Platform SDK: Active Directory, ADSI, and Directory Services |
The IADsAccessControlList::CopyAccessList method copies all access control entries (ACEs) in the access-control list (ACL) to the caller's process space.
HRESULT CopyAccessList( IDispatch ** ppAccessControlList );
This method returns the standard return values, as well as the following:
For other return values, see ADSI Error Codes.
As with any method-allocated memory, the caller is responsible for calling Release on the copy of ACEs through their IDispatch pointers.
The following Visual Basic® code snippet shows how to copy ACL from one ADSI object to another.
Dim x As IADs Dim sd As IADsSecurityDescriptor Dim Dacl As IADsAccessControlList Dim CopyDacl As IADsAccessControlList 'Get the ACL from one object Set x = GetObject("LDAP://OU=Sales, DC=activeD,DC=nttest,DC=microsoft,DC=com") Set sd = x.Get("ntSecurityDescriptor") Set Dacl = sd.DiscretionaryAcl Set CopyDacl = Dacl.CopyAccessList() 'Copy the ACL to another object in the Directory Set x = GetObject("LDAP://OU=Sales, DC=Fabrikam,DC=com") Set sd = x.Get("ntSecurityDescriptor") sd.DiscretionaryAcl = CopyDacl x.Put "ntSecurityDescriptor", Array(sd) x.SetInfo
The following C++ code snippet makes a copy of an ACL.
LPWSTR guestPath = L"LDAP://CN=Guest,CN=Sales,dc=Fabrikam,dc=com"; LPWSTR user = L"Administrator"; LPWSTR passwd = L"secret"; IADs *pAds; HRESULT hr; hr = ADsOpenObject(guestPath, user, passwd, ADS_SECURE_AUTHENTICATION, IID_IADs, (void**)&pAds); if(FAILED(hr)) exit(0); IADsSecurityDescriptor *pSD=getSD(pAds); if(!pSD) { pAds->Release(); exit (0); } IADsAccessControlList *pAcl = getAcl(pSD); IADsAccessControlList *pAclCopy; hr = pAcl.CopyAccessList(pAclCopy); IADs pValCust; hr = ADsOpenObject( L"LDAP://CN=ValuedCustomer,CN=Sales,DC=Fabrikam,DC=com", user, passwd, ADS_SECURE_AUTHENTICATION, IID_IADs, (void**) &pValCust); IADsSecurityDescriptor *pSdValCust=getSD(pValCust); IDispatch *pDisp; hr = pAclCopy->QueryInterface(IID_IDispatch,(void**)&pDisp); hr = pSdValCust->put_DiscretionaryACL(pDisp); hr = pValCust->SetInfo(); pDisp->Release(); pValCust->Release(); pAclCopy->Release(); pSdValCust->Release(); if(pAcl) pAcl->Release(); if(pSD) pSD->Release(); if(pAds) pAds->Release(); ///////////////////////////////////////////////////////// // functions to bind to an object and get its SD and ACL. ///////////////////////////////////////////////////////// IADs *getIADsObject(LPWSTR adsPath,LPWSTR usr,LPWSTR passwd) { if(!adsPath) return NULL; HRESULT hr; IADs *pObj; hr = ADsOpenObject(adsPath, usr, passwd, ADS_SECURE_AUTHENTICATION, IID_IADs, (void**)&pObj); if(FAILED(hr)) { printf("adsopenobject: hr = %x\n",hr); if(pObj) pObj->Release(); return NULL; } return pObj; } IADsSecurityDescriptor *getSD(IADs *pObj) { VARIANT var; VariantInit(&var); HRESULT hr; hr = pObj->Get(L"ntSecurityDescriptor",&var); if(FAILED(hr)) { VariantClear(&var); return NULL; } IADsSecurityDescriptor *psd; hr = V_DISPATCH(&var)->QueryInterface(IID_IADsSecurityDescriptor, (void**)&psd); if(FAILED(hr)) { if(psd) psd->Release(); return NULL; } return psd; } IADsAccessControlList *getAcl(IADsSecurityDescriptor *psd) { HRESULT hr; IDispatch *pDisp; hr = psd->get_DiscretionaryAcl(&pDisp); if(FAILED(hr)) { pDisp->Release(); return NULL; } IADsAccessControlList *pAcl; hr = pDisp->QueryInterface(IID_IADsAccessControlList, (void**)&pAcl); pDisp->Release(); if(FAILED(hr)) { pAcl->Release(); return NULL; } return pAcl; }
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with DSClient).
Windows 95/98: Requires Windows 95 or later (with DSClient).
Header: Declared in Iads.h.