2 // System.Security.AccessControl.DirectoryObjectSecurity implementation
5 // Dick Porter <dick@ximian.com>
6 // James Bellinger <jfb@zer7.com>
8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
9 // Copyright (C) 2012 James Bellinger
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using System.Security.Principal;
33 namespace System.Security.AccessControl
35 public abstract class DirectoryObjectSecurity : ObjectSecurity
37 protected DirectoryObjectSecurity ()
42 protected DirectoryObjectSecurity (CommonSecurityDescriptor securityDescriptor)
43 : base (securityDescriptor)
47 // For MoMA. NotImplementedException is correct for this base class.
48 Exception GetNotImplementedException ()
50 return new NotImplementedException ();
53 public virtual AccessRule AccessRuleFactory (IdentityReference identityReference, int accessMask,
54 bool isInherited, InheritanceFlags inheritanceFlags,
55 PropagationFlags propagationFlags, AccessControlType type,
56 Guid objectType, Guid inheritedObjectType)
58 throw GetNotImplementedException ();
61 internal override AccessRule InternalAccessRuleFactory (QualifiedAce ace, Type targetType,
62 AccessControlType type)
64 ObjectAce oace = ace as ObjectAce;
65 if (null == oace || ObjectAceFlags.None == oace.ObjectAceFlags)
66 return base.InternalAccessRuleFactory (ace, targetType, type);
68 return AccessRuleFactory (ace.SecurityIdentifier.Translate (targetType),
69 ace.AccessMask, ace.IsInherited,
70 ace.InheritanceFlags, ace.PropagationFlags, type,
71 oace.ObjectAceType, oace.InheritedObjectAceType);
74 public virtual AuditRule AuditRuleFactory (IdentityReference identityReference, int accessMask,
75 bool isInherited, InheritanceFlags inheritanceFlags,
76 PropagationFlags propagationFlags, AuditFlags flags,
77 Guid objectType, Guid inheritedObjectType)
79 throw GetNotImplementedException ();
82 internal override AuditRule InternalAuditRuleFactory (QualifiedAce ace, Type targetType)
84 ObjectAce oace = ace as ObjectAce;
85 if (null == oace || ObjectAceFlags.None == oace.ObjectAceFlags)
86 return base.InternalAuditRuleFactory (ace, targetType);
88 return AuditRuleFactory (ace.SecurityIdentifier.Translate (targetType),
89 ace.AccessMask, ace.IsInherited,
90 ace.InheritanceFlags, ace.PropagationFlags, ace.AuditFlags,
91 oace.ObjectAceType, oace.InheritedObjectAceType);
94 public AuthorizationRuleCollection GetAccessRules (bool includeExplicit, bool includeInherited, Type targetType)
96 return InternalGetAccessRules (includeExplicit, includeInherited, targetType);
99 public AuthorizationRuleCollection GetAuditRules (bool includeExplicit, bool includeInherited, Type targetType)
101 return InternalGetAuditRules (includeExplicit, includeInherited, targetType);
104 protected void AddAccessRule (ObjectAccessRule rule)
107 ModifyAccess (AccessControlModification.Add, rule, out modified);
110 protected bool RemoveAccessRule (ObjectAccessRule rule)
113 return ModifyAccess (AccessControlModification.Remove, rule, out modified);
116 protected void RemoveAccessRuleAll (ObjectAccessRule rule)
119 ModifyAccess (AccessControlModification.RemoveAll, rule, out modified);
122 protected void RemoveAccessRuleSpecific (ObjectAccessRule rule)
125 ModifyAccess (AccessControlModification.RemoveSpecific, rule, out modified);
128 protected void ResetAccessRule (ObjectAccessRule rule)
131 ModifyAccess (AccessControlModification.Reset, rule, out modified);
134 protected void SetAccessRule (ObjectAccessRule rule)
137 ModifyAccess (AccessControlModification.Set, rule, out modified);
140 protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
143 throw new ArgumentNullException ("rule");
145 ObjectAccessRule orule = rule as ObjectAccessRule;
147 throw new ArgumentException ("rule");
153 switch (modification) {
154 case AccessControlModification.Add:
155 descriptor.DiscretionaryAcl.AddAccess (orule.AccessControlType,
156 SidFromIR (orule.IdentityReference),
158 orule.InheritanceFlags,
159 orule.PropagationFlags,
162 orule.InheritedObjectType);
164 case AccessControlModification.Set:
165 descriptor.DiscretionaryAcl.SetAccess (orule.AccessControlType,
166 SidFromIR (orule.IdentityReference),
168 orule.InheritanceFlags,
169 orule.PropagationFlags,
172 orule.InheritedObjectType);
174 case AccessControlModification.Reset:
175 PurgeAccessRules (orule.IdentityReference);
176 goto case AccessControlModification.Add;
177 case AccessControlModification.Remove:
178 modified = descriptor.DiscretionaryAcl.RemoveAccess (orule.AccessControlType,
179 SidFromIR (orule.IdentityReference),
181 orule.InheritanceFlags,
182 orule.PropagationFlags,
185 orule.InheritedObjectType);
187 case AccessControlModification.RemoveAll:
188 PurgeAccessRules (orule.IdentityReference);
190 case AccessControlModification.RemoveSpecific:
191 descriptor.DiscretionaryAcl.RemoveAccessSpecific (orule.AccessControlType,
192 SidFromIR (orule.IdentityReference),
194 orule.InheritanceFlags,
195 orule.PropagationFlags,
198 orule.InheritedObjectType);
201 throw new ArgumentOutOfRangeException ("modification");
204 if (modified) AccessRulesModified = true;
212 protected void AddAuditRule (ObjectAuditRule rule)
215 ModifyAudit (AccessControlModification.Add, rule, out modified);
218 protected bool RemoveAuditRule (ObjectAuditRule rule)
221 return ModifyAudit (AccessControlModification.Remove, rule, out modified);
224 protected void RemoveAuditRuleAll (ObjectAuditRule rule)
227 ModifyAudit (AccessControlModification.RemoveAll, rule, out modified);
230 protected void RemoveAuditRuleSpecific (ObjectAuditRule rule)
233 ModifyAudit (AccessControlModification.RemoveSpecific, rule, out modified);
236 protected void SetAuditRule (ObjectAuditRule rule)
239 ModifyAudit (AccessControlModification.Set, rule, out modified);
242 protected override bool ModifyAudit (AccessControlModification modification, AuditRule rule, out bool modified)
245 throw new ArgumentNullException ("rule");
247 ObjectAuditRule orule = rule as ObjectAuditRule;
249 throw new ArgumentException ("rule");
255 switch (modification) {
256 case AccessControlModification.Add:
257 if (null == descriptor.SystemAcl)
258 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
260 descriptor.SystemAcl.AddAudit (orule.AuditFlags,
261 SidFromIR (orule.IdentityReference),
263 orule.InheritanceFlags,
264 orule.PropagationFlags,
267 orule.InheritedObjectType);
269 case AccessControlModification.Set:
270 if (null == descriptor.SystemAcl)
271 descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
273 descriptor.SystemAcl.SetAudit (orule.AuditFlags,
274 SidFromIR (orule.IdentityReference),
276 orule.InheritanceFlags,
277 orule.PropagationFlags,
280 orule.InheritedObjectType);
282 case AccessControlModification.Reset:
284 case AccessControlModification.Remove:
285 if (null == descriptor.SystemAcl)
288 modified = descriptor.SystemAcl.RemoveAudit (orule.AuditFlags,
289 SidFromIR (orule.IdentityReference),
291 orule.InheritanceFlags,
292 orule.PropagationFlags,
295 orule.InheritedObjectType);
297 case AccessControlModification.RemoveAll:
298 PurgeAuditRules (orule.IdentityReference);
300 case AccessControlModification.RemoveSpecific:
301 if (null != descriptor.SystemAcl)
302 descriptor.SystemAcl.RemoveAuditSpecific (orule.AuditFlags,
303 SidFromIR (orule.IdentityReference),
305 orule.InheritanceFlags,
306 orule.PropagationFlags,
309 orule.InheritedObjectType);
312 throw new ArgumentOutOfRangeException ("modification");
315 if (modified) AuditRulesModified = true;