Package jcifs.smb

Class SIDCacheImpl

  • All Implemented Interfaces:
    SidResolver
    public class SIDCacheImpl
extends Object
implements SidResolver
    Internal use only: SID resolver cache
    Author:
    mbechler

    • Constructor Detail

      • SIDCacheImpl

        public SIDCacheImpl​(CIFSContext baseContext)
        Parameters:
        baseContext -

    • Method Detail

      • resolveSids

        public void resolveSids​(CIFSContext tc,
                        String authorityServerName,
                        SID[] sids)
                 throws CIFSException
        Resolve an array of SIDs using a cache and at most one MSRPC request.

        This method will attempt to resolve SIDs using a cache and cache the results of any SIDs that required resolving with the authority. SID cache entries are currently not expired because under normal circumstances SID information never changes.

        Specified by:
        resolveSids in interface SidResolver
        Parameters:
        authorityServerName - The hostname of the server that should be queried. For maximum efficiency this should be the hostname of a domain controller however a member server will work as well and a domain controller may not return names for SIDs corresponding to local accounts for which the domain controller is not an authority.
        tc - The context that should be used to communicate with the named server.
        sids - The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the toDisplayString, getDomainName, and getAccountName methods.
        Throws:
        CIFSException

      • getLocalGroupsMap

        public Map<SID,​List<SID>> getLocalGroupsMap​(CIFSContext tc,
                                                  String authorityServerName,
                                                  int flags)
                                           throws CIFSException
        This specialized method returns a Map of users and local groups for the target server where keys are SIDs representing an account and each value is an ArrayList of SIDs represents the local groups that the account is a member of.

        This method is designed to assist with computing access control for a given user when the target object's ACL has local groups. Local groups are not listed in a user's group membership (e.g. as represented by the tokenGroups constructed attribute retrieved via LDAP).

        Domain groups nested inside a local group are currently not expanded. In this case the key (SID) type will be SID_TYPE_DOM_GRP rather than SID_TYPE_USER.

        Specified by:
        getLocalGroupsMap in interface SidResolver
        Parameters:
        tc - The context to use
        authorityServerName - The server from which the local groups will be queried.
        flags - Flags that control the behavior of the operation. When all name associated with SIDs will be required, the SID_FLAG_RESOLVE_SIDS flag should be used which causes all group member SIDs to be resolved together in a single more efficient operation.
        Returns:
        a map of group SID to member SIDs
        Throws:
        CIFSException
        See Also:
        SidResolver.getLocalGroupsMap(jcifs.CIFSContext, java.lang.String, int)