From 0cc233ea17eccf7ca5ace46114152bb5afdae30b Mon Sep 17 00:00:00 2001
From: James Bellinger <jfb@zer7.com>
Date: Mon, 2 Jul 2012 23:35:14 -0400
Subject: [PATCH] Bug fix: Merging occurs after sorting ACE groups by
 SecurityIdentifier not before. Added a unit test for this behavior.

Also, fixed the namespace for the ObjectAce unit test.
---
 .../CommonAcl.cs                              |  2 +-
 .../CommonAclTest.cs                          | 29 +++++++++++++++++++
 .../ObjectAceTest.cs                          |  2 +-
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/mcs/class/corlib/System.Security.AccessControl/CommonAcl.cs b/mcs/class/corlib/System.Security.AccessControl/CommonAcl.cs
index 23150a638f1..cbeea7f1362 100644
--- a/mcs/class/corlib/System.Security.AccessControl/CommonAcl.cs
+++ b/mcs/class/corlib/System.Security.AccessControl/CommonAcl.cs
@@ -136,8 +136,8 @@ namespace System.Security.AccessControl
 			is_canonical = TestCanonicity ();
 			
 			if (IsCanonical) {
-				MergeExplicitAces ();
 				ApplyCanonicalSortToExplicitAces ();
+				MergeExplicitAces ();
 			}
 		}
 		
diff --git a/mcs/class/corlib/Test/System.Security.AccessControl/CommonAclTest.cs b/mcs/class/corlib/Test/System.Security.AccessControl/CommonAclTest.cs
index 2f8bf90066f..b44193a224d 100644
--- a/mcs/class/corlib/Test/System.Security.AccessControl/CommonAclTest.cs
+++ b/mcs/class/corlib/Test/System.Security.AccessControl/CommonAclTest.cs
@@ -154,6 +154,35 @@ namespace MonoTests.System.Security.AccessControl
 			Assert.AreEqual (0, dacl.Count);
 		}
 
+		[Test]
+		public void MergesAfterSortingForMultipleSids ()
+		{
+			SecurityIdentifier adminSid = new SecurityIdentifier
+				(WellKnownSidType.BuiltinAdministratorsSid, null); // S-1-5-32-544
+
+			SecurityIdentifier userSid = new SecurityIdentifier
+				(WellKnownSidType.BuiltinUsersSid, null); // S-1-5-32-545
+
+			RawAcl acl = MakeRawAcl(new GenericAce[] {
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 1, userSid, false, null),
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 2, adminSid, false, null),
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 4, userSid, false, null),
+				new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 8, adminSid, false, null),
+			});
+
+			DiscretionaryAcl dacl = new DiscretionaryAcl (false, false, acl);
+			Assert.IsTrue (dacl.IsCanonical);
+			Assert.AreEqual (2, dacl.Count);
+
+			CommonAce adminAce = (CommonAce)dacl [0];
+			Assert.AreEqual (adminSid, adminAce.SecurityIdentifier);
+			Assert.AreEqual (10, adminAce.AccessMask);
+
+			CommonAce userAce = (CommonAce)dacl [1];
+			Assert.AreEqual (userSid, userAce.SecurityIdentifier);
+			Assert.AreEqual (5, userAce.AccessMask);
+		}
+
 		[Test]
 		public void DetectsNonCanonicalAndDoesNotMerge ()
 		{
diff --git a/mcs/class/corlib/Test/System.Security.AccessControl/ObjectAceTest.cs b/mcs/class/corlib/Test/System.Security.AccessControl/ObjectAceTest.cs
index 73d067f4eb9..fa3d81b46da 100644
--- a/mcs/class/corlib/Test/System.Security.AccessControl/ObjectAceTest.cs
+++ b/mcs/class/corlib/Test/System.Security.AccessControl/ObjectAceTest.cs
@@ -11,7 +11,7 @@ using System.Security.AccessControl;
 using System.Security.Principal;
 using NUnit.Framework;
 
-namespace AccessControl
+namespace MonoTests.System.Security.AccessControl
 {
 	[TestFixture]
 	public class ObjectAceTest
-- 
GitLab