public void GetBinaryForm()
{
RawAcl acl = new RawAcl(1, 0);
byte[] buffer = new byte[acl.BinaryLength];
acl.GetBinaryForm(buffer, 0);
byte[] sdBinary = new byte[] { 0x01, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00 };
Assert.AreEqual(sdBinary, buffer);
SecurityIdentifier builtInAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
CommonAce ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 0x7FFFFFFF, builtInAdmins, false, null);
acl.InsertAce(0, ace);
buffer = new byte[acl.BinaryLength];
acl.GetBinaryForm(buffer, 0);
sdBinary = new byte[]
{
0x01, 0x00, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x18, 0x00, 0xFF, 0xFF, 0xFF, 0x7F, 0x01, 0x02, 0x00, 0x00,
0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02,
0x00, 0x00
};
Assert.AreEqual(sdBinary, buffer);
}
private static bool TestAddAccess(DiscretionaryAcl discretionaryAcl, RawAcl rawAcl, AccessControlType accessControlType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
bool result = true;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
discretionaryAcl.AddAccess(accessControlType, sid, accessMask, inheritanceFlags, propagationFlags);
if (discretionaryAcl.Count == rawAcl.Count &&
discretionaryAcl.BinaryLength == rawAcl.BinaryLength)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
result = false;
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
result = false;
return result;
}
private static bool TestRemoveAudit(SystemAcl systemAcl, RawAcl rawAcl, AuditFlags auditFlag, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, bool removePossible)
{
bool result = true;
bool isRemoved = false;
byte[] sAclBinaryForm = null;
byte[] rAclBinaryForm = null;
isRemoved = systemAcl.RemoveAudit(auditFlag, sid, accessMask, inheritanceFlags, propagationFlags);
if ((isRemoved == removePossible) &&
(systemAcl.Count == rawAcl.Count) &&
(systemAcl.BinaryLength == rawAcl.BinaryLength))
{
sAclBinaryForm = new byte[systemAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
systemAcl.GetBinaryForm(sAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
result = false;
//redundant index check
for (int i = 0; i < systemAcl.Count; i++)
{
if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
result = false;
return result;
}
private static bool TestAddAudit(SystemAcl systemAcl, RawAcl rawAcl, AuditFlags auditFlag, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
bool result = true;
byte[] sAclBinaryForm = null;
byte[] rAclBinaryForm = null;
systemAcl.AddAudit(auditFlag, sid, accessMask, inheritanceFlags, propagationFlags);
if (systemAcl.Count == rawAcl.Count &&
systemAcl.BinaryLength == rawAcl.BinaryLength)
{
sAclBinaryForm = new byte[systemAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
systemAcl.GetBinaryForm(sAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
{
result = false;
}
//redundant index check
for (int i = 0; i < systemAcl.Count; i++)
{
if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
return(result);
}
public void WriteTo(byte[] buffer, int offset)
{
// Write out the security descriptor manually because on NTFS the DACL is written
// before the Owner & Group. Writing the components in the same order means the
// hashes will match for identical Security Descriptors.
ControlFlags controlFlags = _securityDescriptor.ControlFlags;
buffer[offset + 0x00] = 1;
buffer[offset + 0x01] = _securityDescriptor.ResourceManagerControl;
Utilities.WriteBytesLittleEndian((ushort)controlFlags, buffer, offset + 0x02);
// Blank out offsets, will fill later
for (int i = 0x04; i < 0x14; ++i)
{
buffer[offset + i] = 0;
}
int pos = 0x14;
RawAcl discAcl = _securityDescriptor.DiscretionaryAcl;
if ((controlFlags & ControlFlags.DiscretionaryAclPresent) != 0 && discAcl != null)
{
Utilities.WriteBytesLittleEndian(pos, buffer, offset + 0x10);
discAcl.GetBinaryForm(buffer, offset + pos);
pos += _securityDescriptor.DiscretionaryAcl.BinaryLength;
}
else
{
Utilities.WriteBytesLittleEndian((int)0, buffer, offset + 0x10);
}
RawAcl sysAcl = _securityDescriptor.SystemAcl;
if ((controlFlags & ControlFlags.SystemAclPresent) != 0 && sysAcl != null)
{
Utilities.WriteBytesLittleEndian(pos, buffer, offset + 0x0C);
sysAcl.GetBinaryForm(buffer, offset + pos);
pos += _securityDescriptor.SystemAcl.BinaryLength;
}
else
{
Utilities.WriteBytesLittleEndian((int)0, buffer, offset + 0x0C);
}
Utilities.WriteBytesLittleEndian(pos, buffer, offset + 0x04);
_securityDescriptor.Owner.GetBinaryForm(buffer, offset + pos);
pos += _securityDescriptor.Owner.BinaryLength;
Utilities.WriteBytesLittleEndian(pos, buffer, offset + 0x08);
_securityDescriptor.Group.GetBinaryForm(buffer, offset + pos);
pos += _securityDescriptor.Group.BinaryLength;
if (pos != _securityDescriptor.BinaryLength)
{
throw new IOException("Failed to write Security Descriptor correctly");
}
}
public void BinaryRoundtrip()
{
RawAcl acl = CreateRoundtripRawAcl();
byte[] binaryForm1 = new byte[acl.BinaryLength];
acl.GetBinaryForm(binaryForm1, 0);
RawAcl acl2 = new RawAcl(binaryForm1, 0);
byte[] binaryForm2 = new byte[acl2.BinaryLength];
acl2.GetBinaryForm(binaryForm2, 0);
CompareBinaryForms(binaryForm1, binaryForm2);
}
private static bool TestCreateFromBinaryForm(byte[] binaryForm, int offset, byte revision, int aceCount, int length)
{
RawAcl rawAcl = null;
byte[] verifierBinaryForm = null;
rawAcl = new RawAcl(binaryForm, offset);
verifierBinaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(verifierBinaryForm, 0);
Assert.True(((revision == rawAcl.Revision) &&
Utils.IsBinaryFormEqual(binaryForm, offset, verifierBinaryForm) &&
(aceCount == rawAcl.Count) &&
(length == rawAcl.BinaryLength)));
return(true);
}
public static bool Constructor2(bool isContainer, bool isDS, byte revision, int capacity)
{
bool result = true;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
RawAcl rawAcl = null;
DiscretionaryAcl discretionaryAcl = null;
discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, revision, capacity);
rawAcl = new RawAcl(revision, capacity);
if (isContainer == discretionaryAcl.IsContainer &&
isDS == discretionaryAcl.IsDS &&
revision == discretionaryAcl.Revision &&
0 == discretionaryAcl.Count &&
8 == discretionaryAcl.BinaryLength &&
true == discretionaryAcl.IsCanonical)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
{
result = false;
}
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
Assert.True(result);
return(result);
}
public static void TestConstructor(bool isContainer, bool isDS, byte revision, int capacity)
{
bool result = true;
byte[] sAclBinaryForm = null;
byte[] rAclBinaryForm = null;
SystemAcl systemAcl = null;
RawAcl rawAcl = null;
systemAcl = new SystemAcl(isContainer, isDS, revision, capacity);
rawAcl = new RawAcl(revision, capacity);
if (isContainer == systemAcl.IsContainer &&
isDS == systemAcl.IsDS &&
revision == systemAcl.Revision &&
0 == systemAcl.Count &&
8 == systemAcl.BinaryLength &&
true == systemAcl.IsCanonical)
{
sAclBinaryForm = new byte[systemAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
systemAcl.GetBinaryForm(sAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
{
result = false;
}
//redundant index check
for (int i = 0; i < systemAcl.Count; i++)
{
if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
Assert.True(result);
}
public static bool Constructor1(bool isContainer, bool isDS, int capacity)
{
bool result = true;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
RawAcl rawAcl = null;
DiscretionaryAcl discretionaryAcl = null;
discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, capacity);
rawAcl = new RawAcl(isDS ? GenericAcl.AclRevisionDS : GenericAcl.AclRevision, capacity);
if (isContainer == discretionaryAcl.IsContainer &&
isDS == discretionaryAcl.IsDS &&
(isDS ? GenericAcl.AclRevisionDS : GenericAcl.AclRevision) == discretionaryAcl.Revision &&
0 == discretionaryAcl.Count &&
8 == discretionaryAcl.BinaryLength &&
true == discretionaryAcl.IsCanonical)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
result = false;
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
Assert.True(result);
return result;
}
public static void TestConstructor(bool isContainer, bool isDS, byte revision, int capacity)
{
bool result = true;
byte[] sAclBinaryForm = null;
byte[] rAclBinaryForm = null;
SystemAcl systemAcl = null;
RawAcl rawAcl = null;
systemAcl = new SystemAcl(isContainer, isDS, revision, capacity);
rawAcl = new RawAcl(revision, capacity);
if (isContainer == systemAcl.IsContainer &&
isDS == systemAcl.IsDS &&
revision == systemAcl.Revision &&
0 == systemAcl.Count &&
8 == systemAcl.BinaryLength &&
true == systemAcl.IsCanonical)
{
sAclBinaryForm = new byte[systemAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
systemAcl.GetBinaryForm(sAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
result = false;
//redundant index check
for (int i = 0; i < systemAcl.Count; i++)
{
if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
Assert.True(result);
}
private static bool VerifyACL(DiscretionaryAcl discretionaryAcl, bool isContainer, bool isDS, bool wasCanonicalInitially, RawAcl rawAcl)
{
bool result = true;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
if (discretionaryAcl.IsContainer == isContainer &&
discretionaryAcl.IsDS == isDS &&
discretionaryAcl.Revision == rawAcl.Revision &&
discretionaryAcl.Count == rawAcl.Count &&
discretionaryAcl.BinaryLength == rawAcl.BinaryLength &&
discretionaryAcl.IsCanonical == wasCanonicalInitially)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
{
result = false;
}
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
return(result);
}
private static bool VerifyACL(DiscretionaryAcl discretionaryAcl, bool isContainer, bool isDS, bool wasCanonicalInitially, RawAcl rawAcl)
{
bool result = true;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
if (discretionaryAcl.IsContainer == isContainer &&
discretionaryAcl.IsDS == isDS &&
discretionaryAcl.Revision == rawAcl.Revision &&
discretionaryAcl.Count == rawAcl.Count &&
discretionaryAcl.BinaryLength == rawAcl.BinaryLength &&
discretionaryAcl.IsCanonical == wasCanonicalInitially)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
result = false;
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
return result;
}
private static bool TestSetAccess(DiscretionaryAcl discretionaryAcl, RawAcl rawAcl, AccessControlType accessControlType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
bool result = true;
byte[] dAclBinaryForm = null;
byte[] rAclBinaryForm = null;
discretionaryAcl.SetAccess(accessControlType, sid, accessMask, inheritanceFlags, propagationFlags);
if (discretionaryAcl.Count == rawAcl.Count &&
discretionaryAcl.BinaryLength == rawAcl.BinaryLength)
{
dAclBinaryForm = new byte[discretionaryAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(dAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(dAclBinaryForm, rAclBinaryForm))
{
result = false;
}
//redundant index check
for (int i = 0; i < discretionaryAcl.Count; i++)
{
if (!Utils.IsAceEqual(discretionaryAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
return(result);
}
private static bool TestConstructor(SystemAcl systemAcl, bool isContainer, bool isDS, bool wasCanonicalInitially, RawAcl rawAcl)
{
bool result = true;
byte[] sAclBinaryForm = null;
byte[] rAclBinaryForm = null;
if (systemAcl.IsContainer == isContainer &&
systemAcl.IsDS == isDS &&
systemAcl.Revision == rawAcl.Revision &&
systemAcl.Count == rawAcl.Count &&
systemAcl.BinaryLength == rawAcl.BinaryLength &&
systemAcl.IsCanonical == wasCanonicalInitially)
{
sAclBinaryForm = new byte[systemAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
systemAcl.GetBinaryForm(sAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
{
result = false;
}
//redundant index check
for (int i = 0; i < systemAcl.Count; i++)
{
if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
return(result);
}
[Test] // This blob produced by binaryForm1 from the BinaryRoundtrip test...
public void BlobMatchesMSNet()
{
RawAcl acl = CreateRoundtripRawAcl();
byte[] binaryForm1 = new byte[acl.BinaryLength];
acl.GetBinaryForm(binaryForm1, 0);
byte[] binaryForm2 = new byte[] { // 11 per line
(byte)0x02, (byte)0x00, (byte)0x08, (byte)0x01, (byte)0x05, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x05, (byte)0x00, (byte)0x34,
(byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x05,
(byte)0x20, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x21, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x0B, (byte)0x00, (byte)0x3C, (byte)0x00, (byte)0x02, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x01, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x05, (byte)0x20, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x21, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x0B,
(byte)0x00, (byte)0x30, (byte)0x00, (byte)0x04, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x90, (byte)0xFB, (byte)0x65, (byte)0x88, (byte)0xEB, (byte)0xA9, (byte)0x2F, (byte)0x42, (byte)0xA8, (byte)0xBA, (byte)0x07,
(byte)0xEC, (byte)0xA6, (byte)0x11, (byte)0xD6, (byte)0x99, (byte)0x01, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x05, (byte)0x20, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x21, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x0B, (byte)0x00, (byte)0x40, (byte)0x00, (byte)0x04, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x03, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x7C, (byte)0x00,
(byte)0x93, (byte)0xB8, (byte)0xD5, (byte)0x38, (byte)0x27, (byte)0x48, (byte)0xA6, (byte)0x98, (byte)0xBA, (byte)0x25, (byte)0xF1,
(byte)0xE3, (byte)0x0B, (byte)0xAC, (byte)0x01, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x05,
(byte)0x20, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x21, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x0B, (byte)0x00, (byte)0x20, (byte)0x00, (byte)0x04, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x01, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x05, (byte)0x20,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x21, (byte)0x02, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00
};
CompareBinaryForms(binaryForm2, binaryForm1);
}
private static bool TestConstructor(SystemAcl systemAcl, bool isContainer, bool isDS, bool wasCanonicalInitially, RawAcl rawAcl)
{
bool result = true;
byte[] sAclBinaryForm = null;
byte[] rAclBinaryForm = null;
if (systemAcl.IsContainer == isContainer &&
systemAcl.IsDS == isDS &&
systemAcl.Revision == rawAcl.Revision &&
systemAcl.Count == rawAcl.Count &&
systemAcl.BinaryLength == rawAcl.BinaryLength &&
systemAcl.IsCanonical == wasCanonicalInitially)
{
sAclBinaryForm = new byte[systemAcl.BinaryLength];
rAclBinaryForm = new byte[rawAcl.BinaryLength];
systemAcl.GetBinaryForm(sAclBinaryForm, 0);
rawAcl.GetBinaryForm(rAclBinaryForm, 0);
if (!Utils.IsBinaryFormEqual(sAclBinaryForm, rAclBinaryForm))
result = false;
//redundant index check
for (int i = 0; i < systemAcl.Count; i++)
{
if (!Utils.IsAceEqual(systemAcl[i], rawAcl[i]))
{
result = false;
break;
}
}
}
else
{
result = false;
}
return result;
}
public static void BasicValidationTestCases()
{
RawAcl rAcl = null;
GenericAce gAce = null;
byte[] binaryForm = null;
//Case 1, a RawAcl with one AccessAllowed Ace
SecurityIdentifier sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
byte[] verifierBinaryForm = null;
byte[] sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, sid, false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
int errorCode;
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastPInvokeError();
}
else if (0 == Utils.Win32AclLayer.AddAccessAllowedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)AceFlags.None, (uint)1, sidBinaryForm))
{
errorCode = Marshal.GetLastPInvokeError();
}
else
{
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
}
//Case 2, a RawAcl with one AccessDenied Ace
sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
verifierBinaryForm = null;
sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
//31 include ObjectInherit, ContainerInherit, NoPropagateInherit, InheritOnly and Inherited
gAce = new CommonAce((AceFlags)31, AceQualifier.AccessDenied, 1, sid, false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastPInvokeError();
}
else if (0 == Utils.Win32AclLayer.AddAccessDeniedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)31, (uint)1, sidBinaryForm))
{
errorCode = Marshal.GetLastPInvokeError();
}
else
{
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
}
//Case 3, a RawAcl with one Audit Ace
sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
verifierBinaryForm = null;
sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
//223 include ObjectInherit, ContainerInherit, NoPropagateInherit, InheritOnly, Inherited, SuccessfulAccess and FailedAccess
gAce = new CommonAce((AceFlags)223, AceQualifier.SystemAudit, 1, sid, false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastPInvokeError();
}
else if (0 == Utils.Win32AclLayer.AddAuditAccessAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)223, (uint)1, sidBinaryForm, 1, 1))
{
errorCode = Marshal.GetLastPInvokeError();
}
else
{
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
}
}
public static void AdditionalTestCases()
{
RawAcl rAcl = null;
GenericAce gAce = null;
byte[] binaryForm = null;
//Case 1, array binaryForm is null
Assert.Throws <ArgumentNullException>(() =>
{
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, 0);
});
//Case 2, offset is negative
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, -1);
});
//Case 3, offset is equal to binaryForm length
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, binaryForm.Length);
});
//Case , offset is a big positive number
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength + 10000];
rAcl.GetBinaryForm(binaryForm, 10000);
//recreate the RawAcl from BinaryForm
rAcl = new RawAcl(binaryForm, 10000);
byte[] verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(verifierBinaryForm, 0);
Assert.True(Utils.IsBinaryFormEqual(binaryForm, 10000, verifierBinaryForm));
//Case 4, binaryForm array's size is insufficient
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[4];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, 0);
});
//Case 5, an empty RawAcl
binaryForm = new byte[16];
verifierBinaryForm = new byte[16];
for (int i = 0; i < binaryForm.Length; i++)
{
binaryForm[i] = (byte)0;
verifierBinaryForm[i] = (byte)0;
}
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
rAcl.GetBinaryForm(binaryForm, 0);
int errorCode;
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)8, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastPInvokeError();
}
else
{
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
}
//Case 6, a RawAcl with huge number of AccessAllowed, AccessDenied, and AuditAce
SecurityIdentifier sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
verifierBinaryForm = null;
byte[] sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, GenericAcl.MaxBinaryLength + 1);
for (int i = 0; i < 780; i++)
{
//three aces binary length together is 24 + 36 + 24 = 84, 780 * 84 = 65520
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i, sid, false, null);
rAcl.InsertAce(rAcl.Count, gAce);
gAce = new CommonAce((AceFlags)223, AceQualifier.SystemAudit, i + 1, sid, false, null);
rAcl.InsertAce(rAcl.Count, gAce);
gAce = new CommonAce((AceFlags)31, AceQualifier.AccessDenied, i + 2, sid, false, null);
rAcl.InsertAce(rAcl.Count, gAce);
}
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastPInvokeError();
}
else
{
int i = 0;
for (i = 0; i < 780; i++)
{
if (0 == Utils.Win32AclLayer.AddAccessAllowedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)AceFlags.None, (uint)i, sidBinaryForm))
{
errorCode = Marshal.GetLastPInvokeError();
break;
}
if (0 == Utils.Win32AclLayer.AddAuditAccessAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)223, (uint)(i + 1), sidBinaryForm, 1, 1))
{
errorCode = Marshal.GetLastPInvokeError();
break;
}
if (0 == Utils.Win32AclLayer.AddAccessDeniedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)31, (uint)(i + 2), sidBinaryForm))
{
errorCode = Marshal.GetLastPInvokeError();
break;
}
}
if (i == 780)
{
//the loop finishes
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
}
else
{
Utils.PrintBinaryForm(binaryForm);
Utils.PrintBinaryForm(verifierBinaryForm);
}
}
}
public static void GetBinaryForm_BasicValidationTestCases()
{
DiscretionaryAcl dAcl = null;
RawAcl rAcl = null;
GenericAce gAce = null;
byte[] binaryForm = null;
//Case 1, array binaryForm is null
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws <ArgumentNullException>(() =>
{
dAcl.GetBinaryForm(binaryForm, 0);
});
//Case 2, offset is negative
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
dAcl.GetBinaryForm(binaryForm, -1);
});
//Case 3, offset is equal to binaryForm length
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
dAcl.GetBinaryForm(binaryForm, binaryForm.Length);
});
//Case 4, offset is a big possitive number
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
binaryForm = new byte[dAcl.BinaryLength + 10000];
dAcl.GetBinaryForm(binaryForm, 10000);
//get the binaryForm of the original RawAcl
byte[] verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(verifierBinaryForm, 0);
Assert.True(Utils.IsBinaryFormEqual(binaryForm, 10000, verifierBinaryForm));
//Case 5, binaryForm array's size is insufficient
binaryForm = new byte[4];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
dAcl.GetBinaryForm(binaryForm, 0);
});
}
public static void AdditionalTestCases()
{
RawAcl rawAcl = null;
byte[] binaryForm = null;
int offset = 0;
//case 1, binaryForm is null
Assert.Throws<ArgumentNullException>(() =>
{
binaryForm = null;
offset = 0;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 2, binaryForm is empty
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[0];
offset = 0;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 3, negative offset
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[100];
offset = -1;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 4, binaryForm length less than GenericAcl.HeaderLength
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[4];
offset = 0;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 5, a RawAcl of length 64K. RawAcl length = HeaderLength + all ACE's length
// = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
// = 8 + ( 4 + OpaqueLength) * num_of_custom_ace
GenericAce gAce = null;
byte revision = 0;
int capacity = 0;
string sid = "BG";
//CustomAce constructor parameters
AceType aceType = 0;
AceFlags aceFlag = 0;
byte[] opaque = null;
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = new byte[GenericAcl.MaxBinaryLength - 3 - 8 - 4];//GenericAcl.MaxBinaryLength = 65535, is not multiple of 4
gAce = new CustomAce(aceType, aceFlag, opaque);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 6, a RawAcl of length 64K + 1. RawAcl length = HeaderLength + all ACE's length
// = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
// = 8 + ( 4 + OpaqueLength) * num_of_custom_ace
gAce = null;
sid = "BA";
//CustomAce constructor parameters
aceType = 0;
aceFlag = 0;
binaryForm = new byte[65536];
Assert.Throws<ArgumentException>(() =>
{
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
rawAcl.GetBinaryForm(binaryForm, 0);
//change the length bytes to 65535
binaryForm[2] = 0xf;
binaryForm[3] = 0xf;
//change the aceCount to 1
binaryForm[4] = 1;
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4];//GenericAcl.MaxBinaryLength = 65535, is not multiple of 4
gAce = new CustomAce(aceType, aceFlag, opaque);
gAce.GetBinaryForm(binaryForm, 8);
TestCreateFromBinaryForm(binaryForm, 0, revision, 1, binaryForm.Length);
});
//case 7, a valid binary representation with revision 255, 256 Access
//CommonAce to test the correctness of the process of the AceCount in the header
revision = 255;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
for (int i = 0; i < 256; i++)
{
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
}
binaryForm = new byte[rawAcl.BinaryLength + 1000];
rawAcl.GetBinaryForm(binaryForm, 1000);
Assert.True(TestCreateFromBinaryForm(binaryForm, 1000, revision, 256, rawAcl.BinaryLength));
//case 8, array containing garbage
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
});
//case 9, array containing garbage
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
//binary form shows the length will be 1, actual length is 12
binaryForm = new byte[] { 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
});
//case 10, array containing garbage
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[] { 1, 1, 12, 0, 1, 1, 1, 1, 1, 1, 1, 1 };
TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
});
}
public static RawAcl CopyRawACL(RawAcl rawAcl)
{
byte[] binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
return new RawAcl(binaryForm, 0);
}
private static bool TestCreateFromBinaryForm(byte[] binaryForm, int offset, byte revision, int aceCount, int length)
{
RawAcl rawAcl = null;
byte[] verifierBinaryForm = null;
rawAcl = new RawAcl(binaryForm, offset);
verifierBinaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(verifierBinaryForm, 0);
Assert.True(((revision == rawAcl.Revision) &&
Utils.IsBinaryFormEqual(binaryForm, offset, verifierBinaryForm) &&
(aceCount == rawAcl.Count) &&
(length == rawAcl.BinaryLength)));
return true;
}
public static RawAcl CopyRawACL(RawAcl rawAcl)
{
byte[] binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
return(new RawAcl(binaryForm, 0));
}
public static void BasicValidationTestCases()
{
RawAcl rAcl = null;
GenericAce gAce = null;
byte[] binaryForm = null;
//Case 1, a RawAcl with one AccessAllowed Ace
SecurityIdentifier sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
byte[] verifierBinaryForm = null;
byte[] sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, sid, false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
int errorCode;
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastWin32Error();
}
else if (0 == Utils.Win32AclLayer.AddAccessAllowedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)AceFlags.None, (uint)1, sidBinaryForm))
{
errorCode = Marshal.GetLastWin32Error();
}
else
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
//Case 2, a RawAcl with one AccessDenied Ace
sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
verifierBinaryForm = null;
sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
//31 include ObjectInherit, ContainerInherit, NoPropagateInherit, InheritOnly and Inherited
gAce = new CommonAce((AceFlags)31, AceQualifier.AccessDenied, 1, sid, false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastWin32Error();
}
else if (0 == Utils.Win32AclLayer.AddAccessDeniedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)31, (uint)1, sidBinaryForm))
{
errorCode = Marshal.GetLastWin32Error();
}
else
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
//Case 3, a RawAcl with one Audit Ace
sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
verifierBinaryForm = null;
sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
//223 include ObjectInherit, ContainerInherit, NoPropagateInherit, InheritOnly, Inherited, SuccessfulAccess and FailedAccess
gAce = new CommonAce((AceFlags)223, AceQualifier.SystemAudit, 1, sid, false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastWin32Error();
}
else if (0 == Utils.Win32AclLayer.AddAuditAccessAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)223, (uint)1, sidBinaryForm, 1, 1))
{
errorCode = Marshal.GetLastWin32Error();
}
else
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
}
public static void BasicValidationTestCases()
{
RawAcl rawAcl = null;
byte[] binaryForm = null;
int offset = 0;
GenericAce gAce = null;
byte revision = 0;
int capacity = 0;
//CustomAce constructor parameters
AceType aceType = AceType.AccessAllowed;
AceFlags aceFlag = AceFlags.None;
byte[] opaque = null;
//CompoundAce constructor additional parameters
int accessMask = 0;
CompoundAceType compoundAceType = CompoundAceType.Impersonation;
string sid = "BA";
//CommonAce constructor additional parameters
AceQualifier aceQualifier = 0;
//ObjectAce constructor additional parameters
ObjectAceFlags objectAceFlag = 0;
Guid objectAceType;
Guid inheritedObjectAceType;
//case 1, a valid binary representation with revision 0, 1 SystemAudit CommonAce
revision = 0;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 2, a valid binary representation with revision 255, 1 AccessAllowed CommonAce
revision = 255;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 3, a valid binary representation with revision 127, 1 CustomAce
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = null;
gAce = new CustomAce(aceType, aceFlag, opaque);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 4, a valid binary representation with revision 1, 1 CompoundAce
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceFlag = (AceFlags)223; //all flags ored together
accessMask = 1;
compoundAceType = CompoundAceType.Impersonation;
gAce = new CompoundAce(aceFlag, accessMask, compoundAceType, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 5, a valid binary representation with revision 1, 1 ObjectAce
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceFlag = (AceFlags)223; //all flags ored together
aceQualifier = AceQualifier.AccessAllowed;
accessMask = 1;
objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
gAce = new ObjectAce(aceFlag, aceQualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 6, a valid binary representation with revision 1, no Ace
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 0, rawAcl.BinaryLength));
//case 7, a valid binary representation with revision 1, and all Aces from case 1 to 5
revision = 127;
capacity = 5;
rawAcl = new RawAcl(revision, capacity);
//SystemAudit CommonAce
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
//Access Allowed CommonAce
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
//CustomAce
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = null;
gAce = new CustomAce(aceType, aceFlag, opaque);
rawAcl.InsertAce(0, gAce);
//CompoundAce
aceFlag = (AceFlags)223; //all flags ored together
accessMask = 1;
compoundAceType = CompoundAceType.Impersonation;
gAce = new CompoundAce(aceFlag, accessMask, compoundAceType, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
rawAcl.InsertAce(0, gAce);
//ObjectAce
aceFlag = (AceFlags)223; //all flags ored together
aceQualifier = AceQualifier.AccessAllowed;
accessMask = 1;
objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
gAce = new ObjectAce(aceFlag, aceQualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 5, rawAcl.BinaryLength));
}
public static void BasicValidationTestCases()
{
RawAcl rawAcl = null;
byte[] binaryForm = null;
int offset = 0;
GenericAce gAce = null;
byte revision = 0;
int capacity = 0;
//CustomAce constructor parameters
AceType aceType = AceType.AccessAllowed;
AceFlags aceFlag = AceFlags.None;
byte[] opaque = null;
//CompoundAce constructor additional parameters
int accessMask = 0;
CompoundAceType compoundAceType = CompoundAceType.Impersonation;
string sid = "BA";
//CommonAce constructor additional parameters
AceQualifier aceQualifier = 0;
//ObjectAce constructor additional parameters
ObjectAceFlags objectAceFlag = 0;
Guid objectAceType;
Guid inheritedObjectAceType;
//case 1, a valid binary representation with revision 0, 1 SystemAudit CommonAce
revision = 0;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 2, a valid binary representation with revision 255, 1 AccessAllowed CommonAce
revision = 255;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 3, a valid binary representation with revision 127, 1 CustomAce
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = null;
gAce = new CustomAce(aceType, aceFlag, opaque);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 4, a valid binary representation with revision 1, 1 CompoundAce
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceFlag = (AceFlags)223; //all flags ored together
accessMask = 1;
compoundAceType = CompoundAceType.Impersonation;
gAce = new CompoundAce(aceFlag, accessMask, compoundAceType, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 5, a valid binary representation with revision 1, 1 ObjectAce
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceFlag = (AceFlags)223; //all flags ored together
aceQualifier = AceQualifier.AccessAllowed;
accessMask = 1;
objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
gAce = new ObjectAce(aceFlag, aceQualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 6, a valid binary representation with revision 1, no Ace
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 0, rawAcl.BinaryLength));
//case 7, a valid binary representation with revision 1, and all Aces from case 1 to 5
revision = 127;
capacity = 5;
rawAcl = new RawAcl(revision, capacity);
//SystemAudit CommonAce
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
//Access Allowed CommonAce
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
//CustomAce
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = null;
gAce = new CustomAce(aceType, aceFlag, opaque);
rawAcl.InsertAce(0, gAce);
//CompoundAce
aceFlag = (AceFlags)223; //all flags ored together
accessMask = 1;
compoundAceType = CompoundAceType.Impersonation;
gAce = new CompoundAce(aceFlag, accessMask, compoundAceType, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
rawAcl.InsertAce(0, gAce);
//ObjectAce
aceFlag = (AceFlags)223; //all flags ored together
aceQualifier = AceQualifier.AccessAllowed;
accessMask = 1;
objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
gAce = new ObjectAce(aceFlag, aceQualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 5, rawAcl.BinaryLength));
}
public static void GetBinaryForm_BasicValidationTestCases()
{
DiscretionaryAcl dAcl = null;
RawAcl rAcl = null;
GenericAce gAce = null;
byte[] binaryForm = null;
//Case 1, array binaryForm is null
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws<ArgumentNullException>(() =>
{
dAcl.GetBinaryForm(binaryForm, 0);
});
//Case 2, offset is negative
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
dAcl.GetBinaryForm(binaryForm, -1);
});
//Case 3, offset is equal to binaryForm length
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
dAcl.GetBinaryForm(binaryForm, binaryForm.Length);
});
//Case 4, offset is a big possitive number
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
binaryForm = new byte[dAcl.BinaryLength + 10000];
dAcl.GetBinaryForm(binaryForm, 10000);
//get the binaryForm of the original RawAcl
byte[] verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(verifierBinaryForm, 0);
Assert.True(Utils.IsBinaryFormEqual(binaryForm, 10000, verifierBinaryForm));
//Case 5, binaryForm array's size is insufficient
binaryForm = new byte[4];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
dAcl = new DiscretionaryAcl(true, false, rAcl);
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
dAcl.GetBinaryForm(binaryForm, 0);
});
}
public static void AdditionalTestCases()
{
RawAcl rawAcl = null;
byte[] binaryForm = null;
int offset = 0;
//case 1, binaryForm is null
Assert.Throws <ArgumentNullException>(() =>
{
binaryForm = null;
offset = 0;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 2, binaryForm is empty
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[0];
offset = 0;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 3, negative offset
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[100];
offset = -1;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 4, binaryForm length less than GenericAcl.HeaderLength
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[4];
offset = 0;
rawAcl = new RawAcl(binaryForm, offset);
});
//case 5, a RawAcl of length 64K. RawAcl length = HeaderLength + all ACE's length
// = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
// = 8 + ( 4 + OpaqueLength) * num_of_custom_ace
GenericAce gAce = null;
byte revision = 0;
int capacity = 0;
string sid = "BG";
//CustomAce constructor parameters
AceType aceType = 0;
AceFlags aceFlag = 0;
byte[] opaque = null;
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = new byte[GenericAcl.MaxBinaryLength - 3 - 8 - 4]; //GenericAcl.MaxBinaryLength = 65535, is not multiple of 4
gAce = new CustomAce(aceType, aceFlag, opaque);
rawAcl.InsertAce(0, gAce);
binaryForm = new byte[rawAcl.BinaryLength];
rawAcl.GetBinaryForm(binaryForm, 0);
Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));
//case 6, a RawAcl of length 64K + 1. RawAcl length = HeaderLength + all ACE's length
// = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
// = 8 + ( 4 + OpaqueLength) * num_of_custom_ace
gAce = null;
sid = "BA";
//CustomAce constructor parameters
aceType = 0;
aceFlag = 0;
binaryForm = new byte[65536];
AssertExtensions.Throws <ArgumentException>("binaryForm", () =>
{
revision = 127;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
rawAcl.GetBinaryForm(binaryForm, 0);
//change the length bytes to 65535
binaryForm[2] = 0xf;
binaryForm[3] = 0xf;
//change the aceCount to 1
binaryForm[4] = 1;
aceType = AceType.MaxDefinedAceType + 1;
aceFlag = (AceFlags)223; //all flags ored together
opaque = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4]; //GenericAcl.MaxBinaryLength = 65535, is not multiple of 4
gAce = new CustomAce(aceType, aceFlag, opaque);
gAce.GetBinaryForm(binaryForm, 8);
TestCreateFromBinaryForm(binaryForm, 0, revision, 1, binaryForm.Length);
});
//case 7, a valid binary representation with revision 255, 256 Access
//CommonAce to test the correctness of the process of the AceCount in the header
revision = 255;
capacity = 1;
rawAcl = new RawAcl(revision, capacity);
for (int i = 0; i < 256; i++)
{
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
rawAcl.InsertAce(0, gAce);
}
binaryForm = new byte[rawAcl.BinaryLength + 1000];
rawAcl.GetBinaryForm(binaryForm, 1000);
Assert.True(TestCreateFromBinaryForm(binaryForm, 1000, revision, 256, rawAcl.BinaryLength));
//case 8, array containing garbage
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
});
//case 9, array containing garbage
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
//binary form shows the length will be 1, actual length is 12
binaryForm = new byte[] { 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
});
//case 10, array containing garbage
Assert.Throws <ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[] { 1, 1, 12, 0, 1, 1, 1, 1, 1, 1, 1, 1 };
TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
});
}
/// <summary>Initializes a new instance of the <see cref="PinnedAcl"/> class.</summary>
/// <param name="acl">The <see cref="RawAcl"/> instance.</param>
public PinnedAcl(RawAcl acl)
{
bytes = new byte[acl.BinaryLength];
acl.GetBinaryForm(bytes, 0);
SetObject(bytes);
}
public static void AdditionalTestCases()
{
RawAcl rAcl = null;
GenericAce gAce = null;
byte[] binaryForm = null;
//Case 1, array binaryForm is null
Assert.Throws<ArgumentNullException>(() =>
{
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, 0);
});
//Case 2, offset is negative
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, -1);
});
//Case 3, offset is equal to binaryForm length
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[100];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, binaryForm.Length);
});
//Case , offset is a big possitive number
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
binaryForm = new byte[rAcl.BinaryLength + 10000];
rAcl.GetBinaryForm(binaryForm, 10000);
//recreate the RawAcl from BinaryForm
rAcl = new RawAcl(binaryForm, 10000);
byte[] verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(verifierBinaryForm, 0);
Assert.True(Utils.IsBinaryFormEqual(binaryForm, 10000, verifierBinaryForm));
//Case 4, binaryForm array's size is insufficient
Assert.Throws<ArgumentOutOfRangeException>(() =>
{
binaryForm = new byte[4];
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
rAcl.InsertAce(0, gAce);
rAcl.GetBinaryForm(binaryForm, 0);
});
//Case 5, an empty RawAcl
binaryForm = new byte[16];
verifierBinaryForm = new byte[16];
for (int i = 0; i < binaryForm.Length; i++)
{
binaryForm[i] = (byte)0;
verifierBinaryForm[i] = (byte)0;
}
rAcl = new RawAcl(GenericAcl.AclRevision, 1);
rAcl.GetBinaryForm(binaryForm, 0);
int errorCode;
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)8, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastWin32Error();
}
else
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
//Case 6, a RawAcl with huge number of AccessAllowed, AccessDenied, and AuditAce
SecurityIdentifier sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
verifierBinaryForm = null;
byte[] sidBinaryForm = new byte[sid.BinaryLength];
sid.GetBinaryForm(sidBinaryForm, 0);
rAcl = new RawAcl(GenericAcl.AclRevision, GenericAcl.MaxBinaryLength + 1);
for (int i = 0; i < 780; i++)
{
//three aces binary length together is 24 + 36 + 24 = 84, 780 * 84 = 65520
gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i, sid, false, null);
rAcl.InsertAce(rAcl.Count, gAce);
gAce = new CommonAce((AceFlags)223, AceQualifier.SystemAudit, i + 1, sid, false, null);
rAcl.InsertAce(rAcl.Count, gAce);
gAce = new CommonAce((AceFlags)31, AceQualifier.AccessDenied, i + 2, sid, false, null);
rAcl.InsertAce(rAcl.Count, gAce);
}
binaryForm = new byte[rAcl.BinaryLength];
verifierBinaryForm = new byte[rAcl.BinaryLength];
rAcl.GetBinaryForm(binaryForm, 0);
if (0 == Utils.Win32AclLayer.InitializeAclNative
(verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
{
errorCode = Marshal.GetLastWin32Error();
}
else
{
int i = 0;
for (i = 0; i < 780; i++)
{
if (0 == Utils.Win32AclLayer.AddAccessAllowedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)AceFlags.None, (uint)i, sidBinaryForm))
{
errorCode = Marshal.GetLastWin32Error();
break;
}
if (0 == Utils.Win32AclLayer.AddAuditAccessAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)223, (uint)(i + 1), sidBinaryForm, 1, 1))
{
errorCode = Marshal.GetLastWin32Error();
break;
}
if (0 == Utils.Win32AclLayer.AddAccessDeniedAceExNative
(verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)31, (uint)(i + 2), sidBinaryForm))
{
errorCode = Marshal.GetLastWin32Error();
break;
}
}
if (i == 780)
{
//the loop finishes
Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
}
else
{
Utils.PrintBinaryForm(binaryForm);
Utils.PrintBinaryForm(verifierBinaryForm);
}
}
}