jcifs.smb
Class SID
A Windows SID is a numeric identifier used to represent Windows
accounts. SIDs are commonly represented using a textual format such as
S-1-5-21-1496946806-2192648263-3843101252-1029 but they may
also be resolved to yield the name of the associated Windows account
such as
Administrators or
MYDOM\alice.
Consider the following output of
examples/SidLookup.java:
toString: S-1-5-21-4133388617-793952518-2001621813-512
toDisplayString: WNET\Domain Admins
getType: 2
getTypeText: Domain group
getDomainName: WNET
getAccountName: Domain Admins
SID(String textual) - Construct a SID from it's textual representation such as
S-1-5-21-1496946806-2192648263-3843101252-1029.
|
SID(byte[] src, int si)
|
SID(SID domsid, int rid) - Construct a SID from a domain SID and an RID
(relative identifier).
|
CREATOR_OWNER
public static SID CREATOR_OWNER
EVERYONE
public static SID EVERYONE
SID_FLAG_RESOLVE_SIDS
public static final int SID_FLAG_RESOLVE_SIDS
SID_TYPE_ALIAS
public static final int SID_TYPE_ALIAS
SID_TYPE_DELETED
public static final int SID_TYPE_DELETED
SID_TYPE_DOMAIN
public static final int SID_TYPE_DOMAIN
SID_TYPE_DOM_GRP
public static final int SID_TYPE_DOM_GRP
SID_TYPE_INVALID
public static final int SID_TYPE_INVALID
SID_TYPE_UNKNOWN
public static final int SID_TYPE_UNKNOWN
SID_TYPE_USER
public static final int SID_TYPE_USER
SID_TYPE_USE_NONE
public static final int SID_TYPE_USE_NONE
SID_TYPE_WKN_GRP
public static final int SID_TYPE_WKN_GRP
SYSTEM
public static SID SYSTEM
SID
public SID(String textual)
throws SmbException
Construct a SID from it's textual representation such as
S-1-5-21-1496946806-2192648263-3843101252-1029.
SID
public SID(byte[] src,
int si)
SID
public SID(SID domsid,
int rid)
Construct a SID from a domain SID and an RID
(relative identifier). For example, a domain SID
S-1-5-21-1496946806-2192648263-3843101252 and RID 1029 would
yield the SID S-1-5-21-1496946806-2192648263-3843101252-1029.
equals
public boolean equals(Object obj)
getAccountName
public String getAccountName()
Return the sAMAccountName of this SID unless it could not
be resolved in which case the numeric RID is returned. If this
SID is a domain SID, this method will return an empty String.
getDomainName
public String getDomainName()
Return the domain name of this SID unless it could not be
resolved in which case the numeric representation is returned.
getDomainSid
public SID getDomainSid()
getRid
public int getRid()
getType
public int getType()
Returns the type of this SID indicating the state or type of account.
SID types are described in the following table.
Type | Name |
---|
SID_TYPE_USE_NONE | 0 |
SID_TYPE_USER | User |
SID_TYPE_DOM_GRP | Domain group |
SID_TYPE_DOMAIN | Domain |
SID_TYPE_ALIAS | Local group |
SID_TYPE_WKN_GRP | Builtin group |
SID_TYPE_DELETED | Deleted |
SID_TYPE_INVALID | Invalid |
SID_TYPE_UNKNOWN | Unknown |
getTypeText
public String getTypeText()
Return text represeting the SID type suitable for display to
users. Text includes 'User', 'Domain group', 'Local group', etc.
hashCode
public int hashCode()
resolve
public void resolve(String authorityServerName,
NtlmPasswordAuthentication auth)
throws IOException
Manually resolve this SID. Normally SIDs are automatically
resolved. However, if a SID is constructed explicitly using a SID
constructor, JCIFS will have no knowledge of the server that created the
SID and therefore cannot possibly resolve it automatically. In this case,
this method will be necessary.
authorityServerName
- The FQDN of the server that is an authority for the SID.auth
- Credentials suitable for accessing the SID's information.
resolveSids
public static void resolveSids(String authorityServerName,
NtlmPasswordAuthentication auth,
SID[] sids)
throws IOException
Resolve an array of SIDs using a cache and at most one MSRPC request.
This method will attempt
to resolve SIDs using a cache and cache the results of any SIDs that
required resolving with the authority. SID cache entries are currently not
expired because under normal circumstances SID information never changes.
authorityServerName
- The hostname of the server that should be queried. For maximum efficiency this should be the hostname of a domain controller however a member server will work as well and a domain controller may not return names for SIDs corresponding to local accounts for which the domain controller is not an authority.auth
- The credentials that should be used to communicate with the named server. As usual, null indicates that default credentials should be used.sids
- The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the toDisplayString, getDomainName, and getAccountName methods.
toDisplayString
public String toDisplayString()
Return a String representing this SID ideal for display to
users. This method should return the same text that the ACL
editor in Windows would display.
Specifically, if the SID has
been resolved and it is not a domain SID or builtin account,
the full DOMAIN\name form of the account will be
returned (e.g. MYDOM\alice or MYDOM\Domain Users).
If the SID has been resolved but it is is a domain SID,
only the domain name will be returned (e.g. MYDOM).
If the SID has been resolved but it is a builtin account,
only the name component will be returned (e.g. SYSTEM).
If the sid cannot be resolved the numeric representation from
toString() is returned.
toString
public String toString()
Return the numeric representation of this sid such as
S-1-5-21-1496946806-2192648263-3843101252-1029.