diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c index 850ccae980b..72edf0eed15 100644 --- a/auth/auth_sam_reply.c +++ b/auth/auth_sam_reply.c @@ -677,8 +677,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, if (!sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid, base->rid)) { return NT_STATUS_INVALID_PARAMETER; } - user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid = *base->domain_sid; if (!sid_append_rid(&user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid, base->primary_gid)) { @@ -690,8 +689,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, * group in the first place, and besides, these attributes will never * make their way into a PAC. */ - user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS; for (i = 0; i < base->groups.count; i++) { /* Skip primary group, already added above */ diff --git a/auth/wbc_auth_util.c b/auth/wbc_auth_util.c index 52573e2a773..311052c9108 100644 --- a/auth/wbc_auth_util.c +++ b/auth/wbc_auth_util.c @@ -50,9 +50,7 @@ static NTSTATUS wbcsids_to_samr_RidWithAttributeArray( &groups->rids[j].rid); if (!ok) continue; - groups->rids[j].attributes = SE_GROUP_MANDATORY | - SE_GROUP_ENABLED_BY_DEFAULT | - SE_GROUP_ENABLED; + groups->rids[j].attributes = SE_GROUP_DEFAULT_FLAGS; j++; } @@ -91,9 +89,7 @@ static NTSTATUS wbcsids_to_netr_SidAttrArray( talloc_free(info3_sids); return NT_STATUS_NO_MEMORY; } - info3_sids[j].attributes = SE_GROUP_MANDATORY | - SE_GROUP_ENABLED_BY_DEFAULT | - SE_GROUP_ENABLED; + info3_sids[j].attributes = SE_GROUP_DEFAULT_FLAGS; j++; } diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 3d2c8a33903..05c40618a10 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -665,6 +665,11 @@ interface security SE_GROUP_LOGON_ID = 0xC0000000 } security_GroupAttrs; + const uint32 SE_GROUP_DEFAULT_FLAGS = + SE_GROUP_MANDATORY | + SE_GROUP_ENABLED_BY_DEFAULT | + SE_GROUP_ENABLED; + /* This is not yet sent over the network, but is simply defined in IDL */ typedef [public] struct { uint32 num_sids; diff --git a/python/samba/tests/krb5/group_tests.py b/python/samba/tests/krb5/group_tests.py index 6d84d3a2522..b4075175113 100755 --- a/python/samba/tests/krb5/group_tests.py +++ b/python/samba/tests/krb5/group_tests.py @@ -75,9 +75,7 @@ class GroupTests(KDCBaseTest): trust_user = object() # Constants for group SID attributes. - default_attrs = (security.SE_GROUP_MANDATORY | - security.SE_GROUP_ENABLED_BY_DEFAULT | - security.SE_GROUP_ENABLED) + default_attrs = security.SE_GROUP_DEFAULT_FLAGS resource_attrs = default_attrs | security.SE_GROUP_RESOURCE asserted_identity = security.SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY diff --git a/python/samba/tests/krb5/s4u_tests.py b/python/samba/tests/krb5/s4u_tests.py index 3c94c11d607..52c6a7797c1 100755 --- a/python/samba/tests/krb5/s4u_tests.py +++ b/python/samba/tests/krb5/s4u_tests.py @@ -61,9 +61,7 @@ global_hexdump = False class S4UKerberosTests(KDCBaseTest): - default_attrs = (security.SE_GROUP_MANDATORY | - security.SE_GROUP_ENABLED_BY_DEFAULT | - security.SE_GROUP_ENABLED) + default_attrs = security.SE_GROUP_DEFAULT_FLAGS def setUp(self): super(S4UKerberosTests, self).setUp() diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 3bc44315682..9fe407ee5e9 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -723,7 +723,7 @@ NTSTATUS auth3_user_info_dc_add_hints(struct auth_user_info_dc *user_info_dc, (uint32_t)uid); status = add_sid_to_array_attrs_unique(user_info_dc->sids, &tmp_sid, - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED, + SE_GROUP_DEFAULT_FLAGS, &user_info_dc->sids, &user_info_dc->num_sids); if (!NT_STATUS_IS_OK(status)) { @@ -741,7 +741,7 @@ NTSTATUS auth3_user_info_dc_add_hints(struct auth_user_info_dc *user_info_dc, (uint32_t)gid); status = add_sid_to_array_attrs_unique(user_info_dc->sids, &tmp_sid, - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED, + SE_GROUP_DEFAULT_FLAGS, &user_info_dc->sids, &user_info_dc->num_sids); if (!NT_STATUS_IS_OK(status)) { @@ -759,7 +759,7 @@ NTSTATUS auth3_user_info_dc_add_hints(struct auth_user_info_dc *user_info_dc, flags); status = add_sid_to_array_attrs_unique(user_info_dc->sids, &tmp_sid, - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED, + SE_GROUP_DEFAULT_FLAGS, &user_info_dc->sids, &user_info_dc->num_sids); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index e5debd45b97..1eae63664cb 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -221,9 +221,7 @@ static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3, const struct dom_sid *sids, size_t num_sids) { - uint32_t attributes = SE_GROUP_MANDATORY | - SE_GROUP_ENABLED_BY_DEFAULT | - SE_GROUP_ENABLED; + uint32_t attributes = SE_GROUP_DEFAULT_FLAGS; struct samr_RidWithAttributeArray *groups; struct dom_sid *domain_sid; unsigned int i; diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c index 5f93d4287ad..17136ba8449 100644 --- a/source3/rpc_server/samr/srv_samr_nt.c +++ b/source3/rpc_server/samr/srv_samr_nt.c @@ -3360,8 +3360,7 @@ NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p, gids = NULL; num_gids = 0; - dom_gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| - SE_GROUP_ENABLED); + dom_gid.attributes = SE_GROUP_DEFAULT_FLAGS; dom_gid.rid = primary_group_rid; ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids); @@ -6074,9 +6073,7 @@ NTSTATUS _samr_QueryGroupMember(struct pipes_struct *p, } for (i=0; icount = num_members; @@ -6597,9 +6594,7 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p, GROUP_MAP *map; union samr_GroupInfo *info = NULL; bool ret; - uint32_t attributes = SE_GROUP_MANDATORY | - SE_GROUP_ENABLED_BY_DEFAULT | - SE_GROUP_ENABLED; + uint32_t attributes = SE_GROUP_DEFAULT_FLAGS; const char *group_name = NULL; const char *group_description = NULL; diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c index eb5826a3137..6ae3e444ffc 100644 --- a/source4/auth/ntlm/auth_developer.c +++ b/source4/auth/ntlm/auth_developer.c @@ -86,7 +86,7 @@ static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx, NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); user_info_dc->sids->sid = global_sid_Anonymous; - user_info_dc->sids->attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS; /* annoying, but the Anonymous really does have a session key, and it is all zeros! */ diff --git a/source4/auth/sam.c b/source4/auth/sam.c index c8469738e81..b9a4d834539 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -389,12 +389,10 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, } sids[PRIMARY_USER_SID_INDEX].sid = *account_sid; - sids[PRIMARY_USER_SID_INDEX].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS; sids[PRIMARY_GROUP_SID_INDEX].sid = *domain_sid; sid_append_rid(&sids[PRIMARY_GROUP_SID_INDEX].sid, ldb_msg_find_attr_as_uint(msg, "primaryGroupID", ~0)); - sids[PRIMARY_GROUP_SID_INDEX].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS; /* * Filter out builtin groups from this token. We will search @@ -581,8 +579,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } user_info_dc->sids[user_info_dc->num_sids].sid = global_sid_Enterprise_DCs; - user_info_dc->sids[user_info_dc->num_sids].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[user_info_dc->num_sids].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->num_sids++; } @@ -600,8 +597,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, user_info_dc->sids[user_info_dc->num_sids].sid = *domain_sid; sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids].sid, DOMAIN_RID_ENTERPRISE_READONLY_DCS); - user_info_dc->sids[user_info_dc->num_sids].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[user_info_dc->num_sids].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->num_sids++; } diff --git a/source4/auth/session.c b/source4/auth/session.c index 5905964ecfc..ed06efe70a8 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -136,11 +136,11 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, } sid_copy(&sids[num_sids].sid, &global_sid_World); - sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS; num_sids++; sid_copy(&sids[num_sids].sid, &global_sid_Network); - sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS; num_sids++; } @@ -152,7 +152,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, } sid_copy(&sids[num_sids].sid, &global_sid_Authenticated_Users); - sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS; num_sids++; } @@ -167,7 +167,7 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, TALLOC_FREE(tmp_ctx); return NT_STATUS_INTERNAL_ERROR; } - sids[num_sids].attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sids[num_sids].attrs = SE_GROUP_DEFAULT_FLAGS; num_sids++; } diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c index ea692e16707..b6de6a140e3 100644 --- a/source4/auth/system_session.c +++ b/source4/auth/system_session.c @@ -129,7 +129,7 @@ NTSTATUS auth_system_user_info_dc(TALLOC_CTX *mem_ctx, const char *netbios_name, NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); user_info_dc->sids->sid = global_sid_System; - user_info_dc->sids->attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS; /* annoying, but the Anonymous really does have a session key, and it is all zeros! */ @@ -206,34 +206,27 @@ static NTSTATUS auth_domain_admin_user_info_dc(TALLOC_CTX *mem_ctx, user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid = *domain_sid; sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX].sid, DOMAIN_RID_ADMINISTRATOR); - user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[PRIMARY_USER_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid = *domain_sid; sid_append_rid(&user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].sid, DOMAIN_RID_USERS); - user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[PRIMARY_GROUP_SID_INDEX].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->sids[2].sid = global_sid_Builtin_Administrators; - user_info_dc->sids[2].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[2].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->sids[3].sid = *domain_sid; sid_append_rid(&user_info_dc->sids[3].sid, DOMAIN_RID_ADMINS); - user_info_dc->sids[3].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[3].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->sids[4].sid = *domain_sid; sid_append_rid(&user_info_dc->sids[4].sid, DOMAIN_RID_ENTERPRISE_ADMINS); - user_info_dc->sids[4].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[4].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->sids[5].sid = *domain_sid; sid_append_rid(&user_info_dc->sids[5].sid, DOMAIN_RID_POLICY_ADMINS); - user_info_dc->sids[5].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[5].attrs = SE_GROUP_DEFAULT_FLAGS; user_info_dc->sids[6].sid = *domain_sid; sid_append_rid(&user_info_dc->sids[6].sid, DOMAIN_RID_SCHEMA_ADMINS); - user_info_dc->sids[6].attrs - = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids[6].attrs = SE_GROUP_DEFAULT_FLAGS; /* What should the session key be?*/ user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16); @@ -391,7 +384,7 @@ _PUBLIC_ NTSTATUS auth_anonymous_user_info_dc(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); user_info_dc->sids->sid = global_sid_Anonymous; - user_info_dc->sids->attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + user_info_dc->sids->attrs = SE_GROUP_DEFAULT_FLAGS; /* annoying, but the Anonymous really does have a session key... */ user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16); diff --git a/source4/dsdb/common/util_groups.c b/source4/dsdb/common/util_groups.c index 120015877a3..cf3d48bcfc8 100644 --- a/source4/dsdb/common/util_groups.c +++ b/source4/dsdb/common/util_groups.c @@ -177,7 +177,7 @@ NTSTATUS dsdb_expand_nested_groups(struct ldb_context *sam_ctx, uint32_t sid_attrs; bool already_there; - sid_attrs = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sid_attrs = SE_GROUP_DEFAULT_FLAGS; group_type = ldb_msg_find_attr_as_uint(res->msgs[0], "groupType", 0); if (group_type & GROUP_TYPE_RESOURCE_GROUP) { sid_attrs |= SE_GROUP_RESOURCE; diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index a4ef129c467..9ffa33b6b18 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -1226,7 +1226,7 @@ static int get_pso_for_user(struct ldb_module *module, /* lookup the best PSO object, based on the user's SID */ user_sid = samdb_result_dom_sid_attrs( tmp_ctx, user_msg, "objectSid", - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED); + SE_GROUP_DEFAULT_FLAGS); ret = pso_find_best(module, tmp_ctx, parent, user_sid, 1, &best_pso); diff --git a/source4/dsdb/tests/python/token_group.py b/source4/dsdb/tests/python/token_group.py index bc2c4c71350..2f81aab076f 100755 --- a/source4/dsdb/tests/python/token_group.py +++ b/source4/dsdb/tests/python/token_group.py @@ -642,7 +642,7 @@ class DynamicTokenTest(samba.tests.TestCase): rids = samr_conn.GetGroupsForUser(user_handle) samr_dns = set() for rid in rids.rids: - self.assertEqual(rid.attributes, security.SE_GROUP_MANDATORY | security.SE_GROUP_ENABLED_BY_DEFAULT | security.SE_GROUP_ENABLED) + self.assertEqual(rid.attributes, security.SE_GROUP_DEFAULT_FLAGS) sid = "%s-%d" % (domain_sid, rid.rid) res = self.admin_ldb.search(base="" % sid, scope=ldb.SCOPE_BASE, attrs=[]) diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 35e4bf4c248..d9c76ba3b1f 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -844,7 +844,7 @@ static NTSTATUS samba_add_asserted_identity(TALLOC_CTX *mem_ctx, return add_sid_to_array_attrs_unique( user_info_dc, &ai_sid, - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED, + SE_GROUP_DEFAULT_FLAGS, &user_info_dc->sids, &user_info_dc->num_sids); } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index b1342cbfe84..2df9312fe31 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -2356,7 +2356,7 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T switch (r->in.level) { case GROUPINFOALL: QUERY_STRING(msg, all.name, "sAMAccountName"); - info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ + info->all.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */ QUERY_UINT (msg, all.num_members, "numMembers") QUERY_STRING(msg, all.description, "description"); break; @@ -2364,14 +2364,14 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T QUERY_STRING(msg, name, "sAMAccountName"); break; case GROUPINFOATTRIBUTES: - info->attributes.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ + info->attributes.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */ break; case GROUPINFODESCRIPTION: QUERY_STRING(msg, description, "description"); break; case GROUPINFOALL2: QUERY_STRING(msg, all2.name, "sAMAccountName"); - info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ + info->all.attributes = SE_GROUP_DEFAULT_FLAGS; /* Do like w2k3 */ QUERY_UINT (msg, all2.num_members, "numMembers") QUERY_STRING(msg, all2.description, "description"); break; @@ -2676,9 +2676,7 @@ static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call, return status; } - array->attributes[array->count] = SE_GROUP_MANDATORY | - SE_GROUP_ENABLED_BY_DEFAULT | - SE_GROUP_ENABLED; + array->attributes[array->count] = SE_GROUP_DEFAULT_FLAGS; array->count++; } @@ -4437,8 +4435,7 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, /* Adds the primary group */ array->rids[0].rid = primary_group_id; - array->rids[0].attributes = SE_GROUP_MANDATORY - | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + array->rids[0].attributes = SE_GROUP_DEFAULT_FLAGS; array->count += 1; /* Adds the additional groups */ @@ -4454,8 +4451,7 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, array->rids[i + 1].rid = group_sid->sub_auths[group_sid->num_auths-1]; - array->rids[i + 1].attributes = SE_GROUP_MANDATORY - | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + array->rids[i + 1].attributes = SE_GROUP_DEFAULT_FLAGS; array->count += 1; } @@ -4740,9 +4736,7 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, /* * We get a "7" here for groups */ - entriesFullGroup[count].acct_flags = - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | - SE_GROUP_ENABLED; + entriesFullGroup[count].acct_flags = SE_GROUP_DEFAULT_FLAGS; entriesFullGroup[count].account_name.string = ldb_msg_find_attr_as_string( rec->msgs[0], "sAMAccountName", "");