Package jcifs.smb

Class SID

java.lang.Object
jcifs.dcerpc.ndr.NdrObject
jcifs.dcerpc.rpc.sid_t
jcifs.smb.SID

public class SID extends jcifs.dcerpc.rpc.sid_t
A Windows SID is a numeric identifier used to represent Windows accounts. SIDs are commonly represented using a textual format such as S-1-5-21-1496946806-2192648263-3843101252-1029 but they may also be resolved to yield the name of the associated Windows account such as Administrators or MYDOM\alice.

Consider the following output of examples/SidLookup.java:

        toString: S-1-5-21-4133388617-793952518-2001621813-512
 toDisplayString: WNET\Domain Admins
         getType: 2
     getTypeText: Domain group
   getDomainName: WNET
  getAccountName: Domain Admins
 
  • Field Details

  • Constructor Details

    • SID

      public SID(byte[] src, int si)
    • SID

      public SID(String textual) throws SmbException
      Construct a SID from it's textual representation such as S-1-5-21-1496946806-2192648263-3843101252-1029.
      Throws:
      SmbException
    • SID

      public SID(SID domsid, int rid)
      Construct a SID from a domain SID and an RID (relative identifier). For example, a domain SID S-1-5-21-1496946806-2192648263-3843101252 and RID 1029 would yield the SID S-1-5-21-1496946806-2192648263-3843101252-1029.
    • SID

      public SID(jcifs.dcerpc.rpc.sid_t sid, int type, String domainName, String acctName, boolean decrementAuthority)
  • Method Details

    • resolveSids

      public static void resolveSids(String authorityServerName, NtlmPasswordAuthentication auth, SID[] sids, int offset, int length) throws IOException
      Throws:
      IOException
    • resolveSids

      public static void resolveSids(String authorityServerName, NtlmPasswordAuthentication auth, SID[] sids) throws IOException
      Resolve an array of SIDs using a cache and at most one MSRPC request.

      This method will attempt to resolve SIDs using a cache and cache the results of any SIDs that required resolving with the authority. SID cache entries are currently not expired because under normal circumstances SID information never changes.

      Parameters:
      authorityServerName - The hostname of the server that should be queried. For maximum efficiency this should be the hostname of a domain controller however a member server will work as well and a domain controller may not return names for SIDs corresponding to local accounts for which the domain controller is not an authority.
      auth - The credentials that should be used to communicate with the named server. As usual, null indicates that default credentials should be used.
      sids - The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the toDisplayString, getDomainName, and getAccountName methods.
      Throws:
      IOException
    • getServerSid

      public static SID getServerSid(String server, NtlmPasswordAuthentication auth) throws IOException
      Throws:
      IOException
    • toByteArray

      public static byte[] toByteArray(jcifs.dcerpc.rpc.sid_t sid)
    • getDomainSid

      public SID getDomainSid()
    • getRid

      public int getRid()
    • getType

      public int getType()
      Returns the type of this SID indicating the state or type of account.

      SID types are described in the following table.

      TypeName
      SID_TYPE_USE_NONE0
      SID_TYPE_USERUser
      SID_TYPE_DOM_GRPDomain group
      SID_TYPE_DOMAINDomain
      SID_TYPE_ALIASLocal group
      SID_TYPE_WKN_GRPBuiltin group
      SID_TYPE_DELETEDDeleted
      SID_TYPE_INVALIDInvalid
      SID_TYPE_UNKNOWNUnknown
    • getTypeText

      public String getTypeText()
      Return text represeting the SID type suitable for display to users. Text includes 'User', 'Domain group', 'Local group', etc.
    • getDomainName

      public String getDomainName()
      Return the domain name of this SID unless it could not be resolved in which case the numeric representation is returned.
    • getAccountName

      public String getAccountName()
      Return the sAMAccountName of this SID unless it could not be resolved in which case the numeric RID is returned. If this SID is a domain SID, this method will return an empty String.
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object
    • toString

      public String toString()
      Return the numeric representation of this sid such as S-1-5-21-1496946806-2192648263-3843101252-1029.
      Overrides:
      toString in class Object
    • toDisplayString

      public String toDisplayString()
      Return a String representing this SID ideal for display to users. This method should return the same text that the ACL editor in Windows would display.

      Specifically, if the SID has been resolved and it is not a domain SID or builtin account, the full DOMAIN\name form of the account will be returned (e.g. MYDOM\alice or MYDOM\Domain Users). If the SID has been resolved but it is is a domain SID, only the domain name will be returned (e.g. MYDOM). If the SID has been resolved but it is a builtin account, only the name component will be returned (e.g. SYSTEM). If the sid cannot be resolved the numeric representation from toString() is returned.

    • resolve

      public void resolve(String authorityServerName, NtlmPasswordAuthentication auth) throws IOException
      Manually resolve this SID. Normally SIDs are automatically resolved. However, if a SID is constructed explicitly using a SID constructor, JCIFS will have no knowledge of the server that created the SID and therefore cannot possibly resolve it automatically. In this case, this method will be necessary.
      Parameters:
      authorityServerName - The FQDN of the server that is an authority for the SID.
      auth - Credentials suitable for accessing the SID's information.
      Throws:
      IOException
    • getGroupMemberSids

      public SID[] getGroupMemberSids(String authorityServerName, NtlmPasswordAuthentication auth, int flags) throws IOException
      Throws:
      IOException