From: Günther Deschner <gd@samba.org>
Date: Mon, 18 May 2009 19:00:29 +0000 (+0200)
Subject: s3-lsa: start a very basic implementation of _lsa_DeleteObject().
X-Git-Tag: tdb-1.1.5~495
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4724fef8979c3f0e66cb8e41936af270901093b4;p=thirdparty%2Fsamba.git

s3-lsa: start a very basic implementation of _lsa_DeleteObject().

Certainly not the full story but this gets us closer to pass the
RPC-SAMR-USERS-PRIVILEGES test.

Guenther
---

diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index fb5117cdd3b..7cddb5cb85a 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -1290,7 +1290,29 @@ NTSTATUS _lsa_SetSecret(pipes_struct *p, struct lsa_SetSecret *r)
 NTSTATUS _lsa_DeleteObject(pipes_struct *p,
 			   struct lsa_DeleteObject *r)
 {
-	return NT_STATUS_ACCESS_DENIED;
+	NTSTATUS status;
+	struct lsa_info *info = NULL;
+
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
+
+	/* check to see if the pipe_user is root or a Domain Admin since
+	   account_pol.tdb was already opened as root, this is all we have */
+
+	if (p->server_info->utok.uid != sec_initial_uid() &&
+	    !nt_token_check_domain_rid(p->server_info->ptok,
+				       DOMAIN_GROUP_RID_ADMINS)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	status = privilege_delete_account(&info->sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10,("_lsa_DeleteObject: privilege_delete_account gave: %s\n",
+			nt_errstr(status)));
+	}
+
+	return status;
 }
 
 /***************************************************************************