1 files changed, 8 insertions, 5 deletions

diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index f10c84c276..ec1b56ae86 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -30,7 +30,7 @@ extern int DEBUGLEVEL;
  Check if this ACE has a SID in common with the token.
 **********************************************************************************/
 
-static BOOL token_sid_in_ace( NT_USER_TOKEN *token, SEC_ACE *ace)
+static BOOL token_sid_in_ace(const NT_USER_TOKEN *token, const SEC_ACE *ace)
 {
 	size_t i;
 
@@ -204,7 +204,7 @@ void se_map_generic(uint32 *access_mask, struct generic_mapping *mapping)
  "Access-Checking" document in MSDN.
 *****************************************************************************/ 
 
-BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
+BOOL se_access_check(SEC_DESC *sd, NT_USER_TOKEN *token,
 		     uint32 acc_desired, uint32 *acc_granted, 
 		     NTSTATUS *status)
 {
@@ -212,17 +212,20 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
 	size_t i;
 	SEC_ACL *the_acl;
 	fstring sid_str;
-	NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token;
 	uint32 tmp_acc_desired = acc_desired;
 
 	if (!status || !acc_granted)
 		return False;
 
+	if (!token)
+		token = &anonymous_token;
+
 	*status = NT_STATUS_OK;
 	*acc_granted = 0;
 
-	DEBUG(10,("se_access_check: requested access %x, for uid %u\n", 
-				(unsigned int)acc_desired, (unsigned int)user->uid ));
+	DEBUG(10,("se_access_check: requested access %x, for  NT token with %u entries and first sid %s.\n",
+		 (unsigned int)acc_desired, (unsigned int)token->num_sids,
+		sid_to_string(sid_str, &token->user_sids[0])));
 
 	/*
 	 * No security descriptor or security descriptor with no DACL