public virtual object Create(Object parent, Object configContextObj, XmlNode section) { // if called through client config don't even load HttpRuntime if (!HandlerBase.IsServerConfiguration(configContextObj)) { return(null); } HttpConfigurationContext configContext = configContextObj as HttpConfigurationContext; // section handlers can run in client mode with ConfigurationSettings.GetConfig("sectionName") // detect this case and return null to be ensure no exploits from secure client scenarios // see ASURT 123738 if (configContext == null) { return(null); } if (HandlerBase.IsPathAtAppLevel(configContext.VirtualPath) == PathLevel.BelowApp) { throw new ConfigurationException( HttpRuntime.FormatResourceString(SR.Cannot_specify_below_app_level, section.Name), section); } return(new SecurityPolicyConfig((SecurityPolicyConfig)parent, section, ConfigurationException.GetXmlNodeFilename(section))); }
public virtual object Create(Object parent, Object configContextObj, Xml.XmlNode section) { // if called through client config don't even load HttpRuntime if (!HandlerBase.IsServerConfiguration(configContextObj)) { return(null); } HttpConfigurationContext httpConfigContext = (HttpConfigurationContext)configContextObj; return(new CustomErrors(section, httpConfigContext.VirtualPath, (CustomErrors)parent)); }
public virtual object Create(Object parent, Object configContextObj, XmlNode section) { // if called through client config don't even load HttpRuntime if (!HandlerBase.IsServerConfiguration(configContextObj)) { return(null); } HttpConfigurationContext configContext = configContextObj as HttpConfigurationContext; if (HandlerBase.IsPathAtAppLevel(configContext.VirtualPath) == PathLevel.BelowApp) { throw new ConfigurationException( HttpRuntime.FormatResourceString(SR.Cannot_specify_below_app_level, "Authentication"), section); } return(new AuthenticationConfig((AuthenticationConfig)parent, section)); }
private PhpConfigurationContext Create(PhpConfigurationContext parent, HttpConfigurationContext context, XmlNode/*!*/ section) { PhpConfigurationContext result; // determines virtual path to the .config file (null means Machine.config or not applicable): string virtual_path = (context != null) ? context.VirtualPath : null; Debug.WriteLine("CONFIG", "Parsing configuration in '{0}'. Parent config is '{1}'", virtual_path ?? "Machine.config", (parent != null) ? parent.VirtualPath : "null"); // initialization: if (parent != null) { result = new PhpConfigurationContext(applicationContext, virtual_path, parent); } else { result = new PhpConfigurationContext(applicationContext, virtual_path); } GlobalConfiguration global = result.Global; LocalConfiguration local = result.Local; // configuration loading is assumed to be synchronized: ApplicationConfiguration app = Configuration.application; // same with script libraries - these need to be parsed after <sourceRoot> XmlNode node_ScriptLibrary = null; // determine configuration modification time: result.Global.LastConfigurationModificationTime = ConfigUtils.GetConfigModificationTime(section, result.Global.LastConfigurationModificationTime); // parses XML tree: foreach (XmlNode node in section.ChildNodes) { if (node.NodeType == XmlNodeType.Element) { switch (node.Name) { case NodePaths: // options can be specified only in application root config and above: result.EnsureApplicationConfig(node); ConfigUtils.ParseNameValueList(node, result, app.Paths); break; case NodeClassLibrary: // libraries can be loaded only in application root config and above: result.EnsureApplicationConfig(node); // parses and loads libraries contained in the list (lazy): ConfigUtils.ParseLibraryAssemblyList( node, result.librariesList, app.Paths.ExtWrappers, app.Paths.Libraries); break; case NodeScriptLibrary: // script libraries can be loaded only in application root config and above: result.EnsureApplicationConfig(node); node_ScriptLibrary = node; break; case NodeCompiler: // options can be specified only in application root: result.EnsureApplicationConfig(node); ConfigUtils.ParseNameValueList(node, result, app.Compiler); break; case NodeGlobalization: // options can be specified only in application root: result.EnsureApplicationConfig(node); ConfigUtils.ParseNameValueList(node, result, app.Globalization); break; case NodeOutputControl: ConfigUtils.ParseNameValueList(node, result, local.OutputControl); break; case NodeRequestControl: ConfigUtils.ParseNameValueList(node, result, local.RequestControl); break; case NodeErrorControl: ConfigUtils.ParseNameValueList(node, result, local.ErrorControl); break; case NodeSessionControl: ConfigUtils.ParseNameValueList(node, result, local.Session); break; case NodeFileSystem: ConfigUtils.ParseNameValueList(node, result, local.FileSystem); break; case NodeAssertion: ConfigUtils.ParseNameValueList(node, result, local.Assertion); break; case NodeVariables: ConfigUtils.ParseNameValueList(node, result, local.Variables, global.GlobalVariables); break; case NodePostedFiles: ConfigUtils.ParseNameValueList(node, result, global.PostedFiles); break; case NodeSafeMode: ConfigUtils.ParseNameValueList(node, result, global.SafeMode); break; default: // processes library section: result.librariesList.AddSection(node); break; } } } // and script library after that if (node_ScriptLibrary != null) { ConfigUtils.ParseScriptLibraryAssemblyList(node_ScriptLibrary, applicationContext.ScriptLibraryDatabase); } return result; }
// // ResolveFiles - parse files referenced with <file src="" /> // static void ResolveFiles(ParseState parseState, object configurationContext) { // // 1) get the directory of the configuration file currently being parsed // HttpConfigurationContext httpConfigurationContext = (HttpConfigurationContext)configurationContext; string configurationDirectory = null; bool useAssert = false; // // Only assert to read cap files when parsing machine.config // (allow device updates to work in restricted trust levels). // // Machine.config can be securely identified by the context being // an HttpConfigurationContext with null path. // try { if (httpConfigurationContext.VirtualPath == null) { useAssert = true; // we need to assert here to get the file path from ConfigurationException FileIOPermission fiop = new FileIOPermission(PermissionState.None); fiop.AllFiles = FileIOPermissionAccess.PathDiscovery; fiop.Assert(); } Pair pair0 = (Pair)parseState.FileList[0]; XmlNode srcAttribute = (XmlNode)pair0.Second; configurationDirectory = Path.GetDirectoryName(ConfigurationErrorsException.GetFilename(srcAttribute)); } finally { if (useAssert) { CodeAccessPermission.RevertAssert(); } } // // 2) iterate through list of referenced files, builing rule lists for each // foreach (Pair pair in parseState.FileList) { string srcFilename = (string)pair.First; string fullFilename = Path.Combine(configurationDirectory, srcFilename); XmlNode section; try { if (useAssert) { InternalSecurityPermissions.FileReadAccess(fullFilename).Assert(); } Exception fcmException = null; try { HttpConfigurationSystem.AddFileDependency(fullFilename); } catch (Exception e) { fcmException = e; } ConfigXmlDocument configDoc = new ConfigXmlDocument(); try { configDoc.Load(fullFilename); section = configDoc.DocumentElement; } catch (Exception e) { throw new ConfigurationErrorsException(SR.GetString(SR.Error_loading_XML_file, fullFilename, e.Message), e, (XmlNode)pair.Second); } if (fcmException != null) { throw fcmException; } } finally { if (useAssert) { // Cannot apply next FileReadAccess PermissionSet unless // current set is explicitly reverted. Also minimizes // granted permissions. CodeAccessPermission.RevertAssert(); } } if (section.Name != parseState.SectionName) { throw new ConfigurationErrorsException(SR.GetString(SR.Capability_file_root_element, parseState.SectionName), section); } HandlerBase.CheckForUnrecognizedAttributes(section); ArrayList sublist = RuleListFromElement(parseState, section, true); if (sublist.Count > 0) { parseState.RuleList.Add(new CapabilitiesSection(CapabilitiesRule.Filter, null, null, sublist)); } } }
private static void ResolveFiles(ParseState parseState, object configurationContext) { HttpConfigurationContext context = (HttpConfigurationContext)configurationContext; string directoryName = null; bool flag = false; try { if (context.VirtualPath == null) { flag = true; new FileIOPermission(PermissionState.None) { AllFiles = FileIOPermissionAccess.PathDiscovery }.Assert(); } Pair pair = (Pair)parseState.FileList[0]; XmlNode second = (XmlNode)pair.Second; directoryName = Path.GetDirectoryName(ConfigurationErrorsException.GetFilename(second)); } finally { if (flag) { CodeAccessPermission.RevertAssert(); } } foreach (Pair pair2 in parseState.FileList) { XmlNode documentElement; string first = (string)pair2.First; string filename = Path.Combine(directoryName, first); try { if (flag) { InternalSecurityPermissions.FileReadAccess(filename).Assert(); } Exception exception = null; try { HttpConfigurationSystem.AddFileDependency(filename); } catch (Exception exception2) { exception = exception2; } ConfigXmlDocument document = new ConfigXmlDocument(); try { document.Load(filename); documentElement = document.DocumentElement; } catch (Exception exception3) { throw new ConfigurationErrorsException(System.Web.SR.GetString("Error_loading_XML_file", new object[] { filename, exception3.Message }), exception3, (XmlNode)pair2.Second); } if (exception != null) { throw exception; } } finally { if (flag) { CodeAccessPermission.RevertAssert(); } } if (documentElement.Name != parseState.SectionName) { throw new ConfigurationErrorsException(System.Web.SR.GetString("Capability_file_root_element", new object[] { parseState.SectionName }), documentElement); } System.Web.Configuration.HandlerBase.CheckForUnrecognizedAttributes(documentElement); ArrayList rulelist = RuleListFromElement(parseState, documentElement, true); if (rulelist.Count > 0) { parseState.RuleList.Add(new CapabilitiesSection(2, null, null, rulelist)); } } }
// CTor internal MachineKeyConfig(object parentObject, object contextObject, XmlNode node) { MachineKeyConfig parent = (MachineKeyConfig)parentObject; HttpConfigurationContext configContext = contextObject as HttpConfigurationContext; if (HandlerBase.IsPathAtAppLevel(configContext.VirtualPath) == PathLevel.BelowApp) { throw new ConfigurationException( HttpRuntime.FormatResourceString(SR.No_MachineKey_Config_In_subdir), node); } if (parent != null) { _ValidationKey = parent.ValidationKey; _DecryptionKey = parent.DecryptionKey; _ValidationMode = parent.ValidationMode; _AutogenKey = parent.AutogenKey; } XmlNode vNode = node.Attributes.RemoveNamedItem("validationKey"); XmlNode dNode = node.Attributes.RemoveNamedItem("decryptionKey"); int iMode = 0; string [] modeStrings = { "SHA1", "MD5", "3DES" }; XmlNode mNode = HandlerBase.GetAndRemoveEnumAttribute(node, "validation", modeStrings, ref iMode); if (mNode != null) { _ValidationMode = (MachineKeyValidationMode)iMode; } HandlerBase.CheckForUnrecognizedAttributes(node); HandlerBase.CheckForChildNodes(node); if (vNode != null && vNode.Value != null) { String strKey = vNode.Value; bool fAppSpecific = strKey.EndsWith(",IsolateApps"); if (fAppSpecific) { strKey = strKey.Substring(0, strKey.Length - ",IsolateApps".Length); } if (strKey == "AutoGenerate") // case sensitive { _ValidationKey = new byte[64]; Buffer.BlockCopy(HttpRuntime.s_autogenKeys, 0, _ValidationKey, 0, 64); } else { if (strKey.Length > 128 || strKey.Length < 40) { throw new ConfigurationException( HttpRuntime.FormatResourceString( SR.Unable_to_get_cookie_authentication_validation_key, strKey.Length.ToString()), vNode); } _ValidationKey = HexStringToByteArray(strKey); if (_ValidationKey == null) { throw new ConfigurationException( HttpRuntime.FormatResourceString( SR.Invalid_validation_key), vNode); } } if (fAppSpecific) { int dwCode = SymbolHashCodeProvider.Default.GetHashCode(HttpContext.Current.Request.ApplicationPath); _ValidationKey[0] = (byte)(dwCode & 0xff); _ValidationKey[1] = (byte)((dwCode & 0xff00) >> 8); _ValidationKey[2] = (byte)((dwCode & 0xff0000) >> 16); _ValidationKey[3] = (byte)((dwCode & 0xff000000) >> 24); } } if (dNode != null) { String strKey = dNode.Value; bool fAppSpecific = strKey.EndsWith(",IsolateApps"); if (fAppSpecific) { strKey = strKey.Substring(0, strKey.Length - ",IsolateApps".Length); } if (strKey == "AutoGenerate") // case sensitive { _DecryptionKey = new byte[24]; Buffer.BlockCopy(HttpRuntime.s_autogenKeys, 64, _DecryptionKey, 0, 24); _AutogenKey = true; } else { _AutogenKey = false; if (strKey.Length == 48) // Make sure Triple DES is installed { TripleDESCryptoServiceProvider oTemp = null; try { oTemp = new TripleDESCryptoServiceProvider(); } catch (Exception) { } if (oTemp == null) { throw new ConfigurationException( HttpRuntime.FormatResourceString( SR.cannot_use_Triple_DES), dNode); } } if (strKey.Length != 48 && strKey.Length != 16) { throw new ConfigurationException( HttpRuntime.FormatResourceString( SR.Unable_to_get_cookie_authentication_decryption_key, strKey.Length.ToString()), dNode); } _DecryptionKey = HexStringToByteArray(strKey); if (_DecryptionKey == null) { throw new ConfigurationException( HttpRuntime.FormatResourceString( SR.Invalid_decryption_key), dNode); } } if (fAppSpecific) { int dwCode = SymbolHashCodeProvider.Default.GetHashCode(HttpContext.Current.Request.ApplicationPath); _DecryptionKey[0] = (byte)(dwCode & 0xff); _DecryptionKey[1] = (byte)((dwCode & 0xff00) >> 8); _DecryptionKey[2] = (byte)((dwCode & 0xff0000) >> 16); _DecryptionKey[3] = (byte)((dwCode & 0xff000000) >> 24); } } }