ace.allow = true;
        ace.access = 0x001200A9;
        ace.flags = 0x00;
        ace.sid = new SID("S-1-5-21-1234567890-123456789-123456789-1000");

        String result = ace.toString();

        assertTrue(result.startsWith("Allow "));
        // Hexdump.toHexString produces uppercase hex
        assertTrue(result.toLowerCase().contains("0x001200a9"));
        // ACE.toString() outputs "Direct    " with 4 spaces

 * descriptor ACEs:
 *
 * <pre>
 * Allow WNET\alice     0x001200A9  Direct
 * Allow Administrators 0x001F01FF  Inherited
 * Allow SYSTEM         0x001F01FF  Inherited
 * </pre>
 *
 * the access check would fail because the direct ACE has an access mask
 * of <code>0x001200A9</code> which doesn't have the

 * descriptor ACEs:
 *
 * <pre>
 * Allow WNET\alice     0x001200A9  Direct
 * Allow Administrators 0x001F01FF  Inherited
 * Allow SYSTEM         0x001F01FF  Inherited
 * </pre>
 *
 * the access check would fail because the direct ACE has an access mask
 * of <code>0x001200A9</code> which doesn't have the

 * descriptor ACEs:
 * <pre>
 * Allow WNET\alice     0x001200A9  Direct
 * Allow Administrators 0x001F01FF  Inherited
 * Allow SYSTEM         0x001F01FF  Inherited
 * </pre>
 * the access check would fail because the direct ACE has an access mask
 * of <code>0x001200A9</code> which doesn't have the

            assertEquals(0x00000003, aliceDesiredAccess, "Alice's desired access should be 0x00000003");

            // Direct ACE: Allow WNET\\alice 0x001200A9
            int aliceDirectACE = 0x001200A9;
            assertTrue((aliceDirectACE & ACE.FILE_READ_DATA) != 0, "Alice's direct ACE should allow FILE_READ_DATA");

        buffer[offset] = 0x00; // Allow ACE
        buffer[offset + 1] = 0x00; // flags
        SMBUtil.writeInt2(32, buffer, offset + 2); // size
        SMBUtil.writeInt4(0x001200A9, buffer, offset + 4); // access mask

        // Simple SID
        buffer[offset + 8] = 0x01; // revision
        buffer[offset + 9] = 0x01; // sub-authority count
        for (int i = 10; i < 16; i++) {

        assertEquals(Smb2CreateRequest.SMB2_IMPERSONATION_LEVEL_IMPERSONATION, impLevel);

        // Check default desired access (0x00120089) at offset 24
        int desiredAccess = (buffer[24] & 0xFF) | ((buffer[25] & 0xFF) << 8) | ((buffer[26] & 0xFF) << 16) | ((buffer[27] & 0xFF) << 24);
        assertEquals(0x00120089, desiredAccess);

        // Check default share access (READ | WRITE) at offset 32

    private byte requestedOplockLevel = SMB2_OPLOCK_LEVEL_NONE;
    private int impersonationLevel = SMB2_IMPERSONATION_LEVEL_IMPERSONATION;
    private long smbCreateFlags;
    private int desiredAccess = 0x00120089; // 0x80000000 | 0x1;
    private int fileAttributes;
    private int shareAccess = FILE_SHARE_READ | FILE_SHARE_WRITE;
    private int createDisposition = FILE_OPEN;
    private int createOptions = 0;

            final ServerMessageBlock2Request<?>... others) throws CIFSException {
        return withOpen(th, Smb2CreateRequest.FILE_OPEN, 0x00120089, SmbConstants.FILE_SHARE_READ | SmbConstants.FILE_SHARE_WRITE, first,
                others);
    }

    /**
     * Executes a request within the context of an open file handle with specified access
     *