2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define PIPE "\\PIPE\\"
27 #define PIPELEN strlen(PIPE)
29 static smb_np_struct *chain_p;
30 static int pipes_open;
32 #ifndef MAX_OPEN_PIPES
33 #define MAX_OPEN_PIPES 2048
36 static smb_np_struct *Pipes;
37 static pipes_struct *InternalPipes;
38 static struct bitmap *bmap;
41 * the following prototypes are declared here to avoid
42 * code being moved about too much for a patch to be
43 * disrupted / less obvious.
45 * these functions, and associated functions that they
46 * call, should be moved behind a .so module-loading
47 * system _anyway_. so that's the next step...
50 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
51 BOOL *is_data_outstanding);
52 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n);
53 static BOOL close_internal_rpc_pipe_hnd(void *np_conn);
54 static void *make_internal_rpc_pipe_p(char *pipe_name,
55 connection_struct *conn, uint16 vuid);
57 /****************************************************************************
58 Pipe iterator functions.
59 ****************************************************************************/
61 smb_np_struct *get_first_pipe(void)
66 smb_np_struct *get_next_pipe(smb_np_struct *p)
71 /****************************************************************************
72 Internal Pipe iterator functions.
73 ****************************************************************************/
75 pipes_struct *get_first_internal_pipe(void)
80 pipes_struct *get_next_internal_pipe(pipes_struct *p)
85 /* this must be larger than the sum of the open files and directories */
86 static int pipe_handle_offset;
88 /****************************************************************************
89 Set the pipe_handle_offset. Called from smbd/files.c
90 ****************************************************************************/
92 void set_pipe_handle_offset(int max_open_files)
94 if(max_open_files < 0x7000)
95 pipe_handle_offset = 0x7000;
97 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
100 /****************************************************************************
101 Reset pipe chain handle number.
102 ****************************************************************************/
103 void reset_chain_p(void)
108 /****************************************************************************
109 Initialise pipe handle states.
110 ****************************************************************************/
112 void init_rpc_pipe_hnd(void)
114 bmap = bitmap_allocate(MAX_OPEN_PIPES);
116 exit_server("out of memory in init_rpc_pipe_hnd");
119 /****************************************************************************
120 Initialise an outgoing packet.
121 ****************************************************************************/
123 static BOOL pipe_init_outgoing_data(pipes_struct *p)
125 output_data *o_data = &p->out_data;
127 /* Reset the offset counters. */
128 o_data->data_sent_length = 0;
129 o_data->current_pdu_len = 0;
130 o_data->current_pdu_sent = 0;
132 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
134 /* Free any memory in the current return data buffer. */
135 prs_mem_free(&o_data->rdata);
138 * Initialize the outgoing RPC data buffer.
139 * we will use this as the raw data area for replying to rpc requests.
141 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
142 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
149 /****************************************************************************
150 Find first available pipe slot.
151 ****************************************************************************/
153 smb_np_struct *open_rpc_pipe_p(char *pipe_name,
154 connection_struct *conn, uint16 vuid)
157 smb_np_struct *p, *p_it;
158 static int next_pipe;
160 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
161 pipe_name, pipes_open));
164 /* not repeating pipe numbers makes it easier to track things in
165 log files and prevents client bugs where pipe numbers are reused
166 over connection restarts */
168 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
170 i = bitmap_find(bmap, next_pipe);
173 DEBUG(0,("ERROR! Out of pipe structures\n"));
177 next_pipe = (i+1) % MAX_OPEN_PIPES;
179 for (p = Pipes; p; p = p->next)
180 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
182 p = (smb_np_struct *)malloc(sizeof(*p));
186 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
192 /* add a dso mechanism instead of this, here */
194 p->namedpipe_create = make_internal_rpc_pipe_p;
195 p->namedpipe_read = read_from_internal_pipe;
196 p->namedpipe_write = write_to_internal_pipe;
197 p->namedpipe_close = close_internal_rpc_pipe_hnd;
199 p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
201 if (p->np_state == NULL) {
203 DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
212 * Initialize the incoming RPC data buffer with one PDU worth of memory.
213 * We cheat here and say we're marshalling, as we intend to add incoming
214 * data directly into the prs_struct and we want it to auto grow. We will
215 * change the type to UNMARSALLING before processing the stream.
219 i += pipe_handle_offset;
231 p->max_trans_reply = 0;
233 fstrcpy(p->name, pipe_name);
235 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
236 pipe_name, i, pipes_open));
240 /* Iterate over p_it as a temp variable, to display all open pipes */
241 for (p_it = Pipes; p_it; p_it = p_it->next)
242 DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));
247 /****************************************************************************
248 * make an internal namedpipes structure
249 ****************************************************************************/
251 static void *make_internal_rpc_pipe_p(char *pipe_name,
252 connection_struct *conn, uint16 vuid)
255 user_struct *vuser = get_valid_user_struct(vuid);
257 DEBUG(4,("Create pipe requested %s\n", pipe_name));
259 if (!vuser && vuid != UID_FIELD_INVALID) {
260 DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
264 p = (pipes_struct *)malloc(sizeof(*p));
268 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
274 if ((p->mem_ctx = talloc_init()) == NULL) {
275 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
280 if (!init_pipe_handle_list(p, pipe_name)) {
281 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
282 talloc_destroy(p->mem_ctx);
288 * Initialize the incoming RPC data buffer with one PDU worth of memory.
289 * We cheat here and say we're marshalling, as we intend to add incoming
290 * data directly into the prs_struct and we want it to auto grow. We will
291 * change the type to UNMARSALLING before processing the stream.
294 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
295 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
299 DLIST_ADD(InternalPipes, p);
304 p->ntlmssp_chal_flags = 0;
305 p->ntlmssp_auth_validated = False;
306 p->ntlmssp_auth_requested = False;
308 p->pipe_bound = False;
309 p->fault_state = False;
310 p->endian = RPC_LITTLE_ENDIAN;
312 ZERO_STRUCT(p->pipe_user);
314 p->pipe_user.uid = (uid_t)-1;
315 p->pipe_user.gid = (gid_t)-1;
317 /* Store the session key */
319 memcpy(p->session_key, vuser->session_key, sizeof(p->session_key));
323 * Initialize the incoming RPC struct.
326 p->in_data.pdu_needed_len = 0;
327 p->in_data.pdu_received_len = 0;
330 * Initialize the outgoing RPC struct.
333 p->out_data.current_pdu_len = 0;
334 p->out_data.current_pdu_sent = 0;
335 p->out_data.data_sent_length = 0;
338 * Initialize the outgoing RPC data buffer with no memory.
340 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
342 fstrcpy(p->name, pipe_name);
344 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
345 pipe_name, pipes_open));
350 /****************************************************************************
351 Sets the fault state on incoming packets.
352 ****************************************************************************/
354 static void set_incoming_fault(pipes_struct *p)
356 prs_mem_free(&p->in_data.data);
357 p->in_data.pdu_needed_len = 0;
358 p->in_data.pdu_received_len = 0;
359 p->fault_state = True;
360 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n",
364 /****************************************************************************
365 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
366 ****************************************************************************/
368 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
370 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
372 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
373 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
374 (unsigned int)p->in_data.pdu_received_len ));
376 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
377 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
379 return (ssize_t)len_needed_to_complete_hdr;
382 /****************************************************************************
383 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
384 ****************************************************************************/
386 static ssize_t unmarshall_rpc_header(pipes_struct *p)
389 * Unmarshall the header to determine the needed length.
394 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
395 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
396 set_incoming_fault(p);
400 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
401 prs_set_endian_data( &rpc_in, p->endian);
403 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
404 p->in_data.pdu_received_len, False);
407 * Unmarshall the header as this will tell us how much
408 * data we need to read to get the complete pdu.
409 * This also sets the endian flag in rpc_in.
412 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
413 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
414 set_incoming_fault(p);
415 prs_mem_free(&rpc_in);
420 * Validate the RPC header.
423 if(p->hdr.major != 5 && p->hdr.minor != 0) {
424 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
425 set_incoming_fault(p);
426 prs_mem_free(&rpc_in);
431 * If there's not data in the incoming buffer this should be the start of a new RPC.
434 if(prs_offset(&p->in_data.data) == 0) {
437 * AS/U doesn't set FIRST flag in a BIND packet it seems.
440 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
442 * Ensure that the FIRST flag is set. If not then we have
443 * a stream missmatch.
446 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
447 set_incoming_fault(p);
448 prs_mem_free(&rpc_in);
453 * If this is the first PDU then set the endianness
454 * flag in the pipe. We will need this when parsing all
458 p->endian = rpc_in.bigendian_data;
460 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
461 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
466 * If this is *NOT* the first PDU then check the endianness
467 * flag in the pipe is the same as that in the PDU.
470 if (p->endian != rpc_in.bigendian_data) {
471 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
472 set_incoming_fault(p);
473 prs_mem_free(&rpc_in);
479 * Ensure that the pdu length is sane.
482 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
483 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
484 set_incoming_fault(p);
485 prs_mem_free(&rpc_in);
489 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
490 (unsigned int)p->hdr.flags ));
493 * Adjust for the header we just ate.
495 p->in_data.pdu_received_len = 0;
496 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
499 * Null the data we just ate.
502 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
504 prs_mem_free(&rpc_in);
506 return 0; /* No extra data processed. */
509 /****************************************************************************
510 Call this to free any talloc'ed memory. Do this before and after processing
512 ****************************************************************************/
514 void free_pipe_context(pipes_struct *p)
517 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
518 talloc_destroy_pool(p->mem_ctx);
520 p->mem_ctx = talloc_init();
521 if (p->mem_ctx == NULL)
522 p->fault_state = True;
526 /****************************************************************************
527 Processes a request pdu. This will do auth processing if needed, and
528 appends the data into the complete stream if the LAST flag is not set.
529 ****************************************************************************/
531 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
533 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
534 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
535 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
538 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
539 set_incoming_fault(p);
544 * Check if we need to do authentication processing.
545 * This is only done on requests, not binds.
549 * Read the RPC request header.
552 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
553 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
554 set_incoming_fault(p);
558 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
559 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
560 set_incoming_fault(p);
564 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
567 * Authentication _was_ requested and it already failed.
570 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
571 authentication failed. Denying the request.\n", p->name));
572 set_incoming_fault(p);
577 * Check the data length doesn't go over the 15Mb limit.
578 * increased after observing a bug in the Windows NT 4.0 SP6a
579 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
580 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
583 if(prs_data_size(&p->in_data.data) + data_len > 15*1024*1024) {
584 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
585 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
586 set_incoming_fault(p);
591 * Append the data portion into the buffer and return.
595 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
597 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
598 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
599 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
600 set_incoming_fault(p);
606 if(p->hdr.flags & RPC_FLG_LAST) {
609 * Ok - we finally have a complete RPC stream.
610 * Call the rpc command to process it.
614 * Ensure the internal prs buffer size is *exactly* the same
615 * size as the current offset.
618 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
620 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
621 set_incoming_fault(p);
626 * Set the parse offset to the start of the data and set the
627 * prs_struct to UNMARSHALL.
630 prs_set_offset(&p->in_data.data, 0);
631 prs_switch_type(&p->in_data.data, UNMARSHALL);
634 * Process the complete data stream here.
637 free_pipe_context(p);
639 if(pipe_init_outgoing_data(p))
640 ret = api_pipe_request(p);
642 free_pipe_context(p);
645 * We have consumed the whole data stream. Set back to
646 * marshalling and set the offset back to the start of
647 * the buffer to re-use it (we could also do a prs_mem_free()
648 * and then re_init on the next start of PDU. Not sure which
649 * is best here.... JRA.
652 prs_switch_type(&p->in_data.data, MARSHALL);
653 prs_set_offset(&p->in_data.data, 0);
660 /****************************************************************************
661 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
662 already been parsed and stored in p->hdr.
663 ****************************************************************************/
665 static ssize_t process_complete_pdu(pipes_struct *p)
668 size_t data_len = p->in_data.pdu_received_len;
669 char *data_p = (char *)&p->in_data.current_in_pdu[0];
673 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
675 set_incoming_fault(p);
676 setup_fault_pdu(p, NT_STATUS(0x1c010002));
677 return (ssize_t)data_len;
680 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
683 * Ensure we're using the corrent endianness for both the
684 * RPC header flags and the raw data we will be reading from.
687 prs_set_endian_data( &rpc_in, p->endian);
688 prs_set_endian_data( &p->in_data.data, p->endian);
690 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
692 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
693 (unsigned int)p->hdr.pkt_type ));
695 switch (p->hdr.pkt_type) {
699 * We assume that a pipe bind is only in one pdu.
701 if(pipe_init_outgoing_data(p))
702 reply = api_pipe_bind_req(p, &rpc_in);
706 * We assume that a pipe bind_resp is only in one pdu.
708 if(pipe_init_outgoing_data(p))
709 reply = api_pipe_bind_auth_resp(p, &rpc_in);
712 reply = process_request_pdu(p, &rpc_in);
715 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
719 /* Reset to little endian. Probably don't need this but it won't hurt. */
720 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
723 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
724 set_incoming_fault(p);
725 setup_fault_pdu(p, NT_STATUS(0x1c010002));
726 prs_mem_free(&rpc_in);
729 * Reset the lengths. We're ready for a new pdu.
731 p->in_data.pdu_needed_len = 0;
732 p->in_data.pdu_received_len = 0;
735 prs_mem_free(&rpc_in);
736 return (ssize_t)data_len;
739 /****************************************************************************
740 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
741 ****************************************************************************/
743 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
745 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
747 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
748 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
751 if(data_to_copy == 0) {
753 * This is an error - data is being received and there is no
754 * space in the PDU. Free the received data and go into the fault state.
756 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
757 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
758 set_incoming_fault(p);
763 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
764 * number of bytes before we can do anything.
767 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
769 * Always return here. If we have more data then the RPC_HEADER
770 * will be processed the next time around the loop.
772 return fill_rpc_header(p, data, data_to_copy);
776 * At this point we know we have at least an RPC_HEADER_LEN amount of data
777 * stored in current_in_pdu.
781 * If pdu_needed_len is zero this is a new pdu.
782 * Unmarshall the header so we know how much more
783 * data we need, then loop again.
786 if(p->in_data.pdu_needed_len == 0)
787 return unmarshall_rpc_header(p);
790 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
791 * Keep reading until we have a full pdu.
794 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
797 * Copy as much of the data as we need into the current_in_pdu buffer.
800 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
801 p->in_data.pdu_received_len += data_to_copy;
804 * Do we have a complete PDU ?
807 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
808 return process_complete_pdu(p);
810 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
811 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
813 return (ssize_t)data_to_copy;
817 /****************************************************************************
818 Accepts incoming data on an rpc pipe.
819 ****************************************************************************/
821 ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n)
823 DEBUG(6,("write_to_pipe: %x", p->pnum));
825 DEBUG(6,(" name: %s open: %s len: %d\n",
826 p->name, BOOLSTR(p->open), (int)n));
828 dump_data(50, data, n);
830 return p->namedpipe_write(p->np_state, data, n);
833 /****************************************************************************
834 Accepts incoming data on an internal rpc pipe.
835 ****************************************************************************/
837 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n)
839 pipes_struct *p = (pipes_struct*)np_conn;
840 size_t data_left = n;
845 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
847 data_used = process_incoming_data(p, data, data_left);
849 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
854 data_left -= data_used;
861 /****************************************************************************
862 Replies to a request to read data from a pipe.
864 Headers are interspersed with the data at PDU intervals. By the time
865 this function is called, the start of the data could possibly have been
866 read by an SMBtrans (file_offset != 0).
868 Calling create_rpc_reply() here is a hack. The data should already
869 have been prepared into arrays of headers + data stream sections.
870 ****************************************************************************/
872 ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n,
873 BOOL *is_data_outstanding)
875 if (!p || !p->open) {
876 DEBUG(0,("read_from_pipe: pipe not open\n"));
880 DEBUG(6,("read_from_pipe: %x", p->pnum));
882 return p->namedpipe_read(p->np_state, data, n, is_data_outstanding);
885 /****************************************************************************
886 Replies to a request to read data from a pipe.
888 Headers are interspersed with the data at PDU intervals. By the time
889 this function is called, the start of the data could possibly have been
890 read by an SMBtrans (file_offset != 0).
892 Calling create_rpc_reply() here is a hack. The data should already
893 have been prepared into arrays of headers + data stream sections.
894 ****************************************************************************/
896 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
897 BOOL *is_data_outstanding)
899 pipes_struct *p = (pipes_struct*)np_conn;
900 uint32 pdu_remaining = 0;
901 ssize_t data_returned = 0;
904 DEBUG(0,("read_from_pipe: pipe not open\n"));
908 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
911 * We cannot return more than one PDU length per
916 * This condition should result in the connection being closed.
917 * Netapp filers seem to set it to 0xffff which results in domain
918 * authentications failing. Just ignore it so things work.
921 if(n > MAX_PDU_FRAG_LEN) {
922 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
923 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
927 * Determine if there is still data to send in the
928 * pipe PDU buffer. Always send this first. Never
929 * send more than is left in the current PDU. The
930 * client should send a new read request for a new
934 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
935 data_returned = (ssize_t)MIN(n, pdu_remaining);
937 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
938 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
939 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
941 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
942 p->out_data.current_pdu_sent += (uint32)data_returned;
947 * At this point p->current_pdu_len == p->current_pdu_sent (which
948 * may of course be zero if this is the first return fragment.
951 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
952 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
953 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
955 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
957 * We have sent all possible data, return 0.
964 * We need to create a new PDU from the data left in p->rdata.
965 * Create the header/data/footers. This also sets up the fields
966 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
967 * and stores the outgoing PDU in p->current_pdu.
970 if(!create_next_pdu(p)) {
971 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
975 data_returned = MIN(n, p->out_data.current_pdu_len);
977 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
978 p->out_data.current_pdu_sent += (uint32)data_returned;
982 (*is_data_outstanding) = p->out_data.current_pdu_len > n;
983 return data_returned;
986 /****************************************************************************
987 Wait device state on a pipe. Exactly what this is for is unknown...
988 ****************************************************************************/
990 BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority)
996 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
999 p->priority = priority;
1004 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
1005 priority, p->name));
1010 /****************************************************************************
1011 Set device state on a pipe. Exactly what this is for is unknown...
1012 ****************************************************************************/
1014 BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state)
1020 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
1021 device_state, p->name));
1023 p->device_state = device_state;
1028 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
1029 device_state, p->name));
1034 /****************************************************************************
1036 ****************************************************************************/
1038 BOOL close_rpc_pipe_hnd(smb_np_struct *p)
1041 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
1045 p->namedpipe_close(p->np_state);
1047 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
1051 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
1052 p->name, p->pnum, pipes_open));
1054 DLIST_REMOVE(Pipes, p);
1063 /****************************************************************************
1065 ****************************************************************************/
1067 static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
1069 pipes_struct *p = (pipes_struct *)np_conn;
1071 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
1075 prs_mem_free(&p->out_data.rdata);
1076 prs_mem_free(&p->in_data.data);
1079 talloc_destroy(p->mem_ctx);
1081 /* Free the handles database. */
1082 close_policy_by_pipe(p);
1084 delete_nt_token(&p->pipe_user.nt_user_token);
1085 SAFE_FREE(p->pipe_user.groups);
1087 DLIST_REMOVE(InternalPipes, p);
1096 /****************************************************************************
1097 Find an rpc pipe given a pipe handle in a buffer and an offset.
1098 ****************************************************************************/
1100 smb_np_struct *get_rpc_pipe_p(char *buf, int where)
1102 int pnum = SVAL(buf,where);
1107 return get_rpc_pipe(pnum);
1110 /****************************************************************************
1111 Find an rpc pipe given a pipe handle.
1112 ****************************************************************************/
1114 smb_np_struct *get_rpc_pipe(int pnum)
1118 DEBUG(4,("search for pipe pnum=%x\n", pnum));
1120 for (p=Pipes;p;p=p->next)
1121 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
1122 p->name, p->pnum, pipes_open));
1124 for (p=Pipes;p;p=p->next) {
1125 if (p->pnum == pnum) {
git.samba.org / samba.git / blob