mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 lines
1.2 KiB
50 lines
1.2 KiB
# -
|
|
# This test makes sure that DENY_ACCESS ACE has a higher precedence over GRANT_ACCESS ACE
|
|
# -
|
|
# Initialize a new ACL
|
|
Exec InitNewACL
|
|
|
|
# Set the current trustee to rayland\actest1 and add it to the local access request list
|
|
Set TrusteeName rayland\actest1
|
|
ToggleAccessPerm COM_RIGHTS_EXECUTE
|
|
AddTrustee AccessRequestList
|
|
|
|
# Call GrantAccessRights
|
|
Exec GrantAccessRights
|
|
|
|
# Chicage client's security context
|
|
SwitchClientCtx
|
|
actest1
|
|
rayland
|
|
|
|
# Call IsAccessPermitted
|
|
Exec IsAccessPermitted
|
|
|
|
# Call IsAccessPermitted again to see if the caching mechanism works
|
|
Exec IsAccessPermitted
|
|
|
|
# Destroy the old access request list
|
|
Destroy AccessRequestList
|
|
|
|
# Set the current trustee to rayland\actestgroup1 and add it to the local access request list
|
|
Set TrusteeName rayland\actestgroup1
|
|
Set TrusteeType TRUSTEE_IS_GROUP
|
|
AddTrustee AccessRequestList
|
|
|
|
# Call DenyAccessRights
|
|
Exec DenyAccessRights
|
|
|
|
# Change the current trustee back to rayland\actest1
|
|
Set TrusteeName rayland\actest1
|
|
Set TrusteeType TRUSTEE_IS_USER
|
|
|
|
# Call IsAccessPermitted, rayland\actest1 should eb denied access by now
|
|
Exec IsAccessPermitted
|
|
|
|
# Retrieve the ACL fromt he IAccessControl object
|
|
Exec GetExplicitAccessRights
|
|
|
|
# Kill the server
|
|
Quit
|
|
|
|
|