10d0c3bcb84c21aaecd4263a21bdbb27f3930ea2
[samba.git] / source3 / rpc_server / srv_pipe_hnd.c
1 /* 
2  *  Unix SMB/Netbios implementation.
3  *  Version 1.9.
4  *  RPC Pipe client / server routines
5  *  Copyright (C) Andrew Tridgell              1992-1998,
6  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7  *  Copyright (C) Jeremy Allison                                    1999.
8  *  
9  *  This program is free software; you can redistribute it and/or modify
10  *  it under the terms of the GNU General Public License as published by
11  *  the Free Software Foundation; either version 2 of the License, or
12  *  (at your option) any later version.
13  *  
14  *  This program is distributed in the hope that it will be useful,
15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  *  GNU General Public License for more details.
18  *  
19  *  You should have received a copy of the GNU General Public License
20  *  along with this program; if not, write to the Free Software
21  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22  */
23
24 #include "includes.h"
25
26 #define PIPE            "\\PIPE\\"
27 #define PIPELEN         strlen(PIPE)
28
29 static pipes_struct *chain_p;
30 static int pipes_open;
31
32 #ifndef MAX_OPEN_PIPES
33 #define MAX_OPEN_PIPES 64
34 #endif
35
36 static pipes_struct *Pipes;
37 static struct bitmap *bmap;
38
39 /****************************************************************************
40  Pipe iterator functions.
41 ****************************************************************************/
42
43 pipes_struct *get_first_pipe(void)
44 {
45         return Pipes;
46 }
47
48 pipes_struct *get_next_pipe(pipes_struct *p)
49 {
50         return p->next;
51 }
52
53 /* this must be larger than the sum of the open files and directories */
54 static int pipe_handle_offset;
55
56 /****************************************************************************
57  Set the pipe_handle_offset. Called from smbd/files.c
58 ****************************************************************************/
59
60 void set_pipe_handle_offset(int max_open_files)
61 {
62   if(max_open_files < 0x7000)
63     pipe_handle_offset = 0x7000;
64   else
65     pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
66 }
67
68 /****************************************************************************
69  Reset pipe chain handle number.
70 ****************************************************************************/
71 void reset_chain_p(void)
72 {
73         chain_p = NULL;
74 }
75
76 /****************************************************************************
77  Initialise pipe handle states.
78 ****************************************************************************/
79
80 void init_rpc_pipe_hnd(void)
81 {
82         bmap = bitmap_allocate(MAX_OPEN_PIPES);
83         if (!bmap)
84                 exit_server("out of memory in init_rpc_pipe_hnd\n");
85 }
86
87 /****************************************************************************
88  Initialise an outgoing packet.
89 ****************************************************************************/
90
91 static BOOL pipe_init_outgoing_data(pipes_struct *p)
92 {
93         output_data *o_data = &p->out_data;
94
95         /* Reset the offset counters. */
96         o_data->data_sent_length = 0;
97         o_data->current_pdu_len = 0;
98         o_data->current_pdu_sent = 0;
99
100         memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
101
102         /* Free any memory in the current return data buffer. */
103         prs_mem_free(&o_data->rdata);
104
105         /*
106          * Initialize the outgoing RPC data buffer.
107          * we will use this as the raw data area for replying to rpc requests.
108          */     
109         if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
110                 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
111                 return False;
112         }
113
114         return True;
115 }
116
117 /****************************************************************************
118  Find first available pipe slot.
119 ****************************************************************************/
120
121 pipes_struct *open_rpc_pipe_p(char *pipe_name, 
122                               connection_struct *conn, uint16 vuid)
123 {
124         int i;
125         pipes_struct *p;
126         static int next_pipe;
127
128         DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
129                  pipe_name, pipes_open));
130
131         
132         /* not repeating pipe numbers makes it easier to track things in 
133            log files and prevents client bugs where pipe numbers are reused
134            over connection restarts */
135         if (next_pipe == 0)
136                 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
137
138         i = bitmap_find(bmap, next_pipe);
139
140         if (i == -1) {
141                 DEBUG(0,("ERROR! Out of pipe structures\n"));
142                 return NULL;
143         }
144
145         next_pipe = (i+1) % MAX_OPEN_PIPES;
146
147         for (p = Pipes; p; p = p->next)
148                 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));  
149
150         p = (pipes_struct *)malloc(sizeof(*p));
151
152         if (!p)
153                 return NULL;
154
155         ZERO_STRUCTP(p);
156
157         if ((p->mem_ctx = talloc_init()) == NULL) {
158                 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
159                 SAFE_FREE(p);
160                 return NULL;
161         }
162
163         if (!init_pipe_handle_list(p, pipe_name)) {
164                 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
165                 talloc_destroy(p->mem_ctx);
166                 SAFE_FREE(p);
167                 return NULL;
168         }
169
170
171         DLIST_ADD(Pipes, p);
172
173         /*
174          * Initialize the incoming RPC data buffer with one PDU worth of memory.
175          * We cheat here and say we're marshalling, as we intend to add incoming
176          * data directly into the prs_struct and we want it to auto grow. We will
177          * change the type to UNMARSALLING before processing the stream.
178          */
179
180         if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
181                 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
182                 return NULL;
183         }
184
185         bitmap_set(bmap, i);
186         i += pipe_handle_offset;
187
188         pipes_open++;
189
190         p->pnum = i;
191
192         p->open = True;
193         p->device_state = 0;
194         p->priority = 0;
195         p->conn = conn;
196         p->vuid  = vuid;
197
198         p->max_trans_reply = 0;
199         
200         p->ntlmssp_chal_flags = 0;
201         p->ntlmssp_auth_validated = False;
202         p->ntlmssp_auth_requested = False;
203
204         p->pipe_bound = False;
205         p->fault_state = False;
206         p->endian = RPC_LITTLE_ENDIAN;
207
208         /*
209          * Initialize the incoming RPC struct.
210          */
211
212         p->in_data.pdu_needed_len = 0;
213         p->in_data.pdu_received_len = 0;
214
215         /*
216          * Initialize the outgoing RPC struct.
217          */
218
219         p->out_data.current_pdu_len = 0;
220         p->out_data.current_pdu_sent = 0;
221         p->out_data.data_sent_length = 0;
222
223         /*
224          * Initialize the outgoing RPC data buffer with no memory.
225          */     
226         prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
227         
228         ZERO_STRUCT(p->pipe_user);
229
230         p->pipe_user.uid = (uid_t)-1;
231         p->pipe_user.gid = (gid_t)-1;
232         
233         fstrcpy(p->name, pipe_name);
234         
235         DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
236                  pipe_name, i, pipes_open));
237         
238         chain_p = p;
239         
240         /* OVERWRITE p as a temp variable, to display all open pipes */ 
241         for (p = Pipes; p; p = p->next)
242                 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));  
243
244         return chain_p;
245 }
246
247 /****************************************************************************
248  Sets the fault state on incoming packets.
249 ****************************************************************************/
250
251 static void set_incoming_fault(pipes_struct *p)
252 {
253         prs_mem_free(&p->in_data.data);
254         p->in_data.pdu_needed_len = 0;
255         p->in_data.pdu_received_len = 0;
256         p->fault_state = True;
257         DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
258                 p->name, p->pnum ));
259 }
260
261 /****************************************************************************
262  Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
263 ****************************************************************************/
264
265 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
266 {
267         size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
268
269         DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
270                         (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
271                         (unsigned int)p->in_data.pdu_received_len ));
272
273         memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
274         p->in_data.pdu_received_len += len_needed_to_complete_hdr;
275
276         return (ssize_t)len_needed_to_complete_hdr;
277 }
278
279 /****************************************************************************
280  Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
281 ****************************************************************************/
282
283 static ssize_t unmarshall_rpc_header(pipes_struct *p)
284 {
285         /*
286          * Unmarshall the header to determine the needed length.
287          */
288
289         prs_struct rpc_in;
290
291         if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
292                 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
293                 set_incoming_fault(p);
294                 return -1;
295         }
296
297         prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
298         prs_set_endian_data( &rpc_in, p->endian);
299
300         prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
301                                         p->in_data.pdu_received_len, False);
302
303         /*
304          * Unmarshall the header as this will tell us how much
305          * data we need to read to get the complete pdu.
306          * This also sets the endian flag in rpc_in.
307          */
308
309         if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
310                 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
311                 set_incoming_fault(p);
312                 prs_mem_free(&rpc_in);
313                 return -1;
314         }
315
316         /*
317          * Validate the RPC header.
318          */
319
320         if(p->hdr.major != 5 && p->hdr.minor != 0) {
321                 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
322                 set_incoming_fault(p);
323                 prs_mem_free(&rpc_in);
324                 return -1;
325         }
326
327         /*
328          * If there's not data in the incoming buffer this should be the start of a new RPC.
329          */
330
331         if(prs_offset(&p->in_data.data) == 0) {
332
333                 /*
334                  * AS/U doesn't set FIRST flag in a BIND packet it seems.
335                  */
336
337                 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
338                         /*
339                          * Ensure that the FIRST flag is set. If not then we have
340                          * a stream missmatch.
341                          */
342
343                         DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
344                         set_incoming_fault(p);
345                         prs_mem_free(&rpc_in);
346                         return -1;
347                 }
348
349                 /*
350                  * If this is the first PDU then set the endianness
351                  * flag in the pipe. We will need this when parsing all
352                  * data in this RPC.
353                  */
354
355                 p->endian = rpc_in.bigendian_data;
356
357                 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
358                                 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
359
360         } else {
361
362                 /*
363                  * If this is *NOT* the first PDU then check the endianness
364                  * flag in the pipe is the same as that in the PDU.
365                  */
366
367                 if (p->endian != rpc_in.bigendian_data) {
368                         DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
369                         set_incoming_fault(p);
370                         prs_mem_free(&rpc_in);
371                         return -1;
372                 }
373         }
374
375         /*
376          * Ensure that the pdu length is sane.
377          */
378
379         if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
380                 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
381                 set_incoming_fault(p);
382                 prs_mem_free(&rpc_in);
383                 return -1;
384         }
385
386         DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
387                         (unsigned int)p->hdr.flags ));
388
389         /*
390          * Adjust for the header we just ate.
391          */
392         p->in_data.pdu_received_len = 0;
393         p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
394
395         /*
396          * Null the data we just ate.
397          */
398
399         memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
400
401         prs_mem_free(&rpc_in);
402
403         return 0; /* No extra data processed. */
404 }
405
406 /****************************************************************************
407  Call this to free any talloc'ed memory. Do this before and after processing
408  a complete PDU.
409 ****************************************************************************/
410
411 void free_pipe_context(pipes_struct *p)
412 {
413         if (p->mem_ctx) {
414                 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
415                 talloc_destroy_pool(p->mem_ctx);
416         } else {
417                 p->mem_ctx = talloc_init();
418                 if (p->mem_ctx == NULL)
419                         p->fault_state = True;
420         }
421 }
422
423 /****************************************************************************
424  Processes a request pdu. This will do auth processing if needed, and
425  appends the data into the complete stream if the LAST flag is not set.
426 ****************************************************************************/
427
428 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
429 {
430         BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
431         size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
432                                 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
433
434         if(!p->pipe_bound) {
435                 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
436                 set_incoming_fault(p);
437                 return False;
438         }
439
440         /*
441          * Check if we need to do authentication processing.
442          * This is only done on requests, not binds.
443          */
444
445         /*
446          * Read the RPC request header.
447          */
448
449         if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
450                 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
451                 set_incoming_fault(p);
452                 return False;
453         }
454
455         if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
456                 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
457                 set_incoming_fault(p);
458                 return False;
459         }
460
461         if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
462
463                 /*
464                  * Authentication _was_ requested and it already failed.
465                  */
466
467                 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
468 authentication failed. Denying the request.\n", p->name));
469                 set_incoming_fault(p);
470         return False;
471     }
472
473         /*
474          * Check the data length doesn't go over the 10Mb limit.
475          */
476         
477         if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
478                 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
479                                 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
480                 set_incoming_fault(p);
481                 return False;
482         }
483
484         /*
485          * Append the data portion into the buffer and return.
486          */
487
488         {
489                 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
490
491                 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
492                         DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
493                                         (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
494                         set_incoming_fault(p);
495                         return False;
496                 }
497
498         }
499
500         if(p->hdr.flags & RPC_FLG_LAST) {
501                 BOOL ret = False;
502                 /*
503                  * Ok - we finally have a complete RPC stream.
504                  * Call the rpc command to process it.
505                  */
506
507                 /*
508                  * Ensure the internal prs buffer size is *exactly* the same
509                  * size as the current offset.
510                  */
511
512                 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
513                 {
514                         DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
515                         set_incoming_fault(p);
516                         return False;
517                 }
518
519                 /*
520                  * Set the parse offset to the start of the data and set the
521                  * prs_struct to UNMARSHALL.
522                  */
523
524                 prs_set_offset(&p->in_data.data, 0);
525                 prs_switch_type(&p->in_data.data, UNMARSHALL);
526
527                 /*
528                  * Process the complete data stream here.
529                  */
530
531                 free_pipe_context(p);
532
533                 if(pipe_init_outgoing_data(p))
534                         ret = api_pipe_request(p);
535
536                 free_pipe_context(p);
537
538                 /*
539                  * We have consumed the whole data stream. Set back to
540                  * marshalling and set the offset back to the start of
541                  * the buffer to re-use it (we could also do a prs_mem_free()
542                  * and then re_init on the next start of PDU. Not sure which
543                  * is best here.... JRA.
544                  */
545
546                 prs_switch_type(&p->in_data.data, MARSHALL);
547                 prs_set_offset(&p->in_data.data, 0);
548                 return ret;
549         }
550
551         return True;
552 }
553
554 /****************************************************************************
555  Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
556  already been parsed and stored in p->hdr.
557 ****************************************************************************/
558
559 static ssize_t process_complete_pdu(pipes_struct *p)
560 {
561         prs_struct rpc_in;
562         size_t data_len = p->in_data.pdu_received_len;
563         char *data_p = (char *)&p->in_data.current_in_pdu[0];
564         BOOL reply = False;
565
566         if(p->fault_state) {
567                 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
568                         p->name ));
569                 set_incoming_fault(p);
570                 setup_fault_pdu(p, NT_STATUS(0x1c010002));
571                 return (ssize_t)data_len;
572         }
573
574         prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
575
576         /*
577          * Ensure we're using the corrent endianness for both the 
578          * RPC header flags and the raw data we will be reading from.
579          */
580
581         prs_set_endian_data( &rpc_in, p->endian);
582         prs_set_endian_data( &p->in_data.data, p->endian);
583
584         prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
585
586         DEBUG(10,("process_complete_pdu: processing packet type %u\n",
587                         (unsigned int)p->hdr.pkt_type ));
588
589         switch (p->hdr.pkt_type) {
590                 case RPC_BIND:
591                 case RPC_ALTCONT:
592                         /*
593                          * We assume that a pipe bind is only in one pdu.
594                          */
595                         if(pipe_init_outgoing_data(p))
596                                 reply = api_pipe_bind_req(p, &rpc_in);
597                         break;
598                 case RPC_BINDRESP:
599                         /*
600                          * We assume that a pipe bind_resp is only in one pdu.
601                          */
602                         if(pipe_init_outgoing_data(p))
603                                 reply = api_pipe_bind_auth_resp(p, &rpc_in);
604                         break;
605                 case RPC_REQUEST:
606                         reply = process_request_pdu(p, &rpc_in);
607                         break;
608                 default:
609                         DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
610                         break;
611         }
612
613         /* Reset to little endian. Probably don't need this but it won't hurt. */
614         prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
615
616         if (!reply) {
617                 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
618                 set_incoming_fault(p);
619                 setup_fault_pdu(p, NT_STATUS(0x1c010002));
620                 prs_mem_free(&rpc_in);
621         } else {
622                 /*
623                  * Reset the lengths. We're ready for a new pdu.
624                  */
625                 p->in_data.pdu_needed_len = 0;
626                 p->in_data.pdu_received_len = 0;
627         }
628
629         prs_mem_free(&rpc_in);
630         return (ssize_t)data_len;
631 }
632
633 /****************************************************************************
634  Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
635 ****************************************************************************/
636
637 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
638 {
639         size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
640
641         DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
642                 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
643                 (unsigned int)n ));
644
645         if(data_to_copy == 0) {
646                 /*
647                  * This is an error - data is being received and there is no
648                  * space in the PDU. Free the received data and go into the fault state.
649                  */
650                 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
651 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
652                 set_incoming_fault(p);
653                 return -1;
654         }
655
656         /*
657          * If we have no data already, wait until we get at least a RPC_HEADER_LEN
658          * number of bytes before we can do anything.
659          */
660
661         if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
662                 /*
663                  * Always return here. If we have more data then the RPC_HEADER
664                  * will be processed the next time around the loop.
665                  */
666                 return fill_rpc_header(p, data, data_to_copy);
667         }
668
669         /*
670          * At this point we know we have at least an RPC_HEADER_LEN amount of data
671          * stored in current_in_pdu.
672          */
673
674         /*
675          * If pdu_needed_len is zero this is a new pdu. 
676          * Unmarshall the header so we know how much more
677          * data we need, then loop again.
678          */
679
680         if(p->in_data.pdu_needed_len == 0)
681                 return unmarshall_rpc_header(p);
682
683         /*
684          * Ok - at this point we have a valid RPC_HEADER in p->hdr.
685          * Keep reading until we have a full pdu.
686          */
687
688         data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
689
690         /*
691          * Copy as much of the data as we need into the current_in_pdu buffer.
692          */
693
694         memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
695         p->in_data.pdu_received_len += data_to_copy;
696
697         /*
698          * Do we have a complete PDU ?
699          */
700
701         if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
702                 return process_complete_pdu(p);
703
704         DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
705                 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
706
707         return (ssize_t)data_to_copy;
708
709 }
710
711 /****************************************************************************
712  Accepts incoming data on an rpc pipe.
713 ****************************************************************************/
714
715 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
716 {
717         size_t data_left = n;
718
719         DEBUG(6,("write_to_pipe: %x", p->pnum));
720
721         DEBUG(6,(" name: %s open: %s len: %d\n",
722                  p->name, BOOLSTR(p->open), (int)n));
723
724         dump_data(50, data, n);
725
726         while(data_left) {
727                 ssize_t data_used;
728
729                 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
730
731                 data_used = process_incoming_data(p, data, data_left);
732
733                 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
734
735                 if(data_used < 0)
736                         return -1;
737
738                 data_left -= data_used;
739                 data += data_used;
740         }       
741
742         return n;
743 }
744
745 /****************************************************************************
746  Replies to a request to read data from a pipe.
747
748  Headers are interspersed with the data at PDU intervals. By the time
749  this function is called, the start of the data could possibly have been
750  read by an SMBtrans (file_offset != 0).
751
752  Calling create_rpc_reply() here is a hack. The data should already
753  have been prepared into arrays of headers + data stream sections.
754 ****************************************************************************/
755
756 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
757 {
758         uint32 pdu_remaining = 0;
759         ssize_t data_returned = 0;
760
761         if (!p || !p->open) {
762                 DEBUG(0,("read_from_pipe: pipe not open\n"));
763                 return -1;              
764         }
765
766         DEBUG(6,("read_from_pipe: %x", p->pnum));
767
768         DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
769
770         /*
771          * We cannot return more than one PDU length per
772          * read request.
773          */
774
775         /*
776          * This condition should result in the connection being closed.  
777          * Netapp filers seem to set it to 0xffff which results in domain
778          * authentications failing.  Just ignore it so things work.
779          */
780
781         if(n > MAX_PDU_FRAG_LEN) {
782                 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
783 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
784         }
785
786         /*
787          * Determine if there is still data to send in the
788          * pipe PDU buffer. Always send this first. Never
789          * send more than is left in the current PDU. The
790          * client should send a new read request for a new
791          * PDU.
792          */
793
794         if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
795                 data_returned = (ssize_t)MIN(n, pdu_remaining);
796
797                 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
798 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, 
799                         (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
800
801                 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
802                 p->out_data.current_pdu_sent += (uint32)data_returned;
803                 goto out;
804         }
805
806         /*
807          * At this point p->current_pdu_len == p->current_pdu_sent (which
808          * may of course be zero if this is the first return fragment.
809          */
810
811         DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
812 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
813                 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
814
815         if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
816                 /*
817                  * We have sent all possible data, return 0.
818                  */
819                 data_returned = 0;
820                 goto out;
821         }
822
823         /*
824          * We need to create a new PDU from the data left in p->rdata.
825          * Create the header/data/footers. This also sets up the fields
826          * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
827          * and stores the outgoing PDU in p->current_pdu.
828          */
829
830         if(!create_next_pdu(p)) {
831                 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
832                 return -1;
833         }
834
835         data_returned = MIN(n, p->out_data.current_pdu_len);
836
837         memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
838         p->out_data.current_pdu_sent += (uint32)data_returned;
839
840   out:
841
842         return data_returned;
843 }
844
845 /****************************************************************************
846  Wait device state on a pipe. Exactly what this is for is unknown...
847 ****************************************************************************/
848
849 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
850 {
851         if (p == NULL)
852                 return False;
853
854         if (p->open) {
855                 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
856                          priority, p->name));
857
858                 p->priority = priority;
859                 
860                 return True;
861         } 
862
863         DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
864                  priority, p->name));
865         return False;
866 }
867
868
869 /****************************************************************************
870  Set device state on a pipe. Exactly what this is for is unknown...
871 ****************************************************************************/
872
873 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
874 {
875         if (p == NULL)
876                 return False;
877
878         if (p->open) {
879                 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
880                          device_state, p->name));
881
882                 p->device_state = device_state;
883                 
884                 return True;
885         } 
886
887         DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
888                  device_state, p->name));
889         return False;
890 }
891
892
893 /****************************************************************************
894  Close an rpc pipe.
895 ****************************************************************************/
896
897 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
898 {
899         if (!p) {
900                 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
901                 return False;
902         }
903
904         prs_mem_free(&p->out_data.rdata);
905         prs_mem_free(&p->in_data.data);
906
907         if (p->mem_ctx)
908                 talloc_destroy(p->mem_ctx);
909
910         /* Free the handles database. */
911         close_policy_by_pipe(p);
912
913         bitmap_clear(bmap, p->pnum - pipe_handle_offset);
914
915         pipes_open--;
916
917         DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", 
918                  p->name, p->pnum, pipes_open));  
919
920         DLIST_REMOVE(Pipes, p);
921
922         delete_nt_token(&p->pipe_user.nt_user_token);
923         SAFE_FREE(p->pipe_user.groups);
924
925         ZERO_STRUCTP(p);
926
927         SAFE_FREE(p);
928         
929         return True;
930 }
931
932 /****************************************************************************
933  Find an rpc pipe given a pipe handle in a buffer and an offset.
934 ****************************************************************************/
935
936 pipes_struct *get_rpc_pipe_p(char *buf, int where)
937 {
938         int pnum = SVAL(buf,where);
939
940         if (chain_p)
941                 return chain_p;
942
943         return get_rpc_pipe(pnum);
944 }
945
946 /****************************************************************************
947  Find an rpc pipe given a pipe handle.
948 ****************************************************************************/
949
950 pipes_struct *get_rpc_pipe(int pnum)
951 {
952         pipes_struct *p;
953
954         DEBUG(4,("search for pipe pnum=%x\n", pnum));
955
956         for (p=Pipes;p;p=p->next)
957                 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", 
958                           p->name, p->pnum, pipes_open));  
959
960         for (p=Pipes;p;p=p->next) {
961                 if (p->pnum == pnum) {
962                         chain_p = p;
963                         return p;
964                 }
965         }
966
967         return NULL;
968 }