277 lines
9.4 KiB
C#
277 lines
9.4 KiB
C#
// ObjectSecurityTest.cs - NUnit Test Cases for ObjectSecurity
|
|
//
|
|
// Authors:
|
|
// James Bellinger <jfb@zer7.com>
|
|
//
|
|
// Copyright (C) 2012 James Bellinger
|
|
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Security.AccessControl;
|
|
using System.Security.Principal;
|
|
using NUnit.Framework;
|
|
|
|
namespace MonoTests.System.Security.AccessControl
|
|
{
|
|
[TestFixture]
|
|
public class ObjectSecurityTest
|
|
{
|
|
[Test]
|
|
public void Defaults ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
Assert.IsTrue (security.AreAccessRulesCanonical);
|
|
Assert.IsTrue (security.AreAuditRulesCanonical);
|
|
Assert.IsFalse (security.AreAccessRulesProtected);
|
|
Assert.IsFalse (security.AreAuditRulesProtected);
|
|
Assert.IsNull (security.GetGroup (typeof (SecurityIdentifier)));
|
|
Assert.IsNull (security.GetOwner (typeof (SecurityIdentifier)));
|
|
}
|
|
|
|
[Test]
|
|
public void DefaultsForSddlAndBinary ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
|
|
Assert.AreEqual (28, security.GetSecurityDescriptorBinaryForm ().Length);
|
|
}
|
|
|
|
[Test]
|
|
public void SetSddlForm ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
|
|
SecurityIdentifier groupSid = new SecurityIdentifier ("WD");
|
|
SecurityIdentifier userSid = new SecurityIdentifier ("SY");
|
|
|
|
security.SetGroup (groupSid);
|
|
security.SetOwner (userSid);
|
|
Assert.AreEqual ("G:WD", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
|
|
Assert.AreEqual ("O:SY", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
|
|
security.SetSecurityDescriptorSddlForm ("O:BG", AccessControlSections.Owner);
|
|
Assert.AreEqual ("O:BG", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
|
|
Assert.AreEqual (new SecurityIdentifier ("BG"), security.GetOwner (typeof (SecurityIdentifier)));
|
|
}
|
|
|
|
[Test]
|
|
public void SetSddlFormAllowsFlags ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
security.SetSecurityDescriptorSddlForm ("G:BA", AccessControlSections.Group | AccessControlSections.Owner);
|
|
Assert.AreEqual ("", security.GetSecurityDescriptorSddlForm (AccessControlSections.Owner));
|
|
Assert.AreEqual ("G:BA", security.GetSecurityDescriptorSddlForm (AccessControlSections.Group));
|
|
}
|
|
|
|
[Test, ExpectedException (typeof (ArgumentNullException))]
|
|
public void SetGroupThrowsOnNull ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
security.SetGroup (null);
|
|
}
|
|
|
|
[Test, ExpectedException (typeof (ArgumentNullException))]
|
|
public void SetOwnerThrowsOnNull ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
security.SetOwner (null);
|
|
}
|
|
|
|
[Test, ExpectedException (typeof (ArgumentNullException))]
|
|
public void PurgeThrowsOnNull ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
security.PurgeAccessRules (null);
|
|
}
|
|
|
|
[Test]
|
|
public void AllTypesAcceptedOnGetGroupOwnerUntilTheyAreSet ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
Assert.IsNull (security.GetGroup (typeof (void)));
|
|
Assert.IsNull (security.GetOwner (typeof (int)));
|
|
|
|
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
|
|
security.SetOwner (everyoneSid);
|
|
|
|
bool throwsOnInt = false;
|
|
try { security.GetOwner (typeof (int)); } catch (ArgumentException) { throwsOnInt = true; }
|
|
Assert.IsTrue (throwsOnInt);
|
|
|
|
bool throwsOnSuperclass = false;
|
|
try { security.GetOwner (typeof (IdentityReference)); } catch (ArgumentException) { throwsOnSuperclass = true; }
|
|
Assert.IsTrue (throwsOnSuperclass);
|
|
|
|
Assert.IsNull (security.GetGroup (typeof (void)));
|
|
Assert.IsInstanceOfType (typeof (SecurityIdentifier), security.GetOwner (typeof (SecurityIdentifier)));
|
|
}
|
|
|
|
[Test]
|
|
public void ModifyAccessRuleAllowsDerivedTypeAndCallsModifyAccessButNothingChanges ()
|
|
{
|
|
bool modifiedRet, modifiedOut;
|
|
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
|
|
TestSecurity security = new TestSecurity ();
|
|
|
|
DerivedAccessRule rule = new DerivedAccessRule (everyoneSid, TestRights.One, AccessControlType.Allow);
|
|
|
|
modifiedRet = security.ModifyAccessRule (AccessControlModification.Add, rule, out modifiedOut);
|
|
Assert.AreEqual (modifiedRet, modifiedOut);
|
|
Assert.IsTrue (modifiedRet);
|
|
|
|
Assert.IsTrue (security.modify_access_called);
|
|
Assert.AreEqual ("D:", security.GetSecurityDescriptorSddlForm (AccessControlSections.All));
|
|
|
|
// (1) There is no external abstract/virtual 'get collection',
|
|
// (2) The overrides in this test call this base class, which does not change it, and
|
|
// (3) There are methods based on the collection value such as GetSecurityDescriptorSddlForm.
|
|
// Conclusion: Collection is internal and manipulated by derived classes.
|
|
}
|
|
|
|
[Test, ExpectedException (typeof (ArgumentException))]
|
|
public void ModifyAccessRuleThrowsOnWrongType ()
|
|
{
|
|
bool modified;
|
|
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
|
|
TestSecurity security = new TestSecurity ();
|
|
|
|
FileSystemAccessRule rule = new FileSystemAccessRule
|
|
(everyoneSid, FileSystemRights.FullControl, AccessControlType.Allow);
|
|
|
|
security.ModifyAccessRule (AccessControlModification.Add, rule, out modified);
|
|
}
|
|
|
|
[Test]
|
|
public void Reset ()
|
|
{
|
|
bool modifiedRet, modifiedOut;
|
|
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
|
|
TestSecurity security = new TestSecurity ();
|
|
|
|
TestAccessRule rule = new TestAccessRule
|
|
(everyoneSid, TestRights.One, AccessControlType.Allow);
|
|
|
|
modifiedRet = security.ModifyAccessRule (AccessControlModification.Reset, rule, out modifiedOut);
|
|
}
|
|
|
|
[Test]
|
|
public void Protection ()
|
|
{
|
|
TestSecurity security = new TestSecurity ();
|
|
|
|
security.SetAccessRuleProtection (true, true);
|
|
Assert.IsTrue (security.AreAccessRulesProtected);
|
|
Assert.IsFalse (security.AreAuditRulesProtected);
|
|
|
|
security.SetAuditRuleProtection (true, false);
|
|
Assert.IsTrue (security.AreAccessRulesProtected);
|
|
Assert.IsTrue (security.AreAuditRulesProtected);
|
|
|
|
security.SetAccessRuleProtection (false, false);
|
|
Assert.IsFalse (security.AreAccessRulesProtected);
|
|
Assert.IsTrue (security.AreAuditRulesProtected);
|
|
|
|
security.SetAuditRuleProtection (false, true);
|
|
Assert.IsFalse (security.AreAccessRulesProtected);
|
|
Assert.IsFalse (security.AreAuditRulesProtected);
|
|
}
|
|
|
|
enum TestRights
|
|
{
|
|
One = 1
|
|
}
|
|
|
|
class DerivedAccessRule : TestAccessRule
|
|
{
|
|
public DerivedAccessRule (IdentityReference identity, TestRights rights, AccessControlType type)
|
|
: base (identity, rights, type)
|
|
{
|
|
}
|
|
}
|
|
|
|
class TestAccessRule : AccessRule
|
|
{
|
|
public TestAccessRule (IdentityReference identity, TestRights rights, AccessControlType type)
|
|
: this (identity, rights, false, InheritanceFlags.None, PropagationFlags.None, type)
|
|
{
|
|
}
|
|
|
|
public TestAccessRule (IdentityReference identity,
|
|
TestRights rights, bool isInherited,
|
|
InheritanceFlags inheritanceFlags,
|
|
PropagationFlags propagationFlags,
|
|
AccessControlType type)
|
|
: base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, type)
|
|
{
|
|
}
|
|
}
|
|
|
|
class TestAuditRule : AuditRule
|
|
{
|
|
public TestAuditRule (IdentityReference identity,
|
|
TestRights rights, bool isInherited,
|
|
InheritanceFlags inheritanceFlags,
|
|
PropagationFlags propagationFlags,
|
|
AuditFlags flags)
|
|
: base (identity, (int)rights, isInherited, inheritanceFlags, propagationFlags, flags)
|
|
{
|
|
}
|
|
}
|
|
|
|
class TestSecurity : ObjectSecurity
|
|
{
|
|
internal bool modify_access_called;
|
|
|
|
public TestSecurity () : base (false, false)
|
|
{
|
|
}
|
|
|
|
public override AccessRule AccessRuleFactory (IdentityReference identityReference,
|
|
int accessMask, bool isInherited,
|
|
InheritanceFlags inheritanceFlags,
|
|
PropagationFlags propagationFlags,
|
|
AccessControlType type)
|
|
{
|
|
return new TestAccessRule (identityReference, (TestRights)accessMask, isInherited,
|
|
inheritanceFlags, propagationFlags, type);
|
|
}
|
|
|
|
public override AuditRule AuditRuleFactory (IdentityReference identityReference,
|
|
int accessMask, bool isInherited,
|
|
InheritanceFlags inheritanceFlags,
|
|
PropagationFlags propagationFlags,
|
|
AuditFlags flags)
|
|
{
|
|
return new TestAuditRule (identityReference, (TestRights)accessMask, isInherited,
|
|
inheritanceFlags, propagationFlags, flags);
|
|
}
|
|
|
|
protected override bool ModifyAccess (AccessControlModification modification,
|
|
AccessRule rule, out bool modified)
|
|
{
|
|
modify_access_called = true;
|
|
modified = true; return modified;
|
|
}
|
|
|
|
protected override bool ModifyAudit (AccessControlModification modification,
|
|
AuditRule rule, out bool modified)
|
|
{
|
|
modified = false; return modified;
|
|
}
|
|
|
|
public override Type AccessRightType {
|
|
get { return typeof (TestRights); }
|
|
}
|
|
|
|
public override Type AccessRuleType {
|
|
get { return typeof (TestAccessRule); }
|
|
}
|
|
|
|
public override Type AuditRuleType {
|
|
get { return typeof (TestAuditRule); }
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|