summaryrefslogtreecommitdiffstats
path: root/source/smb_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-04-12 07:29:12 +0000
committerAndrew Bartlett <abartlet@samba.org>2005-04-12 07:29:12 +0000
commit53fbb214fc8be3d5c82b41034f19055f87d482a2 (patch)
treea1c9e07af77317f2dffdeb7369ec89946b765891 /source/smb_server
parentf1f8238f6d5e271cb49ab31dc3fdb00e67b9040a (diff)
downloadsamba-53fbb214fc8be3d5c82b41034f19055f87d482a2.tar.gz
samba-53fbb214fc8be3d5c82b41034f19055f87d482a2.tar.xz
samba-53fbb214fc8be3d5c82b41034f19055f87d482a2.zip
r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don't
segfault). This should fix another of the issues that Richard came up with last week. Andrew Bartlett
Diffstat (limited to 'source/smb_server')
-rw-r--r--source/smb_server/reply.c26
1 files changed, 14 insertions, 12 deletions
diff --git a/source/smb_server/reply.c b/source/smb_server/reply.c
index 9c8478d6d31..a52616a7271 100644
--- a/source/smb_server/reply.c
+++ b/source/smb_server/reply.c
@@ -2172,26 +2172,28 @@ void reply_sesssetup(struct smbsrv_request *req)
void reply_ulogoffX(struct smbsrv_request *req)
{
struct smbsrv_tcon *tcon;
- uint16_t vuid;
NTSTATUS status;
- vuid = SVAL(req->in.hdr, HDR_UID);
+ if (!req->session) {
+ req_reply_error(req, NT_STATUS_DOS(ERRSRV, ERRbaduid));
+ return;
+ }
/* in user level security we are supposed to close any files
open by this user on all open tree connects */
- if ((vuid != 0) && (lp_security() != SEC_SHARE)) {
- for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
- req->tcon = tcon;
- status = ntvfs_logoff(req);
- req->tcon = NULL;
- if (!NT_STATUS_IS_OK(status)) {
- req_reply_error(req, status);
- return;
- }
+ for (tcon=req->smb_conn->tree.tcons;tcon;tcon=tcon->next) {
+ req->tcon = tcon;
+ status = ntvfs_logoff(req);
+ req->tcon = NULL;
+ if (!NT_STATUS_IS_OK(status)) {
+ req_reply_error(req, status);
+ return;
}
}
- smbsrv_invalidate_vuid(req->smb_conn, vuid);
+ talloc_free(req->session);
+ req->session = NULL; /* it is now invalid, don't use on
+ any chained packets */
req_setup_reply(req, 2, 0);
generated by cgit (git 2.34.1) at 2024-10-05 08:21:36 +0000