diff options
Diffstat (limited to 'source3/smbd/uid.c')
-rw-r--r-- | source3/smbd/uid.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 48d7f590c3..89d082e1ac 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -87,6 +87,7 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) unsigned int i; struct vuid_cache_entry *ent = NULL; BOOL readonly_share; + NT_USER_TOKEN *token; for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) { if (conn->vuid_cache.array[i].vuid == vuser->vuid) { @@ -104,8 +105,12 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) vuser->nt_user_token, SNUM(conn)); + token = conn->nt_user_token ? + conn->nt_user_token : vuser->nt_user_token; + if (!readonly_share && - !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) { + !share_access_check(token, lp_servicename(snum), + FILE_WRITE_DATA)) { /* smb.conf allows r/w, but the security descriptor denies * write. Fall back to looking at readonly. */ readonly_share = True; @@ -113,7 +118,7 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) "security descriptor\n")); } - if (!share_access_check(conn, snum, vuser, + if (!share_access_check(token, lp_servicename(snum), readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) { return False; |