From: Christof Schmitt Date: Mon, 9 Mar 2020 21:21:41 +0000 (-0700) Subject: rpcclient: Ask for minimal permissions for SID and name lookups X-Git-Tag: ldb-2.2.0~1454 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00ab6349e220ee9976eaec9ab599458925a16010;p=thirdparty%2Fsamba.git rpcclient: Ask for minimal permissions for SID and name lookups The RPC calls to lookup SIDS and names only require the POLICY_LOOKUP_NAMES permission. Only ask for that instead of the MAXIMUM_ALLOWED flag. This allows these calls to work against a NetApp that does not accept MAXIMUM_ALLOWED (see bugzilla 11105). Signed-off-by: Christof Schmitt Reviewed-by: Andrew Bartlett --- diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index abb454331c2..aae1a5b629d 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -237,8 +237,8 @@ static NTSTATUS cmd_lsa_lookup_names(struct rpc_pipe_client *cli, } status = rpccli_lsa_open_policy(cli, mem_ctx, True, - SEC_FLAG_MAXIMUM_ALLOWED, - &pol); + LSA_POLICY_LOOKUP_NAMES, + &pol); if (!NT_STATUS_IS_OK(status)) goto done; @@ -288,8 +288,8 @@ static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli, } status = rpccli_lsa_open_policy(cli, mem_ctx, True, - SEC_FLAG_MAXIMUM_ALLOWED, - &pol); + LSA_POLICY_LOOKUP_NAMES, + &pol); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -406,8 +406,8 @@ static NTSTATUS cmd_lsa_lookup_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem } status = rpccli_lsa_open_policy(cli, mem_ctx, True, - SEC_FLAG_MAXIMUM_ALLOWED, - &pol); + LSA_POLICY_LOOKUP_NAMES, + &pol); if (!NT_STATUS_IS_OK(status)) goto done; @@ -481,8 +481,8 @@ static NTSTATUS cmd_lsa_lookup_sids_level(struct rpc_pipe_client *cli, } status = rpccli_lsa_open_policy(cli, mem_ctx, True, - SEC_FLAG_MAXIMUM_ALLOWED, - &pol); + LSA_POLICY_LOOKUP_NAMES, + &pol); if (!NT_STATUS_IS_OK(status)) { goto done; }