Index: samba-3.0.24/source/lib/util_sec.c
===================================================================
--- samba-3.0.24.orig/source/lib/util_sec.c	2007-05-25 12:36:10.000000000 -0500
+++ samba-3.0.24/source/lib/util_sec.c	2007-05-25 12:36:38.000000000 -0500
@@ -286,28 +286,6 @@
 }
 
 /****************************************************************************
- Lightweight become root - no group change.
-****************************************************************************/
-
-void become_root_uid_only(void)
-{
-	save_re_uid();
-	set_effective_uid(0);
-}
-
-/****************************************************************************
- Lightweight unbecome root - no group change. Expects we are root already,
- saves errno across call boundary.
-****************************************************************************/
-
-void unbecome_root_uid_only(void)
-{
-	int saved_errno = errno;
-	restore_re_uid_fromroot();
-	errno = saved_errno;
-}
-
-/****************************************************************************
  save the real and effective gid for later restoration. Used by the 
  getgroups code
 ****************************************************************************/
Index: samba-3.0.24/source/passdb/lookup_sid.c
===================================================================
--- samba-3.0.24.orig/source/passdb/lookup_sid.c	2007-05-25 12:36:10.000000000 -0500
+++ samba-3.0.24/source/passdb/lookup_sid.c	2007-05-25 12:36:38.000000000 -0500
@@ -421,10 +421,10 @@
 			return False;
 		}
 
-		become_root_uid_only();
+		become_root();
 		result = pdb_lookup_rids(domain_sid, num_rids, rids,
 					 *names, *types);
-		unbecome_root_uid_only();
+		unbecome_root();
 
 		return (NT_STATUS_IS_OK(result) ||
 			NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
@@ -1085,9 +1085,9 @@
 		goto done;
 	}
 
-	become_root_uid_only();
+	become_root();
 	ret = pdb_uid_to_rid(uid, &rid);
-	unbecome_root_uid_only();
+	unbecome_root();
 
 	if (ret) {
 		/* This is a mapped user */
@@ -1131,9 +1131,9 @@
 		goto done;
 	}
 
-	become_root_uid_only();
+	become_root();
 	ret = pdb_gid_to_sid(gid, psid);
-	unbecome_root_uid_only();
+	unbecome_root();
 
 	if (ret) {
 		/* This is a mapped group */
@@ -1179,9 +1179,9 @@
 		union unid_t id;
 		BOOL ret;
 
-		become_root_uid_only();
+		become_root();
 		ret = pdb_sid_to_id(psid, &id, &type);
-		unbecome_root_uid_only();
+		unbecome_root();
 
 		if (ret) {
 			if (type != SID_NAME_USER) {
@@ -1259,9 +1259,9 @@
 	     sid_check_is_in_wellknown_domain(psid))) {
 		BOOL ret;
 
-		become_root_uid_only();
+		become_root();
 		ret = pdb_getgrsid(&map, *psid);
-		unbecome_root_uid_only();
+		unbecome_root();
 
 		if (ret) {
 			*pgid = map.gid;
@@ -1273,9 +1273,9 @@
 	if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
 		BOOL ret;
 
-		become_root_uid_only();
+		become_root();
 		ret = pdb_sid_to_id(psid, &id, &type);
-		unbecome_root_uid_only();
+		unbecome_root();
 
 		if (ret) {
 			if ((type != SID_NAME_DOM_GRP) &&
Index: samba-3.0.24/source/smbd/uid.c
===================================================================
--- samba-3.0.24.orig/source/smbd/uid.c	2007-05-25 12:36:28.000000000 -0500
+++ samba-3.0.24/source/smbd/uid.c	2007-05-25 12:36:46.000000000 -0500
@@ -151,7 +151,9 @@
 	char group_c;
 	BOOL must_free_token = False;
 	NT_USER_TOKEN *token = NULL;
-
+	int num_groups = 0;
+	gid_t *group_list = NULL;
+	
 	if (!conn) {
 		DEBUG(2,("change_to_user: Connection not open\n"));
 		return(False);
@@ -190,14 +192,14 @@
 	if (conn->force_user) /* security = share sets this too */ {
 		uid = conn->uid;
 		gid = conn->gid;
-		current_user.ut.groups = conn->groups;
-		current_user.ut.ngroups = conn->ngroups;
+	        group_list = conn->groups;
+		num_groups = conn->ngroups;
 		token = conn->nt_user_token;
 	} else if (vuser) {
 		uid = conn->admin_user ? 0 : vuser->uid;
 		gid = vuser->gid;
-		current_user.ut.ngroups = vuser->n_groups;
-		current_user.ut.groups  = vuser->groups;
+		num_groups = vuser->n_groups;
+		group_list  = vuser->groups;
 		token = vuser->nt_user_token;
 	} else {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -230,8 +232,8 @@
 			 */
 
 			int i;
-			for (i = 0; i < current_user.ut.ngroups; i++) {
-				if (current_user.ut.groups[i] == conn->gid) {
+			for (i = 0; i < num_groups; i++) {
+				if (group_list[i] == conn->gid) {
 					gid = conn->gid;
 					gid_to_sid(&token->user_sids[1], gid);
 					break;
@@ -243,6 +245,12 @@
 		}
 	}
 	
+	/* Now set current_user since we will immediately also call
+	   set_sec_ctx() */
+
+	current_user.ut.ngroups = num_groups;
+	current_user.ut.groups  = group_list;	
+
 	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
 		    token);