3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1998,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
8 * Copyright (C) Jeremy Allison 1999.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define PIPE "\\PIPE\\"
30 #define PIPELEN strlen(PIPE)
32 extern int DEBUGLEVEL;
33 static pipes_struct *chain_p;
34 static int pipes_open;
36 #ifndef MAX_OPEN_PIPES
37 #define MAX_OPEN_PIPES 64
40 static pipes_struct *Pipes;
41 static struct bitmap *bmap;
43 /* this must be larger than the sum of the open files and directories */
44 static int pipe_handle_offset;
46 /****************************************************************************
47 Set the pipe_handle_offset. Called from smbd/files.c
48 ****************************************************************************/
50 void set_pipe_handle_offset(int max_open_files)
52 if(max_open_files < 0x7000)
53 pipe_handle_offset = 0x7000;
55 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
58 /****************************************************************************
59 Reset pipe chain handle number.
60 ****************************************************************************/
61 void reset_chain_p(void)
66 /****************************************************************************
67 Initialise pipe handle states.
68 ****************************************************************************/
70 void init_rpc_pipe_hnd(void)
72 bmap = bitmap_allocate(MAX_OPEN_PIPES);
74 exit_server("out of memory in init_rpc_pipe_hnd\n");
77 /****************************************************************************
78 Initialise an outgoing packet.
79 ****************************************************************************/
81 static BOOL pipe_init_outgoing_data(output_data *o_data)
83 /* Reset the offset counters. */
84 o_data->data_sent_length = 0;
85 o_data->current_pdu_len = 0;
86 o_data->current_pdu_sent = 0;
88 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
90 /* Free any memory in the current return data buffer. */
91 prs_mem_free(&o_data->rdata);
94 * Initialize the outgoing RPC data buffer.
95 * we will use this as the raw data area for replying to rpc requests.
97 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) {
98 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
105 /****************************************************************************
106 Attempt to find a remote process to communicate RPC's with.
107 ****************************************************************************/
111 static void attempt_remote_rpc_connect(pipes_struct *p)
113 struct user_creds usr;
114 user_struct *vuser = get_valid_user_struct(p->vuid);
119 DEBUG(4,("attempt_remote_rpc_connect: invalid vuid %d\n", (int)p->vuid));
125 /* set up unix credentials from the smb side, to feed over the pipe */
126 make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name,
127 vuser->user.full_name, vuser->guest);
129 make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid,
130 vuser->n_groups, vuser->groups);
134 DEBUG(10,("user session key not available (yet).\n"));
135 DEBUG(10,("password-change operations may fail.\n"));
137 #if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT
138 memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key));
140 memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key));
143 /* set up nt credentials from the smb side, to feed over the pipe */
145 make_creds_nt(&usr.ntc);
146 make_creds_nt_sec(&usr.nts);
149 become_root(); /* to connect to pipe */
150 p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False);
154 DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n"));
159 /****************************************************************************
160 Find first available pipe slot.
161 ****************************************************************************/
163 pipes_struct *open_rpc_pipe_p(char *pipe_name,
164 connection_struct *conn, uint16 vuid)
168 static int next_pipe;
170 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
171 pipe_name, pipes_open));
174 /* not repeating pipe numbers makes it easier to track things in
175 log files and prevents client bugs where pipe numbers are reused
176 over connection restarts */
178 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
180 i = bitmap_find(bmap, next_pipe);
183 DEBUG(0,("ERROR! Out of pipe structures\n"));
187 next_pipe = (i+1) % MAX_OPEN_PIPES;
189 for (p = Pipes; p; p = p->next)
190 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
192 p = (pipes_struct *)malloc(sizeof(*p));
202 * Initialize the incoming RPC data buffer with one PDU worth of memory.
203 * We cheat here and say we're marshalling, as we intend to add incoming
204 * data directly into the prs_struct and we want it to auto grow. We will
205 * change the type to UNMARSALLING before processing the stream.
208 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) {
209 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
214 i += pipe_handle_offset;
226 p->max_trans_reply = 0;
228 p->ntlmssp_chal_flags = 0;
229 p->ntlmssp_auth_validated = False;
230 p->ntlmssp_auth_requested = False;
232 p->pipe_bound = False;
233 p->fault_state = False;
236 * Initialize the incoming RPC struct.
239 p->in_data.pdu_needed_len = 0;
240 p->in_data.pdu_received_len = 0;
243 * Initialize the outgoing RPC struct.
246 p->out_data.current_pdu_len = 0;
247 p->out_data.current_pdu_sent = 0;
248 p->out_data.data_sent_length = 0;
251 * Initialize the outgoing RPC data buffer with no memory.
253 prs_init(&p->out_data.rdata, 0, 4, MARSHALL);
255 ZERO_STRUCT(p->pipe_user);
257 p->pipe_user.uid = (uid_t)-1;
258 p->pipe_user.gid = (gid_t)-1;
260 fstrcpy(p->name, pipe_name);
264 Comment out until memory leak fixed. JRA.
267 * For Luke - attempt to connect to RPC redirect process.
270 attempt_remote_rpc_connect(p);
273 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
274 pipe_name, i, pipes_open));
278 /* OVERWRITE p as a temp variable, to display all open pipes */
279 for (p = Pipes; p; p = p->next)
280 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
285 /****************************************************************************
286 Sets the fault state on incoming packets.
287 ****************************************************************************/
289 static void set_incoming_fault(pipes_struct *p)
291 prs_mem_free(&p->in_data.data);
292 p->in_data.pdu_needed_len = 0;
293 p->in_data.pdu_received_len = 0;
294 p->fault_state = True;
295 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
299 /****************************************************************************
300 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
301 ****************************************************************************/
303 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
305 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
307 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
308 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
309 (unsigned int)p->in_data.pdu_received_len ));
311 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
312 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
314 return (ssize_t)len_needed_to_complete_hdr;
317 /****************************************************************************
318 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
319 ****************************************************************************/
321 static ssize_t unmarshall_rpc_header(pipes_struct *p)
324 * Unmarshall the header to determine the needed length.
329 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
330 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
331 set_incoming_fault(p);
335 prs_init( &rpc_in, 0, 4, UNMARSHALL);
336 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
337 p->in_data.pdu_received_len, False);
340 * Unmarshall the header as this will tell us how much
341 * data we need to read to get the complete pdu.
344 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
345 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
346 set_incoming_fault(p);
351 * Validate the RPC header.
354 if(p->hdr.major != 5 && p->hdr.minor != 0) {
355 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
356 set_incoming_fault(p);
361 * If there is no data in the incoming buffer and it's a requst pdu then
362 * ensure that the FIRST flag is set. If not then we have
363 * a stream missmatch.
366 if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) {
367 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
368 set_incoming_fault(p);
373 * Ensure that the pdu length is sane.
376 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
377 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
378 set_incoming_fault(p);
382 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
383 (unsigned int)p->hdr.flags ));
386 * Adjust for the header we just ate.
388 p->in_data.pdu_received_len = 0;
389 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
392 * Null the data we just ate.
395 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
397 return 0; /* No extra data processed. */
400 /****************************************************************************
401 Processes a request pdu. This will do auth processing if needed, and
402 appends the data into the complete stream if the LAST flag is not set.
403 ****************************************************************************/
405 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
407 BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal_flags, NTLMSSP_NEGOTIATE_SIGN);
408 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
409 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
412 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
413 set_incoming_fault(p);
418 * Check if we need to do authentication processing.
419 * This is only done on requests, not binds.
423 * Read the RPC request header.
426 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
427 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
428 set_incoming_fault(p);
432 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
433 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
434 set_incoming_fault(p);
438 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
441 * Authentication _was_ requested and it already failed.
444 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
445 authentication failed. Denying the request.\n", p->name));
446 set_incoming_fault(p);
451 * Check the data length doesn't go over the 1Mb limit.
454 if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) {
455 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
456 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
457 set_incoming_fault(p);
462 * Append the data portion into the buffer and return.
466 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
468 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
469 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
470 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
471 set_incoming_fault(p);
477 if(p->hdr.flags & RPC_FLG_LAST) {
480 * Ok - we finally have a complete RPC stream.
481 * Call the rpc command to process it.
485 * Ensure the internal prs buffer size is *exactly* the same
486 * size as the current offset.
489 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
491 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
492 set_incoming_fault(p);
497 * Set the parse offset to the start of the data and set the
498 * prs_struct to UNMARSHALL.
501 prs_set_offset(&p->in_data.data, 0);
502 prs_switch_type(&p->in_data.data, UNMARSHALL);
505 * Process the complete data stream here.
508 if(pipe_init_outgoing_data(&p->out_data))
509 ret = api_pipe_request(p);
512 * We have consumed the whole data stream. Set back to
513 * marshalling and set the offset back to the start of
514 * the buffer to re-use it (we could also do a prs_mem_free()
515 * and then re_init on the next start of PDU. Not sure which
516 * is best here.... JRA.
519 prs_switch_type(&p->in_data.data, MARSHALL);
520 prs_set_offset(&p->in_data.data, 0);
527 /****************************************************************************
528 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
529 already been parsed and stored in p->hdr.
530 ****************************************************************************/
532 static ssize_t process_complete_pdu(pipes_struct *p)
535 size_t data_len = p->in_data.pdu_received_len;
536 char *data_p = (char *)&p->in_data.current_in_pdu[0];
540 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
542 set_incoming_fault(p);
544 return (ssize_t)data_len;
547 prs_init( &rpc_in, 0, 4, UNMARSHALL);
548 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
550 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
551 (unsigned int)p->hdr.pkt_type ));
553 switch (p->hdr.pkt_type) {
557 * We assume that a pipe bind is only in one pdu.
559 if(pipe_init_outgoing_data(&p->out_data))
560 reply = api_pipe_bind_req(p, &rpc_in);
564 * We assume that a pipe bind_resp is only in one pdu.
566 if(pipe_init_outgoing_data(&p->out_data))
567 reply = api_pipe_bind_auth_resp(p, &rpc_in);
570 reply = process_request_pdu(p, &rpc_in);
573 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
578 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
579 set_incoming_fault(p);
583 * Reset the lengths. We're ready for a new pdu.
585 p->in_data.pdu_needed_len = 0;
586 p->in_data.pdu_received_len = 0;
589 return (ssize_t)data_len;
592 /****************************************************************************
593 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
594 ****************************************************************************/
596 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
598 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
600 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
601 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
604 if(data_to_copy == 0) {
606 * This is an error - data is being received and there is no
607 * space in the PDU. Free the received data and go into the fault state.
609 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
610 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
611 set_incoming_fault(p);
616 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
617 * number of bytes before we can do anything.
620 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
622 * Always return here. If we have more data then the RPC_HEADER
623 * will be processed the next time around the loop.
625 return fill_rpc_header(p, data, data_to_copy);
629 * At this point we know we have at least an RPC_HEADER_LEN amount of data
630 * stored in current_in_pdu.
634 * If pdu_needed_len is zero this is a new pdu.
635 * Unmarshall the header so we know how much more
636 * data we need, then loop again.
639 if(p->in_data.pdu_needed_len == 0)
640 return unmarshall_rpc_header(p);
643 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
644 * Keep reading until we have a full pdu.
647 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
650 * Copy as much of the data as we need into the current_in_pdu buffer.
653 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
654 p->in_data.pdu_received_len += data_to_copy;
657 * Do we have a complete PDU ?
660 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
661 return process_complete_pdu(p);
663 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
664 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
666 return (ssize_t)data_to_copy;
670 /****************************************************************************
671 Accepts incoming data on an rpc pipe.
672 ****************************************************************************/
674 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
676 size_t data_left = n;
678 DEBUG(6,("write_to_pipe: %x", p->pnum));
680 DEBUG(6,(" name: %s open: %s len: %d\n",
681 p->name, BOOLSTR(p->open), (int)n));
683 dump_data(50, data, n);
688 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
691 * Deal with the redirect to the remote RPC daemon.
695 data_used = write(p->m->fd, data, data_left);
697 data_used = process_incoming_data(p, data, data_left);
699 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
704 data_left -= data_used;
711 /****************************************************************************
712 Gets data from a remote TNG daemon. Gets data from the remote daemon into
713 the outgoing prs_struct.
715 NB. Note to Luke : This code will be broken until Luke implements a length
716 field before reply data...
718 ****************************************************************************/
720 static BOOL read_from_remote(pipes_struct *p)
723 uint32 data_len_left;
725 if(prs_offset(&p->out_data.rdata) == 0) {
730 * Read all the reply data as a stream of pre-created
731 * PDU's from the remote deamon into the rdata struct.
735 * Create the response data buffer.
738 if(!pipe_init_outgoing_data(&p->out_data)) {
739 DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n"));
743 /* Read from remote here. */
744 if((len = read_with_timeout(p->m->fd, prs_data_p(&p->out_data.rdata), 1, 65536, 10000)) < 0) {
745 DEBUG(0,("read_from_remote: failed to read from external daemon.\n"));
746 prs_mem_free(&p->out_data.rdata);
750 /* Set the length we got. */
751 prs_set_offset(&p->out_data.rdata, (uint32)len);
755 * The amount we send is the minimum of the available
756 * space and the amount left to send.
759 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
762 * Ensure there really is data left to send.
766 DEBUG(0,("read_from_remote: no data left to send !\n"));
770 data_len = MIN(data_len_left, MAX_PDU_FRAG_LEN);
772 return False; /* Notfinished... */
775 /****************************************************************************
776 Replies to a request to read data from a pipe.
778 Headers are interspersed with the data at PDU intervals. By the time
779 this function is called, the start of the data could possibly have been
780 read by an SMBtrans (file_offset != 0).
782 Calling create_rpc_reply() here is a hack. The data should already
783 have been prepared into arrays of headers + data stream sections.
784 ****************************************************************************/
786 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
788 uint32 pdu_remaining = 0;
789 ssize_t data_returned = 0;
791 if (!p || !p->open) {
792 DEBUG(0,("read_from_pipe: pipe not open\n"));
796 DEBUG(6,("read_from_pipe: %x", p->pnum));
798 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
801 * We cannot return more than one PDU length per
805 if(n > MAX_PDU_FRAG_LEN) {
806 DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \
807 only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
812 * Determine if there is still data to send in the
813 * pipe PDU buffer. Always send this first. Never
814 * send more than is left in the current PDU. The
815 * client should send a new read request for a new
819 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
820 data_returned = (ssize_t)MIN(n, pdu_remaining);
822 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
823 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
824 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
826 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
827 p->out_data.current_pdu_sent += (uint32)data_returned;
828 return data_returned;
832 * At this point p->current_pdu_len == p->current_pdu_sent (which
833 * may of course be zero if this is the first return fragment.
836 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
837 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
838 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
840 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
842 * We have sent all possible data. Return 0.
849 * Remote to the RPC daemon.
851 if(!read_from_remote(p)) {
852 DEBUG(0,("read_from_pipe: %s: read_from_remote failed.\n", p->name ));
859 * We need to create a new PDU from the data left in p->rdata.
860 * Create the header/data/footers. This also sets up the fields
861 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
862 * and stores the outgoing PDU in p->current_pdu.
865 if(!create_next_pdu(p)) {
866 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
871 data_returned = MIN(n, p->out_data.current_pdu_len);
873 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
874 p->out_data.current_pdu_sent += (uint32)data_returned;
875 return data_returned;
878 /****************************************************************************
879 Wait device state on a pipe. Exactly what this is for is unknown...
880 ****************************************************************************/
882 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
888 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
891 p->priority = priority;
896 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
902 /****************************************************************************
903 Set device state on a pipe. Exactly what this is for is unknown...
904 ****************************************************************************/
906 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
912 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
913 device_state, p->name));
915 p->device_state = device_state;
920 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
921 device_state, p->name));
926 /****************************************************************************
928 ****************************************************************************/
930 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
933 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
937 prs_mem_free(&p->out_data.rdata);
938 prs_mem_free(&p->in_data.data);
940 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
945 DEBUG(4,("close_rpc_pipe_hnd: closing msrpc redirect: "));
946 if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL))
949 DEBUG(4,("FAILED\n"));
952 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
953 p->name, p->pnum, pipes_open));
955 DLIST_REMOVE(Pipes, p);
964 /****************************************************************************
965 Find an rpc pipe given a pipe handle in a buffer and an offset.
966 ****************************************************************************/
968 pipes_struct *get_rpc_pipe_p(char *buf, int where)
970 int pnum = SVAL(buf,where);
975 return get_rpc_pipe(pnum);
978 /****************************************************************************
979 Find an rpc pipe given a pipe handle.
980 ****************************************************************************/
982 pipes_struct *get_rpc_pipe(int pnum)
986 DEBUG(4,("search for pipe pnum=%x\n", pnum));
988 for (p=Pipes;p;p=p->next)
989 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
990 p->name, p->pnum, pipes_open));
992 for (p=Pipes;p;p=p->next) {
993 if (p->pnum == pnum) {