[PATCH] Merging the privilege code

Andrew Bartlett abartlet at samba.org
Fri Aug 27 00:19:34 MDT 2010

On Thu, 2010-08-26 at 22:57 +1000, Andrew Bartlett wrote:
> On Mon, 2010-08-23 at 09:45 +1000, Andrew Bartlett wrote:

> > Good.  I'll slowly start making some proposals here over the next little
> > while.  In the first instance, I'll propose to change the privileges
> > bitmap in NT_USER_TOKEN to be a 64 bit number. 
> In
> http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/session-info I have the changes I am currently proposing.  I've made them compile (including per-patch for most of them), and I hope I've split them up enough for adequate review.  I'll start testing them tomorrow, but for now I'm interested in any comments on what I've done and how I'm approaching the problem. 
> I also need to write an upgrade function to upgrade the privilage.tdb,
> which as far as I read the GIT history and code, has been host by order
> dependent since 2005.  In fixing that, I'll move to a new DB format
> using a 64 bit bitmask. 

Aside from the upgrade code, I think this is ready for review.  I oddly
get two failures on UID-REGRESSION-TEST, and what I think is a failure
in the selftest code showing up in RAP-SAM, but other than that it
passes 'make test' in samba3.  (it's not the first time I've seen it,
but while I suspect it's unrelated, I'll investigate)

It also passes 'make test' in Samba4, with the odd exception of a
privileges failure that I'm struggling to reproduce.  I'm sure it's not
related ;-)

It is a very long (36 patch) series of commits, because I've followed
the advise I've been given so often in the past, and broken up the
changes as much as I've felt practical.  This should make it much easier
to review - most of the changes are renames of types, variables or

Once this is in, I'll follow up with ACL experts about the small
differences between the access check functions in source3 and source4,
so that these can also be merged.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100827/6168a533/attachment.pgp>

More information about the samba-technical mailing list