Why are we allocating ID_TYPE_BOTH on a user or machine SID type?
Andreas Schneider
asn at samba.org
Fri Oct 18 07:48:29 MDT 2013
On Thursday 17 October 2013 13:40:12 Jeremy Allison wrote:
> On Thu, Oct 17, 2013 at 10:06:16AM +0200, Volker Lendecke wrote:
> > On Wed, Oct 16, 2013 at 09:02:48PM -0700, Jeremy Allison wrote:
> > > But in the case where a SID *is* a SID_NAME_USER or a SID_NAME_COMPUTER,
> >
> > Well, in the future if we want to support sidHistory, the
> > role for SID_NAME_USER will change. What used to be a user
> > will not be resolvable anymore and in future tokens will be
> > presented to us as part of the auxiliary SIDs. We can only
> > make use of those IDs if we put them in as auxiliary groups
> > into our unix token. Yes, we need a modifed acl mapping for
> > this, so it's probably not done yet. But that is another
> > reason for TYPE_BOTH.
>
> Urggghhhh. That's just, it's just...... *nasty* :-).
>
> I can code around this in posix_acls.c but I'm
> shaking my head at this one :-).
Could you also please take a look at:
https://bugzilla.samba.org/show_bug.cgi?id=10217
and the patch attached to the bug? It is about sidHistory.
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list