DeleteUser doesn't need the priv checks, this is done at OpenUser time.

Jeremy.

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index a8e5b39f30f7e6a22708c574a15bd52f31bb16be..d66199e8aa35b3db0fa7088e385fbd3f9c7d9f1d 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -5525,8 +5525,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
        DOM_SID user_sid;
        struct samu *sam_pass=NULL;
        uint32 acc_granted;
-       bool can_del_accounts = false;
-       uint32 acb_info = 0;
        DISP_INFO *disp_info = NULL;
        bool ret;
 
@@ -5555,24 +5553,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
        ret = pdb_getsampwsid(sam_pass, &user_sid);
        unbecome_root();
 
-       if (ret) {
-               acb_info = pdb_get_acct_ctrl(sam_pass);
-       }
-
-       /* For machine accounts it's the SeMachineAccountPrivilege that counts. */
-       if (geteuid() == sec_initial_uid()) {
-               can_del_accounts = true;
-       } else if (acb_info & ACB_WSTRUST) {
-               can_del_accounts = user_has_privileges( p->server_info->ptok, &se_machine_account );
-       } else {
-               can_del_accounts = user_has_privileges( p->server_info->ptok, &se_add_users );
-       }
-
-       if (!can_del_accounts) {
-               TALLOC_FREE(sam_pass);
-               return NT_STATUS_ACCESS_DENIED;
-       }
-
        if(!ret) {
                DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n",
                        sid_string_dbg(&user_sid)));