Package jcifs
Interface SidResolver
-
- All Known Implementing Classes:
SIDCacheImpl
public interface SidResolver
This is an internal API for resolving SIDs to names and/or retrieving member SIDs- Author:
- mbechler
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description SID[]
getGroupMemberSids(CIFSContext tc, String authorityServerName, SID domsid, int rid, int flags)
Map<SID,List<SID>>
getLocalGroupsMap(CIFSContext tc, String authorityServerName, int flags)
This specialized method returns a Map of users and local groups for the target server where keys are SIDs representing an account and each value is an ArrayList of SIDs represents the local groups that the account is a member of.SID
getServerSid(CIFSContext tc, String authorityServerName)
void
resolveSids(CIFSContext tc, String authorityServerName, SID[] sids)
Resolve an array of SIDs using a cache and at most one MSRPC request.void
resolveSids(CIFSContext tc, String authorityServerName, SID[] sids, int off, int len)
Resolve part of an array of SIDs using a cache and at most one MSRPC request.
-
-
-
Method Detail
-
resolveSids
void resolveSids(CIFSContext tc, String authorityServerName, SID[] sids) throws CIFSException
Resolve an array of SIDs using a cache and at most one MSRPC request.This method will attempt to resolve SIDs using a cache and cache the results of any SIDs that required resolving with the authority. SID cache entries are currently not expired because under normal circumstances SID information never changes.
- Parameters:
tc
- context to useauthorityServerName
- The hostname of the server that should be queried. For maximum efficiency this should be the hostname of a domain controller however a member server will work as well and a domain controller may not return names for SIDs corresponding to local accounts for which the domain controller is not an authority.sids
- The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the toDisplayString, getDomainName, and getAccountName methods.- Throws:
CIFSException
-
resolveSids
void resolveSids(CIFSContext tc, String authorityServerName, SID[] sids, int off, int len) throws CIFSException
Resolve part of an array of SIDs using a cache and at most one MSRPC request.- Parameters:
tc
-authorityServerName
-sids
-off
-len
-- Throws:
CIFSException
-
getGroupMemberSids
SID[] getGroupMemberSids(CIFSContext tc, String authorityServerName, SID domsid, int rid, int flags) throws CIFSException
- Parameters:
tc
-authorityServerName
-domsid
-rid
-flags
-- Returns:
- the SIDs of the group members
- Throws:
CIFSException
-
getServerSid
SID getServerSid(CIFSContext tc, String authorityServerName) throws CIFSException
- Parameters:
authorityServerName
-tc
-- Returns:
- the server's SID
- Throws:
CIFSException
-
getLocalGroupsMap
Map<SID,List<SID>> getLocalGroupsMap(CIFSContext tc, String authorityServerName, int flags) throws CIFSException
This specialized method returns a Map of users and local groups for the target server where keys are SIDs representing an account and each value is an ArrayList of SIDs represents the local groups that the account is a member of. This method is designed to assist with computing access control for a given user when the target object's ACL has local groups. Local groups are not listed in a user's group membership (e.g. as represented by the tokenGroups constructed attribute retrieved via LDAP). Domain groups nested inside a local group are currently not expanded. In this case the key (SID) type will be SID_TYPE_DOM_GRP rather than SID_TYPE_USER.- Parameters:
tc
- The context to useauthorityServerName
- The server from which the local groups will be queried.flags
- Flags that control the behavior of the operation. When all name associated with SIDs will be required, the SID_FLAG_RESOLVE_SIDS flag should be used which causes all group member SIDs to be resolved together in a single more efficient operation.- Returns:
- a map of group SID to member SIDs
- Throws:
CIFSException
-
-