ACLs now work on Windows. Tests all the way up to DirectorySecurityTest and FileSecurityTest.

NativeObjectSecurity is implemented.
I've done it in such a way that, for OSes that do not have a unified API for all ACLs,
overrides can be done in subclasses such as FileSystemSecurity without trouble.

ObjectSecurity, CommonObjectSecurity, and DirectoryObjectSecurity all implemented.
MutexSecurity, PipeSecurity, etc. all just add type specialization and nothing else. Implemented all of these as well.

Access and Audit rules now correctly use NTAccount in their string overloads (see unit tests).
The constructors all provide correct AccessMasks now. In other words, these classes are all now un-broken/no longer stubs.

More unit tests for CommonSecurityDescriptor and fixes to pass them.
A few had checks that were redundant (implemented by (Authorization|Audit|Access)Rule) as well. These have been removed.
The Allow Everyone Full Access default for null DiscretionaryAcls in CommonSecurityDescriptor is, I think,
properly implemented. This required some changes to GenericSecurityDescriptor as well, but now Mono matches
MS.NET on GetSddl/GetBinaryForm for null DiscretionaryAcl including roundtrip.

What's still missing:
(1) CommonAcl's RemoveAccess/RemoveAudit. RemoveAll and RemoveSpecific work so it's not a big issue.
(2) CommonAcl merging will not yet try to merge a CommonAce together with an ObjectAce.
(3) The various *Security constructors. Get/SetAccessControl work on files and directories.
However, you still have to create and then set. I am not too familiar with Mono runtime internal
calls, but to someone who is: If the SECURITY_ATTRIBUTES parameter to Create*'s lpSecurityDescriptor
pointed to the output of GenericSecurityDescriptor's GetBinaryForm, that would be a complete
implementation.

3 files changed, 49 insertions, 63 deletions

diff --git a/mcs/class/System/System.Security.AccessControl/SemaphoreAccessRule.cs b/mcs/class/System/System.Security.AccessControl/SemaphoreAccessRule.cs
index 005ca1e0104..97b7b1c70c7 100644
--- a/mcs/class/System/System.Security.AccessControl/SemaphoreAccessRule.cs
+++ b/mcs/class/System/System.Security.AccessControl/SemaphoreAccessRule.cs
@@ -33,29 +33,23 @@ namespace System.Security.AccessControl {
 	[ComVisible (false)]
 	public sealed class SemaphoreAccessRule : AccessRule
 	{
-		SemaphoreRights semaphoreRights;
-		
 		public SemaphoreAccessRule (IdentityReference identity,
 					    SemaphoreRights semaphoreRights,
 					    AccessControlType type)
-			: base (identity, 0, false, InheritanceFlags.None, PropagationFlags.None, type)
+			: base (identity, (int)semaphoreRights, false, InheritanceFlags.None, PropagationFlags.None, type)
 		{
-			this.semaphoreRights = semaphoreRights;
 		}
 
 		public SemaphoreAccessRule (string identity,
 					    SemaphoreRights semaphoreRights,
 					    AccessControlType type)
-			: base (null, 0, false, InheritanceFlags.None, PropagationFlags.None, type)
+			: this (new NTAccount (identity), semaphoreRights, type)
 		{
-			this.semaphoreRights = semaphoreRights;
 		}
 		
 		public SemaphoreRights SemaphoreRights
 		{
-			get {
-				return(semaphoreRights);
-			}
+			get { return (SemaphoreRights)AccessMask; }
 		}
 	}
 }
diff --git a/mcs/class/System/System.Security.AccessControl/SemaphoreAuditRule.cs b/mcs/class/System/System.Security.AccessControl/SemaphoreAuditRule.cs
index db21749bf6c..5680f0f7ed8 100644
--- a/mcs/class/System/System.Security.AccessControl/SemaphoreAuditRule.cs
+++ b/mcs/class/System/System.Security.AccessControl/SemaphoreAuditRule.cs
@@ -34,21 +34,15 @@ namespace System.Security.AccessControl {
 	public sealed class SemaphoreAuditRule
 		: AuditRule
 	{
-		SemaphoreRights semaphoreRights;
-		
 		public SemaphoreAuditRule (IdentityReference identity,
 					   SemaphoreRights semaphoreRights,
 					   AuditFlags flags)
-			: base (identity, 0, false, InheritanceFlags.None, PropagationFlags.None, flags)
+			: base (identity, (int)semaphoreRights, false, InheritanceFlags.None, PropagationFlags.None, flags)
 		{
-			this.semaphoreRights = semaphoreRights;
 		}
 		
-		public SemaphoreRights SemaphoreRights
-		{
-			get {
-				return(semaphoreRights);
-			}
+		public SemaphoreRights SemaphoreRights {
+			get { return (SemaphoreRights)AccessMask; }
 		}
 	}
 }
diff --git a/mcs/class/System/System.Security.AccessControl/SemaphoreSecurity.cs b/mcs/class/System/System.Security.AccessControl/SemaphoreSecurity.cs
index 38ae5b4884a..b344a8d9f3b 100644
--- a/mcs/class/System/System.Security.AccessControl/SemaphoreSecurity.cs
+++ b/mcs/class/System/System.Security.AccessControl/SemaphoreSecurity.cs
@@ -4,8 +4,10 @@
 // Authors:
 //	Sebastien Pouliot  <sebastien@ximian.com>
 //	Dick Porter <dick@ximian.com>
+//	James Bellinger  <jfb@zer7.com>
 //
 // Copyright (C) 2005, 2006 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2012       James Bellinger
 //
 // Permission is hereby granted, free of charge, to any person obtaining
 // a copy of this software and associated documentation files (the
@@ -30,104 +32,100 @@
 using System.Runtime.InteropServices;
 using System.Security.Principal;
 
-namespace System.Security.AccessControl {
+namespace System.Security.AccessControl
+{
 	[ComVisible (false)]
-	public sealed class SemaphoreSecurity : NativeObjectSecurity {
-
+	public sealed class SemaphoreSecurity : NativeObjectSecurity
+	{
 		public SemaphoreSecurity ()
-			: base (false, ResourceType.Unknown)
+			: base (false, ResourceType.KernelObject)
 		{
 		}
 
-		public SemaphoreSecurity (string name, AccessControlSections includesections)
-			: base (false, ResourceType.Unknown, name, includesections)
+		public SemaphoreSecurity (string name, AccessControlSections includeSections)
+			: base (false, ResourceType.KernelObject, name, includeSections)
 		{
 		}
 		
-		public override Type AccessRightType
-		{
-			get {
-				throw new NotImplementedException ();
-			}
+		public override Type AccessRightType {
+			get { return typeof (SemaphoreRights); }
 		}
 		
-		public override Type AccessRuleType
-		{
-			get {
-				throw new NotImplementedException ();
-			}
+		public override Type AccessRuleType {
+			get { return typeof (SemaphoreAccessRule); }
 		}
 
-		public override Type AuditRuleType
-		{
-			get {
-				throw new NotImplementedException ();
-			}
+		public override Type AuditRuleType {
+			get { return typeof (SemaphoreAuditRule); }
 		}
 		
-		public override AccessRule AccessRuleFactory (IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AccessControlType type)
+		public override AccessRule AccessRuleFactory (IdentityReference identityReference, int accessMask,
+							      bool isInherited, InheritanceFlags inheritanceFlags,
+							      PropagationFlags propagationFlags, AccessControlType type)
 		{
-			throw new NotImplementedException ();
+			return new SemaphoreAccessRule (identityReference, (SemaphoreRights)accessMask, type);
 		}
 		
 		public void AddAccessRule (SemaphoreAccessRule rule)
 		{
-			throw new NotImplementedException ();
+			AddAccessRule ((AccessRule)rule);
 		}
 		
-		public void AddAuditRule (SemaphoreAuditRule rule)
+		public bool RemoveAccessRule (SemaphoreAccessRule rule)
 		{
-			throw new NotImplementedException ();
+			return RemoveAccessRule ((AccessRule)rule);
 		}
 		
-		public override AuditRule AuditRuleFactory (IdentityReference identityReference, int accessMask, bool isInherited, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, AuditFlags flags)
+		public void RemoveAccessRuleAll (SemaphoreAccessRule rule)
 		{
-			throw new NotImplementedException ();
+			RemoveAccessRuleAll ((AccessRule)rule);
 		}
 		
-		public bool RemoveAccessRule (SemaphoreAccessRule rule)
+		public void RemoveAccessRuleSpecific (SemaphoreAccessRule rule)
 		{
-			throw new NotImplementedException ();
+			RemoveAccessRuleSpecific ((AccessRule)rule);
 		}
 		
-		public void RemoveAccessRuleAll (SemaphoreAccessRule rule)
+		public void ResetAccessRule (SemaphoreAccessRule rule)
 		{
-			throw new NotImplementedException ();
+			ResetAccessRule ((AccessRule)rule);
 		}
 		
-		public void RemoveAccessRuleSpecific (SemaphoreAccessRule rule)
+		public void SetAccessRule (SemaphoreAccessRule rule)
 		{
-			throw new NotImplementedException ();
+			SetAccessRule ((AccessRule)rule);
 		}
 		
-		public bool RemoveAuditRule (SemaphoreAuditRule rule)
+		public override AuditRule AuditRuleFactory (IdentityReference identityReference, int accessMask, bool isInherited,
+							    InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags,
+							    AuditFlags flags)
 		{
-			throw new NotImplementedException ();
+			return new SemaphoreAuditRule (identityReference, (SemaphoreRights)accessMask, flags);
 		}
 		
-		public void RemoveAuditRuleAll (SemaphoreAuditRule rule)
+		public void AddAuditRule (SemaphoreAuditRule rule)
 		{
-			throw new NotImplementedException ();
+			AddAuditRule ((AuditRule)rule);
 		}
 		
-		public void RemoveAuditRuleSpecific (SemaphoreAuditRule rule)
+		public bool RemoveAuditRule (SemaphoreAuditRule rule)
 		{
-			throw new NotImplementedException ();
+			return RemoveAuditRule((AuditRule)rule);
 		}
 		
-		public void ResetAccessRule (SemaphoreAccessRule rule)
+		public void RemoveAuditRuleAll (SemaphoreAuditRule rule)
 		{
-			throw new NotImplementedException ();
+			RemoveAuditRuleAll((AuditRule)rule);
 		}
 		
-		public void SetAccessRule (SemaphoreAccessRule rule)
+		public void RemoveAuditRuleSpecific (SemaphoreAuditRule rule)
 		{
-			throw new NotImplementedException ();
+			RemoveAuditRuleSpecific((AuditRule)rule);
 		}
 		
 		public void SetAuditRule (SemaphoreAuditRule rule)
 		{
-			throw new NotImplementedException ();
+			SetAuditRule((AuditRule)rule);
 		}
 	}
 }