Fix our privileges code to display privileges with the "high" 32-bit value set.

Jeremy Allison jra at
Thu Nov 18 17:07:29 MST 2010

On Fri, Nov 19, 2010 at 10:57:26AM +1100, Andrew Bartlett wrote:
> I can't even see SeSecurityPrivilege in v3-5-test.  Is it defined like
> all the others, or has someone added it in another patch, with an
> unexpected LUID value?

It's added as part of the jumbo ACL patch, and was listed as
being (0x8, 0x0), which was "high, low", not "low, high", so
that's how I added it.

> Ahh, so someone copied in the line literally, without paying attention
> to the other values in context, and so used the high bits, and not the
> low bits?

Yep - pretty much the size of it.

> That all makes sense, so it has the same definition as 3.6, rather than
> following the pattern of the rest of the table.  What had me confused
> was that I was expecting that all privileges would work, or no
> privileges would work...

No, everything worked *except for SeSecurity* :-). Which made
it fun to track down (actually it worked, it just wouldn't

> Wow!  I can see why folks are talking about eliminating the current 3.6 branch and trying again...

As it's not stored anywhere in any tdb, but just used to
talk to the client I could always reverse it in the ACL
jumbo patch for 3.5.x, - which would mean the last patch
wasn't needed. But still I don't like explicitly forcing
high == 0 when that's not listed in any protocol docs
that I know.


More information about the samba-technical mailing list