addresses so that
// we can attempt gethostbyaddress first.
//
if (hostName.Length > 0 &&
((hostName[0] >= '0' && hostName[0] <= '9') || // Possible IPv4 or IPv6 numeric
(hostName.IndexOf(':') >= 0))) // Possible IPv6 numeric
{
try {
ipHostEntry = GetHostByAddress(hostName);
}
catch {
//
// this can fail for weird hostnames like 3com.com
//
}
}
if (ipHostEntry == null)
{
ipHostEntry = GetHostByName(hostName);
}
}
finally {
DnsPermission.RevertAssert();
}
return(ipHostEntry);
}
public override bool IsSubsetOf(IPermission target)
{
DnsPermission dp = Cast(target);
if (dp == null)
{
return(IsEmpty());
}
return(dp.IsUnrestricted() || (m_noRestriction == dp.m_noRestriction));
}
internal DnsClient(
IPEndPoint serverEndPoint,
RequestBuilder requestBuilder,
ResolverFactory resolverFactory,
ResponseParser responseParser)
{
_dnsPermissions = new DnsPermission(PermissionState.Unrestricted);
_serverEndPoint = serverEndPoint;
_requestBuilder = requestBuilder;
_resolverFactory = resolverFactory;
_responseParser = responseParser;
}
public DnsQueryRequest()
{
_dnsPermissions = new DnsPermission(PermissionState.Unrestricted);
// Construct the class with some defaults
_transactionId = (ushort) r.Next();
_flags = 0;
_queryResponse = QueryResponse.Query;
this._opCode = OpCode.QUERY;
// Recursion Desired
this._nsFlags = NsFlags.RD;
this._questions = 1;
}
public override IPermission Intersect(IPermission target)
{
DnsPermission dp = Cast(target);
if (dp == null)
{
return(null);
}
if (IsUnrestricted() && dp.IsUnrestricted())
{
return(new DnsPermission(PermissionState.Unrestricted));
}
return(null);
}
public override IPermission Union(IPermission target)
{
if (target == null)
{
return(this.Copy());
}
DnsPermission permission = target as DnsPermission;
if (permission == null)
{
throw new ArgumentException(SR.GetString("net_perm_target"), "target");
}
return(new DnsPermission(this.m_noRestriction || permission.m_noRestriction));
}
public void Intersect ()
{
DnsPermission dpn = new DnsPermission (PermissionState.None);
Assert.IsNull (dpn.Intersect (null), "None N null");
Assert.IsNull (dpn.Intersect (dpn), "None N None");
DnsPermission dpu = new DnsPermission (PermissionState.Unrestricted);
Assert.IsNull (dpu.Intersect (null), "Unrestricted N null");
DnsPermission result = (DnsPermission) dpu.Intersect (dpu);
Assert.IsTrue (result.IsUnrestricted (), "Unrestricted N Unrestricted");
Assert.IsNull (dpn.Intersect (dpu), "None N Unrestricted");
Assert.IsNull (dpu.Intersect (dpn), "Unrestricted N None");
}
public void PermissionState_None ()
{
PermissionState ps = PermissionState.None;
DnsPermission dp = new DnsPermission (ps);
Assert.IsFalse (dp.IsUnrestricted (), "IsUnrestricted");
SecurityElement se = dp.ToXml ();
// only class and version are present
Assert.AreEqual (2, se.Attributes.Count, "Xml-Attributes#");
Assert.IsNull (se.Children, "Xml-Children");
DnsPermission copy = (DnsPermission)dp.Copy ();
Assert.IsFalse (Object.ReferenceEquals (dp, copy), "ReferenceEquals");
Assert.AreEqual (dp.IsUnrestricted (), copy.IsUnrestricted (), "IsUnrestricted ()");
}
/// <include file='doc\DnsPermission.uex' path='docs/doc[@for="DnsPermission.Union"]/*' />
/// <devdoc>
/// <para>Returns the logical union between two <see cref='System.Net.DnsPermission'/> instances.</para>
/// </devdoc>
public override IPermission Union(IPermission target)
{
// Pattern suggested by Security engine
if (target == null)
{
return(this.Copy());
}
DnsPermission other = target as DnsPermission;
if (other == null)
{
throw new ArgumentException(SR.GetString(SR.net_perm_target));
}
return(new DnsPermission(m_noRestriction || other.m_noRestriction));
}
public void PermissionState_Unrestricted ()
{
PermissionState ps = PermissionState.Unrestricted;
DnsPermission dp = new DnsPermission (ps);
Assert.IsTrue (dp.IsUnrestricted (), "IsUnrestricted");
SecurityElement se = dp.ToXml ();
Assert.AreEqual ("true", se.Attribute ("Unrestricted"), "Xml-Unrestricted");
Assert.AreEqual (3, se.Attributes.Count, "Xml-Attributes#");
Assert.IsNull (se.Children, "Xml-Children");
DnsPermission copy = (DnsPermission)dp.Copy ();
Assert.IsFalse (Object.ReferenceEquals (dp, copy), "ReferenceEquals");
Assert.AreEqual (dp.IsUnrestricted (), copy.IsUnrestricted (), "IsUnrestricted ()");
}
public override IPermission Intersect(IPermission target)
{
if (target != null)
{
DnsPermission permission = target as DnsPermission;
if (permission == null)
{
throw new ArgumentException(SR.GetString("net_perm_target"), "target");
}
if (this.m_noRestriction && permission.m_noRestriction)
{
return(new DnsPermission(true));
}
}
return(null);
}
private DnsPermission Cast(IPermission target)
{
if (target == null)
{
return(null);
}
DnsPermission dp = (target as DnsPermission);
if (dp == null)
{
PermissionHelper.ThrowInvalidPermission(target, typeof(DnsPermission));
}
return(dp);
}
public override IPermission Union(IPermission target)
{
DnsPermission dp = Cast(target);
if (dp == null)
{
return(Copy());
}
if (IsUnrestricted() || dp.IsUnrestricted())
{
return(new DnsPermission(PermissionState.Unrestricted));
}
else
{
return(new DnsPermission(PermissionState.None));
}
}
static void loadAssembly1()
{
CodeAccessPermission permission = new DnsPermission(PermissionState.Unrestricted);
try
{
permission.Demand();
Assembly1.Class1.openPage();
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
Assembly assembly = Assembly.LoadFrom("assembly1.dll");
Console.WriteLine("Strong Name : " + assembly.GetName());
}
public override bool IsSubsetOf(IPermission target)
{
if (target == null)
{
return(!this.m_noRestriction);
}
DnsPermission permission = target as DnsPermission;
if (permission == null)
{
throw new ArgumentException(SR.GetString("net_perm_target"), "target");
}
if (this.m_noRestriction)
{
return(permission.m_noRestriction);
}
return(true);
}
/// <include file='doc\DnsPermission.uex' path='docs/doc[@for="DnsPermission.IsSubsetOf"]/*' />
/// <devdoc>
/// <para>Compares two <see cref='System.Net.DnsPermission'/> instances.</para>
/// </devdoc>
public override bool IsSubsetOf(IPermission target)
{
// Pattern suggested by Security engine
if (target == null)
{
return(m_noRestriction == false);
}
DnsPermission other = target as DnsPermission;
if (other == null)
{
throw new ArgumentException(SR.GetString(SR.net_perm_target));
}
//Here is the matrix of result based on m_noRestriction for me and she
// me.noRestriction she.noRestriction me.isSubsetOf(she)
// 0 0 1
// 0 1 1
// 1 0 0
// 1 1 1
return(!m_noRestriction || other.m_noRestriction);
}
/// <include file='doc\DnsPermission.uex' path='docs/doc[@for="DnsPermission.Intersect"]/*' />
/// <devdoc>
/// <para>Returns the logical intersection between two <see cref='System.Net.DnsPermission'/> instances.</para>
/// </devdoc>
public override IPermission Intersect(IPermission target)
{
// Pattern suggested by Security engine
if (target == null)
{
return(null);
}
DnsPermission other = target as DnsPermission;
if (other == null)
{
throw new ArgumentException(SR.GetString(SR.net_perm_target));
}
// return null if resulting permission is restricted and empty
// Hence, the only way for a bool permission will be.
if (this.m_noRestriction && other.m_noRestriction)
{
return(new DnsPermission(true));
}
return(null);
}
public override IPermission Union(IPermission target)
{
if (target == null)
{
throw new ArgumentNullException("IPermission");
}
DnsPermission newTarget = target as DnsPermission;
if (newTarget == null)
{
throw new ArgumentException();
}
if (IsSubsetOf(newTarget))
{
if ((!newTarget.restrictedState) || !restrictedState)
{
return(newTarget);
}
}
return(null);
}
public Authorization Authenticate(string challenge, WebRequest webRequest, ICredentials credentials)
{
GlobalLog.Print("KerberosClient::Authenticate(): " + challenge);
GlobalLog.Assert(credentials != null, "KerberosClient::Authenticate() credentials==null", "");
if (credentials == null)
{
return(null);
}
HttpWebRequest httpWebRequest = webRequest as HttpWebRequest;
GlobalLog.Assert(httpWebRequest != null, "KerberosClient::Authenticate() httpWebRequest==null", "");
if (httpWebRequest == null || httpWebRequest.ChallengedUri == null)
{
//
// there has been no challenge:
// 1) the request never went on the wire
// 2) somebody other than us is calling into AuthenticationManager
//
return(null);
}
int index = AuthenticationManager.FindSubstringNotInQuotes(challenge.ToLower(CultureInfo.InvariantCulture), Signature);
if (index < 0)
{
return(null);
}
int blobBegin = index + SignatureSize;
string incoming = null;
//
// there may be multiple challenges. If the next character after the
// package name is not a comma then it is challenge data
//
if (challenge.Length > blobBegin && challenge[blobBegin] != ',')
{
++blobBegin;
}
else
{
index = -1;
}
if (index >= 0 && challenge.Length > blobBegin)
{
incoming = challenge.Substring(blobBegin);
}
NTAuthentication authSession = sessions[httpWebRequest.CurrentAuthenticationState] as NTAuthentication;
GlobalLog.Print("KerberosClient::Authenticate() key:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState) + " retrieved authSession:" + ValidationHelper.HashString(authSession));
if (authSession == null)
{
NetworkCredential NC = credentials.GetCredential(httpWebRequest.ChallengedUri, Signature);
GlobalLog.Print("KerberosClient::Authenticate() GetCredential() returns:" + ValidationHelper.ToString(NC));
if (NC == null)
{
return(null);
}
string username = NC.UserName;
if (username == null || (username.Length == 0 && !(NC is SystemNetworkCredential)))
{
return(null);
}
if (httpWebRequest.ChallengedSpn == null)
{
string host = httpWebRequest.ChallengedUri.Host;
if (httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv6 && httpWebRequest.ChallengedUri.HostNameType != UriHostNameType.IPv4 && host.IndexOf('.') == -1)
{
// only do the DNS lookup for short names, no form of IP addess
(new DnsPermission(PermissionState.Unrestricted)).Assert();
try {
host = Dns.GetHostByName(host).HostName;
GlobalLog.Print("KerberosClient::Authenticate() Dns returned host:" + ValidationHelper.ToString(host));
}
catch (Exception exception) {
GlobalLog.Print("KerberosClient::Authenticate() GetHostByName(host) failed:" + ValidationHelper.ToString(exception));
}
finally {
DnsPermission.RevertAssert();
}
}
// CONSIDER V.NEXT
// for now avoid appending the non default port to the
// SPN, sometime in the future we'll have to do this.
// httpWebRequest.ChallengedSpn = httpWebRequest.ChallengedUri.IsDefaultPort ? host : host + ":" + httpWebRequest.ChallengedUri.Port;
httpWebRequest.ChallengedSpn = host;
}
GlobalLog.Print("KerberosClient::Authenticate() ChallengedSpn:" + ValidationHelper.ToString(httpWebRequest.ChallengedSpn));
authSession =
new NTAuthentication(
AuthType,
NC,
"HTTP/" + httpWebRequest.ChallengedSpn,
httpWebRequest.DelegationFix);
GlobalLog.Print("KerberosClient::Authenticate() adding authSession:" + ValidationHelper.HashString(authSession) + " for:" + ValidationHelper.HashString(httpWebRequest.CurrentAuthenticationState));
sessions.Add(httpWebRequest.CurrentAuthenticationState, authSession);
}
bool handshakeComplete;
string clientResponse = authSession.GetOutgoingBlob(incoming, out handshakeComplete);
if (clientResponse == null)
{
return(null);
}
return(new Authorization(AuthType + " " + clientResponse, false, string.Empty));
}
/// <summary>
/// Checks to see if DNS information is available to the caller
/// </summary>
/// <returns></returns>
public bool GetIsDnsAvailable()
{
#if NET40 || NET451
var permissionSet = new PermissionSet(PermissionState.None);
var writePermission = new DnsPermission(PermissionState.Unrestricted);
permissionSet.AddPermission(writePermission);
return permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet);
#elif NET20
return SecurityManager.IsGranted(new DnsPermission(PermissionState.Unrestricted));
#else
return false;
#endif
}
public void FromXml_WrongVersion ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
SecurityElement se = dp.ToXml ();
se.Attributes.Remove ("version");
se.Attributes.Add ("version", "2");
dp.FromXml (se);
}
public void FromXml_NoVersion ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
SecurityElement se = dp.ToXml ();
SecurityElement w = new SecurityElement (se.Tag);
w.AddAttribute ("class", se.Attribute ("class"));
dp.FromXml (w);
}
public void FromXml_WrongClass ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
SecurityElement se = dp.ToXml ();
SecurityElement w = new SecurityElement (se.Tag);
w.AddAttribute ("class", "Wrong" + se.Attribute ("class"));
w.AddAttribute ("version", se.Attribute ("version"));
dp.FromXml (w);
// doesn't care of the class name at that stage
// anyway the class has already be created so...
}
public void FromXml_NoClass ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
SecurityElement se = dp.ToXml ();
SecurityElement w = new SecurityElement (se.Tag);
w.AddAttribute ("version", se.Attribute ("version"));
dp.FromXml (w);
// note: normally IPermission classes (in corlib) DO NOT care about
// attribute "class" name presence in the XML
}
public void FromXml_WrongTag ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
SecurityElement se = dp.ToXml ();
se.Tag = "IMono";
dp.FromXml (se);
// note: normally IPermission classes (in corlib) DO care about the
// IPermission tag
}
public void FromXml_WrongTagCase ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
SecurityElement se = dp.ToXml ();
se.Tag = "IPERMISSION"; // instead of IPermission
dp.FromXml (se);
// note: normally IPermission classes (in corlib) DO care about the
// IPermission tag
}
public void FromXml_Null ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
dp.FromXml (null);
}
public void Union_BadPermission ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
dp.Union (new SecurityPermission (PermissionState.Unrestricted));
}
public void Union ()
{
DnsPermission dpn = new DnsPermission (PermissionState.None);
DnsPermission dpu = new DnsPermission (PermissionState.Unrestricted);
DnsPermission result = (DnsPermission) dpn.Union (null);
Assert.IsFalse (result.IsUnrestricted (), "None U null");
result = (DnsPermission) dpu.Union (null);
Assert.IsTrue (result.IsUnrestricted (), "Unrestricted U null");
result = (DnsPermission) dpn.Union (dpn);
Assert.IsFalse (result.IsUnrestricted (), "None U None");
result = (DnsPermission) dpu.Union (dpu);
Assert.IsTrue (result.IsUnrestricted (), "Unrestricted U Unrestricted");
result = (DnsPermission) dpn.Union (dpu);
Assert.IsTrue (result.IsUnrestricted (), "None U Unrestricted");
result = (DnsPermission) dpu.Union (dpn);
Assert.IsTrue (result.IsUnrestricted (), "Unrestricted U None");
}
public void IsSubset_BadPermission ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
dp.IsSubsetOf (new SecurityPermission (PermissionState.Unrestricted));
}
public void IsSubset ()
{
DnsPermission dpn = new DnsPermission (PermissionState.None);
DnsPermission dpu = new DnsPermission (PermissionState.Unrestricted);
Assert.IsTrue (dpn.IsSubsetOf (null), "None IsSubsetOf null");
Assert.IsFalse (dpu.IsSubsetOf (null), "Unrestricted IsSubsetOf null");
Assert.IsTrue (dpn.IsSubsetOf (dpn), "None IsSubsetOf None");
Assert.IsTrue (dpu.IsSubsetOf (dpu), "Unrestricted IsSubsetOf Unrestricted");
Assert.IsTrue (dpn.IsSubsetOf (dpu), "None IsSubsetOf Unrestricted");
Assert.IsFalse (dpu.IsSubsetOf (dpn), "Unrestricted IsSubsetOf None");
}
public void Intersect_BadPermission ()
{
DnsPermission dp = new DnsPermission (PermissionState.None);
dp.Intersect (new SecurityPermission (PermissionState.Unrestricted));
}
protected override IStackWalk CreateStackWalk()
{
DnsPermission permission = new DnsPermission(PermissionState.Unrestricted);
return permission;
}
