public void CanSetAndGetMutexSecurity()
{
if (PlatformID.Win32NT != Environment.OSVersion.Platform)
{
Assert.Ignore(); return;
}
MutexAccessRule rule; SecurityIdentifier sid;
AuthorizationRuleCollection rulesA, rulesB, rulesC;
bool createdNew; MutexSecurity security;
string name = @"Local\MonoTestMutex";
using (Mutex mutex = new Mutex(false, name, out createdNew)) {
Assert.IsTrue(createdNew);
security = mutex.GetAccessControl();
rulesA = security.GetAccessRules(true, false, typeof(SecurityIdentifier));
Assert.AreNotEqual(0, rulesA.Count);
// Contrary to what you'd expect, these classes only try to persist sections that
// that were *changed*. Awful, eh? To be fair, if you retrieve and modify it's fine.
security = new MutexSecurity();
mutex.SetAccessControl(security);
security = mutex.GetAccessControl();
rulesB = security.GetAccessRules(true, false, typeof(SecurityIdentifier));
Assert.AreEqual(rulesA.Count, rulesB.Count);
// And here's our dummy change. Observe...
sid = new SecurityIdentifier("S-1-5-12-3456-7890");
rule = new MutexAccessRule(sid, MutexRights.Synchronize, AccessControlType.Allow);
security = new MutexSecurity();
security.RemoveAccessRuleSpecific(rule);
mutex.SetAccessControl(security);
security = mutex.GetAccessControl();
rulesC = security.GetAccessRules(true, false, typeof(SecurityIdentifier));
Assert.AreEqual(0, rulesC.Count);
}
}
public static void Main()
{
// Create a string representing the current user.
string user = Environment.UserDomainName + "\\" +
Environment.UserName;
// Create a security object that grants no access.
MutexSecurity mSec = new MutexSecurity();
// Add a rule that grants the current user the
// right to enter or release the mutex.
MutexAccessRule ruleA = new MutexAccessRule(user,
MutexRights.Synchronize | MutexRights.Modify,
AccessControlType.Allow);
mSec.AddAccessRule(ruleA);
// Add a rule that denies the current user the
// right to change permissions on the mutex.
MutexAccessRule rule = new MutexAccessRule(user,
MutexRights.ChangePermissions,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Add a rule that allows the current user the
// right to read permissions on the mutex. This rule
// is merged with the existing Allow rule.
rule = new MutexAccessRule(user,
MutexRights.ReadPermissions,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
ShowSecurity(mSec);
// Attempt to remove the original rule (granting
// the right to enter or release the mutex) with
// RemoveAccessRuleSpecific. The removal fails,
// because the right to read the permissions on the
// mutex has been added to the rule, so that it no
// longer matches the original rule.
Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.");
mSec.RemoveAccessRuleSpecific(ruleA);
ShowSecurity(mSec);
// Create a rule that grants the current user
// the right to enter or release the mutex, and
// to read permissions. Use this rule to remove
// the Allow rule for the current user.
Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.");
rule = new MutexAccessRule(user,
MutexRights.Synchronize | MutexRights.Modify |
MutexRights.ReadPermissions,
AccessControlType.Allow);
mSec.RemoveAccessRuleSpecific(rule);
ShowSecurity(mSec);
}
