[jcifs] Updating ACE[] using jcifs

Michael B Allen ioplex at gmail.com
Thu Mar 8 22:46:29 MST 2012

On Thu, Mar 8, 2012 at 2:48 PM, Chris Dail <chrisdail at gmail.com> wrote:
> I looking at extending JCIFS to add support for setting permissions on the
> share. I will make any changes I make available to the community. After some
> investigation it looks like the patch described previously in this chain is
> only setting permissions on the file itself and not the share. What I am
> looking to do is set the share permissions.
> I looked into how this is implemented using MSRPC. I also found Microsoft's
> reference documentation that contains the IDL for the desired calls. I'm
> having a bit of a difficult time understanding how the Java code was
> generated from this.
> srvsvc.java appears to be generated from srvsvc.idl. Same goes for
> netdfs.java, rpc.java, etc...
> Are these generated from the MS COM IDL files? If so what utility was done
> to do this?
> Any pointers in this area would be much appreciated.

Hi Chris,

The midlc utility understands a small subset of Microsoft IDL and
generates those files. See the *end* of the README.txt in that package
as a starting point but ultimately you want to run it like:

  $ midlc -v -s symtabjcifs.txt srvsvc.idl

The trick is figuring out the right IDL. You can easily generate a
.java file that is just totally wrong. In practice you need to get a
packet capture of Windows performing the RPC you want to implement,
compare it side-by-side in WireShark with your JCIFS call and then
play around with the IDL until the two match up exactly in WireShark
(at which point presumably the call will work). It is not an exercise
for even an above average developer. Someone else recently publicly
smashed there face into their keyboard trying to implement some scvctl

And note that none of this gets into encoding the security descriptor
which is a totally different and potentially dangerous procedure.


Michael B Allen
Java Active Directory Integration

> Thanks
> Chris
> On Tue, Mar 6, 2012 at 10:14 PM, Michael B Allen <ioplex at gmail.com> wrote:
>> On Tue, Mar 6, 2012 at 2:52 PM, chrisdail <chrisdail at gmail.com> wrote:
>> > I am interested in setting ACEs from JCIFS as well. Is this patch
>> > planned for
>> > inclusion in an upcoming release?
>> Hi Chris,
>> No. Writing data to the server is a serious matter that would require
>> more testing than I am willing to perform for the level of
>> functionality provided.
>> Mike
>> --
>> Michael B Allen
>> Java Active Directory Integration
>> http://www.ioplex.com/

More information about the jCIFS mailing list