s3-lsa: Fix _lsa_CreateAccount() for usage of SEC_FLAG_MAXIMUM_ALLOWED.
[ira/wip.git] / source3 / rpc_server / srv_lsa_nt.c
index a3a1218956efc4fb29334f00e7df706a1dd9ae0c..9d1b5b91a1d921c8e1966f798e024403ea761438 100644 (file)
@@ -1665,6 +1665,11 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p,
                return NT_STATUS_ACCESS_DENIED;
        }
 
+       /* Work out max allowed. */
+       map_max_allowed_access(p->server_info->ptok,
+                              &p->server_info->utok,
+                              &r->in.access_mask);
+
        /* map the generic bits to the lsa policy ones */
        se_map_generic(&r->in.access_mask, &lsa_account_mapping);