3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1998,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
8 * Copyright (C) Jeremy Allison 1999.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define PIPE "\\PIPE\\"
30 #define PIPELEN strlen(PIPE)
32 extern int DEBUGLEVEL;
33 static pipes_struct *chain_p;
34 static int pipes_open;
36 #ifndef MAX_OPEN_PIPES
37 #define MAX_OPEN_PIPES 64
40 static pipes_struct *Pipes;
41 static struct bitmap *bmap;
43 /* this must be larger than the sum of the open files and directories */
44 static int pipe_handle_offset;
46 /****************************************************************************
47 Set the pipe_handle_offset. Called from smbd/files.c
48 ****************************************************************************/
50 void set_pipe_handle_offset(int max_open_files)
52 if(max_open_files < 0x7000)
53 pipe_handle_offset = 0x7000;
55 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
58 /****************************************************************************
59 Reset pipe chain handle number.
60 ****************************************************************************/
61 void reset_chain_p(void)
66 /****************************************************************************
67 Initialise pipe handle states.
68 ****************************************************************************/
70 void init_rpc_pipe_hnd(void)
72 bmap = bitmap_allocate(MAX_OPEN_PIPES);
74 exit_server("out of memory in init_rpc_pipe_hnd\n");
77 /****************************************************************************
78 Initialise an outgoing packet.
79 ****************************************************************************/
81 static BOOL pipe_init_outgoing_data(output_data *o_data)
83 /* Reset the offset counters. */
84 o_data->data_sent_length = 0;
85 o_data->current_pdu_len = 0;
86 o_data->current_pdu_sent = 0;
88 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
90 /* Free any memory in the current return data buffer. */
91 prs_mem_free(&o_data->rdata);
94 * Initialize the outgoing RPC data buffer.
95 * we will use this as the raw data area for replying to rpc requests.
97 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) {
98 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
105 /****************************************************************************
106 Attempt to find a remote process to communicate RPC's with.
107 ****************************************************************************/
109 static void attempt_remote_rpc_connect(pipes_struct *p)
111 struct user_creds usr;
112 user_struct *vuser = get_valid_user_struct(p->vuid);
117 DEBUG(4,("attempt_remote_rpc_connect: invalid vuid %d\n", (int)p->vuid));
123 /* set up unix credentials from the smb side, to feed over the pipe */
124 make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name,
125 vuser->user.full_name, vuser->guest);
127 make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid,
128 vuser->n_groups, vuser->groups);
132 DEBUG(10,("user session key not available (yet).\n"));
133 DEBUG(10,("password-change operations may fail.\n"));
135 #if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT
136 memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key));
138 memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key));
141 /* set up nt credentials from the smb side, to feed over the pipe */
143 make_creds_nt(&usr.ntc);
144 make_creds_nt_sec(&usr.nts);
147 become_root(); /* to connect to pipe */
148 p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False);
152 DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n"));
155 /****************************************************************************
156 Find first available pipe slot.
157 ****************************************************************************/
159 pipes_struct *open_rpc_pipe_p(char *pipe_name,
160 connection_struct *conn, uint16 vuid)
164 static int next_pipe;
166 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
167 pipe_name, pipes_open));
170 /* not repeating pipe numbers makes it easier to track things in
171 log files and prevents client bugs where pipe numbers are reused
172 over connection restarts */
174 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
176 i = bitmap_find(bmap, next_pipe);
179 DEBUG(0,("ERROR! Out of pipe structures\n"));
183 next_pipe = (i+1) % MAX_OPEN_PIPES;
185 for (p = Pipes; p; p = p->next)
186 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
188 p = (pipes_struct *)malloc(sizeof(*p));
198 * Initialize the incoming RPC data buffer with one PDU worth of memory.
199 * We cheat here and say we're marshalling, as we intend to add incoming
200 * data directly into the prs_struct and we want it to auto grow. We will
201 * change the type to UNMARSALLING before processing the stream.
204 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) {
205 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
210 i += pipe_handle_offset;
222 p->max_trans_reply = 0;
224 p->ntlmssp_chal_flags = 0;
225 p->ntlmssp_auth_validated = False;
226 p->ntlmssp_auth_requested = False;
228 p->pipe_bound = False;
229 p->fault_state = False;
232 * Initialize the incoming RPC struct.
235 p->in_data.pdu_needed_len = 0;
236 p->in_data.pdu_received_len = 0;
239 * Initialize the outgoing RPC struct.
242 p->out_data.current_pdu_len = 0;
243 p->out_data.current_pdu_sent = 0;
244 p->out_data.data_sent_length = 0;
247 * Initialize the outgoing RPC data buffer with no memory.
249 prs_init(&p->out_data.rdata, 0, 4, MARSHALL);
254 fstrcpy(p->name, pipe_name);
258 Comment out until memory leak fixed. JRA.
261 * For Luke - attempt to connect to RPC redirect process.
264 attempt_remote_rpc_connect(p);
267 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
268 pipe_name, i, pipes_open));
272 /* OVERWRITE p as a temp variable, to display all open pipes */
273 for (p = Pipes; p; p = p->next)
274 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
279 /****************************************************************************
280 Sets the fault state on incoming packets.
281 ****************************************************************************/
283 static void set_incoming_fault(pipes_struct *p)
285 prs_mem_free(&p->in_data.data);
286 p->in_data.pdu_needed_len = 0;
287 p->in_data.pdu_received_len = 0;
288 p->fault_state = True;
289 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
293 /****************************************************************************
294 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
295 ****************************************************************************/
297 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
299 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
301 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
302 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
303 (unsigned int)p->in_data.pdu_received_len ));
305 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
306 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
308 return (ssize_t)len_needed_to_complete_hdr;
311 /****************************************************************************
312 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
313 ****************************************************************************/
315 static ssize_t unmarshall_rpc_header(pipes_struct *p)
318 * Unmarshall the header to determine the needed length.
323 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
324 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
325 set_incoming_fault(p);
329 prs_init( &rpc_in, 0, 4, UNMARSHALL);
330 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
331 p->in_data.pdu_received_len, False);
334 * Unmarshall the header as this will tell us how much
335 * data we need to read to get the complete pdu.
338 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
339 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
340 set_incoming_fault(p);
345 * Validate the RPC header.
348 if(p->hdr.major != 5 && p->hdr.minor != 0) {
349 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
350 set_incoming_fault(p);
355 * If there is no data in the incoming buffer and it's a requst pdu then
356 * ensure that the FIRST flag is set. If not then we have
357 * a stream missmatch.
360 if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) {
361 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
362 set_incoming_fault(p);
367 * Ensure that the pdu length is sane.
370 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
371 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
372 set_incoming_fault(p);
376 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
377 (unsigned int)p->hdr.flags ));
380 * Adjust for the header we just ate.
382 p->in_data.pdu_received_len = 0;
383 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
386 * Null the data we just ate.
389 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
391 return 0; /* No extra data processed. */
394 /****************************************************************************
395 Processes a request pdu. This will do auth processing if needed, and
396 appends the data into the complete stream if the LAST flag is not set.
397 ****************************************************************************/
399 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
401 BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal_flags, NTLMSSP_NEGOTIATE_SIGN);
402 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
403 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
406 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
407 set_incoming_fault(p);
412 * Check if we need to do authentication processing.
413 * This is only done on requests, not binds.
417 * Read the RPC request header.
420 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
421 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
422 set_incoming_fault(p);
426 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
427 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
428 set_incoming_fault(p);
432 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
435 * Authentication _was_ requested and it already failed.
438 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
439 authentication failed. Denying the request.\n", p->name));
440 set_incoming_fault(p);
445 * Check the data length doesn't go over the 1Mb limit.
448 if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) {
449 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
450 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
451 set_incoming_fault(p);
456 * Append the data portion into the buffer and return.
460 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
462 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
463 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
464 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
465 set_incoming_fault(p);
471 if(p->hdr.flags & RPC_FLG_LAST) {
474 * Ok - we finally have a complete RPC stream.
475 * Call the rpc command to process it.
479 * Ensure the internal prs buffer size is *exactly* the same
480 * size as the current offset.
483 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
485 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
486 set_incoming_fault(p);
491 * Set the parse offset to the start of the data and set the
492 * prs_struct to UNMARSHALL.
495 prs_set_offset(&p->in_data.data, 0);
496 prs_switch_type(&p->in_data.data, UNMARSHALL);
499 * Process the complete data stream here.
502 if(pipe_init_outgoing_data(&p->out_data))
503 ret = api_pipe_request(p);
506 * We have consumed the whole data stream. Set back to
507 * marshalling and set the offset back to the start of
508 * the buffer to re-use it (we could also do a prs_mem_free()
509 * and then re_init on the next start of PDU. Not sure which
510 * is best here.... JRA.
513 prs_switch_type(&p->in_data.data, MARSHALL);
514 prs_set_offset(&p->in_data.data, 0);
521 /****************************************************************************
522 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
523 already been parsed and stored in p->hdr.
524 ****************************************************************************/
526 static ssize_t process_complete_pdu(pipes_struct *p)
529 size_t data_len = p->in_data.pdu_received_len;
530 char *data_p = (char *)&p->in_data.current_in_pdu[0];
534 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
536 set_incoming_fault(p);
538 return (ssize_t)data_len;
541 prs_init( &rpc_in, 0, 4, UNMARSHALL);
542 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
544 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
545 (unsigned int)p->hdr.pkt_type ));
547 switch (p->hdr.pkt_type) {
551 * We assume that a pipe bind is only in one pdu.
553 if(pipe_init_outgoing_data(&p->out_data))
554 reply = api_pipe_bind_req(p, &rpc_in);
558 * We assume that a pipe bind_resp is only in one pdu.
560 if(pipe_init_outgoing_data(&p->out_data))
561 reply = api_pipe_bind_auth_resp(p, &rpc_in);
564 reply = process_request_pdu(p, &rpc_in);
567 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
572 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
573 set_incoming_fault(p);
577 * Reset the lengths. We're ready for a new pdu.
579 p->in_data.pdu_needed_len = 0;
580 p->in_data.pdu_received_len = 0;
583 return (ssize_t)data_len;
586 /****************************************************************************
587 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
588 ****************************************************************************/
590 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
592 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
594 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
595 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
598 if(data_to_copy == 0) {
600 * This is an error - data is being received and there is no
601 * space in the PDU. Free the received data and go into the fault state.
603 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
604 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
605 set_incoming_fault(p);
610 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
611 * number of bytes before we can do anything.
614 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
616 * Always return here. If we have more data then the RPC_HEADER
617 * will be processed the next time around the loop.
619 return fill_rpc_header(p, data, data_to_copy);
623 * At this point we know we have at least an RPC_HEADER_LEN amount of data
624 * stored in current_in_pdu.
628 * If pdu_needed_len is zero this is a new pdu.
629 * Unmarshall the header so we know how much more
630 * data we need, then loop again.
633 if(p->in_data.pdu_needed_len == 0)
634 return unmarshall_rpc_header(p);
637 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
638 * Keep reading until we have a full pdu.
641 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
644 * Copy as much of the data as we need into the current_in_pdu buffer.
647 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
648 p->in_data.pdu_received_len += data_to_copy;
651 * Do we have a complete PDU ?
654 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
655 return process_complete_pdu(p);
657 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
658 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
660 return (ssize_t)data_to_copy;
664 /****************************************************************************
665 Accepts incoming data on an rpc pipe.
666 ****************************************************************************/
668 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
670 size_t data_left = n;
672 DEBUG(6,("write_to_pipe: %x", p->pnum));
674 DEBUG(6,(" name: %s open: %s len: %d\n",
675 p->name, BOOLSTR(p->open), (int)n));
677 dump_data(50, data, n);
682 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
685 * Deal with the redirect to the remote RPC daemon.
689 data_used = write(p->m->fd, data, data_left);
691 data_used = process_incoming_data(p, data, data_left);
693 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
698 data_left -= data_used;
705 /****************************************************************************
706 Gets data from a remote TNG daemon. Gets data from the remote daemon into
707 the outgoing prs_struct.
709 NB. Note to Luke : This code will be broken until Luke implements a length
710 field before reply data...
712 ****************************************************************************/
714 static BOOL read_from_remote(pipes_struct *p)
717 uint32 data_len_left;
719 if(prs_offset(&p->out_data.rdata) == 0) {
724 * Read all the reply data as a stream of pre-created
725 * PDU's from the remote deamon into the rdata struct.
729 * Create the response data buffer.
732 if(!pipe_init_outgoing_data(&p->out_data)) {
733 DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n"));
737 /* Read from remote here. */
738 if((len = read_with_timeout(p->m->fd, prs_data_p(&p->out_data.rdata), 1, 65536, 10000)) < 0) {
739 DEBUG(0,("read_from_remote: failed to read from external daemon.\n"));
740 prs_mem_free(&p->out_data.rdata);
744 /* Set the length we got. */
745 prs_set_offset(&p->out_data.rdata, (uint32)len);
749 * The amount we send is the minimum of the available
750 * space and the amount left to send.
753 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
756 * Ensure there really is data left to send.
760 DEBUG(0,("read_from_remote: no data left to send !\n"));
764 data_len = MIN(data_len_left, MAX_PDU_FRAG_LEN);
766 return False; /* Notfinished... */
769 /****************************************************************************
770 Replies to a request to read data from a pipe.
772 Headers are interspersed with the data at PDU intervals. By the time
773 this function is called, the start of the data could possibly have been
774 read by an SMBtrans (file_offset != 0).
776 Calling create_rpc_reply() here is a hack. The data should already
777 have been prepared into arrays of headers + data stream sections.
778 ****************************************************************************/
780 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
782 uint32 pdu_remaining = 0;
783 ssize_t data_returned = 0;
785 if (!p || !p->open) {
786 DEBUG(0,("read_from_pipe: pipe not open\n"));
790 DEBUG(6,("read_from_pipe: %x", p->pnum));
792 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
795 * We cannot return more than one PDU length per
799 if(n > MAX_PDU_FRAG_LEN) {
800 DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \
801 only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
806 * Determine if there is still data to send in the
807 * pipe PDU buffer. Always send this first. Never
808 * send more than is left in the current PDU. The
809 * client should send a new read request for a new
813 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
814 data_returned = (ssize_t)MIN(n, pdu_remaining);
816 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
817 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
818 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
820 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
821 p->out_data.current_pdu_sent += (uint32)data_returned;
822 return data_returned;
826 * At this point p->current_pdu_len == p->current_pdu_sent (which
827 * may of course be zero if this is the first return fragment.
830 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
831 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
832 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
834 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
836 * We have sent all possible data. Return 0.
843 * Remote to the RPC daemon.
845 if(!read_from_remote(p)) {
846 DEBUG(0,("read_from_pipe: %s: read_from_remote failed.\n", p->name ));
853 * We need to create a new PDU from the data left in p->rdata.
854 * Create the header/data/footers. This also sets up the fields
855 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
856 * and stores the outgoing PDU in p->current_pdu.
859 if(!create_next_pdu(p)) {
860 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
865 data_returned = MIN(n, p->out_data.current_pdu_len);
867 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
868 p->out_data.current_pdu_sent += (uint32)data_returned;
869 return data_returned;
872 /****************************************************************************
873 Wait device state on a pipe. Exactly what this is for is unknown...
874 ****************************************************************************/
876 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
882 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
885 p->priority = priority;
890 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
896 /****************************************************************************
897 Set device state on a pipe. Exactly what this is for is unknown...
898 ****************************************************************************/
900 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
906 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
907 device_state, p->name));
909 p->device_state = device_state;
914 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
915 device_state, p->name));
920 /****************************************************************************
922 ****************************************************************************/
924 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
927 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
931 prs_mem_free(&p->out_data.rdata);
932 prs_mem_free(&p->in_data.data);
934 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
939 DEBUG(4,("close_rpc_pipe_hnd: closing msrpc redirect: "));
940 if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL))
943 DEBUG(4,("FAILED\n"));
946 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
947 p->name, p->pnum, pipes_open));
949 DLIST_REMOVE(Pipes, p);
958 /****************************************************************************
959 Find an rpc pipe given a pipe handle in a buffer and an offset.
960 ****************************************************************************/
962 pipes_struct *get_rpc_pipe_p(char *buf, int where)
964 int pnum = SVAL(buf,where);
969 return get_rpc_pipe(pnum);
972 /****************************************************************************
973 Find an rpc pipe given a pipe handle.
974 ****************************************************************************/
976 pipes_struct *get_rpc_pipe(int pnum)
980 DEBUG(4,("search for pipe pnum=%x\n", pnum));
982 for (p=Pipes;p;p=p->next)
983 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
984 p->name, p->pnum, pipes_open));
986 for (p=Pipes;p;p=p->next) {
987 if (p->pnum == pnum) {