r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don't

segfault).  This should fix another of the issues that Richard came up
with last week.

Andrew Bartlett
(This used to be commit c2c8b6abf3ffa39c8677cab4fda415d66df0c4ff)

1 files changed, 14 insertions, 12 deletions

diff --git a/source4/smb_server/reply.c b/source4/smb_server/reply.c
index 9c8478d6d3..a52616a727 100644
--- a/source4/smb_server/reply.c
+++ b/source4/smb_server/reply.c
@@ -2172,26 +2172,28 @@ void reply_sesssetup(struct smbsrv_request *req)
 void reply_ulogoffX(struct smbsrv_request *req)
 {
 	struct smbsrv_tcon *tcon;
-	uint16_t vuid;
 	NTSTATUS status;
 
-	vuid = SVAL(req->in.hdr, HDR_UID);
+	if (!req->session) {
+		req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
+		return;
+	}
 
 	/* in user level security we are supposed to close any files
 	   open by this user on all open tree connects */
-	if ((vuid != 0) && (lp_security() != SEC_SHARE)) {
-		for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
-			req->tcon = tcon;
-			status = ntvfs_logoff(req);
-			req->tcon = NULL;
-			if (!NT_STATUS_IS_OK(status)) {
-				req_reply_error(req, status);
-				return;
-			}
+	for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
+		req->tcon = tcon;
+		status = ntvfs_logoff(req);
+		req->tcon = NULL;
+		if (!NT_STATUS_IS_OK(status)) {
+			req_reply_error(req, status);
+			return;
 		}
 	}
 
-	smbsrv_invalidate_vuid(req->smb_conn, vuid);
+	talloc_free(req->session);
+	req->session = NULL; /* it is now invalid, don't use on 
+				any chained packets */
 
 	req_setup_reply(req, 2, 0);