public void AddAndPurgeWorks()
{
TestSecurity security = new TestSecurity(false);
NTAccount nta1 = new NTAccount(@"BUILTIN\Users");
NTAccount nta2 = new NTAccount(@"BUILTIN\Administrators");
security.AddAccessRuleTest(new TestAccessRule <TestRights> (nta1, TestRights.One,
AccessControlType.Allow));
security.AddAccessRuleTest(new TestAccessRule <TestRights> (nta2, TestRights.One,
AccessControlType.Allow));
AuthorizationRuleCollection rules1 = security.GetAccessRules(true, true, typeof(NTAccount));
Assert.AreEqual(2, rules1.Count);
security.PurgeAccessRules(nta1);
AuthorizationRuleCollection rules2 = security.GetAccessRules(true, true, typeof(NTAccount));
Assert.AreEqual(1, rules2.Count);
Assert.IsInstanceOfType(typeof(TestAccessRule <TestRights>), rules2[0]);
TestAccessRule <TestRights> rule = (TestAccessRule <TestRights>)rules2[0];
Assert.AreEqual(nta2, rule.IdentityReference);
}
public void AddAndGetAccessRulesWorkAndMergeCorrectly()
{
var security = new TestSecurity(false);
// CommonObjectSecurity does not appear to care at all about types on MS.NET.
// It just uses AccessMask, and then GetAccessRules uses the factory methods.
// So, the whole API is a mess of strong typing and repeated code backed by nothing.
Assert.IsFalse(security.modify_access_called);
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
security.AddAccessRuleTest(new TestAccessRule <int> (sid, 2, AccessControlType.Allow));
security.AddAccessRuleTest(new TestAccessRule <TestRights> (sid, TestRights.One, AccessControlType.Allow));
security.AddAccessRuleTest(new TestAccessRule <int> (sid, 4, AccessControlType.Allow));
Assert.IsTrue(security.modify_access_called);
Assert.IsFalse(security.modify_access_rule_called);
Assert.IsFalse(security.modify_audit_called);
Assert.IsFalse(security.access_rule_factory_called);
AuthorizationRuleCollection rules1 = security.GetAccessRules(false, true, typeof(SecurityIdentifier));
Assert.IsFalse(security.access_rule_factory_called);
Assert.AreEqual(0, rules1.Count);
Assert.IsFalse(security.access_rule_factory_called);
AuthorizationRuleCollection rules2 = security.GetAccessRules(true, true, typeof(SecurityIdentifier));
Assert.IsTrue(security.access_rule_factory_called);
Assert.AreEqual(1, rules2.Count);
Assert.IsInstanceOfType(typeof(TestAccessRule <TestRights>), rules2[0]);
TestAccessRule <TestRights> rule = (TestAccessRule <TestRights>)rules2[0];
Assert.AreEqual((TestRights)7, rule.Rights);
}
TestSecurity FactoryCallTest(bool objectAce)
{
SecurityIdentifier sid = new SecurityIdentifier("WD");
DiscretionaryAcl dacl = new DiscretionaryAcl(true, true, 1);
dacl.AddAccess(AccessControlType.Allow, sid, 1,
InheritanceFlags.None, PropagationFlags.None,
objectAce ? ObjectAceFlags.ObjectAceTypePresent : ObjectAceFlags.None,
Guid.NewGuid(), Guid.Empty);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity(descriptor);
security.GetAccessRules(true, true, typeof(SecurityIdentifier));
return(security);
}
[Category("NotWorking")] // Mono does not have a working CustomAce implementation yet.
public void ObjectSecurityRemovesWhatItCannotCreate()
{
RawAcl acl = new RawAcl(GenericAcl.AclRevision, 1);
acl.InsertAce(0, new CustomAce((AceType)255, AceFlags.None, new byte[4]));
DiscretionaryAcl dacl = new DiscretionaryAcl(true, true, acl);
Assert.AreEqual(1, dacl.Count);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity(descriptor);
AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(SecurityIdentifier));
Assert.AreEqual(0, rules.Count);
}
TestSecurity FactoryCallTest (bool objectAce)
{
SecurityIdentifier sid = new SecurityIdentifier ("WD");
DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, 1);
dacl.AddAccess (AccessControlType.Allow, sid, 1,
InheritanceFlags.None, PropagationFlags.None,
objectAce ? ObjectAceFlags.ObjectAceTypePresent : ObjectAceFlags.None,
Guid.NewGuid (), Guid.Empty);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity (descriptor);
security.GetAccessRules (true, true, typeof (SecurityIdentifier));
return security;
}
[Category ("NotWorking")] // Mono does not have a working CustomAce implementation yet.
public void ObjectSecurityRemovesWhatItCannotCreate ()
{
RawAcl acl = new RawAcl (GenericAcl.AclRevision, 1);
acl.InsertAce (0, new CustomAce ((AceType)255, AceFlags.None, new byte[4]));
DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, acl);
Assert.AreEqual (1, dacl.Count);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity (descriptor);
AuthorizationRuleCollection rules = security.GetAccessRules (true, true, typeof (SecurityIdentifier));
Assert.AreEqual (0, rules.Count);
}
