summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-03-01 21:56:59 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:10:53 -0500
commit1b456f2894fc663a9b6edbc51fe1b107ede196d8 (patch)
tree3e66776a0af3b1e0682aa9a0142b01ff753b5780
parent1da8345777c53ed650b9833c23f4dcfec64d7252 (diff)
downloadsamba-1b456f2894fc663a9b6edbc51fe1b107ede196d8.tar.gz
samba-1b456f2894fc663a9b6edbc51fe1b107ede196d8.tar.bz2
samba-1b456f2894fc663a9b6edbc51fe1b107ede196d8.zip
r13778: When deleting machine accounts it's the SeMachineAccountPrivilege
that counts. Jeremy. (This used to be commit aa85ba4f3799ffbe5c6f84f768f03a4c68d879dc)
-rw-r--r--source3/rpc_server/srv_samr_nt.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index de6c28a38d..e4dc92c08d 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -3933,6 +3933,7 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
struct samu *sam_pass=NULL;
uint32 acc_granted;
BOOL can_add_accounts;
+ uint32 acb_info;
DISP_INFO *disp_info = NULL;
DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
@@ -3960,7 +3961,14 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
return NT_STATUS_NO_SUCH_USER;
}
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
+ acb_info = pdb_get_acct_ctrl(sam_pass);
+
+ /* For machine accounts it's the SeMachineAccountPrivilege that counts. */
+ if ( acb_info & ACB_WSTRUST ) {
+ can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account );
+ } else {
+ can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
+ }
/******** BEGIN SeAddUsers BLOCK *********/