コード例 #1
0
        static internal void AddEntry(NameValuePermission kvtree, ArrayList entries, DBConnectionString entry) {
            Debug.Assert(null != entry, "null DBConnectionString");

            if (null != entry.KeyChain) {
                for(NameValuePair keychain = entry.KeyChain; null != keychain; keychain = keychain.Next) {
                    NameValuePermission kv;

                    kv = kvtree.CheckKeyForValue(keychain.Name);
                    if (null == kv) {
                        kv = new NameValuePermission(keychain.Name);
                        kvtree.Add(kv); // add directly into live tree
                    }
                    kvtree = kv;

                    kv = kvtree.CheckKeyForValue(keychain.Value);
                    if (null == kv) {
                        DBConnectionString insertValue = ((null != keychain.Next) ? null : entry);
                        kv = new NameValuePermission(keychain.Value, insertValue);
                        kvtree.Add(kv); // add directly into live tree
                        if (null != insertValue) {
                            entries.Add(insertValue);
                        }
                    }
                    else if (null == keychain.Next) { // shorter chain potential
                        if (null != kv._entry) {
                            Debug.Assert(entries.Contains(kv._entry), "entries doesn't contain entry");
                            entries.Remove(kv._entry);
                            kv._entry = kv._entry.Intersect(entry); // union new restrictions into existing tree
                        }
                        else {
                            kv._entry = entry;
                        }
                        entries.Add(kv._entry);
                    }
                    kvtree = kv;
                }
            }
            else { // global restrictions, MDAC 84443
                DBConnectionString kentry = kvtree._entry;
                if (null != kentry) {
                    Debug.Assert(entries.Contains(kentry), "entries doesn't contain entry");
                    entries.Remove(kentry);
                    kvtree._entry = kentry.Intersect(entry);
                }
                else {
                    kvtree._entry = entry;
                }
                entries.Add(kvtree._entry);
            }
        }
コード例 #2
0
 private NameValuePermission(NameValuePermission permit) { // deep-copy
     _value = permit._value;
     _entry = permit._entry;
     _tree = permit._tree;
     if (null != _tree) {
         NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]);
         for(int i = 0; i < tree.Length; ++i) {
             if (null != tree[i]) { // WebData 98488
                 tree[i] = tree[i].CopyNameValue(); // deep copy
             }
         }
         _tree = tree;
     }
 }
コード例 #3
0
        private DBConnectionString(DBConnectionString connectionString, string[] restrictionValues, KeyRestrictionBehavior behavior)
        {
            // used by intersect for two equal connection strings with different restrictions
            _encryptedUsersConnectionString = connectionString._encryptedUsersConnectionString;
            _parsetable  = connectionString._parsetable;
            _keychain    = connectionString._keychain;
            _hasPassword = connectionString._hasPassword;

            _restrictionValues = restrictionValues;
            _restrictions      = null;
            _behavior          = behavior;

            Verify(restrictionValues);
        }
コード例 #4
0
        /// <include file='doc\DBDataPermission.uex' path='docs/doc[@for="DBDataPermission.AddWithAllow"]/*' />
        virtual public void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior)
        {
            switch (behavior)
            {
            case KeyRestrictionBehavior.PreventUsage:
            case KeyRestrictionBehavior.AllowOnly:
                break;

            default:
                throw ADP.Argument("value");
            }
            DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, UdlSupport.UdlAsKeyword);

            AddPermissionEntry(entry);
        }
コード例 #5
0
 private NameValuePermission(NameValuePermission permit)   // deep-copy
 {
     _value = permit._value;
     _entry = permit._entry;
     _tree  = permit._tree;
     if (null != _tree)
     {
         NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]);
         int length = tree.Length;
         for (int i = 0; i < length; ++i)
         {
             tree[i] = tree[i].Copy(); // deep copy
         }
         _tree = tree;
     }
 }
コード例 #6
0
        internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
        {
            if (parsetable == null)
            {
                return(false);
            }
            bool isEmpty = false;

            NameValuePermission[] permissionArray = this._tree;
            if (permissionArray != null)
            {
                isEmpty = parsetable.IsEmpty;
                if (!isEmpty)
                {
                    for (int i = 0; i < permissionArray.Length; i++)
                    {
                        NameValuePermission permission = permissionArray[i];
                        if (permission != null)
                        {
                            string keyword = permission._value;
                            if (parsetable.ContainsKey(keyword))
                            {
                                string keyInQuestion            = parsetable[keyword];
                                NameValuePermission permission2 = permission.CheckKeyForValue(keyInQuestion);
                                if ((permission2 != null) && permission2.CheckValueForKeyPermit(parsetable))
                                {
                                    isEmpty = true;
                                }
                                else
                                {
                                    return(false);
                                }
                            }
                        }
                    }
                }
            }
            DBConnectionString str = this._entry;

            if (str != null)
            {
                isEmpty = str.IsSupersetOf(parsetable);
            }
            return(isEmpty);
        }
コード例 #7
0
 private NameValuePermission(NameValuePermission permit)
 {
     this._value = permit._value;
     this._entry = permit._entry;
     this._tree  = permit._tree;
     if (this._tree != null)
     {
         NameValuePermission[] permissionArray = this._tree.Clone() as NameValuePermission[];
         for (int i = 0; i < permissionArray.Length; i++)
         {
             if (permissionArray[i] != null)
             {
                 permissionArray[i] = permissionArray[i].CopyNameValue();
             }
         }
         this._tree = permissionArray;
     }
 }
コード例 #8
0
 private NameValuePermission(NameValuePermission permit)
 { // deep-copy
     _value = permit._value;
     _entry = permit._entry;
     _tree  = permit._tree;
     if (null != _tree)
     {
         NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]);
         for (int i = 0; i < tree.Length; ++i)
         {
             if (null != tree[i])
             {                                      // WebData 98488
                 tree[i] = tree[i].CopyNameValue(); // deep copy
             }
         }
         _tree = tree;
     }
 }
コード例 #9
0
        internal bool IsSupersetOf(DBConnectionString entry)
        {
            Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
            Debug.Assert(!entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");

            switch (_behavior)
            {
            case KeyRestrictionBehavior.AllowOnly:
                // every key must either be in the resticted connection string or in the allowed keywords
                // keychain may contain duplicates, but it is better than GetEnumerator on _parsetable.Keys
                for (NameValuePair current = entry.KeyChain; null != current; current = current.Next)
                {
                    if (!ContainsKey(current.Name) && IsRestrictedKeyword(current.Name))
                    {
                        return(false);
                    }
                }
                break;

            case KeyRestrictionBehavior.PreventUsage:
                // every key can not be in the restricted keywords (even if in the restricted connection string)
                if (null != _restrictionValues)
                {
                    foreach (string restriction in _restrictionValues)
                    {
                        if (entry.ContainsKey(restriction))
                        {
                            return(false);
                        }
                    }
                }
                break;

            default:
                Debug.Assert(false, "invalid KeyRestrictionBehavior");
                throw ADP.InvalidKeyRestrictionBehavior(_behavior);
            }
            return(true);
        }
 public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior)
 {
     DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, null, false);
     this.AddPermissionEntry(entry);
 }
 internal void AddPermissionEntry(DBConnectionString entry)
 {
     if (this._keyvaluetree == null)
     {
         this._keyvaluetree = new NameValuePermission();
     }
     if (this._keyvalues == null)
     {
         this._keyvalues = new ArrayList();
     }
     NameValuePermission.AddEntry(this._keyvaluetree, this._keyvalues, entry);
     this._isUnrestricted = false;
 }
コード例 #12
0
        internal DBConnectionString Intersect(DBConnectionString entry)
        {
            KeyRestrictionBehavior behavior = _behavior;

            string[] restrictionValues = null;

            if (null == entry)
            {
                //Debug.WriteLine("0 entry AllowNothing");
                behavior = KeyRestrictionBehavior.AllowOnly;
            }
            else if (this._behavior != entry._behavior)   // subset of the AllowOnly array
            {
                behavior = KeyRestrictionBehavior.AllowOnly;

                if (KeyRestrictionBehavior.AllowOnly == entry._behavior)   // this PreventUsage and entry AllowOnly
                {
                    if (!ADP.IsEmptyArray(_restrictionValues))
                    {
                        if (!ADP.IsEmptyArray(entry._restrictionValues))
                        {
                            //Debug.WriteLine("1 this PreventUsage with restrictions and entry AllowOnly with restrictions");
                            restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues);
                        }
                        else
                        {
                            //Debug.WriteLine("2 this PreventUsage with restrictions and entry AllowOnly with no restrictions");
                        }
                    }
                    else
                    {
                        //Debug.WriteLine("3/4 this PreventUsage with no restrictions and entry AllowOnly");
                        restrictionValues = entry._restrictionValues;
                    }
                }
                else if (!ADP.IsEmptyArray(_restrictionValues))   // this AllowOnly and entry PreventUsage
                {
                    if (!ADP.IsEmptyArray(entry._restrictionValues))
                    {
                        //Debug.WriteLine("5 this AllowOnly with restrictions and entry PreventUsage with restrictions");
                        restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues);
                    }
                    else
                    {
                        //Debug.WriteLine("6 this AllowOnly and entry PreventUsage with no restrictions");
                        restrictionValues = _restrictionValues;
                    }
                }
                else
                {
                    //Debug.WriteLine("7/8 this AllowOnly with no restrictions and entry PreventUsage");
                }
            }
            else if (KeyRestrictionBehavior.PreventUsage == this._behavior)   // both PreventUsage
            {
                if (ADP.IsEmptyArray(_restrictionValues))
                {
                    //Debug.WriteLine("9/10 both PreventUsage and this with no restrictions");
                    restrictionValues = entry._restrictionValues;
                }
                else if (ADP.IsEmptyArray(entry._restrictionValues))
                {
                    //Debug.WriteLine("11 both PreventUsage and entry with no restrictions");
                    restrictionValues = _restrictionValues;
                }
                else
                {
                    //Debug.WriteLine("12 both PreventUsage with restrictions");
                    restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues);
                }
            }
            else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues))   // both AllowOnly with restrictions
            {
                if (this._restrictionValues.Length <= entry._restrictionValues.Length)
                {
                    //Debug.WriteLine("13a this AllowOnly with restrictions and entry AllowOnly with restrictions");
                    restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues);
                }
                else
                {
                    //Debug.WriteLine("13b this AllowOnly with restrictions and entry AllowOnly with restrictions");
                    restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues);
                }
            }
            else   // both AllowOnly
                   //Debug.WriteLine("14/15/16 this AllowOnly and entry AllowOnly but no restrictions");
            {
            }

            // verify _hasPassword & _parsetable are in sync between Everett/Whidbey
            Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
            Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");

            DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior);

            ValidateCombinedSet(this, value);
            ValidateCombinedSet(entry, value);

            return(value);
        }
コード例 #13
0
        internal DBConnectionString Intersect(DBConnectionString entry)
        {
            KeyRestrictionBehavior allowOnly = this._behavior;

            string[] restrictionValues = null;
            if (entry == null)
            {
                allowOnly = KeyRestrictionBehavior.AllowOnly;
            }
            else if (this._behavior != entry._behavior)
            {
                allowOnly = KeyRestrictionBehavior.AllowOnly;
                if (entry._behavior == KeyRestrictionBehavior.AllowOnly)
                {
                    if (!ADP.IsEmptyArray(this._restrictionValues))
                    {
                        if (!ADP.IsEmptyArray(entry._restrictionValues))
                        {
                            restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, this._restrictionValues);
                        }
                    }
                    else
                    {
                        restrictionValues = entry._restrictionValues;
                    }
                }
                else if (!ADP.IsEmptyArray(this._restrictionValues))
                {
                    if (!ADP.IsEmptyArray(entry._restrictionValues))
                    {
                        restrictionValues = NewRestrictionAllowOnly(this._restrictionValues, entry._restrictionValues);
                    }
                    else
                    {
                        restrictionValues = this._restrictionValues;
                    }
                }
            }
            else if (KeyRestrictionBehavior.PreventUsage == this._behavior)
            {
                if (ADP.IsEmptyArray(this._restrictionValues))
                {
                    restrictionValues = entry._restrictionValues;
                }
                else if (ADP.IsEmptyArray(entry._restrictionValues))
                {
                    restrictionValues = this._restrictionValues;
                }
                else
                {
                    restrictionValues = NoDuplicateUnion(this._restrictionValues, entry._restrictionValues);
                }
            }
            else if (!ADP.IsEmptyArray(this._restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues))
            {
                if (this._restrictionValues.Length <= entry._restrictionValues.Length)
                {
                    restrictionValues = NewRestrictionIntersect(this._restrictionValues, entry._restrictionValues);
                }
                else
                {
                    restrictionValues = NewRestrictionIntersect(entry._restrictionValues, this._restrictionValues);
                }
            }
            return(new DBConnectionString(this, restrictionValues, allowOnly));
        }
コード例 #14
0
        internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
        {
            if (null == parsetable)
            {
                return(false);
            }

            bool hasMatch = false;

            NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
            if (null != keytree)
            {
                hasMatch = parsetable.IsEmpty(); // MDAC 86773

                // which key do we follow the key-value chain on
                for (int i = 0; i < keytree.Length; ++i)
                {
                    NameValuePermission permitKey = keytree[i];
                    string keyword = permitKey._value;
#if DATAPERMIT
                    Debug.WriteLine("DBDataPermission keyword: <" + keyword + ">");
#endif
#if DEBUG
                    Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
                    if (parsetable.Contains(keyword))
                    {
                        string valueInQuestion = (string)parsetable[keyword];

                        // keyword is restricted to certain values
                        NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
                        if (null != permitValue)
                        {
                            //value does match - continue the chain down that branch
                            if (permitValue.CheckValueForKeyPermit(parsetable))
                            {
                                hasMatch = true;
                            }
                            else
                            {
#if DATAPERMIT
                                Debug.WriteLine("DBDataPermission failed branch checking");
#endif
                                return(false);
                            }
                        }
                        else   // value doesn't match to expected values - fail here
                        {
#if DATAPERMIT
                            Debug.WriteLine("DBDataPermission failed to match expected value");
#endif
                            return(false);
                        }
                    }
                    // else try next keyword
                }
                // partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
            }
#if DATAPERMIT
            else
            {
                Debug.WriteLine("leaf node");
            }
#endif
            DBConnectionString entry = _entry;
            if (null != entry)
            {
                return(entry.IsSubsetOf(parsetable));
            }
#if DATAPERMIT
            Debug.WriteLine("DBDataPermission failed on non-terminal node");
#endif
            return(hasMatch); // mid-chain failure
        }
コード例 #15
0
 public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { // V1.0.5000
     DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, false);
     AddPermissionEntry(constr);
 }
コード例 #16
0
 internal void AddPermissionEntry(DBConnectionString entry) {
     if (null == _keyvaluetree) {
         _keyvaluetree = new NameValuePermission();
     }
     if (null == _keyvalues) {
         _keyvalues = new ArrayList();
     }
     NameValuePermission.AddEntry(_keyvaluetree, _keyvalues, entry);
     _isUnrestricted = false; // MDAC 84639
 }
コード例 #17
0
        internal static void AddEntry(NameValuePermission kvtree, ArrayList entries, DBConnectionString entry)
        {
            Debug.Assert(null != entry, "null DBConnectionString");

            if (null != entry.KeyChain)
            {
                for (NameValuePair keychain = entry.KeyChain; null != keychain; keychain = keychain.Next)
                {
                    NameValuePermission kv;

                    kv = kvtree.CheckKeyForValue(keychain.Name);
                    if (null == kv)
                    {
                        kv = new NameValuePermission(keychain.Name);
                        kvtree.Add(kv); // add directly into live tree
                    }
                    kvtree = kv;

                    kv = kvtree.CheckKeyForValue(keychain.Value);
                    if (null == kv)
                    {
                        DBConnectionString insertValue = ((null != keychain.Next) ? null : entry);
                        kv = new NameValuePermission(keychain.Value, insertValue);
                        kvtree.Add(kv); // add directly into live tree
                        if (null != insertValue)
                        {
                            entries.Add(insertValue);
                        }
                    }
                    else if (null == keychain.Next)
                    { // shorter chain potential
                        if (null != kv._entry)
                        {
                            Debug.Assert(entries.Contains(kv._entry), "entries doesn't contain entry");
                            entries.Remove(kv._entry);
                            kv._entry = kv._entry.Intersect(entry); // union new restrictions into existing tree
                        }
                        else
                        {
                            kv._entry = entry;
                        }
                        entries.Add(kv._entry);
                    }
                    kvtree = kv;
                }
            }
            else
            { // global restrictions, MDAC 84443
                DBConnectionString kentry = kvtree._entry;
                if (null != kentry)
                {
                    Debug.Assert(entries.Contains(kentry), "entries doesn't contain entry");
                    entries.Remove(kentry);
                    kvtree._entry = kentry.Intersect(entry);
                }
                else
                {
                    kvtree._entry = entry;
                }
                entries.Add(kvtree._entry);
            }
        }
コード例 #18
0
        internal void Intersect(ArrayList entries, NameValuePermission target) {
            if (null == target) {
                _tree = null;
                _entry = null;
            }
            else {
                if (null != _entry) {
                    entries.Remove(_entry);
                    _entry = _entry.Intersect(target._entry);
                    entries.Add(_entry);
                }
                else if (null != target._entry) {
                    _entry = target._entry.Intersect(null);
                    entries.Add(_entry);
                }

                if (null != _tree) {
                    int count = _tree.Length;
                    for(int i = 0; i < _tree.Length; ++i) {
                        NameValuePermission kvtree = target.CheckKeyForValue(_tree[i]._value);
                        if (null != kvtree) { // does target tree contain our value
                            _tree[i].Intersect(entries, kvtree);
                        }
                        else {
                            _tree[i] = null;
                            --count;
                        }
                    }
                    if (0 == count) {
                        _tree = null;
                    }
                    else if (count < _tree.Length) {
                        NameValuePermission[] kvtree = new NameValuePermission[count];
                        for (int i = 0, j = 0; i < _tree.Length; ++i) {
                            if(null != _tree[i]) {
                                kvtree[j++] = _tree[i];
                            }
                        }
                        _tree = kvtree;
                    }
                }
            }
        }
コード例 #19
0
        internal bool CheckValueForKeyPermit(DBConnectionString parsetable) {
            if (null == parsetable) {
                return false;
            }
            bool hasMatch = false;
            NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
            if (null != keytree) {
                hasMatch = parsetable.IsEmpty; // MDAC 86773
                if (!hasMatch) {

                    // which key do we follow the key-value chain on
                    for (int i = 0; i < keytree.Length; ++i) {
                        NameValuePermission permitKey = keytree[i];
                        if (null != permitKey) {
                            string keyword = permitKey._value;
#if DEBUG
                            Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
                            if (parsetable.ContainsKey(keyword)) {
                                string valueInQuestion = (string)parsetable[keyword];

                                // keyword is restricted to certain values
                                NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
                                if (null != permitValue) {
                                    //value does match - continue the chain down that branch
                                    if (permitValue.CheckValueForKeyPermit(parsetable)) {
                                        hasMatch = true;
                                        // adding a break statement is tempting, but wrong
                                        // user can safetly extend their restrictions for current rule to include missing keyword
                                        // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
                                        // i.e. Add("data provider=msdatashape;provider=sqloledb;integrated security=sspi", "", KeyRestrictionBehavior.AllowOnly);
                                    }
                                    else { // failed branch checking
                                        return false;
                                    }
                                }
                                else { // value doesn't match to expected values - fail here
                                    return false;
                                }
                            }
                        }
                        // else try next keyword
                    }
                }
                // partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
            }

            DBConnectionString entry = _entry;
            if (null != entry) {
                // also checking !hasMatch is tempting, but wrong
                // user can safetly extend their restrictions for current rule to include missing keyword
                // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
                // i.e. Add("provider=sqloledb;", "integrated security=;", KeyRestrictionBehavior.AllowOnly);
                hasMatch = entry.IsSupersetOf(parsetable);
            }

            return hasMatch; // mid-chain failure
        }
コード例 #20
0
        internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
        {
            if (null == parsetable)
            {
                return(false);
            }
            bool hasMatch = false;

            NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
            if (null != keytree)
            {
                hasMatch = parsetable.IsEmpty; // MDAC 86773
                if (!hasMatch)
                {
                    // which key do we follow the key-value chain on
                    for (int i = 0; i < keytree.Length; ++i)
                    {
                        NameValuePermission permitKey = keytree[i];
                        if (null != permitKey)
                        {
                            string keyword = permitKey._value;
#if DEBUG
                            Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
                            if (parsetable.ContainsKey(keyword))
                            {
                                string valueInQuestion = (string)parsetable[keyword];

                                // keyword is restricted to certain values
                                NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
                                if (null != permitValue)
                                {
                                    //value does match - continue the chain down that branch
                                    if (permitValue.CheckValueForKeyPermit(parsetable))
                                    {
                                        hasMatch = true;
                                        // adding a break statement is tempting, but wrong
                                        // user can safetly extend their restrictions for current rule to include missing keyword
                                        // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
                                        // i.e. Add("data provider=msdatashape;provider=sqloledb;integrated security=sspi", "", KeyRestrictionBehavior.AllowOnly);
                                    }
                                    else
                                    { // failed branch checking
                                        return(false);
                                    }
                                }
                                else
                                { // value doesn't match to expected values - fail here
                                    return(false);
                                }
                            }
                        }
                        // else try next keyword
                    }
                }
                // partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
            }

            DBConnectionString entry = _entry;
            if (null != entry)
            {
                // also checking !hasMatch is tempting, but wrong
                // user can safetly extend their restrictions for current rule to include missing keyword
                // i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
                // i.e. Add("provider=sqloledb;", "integrated security=;", KeyRestrictionBehavior.AllowOnly);
                hasMatch = entry.IsSupersetOf(parsetable);
            }

            return(hasMatch); // mid-chain failure
        }
コード例 #21
0
ファイル: OdbcPermission.cs プロジェクト: uQr/referencesource
 public override void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) {
     DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, true);
     AddPermissionEntry(constr);
 }
コード例 #22
0
        public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior)   // V1.0.5000
        {
            DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, false);

            AddPermissionEntry(constr);
        }
コード例 #23
0
        internal DBConnectionString Intersect(DBConnectionString entry)
        {
            KeyRestrictionBehavior behavior = _behavior;

            string[] restrictionValues = null;

            if (null == entry)
            {
                behavior = KeyRestrictionBehavior.AllowOnly;
            }
            else if (_behavior != entry._behavior)
            {
                // subset of the AllowOnly array
                behavior = KeyRestrictionBehavior.AllowOnly;

                if (KeyRestrictionBehavior.AllowOnly == entry._behavior)
                {
                    // this PreventUsage and entry AllowOnly
                    if (!ADP.IsEmptyArray(_restrictionValues))
                    {
                        if (!ADP.IsEmptyArray(entry._restrictionValues))
                        {
                            restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues);
                        }
                    }
                    else
                    {
                        restrictionValues = entry._restrictionValues;
                    }
                }
                else if (!ADP.IsEmptyArray(_restrictionValues))
                {
                    // this AllowOnly and entry PreventUsage
                    if (!ADP.IsEmptyArray(entry._restrictionValues))
                    {
                        restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues);
                    }
                    else
                    {
                        restrictionValues = _restrictionValues;
                    }
                }
            }
            else if (KeyRestrictionBehavior.PreventUsage == _behavior)
            {
                // both PreventUsage
                if (ADP.IsEmptyArray(_restrictionValues))
                {
                    restrictionValues = entry._restrictionValues;
                }
                else if (ADP.IsEmptyArray(entry._restrictionValues))
                {
                    restrictionValues = _restrictionValues;
                }
                else
                {
                    restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues);
                }
            }
            else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues))
            {
                // both AllowOnly with restrictions
                if (_restrictionValues.Length <= entry._restrictionValues.Length)
                {
                    restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues);
                }
                else
                {
                    restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues);
                }
            }

            // verify _hasPassword & _parsetable are in sync between Everett/Whidbey
            Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
            Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");

            DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior);

            ValidateCombinedSet(this, value);
            ValidateCombinedSet(entry, value);

            return(value);
        }
コード例 #24
0
        public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior)
        {
            DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, null, false);

            this.AddPermissionEntry(entry);
        }
コード例 #25
0
 private NameValuePermission(string value, DBConnectionString entry) {
     _value = value;
     _entry = entry;
 }
コード例 #26
0
 private void ValidateCombinedSet(DBConnectionString componentSet, DBConnectionString combinedSet) {
     Debug.Assert(combinedSet != null, "The combined connection string should not be null");
     if ((componentSet != null) && (combinedSet._restrictionValues != null) && (componentSet._restrictionValues != null)) {
         if (componentSet._behavior == KeyRestrictionBehavior.AllowOnly) {
             if (combinedSet._behavior == KeyRestrictionBehavior.AllowOnly) {
                 // Component==Allow, Combined==Allow
                 // All values in the Combined Set should also be in the Component Set
                 // Combined - Component == null
                 Debug.Assert(combinedSet._restrictionValues.Except(componentSet._restrictionValues).Count() == 0, "Combined set allows values not allowed by component set");
             }
             else if (combinedSet._behavior == KeyRestrictionBehavior.PreventUsage) {
                 // Component==Allow, Combined==PreventUsage
                 // Preventions override allows, so there is nothing to check here
             }
             else {
                 Debug.Assert(false, string.Format("Unknown behavior for combined set: {0}", combinedSet._behavior));
             }
         }
         else if (componentSet._behavior == KeyRestrictionBehavior.PreventUsage) {
             if (combinedSet._behavior == KeyRestrictionBehavior.AllowOnly) {
                 // Component==PreventUsage, Combined==Allow
                 // There shouldn't be any of the values from the Component Set in the Combined Set
                 // Intersect(Component, Combined) == null
                 Debug.Assert(combinedSet._restrictionValues.Intersect(componentSet._restrictionValues).Count() == 0, "Combined values allows values prevented by component set");
             }
             else if (combinedSet._behavior == KeyRestrictionBehavior.PreventUsage) {
                 // Component==PreventUsage, Combined==PreventUsage
                 // All values in the Component Set should also be in the Combined Set
                 // Component - Combined == null
                 Debug.Assert(componentSet._restrictionValues.Except(combinedSet._restrictionValues).Count() == 0, "Combined values does not prevent all of the values prevented by the component set");
             }
             else {
                 Debug.Assert(false, string.Format("Unknown behavior for combined set: {0}", combinedSet._behavior));
             }
         }
         else {
             Debug.Assert(false, string.Format("Unknown behavior for component set: {0}", componentSet._behavior));
         }
     }
 }
コード例 #27
0
        internal bool IsSupersetOf(DBConnectionString entry) {
            Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
            Debug.Assert(!entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");

            switch(_behavior) {
            case KeyRestrictionBehavior.AllowOnly:
                // every key must either be in the resticted connection string or in the allowed keywords
                // keychain may contain duplicates, but it is better than GetEnumerator on _parsetable.Keys
                for(NameValuePair current = entry.KeyChain; null != current; current = current.Next) {
                    if (!ContainsKey(current.Name) && IsRestrictedKeyword(current.Name)) {
                        return false;
                    }
                }
                break;
            case KeyRestrictionBehavior.PreventUsage:
                // every key can not be in the restricted keywords (even if in the restricted connection string)
                if (null != _restrictionValues) {
                    foreach(string restriction in _restrictionValues) {
                        if (entry.ContainsKey(restriction)) {
                            return false;
                        }
                    }
                }
                break;
            default:
                Debug.Assert(false, "invalid KeyRestrictionBehavior");
                throw ADP.InvalidKeyRestrictionBehavior(_behavior);
            }
            return true;
        }
コード例 #28
0
        private DBConnectionString(DBConnectionString connectionString, string[] restrictionValues, KeyRestrictionBehavior behavior) {
            // used by intersect for two equal connection strings with different restrictions
            _encryptedUsersConnectionString = connectionString._encryptedUsersConnectionString;
            _parsetable = connectionString._parsetable;
            _keychain = connectionString._keychain;
            _hasPassword = connectionString._hasPassword;

            _restrictionValues = restrictionValues;
            _restrictions = null;
            _behavior = behavior;

            Verify(restrictionValues);
        }
コード例 #29
0
 public override void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) {
     DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, SqlConnectionString.GetParseSynonyms(), false);
     AddPermissionEntry(constr);
 }
コード例 #30
0
 private NameValuePermission(string value, DBConnectionString entry)
 {
     this._value = value;
     this._entry = entry;
 }
コード例 #31
0
        internal DBConnectionString Intersect(DBConnectionString entry) {
            KeyRestrictionBehavior behavior = _behavior;
            string[] restrictionValues = null;

            if (null == entry) {
                //Debug.WriteLine("0 entry AllowNothing");
                behavior = KeyRestrictionBehavior.AllowOnly;
            }
            else if (this._behavior != entry._behavior) { // subset of the AllowOnly array
                behavior = KeyRestrictionBehavior.AllowOnly;

                if (KeyRestrictionBehavior.AllowOnly == entry._behavior) { // this PreventUsage and entry AllowOnly
                    if (!ADP.IsEmptyArray(_restrictionValues)) {
                        if (!ADP.IsEmptyArray(entry._restrictionValues)) {
                            //Debug.WriteLine("1 this PreventUsage with restrictions and entry AllowOnly with restrictions");
                            restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues);
                        }
                        else {
                            //Debug.WriteLine("2 this PreventUsage with restrictions and entry AllowOnly with no restrictions");
                        }
                    }
                    else {
                        //Debug.WriteLine("3/4 this PreventUsage with no restrictions and entry AllowOnly");
                        restrictionValues = entry._restrictionValues;
                    }
                }
                else if (!ADP.IsEmptyArray(_restrictionValues)) { // this AllowOnly and entry PreventUsage
                    if (!ADP.IsEmptyArray(entry._restrictionValues)) {
                        //Debug.WriteLine("5 this AllowOnly with restrictions and entry PreventUsage with restrictions");
                        restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues);
                    }
                    else {
                        //Debug.WriteLine("6 this AllowOnly and entry PreventUsage with no restrictions");
                        restrictionValues = _restrictionValues;
                    }
                }
                else {
                    //Debug.WriteLine("7/8 this AllowOnly with no restrictions and entry PreventUsage");
                }
            }
            else if (KeyRestrictionBehavior.PreventUsage == this._behavior) { // both PreventUsage
                if (ADP.IsEmptyArray(_restrictionValues)) {
                    //Debug.WriteLine("9/10 both PreventUsage and this with no restrictions");
                    restrictionValues = entry._restrictionValues;
                }
                else if (ADP.IsEmptyArray(entry._restrictionValues)) {
                    //Debug.WriteLine("11 both PreventUsage and entry with no restrictions");
                    restrictionValues = _restrictionValues;
                }
                else {
                    //Debug.WriteLine("12 both PreventUsage with restrictions");
                    restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues);
                }
            }
            else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues)) { // both AllowOnly with restrictions
                if (this._restrictionValues.Length <= entry._restrictionValues.Length) {
                    //Debug.WriteLine("13a this AllowOnly with restrictions and entry AllowOnly with restrictions");
                    restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues);
                }
                else {
                    //Debug.WriteLine("13b this AllowOnly with restrictions and entry AllowOnly with restrictions");
                    restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues);
                }
            }
            else { // both AllowOnly
                //Debug.WriteLine("14/15/16 this AllowOnly and entry AllowOnly but no restrictions");
            }

            // verify _hasPassword & _parsetable are in sync between Everett/Whidbey
            Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
            Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");

            DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior);
            ValidateCombinedSet(this, value);
            ValidateCombinedSet(entry, value);
            
            return value;
        }