From ba8c48244e140403b728d9a2ca297b40e8888964 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Wed, 10 Oct 2007 08:27:56 +0000
Subject: [PATCH] r25598: Add missing become_root/unbecome_root around calls of
 add_aliases. This triggered a "cannot access LDAP when not root"-bug with
 "passdb backend = ldap" and "winbind nested groups = yes".

This *might* be a step towards fixing bug #4308, since the
failure was observerd when triggered by acl code.

Michael
---
 source/auth/token_util.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source/auth/token_util.c b/source/auth/token_util.c
index 2c11fa5b178..7514d867adc 100644
--- a/source/auth/token_util.c
+++ b/source/auth/token_util.c
@@ -388,6 +388,8 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 	
 	if (lp_winbind_nested_groups()) {
 
+		become_root();
+
 		/* Now add the aliases. First the one from our local SAM */
 
 		status = add_aliases(get_global_sam_sid(), result);
@@ -405,6 +407,8 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 			TALLOC_FREE(result);
 			return NULL;
 		}
+
+		unbecome_root();
 	} 
 
 
-- 
2.11.4.GIT