s3:rpc_server: wrap make_auth4_context() into {become,unbecome}_root()

This need to create a temporary messaging context in order to do
the auth logging. This can only be done as root.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12850

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Jul  3 08:15:29 CEST 2017 on sn-devel-144

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index f79fbe26abff1e3a2b3f3a21480196afc09d13b1..4534200f75cd5f161882b5e61ce0711ddcb2f8a1 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -844,7 +844,9 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
                p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
                p->auth.auth_context_id = 0;
 
                p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
                p->auth.auth_context_id = 0;
 

+               become_root();

                status = make_auth4_context(frame, &auth4_context);
                status = make_auth4_context(frame, &auth4_context);

+               unbecome_root();

                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0, ("Unable to make auth context for authz log.\n"));
                        TALLOC_FREE(frame);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(0, ("Unable to make auth context for authz log.\n"));
                        TALLOC_FREE(frame);