Fix our privileges code to display privileges with the "high" 32-bit value set.

Jeremy Allison jra at
Thu Nov 18 17:17:34 MST 2010

On Fri, Nov 19, 2010 at 11:14:45AM +1100, Andrew Bartlett wrote:

> In theory, the LUID value is defined only by the server, and the client
> should do a lookup by string first.  This doesn't always happen, but all
> the known values have high==0. 

I'm redoing the ACL jumbo patch for 3.5.7 to make SeSecurityPrivilege
to be low 0x8, high 0, which will fix the problem. I'll reload it into
the bug report once I've finished testing.

> In the master code, we don't have what really caused the problem, which
> is a check for high==0, but a table that allows a non-zero value to be
> set.  The new code simply operates on 'low' only. 

I still prefer not to clip "high", so I'm going to leave
the last patch in place. Makes no sense to add a restriction
we don't know Windows has (IMHO).


More information about the samba-technical mailing list