java source code of SIDCacheImpl

jcifs-ng-master
- src
  - main
    - java
      - jcifs
        smb
        SmbPipeHandleImpl.java
        ShareEnumIterator.java
        SmbResourceLocatorInternal.java
        CredentialsInternal.java
        SmbRenewableCredentials.java
        SmbResourceLocatorImpl.java
        SSPContext.java
        DosError.java
        SmbTreeInternal.java
        SmbFileInputStream.java
        SMBProtocolDowngradeException.java
        DirFileEntryAdapterIterator.java
        SmbCopyUtil.java
        SmbTreeConnection.java
        MIEName.java
        NtlmUtil.java
        SmbRandomAccessFile.java
        SmbException.java
        SmbSessionImpl.java
        NetServerEnumIterator.java
        SmbPipeHandleInternal.java
        SmbTreeHandleImpl.java
        Handler.java
        RequestParam.java
        DirFileEntryEnumIteratorBase.java
        NtlmPasswordAuthentication.java
        Kerb5Authenticator.java
        SmbEnumerationUtil.java
        SmbTransportPoolImpl.java
        JAASAuthenticator.java
        SmbTransportImpl.java
        SIDCacheImpl.java
        NtlmContext.java
        SmbTransportInternal.java
        DirFileEntryEnumIterator1.java
        WinError.java
        NtlmChallenge.java
        SmbAuthException.java
        SmbFileFilter.java
        StaticJAASConfiguration.java
        FileEntryAdapterIterator.java
        SmbTreeHandleInternal.java
        SpnegoContext.java
        SID.java
        SecurityBlob.java
        SmbEndOfFileException.java
        FileEntry.java
        SmbPipeOutputStream.java
        NtlmAuthenticator.java
        DfsImpl.java
        SmbFilenameFilter.java
        SmbNamedPipe.java
        BufferCacheImpl.java
        SessionSetupHandler.java
        DosFileFilter.java
        DirFileEntryEnumIterator2.java
        SmbFileHandleImpl.java
        NetServerFileEntryAdapterIterator.java
        SmbUnsupportedOperationException.java
        Kerb5Context.java
        SmbFile.java
        SmbWatchHandleImpl.java
        SMBSignatureValidationException.java
        SmbFileOutputStream.java
        SmbTreeConnectionTrace.java
        SmbPipeInputStream.java
        NtlmPasswordAuthenticator.java
        SmbSessionInternal.java
        NtStatus.java
        DfsReferral.java
        SmbTreeImpl.java
        BufferCache.java
        SmbTreeHandle.java
        SmbFileHandle.java
        FileNotifyInformation.java
        https
        Handler.java
        ResolverType.java
        Configuration.java
        SmbRandomAccess.java
        SmbTree.java
        SmbSession.java
        NetbiosAddress.java
        Address.java
        DialectVersion.java
        SmbPipeHandle.java
        Credentials.java
        context
        CIFSContextWrapper.java
        SingletonContext.java
        AbstractCIFSContext.java
        BaseContext.java
        CIFSContextCredentialWrapper.java
        util
        ByteEncodable.java
        Encdec.java
        transport
        ConnectionTimeoutException.java
        Transport.java
        TransportException.java
        Response.java
        Message.java
        Request.java
        RequestTimeoutException.java
        HMACT64.java
        Hexdump.java
        Strings.java
        Crypto.java
        netbios
        NbtAddress.java
        NameQueryResponse.java
        NameQueryRequest.java
        Lmhosts.java
        Name.java
        NbtException.java
        UniAddress.java
        NameServicePacket.java
        NameServiceClientImpl.java
        SessionServicePacket.java
        NodeStatusResponse.java
        NodeStatusRequest.java
        SessionRequestPacket.java
        SessionRetargetResponsePacket.java
        ResourceFilter.java
        config
        PropertyConfiguration.java
        BaseConfiguration.java
        DelegatingConfiguration.java
        SmbTransport.java
        NetbiosName.java
        ntlmssp
        Type2Message.java
        Type3Message.java
        NtlmMessage.java
        Type1Message.java
        NtlmFlags.java
        av
        AvTargetName.java
        AvPairs.java
        AvFlags.java
        AvChannelBindings.java
        AvSingleHost.java
        AvTimestamp.java
        AvPair.java
        Encodable.java
        Config.java
        SID.java
        internal
        smb2
        ServerMessageBlock2Request.java
        info
        Smb2SetInfoResponse.java
        Smb2QueryDirectoryRequest.java
        Smb2QueryInfoRequest.java
        Smb2QueryInfoResponse.java
        Smb2QueryDirectoryResponse.java
        Smb2SetInfoRequest.java
        Smb2EchoRequest.java
        Smb2Constants.java
        RequestWithFileId.java
        ioctl
        Smb2IoctlResponse.java
        SrvCopychunkCopy.java
        SrvRequestResumeKeyResponse.java
        SrvPipePeekResponse.java
        ValidateNegotiateInfoResponse.java
        Smb2IoctlRequest.java
        ValidateNegotiateInfoRequest.java
        SrvCopychunk.java
        SrvCopyChunkCopyResponse.java
        nego
        EncryptionNegotiateContext.java
        PreauthIntegrityNegotiateContext.java
        NegotiateContextResponse.java
        NegotiateContextRequest.java
        Smb2NegotiateRequest.java
        Smb2NegotiateResponse.java
        notify
        Smb2ChangeNotifyResponse.java
        Smb2ChangeNotifyRequest.java
        ServerMessageBlock2.java
        create
        Smb2CreateRequest.java
        CreateContextResponse.java
        Smb2CloseRequest.java
        Smb2CreateResponse.java
        CreateContextRequest.java
        Smb2CloseResponse.java
        Smb2SigningDigest.java
        io
        Smb2FlushRequest.java
        Smb2ReadRequest.java
        Smb2WriteRequest.java
        Smb2FlushResponse.java
        Smb2WriteResponse.java
        Smb2ReadResponse.java
        tree
        Smb2TreeDisconnectResponse.java
        Smb2TreeConnectResponse.java
        Smb2TreeDisconnectRequest.java
        Smb2TreeConnectRequest.java
        Smb2CancelRequest.java
        Smb2EchoResponse.java
        lock
        Smb2LockResponse.java
        Smb2Lock.java
        Smb2OplockBreakNotification.java
        Smb2LockRequest.java
        Smb3KeyDerivation.java
        session
        Smb2SessionSetupRequest.java
        Smb2LogoffResponse.java
        Smb2SessionSetupResponse.java
        Smb2LogoffRequest.java
        ServerMessageBlock2Response.java
        TreeConnectResponse.java
        CommonServerMessageBlockResponse.java
        SMBProtocolDecodingException.java
        smb1
        trans
        SmbComTransactionResponse.java
        TransCallNamedPipeResponse.java
        nt
        NtTransNotifyChangeResponse.java
        FileNotifyInformationImpl.java
        NtTransQuerySecurityDescResponse.java
        NtTransNotifyChange.java
        SmbComNtTransaction.java
        SmbComNtCancel.java
        NtTransQuerySecurityDesc.java
        SmbComNtTransactionResponse.java
        TransCallNamedPipe.java
        SmbComTransaction.java
        TransWaitNamedPipeResponse.java
        TransTransactNamedPipe.java
        TransPeekNamedPipe.java
        TransTransactNamedPipeResponse.java
        TransWaitNamedPipe.java
        TransPeekNamedPipeResponse.java
        SMB1SigningDigest.java
        AndXServerMessageBlock.java
        trans2
        Trans2GetDfsReferralResponse.java
        Trans2FindFirst2.java
        Trans2FindFirst2Response.java
        Trans2QueryFSInformationResponse.java
        Trans2GetDfsReferral.java
        Trans2FindNext2.java
        Trans2QueryFSInformation.java
        Trans2SetFileInformation.java
        Trans2QueryPathInformation.java
        Trans2QueryPathInformationResponse.java
        Trans2SetFileInformationResponse.java
        net
        NetServerEnum2.java
        NetShareEnumResponse.java
        SmbShareInfo.java
        NetServerEnum2Response.java
        NetShareEnum.java
        com
        SmbComWriteAndXResponse.java
        SmbComReadAndXResponse.java
        SmbComLogoffAndX.java
        LockingAndXRange.java
        SmbComSeek.java
        SmbComClose.java
        ServerData.java
        SmbComOpenAndXResponse.java
        SmbComSessionSetupAndX.java
        SmbComBlankResponse.java
        SmbComNegotiateResponse.java
        SmbComRename.java
        SmbComTreeDisconnect.java
        SmbComReadAndX.java
        SmbComQueryInformationResponse.java
        SmbComQueryInformation.java
        SmbComTreeConnectAndX.java
        SmbComNTCreateAndX.java
        SmbComSetInformationResponse.java
        SmbComSetInformation.java
        SmbComOpenAndX.java
        SmbComSessionSetupAndXResponse.java
        SmbComCreateDirectory.java
        SmbComTreeConnectAndXResponse.java
        SmbComWrite.java
        SmbComNegotiate.java
        SmbComDeleteDirectory.java
        SmbComLockingAndX.java
        SmbComDelete.java
        SmbComWriteAndX.java
        SmbComWriteResponse.java
        SmbComSeekResponse.java
        SmbComNTCreateAndXResponse.java
        SmbComFindClose2.java
        ServerMessageBlock.java
        CommonServerMessageBlockRequest.java
        RequestWithPath.java
        util
        StringUtil.java
        SMBUtil.java
        Request.java
        dtyp
        SecurityDescriptor.java
        ACE.java
        SecurityInfo.java
        fscc
        FileFsFullSizeInformation.java
        FileInternalInfo.java
        FileFsSizeInformation.java
        FileInformation.java
        BasicFileInformation.java
        FileBothDirectoryInfo.java
        FileSystemInformation.java
        FileEndOfFileInformation.java
        FileStandardInfo.java
        SmbInfoAllocation.java
        FileRenameInformation2.java
        FsctlPipeWaitRequest.java
        FileBasicInfo.java
        SmbNegotiationResponse.java
        SmbNegotiationRequest.java
        NotifyResponse.java
        CommonServerMessageBlock.java
        dfs
        DfsReferralDataInternal.java
        Referral.java
        DfsReferralDataImpl.java
        DfsReferralRequestBuffer.java
        DfsReferralResponseBuffer.java
        SmbNegotiation.java
        SMBSigningDigest.java
        AllocInfo.java
        SmbBasicFileInfo.java
        SidResolver.java
        SmbResource.java
        dcerpc
        rpc.idl
        DcerpcException.java
        DcerpcBind.java
        rpc.java
        DcerpcPipeHandle.java
        DcerpcMessage.java
        DcerpcConstants.java
        DcerpcError.java
        UnicodeString.java
        DcerpcBinding.java
        UUID.java
        msrpc
        SamrDomainHandle.java
        samr.java
        MsrpcSamrCloseHandle.java
        MsrpcSamrOpenDomain.java
        srvsvc.idl
        MsrpcLsarClose.java
        MsrpcGetMembersInAlias.java
        lsarpc.java
        LsaPolicyHandle.java
        netdfs.java
        lsarpc.idl
        srvsvc.java
        MsrpcLookupSids.java
        MsrpcLsarOpenPolicy2.java
        samr.idl
        MsrpcQueryInformationPolicy.java
        MsrpcSamrConnect2.java
        SamrAliasHandle.java
        LsarSidArrayX.java
        MsrpcSamrOpenAlias.java
        MsrpcShareGetInfo.java
        MsrpcShareEnum.java
        MsrpcEnumerateAliasesInDomain.java
        MsrpcSamrConnect4.java
        MsrpcDfsRootEnum.java
        netdfs.idl
        SamrPolicyHandle.java
        ndr
        NdrSmall.java
        NdrLong.java
        NdrHyper.java
        NdrException.java
        NdrObject.java
        NdrShort.java
        NdrBuffer.java
        DcerpcHandle.java
        DcerpcSecurityProvider.java
        SmbConstants.java
        SmbWatchHandle.java
        http
        Handler.java
        NtlmHttpURLConnection.java
        NtlmServlet.java
        NtlmHttpServletRequest.java
        NetworkExplorer.java
        NtlmSsp.java
        ne.css
        NtlmHttpFilter.java
        ACE.java
        DfsReferralData.java
        CIFSException.java
        DfsResolver.java
        CIFSUnsupportedCryptoException.java
        EmptyIterator.java
        NameServiceClient.java
        RuntimeCIFSException.java
        SmbResourceLocator.java
        SmbTransportPool.java
        SmbPipeResource.java
        ResourceNameFilter.java
        spnego
        SpnegoConstants.java
        NegTokenInit.java
        SpnegoToken.java
        SpnegoException.java
        NegTokenTarg.java
        CIFSContext.java
        pac
        PacConstants.java
        PacCredentialType.java
        PacDataInputStream.java
        PacUnicodeString.java
        kerberos
        KerberosToken.java
        KerberosTicket.java
        KerberosAuthData.java
        KerberosConstants.java
        KerberosEncData.java
        KerberosRelevantAuthData.java
        KerberosCredentials.java
        KerberosPacAuthData.java
        KerberosApRequest.java
        Pac.java
        PacSignature.java
        PacLogonInfo.java
        PacSidAttributes.java
        ASN1Util.java
        PACDecodingException.java
        PacMac.java
        PacGroup.java
        Decodable.java
        CloseableIterator.java
  - test
    - resources
      - log4j.properties
    - java
      - jcifs
        tests
        EnumTest.java
        ConcurrencyTest.java
        RandomAccessFileTest.java
        TestMutation.java
        SessionTest.java
        PACTest.java
        FileLocationTest.java
        ReadWriteTest.java
        PrintingRunListener.java
        NtlmTest.java
        BaseCIFSTest.java
        DelegatingNameServiceClient.java
        OplockTests.java
        ContextConfigTest.java
        FileOperationsTest.java
        TimeoutTest.java
        NamingTest.java
        TestProperties.java
        PipeTest.java
        FileAttributesTest.java
        KerberosTest.java
        AllTests.java
        Strings.java
        SidTest.java
        DfsTest.java
        WatchTest.java
- build.properties
- pom.xml
- LICENSE
- CHANGELOG.txt
- README.md
- .gitignore

/*
 * © 2016 AgNO3 Gmbh & Co. KG
 * 
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 * 
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.smb;


import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.SidResolver;
import jcifs.dcerpc.DcerpcHandle;
import jcifs.dcerpc.UnicodeString;
import jcifs.dcerpc.rpc;
import jcifs.dcerpc.rpc.sid_t;
import jcifs.dcerpc.msrpc.LsaPolicyHandle;
import jcifs.dcerpc.msrpc.MsrpcEnumerateAliasesInDomain;
import jcifs.dcerpc.msrpc.MsrpcGetMembersInAlias;
import jcifs.dcerpc.msrpc.MsrpcLookupSids;
import jcifs.dcerpc.msrpc.MsrpcQueryInformationPolicy;
import jcifs.dcerpc.msrpc.SamrAliasHandle;
import jcifs.dcerpc.msrpc.SamrDomainHandle;
import jcifs.dcerpc.msrpc.SamrPolicyHandle;
import jcifs.dcerpc.msrpc.lsarpc;
import jcifs.dcerpc.msrpc.lsarpc.LsarTranslatedName;
import jcifs.dcerpc.msrpc.samr;


/**
 * Internal use only: SID resolver cache
 * 
 * @author mbechler
 * @internal
 */
public class SIDCacheImpl implements SidResolver {

    private Map<SID, SID> sidCache = new HashMap<>();


    /**
     * @param baseContext
     */
    public SIDCacheImpl ( CIFSContext baseContext ) {}


    void resolveSids ( DcerpcHandle handle, LsaPolicyHandle policyHandle, jcifs.SID[] sids ) throws IOException {
        MsrpcLookupSids rpc = new MsrpcLookupSids(policyHandle, sids);
        handle.sendrecv(rpc);
        switch ( rpc.retval ) {
        case 0:
        case NtStatus.NT_STATUS_NONE_MAPPED:
        case 0x00000107: // NT_STATUS_SOME_NOT_MAPPED
            break;
        default:
            throw new SmbException(rpc.retval, false);
        }

        for ( int si = 0; si < sids.length; si++ ) {
            SID out = sids[ si ].unwrap(SID.class);
            LsarTranslatedName resp = rpc.names.names[ si ];
            out.domainName = null;
            switch ( resp.sid_type ) {
            case jcifs.SID.SID_TYPE_USER:
            case jcifs.SID.SID_TYPE_DOM_GRP:
            case jcifs.SID.SID_TYPE_DOMAIN:
            case jcifs.SID.SID_TYPE_ALIAS:
            case jcifs.SID.SID_TYPE_WKN_GRP:
                rpc.unicode_string ustr = rpc.domains.domains[ resp.sid_index ].name;
                out.domainName = ( new UnicodeString(ustr, false) ).toString();
                break;
            }

            UnicodeString ucstr = new UnicodeString(resp.name, false);
            out.acctName = ucstr.toString();
            out.type = resp.sid_type;
            out.origin_server = null;
            out.origin_ctx = null;
        }
    }


    void resolveSids0 ( String authorityServerName, CIFSContext tc, jcifs.SID[] sids ) throws CIFSException {
        synchronized ( this.sidCache ) {
            try ( DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName + "[\\PIPE\\lsarpc]", tc) ) {
                String server = authorityServerName;
                int dot = server.indexOf('.');
                if ( dot > 0 && Character.isDigit(server.charAt(0)) == false )
                    server = server.substring(0, dot);
                try ( LsaPolicyHandle policyHandle = new LsaPolicyHandle(handle, "\\\\" + server, 0x00000800) ) {
                    resolveSids(handle, policyHandle, sids);
                }
            }
            catch ( IOException e ) {
                throw new CIFSException("Failed to resolve SIDs", e);
            }
        }
    }


    @Override
    public void resolveSids ( CIFSContext tc, String authorityServerName, jcifs.SID[] sids, int offset, int length ) throws CIFSException {
        ArrayList<SID> list = new ArrayList<>(sids.length);
        int si;

        synchronized ( this.sidCache ) {
            for ( si = 0; si < length; si++ ) {
                SID s = sids[ offset + si ].unwrap(SID.class);
                SID sid = this.sidCache.get(s);
                if ( sid != null ) {
                    s.type = sid.type;
                    s.domainName = sid.domainName;
                    s.acctName = sid.acctName;
                }
                else {
                    list.add(s);
                }
            }

            if ( list.size() > 0 ) {
                SID[] resolved = list.toArray(new SID[list.size()]);
                resolveSids0(authorityServerName, tc, resolved);
                for ( si = 0; si < resolved.length; si++ ) {
                    this.sidCache.put(resolved[ si ], resolved[ si ]);
                }
            }
        }
    }


    /**
     * Resolve an array of SIDs using a cache and at most one MSRPC request.
     * <p>
     * This method will attempt
     * to resolve SIDs using a cache and cache the results of any SIDs that
     * required resolving with the authority. SID cache entries are currently not
     * expired because under normal circumstances SID information never changes.
     *
     * @param authorityServerName
     *            The hostname of the server that should be queried. For maximum efficiency this should be the hostname
     *            of a domain controller however a member server will work as well and a domain controller may not
     *            return names for SIDs corresponding to local accounts for which the domain controller is not an
     *            authority.
     * @param tc
     *            The context that should be used to communicate with the named server.
     * @param sids
     *            The SIDs that should be resolved. After this function is called, the names associated with the SIDs
     *            may be queried with the <tt>toDisplayString</tt>, <tt>getDomainName</tt>, and <tt>getAccountName</tt>
     *            methods.
     */
    @Override
    public void resolveSids ( CIFSContext tc, String authorityServerName, jcifs.SID[] sids ) throws CIFSException {
        ArrayList<SID> list = new ArrayList<>(sids.length);
        int si;

        synchronized ( this.sidCache ) {
            for ( si = 0; si < sids.length; si++ ) {
                SID s = sids[ si ].unwrap(SID.class);
                SID sid = this.sidCache.get(s);
                if ( sid != null ) {
                    s.type = sid.type;
                    s.domainName = sid.domainName;
                    s.acctName = sid.acctName;
                }
                else {
                    list.add(s);
                }
            }

            if ( list.size() > 0 ) {
                SID[] resolved = list.toArray(new SID[list.size()]);
                resolveSids0(authorityServerName, tc, resolved);
                for ( si = 0; si < resolved.length; si++ ) {
                    this.sidCache.put(resolved[ si ], resolved[ si ]);
                }
            }
        }
    }


    @Override
    public SID getServerSid ( CIFSContext tc, String server ) throws CIFSException {
        lsarpc.LsarDomainInfo info = new lsarpc.LsarDomainInfo();
        MsrpcQueryInformationPolicy rpc;

        synchronized ( this.sidCache ) {
            try ( DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" + server + "[\\PIPE\\lsarpc]", tc) ) {
                // NetApp doesn't like the 'generic' access mask values
                try ( LsaPolicyHandle policyHandle = new LsaPolicyHandle(handle, null, 0x00000001) ) {
                    rpc = new MsrpcQueryInformationPolicy(policyHandle, (short) lsarpc.POLICY_INFO_ACCOUNT_DOMAIN, info);
                    handle.sendrecv(rpc);
                    if ( rpc.retval != 0 )
                        throw new SmbException(rpc.retval, false);
                }

                return new SID(info.sid, jcifs.SID.SID_TYPE_DOMAIN, ( new UnicodeString(info.name, false) ).toString(), null, false);
            }
            catch ( IOException e ) {
                throw new CIFSException("Failed to get SID from server", e);
            }
        }
    }


    @Override
    public SID[] getGroupMemberSids ( CIFSContext tc, String authorityServerName, jcifs.SID domsid, int rid, int flags ) throws CIFSException {
        lsarpc.LsarSidArray sidarray = new lsarpc.LsarSidArray();
        MsrpcGetMembersInAlias rpc = null;

        synchronized ( this.sidCache ) {
            try ( DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName + "[\\PIPE\\samr]", tc) ) {
                SamrPolicyHandle policyHandle = new SamrPolicyHandle(handle, authorityServerName, 0x00000030);
                SamrDomainHandle domainHandle = new SamrDomainHandle(handle, policyHandle, 0x00000200, domsid.unwrap(sid_t.class));
                try ( SamrAliasHandle aliasHandle = new SamrAliasHandle(handle, domainHandle, 0x0002000c, rid) ) {
                    rpc = new MsrpcGetMembersInAlias(aliasHandle, sidarray);
                    handle.sendrecv(rpc);
                    if ( rpc.retval != 0 )
                        throw new SmbException(rpc.retval, false);
                    SID[] sids = new SID[rpc.sids.num_sids];

                    String origin_server = handle.getServer();
                    CIFSContext origin_ctx = handle.getTransportContext();

                    for ( int i = 0; i < sids.length; i++ ) {
                        sids[ i ] = new SID(rpc.sids.sids[ i ].sid, 0, null, null, false);
                        sids[ i ].origin_server = origin_server;
                        sids[ i ].origin_ctx = origin_ctx;
                    }
                    if ( sids.length > 0 && ( flags & SID.SID_FLAG_RESOLVE_SIDS ) != 0 ) {
                        resolveSids(origin_ctx, origin_server, sids);
                    }
                    return sids;
                }
            }
            catch ( IOException e ) {
                throw new CIFSException("Failed to get group member SIDs", e);
            }
        }

    }


    /**
     * 
     * {@inheritDoc}
     *
     * @see jcifs.SidResolver#getLocalGroupsMap(jcifs.CIFSContext, java.lang.String, int)
     */
    @Override
    public Map<jcifs.SID, List<jcifs.SID>> getLocalGroupsMap ( CIFSContext tc, String authorityServerName, int flags ) throws CIFSException {
        SID domSid = getServerSid(tc, authorityServerName);
        synchronized ( this.sidCache ) {
            try ( DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" + authorityServerName + "[\\PIPE\\samr]", tc) ) {
                samr.SamrSamArray sam = new samr.SamrSamArray();
                try ( SamrPolicyHandle policyHandle = new SamrPolicyHandle(handle, authorityServerName, 0x02000000);
                      SamrDomainHandle domainHandle = new SamrDomainHandle(handle, policyHandle, 0x02000000, domSid) ) {
                    MsrpcEnumerateAliasesInDomain rpc = new MsrpcEnumerateAliasesInDomain(domainHandle, 0xFFFF, sam);
                    handle.sendrecv(rpc);
                    if ( rpc.retval != 0 ) {
                        throw new SmbException(rpc.retval, false);
                    }

                    Map<jcifs.SID, List<jcifs.SID>> map = new HashMap<>();

                    for ( int ei = 0; ei < rpc.sam.count; ei++ ) {
                        samr.SamrSamEntry entry = rpc.sam.entries[ ei ];

                        SID[] mems = getGroupMemberSids(tc, authorityServerName, domSid, entry.idx, flags);
                        SID groupSid = new SID(domSid, entry.idx);
                        groupSid.type = jcifs.SID.SID_TYPE_ALIAS;
                        groupSid.domainName = domSid.getDomainName();
                        groupSid.acctName = ( new UnicodeString(entry.name, false) ).toString();

                        for ( int mi = 0; mi < mems.length; mi++ ) {
                            List<jcifs.SID> groups = map.get(mems[ mi ]);
                            if ( groups == null ) {
                                groups = new ArrayList<>();
                                map.put(mems[ mi ], groups);
                            }
                            if ( !groups.contains(groupSid) )
                                groups.add(groupSid);
                        }
                    }

                    return map;
                }
            }
            catch ( IOException e ) {
                throw new CIFSException("Failed to resolve groups", e);
            }
        }
    }
}