summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-05-18 21:00:29 +0200
committerGünther Deschner <gd@samba.org>2009-05-18 22:58:31 +0200
commit4724fef8979c3f0e66cb8e41936af270901093b4 (patch)
tree68274b6196db90e74d5dc418f2eb5d3337d1ebbe
parent0a9049be872a0eaf56c1449f8b362b6d91dd781b (diff)
downloadsamba-4724fef8979c3f0e66cb8e41936af270901093b4.tar.gz
samba-4724fef8979c3f0e66cb8e41936af270901093b4.tar.bz2
samba-4724fef8979c3f0e66cb8e41936af270901093b4.zip
s3-lsa: start a very basic implementation of _lsa_DeleteObject().
Certainly not the full story but this gets us closer to pass the RPC-SAMR-USERS-PRIVILEGES test. Guenther
-rw-r--r--source3/rpc_server/srv_lsa_nt.c24
1 files changed, 23 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index fb5117cdd3..7cddb5cb85 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1290,7 +1290,29 @@ NTSTATUS _lsa_SetSecret(pipes_struct *p, struct lsa_SetSecret *r)
NTSTATUS _lsa_DeleteObject(pipes_struct *p,
struct lsa_DeleteObject *r)
{
- return NT_STATUS_ACCESS_DENIED;
+ NTSTATUS status;
+ struct lsa_info *info = NULL;
+
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ /* check to see if the pipe_user is root or a Domain Admin since
+ account_pol.tdb was already opened as root, this is all we have */
+
+ if (p->server_info->utok.uid != sec_initial_uid() &&
+ !nt_token_check_domain_rid(p->server_info->ptok,
+ DOMAIN_GROUP_RID_ADMINS)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = privilege_delete_account(&info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("_lsa_DeleteObject: privilege_delete_account gave: %s\n",
+ nt_errstr(status)));
+ }
+
+ return status;
}
/***************************************************************************