DeleteUser doesn't need the priv checks, this is done at OpenUser time.

Jeremy.

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7e552823843047fe11c57a0319c155bf31439ce3..8b1a90af0279ca05ad816a29ffb9d81188b1a6be 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -5499,8 +5499,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
        struct samr_user_info *uinfo;
        NTSTATUS status;
        struct samu *sam_pass=NULL;
-       bool can_del_accounts = false;
-       uint32 acb_info = 0;
        bool ret;
 
        DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__));
@@ -5524,24 +5522,6 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p,
        ret = pdb_getsampwsid(sam_pass, &uinfo->sid);
        unbecome_root();
 
-       if (ret) {
-               acb_info = pdb_get_acct_ctrl(sam_pass);
-       }
-
-       /* For machine accounts it's the SeMachineAccountPrivilege that counts. */
-       if (geteuid() == sec_initial_uid()) {
-               can_del_accounts = true;
-       } else if (acb_info & ACB_WSTRUST) {
-               can_del_accounts = user_has_privileges( p->server_info->ptok, &se_machine_account );
-       } else {
-               can_del_accounts = user_has_privileges( p->server_info->ptok, &se_add_users );
-       }
-
-       if (!can_del_accounts) {
-               TALLOC_FREE(sam_pass);
-               return NT_STATUS_ACCESS_DENIED;
-       }
-
        if(!ret) {
                DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n",
                        sid_string_dbg(&uinfo->sid)));