[jcifs] Updating ACE[] using jcifs

christofer.dutz at c-ware.de christofer.dutz at c-ware.de
Fri Mar 9 01:12:45 MST 2012

Hi Michael,

I could see that you seem to know what the parameters of midlc are actually used for ... I would really like to update my documentation with that :-)
Could you please post what they are used for? Up till now all I used was the "-t jcifs" and the "-o" parameter. This generated code I only had to manipulate slightly ;-)


-----Ursprüngliche Nachricht-----
Von: jcifs-bounces at lists.samba.org [mailto:jcifs-bounces at lists.samba.org] Im Auftrag von Michael B Allen
Gesendet: Freitag, 9. März 2012 06:46
An: Chris Dail
Cc: jcifs at lists.samba.org
Betreff: Re: [jcifs] Updating ACE[] using jcifs

On Thu, Mar 8, 2012 at 2:48 PM, Chris Dail <chrisdail at gmail.com> wrote:
> I looking at extending JCIFS to add support for setting permissions on 
> the share. I will make any changes I make available to the community. 
> After some investigation it looks like the patch described previously 
> in this chain is only setting permissions on the file itself and not 
> the share. What I am looking to do is set the share permissions.
> I looked into how this is implemented using MSRPC. I also found 
> Microsoft's reference documentation that contains the IDL for the 
> desired calls. I'm having a bit of a difficult time understanding how 
> the Java code was generated from this.
> srvsvc.java appears to be generated from srvsvc.idl. Same goes for 
> netdfs.java, rpc.java, etc...
> Are these generated from the MS COM IDL files? If so what utility was 
> done to do this?
> Any pointers in this area would be much appreciated.

Hi Chris,

The midlc utility understands a small subset of Microsoft IDL and generates those files. See the *end* of the README.txt in that package as a starting point but ultimately you want to run it like:

  $ midlc -v -s symtabjcifs.txt srvsvc.idl

The trick is figuring out the right IDL. You can easily generate a .java file that is just totally wrong. In practice you need to get a packet capture of Windows performing the RPC you want to implement, compare it side-by-side in WireShark with your JCIFS call and then play around with the IDL until the two match up exactly in WireShark (at which point presumably the call will work). It is not an exercise for even an above average developer. Someone else recently publicly smashed there face into their keyboard trying to implement some scvctl calls.

And note that none of this gets into encoding the security descriptor which is a totally different and potentially dangerous procedure.


Michael B Allen
Java Active Directory Integration

> Thanks
> Chris
> On Tue, Mar 6, 2012 at 10:14 PM, Michael B Allen <ioplex at gmail.com> wrote:
>> On Tue, Mar 6, 2012 at 2:52 PM, chrisdail <chrisdail at gmail.com> wrote:
>> > I am interested in setting ACEs from JCIFS as well. Is this patch 
>> > planned for inclusion in an upcoming release?
>> Hi Chris,
>> No. Writing data to the server is a serious matter that would require 
>> more testing than I am willing to perform for the level of 
>> functionality provided.
>> Mike
>> --
>> Michael B Allen
>> Java Active Directory Integration
>> http://www.ioplex.com/

More information about the jCIFS mailing list