diff options
author | Günther Deschner <gd@samba.org> | 2009-05-18 21:00:29 +0200 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2009-05-18 22:58:31 +0200 |
commit | 4724fef8979c3f0e66cb8e41936af270901093b4 (patch) | |
tree | 68274b6196db90e74d5dc418f2eb5d3337d1ebbe | |
parent | 0a9049be872a0eaf56c1449f8b362b6d91dd781b (diff) | |
download | samba-4724fef8979c3f0e66cb8e41936af270901093b4.tar.gz samba-4724fef8979c3f0e66cb8e41936af270901093b4.tar.bz2 samba-4724fef8979c3f0e66cb8e41936af270901093b4.zip |
s3-lsa: start a very basic implementation of _lsa_DeleteObject().
Certainly not the full story but this gets us closer to pass the
RPC-SAMR-USERS-PRIVILEGES test.
Guenther
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index fb5117cdd3..7cddb5cb85 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1290,7 +1290,29 @@ NTSTATUS _lsa_SetSecret(pipes_struct *p, struct lsa_SetSecret *r) NTSTATUS _lsa_DeleteObject(pipes_struct *p, struct lsa_DeleteObject *r) { - return NT_STATUS_ACCESS_DENIED; + NTSTATUS status; + struct lsa_info *info = NULL; + + if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) { + return NT_STATUS_INVALID_HANDLE; + } + + /* check to see if the pipe_user is root or a Domain Admin since + account_pol.tdb was already opened as root, this is all we have */ + + if (p->server_info->utok.uid != sec_initial_uid() && + !nt_token_check_domain_rid(p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS)) { + return NT_STATUS_ACCESS_DENIED; + } + + status = privilege_delete_account(&info->sid); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("_lsa_DeleteObject: privilege_delete_account gave: %s\n", + nt_errstr(status))); + } + + return status; } /*************************************************************************** |