s3-netlogon: Fix setting the machinge account password.

This bug has been found with uid wrapper.
(cherry picked from commit bda9752b1036c4d4db76a526a79a091419bf757c)

Fix bug #8550 (Calls inside netr_set_machine_account_password() to set the
machine account password must be done as root).

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index aa424e052a9a256738890cbf1f3183814eddc060..ecdfac707b3f9bd24a246e25832e9e919784753c 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1120,6 +1120,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
                goto out;
        }
 
+       become_root();
        status = samr_find_machine_account(mem_ctx,
                                           h,
                                           account_name,
@@ -1127,6 +1128,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
                                           NULL,
                                           NULL,
                                           &user_handle);
+       unbecome_root();
        if (!NT_STATUS_IS_OK(status)) {
                goto out;
        }
@@ -1170,12 +1172,14 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx,
 
        info->info18 = info18;
 
+       become_root();
        status = dcerpc_samr_SetUserInfo2(h,
                                          mem_ctx,
                                          &user_handle,
                                          UserInternal1Information,
                                          info,
                                          &result);
+       unbecome_root();
        if (!NT_STATUS_IS_OK(status)) {
                goto out;
        }