privileges patches

Andrew Bartlett abartlet at
Sat Sep 11 03:06:49 MDT 2010

On Thu, 2010-09-09 at 12:33 +1000, Andrew Bartlett wrote:
> On Sat, 2010-09-04 at 10:06 +1000, tridge at wrote:
> > Hi Michael and Volker,
> > 
> > I've reviewed Andrew's session-info branch (which has the privileges
> > changes), and I'm now happy with it after asking for a few tidyups and
> > minor bug fixes, including adding backwards compatibility support for
> > the existing s3 privileges database format. I've signed off on the
> > patches.
> > 
> > I think it is a very nice consolidation of the privileges code, and it
> > achieves an important milestone of making the security_token structure
> > in common between Samba3 and Samba4. That will make it much easier to
> > share a large range of authentication related code.
> > 
> > So I'd like it to be merged into master, but as you have both raised
> > concerns I'd like to check with you first. 
> > 
> > I understand that you like the SE_PRIV structure, but I think if you
> > look at the final result of the patch you'll see that it really is an
> > improvement in readability as the old code was rather obscure. For
> > example, look at is_any_privilege_assigned() from the old code, which
> > does some pretty obscure bit manipulations.
> > 
> > So do you object to Andrew pushing this into master?
> Michael and Volker,
> I'm hoping to have this in the tree in the next couple of days.  To do
> that while ensuring that I've addressed your concerns, I need you to let
> me know if you intend to do a further review of the final patch.
> Tridge has signed off on the changes, after I corrected the issues his
> extensive and careful investigation found, and so I hope that we can
> merge this soon.

Just to follow up for the list:  After checking with Volker on IRC, I've
merged these.  We now have a common struct security_token containing the
user's SIDs, privileges and rights.  

I'm particularly excited about the possibilities for libraries such as
libgpo, as well as the chance to merge more of our ACL functions in the
near future.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list