All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • jcifs_1.3.3.docs.api.jcifs.smb.ACE.html Maven / Gradle / Ivy

    Go to download

    JCIFS is an Open Source client library that implements the CIFS/SMB networking protocol in 100% Java

    There is a newer version: 1.3.14-kohsuke-1
    Show newest version
    





ACE (JCIFS API)


















    

    



    
  
    
      Overview 
      Package 
    Class 
      Use 
      Tree 
      Deprecated 
      Index 
      Help 
  
    

    
    		




    


    

 PREV CLASS 
 NEXT CLASS

  FRAMES   
 NO FRAMES   
 





    

    

  SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

    

    




    


    

jcifs.smb

    
Class ACE
    

    java.lang.Object
  extended by jcifs.smb.ACE

    

    

    

    public class ACE
    extends java.lang.Object

    An Access Control Entry (ACE) is an element in a security descriptor such as those associated with files and directories. The Windows OS determines which users have the necessary permissions to access objects based on these entries.

    To fully understand the information exposed by this class a description of the access check algorithm used by Windows is required. The following is a basic description of the algorithm. For a more complete description we recommend reading the section on Access Control in Keith Brown's "The .NET Developer's Guide to Windows Security" (which is also available online).

    Direct ACEs are evaluated first in order. The SID of the user performing the operation and the desired access bits are compared to the SID and access mask of each ACE. If the SID matches, the allow/deny flags and access mask are considered. If the ACE is a "deny" ACE and any of the desired access bits match bits in the access mask of the ACE, the whole access check fails. If the ACE is an "allow" ACE and all of the bits in the desired access bits match bits in the access mask of the ACE, the access check is successful. Otherwise, more ACEs are evaluated until all desired access bits (combined) are "allowed". If all of the desired access bits are not "allowed" the then same process is repeated for inherited ACEs.

    For example, if user WNET\alice tries to open a file with desired access bits 0x00000003 (FILE_READ_DATA | FILE_WRITE_DATA) and the target file has the following security descriptor ACEs: 

     Allow WNET\alice     0x001200A9  Direct
 Allow Administrators 0x001F01FF  Inherited
 Allow SYSTEM         0x001F01FF  Inherited
    the access check would fail because the direct ACE has an access mask of 0x001200A9 which doesn't have the FILE_WRITE_DATA bit on (bit 0x00000002). Actually, this isn't quite correct. If WNET\alice is in the local Administrators group the access check will succeed because the inherited ACE allows local Administrators both FILE_READ_DATA and FILE_WRITE_DATA access.

    Field Summary
    static int DELETE
               
    static int FILE_APPEND_DATA
               
    static int FILE_DELETE
               
    static int FILE_EXECUTE
               
    static int FILE_READ_ATTRIBUTES
               
    static int FILE_READ_DATA
               
    static int FILE_READ_EA
               
    static int FILE_WRITE_ATTRIBUTES
               
    static int FILE_WRITE_DATA
               
    static int FILE_WRITE_EA
               
    static int FLAGS_CONTAINER_INHERIT
               
    static int FLAGS_INHERIT_ONLY
               
    static int FLAGS_INHERITED
               
    static int FLAGS_NO_PROPAGATE
               
    static int FLAGS_OBJECT_INHERIT
               
    static int GENERIC_ALL
               
    static int GENERIC_EXECUTE
               
    static int GENERIC_READ
               
    static int GENERIC_WRITE
               
    static int READ_CONTROL
               
    static int SYNCHRONIZE
               
    static int WRITE_DAC
               
    static int WRITE_OWNER
               
     
    Constructor Summary
    ACE()
               
     
    Method Summary
     int getAccessMask()
              Returns the access mask accociated with this ACE.
     java.lang.String getApplyToText()
              Returns the 'Apply To' text for inheritance of ACEs on directories such as 'This folder, subfolder and files'.
     int getFlags()
              Returns the flags for this ACE.
     SID getSID()
              Return the SID associated with this ACE.
     boolean isAllow()
              Returns true if this ACE is an allow ACE and false if it is a deny ACE.
     boolean isInherited()
              Returns true if this ACE is an inherited ACE and false if it is a direct ACE.
     java.lang.String toString()
              Return a string represeting this ACE.
     
    Methods inherited from class java.lang.Object
    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
     

    Field Detail

    FILE_READ_DATA

    public static final int FILE_READ_DATA
    See Also:
    Constant Field Values

    FILE_WRITE_DATA

    public static final int FILE_WRITE_DATA
    See Also:
    Constant Field Values

    FILE_APPEND_DATA

    public static final int FILE_APPEND_DATA
    See Also:
    Constant Field Values

    FILE_READ_EA

    public static final int FILE_READ_EA
    See Also:
    Constant Field Values

    FILE_WRITE_EA

    public static final int FILE_WRITE_EA
    See Also:
    Constant Field Values

    FILE_EXECUTE

    public static final int FILE_EXECUTE
    See Also:
    Constant Field Values

    FILE_DELETE

    public static final int FILE_DELETE
    See Also:
    Constant Field Values

    FILE_READ_ATTRIBUTES

    public static final int FILE_READ_ATTRIBUTES
    See Also:
    Constant Field Values

    FILE_WRITE_ATTRIBUTES

    public static final int FILE_WRITE_ATTRIBUTES
    See Also:
    Constant Field Values

    DELETE

    public static final int DELETE
    See Also:
    Constant Field Values

    READ_CONTROL

    public static final int READ_CONTROL
    See Also:
    Constant Field Values

    WRITE_DAC

    public static final int WRITE_DAC
    See Also:
    Constant Field Values

    WRITE_OWNER

    public static final int WRITE_OWNER
    See Also:
    Constant Field Values

    SYNCHRONIZE

    public static final int SYNCHRONIZE
    See Also:
    Constant Field Values

    GENERIC_ALL

    public static final int GENERIC_ALL
    See Also:
    Constant Field Values

    GENERIC_EXECUTE

    public static final int GENERIC_EXECUTE
    See Also:
    Constant Field Values

    GENERIC_WRITE

    public static final int GENERIC_WRITE
    See Also:
    Constant Field Values

    GENERIC_READ

    public static final int GENERIC_READ
    See Also:
    Constant Field Values

    FLAGS_OBJECT_INHERIT

    public static final int FLAGS_OBJECT_INHERIT
    See Also:
    Constant Field Values

    FLAGS_CONTAINER_INHERIT

    public static final int FLAGS_CONTAINER_INHERIT
    See Also:
    Constant Field Values

    FLAGS_NO_PROPAGATE

    public static final int FLAGS_NO_PROPAGATE
    See Also:
    Constant Field Values

    FLAGS_INHERIT_ONLY

    public static final int FLAGS_INHERIT_ONLY
    See Also:
    Constant Field Values

    FLAGS_INHERITED

    public static final int FLAGS_INHERITED
    See Also:
    Constant Field Values
    Constructor Detail

    ACE

    public ACE()
    Method Detail

    isAllow

    public boolean isAllow()
    Returns true if this ACE is an allow ACE and false if it is a deny ACE.

    isInherited

    public boolean isInherited()
    Returns true if this ACE is an inherited ACE and false if it is a direct ACE.

    Note: For reasons not fully understood, FLAGS_INHERITED may not be set within all security descriptors even though the ACE was in face inherited. If an inherited ACE is added to a parent the Windows ACL editor will rebuild all children ACEs and set this flag accordingly.

    getFlags

    public int getFlags()
    Returns the flags for this ACE. The isInherited() method checks the FLAGS_INHERITED bit in these flags.

    getApplyToText

    public java.lang.String getApplyToText()
    Returns the 'Apply To' text for inheritance of ACEs on directories such as 'This folder, subfolder and files'. For files the text is always 'This object only'.

    getAccessMask

    public int getAccessMask()
    Returns the access mask accociated with this ACE. Use the constants for FILE_READ_DATA, FILE_WRITE_DATA, READ_CONTROL, GENERIC_ALL, etc with bitwise operators to determine which bits of the mask are on or off.

    getSID

    public SID getSID()
    Return the SID associated with this ACE.

    toString

    public java.lang.String toString()
    Return a string represeting this ACE.

    Note: This function should probably be changed to return SDDL fragments but currently it does not.

    Overrides:
    toString in class java.lang.Object
    Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
     PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
    SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD




    © 2015 - 2025 Weber Informatics LLC | Privacy Policy