2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define PIPE "\\PIPE\\"
29 #define PIPELEN strlen(PIPE)
31 extern int DEBUGLEVEL;
32 static pipes_struct *chain_p;
33 static int pipes_open;
35 #ifndef MAX_OPEN_PIPES
36 #define MAX_OPEN_PIPES 64
39 static pipes_struct *Pipes;
40 static struct bitmap *bmap;
42 /****************************************************************************
43 Pipe iterator functions.
44 ****************************************************************************/
46 pipes_struct *get_first_pipe(void)
51 pipes_struct *get_next_pipe(pipes_struct *p)
56 /* this must be larger than the sum of the open files and directories */
57 static int pipe_handle_offset;
59 /****************************************************************************
60 Set the pipe_handle_offset. Called from smbd/files.c
61 ****************************************************************************/
63 void set_pipe_handle_offset(int max_open_files)
65 if(max_open_files < 0x7000)
66 pipe_handle_offset = 0x7000;
68 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
71 /****************************************************************************
72 Reset pipe chain handle number.
73 ****************************************************************************/
74 void reset_chain_p(void)
79 /****************************************************************************
80 Initialise pipe handle states.
81 ****************************************************************************/
83 void init_rpc_pipe_hnd(void)
85 bmap = bitmap_allocate(MAX_OPEN_PIPES);
87 exit_server("out of memory in init_rpc_pipe_hnd\n");
90 /****************************************************************************
91 Initialise an outgoing packet.
92 ****************************************************************************/
94 static BOOL pipe_init_outgoing_data(pipes_struct *p)
96 output_data *o_data = &p->out_data;
98 /* Reset the offset counters. */
99 o_data->data_sent_length = 0;
100 o_data->current_pdu_len = 0;
101 o_data->current_pdu_sent = 0;
103 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
105 /* Free any memory in the current return data buffer. */
106 prs_mem_free(&o_data->rdata);
109 * Initialize the outgoing RPC data buffer.
110 * we will use this as the raw data area for replying to rpc requests.
112 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
113 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
120 /****************************************************************************
121 Find first available pipe slot.
122 ****************************************************************************/
124 pipes_struct *open_rpc_pipe_p(char *pipe_name,
125 connection_struct *conn, uint16 vuid)
129 static int next_pipe;
131 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
132 pipe_name, pipes_open));
135 /* not repeating pipe numbers makes it easier to track things in
136 log files and prevents client bugs where pipe numbers are reused
137 over connection restarts */
139 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
141 i = bitmap_find(bmap, next_pipe);
144 DEBUG(0,("ERROR! Out of pipe structures\n"));
148 next_pipe = (i+1) % MAX_OPEN_PIPES;
150 for (p = Pipes; p; p = p->next)
151 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
153 p = (pipes_struct *)malloc(sizeof(*p));
160 if ((p->mem_ctx = talloc_init()) == NULL) {
161 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
166 init_pipe_handles(p);
171 * Initialize the incoming RPC data buffer with one PDU worth of memory.
172 * We cheat here and say we're marshalling, as we intend to add incoming
173 * data directly into the prs_struct and we want it to auto grow. We will
174 * change the type to UNMARSALLING before processing the stream.
177 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
178 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
183 i += pipe_handle_offset;
195 p->max_trans_reply = 0;
197 p->ntlmssp_chal_flags = 0;
198 p->ntlmssp_auth_validated = False;
199 p->ntlmssp_auth_requested = False;
201 p->pipe_bound = False;
202 p->fault_state = False;
203 p->endian = RPC_LITTLE_ENDIAN;
206 * Initialize the incoming RPC struct.
209 p->in_data.pdu_needed_len = 0;
210 p->in_data.pdu_received_len = 0;
213 * Initialize the outgoing RPC struct.
216 p->out_data.current_pdu_len = 0;
217 p->out_data.current_pdu_sent = 0;
218 p->out_data.data_sent_length = 0;
221 * Initialize the outgoing RPC data buffer with no memory.
223 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
225 ZERO_STRUCT(p->pipe_user);
227 p->pipe_user.uid = (uid_t)-1;
228 p->pipe_user.gid = (gid_t)-1;
230 fstrcpy(p->name, pipe_name);
232 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
233 pipe_name, i, pipes_open));
237 /* OVERWRITE p as a temp variable, to display all open pipes */
238 for (p = Pipes; p; p = p->next)
239 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
244 /****************************************************************************
245 Sets the fault state on incoming packets.
246 ****************************************************************************/
248 static void set_incoming_fault(pipes_struct *p)
250 prs_mem_free(&p->in_data.data);
251 p->in_data.pdu_needed_len = 0;
252 p->in_data.pdu_received_len = 0;
253 p->fault_state = True;
254 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
258 /****************************************************************************
259 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
260 ****************************************************************************/
262 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
264 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
266 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
267 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
268 (unsigned int)p->in_data.pdu_received_len ));
270 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
271 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
273 return (ssize_t)len_needed_to_complete_hdr;
276 /****************************************************************************
277 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
278 ****************************************************************************/
280 static ssize_t unmarshall_rpc_header(pipes_struct *p)
283 * Unmarshall the header to determine the needed length.
288 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
289 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
290 set_incoming_fault(p);
294 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
295 prs_set_endian_data( &rpc_in, p->endian);
297 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
298 p->in_data.pdu_received_len, False);
301 * Unmarshall the header as this will tell us how much
302 * data we need to read to get the complete pdu.
303 * This also sets the endian flag in rpc_in.
306 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
307 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
308 set_incoming_fault(p);
309 prs_mem_free(&rpc_in);
314 * Validate the RPC header.
317 if(p->hdr.major != 5 && p->hdr.minor != 0) {
318 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
319 set_incoming_fault(p);
320 prs_mem_free(&rpc_in);
325 * If there's not data in the incoming buffer this should be the start of a new RPC.
328 if(prs_offset(&p->in_data.data) == 0) {
331 * AS/U doesn't set FIRST flag in a BIND packet it seems.
334 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
336 * Ensure that the FIRST flag is set. If not then we have
337 * a stream missmatch.
340 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
341 set_incoming_fault(p);
342 prs_mem_free(&rpc_in);
347 * If this is the first PDU then set the endianness
348 * flag in the pipe. We will need this when parsing all
352 p->endian = rpc_in.bigendian_data;
354 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
355 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
360 * If this is *NOT* the first PDU then check the endianness
361 * flag in the pipe is the same as that in the PDU.
364 if (p->endian != rpc_in.bigendian_data) {
365 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
366 set_incoming_fault(p);
367 prs_mem_free(&rpc_in);
373 * Ensure that the pdu length is sane.
376 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
377 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
378 set_incoming_fault(p);
379 prs_mem_free(&rpc_in);
383 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
384 (unsigned int)p->hdr.flags ));
387 * Adjust for the header we just ate.
389 p->in_data.pdu_received_len = 0;
390 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
393 * Null the data we just ate.
396 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
398 prs_mem_free(&rpc_in);
400 return 0; /* No extra data processed. */
403 /****************************************************************************
404 Call this to free any talloc'ed memory. Do this before and after processing
406 ****************************************************************************/
408 void free_pipe_context(pipes_struct *p)
411 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
412 talloc_destroy_pool(p->mem_ctx);
414 p->mem_ctx = talloc_init();
415 if (p->mem_ctx == NULL)
416 p->fault_state = True;
420 /****************************************************************************
421 Processes a request pdu. This will do auth processing if needed, and
422 appends the data into the complete stream if the LAST flag is not set.
423 ****************************************************************************/
425 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
427 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
428 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
429 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
432 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
433 set_incoming_fault(p);
438 * Check if we need to do authentication processing.
439 * This is only done on requests, not binds.
443 * Read the RPC request header.
446 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
447 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
448 set_incoming_fault(p);
452 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
453 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
454 set_incoming_fault(p);
458 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
461 * Authentication _was_ requested and it already failed.
464 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
465 authentication failed. Denying the request.\n", p->name));
466 set_incoming_fault(p);
471 * Check the data length doesn't go over the 10Mb limit.
474 if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
475 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
476 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
477 set_incoming_fault(p);
482 * Append the data portion into the buffer and return.
486 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
488 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
489 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
490 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
491 set_incoming_fault(p);
497 if(p->hdr.flags & RPC_FLG_LAST) {
500 * Ok - we finally have a complete RPC stream.
501 * Call the rpc command to process it.
505 * Ensure the internal prs buffer size is *exactly* the same
506 * size as the current offset.
509 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
511 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
512 set_incoming_fault(p);
517 * Set the parse offset to the start of the data and set the
518 * prs_struct to UNMARSHALL.
521 prs_set_offset(&p->in_data.data, 0);
522 prs_switch_type(&p->in_data.data, UNMARSHALL);
525 * Process the complete data stream here.
528 free_pipe_context(p);
530 if(pipe_init_outgoing_data(p))
531 ret = api_pipe_request(p);
533 free_pipe_context(p);
536 * We have consumed the whole data stream. Set back to
537 * marshalling and set the offset back to the start of
538 * the buffer to re-use it (we could also do a prs_mem_free()
539 * and then re_init on the next start of PDU. Not sure which
540 * is best here.... JRA.
543 prs_switch_type(&p->in_data.data, MARSHALL);
544 prs_set_offset(&p->in_data.data, 0);
551 /****************************************************************************
552 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
553 already been parsed and stored in p->hdr.
554 ****************************************************************************/
556 static ssize_t process_complete_pdu(pipes_struct *p)
559 size_t data_len = p->in_data.pdu_received_len;
560 char *data_p = (char *)&p->in_data.current_in_pdu[0];
564 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
566 set_incoming_fault(p);
568 return (ssize_t)data_len;
571 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
572 /* Ensure we're using the corrent endianness. */
573 prs_set_endian_data( &rpc_in, p->endian);
575 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
577 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
578 (unsigned int)p->hdr.pkt_type ));
580 switch (p->hdr.pkt_type) {
584 * We assume that a pipe bind is only in one pdu.
586 if(pipe_init_outgoing_data(p))
587 reply = api_pipe_bind_req(p, &rpc_in);
591 * We assume that a pipe bind_resp is only in one pdu.
593 if(pipe_init_outgoing_data(p))
594 reply = api_pipe_bind_auth_resp(p, &rpc_in);
597 reply = process_request_pdu(p, &rpc_in);
600 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
605 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
606 set_incoming_fault(p);
608 prs_mem_free(&rpc_in);
611 * Reset the lengths. We're ready for a new pdu.
613 p->in_data.pdu_needed_len = 0;
614 p->in_data.pdu_received_len = 0;
617 prs_mem_free(&rpc_in);
618 return (ssize_t)data_len;
621 /****************************************************************************
622 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
623 ****************************************************************************/
625 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
627 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
629 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
630 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
633 if(data_to_copy == 0) {
635 * This is an error - data is being received and there is no
636 * space in the PDU. Free the received data and go into the fault state.
638 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
639 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
640 set_incoming_fault(p);
645 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
646 * number of bytes before we can do anything.
649 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
651 * Always return here. If we have more data then the RPC_HEADER
652 * will be processed the next time around the loop.
654 return fill_rpc_header(p, data, data_to_copy);
658 * At this point we know we have at least an RPC_HEADER_LEN amount of data
659 * stored in current_in_pdu.
663 * If pdu_needed_len is zero this is a new pdu.
664 * Unmarshall the header so we know how much more
665 * data we need, then loop again.
668 if(p->in_data.pdu_needed_len == 0)
669 return unmarshall_rpc_header(p);
672 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
673 * Keep reading until we have a full pdu.
676 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
679 * Copy as much of the data as we need into the current_in_pdu buffer.
682 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
683 p->in_data.pdu_received_len += data_to_copy;
686 * Do we have a complete PDU ?
689 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
690 return process_complete_pdu(p);
692 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
693 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
695 return (ssize_t)data_to_copy;
699 /****************************************************************************
700 Accepts incoming data on an rpc pipe.
701 ****************************************************************************/
703 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
705 size_t data_left = n;
707 DEBUG(6,("write_to_pipe: %x", p->pnum));
709 DEBUG(6,(" name: %s open: %s len: %d\n",
710 p->name, BOOLSTR(p->open), (int)n));
712 dump_data(50, data, n);
717 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
719 data_used = process_incoming_data(p, data, data_left);
721 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
726 data_left -= data_used;
733 /****************************************************************************
734 Replies to a request to read data from a pipe.
736 Headers are interspersed with the data at PDU intervals. By the time
737 this function is called, the start of the data could possibly have been
738 read by an SMBtrans (file_offset != 0).
740 Calling create_rpc_reply() here is a hack. The data should already
741 have been prepared into arrays of headers + data stream sections.
742 ****************************************************************************/
744 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
746 uint32 pdu_remaining = 0;
747 ssize_t data_returned = 0;
749 if (!p || !p->open) {
750 DEBUG(0,("read_from_pipe: pipe not open\n"));
754 DEBUG(6,("read_from_pipe: %x", p->pnum));
756 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
759 * We cannot return more than one PDU length per
763 if(n > MAX_PDU_FRAG_LEN) {
764 DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \
765 only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
770 * Determine if there is still data to send in the
771 * pipe PDU buffer. Always send this first. Never
772 * send more than is left in the current PDU. The
773 * client should send a new read request for a new
777 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
778 data_returned = (ssize_t)MIN(n, pdu_remaining);
780 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
781 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
782 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
784 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
785 p->out_data.current_pdu_sent += (uint32)data_returned;
790 * At this point p->current_pdu_len == p->current_pdu_sent (which
791 * may of course be zero if this is the first return fragment.
794 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
795 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
796 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
798 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
800 * We have sent all possible data, return 0.
807 * We need to create a new PDU from the data left in p->rdata.
808 * Create the header/data/footers. This also sets up the fields
809 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
810 * and stores the outgoing PDU in p->current_pdu.
813 if(!create_next_pdu(p)) {
814 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
818 data_returned = MIN(n, p->out_data.current_pdu_len);
820 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
821 p->out_data.current_pdu_sent += (uint32)data_returned;
825 return data_returned;
828 /****************************************************************************
829 Wait device state on a pipe. Exactly what this is for is unknown...
830 ****************************************************************************/
832 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
838 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
841 p->priority = priority;
846 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
852 /****************************************************************************
853 Set device state on a pipe. Exactly what this is for is unknown...
854 ****************************************************************************/
856 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
862 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
863 device_state, p->name));
865 p->device_state = device_state;
870 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
871 device_state, p->name));
876 /****************************************************************************
878 ****************************************************************************/
880 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
883 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
887 prs_mem_free(&p->out_data.rdata);
888 prs_mem_free(&p->in_data.data);
891 talloc_destroy(p->mem_ctx);
893 /* Free the handles database. */
894 close_policy_by_pipe(p);
896 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
900 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
901 p->name, p->pnum, pipes_open));
903 DLIST_REMOVE(Pipes, p);
905 delete_nt_token(&p->pipe_user.nt_user_token);
906 safe_free(p->pipe_user.groups);
915 /****************************************************************************
916 Find an rpc pipe given a pipe handle in a buffer and an offset.
917 ****************************************************************************/
919 pipes_struct *get_rpc_pipe_p(char *buf, int where)
921 int pnum = SVAL(buf,where);
926 return get_rpc_pipe(pnum);
929 /****************************************************************************
930 Find an rpc pipe given a pipe handle.
931 ****************************************************************************/
933 pipes_struct *get_rpc_pipe(int pnum)
937 DEBUG(4,("search for pipe pnum=%x\n", pnum));
939 for (p=Pipes;p;p=p->next)
940 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
941 p->name, p->pnum, pipes_open));
943 for (p=Pipes;p;p=p->next) {
944 if (p->pnum == pnum) {