3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1998,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
8 * Copyright (C) Jeremy Allison 1999.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define PIPE "\\PIPE\\"
30 #define PIPELEN strlen(PIPE)
32 extern int DEBUGLEVEL;
33 static pipes_struct *chain_p;
34 static int pipes_open;
36 #ifndef MAX_OPEN_PIPES
37 #define MAX_OPEN_PIPES 64
40 static pipes_struct *Pipes;
41 static struct bitmap *bmap;
43 /* this must be larger than the sum of the open files and directories */
44 static int pipe_handle_offset;
46 /****************************************************************************
47 Set the pipe_handle_offset. Called from smbd/files.c
48 ****************************************************************************/
50 void set_pipe_handle_offset(int max_open_files)
52 if(max_open_files < 0x7000)
53 pipe_handle_offset = 0x7000;
55 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
58 /****************************************************************************
59 Reset pipe chain handle number.
60 ****************************************************************************/
61 void reset_chain_p(void)
66 /****************************************************************************
67 Initialise pipe handle states.
68 ****************************************************************************/
70 void init_rpc_pipe_hnd(void)
72 bmap = bitmap_allocate(MAX_OPEN_PIPES);
74 exit_server("out of memory in init_rpc_pipe_hnd\n");
77 /****************************************************************************
78 Initialise an outgoing packet.
79 ****************************************************************************/
81 static BOOL pipe_init_outgoing_data(pipes_struct *p)
83 output_data *o_data = &p->out_data;
85 /* Reset the offset counters. */
86 o_data->data_sent_length = 0;
87 o_data->current_pdu_len = 0;
88 o_data->current_pdu_sent = 0;
90 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
92 /* Free any memory in the current return data buffer. */
93 prs_mem_free(&o_data->rdata);
96 * Initialize the outgoing RPC data buffer.
97 * we will use this as the raw data area for replying to rpc requests.
99 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
100 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
107 /****************************************************************************
108 Find first available pipe slot.
109 ****************************************************************************/
111 pipes_struct *open_rpc_pipe_p(char *pipe_name,
112 connection_struct *conn, uint16 vuid)
116 static int next_pipe;
118 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
119 pipe_name, pipes_open));
122 /* not repeating pipe numbers makes it easier to track things in
123 log files and prevents client bugs where pipe numbers are reused
124 over connection restarts */
126 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
128 i = bitmap_find(bmap, next_pipe);
131 DEBUG(0,("ERROR! Out of pipe structures\n"));
135 next_pipe = (i+1) % MAX_OPEN_PIPES;
137 for (p = Pipes; p; p = p->next)
138 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
140 p = (pipes_struct *)malloc(sizeof(*p));
147 if ((p->mem_ctx = talloc_init()) == NULL) {
148 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
156 * Initialize the incoming RPC data buffer with one PDU worth of memory.
157 * We cheat here and say we're marshalling, as we intend to add incoming
158 * data directly into the prs_struct and we want it to auto grow. We will
159 * change the type to UNMARSALLING before processing the stream.
162 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
163 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
168 i += pipe_handle_offset;
180 p->max_trans_reply = 0;
182 p->ntlmssp_chal_flags = 0;
183 p->ntlmssp_auth_validated = False;
184 p->ntlmssp_auth_requested = False;
186 p->pipe_bound = False;
187 p->fault_state = False;
188 p->endian = RPC_LITTLE_ENDIAN;
191 * Initialize the incoming RPC struct.
194 p->in_data.pdu_needed_len = 0;
195 p->in_data.pdu_received_len = 0;
198 * Initialize the outgoing RPC struct.
201 p->out_data.current_pdu_len = 0;
202 p->out_data.current_pdu_sent = 0;
203 p->out_data.data_sent_length = 0;
206 * Initialize the outgoing RPC data buffer with no memory.
208 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
210 ZERO_STRUCT(p->pipe_user);
212 p->pipe_user.uid = (uid_t)-1;
213 p->pipe_user.gid = (gid_t)-1;
215 fstrcpy(p->name, pipe_name);
217 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
218 pipe_name, i, pipes_open));
222 /* OVERWRITE p as a temp variable, to display all open pipes */
223 for (p = Pipes; p; p = p->next)
224 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
229 /****************************************************************************
230 Sets the fault state on incoming packets.
231 ****************************************************************************/
233 static void set_incoming_fault(pipes_struct *p)
235 prs_mem_free(&p->in_data.data);
236 p->in_data.pdu_needed_len = 0;
237 p->in_data.pdu_received_len = 0;
238 p->fault_state = True;
239 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
243 /****************************************************************************
244 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
245 ****************************************************************************/
247 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
249 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
251 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
252 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
253 (unsigned int)p->in_data.pdu_received_len ));
255 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
256 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
258 return (ssize_t)len_needed_to_complete_hdr;
261 /****************************************************************************
262 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
263 ****************************************************************************/
265 static ssize_t unmarshall_rpc_header(pipes_struct *p)
268 * Unmarshall the header to determine the needed length.
273 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
274 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
275 set_incoming_fault(p);
279 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
280 prs_set_endian_data( &rpc_in, p->endian);
282 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
283 p->in_data.pdu_received_len, False);
286 * Unmarshall the header as this will tell us how much
287 * data we need to read to get the complete pdu.
288 * This also sets the endian flag in rpc_in.
291 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
292 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
293 set_incoming_fault(p);
294 prs_mem_free(&rpc_in);
299 * Validate the RPC header.
302 if(p->hdr.major != 5 && p->hdr.minor != 0) {
303 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
304 set_incoming_fault(p);
305 prs_mem_free(&rpc_in);
310 * If there's not data in the incoming buffer and it's a
311 * request PDU this should be the start of a new RPC.
314 if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0)) {
316 if (!(p->hdr.flags & RPC_FLG_FIRST)) {
318 * Ensure that the FIRST flag is set. If not then we have
319 * a stream missmatch.
322 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
323 set_incoming_fault(p);
324 prs_mem_free(&rpc_in);
329 * If this is the first PDU then set the endianness
330 * flag in the pipe. We will need this when parsing all
334 p->endian = rpc_in.bigendian_data;
339 * If this is *NOT* the first PDU then check the endianness
340 * flag in the pipe is the same as that in the PDU.
343 if (p->endian != rpc_in.bigendian_data) {
344 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag different in next PDU !\n"));
345 set_incoming_fault(p);
346 prs_mem_free(&rpc_in);
352 * Ensure that the pdu length is sane.
355 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
356 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
357 set_incoming_fault(p);
358 prs_mem_free(&rpc_in);
362 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
363 (unsigned int)p->hdr.flags ));
366 * Adjust for the header we just ate.
368 p->in_data.pdu_received_len = 0;
369 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
372 * Null the data we just ate.
375 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
377 prs_mem_free(&rpc_in);
379 return 0; /* No extra data processed. */
382 /****************************************************************************
383 Processes a request pdu. This will do auth processing if needed, and
384 appends the data into the complete stream if the LAST flag is not set.
385 ****************************************************************************/
387 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
389 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
390 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
391 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
394 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
395 set_incoming_fault(p);
400 * Check if we need to do authentication processing.
401 * This is only done on requests, not binds.
405 * Read the RPC request header.
408 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
409 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
410 set_incoming_fault(p);
414 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
415 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
416 set_incoming_fault(p);
420 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
423 * Authentication _was_ requested and it already failed.
426 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
427 authentication failed. Denying the request.\n", p->name));
428 set_incoming_fault(p);
433 * Check the data length doesn't go over the 10Mb limit.
436 if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
437 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
438 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
439 set_incoming_fault(p);
444 * Append the data portion into the buffer and return.
448 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
450 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
451 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
452 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
453 set_incoming_fault(p);
459 if(p->hdr.flags & RPC_FLG_LAST) {
462 * Ok - we finally have a complete RPC stream.
463 * Call the rpc command to process it.
467 * Ensure the internal prs buffer size is *exactly* the same
468 * size as the current offset.
471 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
473 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
474 set_incoming_fault(p);
479 * Set the parse offset to the start of the data and set the
480 * prs_struct to UNMARSHALL.
483 prs_set_offset(&p->in_data.data, 0);
484 prs_switch_type(&p->in_data.data, UNMARSHALL);
487 * Process the complete data stream here.
490 if(pipe_init_outgoing_data(p))
491 ret = api_pipe_request(p);
494 * We have consumed the whole data stream. Set back to
495 * marshalling and set the offset back to the start of
496 * the buffer to re-use it (we could also do a prs_mem_free()
497 * and then re_init on the next start of PDU. Not sure which
498 * is best here.... JRA.
501 prs_switch_type(&p->in_data.data, MARSHALL);
502 prs_set_offset(&p->in_data.data, 0);
509 /****************************************************************************
510 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
511 already been parsed and stored in p->hdr.
512 ****************************************************************************/
514 static ssize_t process_complete_pdu(pipes_struct *p)
517 size_t data_len = p->in_data.pdu_received_len;
518 char *data_p = (char *)&p->in_data.current_in_pdu[0];
522 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
524 set_incoming_fault(p);
526 return (ssize_t)data_len;
529 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
530 /* Ensure we're using the corrent endianness. */
531 prs_set_endian_data( &rpc_in, p->endian);
533 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
535 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
536 (unsigned int)p->hdr.pkt_type ));
538 switch (p->hdr.pkt_type) {
542 * We assume that a pipe bind is only in one pdu.
544 if(pipe_init_outgoing_data(p))
545 reply = api_pipe_bind_req(p, &rpc_in);
549 * We assume that a pipe bind_resp is only in one pdu.
551 if(pipe_init_outgoing_data(p))
552 reply = api_pipe_bind_auth_resp(p, &rpc_in);
555 reply = process_request_pdu(p, &rpc_in);
558 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
563 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
564 set_incoming_fault(p);
566 prs_mem_free(&rpc_in);
569 * Reset the lengths. We're ready for a new pdu.
571 p->in_data.pdu_needed_len = 0;
572 p->in_data.pdu_received_len = 0;
575 prs_mem_free(&rpc_in);
576 return (ssize_t)data_len;
579 /****************************************************************************
580 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
581 ****************************************************************************/
583 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
585 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
587 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
588 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
591 if(data_to_copy == 0) {
593 * This is an error - data is being received and there is no
594 * space in the PDU. Free the received data and go into the fault state.
596 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
597 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
598 set_incoming_fault(p);
603 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
604 * number of bytes before we can do anything.
607 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
609 * Always return here. If we have more data then the RPC_HEADER
610 * will be processed the next time around the loop.
612 return fill_rpc_header(p, data, data_to_copy);
616 * At this point we know we have at least an RPC_HEADER_LEN amount of data
617 * stored in current_in_pdu.
621 * If pdu_needed_len is zero this is a new pdu.
622 * Unmarshall the header so we know how much more
623 * data we need, then loop again.
626 if(p->in_data.pdu_needed_len == 0)
627 return unmarshall_rpc_header(p);
630 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
631 * Keep reading until we have a full pdu.
634 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
637 * Copy as much of the data as we need into the current_in_pdu buffer.
640 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
641 p->in_data.pdu_received_len += data_to_copy;
644 * Do we have a complete PDU ?
647 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
648 return process_complete_pdu(p);
650 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
651 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
653 return (ssize_t)data_to_copy;
657 /****************************************************************************
658 Accepts incoming data on an rpc pipe.
659 ****************************************************************************/
661 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
663 size_t data_left = n;
665 DEBUG(6,("write_to_pipe: %x", p->pnum));
667 DEBUG(6,(" name: %s open: %s len: %d\n",
668 p->name, BOOLSTR(p->open), (int)n));
670 dump_data(50, data, n);
675 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
677 data_used = process_incoming_data(p, data, data_left);
679 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
684 data_left -= data_used;
691 /****************************************************************************
692 Replies to a request to read data from a pipe.
694 Headers are interspersed with the data at PDU intervals. By the time
695 this function is called, the start of the data could possibly have been
696 read by an SMBtrans (file_offset != 0).
698 Calling create_rpc_reply() here is a hack. The data should already
699 have been prepared into arrays of headers + data stream sections.
700 ****************************************************************************/
702 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
704 uint32 pdu_remaining = 0;
705 ssize_t data_returned = 0;
707 if (!p || !p->open) {
708 DEBUG(0,("read_from_pipe: pipe not open\n"));
712 DEBUG(6,("read_from_pipe: %x", p->pnum));
714 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
717 * We cannot return more than one PDU length per
721 if(n > MAX_PDU_FRAG_LEN) {
722 DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \
723 only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
728 * Determine if there is still data to send in the
729 * pipe PDU buffer. Always send this first. Never
730 * send more than is left in the current PDU. The
731 * client should send a new read request for a new
735 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
736 data_returned = (ssize_t)MIN(n, pdu_remaining);
738 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
739 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
740 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
742 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
743 p->out_data.current_pdu_sent += (uint32)data_returned;
748 * At this point p->current_pdu_len == p->current_pdu_sent (which
749 * may of course be zero if this is the first return fragment.
752 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
753 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
754 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
756 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
758 * We have sent all possible data, return 0.
765 * We need to create a new PDU from the data left in p->rdata.
766 * Create the header/data/footers. This also sets up the fields
767 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
768 * and stores the outgoing PDU in p->current_pdu.
771 if(!create_next_pdu(p)) {
772 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
776 data_returned = MIN(n, p->out_data.current_pdu_len);
778 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
779 p->out_data.current_pdu_sent += (uint32)data_returned;
783 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
785 * We have copied all possible data into the current_pdu. This RPC is finished.
786 * Reset the talloc context to free any allocated data from this RPC.
790 DEBUG(3,("read_from_pipe: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
791 talloc_destroy_pool(p->mem_ctx);
793 p->mem_ctx = talloc_init();
794 if (p->mem_ctx == NULL)
795 p->fault_state = True;
800 return data_returned;
803 /****************************************************************************
804 Wait device state on a pipe. Exactly what this is for is unknown...
805 ****************************************************************************/
807 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
813 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
816 p->priority = priority;
821 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
827 /****************************************************************************
828 Set device state on a pipe. Exactly what this is for is unknown...
829 ****************************************************************************/
831 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
837 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
838 device_state, p->name));
840 p->device_state = device_state;
845 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
846 device_state, p->name));
851 /****************************************************************************
853 ****************************************************************************/
855 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
858 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
862 prs_mem_free(&p->out_data.rdata);
863 prs_mem_free(&p->in_data.data);
866 talloc_destroy(p->mem_ctx);
868 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
872 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
873 p->name, p->pnum, pipes_open));
875 DLIST_REMOVE(Pipes, p);
877 delete_nt_token(&p->pipe_user.nt_user_token);
878 safe_free(p->pipe_user.groups);
887 /****************************************************************************
888 Find an rpc pipe given a pipe handle in a buffer and an offset.
889 ****************************************************************************/
891 pipes_struct *get_rpc_pipe_p(char *buf, int where)
893 int pnum = SVAL(buf,where);
898 return get_rpc_pipe(pnum);
901 /****************************************************************************
902 Find an rpc pipe given a pipe handle.
903 ****************************************************************************/
905 pipes_struct *get_rpc_pipe(int pnum)
909 DEBUG(4,("search for pipe pnum=%x\n", pnum));
911 for (p=Pipes;p;p=p->next)
912 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
913 p->name, p->pnum, pipes_open));
915 for (p=Pipes;p;p=p->next) {
916 if (p->pnum == pnum) {