jcifs.smb

Class SID


public class SID
extends rpc.sid_t

A Windows SID is a numeric identifier used to represent Windows accounts. SIDs are commonly represented using a textual format such as S-1-5-21-1496946806-2192648263-3843101252-1029 but they may also be resolved to yield the name of the associated Windows account such as Administrators or MYDOM\alice.

Consider the following output of examples/SidLookup.java:

        toString: S-1-5-21-4133388617-793952518-2001621813-512
 toDisplayString: WNET\Domain Admins
         getType: 2
     getTypeText: Domain group
   getDomainName: WNET
  getAccountName: Domain Admins
 

Field Summary

static SID
CREATOR_OWNER
static SID
EVERYONE
static int
SID_FLAG_RESOLVE_SIDS
static int
SID_TYPE_ALIAS
static int
SID_TYPE_DELETED
static int
SID_TYPE_DOMAIN
static int
SID_TYPE_DOM_GRP
static int
SID_TYPE_INVALID
static int
SID_TYPE_UNKNOWN
static int
SID_TYPE_USER
static int
SID_TYPE_USE_NONE
static int
SID_TYPE_WKN_GRP
static SID
SYSTEM

Fields inherited from class jcifs.dcerpc.rpc.sid_t

identifier_authority, revision, sub_authority, sub_authority_count

Constructor Summary

SID(String textual)
Construct a SID from it's textual representation such as S-1-5-21-1496946806-2192648263-3843101252-1029.
SID(byte[] src, int si)
SID(SID domsid, int rid)
Construct a SID from a domain SID and an RID (relative identifier).

Method Summary

boolean
equals(Object obj)
String
getAccountName()
Return the sAMAccountName of this SID unless it could not be resolved in which case the numeric RID is returned.
String
getDomainName()
Return the domain name of this SID unless it could not be resolved in which case the numeric representation is returned.
SID
getDomainSid()
SID[]
getGroupMemberSids(String authorityServerName, NtlmPasswordAuthentication auth, int flags)
int
getRid()
static SID
getServerSid(String server, NtlmPasswordAuthentication auth)
int
getType()
Returns the type of this SID indicating the state or type of account.
String
getTypeText()
Return text represeting the SID type suitable for display to users.
int
hashCode()
void
resolve(String authorityServerName, NtlmPasswordAuthentication auth)
Manually resolve this SID.
static void
resolveSids(String authorityServerName, NtlmPasswordAuthentication auth, SID[] sids)
Resolve an array of SIDs using a cache and at most one MSRPC request.
static void
resolveSids(String authorityServerName, NtlmPasswordAuthentication auth, SID[] sids, int offset, int length)
String
toDisplayString()
Return a String representing this SID ideal for display to users.
String
toString()
Return the numeric representation of this sid such as S-1-5-21-1496946806-2192648263-3843101252-1029.

Methods inherited from class jcifs.dcerpc.rpc.sid_t

decode, encode

Methods inherited from class jcifs.dcerpc.ndr.NdrObject

decode, encode

Field Details

CREATOR_OWNER

public static SID CREATOR_OWNER

EVERYONE

public static SID EVERYONE

SID_FLAG_RESOLVE_SIDS

public static final int SID_FLAG_RESOLVE_SIDS
Field Value:
1

SID_TYPE_ALIAS

public static final int SID_TYPE_ALIAS
Field Value:
4

SID_TYPE_DELETED

public static final int SID_TYPE_DELETED
Field Value:
6

SID_TYPE_DOMAIN

public static final int SID_TYPE_DOMAIN
Field Value:
3

SID_TYPE_DOM_GRP

public static final int SID_TYPE_DOM_GRP
Field Value:
2

SID_TYPE_INVALID

public static final int SID_TYPE_INVALID
Field Value:
7

SID_TYPE_UNKNOWN

public static final int SID_TYPE_UNKNOWN
Field Value:
8

SID_TYPE_USER

public static final int SID_TYPE_USER
Field Value:
1

SID_TYPE_USE_NONE

public static final int SID_TYPE_USE_NONE
Field Value:
0

SID_TYPE_WKN_GRP

public static final int SID_TYPE_WKN_GRP
Field Value:
5

SYSTEM

public static SID SYSTEM

Constructor Details

SID

public SID(String textual)
            throws SmbException
Construct a SID from it's textual representation such as S-1-5-21-1496946806-2192648263-3843101252-1029.

SID

public SID(byte[] src,
           int si)

SID

public SID(SID domsid,
           int rid)
Construct a SID from a domain SID and an RID (relative identifier). For example, a domain SID S-1-5-21-1496946806-2192648263-3843101252 and RID 1029 would yield the SID S-1-5-21-1496946806-2192648263-3843101252-1029.

Method Details

equals

public boolean equals(Object obj)

getAccountName

public String getAccountName()
Return the sAMAccountName of this SID unless it could not be resolved in which case the numeric RID is returned. If this SID is a domain SID, this method will return an empty String.

getDomainName

public String getDomainName()
Return the domain name of this SID unless it could not be resolved in which case the numeric representation is returned.

getDomainSid

public SID getDomainSid()

getGroupMemberSids

public SID[] getGroupMemberSids(String authorityServerName,
                                NtlmPasswordAuthentication auth,
                                int flags)
            throws IOException

getRid

public int getRid()

getServerSid

public static SID getServerSid(String server,
                               NtlmPasswordAuthentication auth)
            throws IOException

getType

public int getType()
Returns the type of this SID indicating the state or type of account.

SID types are described in the following table.

TypeName
SID_TYPE_USE_NONE0
SID_TYPE_USERUser
SID_TYPE_DOM_GRPDomain group
SID_TYPE_DOMAINDomain
SID_TYPE_ALIASLocal group
SID_TYPE_WKN_GRPBuiltin group
SID_TYPE_DELETEDDeleted
SID_TYPE_INVALIDInvalid
SID_TYPE_UNKNOWNUnknown

getTypeText

public String getTypeText()
Return text represeting the SID type suitable for display to users. Text includes 'User', 'Domain group', 'Local group', etc.

hashCode

public int hashCode()

resolve

public void resolve(String authorityServerName,
                    NtlmPasswordAuthentication auth)
            throws IOException
Manually resolve this SID. Normally SIDs are automatically resolved. However, if a SID is constructed explicitly using a SID constructor, JCIFS will have no knowledge of the server that created the SID and therefore cannot possibly resolve it automatically. In this case, this method will be necessary.
Parameters:
authorityServerName - The FQDN of the server that is an authority for the SID.
auth - Credentials suitable for accessing the SID's information.

resolveSids

public static void resolveSids(String authorityServerName,
                               NtlmPasswordAuthentication auth,
                               SID[] sids)
            throws IOException
Resolve an array of SIDs using a cache and at most one MSRPC request.

This method will attempt to resolve SIDs using a cache and cache the results of any SIDs that required resolving with the authority. SID cache entries are currently not expired because under normal circumstances SID information never changes.

Parameters:
authorityServerName - The hostname of the server that should be queried. For maximum efficiency this should be the hostname of a domain controller however a member server will work as well and a domain controller may not return names for SIDs corresponding to local accounts for which the domain controller is not an authority.
auth - The credentials that should be used to communicate with the named server. As usual, null indicates that default credentials should be used.
sids - The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the toDisplayString, getDomainName, and getAccountName methods.

resolveSids

public static void resolveSids(String authorityServerName,
                               NtlmPasswordAuthentication auth,
                               SID[] sids,
                               int offset,
                               int length)
            throws IOException

toDisplayString

public String toDisplayString()
Return a String representing this SID ideal for display to users. This method should return the same text that the ACL editor in Windows would display.

Specifically, if the SID has been resolved and it is not a domain SID or builtin account, the full DOMAIN\name form of the account will be returned (e.g. MYDOM\alice or MYDOM\Domain Users). If the SID has been resolved but it is is a domain SID, only the domain name will be returned (e.g. MYDOM). If the SID has been resolved but it is a builtin account, only the name component will be returned (e.g. SYSTEM). If the sid cannot be resolved the numeric representation from toString() is returned.


toString

public String toString()
Return the numeric representation of this sid such as S-1-5-21-1496946806-2192648263-3843101252-1029.