summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-04-12 07:29:12 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:11:30 -0500
commit9782a22fa90ecd852cc79c06a5f84c6bc1fea7b4 (patch)
tree3d253dcb5b7d9fdadb5069737463fab323440e61 /source4
parentab06749443dacb47cc98233f29cb5e17f277b6a6 (diff)
downloadsamba-9782a22fa90ecd852cc79c06a5f84c6bc1fea7b4.tar.gz
samba-9782a22fa90ecd852cc79c06a5f84c6bc1fea7b4.tar.bz2
samba-9782a22fa90ecd852cc79c06a5f84c6bc1fea7b4.zip
r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don't
segfault). This should fix another of the issues that Richard came up with last week. Andrew Bartlett (This used to be commit c2c8b6abf3ffa39c8677cab4fda415d66df0c4ff)
Diffstat (limited to 'source4')
-rw-r--r--source4/smb_server/reply.c26
1 files changed, 14 insertions, 12 deletions
diff --git a/source4/smb_server/reply.c b/source4/smb_server/reply.c
index 9c8478d6d3..a52616a727 100644
--- a/source4/smb_server/reply.c
+++ b/source4/smb_server/reply.c
@@ -2172,26 +2172,28 @@ void reply_sesssetup(struct smbsrv_request *req)
void reply_ulogoffX(struct smbsrv_request *req)
{
struct smbsrv_tcon *tcon;
- uint16_t vuid;
NTSTATUS status;
- vuid = SVAL(req->in.hdr, HDR_UID);
+ if (!req->session) {
+ req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
+ return;
+ }
/* in user level security we are supposed to close any files
open by this user on all open tree connects */
- if ((vuid != 0) && (lp_security() != SEC_SHARE)) {
- for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
- req->tcon = tcon;
- status = ntvfs_logoff(req);
- req->tcon = NULL;
- if (!NT_STATUS_IS_OK(status)) {
- req_reply_error(req, status);
- return;
- }
+ for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
+ req->tcon = tcon;
+ status = ntvfs_logoff(req);
+ req->tcon = NULL;
+ if (!NT_STATUS_IS_OK(status)) {
+ req_reply_error(req, status);
+ return;
}
}
- smbsrv_invalidate_vuid(req->smb_conn, vuid);
+ talloc_free(req->session);
+ req->session = NULL; /* it is now invalid, don't use on
+ any chained packets */
req_setup_reply(req, 2, 0);