diff options
| author | Günther Deschner <gd@samba.org> | 2009-10-20 15:54:40 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2009-10-20 15:57:06 +0200 |
| commit | a5a7b9ebc220b6477c987fe5552561c41e9d1b85 (patch) | |
| tree | 1781a5daa9b8550a799b5bf94326d37817bb98f0 | |
| parent | 870f2d336a57f16ed5f1018ced6fa4ef5d61539c (diff) | |
| download | samba-a5a7b9ebc220b6477c987fe5552561c41e9d1b85.tar.gz samba-a5a7b9ebc220b6477c987fe5552561c41e9d1b85.tar.xz samba-a5a7b9ebc220b6477c987fe5552561c41e9d1b85.zip | |
s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED.
Found by RPC-LSA-PRIVILEGES torture test.
Guenther
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index a3a1218956..9d1b5b91a1 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1665,6 +1665,11 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } + /* Work out max allowed. */ + map_max_allowed_access(p->server_info->ptok, + &p->server_info->utok, + &r->in.access_mask); + /* map the generic bits to the lsa policy ones */ se_map_generic(&r->in.access_mask, &lsa_account_mapping); |