Compartilhar via


Código de exemplo para criar um direito de acesso de controle

O exemplo do Visual Basic a seguir cria um objeto controlAccessRight no contêiner Extended-Rights.

Dim ExContainer As IADsContainer
Dim rootdse As IADs
Dim ExRight As IADs

On Error GoTo CleanUp
 
Set rootdse = GetObject("LDAP://rootDSE")
configpath = rootdse.Get("configurationNamingContext")
Set ExContainer = GetObject("LDAP://cn=extended-rights," & configpath)
 
' Create the object, specifying the object class and the cn.
Set ExRight = ExContainer.Create("controlAccessRight", "cn=MyExRight")
 
' Set the classes that the right applies to.
' Specify the schemaIDGUID of the user and computer classes.
ExRight.PutEx ADS_PROPERTY_UPDATE, "appliesTo", _
         Array("bf967aba-0de6-11d0-a285-00aa003049e2", _
               "bf967a86-0de6-11d0-a285-00aa003049e2")
 
' Set the display name used in Security property pages and other UI.
ExRight.PutEx ADS_PROPERTY_UPDATE, 
              "displayName", 
              Array("My-Extended-Right")
 
' Set rightsGUID to a GUID generated by Uuidgen.exe.
ExRight.PutEx ADS_PROPERTY_UPDATE, "rightsGUID", _
               Array("64ad33ac-ea09-4ded-b798-a0585c50fd5a")

' Set validAccesses to indicate a control access right.
ExRight.PutEx ADS_PROPERTY_UPDATE, "validAccesses", &H100

ExRight.SetInfo

Exit Sub

CleanUp:
    MsgBox ("An error has occurred.")
    ExContainer = Nothing
    rootdse = Nothing
    ExRight = Nothing

O exemplo de código C++ a seguir é uma função que cria um objeto controlAccessRight no contêiner Extended-Rights. Quando você chamar essa função, use o seguinte formato para especificar a cadeia de caracteres GUID para o parâmetro pszRightsGUID .

L"b7b13123-b82e-11d0-afee-0000f80367c1"

A matriz ADSVALUE para a propriedade appliesTo usa o mesmo formato GUID e define o membro dwType como ADSTYPE_CASE_IGNORE_STRING.

#define _WIN32_WINNT 0x0500
 
#include <windows.h>
#include <stdio.h>
#include <activeds.h>
 
// ****************************************************************
//  CreateExtendedRight
// ****************************************************************
HRESULT CreateExtendedRight(
             LPWSTR pszCommonName,     // cn property
             LPWSTR pszDisplayName,    // displayName property
             LPWSTR pszRightsGUID,     // rightsGUID property
             ADSVALUE *pAdsvAppliesTo, // array of GUIDs for appliesTo property
             int cAppliesTo )          // number of GUIDs in array
{
HRESULT hr = E_FAIL;
VARIANT var;
LPOLESTR szADsPath = NULL;
IADs *pRootDSE = NULL;
IDirectoryObject *pExRights = NULL;
UINT nSize = 0;
WCHAR *lpszExtRights = L"LDAP://cn=Extended-Rights," 

const int cAttributes = 6;   // Count of attributes that must be set to create a control access right.
PADS_ATTR_INFO pAttributeEntries = new ADS_ATTR_INFO[cAttributes];  // array of attributes
ADSVALUE adsvCN,
         adsvObjectClass,
         adsvDisplayName,
         adsvRightsGUID,
         adsvValidAccesses;
 
LPOLESTR pszRightRelPath = new WCHAR[MAX_PATH];
IDispatch *pNewObject = NULL;
 
hr = ADsOpenObject(L"LDAP://rootDSE",
                   NULL,
                   NULL,
                   ADS_SECURE_AUTHENTICATION, // Use Secure Authentication.
                   IID_IADs,
                   (void**)&pRootDSE);
if (FAILED(hr)) {
    wprintf(L"Bind to rootDSE failed: 0x%x\n", hr);
    return hr;
}
 
// Get the DN to the config container.
hr = pRootDSE->Get(CComBSTR("configurationNamingContext"), &var);
if (SUCCEEDED(hr))
{
    // Determine the buffer size required to store the ADsPath string
    // and allocate the buffer.
    nSize = wcslen(lpszExtRights) + wcslen(var.bstrVal) + 1;
    szADsPath = new OLECHAR[nSize];

    if (szADsPath == NULL)
    {
        wprintf(L"Buffer allocation failed.");
        goto cleanup;
    }

    // Build ADsPath string to Extended-Rights container
    wcsncpy_s(szADsPath,lpszExtRights,nSize);
    wcsncat_s(szADsPath,var.bstrVal,wcslen(var.bstrVal));
 
    // Get an IDirectory Object pointer to the Extended Rights Container.
    hr = ADsOpenObject(szADsPath,
               NULL,
               NULL,
               ADS_SECURE_AUTHENTICATION, // Use Secure Authentication.
               IID_IDirectoryObject,
               (void**)&pExRights);
}
if (FAILED (hr) ) {
    wprintf(L"Bind to Extended Rights Container failed: 0x%x\n", hr);
    goto cleanup;
}
 
// Set first attribute: CN
pAttributeEntries[0].pszAttrName = L"CN";                    // Attribute name: CN
pAttributeEntries[0].dwControlCode = ADS_ATTR_APPEND;        // Add the attribute.
pAttributeEntries[0].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string.
// Fill in the ADSVALUE structure for the CN property
adsvCN.CaseIgnoreString = pszCommonName;
adsvCN.dwType = ADSTYPE_CASE_IGNORE_STRING;
pAttributeEntries[0].pADsValues = &adsvCN;
pAttributeEntries[0].dwNumValues = 1;
 
// Set second attribute: objectClass
pAttributeEntries[1].pszAttrName = L"objectClass";           // Attribute name: objectClass
pAttributeEntries[1].dwControlCode = ADS_ATTR_APPEND;        // Add the attribute.
pAttributeEntries[1].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string.
// Fill in the ADSVALUE structure for the objectClass property
adsvObjectClass.CaseIgnoreString = L"controlAccessRight";    // objectClass is controlAccessRight
adsvObjectClass.dwType = ADSTYPE_CASE_IGNORE_STRING;
pAttributeEntries[1].pADsValues = &adsvObjectClass;
pAttributeEntries[1].dwNumValues = 1;
 
// Set third attribute: appliesTo
// Each value for this property is a schemaIDGUID of a class to which the right can be applied.
pAttributeEntries[2].pszAttrName = L"appliesTo";             // Attribute name: appliesTo
pAttributeEntries[2].dwControlCode = ADS_ATTR_APPEND;        // Add the attribute.
pAttributeEntries[2].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string.
// The ADSVALUE array for this property is passed in as a parameter to this function.
pAttributeEntries[2].pADsValues = pAdsvAppliesTo;
pAttributeEntries[2].dwNumValues = cAppliesTo;
 
// Set fourth attribute: displayName
pAttributeEntries[3].pszAttrName = L"displayName";           // Attribute name: CNpAttributeEntries[3].dwControlCode = ADS_ATTR_APPEND;        // Add the attribute.
pAttributeEntries[3].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string.
// Fill in the ADSVALUE structure for the displayName property.
adsvDisplayName.CaseIgnoreString = pszDisplayName;
adsvDisplayName.dwType = ADSTYPE_CASE_IGNORE_STRING;
pAttributeEntries[3].pADsValues = &adsvDisplayName;
pAttributeEntries[3].dwNumValues = 1;
 
// Set fifth attribute: rightsGUID
pAttributeEntries[4].pszAttrName = L"rightsGUID";            // Attribute name
pAttributeEntries[4].dwControlCode = ADS_ATTR_APPEND;        // Add the attribute.
pAttributeEntries[4].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string.
// Fill in the ADSVALUE structure for the rightsGUID property.
adsvRightsGUID.dwType = ADSTYPE_CASE_IGNORE_STRING;
adsvRightsGUID.CaseIgnoreString = pszRightsGUID;
pAttributeEntries[4].pADsValues = &adsvRightsGUID;
pAttributeEntries[4].dwNumValues = 1;
 
// Set sixth attribute: validAccesses
pAttributeEntries[5].pszAttrName = L"validAccesses";         // Attribute name
pAttributeEntries[5].dwControlCode = ADS_ATTR_APPEND;        // Add the attribute.
pAttributeEntries[5].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string.
// Fill in the ADSVALUE structure for the rightsGUID property.
adsvValidAccesses.dwType = ADSTYPE_INTEGER;
adsvValidAccesses.Integer = ADS_RIGHT_DS_CONTROL_ACCESS;
pAttributeEntries[5].pADsValues = &adsvValidAccesses;
pAttributeEntries[5].dwNumValues = 1;
 
// Set up the relative distinguished name for the new object.
wcscpy_s(pszRightRelPath, L"cn=");
wcscat_s(pszRightRelPath, pszCommonName);
 
// Create the controlAccessRight
hr = pExRights->CreateDSObject(
                     pszRightRelPath,   // Relative path of new object
                     pAttributeEntries, // Attributes to be set
                     cAttributes,       // Number of attributes being set
                     &pNewObject        // receives IDispatch pointer to the new object
                     );
 
cleanup:
 
if (pRootDSE)
    pRootDSE->Release();
if (pExRights)
    pExRights->Release();
if (pNewObject)
    pNewObject->Release();
if (szADsPath)
    delete [] szADsPath;
 
VariantClear(&var);
return hr;
}

Essa função de exemplo CreateExtendedRight pode ser chamada com o exemplo de código a seguir.

ADSVALUE adsvAppliesTo;
 
adsvAppliesTo.dwType = ADSTYPE_CASE_IGNORE_STRING;
adsvAppliesTo.CaseIgnoreString = L"bf967aba-0de6-11d0-a285-00aa003049e2";

hr = CreateExtendedRight(L"myexright", L"My Extended Right",
                     L"7587d479-441a-480b-9d5d-807b4d067db4",
                     &adsvAppliesTo,
                     1);