Index: rpc_server/srv_samr_nt.c
===================================================================
--- rpc_server/srv_samr_nt.c	(revision 11425)
+++ rpc_server/srv_samr_nt.c	(working copy)
@@ -1805,8 +1805,9 @@
 
 	uint32 num_users=0, num_groups=0, num_aliases=0;
 
-	if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL)
+	if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL) {
 		return NT_STATUS_NO_MEMORY;
+	}
 
 	ZERO_STRUCTP(ctr);
 
@@ -1815,12 +1816,17 @@
 	DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));
 	
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info))
+	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) {
 		return NT_STATUS_INVALID_HANDLE;
+	}
 	
 	switch (q_u->switch_value) {
 		case 0x01:
 			
+			become_root();
+
+			/* AS ROOT !!! */
+
 			pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp);
 			min_pass_len = account_policy_temp;
 
@@ -1835,7 +1841,11 @@
 
 			pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp);
 			u_min_age = account_policy_temp;
+
+			/* !AS ROOT */
 			
+			unbecome_root();
+
 			unix_to_nt_time_abs(&nt_expire, u_expire);
 			unix_to_nt_time_abs(&nt_min_age, u_min_age);
 
@@ -1843,11 +1853,14 @@
 			               flag, nt_expire, nt_min_age);
 			break;
 		case 0x02:
+
 			become_root();
+
+			/* AS ROOT !!! */
+
 			num_users=count_sam_users(&info->disp_info,
 						  ACB_NORMAL);
 			num_groups=count_sam_groups(&info->disp_info);
-			unbecome_root();
 
 			pdb_get_account_policy(AP_TIME_TO_LOGOUT, &account_policy_temp);
 			u_logout = account_policy_temp;
@@ -1857,6 +1870,10 @@
 			if (!pdb_get_seq_num(&seq_num))
 				seq_num = time(NULL);
 
+			/* !AS ROOT */
+			
+			unbecome_root();
+
 			server_role = ROLE_DOMAIN_PDC;
 			if (lp_server_role() == ROLE_DOMAIN_BDC)
 				server_role = ROLE_DOMAIN_BDC;
@@ -1865,7 +1882,17 @@
 				       num_users, num_groups, num_aliases, nt_logout, server_role);
 			break;
 		case 0x03:
+
+			become_root();
+
+			/* AS ROOT !!! */
+
 			pdb_get_account_policy(AP_TIME_TO_LOGOUT, (unsigned int *)&u_logout);
+
+			/* !AS ROOT */
+			
+			unbecome_root();
+
 			unix_to_nt_time_abs(&nt_logout, u_logout);
 			
 			init_unk_info3(&ctr->info.inf3, nt_logout);
@@ -1884,16 +1911,32 @@
 			init_unk_info7(&ctr->info.inf7, server_role);
 			break;
 		case 0x08:
-			if (!pdb_get_seq_num(&seq_num))
+
+			become_root();
+
+			/* AS ROOT !!! */
+
+			if (!pdb_get_seq_num(&seq_num)) {
 				seq_num = time(NULL);
+			}
 
+			/* !AS ROOT */
+			
+			unbecome_root();
+
 			init_unk_info8(&ctr->info.inf8, (uint32) seq_num);
 			break;
 		case 0x0c:
+
+			become_root();
+
+			/* AS ROOT !!! */
+
 			pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp);
 			u_lock_duration = account_policy_temp;
-			if (u_lock_duration != -1)
+			if (u_lock_duration != -1) {
 				u_lock_duration *= 60;
+			}
 
 			pdb_get_account_policy(AP_RESET_COUNT_TIME, &account_policy_temp);
 			u_reset_time = account_policy_temp * 60;
@@ -1901,6 +1944,10 @@
 			pdb_get_account_policy(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp);
 			lockout = account_policy_temp;
 
+			/* !AS ROOT */
+			
+			unbecome_root();
+
 			unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
 			unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
 	
@@ -1910,6 +1957,7 @@
             		return NT_STATUS_INVALID_INFO_CLASS;
 		}
 	
+
 	init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
 	
 	DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__));