From c10ed730d481e3d5b6710999b11b8e6969e1c16e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 4 Apr 2012 14:54:02 -0700
Subject: Second part of bugfix for bug #8837 - smbd crashes when deleting
 directory and veto files are enabled.

Store the 'struct security_token' as well as the 'struct security_unix_token'
inside the locking db when setting a delete on close.
---
 source3/smbd/reply.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'source3/smbd/reply.c')

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 6e4bcab774..884731088a 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2546,7 +2546,9 @@ static NTSTATUS do_unlink(connection_struct *conn,
 	}
 
 	/* The set is across all open files on this dev/inode pair. */
-	if (!set_delete_on_close(fsp, True, conn->session_info->unix_token)) {
+	if (!set_delete_on_close(fsp, True,
+				conn->session_info->security_token,
+				conn->session_info->unix_token)) {
 		close_file(req, fsp, NORMAL_CLOSE);
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -5664,7 +5666,9 @@ void reply_rmdir(struct smb_request *req)
 		goto out;
 	}
 
-	if (!set_delete_on_close(fsp, true, conn->session_info->unix_token)) {
+	if (!set_delete_on_close(fsp, true,
+			conn->session_info->security_token,
+			conn->session_info->unix_token)) {
 		close_file(req, fsp, ERROR_CLOSE);
 		reply_nterror(req, NT_STATUS_ACCESS_DENIED);
 		goto out;
-- 
cgit