From 32d056cd92d4aaa7d63f1ee6e40fb785f0b0892f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 7 Jul 2011 14:53:35 -0700
Subject: [PATCH] Move smbd_smb2_request_check_session() and smbd_smb2_request_check_tcon()
 into smbd/smb2_server.c and make them static to the file. Moves them next
 to their callers and adds comments to make the code path clearer.

Metze and Volker please review.

Jeremy.
---
 source3/smbd/globals.h        |    3 -
 source3/smbd/smb2_server.c    |  130 +++++++++++++++++++++++++++++++++++++++++
 source3/smbd/smb2_sesssetup.c |   58 ------------------
 source3/smbd/smb2_tcon.c      |   60 -------------------
 4 files changed, 130 insertions(+), 121 deletions(-)

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 97d75fd..531b4c4 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -267,9 +267,6 @@ NTSTATUS smbd_smb2_send_oplock_break(struct smbd_server_connection *sconn,
 NTSTATUS smbd_smb2_request_pending_queue(struct smbd_smb2_request *req,
 					 struct tevent_req *subreq);
 
-NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req);
-NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req);
-
 struct smb_request *smbd_smb2_fake_smb_request(struct smbd_smb2_request *req);
 void remove_smb2_chained_fsp(files_struct *fsp);
 
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index f216252..4ea1b07 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -26,6 +26,8 @@
 #include "../lib/tsocket/tsocket.h"
 #include "../lib/util/tevent_ntstatus.h"
 #include "smbprofile.h"
+#include "../librpc/gen_ndr/krb5pac.h"
+#include "auth.h"
 
 #define OUTVEC_ALLOC_SIZE (SMB2_HDR_BODY + 9)
 
@@ -1071,6 +1073,134 @@ static NTSTATUS smbd_smb2_request_process_cancel(struct smbd_smb2_request *req)
 	return NT_STATUS_OK;
 }
 
+/*************************************************************
+ Ensure an incoming session_id is a valid one for us to access.
+*************************************************************/
+
+static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
+{
+	const uint8_t *inhdr;
+	const uint8_t *outhdr;
+	int i = req->current_idx;
+	uint64_t in_session_id;
+	void *p;
+	struct smbd_smb2_session *session;
+	bool chained_fixup = false;
+
+	inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
+
+	in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
+
+	if (in_session_id == (0xFFFFFFFFFFFFFFFFLL)) {
+		if (req->async) {
+			/*
+			 * async request - fill in session_id from
+			 * already setup request out.vector[].iov_base.
+			 */
+			outhdr = (const uint8_t *)req->out.vector[i].iov_base;
+			in_session_id = BVAL(outhdr, SMB2_HDR_SESSION_ID);
+		} else if (i > 2) {
+			/*
+			 * Chained request - fill in session_id from
+			 * the previous request out.vector[].iov_base.
+			 */
+			outhdr = (const uint8_t *)req->out.vector[i-3].iov_base;
+			in_session_id = BVAL(outhdr, SMB2_HDR_SESSION_ID);
+			chained_fixup = true;
+		}
+	}
+
+	/* lookup an existing session */
+	p = idr_find(req->sconn->smb2.sessions.idtree, in_session_id);
+	if (p == NULL) {
+		return NT_STATUS_USER_SESSION_DELETED;
+	}
+	session = talloc_get_type_abort(p, struct smbd_smb2_session);
+
+	if (!NT_STATUS_IS_OK(session->status)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	set_current_user_info(session->session_info->sanitized_username,
+			      session->session_info->unix_name,
+			      session->session_info->info3->base.domain.string);
+
+	req->session = session;
+
+	if (chained_fixup) {
+		/* Fix up our own outhdr. */
+		outhdr = (const uint8_t *)req->out.vector[i].iov_base;
+		SBVAL(discard_const_p(uint8_t, outhdr), SMB2_HDR_SESSION_ID, in_session_id);
+	}
+	return NT_STATUS_OK;
+}
+
+/*************************************************************
+ Ensure an incoming tid is a valid one for us to access.
+ Change to the associated uid credentials and chdir to the
+ valid tid directory.
+*************************************************************/
+
+static NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req)
+{
+	const uint8_t *inhdr;
+	const uint8_t *outhdr;
+	int i = req->current_idx;
+	uint32_t in_tid;
+	void *p;
+	struct smbd_smb2_tcon *tcon;
+	bool chained_fixup = false;
+
+	inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
+
+	in_tid = IVAL(inhdr, SMB2_HDR_TID);
+
+	if (in_tid == (0xFFFFFFFF)) {
+		if (req->async) {
+			/*
+			 * async request - fill in tid from
+			 * already setup out.vector[].iov_base.
+			 */
+			outhdr = (const uint8_t *)req->out.vector[i].iov_base;
+			in_tid = IVAL(outhdr, SMB2_HDR_TID);
+		} else if (i > 2) {
+			/*
+			 * Chained request - fill in tid from
+			 * the previous request out.vector[].iov_base.
+			 */
+			outhdr = (const uint8_t *)req->out.vector[i-3].iov_base;
+			in_tid = IVAL(outhdr, SMB2_HDR_TID);
+			chained_fixup = true;
+		}
+	}
+
+	/* lookup an existing session */
+	p = idr_find(req->session->tcons.idtree, in_tid);
+	if (p == NULL) {
+		return NT_STATUS_NETWORK_NAME_DELETED;
+	}
+	tcon = talloc_get_type_abort(p, struct smbd_smb2_tcon);
+
+	if (!change_to_user(tcon->compat_conn,req->session->vuid)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* should we pass FLAG_CASELESS_PATHNAMES here? */
+	if (!set_current_service(tcon->compat_conn, 0, true)) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	req->tcon = tcon;
+
+	if (chained_fixup) {
+		/* Fix up our own outhdr. */
+		outhdr = (const uint8_t *)req->out.vector[i].iov_base;
+		SIVAL(discard_const_p(uint8_t, outhdr), SMB2_HDR_TID, in_tid);
+	}
+
+	return NT_STATUS_OK;
+}
+
 NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 {
 	const uint8_t *inhdr;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 6649cfb..aa6c324 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -816,64 +816,6 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
 	return NT_STATUS_LOGON_FAILURE;
 }
 
-NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
-{
-	const uint8_t *inhdr;
-	const uint8_t *outhdr;
-	int i = req->current_idx;
-	uint64_t in_session_id;
-	void *p;
-	struct smbd_smb2_session *session;
-	bool chained_fixup = false;
-
-	inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
-
-	in_session_id = BVAL(inhdr, SMB2_HDR_SESSION_ID);
-
-	if (in_session_id == (0xFFFFFFFFFFFFFFFFLL)) {
-		if (req->async) {
-			/*
-			 * async request - fill in session_id from
-			 * already setup request out.vector[].iov_base.
-			 */
-			outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-			in_session_id = BVAL(outhdr, SMB2_HDR_SESSION_ID);
-		} else if (i > 2) {
-			/*
-			 * Chained request - fill in session_id from
-			 * the previous request out.vector[].iov_base.
-			 */
-			outhdr = (const uint8_t *)req->out.vector[i-3].iov_base;
-			in_session_id = BVAL(outhdr, SMB2_HDR_SESSION_ID);
-			chained_fixup = true;
-		}
-	}
-
-	/* lookup an existing session */
-	p = idr_find(req->sconn->smb2.sessions.idtree, in_session_id);
-	if (p == NULL) {
-		return NT_STATUS_USER_SESSION_DELETED;
-	}
-	session = talloc_get_type_abort(p, struct smbd_smb2_session);
-
-	if (!NT_STATUS_IS_OK(session->status)) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
-	set_current_user_info(session->session_info->sanitized_username,
-			      session->session_info->unix_name,
-			      session->session_info->info3->base.domain.string);
-
-	req->session = session;
-
-	if (chained_fixup) {
-		/* Fix up our own outhdr. */
-		outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-		SBVAL(outhdr, SMB2_HDR_SESSION_ID, in_session_id);
-	}
-	return NT_STATUS_OK;
-}
-
 NTSTATUS smbd_smb2_request_process_logoff(struct smbd_smb2_request *req)
 {
 	const uint8_t *inbody;
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 75cfe54..8feebb4 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -277,66 +277,6 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
 	return NT_STATUS_OK;
 }
 
-NTSTATUS smbd_smb2_request_check_tcon(struct smbd_smb2_request *req)
-{
-	const uint8_t *inhdr;
-	const uint8_t *outhdr;
-	int i = req->current_idx;
-	uint32_t in_tid;
-	void *p;
-	struct smbd_smb2_tcon *tcon;
-	bool chained_fixup = false;
-
-	inhdr = (const uint8_t *)req->in.vector[i+0].iov_base;
-
-	in_tid = IVAL(inhdr, SMB2_HDR_TID);
-
-	if (in_tid == (0xFFFFFFFF)) {
-		if (req->async) {
-			/*
-			 * async request - fill in tid from
-			 * already setup out.vector[].iov_base.
-			 */
-			outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-			in_tid = IVAL(outhdr, SMB2_HDR_TID);
-		} else if (i > 2) {
-			/*
-			 * Chained request - fill in tid from
-			 * the previous request out.vector[].iov_base.
-			 */
-			outhdr = (const uint8_t *)req->out.vector[i-3].iov_base;
-			in_tid = IVAL(outhdr, SMB2_HDR_TID);
-			chained_fixup = true;
-		}
-	}
-
-	/* lookup an existing session */
-	p = idr_find(req->session->tcons.idtree, in_tid);
-	if (p == NULL) {
-		return NT_STATUS_NETWORK_NAME_DELETED;
-	}
-	tcon = talloc_get_type_abort(p, struct smbd_smb2_tcon);
-
-	if (!change_to_user(tcon->compat_conn,req->session->vuid)) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
-	/* should we pass FLAG_CASELESS_PATHNAMES here? */
-	if (!set_current_service(tcon->compat_conn, 0, true)) {
-		return NT_STATUS_ACCESS_DENIED;
-	}
-
-	req->tcon = tcon;
-
-	if (chained_fixup) {
-		/* Fix up our own outhdr. */
-		outhdr = (const uint8_t *)req->out.vector[i].iov_base;
-		SIVAL(outhdr, SMB2_HDR_TID, in_tid);
-	}
-
-	return NT_STATUS_OK;
-}
-
 NTSTATUS smbd_smb2_request_process_tdis(struct smbd_smb2_request *req)
 {
 	const uint8_t *inbody;
-- 
1.7.3.1