[jcifs] ACL via jCIFS (idlc)

Michael B Allen mba2000 at ioplex.com
Tue Oct 12 18:42:01 GMT 2004 

On Tue, 12 Oct 2004 11:24:52 +0200
"Martin D. Pedersen" <mdp at visanti.com> wrote:

> Hi all
> 
> I'm more or less in desperate need for ACL access for SMB files.
> 
> I have previously used the command line tool smbcalcs from the Samba 
> project, but the client side of Samba does not support Distributed File 
> System (DFS).
> I noticed that jCIFS currently is developing on an (m)idl compiler, how 
> far is this development from implementing eg. ACL access on files?

The plan is roughly as follows:

o fleash out jarapac/examples to support a wide range of windows
management functions
o implement NETLOGON api using idlc/jarapac/jcifs
o develop an alternative to NtlmPasswordAuthentication that supports
GSSAPI style credential management and rebuild the jcifs library
around that
o develop jcifs functions that use authentication like NTLM HTTP
Authentication filter and using security token to impersonate web user
to access Windows resources (this will be jcifs 2.0)
o add APIs for workstation management functions to jcifs for manipulating
Windows resources (e.g. adding users, rebooting machines, start/stop
services)

So by this timeline we're looking at between 3 months and never

However, when I "flesh out jarapac/examples" I will no doubt work
out the lsarpc and samr functions necessary to resolve sids and
names. However, reading extended attributes and decodeing/encoding
security descriptors/ACLs/ACEs is NOT rpc/ndr. That's old fashioned SMB
and hand writting marshalling. I'll look into actually getting that to
work though. User requests are largely the driving force for development
around here and you're not the only one looking for ACL control.

> I have downloaded jarapac 0.3.5 and idlc 0.4.0 and tried compiling the 
> IAccess.Idl file to gain access to GetAllAccessRights, but without much 
> success. Any pointers on how to work with these 'native' midl files?

Sounds like IAccess.Idl is some kind of COM or DCOM 'I'nterface
definition. We're doing MSRPC only right now. COM/DCOM is build on top
of MSRPC.

> Alternatively does any one know of _any_ Linux/Java library/tool that is 
> capable of retrieving ACL lists for SMB files resident on an DFS?

Check the "Related Java Projects" list on our website.

Mike

-- 
Greedo shoots first? Not in my Star Wars.

More information about the jcifs mailing list