From 2b784738d7ce444fb63e2cac91ad2e220cc6e551 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 May 2009 13:13:01 -0700 Subject: DeleteUser doesn't need the priv checks, this is done at OpenUser time. Jeremy. --- source3/rpc_server/srv_samr_nt.c | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 7e55282384..8b1a90af02 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -5499,8 +5499,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p, struct samr_user_info *uinfo; NTSTATUS status; struct samu *sam_pass=NULL; - bool can_del_accounts = false; - uint32 acb_info = 0; bool ret; DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__)); @@ -5524,24 +5522,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p, ret = pdb_getsampwsid(sam_pass, &uinfo->sid); unbecome_root(); - if (ret) { - acb_info = pdb_get_acct_ctrl(sam_pass); - } - - /* For machine accounts it's the SeMachineAccountPrivilege that counts. */ - if (geteuid() == sec_initial_uid()) { - can_del_accounts = true; - } else if (acb_info & ACB_WSTRUST) { - can_del_accounts = user_has_privileges( p->server_info->ptok, &se_machine_account ); - } else { - can_del_accounts = user_has_privileges( p->server_info->ptok, &se_add_users ); - } - - if (!can_del_accounts) { - TALLOC_FREE(sam_pass); - return NT_STATUS_ACCESS_DENIED; - } - if(!ret) { DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n", sid_string_dbg(&uinfo->sid))); -- cgit