2 // System.Security.AccessControl.CommonObjectSecurity implementation
5 // Dick Porter <dick@ximian.com>
6 // Atsushi Enomoto <atsushi@ximian.com>
7 // James Bellinger <jfb@zer7.com>
9 // Copyright (C) 2005-2007 Novell, Inc (http://www.novell.com)
10 // Copyright (C) 2012 James Bellinger
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Collections.Generic;
34 namespace System.Security.AccessControl
36 public abstract class CommonObjectSecurity : ObjectSecurity
38 protected CommonObjectSecurity (bool isContainer)
39 : base (isContainer, false)
43 internal CommonObjectSecurity (CommonSecurityDescriptor securityDescriptor)
44 : base (securityDescriptor)
48 public AuthorizationRuleCollection GetAccessRules (bool includeExplicit, bool includeInherited, Type targetType)
50 return InternalGetAccessRules (includeExplicit, includeInherited, targetType);
53 public AuthorizationRuleCollection GetAuditRules (bool includeExplicit, bool includeInherited, Type targetType)
55 return InternalGetAuditRules (includeExplicit, includeInherited, targetType);
58 protected void AddAccessRule (AccessRule rule)
61 ModifyAccess (AccessControlModification.Add, rule, out modified);
64 protected bool RemoveAccessRule (AccessRule rule)
67 return ModifyAccess (AccessControlModification.Remove, rule, out modified);
70 protected void RemoveAccessRuleAll (AccessRule rule)
73 ModifyAccess (AccessControlModification.RemoveAll, rule, out modified);
76 protected void RemoveAccessRuleSpecific (AccessRule rule)
79 ModifyAccess (AccessControlModification.RemoveSpecific, rule, out modified);
82 protected void ResetAccessRule (AccessRule rule)
85 ModifyAccess (AccessControlModification.Reset, rule, out modified);
88 protected void SetAccessRule (AccessRule rule)
91 ModifyAccess (AccessControlModification.Set, rule, out modified);
94 protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
97 throw new ArgumentNullException ("rule");
103 switch (modification) {
104 case AccessControlModification.Add:
105 descriptor.DiscretionaryAcl.AddAccess (rule.AccessControlType,
106 SidFromIR (rule.IdentityReference),
108 rule.InheritanceFlags,
109 rule.PropagationFlags);
111 case AccessControlModification.Set:
112 descriptor.DiscretionaryAcl.SetAccess (rule.AccessControlType,
113 SidFromIR (rule.IdentityReference),
115 rule.InheritanceFlags,
116 rule.PropagationFlags);
118 case AccessControlModification.Reset:
119 PurgeAccessRules (rule.IdentityReference);
120 goto case AccessControlModification.Add;
121 case AccessControlModification.Remove:
122 modified = descriptor.DiscretionaryAcl.RemoveAccess (rule.AccessControlType,
123 SidFromIR (rule.IdentityReference),
125 rule.InheritanceFlags,
126 rule.PropagationFlags);
128 case AccessControlModification.RemoveAll:
129 PurgeAccessRules (rule.IdentityReference);
131 case AccessControlModification.RemoveSpecific:
132 descriptor.DiscretionaryAcl.RemoveAccessSpecific (rule.AccessControlType,
133 SidFromIR (rule.IdentityReference),
135 rule.InheritanceFlags,
136 rule.PropagationFlags);
139 throw new ArgumentOutOfRangeException ("modification");
142 if (modified) AccessRulesModified = true;
150 protected void AddAuditRule (AuditRule rule)
153 ModifyAudit (AccessControlModification.Add, rule, out modified);
156 protected bool RemoveAuditRule (AuditRule rule)
159 return ModifyAudit (AccessControlModification.Remove, rule, out modified);
162 protected void RemoveAuditRuleAll (AuditRule rule)
165 ModifyAudit (AccessControlModification.RemoveAll, rule, out modified);
168 protected void RemoveAuditRuleSpecific (AuditRule rule)
171 ModifyAudit (AccessControlModification.RemoveSpecific, rule, out modified);
174 protected void SetAuditRule (AuditRule rule)
177 ModifyAudit (AccessControlModification.Set, rule, out modified);
180 protected override bool ModifyAudit (AccessControlModification modification, AuditRule rule, out bool modified)
183 throw new ArgumentNullException ("rule");
189 switch (modification) {
190 case AccessControlModification.Add:
191 if (null == descriptor.SystemAcl)
192 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
194 descriptor.SystemAcl.AddAudit (rule.AuditFlags,
195 SidFromIR (rule.IdentityReference),
197 rule.InheritanceFlags,
198 rule.PropagationFlags);
200 case AccessControlModification.Set:
201 if (null == descriptor.SystemAcl)
202 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
204 descriptor.SystemAcl.SetAudit (rule.AuditFlags,
205 SidFromIR (rule.IdentityReference),
207 rule.InheritanceFlags,
208 rule.PropagationFlags);
210 case AccessControlModification.Reset:
212 case AccessControlModification.Remove:
213 if (null == descriptor.SystemAcl)
216 modified = descriptor.SystemAcl.RemoveAudit (rule.AuditFlags,
217 SidFromIR (rule.IdentityReference),
219 rule.InheritanceFlags,
220 rule.PropagationFlags);
222 case AccessControlModification.RemoveAll:
223 PurgeAuditRules (rule.IdentityReference);
225 case AccessControlModification.RemoveSpecific:
226 if (null != descriptor.SystemAcl)
227 descriptor.SystemAcl.RemoveAuditSpecific (rule.AuditFlags,
228 SidFromIR (rule.IdentityReference),
230 rule.InheritanceFlags,
231 rule.PropagationFlags);
234 throw new ArgumentOutOfRangeException ("modification");
237 if (modified) AuditRulesModified = true;