libmsrpc user priv access mask

Chris Nicholls cnicholl at
Tue Aug 2 06:59:39 GMT 2005

>>Do you think it would be worthwhile to use access bits for 
>>the LSA functions that require user privileges
>>(LsaAddAccountRights for example)?  This would entail writing
>>a function that translates between the access bits and an
>>array of string representations of the privs.  I think it
>>would make developing with the library much cleaner, even
>>though there are only a small handful of functions that 
>>will actually use it.  But I thought I would see if there
>>are any comments before going through with it.
>First let's make sure that we are talking about the same things
>here.  Are you talking about the privilege names such as
>SePrintOperatorPrivilege?  Or are you talking about the
>requested access bits used in the open handle call?  I'm
>assuming the former.
Yep, I'm talking about the privilege names, like 
SePrintOperatorPrivilege.  I was considering defining some bitmasks that 
can be used to specify the privileges and then internally worry about 
converting it to the actual strings.   I just don't like the idea of 
using strings to specify all the privileges, but it's probably far more 
trouble than it's worth for the 2 or 3 functions it will be useful for. 
(ie whatever uses cli_lsa_add_account_rights() and 


More information about the samba-technical mailing list