// Reinitializes all state in PermissionSet. public void Reset() { if (m_unrestrictedPermSet == null) { m_unrestrictedPermSet = new TokenBasedSet(12, 4); } else { m_unrestrictedPermSet.Reset(); } if (m_normalPermSet == null) { m_normalPermSet = new TokenBasedSet(6, 4); } else { m_normalPermSet.Reset(); } // By default, the PermissionListSet is unrestricted. Why? // At the start, having nothing on the stack should indicate success. // Once the first non-unrestricted grant is appended to the set, // then the PermissionListSet will become non-unrestricted. m_unrestricted = true; m_state = PermissionListSetState.None; }
public PermissionListSet(PermissionListSet permListSet) { if (permListSet == null) { Reset(); return; } m_unrestrictedPermSet = new TokenBasedSet(permListSet.m_unrestrictedPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_unrestrictedPermSet.GetItem(i); if (plist != null) { m_unrestrictedPermSet.SetItem(i, plist.Copy()); } } m_normalPermSet = new TokenBasedSet(permListSet.m_normalPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_normalPermSet.GetItem(i); if (plist != null) { m_normalPermSet.SetItem(i, plist.Copy()); } } m_unrestricted = permListSet.m_unrestricted; m_state = permListSet.m_state; }
private void AppendStackHelper(TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestrictedThisSet, bool unrestrictedPermSet, bool unrestricted) { int maxThis = thisSet.GetMaxUsedIndex(); int maxPerm = permSet.GetMaxUsedIndex(); int maxIndex = maxThis > maxPerm ? maxThis : maxPerm; for (int i = 0; i <= maxIndex; i++) { PermissionList plist = (PermissionList)thisSet.GetItem(i); PermissionList appendList = (PermissionList)permSet.GetItem(i); if (plist != null) { if (appendList != null) { // This call will not add the permission if the list is // empty, or if the last element is a normal check with // a null Permission. Let the method take care of it... plist.AppendStack(appendList.Copy()); } else { // Nothing on the compressed stack for this index, // so terminate current list. if (!unrestrictedPermSet) { plist.AppendPermissionAndCompress(null, PermissionList.MatchChecked); } } } else if (unrestrictedThisSet && appendList != null) { thisSet.SetItem(i, appendList.Copy()); } } }
public static TokenBasedSet CopyTokenBasedSet(TokenBasedSet set) { if (set == null || set.GetCount() == 0) { return(null); } int maxIndex = set.GetMaxUsedIndex(); TokenBasedSet copySet = new TokenBasedSet(maxIndex + 1, 4); for (int i = 0; i <= maxIndex; ++i) { Object obj = set.GetItem(i); if (obj == null) { copySet.SetItem(i, null); } else if (obj is IPermission) { copySet.SetItem(i, ((IPermission)obj).Copy()); } else if (obj is PermissionList) { copySet.SetItem(i, ((PermissionList)obj).Copy()); } else { BCLDebug.Assert(false, "CopyTokenBasedSet can only be used for IPermission and PermissionList based TokenBasedSets"); copySet.SetItem(i, obj); } } return(copySet); }
private void AppendTokenBasedSets(TokenBasedSet thisSet, TokenBasedSet permSet, int type, bool unrestricted) { int thisMaxIndex = thisSet.GetMaxUsedIndex(); int permMaxIndex = permSet == null ? 0 : permSet.GetMaxUsedIndex(); int maxIndex = thisMaxIndex > permMaxIndex ? thisMaxIndex : permMaxIndex; // Loop over the relevant indexes... for (int i = 0; i <= maxIndex; i++) { PermissionList plist = (PermissionList)thisSet.GetItem(i); CodeAccessPermission cap = permSet == null ? null : (CodeAccessPermission)permSet.GetItem(i); if (plist == null) { if (this.m_unrestricted) { switch (type) { case PermissionList.MatchChecked: case PermissionList.MatchPermitOnly: plist = new PermissionList(); plist.AppendPermission(cap, type); thisSet.SetItem(i, plist); break; case PermissionList.MatchDeny: case PermissionList.MatchAssert: if (cap != null) { plist = new PermissionList(); plist.AppendPermission(cap, type); thisSet.SetItem(i, plist); } break; default: throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionListType")); } } } else { // A list already exists. All lists should have at least // one element in them. // Normally, only append if the permission is not null. // However, if the type is Checked, then make sure the // list is terminated with a permission, null or not. switch (type) { case PermissionList.MatchChecked: case PermissionList.MatchPermitOnly: plist.AppendPermissionAndCompress(cap, type); break; case PermissionList.MatchDeny: case PermissionList.MatchAssert: if (cap != null) { plist.AppendPermissionAndCompress(cap, type); } break; default: throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionListType")); } } } }
public bool CheckSetDemandInternal(PermissionSet permSet, bool createException, out Exception exception, bool bNeedAlteredSet, out PermissionSet alteredSet) { alteredSet = null; BCLDebug.Assert(permSet != null, "permSet != null"); // If the compressed stack is not unrestricted and the demand is // then we just throw an exception. if (!this.m_unrestricted && permSet.IsUnrestricted()) { if (createException) { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } else { exception = GetStaticException(); } return(false); } TokenBasedSet normalAlteredSet = null; TokenBasedSet unrestrictedAlteredSet = null; // Check the "normal" permissions since we always know we have to check them. bool normalContinue = CheckTokenBasedSets(this.m_normalPermSet, permSet.m_normalPermSet, false, PermissionListSetState.None, createException, out exception, bNeedAlteredSet, out normalAlteredSet); if (exception != null) { return(false); } bool unrestrictedContinue = CheckTokenBasedSets(this.m_unrestrictedPermSet, permSet.m_unrestrictedPermSet, m_unrestricted, m_state, createException, out exception, bNeedAlteredSet, out unrestrictedAlteredSet); if (exception != null) { return(false); } if ((m_state & PermissionListSetState.UnrestrictedAssert) != 0) { // If we are unrestricted, we want to terminate the stack walk based // on us having an unrestricted assert. if (bNeedAlteredSet) { unrestrictedAlteredSet = new TokenBasedSet(1, 4); } unrestrictedContinue = false; } if (normalContinue || unrestrictedContinue) { if (!bNeedAlteredSet) { return(true); } // If we need to continue, let's build the altered set. We only // need to do this if 1) our original demand is not unrestricted // and 2) if we have altered token based sets. if (!permSet.IsUnrestricted()) { if (normalAlteredSet != null || unrestrictedAlteredSet != null) { alteredSet = new PermissionSet(false); if (normalAlteredSet != null) { alteredSet.m_normalPermSet = normalAlteredSet; } else { alteredSet.m_normalPermSet = CopyTokenBasedSet(permSet.m_normalPermSet); } if (unrestrictedAlteredSet != null) { alteredSet.m_unrestrictedPermSet = unrestrictedAlteredSet; } else { alteredSet.m_unrestrictedPermSet = CopyTokenBasedSet(permSet.m_unrestrictedPermSet); } if (alteredSet.IsEmpty()) { return(false); } } } return(true); } else { return(false); } }
private static bool CheckTokenBasedSets(TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, bool createException, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet) { alteredSet = null; // If the set is empty, there is no reason to walk the // stack. if (permSet == null || permSet.FastIsEmpty()) { if (bNeedAlteredSet) { alteredSet = new TokenBasedSet(1, 4); } exception = null; return(false); } int permMaxIndex = permSet.GetMaxUsedIndex(); // Make a quick check to see if permSet definitely contains permissions that this set doesn't if (permMaxIndex > thisSet.GetMaxUsedIndex()) { // The only way we don't want to throw an exception is // if we are unrestricted. Then, if we don't want to throw // an exception we may want to terminate the stack walk // based on an unrestricted assert. if (unrestricted) { if (((state & PermissionListSetState.UnrestrictedAssert) != 0)) { if (bNeedAlteredSet) { alteredSet = new TokenBasedSet(1, 4); } exception = null; return(false); } else { exception = null; return(true); } } else { if (createException) { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } else { exception = GetStaticException(); } return(false); } } bool continueStackWalk = false; // We know that checking to <permMaxIndex> is sufficient because of above check for (int i = 0; i <= permMaxIndex; i++) { Object obj = permSet.GetItem(i); if (obj != null) { CodeAccessPermission cap = (CodeAccessPermission)obj; PermissionList permList = (PermissionList)thisSet.GetItem(i); if (permList != null) { bool tempContinue = permList.CheckDemandInternal(cap, createException, out exception); if (exception != null) { return(false); } if (tempContinue) { // If we are supposed to continue the stack walk but there is an unrestricted // deny, then we should fail. if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission)) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } continueStackWalk = true; } else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission)) { // We only want to build the altered set if we don't have an // unrestricted assert because we know if we have an unrestricted // assert and we don't throw an exception that the stackwalk should // include no unrestricted permissions. if (bNeedAlteredSet) { if (alteredSet == null) { alteredSet = CopyTokenBasedSet(permSet); } alteredSet.SetItem(i, null); } } } else { if (!unrestricted) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } } } } exception = null; return(continueStackWalk); }
private static void CheckTokenBasedSetHelper(bool ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet demands) { if (demands == null) { return; } TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum(); while (enumerator.MoveNext()) { CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current; int index = enumerator.GetCurrentIndex(); if (demand != null) { try { // Check to make sure the permission was granted, unless we are supposed // to ignore grants. if (!ignoreGrants) { CodeAccessPermission grant = grants != null ? (CodeAccessPermission)grants.GetItem(index) : null; if (grant != null) { grant.CheckDemand(demand); } else { if (!demand.IsSubsetOf(null)) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } // Check to make sure our permission was not denied. if (denied != null) { CodeAccessPermission deny = (CodeAccessPermission)denied.GetItem(index); if (deny != null && deny.Intersect(demand) != null) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } catch (Exception e) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (e is SecurityException) { throw e; } else { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } } }
public TokenBasedSetEnumerator(TokenBasedSet tb) { this.Index = -1; this.Current = (object)null; this._tb = tb; }