2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Jeremy Allison 1999.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define PIPE "\\PIPE\\"
26 #define PIPELEN strlen(PIPE)
28 static smb_np_struct *chain_p;
29 static int pipes_open;
31 #ifndef MAX_OPEN_PIPES
32 #define MAX_OPEN_PIPES 2048
35 static smb_np_struct *Pipes;
36 static pipes_struct *InternalPipes;
37 static struct bitmap *bmap;
40 * the following prototypes are declared here to avoid
41 * code being moved about too much for a patch to be
42 * disrupted / less obvious.
44 * these functions, and associated functions that they
45 * call, should be moved behind a .so module-loading
46 * system _anyway_. so that's the next step...
49 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
50 BOOL *is_data_outstanding);
51 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n);
52 static BOOL close_internal_rpc_pipe_hnd(void *np_conn);
53 static void *make_internal_rpc_pipe_p(char *pipe_name,
54 connection_struct *conn, uint16 vuid);
56 /****************************************************************************
57 Pipe iterator functions.
58 ****************************************************************************/
60 smb_np_struct *get_first_pipe(void)
65 smb_np_struct *get_next_pipe(smb_np_struct *p)
70 /****************************************************************************
71 Internal Pipe iterator functions.
72 ****************************************************************************/
74 pipes_struct *get_first_internal_pipe(void)
79 pipes_struct *get_next_internal_pipe(pipes_struct *p)
84 /* this must be larger than the sum of the open files and directories */
85 static int pipe_handle_offset;
87 /****************************************************************************
88 Set the pipe_handle_offset. Called from smbd/files.c
89 ****************************************************************************/
91 void set_pipe_handle_offset(int max_open_files)
93 if(max_open_files < 0x7000)
94 pipe_handle_offset = 0x7000;
96 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
99 /****************************************************************************
100 Reset pipe chain handle number.
101 ****************************************************************************/
102 void reset_chain_p(void)
107 /****************************************************************************
108 Initialise pipe handle states.
109 ****************************************************************************/
111 void init_rpc_pipe_hnd(void)
113 bmap = bitmap_allocate(MAX_OPEN_PIPES);
115 exit_server("out of memory in init_rpc_pipe_hnd");
118 /****************************************************************************
119 Initialise an outgoing packet.
120 ****************************************************************************/
122 static BOOL pipe_init_outgoing_data(pipes_struct *p)
124 output_data *o_data = &p->out_data;
126 /* Reset the offset counters. */
127 o_data->data_sent_length = 0;
128 o_data->current_pdu_len = 0;
129 o_data->current_pdu_sent = 0;
131 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
133 /* Free any memory in the current return data buffer. */
134 prs_mem_free(&o_data->rdata);
137 * Initialize the outgoing RPC data buffer.
138 * we will use this as the raw data area for replying to rpc requests.
140 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
141 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
148 /****************************************************************************
149 Find first available pipe slot.
150 ****************************************************************************/
152 smb_np_struct *open_rpc_pipe_p(char *pipe_name,
153 connection_struct *conn, uint16 vuid)
156 smb_np_struct *p, *p_it;
157 static int next_pipe;
159 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
160 pipe_name, pipes_open));
163 /* not repeating pipe numbers makes it easier to track things in
164 log files and prevents client bugs where pipe numbers are reused
165 over connection restarts */
167 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
169 i = bitmap_find(bmap, next_pipe);
172 DEBUG(0,("ERROR! Out of pipe structures\n"));
176 next_pipe = (i+1) % MAX_OPEN_PIPES;
178 for (p = Pipes; p; p = p->next)
179 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
181 p = (smb_np_struct *)malloc(sizeof(*p));
185 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
191 /* add a dso mechanism instead of this, here */
193 p->namedpipe_create = make_internal_rpc_pipe_p;
194 p->namedpipe_read = read_from_internal_pipe;
195 p->namedpipe_write = write_to_internal_pipe;
196 p->namedpipe_close = close_internal_rpc_pipe_hnd;
198 p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
200 if (p->np_state == NULL) {
202 DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
211 * Initialize the incoming RPC data buffer with one PDU worth of memory.
212 * We cheat here and say we're marshalling, as we intend to add incoming
213 * data directly into the prs_struct and we want it to auto grow. We will
214 * change the type to UNMARSALLING before processing the stream.
218 i += pipe_handle_offset;
230 p->max_trans_reply = 0;
232 fstrcpy(p->name, pipe_name);
234 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
235 pipe_name, i, pipes_open));
239 /* Iterate over p_it as a temp variable, to display all open pipes */
240 for (p_it = Pipes; p_it; p_it = p_it->next)
241 DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));
243 /* Ensure the connection isn't idled whilst this pipe is open. */
244 conn->num_files_open++;
249 /****************************************************************************
250 * make an internal namedpipes structure
251 ****************************************************************************/
253 static void *make_internal_rpc_pipe_p(char *pipe_name,
254 connection_struct *conn, uint16 vuid)
257 user_struct *vuser = get_valid_user_struct(vuid);
259 DEBUG(4,("Create pipe requested %s\n", pipe_name));
261 if (!vuser && vuid != UID_FIELD_INVALID) {
262 DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
266 p = (pipes_struct *)malloc(sizeof(*p));
270 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
276 if ((p->mem_ctx = talloc_init()) == NULL) {
277 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
282 if (!init_pipe_handle_list(p, pipe_name)) {
283 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
284 talloc_destroy(p->mem_ctx);
290 * Initialize the incoming RPC data buffer with one PDU worth of memory.
291 * We cheat here and say we're marshalling, as we intend to add incoming
292 * data directly into the prs_struct and we want it to auto grow. We will
293 * change the type to UNMARSALLING before processing the stream.
296 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
297 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
301 DLIST_ADD(InternalPipes, p);
306 p->ntlmssp_chal_flags = 0;
307 p->ntlmssp_auth_validated = False;
308 p->ntlmssp_auth_requested = False;
310 p->pipe_bound = False;
311 p->fault_state = False;
312 p->endian = RPC_LITTLE_ENDIAN;
314 ZERO_STRUCT(p->pipe_user);
316 p->pipe_user.uid = (uid_t)-1;
317 p->pipe_user.gid = (gid_t)-1;
319 /* Store the session key */
321 memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
325 * Initialize the incoming RPC struct.
328 p->in_data.pdu_needed_len = 0;
329 p->in_data.pdu_received_len = 0;
332 * Initialize the outgoing RPC struct.
335 p->out_data.current_pdu_len = 0;
336 p->out_data.current_pdu_sent = 0;
337 p->out_data.data_sent_length = 0;
340 * Initialize the outgoing RPC data buffer with no memory.
342 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
344 fstrcpy(p->name, pipe_name);
346 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
347 pipe_name, pipes_open));
352 /****************************************************************************
353 Sets the fault state on incoming packets.
354 ****************************************************************************/
356 static void set_incoming_fault(pipes_struct *p)
358 prs_mem_free(&p->in_data.data);
359 p->in_data.pdu_needed_len = 0;
360 p->in_data.pdu_received_len = 0;
361 p->fault_state = True;
362 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n",
366 /****************************************************************************
367 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
368 ****************************************************************************/
370 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
372 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
374 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
375 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
376 (unsigned int)p->in_data.pdu_received_len ));
378 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
379 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
381 return (ssize_t)len_needed_to_complete_hdr;
384 /****************************************************************************
385 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
386 ****************************************************************************/
388 static ssize_t unmarshall_rpc_header(pipes_struct *p)
391 * Unmarshall the header to determine the needed length.
396 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
397 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
398 set_incoming_fault(p);
402 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
403 prs_set_endian_data( &rpc_in, p->endian);
405 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
406 p->in_data.pdu_received_len, False);
409 * Unmarshall the header as this will tell us how much
410 * data we need to read to get the complete pdu.
411 * This also sets the endian flag in rpc_in.
414 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
415 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
416 set_incoming_fault(p);
417 prs_mem_free(&rpc_in);
422 * Validate the RPC header.
425 if(p->hdr.major != 5 && p->hdr.minor != 0) {
426 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
427 set_incoming_fault(p);
428 prs_mem_free(&rpc_in);
433 * If there's not data in the incoming buffer this should be the start of a new RPC.
436 if(prs_offset(&p->in_data.data) == 0) {
439 * AS/U doesn't set FIRST flag in a BIND packet it seems.
442 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
444 * Ensure that the FIRST flag is set. If not then we have
445 * a stream missmatch.
448 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
449 set_incoming_fault(p);
450 prs_mem_free(&rpc_in);
455 * If this is the first PDU then set the endianness
456 * flag in the pipe. We will need this when parsing all
460 p->endian = rpc_in.bigendian_data;
462 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
463 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
468 * If this is *NOT* the first PDU then check the endianness
469 * flag in the pipe is the same as that in the PDU.
472 if (p->endian != rpc_in.bigendian_data) {
473 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
474 set_incoming_fault(p);
475 prs_mem_free(&rpc_in);
481 * Ensure that the pdu length is sane.
484 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
485 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
486 set_incoming_fault(p);
487 prs_mem_free(&rpc_in);
491 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
492 (unsigned int)p->hdr.flags ));
495 * Adjust for the header we just ate.
497 p->in_data.pdu_received_len = 0;
498 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
501 * Null the data we just ate.
504 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
506 prs_mem_free(&rpc_in);
508 return 0; /* No extra data processed. */
511 /****************************************************************************
512 Call this to free any talloc'ed memory. Do this before and after processing
514 ****************************************************************************/
516 void free_pipe_context(pipes_struct *p)
519 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
520 talloc_destroy_pool(p->mem_ctx);
522 p->mem_ctx = talloc_init();
523 if (p->mem_ctx == NULL)
524 p->fault_state = True;
528 /****************************************************************************
529 Processes a request pdu. This will do auth processing if needed, and
530 appends the data into the complete stream if the LAST flag is not set.
531 ****************************************************************************/
533 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
535 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
536 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
537 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
540 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
541 set_incoming_fault(p);
546 * Check if we need to do authentication processing.
547 * This is only done on requests, not binds.
551 * Read the RPC request header.
554 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
555 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
556 set_incoming_fault(p);
560 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
561 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
562 set_incoming_fault(p);
566 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
569 * Authentication _was_ requested and it already failed.
572 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
573 authentication failed. Denying the request.\n", p->name));
574 set_incoming_fault(p);
579 * Check the data length doesn't go over the 15Mb limit.
580 * increased after observing a bug in the Windows NT 4.0 SP6a
581 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
582 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
585 if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) {
586 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
587 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
588 set_incoming_fault(p);
593 * Append the data portion into the buffer and return.
597 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
599 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
600 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
601 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
602 set_incoming_fault(p);
608 if(p->hdr.flags & RPC_FLG_LAST) {
611 * Ok - we finally have a complete RPC stream.
612 * Call the rpc command to process it.
616 * Ensure the internal prs buffer size is *exactly* the same
617 * size as the current offset.
620 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
622 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
623 set_incoming_fault(p);
628 * Set the parse offset to the start of the data and set the
629 * prs_struct to UNMARSHALL.
632 prs_set_offset(&p->in_data.data, 0);
633 prs_switch_type(&p->in_data.data, UNMARSHALL);
636 * Process the complete data stream here.
639 free_pipe_context(p);
641 if(pipe_init_outgoing_data(p))
642 ret = api_pipe_request(p);
644 free_pipe_context(p);
647 * We have consumed the whole data stream. Set back to
648 * marshalling and set the offset back to the start of
649 * the buffer to re-use it (we could also do a prs_mem_free()
650 * and then re_init on the next start of PDU. Not sure which
651 * is best here.... JRA.
654 prs_switch_type(&p->in_data.data, MARSHALL);
655 prs_set_offset(&p->in_data.data, 0);
662 /****************************************************************************
663 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
664 already been parsed and stored in p->hdr.
665 ****************************************************************************/
667 static ssize_t process_complete_pdu(pipes_struct *p)
670 size_t data_len = p->in_data.pdu_received_len;
671 char *data_p = (char *)&p->in_data.current_in_pdu[0];
675 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
677 set_incoming_fault(p);
678 setup_fault_pdu(p, NT_STATUS(0x1c010002));
679 return (ssize_t)data_len;
682 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
685 * Ensure we're using the corrent endianness for both the
686 * RPC header flags and the raw data we will be reading from.
689 prs_set_endian_data( &rpc_in, p->endian);
690 prs_set_endian_data( &p->in_data.data, p->endian);
692 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
694 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
695 (unsigned int)p->hdr.pkt_type ));
697 switch (p->hdr.pkt_type) {
701 * We assume that a pipe bind is only in one pdu.
703 if(pipe_init_outgoing_data(p))
704 reply = api_pipe_bind_req(p, &rpc_in);
708 * We assume that a pipe bind_resp is only in one pdu.
710 if(pipe_init_outgoing_data(p))
711 reply = api_pipe_bind_auth_resp(p, &rpc_in);
714 reply = process_request_pdu(p, &rpc_in);
717 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
721 /* Reset to little endian. Probably don't need this but it won't hurt. */
722 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
725 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
726 set_incoming_fault(p);
727 setup_fault_pdu(p, NT_STATUS(0x1c010002));
728 prs_mem_free(&rpc_in);
731 * Reset the lengths. We're ready for a new pdu.
733 p->in_data.pdu_needed_len = 0;
734 p->in_data.pdu_received_len = 0;
737 prs_mem_free(&rpc_in);
738 return (ssize_t)data_len;
741 /****************************************************************************
742 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
743 ****************************************************************************/
745 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
747 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
749 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
750 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
753 if(data_to_copy == 0) {
755 * This is an error - data is being received and there is no
756 * space in the PDU. Free the received data and go into the fault state.
758 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
759 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
760 set_incoming_fault(p);
765 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
766 * number of bytes before we can do anything.
769 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
771 * Always return here. If we have more data then the RPC_HEADER
772 * will be processed the next time around the loop.
774 return fill_rpc_header(p, data, data_to_copy);
778 * At this point we know we have at least an RPC_HEADER_LEN amount of data
779 * stored in current_in_pdu.
783 * If pdu_needed_len is zero this is a new pdu.
784 * Unmarshall the header so we know how much more
785 * data we need, then loop again.
788 if(p->in_data.pdu_needed_len == 0)
789 return unmarshall_rpc_header(p);
792 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
793 * Keep reading until we have a full pdu.
796 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
799 * Copy as much of the data as we need into the current_in_pdu buffer.
802 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
803 p->in_data.pdu_received_len += data_to_copy;
806 * Do we have a complete PDU ?
809 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
810 return process_complete_pdu(p);
812 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
813 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
815 return (ssize_t)data_to_copy;
819 /****************************************************************************
820 Accepts incoming data on an rpc pipe.
821 ****************************************************************************/
823 ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n)
825 DEBUG(6,("write_to_pipe: %x", p->pnum));
827 DEBUG(6,(" name: %s open: %s len: %d\n",
828 p->name, BOOLSTR(p->open), (int)n));
830 dump_data(50, data, n);
832 return p->namedpipe_write(p->np_state, data, n);
835 /****************************************************************************
836 Accepts incoming data on an internal rpc pipe.
837 ****************************************************************************/
839 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n)
841 pipes_struct *p = (pipes_struct*)np_conn;
842 size_t data_left = n;
847 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
849 data_used = process_incoming_data(p, data, data_left);
851 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
856 data_left -= data_used;
863 /****************************************************************************
864 Replies to a request to read data from a pipe.
866 Headers are interspersed with the data at PDU intervals. By the time
867 this function is called, the start of the data could possibly have been
868 read by an SMBtrans (file_offset != 0).
870 Calling create_rpc_reply() here is a hack. The data should already
871 have been prepared into arrays of headers + data stream sections.
872 ****************************************************************************/
874 ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n,
875 BOOL *is_data_outstanding)
877 if (!p || !p->open) {
878 DEBUG(0,("read_from_pipe: pipe not open\n"));
882 DEBUG(6,("read_from_pipe: %x", p->pnum));
884 return p->namedpipe_read(p->np_state, data, n, is_data_outstanding);
887 /****************************************************************************
888 Replies to a request to read data from a pipe.
890 Headers are interspersed with the data at PDU intervals. By the time
891 this function is called, the start of the data could possibly have been
892 read by an SMBtrans (file_offset != 0).
894 Calling create_rpc_reply() here is a hack. The data should already
895 have been prepared into arrays of headers + data stream sections.
896 ****************************************************************************/
898 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
899 BOOL *is_data_outstanding)
901 pipes_struct *p = (pipes_struct*)np_conn;
902 uint32 pdu_remaining = 0;
903 ssize_t data_returned = 0;
906 DEBUG(0,("read_from_pipe: pipe not open\n"));
910 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
913 * We cannot return more than one PDU length per
918 * This condition should result in the connection being closed.
919 * Netapp filers seem to set it to 0xffff which results in domain
920 * authentications failing. Just ignore it so things work.
923 if(n > MAX_PDU_FRAG_LEN) {
924 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
925 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
929 * Determine if there is still data to send in the
930 * pipe PDU buffer. Always send this first. Never
931 * send more than is left in the current PDU. The
932 * client should send a new read request for a new
936 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
937 data_returned = (ssize_t)MIN(n, pdu_remaining);
939 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
940 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
941 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
943 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
944 p->out_data.current_pdu_sent += (uint32)data_returned;
949 * At this point p->current_pdu_len == p->current_pdu_sent (which
950 * may of course be zero if this is the first return fragment.
953 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
954 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
955 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
957 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
959 * We have sent all possible data, return 0.
966 * We need to create a new PDU from the data left in p->rdata.
967 * Create the header/data/footers. This also sets up the fields
968 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
969 * and stores the outgoing PDU in p->current_pdu.
972 if(!create_next_pdu(p)) {
973 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
977 data_returned = MIN(n, p->out_data.current_pdu_len);
979 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
980 p->out_data.current_pdu_sent += (uint32)data_returned;
984 (*is_data_outstanding) = p->out_data.current_pdu_len > n;
985 return data_returned;
988 /****************************************************************************
989 Wait device state on a pipe. Exactly what this is for is unknown...
990 ****************************************************************************/
992 BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority)
998 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
1001 p->priority = priority;
1006 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
1007 priority, p->name));
1012 /****************************************************************************
1013 Set device state on a pipe. Exactly what this is for is unknown...
1014 ****************************************************************************/
1016 BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state)
1022 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
1023 device_state, p->name));
1025 p->device_state = device_state;
1030 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
1031 device_state, p->name));
1036 /****************************************************************************
1038 ****************************************************************************/
1040 BOOL close_rpc_pipe_hnd(smb_np_struct *p)
1043 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
1047 p->namedpipe_close(p->np_state);
1049 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
1053 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
1054 p->name, p->pnum, pipes_open));
1056 DLIST_REMOVE(Pipes, p);
1062 conn->num_files_open--;
1067 /****************************************************************************
1069 ****************************************************************************/
1071 static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
1073 pipes_struct *p = (pipes_struct *)np_conn;
1075 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
1079 prs_mem_free(&p->out_data.rdata);
1080 prs_mem_free(&p->in_data.data);
1083 talloc_destroy(p->mem_ctx);
1085 /* Free the handles database. */
1086 close_policy_by_pipe(p);
1088 delete_nt_token(&p->pipe_user.nt_user_token);
1089 SAFE_FREE(p->pipe_user.groups);
1091 DLIST_REMOVE(InternalPipes, p);
1100 /****************************************************************************
1101 Find an rpc pipe given a pipe handle in a buffer and an offset.
1102 ****************************************************************************/
1104 smb_np_struct *get_rpc_pipe_p(char *buf, int where)
1106 int pnum = SVAL(buf,where);
1111 return get_rpc_pipe(pnum);
1114 /****************************************************************************
1115 Find an rpc pipe given a pipe handle.
1116 ****************************************************************************/
1118 smb_np_struct *get_rpc_pipe(int pnum)
1122 DEBUG(4,("search for pipe pnum=%x\n", pnum));
1124 for (p=Pipes;p;p=p->next)
1125 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
1126 p->name, p->pnum, pipes_open));
1128 for (p=Pipes;p;p=p->next) {
1129 if (p->pnum == pnum) {