// Authors:
// Dick Porter <dick@ximian.com>
// Atsushi Enomoto <atsushi@ximian.com>
+// James Bellinger <jfb@zer7.com>
//
// Copyright (C) 2006-2007 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2012 James Bellinger
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
using System.Security.Principal;
-namespace System.Security.AccessControl {
+namespace System.Security.AccessControl
+{
public sealed class DiscretionaryAcl : CommonAcl
{
-// RawAcl raw_acl;
-
- public DiscretionaryAcl (bool isContainer, bool isDS,
- int capacity)
- : this (isContainer, isDS, 0, capacity)
+ public DiscretionaryAcl (bool isContainer, bool isDS, int capacity)
+ : base (isContainer, isDS, capacity)
{
- throw new NotImplementedException ();
}
- public DiscretionaryAcl (bool isContainer, bool isDS,
- RawAcl rawAcl)
- : base (isContainer, isDS, 0)
+ public DiscretionaryAcl (bool isContainer, bool isDS, RawAcl rawAcl)
+ : base (isContainer, isDS, rawAcl)
{
-// this.raw_acl = rawAcl;
}
- public DiscretionaryAcl (bool isContainer, bool isDS,
- byte revision, int capacity)
+ public DiscretionaryAcl (bool isContainer, bool isDS, byte revision, int capacity)
: base (isContainer, isDS, revision, capacity)
{
}
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags)
{
- throw new NotImplementedException ();
- // CommonAce?
+ AddAce (GetAceQualifier (accessType), sid, accessMask,
+ inheritanceFlags, propagationFlags, AuditFlags.None);
}
public void AddAccess (AccessControlType accessType,
Guid objectType,
Guid inheritedObjectType)
{
- // ObjectAce?
- throw new NotImplementedException ();
+ AddAce (GetAceQualifier (accessType), sid, accessMask,
+ inheritanceFlags, propagationFlags, AuditFlags.None,
+ objectFlags, objectType, inheritedObjectType);
}
-
+
+ public void AddAccess (AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
+ {
+ AddAccess (accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
+ }
+
+ [MonoTODO]
public bool RemoveAccess (AccessControlType accessType,
SecurityIdentifier sid,
int accessMask,
throw new NotImplementedException ();
}
+ [MonoTODO]
public bool RemoveAccess (AccessControlType accessType,
SecurityIdentifier sid,
int accessMask,
{
throw new NotImplementedException ();
}
-
+
+ public bool RemoveAccess (AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
+ {
+ return RemoveAccess (accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
+ }
+
public void RemoveAccessSpecific (AccessControlType accessType,
SecurityIdentifier sid,
int accessMask,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags)
{
- throw new NotImplementedException ();
+ RemoveAceSpecific (GetAceQualifier (accessType), sid, accessMask,
+ inheritanceFlags, propagationFlags, AuditFlags.None);
}
public void RemoveAccessSpecific (AccessControlType accessType,
Guid objectType,
Guid inheritedObjectType)
{
- throw new NotImplementedException ();
+ RemoveAceSpecific (GetAceQualifier (accessType), sid, accessMask,
+ inheritanceFlags, propagationFlags, AuditFlags.None,
+ objectFlags, objectType, inheritedObjectType);
}
-
+
+ public void RemoveAccessSpecific (AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
+ {
+ RemoveAccessSpecific (accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
+ }
+
public void SetAccess (AccessControlType accessType,
SecurityIdentifier sid,
int accessMask,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags)
{
- throw new NotImplementedException ();
+ SetAce (GetAceQualifier (accessType), sid, accessMask,
+ inheritanceFlags, propagationFlags, AuditFlags.None);
}
public void SetAccess (AccessControlType accessType,
Guid objectType,
Guid inheritedObjectType)
{
- throw new NotImplementedException ();
+ SetAce (GetAceQualifier (accessType), sid, accessMask,
+ inheritanceFlags, propagationFlags, AuditFlags.None,
+ objectFlags, objectType, inheritedObjectType);
+ }
+
+ public void SetAccess (AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
+ {
+ SetAccess (accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
+ }
+
+ internal override void ApplyCanonicalSortToExplicitAces ()
+ {
+ int explicitCount = GetCanonicalExplicitAceCount ();
+ int explicitDenys = GetCanonicalExplicitDenyAceCount ();
+
+ ApplyCanonicalSortToExplicitAces (0, explicitDenys);
+ ApplyCanonicalSortToExplicitAces (explicitDenys, explicitCount - explicitDenys);
+ }
+
+ internal override int GetAceInsertPosition (AceQualifier aceQualifier)
+ {
+ // Canonical order for DACLs is explicit deny, explicit allow, inherited.
+ if (AceQualifier.AccessAllowed == aceQualifier)
+ return GetCanonicalExplicitDenyAceCount ();
+ else
+ return 0;
+ }
+
+ static AceQualifier GetAceQualifier (AccessControlType accessType)
+ {
+ if (AccessControlType.Allow == accessType)
+ return AceQualifier.AccessAllowed;
+ else if (AccessControlType.Deny == accessType)
+ return AceQualifier.AccessDenied;
+ else
+ throw new ArgumentOutOfRangeException ("accessType");
+ }
+
+ internal override bool IsAceMeaningless (GenericAce ace)
+ {
+ if (base.IsAceMeaningless (ace)) return true;
+ if (AuditFlags.None != ace.AuditFlags) return true;
+
+ QualifiedAce qace = ace as QualifiedAce;
+ if (null != qace) {
+ if (!(AceQualifier.AccessAllowed == qace.AceQualifier ||
+ AceQualifier.AccessDenied == qace.AceQualifier)) return true;
+ }
+
+ return false;
}
}
}