c
/
mono
kopia lustrzana https://github.com/mono/mono.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253
							// CommonObjectSecurityTest.cs - NUnit Test Cases for CommonObjectSecurity
//
// Authors:
//	James Bellinger  <[email protected]>
//
// Copyright (C) 2012 James Bellinger

using System;
using System.Collections.Generic;
using System.Security.AccessControl;
using System.Security.Principal;
using NUnit.Framework;

namespace MonoTests.System.Security.AccessControl
{
	[TestFixture]
	public class CommonObjectSecurityTest
	{
		[Test]
		public void Defaults ()
		{
			TestSecurity security;

			security = new TestSecurity (false);
			Assert.IsFalse (security.IsContainerTest);
			Assert.IsFalse (security.IsDSTest);

			security = new TestSecurity (true);
			Assert.IsTrue (security.IsContainerTest);
			Assert.IsFalse (security.IsDSTest);
		}

		[Test]
		public void AddAndGetAccessRulesWorkAndMergeCorrectly ()
		{
			var security = new TestSecurity (false);

			// CommonObjectSecurity does not appear to care at all about types on MS.NET.
			// It just uses AccessMask, and then GetAccessRules uses the factory methods.
			// So, the whole API is a mess of strong typing and repeated code backed by nothing.
			Assert.IsFalse (security.modify_access_called);

			SecurityIdentifier sid = new SecurityIdentifier (WellKnownSidType.WorldSid, null);
			security.AddAccessRuleTest (new TestAccessRule<int> (sid, 2, AccessControlType.Allow));
			security.AddAccessRuleTest (new TestAccessRule<TestRights> (sid, TestRights.One, AccessControlType.Allow));
			security.AddAccessRuleTest (new TestAccessRule<int> (sid, 4, AccessControlType.Allow));

			Assert.IsTrue (security.modify_access_called);
			Assert.IsFalse (security.modify_access_rule_called);
			Assert.IsFalse (security.modify_audit_called);

			Assert.IsFalse (security.access_rule_factory_called);
			AuthorizationRuleCollection rules1 = security.GetAccessRules (false, true, typeof (SecurityIdentifier));
			Assert.IsFalse (security.access_rule_factory_called);
			Assert.AreEqual (0, rules1.Count);

			Assert.IsFalse (security.access_rule_factory_called);
			AuthorizationRuleCollection rules2 = security.GetAccessRules (true, true, typeof (SecurityIdentifier));
			Assert.IsTrue (security.access_rule_factory_called);
			Assert.AreEqual (1, rules2.Count);

			Assert.IsInstanceOfType (typeof (TestAccessRule<TestRights>), rules2[0]);
			TestAccessRule<TestRights> rule = (TestAccessRule<TestRights>)rules2[0];
			Assert.AreEqual ((TestRights)7, rule.Rights);
		}

		[Test]
		public void AddAndPurgeWorks ()
		{
			TestSecurity security = new TestSecurity (false);
 
			NTAccount nta1 = new NTAccount(@"BUILTIN\Users");
			NTAccount nta2 = new NTAccount(@"BUILTIN\Administrators");
			security.AddAccessRuleTest (new TestAccessRule<TestRights> (nta1, TestRights.One,
			                                                            AccessControlType.Allow));
			security.AddAccessRuleTest (new TestAccessRule<TestRights> (nta2, TestRights.One,
			                                                            AccessControlType.Allow));

			AuthorizationRuleCollection rules1 = security.GetAccessRules (true, true, typeof (NTAccount));
			Assert.AreEqual (2, rules1.Count);

			security.PurgeAccessRules (nta1);
			AuthorizationRuleCollection rules2 = security.GetAccessRules (true, true, typeof (NTAccount));
			Assert.AreEqual (1, rules2.Count);
			Assert.IsInstanceOfType (typeof (TestAccessRule<TestRights>), rules2[0]);
			TestAccessRule<TestRights> rule = (TestAccessRule<TestRights>)rules2[0];
			Assert.AreEqual (nta2, rule.IdentityReference);
		}

		[Test]
		public void ResetAccessRuleCausesExactlyOneModifyAccessCall ()
		{
			TestSecurity security = new TestSecurity (false);
			SecurityIdentifier sid = new SecurityIdentifier ("WD");
			security.ResetAccessRuleTest (new TestAccessRule<TestRights> (sid, TestRights.One,
			                                                              AccessControlType.Allow));
			Assert.AreEqual (1, security.modify_access_called_count);
		}

		class TestAccessRule<T> : AccessRule
		{
			public TestAccessRule (IdentityReference identity, T rules,
			                       AccessControlType type)
				: this (identity, rules, InheritanceFlags.None, PropagationFlags.None, type)
			{
			}

			public TestAccessRule (IdentityReference identity, T rules,
			                       InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags,
			                       AccessControlType type)
				: base (identity, (int)(object)rules, false, inheritanceFlags, propagationFlags, type)
			{
			}

			public T Rights {
				get { return (T)(object)AccessMask; }
			}
		}

		class TestAuditRule<T> : AuditRule
		{
			public TestAuditRule (IdentityReference identity, T rules,
			                      InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags,
			                      AuditFlags auditFlags)
				: base (identity, (int)(object)rules, false, inheritanceFlags, propagationFlags, auditFlags)
			{
			}
		}

		enum TestRights
		{
			One = 1
		}

		class TestSecurity : CommonObjectSecurity
		{
			public bool access_rule_factory_called;
			public bool audit_rule_factory_called;
			public bool modify_access_called;
			public int modify_access_called_count;
			public bool modify_access_rule_called;
			public bool modify_audit_called;
			public bool modify_audit_rule_called;

			public TestSecurity (bool isContainer)
				: base (isContainer)
			{
			}

			public bool IsContainerTest {
				get { return IsContainer; }
			}

			public bool IsDSTest {
				get { return IsDS; }
			}

			public void AddAccessRuleTest (AccessRule rule)
			{
				AddAccessRule (rule);
			}

			public void AddAuditRuleTest (AuditRule rule)
			{
				AddAuditRule (rule);
			}

			public bool RemoveAccessRuleTest (AccessRule rule)
			{
				return RemoveAccessRule (rule);
			}

			public void RemoveAccessRuleAllTest (AccessRule rule)
			{
				RemoveAccessRuleAll (rule);
			}

			public void RemoveAccessRuleSpecificTest (AccessRule rule)
			{
				RemoveAccessRuleSpecific (rule);
			}

			public void ResetAccessRuleTest (AccessRule rule)
			{
				ResetAccessRule (rule);
			}

			public override AccessRule AccessRuleFactory (IdentityReference identityReference,
			                                              int accessMask, bool isInherited,
			                                              InheritanceFlags inheritanceFlags,
			                                              PropagationFlags propagationFlags,
			                                              AccessControlType type)
			{
				access_rule_factory_called = true;
				return new TestAccessRule<TestRights> (identityReference, (TestRights)accessMask,
								       inheritanceFlags, propagationFlags, type);
			}

			public override AuditRule AuditRuleFactory (IdentityReference identityReference,
				                                    int accessMask, bool isInherited,
				                                    InheritanceFlags inheritanceFlags,
			                                            PropagationFlags propagationFlags,
			                                            AuditFlags flags)
			{
				audit_rule_factory_called = true;
				return new TestAuditRule<TestRights> (identityReference, (TestRights)accessMask,
				                                      inheritanceFlags, propagationFlags, flags);
			}

			public override bool ModifyAccessRule (AccessControlModification modification,
			                                       AccessRule rule, out bool modified)
			{
				modify_access_rule_called = true;
				return base.ModifyAccessRule (modification, rule, out modified);
			}

			protected override bool ModifyAccess (AccessControlModification modification, 
			                                      AccessRule rule, out bool modified)
			{
				modify_access_called = true;
				modify_access_called_count ++;
				return base.ModifyAccess (modification, rule, out modified);
			}

			public override bool ModifyAuditRule (AccessControlModification modification,
			                                      AuditRule rule, out bool modified)
			{
				modify_audit_rule_called = true;
				return base.ModifyAuditRule (modification, rule, out modified);
			}

			protected override bool ModifyAudit (AccessControlModification modification,
			                                     AuditRule rule, out bool modified)
			{
				modify_audit_called = true;
				return base.ModifyAudit (modification, rule, out modified);
			}

			public override Type AccessRightType {
				get { return typeof (TestRights); }
			}

			public override Type AccessRuleType {
				get { return typeof (TestAccessRule<TestRights>); }
			}

			public override Type AuditRuleType {
				get { return typeof (TestAuditRule<TestRights>); }
			}
		}
	}
}