search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
In Test/System.Data:
[mono-project.git] / mono / metadata / security-manager.c
blobfb263c45ac6b992113fb3a8e4d8252c4f51b9436
1 /*
2 * security-manager.c: Security Manager (Unmanaged side)
3 *
4 * Author:
5 * Sebastien Pouliot <sebastien@ximian.com>
6 *
7 * Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
8 */
9
10 #include "security-manager.h"
11
12
13 /* Internal stuff */
14
15 static MonoSecurityManager secman;
16 static MonoBoolean mono_security_manager_activated = FALSE;
17 static MonoBoolean mono_security_manager_enabled = TRUE;
18 static MonoBoolean mono_security_manager_execution = TRUE;
19
20
21 /* Public stuff */
22
23 MonoSecurityManager*
24 mono_security_manager_get_methods (void)
25 {
26 /* Already initialized ? */
27 if (secman.securitymanager)
28 return &secman;
29
30 /* Initialize */
31 secman.securitymanager = mono_class_from_name (mono_defaults.corlib,
32 "System.Security", "SecurityManager");
33 g_assert (secman.securitymanager);
34 if (!secman.securitymanager->inited)
35 mono_class_init (secman.securitymanager);
36
37 secman.demand = mono_class_get_method_from_name (secman.securitymanager,
38 "InternalDemand", 2);
39 g_assert (secman.demand);
40
41 secman.demandchoice = mono_class_get_method_from_name (secman.securitymanager,
42 "InternalDemandChoice", 2);
43 g_assert (secman.demandchoice);
44
45 secman.demandunmanaged = mono_class_get_method_from_name (secman.securitymanager,
46 "DemandUnmanaged", 0);
47 g_assert (secman.demandunmanaged);
48
49 secman.inheritancedemand = mono_class_get_method_from_name (secman.securitymanager,
50 "InheritanceDemand", 3);
51 g_assert (secman.inheritancedemand);
52
53 secman.inheritsecurityexception = mono_class_get_method_from_name (secman.securitymanager,
54 "InheritanceDemandSecurityException", 4);
55 g_assert (secman.inheritsecurityexception);
56
57 secman.linkdemand = mono_class_get_method_from_name (secman.securitymanager,
58 "LinkDemand", 3);
59 g_assert (secman.linkdemand);
60
61 secman.linkdemandunmanaged = mono_class_get_method_from_name (secman.securitymanager,
62 "LinkDemandUnmanaged", 1);
63 g_assert (secman.linkdemandunmanaged);
64
65 secman.linkdemandfulltrust = mono_class_get_method_from_name (secman.securitymanager,
66 "LinkDemandFullTrust", 1);
67 g_assert (secman.linkdemandfulltrust);
68
69 secman.linkdemandsecurityexception = mono_class_get_method_from_name (secman.securitymanager,
70 "LinkDemandSecurityException", 3);
71 g_assert (secman.linkdemandsecurityexception);
72
73 secman.allowpartiallytrustedcallers = mono_class_from_name (mono_defaults.corlib, "System.Security",
74 "AllowPartiallyTrustedCallersAttribute");
75 g_assert (secman.allowpartiallytrustedcallers);
76
77 secman.suppressunmanagedcodesecurity = mono_class_from_name (mono_defaults.corlib, "System.Security",
78 "SuppressUnmanagedCodeSecurityAttribute");
79 g_assert (secman.suppressunmanagedcodesecurity);
80
81 return &secman;
82 }
83
84 static gboolean
85 mono_secman_inheritance_check (MonoClass *klass, MonoDeclSecurityActions *demands)
86 {
87 MonoSecurityManager* secman = mono_security_manager_get_methods ();
88 MonoDomain *domain = mono_domain_get ();
89 MonoAssembly *assembly = mono_image_get_assembly (klass->image);
90 MonoReflectionAssembly *refass = mono_assembly_get_object (domain, assembly);
91 MonoObject *res;
92 gpointer args [3];
93
94 args [0] = domain->domain;
95 args [1] = refass;
96 args [2] = demands;
97
98 res = mono_runtime_invoke (secman->inheritancedemand, NULL, args, NULL);
99 return (*(MonoBoolean *) mono_object_unbox (res));
100 }
101
102 void
103 mono_secman_inheritancedemand_class (MonoClass *klass, MonoClass *parent)
104 {
105 MonoDeclSecurityActions demands;
106
107 /* don't hide previous results -and- don't calc everything for nothing */
108 if (klass->exception_type != 0)
109 return;
110
111 /* short-circuit corlib as it is fully trusted (within itself)
112 * and because this cause major recursion headaches */
113 if ((klass->image == mono_defaults.corlib) && (parent->image == mono_defaults.corlib))
114 return;
115
116 /* Check if there are an InheritanceDemand on the parent class */
117 if (mono_declsec_get_inheritdemands_class (parent, &demands)) {
118 /* If so check the demands on the klass (inheritor) */
119 if (!mono_secman_inheritance_check (klass, &demands)) {
120 /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
121 klass->exception_type = MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND;
122 klass->exception_data = NULL;
123 }
124 }
125 }
126
127 void
128 mono_secman_inheritancedemand_method (MonoMethod *override, MonoMethod *base)
129 {
130 MonoDeclSecurityActions demands;
131
132 /* don't hide previous results -and- don't calc everything for nothing */
133 if (override->klass->exception_type != 0)
134 return;
135
136 /* short-circuit corlib as it is fully trusted (within itself)
137 * and because this cause major recursion headaches */
138 if ((override->klass->image == mono_defaults.corlib) && (base->klass->image == mono_defaults.corlib))
139 return;
140
141 /* Check if there are an InheritanceDemand on the base (virtual) method */
142 if (mono_declsec_get_inheritdemands_method (base, &demands)) {
143 /* If so check the demands on the overriding method */
144 if (!mono_secman_inheritance_check (override->klass, &demands)) {
145 /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
146 override->klass->exception_type = MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND;
147 override->klass->exception_data = base;
148 }
149 }
150 }
151
152
153 /*
154 * Note: The security manager is activate once when executing the Mono. This
155 * is not meant to be a turn on/off runtime switch.
156 */
157 void
158 mono_activate_security_manager (void)
159 {
160 mono_security_manager_activated = TRUE;
161 }
162
163 gboolean
164 mono_is_security_manager_active (void)
165 {
166 return mono_security_manager_activated;
167 }
168
169 /*
170 * @publickey An encoded (with header) public key
171 * @size The length of the public key
172 *
173 * returns TRUE if the public key is the ECMA "key", FALSE otherwise
174 *
175 * ECMA key isn't a real public key - it's simply an empty (but valid) header
176 * so it's length (16) and value (00000000000000000400000000000000) are
177 * constants.
178 */
179 gboolean
180 mono_is_ecma_key (const char *publickey, int size)
181 {
182 int i;
183 if ((publickey == NULL) || (size != MONO_ECMA_KEY_LENGTH) || (publickey [8] != 0x04))
184 return FALSE;
185
186 for (i=0; i < size; i++) {
187 if ((publickey [i] != 0x00) && (i != 8))
188 return FALSE;
189 }
190 return TRUE;
191 }
192
193 /*
194 * Context propagation is required when:
195 * (a) the security manager is active (1.x and later)
196 * (b) other contexts needs to be propagated (2.x and later)
197 *
198 * returns NULL if no context propagation is required, else the returns the
199 * MonoMethod to call to Capture the ExecutionContext.
200 */
201 MonoMethod*
202 mono_get_context_capture_method (void)
203 {
204 static MonoMethod *method = NULL;
205
206 if (!mono_security_manager_activated) {
207 if (mono_image_get_assembly (mono_defaults.corlib)->aname.major < 2)
208 return NULL;
209 }
210
211 /* older corlib revisions won't have the class (nor the method) */
212 if (mono_defaults.executioncontext_class && !method) {
213 mono_class_init (mono_defaults.executioncontext_class);
214 method = mono_class_get_method_from_name (mono_defaults.executioncontext_class, "Capture", 0);
215 }
216
217 return method;
218 }
219
220
221 /* System.Security icalls */
222
223 MonoBoolean
224 ves_icall_System_Security_SecurityManager_get_SecurityEnabled (void)
225 {
226 if (!mono_security_manager_activated)
227 return FALSE;
228 return mono_security_manager_enabled;
229 }
230
231 void
232 ves_icall_System_Security_SecurityManager_set_SecurityEnabled (MonoBoolean value)
233 {
234 /* value can be changed only if the security manager is activated */
235 if (mono_security_manager_activated) {
236 mono_security_manager_enabled = value;
237 }
238 }
239
240 MonoBoolean
241 ves_icall_System_Security_SecurityManager_get_CheckExecutionRights (void)
242 {
243 if (!mono_security_manager_activated)
244 return FALSE;
245 return mono_security_manager_execution;
246 }
247
248 void
249 ves_icall_System_Security_SecurityManager_set_CheckExecutionRights (MonoBoolean value)
250 {
251 /* value can be changed only id the security manager is activated */
252 if (mono_security_manager_activated) {
253 mono_security_manager_execution = value;
254 }
255 }
256
257 MonoBoolean
258 ves_icall_System_Security_SecurityManager_GetLinkDemandSecurity (MonoReflectionMethod *m, MonoDeclSecurityActions *kactions, MonoDeclSecurityActions *mactions)
259 {
260 MonoMethod *method = m->method;
261 /* we want the original as the wrapper is "free" of the security informations */
262 if (method->wrapper_type == MONO_WRAPPER_MANAGED_TO_NATIVE || method->wrapper_type == MONO_WRAPPER_MANAGED_TO_MANAGED) {
263 method = mono_marshal_method_from_wrapper (method);
264 }
265
266 mono_class_init (method->klass);
267
268 /* if either the method or it's class has security (any type) */
269 if ((method->flags & METHOD_ATTRIBUTE_HAS_SECURITY) || (method->klass->flags & TYPE_ATTRIBUTE_HAS_SECURITY)) {
270 memset (kactions, 0, sizeof (MonoDeclSecurityActions));
271 memset (mactions, 0, sizeof (MonoDeclSecurityActions));
272
273 /* get any linkdemand (either on the method or it's class) */
274 return mono_declsec_get_linkdemands (method, kactions, mactions);
275 }
276 return FALSE;
277 }
Mirror of the official Mono project git repository