Why are we allocating ID_TYPE_BOTH on a user or machine SID type?

Andreas Schneider asn at samba.org
Fri Oct 18 07:48:29 MDT 2013

On Thursday 17 October 2013 13:40:12 Jeremy Allison wrote:
> On Thu, Oct 17, 2013 at 10:06:16AM +0200, Volker Lendecke wrote:
> > On Wed, Oct 16, 2013 at 09:02:48PM -0700, Jeremy Allison wrote:
> > > But in the case where a SID *is* a SID_NAME_USER or a SID_NAME_COMPUTER,
> > 
> > Well, in the future if we want to support sidHistory, the
> > role for SID_NAME_USER will change. What used to be a user
> > will not be resolvable anymore and in future tokens will be
> > presented to us as part of the auxiliary SIDs. We can only
> > make use of those IDs if we put them in as auxiliary groups
> > into our unix token. Yes, we need a modifed acl mapping for
> > this, so it's probably not done yet. But that is another
> > reason for TYPE_BOTH.
> Urggghhhh. That's just, it's just...... *nasty* :-).
> I can code around this in posix_acls.c but I'm
> shaking my head at this one :-).

Could you also please take a look at:


and the patch attached to the bug? It is about sidHistory.

	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the samba-technical mailing list