2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Jeremy Allison 1999.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #define PIPE "\\PIPE\\"
26 #define PIPELEN strlen(PIPE)
28 static smb_np_struct *chain_p;
29 static int pipes_open;
31 #ifndef MAX_OPEN_PIPES
32 #define MAX_OPEN_PIPES 2048
35 static smb_np_struct *Pipes;
36 static pipes_struct *InternalPipes;
37 static struct bitmap *bmap;
40 * the following prototypes are declared here to avoid
41 * code being moved about too much for a patch to be
42 * disrupted / less obvious.
44 * these functions, and associated functions that they
45 * call, should be moved behind a .so module-loading
46 * system _anyway_. so that's the next step...
49 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
50 BOOL *is_data_outstanding);
51 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n);
52 static BOOL close_internal_rpc_pipe_hnd(void *np_conn);
53 static void *make_internal_rpc_pipe_p(char *pipe_name,
54 connection_struct *conn, uint16 vuid);
56 /****************************************************************************
57 Pipe iterator functions.
58 ****************************************************************************/
60 smb_np_struct *get_first_pipe(void)
65 smb_np_struct *get_next_pipe(smb_np_struct *p)
70 /****************************************************************************
71 Internal Pipe iterator functions.
72 ****************************************************************************/
74 pipes_struct *get_first_internal_pipe(void)
79 pipes_struct *get_next_internal_pipe(pipes_struct *p)
84 /* this must be larger than the sum of the open files and directories */
85 static int pipe_handle_offset;
87 /****************************************************************************
88 Set the pipe_handle_offset. Called from smbd/files.c
89 ****************************************************************************/
91 void set_pipe_handle_offset(int max_open_files)
93 if(max_open_files < 0x7000)
94 pipe_handle_offset = 0x7000;
96 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
99 /****************************************************************************
100 Reset pipe chain handle number.
101 ****************************************************************************/
102 void reset_chain_p(void)
107 /****************************************************************************
108 Initialise pipe handle states.
109 ****************************************************************************/
111 void init_rpc_pipe_hnd(void)
113 bmap = bitmap_allocate(MAX_OPEN_PIPES);
115 exit_server("out of memory in init_rpc_pipe_hnd");
118 /****************************************************************************
119 Initialise an outgoing packet.
120 ****************************************************************************/
122 static BOOL pipe_init_outgoing_data(pipes_struct *p)
124 output_data *o_data = &p->out_data;
126 /* Reset the offset counters. */
127 o_data->data_sent_length = 0;
128 o_data->current_pdu_len = 0;
129 o_data->current_pdu_sent = 0;
131 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
133 /* Free any memory in the current return data buffer. */
134 prs_mem_free(&o_data->rdata);
137 * Initialize the outgoing RPC data buffer.
138 * we will use this as the raw data area for replying to rpc requests.
140 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
141 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
148 /****************************************************************************
149 Find first available pipe slot.
150 ****************************************************************************/
152 smb_np_struct *open_rpc_pipe_p(char *pipe_name,
153 connection_struct *conn, uint16 vuid)
156 smb_np_struct *p, *p_it;
157 static int next_pipe;
159 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
160 pipe_name, pipes_open));
163 /* not repeating pipe numbers makes it easier to track things in
164 log files and prevents client bugs where pipe numbers are reused
165 over connection restarts */
167 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
169 i = bitmap_find(bmap, next_pipe);
172 DEBUG(0,("ERROR! Out of pipe structures\n"));
176 next_pipe = (i+1) % MAX_OPEN_PIPES;
178 for (p = Pipes; p; p = p->next)
179 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
181 p = (smb_np_struct *)malloc(sizeof(*p));
185 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
191 /* add a dso mechanism instead of this, here */
193 p->namedpipe_create = make_internal_rpc_pipe_p;
194 p->namedpipe_read = read_from_internal_pipe;
195 p->namedpipe_write = write_to_internal_pipe;
196 p->namedpipe_close = close_internal_rpc_pipe_hnd;
198 p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
200 if (p->np_state == NULL) {
202 DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
211 * Initialize the incoming RPC data buffer with one PDU worth of memory.
212 * We cheat here and say we're marshalling, as we intend to add incoming
213 * data directly into the prs_struct and we want it to auto grow. We will
214 * change the type to UNMARSALLING before processing the stream.
218 i += pipe_handle_offset;
230 p->max_trans_reply = 0;
232 fstrcpy(p->name, pipe_name);
234 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
235 pipe_name, i, pipes_open));
239 /* Iterate over p_it as a temp variable, to display all open pipes */
240 for (p_it = Pipes; p_it; p_it = p_it->next)
241 DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));
246 /****************************************************************************
247 * make an internal namedpipes structure
248 ****************************************************************************/
250 static void *make_internal_rpc_pipe_p(char *pipe_name,
251 connection_struct *conn, uint16 vuid)
254 user_struct *vuser = get_valid_user_struct(vuid);
256 DEBUG(4,("Create pipe requested %s\n", pipe_name));
258 if (!vuser && vuid != UID_FIELD_INVALID) {
259 DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
263 p = (pipes_struct *)malloc(sizeof(*p));
267 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
273 if ((p->mem_ctx = talloc_init()) == NULL) {
274 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
279 if (!init_pipe_handle_list(p, pipe_name)) {
280 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
281 talloc_destroy(p->mem_ctx);
287 * Initialize the incoming RPC data buffer with one PDU worth of memory.
288 * We cheat here and say we're marshalling, as we intend to add incoming
289 * data directly into the prs_struct and we want it to auto grow. We will
290 * change the type to UNMARSALLING before processing the stream.
293 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
294 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
298 DLIST_ADD(InternalPipes, p);
303 p->ntlmssp_chal_flags = 0;
304 p->ntlmssp_auth_validated = False;
305 p->ntlmssp_auth_requested = False;
307 p->pipe_bound = False;
308 p->fault_state = False;
309 p->endian = RPC_LITTLE_ENDIAN;
311 ZERO_STRUCT(p->pipe_user);
313 p->pipe_user.uid = (uid_t)-1;
314 p->pipe_user.gid = (gid_t)-1;
316 /* Store the session key */
318 memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
322 * Initialize the incoming RPC struct.
325 p->in_data.pdu_needed_len = 0;
326 p->in_data.pdu_received_len = 0;
329 * Initialize the outgoing RPC struct.
332 p->out_data.current_pdu_len = 0;
333 p->out_data.current_pdu_sent = 0;
334 p->out_data.data_sent_length = 0;
337 * Initialize the outgoing RPC data buffer with no memory.
339 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
341 fstrcpy(p->name, pipe_name);
343 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
344 pipe_name, pipes_open));
349 /****************************************************************************
350 Sets the fault state on incoming packets.
351 ****************************************************************************/
353 static void set_incoming_fault(pipes_struct *p)
355 prs_mem_free(&p->in_data.data);
356 p->in_data.pdu_needed_len = 0;
357 p->in_data.pdu_received_len = 0;
358 p->fault_state = True;
359 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n",
363 /****************************************************************************
364 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
365 ****************************************************************************/
367 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
369 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
371 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
372 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
373 (unsigned int)p->in_data.pdu_received_len ));
375 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
376 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
378 return (ssize_t)len_needed_to_complete_hdr;
381 /****************************************************************************
382 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
383 ****************************************************************************/
385 static ssize_t unmarshall_rpc_header(pipes_struct *p)
388 * Unmarshall the header to determine the needed length.
393 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
394 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
395 set_incoming_fault(p);
399 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
400 prs_set_endian_data( &rpc_in, p->endian);
402 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
403 p->in_data.pdu_received_len, False);
406 * Unmarshall the header as this will tell us how much
407 * data we need to read to get the complete pdu.
408 * This also sets the endian flag in rpc_in.
411 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
412 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
413 set_incoming_fault(p);
414 prs_mem_free(&rpc_in);
419 * Validate the RPC header.
422 if(p->hdr.major != 5 && p->hdr.minor != 0) {
423 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
424 set_incoming_fault(p);
425 prs_mem_free(&rpc_in);
430 * If there's not data in the incoming buffer this should be the start of a new RPC.
433 if(prs_offset(&p->in_data.data) == 0) {
436 * AS/U doesn't set FIRST flag in a BIND packet it seems.
439 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
441 * Ensure that the FIRST flag is set. If not then we have
442 * a stream missmatch.
445 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
446 set_incoming_fault(p);
447 prs_mem_free(&rpc_in);
452 * If this is the first PDU then set the endianness
453 * flag in the pipe. We will need this when parsing all
457 p->endian = rpc_in.bigendian_data;
459 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
460 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
465 * If this is *NOT* the first PDU then check the endianness
466 * flag in the pipe is the same as that in the PDU.
469 if (p->endian != rpc_in.bigendian_data) {
470 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
471 set_incoming_fault(p);
472 prs_mem_free(&rpc_in);
478 * Ensure that the pdu length is sane.
481 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
482 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
483 set_incoming_fault(p);
484 prs_mem_free(&rpc_in);
488 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
489 (unsigned int)p->hdr.flags ));
492 * Adjust for the header we just ate.
494 p->in_data.pdu_received_len = 0;
495 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
498 * Null the data we just ate.
501 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
503 prs_mem_free(&rpc_in);
505 return 0; /* No extra data processed. */
508 /****************************************************************************
509 Call this to free any talloc'ed memory. Do this before and after processing
511 ****************************************************************************/
513 void free_pipe_context(pipes_struct *p)
516 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
517 talloc_destroy_pool(p->mem_ctx);
519 p->mem_ctx = talloc_init();
520 if (p->mem_ctx == NULL)
521 p->fault_state = True;
525 /****************************************************************************
526 Processes a request pdu. This will do auth processing if needed, and
527 appends the data into the complete stream if the LAST flag is not set.
528 ****************************************************************************/
530 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
532 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
533 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
534 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
537 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
538 set_incoming_fault(p);
543 * Check if we need to do authentication processing.
544 * This is only done on requests, not binds.
548 * Read the RPC request header.
551 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
552 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
553 set_incoming_fault(p);
557 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
558 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
559 set_incoming_fault(p);
563 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
566 * Authentication _was_ requested and it already failed.
569 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
570 authentication failed. Denying the request.\n", p->name));
571 set_incoming_fault(p);
576 * Check the data length doesn't go over the 15Mb limit.
577 * increased after observing a bug in the Windows NT 4.0 SP6a
578 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
579 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
582 if(prs_data_size(&p->in_data.data) + data_len > 15*1024*1024) {
583 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
584 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
585 set_incoming_fault(p);
590 * Append the data portion into the buffer and return.
594 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
596 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
597 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
598 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
599 set_incoming_fault(p);
605 if(p->hdr.flags & RPC_FLG_LAST) {
608 * Ok - we finally have a complete RPC stream.
609 * Call the rpc command to process it.
613 * Ensure the internal prs buffer size is *exactly* the same
614 * size as the current offset.
617 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
619 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
620 set_incoming_fault(p);
625 * Set the parse offset to the start of the data and set the
626 * prs_struct to UNMARSHALL.
629 prs_set_offset(&p->in_data.data, 0);
630 prs_switch_type(&p->in_data.data, UNMARSHALL);
633 * Process the complete data stream here.
636 free_pipe_context(p);
638 if(pipe_init_outgoing_data(p))
639 ret = api_pipe_request(p);
641 free_pipe_context(p);
644 * We have consumed the whole data stream. Set back to
645 * marshalling and set the offset back to the start of
646 * the buffer to re-use it (we could also do a prs_mem_free()
647 * and then re_init on the next start of PDU. Not sure which
648 * is best here.... JRA.
651 prs_switch_type(&p->in_data.data, MARSHALL);
652 prs_set_offset(&p->in_data.data, 0);
659 /****************************************************************************
660 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
661 already been parsed and stored in p->hdr.
662 ****************************************************************************/
664 static ssize_t process_complete_pdu(pipes_struct *p)
667 size_t data_len = p->in_data.pdu_received_len;
668 char *data_p = (char *)&p->in_data.current_in_pdu[0];
672 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
674 set_incoming_fault(p);
675 setup_fault_pdu(p, NT_STATUS(0x1c010002));
676 return (ssize_t)data_len;
679 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
682 * Ensure we're using the corrent endianness for both the
683 * RPC header flags and the raw data we will be reading from.
686 prs_set_endian_data( &rpc_in, p->endian);
687 prs_set_endian_data( &p->in_data.data, p->endian);
689 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
691 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
692 (unsigned int)p->hdr.pkt_type ));
694 switch (p->hdr.pkt_type) {
698 * We assume that a pipe bind is only in one pdu.
700 if(pipe_init_outgoing_data(p))
701 reply = api_pipe_bind_req(p, &rpc_in);
705 * We assume that a pipe bind_resp is only in one pdu.
707 if(pipe_init_outgoing_data(p))
708 reply = api_pipe_bind_auth_resp(p, &rpc_in);
711 reply = process_request_pdu(p, &rpc_in);
714 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
718 /* Reset to little endian. Probably don't need this but it won't hurt. */
719 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
722 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
723 set_incoming_fault(p);
724 setup_fault_pdu(p, NT_STATUS(0x1c010002));
725 prs_mem_free(&rpc_in);
728 * Reset the lengths. We're ready for a new pdu.
730 p->in_data.pdu_needed_len = 0;
731 p->in_data.pdu_received_len = 0;
734 prs_mem_free(&rpc_in);
735 return (ssize_t)data_len;
738 /****************************************************************************
739 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
740 ****************************************************************************/
742 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
744 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
746 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
747 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
750 if(data_to_copy == 0) {
752 * This is an error - data is being received and there is no
753 * space in the PDU. Free the received data and go into the fault state.
755 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
756 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
757 set_incoming_fault(p);
762 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
763 * number of bytes before we can do anything.
766 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
768 * Always return here. If we have more data then the RPC_HEADER
769 * will be processed the next time around the loop.
771 return fill_rpc_header(p, data, data_to_copy);
775 * At this point we know we have at least an RPC_HEADER_LEN amount of data
776 * stored in current_in_pdu.
780 * If pdu_needed_len is zero this is a new pdu.
781 * Unmarshall the header so we know how much more
782 * data we need, then loop again.
785 if(p->in_data.pdu_needed_len == 0)
786 return unmarshall_rpc_header(p);
789 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
790 * Keep reading until we have a full pdu.
793 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
796 * Copy as much of the data as we need into the current_in_pdu buffer.
799 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
800 p->in_data.pdu_received_len += data_to_copy;
803 * Do we have a complete PDU ?
806 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
807 return process_complete_pdu(p);
809 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
810 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
812 return (ssize_t)data_to_copy;
816 /****************************************************************************
817 Accepts incoming data on an rpc pipe.
818 ****************************************************************************/
820 ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n)
822 DEBUG(6,("write_to_pipe: %x", p->pnum));
824 DEBUG(6,(" name: %s open: %s len: %d\n",
825 p->name, BOOLSTR(p->open), (int)n));
827 dump_data(50, data, n);
829 return p->namedpipe_write(p->np_state, data, n);
832 /****************************************************************************
833 Accepts incoming data on an internal rpc pipe.
834 ****************************************************************************/
836 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n)
838 pipes_struct *p = (pipes_struct*)np_conn;
839 size_t data_left = n;
844 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
846 data_used = process_incoming_data(p, data, data_left);
848 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
853 data_left -= data_used;
860 /****************************************************************************
861 Replies to a request to read data from a pipe.
863 Headers are interspersed with the data at PDU intervals. By the time
864 this function is called, the start of the data could possibly have been
865 read by an SMBtrans (file_offset != 0).
867 Calling create_rpc_reply() here is a hack. The data should already
868 have been prepared into arrays of headers + data stream sections.
869 ****************************************************************************/
871 ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n,
872 BOOL *is_data_outstanding)
874 if (!p || !p->open) {
875 DEBUG(0,("read_from_pipe: pipe not open\n"));
879 DEBUG(6,("read_from_pipe: %x", p->pnum));
881 return p->namedpipe_read(p->np_state, data, n, is_data_outstanding);
884 /****************************************************************************
885 Replies to a request to read data from a pipe.
887 Headers are interspersed with the data at PDU intervals. By the time
888 this function is called, the start of the data could possibly have been
889 read by an SMBtrans (file_offset != 0).
891 Calling create_rpc_reply() here is a hack. The data should already
892 have been prepared into arrays of headers + data stream sections.
893 ****************************************************************************/
895 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
896 BOOL *is_data_outstanding)
898 pipes_struct *p = (pipes_struct*)np_conn;
899 uint32 pdu_remaining = 0;
900 ssize_t data_returned = 0;
903 DEBUG(0,("read_from_pipe: pipe not open\n"));
907 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
910 * We cannot return more than one PDU length per
915 * This condition should result in the connection being closed.
916 * Netapp filers seem to set it to 0xffff which results in domain
917 * authentications failing. Just ignore it so things work.
920 if(n > MAX_PDU_FRAG_LEN) {
921 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
922 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
926 * Determine if there is still data to send in the
927 * pipe PDU buffer. Always send this first. Never
928 * send more than is left in the current PDU. The
929 * client should send a new read request for a new
933 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
934 data_returned = (ssize_t)MIN(n, pdu_remaining);
936 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
937 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
938 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
940 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
941 p->out_data.current_pdu_sent += (uint32)data_returned;
946 * At this point p->current_pdu_len == p->current_pdu_sent (which
947 * may of course be zero if this is the first return fragment.
950 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
951 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
952 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
954 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
956 * We have sent all possible data, return 0.
963 * We need to create a new PDU from the data left in p->rdata.
964 * Create the header/data/footers. This also sets up the fields
965 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
966 * and stores the outgoing PDU in p->current_pdu.
969 if(!create_next_pdu(p)) {
970 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
974 data_returned = MIN(n, p->out_data.current_pdu_len);
976 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
977 p->out_data.current_pdu_sent += (uint32)data_returned;
981 (*is_data_outstanding) = p->out_data.current_pdu_len > n;
982 return data_returned;
985 /****************************************************************************
986 Wait device state on a pipe. Exactly what this is for is unknown...
987 ****************************************************************************/
989 BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority)
995 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
998 p->priority = priority;
1003 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
1004 priority, p->name));
1009 /****************************************************************************
1010 Set device state on a pipe. Exactly what this is for is unknown...
1011 ****************************************************************************/
1013 BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state)
1019 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
1020 device_state, p->name));
1022 p->device_state = device_state;
1027 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
1028 device_state, p->name));
1033 /****************************************************************************
1035 ****************************************************************************/
1037 BOOL close_rpc_pipe_hnd(smb_np_struct *p)
1040 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
1044 p->namedpipe_close(p->np_state);
1046 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
1050 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
1051 p->name, p->pnum, pipes_open));
1053 DLIST_REMOVE(Pipes, p);
1062 /****************************************************************************
1064 ****************************************************************************/
1066 static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
1068 pipes_struct *p = (pipes_struct *)np_conn;
1070 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
1074 prs_mem_free(&p->out_data.rdata);
1075 prs_mem_free(&p->in_data.data);
1078 talloc_destroy(p->mem_ctx);
1080 /* Free the handles database. */
1081 close_policy_by_pipe(p);
1083 delete_nt_token(&p->pipe_user.nt_user_token);
1084 SAFE_FREE(p->pipe_user.groups);
1086 DLIST_REMOVE(InternalPipes, p);
1095 /****************************************************************************
1096 Find an rpc pipe given a pipe handle in a buffer and an offset.
1097 ****************************************************************************/
1099 smb_np_struct *get_rpc_pipe_p(char *buf, int where)
1101 int pnum = SVAL(buf,where);
1106 return get_rpc_pipe(pnum);
1109 /****************************************************************************
1110 Find an rpc pipe given a pipe handle.
1111 ****************************************************************************/
1113 smb_np_struct *get_rpc_pipe(int pnum)
1117 DEBUG(4,("search for pipe pnum=%x\n", pnum));
1119 for (p=Pipes;p;p=p->next)
1120 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
1121 p->name, p->pnum, pipes_open));
1123 for (p=Pipes;p;p=p->next) {
1124 if (p->pnum == pnum) {