svn commit: samba r13778 - in branches/SAMBA_3_0/source/rpc_server:
.
jra at samba.org
jra at samba.org
Wed Mar 1 21:57:00 GMT 2006
Author: jra
Date: 2006-03-01 21:56:59 +0000 (Wed, 01 Mar 2006)
New Revision: 13778
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13778
Log:
When deleting machine accounts it's the SeMachineAccountPrivilege
that counts.
Jeremy.
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-03-01 21:56:34 UTC (rev 13777)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-03-01 21:56:59 UTC (rev 13778)
@@ -3933,6 +3933,7 @@
struct samu *sam_pass=NULL;
uint32 acc_granted;
BOOL can_add_accounts;
+ uint32 acb_info;
DISP_INFO *disp_info = NULL;
DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
@@ -3960,8 +3961,15 @@
return NT_STATUS_NO_SUCH_USER;
}
- can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
+ acb_info = pdb_get_acct_ctrl(sam_pass);
+ /* For machine accounts it's the SeMachineAccountPrivilege that counts. */
+ if ( acb_info & ACB_WSTRUST ) {
+ can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account );
+ } else {
+ can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
+ }
+
/******** BEGIN SeAddUsers BLOCK *********/
if ( can_add_accounts )
More information about the samba-cvs
mailing list