From 2b784738d7ce444fb63e2cac91ad2e220cc6e551 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 15 May 2009 13:13:01 -0700
Subject: DeleteUser doesn't need the priv checks, this is done at OpenUser
 time. Jeremy.

---
 source3/rpc_server/srv_samr_nt.c | 20 --------------------
 1 file changed, 20 deletions(-)

(limited to 'source3/rpc_server/srv_samr_nt.c')

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7e55282384..8b1a90af02 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -5499,8 +5499,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
 	struct samr_user_info *uinfo;
 	NTSTATUS status;
 	struct samu *sam_pass=NULL;
-	bool can_del_accounts = false;
-	uint32 acb_info = 0;
 	bool ret;
 
 	DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__));
@@ -5524,24 +5522,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
 	ret = pdb_getsampwsid(sam_pass, &uinfo->sid);
 	unbecome_root();
 
-	if (ret) {
-		acb_info = pdb_get_acct_ctrl(sam_pass);
-	}
-
-	/* For machine accounts it's the SeMachineAccountPrivilege that counts. */
-	if (geteuid() == sec_initial_uid()) {
-		can_del_accounts = true;
-	} else if (acb_info & ACB_WSTRUST) {
-		can_del_accounts = user_has_privileges( p->server_info->ptok, &se_machine_account );
-	} else {
-		can_del_accounts = user_has_privileges( p->server_info->ptok, &se_add_users );
-	}
-
-	if (!can_del_accounts) {
-		TALLOC_FREE(sam_pass);
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
 	if(!ret) {
 		DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n",
 			sid_string_dbg(&uinfo->sid)));
-- 
cgit