[jcifs] [patch] Resolve SIDs in ACE[]s from getSecurity() to
Human Readable Names
Thomas Bley
thomas.bley at simple-groupware.de
Mon Apr 3 23:54:50 GMT 2006
Hello,
Looks like the rpc uses the guest account, I enabled the guest account
on my machine and got this:
Logon failure: the user has not been granted the requested logon type at
this computer.
Next I changed my "Local security settings":
- removed Guest from "Deny logon locally"
- removed Guest from "Deny access to this computer from the network"
and it seems to work.
My args[0] is:
smb://administrator:xxx@192.168.0.2/temp/Test/
So I think I need to set the credentials somewhere ?
Also I get all rpc dumps, do I missed to set a logLevel somewhere ?
Best regards,
Thomas
Thomas Bley wrote:
> Hello,
>
> I tried the resolve patch with my WinXP (SP2) as Server, but no success:
> I get the listing from a folder and the ACEs, but I can't resolve SIDs.
> The patch modifies TransactNamedPipeOutputStream.java, do I also need
> to modify TransactNamedPipeInputStream.java ?
> Or is there anything else wrong ?
>
> I have:
> public static void main( String[] args ) throws Exception {
> if (args.length < 1) {
> System.err.println( "usage: ListACL <smburl>\n" );
> }
> SmbFile f = new SmbFile( args[0] );
> String[] files = f.list();
> for( int i = 0; i < files.length; i++ ) {
> System.out.print( " " + files[i] );
> }
> System.out.println();
> ACE[] acl = f.getSecurity();
> for (int i = 0; i < acl.length; i++) {
> System.out.println( acl[i] );
> }
> }
>
>
> The output is:
> serial.txt Test
> jcifs.smb.SmbException: Unable to resolve SIDs
> jcifs.smb.SmbAuthException: Logon failure: account currently disabled.
> at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:499)
> at jcifs.smb.SmbTransport.send(SmbTransport.java:610)
> at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:268)
> at jcifs.smb.SmbSession.send(SmbSession.java:225)
> at jcifs.smb.SmbTree.treeConnect(SmbTree.java:147)
> at jcifs.smb.SmbFile.connect(SmbFile.java:796)
> at jcifs.smb.SmbFile.connect0(SmbFile.java:766)
> at jcifs.smb.SmbFileInputStream.<init>(SmbFileInputStream.java:72)
> at
> jcifs.smb.TransactNamedPipeInputStream.<init>(TransactNamedPipeInputStream.java:38)
>
> at
> jcifs.smb.SmbNamedPipe.getNamedPipeInputStream(SmbNamedPipe.java:166)
> at jcifs.smb.RpcTransport.attach(RpcTransport.java:91)
> at rpc.Stub.attach(Stub.java:105)
> at rpc.Stub.call(Stub.java:110)
> at jcifs.rpc.LsaRPC.openPolicy(LsaRPC.java:62)
> at jcifs.rpc.LsaRPC.lookupSids(LsaRPC.java:94)
> at jcifs.smb.SmbFile.getSecurity(SmbFile.java:2564)
> at ListACL.main(ListACL.java:17)
>
> at jcifs.smb.SmbFile.getSecurity(SmbFile.java:2566)
> at ListACL.main(ListACL.java:17)
> Exception in thread "main"
>
>
> Without "lsa.lookupSids(response.aces);" I get:
>
> serial.txt Test
> inherited allow 0x001F01FF S-1-5-21-842925246-1060284298-1708537768-1003
> inherited allow 0x001F01FF S-1-1-0
> inherited allow 0x001200A9 S-1-5-21-842925246-1060284298-1708537768-501
>
>
> Thanks and best regards,
> Thomas
>
>
> Michael B Allen wrote:
>> Nice Job Martin.
>>
>> The UnicodeString type from Jarapac that extends rpc.unicode_string
>> should be used although it would need some fixing up (e.g. replace
>> the toString contents with that of your uniCodeToString method).
>> Also, jcifs.smb.SID should be modified to extend rpc.sid_t to take
>> advantage of polymorphic behavior there also. Then you can use those
>> extended types wherever you would use rpc.unicode_string or
>> rpc.sid_t. That would simplify and speed things up a little.
>>
>> It should be noted that users will need the Jarapac jar file:
>>
>> http://sourceforge.net/projects/jarapac/
>>
>> Note: the Jarapac CVS repo is severly broken. Always download the
>> package.
>>
>> The patch is in the patches directory:
>>
>> http://jcifs.samba.org/src/patches/
>>
>> It will be interesting to see how this works for people.
>>
>> Mike
>>
>> On Wed, 29 Mar 2006 10:01:45 +0200
>> "Martin D. Pedersen" <mdp at visanti.com> wrote:
>>
>>
>>> Hi Michael
>>>
>>>
>> <snip>
>>
>>> It works just fine.
>>>
>>> I have included a new SID resolve patch.
>>>
>>>
>>>
>>> Best regards Martin Pedersen
>>>
>>
>>
>>
>
>
More information about the jcifs
mailing list