File: DirectorySecurityTest.cs

package info (click to toggle)
mono-reference-assemblies 3.12.1%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 604,240 kB
  • ctags: 625,505
  • sloc: cs: 3,967,741; xml: 2,793,081; ansic: 418,042; java: 60,435; sh: 14,833; makefile: 11,576; sql: 7,956; perl: 1,467; cpp: 1,446; yacc: 1,203; python: 598; asm: 422; sed: 16; php: 1
file content (109 lines) | stat: -rw-r--r-- 4,196 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
// DirectorySecurityTest.cs - NUnit Test Cases for DirectorySecurity
//
// Authors:
//	James Bellinger (jfb@zer7.com) 

using System;
using System.IO;
using System.Security.AccessControl;
using System.Security.Principal;
using NUnit.Framework;

namespace MonoTests.System.Security.AccessControl
{
	[TestFixture]
	public class DirectorySecurityTest
	{
		[Test]
		public void InheritedPermissions ()
		{
			AuthorizationRuleCollection rules;
			DirectorySecurity dirSecurity; FileSecurity fileSecurity;
			SecurityIdentifier usersSid = new SecurityIdentifier ("BU");
			SecurityIdentifier worldSid = new SecurityIdentifier ("WD");
			FileSystemAccessRule worldDirFullControl = new FileSystemAccessRule
				(worldSid, FileSystemRights.FullControl,
				 InheritanceFlags.ObjectInherit, PropagationFlags.None,
				 AccessControlType.Allow);

			if (PlatformID.Win32NT != Environment.OSVersion.Platform) {
				Assert.Ignore ();
			}

			string dirpath = Path.Combine (Path.GetTempPath (), Path.GetRandomFileName ());
			string dirpath2 = null;
			string filepath = null;
			DirectoryInfo dirinfo = Directory.CreateDirectory (dirpath);

			try {
				// Set Full Control to Everyone.
				dirSecurity = dirinfo.GetAccessControl ();
				dirSecurity.SetGroup (usersSid);
				dirSecurity.AddAccessRule (worldDirFullControl);
				Directory.SetAccessControl (dirpath, dirSecurity);

				// Did the rule store on the directory?
				dirSecurity = Directory.GetAccessControl (dirpath);
				rules = dirSecurity.GetAccessRules (true, false, typeof (SecurityIdentifier ));
				Assert.AreEqual (usersSid, dirSecurity.GetGroup (typeof(SecurityIdentifier)));
				Assert.AreEqual (1, rules.Count);
				Assert.AreEqual (worldSid, rules[0].IdentityReference);
				Assert.AreEqual (InheritanceFlags.ObjectInherit, rules[0].InheritanceFlags);
				Assert.AreEqual (PropagationFlags.None, rules[0].PropagationFlags);
				Assert.IsFalse (rules[0].IsInherited);

				// Create a file. It will have no explicit rules.
				filepath = Path.Combine (dirpath, Path.GetRandomFileName ());
				using (FileStream file = new FileStream (filepath, FileMode.Create, FileAccess.ReadWrite)) {
					fileSecurity = file.GetAccessControl ();

					rules = fileSecurity.GetAccessRules (true, false, typeof (SecurityIdentifier));
					Assert.AreEqual (0, rules.Count);
				}

				// Make sure the file has inherited the Full Control access rule.
				FileInfo fileInfo = new FileInfo (filepath);
				fileSecurity = fileInfo.GetAccessControl ();

				rules = fileSecurity.GetAccessRules (false, true, typeof (SecurityIdentifier));
				bool fileInheritedRule = false;
				foreach (FileSystemAccessRule rule in rules) {
					if (rule.AccessControlType == AccessControlType.Allow &&
					    rule.FileSystemRights == FileSystemRights.FullControl &&
					    rule.IdentityReference == worldSid &&
					    rule.IsInherited &&
					    rule.InheritanceFlags == InheritanceFlags.None &&
					    rule.PropagationFlags == PropagationFlags.None) // only containers get non-None flags
						fileInheritedRule = true;
				}
				Assert.IsTrue (fileInheritedRule);

				// ContainerInherit not being set, create a directory.
				// Its inherited rule will have propagation flags to indicate only its children are affected.
				dirpath2 = Path.Combine (dirpath, Path.GetRandomFileName ());
				dirinfo = Directory.CreateDirectory (dirpath2);
				dirSecurity = dirinfo.GetAccessControl ();

				rules = dirSecurity.GetAccessRules (false, true, typeof (SecurityIdentifier));
				bool dirInheritedRule = false;
				foreach (FileSystemAccessRule rule in rules) {
					if (rule.AccessControlType == AccessControlType.Allow &&
					    rule.FileSystemRights == FileSystemRights.FullControl &&
					    rule.IdentityReference == worldSid &&
					    rule.IsInherited &&
					    rule.InheritanceFlags == InheritanceFlags.ObjectInherit &&
					    rule.PropagationFlags == PropagationFlags.InheritOnly) // <-- key difference
						dirInheritedRule = true;
				}
				Assert.IsTrue (dirInheritedRule);

			} finally {
				if (null != filepath) File.Delete (filepath);
				if (null != dirpath2) Directory.Delete (dirpath2);
				Directory.Delete (dirpath);
			}
		}
	}
}