s3:smbd: allow creating new spnego sessions only with a 0 vuid

author Stefan Metzmacher <metze@samba.org>

Thu, 3 May 2012 14:13:08 +0000 (16:13 +0200)

committer Stefan Metzmacher <metze@samba.org>

Fri, 18 May 2012 14:36:16 +0000 (16:36 +0200)
author Stefan Metzmacher <metze@samba.org>
Thu, 3 May 2012 14:13:08 +0000 (16:13 +0200)
committer Stefan Metzmacher <metze@samba.org>
Fri, 18 May 2012 14:36:16 +0000 (16:36 +0200)
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c

index 7d1535af5ac35104c52d2e4c20419eca423bd0a8..f9ba9769b59a3aa5968e4840ea3f9ba3857e8da8 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -202,6 +202,11 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
  
         /* Do we have a valid vuid now ? */
         if (!is_partial_auth_vuid(sconn, vuid)) {
+               if (vuid != 0) {
+                       reply_force_doserror(req, ERRSRV, ERRbaduid);
+                       return;
+               }
+
                 /* No, start a new authentication setup. */
                 vuid = register_initial_vuid(sconn);
                 if (vuid == UID_FIELD_INVALID) {
author	Stefan Metzmacher <metze@samba.org>
	Thu, 3 May 2012 14:13:08 +0000 (16:13 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 18 May 2012 14:36:16 +0000 (16:36 +0200)