2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Jeremy Allison 1999.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #define DBGC_CLASS DBGC_RPC_SRV
28 #define PIPE "\\PIPE\\"
29 #define PIPELEN strlen(PIPE)
31 static smb_np_struct *chain_p;
32 static int pipes_open;
35 * Sometimes I can't decide if I hate Windows printer driver
36 * writers more than I hate the Windows spooler service driver
37 * writers. This gets around a combination of bugs in the spooler
38 * and the HP 8500 PCL driver that causes a spooler spin. JRA.
40 * bumped up from 20 -> 64 after viewing traffic from WordPerfect
41 * 2002 running on NT 4.- SP6
42 * bumped up from 64 -> 256 after viewing traffic from con2prt
43 * for lots of printers on a WinNT 4.x SP6 box.
46 #ifndef MAX_OPEN_SPOOLSS_PIPES
47 #define MAX_OPEN_SPOOLSS_PIPES 256
49 static int current_spoolss_pipes_open;
51 static smb_np_struct *Pipes;
52 static pipes_struct *InternalPipes;
53 static struct bitmap *bmap;
56 * the following prototypes are declared here to avoid
57 * code being moved about too much for a patch to be
58 * disrupted / less obvious.
60 * these functions, and associated functions that they
61 * call, should be moved behind a .so module-loading
62 * system _anyway_. so that's the next step...
65 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
66 BOOL *is_data_outstanding);
67 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n);
68 static BOOL close_internal_rpc_pipe_hnd(void *np_conn);
69 static void *make_internal_rpc_pipe_p(char *pipe_name,
70 connection_struct *conn, uint16 vuid);
72 /****************************************************************************
73 Pipe iterator functions.
74 ****************************************************************************/
76 smb_np_struct *get_first_pipe(void)
81 smb_np_struct *get_next_pipe(smb_np_struct *p)
86 /****************************************************************************
87 Internal Pipe iterator functions.
88 ****************************************************************************/
90 pipes_struct *get_first_internal_pipe(void)
95 pipes_struct *get_next_internal_pipe(pipes_struct *p)
100 /* this must be larger than the sum of the open files and directories */
101 static int pipe_handle_offset;
103 /****************************************************************************
104 Set the pipe_handle_offset. Called from smbd/files.c
105 ****************************************************************************/
107 void set_pipe_handle_offset(int max_open_files)
109 if(max_open_files < 0x7000)
110 pipe_handle_offset = 0x7000;
112 pipe_handle_offset = max_open_files + 10; /* For safety. :-) */
115 /****************************************************************************
116 Reset pipe chain handle number.
117 ****************************************************************************/
119 void reset_chain_p(void)
124 /****************************************************************************
125 Initialise pipe handle states.
126 ****************************************************************************/
128 void init_rpc_pipe_hnd(void)
130 bmap = bitmap_allocate(MAX_OPEN_PIPES);
132 exit_server("out of memory in init_rpc_pipe_hnd");
135 /****************************************************************************
136 Initialise an outgoing packet.
137 ****************************************************************************/
139 static BOOL pipe_init_outgoing_data(pipes_struct *p)
141 output_data *o_data = &p->out_data;
143 /* Reset the offset counters. */
144 o_data->data_sent_length = 0;
145 o_data->current_pdu_len = 0;
146 o_data->current_pdu_sent = 0;
148 memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu));
150 /* Free any memory in the current return data buffer. */
151 prs_mem_free(&o_data->rdata);
154 * Initialize the outgoing RPC data buffer.
155 * we will use this as the raw data area for replying to rpc requests.
157 if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
158 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
165 /****************************************************************************
166 Find first available pipe slot.
167 ****************************************************************************/
169 smb_np_struct *open_rpc_pipe_p(char *pipe_name,
170 connection_struct *conn, uint16 vuid)
173 smb_np_struct *p, *p_it;
174 static int next_pipe;
175 BOOL is_spoolss_pipe = False;
177 DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n",
178 pipe_name, pipes_open));
180 if (strstr(pipe_name, "spoolss"))
181 is_spoolss_pipe = True;
183 if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) {
184 DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n",
189 /* not repeating pipe numbers makes it easier to track things in
190 log files and prevents client bugs where pipe numbers are reused
191 over connection restarts */
193 next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES;
195 i = bitmap_find(bmap, next_pipe);
198 DEBUG(0,("ERROR! Out of pipe structures\n"));
202 next_pipe = (i+1) % MAX_OPEN_PIPES;
204 for (p = Pipes; p; p = p->next)
205 DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
207 p = SMB_MALLOC_P(smb_np_struct);
209 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
215 /* add a dso mechanism instead of this, here */
217 p->namedpipe_create = make_internal_rpc_pipe_p;
218 p->namedpipe_read = read_from_internal_pipe;
219 p->namedpipe_write = write_to_internal_pipe;
220 p->namedpipe_close = close_internal_rpc_pipe_hnd;
222 p->np_state = p->namedpipe_create(pipe_name, conn, vuid);
224 if (p->np_state == NULL) {
225 DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n"));
233 * Initialize the incoming RPC data buffer with one PDU worth of memory.
234 * We cheat here and say we're marshalling, as we intend to add incoming
235 * data directly into the prs_struct and we want it to auto grow. We will
236 * change the type to UNMARSALLING before processing the stream.
240 i += pipe_handle_offset;
252 p->max_trans_reply = 0;
254 fstrcpy(p->name, pipe_name);
256 DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n",
257 pipe_name, i, pipes_open));
261 /* Iterate over p_it as a temp variable, to display all open pipes */
262 for (p_it = Pipes; p_it; p_it = p_it->next)
263 DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum));
268 /****************************************************************************
269 Make an internal namedpipes structure
270 ****************************************************************************/
272 static void *make_internal_rpc_pipe_p(char *pipe_name,
273 connection_struct *conn, uint16 vuid)
276 user_struct *vuser = get_valid_user_struct(vuid);
278 DEBUG(4,("Create pipe requested %s\n", pipe_name));
280 if (!vuser && vuid != UID_FIELD_INVALID) {
281 DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid));
285 p = SMB_MALLOC_P(pipes_struct);
288 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
294 if ((p->mem_ctx = talloc_init("pipe %s %p", pipe_name, p)) == NULL) {
295 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
300 if (!init_pipe_handle_list(p, pipe_name)) {
301 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
302 talloc_destroy(p->mem_ctx);
308 * Initialize the incoming RPC data buffer with one PDU worth of memory.
309 * We cheat here and say we're marshalling, as we intend to add incoming
310 * data directly into the prs_struct and we want it to auto grow. We will
311 * change the type to UNMARSALLING before processing the stream.
314 if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) {
315 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
319 DLIST_ADD(InternalPipes, p);
323 /* Ensure the connection isn't idled whilst this pipe is open. */
324 p->conn->num_files_open++;
328 p->ntlmssp_chal_flags = 0;
329 p->ntlmssp_auth_validated = False;
330 p->ntlmssp_auth_requested = False;
332 p->pipe_bound = False;
333 p->fault_state = False;
334 p->endian = RPC_LITTLE_ENDIAN;
336 ZERO_STRUCT(p->pipe_user);
338 p->pipe_user.uid = (uid_t)-1;
339 p->pipe_user.gid = (gid_t)-1;
341 /* Store the session key and NT_TOKEN */
343 p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length);
344 p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token);
348 * Initialize the incoming RPC struct.
351 p->in_data.pdu_needed_len = 0;
352 p->in_data.pdu_received_len = 0;
355 * Initialize the outgoing RPC struct.
358 p->out_data.current_pdu_len = 0;
359 p->out_data.current_pdu_sent = 0;
360 p->out_data.data_sent_length = 0;
363 * Initialize the outgoing RPC data buffer with no memory.
365 prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
367 fstrcpy(p->name, pipe_name);
369 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
370 pipe_name, pipes_open));
375 /****************************************************************************
376 Sets the fault state on incoming packets.
377 ****************************************************************************/
379 static void set_incoming_fault(pipes_struct *p)
381 prs_mem_free(&p->in_data.data);
382 p->in_data.pdu_needed_len = 0;
383 p->in_data.pdu_received_len = 0;
384 p->fault_state = True;
385 DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n",
389 /****************************************************************************
390 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
391 ****************************************************************************/
393 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
395 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
397 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
398 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
399 (unsigned int)p->in_data.pdu_received_len ));
401 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
402 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
404 return (ssize_t)len_needed_to_complete_hdr;
407 /****************************************************************************
408 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
409 ****************************************************************************/
411 static ssize_t unmarshall_rpc_header(pipes_struct *p)
414 * Unmarshall the header to determine the needed length.
419 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
420 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
421 set_incoming_fault(p);
425 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
426 prs_set_endian_data( &rpc_in, p->endian);
428 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
429 p->in_data.pdu_received_len, False);
432 * Unmarshall the header as this will tell us how much
433 * data we need to read to get the complete pdu.
434 * This also sets the endian flag in rpc_in.
437 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
438 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
439 set_incoming_fault(p);
440 prs_mem_free(&rpc_in);
445 * Validate the RPC header.
448 if(p->hdr.major != 5 && p->hdr.minor != 0) {
449 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
450 set_incoming_fault(p);
451 prs_mem_free(&rpc_in);
456 * If there's not data in the incoming buffer this should be the start of a new RPC.
459 if(prs_offset(&p->in_data.data) == 0) {
462 * AS/U doesn't set FIRST flag in a BIND packet it seems.
465 if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
467 * Ensure that the FIRST flag is set. If not then we have
468 * a stream missmatch.
471 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
472 set_incoming_fault(p);
473 prs_mem_free(&rpc_in);
478 * If this is the first PDU then set the endianness
479 * flag in the pipe. We will need this when parsing all
483 p->endian = rpc_in.bigendian_data;
485 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
486 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
491 * If this is *NOT* the first PDU then check the endianness
492 * flag in the pipe is the same as that in the PDU.
495 if (p->endian != rpc_in.bigendian_data) {
496 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
497 set_incoming_fault(p);
498 prs_mem_free(&rpc_in);
504 * Ensure that the pdu length is sane.
507 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) {
508 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
509 set_incoming_fault(p);
510 prs_mem_free(&rpc_in);
514 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
515 (unsigned int)p->hdr.flags ));
518 * Adjust for the header we just ate.
520 p->in_data.pdu_received_len = 0;
521 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
524 * Null the data we just ate.
527 memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN);
529 prs_mem_free(&rpc_in);
531 return 0; /* No extra data processed. */
534 /****************************************************************************
535 Call this to free any talloc'ed memory. Do this before and after processing
537 ****************************************************************************/
539 static void free_pipe_context(pipes_struct *p)
542 DEBUG(3,("free_pipe_context: destroying talloc pool of size "
543 "%llu\n", talloc_total_size(p->mem_ctx) ));
544 talloc_free_children(p->mem_ctx);
546 p->mem_ctx = talloc_init("pipe %s %p", p->name, p);
547 if (p->mem_ctx == NULL)
548 p->fault_state = True;
552 /****************************************************************************
553 Processes a request pdu. This will do auth processing if needed, and
554 appends the data into the complete stream if the LAST flag is not set.
555 ****************************************************************************/
557 static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
559 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
560 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
561 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
564 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
565 set_incoming_fault(p);
570 * Check if we need to do authentication processing.
571 * This is only done on requests, not binds.
575 * Read the RPC request header.
578 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
579 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
580 set_incoming_fault(p);
584 if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) {
585 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
586 set_incoming_fault(p);
590 if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) {
593 * Authentication _was_ requested and it already failed.
596 DEBUG(0,("process_request_pdu: RPC request received on pipe %s "
597 "where authentication failed. Denying the request.\n",
599 set_incoming_fault(p);
603 if (p->netsec_auth_validated && !api_pipe_netsec_process(p, rpc_in_p)) {
604 DEBUG(3,("process_request_pdu: failed to do schannel processing.\n"));
605 set_incoming_fault(p);
610 * Check the data length doesn't go over the 15Mb limit.
611 * increased after observing a bug in the Windows NT 4.0 SP6a
612 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
613 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
616 if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) {
617 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
618 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
619 set_incoming_fault(p);
624 * Append the data portion into the buffer and return.
627 if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) {
628 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
629 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
630 set_incoming_fault(p);
634 if(p->hdr.flags & RPC_FLG_LAST) {
637 * Ok - we finally have a complete RPC stream.
638 * Call the rpc command to process it.
642 * Ensure the internal prs buffer size is *exactly* the same
643 * size as the current offset.
646 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
648 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
649 set_incoming_fault(p);
654 * Set the parse offset to the start of the data and set the
655 * prs_struct to UNMARSHALL.
658 prs_set_offset(&p->in_data.data, 0);
659 prs_switch_type(&p->in_data.data, UNMARSHALL);
662 * Process the complete data stream here.
665 free_pipe_context(p);
667 if(pipe_init_outgoing_data(p))
668 ret = api_pipe_request(p);
670 free_pipe_context(p);
673 * We have consumed the whole data stream. Set back to
674 * marshalling and set the offset back to the start of
675 * the buffer to re-use it (we could also do a prs_mem_free()
676 * and then re_init on the next start of PDU. Not sure which
677 * is best here.... JRA.
680 prs_switch_type(&p->in_data.data, MARSHALL);
681 prs_set_offset(&p->in_data.data, 0);
688 /****************************************************************************
689 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
690 already been parsed and stored in p->hdr.
691 ****************************************************************************/
693 static ssize_t process_complete_pdu(pipes_struct *p)
696 size_t data_len = p->in_data.pdu_received_len;
697 char *data_p = (char *)&p->in_data.current_in_pdu[0];
701 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
703 set_incoming_fault(p);
704 setup_fault_pdu(p, NT_STATUS(0x1c010002));
705 return (ssize_t)data_len;
708 prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
711 * Ensure we're using the corrent endianness for both the
712 * RPC header flags and the raw data we will be reading from.
715 prs_set_endian_data( &rpc_in, p->endian);
716 prs_set_endian_data( &p->in_data.data, p->endian);
718 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
720 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
721 (unsigned int)p->hdr.pkt_type ));
723 switch (p->hdr.pkt_type) {
727 * We assume that a pipe bind is only in one pdu.
729 if(pipe_init_outgoing_data(p))
730 reply = api_pipe_bind_req(p, &rpc_in);
734 * We assume that a pipe bind_resp is only in one pdu.
736 if(pipe_init_outgoing_data(p))
737 reply = api_pipe_bind_auth_resp(p, &rpc_in);
740 reply = process_request_pdu(p, &rpc_in);
743 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
747 /* Reset to little endian. Probably don't need this but it won't hurt. */
748 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
751 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
752 set_incoming_fault(p);
753 setup_fault_pdu(p, NT_STATUS(0x1c010002));
754 prs_mem_free(&rpc_in);
757 * Reset the lengths. We're ready for a new pdu.
759 p->in_data.pdu_needed_len = 0;
760 p->in_data.pdu_received_len = 0;
763 prs_mem_free(&rpc_in);
764 return (ssize_t)data_len;
767 /****************************************************************************
768 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
769 ****************************************************************************/
771 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
773 size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
774 size_t old_pdu_received_len = p->in_data.pdu_received_len;
776 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
777 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
780 if(data_to_copy == 0) {
782 * This is an error - data is being received and there is no
783 * space in the PDU. Free the received data and go into the fault state.
785 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
786 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
787 set_incoming_fault(p);
792 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
793 * number of bytes before we can do anything.
796 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
798 * Always return here. If we have more data then the RPC_HEADER
799 * will be processed the next time around the loop.
801 return fill_rpc_header(p, data, data_to_copy);
805 * At this point we know we have at least an RPC_HEADER_LEN amount of data
806 * stored in current_in_pdu.
810 * If pdu_needed_len is zero this is a new pdu.
811 * Unmarshall the header so we know how much more
812 * data we need, then loop again.
815 if(p->in_data.pdu_needed_len == 0)
816 return unmarshall_rpc_header(p);
819 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
820 * Keep reading until we have a full pdu.
823 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
826 * Copy as much of the data as we need into the current_in_pdu buffer.
829 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
830 p->in_data.pdu_received_len += data_to_copy;
833 * Do we have a complete PDU ?
834 * (return the nym of bytes handled in the call)
837 if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len)
838 return process_complete_pdu(p) - old_pdu_received_len;
840 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
841 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
843 return (ssize_t)data_to_copy;
847 /****************************************************************************
848 Accepts incoming data on an rpc pipe.
849 ****************************************************************************/
851 ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n)
853 DEBUG(6,("write_to_pipe: %x", p->pnum));
855 DEBUG(6,(" name: %s open: %s len: %d\n",
856 p->name, BOOLSTR(p->open), (int)n));
858 dump_data(50, data, n);
860 return p->namedpipe_write(p->np_state, data, n);
863 /****************************************************************************
864 Accepts incoming data on an internal rpc pipe.
865 ****************************************************************************/
867 static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n)
869 pipes_struct *p = (pipes_struct*)np_conn;
870 size_t data_left = n;
875 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
877 data_used = process_incoming_data(p, data, data_left);
879 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
884 data_left -= data_used;
891 /****************************************************************************
892 Replies to a request to read data from a pipe.
894 Headers are interspersed with the data at PDU intervals. By the time
895 this function is called, the start of the data could possibly have been
896 read by an SMBtrans (file_offset != 0).
898 Calling create_rpc_reply() here is a hack. The data should already
899 have been prepared into arrays of headers + data stream sections.
900 ****************************************************************************/
902 ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n,
903 BOOL *is_data_outstanding)
905 if (!p || !p->open) {
906 DEBUG(0,("read_from_pipe: pipe not open\n"));
910 DEBUG(6,("read_from_pipe: %x", p->pnum));
912 return p->namedpipe_read(p->np_state, data, n, is_data_outstanding);
915 /****************************************************************************
916 Replies to a request to read data from a pipe.
918 Headers are interspersed with the data at PDU intervals. By the time
919 this function is called, the start of the data could possibly have been
920 read by an SMBtrans (file_offset != 0).
922 Calling create_rpc_reply() here is a hack. The data should already
923 have been prepared into arrays of headers + data stream sections.
924 ****************************************************************************/
926 static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n,
927 BOOL *is_data_outstanding)
929 pipes_struct *p = (pipes_struct*)np_conn;
930 uint32 pdu_remaining = 0;
931 ssize_t data_returned = 0;
934 DEBUG(0,("read_from_pipe: pipe not open\n"));
938 DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n));
941 * We cannot return more than one PDU length per
946 * This condition should result in the connection being closed.
947 * Netapp filers seem to set it to 0xffff which results in domain
948 * authentications failing. Just ignore it so things work.
951 if(n > MAX_PDU_FRAG_LEN) {
952 DEBUG(5,("read_from_pipe: too large read (%u) requested on \
953 pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN ));
957 * Determine if there is still data to send in the
958 * pipe PDU buffer. Always send this first. Never
959 * send more than is left in the current PDU. The
960 * client should send a new read request for a new
964 if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) {
965 data_returned = (ssize_t)MIN(n, pdu_remaining);
967 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \
968 returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len,
969 (unsigned int)p->out_data.current_pdu_sent, (int)data_returned));
971 memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned);
972 p->out_data.current_pdu_sent += (uint32)data_returned;
977 * At this point p->current_pdu_len == p->current_pdu_sent (which
978 * may of course be zero if this is the first return fragment.
981 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \
982 = %u, prs_offset(&p->out_data.rdata) = %u.\n",
983 p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) ));
985 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
987 * We have sent all possible data, return 0.
994 * We need to create a new PDU from the data left in p->rdata.
995 * Create the header/data/footers. This also sets up the fields
996 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
997 * and stores the outgoing PDU in p->current_pdu.
1000 if(!create_next_pdu(p)) {
1001 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name));
1005 data_returned = MIN(n, p->out_data.current_pdu_len);
1007 memcpy( data, p->out_data.current_pdu, (size_t)data_returned);
1008 p->out_data.current_pdu_sent += (uint32)data_returned;
1012 (*is_data_outstanding) = p->out_data.current_pdu_len > n;
1013 return data_returned;
1016 /****************************************************************************
1017 Wait device state on a pipe. Exactly what this is for is unknown...
1018 ****************************************************************************/
1020 BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority)
1026 DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n",
1027 priority, p->name));
1029 p->priority = priority;
1034 DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n",
1035 priority, p->name));
1040 /****************************************************************************
1041 Set device state on a pipe. Exactly what this is for is unknown...
1042 ****************************************************************************/
1044 BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state)
1050 DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n",
1051 device_state, p->name));
1053 p->device_state = device_state;
1058 DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n",
1059 device_state, p->name));
1064 /****************************************************************************
1066 ****************************************************************************/
1068 BOOL close_rpc_pipe_hnd(smb_np_struct *p)
1071 DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n"));
1075 p->namedpipe_close(p->np_state);
1077 bitmap_clear(bmap, p->pnum - pipe_handle_offset);
1081 DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n",
1082 p->name, p->pnum, pipes_open));
1084 DLIST_REMOVE(Pipes, p);
1093 /****************************************************************************
1094 Close all pipes on a connection.
1095 ****************************************************************************/
1097 void pipe_close_conn(connection_struct *conn)
1099 smb_np_struct *p, *next;
1101 for (p=Pipes;p;p=next) {
1103 if (p->conn == conn) {
1104 close_rpc_pipe_hnd(p);
1109 /****************************************************************************
1111 ****************************************************************************/
1113 static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
1115 pipes_struct *p = (pipes_struct *)np_conn;
1117 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
1121 prs_mem_free(&p->out_data.rdata);
1122 prs_mem_free(&p->in_data.data);
1125 talloc_destroy(p->mem_ctx);
1127 free_pipe_rpc_context( p->contexts );
1129 /* Free the handles database. */
1130 close_policy_by_pipe(p);
1132 delete_nt_token(&p->pipe_user.nt_user_token);
1133 data_blob_free(&p->session_key);
1134 SAFE_FREE(p->pipe_user.groups);
1136 DLIST_REMOVE(InternalPipes, p);
1138 p->conn->num_files_open--;
1147 /****************************************************************************
1148 Find an rpc pipe given a pipe handle in a buffer and an offset.
1149 ****************************************************************************/
1151 smb_np_struct *get_rpc_pipe_p(char *buf, int where)
1153 int pnum = SVAL(buf,where);
1158 return get_rpc_pipe(pnum);
1161 /****************************************************************************
1162 Find an rpc pipe given a pipe handle.
1163 ****************************************************************************/
1165 smb_np_struct *get_rpc_pipe(int pnum)
1169 DEBUG(4,("search for pipe pnum=%x\n", pnum));
1171 for (p=Pipes;p;p=p->next)
1172 DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n",
1173 p->name, p->pnum, pipes_open));
1175 for (p=Pipes;p;p=p->next) {
1176 if (p->pnum == pnum) {
git.samba.org / tprouty / samba.git / blob