1 // SystemAclTest.cs - NUnit Test Cases for SystemAcl 2 // 3 // Authors: 4 // James Bellinger <jfb@zer7.com> 5 // 6 // Copyright (C) 2012 James Bellinger 7 8 using System; 9 using System.Collections.Generic; 10 using System.Security.AccessControl; 11 using System.Security.Principal; 12 using NUnit.Framework; 13 14 namespace MonoTests.System.Security.AccessControl 15 { 16 [TestFixture] 17 public class SystemAclTest 18 { 19 [Test] StartsEmpty()20 public void StartsEmpty () 21 { 22 Assert.AreEqual (0, new SystemAcl (false, false, 0).Count); 23 //Assert.AreEqual (0, new SystemAcl (false, false, null).Count); 24 // ^ MS.NET has a bug here and throws, contrary to their own documentation. 25 } 26 27 [Test] AddAuditMergesFlags()28 public void AddAuditMergesFlags () 29 { 30 SecurityIdentifier sid = new SecurityIdentifier ("BA"); 31 SystemAcl sacl = new SystemAcl (false, false, 0); 32 33 sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None); 34 sacl.AddAudit (AuditFlags.Failure, sid, 1, InheritanceFlags.None, PropagationFlags.None); 35 Assert.AreEqual (1, sacl.Count); 36 37 CommonAce ace = (CommonAce)sacl [0]; 38 Assert.AreEqual (AuditFlags.Success|AuditFlags.Failure, ace.AuditFlags); 39 } 40 41 [Test] AddAuditCommonAce()42 public void AddAuditCommonAce () 43 { 44 SecurityIdentifier sid = new SecurityIdentifier ("BA"); 45 SystemAcl sacl = new SystemAcl (false, false, 0); 46 47 sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None); 48 Assert.AreEqual (1, sacl.Count); 49 50 CommonAce ace = (CommonAce)sacl [0]; 51 Assert.AreEqual (AuditFlags.Success, ace.AuditFlags); 52 Assert.AreEqual (1, ace.AccessMask); 53 Assert.AreEqual ("S-1-5-32-544", ace.SecurityIdentifier.Value); 54 Assert.IsFalse (ace.IsInherited); 55 } 56 57 [Test] AddAuditCommonAceUsingDSOverload()58 public void AddAuditCommonAceUsingDSOverload () 59 { 60 SecurityIdentifier sid = new SecurityIdentifier ("BA"); 61 SystemAcl sacl = new SystemAcl (false, true, 0); 62 63 sacl.AddAudit (AuditFlags.Failure, sid, 1, InheritanceFlags.None, PropagationFlags.None, 64 ObjectAceFlags.None, Guid.NewGuid (), Guid.NewGuid ()); 65 Assert.AreEqual (1, sacl.Count); 66 67 CommonAce ace = (CommonAce)sacl [0]; 68 Assert.AreEqual (AuditFlags.Failure, ace.AuditFlags); 69 Assert.AreEqual (1, ace.AccessMask); 70 Assert.AreEqual ("S-1-5-32-544", ace.SecurityIdentifier.Value); 71 Assert.IsFalse (ace.IsInherited); 72 } 73 74 [Test] AddAuditObjectAceAndCommonAce()75 public void AddAuditObjectAceAndCommonAce () 76 { 77 SecurityIdentifier sid = new SecurityIdentifier ("BA"); 78 SystemAcl sacl = new SystemAcl (false, true, 0); 79 80 sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None, 81 ObjectAceFlags.ObjectAceTypePresent, Guid.NewGuid (), Guid.Empty); 82 sacl.AddAudit (AuditFlags.Success, sid, 1, InheritanceFlags.None, PropagationFlags.None, 83 ObjectAceFlags.None, Guid.Empty, Guid.Empty); 84 Assert.AreEqual (2, sacl.Count); 85 86 CommonAce cace = (CommonAce)sacl [0]; 87 Assert.AreEqual (1, cace.AccessMask); 88 Assert.AreEqual ("S-1-5-32-544", cace.SecurityIdentifier.Value); 89 Assert.IsFalse (cace.IsCallback); 90 Assert.IsFalse (cace.IsInherited); 91 92 ObjectAce oace = (ObjectAce)sacl [1]; 93 Assert.AreEqual (1, oace.AccessMask); 94 Assert.AreEqual ("S-1-5-32-544", oace.SecurityIdentifier.Value); 95 Assert.IsFalse (oace.IsCallback); 96 Assert.IsFalse (oace.IsInherited); 97 98 sacl.AddAudit (AuditFlags.Success, sid, 2, InheritanceFlags.None, PropagationFlags.None, 99 ObjectAceFlags.None, Guid.Empty, Guid.Empty); 100 Assert.AreEqual (2, sacl.Count); 101 102 CommonAce cace2 = (CommonAce)sacl [0]; 103 Assert.AreEqual (3, cace2.AccessMask); 104 } 105 106 [Test] RemoveSpecific()107 public void RemoveSpecific () 108 { 109 SecurityIdentifier sid = new SecurityIdentifier ("BA"); 110 SystemAcl sacl = new SystemAcl (false, false, 0); 111 112 RemoveSpecificBegin (sid, sacl, InheritanceFlags.None); 113 sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3, InheritanceFlags.None, PropagationFlags.None); 114 Assert.AreEqual (0, sacl.Count); 115 } 116 117 [Test] RemoveSpecificUsingDSOverload()118 public void RemoveSpecificUsingDSOverload () 119 { 120 SecurityIdentifier sid = new SecurityIdentifier ("BA"); 121 SystemAcl sacl = new SystemAcl (false, true, 0); 122 123 RemoveSpecificBegin (sid, sacl, InheritanceFlags.None); 124 sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3, InheritanceFlags.None, PropagationFlags.None, 125 ObjectAceFlags.ObjectAceTypePresent, Guid.Empty, Guid.Empty); 126 Assert.AreEqual (1, sacl.Count); 127 sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3, InheritanceFlags.None, PropagationFlags.None, 128 ObjectAceFlags.None, Guid.Empty, Guid.Empty); 129 Assert.AreEqual (0, sacl.Count); 130 } 131 RemoveSpecificBegin(SecurityIdentifier sid, SystemAcl sacl, InheritanceFlags inheritanceFlags)132 void RemoveSpecificBegin (SecurityIdentifier sid, SystemAcl sacl, InheritanceFlags inheritanceFlags) 133 { 134 SecurityIdentifier otherSid = new SecurityIdentifier ("BU"); 135 136 sacl.AddAudit (AuditFlags.Success, sid, 3, inheritanceFlags, PropagationFlags.None); 137 Assert.AreEqual (1, sacl.Count); 138 sacl.RemoveAuditSpecific (AuditFlags.Failure, sid, 1, inheritanceFlags, PropagationFlags.None); 139 Assert.AreEqual (1, sacl.Count); 140 sacl.RemoveAuditSpecific (AuditFlags.Success, otherSid, 1, inheritanceFlags, PropagationFlags.None); 141 Assert.AreEqual (1, sacl.Count); 142 sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 1, inheritanceFlags, PropagationFlags.None); 143 Assert.AreEqual (1, sacl.Count); 144 Assert.AreEqual (3, ((CommonAce)sacl [0]).AccessMask); 145 sacl.RemoveAuditSpecific (AuditFlags.Success, sid, 3, 146 inheritanceFlags ^ InheritanceFlags.ContainerInherit, 147 PropagationFlags.None); 148 Assert.AreEqual (1, sacl.Count); 149 } 150 151 [Test] SetAudit()152 public void SetAudit () 153 { 154 SecurityIdentifier adminSid = new SecurityIdentifier ("BA"); // S-1-5-32-544 155 SecurityIdentifier userSid = new SecurityIdentifier ("BU"); // S-1-5-32-545 156 157 SystemAcl sacl = new SystemAcl (true, false, 0); 158 sacl.SetAudit (AuditFlags.Success, adminSid, 1, InheritanceFlags.ObjectInherit, PropagationFlags.None); 159 sacl.SetAudit (AuditFlags.Success, userSid, 2, InheritanceFlags.None, PropagationFlags.None); 160 Assert.AreEqual (2, sacl.Count); 161 162 CommonAce ace = (CommonAce)sacl [0]; 163 Assert.AreEqual (adminSid, ace.SecurityIdentifier); 164 Assert.AreEqual (1, ace.AccessMask); 165 166 sacl.SetAudit (AuditFlags.Success, adminSid, 4, InheritanceFlags.ObjectInherit, PropagationFlags.None); 167 Assert.AreNotEqual (4, ace.AccessMask); 168 ace = (CommonAce)sacl [0]; 169 Assert.AreEqual (4, ace.AccessMask); 170 171 sacl.SetAudit (AuditFlags.Failure, adminSid, 4, InheritanceFlags.ObjectInherit, PropagationFlags.None); 172 Assert.AreEqual (2, sacl.Count); 173 ace = (CommonAce)sacl [0]; 174 Assert.AreEqual (AuditFlags.Failure, ace.AuditFlags); 175 Assert.AreEqual (adminSid, ace.SecurityIdentifier); 176 ace = (CommonAce)sacl [1]; 177 Assert.AreEqual (AuditFlags.Success, ace.AuditFlags); 178 Assert.AreEqual (userSid, ace.SecurityIdentifier); 179 } 180 } 181 } 182 183