static internal void AddEntry(NameValuePermission kvtree, ArrayList entries, DBConnectionString entry) { Debug.Assert(null != entry, "null DBConnectionString"); if (null != entry.KeyChain) { for(NameValuePair keychain = entry.KeyChain; null != keychain; keychain = keychain.Next) { NameValuePermission kv; kv = kvtree.CheckKeyForValue(keychain.Name); if (null == kv) { kv = new NameValuePermission(keychain.Name); kvtree.Add(kv); // add directly into live tree } kvtree = kv; kv = kvtree.CheckKeyForValue(keychain.Value); if (null == kv) { DBConnectionString insertValue = ((null != keychain.Next) ? null : entry); kv = new NameValuePermission(keychain.Value, insertValue); kvtree.Add(kv); // add directly into live tree if (null != insertValue) { entries.Add(insertValue); } } else if (null == keychain.Next) { // shorter chain potential if (null != kv._entry) { Debug.Assert(entries.Contains(kv._entry), "entries doesn't contain entry"); entries.Remove(kv._entry); kv._entry = kv._entry.Intersect(entry); // union new restrictions into existing tree } else { kv._entry = entry; } entries.Add(kv._entry); } kvtree = kv; } } else { // global restrictions, MDAC 84443 DBConnectionString kentry = kvtree._entry; if (null != kentry) { Debug.Assert(entries.Contains(kentry), "entries doesn't contain entry"); entries.Remove(kentry); kvtree._entry = kentry.Intersect(entry); } else { kvtree._entry = entry; } entries.Add(kvtree._entry); } }
private NameValuePermission(NameValuePermission permit) { // deep-copy _value = permit._value; _entry = permit._entry; _tree = permit._tree; if (null != _tree) { NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]); for(int i = 0; i < tree.Length; ++i) { if (null != tree[i]) { // WebData 98488 tree[i] = tree[i].CopyNameValue(); // deep copy } } _tree = tree; } }
private DBConnectionString(DBConnectionString connectionString, string[] restrictionValues, KeyRestrictionBehavior behavior) { // used by intersect for two equal connection strings with different restrictions _encryptedUsersConnectionString = connectionString._encryptedUsersConnectionString; _parsetable = connectionString._parsetable; _keychain = connectionString._keychain; _hasPassword = connectionString._hasPassword; _restrictionValues = restrictionValues; _restrictions = null; _behavior = behavior; Verify(restrictionValues); }
/// <include file='doc\DBDataPermission.uex' path='docs/doc[@for="DBDataPermission.AddWithAllow"]/*' /> virtual public void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { switch (behavior) { case KeyRestrictionBehavior.PreventUsage: case KeyRestrictionBehavior.AllowOnly: break; default: throw ADP.Argument("value"); } DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, UdlSupport.UdlAsKeyword); AddPermissionEntry(entry); }
private NameValuePermission(NameValuePermission permit) // deep-copy { _value = permit._value; _entry = permit._entry; _tree = permit._tree; if (null != _tree) { NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]); int length = tree.Length; for (int i = 0; i < length; ++i) { tree[i] = tree[i].Copy(); // deep copy } _tree = tree; } }
internal bool CheckValueForKeyPermit(DBConnectionString parsetable) { if (parsetable == null) { return(false); } bool isEmpty = false; NameValuePermission[] permissionArray = this._tree; if (permissionArray != null) { isEmpty = parsetable.IsEmpty; if (!isEmpty) { for (int i = 0; i < permissionArray.Length; i++) { NameValuePermission permission = permissionArray[i]; if (permission != null) { string keyword = permission._value; if (parsetable.ContainsKey(keyword)) { string keyInQuestion = parsetable[keyword]; NameValuePermission permission2 = permission.CheckKeyForValue(keyInQuestion); if ((permission2 != null) && permission2.CheckValueForKeyPermit(parsetable)) { isEmpty = true; } else { return(false); } } } } } } DBConnectionString str = this._entry; if (str != null) { isEmpty = str.IsSupersetOf(parsetable); } return(isEmpty); }
private NameValuePermission(NameValuePermission permit) { this._value = permit._value; this._entry = permit._entry; this._tree = permit._tree; if (this._tree != null) { NameValuePermission[] permissionArray = this._tree.Clone() as NameValuePermission[]; for (int i = 0; i < permissionArray.Length; i++) { if (permissionArray[i] != null) { permissionArray[i] = permissionArray[i].CopyNameValue(); } } this._tree = permissionArray; } }
private NameValuePermission(NameValuePermission permit) { // deep-copy _value = permit._value; _entry = permit._entry; _tree = permit._tree; if (null != _tree) { NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]); for (int i = 0; i < tree.Length; ++i) { if (null != tree[i]) { // WebData 98488 tree[i] = tree[i].CopyNameValue(); // deep copy } } _tree = tree; } }
internal bool IsSupersetOf(DBConnectionString entry) { Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this"); Debug.Assert(!entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry"); switch (_behavior) { case KeyRestrictionBehavior.AllowOnly: // every key must either be in the resticted connection string or in the allowed keywords // keychain may contain duplicates, but it is better than GetEnumerator on _parsetable.Keys for (NameValuePair current = entry.KeyChain; null != current; current = current.Next) { if (!ContainsKey(current.Name) && IsRestrictedKeyword(current.Name)) { return(false); } } break; case KeyRestrictionBehavior.PreventUsage: // every key can not be in the restricted keywords (even if in the restricted connection string) if (null != _restrictionValues) { foreach (string restriction in _restrictionValues) { if (entry.ContainsKey(restriction)) { return(false); } } } break; default: Debug.Assert(false, "invalid KeyRestrictionBehavior"); throw ADP.InvalidKeyRestrictionBehavior(_behavior); } return(true); }
public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, null, false); this.AddPermissionEntry(entry); }
internal void AddPermissionEntry(DBConnectionString entry) { if (this._keyvaluetree == null) { this._keyvaluetree = new NameValuePermission(); } if (this._keyvalues == null) { this._keyvalues = new ArrayList(); } NameValuePermission.AddEntry(this._keyvaluetree, this._keyvalues, entry); this._isUnrestricted = false; }
internal DBConnectionString Intersect(DBConnectionString entry) { KeyRestrictionBehavior behavior = _behavior; string[] restrictionValues = null; if (null == entry) { //Debug.WriteLine("0 entry AllowNothing"); behavior = KeyRestrictionBehavior.AllowOnly; } else if (this._behavior != entry._behavior) // subset of the AllowOnly array { behavior = KeyRestrictionBehavior.AllowOnly; if (KeyRestrictionBehavior.AllowOnly == entry._behavior) // this PreventUsage and entry AllowOnly { if (!ADP.IsEmptyArray(_restrictionValues)) { if (!ADP.IsEmptyArray(entry._restrictionValues)) { //Debug.WriteLine("1 this PreventUsage with restrictions and entry AllowOnly with restrictions"); restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues); } else { //Debug.WriteLine("2 this PreventUsage with restrictions and entry AllowOnly with no restrictions"); } } else { //Debug.WriteLine("3/4 this PreventUsage with no restrictions and entry AllowOnly"); restrictionValues = entry._restrictionValues; } } else if (!ADP.IsEmptyArray(_restrictionValues)) // this AllowOnly and entry PreventUsage { if (!ADP.IsEmptyArray(entry._restrictionValues)) { //Debug.WriteLine("5 this AllowOnly with restrictions and entry PreventUsage with restrictions"); restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues); } else { //Debug.WriteLine("6 this AllowOnly and entry PreventUsage with no restrictions"); restrictionValues = _restrictionValues; } } else { //Debug.WriteLine("7/8 this AllowOnly with no restrictions and entry PreventUsage"); } } else if (KeyRestrictionBehavior.PreventUsage == this._behavior) // both PreventUsage { if (ADP.IsEmptyArray(_restrictionValues)) { //Debug.WriteLine("9/10 both PreventUsage and this with no restrictions"); restrictionValues = entry._restrictionValues; } else if (ADP.IsEmptyArray(entry._restrictionValues)) { //Debug.WriteLine("11 both PreventUsage and entry with no restrictions"); restrictionValues = _restrictionValues; } else { //Debug.WriteLine("12 both PreventUsage with restrictions"); restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues); } } else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues)) // both AllowOnly with restrictions { if (this._restrictionValues.Length <= entry._restrictionValues.Length) { //Debug.WriteLine("13a this AllowOnly with restrictions and entry AllowOnly with restrictions"); restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues); } else { //Debug.WriteLine("13b this AllowOnly with restrictions and entry AllowOnly with restrictions"); restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues); } } else // both AllowOnly //Debug.WriteLine("14/15/16 this AllowOnly and entry AllowOnly but no restrictions"); { } // verify _hasPassword & _parsetable are in sync between Everett/Whidbey Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this"); Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry"); DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior); ValidateCombinedSet(this, value); ValidateCombinedSet(entry, value); return(value); }
internal DBConnectionString Intersect(DBConnectionString entry) { KeyRestrictionBehavior allowOnly = this._behavior; string[] restrictionValues = null; if (entry == null) { allowOnly = KeyRestrictionBehavior.AllowOnly; } else if (this._behavior != entry._behavior) { allowOnly = KeyRestrictionBehavior.AllowOnly; if (entry._behavior == KeyRestrictionBehavior.AllowOnly) { if (!ADP.IsEmptyArray(this._restrictionValues)) { if (!ADP.IsEmptyArray(entry._restrictionValues)) { restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, this._restrictionValues); } } else { restrictionValues = entry._restrictionValues; } } else if (!ADP.IsEmptyArray(this._restrictionValues)) { if (!ADP.IsEmptyArray(entry._restrictionValues)) { restrictionValues = NewRestrictionAllowOnly(this._restrictionValues, entry._restrictionValues); } else { restrictionValues = this._restrictionValues; } } } else if (KeyRestrictionBehavior.PreventUsage == this._behavior) { if (ADP.IsEmptyArray(this._restrictionValues)) { restrictionValues = entry._restrictionValues; } else if (ADP.IsEmptyArray(entry._restrictionValues)) { restrictionValues = this._restrictionValues; } else { restrictionValues = NoDuplicateUnion(this._restrictionValues, entry._restrictionValues); } } else if (!ADP.IsEmptyArray(this._restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues)) { if (this._restrictionValues.Length <= entry._restrictionValues.Length) { restrictionValues = NewRestrictionIntersect(this._restrictionValues, entry._restrictionValues); } else { restrictionValues = NewRestrictionIntersect(entry._restrictionValues, this._restrictionValues); } } return(new DBConnectionString(this, restrictionValues, allowOnly)); }
internal bool CheckValueForKeyPermit(DBConnectionString parsetable) { if (null == parsetable) { return(false); } bool hasMatch = false; NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it if (null != keytree) { hasMatch = parsetable.IsEmpty(); // MDAC 86773 // which key do we follow the key-value chain on for (int i = 0; i < keytree.Length; ++i) { NameValuePermission permitKey = keytree[i]; string keyword = permitKey._value; #if DATAPERMIT Debug.WriteLine("DBDataPermission keyword: <" + keyword + ">"); #endif #if DEBUG Debug.Assert(null == permitKey._entry, "key member has no restrictions"); #endif if (parsetable.Contains(keyword)) { string valueInQuestion = (string)parsetable[keyword]; // keyword is restricted to certain values NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion); if (null != permitValue) { //value does match - continue the chain down that branch if (permitValue.CheckValueForKeyPermit(parsetable)) { hasMatch = true; } else { #if DATAPERMIT Debug.WriteLine("DBDataPermission failed branch checking"); #endif return(false); } } else // value doesn't match to expected values - fail here { #if DATAPERMIT Debug.WriteLine("DBDataPermission failed to match expected value"); #endif return(false); } } // else try next keyword } // partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions) } #if DATAPERMIT else { Debug.WriteLine("leaf node"); } #endif DBConnectionString entry = _entry; if (null != entry) { return(entry.IsSubsetOf(parsetable)); } #if DATAPERMIT Debug.WriteLine("DBDataPermission failed on non-terminal node"); #endif return(hasMatch); // mid-chain failure }
public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { // V1.0.5000 DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, false); AddPermissionEntry(constr); }
internal void AddPermissionEntry(DBConnectionString entry) { if (null == _keyvaluetree) { _keyvaluetree = new NameValuePermission(); } if (null == _keyvalues) { _keyvalues = new ArrayList(); } NameValuePermission.AddEntry(_keyvaluetree, _keyvalues, entry); _isUnrestricted = false; // MDAC 84639 }
internal static void AddEntry(NameValuePermission kvtree, ArrayList entries, DBConnectionString entry) { Debug.Assert(null != entry, "null DBConnectionString"); if (null != entry.KeyChain) { for (NameValuePair keychain = entry.KeyChain; null != keychain; keychain = keychain.Next) { NameValuePermission kv; kv = kvtree.CheckKeyForValue(keychain.Name); if (null == kv) { kv = new NameValuePermission(keychain.Name); kvtree.Add(kv); // add directly into live tree } kvtree = kv; kv = kvtree.CheckKeyForValue(keychain.Value); if (null == kv) { DBConnectionString insertValue = ((null != keychain.Next) ? null : entry); kv = new NameValuePermission(keychain.Value, insertValue); kvtree.Add(kv); // add directly into live tree if (null != insertValue) { entries.Add(insertValue); } } else if (null == keychain.Next) { // shorter chain potential if (null != kv._entry) { Debug.Assert(entries.Contains(kv._entry), "entries doesn't contain entry"); entries.Remove(kv._entry); kv._entry = kv._entry.Intersect(entry); // union new restrictions into existing tree } else { kv._entry = entry; } entries.Add(kv._entry); } kvtree = kv; } } else { // global restrictions, MDAC 84443 DBConnectionString kentry = kvtree._entry; if (null != kentry) { Debug.Assert(entries.Contains(kentry), "entries doesn't contain entry"); entries.Remove(kentry); kvtree._entry = kentry.Intersect(entry); } else { kvtree._entry = entry; } entries.Add(kvtree._entry); } }
internal void Intersect(ArrayList entries, NameValuePermission target) { if (null == target) { _tree = null; _entry = null; } else { if (null != _entry) { entries.Remove(_entry); _entry = _entry.Intersect(target._entry); entries.Add(_entry); } else if (null != target._entry) { _entry = target._entry.Intersect(null); entries.Add(_entry); } if (null != _tree) { int count = _tree.Length; for(int i = 0; i < _tree.Length; ++i) { NameValuePermission kvtree = target.CheckKeyForValue(_tree[i]._value); if (null != kvtree) { // does target tree contain our value _tree[i].Intersect(entries, kvtree); } else { _tree[i] = null; --count; } } if (0 == count) { _tree = null; } else if (count < _tree.Length) { NameValuePermission[] kvtree = new NameValuePermission[count]; for (int i = 0, j = 0; i < _tree.Length; ++i) { if(null != _tree[i]) { kvtree[j++] = _tree[i]; } } _tree = kvtree; } } } }
internal bool CheckValueForKeyPermit(DBConnectionString parsetable) { if (null == parsetable) { return false; } bool hasMatch = false; NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it if (null != keytree) { hasMatch = parsetable.IsEmpty; // MDAC 86773 if (!hasMatch) { // which key do we follow the key-value chain on for (int i = 0; i < keytree.Length; ++i) { NameValuePermission permitKey = keytree[i]; if (null != permitKey) { string keyword = permitKey._value; #if DEBUG Debug.Assert(null == permitKey._entry, "key member has no restrictions"); #endif if (parsetable.ContainsKey(keyword)) { string valueInQuestion = (string)parsetable[keyword]; // keyword is restricted to certain values NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion); if (null != permitValue) { //value does match - continue the chain down that branch if (permitValue.CheckValueForKeyPermit(parsetable)) { hasMatch = true; // adding a break statement is tempting, but wrong // user can safetly extend their restrictions for current rule to include missing keyword // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly); // i.e. Add("data provider=msdatashape;provider=sqloledb;integrated security=sspi", "", KeyRestrictionBehavior.AllowOnly); } else { // failed branch checking return false; } } else { // value doesn't match to expected values - fail here return false; } } } // else try next keyword } } // partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions) } DBConnectionString entry = _entry; if (null != entry) { // also checking !hasMatch is tempting, but wrong // user can safetly extend their restrictions for current rule to include missing keyword // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly); // i.e. Add("provider=sqloledb;", "integrated security=;", KeyRestrictionBehavior.AllowOnly); hasMatch = entry.IsSupersetOf(parsetable); } return hasMatch; // mid-chain failure }
internal bool CheckValueForKeyPermit(DBConnectionString parsetable) { if (null == parsetable) { return(false); } bool hasMatch = false; NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it if (null != keytree) { hasMatch = parsetable.IsEmpty; // MDAC 86773 if (!hasMatch) { // which key do we follow the key-value chain on for (int i = 0; i < keytree.Length; ++i) { NameValuePermission permitKey = keytree[i]; if (null != permitKey) { string keyword = permitKey._value; #if DEBUG Debug.Assert(null == permitKey._entry, "key member has no restrictions"); #endif if (parsetable.ContainsKey(keyword)) { string valueInQuestion = (string)parsetable[keyword]; // keyword is restricted to certain values NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion); if (null != permitValue) { //value does match - continue the chain down that branch if (permitValue.CheckValueForKeyPermit(parsetable)) { hasMatch = true; // adding a break statement is tempting, but wrong // user can safetly extend their restrictions for current rule to include missing keyword // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly); // i.e. Add("data provider=msdatashape;provider=sqloledb;integrated security=sspi", "", KeyRestrictionBehavior.AllowOnly); } else { // failed branch checking return(false); } } else { // value doesn't match to expected values - fail here return(false); } } } // else try next keyword } } // partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions) } DBConnectionString entry = _entry; if (null != entry) { // also checking !hasMatch is tempting, but wrong // user can safetly extend their restrictions for current rule to include missing keyword // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly); // i.e. Add("provider=sqloledb;", "integrated security=;", KeyRestrictionBehavior.AllowOnly); hasMatch = entry.IsSupersetOf(parsetable); } return(hasMatch); // mid-chain failure }
public override void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, true); AddPermissionEntry(constr); }
public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) // V1.0.5000 { DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, false); AddPermissionEntry(constr); }
internal DBConnectionString Intersect(DBConnectionString entry) { KeyRestrictionBehavior behavior = _behavior; string[] restrictionValues = null; if (null == entry) { behavior = KeyRestrictionBehavior.AllowOnly; } else if (_behavior != entry._behavior) { // subset of the AllowOnly array behavior = KeyRestrictionBehavior.AllowOnly; if (KeyRestrictionBehavior.AllowOnly == entry._behavior) { // this PreventUsage and entry AllowOnly if (!ADP.IsEmptyArray(_restrictionValues)) { if (!ADP.IsEmptyArray(entry._restrictionValues)) { restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues); } } else { restrictionValues = entry._restrictionValues; } } else if (!ADP.IsEmptyArray(_restrictionValues)) { // this AllowOnly and entry PreventUsage if (!ADP.IsEmptyArray(entry._restrictionValues)) { restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues); } else { restrictionValues = _restrictionValues; } } } else if (KeyRestrictionBehavior.PreventUsage == _behavior) { // both PreventUsage if (ADP.IsEmptyArray(_restrictionValues)) { restrictionValues = entry._restrictionValues; } else if (ADP.IsEmptyArray(entry._restrictionValues)) { restrictionValues = _restrictionValues; } else { restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues); } } else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues)) { // both AllowOnly with restrictions if (_restrictionValues.Length <= entry._restrictionValues.Length) { restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues); } else { restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues); } } // verify _hasPassword & _parsetable are in sync between Everett/Whidbey Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this"); Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry"); DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior); ValidateCombinedSet(this, value); ValidateCombinedSet(entry, value); return(value); }
private NameValuePermission(string value, DBConnectionString entry) { _value = value; _entry = entry; }
private void ValidateCombinedSet(DBConnectionString componentSet, DBConnectionString combinedSet) { Debug.Assert(combinedSet != null, "The combined connection string should not be null"); if ((componentSet != null) && (combinedSet._restrictionValues != null) && (componentSet._restrictionValues != null)) { if (componentSet._behavior == KeyRestrictionBehavior.AllowOnly) { if (combinedSet._behavior == KeyRestrictionBehavior.AllowOnly) { // Component==Allow, Combined==Allow // All values in the Combined Set should also be in the Component Set // Combined - Component == null Debug.Assert(combinedSet._restrictionValues.Except(componentSet._restrictionValues).Count() == 0, "Combined set allows values not allowed by component set"); } else if (combinedSet._behavior == KeyRestrictionBehavior.PreventUsage) { // Component==Allow, Combined==PreventUsage // Preventions override allows, so there is nothing to check here } else { Debug.Assert(false, string.Format("Unknown behavior for combined set: {0}", combinedSet._behavior)); } } else if (componentSet._behavior == KeyRestrictionBehavior.PreventUsage) { if (combinedSet._behavior == KeyRestrictionBehavior.AllowOnly) { // Component==PreventUsage, Combined==Allow // There shouldn't be any of the values from the Component Set in the Combined Set // Intersect(Component, Combined) == null Debug.Assert(combinedSet._restrictionValues.Intersect(componentSet._restrictionValues).Count() == 0, "Combined values allows values prevented by component set"); } else if (combinedSet._behavior == KeyRestrictionBehavior.PreventUsage) { // Component==PreventUsage, Combined==PreventUsage // All values in the Component Set should also be in the Combined Set // Component - Combined == null Debug.Assert(componentSet._restrictionValues.Except(combinedSet._restrictionValues).Count() == 0, "Combined values does not prevent all of the values prevented by the component set"); } else { Debug.Assert(false, string.Format("Unknown behavior for combined set: {0}", combinedSet._behavior)); } } else { Debug.Assert(false, string.Format("Unknown behavior for component set: {0}", componentSet._behavior)); } } }
internal bool IsSupersetOf(DBConnectionString entry) { Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this"); Debug.Assert(!entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry"); switch(_behavior) { case KeyRestrictionBehavior.AllowOnly: // every key must either be in the resticted connection string or in the allowed keywords // keychain may contain duplicates, but it is better than GetEnumerator on _parsetable.Keys for(NameValuePair current = entry.KeyChain; null != current; current = current.Next) { if (!ContainsKey(current.Name) && IsRestrictedKeyword(current.Name)) { return false; } } break; case KeyRestrictionBehavior.PreventUsage: // every key can not be in the restricted keywords (even if in the restricted connection string) if (null != _restrictionValues) { foreach(string restriction in _restrictionValues) { if (entry.ContainsKey(restriction)) { return false; } } } break; default: Debug.Assert(false, "invalid KeyRestrictionBehavior"); throw ADP.InvalidKeyRestrictionBehavior(_behavior); } return true; }
public override void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, SqlConnectionString.GetParseSynonyms(), false); AddPermissionEntry(constr); }
private NameValuePermission(string value, DBConnectionString entry) { this._value = value; this._entry = entry; }
internal DBConnectionString Intersect(DBConnectionString entry) { KeyRestrictionBehavior behavior = _behavior; string[] restrictionValues = null; if (null == entry) { //Debug.WriteLine("0 entry AllowNothing"); behavior = KeyRestrictionBehavior.AllowOnly; } else if (this._behavior != entry._behavior) { // subset of the AllowOnly array behavior = KeyRestrictionBehavior.AllowOnly; if (KeyRestrictionBehavior.AllowOnly == entry._behavior) { // this PreventUsage and entry AllowOnly if (!ADP.IsEmptyArray(_restrictionValues)) { if (!ADP.IsEmptyArray(entry._restrictionValues)) { //Debug.WriteLine("1 this PreventUsage with restrictions and entry AllowOnly with restrictions"); restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues); } else { //Debug.WriteLine("2 this PreventUsage with restrictions and entry AllowOnly with no restrictions"); } } else { //Debug.WriteLine("3/4 this PreventUsage with no restrictions and entry AllowOnly"); restrictionValues = entry._restrictionValues; } } else if (!ADP.IsEmptyArray(_restrictionValues)) { // this AllowOnly and entry PreventUsage if (!ADP.IsEmptyArray(entry._restrictionValues)) { //Debug.WriteLine("5 this AllowOnly with restrictions and entry PreventUsage with restrictions"); restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues); } else { //Debug.WriteLine("6 this AllowOnly and entry PreventUsage with no restrictions"); restrictionValues = _restrictionValues; } } else { //Debug.WriteLine("7/8 this AllowOnly with no restrictions and entry PreventUsage"); } } else if (KeyRestrictionBehavior.PreventUsage == this._behavior) { // both PreventUsage if (ADP.IsEmptyArray(_restrictionValues)) { //Debug.WriteLine("9/10 both PreventUsage and this with no restrictions"); restrictionValues = entry._restrictionValues; } else if (ADP.IsEmptyArray(entry._restrictionValues)) { //Debug.WriteLine("11 both PreventUsage and entry with no restrictions"); restrictionValues = _restrictionValues; } else { //Debug.WriteLine("12 both PreventUsage with restrictions"); restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues); } } else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues)) { // both AllowOnly with restrictions if (this._restrictionValues.Length <= entry._restrictionValues.Length) { //Debug.WriteLine("13a this AllowOnly with restrictions and entry AllowOnly with restrictions"); restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues); } else { //Debug.WriteLine("13b this AllowOnly with restrictions and entry AllowOnly with restrictions"); restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues); } } else { // both AllowOnly //Debug.WriteLine("14/15/16 this AllowOnly and entry AllowOnly but no restrictions"); } // verify _hasPassword & _parsetable are in sync between Everett/Whidbey Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this"); Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry"); DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior); ValidateCombinedSet(this, value); ValidateCombinedSet(entry, value); return value; }