diff options
author | Jeremy Allison <jra@samba.org> | 2006-03-01 21:56:59 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2006-03-01 21:56:59 +0000 |
commit | bf33b637fd33e3e845cef69964421581b826a05e (patch) | |
tree | a1d95804e4e02b21b283c91edd6e60c9b8183df6 /source/rpc_server | |
parent | 4f3618b0a708dc4044b934a37500e9867dc37d16 (diff) | |
download | samba-bf33b637fd33e3e845cef69964421581b826a05e.tar.gz samba-bf33b637fd33e3e845cef69964421581b826a05e.tar.xz samba-bf33b637fd33e3e845cef69964421581b826a05e.zip |
r13778: When deleting machine accounts it's the SeMachineAccountPrivilege
that counts.
Jeremy.
Diffstat (limited to 'source/rpc_server')
-rw-r--r-- | source/rpc_server/srv_samr_nt.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index de6c28a38db..e4dc92c08d4 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -3933,6 +3933,7 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM struct samu *sam_pass=NULL; uint32 acc_granted; BOOL can_add_accounts; + uint32 acb_info; DISP_INFO *disp_info = NULL; DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__)); @@ -3960,7 +3961,14 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM return NT_STATUS_NO_SUCH_USER; } - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + acb_info = pdb_get_acct_ctrl(sam_pass); + + /* For machine accounts it's the SeMachineAccountPrivilege that counts. */ + if ( acb_info & ACB_WSTRUST ) { + can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account ); + } else { + can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + } /******** BEGIN SeAddUsers BLOCK *********/ |