private DBConnectionString(DbConnectionOptions connectionOptions, string restrictions, KeyRestrictionBehavior behavior, Hashtable synonyms, bool mustCloneDictionary) // used by DBDataPermission { Debug.Assert(null != connectionOptions, "null connectionOptions"); switch (behavior) { case KeyRestrictionBehavior.PreventUsage: case KeyRestrictionBehavior.AllowOnly: _behavior = behavior; break; default: throw ADP.InvalidKeyRestrictionBehavior(behavior); } // grab all the parsed details from DbConnectionOptions _encryptedUsersConnectionString = connectionOptions.UsersConnectionString(false); _hasPassword = connectionOptions.HasPasswordKeyword; _parsetable = connectionOptions.Parsetable; _keychain = connectionOptions.KeyChain; // we do not want to serialize out user password unless directed so by "persist security info=true" // otherwise all instances of user's password will be replaced with "*" if (_hasPassword && !connectionOptions.HasPersistablePassword) { if (mustCloneDictionary) { // clone the hashtable to replace user's password/pwd value with "*" // we only need to clone if coming from DbConnectionOptions and password exists _parsetable = (Hashtable)_parsetable.Clone(); } // different than Everett in that instead of removing password/pwd from // the hashtable, we replace the value with '*'. This is okay since we // serialize out with '*' so already knows what we do. Better this way // than to treat password specially later on which causes problems. const string star = "*"; if (_parsetable.ContainsKey(KEY.Password)) { _parsetable[KEY.Password] = star; } if (_parsetable.ContainsKey(KEY.Pwd)) { _parsetable[KEY.Pwd] = star; } // replace user's password/pwd value with "*" in the linked list and build a new string _keychain = connectionOptions.ReplacePasswordPwd(out _encryptedUsersConnectionString, true); } if (!ADP.IsEmpty(restrictions)) { _restrictionValues = ParseRestrictions(restrictions, synonyms); _restrictions = restrictions; } }
internal bool IsSupersetOf(DBConnectionString entry) { Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this"); Debug.Assert(!entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry"); switch (_behavior) { case KeyRestrictionBehavior.AllowOnly: // every key must either be in the resticted connection string or in the allowed keywords // keychain may contain duplicates, but it is better than GetEnumerator on _parsetable.Keys for (NameValuePair current = entry.KeyChain; null != current; current = current.Next) { if (!ContainsKey(current.Name) && IsRestrictedKeyword(current.Name)) { return(false); } } break; case KeyRestrictionBehavior.PreventUsage: // every key can not be in the restricted keywords (even if in the restricted connection string) if (null != _restrictionValues) { foreach (string restriction in _restrictionValues) { if (entry.ContainsKey(restriction)) { return(false); } } } break; default: Debug.Assert(false, "invalid KeyRestrictionBehavior"); throw ADP.InvalidKeyRestrictionBehavior(_behavior); } return(true); }