question about make_connection_snum function

Herb Lewis hlewis at
Fri Feb 23 05:32:51 GMT 2007

We have a local patch to this function that I'm trying
to figure out if it is valid or not.

It is about the middle of the function

          * New code to check if there's a share security descripter
          * added from NT server manager. This is done after the
          * smb.conf checks are done as we need a uid and token. JRA.

                 NT_USER_TOKEN *token = conn->nt_user_token ?
                         conn->nt_user_token : vuser->nt_user_token;

                 BOOL can_write = share_access_check(token,

                 if (!can_write) {
                         if (!share_access_check(token,
                                                 FILE_READ_DATA)) {
                                 /* No access, read or write. */
                                 DEBUG(0,("make_connection: connection 
to %s "
                                          "denied due to security "
                                 *status = NT_STATUS_ACCESS_DENIED;
                                 return NULL;
                         } else {
                                 conn->read_only = True;

We changed the open brace to be

         if (!IS_IPC(conn)) {

Can anyone see a reason this change would be incorrect?

More information about the samba-technical mailing list