[jcifs] SID.getXxxName returns empty string if account deleted
Michael B Allen
mba2000 at ioplex.com
Mon Dec 4 17:23:55 GMT 2006
I'm CC-ing the list for this one.
On Mon, 04 Dec 2006 11:40:26 -0500
Jake Goulding <goulding at vivisimo.com> wrote:
> > Yeah, you could tell by looking at getType() but that should definitely
> > be fixed. I'll do that before we release the final.
> Looking at the list of SID types, which do I need to check for? unknown,
> invalid, use_none, deleted all seem like candidates to be missing a
> resolved part. Maybe I will just wait for the final and check the null.
> If a group cannot be resolved, as is the case for a well-known-group,
> will it return null?
Is getAccountName, getDomainName or toString returning null? I don't
think they should. I think I should change the SID class behavior to do the
following depending on whether or not the SID was successfully resolved:
Return a suitable display name
Return the full S-X-Y-Z string
Return the domain name
Return the domain component of the S-X-Y-Z string
Return the account name
Return only the RID component of the S-X-Y-Z string
These methods should never return null or an empty string. I'm actually
not certain what getType() will return. I don't think the user should
have to checking it at all.
Additionally another thing I think I will change is to make it so that
if the SID is not resolved, calling any of these methods will trigger
it to be resolved. Currently if the SID.resolve() is not called or if
the SID was not passed through SID.resolveSids it is not resolved and
the said methods return null. So you will only get the S-X-Y-X strings
if the resolution failed (e.g. because the account was deleted). This is
consistent with the Windows ACL editor. Also, after doing this I suppose
I can make the SID.resolve() method non-public.
These are all simple changes that should take less than an hour. It was
sloppy on my part not to consider unresolved sids.
Michael B Allen
PHP Active Directory SSO
More information about the jcifs