From e28071f79a68bd01627d603c1a407aa913577f50 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Tue, 3 Feb 2009 20:03:42 +0100
Subject: s3-libnetjoin: make acct_flags dependent on secure channel type.

Guenther
---
 source3/libnet/libnet_join.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index f4b5618ac9..de920949a6 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -817,6 +817,17 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	ZERO_STRUCT(domain_pol);
 	ZERO_STRUCT(user_pol);
 
+	switch (r->in.secure_channel_type) {
+	case SEC_CHAN_WKSTA:
+		acct_flags = ACB_WSTRUST;
+		break;
+	case SEC_CHAN_BDC:
+		acct_flags = ACB_SVRTRUST;
+		break;
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	if (!r->in.machine_password) {
 		r->in.machine_password = generate_random_str(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
 		NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
@@ -868,15 +879,13 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 			SAMR_USER_ACCESS_SET_ATTRIBUTES;
 		uint32_t access_granted = 0;
 
-		/* Don't try to set any acct_flags flags other than ACB_WSTRUST */
-
 		DEBUG(10,("Creating account with desired access mask: %d\n",
 			access_desired));
 
 		status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
 						 &domain_pol,
 						 &lsa_acct_name,
-						 ACB_WSTRUST,
+						 acct_flags,
 						 access_desired,
 						 &user_pol,
 						 &access_granted,
-- 
cgit