summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2009-02-03 14:41:49 +0100
committerKarolin Seeger <kseeger@samba.org>2009-02-03 14:44:30 +0100
commitfda8abac17892e51c2d5fcdc1f405477bef320ed (patch)
treee74b339d203a28262ad40fb5dea67ae695a6e561
parente6bb55c3d5b491ab9e6d568e6ce7594695e53322 (diff)
downloadsamba-fda8abac17892e51c2d5fcdc1f405477bef320ed.tar.gz
samba-fda8abac17892e51c2d5fcdc1f405477bef320ed.tar.bz2
samba-fda8abac17892e51c2d5fcdc1f405477bef320ed.zip
s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
-rw-r--r--source3/libnet/libnet_join.c7
-rw-r--r--source3/utils/net_rpc_join.c7
2 files changed, 10 insertions, 4 deletions
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index b33800f20d..20f7b97745 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -790,7 +790,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SAMR_ACCESS_ENUM_DOMAINS
+ | SAMR_ACCESS_OPEN_DOMAIN,
&sam_pol);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@@ -798,7 +799,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
&sam_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+ | SAMR_DOMAIN_ACCESS_CREATE_USER
+ | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
r->out.domain_sid,
&domain_pol);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 5651676693..0c363d373e 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -243,14 +243,17 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
pipe_hnd->desthost,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SAMR_ACCESS_ENUM_DOMAINS
+ | SAMR_ACCESS_OPEN_DOMAIN,
&sam_pol),
"could not connect to SAM database");
CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
&sam_pol,
- SEC_RIGHTS_MAXIMUM_ALLOWED,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+ | SAMR_DOMAIN_ACCESS_CREATE_USER
+ | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
domain_sid,
&domain_pol),
"could not open domain");