mcs/class/corlib/Test/System.Security.AccessControl/CommonObjectSecurityTest.cs

   1 // CommonObjectSecurityTest.cs - NUnit Test Cases for CommonObjectSecurity
   2 //
   3 // Authors:
   4 //      James Bellinger  <jfb@zer7.com>
   5 //
   6 // Copyright (C) 2012 James Bellinger
   7
   8 using System;
   9 using System.Collections.Generic;
  10 using System.Security.AccessControl;
  11 using System.Security.Principal;
  12 using NUnit.Framework;
  13
  14 namespace MonoTests.System.Security.AccessControl
  15 {
  16         [TestFixture]
  17         public class CommonObjectSecurityTest
  18         {
  19                 [Test]
  20                 public void Defaults ()
  21                 {
  22                         TestSecurity security;
  23
  24                         security = new TestSecurity (false);
  25                         Assert.IsFalse (security.IsContainerTest);
  26                         Assert.IsFalse (security.IsDSTest);
  27
  28                         security = new TestSecurity (true);
  29                         Assert.IsTrue (security.IsContainerTest);
  30                         Assert.IsFalse (security.IsDSTest);
  31                 }
  32
  33                 [Test]
  34                 public void AddAndGetAccessRulesWorkAndMergeCorrectly ()
  35                 {
  36                         var security = new TestSecurity (false);
  37
  38                         // CommonObjectSecurity does not appear to care at all about types on MS.NET.
  39                         // It just uses AccessMask, and then GetAccessRules uses the factory methods.
  40                         // So, the whole API is a mess of strong typing and repeated code backed by nothing.
  41                         Assert.IsFalse (security.modify_access_called);
  42
  43                         SecurityIdentifier sid = new SecurityIdentifier (WellKnownSidType.WorldSid, null);
  44                         security.AddAccessRuleTest (new AccessRule<int> (sid, 2, AccessControlType.Allow));
  45                         security.AddAccessRuleTest (new AccessRule<TestRights> (sid, TestRights.One, AccessControlType.Allow));
  46                         security.AddAccessRuleTest (new AccessRule<int> (sid, 4, AccessControlType.Allow));
  47
  48                         Assert.IsTrue (security.modify_access_called);
  49                         Assert.IsFalse (security.modify_access_rule_called);
  50                         Assert.IsFalse (security.modify_audit_called);
  51
  52                         Assert.IsFalse (security.access_rule_factory_called);
  53                         AuthorizationRuleCollection rules1 = security.GetAccessRules (false, true, typeof (SecurityIdentifier));
  54                         Assert.IsFalse (security.access_rule_factory_called);
  55                         Assert.AreEqual (0, rules1.Count);
  56
  57                         Assert.IsFalse (security.access_rule_factory_called);
  58                         AuthorizationRuleCollection rules2 = security.GetAccessRules (true, true, typeof (SecurityIdentifier));
  59                         Assert.IsTrue (security.access_rule_factory_called);
  60                         Assert.AreEqual (1, rules2.Count);
  61
  62                         Assert.IsInstanceOfType (typeof (AccessRule<TestRights>), rules2[0]);
  63                         AccessRule<TestRights> rule = (AccessRule<TestRights>)rules2[0];
  64                         Assert.AreEqual ((TestRights)7, rule.Rights);
  65                 }
  66
  67                 [Test]
  68                 public void AddAndPurgeWorks ()
  69                 {
  70                         TestSecurity security = new TestSecurity (false);
  71
  72                         NTAccount nta1 = new NTAccount(@"BUILTIN\Users");
  73                         NTAccount nta2 = new NTAccount(@"BUILTIN\Administrators");
  74                         security.AddAccessRuleTest (new AccessRule<TestRights> (nta1, TestRights.One, AccessControlType.Allow));
  75                         security.AddAccessRuleTest (new AccessRule<TestRights> (nta2, TestRights.One, AccessControlType.Allow));
  76
  77                         AuthorizationRuleCollection rules1 = security.GetAccessRules (true, true, typeof (NTAccount));
  78                         Assert.AreEqual (2, rules1.Count);
  79
  80                         security.PurgeAccessRules (nta1);
  81                         AuthorizationRuleCollection rules2 = security.GetAccessRules (true, true, typeof (NTAccount));
  82                         Assert.AreEqual (1, rules2.Count);
  83                         Assert.IsInstanceOfType (typeof (AccessRule<TestRights>), rules2[0]);
  84                         AccessRule<TestRights> rule = (AccessRule<TestRights>)rules2[0];
  85                         Assert.AreEqual (nta2, rule.IdentityReference);
  86                 }
  87
  88                 [Test]
  89                 public void ResetAccessRuleCausesExactlyOneModifyAccessCall ()
  90                 {
  91                         TestSecurity security = new TestSecurity (false);
  92                         SecurityIdentifier sid = new SecurityIdentifier ("WD");
  93                         security.ResetAccessRuleTest (new AccessRule<TestRights> (sid, TestRights.One, AccessControlType.Allow));
  94                         Assert.AreEqual (1, security.modify_access_called_count);
  95                 }
  96
  97                 enum TestRights
  98                 {
  99                         One = 1
 100                 }
 101
 102                 class TestSecurity : CommonObjectSecurity
 103                 {
 104                         public bool access_rule_factory_called;
 105                         public bool audit_rule_factory_called;
 106                         public bool modify_access_called;
 107                         public int modify_access_called_count;
 108                         public bool modify_access_rule_called;
 109                         public bool modify_audit_called;
 110                         public bool modify_audit_rule_called;
 111
 112                         public TestSecurity (bool isContainer)
 113                                 : base (isContainer)
 114                         {
 115                         }
 116
 117                         public bool IsContainerTest {
 118                                 get { return IsContainer; }
 119                         }
 120
 121                         public bool IsDSTest {
 122                                 get { return IsDS; }
 123                         }
 124
 125                         public void AddAccessRuleTest (AccessRule rule)
 126                         {
 127                                 AddAccessRule (rule);
 128                         }
 129
 130                         public void AddAuditRuleTest (AuditRule rule)
 131                         {
 132                                 AddAuditRule (rule);
 133                         }
 134
 135                         public bool RemoveAccessRuleTest (AccessRule rule)
 136                         {
 137                                 return RemoveAccessRule (rule);
 138                         }
 139
 140                         public void RemoveAccessRuleAllTest (AccessRule rule)
 141                         {
 142                                 RemoveAccessRuleAll (rule);
 143                         }
 144
 145                         public void RemoveAccessRuleSpecificTest (AccessRule rule)
 146                         {
 147                                 RemoveAccessRuleSpecific (rule);
 148                         }
 149
 150                         public void ResetAccessRuleTest (AccessRule rule)
 151                         {
 152                                 ResetAccessRule (rule);
 153                         }
 154
 155                         public override AccessRule AccessRuleFactory (IdentityReference identityReference,
 156                                                                       int accessMask, bool isInherited,
 157                                                                       InheritanceFlags inheritanceFlags,
 158                                                                       PropagationFlags propagationFlags,
 159                                                                       AccessControlType type)
 160                         {
 161                                 access_rule_factory_called = true;
 162                                 return new AccessRule<TestRights> (identityReference, (TestRights)accessMask,
 163                                                                    inheritanceFlags, propagationFlags, type);
 164                         }
 165
 166                         public override AuditRule AuditRuleFactory (IdentityReference identityReference,
 167                                                                     int accessMask, bool isInherited,
 168                                                                     InheritanceFlags inheritanceFlags,
 169                                                                     PropagationFlags propagationFlags,
 170                                                                     AuditFlags flags)
 171                         {
 172                                 audit_rule_factory_called = true;
 173                                 return new AuditRule<TestRights> (identityReference, (TestRights)accessMask,
 174                                                                   inheritanceFlags, propagationFlags, flags);
 175                         }
 176
 177                         public override bool ModifyAccessRule (AccessControlModification modification,
 178                                                                AccessRule rule, out bool modified)
 179                         {
 180                                 modify_access_rule_called = true;
 181                                 return base.ModifyAccessRule (modification, rule, out modified);
 182                         }
 183
 184                         protected override bool ModifyAccess (AccessControlModification modification,
 185                                                               AccessRule rule, out bool modified)
 186                         {
 187                                 modify_access_called = true;
 188                                 modify_access_called_count ++;
 189                                 return base.ModifyAccess (modification, rule, out modified);
 190                         }
 191
 192                         public override bool ModifyAuditRule (AccessControlModification modification,
 193                                                               AuditRule rule, out bool modified)
 194                         {
 195                                 modify_audit_rule_called = true;
 196                                 return base.ModifyAuditRule (modification, rule, out modified);
 197                         }
 198
 199                         protected override bool ModifyAudit (AccessControlModification modification,
 200                                                              AuditRule rule, out bool modified)
 201                         {
 202                                 modify_audit_called = true;
 203                                 return base.ModifyAudit (modification, rule, out modified);
 204                         }
 205
 206                         public override Type AccessRightType {
 207                                 get { return typeof (TestRights); }
 208                         }
 209
 210                         public override Type AccessRuleType {
 211                                 get { return typeof (AccessRule<TestRights>); }
 212                         }
 213
 214                         public override Type AuditRuleType {
 215                                 get { return typeof (AuditRule<TestRights>); }
 216                         }
 217                 }
 218         }
 219 }
 220