diff options
author | Volker Lendecke <vl@samba.org> | 2009-02-03 14:41:49 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-02-03 14:44:30 +0100 |
commit | fda8abac17892e51c2d5fcdc1f405477bef320ed (patch) | |
tree | e74b339d203a28262ad40fb5dea67ae695a6e561 | |
parent | e6bb55c3d5b491ab9e6d568e6ce7594695e53322 (diff) | |
download | samba-fda8abac17892e51c2d5fcdc1f405477bef320ed.tar.gz samba-fda8abac17892e51c2d5fcdc1f405477bef320ed.tar.bz2 samba-fda8abac17892e51c2d5fcdc1f405477bef320ed.zip |
s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
-rw-r--r-- | source3/libnet/libnet_join.c | 7 | ||||
-rw-r--r-- | source3/utils/net_rpc_join.c | 7 |
2 files changed, 10 insertions, 4 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index b33800f20d..20f7b97745 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -790,7 +790,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, pipe_hnd->desthost, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_ACCESS_ENUM_DOMAINS + | SAMR_ACCESS_OPEN_DOMAIN, &sam_pol); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -798,7 +799,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 + | SAMR_DOMAIN_ACCESS_CREATE_USER + | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, r->out.domain_sid, &domain_pol); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 5651676693..0c363d373e 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -243,14 +243,17 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx, pipe_hnd->desthost, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_ACCESS_ENUM_DOMAINS + | SAMR_ACCESS_OPEN_DOMAIN, &sam_pol), "could not connect to SAM database"); CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 + | SAMR_DOMAIN_ACCESS_CREATE_USER + | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, domain_sid, &domain_pol), "could not open domain"); |