1 // DirectoryObjectSecurityTest.cs - NUnit Test Cases for DirectoryObjectSecurity
4 // James Bellinger <jfb@zer7.com>
6 // Copyright (C) 2012 James Bellinger
9 using System.Collections.Generic;
10 using System.Security.AccessControl;
11 using System.Security.Principal;
12 using NUnit.Framework;
14 namespace MonoTests.System.Security.AccessControl
17 public class DirectoryObjectSecurityTest
20 public void Defaults ()
22 TestSecurity security = new TestSecurity ();
23 Assert.IsTrue (security.IsContainerTest);
24 Assert.IsTrue (security.IsDSTest);
27 [Test, ExpectedExceptionAttribute (typeof (ArgumentOutOfRangeException))]
28 public void ChecksAccessControlModificationRange ()
30 bool modifiedRet, modifiedOut;
31 TestSecurity security = new TestSecurity ();
33 SecurityIdentifier sid = new SecurityIdentifier ("WD");
34 TestAccessRule rule = new TestAccessRule
35 (sid, 1, false, InheritanceFlags.None, PropagationFlags.None,
36 Guid.Empty, Guid.Empty, AccessControlType.Allow);
38 modifiedRet = security.ModifyAccessRule ((AccessControlModification)43210,
39 rule, out modifiedOut);
43 public void IgnoresResetOnAuditAndReturnsTrue ()
45 bool modifiedRet, modifiedOut;
46 TestSecurity security = new TestSecurity ();
48 SecurityIdentifier sid = new SecurityIdentifier ("WD");
49 TestAuditRule rule = new TestAuditRule
50 (sid, 1, false, InheritanceFlags.None, PropagationFlags.None,
51 Guid.Empty, Guid.Empty, AuditFlags.Success);
53 modifiedRet = security.ModifyAuditRule (AccessControlModification.Reset,
54 rule, out modifiedOut);
55 Assert.IsTrue (modifiedRet);
58 [Test, ExpectedException (typeof (ArgumentNullException))]
59 public void ConstructorFailsOnNullDescriptor ()
61 new TestSecurity (null);
65 public void ConstructorLetsFalseDSThrough ()
67 CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
68 (false, false, ControlFlags.None, null, null, null, null);
70 TestSecurity security = new TestSecurity (descriptor);
71 Assert.IsFalse (security.IsContainerTest);
72 Assert.IsFalse (security.IsDSTest);
76 public void ObjectSecurityJustWrapsCommonSecurityDescriptor ()
78 CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
79 (false, false, ControlFlags.None, null, null, null, null);
81 TestSecurity security = new TestSecurity (descriptor);
82 Assert.IsNull (security.GetOwner (typeof(SecurityIdentifier)));
83 SecurityIdentifier sid = new SecurityIdentifier ("WD");
85 descriptor.Owner = sid; // Not virtual, so the conclusion in the test's title.
86 Assert.IsFalse (security.OwnerModifiedTest);
87 Assert.AreSame (sid, security.GetOwner (typeof(SecurityIdentifier)));
89 security.SetOwner (sid);
90 Assert.IsTrue (security.OwnerModifiedTest);
91 Assert.AreSame (sid, security.GetOwner (typeof(SecurityIdentifier)));
94 [Test, ExpectedExceptionAttribute (typeof (InvalidOperationException))]
95 public void LocksAreEnforced ()
97 TestSecurity security = new TestSecurity ();
98 bool value = security.OwnerModifiedTestWithoutLock;
102 [Category ("NotWorking")] // Mono does not have a working CustomAce implementation yet.
103 public void ObjectSecurityRemovesWhatItCannotCreate ()
105 RawAcl acl = new RawAcl (GenericAcl.AclRevision, 1);
106 acl.InsertAce (0, new CustomAce ((AceType)255, AceFlags.None, new byte[4]));
108 DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, acl);
109 Assert.AreEqual (1, dacl.Count);
111 CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
112 (true, true, ControlFlags.None, null, null, null, dacl);
114 TestSecurity security = new TestSecurity (descriptor);
115 AuthorizationRuleCollection rules = security.GetAccessRules (true, true, typeof (SecurityIdentifier));
116 Assert.AreEqual (0, rules.Count);
120 public void FactoryWithoutGuidsCalledWhenNotObjectAce ()
122 TestSecurity security = FactoryCallTest (false);
123 Assert.IsTrue (security.access_factory_called);
126 [Test, ExpectedExceptionAttribute (typeof (NotImplementedException))]
127 public void FactoryWithGuidsThrowsNotImplementedByDefault ()
129 FactoryCallTest (true);
132 TestSecurity FactoryCallTest (bool objectAce)
134 SecurityIdentifier sid = new SecurityIdentifier ("WD");
135 DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, 1);
136 dacl.AddAccess (AccessControlType.Allow, sid, 1,
137 InheritanceFlags.None, PropagationFlags.None,
138 objectAce ? ObjectAceFlags.ObjectAceTypePresent : ObjectAceFlags.None,
139 Guid.NewGuid (), Guid.Empty);
141 CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
142 (true, true, ControlFlags.None, null, null, null, dacl);
144 TestSecurity security = new TestSecurity (descriptor);
145 security.GetAccessRules (true, true, typeof (SecurityIdentifier));
149 class TestAccessRule : ObjectAccessRule
151 public TestAccessRule(IdentityReference identity, int accessMask, bool isInherited,
152 InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags,
153 Guid objectType, Guid inheritedObjectType,
154 AccessControlType type)
155 : base(identity, accessMask, isInherited, inheritanceFlags, propagationFlags,
156 objectType, inheritedObjectType, type)
161 class TestAuditRule : ObjectAuditRule
163 public TestAuditRule(IdentityReference identity, int accessMask, bool isInherited,
164 InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags,
165 Guid objectType, Guid inheritedObjectType,
167 : base(identity, accessMask, isInherited, inheritanceFlags, propagationFlags,
168 objectType, inheritedObjectType, flags)
173 class TestSecurity : DirectoryObjectSecurity
175 internal bool access_factory_called;
177 public TestSecurity ()
181 public TestSecurity (CommonSecurityDescriptor descriptor)
186 public bool IsContainerTest {
187 get { return IsContainer; }
190 public bool IsDSTest {
194 public bool OwnerModifiedTest {
195 get { ReadLock (); bool value = OwnerModified; ReadUnlock (); return value; }
196 set { WriteLock (); OwnerModified = value; WriteUnlock (); }
199 public bool OwnerModifiedTestWithoutLock {
200 get { return OwnerModified; }
203 public override AccessRule AccessRuleFactory (IdentityReference identityReference,
204 int accessMask, bool isInherited,
205 InheritanceFlags inheritanceFlags,
206 PropagationFlags propagationFlags,
207 AccessControlType type)
209 access_factory_called = true;
210 return new TestAccessRule (identityReference, accessMask,
211 isInherited, inheritanceFlags, propagationFlags,
212 Guid.Empty, Guid.Empty, type);
215 public override AuditRule AuditRuleFactory (IdentityReference identityReference,
216 int accessMask, bool isInherited,
217 InheritanceFlags inheritanceFlags,
218 PropagationFlags propagationFlags,
221 return new TestAuditRule (identityReference, accessMask,
222 isInherited, inheritanceFlags, propagationFlags,
223 Guid.Empty, Guid.Empty, flags);
226 public override Type AccessRightType {
227 get { return typeof (int); }
230 public override Type AccessRuleType {
231 get { return typeof (TestAccessRule); }
234 public override Type AuditRuleType {
235 get { return typeof (TestAuditRule); }