Ejemplo n.º 1
0
        public void AddAuditObjectAceAndCommonAce()
        {
            SecurityIdentifier sid  = new SecurityIdentifier("BA");
            SystemAcl          sacl = new SystemAcl(false, true, 0);

            sacl.AddAudit(AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None,
                          ObjectAceFlags.ObjectAceTypePresent, Guid.NewGuid(), Guid.Empty);
            sacl.AddAudit(AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None,
                          ObjectAceFlags.None, Guid.Empty, Guid.Empty);
            Assert.AreEqual(2, sacl.Count);

            CommonAce cace = (CommonAce)sacl [0];

            Assert.AreEqual(1, cace.AccessMask);
            Assert.AreEqual("S-1-5-32-544", cace.SecurityIdentifier.Value);
            Assert.IsFalse(cace.IsCallback);
            Assert.IsFalse(cace.IsInherited);

            ObjectAce oace = (ObjectAce)sacl [1];

            Assert.AreEqual(1, oace.AccessMask);
            Assert.AreEqual("S-1-5-32-544", oace.SecurityIdentifier.Value);
            Assert.IsFalse(oace.IsCallback);
            Assert.IsFalse(oace.IsInherited);

            sacl.AddAudit(AuditFlags.Success, sid, 2, InheritanceFlags.None, PropagationFlags.None,
                          ObjectAceFlags.None, Guid.Empty, Guid.Empty);
            Assert.AreEqual(2, sacl.Count);

            CommonAce cace2 = (CommonAce)sacl [0];

            Assert.AreEqual(3, cace2.AccessMask);
        }
Ejemplo n.º 2
0
        public void AddAuditMergesFlags()
        {
            SecurityIdentifier sid  = new SecurityIdentifier("BA");
            SystemAcl          sacl = new SystemAcl(false, false, 0);

            sacl.AddAudit(AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None);
            sacl.AddAudit(AuditFlags.Failure, sid, 1, InheritanceFlags.None, PropagationFlags.None);
            Assert.AreEqual(1, sacl.Count);

            CommonAce ace = (CommonAce)sacl [0];

            Assert.AreEqual(AuditFlags.Success | AuditFlags.Failure, ace.AuditFlags);
        }
Ejemplo n.º 3
0
        private static bool TestAddAudit(SystemAcl systemAcl, RawAcl rawAcl, AuditFlags auditFlag, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
        {
            bool result = true;

            byte[] sAclBinaryForm = null;
            byte[] rAclBinaryForm = null;
            systemAcl.AddAudit(auditFlag, sid, accessMask, inheritanceFlags, propagationFlags);
            if (systemAcl.Count == rawAcl.Count &&
                systemAcl.BinaryLength == rawAcl.BinaryLength)
            {
                sAclBinaryForm = new byte[systemAcl.BinaryLength];
                rAclBinaryForm = new byte[rawAcl.BinaryLength];
                systemAcl.GetBinaryForm(sAclBinaryForm, 0);
                rawAcl.GetBinaryForm(rAclBinaryForm, 0);
                if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
                {
                    result = false;
                }
                //redundant index check
                for (int i = 0; i < systemAcl.Count; i++)
                {
                    if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
                    {
                        result = false;
                        break;
                    }
                }
            }
            else
            {
                result = false;
            }
            return(result);
        }
Ejemplo n.º 4
0
 private static bool TestAddAudit(SystemAcl systemAcl, RawAcl rawAcl, AuditFlags auditFlag, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
 {
     bool result = true;
     byte[] sAclBinaryForm = null;
     byte[] rAclBinaryForm = null;
     systemAcl.AddAudit(auditFlag, sid, accessMask, inheritanceFlags, propagationFlags);
     if (systemAcl.Count == rawAcl.Count &&
         systemAcl.BinaryLength == rawAcl.BinaryLength)
     {
         sAclBinaryForm = new byte[systemAcl.BinaryLength];
         rAclBinaryForm = new byte[rawAcl.BinaryLength];
         systemAcl.GetBinaryForm(sAclBinaryForm, 0);
         rawAcl.GetBinaryForm(rAclBinaryForm, 0);
         if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
             result = false;
         //redundant index check
         for (int i = 0; i < systemAcl.Count; i++)
         {
             if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
             {
                 result = false;
                 break;
             }
         }
     }
     else
         result = false;
     return result;
 }
Ejemplo n.º 5
0
        public void AddAuditCommonAce()
        {
            SecurityIdentifier sid  = new SecurityIdentifier("BA");
            SystemAcl          sacl = new SystemAcl(false, false, 0);

            sacl.AddAudit(AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None);
            Assert.AreEqual(1, sacl.Count);

            CommonAce ace = (CommonAce)sacl [0];

            Assert.AreEqual(AuditFlags.Success, ace.AuditFlags);
            Assert.AreEqual(1, ace.AccessMask);
            Assert.AreEqual("S-1-5-32-544", ace.SecurityIdentifier.Value);
            Assert.IsFalse(ace.IsInherited);
        }
Ejemplo n.º 6
0
        public void AddAuditCommonAceUsingDSOverload()
        {
            SecurityIdentifier sid  = new SecurityIdentifier("BA");
            SystemAcl          sacl = new SystemAcl(false, true, 0);

            sacl.AddAudit(AuditFlags.Failure, sid, 1, InheritanceFlags.None, PropagationFlags.None,
                          ObjectAceFlags.None, Guid.NewGuid(), Guid.NewGuid());
            Assert.AreEqual(1, sacl.Count);

            CommonAce ace = (CommonAce)sacl [0];

            Assert.AreEqual(AuditFlags.Failure, ace.AuditFlags);
            Assert.AreEqual(1, ace.AccessMask);
            Assert.AreEqual("S-1-5-32-544", ace.SecurityIdentifier.Value);
            Assert.IsFalse(ace.IsInherited);
        }
Ejemplo n.º 7
0
        void RemoveSpecificBegin(SecurityIdentifier sid, SystemAcl sacl, InheritanceFlags inheritanceFlags)
        {
            SecurityIdentifier otherSid = new SecurityIdentifier("BU");

            sacl.AddAudit(AuditFlags.Success, sid, 3, inheritanceFlags, PropagationFlags.None);
            Assert.AreEqual(1, sacl.Count);
            sacl.RemoveAuditSpecific(AuditFlags.Failure, sid, 1, inheritanceFlags, PropagationFlags.None);
            Assert.AreEqual(1, sacl.Count);
            sacl.RemoveAuditSpecific(AuditFlags.Success, otherSid, 1, inheritanceFlags, PropagationFlags.None);
            Assert.AreEqual(1, sacl.Count);
            sacl.RemoveAuditSpecific(AuditFlags.Success, sid, 1, inheritanceFlags, PropagationFlags.None);
            Assert.AreEqual(1, sacl.Count);
            Assert.AreEqual(3, ((CommonAce)sacl [0]).AccessMask);
            sacl.RemoveAuditSpecific(AuditFlags.Success, sid, 3,
                                     inheritanceFlags ^ InheritanceFlags.ContainerInherit,
                                     PropagationFlags.None);
            Assert.AreEqual(1, sacl.Count);
        }
Ejemplo n.º 8
0
        public static void AdditionalTestCases()
        {
            RawAcl    rawAcl      = null;
            SystemAcl systemAcl   = null;
            bool      isContainer = false;
            bool      isDS        = false;

            int        auditFlags       = 0;
            string     sid              = null;
            int        accessMask       = 1;
            int        inheritanceFlags = 0;
            int        propagationFlags = 0;
            GenericAce gAce             = null;

            byte[] opaque = null;

            //Case 1, null sid
            Assert.Throws <ArgumentNullException>(() =>
            {
                isContainer = false;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success, null, 1, InheritanceFlags.None, PropagationFlags.None);
            });

            //Case 2, SystemAudit Ace but non AuditFlags
            Assert.Throws <ArgumentException>(() =>
            {
                isContainer = false;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.None,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.None);
            });

            //Case 3, 0 accessMask
            Assert.Throws <ArgumentException>(() =>
            {
                isContainer = false;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 0, InheritanceFlags.None, PropagationFlags.None);
            });

            //Case 4, non-Container, but InheritanceFlags is not None
            Assert.Throws <ArgumentException>(() =>
            {
                isContainer = false;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.ContainerInherit, PropagationFlags.None);
            });

            //Case 5, non-Container, but PropagationFlags is not None
            Assert.Throws <ArgumentException>(() =>
            {
                isContainer = false;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.InheritOnly);
            });

            //Case 6, Container, but InheritanceFlags is None, but PropagationFlags is InheritOnly
            Assert.Throws <ArgumentException>(() =>
            {
                isContainer = true;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.InheritOnly);
            });

            //Case 7, Container, but InheritanceFlags is None, but PropagationFlags is NoPropagateInherit
            Assert.Throws <ArgumentException>(() =>
            {
                isContainer = true;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.NoPropagateInherit);
            });

            //Case 8, Container, but InheritanceFlags is None, but PropagationFlags is NoPropagateInherit | InheritOnly
            Assert.Throws <ArgumentException>(() =>
            {
                isContainer = true;
                isDS        = false;
                rawAcl      = new RawAcl(0, 1);
                systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.NoPropagateInherit | PropagationFlags.InheritOnly);
            });

            //Case 9, add one audit ACE to the SystemAcl has no ACE
            isContainer      = true;
            isDS             = false;
            auditFlags       = 1;
            sid              = "BA";
            accessMask       = 1;
            inheritanceFlags = 3;
            propagationFlags = 3;
            rawAcl           = new RawAcl(0, 1);
            systemAcl        = new SystemAcl(isContainer, isDS, rawAcl);
            //79 = AceFlags.SuccessfulAccess | AceFlags.ObjectInherit |AceFlags.ContainerInherit | AceFlags.NoPropagateInherit | AceFlags.InheritOnly
            gAce = new CommonAce((AceFlags)79, AceQualifier.SystemAudit, accessMask,
                                 new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);
            Assert.True(TestAddAudit(systemAcl, rawAcl, (AuditFlags)auditFlags,
                                     new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags));

            //Case 10, all the ACEs in the Sacl are non-qualified ACE, no merge
            Assert.Throws <InvalidOperationException>(() =>
            {
                isContainer      = true;
                isDS             = false;
                inheritanceFlags = 1; //InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                auditFlags = 3;
                sid        = "BA";
                accessMask = 1;
                rawAcl     = new RawAcl(0, 1);
                opaque     = new byte[4];
                gAce       = new CustomAce(AceType.MaxDefinedAceType + 1, AceFlags.InheritanceFlags | AceFlags.AuditFlags, opaque);;
                rawAcl.InsertAce(0, gAce);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                gAce      = new CommonAce(AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.AuditFlags,
                                          AceQualifier.SystemAudit,
                                          accessMask,
                                          new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)),
                                          false,
                                          null);
                rawAcl.InsertAce(0, gAce);
                //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
                //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
                TestAddAudit(systemAcl, rawAcl, (AuditFlags)auditFlags,
                             new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);
            });

            //Case 11, add Ace to exceed binary length boundary, throw exception
            Assert.Throws <InvalidOperationException>(() =>
            {
                isContainer      = true;
                isDS             = false;
                inheritanceFlags = 1; //InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                auditFlags = 3;
                sid        = "BA";
                accessMask = 1;
                rawAcl     = new RawAcl(0, 1);
                opaque     = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4 - 16];
                gAce       = new CustomAce(AceType.MaxDefinedAceType + 1,
                                           AceFlags.InheritanceFlags | AceFlags.AuditFlags, opaque);;
                rawAcl.InsertAce(0, gAce);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
                //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
                systemAcl.AddAudit((AuditFlags)auditFlags,
                                   new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);
            });
        }
Ejemplo n.º 9
0
        public static void AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            SystemAcl systemAcl = null;
            bool isContainer = false;
            bool isDS = false;

            int auditFlags = 0;
            string sid = null;
            int accessMask = 1;
            int inheritanceFlags = 0;
            int propagationFlags = 0;
            GenericAce gAce = null;
            byte[] opaque = null;

            //Case 1, null sid
            Assert.Throws<ArgumentNullException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success, null, 1, InheritanceFlags.None, PropagationFlags.None);

            });

            //Case 2, SystemAudit Ace but non AuditFlags
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.None,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.None);

            });

            //Case 3, 0 accessMask
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 0, InheritanceFlags.None, PropagationFlags.None);

            });

            //Case 4, non-Container, but InheritanceFlags is not None
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.ContainerInherit, PropagationFlags.None);

            });

            //Case 5, non-Container, but PropagationFlags is not None
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.InheritOnly);

            });

            //Case 6, Container, but InheritanceFlags is None, but PropagationFlags is InheritOnly
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.InheritOnly);

            });

            //Case 7, Container, but InheritanceFlags is None, but PropagationFlags is NoPropagateInherit
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.NoPropagateInherit);

            });

            //Case 8, Container, but InheritanceFlags is None, but PropagationFlags is NoPropagateInherit | InheritOnly
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.AddAudit(AuditFlags.Success,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), 1, InheritanceFlags.None, PropagationFlags.NoPropagateInherit | PropagationFlags.InheritOnly);

            });

            //Case 9, add one audit ACE to the SystemAcl has no ACE
            isContainer = true;
            isDS = false;
            auditFlags = 1;
            sid = "BA";
            accessMask = 1;
            inheritanceFlags = 3;
            propagationFlags = 3;
            rawAcl = new RawAcl(0, 1);
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            //79 = AceFlags.SuccessfulAccess | AceFlags.ObjectInherit |AceFlags.ContainerInherit | AceFlags.NoPropagateInherit | AceFlags.InheritOnly
            gAce = new CommonAce((AceFlags)79, AceQualifier.SystemAudit, accessMask,
            new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);
            Assert.True(TestAddAudit(systemAcl, rawAcl, (AuditFlags)auditFlags,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags));

            //Case 10, all the ACEs in the Sacl are non-qualified ACE, no merge
            Assert.Throws<InvalidOperationException>(() =>
            {
                isContainer = true;
                isDS = false;
                inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                auditFlags = 3;
                sid = "BA";
                accessMask = 1;
                rawAcl = new RawAcl(0, 1);
                opaque = new byte[4];
                gAce = new CustomAce(AceType.MaxDefinedAceType + 1, AceFlags.InheritanceFlags | AceFlags.AuditFlags, opaque); ;
                rawAcl.InsertAce(0, gAce);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                gAce = new CommonAce(AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.AuditFlags,
                        AceQualifier.SystemAudit,
                        accessMask,
                        new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)),
                        false,
                        null);
                rawAcl.InsertAce(0, gAce);
                //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
                //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
                TestAddAudit(systemAcl, rawAcl, (AuditFlags)auditFlags,
    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);
            });

            //Case 11, add Ace to exceed binary length boundary, throw exception
            Assert.Throws<InvalidOperationException>(() =>
            {
                isContainer = true;
                isDS = false;
                inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                auditFlags = 3;
                sid = "BA";
                accessMask = 1;
                rawAcl = new RawAcl(0, 1);
                opaque = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4 - 16];
                gAce = new CustomAce(AceType.MaxDefinedAceType + 1,
                    AceFlags.InheritanceFlags | AceFlags.AuditFlags, opaque); ;
                rawAcl.InsertAce(0, gAce);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
                //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
                systemAcl.AddAudit((AuditFlags)auditFlags,
        new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);
            });
        }