From 962a5c95528932fde64c8c8b70b0a81c382c2905 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Fri, 28 Jan 2005 16:55:09 +0000
Subject: r5056: * correct STANDARD_RIGHTS_WRITE_ACCESS bitmask define * make
 sure to apply the rights_mask and not just the saved   bits from the mask in
 access_check_samr_object() * allow root to grant/revoke privileges (in
 addition to Domain   Admins) as suggested by Volker.

Tested machine joins from XP, 2K, and NT4 with and without
pre-existing machine trust accounts.  Also tested basic file
operations using cmd.exe and explorer.exe after changing the
STANDARD_RIGHTS_WRITE_ACCESS bitmask.
(This used to be commit c0e7f7ff60a4110809b8f500fdc68a1bf963da36)
---
 source3/include/rpc_secdes.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'source3/include/rpc_secdes.h')

diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 1279007220..3e4c47dce9 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -251,7 +251,10 @@ typedef struct standard_mapping {
 #define STANDARD_RIGHTS_ALL_ACCESS	STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
 #define STANDARD_RIGHTS_EXECUTE_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
 #define STANDARD_RIGHTS_READ_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS	STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
+#define STANDARD_RIGHTS_WRITE_ACCESS \
+		(STD_RIGHT_WRITE_OWNER_ACCESS	| \
+		 STD_RIGHT_WRITE_DAC_ACCESS	| \
+		 STD_RIGHT_DELETE_ACCESS)	/* 0x000d0000 */
 #define STANDARD_RIGHTS_REQUIRED_ACCESS \
 		(STD_RIGHT_DELETE_ACCESS	| \
 		STD_RIGHT_READ_CONTROL_ACCESS	| \
-- 
cgit