1 // ObjectSecurityTest.cs - NUnit Test Cases for ObjectSecurity
4 // James Bellinger <jfb@zer7.com>
6 // Copyright (C) 2012 James Bellinger
9 using System.Collections.Generic;
10 using System.Security.AccessControl;
11 using System.Security.Principal;
12 using NUnit.Framework;
14 namespace MonoTests.System.Security.AccessControl
17 public class ObjectSecurityTest
20 public void Defaults ()
22 TestSecurity security = new TestSecurity ();
23 Assert.IsTrue (security.AreAccessRulesCanonical);
24 Assert.IsTrue (security.AreAuditRulesCanonical);
25 Assert.IsFalse (security.AreAccessRulesProtected);
26 Assert.IsFalse (security.AreAuditRulesProtected);
27 Assert.IsNull (security.GetGroup (typeof (SecurityIdentifier)));
28 Assert.IsNull (security.GetOwner (typeof (SecurityIdentifier)));
32 public void DefaultsForSddlAndBinary ()
34 TestSecurity security = new TestSecurity ();
35 Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
36 Assert.AreEqual (28, security.GetSecurityDescriptorBinaryForm ().Length);
40 public void SetSddlForm ()
42 TestSecurity security = new TestSecurity ();
44 SecurityIdentifier groupSid = new SecurityIdentifier ("WD");
45 SecurityIdentifier userSid = new SecurityIdentifier ("SY");
47 security.SetGroup (groupSid);
48 security.SetOwner (userSid);
49 Assert.AreEqual ("G:WD", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
50 Assert.AreEqual ("O:SY", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
51 security.SetSecurityDescriptorSddlForm ("O:BG", AccessControlSections.Owner);
52 Assert.AreEqual ("O:BG", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
53 Assert.AreEqual (new SecurityIdentifier ("BG"), security.GetOwner (typeof (SecurityIdentifier)));
57 public void SetSddlFormAllowsFlags ()
59 TestSecurity security = new TestSecurity ();
60 security.SetSecurityDescriptorSddlForm ("G:BA", AccessControlSections.Group | AccessControlSections.Owner);
61 Assert.AreEqual ("", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
62 Assert.AreEqual ("G:BA", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
65 [Test, ExpectedException (typeof (ArgumentNullException))]
66 public void SetGroupThrowsOnNull ()
68 TestSecurity security = new TestSecurity ();
69 security.SetGroup (null);
72 [Test, ExpectedException (typeof (ArgumentNullException))]
73 public void SetOwnerThrowsOnNull ()
75 TestSecurity security = new TestSecurity ();
76 security.SetOwner (null);
79 [Test, ExpectedException (typeof (ArgumentNullException))]
80 public void PurgeThrowsOnNull ()
82 TestSecurity security = new TestSecurity ();
83 security.PurgeAccessRules (null);
87 public void AllTypesAcceptedOnGetGroupOwnerUntilTheyAreSet ()
89 TestSecurity security = new TestSecurity ();
90 Assert.IsNull (security.GetGroup (typeof (void)));
91 Assert.IsNull (security.GetOwner (typeof (int)));
93 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
94 security.SetOwner (everyoneSid);
96 bool throwsOnInt = false;
97 try { security.GetOwner (typeof (int)); } catch (ArgumentException) { throwsOnInt = true; }
98 Assert.IsTrue (throwsOnInt);
100 bool throwsOnSuperclass = false;
101 try { security.GetOwner (typeof (IdentityReference)); } catch (ArgumentException) { throwsOnSuperclass = true; }
102 Assert.IsTrue (throwsOnSuperclass);
104 Assert.IsNull (security.GetGroup (typeof (void)));
105 Assert.IsInstanceOfType (typeof (SecurityIdentifier), security.GetOwner (typeof (SecurityIdentifier)));
109 public void ModifyAccessRuleAllowsDerivedTypeAndCallsModifyAccessButNothingChanges ()
111 bool modifiedRet, modifiedOut;
112 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
113 TestSecurity security = new TestSecurity ();
115 DerivedAccessRule rule = new DerivedAccessRule (everyoneSid, TestRights.One, AccessControlType.Allow);
117 modifiedRet = security.ModifyAccessRule (AccessControlModification.Add, rule, out modifiedOut);
118 Assert.AreEqual (modifiedRet, modifiedOut);
119 Assert.IsTrue (modifiedRet);
121 Assert.IsTrue (security.modify_access_called);
122 Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
124 // (1) There is no external abstract/virtual 'get collection',
125 // (2) The overrides in this test call this base class, which does not change it, and
126 // (3) There are methods based on the collection value such as GetSecurityDescriptorSddlForm.
127 // Conclusion: Collection is internal and manipulated by derived classes.
130 [Test, ExpectedException (typeof (ArgumentException))]
131 public void ModifyAccessRuleThrowsOnWrongType ()
134 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
135 TestSecurity security = new TestSecurity ();
137 FileSystemAccessRule rule = new FileSystemAccessRule
138 (everyoneSid, FileSystemRights.FullControl, AccessControlType.Allow);
140 security.ModifyAccessRule (AccessControlModification.Add, rule, out modified);
146 bool modifiedRet, modifiedOut;
147 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
148 TestSecurity security = new TestSecurity ();
150 TestAccessRule rule = new TestAccessRule
151 (everyoneSid, TestRights.One, AccessControlType.Allow);
153 modifiedRet = security.ModifyAccessRule (AccessControlModification.Reset, rule, out modifiedOut);
157 public void Protection ()
159 TestSecurity security = new TestSecurity ();
161 security.SetAccessRuleProtection (true, true);
162 Assert.IsTrue (security.AreAccessRulesProtected);
163 Assert.IsFalse (security.AreAuditRulesProtected);
165 security.SetAuditRuleProtection (true, false);
166 Assert.IsTrue (security.AreAccessRulesProtected);
167 Assert.IsTrue (security.AreAuditRulesProtected);
169 security.SetAccessRuleProtection (false, false);
170 Assert.IsFalse (security.AreAccessRulesProtected);
171 Assert.IsTrue (security.AreAuditRulesProtected);
173 security.SetAuditRuleProtection (false, true);
174 Assert.IsFalse (security.AreAccessRulesProtected);
175 Assert.IsFalse (security.AreAuditRulesProtected);
183 class DerivedAccessRule : TestAccessRule
185 public DerivedAccessRule (IdentityReference identity, TestRights rights, AccessControlType type)
186 : base (identity, rights, type)
191 class TestAccessRule : AccessRule
193 public TestAccessRule (IdentityReference identity, TestRights rights, AccessControlType type)
194 : this (identity, rights, false, InheritanceFlags.None, PropagationFlags.None, type)
198 public TestAccessRule (IdentityReference identity,
199 TestRights rights, bool isInherited,
200 InheritanceFlags inheritanceFlags,
201 PropagationFlags propagationFlags,
202 AccessControlType type)
203 : base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, type)
208 class TestAuditRule : AuditRule
210 public TestAuditRule (IdentityReference identity,
211 TestRights rights, bool isInherited,
212 InheritanceFlags inheritanceFlags,
213 PropagationFlags propagationFlags,
215 : base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, flags)
220 class TestSecurity : ObjectSecurity
222 internal bool modify_access_called;
224 public TestSecurity () : base (false, false)
228 public override AccessRule AccessRuleFactory (IdentityReference identityReference,
229 int accessMask, bool isInherited,
230 InheritanceFlags inheritanceFlags,
231 PropagationFlags propagationFlags,
232 AccessControlType type)
234 return new TestAccessRule (identityReference, (TestRights)accessMask, isInherited,
235 inheritanceFlags, propagationFlags, type);
238 public override AuditRule AuditRuleFactory (IdentityReference identityReference,
239 int accessMask, bool isInherited,
240 InheritanceFlags inheritanceFlags,
241 PropagationFlags propagationFlags,
244 return new TestAuditRule (identityReference, (TestRights)accessMask, isInherited,
245 inheritanceFlags, propagationFlags, flags);
248 protected override bool ModifyAccess (AccessControlModification modification,
249 AccessRule rule, out bool modified)
251 modify_access_called = true;
252 modified = true; return modified;
255 protected override bool ModifyAudit (AccessControlModification modification,
256 AuditRule rule, out bool modified)
258 modified = false; return modified;
261 public override Type AccessRightType {
262 get { return typeof (TestRights); }
265 public override Type AccessRuleType {
266 get { return typeof (TestAccessRule); }
269 public override Type AuditRuleType {
270 get { return typeof (TestAuditRule); }