From eb1c74737e5d40ae85102613a4dfcd89a3235feb Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 18 May 2009 14:26:37 -0700
Subject: [PATCH] Fix SAMR server for winbindd access. Ensure we allow
 MAX_ACCESS to be mapped to what we're giving Everyone. Jeremy.

Fixes bug #6504.
(cherry picked from commit 4e854cb52cfb4f3c25c92324c6e7505f1c8290b3)
---
 source/rpc_server/srv_samr_nt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 47aa1e9a9b0..92a198dd3b8 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -260,8 +260,8 @@ static void map_max_allowed_access(const NT_USER_TOKEN *token,
 	}
 	*pacc_requested &= ~MAXIMUM_ALLOWED_ACCESS;
 
-	/* At least try for generic read. */
-	*pacc_requested = GENERIC_READ_ACCESS;
+	/* At least try for generic read|execute - Everyone gets that. */
+	*pacc_requested = GENERIC_READ_ACCESS|GENERIC_EXECUTE_ACCESS;
 
 	/* root gets anything. */
 	if (geteuid() == sec_initial_uid()) {
-- 
2.11.4.GIT