From: Björn Jacke <bj@sernet.de>
Date: Fri, 17 Jun 2022 05:22:57 +0000 (+0200)
Subject: token_util.c: prefer capabilities over become_root
X-Git-Tag: talloc-2.4.2~650
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=944cb51506a94084d7ab52ee044fe6f66e1aaeb9;p=thirdparty%2Fsamba.git

token_util.c: prefer capabilities over become_root

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
---

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 023ad7cbb02..a7ff9bd6c3f 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -699,7 +699,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
 
 	/* Add in BUILTIN sids */
 
-	become_root();
+	set_effective_capability(DAC_OVERRIDE_CAPABILITY);
 	ok = secrets_fetch_domain_sid(lp_workgroup(), &_dom_sid);
 	if (ok) {
 		domain_sid = &_dom_sid;
@@ -707,7 +707,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
 		DEBUG(3, ("Failed to fetch domain sid for %s\n",
 			  lp_workgroup()));
 	}
-	unbecome_root();
+	drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
 
 	info = talloc_zero(talloc_tos(), struct acct_info);
 	if (info == NULL) {