int result = response.readParametersWireFormat(buffer, 0, 8);

        // Should read 8 bytes (no sid for FIND_NEXT)
        assertEquals(8, result);
        assertEquals(3, response.getNumEntries());
        assertFalse(response.isEndOfSearch());
        assertEquals(0, response.getSid()); // sid should remain 0
    }

     * @param batchSize the maximum size of the response buffer
     */
    public Trans2FindNext2(final Configuration config, final int sid, final int resumeKey, final String filename, final int batchCount,
            final int batchSize) {
        super(config, SMB_COM_TRANSACTION2, TRANS2_FIND_NEXT2);
        this.sid = sid;
        this.resumeKey = resumeKey;
        this.filename = filename;

        // Owner SID offset
        if (includeOwner) {
            SMBUtil.writeInt4(currentOffset, buffer, offset + 4);
            prepareSimpleSid(buffer, offset + currentOffset);
            currentOffset += 20; // Simple SID size
        } else {
            SMBUtil.writeInt4(0, buffer, offset + 4);
        }

        // Group SID offset
        if (includeGroup) {

package jcifs.smb1.dcerpc.msrpc;

import jcifs.smb1.smb1.SID;

class LsarSidArrayX extends lsarpc.LsarSidArray {

    LsarSidArrayX(final SID[] sids) {
        this.num_sids = sids.length;
        this.sids = new lsarpc.LsarSidPtr[sids.length];
        for (int si = 0; si < sids.length; si++) {
            this.sids[si] = new lsarpc.LsarSidPtr();
            this.sids[si].sid = sids[si];
        }
    }

     * @return the access mask for this ACE
     */
    public int getAccessMask() {
        return access;
    }

    /**
     * Return the SID associated with this ACE.
     * @return the SID for this ACE
     */
    public SID getSID() {
        return sid;
    }

    int decode(final byte[] buf, int bi) {
        allow = buf[bi] == (byte) 0x00;
        bi++;
        flags = buf[bi++] & 0xFF;

		LsarQosInfo *security_quality_of_service;
	} LsarObjectAttributes;

	typedef struct {
		unicode_string name;
		sid_t *sid;
	} LsarDomainInfo;

	typedef struct {
		unicode_string name;
		unicode_string dns_domain;
		unicode_string dns_forest;
		uuid_t domain_guid;
		sid_t *sid;
	} LsarDnsDomainInfo;

	enum {
		POLICY_INFO_AUDIT_EVENTS   = 2,
		POLICY_INFO_PRIMARY_DOMAIN = 3,

		LsarQosInfo *security_quality_of_service;
	} LsarObjectAttributes;

	typedef struct {
		unicode_string name;
		sid_t *sid;
	} LsarDomainInfo;

	typedef struct {
		unicode_string name;
		unicode_string dns_domain;
		unicode_string dns_forest;
		uuid_t domain_guid;
		sid_t *sid;
	} LsarDnsDomainInfo;

	enum {
		POLICY_INFO_AUDIT_EVENTS   = 2,
		POLICY_INFO_PRIMARY_DOMAIN = 3,

 */

package jcifs.smb1.dcerpc.msrpc;

import jcifs.smb1.smb1.SID;

/**
 * MSRPC implementation for looking up security identifiers (SIDs).
 * This class provides functionality to resolve SIDs to their corresponding
 * account names using the LSA RPC interface.
 */
public class MsrpcLookupSids extends lsarpc.LsarLookupSids {

    SID[] sids;

    /**
     * Creates a new request to lookup SIDs.
     *

 * "The .NET Developer's Guide to Windows Security" (which is also
 * available online).
 * <p>
 * Direct ACEs are evaluated first in order. The SID of the user performing
 * the operation and the desired access bits are compared to the SID
 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access

        domainInfo.name = new rpc.unicode_string(); // Use real object
        domainInfo.name.buffer = null; // Null buffer
        domainInfo.sid = null; // Null SID

        domainInfo.encode(mockNdrBuffer);

        verify(mockNdrBuffer, times(2)).enc_ndr_referent(null, 1); // name.buffer and sid
        verify(mockDeferredNdrBuffer, never()).enc_ndr_long(anyInt());
        verify(mockDeferredNdrBuffer, never()).enc_ndr_short(anyShort());