dosmode.c: prefer use of capabilities at two places over become_root

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 41241fd2bfc468d33269605d2b33d9cb33a44943..5dfab65984af102af882a61a7cb84218e1b031b1 100644 (file)
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -387,12 +387,12 @@ NTSTATUS fget_ea_dos_attribute(struct files_struct *fsp,
                   run because in cases like NFS, root might have even less
                   rights than the real user
                */
-               become_root();
+               set_effective_capability(DAC_OVERRIDE_CAPABILITY);
                sizeret = SMB_VFS_FGETXATTR(fsp,
                                            SAMBA_XATTR_DOS_ATTRIB,
                                            attrstr,
                                            sizeof(attrstr));
-               unbecome_root();
+               drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
        }
        if (sizeret == -1) {
                DBG_INFO("Cannot get attribute "
@@ -507,14 +507,14 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
                        return NT_STATUS_ACCESS_DENIED;
                }
 
-               become_root();
+               set_effective_capability(DAC_OVERRIDE_CAPABILITY);
                ret = SMB_VFS_FSETXATTR(smb_fname->fsp,
                                        SAMBA_XATTR_DOS_ATTRIB,
                                        blob.data, blob.length, 0);
+               drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
                if (ret == 0) {
                        status = NT_STATUS_OK;
                }
-               unbecome_root();
                if (!NT_STATUS_IS_OK(status)) {
                        return status;
                }