Examples of jcifs.smb.ACE

jcifs.smb.ACE
An Access Control Entry (ACE) is an element in a security descriptor such as those associated with files and directories. The Windows OS determines which users have the necessary permissions to access objects based on these entries.
To fully understand the information exposed by this class a description of the access check algorithm used by Windows is required. The following is a basic description of the algorithm. For a more complete description we recommend reading the section on Access Control in Keith Brown's "The .NET Developer's Guide to Windows Security" (which is also available online).
Direct ACEs are evaluated first in order. The SID of the user performing the operation and the desired access bits are compared to the SID and access mask of each ACE. If the SID matches, the allow/deny flags and access mask are considered. If the ACE is a "deny" ACE and any of the desired access bits match bits in the access mask of the ACE, the whole access check fails. If the ACE is an "allow" ACE and all of the bits in the desired access bits match bits in the access mask of the ACE, the access check is successful. Otherwise, more ACEs are evaluated until all desired access bits (combined) are "allowed". If all of the desired access bits are not "allowed" the then same process is repeated for inherited ACEs.
For example, if user WNET\alice tries to open a file with desired access bits 0x00000003 (FILE_READ_DATA | FILE_WRITE_DATA) and the target file has the following security descriptor ACEs:
```
 Allow WNET\alice     0x001200A9  Direct Allow Administrators 0x001F01FF  Inherited Allow SYSTEM         0x001F01FF  Inherited 
```
the access check would fail because the direct ACE has an access mask of 0x001200A9 which doesn't have the FILE_WRITE_DATA bit on (bit 0x00000002). Actually, this isn't quite correct. If WNET\alice is in the local Administrators group the access check will succeed because the inherited ACE allows local Administrators both FILE_READ_DATA and FILE_WRITE_DATA access.

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                shareDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                denyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                shareDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                denyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                shareDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                denyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                shareDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                denyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                shareDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                denyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                shareDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                denyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = ace.getSID().toString();
              else
                shareDenyAcls[denyCount++] = ace.getSID().toString();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = ace.getSID().toString();
              else
                denyAcls[denyCount++] = ace.getSID().toString();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = ace.getSID().toString();
              else
                shareDenyAcls[denyCount++] = ace.getSID().toString();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = ace.getSID().toString();
              else
                denyAcls[denyCount++] = ace.getSID().toString();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = ace.getSID().toString();
              else
                shareDenyAcls[denyCount++] = ace.getSID().toString();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = ace.getSID().toString();
              else
                denyAcls[denyCount++] = ace.getSID().toString();
            }
          }
        }
      }
      else

View Full Code Here

          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          shareAllowAcls = new String[allowCount];
          shareDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          shareDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                shareAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                shareDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        shareAllowAcls = forcedShareAcls;
        if (forcedShareAcls.length == 0)
          shareDenyAcls = new String[0];
        else
          shareDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(shareAllowAcls);
      java.util.Arrays.sort(shareDenyAcls);
      // Stuff the acls into the description string.
      packList(description,shareAllowAcls,'+');
      packList(description,shareDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedParentFolderAcls!=null)
    {
      description.append("+");


      if (forcedParentFolderAcls.length==0)
      {
        aces = getFileSecurity(parentFolder, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Parent folder has no ACL for '"+getFileCanonicalPath(parentFolder)+"'");


          // Parent folder is "public", meaning we want S-1-1-0 and the deny token
          parentAllowAcls = new String[]{"S-1-1-0"};
          parentDenyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" parent folder access tokens for '"+getFileCanonicalPath(parentFolder)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          parentAllowAcls = new String[allowCount];
          parentDenyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          parentDenyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                parentAllowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                parentDenyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else
      {
        parentAllowAcls = forcedParentFolderAcls;
        if (forcedParentFolderAcls.length == 0)
          parentDenyAcls = new String[0];
        else
          parentDenyAcls = new String[]{defaultAuthorityDenyToken};
      }
      java.util.Arrays.sort(parentAllowAcls);
      java.util.Arrays.sort(parentDenyAcls);
      packList(description,parentAllowAcls,'+');
      packList(description,parentDenyAcls,'+');
    }
    else
      description.append('-');


    if (forcedacls!=null)
    {
      description.append("+");


      if (forcedacls.length==0)
      {
        aces = getFileSecurity(file, useSIDs);
        if (aces == null)
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Document has no ACL for '"+getFileCanonicalPath(file)+"'");


          // Document is "public", meaning we want S-1-1-0 and the deny token
          allowAcls = new String[]{"S-1-1-0"};
          denyAcls = new String[]{defaultAuthorityDenyToken};
        }
        else
        {
          if (Logging.connectors.isDebugEnabled())
            Logging.connectors.debug("JCIFS: Found "+Integer.toString(aces.length)+" document access tokens for '"+getFileCanonicalPath(file)+"'");


          // We are interested in the read permission, and take
          // a keen interest in allow/deny
          allowCount = 0;
          denyCount = 0;
          j = 0;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowCount++;
              else
                denyCount++;
            }
          }


          allowAcls = new String[allowCount];
          denyAcls = new String[denyCount+1];
          j = 0;
          allowCount = 0;
          denyCount = 0;
          denyAcls[denyCount++] = defaultAuthorityDenyToken;
          while (j < aces.length)
          {
            ACE ace = aces[j++];
            if ((ace.getAccessMask() & ACE.FILE_READ_DATA) != 0)
            {
              if (ace.isAllow())
                allowAcls[allowCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
              else
                denyAcls[denyCount++] = useSIDs ? ace.getSID().toString() : ace.getSID().getAccountName();
            }
          }
        }
      }
      else

View Full Code Here

0 1 2 3 4

TOP

Related Classes of jcifs.smb.ACE

com.google.enterprise.connector.filesystem.LegacySmbAclBuilder

com.google.enterprise.connector.filesystem.LegacySmbAclBuilderTest

com.google.enterprise.connector.filesystem.SmbAclBuilderTest

org.apache.manifoldcf.crawler.connectors.sharedrive.SharedDriveConnector

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.