Source code of Windows XP (NT5)
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
# Test #1 - This test exercises all the basic functionalities of the # COM implementation of IAccessControl.
# Init a new COM IAccessControl object by passing a NULL IStream pointer # into IPersistStream::Load
Exec InitNewACL
# I'll add 4 DENY_ACCESS ACEs and 5 GRANT_ACCESS ACEs to the ACL
# First, I'll add the GRANT_ACCESS entries to the ACL but before doing that, # I have to set up an access request list locally
ToggleAccessPerm COM_RIGHTS_EXECUTE
Set TrusteeName RAYLAND\ACTEST1 AddTrustee AccessRequestList Set TrusteeName RAYLAND\ACTEST2 AddTrustee AccessRequestList Set TrusteeName RAYLAND\ACTEST3 AddTrustee AccessRequestList Set TrusteeName RAYLAND\ACTEST4 AddTrustee AccessRequestList Set TrusteeName RAYLAND\ADMINISTRATOR AddTrustee AccessRequestList
# Add the GRANT_ACCESS ACEs Exec GrantAccessRights
#Take a peek at the ACL Exec GetExplicitAccessRights
# Goes through the same procedure for DENY_ACCESS ACEs but removes the local access request list first Destroy AccessRequestList
Set TrusteeName RAYLAND\ACTEST5 AddTrustee AccessRequestList Set TrusteeName RAYLAND\ACTEST6 AddTrustee AccessRequestList Set TrusteeName RAYLAND\ACTEST7 AddTrustee AccessRequestList Set TrusteeName RAYLAND\ACTEST8 AddTrustee AccessRequestList
# Add the DENY_ACCESS ACEs Exec DenyAccessRights
# Call GetExplicitAccessRights to see if the ACL has been set up properly Exec GetExplicitAccessRights
# Set current trustee to RAYLAND\ADMINISTRATOR and perform access Set TrusteeName RAYLAND\Administrator
# RAYLAND\Administrator should be granted COM_RIGHTS_EXECUTE access Exec IsAccessPermitted
# Change the client security context to that of RAYLAND\ACTEST2 so I can preform some # access checking SwitchClientCtx ACTEST2 RAYLAND
# Set the current trustee to RAYLAND\ACTEST2 Set TrusteeName RAYLAND\ACTEST2
# Call IsAccessPermitted to perform acces checking. ACTEST2 should be granted access # to the object. Exec IsAccessPermitted
# Revoke some trustees from the ACL and see what happens.... Set TrusteeName RAYLAND\ACTEST4 AddTrustee TrusteeList Exec RevokeExplicitAccessRights Exec GetExplicitAccessRights
Destroy TrusteeList Set Trusteename RAYLAND\ACTEST2 AddTrustee TrusteeList Exec RevokeExplicitAccessRights Exec GetExplicitAccessRights
# Call GetSizeMax to get the number of bytes required to dsave the ACL Exec GetSizeMax
# Save the ACL to a file Exec SaveACL c:\actests\data1
# Init a new ACL Exec InitNewACL
# Take a look at the current ACL, it should be empty Exec GetExplicitAccessRights
# Load the ACL back from the same file Exec LoadACL c:\actests\data1
# Take a look at the ACL, it should look the same as before it was saved Exec GetExplicitAccessRights
# Revoke two grant ACEs to see what happens Set TrusteeName RAYLAND\ACTEST4 AddTrustee TrusteeList
Exec RevokeAccessRights
# Take a look at the resulting ACL Exec GetExplicitAccessRights
Destroy TrusteeList Set TrusteeName RAYLAND\ACTEST2 AddTrustee TrusteeList
Exec RevokeAccessRights
# Take another peek a the resulting ACL Exec GetExplicitAccessRights
# Perform access check for RAYLAND\ACTEST2 to check # if the revoking really works. RAYLAND\ACTEST2 should # be denied access to the object.
Set TrusteeName RAYLAND\ACTEST2 Exec IsAccessPermitted
# Replace the ACL with a new one Set TrusteeName A Set AccessMode GRANT_ACCESS AddTrustee ExplicitAccessList Set TrusteeName B Set AccessMode DENY_ACCESS AddTrustee ExplicitAccessList Set TrusteeName G Set AccessMode GRANT_ACCESS AddTrustee ExplicitAccessList Set TrusteeName H Set AccessMode DENY_ACCESS AddTrustee ExplicitAccessList Set TrusteeName E Set AccessMode GRANT_ACCESS AddTrustee ExplicitAccessList Set TrusteeName K Set AccessMode DENY_ACCESS AddTrustee ExplicitAccessList Set TrusteeName F Set AccessMode GRANT_ACCESS AddTrustee ExplicitAccessList Set TrusteeName L Set AccessMode DENY_ACCESS AddTrustee ExplicitAccessList Set TrusteeName A Set AccessMode GRANT_ACCESS AddTrustee ExplicitAccessList
Exec ReplaceAllAccessRights
Exec GetExplicitAccessRights
# Kill server and quit Quit
# End of Test #1
|