static internal void AddEntry(NameValuePermission kvtree, ArrayList entries, DBConnectionString entry) {
Debug.Assert(null != entry, "null DBConnectionString");
if (null != entry.KeyChain) {
for(NameValuePair keychain = entry.KeyChain; null != keychain; keychain = keychain.Next) {
NameValuePermission kv;
kv = kvtree.CheckKeyForValue(keychain.Name);
if (null == kv) {
kv = new NameValuePermission(keychain.Name);
kvtree.Add(kv); // add directly into live tree
}
kvtree = kv;
kv = kvtree.CheckKeyForValue(keychain.Value);
if (null == kv) {
DBConnectionString insertValue = ((null != keychain.Next) ? null : entry);
kv = new NameValuePermission(keychain.Value, insertValue);
kvtree.Add(kv); // add directly into live tree
if (null != insertValue) {
entries.Add(insertValue);
}
}
else if (null == keychain.Next) { // shorter chain potential
if (null != kv._entry) {
Debug.Assert(entries.Contains(kv._entry), "entries doesn't contain entry");
entries.Remove(kv._entry);
kv._entry = kv._entry.Intersect(entry); // union new restrictions into existing tree
}
else {
kv._entry = entry;
}
entries.Add(kv._entry);
}
kvtree = kv;
}
}
else { // global restrictions, MDAC 84443
DBConnectionString kentry = kvtree._entry;
if (null != kentry) {
Debug.Assert(entries.Contains(kentry), "entries doesn't contain entry");
entries.Remove(kentry);
kvtree._entry = kentry.Intersect(entry);
}
else {
kvtree._entry = entry;
}
entries.Add(kvtree._entry);
}
}
private NameValuePermission(NameValuePermission permit) { // deep-copy
_value = permit._value;
_entry = permit._entry;
_tree = permit._tree;
if (null != _tree) {
NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]);
for(int i = 0; i < tree.Length; ++i) {
if (null != tree[i]) { // WebData 98488
tree[i] = tree[i].CopyNameValue(); // deep copy
}
}
_tree = tree;
}
}
private DBConnectionString(DBConnectionString connectionString, string[] restrictionValues, KeyRestrictionBehavior behavior)
{
// used by intersect for two equal connection strings with different restrictions
_encryptedUsersConnectionString = connectionString._encryptedUsersConnectionString;
_parsetable = connectionString._parsetable;
_keychain = connectionString._keychain;
_hasPassword = connectionString._hasPassword;
_restrictionValues = restrictionValues;
_restrictions = null;
_behavior = behavior;
Verify(restrictionValues);
}
/// <include file='doc\DBDataPermission.uex' path='docs/doc[@for="DBDataPermission.AddWithAllow"]/*' />
virtual public void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior)
{
switch (behavior)
{
case KeyRestrictionBehavior.PreventUsage:
case KeyRestrictionBehavior.AllowOnly:
break;
default:
throw ADP.Argument("value");
}
DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, UdlSupport.UdlAsKeyword);
AddPermissionEntry(entry);
}
private NameValuePermission(NameValuePermission permit) // deep-copy
{
_value = permit._value;
_entry = permit._entry;
_tree = permit._tree;
if (null != _tree)
{
NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]);
int length = tree.Length;
for (int i = 0; i < length; ++i)
{
tree[i] = tree[i].Copy(); // deep copy
}
_tree = tree;
}
}
internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
{
if (parsetable == null)
{
return(false);
}
bool isEmpty = false;
NameValuePermission[] permissionArray = this._tree;
if (permissionArray != null)
{
isEmpty = parsetable.IsEmpty;
if (!isEmpty)
{
for (int i = 0; i < permissionArray.Length; i++)
{
NameValuePermission permission = permissionArray[i];
if (permission != null)
{
string keyword = permission._value;
if (parsetable.ContainsKey(keyword))
{
string keyInQuestion = parsetable[keyword];
NameValuePermission permission2 = permission.CheckKeyForValue(keyInQuestion);
if ((permission2 != null) && permission2.CheckValueForKeyPermit(parsetable))
{
isEmpty = true;
}
else
{
return(false);
}
}
}
}
}
}
DBConnectionString str = this._entry;
if (str != null)
{
isEmpty = str.IsSupersetOf(parsetable);
}
return(isEmpty);
}
private NameValuePermission(NameValuePermission permit)
{
this._value = permit._value;
this._entry = permit._entry;
this._tree = permit._tree;
if (this._tree != null)
{
NameValuePermission[] permissionArray = this._tree.Clone() as NameValuePermission[];
for (int i = 0; i < permissionArray.Length; i++)
{
if (permissionArray[i] != null)
{
permissionArray[i] = permissionArray[i].CopyNameValue();
}
}
this._tree = permissionArray;
}
}
private NameValuePermission(NameValuePermission permit)
{ // deep-copy
_value = permit._value;
_entry = permit._entry;
_tree = permit._tree;
if (null != _tree)
{
NameValuePermission[] tree = (_tree.Clone() as NameValuePermission[]);
for (int i = 0; i < tree.Length; ++i)
{
if (null != tree[i])
{ // WebData 98488
tree[i] = tree[i].CopyNameValue(); // deep copy
}
}
_tree = tree;
}
}
internal bool IsSupersetOf(DBConnectionString entry)
{
Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
Debug.Assert(!entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");
switch (_behavior)
{
case KeyRestrictionBehavior.AllowOnly:
// every key must either be in the resticted connection string or in the allowed keywords
// keychain may contain duplicates, but it is better than GetEnumerator on _parsetable.Keys
for (NameValuePair current = entry.KeyChain; null != current; current = current.Next)
{
if (!ContainsKey(current.Name) && IsRestrictedKeyword(current.Name))
{
return(false);
}
}
break;
case KeyRestrictionBehavior.PreventUsage:
// every key can not be in the restricted keywords (even if in the restricted connection string)
if (null != _restrictionValues)
{
foreach (string restriction in _restrictionValues)
{
if (entry.ContainsKey(restriction))
{
return(false);
}
}
}
break;
default:
Debug.Assert(false, "invalid KeyRestrictionBehavior");
throw ADP.InvalidKeyRestrictionBehavior(_behavior);
}
return(true);
}
public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior)
{
DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, null, false);
this.AddPermissionEntry(entry);
}
internal void AddPermissionEntry(DBConnectionString entry)
{
if (this._keyvaluetree == null)
{
this._keyvaluetree = new NameValuePermission();
}
if (this._keyvalues == null)
{
this._keyvalues = new ArrayList();
}
NameValuePermission.AddEntry(this._keyvaluetree, this._keyvalues, entry);
this._isUnrestricted = false;
}
internal DBConnectionString Intersect(DBConnectionString entry)
{
KeyRestrictionBehavior behavior = _behavior;
string[] restrictionValues = null;
if (null == entry)
{
//Debug.WriteLine("0 entry AllowNothing");
behavior = KeyRestrictionBehavior.AllowOnly;
}
else if (this._behavior != entry._behavior) // subset of the AllowOnly array
{
behavior = KeyRestrictionBehavior.AllowOnly;
if (KeyRestrictionBehavior.AllowOnly == entry._behavior) // this PreventUsage and entry AllowOnly
{
if (!ADP.IsEmptyArray(_restrictionValues))
{
if (!ADP.IsEmptyArray(entry._restrictionValues))
{
//Debug.WriteLine("1 this PreventUsage with restrictions and entry AllowOnly with restrictions");
restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues);
}
else
{
//Debug.WriteLine("2 this PreventUsage with restrictions and entry AllowOnly with no restrictions");
}
}
else
{
//Debug.WriteLine("3/4 this PreventUsage with no restrictions and entry AllowOnly");
restrictionValues = entry._restrictionValues;
}
}
else if (!ADP.IsEmptyArray(_restrictionValues)) // this AllowOnly and entry PreventUsage
{
if (!ADP.IsEmptyArray(entry._restrictionValues))
{
//Debug.WriteLine("5 this AllowOnly with restrictions and entry PreventUsage with restrictions");
restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues);
}
else
{
//Debug.WriteLine("6 this AllowOnly and entry PreventUsage with no restrictions");
restrictionValues = _restrictionValues;
}
}
else
{
//Debug.WriteLine("7/8 this AllowOnly with no restrictions and entry PreventUsage");
}
}
else if (KeyRestrictionBehavior.PreventUsage == this._behavior) // both PreventUsage
{
if (ADP.IsEmptyArray(_restrictionValues))
{
//Debug.WriteLine("9/10 both PreventUsage and this with no restrictions");
restrictionValues = entry._restrictionValues;
}
else if (ADP.IsEmptyArray(entry._restrictionValues))
{
//Debug.WriteLine("11 both PreventUsage and entry with no restrictions");
restrictionValues = _restrictionValues;
}
else
{
//Debug.WriteLine("12 both PreventUsage with restrictions");
restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues);
}
}
else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues)) // both AllowOnly with restrictions
{
if (this._restrictionValues.Length <= entry._restrictionValues.Length)
{
//Debug.WriteLine("13a this AllowOnly with restrictions and entry AllowOnly with restrictions");
restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues);
}
else
{
//Debug.WriteLine("13b this AllowOnly with restrictions and entry AllowOnly with restrictions");
restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues);
}
}
else // both AllowOnly
//Debug.WriteLine("14/15/16 this AllowOnly and entry AllowOnly but no restrictions");
{
}
// verify _hasPassword & _parsetable are in sync between Everett/Whidbey
Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");
DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior);
ValidateCombinedSet(this, value);
ValidateCombinedSet(entry, value);
return(value);
}
internal DBConnectionString Intersect(DBConnectionString entry)
{
KeyRestrictionBehavior allowOnly = this._behavior;
string[] restrictionValues = null;
if (entry == null)
{
allowOnly = KeyRestrictionBehavior.AllowOnly;
}
else if (this._behavior != entry._behavior)
{
allowOnly = KeyRestrictionBehavior.AllowOnly;
if (entry._behavior == KeyRestrictionBehavior.AllowOnly)
{
if (!ADP.IsEmptyArray(this._restrictionValues))
{
if (!ADP.IsEmptyArray(entry._restrictionValues))
{
restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, this._restrictionValues);
}
}
else
{
restrictionValues = entry._restrictionValues;
}
}
else if (!ADP.IsEmptyArray(this._restrictionValues))
{
if (!ADP.IsEmptyArray(entry._restrictionValues))
{
restrictionValues = NewRestrictionAllowOnly(this._restrictionValues, entry._restrictionValues);
}
else
{
restrictionValues = this._restrictionValues;
}
}
}
else if (KeyRestrictionBehavior.PreventUsage == this._behavior)
{
if (ADP.IsEmptyArray(this._restrictionValues))
{
restrictionValues = entry._restrictionValues;
}
else if (ADP.IsEmptyArray(entry._restrictionValues))
{
restrictionValues = this._restrictionValues;
}
else
{
restrictionValues = NoDuplicateUnion(this._restrictionValues, entry._restrictionValues);
}
}
else if (!ADP.IsEmptyArray(this._restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues))
{
if (this._restrictionValues.Length <= entry._restrictionValues.Length)
{
restrictionValues = NewRestrictionIntersect(this._restrictionValues, entry._restrictionValues);
}
else
{
restrictionValues = NewRestrictionIntersect(entry._restrictionValues, this._restrictionValues);
}
}
return(new DBConnectionString(this, restrictionValues, allowOnly));
}
internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
{
if (null == parsetable)
{
return(false);
}
bool hasMatch = false;
NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
if (null != keytree)
{
hasMatch = parsetable.IsEmpty(); // MDAC 86773
// which key do we follow the key-value chain on
for (int i = 0; i < keytree.Length; ++i)
{
NameValuePermission permitKey = keytree[i];
string keyword = permitKey._value;
#if DATAPERMIT
Debug.WriteLine("DBDataPermission keyword: <" + keyword + ">");
#endif
#if DEBUG
Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
if (parsetable.Contains(keyword))
{
string valueInQuestion = (string)parsetable[keyword];
// keyword is restricted to certain values
NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
if (null != permitValue)
{
//value does match - continue the chain down that branch
if (permitValue.CheckValueForKeyPermit(parsetable))
{
hasMatch = true;
}
else
{
#if DATAPERMIT
Debug.WriteLine("DBDataPermission failed branch checking");
#endif
return(false);
}
}
else // value doesn't match to expected values - fail here
{
#if DATAPERMIT
Debug.WriteLine("DBDataPermission failed to match expected value");
#endif
return(false);
}
}
// else try next keyword
}
// partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
}
#if DATAPERMIT
else
{
Debug.WriteLine("leaf node");
}
#endif
DBConnectionString entry = _entry;
if (null != entry)
{
return(entry.IsSubsetOf(parsetable));
}
#if DATAPERMIT
Debug.WriteLine("DBDataPermission failed on non-terminal node");
#endif
return(hasMatch); // mid-chain failure
}
public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) { // V1.0.5000
DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, false);
AddPermissionEntry(constr);
}
internal void AddPermissionEntry(DBConnectionString entry) {
if (null == _keyvaluetree) {
_keyvaluetree = new NameValuePermission();
}
if (null == _keyvalues) {
_keyvalues = new ArrayList();
}
NameValuePermission.AddEntry(_keyvaluetree, _keyvalues, entry);
_isUnrestricted = false; // MDAC 84639
}
internal static void AddEntry(NameValuePermission kvtree, ArrayList entries, DBConnectionString entry)
{
Debug.Assert(null != entry, "null DBConnectionString");
if (null != entry.KeyChain)
{
for (NameValuePair keychain = entry.KeyChain; null != keychain; keychain = keychain.Next)
{
NameValuePermission kv;
kv = kvtree.CheckKeyForValue(keychain.Name);
if (null == kv)
{
kv = new NameValuePermission(keychain.Name);
kvtree.Add(kv); // add directly into live tree
}
kvtree = kv;
kv = kvtree.CheckKeyForValue(keychain.Value);
if (null == kv)
{
DBConnectionString insertValue = ((null != keychain.Next) ? null : entry);
kv = new NameValuePermission(keychain.Value, insertValue);
kvtree.Add(kv); // add directly into live tree
if (null != insertValue)
{
entries.Add(insertValue);
}
}
else if (null == keychain.Next)
{ // shorter chain potential
if (null != kv._entry)
{
Debug.Assert(entries.Contains(kv._entry), "entries doesn't contain entry");
entries.Remove(kv._entry);
kv._entry = kv._entry.Intersect(entry); // union new restrictions into existing tree
}
else
{
kv._entry = entry;
}
entries.Add(kv._entry);
}
kvtree = kv;
}
}
else
{ // global restrictions, MDAC 84443
DBConnectionString kentry = kvtree._entry;
if (null != kentry)
{
Debug.Assert(entries.Contains(kentry), "entries doesn't contain entry");
entries.Remove(kentry);
kvtree._entry = kentry.Intersect(entry);
}
else
{
kvtree._entry = entry;
}
entries.Add(kvtree._entry);
}
}
internal void Intersect(ArrayList entries, NameValuePermission target) {
if (null == target) {
_tree = null;
_entry = null;
}
else {
if (null != _entry) {
entries.Remove(_entry);
_entry = _entry.Intersect(target._entry);
entries.Add(_entry);
}
else if (null != target._entry) {
_entry = target._entry.Intersect(null);
entries.Add(_entry);
}
if (null != _tree) {
int count = _tree.Length;
for(int i = 0; i < _tree.Length; ++i) {
NameValuePermission kvtree = target.CheckKeyForValue(_tree[i]._value);
if (null != kvtree) { // does target tree contain our value
_tree[i].Intersect(entries, kvtree);
}
else {
_tree[i] = null;
--count;
}
}
if (0 == count) {
_tree = null;
}
else if (count < _tree.Length) {
NameValuePermission[] kvtree = new NameValuePermission[count];
for (int i = 0, j = 0; i < _tree.Length; ++i) {
if(null != _tree[i]) {
kvtree[j++] = _tree[i];
}
}
_tree = kvtree;
}
}
}
}
internal bool CheckValueForKeyPermit(DBConnectionString parsetable) {
if (null == parsetable) {
return false;
}
bool hasMatch = false;
NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
if (null != keytree) {
hasMatch = parsetable.IsEmpty; // MDAC 86773
if (!hasMatch) {
// which key do we follow the key-value chain on
for (int i = 0; i < keytree.Length; ++i) {
NameValuePermission permitKey = keytree[i];
if (null != permitKey) {
string keyword = permitKey._value;
#if DEBUG
Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
if (parsetable.ContainsKey(keyword)) {
string valueInQuestion = (string)parsetable[keyword];
// keyword is restricted to certain values
NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
if (null != permitValue) {
//value does match - continue the chain down that branch
if (permitValue.CheckValueForKeyPermit(parsetable)) {
hasMatch = true;
// adding a break statement is tempting, but wrong
// user can safetly extend their restrictions for current rule to include missing keyword
// i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
// i.e. Add("data provider=msdatashape;provider=sqloledb;integrated security=sspi", "", KeyRestrictionBehavior.AllowOnly);
}
else { // failed branch checking
return false;
}
}
else { // value doesn't match to expected values - fail here
return false;
}
}
}
// else try next keyword
}
}
// partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
}
DBConnectionString entry = _entry;
if (null != entry) {
// also checking !hasMatch is tempting, but wrong
// user can safetly extend their restrictions for current rule to include missing keyword
// i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
// i.e. Add("provider=sqloledb;", "integrated security=;", KeyRestrictionBehavior.AllowOnly);
hasMatch = entry.IsSupersetOf(parsetable);
}
return hasMatch; // mid-chain failure
}
internal bool CheckValueForKeyPermit(DBConnectionString parsetable)
{
if (null == parsetable)
{
return(false);
}
bool hasMatch = false;
NameValuePermission[] keytree = _tree; // _tree won't mutate but Add will replace it
if (null != keytree)
{
hasMatch = parsetable.IsEmpty; // MDAC 86773
if (!hasMatch)
{
// which key do we follow the key-value chain on
for (int i = 0; i < keytree.Length; ++i)
{
NameValuePermission permitKey = keytree[i];
if (null != permitKey)
{
string keyword = permitKey._value;
#if DEBUG
Debug.Assert(null == permitKey._entry, "key member has no restrictions");
#endif
if (parsetable.ContainsKey(keyword))
{
string valueInQuestion = (string)parsetable[keyword];
// keyword is restricted to certain values
NameValuePermission permitValue = permitKey.CheckKeyForValue(valueInQuestion);
if (null != permitValue)
{
//value does match - continue the chain down that branch
if (permitValue.CheckValueForKeyPermit(parsetable))
{
hasMatch = true;
// adding a break statement is tempting, but wrong
// user can safetly extend their restrictions for current rule to include missing keyword
// i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
// i.e. Add("data provider=msdatashape;provider=sqloledb;integrated security=sspi", "", KeyRestrictionBehavior.AllowOnly);
}
else
{ // failed branch checking
return(false);
}
}
else
{ // value doesn't match to expected values - fail here
return(false);
}
}
}
// else try next keyword
}
}
// partial chain match, either leaf-node by shorter chain or fail mid-chain if (null == _restrictions)
}
DBConnectionString entry = _entry;
if (null != entry)
{
// also checking !hasMatch is tempting, but wrong
// user can safetly extend their restrictions for current rule to include missing keyword
// i.e. Add("provider=sqloledb;integrated security=sspi", "data provider=", KeyRestrictionBehavior.AllowOnly);
// i.e. Add("provider=sqloledb;", "integrated security=;", KeyRestrictionBehavior.AllowOnly);
hasMatch = entry.IsSupersetOf(parsetable);
}
return(hasMatch); // mid-chain failure
}
public override void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) {
DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, true);
AddPermissionEntry(constr);
}
public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) // V1.0.5000
{
DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, null, false);
AddPermissionEntry(constr);
}
internal DBConnectionString Intersect(DBConnectionString entry)
{
KeyRestrictionBehavior behavior = _behavior;
string[] restrictionValues = null;
if (null == entry)
{
behavior = KeyRestrictionBehavior.AllowOnly;
}
else if (_behavior != entry._behavior)
{
// subset of the AllowOnly array
behavior = KeyRestrictionBehavior.AllowOnly;
if (KeyRestrictionBehavior.AllowOnly == entry._behavior)
{
// this PreventUsage and entry AllowOnly
if (!ADP.IsEmptyArray(_restrictionValues))
{
if (!ADP.IsEmptyArray(entry._restrictionValues))
{
restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues);
}
}
else
{
restrictionValues = entry._restrictionValues;
}
}
else if (!ADP.IsEmptyArray(_restrictionValues))
{
// this AllowOnly and entry PreventUsage
if (!ADP.IsEmptyArray(entry._restrictionValues))
{
restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues);
}
else
{
restrictionValues = _restrictionValues;
}
}
}
else if (KeyRestrictionBehavior.PreventUsage == _behavior)
{
// both PreventUsage
if (ADP.IsEmptyArray(_restrictionValues))
{
restrictionValues = entry._restrictionValues;
}
else if (ADP.IsEmptyArray(entry._restrictionValues))
{
restrictionValues = _restrictionValues;
}
else
{
restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues);
}
}
else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues))
{
// both AllowOnly with restrictions
if (_restrictionValues.Length <= entry._restrictionValues.Length)
{
restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues);
}
else
{
restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues);
}
}
// verify _hasPassword & _parsetable are in sync between Everett/Whidbey
Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");
DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior);
ValidateCombinedSet(this, value);
ValidateCombinedSet(entry, value);
return(value);
}
public virtual void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior)
{
DBConnectionString entry = new DBConnectionString(connectionString, restrictions, behavior, null, false);
this.AddPermissionEntry(entry);
}
private NameValuePermission(string value, DBConnectionString entry) {
_value = value;
_entry = entry;
}
private void ValidateCombinedSet(DBConnectionString componentSet, DBConnectionString combinedSet) {
Debug.Assert(combinedSet != null, "The combined connection string should not be null");
if ((componentSet != null) && (combinedSet._restrictionValues != null) && (componentSet._restrictionValues != null)) {
if (componentSet._behavior == KeyRestrictionBehavior.AllowOnly) {
if (combinedSet._behavior == KeyRestrictionBehavior.AllowOnly) {
// Component==Allow, Combined==Allow
// All values in the Combined Set should also be in the Component Set
// Combined - Component == null
Debug.Assert(combinedSet._restrictionValues.Except(componentSet._restrictionValues).Count() == 0, "Combined set allows values not allowed by component set");
}
else if (combinedSet._behavior == KeyRestrictionBehavior.PreventUsage) {
// Component==Allow, Combined==PreventUsage
// Preventions override allows, so there is nothing to check here
}
else {
Debug.Assert(false, string.Format("Unknown behavior for combined set: {0}", combinedSet._behavior));
}
}
else if (componentSet._behavior == KeyRestrictionBehavior.PreventUsage) {
if (combinedSet._behavior == KeyRestrictionBehavior.AllowOnly) {
// Component==PreventUsage, Combined==Allow
// There shouldn't be any of the values from the Component Set in the Combined Set
// Intersect(Component, Combined) == null
Debug.Assert(combinedSet._restrictionValues.Intersect(componentSet._restrictionValues).Count() == 0, "Combined values allows values prevented by component set");
}
else if (combinedSet._behavior == KeyRestrictionBehavior.PreventUsage) {
// Component==PreventUsage, Combined==PreventUsage
// All values in the Component Set should also be in the Combined Set
// Component - Combined == null
Debug.Assert(componentSet._restrictionValues.Except(combinedSet._restrictionValues).Count() == 0, "Combined values does not prevent all of the values prevented by the component set");
}
else {
Debug.Assert(false, string.Format("Unknown behavior for combined set: {0}", combinedSet._behavior));
}
}
else {
Debug.Assert(false, string.Format("Unknown behavior for component set: {0}", componentSet._behavior));
}
}
}
internal bool IsSupersetOf(DBConnectionString entry) {
Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
Debug.Assert(!entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");
switch(_behavior) {
case KeyRestrictionBehavior.AllowOnly:
// every key must either be in the resticted connection string or in the allowed keywords
// keychain may contain duplicates, but it is better than GetEnumerator on _parsetable.Keys
for(NameValuePair current = entry.KeyChain; null != current; current = current.Next) {
if (!ContainsKey(current.Name) && IsRestrictedKeyword(current.Name)) {
return false;
}
}
break;
case KeyRestrictionBehavior.PreventUsage:
// every key can not be in the restricted keywords (even if in the restricted connection string)
if (null != _restrictionValues) {
foreach(string restriction in _restrictionValues) {
if (entry.ContainsKey(restriction)) {
return false;
}
}
}
break;
default:
Debug.Assert(false, "invalid KeyRestrictionBehavior");
throw ADP.InvalidKeyRestrictionBehavior(_behavior);
}
return true;
}
private DBConnectionString(DBConnectionString connectionString, string[] restrictionValues, KeyRestrictionBehavior behavior) {
// used by intersect for two equal connection strings with different restrictions
_encryptedUsersConnectionString = connectionString._encryptedUsersConnectionString;
_parsetable = connectionString._parsetable;
_keychain = connectionString._keychain;
_hasPassword = connectionString._hasPassword;
_restrictionValues = restrictionValues;
_restrictions = null;
_behavior = behavior;
Verify(restrictionValues);
}
public override void Add(string connectionString, string restrictions, KeyRestrictionBehavior behavior) {
DBConnectionString constr = new DBConnectionString(connectionString, restrictions, behavior, SqlConnectionString.GetParseSynonyms(), false);
AddPermissionEntry(constr);
}
private NameValuePermission(string value, DBConnectionString entry)
{
this._value = value;
this._entry = entry;
}
internal DBConnectionString Intersect(DBConnectionString entry) {
KeyRestrictionBehavior behavior = _behavior;
string[] restrictionValues = null;
if (null == entry) {
//Debug.WriteLine("0 entry AllowNothing");
behavior = KeyRestrictionBehavior.AllowOnly;
}
else if (this._behavior != entry._behavior) { // subset of the AllowOnly array
behavior = KeyRestrictionBehavior.AllowOnly;
if (KeyRestrictionBehavior.AllowOnly == entry._behavior) { // this PreventUsage and entry AllowOnly
if (!ADP.IsEmptyArray(_restrictionValues)) {
if (!ADP.IsEmptyArray(entry._restrictionValues)) {
//Debug.WriteLine("1 this PreventUsage with restrictions and entry AllowOnly with restrictions");
restrictionValues = NewRestrictionAllowOnly(entry._restrictionValues, _restrictionValues);
}
else {
//Debug.WriteLine("2 this PreventUsage with restrictions and entry AllowOnly with no restrictions");
}
}
else {
//Debug.WriteLine("3/4 this PreventUsage with no restrictions and entry AllowOnly");
restrictionValues = entry._restrictionValues;
}
}
else if (!ADP.IsEmptyArray(_restrictionValues)) { // this AllowOnly and entry PreventUsage
if (!ADP.IsEmptyArray(entry._restrictionValues)) {
//Debug.WriteLine("5 this AllowOnly with restrictions and entry PreventUsage with restrictions");
restrictionValues = NewRestrictionAllowOnly(_restrictionValues, entry._restrictionValues);
}
else {
//Debug.WriteLine("6 this AllowOnly and entry PreventUsage with no restrictions");
restrictionValues = _restrictionValues;
}
}
else {
//Debug.WriteLine("7/8 this AllowOnly with no restrictions and entry PreventUsage");
}
}
else if (KeyRestrictionBehavior.PreventUsage == this._behavior) { // both PreventUsage
if (ADP.IsEmptyArray(_restrictionValues)) {
//Debug.WriteLine("9/10 both PreventUsage and this with no restrictions");
restrictionValues = entry._restrictionValues;
}
else if (ADP.IsEmptyArray(entry._restrictionValues)) {
//Debug.WriteLine("11 both PreventUsage and entry with no restrictions");
restrictionValues = _restrictionValues;
}
else {
//Debug.WriteLine("12 both PreventUsage with restrictions");
restrictionValues = NoDuplicateUnion(_restrictionValues, entry._restrictionValues);
}
}
else if (!ADP.IsEmptyArray(_restrictionValues) && !ADP.IsEmptyArray(entry._restrictionValues)) { // both AllowOnly with restrictions
if (this._restrictionValues.Length <= entry._restrictionValues.Length) {
//Debug.WriteLine("13a this AllowOnly with restrictions and entry AllowOnly with restrictions");
restrictionValues = NewRestrictionIntersect(_restrictionValues, entry._restrictionValues);
}
else {
//Debug.WriteLine("13b this AllowOnly with restrictions and entry AllowOnly with restrictions");
restrictionValues = NewRestrictionIntersect(entry._restrictionValues, _restrictionValues);
}
}
else { // both AllowOnly
//Debug.WriteLine("14/15/16 this AllowOnly and entry AllowOnly but no restrictions");
}
// verify _hasPassword & _parsetable are in sync between Everett/Whidbey
Debug.Assert(!_hasPassword || ContainsKey(KEY.Password) || ContainsKey(KEY.Pwd), "OnDeserialized password mismatch this");
Debug.Assert(null == entry || !entry._hasPassword || entry.ContainsKey(KEY.Password) || entry.ContainsKey(KEY.Pwd), "OnDeserialized password mismatch entry");
DBConnectionString value = new DBConnectionString(this, restrictionValues, behavior);
ValidateCombinedSet(this, value);
ValidateCombinedSet(entry, value);
return value;
}
