mcs/class/corlib/System.Security.AccessControl/DirectoryObjectSecurity.cs

   1 //
   2 // System.Security.AccessControl.DirectoryObjectSecurity implementation
   3 //
   4 // Author:
   5 //      Dick Porter  <dick@ximian.com>
   6 //      James Bellinger  <jfb@zer7.com>
   7 //
   8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
   9 // Copyright (C) 2012 James Bellinger
  10 //
  11 // Permission is hereby granted, free of charge, to any person obtaining
  12 // a copy of this software and associated documentation files (the
  13 // "Software"), to deal in the Software without restriction, including
  14 // without limitation the rights to use, copy, modify, merge, publish,
  15 // distribute, sublicense, and/or sell copies of the Software, and to
  16 // permit persons to whom the Software is furnished to do so, subject to
  17 // the following conditions:
  18 //
  19 // The above copyright notice and this permission notice shall be
  20 // included in all copies or substantial portions of the Software.
  21 //
  22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  29 //
  30
  31 using System.Security.Principal;
  32
  33 namespace System.Security.AccessControl
  34 {
  35         public abstract class DirectoryObjectSecurity : ObjectSecurity
  36         {
  37                 protected DirectoryObjectSecurity ()
  38                         : base (true, true)
  39                 {
  40                 }
  41
  42                 protected DirectoryObjectSecurity (CommonSecurityDescriptor securityDescriptor)
  43                         : base (securityDescriptor)
  44                 {
  45                 }
  46
  47                 // For MoMA. NotImplementedException is correct for this base class.
  48                 Exception GetNotImplementedException ()
  49                 {
  50                         return new NotImplementedException ();
  51                 }
  52
  53                 public virtual AccessRule AccessRuleFactory (IdentityReference identityReference, int accessMask,
  54                                                              bool isInherited, InheritanceFlags inheritanceFlags,
  55                                                              PropagationFlags propagationFlags, AccessControlType type,
  56                                                              Guid objectType, Guid inheritedObjectType)
  57                 {
  58                         throw GetNotImplementedException ();
  59                 }
  60
  61                 internal override AccessRule InternalAccessRuleFactory (QualifiedAce ace, Type targetType,
  62                                                                         AccessControlType type)
  63                 {
  64                         ObjectAce oace = ace as ObjectAce;
  65                         if (null == oace || ObjectAceFlags.None == oace.ObjectAceFlags)
  66                                 return base.InternalAccessRuleFactory (ace, targetType, type);
  67
  68                         return AccessRuleFactory (ace.SecurityIdentifier.Translate (targetType),
  69                                                   ace.AccessMask, ace.IsInherited,
  70                                                   ace.InheritanceFlags, ace.PropagationFlags, type,
  71                                                   oace.ObjectAceType, oace.InheritedObjectAceType);
  72                 }
  73
  74                 public virtual AuditRule AuditRuleFactory (IdentityReference identityReference, int accessMask,
  75                                                            bool isInherited, InheritanceFlags inheritanceFlags,
  76                                                            PropagationFlags propagationFlags, AuditFlags flags,
  77                                                            Guid objectType, Guid inheritedObjectType)
  78                 {
  79                         throw GetNotImplementedException ();
  80                 }
  81
  82                 internal override AuditRule InternalAuditRuleFactory (QualifiedAce ace, Type targetType)
  83                 {
  84                         ObjectAce oace = ace as ObjectAce;
  85                         if (null == oace || ObjectAceFlags.None == oace.ObjectAceFlags)
  86                                 return base.InternalAuditRuleFactory (ace, targetType);
  87
  88                         return AuditRuleFactory (ace.SecurityIdentifier.Translate (targetType),
  89                                                  ace.AccessMask, ace.IsInherited,
  90                                                  ace.InheritanceFlags, ace.PropagationFlags, ace.AuditFlags,
  91                                                  oace.ObjectAceType, oace.InheritedObjectAceType);
  92                 }
  93
  94                 public AuthorizationRuleCollection GetAccessRules (bool includeExplicit, bool includeInherited, Type targetType)
  95                 {
  96                         return InternalGetAccessRules (includeExplicit, includeInherited, targetType);
  97                 }
  98
  99                 public AuthorizationRuleCollection GetAuditRules (bool includeExplicit, bool includeInherited, Type targetType)
 100                 {
 101                         return InternalGetAuditRules (includeExplicit, includeInherited, targetType);
 102                 }
 103
 104                 protected void AddAccessRule (ObjectAccessRule rule)
 105                 {
 106                         bool modified;
 107                         ModifyAccess (AccessControlModification.Add, rule, out modified);
 108                 }
 109
 110                 protected bool RemoveAccessRule (ObjectAccessRule rule)
 111                 {
 112                         bool modified;
 113                         return ModifyAccess (AccessControlModification.Remove, rule, out modified);
 114                 }
 115
 116                 protected void RemoveAccessRuleAll (ObjectAccessRule rule)
 117                 {
 118                         bool modified;
 119                         ModifyAccess (AccessControlModification.RemoveAll, rule, out modified);
 120                 }
 121
 122                 protected void RemoveAccessRuleSpecific (ObjectAccessRule rule)
 123                 {
 124                         bool modified;
 125                         ModifyAccess (AccessControlModification.RemoveSpecific, rule, out modified);
 126                 }
 127
 128                 protected void ResetAccessRule (ObjectAccessRule rule)
 129                 {
 130                         bool modified;
 131                         ModifyAccess (AccessControlModification.Reset, rule, out modified);
 132                 }
 133
 134                 protected void SetAccessRule (ObjectAccessRule rule)
 135                 {
 136                         bool modified;
 137                         ModifyAccess (AccessControlModification.Set, rule, out modified);
 138                 }
 139
 140                 protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
 141                 {
 142                         if (null == rule)
 143                                 throw new ArgumentNullException ("rule");
 144
 145                         ObjectAccessRule orule = rule as ObjectAccessRule;
 146                         if (null == orule)
 147                                 throw new ArgumentException ("rule");
 148
 149                         modified = true;
 150
 151                         WriteLock ();
 152                         try {
 153                                 switch (modification) {
 154                                 case AccessControlModification.Add:
 155                                         descriptor.DiscretionaryAcl.AddAccess (orule.AccessControlType,
 156                                                                                SidFromIR (orule.IdentityReference),
 157                                                                                orule.AccessMask,
 158                                                                                orule.InheritanceFlags,
 159                                                                                orule.PropagationFlags,
 160                                                                                orule.ObjectFlags,
 161                                                                                orule.ObjectType,
 162                                                                                orule.InheritedObjectType);
 163                                         break;
 164                                 case AccessControlModification.Set:
 165                                         descriptor.DiscretionaryAcl.SetAccess (orule.AccessControlType,
 166                                                                                SidFromIR (orule.IdentityReference),
 167                                                                                orule.AccessMask,
 168                                                                                orule.InheritanceFlags,
 169                                                                                orule.PropagationFlags,
 170                                                                                orule.ObjectFlags,
 171                                                                                orule.ObjectType,
 172                                                                                orule.InheritedObjectType);
 173                                         break;
 174                                 case AccessControlModification.Reset:
 175                                         PurgeAccessRules (orule.IdentityReference);
 176                                         goto case AccessControlModification.Add;
 177                                 case AccessControlModification.Remove:
 178                                         modified = descriptor.DiscretionaryAcl.RemoveAccess (orule.AccessControlType,
 179                                                                                              SidFromIR (orule.IdentityReference),
 180                                                                                              rule.AccessMask,
 181                                                                                              orule.InheritanceFlags,
 182                                                                                              orule.PropagationFlags,
 183                                                                                              orule.ObjectFlags,
 184                                                                                              orule.ObjectType,
 185                                                                                              orule.InheritedObjectType);
 186                                         break;
 187                                 case AccessControlModification.RemoveAll:
 188                                         PurgeAccessRules (orule.IdentityReference);
 189                                         break;
 190                                 case AccessControlModification.RemoveSpecific:
 191                                         descriptor.DiscretionaryAcl.RemoveAccessSpecific (orule.AccessControlType,
 192                                                                                           SidFromIR (orule.IdentityReference),
 193                                                                                           orule.AccessMask,
 194                                                                                           orule.InheritanceFlags,
 195                                                                                           orule.PropagationFlags,
 196                                                                                           orule.ObjectFlags,
 197                                                                                           orule.ObjectType,
 198                                                                                           orule.InheritedObjectType);
 199                                         break;
 200                                 default:
 201                                         throw new ArgumentOutOfRangeException ("modification");
 202                                 }
 203
 204                                 if (modified) AccessRulesModified = true;
 205                         } finally {
 206                                 WriteUnlock ();
 207                         }
 208
 209                         return modified;
 210                 }
 211
 212                 protected void AddAuditRule (ObjectAuditRule rule)
 213                 {
 214                         bool modified;
 215                         ModifyAudit (AccessControlModification.Add, rule, out modified);
 216                 }
 217
 218                 protected bool RemoveAuditRule (ObjectAuditRule rule)
 219                 {
 220                         bool modified;
 221                         return ModifyAudit (AccessControlModification.Remove, rule, out modified);
 222                 }
 223
 224                 protected void RemoveAuditRuleAll (ObjectAuditRule rule)
 225                 {
 226                         bool modified;
 227                         ModifyAudit (AccessControlModification.RemoveAll, rule, out modified);
 228                 }
 229
 230                 protected void RemoveAuditRuleSpecific (ObjectAuditRule rule)
 231                 {
 232                         bool modified;
 233                         ModifyAudit (AccessControlModification.RemoveSpecific, rule, out modified);
 234                 }
 235
 236                 protected void SetAuditRule (ObjectAuditRule rule)
 237                 {
 238                         bool modified;
 239                         ModifyAudit (AccessControlModification.Set, rule, out modified);
 240                 }
 241
 242                 protected override bool ModifyAudit (AccessControlModification modification, AuditRule rule, out bool modified)
 243                 {
 244                         if (null == rule)
 245                                 throw new ArgumentNullException ("rule");
 246
 247                         ObjectAuditRule orule = rule as ObjectAuditRule;
 248                         if (null == orule)
 249                                 throw new ArgumentException ("rule");
 250
 251                         modified = true;
 252
 253                         WriteLock ();
 254                         try {
 255                                 switch (modification) {
 256                                 case AccessControlModification.Add:
 257                                         if (null == descriptor.SystemAcl)
 258                                                 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
 259
 260                                         descriptor.SystemAcl.AddAudit (orule.AuditFlags,
 261                                                                        SidFromIR (orule.IdentityReference),
 262                                                                        orule.AccessMask,
 263                                                                        orule.InheritanceFlags,
 264                                                                        orule.PropagationFlags,
 265                                                                        orule.ObjectFlags,
 266                                                                        orule.ObjectType,
 267                                                                        orule.InheritedObjectType);
 268                                         break;
 269                                 case AccessControlModification.Set:
 270                                         if (null == descriptor.SystemAcl)
 271                                                 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
 272
 273                                         descriptor.SystemAcl.SetAudit (orule.AuditFlags,
 274                                                                        SidFromIR (orule.IdentityReference),
 275                                                                        orule.AccessMask,
 276                                                                        orule.InheritanceFlags,
 277                                                                        orule.PropagationFlags,
 278                                                                        orule.ObjectFlags,
 279                                                                        orule.ObjectType,
 280                                                                        orule.InheritedObjectType);
 281                                         break;
 282                                 case AccessControlModification.Reset:
 283                                         break;
 284                                 case AccessControlModification.Remove:
 285                                         if (null == descriptor.SystemAcl)
 286                                                 modified = false;
 287                                         else
 288                                                 modified = descriptor.SystemAcl.RemoveAudit (orule.AuditFlags,
 289                                                                                              SidFromIR (orule.IdentityReference),
 290                                                                                              orule.AccessMask,
 291                                                                                              orule.InheritanceFlags,
 292                                                                                              orule.PropagationFlags,
 293                                                                                              orule.ObjectFlags,
 294                                                                                              orule.ObjectType,
 295                                                                                              orule.InheritedObjectType);
 296                                         break;
 297                                 case AccessControlModification.RemoveAll:
 298                                         PurgeAuditRules (orule.IdentityReference);
 299                                         break;
 300                                 case AccessControlModification.RemoveSpecific:
 301                                         if (null != descriptor.SystemAcl)
 302                                                 descriptor.SystemAcl.RemoveAuditSpecific (orule.AuditFlags,
 303                                                                                           SidFromIR (orule.IdentityReference),
 304                                                                                           orule.AccessMask,
 305                                                                                           orule.InheritanceFlags,
 306                                                                                           orule.PropagationFlags,
 307                                                                                           orule.ObjectFlags,
 308                                                                                           orule.ObjectType,
 309                                                                                           orule.InheritedObjectType);
 310                                         break;
 311                                 default:
 312                                         throw new ArgumentOutOfRangeException ("modification");
 313                                 }
 314
 315                                 if (modified) AuditRulesModified = true;
 316                         } finally {
 317                                 WriteUnlock ();
 318                         }
 319
 320                         return modified;
 321                 }
 322         }
 323 }
 324