Revert "token_util.c: prefer capabilities over become_root"

This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224

(cherry picked from commit 0dec2ef188a93504da873d927ca2b26f8c491fb8)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Mar 27 16:51:00 UTC 2024 on atb-devel-224

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index a7ff9bd6c3f155b085302341e7f918faaeffcb70..023ad7cbb028a026666c52eba148f0d2f5c34565 100644 (file)
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -699,7 +699,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
 
        /* Add in BUILTIN sids */
 
-       set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+       become_root();
        ok = secrets_fetch_domain_sid(lp_workgroup(), &_dom_sid);
        if (ok) {
                domain_sid = &_dom_sid;
@@ -707,7 +707,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
                DEBUG(3, ("Failed to fetch domain sid for %s\n",
                          lp_workgroup()));
        }
-       drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+       unbecome_root();
 
        info = talloc_zero(talloc_tos(), struct acct_info);
        if (info == NULL) {