diff options
-rw-r--r-- | source3/lib/sysacls.c | 2 | ||||
-rw-r--r-- | source3/smbd/service.c | 22 |
2 files changed, 21 insertions, 3 deletions
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index d31c1870c3..dcd7640714 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -181,7 +181,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) id = idbuf; } else { id = gr->gr_name; - } + } case SMB_ACL_GROUP_OBJ: tag = "group"; break; diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c96bcea4e2..79c618e7b3 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -915,10 +915,28 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, */ { + BOOL can_write = False; NT_USER_TOKEN *token = conn->nt_user_token ? - conn->nt_user_token : vuser->nt_user_token; + conn->nt_user_token : + (vuser ? vuser->nt_user_token : NULL); + + /* + * I don't believe this can happen. But the + * logic above is convoluted enough to confuse + * automated checkers, so be sure. JRA. + */ + + if (token == NULL) { + DEBUG(0,("make_connection: connection to %s " + "denied due to missing " + "NT token.\n", + lp_servicename(snum))); + conn_free(conn); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; + } - BOOL can_write = share_access_check(token, + can_write = share_access_check(token, lp_servicename(snum), FILE_WRITE_DATA); |