From: Björn Jacke <bjacke@samba.org>
Date: Wed, 24 Jan 2024 23:46:38 +0000 (+0100)
Subject: Revert "token_util.c: prefer capabilities over become_root"
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=5cedf3b5eb02c3050cb2e82d4602d63c565d4a7f;p=metze%2Fsamba%2Fwip.git

Revert "token_util.c: prefer capabilities over become_root"

This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224

(cherry picked from commit 0dec2ef188a93504da873d927ca2b26f8c491fb8)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Mar 27 16:51:00 UTC 2024 on atb-devel-224
---

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index a7ff9bd6c3f1..023ad7cbb028 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -699,7 +699,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
 
 	/* Add in BUILTIN sids */
 
-	set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+	become_root();
 	ok = secrets_fetch_domain_sid(lp_workgroup(), &_dom_sid);
 	if (ok) {
 		domain_sid = &_dom_sid;
@@ -707,7 +707,7 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
 		DEBUG(3, ("Failed to fetch domain sid for %s\n",
 			  lp_workgroup()));
 	}
-	drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+	unbecome_root();
 
 	info = talloc_zero(talloc_tos(), struct acct_info);
 	if (info == NULL) {