c
/
mono
огледало от https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
							// FileSecurityTest.cs - NUnit Test Cases for FileSecurity
//
// Authors:
//	James Bellinger ([email protected])

using System;
using System.IO;
using System.Security.AccessControl;
using System.Security.Principal;
using NUnit.Framework;

namespace MonoTests.System.Security.AccessControl
{
	[TestFixture]
	public class FileSecurityTest
	{
		[Test]
		public void ChangeGroupToEveryone ()
		{
			FileSecurity security;
			if (PlatformID.Win32NT != Environment.OSVersion.Platform) {
				Assert.Ignore ();
			}

			string path = Path.GetTempFileName ();
			try {
				SecurityIdentifier worldSid = new SecurityIdentifier ("WD");

				security = File.GetAccessControl (path);
				security.SetGroup (worldSid);
				File.SetAccessControl (path, security);

				security = File.GetAccessControl (path);
				Assert.AreEqual (worldSid, security.GetGroup (typeof(SecurityIdentifier)));
			} finally {
				File.Delete (path);
			}
		}

		[Test]
		public void ChangeAccessRules ()
		{
			FileSecurity security;
			if (PlatformID.Win32NT != Environment.OSVersion.Platform) {
				Assert.Ignore ();
			}

			string path = Path.GetTempFileName ();
			try {
				// Add 'Everyone' to the access list.
				SecurityIdentifier worldSid = new SecurityIdentifier ("WD");

				security = File.GetAccessControl (path);
				FileSystemAccessRule rule = new FileSystemAccessRule (worldSid,
				                                                      FileSystemRights.FullControl,
				                                                      AccessControlType.Allow);
				security.AddAccessRule (rule);
				File.SetAccessControl (path, security);

				// Make sure 'Everyone' is *on* the access list.
				// Let's use the SafeHandle overload to check it.
				AuthorizationRuleCollection rules;
				using (FileStream file = File.Open (path, FileMode.Open, FileAccess.Read)) {
					security = file.GetAccessControl ();
					rules = security.GetAccessRules (true, false, typeof (SecurityIdentifier));

					Assert.AreEqual (1, rules.Count);
					Assert.AreEqual (worldSid, rules[0].IdentityReference);
					Assert.AreEqual (InheritanceFlags.None, rules[0].InheritanceFlags);
					Assert.AreEqual (PropagationFlags.None, rules[0].PropagationFlags);
					Assert.IsFalse (rules[0].IsInherited);
				}

				// Remove 'Everyone' from the access list.
				security.RemoveAccessRuleSpecific (rule);
				File.SetAccessControl (path, security);

				// Make sure our non-inherited access control list is now empty.
				security = File.GetAccessControl (path);
				rules = security.GetAccessRules (true, false, typeof (SecurityIdentifier));

				Assert.AreEqual (0, rules.Count);
			} finally {
				File.Delete (path);
			}
		}

		[Test, ExpectedException (typeof (UnauthorizedAccessException))]
		public void EveryoneMayNotBeOwner ()
		{
			FileSecurity security;
			if (PlatformID.Win32NT != Environment.OSVersion.Platform) {
				Assert.Ignore ();
			}

			string path = Path.GetTempFileName ();
			try {
				security = File.GetAccessControl (path);
				security.SetOwner (new SecurityIdentifier ("WD"));
				File.SetAccessControl (path, security);
				// If we don't get an InvalidOperationException it could be that we are running
				// with administrator privileges. Don't fail the test if that is the case.
				WindowsIdentity identity = WindowsIdentity.GetCurrent ();
				WindowsPrincipal principal = new WindowsPrincipal (identity);
				if (principal.IsInRole (WindowsBuiltInRole.Administrator)) {
					Assert.Ignore ("Running as Administrator");
				}
			} finally {
				File.Delete (path);
			}
		}

	}
}