c
/
mono
mirror of https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
							// SystemAclTest.cs - NUnit Test Cases for SystemAcl
//
// Authors:
//	James Bellinger  <[email protected]>
//
// Copyright (C) 2012 James Bellinger

using System;
using System.Collections.Generic;
using System.Security.AccessControl;
using System.Security.Principal;
using NUnit.Framework;

namespace MonoTests.System.Security.AccessControl
{
	[TestFixture]
	public class SystemAclTest
	{
		[Test]
		public void StartsEmpty ()
		{
			Assert.AreEqual (0, new SystemAcl (false, false, 0).Count);
			//Assert.AreEqual (0, new SystemAcl (false, false, null).Count);
			// ^ MS.NET has a bug here and throws, contrary to their own documentation.
		}

		[Test]
		public void AddAuditMergesFlags ()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("BA");
			SystemAcl sacl = new SystemAcl (false, false, 0);

			sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None);
			sacl.AddAudit (AuditFlags.Failure, sid, 1, InheritanceFlags.None, PropagationFlags.None);
			Assert.AreEqual (1, sacl.Count);

			CommonAce ace = (CommonAce)sacl [0];
			Assert.AreEqual (AuditFlags.Success|AuditFlags.Failure, ace.AuditFlags);
		}

		[Test]
		public void AddAuditCommonAce ()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("BA");
			SystemAcl sacl = new SystemAcl (false, false, 0);

			sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None);
			Assert.AreEqual (1, sacl.Count);

			CommonAce ace = (CommonAce)sacl [0];
			Assert.AreEqual (AuditFlags.Success, ace.AuditFlags);
			Assert.AreEqual (1, ace.AccessMask);
			Assert.AreEqual ("S-1-5-32-544", ace.SecurityIdentifier.Value);
			Assert.IsFalse (ace.IsInherited);
		}

		[Test]
		public void AddAuditCommonAceUsingDSOverload ()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("BA");
			SystemAcl sacl = new SystemAcl (false, true, 0);

			sacl.AddAudit (AuditFlags.Failure, sid, 1, InheritanceFlags.None, PropagationFlags.None,
			               ObjectAceFlags.None, Guid.NewGuid (), Guid.NewGuid ());
			Assert.AreEqual (1, sacl.Count);

			CommonAce ace = (CommonAce)sacl [0];
			Assert.AreEqual (AuditFlags.Failure, ace.AuditFlags);
			Assert.AreEqual (1, ace.AccessMask);
			Assert.AreEqual ("S-1-5-32-544", ace.SecurityIdentifier.Value);
			Assert.IsFalse (ace.IsInherited);
		}

		[Test]
		public void AddAuditObjectAceAndCommonAce ()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("BA");
			SystemAcl sacl = new SystemAcl (false, true, 0);

			sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None,
			               ObjectAceFlags.ObjectAceTypePresent, Guid.NewGuid (), Guid.Empty);
			sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None,
				       ObjectAceFlags.None, Guid.Empty, Guid.Empty);
			Assert.AreEqual (2, sacl.Count);

			CommonAce cace = (CommonAce)sacl [0];
			Assert.AreEqual (1, cace.AccessMask);
			Assert.AreEqual ("S-1-5-32-544", cace.SecurityIdentifier.Value);
			Assert.IsFalse (cace.IsCallback);
			Assert.IsFalse (cace.IsInherited);

			ObjectAce oace = (ObjectAce)sacl [1];
			Assert.AreEqual (1, oace.AccessMask);
			Assert.AreEqual ("S-1-5-32-544", oace.SecurityIdentifier.Value);
			Assert.IsFalse (oace.IsCallback);
			Assert.IsFalse (oace.IsInherited);

			sacl.AddAudit (AuditFlags.Success, sid, 2, InheritanceFlags.None, PropagationFlags.None,
				       ObjectAceFlags.None, Guid.Empty, Guid.Empty);
			Assert.AreEqual (2, sacl.Count);

			CommonAce cace2 = (CommonAce)sacl [0];
			Assert.AreEqual (3, cace2.AccessMask);
		}

		[Test]
		public void RemoveSpecific ()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("BA");
			SystemAcl sacl = new SystemAcl (false, false, 0);

			RemoveSpecificBegin (sid, sacl, InheritanceFlags.None);
			sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3, InheritanceFlags.None, PropagationFlags.None);
			Assert.AreEqual (0, sacl.Count);
		}

		[Test]
		public void RemoveSpecificUsingDSOverload ()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("BA");
			SystemAcl sacl = new SystemAcl (false, true, 0);

			RemoveSpecificBegin (sid, sacl, InheritanceFlags.None);
			sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3, InheritanceFlags.None, PropagationFlags.None,
			                          ObjectAceFlags.ObjectAceTypePresent, Guid.Empty, Guid.Empty);
			Assert.AreEqual (1, sacl.Count);
			sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3, InheritanceFlags.None, PropagationFlags.None,
			                          ObjectAceFlags.None, Guid.Empty, Guid.Empty);
			Assert.AreEqual (0, sacl.Count);
		}

		void RemoveSpecificBegin (SecurityIdentifier sid, SystemAcl sacl, InheritanceFlags inheritanceFlags)
		{
			SecurityIdentifier otherSid = new SecurityIdentifier ("BU");

			sacl.AddAudit (AuditFlags.Success, sid, 3, inheritanceFlags, PropagationFlags.None);
			Assert.AreEqual (1, sacl.Count);
			sacl.RemoveAuditSpecific (AuditFlags.Failure, sid, 1, inheritanceFlags, PropagationFlags.None);
			Assert.AreEqual (1, sacl.Count);
			sacl.RemoveAuditSpecific (AuditFlags.Success, otherSid, 1, inheritanceFlags, PropagationFlags.None);
			Assert.AreEqual (1, sacl.Count);
			sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 1, inheritanceFlags, PropagationFlags.None);
			Assert.AreEqual (1, sacl.Count);
			Assert.AreEqual (3, ((CommonAce)sacl [0]).AccessMask);
			sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3,
			                          inheritanceFlags ^ InheritanceFlags.ContainerInherit,
			                          PropagationFlags.None);
			Assert.AreEqual (1, sacl.Count);
		}

		[Test]
		public void SetAudit ()
		{
			SecurityIdentifier adminSid = new SecurityIdentifier ("BA"); // S-1-5-32-544
			SecurityIdentifier userSid = new SecurityIdentifier ("BU"); // S-1-5-32-545

			SystemAcl sacl = new SystemAcl (true, false, 0);
			sacl.SetAudit (AuditFlags.Success, adminSid, 1, InheritanceFlags.ObjectInherit, PropagationFlags.None);
			sacl.SetAudit (AuditFlags.Success, userSid, 2, InheritanceFlags.None, PropagationFlags.None);
			Assert.AreEqual (2, sacl.Count);

			CommonAce ace = (CommonAce)sacl [0];
			Assert.AreEqual (adminSid, ace.SecurityIdentifier);
			Assert.AreEqual (1, ace.AccessMask);

			sacl.SetAudit (AuditFlags.Success, adminSid, 4, InheritanceFlags.ObjectInherit, PropagationFlags.None);
			Assert.AreNotEqual (4, ace.AccessMask);
			ace = (CommonAce)sacl [0];
			Assert.AreEqual (4, ace.AccessMask);

			sacl.SetAudit (AuditFlags.Failure, adminSid, 4, InheritanceFlags.ObjectInherit, PropagationFlags.None);
			Assert.AreEqual (2, sacl.Count);
			ace = (CommonAce)sacl [0];
			Assert.AreEqual (AuditFlags.Failure, ace.AuditFlags);
			Assert.AreEqual (adminSid, ace.SecurityIdentifier);
			ace = (CommonAce)sacl [1];
			Assert.AreEqual (AuditFlags.Success, ace.AuditFlags);
			Assert.AreEqual (userSid, ace.SecurityIdentifier);
		}
	}
}