From 2b52e35770270959d5029fa84932d436652c7193 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 22 Feb 2007 20:52:27 +0000
Subject: r21507: Fix some "cannot access LDAP when no root" bugs. The two
 culprits were

* pdb_get_account_policy()
* pdb_get_group_sid()
(This used to be commit 6a69caf6907fad01b13aa4358ce5c62506f98495)
---
 source3/passdb/pdb_interface.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'source3/passdb')

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 36536e5fea..ce8b46eb0f 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -987,13 +987,25 @@ NTSTATUS pdb_lookup_names(const DOM_SID *domain_sid,
 BOOL pdb_get_account_policy(int policy_index, uint32 *value)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
-	return NT_STATUS_IS_OK(pdb->get_account_policy(pdb, policy_index, value));
+	NTSTATUS status;
+	
+	become_root();
+	status = pdb->get_account_policy(pdb, policy_index, value);
+	unbecome_root();
+	
+	return NT_STATUS_IS_OK(status);	
 }
 
 BOOL pdb_set_account_policy(int policy_index, uint32 value)
 {
 	struct pdb_methods *pdb = pdb_get_methods();
-	return NT_STATUS_IS_OK(pdb->set_account_policy(pdb, policy_index, value));
+	NTSTATUS status;
+
+	become_root();
+	status = pdb->set_account_policy(pdb, policy_index, value);
+	unbecome_root();
+
+	return NT_STATUS_IS_OK(status);
 }
 
 BOOL pdb_get_seq_num(time_t *seq_num)
-- 
cgit