s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.

author Volker Lendecke <vl@samba.org>

Tue, 3 Feb 2009 13:41:49 +0000 (14:41 +0100)

committer Karolin Seeger <kseeger@samba.org>

Mon, 16 Feb 2009 08:56:53 +0000 (09:56 +0100)
author Volker Lendecke <vl@samba.org>
Tue, 3 Feb 2009 13:41:49 +0000 (14:41 +0100)
committer Karolin Seeger <kseeger@samba.org>
Mon, 16 Feb 2009 08:56:53 +0000 (09:56 +0100)
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c

index b8d903cc9a2a0cb721ff42dcd478bcf477ab7275..488996c44f915b13d90ec8353f21fcd235377e7b 100644 (file)
--- a/source/libnet/libnet_join.c
+++ b/source/libnet/libnet_join.c
@@ -790,7 +790,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
  
         status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
                                       pipe_hnd->desthost,
-                                     SEC_RIGHTS_MAXIMUM_ALLOWED,
+                                     SAMR_ACCESS_ENUM_DOMAINS
+                                     | SAMR_ACCESS_OPEN_DOMAIN,
                                       &sam_pol);
         if (!NT_STATUS_IS_OK(status)) {
                 goto done;
@@ -798,7 +799,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
  
         status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
                                         &sam_pol,
-                                       SEC_RIGHTS_MAXIMUM_ALLOWED,
+                                       SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+                                       | SAMR_DOMAIN_ACCESS_CREATE_USER
+                                       | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
                                         r->out.domain_sid,
                                         &domain_pol);
         if (!NT_STATUS_IS_OK(status)) {
diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c

index d8641bfb2305f262d4a92c9ca4ca2c90183a62ff..dfab65c7b82cb89e8717f2b86d2c40c47e7cbeac 100644 (file)
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -243,14 +243,17 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
  
         CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
                                            pipe_hnd->desthost,
-                                          SEC_RIGHTS_MAXIMUM_ALLOWED,
+                                          SAMR_ACCESS_ENUM_DOMAINS
+                                          | SAMR_ACCESS_OPEN_DOMAIN,
                                            &sam_pol),
                       "could not connect to SAM database");
  
  
         CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
                                              &sam_pol,
-                                            SEC_RIGHTS_MAXIMUM_ALLOWED,
+                                            SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+                                            | SAMR_DOMAIN_ACCESS_CREATE_USER
+                                            | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
                                              domain_sid,
                                              &domain_pol),
                       "could not open domain");
author	Volker Lendecke <vl@samba.org>
	Tue, 3 Feb 2009 13:41:49 +0000 (14:41 +0100)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 16 Feb 2009 08:56:53 +0000 (09:56 +0100)
source/libnet/libnet_join.c		patch \| blob \| history
source/utils/net_rpc_join.c		patch \| blob \| history