Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

168 lines
4.4 KiB

# Test #1 - This test exercises all the basic functionalities of the
# COM implementation of IAccessControl.
# Init a new COM IAccessControl object by passing a NULL IStream pointer
# into IPersistStream::Load
Exec InitNewACL
# I'll add 4 DENY_ACCESS ACEs and 5 GRANT_ACCESS ACEs to the ACL
# First, I'll add the GRANT_ACCESS entries to the ACL but before doing that,
# I have to set up an access request list locally
ToggleAccessPerm COM_RIGHTS_EXECUTE
Set TrusteeName RAYLAND\ACTEST1
AddTrustee AccessRequestList
Set TrusteeName RAYLAND\ACTEST2
AddTrustee AccessRequestList
Set TrusteeName RAYLAND\ACTEST3
AddTrustee AccessRequestList
Set TrusteeName RAYLAND\ACTEST4
AddTrustee AccessRequestList
Set TrusteeName rayland\administrator
AddTrustee AccessRequestList
# Add the GRANT_ACCESS ACEs
Exec GrantAccessRights
#Take a peek at the ACL
Exec GetExplicitAccessRights
# Goes through the same procedure for DENY_ACCESS ACEs but removes the local access request list first
Destroy AccessRequestList
Set TrusteeName RAYLAND\ACTEST5
AddTrustee AccessRequestList
Set TrusteeName RAYLAND\ACTEST6
AddTrustee AccessRequestList
Set TrusteeName RAYLAND\ACTEST7
AddTrustee AccessRequestList
Set TrusteeName RAYLAND\ACTEST8
AddTrustee AccessRequestList
# Add the DENY_ACCESS ACEs
Exec DenyAccessRights
# Call GetExplicitAccessRights to see if the ACL has been set up properly
Exec GetExplicitAccessRights
# Set current trustee to RAYLAND\ADMINISTRATOR and perform access check
Set TrusteeName RaYLAnD\adminIstrator
# RAYLAND\Administrator should be granted COM_RIGHTS_EXECUTE access
Exec IsAccessPermitted
# Call IsAccessPermitted to see if the caching mechanism works
Exec IsAccessPermitted
# Change the client security context to that of RAYLAND\ACTEST2 so I can preform some
# access checking for RAYLAND\ACTEST2
SwitchClientCtx
ACTEST2
RAYLAND
# Set the current trustee to RAYLAND\ACTEST2
Set TrusteeName RAYLAND\ACTEST2
# Call IsAccessPermitted to perform acces checking. ACTEST2 should be granted access
# to the object.
Exec IsAccessPermitted
# Call IsAccessPermitted to see if the caching mechanism works
Exec IsAccessPermitted
# Revoke some trustees from the ACL and see what happens....
Set TrusteeName RAYLAND\ACTEST4
AddTrustee TrusteeList
Exec RevokeExplicitAccessRights
Exec GetExplicitAccessRights
Destroy TrusteeList
Set Trusteename RAYLAND\ACTEST2
AddTrustee TrusteeList
Exec RevokeExplicitAccessRights
Exec GetExplicitAccessRights
# Call GetSizeMax to get the number of bytes required to dsave the ACL
Exec GetSizeMax
# Save the ACL to a file
Exec SaveACL c:\actests\data1
# Init a new ACL
Exec InitNewACL
# Take a look at the current ACL, it should be empty
# Exec GetExplicitAccessRights
# Load the ACL back from the same file
Exec LoadACL c:\actests\data1
# Take a look at the ACL, it should look the same as before it was saved
Exec GetExplicitAccessRights
# Revoke two grant ACEs to see what happens
Set TrusteeName RAYLAND\ACTEST4
AddTrustee TrusteeList
Exec RevokeExplicitAccessRights
# Take a look at the resulting ACL
Exec GetExplicitAccessRights
Destroy TrusteeList
Set TrusteeName RAYLAND\ACTEST2
AddTrustee TrusteeList
Exec RevokeExplicitAccessRights
# Take another peek a the resulting ACL
Exec GetExplicitAccessRights
# Perform access check for RAYLAND\ACTEST2 to check
# if the revoking really works. RAYLAND\ACTEST2 should
# be denied access to the object.
Set TrusteeName RAYLAND\ACTEST2
Exec IsAccessPermitted
# Replace the ACL with a new one
Set TrusteeName A
Set AccessMode GRANT_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName B
Set AccessMode DENY_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName G
Set AccessMode GRANT_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName H
Set AccessMode DENY_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName E
Set AccessMode GRANT_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName K
Set AccessMode DENY_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName F
Set AccessMode GRANT_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName L
Set AccessMode DENY_ACCESS
AddTrustee ExplicitAccessList
Set TrusteeName A
Set AccessMode GRANT_ACCESS
AddTrustee ExplicitAccessList
Exec ReplaceAllAccessRights
Exec GetExplicitAccessRights
# Kill server and quit
Quit
# End of Test #1