internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
{
if (parsetable == null)
{
return(false);
}
bool isEmpty = false;
NameValuePermission[] permissionArray = this._tree;
if (permissionArray != null)
{
isEmpty = parsetable.IsEmpty;
if (!isEmpty)
{
for (int i = 0; i < permissionArray.Length; i++)
{
NameValuePermission permission = permissionArray[i];
if (permission != null)
{
string keyword = permission._value;
if (parsetable.ContainsKey(keyword))
{
string keyInQuestion = parsetable[keyword];
NameValuePermission permission2 = permission.CheckKeyForValue(keyInQuestion);
if ((permission2 != null) && permission2.CheckValueForKeyPermit(parsetable))
{
isEmpty = true;
}
else
{
return(false);
}
}
}
}
}
}
DBConnectionString str = this._entry;
if (str != null)
{
isEmpty = str.IsSupersetOf(parsetable);
}
return(isEmpty);
}
internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
{
if (null == parsetable)
{
return(false);
}
bool hasMatch = false;
NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
if (null != keytree)
{
hasMatch = parsetable.IsEmpty; // MDAC 86773
if (!hasMatch)
{
// which key do we follow the key-value chain on
for (int i = 0; i < keytree.Length; ++i)
{
NameValuePermission permitKey = keytree[i];
if (null != permitKey)
{
string keyword = permitKey._value;
#if DEBUG
Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
if (parsetable.ContainsKey(keyword))
{
string valueInQuestion = (string)parsetable[keyword];
// keyword is restricted to certain values
NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
if (null != permitValue)
{
//value does match - continue the chain down that branch
if (permitValue.CheckValueForKeyPermit(parsetable))
{
hasMatch = true;
// adding a break statement is tempting, but wrong
// user can safetly extend their restrictions for current rule to include missing keyword
// i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
// i.e. Add("data provider=msdatashape;provider=sqloledb;integrated security=sspi", "", KeyRestrictionBehavior.AllowOnly);
}
else
{ // failed branch checking
return(false);
}
}
else
{ // value doesn't match to expected values - fail here
return(false);
}
}
}
// else try next keyword
}
}
// partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
}
DBConnectionString entry = _entry;
if (null != entry)
{
// also checking !hasMatch is tempting, but wrong
// user can safetly extend their restrictions for current rule to include missing keyword
// i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
// i.e. Add("provider=sqloledb;", "integrated security=;", KeyRestrictionBehavior.AllowOnly);
hasMatch = entry.IsSupersetOf(parsetable);
}
return(hasMatch); // mid-chain failure
}
internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
{
if (null == parsetable)
{
return(false);
}
bool hasMatch = false;
NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
if (null != keytree)
{
hasMatch = parsetable.IsEmpty(); // MDAC 86773
// which key do we follow the key-value chain on
for (int i = 0; i < keytree.Length; ++i)
{
NameValuePermission permitKey = keytree[i];
string keyword = permitKey._value;
#if DATAPERMIT
Debug.WriteLine("DBDataPermission keyword: <" + keyword + ">");
#endif
#if DEBUG
Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
if (parsetable.Contains(keyword))
{
string valueInQuestion = (string)parsetable[keyword];
// keyword is restricted to certain values
NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
if (null != permitValue)
{
//value does match - continue the chain down that branch
if (permitValue.CheckValueForKeyPermit(parsetable))
{
hasMatch = true;
}
else
{
#if DATAPERMIT
Debug.WriteLine("DBDataPermission failed branch checking");
#endif
return(false);
}
}
else // value doesn't match to expected values - fail here
{
#if DATAPERMIT
Debug.WriteLine("DBDataPermission failed to match expected value");
#endif
return(false);
}
}
// else try next keyword
}
// partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
}
#if DATAPERMIT
else
{
Debug.WriteLine("leaf node");
}
#endif
DBConnectionString entry = _entry;
if (null != entry)
{
return(entry.IsSubsetOf(parsetable));
}
#if DATAPERMIT
Debug.WriteLine("DBDataPermission failed on non-terminal node");
#endif
return(hasMatch); // mid-chain failure
}
