📄 sid.java
字号:
getType() != SID_TYPE_DOMAIN);
}
public int getRid() {
if (getType() == SID_TYPE_DOMAIN)
throw new IllegalArgumentException("This SID is a domain sid");
return sub_authority[sub_authority_count - 1];
}
/**
* Returns the type of this SID indicating the state or type of account.
* <p>
* SID types are described in the following table.
* <tt>
* <table>
* <tr><th>Type</th><th>Name</th></tr>
* <tr><td>SID_TYPE_USE_NONE</td><td>0</td></tr>
* <tr><td>SID_TYPE_USER</td><td>User</td></tr>
* <tr><td>SID_TYPE_DOM_GRP</td><td>Domain group</td></tr>
* <tr><td>SID_TYPE_DOMAIN</td><td>Domain</td></tr>
* <tr><td>SID_TYPE_ALIAS</td><td>Local group</td></tr>
* <tr><td>SID_TYPE_WKN_GRP</td><td>Builtin group</td></tr>
* <tr><td>SID_TYPE_DELETED</td><td>Deleted</td></tr>
* <tr><td>SID_TYPE_INVALID</td><td>Invalid</td></tr>
* <tr><td>SID_TYPE_UNKNOWN</td><td>Unknown</td></tr>
* </table>
* </tt>
*/
public int getType() {
if (origin_server != null)
resolveWeak();
return type;
}
/**
* Return text represeting the SID type suitable for display to
* users. Text includes 'User', 'Domain group', 'Local group', etc.
*/
public String getTypeText() {
if (origin_server != null)
resolveWeak();
return SID_TYPE_NAMES[type];
}
/**
* Return the domain name of this SID unless it could not be
* resolved in which case the numeric representation is returned.
*/
public String getDomainName() {
if (origin_server != null)
resolveWeak();
if (type == SID_TYPE_UNKNOWN) {
String full = toString();
return full.substring(0, full.length() - getAccountName().length() - 1);
}
return domainName;
}
/**
* Return the sAMAccountName of this SID unless it could not
* be resolved in which case the numeric RID is returned. If this
* SID is a domain SID, this method will return an empty String.
*/
public String getAccountName() {
if (origin_server != null)
resolveWeak();
if (type == SID_TYPE_UNKNOWN)
return "" + sub_authority[sub_authority_count - 1];
if (type == SID_TYPE_DOMAIN)
return "";
return acctName;
}
public int hashCode() {
int hcode = identifier_authority[5];
for (int i = 0; i < sub_authority_count; i++) {
hcode += 65599 * sub_authority[i];
}
return hcode;
}
public boolean equals(Object obj) {
if (obj instanceof SID) {
SID sid = (SID)obj;
if (sid == this)
return true;
if (sid.sub_authority_count == sub_authority_count) {
int i = sub_authority_count;
while (i-- > 0) {
if (sid.sub_authority[i] != sub_authority[i]) {
return false;
}
}
for (i = 0; i < 6; i++) {
if (sid.identifier_authority[i] != identifier_authority[i]) {
return false;
}
}
return sid.revision == revision;
}
}
return false;
}
/**
* Return the numeric representation of this sid such as
* <tt>S-1-5-21-1496946806-2192648263-3843101252-1029</tt>.
*/
public String toString() {
String ret = "S-" + (revision & 0xFF) + "-";
if (identifier_authority[0] != (byte)0 || identifier_authority[1] != (byte)0) {
ret += "0x";
ret += Hexdump.toHexString(identifier_authority, 0, 6);
} else {
long shift = 0;
long id = 0;
for (int i = 5; i > 1; i--) {
id += (identifier_authority[i] & 0xFFL) << shift;
shift += 8;
}
ret += id;
}
for (int i = 0; i < sub_authority_count ; i++)
ret += "-" + (sub_authority[i] & 0xFFFFFFFFL);
return ret;
}
/**
* Return a String representing this SID ideal for display to
* users. This method should return the same text that the ACL
* editor in Windows would display.
* <p>
* Specifically, if the SID has
* been resolved and it is not a domain SID or builtin account,
* the full DOMAIN\name form of the account will be
* returned (e.g. MYDOM\alice or MYDOM\Domain Users).
* If the SID has been resolved but it is is a domain SID,
* only the domain name will be returned (e.g. MYDOM).
* If the SID has been resolved but it is a builtin account,
* only the name component will be returned (e.g. SYSTEM).
* If the sid cannot be resolved the numeric representation from
* toString() is returned.
*/
public String toDisplayString() {
if (origin_server != null)
resolveWeak();
if (domainName != null) {
String str;
if (type == SID_TYPE_DOMAIN) {
str = domainName;
} else if (type == SID_TYPE_WKN_GRP ||
domainName.equals("BUILTIN")) {
if (type == SID_TYPE_UNKNOWN) {
str = toString();
} else {
str = acctName;
}
} else {
str = domainName + "\\" + acctName;
}
return str;
}
return toString();
}
/**
* Manually resolve this SID. Normally SIDs are automatically
* resolved. However, if a SID is constructed explicitly using a SID
* constructor, JCIFS will have no knowledge of the server that created the
* SID and therefore cannot possibly resolve it automatically. In this case,
* this method will be necessary.
*
* @param authorityServerName The FQDN of the server that is an authority for the SID.
* @param auth Credentials suitable for accessing the SID's information.
*/
public void resolve(String authorityServerName,
NtlmPasswordAuthentication auth) throws IOException {
SID[] sids = new SID[1];
sids[0] = this;
SID.resolveSids(authorityServerName, auth, sids);
}
void resolveWeak() {
if (origin_server != null) {
try {
resolve(origin_server, origin_auth);
} catch(IOException ioe) {
} finally {
origin_server = null;
origin_auth = null;
}
}
}
static SID[] getGroupMemberSids0(DcerpcHandle handle,
SamrDomainHandle domainHandle,
SID domsid,
int rid,
int flags) throws IOException {
SamrAliasHandle aliasHandle = null;
lsarpc.LsarSidArray sidarray = new lsarpc.LsarSidArray();
MsrpcGetMembersInAlias rpc = null;
try {
aliasHandle = new SamrAliasHandle(handle, domainHandle, 0x0002000c, rid);
rpc = new MsrpcGetMembersInAlias(aliasHandle, sidarray);
handle.sendrecv(rpc);
if (rpc.retval != 0)
throw new SmbException(rpc.retval, false);
SID[] sids = new SID[rpc.sids.num_sids];
String origin_server = handle.getServer();
NtlmPasswordAuthentication origin_auth =
(NtlmPasswordAuthentication)handle.getPrincipal();
for (int i = 0; i < sids.length; i++) {
sids[i] = new SID(rpc.sids.sids[i].sid,
0,
null,
null,
false);
sids[i].origin_server = origin_server;
sids[i].origin_auth = origin_auth;
}
if (sids.length > 0 && (flags & SID_FLAG_RESOLVE_SIDS) != 0) {
SID.resolveSids(origin_server, origin_auth, sids);
}
return sids;
} finally {
if (aliasHandle != null) {
aliasHandle.close();
}
}
}
public SID[] getGroupMemberSids(String authorityServerName,
NtlmPasswordAuthentication auth,
int flags) throws IOException {
if (type != SID_TYPE_DOM_GRP && type != SID_TYPE_ALIAS)
return new SID[0];
DcerpcHandle handle = null;
SamrPolicyHandle policyHandle = null;
SamrDomainHandle domainHandle = null;
SID domsid = getDomainSid();
try {
handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName +
"[\\PIPE\\samr]", auth);
policyHandle = new SamrPolicyHandle(handle, authorityServerName, 0x00000030);
domainHandle = new SamrDomainHandle(handle, policyHandle, 0x00000200, domsid);
return SID.getGroupMemberSids0(handle,
domainHandle,
domsid,
getRid(),
flags);
} finally {
if (handle != null) {
if (policyHandle != null) {
if (domainHandle != null) {
domainHandle.close();
}
policyHandle.close();
}
handle.close();
}
}
}
/**
* This specialized method returns a Map of users and local groups for the
* target server where keys are SIDs representing an account and each value
* is an ArrayList of SIDs represents the local groups that the account is
* a member of.
* <p/>
* This method is designed to assist with computing access control for a
* given user when the target object's ACL has local groups. Local groups
* are not listed in a user's group membership (e.g. as represented by the
* tokenGroups constructed attribute retrived via LDAP).
* <p/>
* Domain groups nested inside a local group are currently not expanded. In
* this case the key (SID) type will be SID_TYPE_DOM_GRP rather than
* SID_TYPE_USER.
*
* @param authorityServerName The server from which the local groups will be queried.
* @param auth The credentials required to query groups and group members.
* @param flags Flags that control the behavior of the operation. When all
* name associated with SIDs will be required, the SID_FLAG_RESOLVE_SIDS
* flag should be used which causes all group member SIDs to be resolved
* together in a single more efficient operation.
*/
static Map getLocalGroupsMap(String authorityServerName,
NtlmPasswordAuthentication auth,
int flags) throws IOException {
SID domsid = SID.getServerSid(authorityServerName, auth);
DcerpcHandle handle = null;
SamrPolicyHandle policyHandle = null;
SamrDomainHandle domainHandle = null;
samr.SamrSamArray sam = new samr.SamrSamArray();
MsrpcEnumerateAliasesInDomain rpc;
try {
handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName +
"[\\PIPE\\samr]", auth);
policyHandle = new SamrPolicyHandle(handle, authorityServerName, 0x02000000);
domainHandle = new SamrDomainHandle(handle, policyHandle, 0x02000000, domsid);
rpc = new MsrpcEnumerateAliasesInDomain(domainHandle, 0xFFFF, sam);
handle.sendrecv(rpc);
if (rpc.retval != 0)
throw new SmbException(rpc.retval, false);
Map map = new HashMap();
for (int ei = 0; ei < rpc.sam.count; ei++) {
samr.SamrSamEntry entry = rpc.sam.entries[ei];
SID[] mems = SID.getGroupMemberSids0(handle,
domainHandle,
domsid,
entry.idx,
flags);
SID groupSid = new SID(domsid, entry.idx);
groupSid.type = SID_TYPE_ALIAS;
groupSid.domainName = domsid.getDomainName();
groupSid.acctName = (new UnicodeString(entry.name, false)).toString();
for (int mi = 0; mi < mems.length; mi++) {
ArrayList groups = (ArrayList)map.get(mems[mi]);
if (groups == null) {
groups = new ArrayList();
map.put(mems[mi], groups);
}
if (!groups.contains(groupSid))
groups.add(groupSid);
}
}
return map;
} finally {
if (handle != null) {
if (policyHandle != null) {
if (domainHandle != null) {
domainHandle.close();
}
policyHandle.close();
}
handle.close();
}
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -