//
// System.Net.SocketPermission.cs
//
// Author:
// Lawrence Pit (loz@cable.a2000.nl)
//
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System.Collections;
using System.Security;
using System.Security.Permissions;
namespace System.Net {
[Serializable]
public sealed class SocketPermission : CodeAccessPermission, IUnrestrictedPermission
{
// Fields
ArrayList m_acceptList = new ArrayList ();
ArrayList m_connectList = new ArrayList ();
bool m_noRestriction;
// Constructors
public SocketPermission (PermissionState state) : base ()
{
m_noRestriction = (state == PermissionState.Unrestricted);
}
public SocketPermission (NetworkAccess access, TransportType transport,
string hostName, int portNumber) : base ()
{
m_noRestriction = false;
AddPermission (access, transport, hostName, portNumber);
}
// Fields
public const int AllPorts = -1;
// Properties
public IEnumerator AcceptList {
get { return m_acceptList.GetEnumerator (); }
}
public IEnumerator ConnectList {
get { return m_connectList.GetEnumerator (); }
}
// Methods
public void AddPermission (NetworkAccess access, TransportType transport,
string hostName, int portNumber)
{
if (m_noRestriction)
return;
EndpointPermission permission = new EndpointPermission (hostName, portNumber, transport);
if (access == NetworkAccess.Accept)
m_acceptList.Add (permission);
else
m_connectList.Add (permission);
}
public override IPermission Copy ()
{
SocketPermission permission;
permission = new SocketPermission (m_noRestriction ?
PermissionState.Unrestricted :
PermissionState.None);
// as EndpointPermission's are immutable it's safe to do a shallow copy.
permission.m_connectList = (ArrayList) this.m_connectList.Clone ();
permission.m_acceptList = (ArrayList) this.m_acceptList.Clone ();
return permission;
}
public override IPermission Intersect (IPermission target)
{
if (target == null)
return null;
SocketPermission perm = target as SocketPermission;
if (perm == null)
throw new ArgumentException ("Argument not of type SocketPermission");
if (m_noRestriction)
return IntersectEmpty (perm) ? null : perm.Copy ();
if (perm.m_noRestriction)
return IntersectEmpty (this) ? null : this.Copy ();
SocketPermission newperm = new SocketPermission (PermissionState.None);
Intersect (this.m_connectList, perm.m_connectList, newperm.m_connectList);
Intersect (this.m_acceptList, perm.m_acceptList, newperm.m_acceptList);
return IntersectEmpty (newperm) ? null : newperm;
}
private bool IntersectEmpty (SocketPermission permission)
{
return !permission.m_noRestriction &&
(permission.m_connectList.Count == 0) &&
(permission.m_acceptList.Count == 0);
}
private void Intersect (ArrayList list1, ArrayList list2, ArrayList result)
{
foreach (EndpointPermission perm1 in list1) {
foreach (EndpointPermission perm2 in list2) {
EndpointPermission perm = perm1.Intersect (perm2);
if (perm != null) {
// instead of the below it's also okay to simply do:
// result.Add (perm);
// below is only done to avoid double entries
bool replaced = false;
for (int i = 0; i < result.Count; i++) {
EndpointPermission res = (EndpointPermission) result [i];
EndpointPermission resperm = perm.Intersect (res);
if (resperm != null) {
result [i] = resperm;
replaced = true;
break;
}
}
if (!replaced)
result.Add (perm);
}
}
}
}
public override bool IsSubsetOf (IPermission target)
{
if (target == null)
return (!m_noRestriction && m_connectList.Count == 0 && m_acceptList.Count == 0);
SocketPermission perm = target as SocketPermission;
if (perm == null)
throw new ArgumentException ("Parameter target must be of type SocketPermission");
if (perm.m_noRestriction)
return true;
if (this.m_noRestriction)
return false;
if (this.m_acceptList.Count == 0 && this.m_connectList.Count == 0)
return true;
if (perm.m_acceptList.Count == 0 && perm.m_connectList.Count == 0)
return false;
return IsSubsetOf (this.m_connectList, perm.m_connectList)
&& IsSubsetOf (this.m_acceptList, perm.m_acceptList);
}
private bool IsSubsetOf (ArrayList list1, ArrayList list2)
{
foreach (EndpointPermission perm1 in list1) {
bool issubset = false;
foreach (EndpointPermission perm2 in list2)
if (perm1.IsSubsetOf (perm2)) {
issubset = true;
break;
}
if (!issubset)
return false;
}
return true;
}
public bool IsUnrestricted ()
{
return m_noRestriction;
}
/*
SocketPermission s = new SocketPermission (NetworkAccess.Connect, TransportType.Tcp, "www.google.com", 80);
s.AddPermission (NetworkAccess.Accept, TransportType.All, "localhost", 8080);
s.AddPermission (NetworkAccess.Accept, TransportType.All, "localhost", SocketPermission.AllPorts);
// s = new SocketPermission (PermissionState.None);
SecurityElement sec = s.ToXml ();
Console.WriteLine (sec.ToString ());
This is sample xml output:
This is a sample unrestricted socketpermission, no matter how many permissions you add:
This is a sample constructed restricted socketpermission with no permissions added:
*/
public override SecurityElement ToXml ()
{
SecurityElement root = new SecurityElement ("IPermission");
root.AddAttribute ("class", this.GetType ().AssemblyQualifiedName);
root.AddAttribute ("version", "1");
if (m_noRestriction) {
root.AddAttribute ("Unrestricted", "true");
return root;
}
if (this.m_connectList.Count > 0)
ToXml (root, "ConnectAccess", m_connectList.GetEnumerator ());
if (this.m_acceptList.Count > 0)
ToXml (root, "AcceptAccess", m_acceptList.GetEnumerator ());
return root;
}
private void ToXml (SecurityElement root, string childName, IEnumerator enumerator)
{
SecurityElement child = new SecurityElement (childName);
while (enumerator.MoveNext ()) {
EndpointPermission perm = enumerator.Current as EndpointPermission;
SecurityElement grandchild = new SecurityElement ("ENDPOINT");
grandchild.AddAttribute ("host", perm.Hostname);
grandchild.AddAttribute ("transport", perm.Transport.ToString ());
grandchild.AddAttribute ("port",
perm.Port == AllPorts
? "All"
: ((Int32) perm.Port).ToString ());
child.AddChild (grandchild);
}
root.AddChild (child);
}
public override void FromXml (SecurityElement securityElement)
{
if (securityElement == null)
throw new ArgumentNullException ("securityElement");
// LAMESPEC: it says to throw an ArgumentNullException in this case
if (securityElement.Tag != "IPermission")
throw new ArgumentException ("securityElement");
string unrestricted = securityElement.Attribute ("Unrestricted");
if (unrestricted != null) {
this.m_noRestriction = (String.Compare (unrestricted, "true", true) == 0);
if (this.m_noRestriction)
return;
}
this.m_noRestriction = false;
this.m_connectList = new ArrayList ();
this.m_acceptList = new ArrayList ();
ArrayList children = securityElement.Children;
foreach (SecurityElement child in children) {
if (child.Tag == "ConnectAccess")
FromXml (child.Children, NetworkAccess.Connect);
else if (child.Tag == "AcceptAccess")
FromXml (child.Children, NetworkAccess.Accept);
}
}
private void FromXml (ArrayList endpoints, NetworkAccess access)
{
foreach (SecurityElement endpoint in endpoints) {
if (endpoint.Tag != "ENDPOINT")
continue;
string hostname = endpoint.Attribute ("host");
TransportType transport =
(TransportType) Enum.Parse (typeof (TransportType),
endpoint.Attribute ("transport"),
true);
string p = endpoint.Attribute ("port");
int port = 0;
if (p == "All")
port = SocketPermission.AllPorts;
else
port = Int32.Parse (p);
AddPermission (access, transport, hostname, port);
}
}
public override IPermission Union (IPermission target)
{
// LAMESPEC: according to spec we should throw an
// exception when target is null. We'll follow the
// behaviour of MS.Net instead of the spec, also
// because it matches the Intersect behaviour.
if (target == null)
return null;
// throw new ArgumentNullException ("target");
SocketPermission perm = target as SocketPermission;
if (perm == null)
throw new ArgumentException ("Argument not of type SocketPermission");
if (this.m_noRestriction || perm.m_noRestriction)
return new SocketPermission (PermissionState.Unrestricted);
SocketPermission copy = (SocketPermission) perm.Copy ();
copy.m_acceptList.InsertRange (copy.m_acceptList.Count, this.m_acceptList);
copy.m_connectList.InsertRange (copy.m_connectList.Count, this.m_connectList);
return copy;
}
}
}