From a5a7b9ebc220b6477c987fe5552561c41e9d1b85 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 20 Oct 2009 15:54:40 +0200 Subject: s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED. Found by RPC-LSA-PRIVILEGES torture test. Guenther --- source3/rpc_server/srv_lsa_nt.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3') diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index a3a1218956..9d1b5b91a1 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1665,6 +1665,11 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } + /* Work out max allowed. */ + map_max_allowed_access(p->server_info->ptok, + &p->server_info->utok, + &r->in.access_mask); + /* map the generic bits to the lsa policy ones */ se_map_generic(&r->in.access_mask, &lsa_account_mapping); -- cgit