[PATCH] s4-samldb: Do not allow deletion of objects with RID < 1000
nivanova at samba.org
Fri Oct 11 06:37:25 MDT 2013
Hi, attached is a patch that would prevent deletion of Administrator and
other well-known accounts.
The issue was discovered during interop lab in Redmond in September.
I had to modify the samba3sam tests a bit as they were using a user with
rid < 1000. Also since when a deletion of an account in cn=Users is
deleted, an error 80 (other) is expected, unlike the deletion of builtin
accounts, when 53 is expected, if we ever move objectclass after samldb, we
will need to add a check to make sure we return the correct error in both
cases. The check is skipped at this point for performance reasons.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 8285 bytes
Desc: not available
More information about the samba-technical