From 46d8ff2320a1c195c3b54c57f5bf172c8473a741 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 26 Jan 2005 20:36:44 +0000 Subject: r5015: (based on abartlet's original patch to restrict password changes) * added SE_PRIV checks to access_check_samr_object() in order to deal with the run-time security descriptor and their interaction with user rights * Reordered original patch in _samr_set_userinfo[2] to still allow root/administrative password changes for users and machines. (This used to be commit f9f9e6039bd9443d54445e41c3783a2be18925fb) --- source3/include/rpc_secdes.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/include/rpc_secdes.h') diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 56145ac024..1279007220 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -401,7 +401,10 @@ typedef struct standard_mapping { #define GENERIC_RIGHTS_USER_WRITE \ (STANDARD_RIGHTS_WRITE_ACCESS | \ SA_RIGHT_USER_CHANGE_PASSWORD | \ - SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */ + SA_RIGHT_USER_SET_LOC_COM | \ + SA_RIGHT_USER_SET_ATTRIBUTES | \ + SA_RIGHT_USER_SET_PASSWORD | \ + SA_RIGHT_USER_CHANGE_GROUP_MEM) /* 0x000204e4 */ #define GENERIC_RIGHTS_USER_EXECUTE \ (STANDARD_RIGHTS_EXECUTE_ACCESS | \ -- cgit