From e2ce92e356aee6669305c203670004fc1369503d Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 23 Oct 2008 19:45:58 +0200
Subject: [PATCH] s3-samr: remove duplicate copies of Group Object specific
 access rights.

Guenther
(cherry picked from commit c9b124c4606becf3c5d197c9753405aa80420dcc)
---
 source/include/rpc_secdes.h     | 29 -----------------------------
 source/librpc/gen_ndr/samr.h    |  5 +++++
 source/rpc_server/srv_samr_nt.c | 10 +++++-----
 3 files changed, 10 insertions(+), 34 deletions(-)

diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h
index efeb503f2e8..9671b571384 100644
--- a/source/include/rpc_secdes.h
+++ b/source/include/rpc_secdes.h
@@ -214,35 +214,6 @@ struct standard_mapping {
 		SA_RIGHT_FILE_WRITE_DATA	| \
 		SA_RIGHT_FILE_READ_DATA)
 
-/* Group Object specific access rights */
-
-#define SA_RIGHT_GROUP_LOOKUP_INFO	0x00000001
-#define SA_RIGHT_GROUP_SET_INFO		0x00000002
-#define SA_RIGHT_GROUP_ADD_MEMBER	0x00000004
-#define SA_RIGHT_GROUP_REMOVE_MEMBER	0x00000008
-#define SA_RIGHT_GROUP_GET_MEMBERS	0x00000010
-
-#define SA_RIGHT_GROUP_ALL_ACCESS	0x0000001F
-
-#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
-		(STANDARD_RIGHTS_REQUIRED_ACCESS| \
-		SA_RIGHT_GROUP_ALL_ACCESS)	/* 0x000f001f */
-
-#define GENERIC_RIGHTS_GROUP_READ \
-		(STANDARD_RIGHTS_READ_ACCESS	| \
-		SA_RIGHT_GROUP_GET_MEMBERS)	/* 0x00020010 */
-
-#define GENERIC_RIGHTS_GROUP_WRITE \
-		(STANDARD_RIGHTS_WRITE_ACCESS	| \
-		SA_RIGHT_GROUP_REMOVE_MEMBER	| \
-		SA_RIGHT_GROUP_ADD_MEMBER	| \
-		SA_RIGHT_GROUP_SET_INFO )	/* 0x0002000e */
-
-#define GENERIC_RIGHTS_GROUP_EXECUTE \
-		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_GROUP_LOOKUP_INFO)	/* 0x00020001 */
-
-
 /* Alias Object specific access rights */
 
 #define SA_RIGHT_ALIAS_ADD_MEMBER	0x00000001
diff --git a/source/librpc/gen_ndr/samr.h b/source/librpc/gen_ndr/samr.h
index d4beda7e594..2f04aa5d27f 100644
--- a/source/librpc/gen_ndr/samr.h
+++ b/source/librpc/gen_ndr/samr.h
@@ -23,6 +23,11 @@
 #define GENERIC_RIGHTS_DOMAIN_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2) )
 #define GENERIC_RIGHTS_DOMAIN_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_DOMAIN_ACCESS_SET_INFO_3|SAMR_DOMAIN_ACCESS_CREATE_ALIAS|SAMR_DOMAIN_ACCESS_CREATE_GROUP|SAMR_DOMAIN_ACCESS_CREATE_USER|SAMR_DOMAIN_ACCESS_SET_INFO_2|SAMR_DOMAIN_ACCESS_SET_INFO_1) )
 #define GENERIC_RIGHTS_DOMAIN_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT|SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS|SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1) )
+#define SAMR_GROUP_ACCESS_ALL_ACCESS	( 0x0000001F )
+#define GENERIC_RIGHTS_GROUP_ALL_ACCESS	( (STANDARD_RIGHTS_REQUIRED_ACCESS|SAMR_GROUP_ACCESS_ALL_ACCESS) )
+#define GENERIC_RIGHTS_GROUP_READ	( (STANDARD_RIGHTS_READ_ACCESS|SAMR_GROUP_ACCESS_GET_MEMBERS) )
+#define GENERIC_RIGHTS_GROUP_WRITE	( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_GROUP_ACCESS_REMOVE_MEMBER|SAMR_GROUP_ACCESS_ADD_MEMBER|SAMR_GROUP_ACCESS_SET_INFO) )
+#define GENERIC_RIGHTS_GROUP_EXECUTE	( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_GROUP_ACCESS_LOOKUP_INFO) )
 #define MAX_SAM_ENTRIES_W2K	( 0x400 )
 #define MAX_SAM_ENTRIES_W95	( 50 )
 #define SAMR_ENUM_USERS_MULTIPLIER	( 54 )
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 7655ec56e1f..af2fd09f721 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -4540,7 +4540,7 @@ NTSTATUS _samr_QueryGroupMember(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_GROUP_GET_MEMBERS,
+					    SAMR_GROUP_ACCESS_GET_MEMBERS,
 					    "_samr_QueryGroupMember");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -4704,7 +4704,7 @@ NTSTATUS _samr_AddGroupMember(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_GROUP_ADD_MEMBER,
+					    SAMR_GROUP_ACCESS_ADD_MEMBER,
 					    "_samr_AddGroupMember");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -4764,7 +4764,7 @@ NTSTATUS _samr_DeleteGroupMember(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_GROUP_REMOVE_MEMBER,
+					    SAMR_GROUP_ACCESS_REMOVE_MEMBER,
 					    "_samr_DeleteGroupMember");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -5219,7 +5219,7 @@ NTSTATUS _samr_QueryGroupInfo(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_GROUP_LOOKUP_INFO,
+					    SAMR_GROUP_ACCESS_LOOKUP_INFO,
 					    "_samr_QueryGroupInfo");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -5325,7 +5325,7 @@ NTSTATUS _samr_SetGroupInfo(pipes_struct *p,
 		return NT_STATUS_INVALID_HANDLE;
 
 	status = access_check_samr_function(acc_granted,
-					    SA_RIGHT_GROUP_SET_INFO,
+					    SAMR_GROUP_ACCESS_SET_INFO,
 					    "_samr_SetGroupInfo");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
-- 
2.11.4.GIT