summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-10-20 15:54:40 +0200
committerGünther Deschner <gd@samba.org>2009-10-20 15:57:06 +0200
commita5a7b9ebc220b6477c987fe5552561c41e9d1b85 (patch)
tree1781a5daa9b8550a799b5bf94326d37817bb98f0
parent870f2d336a57f16ed5f1018ced6fa4ef5d61539c (diff)
downloadsamba-a5a7b9ebc220b6477c987fe5552561c41e9d1b85.tar.gz
samba-a5a7b9ebc220b6477c987fe5552561c41e9d1b85.tar.xz
samba-a5a7b9ebc220b6477c987fe5552561c41e9d1b85.zip
s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED.
Found by RPC-LSA-PRIVILEGES torture test. Guenther
-rw-r--r--source3/rpc_server/srv_lsa_nt.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index a3a1218956..9d1b5b91a1 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1665,6 +1665,11 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
+ /* Work out max allowed. */
+ map_max_allowed_access(p->server_info->ptok,
+ &p->server_info->utok,
+ &r->in.access_mask);
+
/* map the generic bits to the lsa policy ones */
se_map_generic(&r->in.access_mask, &lsa_account_mapping);