Add become_root/unbecome_root around one call of getsampwsid()

in create_token_from_username(). This caused set_nt_acl to
partially fail in certain circumstances.

This is expected to bring an improvement to bug #4308.

Michael

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 325b05f80f8d678bd082b63e387e8388b5f76490..2c05f04b9b0248791a143e0dbd1cc6ff11c2a329 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -721,6 +721,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
        }
 
        if (sid_check_is_in_our_domain(&user_sid)) {
+               BOOL ret;
 
                /* This is a passdb user, so ask passdb */
 
@@ -731,7 +732,11 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
                        goto done;
                }
 
-               if (!pdb_getsampwsid(sam_acct, &user_sid)) {
+               become_root();
+               ret = pdb_getsampwsid(sam_acct, &user_sid);
+               unbecome_root();
+
+               if (!ret) {
                        DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n",
                                  sid_string_static(&user_sid), username));
                        DEBUGADD(1, ("Fall back to unix user %s\n", username));