You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
168 lines
4.4 KiB
168 lines
4.4 KiB
# Test #1 - This test exercises all the basic functionalities of the
|
|
# COM implementation of IAccessControl.
|
|
|
|
# Init a new COM IAccessControl object by passing a NULL IStream pointer
|
|
# into IPersistStream::Load
|
|
|
|
Exec InitNewACL
|
|
|
|
# I'll add 4 DENY_ACCESS ACEs and 5 GRANT_ACCESS ACEs to the ACL
|
|
|
|
# First, I'll add the GRANT_ACCESS entries to the ACL but before doing that,
|
|
# I have to set up an access request list locally
|
|
|
|
ToggleAccessPerm COM_RIGHTS_EXECUTE
|
|
|
|
Set TrusteeName RAYLAND\ACTEST1
|
|
AddTrustee AccessRequestList
|
|
Set TrusteeName RAYLAND\ACTEST2
|
|
AddTrustee AccessRequestList
|
|
Set TrusteeName RAYLAND\ACTEST3
|
|
AddTrustee AccessRequestList
|
|
Set TrusteeName RAYLAND\ACTEST4
|
|
AddTrustee AccessRequestList
|
|
Set TrusteeName rayland\administrator
|
|
AddTrustee AccessRequestList
|
|
|
|
# Add the GRANT_ACCESS ACEs
|
|
Exec GrantAccessRights
|
|
|
|
#Take a peek at the ACL
|
|
Exec GetExplicitAccessRights
|
|
|
|
# Goes through the same procedure for DENY_ACCESS ACEs but removes the local access request list first
|
|
Destroy AccessRequestList
|
|
|
|
Set TrusteeName RAYLAND\ACTEST5
|
|
AddTrustee AccessRequestList
|
|
Set TrusteeName RAYLAND\ACTEST6
|
|
AddTrustee AccessRequestList
|
|
Set TrusteeName RAYLAND\ACTEST7
|
|
AddTrustee AccessRequestList
|
|
Set TrusteeName RAYLAND\ACTEST8
|
|
AddTrustee AccessRequestList
|
|
|
|
# Add the DENY_ACCESS ACEs
|
|
Exec DenyAccessRights
|
|
|
|
# Call GetExplicitAccessRights to see if the ACL has been set up properly
|
|
Exec GetExplicitAccessRights
|
|
|
|
# Set current trustee to RAYLAND\ADMINISTRATOR and perform access check
|
|
Set TrusteeName RaYLAnD\adminIstrator
|
|
|
|
# RAYLAND\Administrator should be granted COM_RIGHTS_EXECUTE access
|
|
Exec IsAccessPermitted
|
|
|
|
# Call IsAccessPermitted to see if the caching mechanism works
|
|
Exec IsAccessPermitted
|
|
|
|
# Change the client security context to that of RAYLAND\ACTEST2 so I can preform some
|
|
# access checking for RAYLAND\ACTEST2
|
|
SwitchClientCtx
|
|
ACTEST2
|
|
RAYLAND
|
|
|
|
# Set the current trustee to RAYLAND\ACTEST2
|
|
Set TrusteeName RAYLAND\ACTEST2
|
|
|
|
# Call IsAccessPermitted to perform acces checking. ACTEST2 should be granted access
|
|
# to the object.
|
|
Exec IsAccessPermitted
|
|
|
|
# Call IsAccessPermitted to see if the caching mechanism works
|
|
Exec IsAccessPermitted
|
|
|
|
# Revoke some trustees from the ACL and see what happens....
|
|
Set TrusteeName RAYLAND\ACTEST4
|
|
AddTrustee TrusteeList
|
|
Exec RevokeExplicitAccessRights
|
|
Exec GetExplicitAccessRights
|
|
|
|
Destroy TrusteeList
|
|
Set Trusteename RAYLAND\ACTEST2
|
|
AddTrustee TrusteeList
|
|
Exec RevokeExplicitAccessRights
|
|
Exec GetExplicitAccessRights
|
|
|
|
# Call GetSizeMax to get the number of bytes required to dsave the ACL
|
|
Exec GetSizeMax
|
|
|
|
# Save the ACL to a file
|
|
Exec SaveACL c:\actests\data1
|
|
|
|
# Init a new ACL
|
|
Exec InitNewACL
|
|
|
|
# Take a look at the current ACL, it should be empty
|
|
# Exec GetExplicitAccessRights
|
|
|
|
# Load the ACL back from the same file
|
|
Exec LoadACL c:\actests\data1
|
|
|
|
# Take a look at the ACL, it should look the same as before it was saved
|
|
Exec GetExplicitAccessRights
|
|
|
|
# Revoke two grant ACEs to see what happens
|
|
Set TrusteeName RAYLAND\ACTEST4
|
|
AddTrustee TrusteeList
|
|
|
|
Exec RevokeExplicitAccessRights
|
|
|
|
# Take a look at the resulting ACL
|
|
Exec GetExplicitAccessRights
|
|
|
|
Destroy TrusteeList
|
|
Set TrusteeName RAYLAND\ACTEST2
|
|
AddTrustee TrusteeList
|
|
|
|
Exec RevokeExplicitAccessRights
|
|
|
|
# Take another peek a the resulting ACL
|
|
Exec GetExplicitAccessRights
|
|
|
|
# Perform access check for RAYLAND\ACTEST2 to check
|
|
# if the revoking really works. RAYLAND\ACTEST2 should
|
|
# be denied access to the object.
|
|
|
|
Set TrusteeName RAYLAND\ACTEST2
|
|
Exec IsAccessPermitted
|
|
|
|
# Replace the ACL with a new one
|
|
Set TrusteeName A
|
|
Set AccessMode GRANT_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName B
|
|
Set AccessMode DENY_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName G
|
|
Set AccessMode GRANT_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName H
|
|
Set AccessMode DENY_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName E
|
|
Set AccessMode GRANT_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName K
|
|
Set AccessMode DENY_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName F
|
|
Set AccessMode GRANT_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName L
|
|
Set AccessMode DENY_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
Set TrusteeName A
|
|
Set AccessMode GRANT_ACCESS
|
|
AddTrustee ExplicitAccessList
|
|
|
|
Exec ReplaceAllAccessRights
|
|
|
|
Exec GetExplicitAccessRights
|
|
|
|
# Kill server and quit
|
|
Quit
|
|
|
|
# End of Test #1
|
|
|