1 // DirectorySecurityTest.cs - NUnit Test Cases for DirectorySecurity
4 // James Bellinger (jfb@zer7.com)
8 using System.Security.AccessControl;
9 using System.Security.Principal;
10 using NUnit.Framework;
12 namespace MonoTests.System.Security.AccessControl
15 public class DirectorySecurityTest
18 public void InheritedPermissions ()
20 AuthorizationRuleCollection rules;
21 DirectorySecurity dirSecurity; FileSecurity fileSecurity;
22 SecurityIdentifier usersSid = new SecurityIdentifier ("BU");
23 SecurityIdentifier worldSid = new SecurityIdentifier ("WD");
24 FileSystemAccessRule worldDirFullControl = new FileSystemAccessRule
25 (worldSid, FileSystemRights.FullControl,
26 InheritanceFlags.ObjectInherit, PropagationFlags.None,
27 AccessControlType.Allow);
29 if (PlatformID.Win32NT != Environment.OSVersion.Platform) {
30 Assert.Ignore (); return;
33 string dirpath = Path.Combine (Path.GetTempPath (), Path.GetRandomFileName ());
34 string dirpath2 = null;
35 string filepath = null;
36 DirectoryInfo dirinfo = Directory.CreateDirectory (dirpath);
39 // Set Full Control to Everyone.
40 dirSecurity = dirinfo.GetAccessControl ();
41 dirSecurity.SetGroup (usersSid);
42 dirSecurity.AddAccessRule (worldDirFullControl);
43 Directory.SetAccessControl (dirpath, dirSecurity);
45 // Did the rule store on the directory?
46 dirSecurity = Directory.GetAccessControl (dirpath);
47 rules = dirSecurity.GetAccessRules (true, false, typeof (SecurityIdentifier ));
48 Assert.AreEqual (usersSid, dirSecurity.GetGroup (typeof(SecurityIdentifier)));
49 Assert.AreEqual (1, rules.Count);
50 Assert.AreEqual (worldSid, rules[0].IdentityReference);
51 Assert.AreEqual (InheritanceFlags.ObjectInherit, rules[0].InheritanceFlags);
52 Assert.AreEqual (PropagationFlags.None, rules[0].PropagationFlags);
53 Assert.IsFalse (rules[0].IsInherited);
55 // Create a file. It will have no explicit rules.
56 filepath = Path.Combine (dirpath, Path.GetRandomFileName ());
57 using (FileStream file = new FileStream (filepath, FileMode.Create, FileAccess.ReadWrite)) {
58 fileSecurity = file.GetAccessControl ();
60 rules = fileSecurity.GetAccessRules (true, false, typeof (SecurityIdentifier));
61 Assert.AreEqual (0, rules.Count);
64 // Make sure the file has inherited the Full Control access rule.
65 FileInfo fileInfo = new FileInfo (filepath);
66 fileSecurity = fileInfo.GetAccessControl ();
68 rules = fileSecurity.GetAccessRules (false, true, typeof (SecurityIdentifier));
69 bool fileInheritedRule = false;
70 foreach (FileSystemAccessRule rule in rules) {
71 if (rule.AccessControlType == AccessControlType.Allow &&
72 rule.FileSystemRights == FileSystemRights.FullControl &&
73 rule.IdentityReference == worldSid &&
75 rule.InheritanceFlags == InheritanceFlags.None &&
76 rule.PropagationFlags == PropagationFlags.None) // only containers get non-None flags
77 fileInheritedRule = true;
79 Assert.IsTrue (fileInheritedRule);
81 // ContainerInherit not being set, create a directory.
82 // Its inherited rule will have propagation flags to indicate only its children are affected.
83 dirpath2 = Path.Combine (dirpath, Path.GetRandomFileName ());
84 dirinfo = Directory.CreateDirectory (dirpath2);
85 dirSecurity = dirinfo.GetAccessControl ();
87 rules = dirSecurity.GetAccessRules (false, true, typeof (SecurityIdentifier));
88 bool dirInheritedRule = false;
89 foreach (FileSystemAccessRule rule in rules) {
90 if (rule.AccessControlType == AccessControlType.Allow &&
91 rule.FileSystemRights == FileSystemRights.FullControl &&
92 rule.IdentityReference == worldSid &&
94 rule.InheritanceFlags == InheritanceFlags.ObjectInherit &&
95 rule.PropagationFlags == PropagationFlags.InheritOnly) // <-- key difference
96 dirInheritedRule = true;
98 Assert.IsTrue (dirInheritedRule);
101 if (null != filepath) File.Delete (filepath);
102 if (null != dirpath2) Directory.Delete (dirpath2);
103 Directory.Delete (dirpath);