[cifs-protocol] MS-ADTS 4.1.8.3 missing RevMembGetGroupsForUser as a transitive operation

Andrew Bartlett abartlet at samba.org
Thu Dec 4 17:53:14 MST 2014


4.1.8.3 Server Behavior of the IDL_DRSGetMemberships Method

The pseudo-code has this hunk in it:

/* Calculate all other cases (where op ≠ GroupMembersInTransitive).*/
transitive := op in {RevMembGetAccountGroups,
RevMembGetResourceGroups,
RevMembGetUniversalGroups}

However, it does not list RevMembGetGroupsForUser referenced in MS-ADTS
3.1.1.4.5.19 tokenGroups, tokenGroupsNoGCAcceptable, which is clearly a
transitive operation, as it says:

These two computed attributes return the set of SIDs from a transitive
group membership expansion operation on a given object.

Can you confirm the docs are incorrect, and that RevMembGetGroupsForUser
should be in that list?

Thanks,

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the cifs-protocol mailing list