1 // ObjectSecurityTest.cs - NUnit Test Cases for ObjectSecurity 2 // 3 // Authors: 4 // James Bellinger <jfb@zer7.com> 5 // 6 // Copyright (C) 2012 James Bellinger 7 8 using System; 9 using System.Collections.Generic; 10 using System.Security.AccessControl; 11 using System.Security.Principal; 12 using NUnit.Framework; 13 14 namespace MonoTests.System.Security.AccessControl 15 { 16 [TestFixture] 17 public class ObjectSecurityTest 18 { 19 [Test] Defaults()20 public void Defaults () 21 { 22 TestSecurity security = new TestSecurity (); 23 Assert.IsTrue (security.AreAccessRulesCanonical); 24 Assert.IsTrue (security.AreAuditRulesCanonical); 25 Assert.IsFalse (security.AreAccessRulesProtected); 26 Assert.IsFalse (security.AreAuditRulesProtected); 27 Assert.IsNull (security.GetGroup (typeof (SecurityIdentifier))); 28 Assert.IsNull (security.GetOwner (typeof (SecurityIdentifier))); 29 } 30 31 [Test] DefaultsForSddlAndBinary()32 public void DefaultsForSddlAndBinary () 33 { 34 TestSecurity security = new TestSecurity (); 35 Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All)); 36 Assert.AreEqual (28, security.GetSecurityDescriptorBinaryForm ().Length); 37 } 38 39 [Test] SetSddlForm()40 public void SetSddlForm () 41 { 42 TestSecurity security = new TestSecurity (); 43 44 SecurityIdentifier groupSid = new SecurityIdentifier ("WD"); 45 SecurityIdentifier userSid = new SecurityIdentifier ("SY"); 46 47 security.SetGroup (groupSid); 48 security.SetOwner (userSid); 49 Assert.AreEqual ("G:WD", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group)); 50 Assert.AreEqual ("O:SY", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner)); 51 security.SetSecurityDescriptorSddlForm ("O:BG", AccessControlSections.Owner); 52 Assert.AreEqual ("O:BG", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner)); 53 Assert.AreEqual (new SecurityIdentifier ("BG"), security.GetOwner (typeof (SecurityIdentifier))); 54 } 55 56 [Test] SetSddlFormAllowsFlags()57 public void SetSddlFormAllowsFlags () 58 { 59 TestSecurity security = new TestSecurity (); 60 security.SetSecurityDescriptorSddlForm ("G:BA", AccessControlSections.Group | AccessControlSections.Owner); 61 Assert.AreEqual ("", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner)); 62 Assert.AreEqual ("G:BA", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group)); 63 } 64 65 [Test, ExpectedException (typeof (ArgumentNullException))] SetGroupThrowsOnNull()66 public void SetGroupThrowsOnNull () 67 { 68 TestSecurity security = new TestSecurity (); 69 security.SetGroup (null); 70 } 71 72 [Test, ExpectedException (typeof (ArgumentNullException))] SetOwnerThrowsOnNull()73 public void SetOwnerThrowsOnNull () 74 { 75 TestSecurity security = new TestSecurity (); 76 security.SetOwner (null); 77 } 78 79 [Test, ExpectedException (typeof (ArgumentNullException))] PurgeThrowsOnNull()80 public void PurgeThrowsOnNull () 81 { 82 TestSecurity security = new TestSecurity (); 83 security.PurgeAccessRules (null); 84 } 85 86 [Test] AllTypesAcceptedOnGetGroupOwnerUntilTheyAreSet()87 public void AllTypesAcceptedOnGetGroupOwnerUntilTheyAreSet () 88 { 89 TestSecurity security = new TestSecurity (); 90 Assert.IsNull (security.GetGroup (typeof (void))); 91 Assert.IsNull (security.GetOwner (typeof (int))); 92 93 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD"); 94 security.SetOwner (everyoneSid); 95 96 bool throwsOnInt = false; 97 try { security.GetOwner (typeof (int)); } catch (ArgumentException) { throwsOnInt = true; } 98 Assert.IsTrue (throwsOnInt); 99 100 bool throwsOnSuperclass = false; 101 try { security.GetOwner (typeof (IdentityReference)); } catch (ArgumentException) { throwsOnSuperclass = true; } 102 Assert.IsTrue (throwsOnSuperclass); 103 104 Assert.IsNull (security.GetGroup (typeof (void))); 105 Assert.IsInstanceOfType (typeof (SecurityIdentifier), security.GetOwner (typeof (SecurityIdentifier))); 106 } 107 108 [Test] ModifyAccessRuleAllowsDerivedTypeAndCallsModifyAccessButNothingChanges()109 public void ModifyAccessRuleAllowsDerivedTypeAndCallsModifyAccessButNothingChanges () 110 { 111 bool modifiedRet, modifiedOut; 112 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD"); 113 TestSecurity security = new TestSecurity (); 114 115 DerivedAccessRule rule = new DerivedAccessRule (everyoneSid, TestRights.One, AccessControlType.Allow); 116 117 modifiedRet = security.ModifyAccessRule (AccessControlModification.Add, rule, out modifiedOut); 118 Assert.AreEqual (modifiedRet, modifiedOut); 119 Assert.IsTrue (modifiedRet); 120 121 Assert.IsTrue (security.modify_access_called); 122 Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All)); 123 124 // (1) There is no external abstract/virtual 'get collection', 125 // (2) The overrides in this test call this base class, which does not change it, and 126 // (3) There are methods based on the collection value such as GetSecurityDescriptorSddlForm. 127 // Conclusion: Collection is internal and manipulated by derived classes. 128 } 129 130 [Test, ExpectedException (typeof (ArgumentException))] ModifyAccessRuleThrowsOnWrongType()131 public void ModifyAccessRuleThrowsOnWrongType () 132 { 133 bool modified; 134 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD"); 135 TestSecurity security = new TestSecurity (); 136 137 FileSystemAccessRule rule = new FileSystemAccessRule 138 (everyoneSid, FileSystemRights.FullControl, AccessControlType.Allow); 139 140 security.ModifyAccessRule (AccessControlModification.Add, rule, out modified); 141 } 142 143 [Test] Reset()144 public void Reset () 145 { 146 bool modifiedRet, modifiedOut; 147 SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD"); 148 TestSecurity security = new TestSecurity (); 149 150 TestAccessRule rule = new TestAccessRule 151 (everyoneSid, TestRights.One, AccessControlType.Allow); 152 153 modifiedRet = security.ModifyAccessRule (AccessControlModification.Reset, rule, out modifiedOut); 154 } 155 156 [Test] Protection()157 public void Protection () 158 { 159 TestSecurity security = new TestSecurity (); 160 161 security.SetAccessRuleProtection (true, true); 162 Assert.IsTrue (security.AreAccessRulesProtected); 163 Assert.IsFalse (security.AreAuditRulesProtected); 164 165 security.SetAuditRuleProtection (true, false); 166 Assert.IsTrue (security.AreAccessRulesProtected); 167 Assert.IsTrue (security.AreAuditRulesProtected); 168 169 security.SetAccessRuleProtection (false, false); 170 Assert.IsFalse (security.AreAccessRulesProtected); 171 Assert.IsTrue (security.AreAuditRulesProtected); 172 173 security.SetAuditRuleProtection (false, true); 174 Assert.IsFalse (security.AreAccessRulesProtected); 175 Assert.IsFalse (security.AreAuditRulesProtected); 176 } 177 178 enum TestRights 179 { 180 One = 1 181 } 182 183 class DerivedAccessRule : TestAccessRule 184 { DerivedAccessRule(IdentityReference identity, TestRights rights, AccessControlType type)185 public DerivedAccessRule (IdentityReference identity, TestRights rights, AccessControlType type) 186 : base (identity, rights, type) 187 { 188 } 189 } 190 191 class TestAccessRule : AccessRule 192 { TestAccessRule(IdentityReference identity, TestRights rights, AccessControlType type)193 public TestAccessRule (IdentityReference identity, TestRights rights, AccessControlType type) 194 : this (identity, rights, false, InheritanceFlags.None, PropagationFlags.None, type) 195 { 196 } 197 TestAccessRule(IdentityReference identity, TestRights rights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)198 public TestAccessRule (IdentityReference identity, 199 TestRights rights, bool isInherited, 200 InheritanceFlags inheritanceFlags, 201 PropagationFlags propagationFlags, 202 AccessControlType type) 203 : base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, type) 204 { 205 } 206 } 207 208 class TestAuditRule : AuditRule 209 { TestAuditRule(IdentityReference identity, TestRights rights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)210 public TestAuditRule (IdentityReference identity, 211 TestRights rights, bool isInherited, 212 InheritanceFlags inheritanceFlags, 213 PropagationFlags propagationFlags, 214 AuditFlags flags) 215 : base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, flags) 216 { 217 } 218 } 219 220 class TestSecurity : ObjectSecurity 221 { 222 internal bool modify_access_called; 223 TestSecurity()224 public TestSecurity () : base (false, false) 225 { 226 } 227 AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)228 public override AccessRule AccessRuleFactory (IdentityReference identityReference, 229 int accessMask, bool isInherited, 230 InheritanceFlags inheritanceFlags, 231 PropagationFlags propagationFlags, 232 AccessControlType type) 233 { 234 return new TestAccessRule (identityReference, (TestRights)accessMask, isInherited, 235 inheritanceFlags, propagationFlags, type); 236 } 237 AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)238 public override AuditRule AuditRuleFactory (IdentityReference identityReference, 239 int accessMask, bool isInherited, 240 InheritanceFlags inheritanceFlags, 241 PropagationFlags propagationFlags, 242 AuditFlags flags) 243 { 244 return new TestAuditRule (identityReference, (TestRights)accessMask, isInherited, 245 inheritanceFlags, propagationFlags, flags); 246 } 247 ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)248 protected override bool ModifyAccess (AccessControlModification modification, 249 AccessRule rule, out bool modified) 250 { 251 modify_access_called = true; 252 modified = true; return modified; 253 } 254 ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)255 protected override bool ModifyAudit (AccessControlModification modification, 256 AuditRule rule, out bool modified) 257 { 258 modified = false; return modified; 259 } 260 261 public override Type AccessRightType { 262 get { return typeof (TestRights); } 263 } 264 265 public override Type AccessRuleType { 266 get { return typeof (TestAccessRule); } 267 } 268 269 public override Type AuditRuleType { 270 get { return typeof (TestAuditRule); } 271 } 272 } 273 } 274 } 275 276 277