mcs/class/corlib/System.Security.AccessControl/CommonObjectSecurity.cs

   1 //
   2 // System.Security.AccessControl.CommonObjectSecurity implementation
   3 //
   4 // Authors:
   5 //      Dick Porter  <dick@ximian.com>
   6 //      Atsushi Enomoto  <atsushi@ximian.com>
   7 //      James Bellinger  <jfb@zer7.com>
   8 //
   9 // Copyright (C) 2005-2007 Novell, Inc (http://www.novell.com)
  10 // Copyright (C) 2012      James Bellinger
  11 //
  12 // Permission is hereby granted, free of charge, to any person obtaining
  13 // a copy of this software and associated documentation files (the
  14 // "Software"), to deal in the Software without restriction, including
  15 // without limitation the rights to use, copy, modify, merge, publish,
  16 // distribute, sublicense, and/or sell copies of the Software, and to
  17 // permit persons to whom the Software is furnished to do so, subject to
  18 // the following conditions:
  19 //
  20 // The above copyright notice and this permission notice shall be
  21 // included in all copies or substantial portions of the Software.
  22 //
  23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  30 //
  31
  32 using System.Collections.Generic;
  33
  34 namespace System.Security.AccessControl
  35 {
  36         public abstract class CommonObjectSecurity : ObjectSecurity
  37         {
  38                 protected CommonObjectSecurity (bool isContainer)
  39                         : base (isContainer, false)
  40                 {
  41                 }
  42
  43                 internal CommonObjectSecurity (CommonSecurityDescriptor securityDescriptor)
  44                         : base (securityDescriptor)
  45                 {
  46                 }
  47
  48                 public AuthorizationRuleCollection GetAccessRules (bool includeExplicit, bool includeInherited, Type targetType)
  49                 {
  50                         return InternalGetAccessRules (includeExplicit, includeInherited, targetType);
  51                 }
  52
  53                 public AuthorizationRuleCollection GetAuditRules (bool includeExplicit, bool includeInherited, Type targetType)
  54                 {
  55                         return InternalGetAuditRules (includeExplicit, includeInherited, targetType);
  56                 }
  57
  58                 protected void AddAccessRule (AccessRule rule)
  59                 {
  60                         bool modified;
  61                         ModifyAccess (AccessControlModification.Add, rule, out modified);
  62                 }
  63
  64                 protected bool RemoveAccessRule (AccessRule rule)
  65                 {
  66                         bool modified;
  67                         return ModifyAccess (AccessControlModification.Remove, rule, out modified);
  68                 }
  69
  70                 protected void RemoveAccessRuleAll (AccessRule rule)
  71                 {
  72                         bool modified;
  73                         ModifyAccess (AccessControlModification.RemoveAll, rule, out modified);
  74                 }
  75
  76                 protected void RemoveAccessRuleSpecific (AccessRule rule)
  77                 {
  78                         bool modified;
  79                         ModifyAccess (AccessControlModification.RemoveSpecific, rule, out modified);
  80                 }
  81
  82                 protected void ResetAccessRule (AccessRule rule)
  83                 {
  84                         bool modified;
  85                         ModifyAccess (AccessControlModification.Reset, rule, out modified);
  86                 }
  87
  88                 protected void SetAccessRule (AccessRule rule)
  89                 {
  90                         bool modified;
  91                         ModifyAccess (AccessControlModification.Set, rule, out modified);
  92                 }
  93
  94                 protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
  95                 {
  96                         if (null == rule)
  97                                 throw new ArgumentNullException ("rule");
  98
  99                         modified = true;
 100
 101                         WriteLock ();
 102                         try {
 103                                 switch (modification) {
 104                                 case AccessControlModification.Add:
 105                                         descriptor.DiscretionaryAcl.AddAccess (rule.AccessControlType,
 106                                                                                SidFromIR (rule.IdentityReference),
 107                                                                                rule.AccessMask,
 108                                                                                rule.InheritanceFlags,
 109                                                                                rule.PropagationFlags);
 110                                         break;
 111                                 case AccessControlModification.Set:
 112                                         descriptor.DiscretionaryAcl.SetAccess (rule.AccessControlType,
 113                                                                                SidFromIR (rule.IdentityReference),
 114                                                                                rule.AccessMask,
 115                                                                                rule.InheritanceFlags,
 116                                                                                rule.PropagationFlags);
 117                                         break;
 118                                 case AccessControlModification.Reset:
 119                                         PurgeAccessRules (rule.IdentityReference);
 120                                         goto case AccessControlModification.Add;
 121                                 case AccessControlModification.Remove:
 122                                         modified = descriptor.DiscretionaryAcl.RemoveAccess (rule.AccessControlType,
 123                                                                                              SidFromIR (rule.IdentityReference),
 124                                                                                              rule.AccessMask,
 125                                                                                              rule.InheritanceFlags,
 126                                                                                              rule.PropagationFlags);
 127                                         break;
 128                                 case AccessControlModification.RemoveAll:
 129                                         PurgeAccessRules (rule.IdentityReference);
 130                                         break;
 131                                 case AccessControlModification.RemoveSpecific:
 132                                         descriptor.DiscretionaryAcl.RemoveAccessSpecific (rule.AccessControlType,
 133                                                                                           SidFromIR (rule.IdentityReference),
 134                                                                                           rule.AccessMask,
 135                                                                                           rule.InheritanceFlags,
 136                                                                                           rule.PropagationFlags);
 137                                         break;
 138                                 default:
 139                                         throw new ArgumentOutOfRangeException ("modification");
 140                                 }
 141
 142                                 if (modified) AccessRulesModified = true;
 143                         } finally {
 144                                 WriteUnlock ();
 145                         }
 146
 147                         return modified;
 148                 }
 149
 150                 protected void AddAuditRule (AuditRule rule)
 151                 {
 152                         bool modified;
 153                         ModifyAudit (AccessControlModification.Add, rule, out modified);
 154                 }
 155
 156                 protected bool RemoveAuditRule (AuditRule rule)
 157                 {
 158                         bool modified;
 159                         return ModifyAudit (AccessControlModification.Remove, rule, out modified);
 160                 }
 161
 162                 protected void RemoveAuditRuleAll (AuditRule rule)
 163                 {
 164                         bool modified;
 165                         ModifyAudit (AccessControlModification.RemoveAll, rule, out modified);
 166                 }
 167
 168                 protected void RemoveAuditRuleSpecific (AuditRule rule)
 169                 {
 170                         bool modified;
 171                         ModifyAudit (AccessControlModification.RemoveSpecific, rule, out modified);
 172                 }
 173
 174                 protected void SetAuditRule (AuditRule rule)
 175                 {
 176                         bool modified;
 177                         ModifyAudit (AccessControlModification.Set, rule, out modified);
 178                 }
 179
 180                 protected override bool ModifyAudit (AccessControlModification modification, AuditRule rule, out bool modified)
 181                 {
 182                         if (null == rule)
 183                                 throw new ArgumentNullException ("rule");
 184
 185                         modified = true;
 186
 187                         WriteLock ();
 188                         try {
 189                                 switch (modification) {
 190                                 case AccessControlModification.Add:
 191                                         if (null == descriptor.SystemAcl)
 192                                                 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
 193
 194                                         descriptor.SystemAcl.AddAudit (rule.AuditFlags,
 195                                                                        SidFromIR (rule.IdentityReference),
 196                                                                        rule.AccessMask,
 197                                                                        rule.InheritanceFlags,
 198                                                                        rule.PropagationFlags);
 199                                         break;
 200                                 case AccessControlModification.Set:
 201                                         if (null == descriptor.SystemAcl)
 202                                                 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
 203
 204                                         descriptor.SystemAcl.SetAudit (rule.AuditFlags,
 205                                                                        SidFromIR (rule.IdentityReference),
 206                                                                        rule.AccessMask,
 207                                                                        rule.InheritanceFlags,
 208                                                                        rule.PropagationFlags);
 209                                         break;
 210                                 case AccessControlModification.Reset:
 211                                         break;
 212                                 case AccessControlModification.Remove:
 213                                         if (null == descriptor.SystemAcl)
 214                                                 modified = false;
 215                                         else
 216                                                 modified = descriptor.SystemAcl.RemoveAudit (rule.AuditFlags,
 217                                                                                              SidFromIR (rule.IdentityReference),
 218                                                                                              rule.AccessMask,
 219                                                                                              rule.InheritanceFlags,
 220                                                                                              rule.PropagationFlags);
 221                                         break;
 222                                 case AccessControlModification.RemoveAll:
 223                                         PurgeAuditRules (rule.IdentityReference);
 224                                         break;
 225                                 case AccessControlModification.RemoveSpecific:
 226                                         if (null != descriptor.SystemAcl)
 227                                                 descriptor.SystemAcl.RemoveAuditSpecific (rule.AuditFlags,
 228                                                                                           SidFromIR (rule.IdentityReference),
 229                                                                                           rule.AccessMask,
 230                                                                                           rule.InheritanceFlags,
 231                                                                                           rule.PropagationFlags);
 232                                         break;
 233                                 default:
 234                                         throw new ArgumentOutOfRangeException ("modification");
 235                                 }
 236
 237                                 if (modified) AuditRulesModified = true;
 238                         } finally {
 239                                 WriteUnlock ();
 240                         }
 241
 242                         return modified;
 243                 }
 244         }
 245 }
 246