From c29b7e79a5822aff583b17918f085edd5aa0c5e9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 May 2009 17:55:41 -0700 Subject: [PATCH] Ensure users with SeAddUser privs get full access to groups/aliases when opening. Jeremy. (cherry picked from commit 72f90581a78443efd6cf24bac635fe9032df18fd) --- source3/rpc_server/srv_samr_nt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 2979d7100d1..22a2fd23fab 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -4136,7 +4136,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p, se_priv_copy( &se_rights, &se_add_users ); status = access_check_samr_object(psd, p->server_info->ptok, - &se_rights, SAMR_ALIAS_ACCESS_ADD_MEMBER, + &se_rights, GENERIC_RIGHTS_ALIAS_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenAlias"); if ( !NT_STATUS_IS_OK(status) ) @@ -6210,7 +6210,7 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, se_priv_copy( &se_rights, &se_add_users ); status = access_check_samr_object(psd, p->server_info->ptok, - &se_rights, SAMR_GROUP_ACCESS_ADD_MEMBER, + &se_rights, GENERIC_RIGHTS_GROUP_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenGroup"); if ( !NT_STATUS_IS_OK(status) ) -- 2.34.1