KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > jcifs > smb > SID


1 /* jcifs smb client library in Java
2  * Copyright (C) 2006 "Michael B. Allen" <jcifs at samba dot org>
3  * "Eric Glass" <jcifs at samba dot org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18  */
19
20 package jcifs.smb;
21
22 import java.util.*;
23 import java.io.IOException JavaDoc;
24
25 import jcifs.util.Hexdump;
26 import jcifs.dcerpc.*;
27 import jcifs.dcerpc.msrpc.*;
28
29 /**
30  * A Windows SID is a numeric identifier used to represent Windows
31  * accounts. SIDs are commonly represented using a textual format such as
32  * <tt>S-1-5-21-1496946806-2192648263-3843101252-1029</tt> but they may
33  * also be resolved to yield the name of the associated Windows account
34  * such as <tt>Administrators</tt> or <tt>MYDOM\alice</tt>.
35  * <p>
36  * Consider the following output of <tt>examples/SidLookup.java</tt>:
37  * <pre>
38  * toString: S-1-5-21-4133388617-793952518-2001621813-512
39  * toDisplayString: WNET\Domain Admins
40  * getType: 2
41  * getTypeText: Domain group
42  * getDomainName: WNET
43  * getAccountName: Domain Admins
44  * </pre>
45  */
46
47 public class SID extends rpc.sid_t {
48
49     public static final int SID_TYPE_USE_NONE = lsarpc.SID_NAME_USE_NONE;
50     public static final int SID_TYPE_USER = lsarpc.SID_NAME_USER;
51     public static final int SID_TYPE_DOM_GRP = lsarpc.SID_NAME_DOM_GRP;
52     public static final int SID_TYPE_DOMAIN = lsarpc.SID_NAME_DOMAIN;
53     public static final int SID_TYPE_ALIAS = lsarpc.SID_NAME_ALIAS;
54     public static final int SID_TYPE_WKN_GRP = lsarpc.SID_NAME_WKN_GRP;
55     public static final int SID_TYPE_DELETED = lsarpc.SID_NAME_DELETED;
56     public static final int SID_TYPE_INVALID = lsarpc.SID_NAME_INVALID;
57     public static final int SID_TYPE_UNKNOWN = lsarpc.SID_NAME_UNKNOWN;
58
59     static final String JavaDoc[] SID_TYPE_NAMES = {
60         "0",
61         "User",
62         "Domain group",
63         "Domain",
64         "Local group",
65         "Builtin group",
66         "Deleted",
67         "Invalid",
68         "Unknown"
69     };
70
71     public static final int SID_FLAG_RESOLVE_SIDS = 0x0001;
72
73     public static SID EVERYONE = null;
74     public static SID CREATOR_OWNER = null;
75     public static SID SYSTEM = null;
76
77     static {
78         try {
79             EVERYONE = new SID("S-1-1-0");
80             CREATOR_OWNER = new SID("S-1-3-0");
81             SYSTEM = new SID("S-1-5-18");
82         } catch (SmbException se) {
83         }
84     }
85
86     static Map sid_cache = Collections.synchronizedMap(new HashMap());
87
88     static void resolveSids(DcerpcHandle handle,
89                 LsaPolicyHandle policyHandle,
90                 SID[] sids) throws IOException JavaDoc {
91         MsrpcLookupSids rpc = new MsrpcLookupSids(policyHandle, sids);
92         handle.sendrecv(rpc);
93         switch (rpc.retval) {
94             case 0:
95             case NtStatus.NT_STATUS_NONE_MAPPED:
96             case 0x00000107: // NT_STATUS_SOME_NOT_MAPPED
97 break;
98             default:
99                 throw new SmbException(rpc.retval, false);
100         }
101
102         for (int si = 0; si < sids.length; si++) {
103             sids[si].type = rpc.names.names[si].sid_type;
104             sids[si].domainName = null;
105
106             switch (sids[si].type) {
107                 case SID_TYPE_USER:
108                 case SID_TYPE_DOM_GRP:
109                 case SID_TYPE_DOMAIN:
110                 case SID_TYPE_ALIAS:
111                 case SID_TYPE_WKN_GRP:
112                     int sid_index = rpc.names.names[si].sid_index;
113                     rpc.unicode_string ustr = rpc.domains.domains[sid_index].name;
114                     sids[si].domainName = (new UnicodeString(ustr, false)).toString();
115                     break;
116             }
117
118             sids[si].acctName = (new UnicodeString(rpc.names.names[si].name, false)).toString();
119             sids[si].origin_server = null;
120             sids[si].origin_auth = null;
121         }
122     }
123     static void resolveSids0(String JavaDoc authorityServerName,
124                 NtlmPasswordAuthentication auth,
125                 SID[] sids) throws IOException JavaDoc {
126         DcerpcHandle handle = null;
127         LsaPolicyHandle policyHandle = null;
128
129         try {
130             handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName +
131                     "[\\PIPE\\lsarpc]", auth);
132             String JavaDoc server = authorityServerName;
133             int dot = server.indexOf('.');
134             if (dot > 0 && Character.isDigit(server.charAt(0)) == false)
135                 server = server.substring(0, dot);
136             policyHandle = new LsaPolicyHandle(handle, "\\\\" + server, 0x00000800);
137             SID.resolveSids(handle, policyHandle, sids);
138         } finally {
139             if (handle != null) {
140                 if (policyHandle != null) {
141                     policyHandle.close();
142                 }
143                 handle.close();
144             }
145         }
146     }
147
148     /**
149      * Resolve an array of SIDs using a cache and at most one MSRPC request.
150      * <p>
151      * This method will attempt
152      * to resolve SIDs using a cache and cache the results of any SIDs that
153      * required resolving with the authority. SID cache entries are currently not
154      * expired because under normal circumstances SID information never changes.
155      *
156      * @param authorityServerName The hostname of the server that should be queried. For maximum efficiency this should be the hostname of a domain controller however a member server will work as well and a domain controller may not return names for SIDs corresponding to local accounts for which the domain controller is not an authority.
157      * @param auth The credentials that should be used to communicate with the named server. As usual, <tt>null</tt> indicates that default credentials should be used.
158      * @param sids The SIDs that should be resolved. After this function is called, the names associated with the SIDs may be queried with the <tt>toDisplayString</tt>, <tt>getDomainName</tt>, and <tt>getAccountName</tt> methods.
159      */
160     static public void resolveSids(String JavaDoc authorityServerName,
161                 NtlmPasswordAuthentication auth,
162                 SID[] sids) throws IOException JavaDoc {
163         ArrayList list = new ArrayList(sids.length);
164         int si;
165
166         for (si = 0; si < sids.length; si++) {
167             SID sid = (SID)sid_cache.get(sids[si]);
168             if (sid != null) {
169                 sids[si].type = sid.type;
170                 sids[si].domainName = sid.domainName;
171                 sids[si].acctName = sid.acctName;
172             } else {
173                 list.add(sids[si]);
174             }
175         }
176
177         if (list.size() > 0) {
178             sids = (SID[])list.toArray(new SID[0]);
179             SID.resolveSids0(authorityServerName, auth, sids);
180             for (si = 0; si < sids.length; si++) {
181                 sid_cache.put(sids[si], sids[si]);
182             }
183         }
184     }
185     public static SID getServerSid(String JavaDoc server,
186                     NtlmPasswordAuthentication auth) throws IOException JavaDoc {
187         DcerpcHandle handle = null;
188         LsaPolicyHandle policyHandle = null;
189         lsarpc.LsarDomainInfo info = new lsarpc.LsarDomainInfo();
190         MsrpcQueryInformationPolicy2 rpc;
191
192         try {
193             handle = DcerpcHandle.getHandle("ncacn_np:" + server +
194                     "[\\PIPE\\lsarpc]", auth);
195             policyHandle = new LsaPolicyHandle(handle, null, 0x02000000);
196             rpc = new MsrpcQueryInformationPolicy2(policyHandle,
197                         (short)lsarpc.POLICY_INFO_ACCOUNT_DOMAIN,
198                         info);
199             handle.sendrecv(rpc);
200             if (rpc.retval != 0)
201                 throw new SmbException(rpc.retval, false);
202
203             return new SID(info.sid,
204                         SID.SID_TYPE_DOMAIN,
205                         (new UnicodeString(info.name, false)).toString(),
206                         null,
207                         false);
208         } finally {
209             if (handle != null) {
210                 if (policyHandle != null) {
211                     policyHandle.close();
212                 }
213                 handle.close();
214             }
215         }
216     }
217
218     int type;
219     String JavaDoc domainName = null;
220     String JavaDoc acctName = null;
221     String JavaDoc origin_server = null;
222     NtlmPasswordAuthentication origin_auth = null;
223
224     /*
225      * Construct a SID from it's binary representation.
226      */
227     public SID(byte[] src, int si) {
228         revision = src[si++];
229         sub_authority_count = src[si++];
230         identifier_authority = new byte[6];
231         System.arraycopy(src, si, identifier_authority, 0, 6);
232         si += 6;
233         if (sub_authority_count > 100)
234             throw new RuntimeException JavaDoc( "Invalid SID" );
235         sub_authority = new int[sub_authority_count];
236         for (int i = 0; i < sub_authority_count; i++) {
237             sub_authority[i] = ServerMessageBlock.readInt4( src, si );
238             si += 4;
239         }
240     }
241     /**
242      * Construct a SID from it's textual representation such as
243      * <tt>S-1-5-21-1496946806-2192648263-3843101252-1029</tt>.
244      */
245     public SID(String JavaDoc textual) throws SmbException {
246         StringTokenizer st = new StringTokenizer(textual, "-");
247         if (st.countTokens() < 3 || !st.nextToken().equals("S"))
248             // need S-N-M
249 throw new SmbException("Bad textual SID format: " + textual);
250
251         this.revision = Byte.parseByte(st.nextToken());
252         String JavaDoc tmp = st.nextToken();
253         long id = 0;
254         if (tmp.startsWith("0x"))
255             id = Long.parseLong(tmp.substring(2), 16);
256         else
257             id = Long.parseLong(tmp);
258
259         this.identifier_authority = new byte[6];
260         for (int i = 5; id > 0; i--) {
261             this.identifier_authority[i] = (byte) (id % 256);
262             id >>= 8;
263         }
264
265         this.sub_authority_count = (byte) st.countTokens();
266         if (this.sub_authority_count > 0) {
267             this.sub_authority = new int[this.sub_authority_count];
268             for (int i = 0; i < this.sub_authority_count; i++)
269                 this.sub_authority[i] = (int)(Long.parseLong(st.nextToken()) & 0xFFFFFFFFL);
270         }
271     }
272
273     /**
274      * Construct a SID from a domain SID and an RID
275      * (relative identifier). For example, a domain SID
276      * <tt>S-1-5-21-1496946806-2192648263-3843101252</tt> and RID <tt>1029</tt> would
277      * yield the SID <tt>S-1-5-21-1496946806-2192648263-3843101252-1029</tt>.
278      */
279     public SID(SID domsid, int rid) {
280         this.revision = domsid.revision;
281         this.identifier_authority = domsid.identifier_authority;
282         this.sub_authority_count = (byte)(domsid.sub_authority_count + 1);
283         this.sub_authority = new int[this.sub_authority_count];
284         int i;
285         for (i = 0; i < domsid.sub_authority_count; i++) {
286             this.sub_authority[i] = domsid.sub_authority[i];
287         }
288         this.sub_authority[i] = rid;
289     }
290     SID(rpc.sid_t sid,
291                     int type,
292                     String JavaDoc domainName,
293                     String JavaDoc acctName,
294                     boolean decrementAuthority) {
295         this.revision = sid.revision;
296         this.sub_authority_count = sid.sub_authority_count;
297         this.identifier_authority = sid.identifier_authority;
298         this.sub_authority = sid.sub_authority;
299         this.type = type;
300         this.domainName = domainName;
301         this.acctName = acctName;
302
303         if (decrementAuthority) {
304             this.sub_authority_count--;
305             this.sub_authority = new int[sub_authority_count];
306             for (int i = 0; i < this.sub_authority_count; i++) {
307                 this.sub_authority[i] = sid.sub_authority[i];
308             }
309         }
310     }
311
312     public SID getDomainSid() {
313         return new SID(this,
314                     SID_TYPE_DOMAIN,
315                     this.domainName,
316                     null,
317                     getType() != SID_TYPE_DOMAIN);
318     }
319     public int getRid() {
320         if (getType() == SID_TYPE_DOMAIN)
321             throw new IllegalArgumentException JavaDoc("This SID is a domain sid");
322         return sub_authority[sub_authority_count - 1];
323     }
324
325     /**
326      * Returns the type of this SID indicating the state or type of account.
327      * <p>
328      * SID types are described in the following table.
329      * <tt>
330      * <table>
331      * <tr><th>Type</th><th>Name</th></tr>
332      * <tr><td>SID_TYPE_USE_NONE</td><td>0</td></tr>
333      * <tr><td>SID_TYPE_USER</td><td>User</td></tr>
334      * <tr><td>SID_TYPE_DOM_GRP</td><td>Domain group</td></tr>
335      * <tr><td>SID_TYPE_DOMAIN</td><td>Domain</td></tr>
336      * <tr><td>SID_TYPE_ALIAS</td><td>Local group</td></tr>
337      * <tr><td>SID_TYPE_WKN_GRP</td><td>Builtin group</td></tr>
338      * <tr><td>SID_TYPE_DELETED</td><td>Deleted</td></tr>
339      * <tr><td>SID_TYPE_INVALID</td><td>Invalid</td></tr>
340      * <tr><td>SID_TYPE_UNKNOWN</td><td>Unknown</td></tr>
341      * </table>
342      * </tt>
343      */
344     public int getType() {
345         if (origin_server != null)
346             resolveWeak();
347         return type;
348     }
349
350     /**
351      * Return text represeting the SID type suitable for display to
352      * users. Text includes 'User', 'Domain group', 'Local group', etc.
353      */
354     public String JavaDoc getTypeText() {
355         if (origin_server != null)
356             resolveWeak();
357         return SID_TYPE_NAMES[type];
358     }
359
360     /**
361      * Return the domain name of this SID unless it could not be
362      * resolved in which case the numeric representation is returned.
363      */
364     public String JavaDoc getDomainName() {
365         if (origin_server != null)
366             resolveWeak();
367         if (type == SID_TYPE_UNKNOWN) {
368             String JavaDoc full = toString();
369             return full.substring(0, full.length() - getAccountName().length() - 1);
370         }
371         return domainName;
372     }
373
374     /**
375      * Return the sAMAccountName of this SID unless it could not
376      * be resolved in which case the numeric RID is returned. If this
377      * SID is a domain SID, this method will return an empty String.
378      */
379     public String JavaDoc getAccountName() {
380         if (origin_server != null)
381             resolveWeak();
382         if (type == SID_TYPE_UNKNOWN)
383             return "" + sub_authority[sub_authority_count - 1];
384         if (type == SID_TYPE_DOMAIN)
385             return "";
386         return acctName;
387     }
388
389     public int hashCode() {
390         int hcode = identifier_authority[5];
391         for (int i = 0; i < sub_authority_count; i++) {
392             hcode += 65599 * sub_authority[i];
393         }
394         return hcode;
395     }
396     public boolean equals(Object JavaDoc obj) {
397         if (obj instanceof SID) {
398             SID sid = (SID)obj;
399             if (sid == this)
400                 return true;
401             if (sid.sub_authority_count == sub_authority_count) {
402                 int i = sub_authority_count;
403                 while (i-- > 0) {
404                     if (sid.sub_authority[i] != sub_authority[i]) {
405                         return false;
406                     }
407                 }
408                 for (i = 0; i < 6; i++) {
409                     if (sid.identifier_authority[i] != identifier_authority[i]) {
410                         return false;
411                     }
412                 }
413
414                 return sid.revision == revision;
415             }
416         }
417         return false;
418     }
419
420     /**
421      * Return the numeric representation of this sid such as
422      * <tt>S-1-5-21-1496946806-2192648263-3843101252-1029</tt>.
423      */
424     public String JavaDoc toString() {
425         String JavaDoc ret = "S-" + (revision & 0xFF) + "-";
426
427         if (identifier_authority[0] != (byte)0 || identifier_authority[1] != (byte)0) {
428             ret += "0x";
429             ret += Hexdump.toHexString(identifier_authority, 0, 6);
430         } else {
431             long shift = 0;
432             long id = 0;
433             for (int i = 5; i > 1; i--) {
434                 id += (identifier_authority[i] & 0xFFL) << shift;
435                 shift += 8;
436             }
437             ret += id;
438         }
439
440         for (int i = 0; i < sub_authority_count ; i++)
441             ret += "-" + (sub_authority[i] & 0xFFFFFFFFL);
442
443         return ret;
444     }
445
446     /**
447      * Return a String representing this SID ideal for display to
448      * users. This method should return the same text that the ACL
449      * editor in Windows would display.
450      * <p>
451      * Specifically, if the SID has
452      * been resolved and it is not a domain SID or builtin account,
453      * the full DOMAIN\name form of the account will be
454      * returned (e.g. MYDOM\alice or MYDOM\Domain Users).
455      * If the SID has been resolved but it is is a domain SID,
456      * only the domain name will be returned (e.g. MYDOM).
457      * If the SID has been resolved but it is a builtin account,
458      * only the name component will be returned (e.g. SYSTEM).
459      * If the sid cannot be resolved the numeric representation from
460      * toString() is returned.
461      */
462     public String JavaDoc toDisplayString() {
463         if (origin_server != null)
464             resolveWeak();
465         if (domainName != null) {
466             String JavaDoc str;
467
468             if (type == SID_TYPE_DOMAIN) {
469                 str = domainName;
470             } else if (type == SID_TYPE_WKN_GRP ||
471                         domainName.equals("BUILTIN")) {
472                 if (type == SID_TYPE_UNKNOWN) {
473                     str = toString();
474                 } else {
475                     str = acctName;
476                 }
477             } else {
478                 str = domainName + "\\" + acctName;
479             }
480
481             return str;
482         }
483         return toString();
484     }
485
486     /**
487      * Manually resolve this SID. Normally SIDs are automatically
488      * resolved. However, if a SID is constructed explicitly using a SID
489      * constructor, JCIFS will have no knowledge of the server that created the
490      * SID and therefore cannot possibly resolve it automatically. In this case,
491      * this method will be necessary.
492      *
493      * @param authorityServerName The FQDN of the server that is an authority for the SID.
494      * @param auth Credentials suitable for accessing the SID's information.
495      */
496     public void resolve(String JavaDoc authorityServerName,
497                     NtlmPasswordAuthentication auth) throws IOException JavaDoc {
498         SID[] sids = new SID[1];
499         sids[0] = this;
500         SID.resolveSids(authorityServerName, auth, sids);
501     }
502
503     void resolveWeak() {
504         if (origin_server != null) {
505             try {
506                 resolve(origin_server, origin_auth);
507             } catch(IOException JavaDoc ioe) {
508             } finally {
509                 origin_server = null;
510                 origin_auth = null;
511             }
512         }
513     }
514
515     static SID[] getGroupMemberSids0(DcerpcHandle handle,
516                     SamrDomainHandle domainHandle,
517                     SID domsid,
518                     int rid,
519                     int flags) throws IOException JavaDoc {
520         SamrAliasHandle aliasHandle = null;
521         lsarpc.LsarSidArray sidarray = new lsarpc.LsarSidArray();
522         MsrpcGetMembersInAlias rpc = null;
523
524         try {
525             aliasHandle = new SamrAliasHandle(handle, domainHandle, 0x0002000c, rid);
526             rpc = new MsrpcGetMembersInAlias(aliasHandle, sidarray);
527             handle.sendrecv(rpc);
528             if (rpc.retval != 0)
529                 throw new SmbException(rpc.retval, false);
530             SID[] sids = new SID[rpc.sids.num_sids];
531
532             String JavaDoc origin_server = handle.getServer();
533             NtlmPasswordAuthentication origin_auth =
534                         (NtlmPasswordAuthentication)handle.getPrincipal();
535
536             for (int i = 0; i < sids.length; i++) {
537                 sids[i] = new SID(rpc.sids.sids[i].sid,
538                             0,
539                             null,
540                             null,
541                             false);
542                 sids[i].origin_server = origin_server;
543                 sids[i].origin_auth = origin_auth;
544             }
545             if (sids.length > 0 && (flags & SID_FLAG_RESOLVE_SIDS) != 0) {
546                 SID.resolveSids(origin_server, origin_auth, sids);
547             }
548             return sids;
549         } finally {
550             if (aliasHandle != null) {
551                 aliasHandle.close();
552             }
553         }
554     }
555
556     public SID[] getGroupMemberSids(String JavaDoc authorityServerName,
557                     NtlmPasswordAuthentication auth,
558                     int flags) throws IOException JavaDoc {
559         if (type != SID_TYPE_DOM_GRP && type != SID_TYPE_ALIAS)
560             return new SID[0];
561
562         DcerpcHandle handle = null;
563         SamrPolicyHandle policyHandle = null;
564         SamrDomainHandle domainHandle = null;
565         SID domsid = getDomainSid();
566
567         try {
568             handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName +
569                     "[\\PIPE\\samr]", auth);
570             policyHandle = new SamrPolicyHandle(handle, authorityServerName, 0x00000030);
571             domainHandle = new SamrDomainHandle(handle, policyHandle, 0x00000200, domsid);
572             return SID.getGroupMemberSids0(handle,
573                         domainHandle,
574                         domsid,
575                         getRid(),
576                         flags);
577         } finally {
578             if (handle != null) {
579                 if (policyHandle != null) {
580                     if (domainHandle != null) {
581                         domainHandle.close();
582                     }
583                     policyHandle.close();
584                 }
585                 handle.close();
586             }
587         }
588     }
589
590     /**
591      * This specialized method returns a Map of users and local groups for the
592      * target server where keys are SIDs representing an account and each value
593      * is an ArrayList of SIDs represents the local groups that the account is
594      * a member of.
595      * <p/>
596      * This method is designed to assist with computing access control for a
597      * given user when the target object's ACL has local groups. Local groups
598      * are not listed in a user's group membership (e.g. as represented by the
599      * tokenGroups constructed attribute retrived via LDAP).
600      * <p/>
601      * Domain groups nested inside a local group are currently not expanded. In
602      * this case the key (SID) type will be SID_TYPE_DOM_GRP rather than
603      * SID_TYPE_USER.
604      *
605      * @param authorityServerName The server from which the local groups will be queried.
606      * @param auth The credentials required to query groups and group members.
607      * @param flags Flags that control the behavior of the operation. When all
608      * name associated with SIDs will be required, the SID_FLAG_RESOLVE_SIDS
609      * flag should be used which causes all group member SIDs to be resolved
610      * together in a single more efficient operation.
611      */
612     static Map getLocalGroupsMap(String JavaDoc authorityServerName,
613                     NtlmPasswordAuthentication auth,
614                     int flags) throws IOException JavaDoc {
615         SID domsid = SID.getServerSid(authorityServerName, auth);
616         DcerpcHandle handle = null;
617         SamrPolicyHandle policyHandle = null;
618         SamrDomainHandle domainHandle = null;
619         samr.SamrSamArray sam = new samr.SamrSamArray();
620         MsrpcEnumerateAliasesInDomain rpc;
621
622         try {
623             handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName +
624                     "[\\PIPE\\samr]", auth);
625             policyHandle = new SamrPolicyHandle(handle, authorityServerName, 0x02000000);
626             domainHandle = new SamrDomainHandle(handle, policyHandle, 0x02000000, domsid);
627             rpc = new MsrpcEnumerateAliasesInDomain(domainHandle, 0xFFFF, sam);
628             handle.sendrecv(rpc);
629             if (rpc.retval != 0)
630                 throw new SmbException(rpc.retval, false);
631
632             Map map = new HashMap();
633
634             for (int ei = 0; ei < rpc.sam.count; ei++) {
635                 samr.SamrSamEntry entry = rpc.sam.entries[ei];
636
637                 SID[] mems = SID.getGroupMemberSids0(handle,
638                             domainHandle,
639                             domsid,
640                             entry.idx,
641                             flags);
642                 SID groupSid = new SID(domsid, entry.idx);
643                 groupSid.type = SID_TYPE_ALIAS;
644                 groupSid.domainName = domsid.getDomainName();
645                 groupSid.acctName = (new UnicodeString(entry.name, false)).toString();
646
647                 for (int mi = 0; mi < mems.length; mi++) {
648                     ArrayList groups = (ArrayList)map.get(mems[mi]);
649                     if (groups == null) {
650                         groups = new ArrayList();
651                         map.put(mems[mi], groups);
652                     }
653                     if (!groups.contains(groupSid))
654                         groups.add(groupSid);
655                 }
656             }
657
658             return map;
659         } finally {
660             if (handle != null) {
661                 if (policyHandle != null) {
662                     if (domainHandle != null) {
663                         domainHandle.close();
664                     }
665                     policyHandle.close();
666                 }
667                 handle.close();
668             }
669         }
670     }
671 }
672
673
Popular Tags