From ea33a1c22f834f985766347c8505935b59a808d8 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Fri, 12 Oct 2007 13:20:07 +0200
Subject: Add become_root/unbecome_root around one call of getsampwsid() in
 create_token_from_username(). This caused set_nt_acl to partially fail in
 certain circumstances.

This is expected to bring an improvement to bug #4308.

Michael
(This used to be commit e68671b59500d7e1b645c80ee264c49893f8df84)
---
 source3/auth/auth_util.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 325b05f80f..2c05f04b9b 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -721,6 +721,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 	}
 
 	if (sid_check_is_in_our_domain(&user_sid)) {
+		BOOL ret;
 
 		/* This is a passdb user, so ask passdb */
 
@@ -731,7 +732,11 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 			goto done;
 		}
 
-		if (!pdb_getsampwsid(sam_acct, &user_sid)) {
+		become_root();
+		ret = pdb_getsampwsid(sam_acct, &user_sid);
+		unbecome_root();
+
+		if (!ret) {
 			DEBUG(1, ("pdb_getsampwsid(%s) for user %s failed\n",
 				  sid_string_static(&user_sid), username));
 			DEBUGADD(1, ("Fall back to unix user %s\n", username));
-- 
cgit