LDAP_CHILD: replace become_user() with sss_drop_all_caps()

Since e2c26e8 'ldap_child' always runs
under SSSD_USER and uses file capabilities instead. For this reason
it doesn't make sense to call `become_user()` - `sss_drop_all_caps()`
is enough.

src/providers/ldap/ldap_child.c

@@ -59,8 +59,6 @@ struct input_buffer {
     char *keytab_name;
     krb5_deltat lifetime;
     krb5_context context;
-    uid_t uid;
-    gid_t gid;
 };
 
 static inline const char *command_to_str(enum ldap_child_command cmd)
@@ -133,14 +131,6 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size,
     ibuf->lifetime = (krb5_deltat)value;
     DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %u\n", ibuf->lifetime);
 
-    /* UID and GID to run as */
-    SAFEALIGN_COPY_UINT32_CHECK(&value, buf + p, size, &p);
-    ibuf->uid = (uid_t)value;
-    SAFEALIGN_COPY_UINT32_CHECK(&value, buf + p, size, &p);
-    ibuf->gid = (gid_t)value;
-    DEBUG(SSSDBG_FUNC_DATA,
-          "Will run as [%"SPRIuid"][%"SPRIgid"].\n", ibuf->uid, ibuf->gid);
-
     return EOK;
 }
 
@@ -956,11 +946,7 @@ static errno_t handle_get_tgt(TALLOC_CTX *mem_ctx,
 
     DEBUG(SSSDBG_TRACE_INTERNAL, "Kerberos context initialized\n");
 
-    kerr = become_user(ibuf->uid, ibuf->gid);
-    if (kerr != 0) {
-        DEBUG(SSSDBG_CRIT_FAILURE, "become_user() failed.\n");
-        return kerr;
-    }
+    sss_drop_all_caps();
 
     DEBUG(SSSDBG_TRACE_INTERNAL,
           "Running as [%"SPRIuid"][%"SPRIgid"].\n", geteuid(), getegid());

src/providers/ldap/sdap_child_helpers.c

@@ -211,12 +211,6 @@ static errno_t create_child_req_send_buffer(TALLOC_CTX *mem_ctx,
     /* lifetime */
     SAFEALIGN_SET_UINT32(&buf->data[rp], lifetime, &rp);
 
-    /* UID and GID to drop privileges to, if needed. The ldap_child process runs as
-     * setuid if the back end runs unprivileged as it needs to access the keytab
-     */
-    SAFEALIGN_SET_UINT32(&buf->data[rp], geteuid(), &rp);
-    SAFEALIGN_SET_UINT32(&buf->data[rp], getegid(), &rp);
-
     *io_buf = buf;
     return EOK;
 }