git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 870f2d3)
s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED.
authorGünther Deschner <gd@samba.org>
Tue, 20 Oct 2009 13:54:40 +0000 (15:54 +0200)
committerGünther Deschner <gd@samba.org>
Tue, 20 Oct 2009 13:57:06 +0000 (15:57 +0200)
Found by RPC-LSA-PRIVILEGES torture test.

Guenther

source3/rpc_server/srv_lsa_nt.c patch | blob | history

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index a3a1218956efc4fb29334f00e7df706a1dd9ae0c..9d1b5b91a1d921c8e1966f798e024403ea761438 100644 (file)
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1665,6 +1665,11 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
                return NT_STATUS_ACCESS_DENIED;
        }
 
+       /* Work out max allowed. */
+       map_max_allowed_access(p->server_info->ptok,
+                              &p->server_info->utok,
+                              &r->in.access_mask);
+
        /* map the generic bits to the lsa policy ones */
        se_map_generic(&r->in.access_mask, &lsa_account_mapping);
 
Samba Shared Repository