From: Jeremy Allison <jra@samba.org>
Date: Fri, 15 May 2009 21:20:00 +0000 (-0700)
Subject: Ensure users with SeAddUser privs get full access to
X-Git-Tag: tdb-1.1.5~523
X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=commitdiff_plain;h=8b4e491ab0af013ef1e3b4e3d85b4f9cd985d8d6;hp=5adb3b884130d6d292a4e25e3b32c50bc884dbf9

Ensure users with SeAddUser privs get full access to
groups/aliases when opening.
Jeremy.
---

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index f1725e24541..dabdc964c5a 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -4075,7 +4075,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p,
 	se_priv_copy( &se_rights, &se_add_users );
 
 	status = access_check_samr_object(psd, p->server_info->ptok,
-		&se_rights, SAMR_ALIAS_ACCESS_ADD_MEMBER,
+		&se_rights, GENERIC_RIGHTS_ALIAS_ALL_ACCESS,
 		des_access, &acc_granted, "_samr_OpenAlias");
 
 	if ( !NT_STATUS_IS_OK(status) )
@@ -6125,7 +6125,7 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
 	se_priv_copy( &se_rights, &se_add_users );
 
 	status = access_check_samr_object(psd, p->server_info->ptok,
-		&se_rights, SAMR_GROUP_ACCESS_ADD_MEMBER,
+		&se_rights, GENERIC_RIGHTS_GROUP_ALL_ACCESS,
 		des_access, &acc_granted, "_samr_OpenGroup");
 
 	if ( !NT_STATUS_IS_OK(status) )
@@ -6149,7 +6149,7 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	ginfo = policy_handle_create(p, r->out.group_handle,
-				     GENERIC_RIGHTS_GROUP_ALL_ACCESS,
+				     acc_granted,
 				     struct samr_group_info, &status);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;