Able to help me merging the privilege code?

Andrew Bartlett abartlet at samba.org
Thu Aug 26 06:57:14 MDT 2010 

On Mon, 2010-08-23 at 09:45 +1000, Andrew Bartlett wrote:
> On Mon, 2010-08-23 at 00:56 +0200, Michael Adam wrote:
> > Hi Andrew,
> > 
> > Andrew Bartlett wrote:
> > > Michael,
> > > 
> > > A while back we talked about the possibility of merging the privileges,
> > > code, given how close the NT_USER_TOKEN and struct security_token are.
> > 
> > It is a little embarassing, but I don't really remember that.
> > So it must have been a rather superficial discussion (or with
> > someone else). Don't be mad at me when I am forgot something
> > here... But so what, it sounds like a reasonable thing to do.
> 
> Good.  I'll slowly start making some proposals here over the next little
> while.  In the first instance, I'll propose to change the privileges
> bitmap in NT_USER_TOKEN to be a 64 bit number. 

In
http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/session-info I have the changes I am currently proposing.  I've made them compile (including per-patch for most of them), and I hope I've split them up enough for adequate review.  I'll start testing them tomorrow, but for now I'm interested in any comments on what I've done and how I'm approaching the problem. 

I also need to write an upgrade function to upgrade the privilage.tdb,
which as far as I read the GIT history and code, has been host by order
dependent since 2005.  In fixing that, I'll move to a new DB format
using a 64 bit bitmask. 

The basic idea has been to adapt the source4 privilege code to use the
bitmap constants and LUID values from source3, and to adapt the source3
code to some of the structures used in IDL or source4.  

(This isn't a one-sided merge, other adaptations of the source4 code to
make this easier are already in the tree). 

The next step will be to merge the privileges table, while preserving
the exiting behaviour in the source3 LSA server. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100826/62eaeb3f/attachment.pgp>

More information about the samba-technical mailing list