Code:
/ Dotnetfx_Win7_3.5.1 / Dotnetfx_Win7_3.5.1 / 3.5.1 / DEVDIV / depot / DevDiv / releases / Orcas / NetFXw7 / wpf / src / Framework / MS / Internal / Interop / InternalDispatchObject.cs / 1 / InternalDispatchObject.cs
//------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // // // Description: // InternalDispatchObject facilitates implementing a COM dispinterface using a non-public // corresponding managed interface definition (of type ComInterfaceType.InterfaceIsIDispatch). // (For example, we use this to implement DWebBrowserEvents2 without making it a public interface // type in the framework.) // // If a public managed interface definition is available, CLR's built-in implementation of // IDispatch suffices. It maps IDispatch calls to Reflection calls. But reflecting on non-public // members causes a demand for ReflectionPermission/MemberAccess against the caller of the // Reflection API. In a partial-trust AppDomain, and oddly only with some particular transitions // between managed-native-managed stack frames, this demand fails. Given that this occurs with // substantially equivalent callstacks in terms of CAS (Asserts) and managed<->native transitions, // there is probably an obscure CLR bug somewhere at the intersection of its IDispatch // implementation, Reflection and CAS. And there seems to be no explicit suggestion in // documentation that this scenario is supported in the first place. // // By implementing IReflect, any object can provide its own reflection implementation. And it // turns out CLR's IDispatch "front end" will happily use such an implementation. We don't need // to explicitly assert any ReflectionPermission in this arrangement as long as we are targeting // an internally visible interface type. (The built-in reflection system performs the equivalent // of a LinkDemand against the caller of the reflection API.) This, however, creates a potentially // dangerous security situation. // // CAUTION!!! Do not expose any InternalDispatchObject-derived object instance to untrusted code, // unless the implementation of the dispinterface is entirely safe. Such objects should be // passed only to native code, to be invoked via IDispatch. // // Because IReflect is a public interface and has no (link)demands on it and because // InternalDispatchObject's internal invocation of relection satisfies the reflection system's // ReflectionPermission demand, the implementaiton of the given dispinterface effectively // becomes publicly accessible. (Putting a LinkDemand on InternalDispatchObject.InvokeMember() // would have no effect because it can be called via IReflect, and LinkDemands are evaluated // based on static type info. And putting a full Demand would defeat the whole purpose of // InternalDispatchObject.) // // History // 04/30/08 - ChangoV - Created // //----------------------------------------------------------------------------- using System; using System.Security; using System.Reflection; using System.Collections.Generic; using System.Runtime.InteropServices; using System.Globalization; namespace MS.Internal.Interop { ////// InternalDispatchObject-derived objects are potentially unsafe to expose to untrusted code. /// The IDispInterface implementation members should be treated as publicly accessible. /// internal abstract class InternalDispatchObject: IReflect { /// /// DISPID->MethodInfo map used by InvokeMember() /// private Dictionary_dispId2MethodMap; /// /// Critical - to help ensure whoever creates an instance of this class doesn't expose it. /// [SecurityCritical] protected InternalDispatchObject() { // Populate _dispId2MethodMap with the MethodInfos for the interface, keyed by DISPID. // There is no support for properties (yet). MethodInfo[] methods = typeof(IDispInterface).GetMethods(); _dispId2MethodMap = new Dictionary(methods.Length); foreach (MethodInfo method in methods) { int dispid = ((DispIdAttribute[])method.GetCustomAttributes(typeof(DispIdAttribute), false))[0].Value; _dispId2MethodMap[dispid] = method; } } FieldInfo IReflect.GetField(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } FieldInfo[] IReflect.GetFields(BindingFlags bindingAttr) { return null; } MemberInfo[] IReflect.GetMember(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } MemberInfo[] IReflect.GetMembers(BindingFlags bindingAttr) { throw new NotImplementedException(); } MethodInfo IReflect.GetMethod(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } MethodInfo IReflect.GetMethod(string name, BindingFlags bindingAttr, Binder binder, Type[] types, ParameterModifier[] modifiers) { throw new NotImplementedException(); } MethodInfo[] IReflect.GetMethods(BindingFlags bindingAttr) { // It doesn't help to return typeof(IDispInterface).GetMethods(), because the CLR's IDispatch layer // ignores non-visible MethodInfos (DispatchInfo::SynchWithManagedView(), in clr\src\VM\DispatchInfo.cpp). // For all "unknown" DISPIDs, IReflect.InvokeMember() is passed a method name like "[DISPID= ]", // which we parse. return null; } PropertyInfo[] IReflect.GetProperties(BindingFlags bindingAttr) { return null; } PropertyInfo IReflect.GetProperty(string name, BindingFlags bindingAttr, Binder binder, Type returnType, Type[] types, ParameterModifier[] modifiers) { throw new NotImplementedException(); } PropertyInfo IReflect.GetProperty(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } /// /// Critical: Performs Reflection against a non-public type. /// NOT PublicOK! This method is intrinsically unsafe. Because it can be called via the public IReflect, /// instances of this class should not be exposed to untrusted code. (Full explanation above.) /// [SecurityCritical] object IReflect.InvokeMember(string name, BindingFlags invokeAttr, Binder binder, object target, object[] args, ParameterModifier[] modifiers, System.Globalization.CultureInfo culture, string[] namedParameters) { // We never expect to get a real method name here--see the explanation in GetMethods(). if (name.StartsWith("[DISPID=", StringComparison.OrdinalIgnoreCase)) { int dispid = int.Parse(name.Substring(8, name.Length-9), CultureInfo.InvariantCulture); MethodInfo method; if (_dispId2MethodMap.TryGetValue(dispid, out method)) { return method.Invoke(this, invokeAttr, binder, args, culture); } } // This exception can be thrown if IDispInterface doesn't declare a method with a particular DISPID, // but the real COM interface has it and the event source is trying to invoke it. For a call coming via // the native IDispatch, such an error is usually ignorable. throw new MissingMethodException(GetType().Name, name); //return typeof(IDispInterface).InvokeMember(name, invokeAttr, binder, this, args, modifiers, culture, namedParameters); } Type IReflect.UnderlyingSystemType { get { return typeof(IDispInterface); } } }; }//namespace // File provided for Reference Use Only by Microsoft Corporation (c) 2007. //------------------------------------------------------------------------------ //// Copyright (c) Microsoft Corporation. All rights reserved. // // // Description: // InternalDispatchObject facilitates implementing a COM dispinterface using a non-public // corresponding managed interface definition (of type ComInterfaceType.InterfaceIsIDispatch). // (For example, we use this to implement DWebBrowserEvents2 without making it a public interface // type in the framework.) // // If a public managed interface definition is available, CLR's built-in implementation of // IDispatch suffices. It maps IDispatch calls to Reflection calls. But reflecting on non-public // members causes a demand for ReflectionPermission/MemberAccess against the caller of the // Reflection API. In a partial-trust AppDomain, and oddly only with some particular transitions // between managed-native-managed stack frames, this demand fails. Given that this occurs with // substantially equivalent callstacks in terms of CAS (Asserts) and managed<->native transitions, // there is probably an obscure CLR bug somewhere at the intersection of its IDispatch // implementation, Reflection and CAS. And there seems to be no explicit suggestion in // documentation that this scenario is supported in the first place. // // By implementing IReflect, any object can provide its own reflection implementation. And it // turns out CLR's IDispatch "front end" will happily use such an implementation. We don't need // to explicitly assert any ReflectionPermission in this arrangement as long as we are targeting // an internally visible interface type. (The built-in reflection system performs the equivalent // of a LinkDemand against the caller of the reflection API.) This, however, creates a potentially // dangerous security situation. // // CAUTION!!! Do not expose any InternalDispatchObject-derived object instance to untrusted code, // unless the implementation of the dispinterface is entirely safe. Such objects should be // passed only to native code, to be invoked via IDispatch. // // Because IReflect is a public interface and has no (link)demands on it and because // InternalDispatchObject's internal invocation of relection satisfies the reflection system's // ReflectionPermission demand, the implementaiton of the given dispinterface effectively // becomes publicly accessible. (Putting a LinkDemand on InternalDispatchObject.InvokeMember() // would have no effect because it can be called via IReflect, and LinkDemands are evaluated // based on static type info. And putting a full Demand would defeat the whole purpose of // InternalDispatchObject.) // // History // 04/30/08 - ChangoV - Created // //----------------------------------------------------------------------------- using System; using System.Security; using System.Reflection; using System.Collections.Generic; using System.Runtime.InteropServices; using System.Globalization; namespace MS.Internal.Interop { ////// InternalDispatchObject-derived objects are potentially unsafe to expose to untrusted code. /// The IDispInterface implementation members should be treated as publicly accessible. /// internal abstract class InternalDispatchObject: IReflect { /// /// DISPID->MethodInfo map used by InvokeMember() /// private Dictionary_dispId2MethodMap; /// /// Critical - to help ensure whoever creates an instance of this class doesn't expose it. /// [SecurityCritical] protected InternalDispatchObject() { // Populate _dispId2MethodMap with the MethodInfos for the interface, keyed by DISPID. // There is no support for properties (yet). MethodInfo[] methods = typeof(IDispInterface).GetMethods(); _dispId2MethodMap = new Dictionary(methods.Length); foreach (MethodInfo method in methods) { int dispid = ((DispIdAttribute[])method.GetCustomAttributes(typeof(DispIdAttribute), false))[0].Value; _dispId2MethodMap[dispid] = method; } } FieldInfo IReflect.GetField(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } FieldInfo[] IReflect.GetFields(BindingFlags bindingAttr) { return null; } MemberInfo[] IReflect.GetMember(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } MemberInfo[] IReflect.GetMembers(BindingFlags bindingAttr) { throw new NotImplementedException(); } MethodInfo IReflect.GetMethod(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } MethodInfo IReflect.GetMethod(string name, BindingFlags bindingAttr, Binder binder, Type[] types, ParameterModifier[] modifiers) { throw new NotImplementedException(); } MethodInfo[] IReflect.GetMethods(BindingFlags bindingAttr) { // It doesn't help to return typeof(IDispInterface).GetMethods(), because the CLR's IDispatch layer // ignores non-visible MethodInfos (DispatchInfo::SynchWithManagedView(), in clr\src\VM\DispatchInfo.cpp). // For all "unknown" DISPIDs, IReflect.InvokeMember() is passed a method name like "[DISPID= ]", // which we parse. return null; } PropertyInfo[] IReflect.GetProperties(BindingFlags bindingAttr) { return null; } PropertyInfo IReflect.GetProperty(string name, BindingFlags bindingAttr, Binder binder, Type returnType, Type[] types, ParameterModifier[] modifiers) { throw new NotImplementedException(); } PropertyInfo IReflect.GetProperty(string name, BindingFlags bindingAttr) { throw new NotImplementedException(); } /// /// Critical: Performs Reflection against a non-public type. /// NOT PublicOK! This method is intrinsically unsafe. Because it can be called via the public IReflect, /// instances of this class should not be exposed to untrusted code. (Full explanation above.) /// [SecurityCritical] object IReflect.InvokeMember(string name, BindingFlags invokeAttr, Binder binder, object target, object[] args, ParameterModifier[] modifiers, System.Globalization.CultureInfo culture, string[] namedParameters) { // We never expect to get a real method name here--see the explanation in GetMethods(). if (name.StartsWith("[DISPID=", StringComparison.OrdinalIgnoreCase)) { int dispid = int.Parse(name.Substring(8, name.Length-9), CultureInfo.InvariantCulture); MethodInfo method; if (_dispId2MethodMap.TryGetValue(dispid, out method)) { return method.Invoke(this, invokeAttr, binder, args, culture); } } // This exception can be thrown if IDispInterface doesn't declare a method with a particular DISPID, // but the real COM interface has it and the event source is trying to invoke it. For a call coming via // the native IDispatch, such an error is usually ignorable. throw new MissingMethodException(GetType().Name, name); //return typeof(IDispInterface).InvokeMember(name, invokeAttr, binder, this, args, modifiers, culture, namedParameters); } Type IReflect.UnderlyingSystemType { get { return typeof(IDispInterface); } } }; }//namespace // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- XmlObjectSerializerContext.cs
- Scripts.cs
- OpenTypeCommon.cs
- XmlWellformedWriter.cs
- AmbientLight.cs
- Block.cs
- AppDomainUnloadedException.cs
- DESCryptoServiceProvider.cs
- WebPartDescription.cs
- SqlDataAdapter.cs
- ColorInterpolationModeValidation.cs
- WorkflowOwnerAsyncResult.cs
- FeatureManager.cs
- SubMenuStyleCollection.cs
- SqlDeflator.cs
- ControlSerializer.cs
- NativeRecognizer.cs
- XmlWrappingReader.cs
- CriticalExceptions.cs
- ListMarkerSourceInfo.cs
- PrintDialogException.cs
- ExecutedRoutedEventArgs.cs
- WindowVisualStateTracker.cs
- DataRecordInfo.cs
- messageonlyhwndwrapper.cs
- BCryptSafeHandles.cs
- Matrix.cs
- DocumentGridContextMenu.cs
- BinaryHeap.cs
- Identity.cs
- MediaScriptCommandRoutedEventArgs.cs
- WorkflowViewElement.cs
- _FtpControlStream.cs
- UIElementHelper.cs
- LinkLabelLinkClickedEvent.cs
- TypeConverterHelper.cs
- RegexBoyerMoore.cs
- DTCTransactionManager.cs
- AndMessageFilterTable.cs
- FormatterServicesNoSerializableCheck.cs
- PageCatalogPart.cs
- Annotation.cs
- WebPartCatalogCloseVerb.cs
- RuleRefElement.cs
- RegexWorker.cs
- HttpListenerPrefixCollection.cs
- WeakReadOnlyCollection.cs
- CodeTypeParameter.cs
- Stackframe.cs
- ProtocolsConfigurationEntry.cs
- ArrayTypeMismatchException.cs
- TileBrush.cs
- OlePropertyStructs.cs
- SafePEFileHandle.cs
- PrintPageEvent.cs
- IsolatedStorageFileStream.cs
- Code.cs
- UriSection.cs
- MetadataPropertyCollection.cs
- RectangleConverter.cs
- EntityContainerRelationshipSetEnd.cs
- MdImport.cs
- PointCollectionConverter.cs
- FormsAuthenticationTicket.cs
- Root.cs
- ScriptControlDescriptor.cs
- NullExtension.cs
- QilNode.cs
- ZoneIdentityPermission.cs
- EntitySetDataBindingList.cs
- PagedDataSource.cs
- MsmqHostedTransportConfiguration.cs
- SymbolDocumentInfo.cs
- ADRoleFactoryConfiguration.cs
- UpdateCompiler.cs
- ListBox.cs
- PrefixHandle.cs
- ColumnMapVisitor.cs
- querybuilder.cs
- EndpointDiscoveryMetadataCD1.cs
- Stylesheet.cs
- AssociationType.cs
- DataGridViewSelectedRowCollection.cs
- UIElementAutomationPeer.cs
- CssClassPropertyAttribute.cs
- TraceSwitch.cs
- Literal.cs
- MimeMapping.cs
- input.cs
- PackageFilter.cs
- CompareInfo.cs
- XmlReturnWriter.cs
- HttpCapabilitiesBase.cs
- WizardStepBase.cs
- XmlDataDocument.cs
- LinkLabel.cs
- ProcessHostMapPath.cs
- SqlProcedureAttribute.cs
- SqlLiftIndependentRowExpressions.cs
- FormatterServices.cs