public void CanSetAndGetMutexSecurity() { if (PlatformID.Win32NT != Environment.OSVersion.Platform) { Assert.Ignore(); return; } MutexAccessRule rule; SecurityIdentifier sid; AuthorizationRuleCollection rulesA, rulesB, rulesC; bool createdNew; MutexSecurity security; string name = @"Local\MonoTestMutex"; using (Mutex mutex = new Mutex(false, name, out createdNew)) { Assert.IsTrue(createdNew); security = mutex.GetAccessControl(); rulesA = security.GetAccessRules(true, false, typeof(SecurityIdentifier)); Assert.AreNotEqual(0, rulesA.Count); // Contrary to what you'd expect, these classes only try to persist sections that // that were *changed*. Awful, eh? To be fair, if you retrieve and modify it's fine. security = new MutexSecurity(); mutex.SetAccessControl(security); security = mutex.GetAccessControl(); rulesB = security.GetAccessRules(true, false, typeof(SecurityIdentifier)); Assert.AreEqual(rulesA.Count, rulesB.Count); // And here's our dummy change. Observe... sid = new SecurityIdentifier("S-1-5-12-3456-7890"); rule = new MutexAccessRule(sid, MutexRights.Synchronize, AccessControlType.Allow); security = new MutexSecurity(); security.RemoveAccessRuleSpecific(rule); mutex.SetAccessControl(security); security = mutex.GetAccessControl(); rulesC = security.GetAccessRules(true, false, typeof(SecurityIdentifier)); Assert.AreEqual(0, rulesC.Count); } }
public static void Main() { // Create a string representing the current user. string user = Environment.UserDomainName + "\\" + Environment.UserName; // Create a security object that grants no access. MutexSecurity mSec = new MutexSecurity(); // Add a rule that grants the current user the // right to enter or release the mutex. MutexAccessRule ruleA = new MutexAccessRule(user, MutexRights.Synchronize | MutexRights.Modify, AccessControlType.Allow); mSec.AddAccessRule(ruleA); // Add a rule that denies the current user the // right to change permissions on the mutex. MutexAccessRule rule = new MutexAccessRule(user, MutexRights.ChangePermissions, AccessControlType.Deny); mSec.AddAccessRule(rule); // Display the rules in the security object. ShowSecurity(mSec); // Add a rule that allows the current user the // right to read permissions on the mutex. This rule // is merged with the existing Allow rule. rule = new MutexAccessRule(user, MutexRights.ReadPermissions, AccessControlType.Allow); mSec.AddAccessRule(rule); ShowSecurity(mSec); // Attempt to remove the original rule (granting // the right to enter or release the mutex) with // RemoveAccessRuleSpecific. The removal fails, // because the right to read the permissions on the // mutex has been added to the rule, so that it no // longer matches the original rule. Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule."); mSec.RemoveAccessRuleSpecific(ruleA); ShowSecurity(mSec); // Create a rule that grants the current user // the right to enter or release the mutex, and // to read permissions. Use this rule to remove // the Allow rule for the current user. Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights."); rule = new MutexAccessRule(user, MutexRights.Synchronize | MutexRights.Modify | MutexRights.ReadPermissions, AccessControlType.Allow); mSec.RemoveAccessRuleSpecific(rule); ShowSecurity(mSec); }