3 * Unix SMB/Netbios implementation.
5 * RPC Pipe client / server routines
6 * Copyright (C) Andrew Tridgell 1992-1998,
7 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
8 * Copyright (C) Jeremy Allison 1999.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #define PIPE "\\PIPE\\"
30 #define PIPELEN strlen(PIPE)
32 extern int DEBUGLEVEL;
33 static pipes_struct *chain_p;
34 static int pipes_open;
36 #ifndef MAX_OPEN_PIPES
37 #define MAX_OPEN_PIPES 64
40 static pipes_struct *Pipes;
41 static struct bitmap *bmap;
43 /* this must be larger than the sum of the open files and directories */
44 static int pipe_handle_offset;
46 /****************************************************************************
47 Set the pipe_handle_offset. Called from smbd/files.c
48 ****************************************************************************/
50 void set_pipe_handle_offset(int max_open_files)
52 if(max_open_files < 0x7000)
53 pipe_handle_offset = 0x7000;
55 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
58 /****************************************************************************
59 Reset pipe chain handle number.
60 ****************************************************************************/
61 void reset_chain_p(void)
66 /****************************************************************************
67 Initialise pipe handle states.
68 ****************************************************************************/
70 void init_rpc_pipe_hnd(void)
72 bmap = bitmap_allocate(MAX_OPEN_PIPES);
74 exit_server("out of memory in init_rpc_pipe_hnd\n");
77 /****************************************************************************
78 Initialise an outgoing packet.
79 ****************************************************************************/
81 static BOOL pipe_init_outgoing_data(pipes_struct *p)
83 output_data *o_data = &p->out_data;
85 /* Reset the offset counters. */
86 o_data->data_sent_length = 0;
87 o_data->current_pdu_len = 0;
88 o_data->current_pdu_sent = 0;
90 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
92 /* Free any memory in the current return data buffer. */
93 prs_mem_free(&o_data->rdata);
96 * Initialize the outgoing RPC data buffer.
97 * we will use this as the raw data area for replying to rpc requests.
99 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) {
100 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
107 /****************************************************************************
108 Find first available pipe slot.
109 ****************************************************************************/
111 pipes_struct *open_rpc_pipe_p(char *pipe_name,
112 connection_struct *conn, uint16 vuid)
116 static int next_pipe;
118 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
119 pipe_name, pipes_open));
122 /* not repeating pipe numbers makes it easier to track things in
123 log files and prevents client bugs where pipe numbers are reused
124 over connection restarts */
126 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
128 i = bitmap_find(bmap, next_pipe);
131 DEBUG(0,("ERROR! Out of pipe structures\n"));
135 next_pipe = (i+1) % MAX_OPEN_PIPES;
137 for (p = Pipes; p; p = p->next)
138 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
140 p = (pipes_struct *)malloc(sizeof(*p));
147 if ((p->mem_ctx = talloc_init()) == NULL) {
148 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
156 * Initialize the incoming RPC data buffer with one PDU worth of memory.
157 * We cheat here and say we're marshalling, as we intend to add incoming
158 * data directly into the prs_struct and we want it to auto grow. We will
159 * change the type to UNMARSALLING before processing the stream.
162 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) {
163 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
168 i += pipe_handle_offset;
180 p->max_trans_reply = 0;
182 p->ntlmssp_chal_flags = 0;
183 p->ntlmssp_auth_validated = False;
184 p->ntlmssp_auth_requested = False;
186 p->pipe_bound = False;
187 p->fault_state = False;
190 * Initialize the incoming RPC struct.
193 p->in_data.pdu_needed_len = 0;
194 p->in_data.pdu_received_len = 0;
197 * Initialize the outgoing RPC struct.
200 p->out_data.current_pdu_len = 0;
201 p->out_data.current_pdu_sent = 0;
202 p->out_data.data_sent_length = 0;
205 * Initialize the outgoing RPC data buffer with no memory.
207 prs_init(&p->out_data.rdata, 0, 4, p->mem_ctx, MARSHALL);
209 ZERO_STRUCT(p->pipe_user);
211 p->pipe_user.uid = (uid_t)-1;
212 p->pipe_user.gid = (gid_t)-1;
214 fstrcpy(p->name, pipe_name);
218 Comment out until memory leak fixed. JRA.
221 * For Luke - attempt to connect to RPC redirect process.
224 attempt_remote_rpc_connect(p);
227 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
228 pipe_name, i, pipes_open));
232 /* OVERWRITE p as a temp variable, to display all open pipes */
233 for (p = Pipes; p; p = p->next)
234 DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum));
239 /****************************************************************************
240 Sets the fault state on incoming packets.
241 ****************************************************************************/
243 static void set_incoming_fault(pipes_struct *p)
245 prs_mem_free(&p->in_data.data);
246 p->in_data.pdu_needed_len = 0;
247 p->in_data.pdu_received_len = 0;
248 p->fault_state = True;
249 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : pnum = 0x%x\n",
253 /****************************************************************************
254 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
255 ****************************************************************************/
257 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
259 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
261 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
262 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
263 (unsigned int)p->in_data.pdu_received_len ));
265 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
266 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
268 return (ssize_t)len_needed_to_complete_hdr;
271 /****************************************************************************
272 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
273 ****************************************************************************/
275 static ssize_t unmarshall_rpc_header(pipes_struct *p)
278 * Unmarshall the header to determine the needed length.
283 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
284 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
285 set_incoming_fault(p);
289 prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL);
290 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
291 p->in_data.pdu_received_len, False);
294 * Unmarshall the header as this will tell us how much
295 * data we need to read to get the complete pdu.
298 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
299 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
300 set_incoming_fault(p);
301 prs_mem_free(&rpc_in);
306 * Validate the RPC header.
309 if(p->hdr.major != 5 && p->hdr.minor != 0) {
310 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
311 set_incoming_fault(p);
312 prs_mem_free(&rpc_in);
317 * If there is no data in the incoming buffer and it's a requst pdu then
318 * ensure that the FIRST flag is set. If not then we have
319 * a stream missmatch.
322 if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) {
323 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
324 set_incoming_fault(p);
325 prs_mem_free(&rpc_in);
330 * Ensure that the pdu length is sane.
333 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
334 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
335 set_incoming_fault(p);
336 prs_mem_free(&rpc_in);
340 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
341 (unsigned int)p->hdr.flags ));
344 * Adjust for the header we just ate.
346 p->in_data.pdu_received_len = 0;
347 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
350 * Null the data we just ate.
353 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
355 prs_mem_free(&rpc_in);
357 return 0; /* No extra data processed. */
360 /****************************************************************************
361 Processes a request pdu. This will do auth processing if needed, and
362 appends the data into the complete stream if the LAST flag is not set.
363 ****************************************************************************/
365 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
367 BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal_flags, NTLMSSP_NEGOTIATE_SIGN);
368 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
369 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
372 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
373 set_incoming_fault(p);
378 * Check if we need to do authentication processing.
379 * This is only done on requests, not binds.
383 * Read the RPC request header.
386 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
387 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
388 set_incoming_fault(p);
392 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
393 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
394 set_incoming_fault(p);
398 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
401 * Authentication _was_ requested and it already failed.
404 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
405 authentication failed. Denying the request.\n", p->name));
406 set_incoming_fault(p);
411 * Check the data length doesn't go over the 1Mb limit.
414 if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) {
415 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
416 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
417 set_incoming_fault(p);
422 * Append the data portion into the buffer and return.
426 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
428 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
429 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
430 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
431 set_incoming_fault(p);
437 if(p->hdr.flags & RPC_FLG_LAST) {
440 * Ok - we finally have a complete RPC stream.
441 * Call the rpc command to process it.
445 * Ensure the internal prs buffer size is *exactly* the same
446 * size as the current offset.
449 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
451 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
452 set_incoming_fault(p);
457 * Set the parse offset to the start of the data and set the
458 * prs_struct to UNMARSHALL.
461 prs_set_offset(&p->in_data.data, 0);
462 prs_switch_type(&p->in_data.data, UNMARSHALL);
465 * Process the complete data stream here.
468 if(pipe_init_outgoing_data(p))
469 ret = api_pipe_request(p);
472 * We have consumed the whole data stream. Set back to
473 * marshalling and set the offset back to the start of
474 * the buffer to re-use it (we could also do a prs_mem_free()
475 * and then re_init on the next start of PDU. Not sure which
476 * is best here.... JRA.
479 prs_switch_type(&p->in_data.data, MARSHALL);
480 prs_set_offset(&p->in_data.data, 0);
487 /****************************************************************************
488 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
489 already been parsed and stored in p->hdr.
490 ****************************************************************************/
492 static ssize_t process_complete_pdu(pipes_struct *p)
495 size_t data_len = p->in_data.pdu_received_len;
496 char *data_p = (char *)&p->in_data.current_in_pdu[0];
500 talloc_destroy_pool(p->mem_ctx);
502 p->mem_ctx = talloc_init();
503 if (p->mem_ctx == NULL)
504 p->fault_state = True;
508 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
510 set_incoming_fault(p);
512 return (ssize_t)data_len;
515 prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL);
516 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
518 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
519 (unsigned int)p->hdr.pkt_type ));
521 switch (p->hdr.pkt_type) {
525 * We assume that a pipe bind is only in one pdu.
527 if(pipe_init_outgoing_data(p))
528 reply = api_pipe_bind_req(p, &rpc_in);
532 * We assume that a pipe bind_resp is only in one pdu.
534 if(pipe_init_outgoing_data(p))
535 reply = api_pipe_bind_auth_resp(p, &rpc_in);
538 reply = process_request_pdu(p, &rpc_in);
541 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
546 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
547 set_incoming_fault(p);
549 prs_mem_free(&rpc_in);
552 * Reset the lengths. We're ready for a new pdu.
554 p->in_data.pdu_needed_len = 0;
555 p->in_data.pdu_received_len = 0;
558 prs_mem_free(&rpc_in);
559 return (ssize_t)data_len;
562 /****************************************************************************
563 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
564 ****************************************************************************/
566 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
568 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
570 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
571 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
574 if(data_to_copy == 0) {
576 * This is an error - data is being received and there is no
577 * space in the PDU. Free the received data and go into the fault state.
579 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
580 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
581 set_incoming_fault(p);
586 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
587 * number of bytes before we can do anything.
590 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
592 * Always return here. If we have more data then the RPC_HEADER
593 * will be processed the next time around the loop.
595 return fill_rpc_header(p, data, data_to_copy);
599 * At this point we know we have at least an RPC_HEADER_LEN amount of data
600 * stored in current_in_pdu.
604 * If pdu_needed_len is zero this is a new pdu.
605 * Unmarshall the header so we know how much more
606 * data we need, then loop again.
609 if(p->in_data.pdu_needed_len == 0)
610 return unmarshall_rpc_header(p);
613 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
614 * Keep reading until we have a full pdu.
617 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
620 * Copy as much of the data as we need into the current_in_pdu buffer.
623 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
624 p->in_data.pdu_received_len += data_to_copy;
627 * Do we have a complete PDU ?
630 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
631 return process_complete_pdu(p);
633 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
634 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
636 return (ssize_t)data_to_copy;
640 /****************************************************************************
641 Accepts incoming data on an rpc pipe.
642 ****************************************************************************/
644 ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n)
646 size_t data_left = n;
648 DEBUG(6,("write_to_pipe: %x", p->pnum));
650 DEBUG(6,(" name: %s open: %s len: %d\n",
651 p->name, BOOLSTR(p->open), (int)n));
653 dump_data(50, data, n);
658 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
660 data_used = process_incoming_data(p, data, data_left);
662 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
667 data_left -= data_used;
674 /****************************************************************************
675 Replies to a request to read data from a pipe.
677 Headers are interspersed with the data at PDU intervals. By the time
678 this function is called, the start of the data could possibly have been
679 read by an SMBtrans (file_offset != 0).
681 Calling create_rpc_reply() here is a hack. The data should already
682 have been prepared into arrays of headers + data stream sections.
683 ****************************************************************************/
685 ssize_t read_from_pipe(pipes_struct *p, char *data, size_t n)
687 uint32 pdu_remaining = 0;
688 ssize_t data_returned = 0;
690 if (!p || !p->open) {
691 DEBUG(0,("read_from_pipe: pipe not open\n"));
695 DEBUG(6,("read_from_pipe: %x", p->pnum));
697 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
700 * We cannot return more than one PDU length per
704 if(n > MAX_PDU_FRAG_LEN) {
705 DEBUG(0,("read_from_pipe: loo large read (%u) requested on pipe %s. We can \
706 only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
711 * Determine if there is still data to send in the
712 * pipe PDU buffer. Always send this first. Never
713 * send more than is left in the current PDU. The
714 * client should send a new read request for a new
718 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
719 data_returned = (ssize_t)MIN(n, pdu_remaining);
721 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
722 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
723 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
725 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
726 p->out_data.current_pdu_sent += (uint32)data_returned;
727 return data_returned;
731 * At this point p->current_pdu_len == p->current_pdu_sent (which
732 * may of course be zero if this is the first return fragment.
735 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
736 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
737 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
739 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
741 * We have sent all possible data. Return 0.
747 * We need to create a new PDU from the data left in p->rdata.
748 * Create the header/data/footers. This also sets up the fields
749 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
750 * and stores the outgoing PDU in p->current_pdu.
753 if(!create_next_pdu(p)) {
754 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
758 data_returned = MIN(n, p->out_data.current_pdu_len);
760 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
761 p->out_data.current_pdu_sent += (uint32)data_returned;
762 return data_returned;
765 /****************************************************************************
766 Wait device state on a pipe. Exactly what this is for is unknown...
767 ****************************************************************************/
769 BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority)
775 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
778 p->priority = priority;
783 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
789 /****************************************************************************
790 Set device state on a pipe. Exactly what this is for is unknown...
791 ****************************************************************************/
793 BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state)
799 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
800 device_state, p->name));
802 p->device_state = device_state;
807 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
808 device_state, p->name));
813 /****************************************************************************
815 ****************************************************************************/
817 BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn)
820 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
824 prs_mem_free(&p->out_data.rdata);
825 prs_mem_free(&p->in_data.data);
828 talloc_destroy(p->mem_ctx);
830 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
834 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
835 p->name, p->pnum, pipes_open));
837 DLIST_REMOVE(Pipes, p);
846 /****************************************************************************
847 Find an rpc pipe given a pipe handle in a buffer and an offset.
848 ****************************************************************************/
850 pipes_struct *get_rpc_pipe_p(char *buf, int where)
852 int pnum = SVAL(buf,where);
857 return get_rpc_pipe(pnum);
860 /****************************************************************************
861 Find an rpc pipe given a pipe handle.
862 ****************************************************************************/
864 pipes_struct *get_rpc_pipe(int pnum)
868 DEBUG(4,("search for pipe pnum=%x\n", pnum));
870 for (p=Pipes;p;p=p->next)
871 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
872 p->name, p->pnum, pipes_open));
874 for (p=Pipes;p;p=p->next) {
875 if (p->pnum == pnum) {