Why are we allocating ID_TYPE_BOTH on a user or machine SID type ?

Jeremy Allison jra at samba.org
Thu Oct 17 14:40:12 MDT 2013


On Thu, Oct 17, 2013 at 10:06:16AM +0200, Volker Lendecke wrote:
> On Wed, Oct 16, 2013 at 09:02:48PM -0700, Jeremy Allison wrote:
> > But in the case where a SID *is* a SID_NAME_USER or a SID_NAME_COMPUTER,
> 
> Well, in the future if we want to support sidHistory, the
> role for SID_NAME_USER will change. What used to be a user
> will not be resolvable anymore and in future tokens will be
> presented to us as part of the auxiliary SIDs. We can only
> make use of those IDs if we put them in as auxiliary groups
> into our unix token. Yes, we need a modifed acl mapping for
> this, so it's probably not done yet. But that is another
> reason for TYPE_BOTH.

Urggghhhh. That's just, it's just...... *nasty* :-).

I can code around this in posix_acls.c but I'm
shaking my head at this one :-).


More information about the samba-technical mailing list