2 * Unix SMB/Netbios implementation.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998,
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define PIPE "\\PIPE\\"
27 #define PIPELEN strlen(PIPE)
29 static smb_np_struct *chain_p;
30 static int pipes_open;
32 #ifndef MAX_OPEN_PIPES
33 #define MAX_OPEN_PIPES 2048
36 static smb_np_struct *Pipes;
37 static pipes_struct *InternalPipes;
38 static struct bitmap *bmap;
41 * the following prototypes are declared here to avoid
42 * code being moved about too much for a patch to be
43 * disrupted / less obvious.
45 * these functions, and associated functions that they
46 * call, should be moved behind a .so module-loading
47 * system _anyway_. so that's the next step...
50 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
51 BOOL *is_data_outstanding);
52 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n);
53 static BOOL close_internal_rpc_pipe_hnd(void *np_conn);
54 static void *make_internal_rpc_pipe_p(char *pipe_name,
55 connection_struct *conn, uint16 vuid);
57 /****************************************************************************
58 Pipe iterator functions.
59 ****************************************************************************/
61 smb_np_struct *get_first_pipe(void)
66 smb_np_struct *get_next_pipe(smb_np_struct *p)
71 /****************************************************************************
72 Internal Pipe iterator functions.
73 ****************************************************************************/
75 pipes_struct *get_first_internal_pipe(void)
80 pipes_struct *get_next_internal_pipe(pipes_struct *p)
85 /* this must be larger than the sum of the open files and directories */
86 static int pipe_handle_offset;
88 /****************************************************************************
89 Set the pipe_handle_offset. Called from smbd/files.c
90 ****************************************************************************/
92 void set_pipe_handle_offset(int max_open_files)
94 if(max_open_files < 0x7000)
95 pipe_handle_offset = 0x7000;
97 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
100 /****************************************************************************
101 Reset pipe chain handle number.
102 ****************************************************************************/
103 void reset_chain_p(void)
108 /****************************************************************************
109 Initialise pipe handle states.
110 ****************************************************************************/
112 void init_rpc_pipe_hnd(void)
114 bmap = bitmap_allocate(MAX_OPEN_PIPES);
116 exit_server("out of memory in init_rpc_pipe_hnd");
119 /****************************************************************************
120 Initialise an outgoing packet.
121 ****************************************************************************/
123 static BOOL pipe_init_outgoing_data(pipes_struct *p)
125 output_data *o_data = &p->out_data;
127 /* Reset the offset counters. */
128 o_data->data_sent_length = 0;
129 o_data->current_pdu_len = 0;
130 o_data->current_pdu_sent = 0;
132 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
134 /* Free any memory in the current return data buffer. */
135 prs_mem_free(&o_data->rdata);
138 * Initialize the outgoing RPC data buffer.
139 * we will use this as the raw data area for replying to rpc requests.
141 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
142 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
149 /****************************************************************************
150 Find first available pipe slot.
151 ****************************************************************************/
153 smb_np_struct *open_rpc_pipe_p(char *pipe_name,
154 connection_struct *conn, uint16 vuid)
157 smb_np_struct *p, *p_it;
158 static int next_pipe;
160 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
161 pipe_name, pipes_open));
164 /* not repeating pipe numbers makes it easier to track things in
165 log files and prevents client bugs where pipe numbers are reused
166 over connection restarts */
168 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
170 i = bitmap_find(bmap, next_pipe);
173 DEBUG(0,("ERROR! Out of pipe structures\n"));
177 next_pipe = (i+1) % MAX_OPEN_PIPES;
179 for (p = Pipes; p; p = p->next)
180 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
182 p = (smb_np_struct *)malloc(sizeof(*p));
186 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
192 /* add a dso mechanism instead of this, here */
194 p->namedpipe_create = make_internal_rpc_pipe_p;
195 p->namedpipe_read = read_from_internal_pipe;
196 p->namedpipe_write = write_to_internal_pipe;
197 p->namedpipe_close = close_internal_rpc_pipe_hnd;
199 p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
201 if (p->np_state == NULL) {
203 DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
212 * Initialize the incoming RPC data buffer with one PDU worth of memory.
213 * We cheat here and say we're marshalling, as we intend to add incoming
214 * data directly into the prs_struct and we want it to auto grow. We will
215 * change the type to UNMARSALLING before processing the stream.
219 i += pipe_handle_offset;
231 p->max_trans_reply = 0;
233 fstrcpy(p->name, pipe_name);
235 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
236 pipe_name, i, pipes_open));
240 /* Iterate over p_it as a temp variable, to display all open pipes */
241 for (p_it = Pipes; p_it; p_it = p_it->next)
242 DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));
247 /****************************************************************************
248 * make an internal namedpipes structure
249 ****************************************************************************/
251 static void *make_internal_rpc_pipe_p(char *pipe_name,
252 connection_struct *conn, uint16 vuid)
256 DEBUG(4,("Create pipe requested %s\n", pipe_name));
258 p = (pipes_struct *)malloc(sizeof(*p));
262 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
268 if ((p->mem_ctx = talloc_init()) == NULL) {
269 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
274 if (!init_pipe_handle_list(p, pipe_name)) {
275 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
276 talloc_destroy(p->mem_ctx);
282 * Initialize the incoming RPC data buffer with one PDU worth of memory.
283 * We cheat here and say we're marshalling, as we intend to add incoming
284 * data directly into the prs_struct and we want it to auto grow. We will
285 * change the type to UNMARSALLING before processing the stream.
288 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
289 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
293 DLIST_ADD(InternalPipes, p);
298 p->ntlmssp_chal_flags = 0;
299 p->ntlmssp_auth_validated = False;
300 p->ntlmssp_auth_requested = False;
302 p->pipe_bound = False;
303 p->fault_state = False;
304 p->endian = RPC_LITTLE_ENDIAN;
306 ZERO_STRUCT(p->pipe_user);
308 p->pipe_user.uid = (uid_t)-1;
309 p->pipe_user.gid = (gid_t)-1;
312 * Initialize the incoming RPC struct.
315 p->in_data.pdu_needed_len = 0;
316 p->in_data.pdu_received_len = 0;
319 * Initialize the outgoing RPC struct.
322 p->out_data.current_pdu_len = 0;
323 p->out_data.current_pdu_sent = 0;
324 p->out_data.data_sent_length = 0;
327 * Initialize the outgoing RPC data buffer with no memory.
329 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
331 fstrcpy(p->name, pipe_name);
333 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
334 pipe_name, pipes_open));
339 /****************************************************************************
340 Sets the fault state on incoming packets.
341 ****************************************************************************/
343 static void set_incoming_fault(pipes_struct *p)
345 prs_mem_free(&p->in_data.data);
346 p->in_data.pdu_needed_len = 0;
347 p->in_data.pdu_received_len = 0;
348 p->fault_state = True;
349 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n",
353 /****************************************************************************
354 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
355 ****************************************************************************/
357 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
359 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
361 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
362 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
363 (unsigned int)p->in_data.pdu_received_len ));
365 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
366 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
368 return (ssize_t)len_needed_to_complete_hdr;
371 /****************************************************************************
372 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
373 ****************************************************************************/
375 static ssize_t unmarshall_rpc_header(pipes_struct *p)
378 * Unmarshall the header to determine the needed length.
383 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
384 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
385 set_incoming_fault(p);
389 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
390 prs_set_endian_data( &rpc_in, p->endian);
392 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
393 p->in_data.pdu_received_len, False);
396 * Unmarshall the header as this will tell us how much
397 * data we need to read to get the complete pdu.
398 * This also sets the endian flag in rpc_in.
401 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
402 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
403 set_incoming_fault(p);
404 prs_mem_free(&rpc_in);
409 * Validate the RPC header.
412 if(p->hdr.major != 5 && p->hdr.minor != 0) {
413 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
414 set_incoming_fault(p);
415 prs_mem_free(&rpc_in);
420 * If there's not data in the incoming buffer this should be the start of a new RPC.
423 if(prs_offset(&p->in_data.data) == 0) {
426 * AS/U doesn't set FIRST flag in a BIND packet it seems.
429 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
431 * Ensure that the FIRST flag is set. If not then we have
432 * a stream missmatch.
435 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
436 set_incoming_fault(p);
437 prs_mem_free(&rpc_in);
442 * If this is the first PDU then set the endianness
443 * flag in the pipe. We will need this when parsing all
447 p->endian = rpc_in.bigendian_data;
449 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
450 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
455 * If this is *NOT* the first PDU then check the endianness
456 * flag in the pipe is the same as that in the PDU.
459 if (p->endian != rpc_in.bigendian_data) {
460 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
461 set_incoming_fault(p);
462 prs_mem_free(&rpc_in);
468 * Ensure that the pdu length is sane.
471 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
472 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
473 set_incoming_fault(p);
474 prs_mem_free(&rpc_in);
478 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
479 (unsigned int)p->hdr.flags ));
482 * Adjust for the header we just ate.
484 p->in_data.pdu_received_len = 0;
485 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
488 * Null the data we just ate.
491 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
493 prs_mem_free(&rpc_in);
495 return 0; /* No extra data processed. */
498 /****************************************************************************
499 Call this to free any talloc'ed memory. Do this before and after processing
501 ****************************************************************************/
503 void free_pipe_context(pipes_struct *p)
506 DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) ));
507 talloc_destroy_pool(p->mem_ctx);
509 p->mem_ctx = talloc_init();
510 if (p->mem_ctx == NULL)
511 p->fault_state = True;
515 /****************************************************************************
516 Processes a request pdu. This will do auth processing if needed, and
517 appends the data into the complete stream if the LAST flag is not set.
518 ****************************************************************************/
520 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
522 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
523 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
524 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
527 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
528 set_incoming_fault(p);
533 * Check if we need to do authentication processing.
534 * This is only done on requests, not binds.
538 * Read the RPC request header.
541 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
542 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
543 set_incoming_fault(p);
547 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
548 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
549 set_incoming_fault(p);
553 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
556 * Authentication _was_ requested and it already failed.
559 DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \
560 authentication failed. Denying the request.\n", p->name));
561 set_incoming_fault(p);
566 * Check the data length doesn't go over the 10Mb limit.
569 if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) {
570 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
571 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
572 set_incoming_fault(p);
577 * Append the data portion into the buffer and return.
581 char *data_from = prs_data_p(rpc_in_p) + prs_offset(rpc_in_p);
583 if(!prs_append_data(&p->in_data.data, data_from, data_len)) {
584 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
585 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
586 set_incoming_fault(p);
592 if(p->hdr.flags & RPC_FLG_LAST) {
595 * Ok - we finally have a complete RPC stream.
596 * Call the rpc command to process it.
600 * Ensure the internal prs buffer size is *exactly* the same
601 * size as the current offset.
604 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
606 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
607 set_incoming_fault(p);
612 * Set the parse offset to the start of the data and set the
613 * prs_struct to UNMARSHALL.
616 prs_set_offset(&p->in_data.data, 0);
617 prs_switch_type(&p->in_data.data, UNMARSHALL);
620 * Process the complete data stream here.
623 free_pipe_context(p);
625 if(pipe_init_outgoing_data(p))
626 ret = api_pipe_request(p);
628 free_pipe_context(p);
631 * We have consumed the whole data stream. Set back to
632 * marshalling and set the offset back to the start of
633 * the buffer to re-use it (we could also do a prs_mem_free()
634 * and then re_init on the next start of PDU. Not sure which
635 * is best here.... JRA.
638 prs_switch_type(&p->in_data.data, MARSHALL);
639 prs_set_offset(&p->in_data.data, 0);
646 /****************************************************************************
647 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
648 already been parsed and stored in p->hdr.
649 ****************************************************************************/
651 static ssize_t process_complete_pdu(pipes_struct *p)
654 size_t data_len = p->in_data.pdu_received_len;
655 char *data_p = (char *)&p->in_data.current_in_pdu[0];
659 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
661 set_incoming_fault(p);
662 setup_fault_pdu(p, NT_STATUS(0x1c010002));
663 return (ssize_t)data_len;
666 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
669 * Ensure we're using the corrent endianness for both the
670 * RPC header flags and the raw data we will be reading from.
673 prs_set_endian_data( &rpc_in, p->endian);
674 prs_set_endian_data( &p->in_data.data, p->endian);
676 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
678 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
679 (unsigned int)p->hdr.pkt_type ));
681 switch (p->hdr.pkt_type) {
685 * We assume that a pipe bind is only in one pdu.
687 if(pipe_init_outgoing_data(p))
688 reply = api_pipe_bind_req(p, &rpc_in);
692 * We assume that a pipe bind_resp is only in one pdu.
694 if(pipe_init_outgoing_data(p))
695 reply = api_pipe_bind_auth_resp(p, &rpc_in);
698 reply = process_request_pdu(p, &rpc_in);
701 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
705 /* Reset to little endian. Probably don't need this but it won't hurt. */
706 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
709 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
710 set_incoming_fault(p);
711 setup_fault_pdu(p, NT_STATUS(0x1c010002));
712 prs_mem_free(&rpc_in);
715 * Reset the lengths. We're ready for a new pdu.
717 p->in_data.pdu_needed_len = 0;
718 p->in_data.pdu_received_len = 0;
721 prs_mem_free(&rpc_in);
722 return (ssize_t)data_len;
725 /****************************************************************************
726 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
727 ****************************************************************************/
729 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
731 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
733 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
734 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
737 if(data_to_copy == 0) {
739 * This is an error - data is being received and there is no
740 * space in the PDU. Free the received data and go into the fault state.
742 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
743 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
744 set_incoming_fault(p);
749 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
750 * number of bytes before we can do anything.
753 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
755 * Always return here. If we have more data then the RPC_HEADER
756 * will be processed the next time around the loop.
758 return fill_rpc_header(p, data, data_to_copy);
762 * At this point we know we have at least an RPC_HEADER_LEN amount of data
763 * stored in current_in_pdu.
767 * If pdu_needed_len is zero this is a new pdu.
768 * Unmarshall the header so we know how much more
769 * data we need, then loop again.
772 if(p->in_data.pdu_needed_len == 0)
773 return unmarshall_rpc_header(p);
776 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
777 * Keep reading until we have a full pdu.
780 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
783 * Copy as much of the data as we need into the current_in_pdu buffer.
786 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
787 p->in_data.pdu_received_len += data_to_copy;
790 * Do we have a complete PDU ?
793 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
794 return process_complete_pdu(p);
796 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
797 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
799 return (ssize_t)data_to_copy;
803 /****************************************************************************
804 Accepts incoming data on an rpc pipe.
805 ****************************************************************************/
807 ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n)
809 DEBUG(6,("write_to_pipe: %x", p->pnum));
811 DEBUG(6,(" name: %s open: %s len: %d\n",
812 p->name, BOOLSTR(p->open), (int)n));
814 dump_data(50, data, n);
816 return p->namedpipe_write(p->np_state, data, n);
819 /****************************************************************************
820 Accepts incoming data on an internal rpc pipe.
821 ****************************************************************************/
823 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n)
825 pipes_struct *p = (pipes_struct*)np_conn;
826 size_t data_left = n;
831 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
833 data_used = process_incoming_data(p, data, data_left);
835 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
840 data_left -= data_used;
847 /****************************************************************************
848 Replies to a request to read data from a pipe.
850 Headers are interspersed with the data at PDU intervals. By the time
851 this function is called, the start of the data could possibly have been
852 read by an SMBtrans (file_offset != 0).
854 Calling create_rpc_reply() here is a hack. The data should already
855 have been prepared into arrays of headers + data stream sections.
856 ****************************************************************************/
858 ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n,
859 BOOL *is_data_outstanding)
861 if (!p || !p->open) {
862 DEBUG(0,("read_from_pipe: pipe not open\n"));
866 DEBUG(6,("read_from_pipe: %x", p->pnum));
868 return p->namedpipe_read(p->np_state, data, n, is_data_outstanding);
871 /****************************************************************************
872 Replies to a request to read data from a pipe.
874 Headers are interspersed with the data at PDU intervals. By the time
875 this function is called, the start of the data could possibly have been
876 read by an SMBtrans (file_offset != 0).
878 Calling create_rpc_reply() here is a hack. The data should already
879 have been prepared into arrays of headers + data stream sections.
880 ****************************************************************************/
882 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
883 BOOL *is_data_outstanding)
885 pipes_struct *p = (pipes_struct*)np_conn;
886 uint32 pdu_remaining = 0;
887 ssize_t data_returned = 0;
890 DEBUG(0,("read_from_pipe: pipe not open\n"));
894 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
897 * We cannot return more than one PDU length per
902 * This condition should result in the connection being closed.
903 * Netapp filers seem to set it to 0xffff which results in domain
904 * authentications failing. Just ignore it so things work.
907 if(n > MAX_PDU_FRAG_LEN) {
908 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
909 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
913 * Determine if there is still data to send in the
914 * pipe PDU buffer. Always send this first. Never
915 * send more than is left in the current PDU. The
916 * client should send a new read request for a new
920 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
921 data_returned = (ssize_t)MIN(n, pdu_remaining);
923 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
924 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
925 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
927 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
928 p->out_data.current_pdu_sent += (uint32)data_returned;
933 * At this point p->current_pdu_len == p->current_pdu_sent (which
934 * may of course be zero if this is the first return fragment.
937 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
938 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
939 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
941 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
943 * We have sent all possible data, return 0.
950 * We need to create a new PDU from the data left in p->rdata.
951 * Create the header/data/footers. This also sets up the fields
952 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
953 * and stores the outgoing PDU in p->current_pdu.
956 if(!create_next_pdu(p)) {
957 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
961 data_returned = MIN(n, p->out_data.current_pdu_len);
963 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
964 p->out_data.current_pdu_sent += (uint32)data_returned;
968 (*is_data_outstanding) = p->out_data.current_pdu_len > n;
969 return data_returned;
972 /****************************************************************************
973 Wait device state on a pipe. Exactly what this is for is unknown...
974 ****************************************************************************/
976 BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority)
982 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
985 p->priority = priority;
990 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
996 /****************************************************************************
997 Set device state on a pipe. Exactly what this is for is unknown...
998 ****************************************************************************/
1000 BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state)
1006 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
1007 device_state, p->name));
1009 p->device_state = device_state;
1014 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
1015 device_state, p->name));
1020 /****************************************************************************
1022 ****************************************************************************/
1024 BOOL close_rpc_pipe_hnd(smb_np_struct *p)
1027 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
1031 p->namedpipe_close(p->np_state);
1033 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
1037 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
1038 p->name, p->pnum, pipes_open));
1040 DLIST_REMOVE(Pipes, p);
1049 /****************************************************************************
1051 ****************************************************************************/
1053 static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
1055 pipes_struct *p = (pipes_struct *)np_conn;
1057 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
1061 prs_mem_free(&p->out_data.rdata);
1062 prs_mem_free(&p->in_data.data);
1065 talloc_destroy(p->mem_ctx);
1067 /* Free the handles database. */
1068 close_policy_by_pipe(p);
1070 delete_nt_token(&p->pipe_user.nt_user_token);
1071 SAFE_FREE(p->pipe_user.groups);
1073 DLIST_REMOVE(InternalPipes, p);
1082 /****************************************************************************
1083 Find an rpc pipe given a pipe handle in a buffer and an offset.
1084 ****************************************************************************/
1086 smb_np_struct *get_rpc_pipe_p(char *buf, int where)
1088 int pnum = SVAL(buf,where);
1093 return get_rpc_pipe(pnum);
1096 /****************************************************************************
1097 Find an rpc pipe given a pipe handle.
1098 ****************************************************************************/
1100 smb_np_struct *get_rpc_pipe(int pnum)
1104 DEBUG(4,("search for pipe pnum=%x\n", pnum));
1106 for (p=Pipes;p;p=p->next)
1107 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
1108 p->name, p->pnum, pipes_open));
1110 for (p=Pipes;p;p=p->next) {
1111 if (p->pnum == pnum) {