c
/
mono
mirrorاز https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246
							//
// System.Security.AccessControl.CommonSecurityDescriptor implementation
//
// Author:
//	Dick Porter  <[email protected]>
//	James Bellinger  <[email protected]>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
// Copyright (C) 2012 James Bellinger
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//

using System;
using System.Security.Principal;

namespace System.Security.AccessControl
{
	public sealed class CommonSecurityDescriptor : GenericSecurityDescriptor
	{
		bool is_container;
		bool is_ds;
		ControlFlags flags;
		SecurityIdentifier owner;
		SecurityIdentifier group;
		SystemAcl system_acl;
		DiscretionaryAcl discretionary_acl;
		
		public CommonSecurityDescriptor (bool isContainer, bool isDS, RawSecurityDescriptor rawSecurityDescriptor)
		{
			Init (isContainer, isDS, rawSecurityDescriptor);
		}
		
		public CommonSecurityDescriptor (bool isContainer, bool isDS, string sddlForm)
		{
			Init (isContainer, isDS, new RawSecurityDescriptor (sddlForm));
		}
		
		public CommonSecurityDescriptor (bool isContainer, bool isDS, byte[] binaryForm, int offset)
		{
			Init (isContainer, isDS, new RawSecurityDescriptor (binaryForm, offset));
		}
		
		public CommonSecurityDescriptor (bool isContainer, bool isDS,
						 ControlFlags flags,
						 SecurityIdentifier owner,
						 SecurityIdentifier group,
						 SystemAcl systemAcl,
						 DiscretionaryAcl discretionaryAcl)
		{
			Init (isContainer, isDS, flags, owner, group, systemAcl, discretionaryAcl);
		}
		
		void Init (bool isContainer, bool isDS, RawSecurityDescriptor rawSecurityDescriptor)
		{
			if (null == rawSecurityDescriptor)
				throw new ArgumentNullException ("rawSecurityDescriptor");
				
			SystemAcl sacl = null;
			if (null != rawSecurityDescriptor.SystemAcl)
				sacl = new SystemAcl (isContainer, isDS, rawSecurityDescriptor.SystemAcl);
				
			DiscretionaryAcl dacl = null;
			if (null != rawSecurityDescriptor.DiscretionaryAcl)
				dacl = new DiscretionaryAcl (isContainer, isDS, rawSecurityDescriptor.DiscretionaryAcl);
				
			Init (isContainer, isDS,
			      rawSecurityDescriptor.ControlFlags,
			      rawSecurityDescriptor.Owner,
			      rawSecurityDescriptor.Group,
			      sacl, dacl);
		}
		
		void Init (bool isContainer, bool isDS,
			   ControlFlags flags,
			   SecurityIdentifier owner,
			   SecurityIdentifier group,
			   SystemAcl systemAcl,
			   DiscretionaryAcl discretionaryAcl)
		{
			this.flags = flags & ~ControlFlags.SystemAclPresent;
			this.is_container = isContainer;
			this.is_ds = isDS;
			
			Owner = owner;
			Group = group;
			SystemAcl = systemAcl;
			DiscretionaryAcl = discretionaryAcl;
		}
		
		public override ControlFlags ControlFlags {
			get {
				ControlFlags realFlags = flags;
				
				realFlags |= ControlFlags.DiscretionaryAclPresent;
				realFlags |= ControlFlags.SelfRelative;
				if (SystemAcl != null)
					realFlags |= ControlFlags.SystemAclPresent;
					
				return realFlags;
			}
		}
		
		public DiscretionaryAcl DiscretionaryAcl {
			get { return discretionary_acl; }
			set {
				if (value == null) {
					value = new DiscretionaryAcl (IsContainer, IsDS, 1);
					value.AddAccess (AccessControlType.Allow, new SecurityIdentifier ("WD"), -1,
							IsContainer ? InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
								    : InheritanceFlags.None, PropagationFlags.None);
					value.IsAefa = true;
				}
				
				CheckAclConsistency (value);
				discretionary_acl = value;
			}
		}
		
		internal override GenericAcl InternalDacl {
			get { return DiscretionaryAcl; }
		}
		
		public override SecurityIdentifier Group {
			get { return  group; }
			set { group = value; }
		}

		public bool IsContainer {
			get { return is_container; }
		}
		
		public bool IsDiscretionaryAclCanonical {
			get { return DiscretionaryAcl.IsCanonical; }
		}
		
		public bool IsDS {
			get { return is_ds; }
		}
		
		public bool IsSystemAclCanonical {
			get { return SystemAcl == null || SystemAcl.IsCanonical; }
		}
		
		public override SecurityIdentifier Owner {
			get { return  owner; }
			set { owner = value; }
		}
		
		public SystemAcl SystemAcl {
			get { return system_acl;  }
			set {
				if (value != null)
					CheckAclConsistency (value);
					
				system_acl = value;
			}
		}
		
		internal override GenericAcl InternalSacl {
			get { return SystemAcl; }
		}

		public void PurgeAccessControl (SecurityIdentifier sid)
		{
			DiscretionaryAcl.Purge (sid);
		}
		
		public void PurgeAudit (SecurityIdentifier sid)
		{
			if (SystemAcl != null)
				SystemAcl.Purge (sid);
		}
		
		public void SetDiscretionaryAclProtection (bool isProtected,
							   bool preserveInheritance)
		{
			DiscretionaryAcl.IsAefa = false;
			
			if (!isProtected) {
				flags &= ~ControlFlags.DiscretionaryAclProtected;
				return;
			}
			
			flags |= ControlFlags.DiscretionaryAclProtected;
			if (!preserveInheritance)
				DiscretionaryAcl.RemoveInheritedAces ();
		}
		
		public void SetSystemAclProtection (bool isProtected,
						    bool preserveInheritance)
		{
			if (!isProtected) {
				flags &= ~ControlFlags.SystemAclProtected;
				return;
			}
			
			flags |= ControlFlags.SystemAclProtected;
			if (!preserveInheritance && SystemAcl != null)
				SystemAcl.RemoveInheritedAces ();
		}

		public void AddDiscretionaryAcl (byte revision, int trusted)
		{
			DiscretionaryAcl = new DiscretionaryAcl (IsContainer, IsDS, revision, trusted);
			flags |= ControlFlags.DiscretionaryAclPresent;
		}

		public void AddSystemAcl(byte revision, int trusted)
		{
			SystemAcl = new SystemAcl (IsContainer, IsDS, revision, trusted);
			flags |= ControlFlags.SystemAclPresent;
		}

		void CheckAclConsistency (CommonAcl acl)
		{
			if (IsContainer != acl.IsContainer)
				throw new ArgumentException ("IsContainer must match between descriptor and ACL.");
			
			if (IsDS != acl.IsDS)
				throw new ArgumentException ("IsDS must match between descriptor and ACL.");
		}

		internal override bool DaclIsUnmodifiedAefa {
			get { return DiscretionaryAcl.IsAefa; }
		}
	}
}