[jcifs] ShareSecurity with OverlandStorage Server aka SnapServer

[Michael B Allen]

On Tue, Oct 18, 2011 at 3:54 PM, Mazhar Lateef
<mazhar.lateef at virtualcode.co.uk> wrote:
> Hi All,
> We are currently working with a client using an overland Storage appliance
> aka SnapServer running Guardian OS. Jcifs seems to work ok, except it does
> not seem to return the correct share security information of the Shared
> folder. The same application when used in a windows environment works
> absolutely fine and returns the correct information.
> The client's appliance is integrated with a AD and the shared permissions
> are applied to security groups from the AD. Jcifs seems to ALWAYS return the
> everyone group even when the share security does not have everyone listed in
> the Allow permissions.
> Can anyone help please? does anyone know anything about SnapServer and why
> the share security may not be working? I would have thought the CIFS
> protocol will be the same regardless of the platform.
> Any help, guidance, pointers  would be much appreciated.

Hi Maz,

JCIFS just returns the SIDs in the security descriptor of a
GetShareInfo level 502 with a ShareInfo502 structure. It does not
artificially inject SIDs or anything like that so I suspect that
Everyone SID is in fact coming from the server.

The only way to really see what is going on is to get a capture of
JCIFS quering the share security descriptor and examining it in
WireShark. And for good measure you can look at how Windows does the
same operation (you might need to reboot the client just before trying
it to clear any cache before the capture) and then compare the two.
They probably use different info levels but the resulting security
descriptor contents should be the same.

Otherwise I don't have any information as to why the Everyone SID
would be incorrectly returned. Again, JCIFS should just regurgitating
what was provided by the server so ...

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/