From 8b4e491ab0af013ef1e3b4e3d85b4f9cd985d8d6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 May 2009 14:20:00 -0700 Subject: Ensure users with SeAddUser privs get full access to groups/aliases when opening. Jeremy. --- source3/rpc_server/srv_samr_nt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index f1725e2454..dabdc964c5 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -4075,7 +4075,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p, se_priv_copy( &se_rights, &se_add_users ); status = access_check_samr_object(psd, p->server_info->ptok, - &se_rights, SAMR_ALIAS_ACCESS_ADD_MEMBER, + &se_rights, GENERIC_RIGHTS_ALIAS_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenAlias"); if ( !NT_STATUS_IS_OK(status) ) @@ -6125,7 +6125,7 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, se_priv_copy( &se_rights, &se_add_users ); status = access_check_samr_object(psd, p->server_info->ptok, - &se_rights, SAMR_GROUP_ACCESS_ADD_MEMBER, + &se_rights, GENERIC_RIGHTS_GROUP_ALL_ACCESS, des_access, &acc_granted, "_samr_OpenGroup"); if ( !NT_STATUS_IS_OK(status) ) @@ -6149,7 +6149,7 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, return NT_STATUS_NO_SUCH_GROUP; ginfo = policy_handle_create(p, r->out.group_handle, - GENERIC_RIGHTS_GROUP_ALL_ACCESS, + acc_granted, struct samr_group_info, &status); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit