1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

r13778: When deleting machine accounts it's the SeMachineAccountPrivilege

that counts.
Jeremy.
(This used to be commit aa85ba4f37)
This commit is contained in:
Jeremy Allison 2006-03-01 21:56:59 +00:00 committed by Gerald (Jerry) Carter
parent 1da8345777
commit 1b456f2894

View File

@ -3933,6 +3933,7 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
struct samu *sam_pass=NULL;
uint32 acc_granted;
BOOL can_add_accounts;
uint32 acb_info;
DISP_INFO *disp_info = NULL;
DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
@ -3960,7 +3961,14 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
return NT_STATUS_NO_SUCH_USER;
}
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
acb_info = pdb_get_acct_ctrl(sam_pass);
/* For machine accounts it's the SeMachineAccountPrivilege that counts. */
if ( acb_info & ACB_WSTRUST ) {
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account );
} else {
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
}
/******** BEGIN SeAddUsers BLOCK *********/