[jcifs] [patch] Resolve SIDs in ACE[]s from getSecurity() to Human Readable Names

Thomas Bley thomas.bley at simple-groupware.de
Mon Apr 3 23:32:21 GMT 2006 

Hello,

I tried the resolve patch with my WinXP (SP2) as Server, but no success:
I get the listing from a folder and the ACEs, but I can't resolve SIDs.
The patch modifies TransactNamedPipeOutputStream.java, do I also need to 
modify TransactNamedPipeInputStream.java ?
Or is there anything else wrong ?

I have:
    public static void main( String[] args ) throws Exception {
        if (args.length < 1) {
            System.err.println( "usage: ListACL <smburl>\n" );
        }
        SmbFile f = new SmbFile( args[0] );
       
        String[] files = f.list();
        for( int i = 0; i < files.length; i++ ) {
            System.out.print( " " + files[i] );
        }
        System.out.println();
       
        ACE[] acl = f.getSecurity();
        for (int i = 0; i < acl.length; i++) {
            System.out.println( acl[i] );
        }
    }


The output is:
 serial.txt Test
jcifs.smb.SmbException: Unable to resolve SIDs
jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
    at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:499)
    at jcifs.smb.SmbTransport.send(SmbTransport.java:610)
    at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:268)
    at jcifs.smb.SmbSession.send(SmbSession.java:225)
    at jcifs.smb.SmbTree.treeConnect(SmbTree.java:147)
    at jcifs.smb.SmbFile.connect(SmbFile.java:796)
    at jcifs.smb.SmbFile.connect0(SmbFile.java:766)
    at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:72)
    at 
jcifs.smb.TransactNamedPipeInputStream.<init>(TransactNamedPipeInputStream.java:38)
    at jcifs.smb.SmbNamedPipe.getNamedPipeInputStream(SmbNamedPipe.java:166)
    at jcifs.smb.RpcTransport.attach(RpcTransport.java:91)
    at rpc.Stub.attach(Stub.java:105)
    at rpc.Stub.call(Stub.java:110)
    at jcifs.rpc.LsaRPC.openPolicy(LsaRPC.java:62)
    at jcifs.rpc.LsaRPC.lookupSids(LsaRPC.java:94)
    at jcifs.smb.SmbFile.getSecurity(SmbFile.java:2564)
    at ListACL.main(ListACL.java:17)

    at jcifs.smb.SmbFile.getSecurity(SmbFile.java:2566)
    at ListACL.main(ListACL.java:17)
Exception in thread "main"


Without "lsa.lookupSids(response.aces);" I get:

 serial.txt Test
inherited allow 0x001F01FF S-1-5-21-842925246-1060284298-1708537768-1003
inherited allow 0x001F01FF S-1-1-0
inherited allow 0x001200A9 S-1-5-21-842925246-1060284298-1708537768-501


Thanks and best regards,
Thomas


Michael B Allen wrote:
> Nice Job Martin.
>
> The UnicodeString type from Jarapac that extends rpc.unicode_string should be used although it would need some fixing up (e.g. replace the toString contents with that of your uniCodeToString method). Also, jcifs.smb.SID should be modified to extend rpc.sid_t to take advantage of polymorphic behavior there also. Then you can use those extended types wherever you would use rpc.unicode_string or rpc.sid_t. That would simplify and speed things up a little.
>
> It should be noted that users will need the Jarapac jar file:
>
>   http://sourceforge.net/projects/jarapac/
>
> Note: the Jarapac CVS repo is severly broken. Always download the package.
>
> The patch is in the patches directory:
>
>   http://jcifs.samba.org/src/patches/
>
> It will be interesting to see how this works for people.
>
> Mike
>
> On Wed, 29 Mar 2006 10:01:45 +0200
> "Martin D. Pedersen" <mdp at visanti.com> wrote:
>
>   
>> Hi Michael
>>
>>     
> <snip>
>   
>> It works just fine.
>>
>> I have included a new SID resolve patch.
>>
>>
>>
>> Best regards 
>>   Martin Pedersen
>>     
>
>
>

More information about the jcifs mailing list