51 lines
1.2 KiB
Plaintext
51 lines
1.2 KiB
Plaintext
|
# -
|
||
|
# This test makes sure that DENY_ACCESS ACE has a higher precedence over GRANT_ACCESS ACE
|
||
|
# -
|
||
|
# Initialize a new ACL
|
||
|
Exec InitNewACL
|
||
|
|
||
|
# Set the current trustee to rayland\actest1 and add it to the local access request list
|
||
|
Set TrusteeName rayland\actest1
|
||
|
ToggleAccessPerm COM_RIGHTS_EXECUTE
|
||
|
AddTrustee AccessRequestList
|
||
|
|
||
|
# Call GrantAccessRights
|
||
|
Exec GrantAccessRights
|
||
|
|
||
|
# Chicage client's security context
|
||
|
SwitchClientCtx
|
||
|
actest1
|
||
|
rayland
|
||
|
|
||
|
# Call IsAccessPermitted
|
||
|
Exec IsAccessPermitted
|
||
|
|
||
|
# Call IsAccessPermitted again to see if the caching mechanism works
|
||
|
Exec IsAccessPermitted
|
||
|
|
||
|
# Destroy the old access request list
|
||
|
Destroy AccessRequestList
|
||
|
|
||
|
# Set the current trustee to rayland\actestgroup1 and add it to the local access request list
|
||
|
Set TrusteeName rayland\actestgroup1
|
||
|
Set TrusteeType TRUSTEE_IS_GROUP
|
||
|
AddTrustee AccessRequestList
|
||
|
|
||
|
# Call DenyAccessRights
|
||
|
Exec DenyAccessRights
|
||
|
|
||
|
# Change the current trustee back to rayland\actest1
|
||
|
Set TrusteeName rayland\actest1
|
||
|
Set TrusteeType TRUSTEE_IS_USER
|
||
|
|
||
|
# Call IsAccessPermitted, rayland\actest1 should eb denied access by now
|
||
|
Exec IsAccessPermitted
|
||
|
|
||
|
# Retrieve the ACL fromt he IAccessControl object
|
||
|
Exec GetExplicitAccessRights
|
||
|
|
||
|
# Kill the server
|
||
|
Quit
|
||
|
|
||
|
|