[PATCH] s4-samldb: Do not allow deletion of objects with RID < 1000

Andrew Bartlett abartlet at samba.org
Sun Oct 13 12:42:23 MDT 2013

On Fri, 2013-10-11 at 15:37 +0300, Nadezhda Ivanova wrote:
> Hi, attached is a patch that would prevent deletion of Administrator and
> other well-known accounts.
> The issue was discovered during interop lab in Redmond in September.
> I had to modify the samba3sam tests a bit as they were using a user with
> rid < 1000. Also since when a deletion of an account in cn=Users is
> deleted, an error 80 (other) is expected, unlike the deletion of builtin
> accounts, when 53 is expected, if we ever move objectclass after samldb, we
> will need to add a check to make sure we return the correct error in both
> cases. The check is skipped at this point for performance reasons.

Can we please put the protected RID offset in decimal, rather than

Other than that:

Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list