diff options
| author | Gerald Carter <jerry@samba.org> | 2005-01-26 20:36:44 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:12 -0500 |
| commit | 46d8ff2320a1c195c3b54c57f5bf172c8473a741 (patch) | |
| tree | e82641aeeb068339919bc69287e1db936b20e293 /source3/include | |
| parent | 02c25a2683204d8b20a1e69ea354b9e08b0fd94d (diff) | |
| download | samba-46d8ff2320a1c195c3b54c57f5bf172c8473a741.tar.gz samba-46d8ff2320a1c195c3b54c57f5bf172c8473a741.tar.bz2 samba-46d8ff2320a1c195c3b54c57f5bf172c8473a741.zip | |
r5015: (based on abartlet's original patch to restrict password changes)
* added SE_PRIV checks to access_check_samr_object() in order
to deal with the run-time security descriptor and their
interaction with user rights
* Reordered original patch in _samr_set_userinfo[2] to still
allow root/administrative password changes for users and machines.
(This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb)
Diffstat (limited to 'source3/include')
| -rw-r--r-- | source3/include/rpc_secdes.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 56145ac024..1279007220 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -401,7 +401,10 @@ typedef struct standard_mapping { #define GENERIC_RIGHTS_USER_WRITE \ (STANDARD_RIGHTS_WRITE_ACCESS | \ SA_RIGHT_USER_CHANGE_PASSWORD | \ - SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */ + SA_RIGHT_USER_SET_LOC_COM | \ + SA_RIGHT_USER_SET_ATTRIBUTES | \ + SA_RIGHT_USER_SET_PASSWORD | \ + SA_RIGHT_USER_CHANGE_GROUP_MEM) /* 0x000204e4 */ #define GENERIC_RIGHTS_USER_EXECUTE \ (STANDARD_RIGHTS_EXECUTE_ACCESS | \ |