1 files changed, 9 insertions, 1 deletions

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index d079403455..bd75eceb6b 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1189,6 +1189,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
 	}
 
 	DEBUG(5,("_samr_lookup_names: looking name on SID %s\n", sid_to_string(sid_str, &pol_sid)));
+	
+	become_root(); /* local_lookup_name can require root privs */
 
 	for (i = 0; i < num_rids; i++) {
 		fstring name;
@@ -1212,7 +1214,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
 		 * a cleaner code is to add the sid of the domain we're looking in
 		 * to the local_lookup_name function.
 		 */
-            	if(local_lookup_name(global_myname, name, &sid, &local_type)) {
+            	if(local_lookup_name(name, &sid, &local_type)) {
                 	sid_split_rid(&sid, &local_rid);
 				
 			if (sid_equal(&sid, &pol_sid)) {
@@ -1223,6 +1225,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
             	}
 	}
 
+	unbecome_root();
+
 	init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, (uint32 *)type, r_u->status);
 
 	DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
@@ -1342,6 +1346,8 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
  
 	r_u->status = NT_STATUS_NONE_MAPPED;
 
+	become_root();  /* lookup_sid can require root privs */
+
 	for (i = 0; i < num_rids; i++) {
 		fstring tmpname;
 		fstring domname;
@@ -1364,6 +1370,8 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
 		}
 	}
 
+	unbecome_root();
+
 	if(!make_samr_lookup_rids(p->mem_ctx, num_rids, group_names, &hdr_name, &uni_name))
 		return NT_STATUS_NO_MEMORY;