Bug fix: Merging occurs after sorting ACE groups by SecurityIdentifier not...

Bug fix: Merging occurs after sorting ACE groups by SecurityIdentifier not before. Added a unit test for this behavior. Also, fixed the namespace for the ObjectAce unit test.

Bug fix: Merging occurs after sorting ACE groups by SecurityIdentifier not...
Bug fix: Merging occurs after sorting ACE groups by SecurityIdentifier not before. Added a unit test for this behavior. Also, fixed the namespace for the ObjectAce unit test.
0cc233ea · James Bellinger · 6cfe403f · 0cc233ea · 0cc233ea · 0cc233ea
3 changed file
--- a/mcs/class/corlib/System.Security.AccessControl/CommonAcl.cs
+++ b/mcs/class/corlib/System.Security.AccessControl/CommonAcl.cs
@@ -136,8 +136,8 @@ namespace System.Security.AccessControl
 			is_canonical = TestCanonicity ();
 			
 			if (IsCanonical) {
-				MergeExplicitAces ();
 				ApplyCanonicalSortToExplicitAces ();
+				MergeExplicitAces ();
 			}
 		}
 		

--- a/mcs/class/corlib/Test/System.Security.AccessControl/CommonAclTest.cs
+++ b/mcs/class/corlib/Test/System.Security.AccessControl/CommonAclTest.cs
@@ -154,6 +154,35 @@ namespace MonoTests.System.Security.AccessControl
 			Assert.AreEqual (0, dacl.Count);
 		}

+		[Test]
+		public void MergesAfterSortingForMultipleSids ()
+		{
+			SecurityIdentifier adminSid = new SecurityIdentifier
+				(WellKnownSidType.BuiltinAdministratorsSid, null); // S-1-5-32-544
+
+			SecurityIdentifier userSid = new SecurityIdentifier
+				(WellKnownSidType.BuiltinUsersSid, null); // S-1-5-32-545
+
+			RawAcl acl = MakeRawAcl(new GenericAce[] {
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 1, userSid, false, null),
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 2, adminSid, false, null),
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 4, userSid, false, null),
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 8, adminSid, false, null),
+			});
+
+			DiscretionaryAcl dacl = new DiscretionaryAcl (false, false, acl);
+			Assert.IsTrue (dacl.IsCanonical);
+			Assert.AreEqual (2, dacl.Count);
+
+			CommonAce adminAce = (CommonAce)dacl [0];
+			Assert.AreEqual (adminSid, adminAce.SecurityIdentifier);
+			Assert.AreEqual (10, adminAce.AccessMask);
+
+			CommonAce userAce = (CommonAce)dacl [1];
+			Assert.AreEqual (userSid, userAce.SecurityIdentifier);
+			Assert.AreEqual (5, userAce.AccessMask);
+		}
+
 		[Test]
 		public void DetectsNonCanonicalAndDoesNotMerge ()
 		{

--- a/mcs/class/corlib/Test/System.Security.AccessControl/ObjectAceTest.cs
+++ b/mcs/class/corlib/Test/System.Security.AccessControl/ObjectAceTest.cs
@@ -11,7 +11,7 @@ using System.Security.AccessControl;
 using System.Security.Principal;
 using NUnit.Framework;

-namespace AccessControl
+namespace MonoTests.System.Security.AccessControl
 {
 	[TestFixture]
 	public class ObjectAceTest