Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMR
[samba.git] / source3 / rpc_server / srv_pipe_hnd.c
1 /* 
2  *  Unix SMB/Netbios implementation.
3  *  Version 1.9.
4  *  RPC Pipe client / server routines
5  *  Copyright (C) Andrew Tridgell              1992-1998,
6  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7  *  Copyright (C) Jeremy Allison                                    1999.
8  *  
9  *  This program is free software; you can redistribute it and/or modify
10  *  it under the terms of the GNU General Public License as published by
11  *  the Free Software Foundation; either version 2 of the License, or
12  *  (at your option) any later version.
13  *  
14  *  This program is distributed in the hope that it will be useful,
15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  *  GNU General Public License for more details.
18  *  
19  *  You should have received a copy of the GNU General Public License
20  *  along with this program; if not, write to the Free Software
21  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22  */
23
24
25 #include "includes.h"
26
27
28 #define PIPE            "\\PIPE\\"
29 #define PIPELEN         strlen(PIPE)
30
31 extern int DEBUGLEVEL;
32 static pipes_struct *chain_p;
33 static int pipes_open;
34
35 #ifndef MAX_OPEN_PIPES
36 #define MAX_OPEN_PIPES 64
37 #endif
38
39 static pipes_struct *Pipes;
40 static struct bitmap *bmap;
41
42 /****************************************************************************
43  Pipe iterator functions.
44 ****************************************************************************/
45
46 pipes_struct *get_first_pipe(void)
47 {
48         return Pipes;
49 }
50
51 pipes_struct *get_next_pipe(pipes_struct *p)
52 {
53         return p->next;
54 }
55
56 /* this must be larger than the sum of the open files and directories */
57 static int pipe_handle_offset;
58
59 /****************************************************************************
60  Set the pipe_handle_offset. Called from smbd/files.c
61 ****************************************************************************/
62
63 void set_pipe_handle_offset(int max_open_files)
64 {
65   if(max_open_files < 0x7000)
66     pipe_handle_offset = 0x7000;
67   else
68     pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
69 }
70
71 /****************************************************************************
72  Reset pipe chain handle number.
73 ****************************************************************************/
74 void reset_chain_p(void)
75 {
76         chain_p = NULL;
77 }
78
79 /****************************************************************************
80  Initialise pipe handle states.
81 ****************************************************************************/
82
83 void init_rpc_pipe_hnd(void)
84 {
85         bmap = bitmap_allocate(MAX_OPEN_PIPES);
86         if (!bmap)
87                 exit_server("out of memory in init_rpc_pipe_hnd\n");
88 }
89
90 /****************************************************************************
91  Initialise an outgoing packet.
92 ****************************************************************************/
93
94 static BOOL pipe_init_outgoing_data(pipes_struct *p)
95 {
96         output_data *o_data = &p->out_data;
97
98         /* Reset the offset counters. */
99         o_data->data_sent_length = 0;
100         o_data->current_pdu_len = 0;
101         o_data->current_pdu_sent = 0;
102
103         memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
104
105         /* Free any memory in the current return data buffer. */
106         prs_mem_free(&o_data->rdata);
107
108         /*
109          * Initialize the outgoing RPC data buffer.
110          * we will use this as the raw data area for replying to rpc requests.
111          */     
112         if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
113                 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
114                 return False;
115         }
116
117         return True;
118 }
119
120 /****************************************************************************
121  Find first available pipe slot.
122 ****************************************************************************/
123
124 pipes_struct *open_rpc_pipe_p(char *pipe_name, 
125                               connection_struct *conn, uint16 vuid)
126 {
127         int i;
128         pipes_struct *p;
129         static int next_pipe;
130
131         DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
132                  pipe_name, pipes_open));
133
134         
135         /* not repeating pipe numbers makes it easier to track things in 
136            log files and prevents client bugs where pipe numbers are reused
137            over connection restarts */
138         if (next_pipe == 0)
139                 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
140
141         i = bitmap_find(bmap, next_pipe);
142
143         if (i == -1) {
144                 DEBUG(0,("ERROR! Out of pipe structures\n"));
145                 return NULL;
146         }
147
148         next_pipe = (i+1) % MAX_OPEN_PIPES;
149
150         for (p = Pipes; p; p = p->next)
151                 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));  
152
153         p = (pipes_struct *)malloc(sizeof(*p));
154
155         if (!p)
156                 return NULL;
157
158         ZERO_STRUCTP(p);
159
160         if ((p->mem_ctx = talloc_init()) == NULL) {
161                 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
162                 free(p);
163                 return NULL;
164         }
165
166         init_pipe_handles(p);
167
168         DLIST_ADD(Pipes, p);
169
170         /*
171          * Initialize the incoming RPC data buffer with one PDU worth of memory.
172          * We cheat here and say we're marshalling, as we intend to add incoming
173          * data directly into the prs_struct and we want it to auto grow. We will
174          * change the type to UNMARSALLING before processing the stream.
175          */
176
177         if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
178                 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
179                 return NULL;
180         }
181
182         bitmap_set(bmap, i);
183         i += pipe_handle_offset;
184
185         pipes_open++;
186
187         p->pnum = i;
188
189         p->open = True;
190         p->device_state = 0;
191         p->priority = 0;
192         p->conn = conn;
193         p->vuid  = vuid;
194
195         p->max_trans_reply = 0;
196         
197         p->ntlmssp_chal_flags = 0;
198         p->ntlmssp_auth_validated = False;
199         p->ntlmssp_auth_requested = False;
200
201         p->pipe_bound = False;
202         p->fault_state = False;
203         p->endian = RPC_LITTLE_ENDIAN;
204
205         /*
206          * Initialize the incoming RPC struct.
207          */
208
209         p->in_data.pdu_needed_len = 0;
210         p->in_data.pdu_received_len = 0;
211
212         /*
213          * Initialize the outgoing RPC struct.
214          */
215
216         p->out_data.current_pdu_len = 0;
217         p->out_data.current_pdu_sent = 0;
218         p->out_data.data_sent_length = 0;
219
220         /*
221          * Initialize the outgoing RPC data buffer with no memory.
222          */     
223         prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
224         
225         ZERO_STRUCT(p->pipe_user);
226
227         p->pipe_user.uid = (uid_t)-1;
228         p->pipe_user.gid = (gid_t)-1;
229         
230         fstrcpy(p->name, pipe_name);
231         
232         DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
233                  pipe_name, i, pipes_open));
234         
235         chain_p = p;
236         
237         /* OVERWRITE p as a temp variable, to display all open pipes */ 
238         for (p = Pipes; p; p = p->next)
239                 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));  
240
241         return chain_p;
242 }
243
244 /****************************************************************************
245  Sets the fault state on incoming packets.
246 ****************************************************************************/
247
248 static void set_incoming_fault(pipes_struct *p)
249 {
250         prs_mem_free(&p->in_data.data);
251         p->in_data.pdu_needed_len = 0;
252         p->in_data.pdu_received_len = 0;
253         p->fault_state = True;
254         DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
255                 p->name, p->pnum ));
256 }
257
258 /****************************************************************************
259  Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
260 ****************************************************************************/
261
262 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
263 {
264         size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
265
266         DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
267                         (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
268                         (unsigned int)p->in_data.pdu_received_len ));
269
270         memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
271         p->in_data.pdu_received_len += len_needed_to_complete_hdr;
272
273         return (ssize_t)len_needed_to_complete_hdr;
274 }
275
276 /****************************************************************************
277  Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
278 ****************************************************************************/
279
280 static ssize_t unmarshall_rpc_header(pipes_struct *p)
281 {
282         /*
283          * Unmarshall the header to determine the needed length.
284          */
285
286         prs_struct rpc_in;
287
288         if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
289                 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
290                 set_incoming_fault(p);
291                 return -1;
292         }
293
294         prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
295         prs_set_endian_data( &rpc_in, p->endian);
296
297         prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
298                                         p->in_data.pdu_received_len, False);
299
300         /*
301          * Unmarshall the header as this will tell us how much
302          * data we need to read to get the complete pdu.
303          * This also sets the endian flag in rpc_in.
304          */
305
306         if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
307                 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
308                 set_incoming_fault(p);
309                 prs_mem_free(&rpc_in);
310                 return -1;
311         }
312
313         /*
314          * Validate the RPC header.
315          */
316
317         if(p->hdr.major != 5 && p->hdr.minor != 0) {
318                 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
319                 set_incoming_fault(p);
320                 prs_mem_free(&rpc_in);
321                 return -1;
322         }
323
324         /*
325          * If there's not data in the incoming buffer and it's a
326          * request PDU this should be the start of a new RPC.
327          */
328
329         if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0)) {
330
331                 if (!(p->hdr.flags & RPC_FLG_FIRST)) {
332                         /*
333                          * Ensure that the FIRST flag is set. If not then we have
334                          * a stream missmatch.
335                          */
336
337                         DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
338                         set_incoming_fault(p);
339                         prs_mem_free(&rpc_in);
340                         return -1;
341                 }
342
343                 /*
344                  * If this is the first PDU then set the endianness
345                  * flag in the pipe. We will need this when parsing all
346                  * data in this RPC.
347                  */
348
349                 p->endian = rpc_in.bigendian_data;
350
351         } else {
352
353                 /*
354                  * If this is *NOT* the first PDU then check the endianness
355                  * flag in the pipe is the same as that in the PDU.
356                  */
357
358                 if (p->endian != rpc_in.bigendian_data) {
359                         DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag different in next PDU !\n"));
360                         set_incoming_fault(p);
361                         prs_mem_free(&rpc_in);
362                         return -1;
363                 }
364         }
365
366         /*
367          * Ensure that the pdu length is sane.
368          */
369
370         if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
371                 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
372                 set_incoming_fault(p);
373                 prs_mem_free(&rpc_in);
374                 return -1;
375         }
376
377         DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
378                         (unsigned int)p->hdr.flags ));
379
380         /*
381          * Adjust for the header we just ate.
382          */
383         p->in_data.pdu_received_len = 0;
384         p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
385
386         /*
387          * Null the data we just ate.
388          */
389
390         memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
391
392         prs_mem_free(&rpc_in);
393
394         return 0; /* No extra data processed. */
395 }
396
397 /****************************************************************************
398  Call this to free any talloc'ed memory. Do this before and after processing
399  a complete PDU.
400 ****************************************************************************/
401
402 void free_pipe_context(pipes_struct *p)
403 {
404         if (p->mem_ctx) {
405                 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
406                 talloc_destroy_pool(p->mem_ctx);
407         } else {
408                 p->mem_ctx = talloc_init();
409                 if (p->mem_ctx == NULL)
410                         p->fault_state = True;
411         }
412 }
413
414 /****************************************************************************
415  Processes a request pdu. This will do auth processing if needed, and
416  appends the data into the complete stream if the LAST flag is not set.
417 ****************************************************************************/
418
419 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
420 {
421         BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
422         size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
423                                 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
424
425         if(!p->pipe_bound) {
426                 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
427                 set_incoming_fault(p);
428                 return False;
429         }
430
431         /*
432          * Check if we need to do authentication processing.
433          * This is only done on requests, not binds.
434          */
435
436         /*
437          * Read the RPC request header.
438          */
439
440         if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
441                 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
442                 set_incoming_fault(p);
443                 return False;
444         }
445
446         if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
447                 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
448                 set_incoming_fault(p);
449                 return False;
450         }
451
452         if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
453
454                 /*
455                  * Authentication _was_ requested and it already failed.
456                  */
457
458                 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
459 authentication failed. Denying the request.\n", p->name));
460                 set_incoming_fault(p);
461         return False;
462     }
463
464         /*
465          * Check the data length doesn't go over the 10Mb limit.
466          */
467         
468         if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
469                 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
470                                 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
471                 set_incoming_fault(p);
472                 return False;
473         }
474
475         /*
476          * Append the data portion into the buffer and return.
477          */
478
479         {
480                 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
481
482                 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
483                         DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
484                                         (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
485                         set_incoming_fault(p);
486                         return False;
487                 }
488
489         }
490
491         if(p->hdr.flags & RPC_FLG_LAST) {
492                 BOOL ret = False;
493                 /*
494                  * Ok - we finally have a complete RPC stream.
495                  * Call the rpc command to process it.
496                  */
497
498                 /*
499                  * Ensure the internal prs buffer size is *exactly* the same
500                  * size as the current offset.
501                  */
502
503                 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
504                 {
505                         DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
506                         set_incoming_fault(p);
507                         return False;
508                 }
509
510                 /*
511                  * Set the parse offset to the start of the data and set the
512                  * prs_struct to UNMARSHALL.
513                  */
514
515                 prs_set_offset(&p->in_data.data, 0);
516                 prs_switch_type(&p->in_data.data, UNMARSHALL);
517
518                 /*
519                  * Process the complete data stream here.
520                  */
521
522                 free_pipe_context(p);
523
524                 if(pipe_init_outgoing_data(p))
525                         ret = api_pipe_request(p);
526
527                 free_pipe_context(p);
528
529                 /*
530                  * We have consumed the whole data stream. Set back to
531                  * marshalling and set the offset back to the start of
532                  * the buffer to re-use it (we could also do a prs_mem_free()
533                  * and then re_init on the next start of PDU. Not sure which
534                  * is best here.... JRA.
535                  */
536
537                 prs_switch_type(&p->in_data.data, MARSHALL);
538                 prs_set_offset(&p->in_data.data, 0);
539                 return ret;
540         }
541
542         return True;
543 }
544
545 /****************************************************************************
546  Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
547  already been parsed and stored in p->hdr.
548 ****************************************************************************/
549
550 static ssize_t process_complete_pdu(pipes_struct *p)
551 {
552         prs_struct rpc_in;
553         size_t data_len = p->in_data.pdu_received_len;
554         char *data_p = (char *)&p->in_data.current_in_pdu[0];
555         BOOL reply = False;
556
557         if(p->fault_state) {
558                 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
559                         p->name ));
560                 set_incoming_fault(p);
561                 setup_fault_pdu(p);
562                 return (ssize_t)data_len;
563         }
564
565         prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
566         /* Ensure we're using the corrent endianness. */
567         prs_set_endian_data( &rpc_in, p->endian);
568
569         prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
570
571         DEBUG(10,("process_complete_pdu: processing packet type %u\n",
572                         (unsigned int)p->hdr.pkt_type ));
573
574         switch (p->hdr.pkt_type) {
575                 case RPC_BIND:
576                 case RPC_ALTCONT:
577                         /*
578                          * We assume that a pipe bind is only in one pdu.
579                          */
580                         if(pipe_init_outgoing_data(p))
581                                 reply = api_pipe_bind_req(p, &rpc_in);
582                         break;
583                 case RPC_BINDRESP:
584                         /*
585                          * We assume that a pipe bind_resp is only in one pdu.
586                          */
587                         if(pipe_init_outgoing_data(p))
588                                 reply = api_pipe_bind_auth_resp(p, &rpc_in);
589                         break;
590                 case RPC_REQUEST:
591                         reply = process_request_pdu(p, &rpc_in);
592                         break;
593                 default:
594                         DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
595                         break;
596         }
597
598         if (!reply) {
599                 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
600                 set_incoming_fault(p);
601                 setup_fault_pdu(p);
602                 prs_mem_free(&rpc_in);
603         } else {
604                 /*
605                  * Reset the lengths. We're ready for a new pdu.
606                  */
607                 p->in_data.pdu_needed_len = 0;
608                 p->in_data.pdu_received_len = 0;
609         }
610
611         prs_mem_free(&rpc_in);
612         return (ssize_t)data_len;
613 }
614
615 /****************************************************************************
616  Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
617 ****************************************************************************/
618
619 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
620 {
621         size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
622
623         DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
624                 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
625                 (unsigned int)n ));
626
627         if(data_to_copy == 0) {
628                 /*
629                  * This is an error - data is being received and there is no
630                  * space in the PDU. Free the received data and go into the fault state.
631                  */
632                 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
633 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
634                 set_incoming_fault(p);
635                 return -1;
636         }
637
638         /*
639          * If we have no data already, wait until we get at least a RPC_HEADER_LEN
640          * number of bytes before we can do anything.
641          */
642
643         if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
644                 /*
645                  * Always return here. If we have more data then the RPC_HEADER
646                  * will be processed the next time around the loop.
647                  */
648                 return fill_rpc_header(p, data, data_to_copy);
649         }
650
651         /*
652          * At this point we know we have at least an RPC_HEADER_LEN amount of data
653          * stored in current_in_pdu.
654          */
655
656         /*
657          * If pdu_needed_len is zero this is a new pdu. 
658          * Unmarshall the header so we know how much more
659          * data we need, then loop again.
660          */
661
662         if(p->in_data.pdu_needed_len == 0)
663                 return unmarshall_rpc_header(p);
664
665         /*
666          * Ok - at this point we have a valid RPC_HEADER in p->hdr.
667          * Keep reading until we have a full pdu.
668          */
669
670         data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
671
672         /*
673          * Copy as much of the data as we need into the current_in_pdu buffer.
674          */
675
676         memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
677         p->in_data.pdu_received_len += data_to_copy;
678
679         /*
680          * Do we have a complete PDU ?
681          */
682
683         if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
684                 return process_complete_pdu(p);
685
686         DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
687                 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
688
689         return (ssize_t)data_to_copy;
690
691 }
692
693 /****************************************************************************
694  Accepts incoming data on an rpc pipe.
695 ****************************************************************************/
696
697 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
698 {
699         size_t data_left = n;
700
701         DEBUG(6,("write_to_pipe: %x", p->pnum));
702
703         DEBUG(6,(" name: %s open: %s len: %d\n",
704                  p->name, BOOLSTR(p->open), (int)n));
705
706         dump_data(50, data, n);
707
708         while(data_left) {
709                 ssize_t data_used;
710
711                 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
712
713                 data_used = process_incoming_data(p, data, data_left);
714
715                 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
716
717                 if(data_used < 0)
718                         return -1;
719
720                 data_left -= data_used;
721                 data += data_used;
722         }       
723
724         return n;
725 }
726
727 /****************************************************************************
728  Replies to a request to read data from a pipe.
729
730  Headers are interspersed with the data at PDU intervals. By the time
731  this function is called, the start of the data could possibly have been
732  read by an SMBtrans (file_offset != 0).
733
734  Calling create_rpc_reply() here is a hack. The data should already
735  have been prepared into arrays of headers + data stream sections.
736 ****************************************************************************/
737
738 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
739 {
740         uint32 pdu_remaining = 0;
741         ssize_t data_returned = 0;
742
743         if (!p || !p->open) {
744                 DEBUG(0,("read_from_pipe: pipe not open\n"));
745                 return -1;              
746         }
747
748         DEBUG(6,("read_from_pipe: %x", p->pnum));
749
750         DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
751
752         /*
753          * We cannot return more than one PDU length per
754          * read request.
755          */
756
757         if(n > MAX_PDU_FRAG_LEN) {
758                 DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \
759 only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
760                 return -1;
761         }
762
763         /*
764          * Determine if there is still data to send in the
765          * pipe PDU buffer. Always send this first. Never
766          * send more than is left in the current PDU. The
767          * client should send a new read request for a new
768          * PDU.
769          */
770
771         if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
772                 data_returned = (ssize_t)MIN(n, pdu_remaining);
773
774                 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
775 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, 
776                         (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
777
778                 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
779                 p->out_data.current_pdu_sent += (uint32)data_returned;
780                 goto out;
781         }
782
783         /*
784          * At this point p->current_pdu_len == p->current_pdu_sent (which
785          * may of course be zero if this is the first return fragment.
786          */
787
788         DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
789 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
790                 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
791
792         if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
793                 /*
794                  * We have sent all possible data, return 0.
795                  */
796                 data_returned = 0;
797                 goto out;
798         }
799
800         /*
801          * We need to create a new PDU from the data left in p->rdata.
802          * Create the header/data/footers. This also sets up the fields
803          * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
804          * and stores the outgoing PDU in p->current_pdu.
805          */
806
807         if(!create_next_pdu(p)) {
808                 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
809                 return -1;
810         }
811
812         data_returned = MIN(n, p->out_data.current_pdu_len);
813
814         memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
815         p->out_data.current_pdu_sent += (uint32)data_returned;
816
817   out:
818
819         return data_returned;
820 }
821
822 /****************************************************************************
823  Wait device state on a pipe. Exactly what this is for is unknown...
824 ****************************************************************************/
825
826 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
827 {
828         if (p == NULL)
829                 return False;
830
831         if (p->open) {
832                 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
833                          priority, p->name));
834
835                 p->priority = priority;
836                 
837                 return True;
838         } 
839
840         DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
841                  priority, p->name));
842         return False;
843 }
844
845
846 /****************************************************************************
847  Set device state on a pipe. Exactly what this is for is unknown...
848 ****************************************************************************/
849
850 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
851 {
852         if (p == NULL)
853                 return False;
854
855         if (p->open) {
856                 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
857                          device_state, p->name));
858
859                 p->device_state = device_state;
860                 
861                 return True;
862         } 
863
864         DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
865                  device_state, p->name));
866         return False;
867 }
868
869
870 /****************************************************************************
871  Close an rpc pipe.
872 ****************************************************************************/
873
874 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
875 {
876         if (!p) {
877                 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
878                 return False;
879         }
880
881         prs_mem_free(&p->out_data.rdata);
882         prs_mem_free(&p->in_data.data);
883
884         if (p->mem_ctx)
885                 talloc_destroy(p->mem_ctx);
886
887         /* Free the handles database. */
888         close_policy_by_pipe(p);
889
890         bitmap_clear(bmap, p->pnum - pipe_handle_offset);
891
892         pipes_open--;
893
894         DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", 
895                  p->name, p->pnum, pipes_open));  
896
897         DLIST_REMOVE(Pipes, p);
898
899         delete_nt_token(&p->pipe_user.nt_user_token);
900         safe_free(p->pipe_user.groups);
901
902         ZERO_STRUCTP(p);
903
904         free(p);
905         
906         return True;
907 }
908
909 /****************************************************************************
910  Find an rpc pipe given a pipe handle in a buffer and an offset.
911 ****************************************************************************/
912
913 pipes_struct *get_rpc_pipe_p(char *buf, int where)
914 {
915         int pnum = SVAL(buf,where);
916
917         if (chain_p)
918                 return chain_p;
919
920         return get_rpc_pipe(pnum);
921 }
922
923 /****************************************************************************
924  Find an rpc pipe given a pipe handle.
925 ****************************************************************************/
926
927 pipes_struct *get_rpc_pipe(int pnum)
928 {
929         pipes_struct *p;
930
931         DEBUG(4,("search for pipe pnum=%x\n", pnum));
932
933         for (p=Pipes;p;p=p->next)
934                 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", 
935                           p->name, p->pnum, pipes_open));  
936
937         for (p=Pipes;p;p=p->next) {
938                 if (p->pnum == pnum) {
939                         chain_p = p;
940                         return p;
941                 }
942         }
943
944         return NULL;
945 }