summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2009-05-15 14:20:00 -0700
committerJeremy Allison <jra@samba.org>2009-05-15 14:20:00 -0700
commit8b4e491ab0af013ef1e3b4e3d85b4f9cd985d8d6 (patch)
tree253964cf5ab0894f5f5aaddcc9c5977504caca91
parent5adb3b884130d6d292a4e25e3b32c50bc884dbf9 (diff)
downloadsamba-8b4e491ab0af013ef1e3b4e3d85b4f9cd985d8d6.tar.gz
samba-8b4e491ab0af013ef1e3b4e3d85b4f9cd985d8d6.tar.bz2
samba-8b4e491ab0af013ef1e3b4e3d85b4f9cd985d8d6.zip
Ensure users with SeAddUser privs get full access to
groups/aliases when opening. Jeremy.
-rw-r--r--source3/rpc_server/srv_samr_nt.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index f1725e2454..dabdc964c5 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -4075,7 +4075,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
se_priv_copy( &se_rights, &se_add_users );
status = access_check_samr_object(psd, p->server_info->ptok,
- &se_rights, SAMR_ALIAS_ACCESS_ADD_MEMBER,
+ &se_rights, GENERIC_RIGHTS_ALIAS_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenAlias");
if ( !NT_STATUS_IS_OK(status) )
@@ -6125,7 +6125,7 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
se_priv_copy( &se_rights, &se_add_users );
status = access_check_samr_object(psd, p->server_info->ptok,
- &se_rights, SAMR_GROUP_ACCESS_ADD_MEMBER,
+ &se_rights, GENERIC_RIGHTS_GROUP_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenGroup");
if ( !NT_STATUS_IS_OK(status) )
@@ -6149,7 +6149,7 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
return NT_STATUS_NO_SUCH_GROUP;
ginfo = policy_handle_create(p, r->out.group_handle,
- GENERIC_RIGHTS_GROUP_ALL_ACCESS,
+ acc_granted,
struct samr_group_info, &status);
if (!NT_STATUS_IS_OK(status)) {
return status;