1 // ObjectSecurityTest.cs - NUnit Test Cases for ObjectSecurity
2 //
3 // Authors:
4 //	James Bellinger  <jfb@zer7.com>
5 //
6 // Copyright (C) 2012 James Bellinger
7 
8 using System;
9 using System.Collections.Generic;
10 using System.Security.AccessControl;
11 using System.Security.Principal;
12 using NUnit.Framework;
13 
14 namespace MonoTests.System.Security.AccessControl
15 {
16 	[TestFixture]
17 	public class ObjectSecurityTest
18 	{
19 		[Test]
Defaults()20 		public void Defaults ()
21 		{
22 			TestSecurity security = new TestSecurity ();
23 			Assert.IsTrue (security.AreAccessRulesCanonical);
24 			Assert.IsTrue (security.AreAuditRulesCanonical);
25 			Assert.IsFalse (security.AreAccessRulesProtected);
26 			Assert.IsFalse (security.AreAuditRulesProtected);
27 			Assert.IsNull (security.GetGroup (typeof (SecurityIdentifier)));
28 			Assert.IsNull (security.GetOwner (typeof (SecurityIdentifier)));
29 		}
30 
31 		[Test]
DefaultsForSddlAndBinary()32 		public void DefaultsForSddlAndBinary ()
33 		{
34 			TestSecurity security = new TestSecurity ();
35 			Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
36 			Assert.AreEqual (28, security.GetSecurityDescriptorBinaryForm ().Length);
37 		}
38 
39 		[Test]
SetSddlForm()40 		public void SetSddlForm ()
41 		{
42 			TestSecurity security = new TestSecurity ();
43 
44 			SecurityIdentifier groupSid = new SecurityIdentifier ("WD");
45 			SecurityIdentifier userSid = new SecurityIdentifier ("SY");
46 
47 			security.SetGroup (groupSid);
48 			security.SetOwner (userSid);
49 			Assert.AreEqual ("G:WD", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
50 			Assert.AreEqual ("O:SY", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
51 			security.SetSecurityDescriptorSddlForm ("O:BG", AccessControlSections.Owner);
52 			Assert.AreEqual ("O:BG", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
53 			Assert.AreEqual (new SecurityIdentifier ("BG"), security.GetOwner (typeof (SecurityIdentifier)));
54 		}
55 
56 		[Test]
SetSddlFormAllowsFlags()57 		public void SetSddlFormAllowsFlags ()
58 		{
59 			TestSecurity security = new TestSecurity ();
60 			security.SetSecurityDescriptorSddlForm ("G:BA", AccessControlSections.Group | AccessControlSections.Owner);
61 			Assert.AreEqual ("", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
62 			Assert.AreEqual ("G:BA", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
63 		}
64 
65 		[Test, ExpectedException (typeof (ArgumentNullException))]
SetGroupThrowsOnNull()66 		public void SetGroupThrowsOnNull ()
67 		{
68 			TestSecurity security = new TestSecurity ();
69 			security.SetGroup (null);
70 		}
71 
72 		[Test, ExpectedException (typeof (ArgumentNullException))]
SetOwnerThrowsOnNull()73 		public void SetOwnerThrowsOnNull ()
74 		{
75 			TestSecurity security = new TestSecurity ();
76 			security.SetOwner (null);
77 		}
78 
79 		[Test, ExpectedException (typeof (ArgumentNullException))]
PurgeThrowsOnNull()80 		public void PurgeThrowsOnNull ()
81 		{
82 			TestSecurity security = new TestSecurity ();
83 			security.PurgeAccessRules (null);
84 		}
85 
86 		[Test]
AllTypesAcceptedOnGetGroupOwnerUntilTheyAreSet()87 		public void AllTypesAcceptedOnGetGroupOwnerUntilTheyAreSet ()
88 		{
89 			TestSecurity security = new TestSecurity ();
90 			Assert.IsNull (security.GetGroup (typeof (void)));
91 			Assert.IsNull (security.GetOwner (typeof (int)));
92 
93 			SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
94 			security.SetOwner (everyoneSid);
95 
96 			bool throwsOnInt = false;
97 			try { security.GetOwner (typeof (int)); } catch (ArgumentException) { throwsOnInt = true; }
98 			Assert.IsTrue (throwsOnInt);
99 
100 			bool throwsOnSuperclass = false;
101 			try { security.GetOwner (typeof (IdentityReference)); } catch (ArgumentException) { throwsOnSuperclass = true; }
102 			Assert.IsTrue (throwsOnSuperclass);
103 
104 			Assert.IsNull (security.GetGroup (typeof (void)));
105 			Assert.IsInstanceOfType (typeof (SecurityIdentifier), security.GetOwner (typeof (SecurityIdentifier)));
106 		}
107 
108 		[Test]
ModifyAccessRuleAllowsDerivedTypeAndCallsModifyAccessButNothingChanges()109 		public void ModifyAccessRuleAllowsDerivedTypeAndCallsModifyAccessButNothingChanges ()
110 		{
111 			bool modifiedRet, modifiedOut;
112 			SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
113 			TestSecurity security = new TestSecurity ();
114 
115 			DerivedAccessRule rule = new DerivedAccessRule (everyoneSid, TestRights.One, AccessControlType.Allow);
116 
117 			modifiedRet = security.ModifyAccessRule (AccessControlModification.Add, rule, out modifiedOut);
118 			Assert.AreEqual (modifiedRet, modifiedOut);
119 			Assert.IsTrue (modifiedRet);
120 
121 			Assert.IsTrue (security.modify_access_called);
122 			Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
123 
124 			// (1) There is no external abstract/virtual 'get collection',
125 			// (2) The overrides in this test call this base class, which does not change it, and
126 			// (3) There are methods based on the collection value such as GetSecurityDescriptorSddlForm.
127 			// Conclusion: Collection is internal and manipulated by derived classes.
128 		}
129 
130 		[Test, ExpectedException (typeof (ArgumentException))]
ModifyAccessRuleThrowsOnWrongType()131 		public void ModifyAccessRuleThrowsOnWrongType ()
132 		{
133 			bool modified;
134 			SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
135 			TestSecurity security = new TestSecurity ();
136 
137 			FileSystemAccessRule rule = new FileSystemAccessRule
138 				(everyoneSid, FileSystemRights.FullControl, AccessControlType.Allow);
139 
140 			security.ModifyAccessRule (AccessControlModification.Add, rule, out modified);
141 		}
142 
143 		[Test]
Reset()144 		public void Reset ()
145 		{
146 			bool modifiedRet, modifiedOut;
147 			SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
148 			TestSecurity security = new TestSecurity ();
149 
150 			TestAccessRule rule = new TestAccessRule
151 				(everyoneSid, TestRights.One, AccessControlType.Allow);
152 
153 			modifiedRet = security.ModifyAccessRule (AccessControlModification.Reset, rule, out modifiedOut);
154 		}
155 
156 		[Test]
Protection()157 		public void Protection ()
158 		{
159 			TestSecurity security = new TestSecurity ();
160 
161 			security.SetAccessRuleProtection (true, true);
162 			Assert.IsTrue (security.AreAccessRulesProtected);
163 			Assert.IsFalse (security.AreAuditRulesProtected);
164 
165 			security.SetAuditRuleProtection (true, false);
166 			Assert.IsTrue (security.AreAccessRulesProtected);
167 			Assert.IsTrue (security.AreAuditRulesProtected);
168 
169 			security.SetAccessRuleProtection (false, false);
170 			Assert.IsFalse (security.AreAccessRulesProtected);
171 			Assert.IsTrue (security.AreAuditRulesProtected);
172 
173 			security.SetAuditRuleProtection (false, true);
174 			Assert.IsFalse (security.AreAccessRulesProtected);
175 			Assert.IsFalse (security.AreAuditRulesProtected);
176 		}
177 
178 		enum TestRights
179 		{
180 			One = 1
181 		}
182 
183 		class DerivedAccessRule : TestAccessRule
184 		{
DerivedAccessRule(IdentityReference identity, TestRights rights, AccessControlType type)185 			public DerivedAccessRule (IdentityReference identity, TestRights rights, AccessControlType type)
186 				: base (identity, rights, type)
187 			{
188 			}
189 		}
190 
191 		class TestAccessRule : AccessRule
192 		{
TestAccessRule(IdentityReference identity, TestRights rights, AccessControlType type)193 			public TestAccessRule (IdentityReference identity, TestRights rights, AccessControlType type)
194 				: this (identity, rights, false, InheritanceFlags.None, PropagationFlags.None, type)
195 			{
196 			}
197 
TestAccessRule(IdentityReference identity, TestRights rights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)198 			public TestAccessRule (IdentityReference identity,
199 			                       TestRights rights, bool isInherited,
200 			                       InheritanceFlags inheritanceFlags,
201 			                       PropagationFlags propagationFlags,
202 			                       AccessControlType type)
203 				: base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, type)
204 			{
205 			}
206 		}
207 
208 		class TestAuditRule : AuditRule
209 		{
TestAuditRule(IdentityReference identity, TestRights rights, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)210 			public TestAuditRule (IdentityReference identity,
211 				              TestRights rights, bool isInherited,
212 				              InheritanceFlags inheritanceFlags,
213 			                      PropagationFlags propagationFlags,
214 			                      AuditFlags flags)
215 				: base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, flags)
216 			{
217 			}
218 		}
219 
220 		class TestSecurity : ObjectSecurity
221 		{
222 			internal bool modify_access_called;
223 
TestSecurity()224 			public TestSecurity () : base (false, false)
225 			{
226 			}
227 
AccessRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)228 			public override AccessRule AccessRuleFactory (IdentityReference identityReference,
229 			                                              int accessMask, bool isInherited,
230 			                                              InheritanceFlags inheritanceFlags,
231 			                                              PropagationFlags propagationFlags,
232 			                                              AccessControlType type)
233 			{
234 				return new TestAccessRule (identityReference, (TestRights)accessMask, isInherited,
235 				                           inheritanceFlags, propagationFlags, type);
236 			}
237 
AuditRuleFactory(IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)238 			public override AuditRule AuditRuleFactory (IdentityReference identityReference,
239 				                                    int accessMask, bool isInherited,
240 				                                    InheritanceFlags inheritanceFlags,
241 			                                            PropagationFlags propagationFlags,
242 			                                            AuditFlags flags)
243 			{
244 				return new TestAuditRule (identityReference, (TestRights)accessMask, isInherited,
245 				                          inheritanceFlags, propagationFlags, flags);
246 			}
247 
ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)248 			protected override bool ModifyAccess (AccessControlModification modification,
249 			                                      AccessRule rule, out bool modified)
250 			{
251 				modify_access_called = true;
252 				modified = true; return modified;
253 			}
254 
ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)255 			protected override bool ModifyAudit (AccessControlModification modification,
256 			                                     AuditRule rule, out bool modified)
257 			{
258 				modified = false; return modified;
259 			}
260 
261 			public override Type AccessRightType {
262 				get { return typeof (TestRights); }
263 			}
264 
265 			public override Type AccessRuleType {
266 				get { return typeof (TestAccessRule); }
267 			}
268 
269 			public override Type AuditRuleType {
270 				get { return typeof (TestAuditRule); }
271 			}
272 		}
273 	}
274 }
275 
276 
277