assertEquals(sidT1, lsarSidArrayX.sids[0].sid, "First SID should be unwrapped correctly");
        assertEquals(sidT2, lsarSidArrayX.sids[1].sid, "Second SID should be unwrapped correctly");
    }

    @Test
    void testConstructorWithJcifsSIDArrayDirectAssignment() {
        // Create mock SID objects
        SID mockSid1 = mock(SID.class);
        SID mockSid2 = mock(SID.class);

        SID[] sids = { mockSid1, mockSid2 };

import org.junit.jupiter.api.Test;

import jcifs.smb.SID;

/**
 * Tests for the {@link PacGroup} class.
 */
class PacGroupTest {

    private SID mockSid;
    private PacGroup pacGroup;
    private final int attributes = 42;

    @BeforeEach
    void setUp() {
        // Mock the SID object
        mockSid = mock(SID.class);
        pacGroup = new PacGroup(mockSid, attributes);
    }

package jcifs.smb1.smb1;

class SmbComFindClose2 extends ServerMessageBlock {

    private final int sid;

    SmbComFindClose2(final int sid) {
        this.sid = sid;
        command = SMB_COM_FIND_CLOSE2;
    }

    @Override
    int writeParameterWordsWireFormat(final byte[] dst, final int dstIndex) {
        writeInt2(sid, dst, dstIndex);
        return 2;
    }

    @Override

        assertEquals(10, bytesRead);
        assertEquals(1, response.sid);
        assertEquals(2, response.numEntries);
        assertTrue(response.isEndOfSearch);
        assertEquals(3, response.eaErrorOffset);
        assertEquals(4, response.lastNameOffset);
    }

    @Test
    void testReadParametersWireFormat_FindNext2() {
        // In FindNext2, sid is not read

    }

    @Nested
    @DisplayName("SID Tests")
    class SidTests {

        @Test
        @DisplayName("Should encode SID correctly")
        void testSidTEncode() throws NdrException {
            // Given: A SID with test values
            rpc.sid_t sid = new rpc.sid_t();
            sid.revision = (byte) 1;
            sid.sub_authority_count = (byte) 2;

 */
package jcifs.pac;

import jcifs.smb.SID;

/**
 * Represents a Security Identifier (SID) with associated attributes within a PAC structure.
 * This class encapsulates a SID and its attribute flags as used in Kerberos PAC data.
 */
public class PacSidAttributes {

    private final SID id;
    private final int attributes;

    /**

        return this.aces;
    }

    /**
     * Gets the owner group SID of this security descriptor.
     *
     * @return the security identifier of the owner group
     */
    public final SID getOwnerGroupSid() {
        return this.ownerGroupSid;
    }

    /**
     * Gets the owner user SID of this security descriptor.
     *
     * @return the security identifier of the owner user
     */

 * "The .NET Developer's Guide to Windows Security" (which is also
 * available online).
 * <p>
 * Direct ACEs are evaluated first in order. The SID of the user performing
 * the operation and the desired access bits are compared to the SID
 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access

            if (responseData.getUrl().startsWith("smb:")) {
                final SID[] allowedSids = (SID[]) metaDataMap.get(SmbClient.SMB_ALLOWED_SID_ENTRIES);
                if (allowedSids != null) {
                    for (final SID sid : allowedSids) {
                        final String accountId = sambaHelper.getAccountId(sid);
                        if (accountId != null) {

            urlFilterService.delete(sid);
        } catch (final Exception e) {
            logger.warn("Failed to delete UrlFilter for {}", sid, e);
        }

        try {
            // clear queue
            urlQueueService.clearCache();
            urlQueueService.delete(sid);
        } catch (final Exception e) {
            logger.warn("Failed to delete UrlQueue for {}", sid, e);
        }

        try {